Weekly output: supply-chain attacks, Mark Vena podcast, password managers, 5G vs. IMSI catchers, fake vaccination cards

TALLINN, Estonia–I’m writing a post from the other side of the Atlantic for the first time since November of 2019 because of a press trip set up for this week by Estonia’s business-development types to show off the country’s tech sector. That sort of thing would be a non-starter were I on anybody’s staff, but I’m not and I’ve gotten a lot out of a few previous trips along these lines. It does help that Estonia is no Las Vegas in its approach to the pandemic. 

Screenshot of the story as seen in Safari on an iPad8/10/2021: More SolarWinds-style attacks are coming. Here’s how to stop them, Fast Company

I wrote up the keynote that opened Black Hat, in which security researcher (and excellent Twitter individual) Matt Tait outlined how getting hostile code into a software supply chain can yield rewards so outsized that attackers have to work extra to focus their attack.

8/11/2021: SmartTechCheck Podcast by Parks Associates, Mark Vena

This week’s edition of my tech-analyst pal’s podcast featured an unusually contentious debate over Apple’s announced plans to do on-device scanning of photos ready to be uploaded to iCloud for matches of known child sexual-abuse material.

8/12/2021: Best Password Managers of 2021, U.S. News & World Report

I contributed an update to the guide I helped write at the start of this year. My work this time includes profiles of 1Password, Bitwarden, Dashlane, Enpass, and LastPass, plus comparisons of 1Password and LastPass, Dashlane and LastPass, and 1Password and Dashlane.

8/13/2021: 5G defends against IMSI catchers – but implementation is critical, Light Reading

My Black Hat coverage-from-afar continued with this writeup of a briefing about 5G’s vulnerability to IMSI catchers, the fake base stations sometimes used by law-enforcement and national-security investigators as well as criminal enterprises to intercept people’s communications.

8/13/2021: Fake vaccination cards, Al Jazeera

I thought the Arabic-language news network would want me to talk about the technical difficulties involved in making counterfeit-proof vaccination cards, but instead they stuck to such big-picture queries as why people would even want to spend $100 or so on fake vax cards sold by random con artists on Telegram.

Weekly output: password managers, streaming-TV forecast, Limelight earnings, EU vs. Apple

The most important item on my calendar this week: getting my second dose of the Moderna coronavirus vaccine.

Screengrab of story as shown in USAT's iPad app4/28/2021: A cheaper deal from Dashlane invites a new look at password managers, USA Today

Dashlane’s PR firm offered me an advance on their addition of a new, cheaper price plan, which I used as a news peg for an overview of the password-manager market.

4/29/2021: Expect To Spend More On Streaming Video Than On Traditional Pay TV By 2024: New Report, Forbes

I wrote up a Strategy Analytics report predicting a slow demise for pay TV as we’ve known it. Sports fans, take note of the streaming deal for Italy’s Liga Serie A that one SA analyst described for me.

4/30/2021: Limelight revenues drop and losses widen, FierceVideo

I filled in at this client to cover this content-delivery network firm’s disappointing earnings.

4/30/2021: EU’s Answer To Spotify’s Complaint: Apple’s Rules Have Consumers Losing Out, Forbes

Writing this post about the European Commission’s preliminary finding that Apple abused its App Store authority to suppress competition from Spotify took me back to 2011–when it already seemed obvious that Apple demanding a 30% share of in-app subscriptions while forbidding app developers from pointing iPhone and iPad users to their own payment systems represented an abuse of power.

Weekly output: streaming-video viewers, Facebook vs. Australia, ShowStoppers TV, password managers, Vint Cerf on 6G

In addition to the stories below, my tweet about the Metropolitan Washington Airports Authority’s board-meeting news of an American Express Centurion Lounge coming to National Airport in 2022 got picked up at Gary Leff’s View From The Wing travel blog. As a longtime reader of Gary’s, I had to smile about that.

2/16/2021: OTT providers acknowledge the challenge of holding onto viewers, FierceVideo

I wrote up this online panel about the issues involved in retaining viewers as we emerge from this pandemic. The panel itself suffered its own retention problems, in the form of the moderator dropping offline multiple times.

2/17/2021: Facebook Will Give You Less Koala Content, Among Other Problems With Its Australian News Ban, Forbes

The koala-content angle came to me early on as I wrote this post, so I had to find some file art of a koala to go with the piece.

2/18/2021: ShowStoppers TV, ShowStoppers

I emceed this round of gadget demos, introducing and quizzing the presenters:  Godonut’s smartphone/tablet mount, HoverCam’s eGlass remote-teaching system, and Wacom’s Chromebook-connected drawing tablet.

Screenshot of USA Today column as seen in the paper's iPad app2/18/2021: LastPass to limit its free password manager. Here are other options, including Apple, Google, USA Today

All the research I did about password-manager services at the end of last year for the U.S. News guide that ran in January made this an easier column to write. That work also helped me write a longer post about the relative merits of LastPass, 1Password, Bitwarden and Dashlane for Patreon readers.

2/19/2021: 6G internet? Internet pioneer Vint Cerf isn’t buying the hype, Fast Company

I wrote up an online event hosted by Mitre Corp. on Feb. 11 that featured this interview of Internet pioneer Vint Cerf (whom I previously wrote about for Fast Company when he spoke at a conference in Alexandria in late 2019). Much as Cerf had voiced some sensible skepticism about 5G broadband one winter ago, he declined to get too excited over 6G and instead pointed to the connectivity potential of low-Earth-orbit satellites and ever-cheaper undersea fiber-optic cables.

Weekly output: ATSC 3.0, password managers, AT&T TV, ShowStoppers TV, CDA 230, CES recap, 8K TV, TV tech at CES (x2)

Although my Google Maps timeline shows no evidence of CES having happened over the past few days, my calendar and published work (in addition to the posts below, I wrote an extra recap Saturday for Patreon subscribers) leave no doubt that I spent this week “at” this year’s digital-only edition of this trade show.

1/12/2021: ATSC 3.0 backers tout brighter prospects for NEXTGEN TV, FierceVideo

I revisited a subject I covered at CES 2020 for my fave trade-pub client: an upgrade to broadcast TV that might reach more viewers’ homes, especially if TV manufacturers would stop ignoring it.

1/12/2021: Password Managers, U.S. News & World Report

My second project for U.S. News followed the outline of the guides to local Internet providers I helped write a few months ago; after editors analyzed third-party reviews to rank the companies involved, I provided my own context in a profile of each. I thought I knew this category before, but after researching Bitwarden, Keeper, LastPass, Dashlane, 1Password, LogMeOnce, NordPass, KeePassXC, RoboForm, Sticky Password, McAfee True Key, and Zoho Vault (plus head-to-head comparisons of 1Password vs LastPass, Dashlane vs LastPass, and Dashlane vs 1Password), I think I have a much deeper grounding. In the bargain, this work reminded me that I’d been neglecting some useful features in my own password manager, 1Password.

1/12/2021: AT&T TV NotNow: Telco Giant Reshuffles Streaming Services, Forbes

AT&T closing its AT&T TV Now streaming-TV service to new subscribers and making AT&T TV its core video service looked like a welcome stab at simplicity, but then I checked out the fine print in AT&T TV’s two-year-contract option.

1/13/2021: ShowStoppers TV, ShowStoppers

As I did last summer, I emceed the product presentations of three tech companies at an event hosted by the PR firm that, in the Before Times, helped organize my trips to IFA and a few other tech events. Unlike last summer, one of these firms wound up not presenting because they could not get their audio working.

1/13/2021: Special Broadband Breakfast Live Online Town Hall on Section 230, Broadband Breakfast

Twitter’s overdue decision to boot Donald Trump off the service led to this online panel about Section 230 of the Communications Decency Act, the law that lets online forums remove content that’s legal but “otherwise objectionable.” My fellow panelists: Ranking Digital Rights’ Jessica Dheere, the Cato Institute’s Will Duffield, the Computer & Communications Industry Association’s Ali Sternburg, and tech lawyer Cathy Gellis, with Broadband Breakfast editor and publisher Drew Clark moderating our conversation. The next day, Broadband Breakfast’s Samuel Triginelli wrote up the conversation that you can also watch in the embed below.

1/14/2021: Afternoon Learners SIG, Washington Apple Pi

I joined this meeting of one of WAP’s special interest groups via Zoom to share my thoughts on CES. We lost a good 10 minutes to audio glitches that I couldn’t hear but my audience could, so I stuck around for an extra 10 minutes.

1/14/2021: If You Want To Watch 8K Video On Your 8K TV, You May Have To Record It Yourself, Forbes

Yes, I remain deeply skeptical of 8K TV, even if Samsung’s newest line of smartphones can record in the format.

1/15/2021: Yes, you can have — and deserve — a bigger TV. That’s the theme on display at CES trade show, USA Today

No CES is complete for me without a state-of-the-TV piece. My industry-analyst friend Carolina Milanesi provided an opening quote that was more colorful than usual for this type of story.

1/15/2021: TVs at CES, WLW

This Cincinnati radio station had me on their afternoon drive-time show to talk about TVs. I flubbed a question from the hosts about the price for a 70-inch 4K TV: Because I hadn’t thought to leave a browser tab open to any retailer’s TV listings, I had to try to remember the prices I’d seen at Costco three weeks prior and then overshot the going rate by about 50 percent.

Updated 1/18/2021 to add links to my Patreon post, three other posts in the U.S. News password-manager guide, and Broadband Breakfast’s video and recap. 

Weekly output: password managers, exposure-notification apps, talking tech with Mark Vena

Six months ago, I expected to be busy tonight packing for the IFA tech trade show. But although that conference in Berlin is proceeding on a drastically-scaled-down basis, I’m not flying to Germany tomorrow because of the European Union’s ban on Americans traveling to the EU. Given how thoroughly we’ve botched this pandemic, I can’t blame them for imposing that restriction.

8/24/2020: Extra security or extra risk? Pros and cons of password managers, TechRepublic

I shared my experience with password managers–mainly LastPass and 1Password–with TechRepublic’s Veronica Combs for this overview of the advantages and disadvantages of these services.

8/25/2020: COVID-19 tracking apps, supported by Apple and Google, begin showing up in app stores, USA Today

Writing a lengthy report for O’Reilly about contact-tracing apps did not mean I could write this much shorter piece from memory and my existing notes. In addition to getting useful adoption data from Virginia’s Department of Public Health about its COVIDWISE app, I also reported that VDH plans to support a national key-server project from the Association of Public Health Laboratories that will let these state-developed apps relay and receive warnings of potential COVID-19 exposure across state lines.

8/28/2020: SmartTechCheck Podcast (8-28-20), Mark Vena

I talked about exposure-notification apps, the future of tech events like IFA, 5G wireless and Apple silicon with my analyst pal at Moor Insights & Strategy–another tech type who would have been packing for Berlin tonight but is instead grounded. You may notice a break in the recording about halfway through, when I had to get a glass of water so I could resume speaking normally. Note to self: Before sitting down to record a 45-minute podcast, make sure a glass of water is on the desk.

Weekly output: Google’s password help, Twitter suspensions in Egypt

NEW YORK–This evening finds me here for the Ascent conference, at which I have four panels to moderate Tuesday and things to learn all Monday. Yes, that means I will miss both NLDS games at Nationals Park. Since the team hasn’t done all that well when I’ve been in the stands for a potential division-series clinch, maybe that’s good?

10/2/2019: This new Google tool protects you against dangerous passwords, Fast Company

Along with a fair amount of other tech journalists, I got an advance on Google’s announcement Monday of changes to warn Chrome users about exposed, reused or easily-guessed passwords. Having seen how a similar feature in the 1Password password manager has helped make me less stupid about site logins, I think this is a good move by Google. But I also expect that many users will freak out when they see Chrome telling them that their password has been compromised in a data breach.

10/3/2019: Twitter suspensions in Egypt, Al Jazeera

I appeared on the Arabic-language news channel to talk about reports of Egyptian dissidents’ Twitter accounts being suspended. My take: Twitter has a serious problem with being fooled by coordinated, bad-faith campaigns to get accounts suspended for alleged-but-not-real violations of Twitter’s rules. The anchor then asked why Twitter hadn’t answered AJ’s questions, and I said that most social-media companies are chronically bad at explaining their own decisions. Many have hangups with just speaking on the record.

First impressions of 1Password

After several years using the same password-manager service–and then paying for its premium version–I’ve spent the last few weeks trying an alternative.

I can credit a sales pitch that included the italicized phrase “completely free” for this departure: 1Password’s offer of a free membership to journalists, in celebration of World Press Freedom Day this May 3. But I was also overdue to spend some time in a password manager besides LastPass.

So far, I’m impressed by the elegance of the interface but a little put off by how persnickety 1Password can be to set up. You don’t just create a username and password, you also have to type in a complex and random secret key to get going.

Having read this Toronto-based firm’s documentation of how this extra step helps ensure that a successful guess of your password still won’t compromise your account, I get where they’re coming from. But I’m not sure I’d recommend it to just anybody, especially not when LastPass’s free version suffices for many casual users.

Further time with 1Password’s Mac, Windows and Android apps has revealed other things I like:

This time has also surfaced one thing I don’t like: an incomplete approach to two-step verification that seems to require choosing between running an authenticator app on your smartphone or employing a weird Yubikey implementation that requires running a separate app instead of just plugging a standard USB security key. That’s no better than LastPass’s inflexible notion of two-step verification.

I’d like to see 1Password improve that and support the WebAuthn standard for security-key confirmation. But I’m prepared to give them some time, based on everything else I’ve seen so far.