Weekly output: supply-chain attacks, Mark Vena podcast, password managers, 5G vs. IMSI catchers, fake vaccination cards

TALLINN, Estonia–I’m writing a post from the other side of the Atlantic for the first time since November of 2019 because of a press trip set up for this week by Estonia’s business-development types to show off the country’s tech sector. That sort of thing would be a non-starter were I on anybody’s staff, but I’m not and I’ve gotten a lot out of a few previous trips along these lines. It does help that Estonia is no Las Vegas in its approach to the pandemic. 

Screenshot of the story as seen in Safari on an iPad8/10/2021: More SolarWinds-style attacks are coming. Here’s how to stop them, Fast Company

I wrote up the keynote that opened Black Hat, in which security researcher (and excellent Twitter individual) Matt Tait outlined how getting hostile code into a software supply chain can yield rewards so outsized that attackers have to work extra to focus their attack.

8/11/2021: SmartTechCheck Podcast by Parks Associates, Mark Vena

This week’s edition of my tech-analyst pal’s podcast featured an unusually contentious debate over Apple’s announced plans to do on-device scanning of photos ready to be uploaded to iCloud for matches of known child sexual-abuse material.

8/12/2021: Best Password Managers of 2021, U.S. News & World Report

I contributed an update to the guide I helped write at the start of this year. My work this time includes profiles of 1Password, Bitwarden, Dashlane, Enpass, and LastPass, plus comparisons of 1Password and LastPass, Dashlane and LastPass, and 1Password and Dashlane.

8/13/2021: 5G defends against IMSI catchers – but implementation is critical, Light Reading

My Black Hat coverage-from-afar continued with this writeup of a briefing about 5G’s vulnerability to IMSI catchers, the fake base stations sometimes used by law-enforcement and national-security investigators as well as criminal enterprises to intercept people’s communications.

8/13/2021: Fake vaccination cards, Al Jazeera

I thought the Arabic-language news network would want me to talk about the technical difficulties involved in making counterfeit-proof vaccination cards, but instead they stuck to such big-picture queries as why people would even want to spend $100 or so on fake vax cards sold by random con artists on Telegram.

Weekly output: password managers, streaming-TV forecast, Limelight earnings, EU vs. Apple

The most important item on my calendar this week: getting my second dose of the Moderna coronavirus vaccine.

Screengrab of story as shown in USAT's iPad app4/28/2021: A cheaper deal from Dashlane invites a new look at password managers, USA Today

Dashlane’s PR firm offered me an advance on their addition of a new, cheaper price plan, which I used as a news peg for an overview of the password-manager market.

4/29/2021: Expect To Spend More On Streaming Video Than On Traditional Pay TV By 2024: New Report, Forbes

I wrote up a Strategy Analytics report predicting a slow demise for pay TV as we’ve known it. Sports fans, take note of the streaming deal for Italy’s Liga Serie A that one SA analyst described for me.

4/30/2021: Limelight revenues drop and losses widen, FierceVideo

I filled in at this client to cover this content-delivery network firm’s disappointing earnings.

4/30/2021: EU’s Answer To Spotify’s Complaint: Apple’s Rules Have Consumers Losing Out, Forbes

Writing this post about the European Commission’s preliminary finding that Apple abused its App Store authority to suppress competition from Spotify took me back to 2011–when it already seemed obvious that Apple demanding a 30% share of in-app subscriptions while forbidding app developers from pointing iPhone and iPad users to their own payment systems represented an abuse of power.

Weekly output: ATSC 3.0, password managers, AT&T TV, ShowStoppers TV, CDA 230, CES recap, 8K TV, TV tech at CES (x2)

Although my Google Maps timeline shows no evidence of CES having happened over the past few days, my calendar and published work (in addition to the posts below, I wrote an extra recap Saturday for Patreon subscribers) leave no doubt that I spent this week “at” this year’s digital-only edition of this trade show.

1/12/2021: ATSC 3.0 backers tout brighter prospects for NEXTGEN TV, FierceVideo

I revisited a subject I covered at CES 2020 for my fave trade-pub client: an upgrade to broadcast TV that might reach more viewers’ homes, especially if TV manufacturers would stop ignoring it.

1/12/2021: Password Managers, U.S. News & World Report

My second project for U.S. News followed the outline of the guides to local Internet providers I helped write a few months ago; after editors analyzed third-party reviews to rank the companies involved, I provided my own context in a profile of each. I thought I knew this category before, but after researching Bitwarden, Keeper, LastPass, Dashlane, 1Password, LogMeOnce, NordPass, KeePassXC, RoboForm, Sticky Password, McAfee True Key, and Zoho Vault (plus head-to-head comparisons of 1Password vs LastPass, Dashlane vs LastPass, and Dashlane vs 1Password), I think I have a much deeper grounding. In the bargain, this work reminded me that I’d been neglecting some useful features in my own password manager, 1Password.

1/12/2021: AT&T TV NotNow: Telco Giant Reshuffles Streaming Services, Forbes

AT&T closing its AT&T TV Now streaming-TV service to new subscribers and making AT&T TV its core video service looked like a welcome stab at simplicity, but then I checked out the fine print in AT&T TV’s two-year-contract option.

1/13/2021: ShowStoppers TV, ShowStoppers

As I did last summer, I emceed the product presentations of three tech companies at an event hosted by the PR firm that, in the Before Times, helped organize my trips to IFA and a few other tech events. Unlike last summer, one of these firms wound up not presenting because they could not get their audio working.

1/13/2021: Special Broadband Breakfast Live Online Town Hall on Section 230, Broadband Breakfast

Twitter’s overdue decision to boot Donald Trump off the service led to this online panel about Section 230 of the Communications Decency Act, the law that lets online forums remove content that’s legal but “otherwise objectionable.” My fellow panelists: Ranking Digital Rights’ Jessica Dheere, the Cato Institute’s Will Duffield, the Computer & Communications Industry Association’s Ali Sternburg, and tech lawyer Cathy Gellis, with Broadband Breakfast editor and publisher Drew Clark moderating our conversation. The next day, Broadband Breakfast’s Samuel Triginelli wrote up the conversation that you can also watch in the embed below.

1/14/2021: Afternoon Learners SIG, Washington Apple Pi

I joined this meeting of one of WAP’s special interest groups via Zoom to share my thoughts on CES. We lost a good 10 minutes to audio glitches that I couldn’t hear but my audience could, so I stuck around for an extra 10 minutes.

1/14/2021: If You Want To Watch 8K Video On Your 8K TV, You May Have To Record It Yourself, Forbes

Yes, I remain deeply skeptical of 8K TV, even if Samsung’s newest line of smartphones can record in the format.

1/15/2021: Yes, you can have — and deserve — a bigger TV. That’s the theme on display at CES trade show, USA Today

No CES is complete for me without a state-of-the-TV piece. My industry-analyst friend Carolina Milanesi provided an opening quote that was more colorful than usual for this type of story.

1/15/2021: TVs at CES, WLW

This Cincinnati radio station had me on their afternoon drive-time show to talk about TVs. I flubbed a question from the hosts about the price for a 70-inch 4K TV: Because I hadn’t thought to leave a browser tab open to any retailer’s TV listings, I had to try to remember the prices I’d seen at Costco three weeks prior and then overshot the going rate by about 50 percent.

Updated 1/18/2021 to add links to my Patreon post, three other posts in the U.S. News password-manager guide, and Broadband Breakfast’s video and recap. 

First impressions of 1Password

After several years using the same password-manager service–and then paying for its premium version–I’ve spent the last few weeks trying an alternative.

I can credit a sales pitch that included the italicized phrase “completely free” for this departure: 1Password’s offer of a free membership to journalists, in celebration of World Press Freedom Day this May 3. But I was also overdue to spend some time in a password manager besides LastPass.

So far, I’m impressed by the elegance of the interface but a little put off by how persnickety 1Password can be to set up. You don’t just create a username and password, you also have to type in a complex and random secret key to get going.

Having read this Toronto-based firm’s documentation of how this extra step helps ensure that a successful guess of your password still won’t compromise your account, I get where they’re coming from. But I’m not sure I’d recommend it to just anybody, especially not when LastPass’s free version suffices for many casual users.

Further time with 1Password’s Mac, Windows and Android apps has revealed other things I like:

This time has also surfaced one thing I don’t like: an incomplete approach to two-step verification that seems to require choosing between running an authenticator app on your smartphone or employing a weird Yubikey implementation that requires running a separate app instead of just plugging a standard USB security key. That’s no better than LastPass’s inflexible notion of two-step verification.

I’d like to see 1Password improve that and support the WebAuthn standard for security-key confirmation. But I’m prepared to give them some time, based on everything else I’ve seen so far.

Weekly output: LTE hotspots, Techdirt, SOTU, password managers, Washington Apple Pi, Tech Night Owl, old IE versions

I had a relaxing week after CES… no, that’s not right.

Wirecutter LTE hotspot guide1/11/2016: Best Wi-Fi Hotspot, The Wirecutter

My overdue update to this guide to LTE hotspots endorsed a Verizon model and gave a secondary endorsement to an AT&T hotspot with lesser battery life. We then revised the update after it posted to note that the Sprint reseller Karma had downgraded an initially-promising unlimited-data option.

1/12/2016: Techdirt Podcast Episode 56: The CES Post-Mortem, Techdirt

I ran into Techdirt’s Mike Masnick at CES, and on our respective ways out of town he suggested I appear on his podcast. I said that would be a great idea.

1/13/2016: State of the Union’s Technology? What Obama Didn’t Say, Yahoo Tech

The tech-policy story about this SOTU address is how little attention tech policy got. I’d still like to know what led Reuters to think that self-driving cars would get a mention in the speech.

1/14/2016: Tip: How to Make Sure Someone Can Access Your Passwords in an Emergency, Yahoo Tech

The 4.0 update LastPass rolled out right before CES added an emergency-access feature, so I used this tip to tell readers about that and Dashlane’s comparable emergency-contacts option.

1/14/2016: Afternoon Learners SIG, Washington Apple Pi

I stopped by a meeting of this Apple users’ group to share my thoughts about CES–and to hand out some PR swag and USB flash drives.

1/16/2016: January 16 2016 — John Martellaro and Rob Pegoraro, Tech Night Owl

I talked to Gene Steinberg about what I saw at CES, from UHD TVs to the Internet of Insecure Things.

1/17/2016: What to do after Microsoft ends support for older browsers, USA Today

The easy answer to Microsoft’s end of support for older Internet Explorer versions is “install IE 11.” But that browser isn’t the same app in Windows 7 as it is in Win 8 and 10, and updating your browser doesn’t end your Web-security chores.