Weekly output: network security (x2), election security, Google finding Apple’s bugs

Now it can be told: I spent all of the last two weeks on the West Coast, with my stay in Las Vegas for Black Hat and DEF CON sandwiched inside time with my in-laws in California. That let me have a much shorter trip to and from Vegas and then segue from WiFi security to a little wine tasting and, more important, a lot of napping.

8/12/2019: WiFi can be a free-for-all for hackers. Here’s how to stop them from taking your data, USA Today

I e-mailed this to my editor with the following note: “I’m sending this over the DEF CON conference WiFi, so if you only see pirate-flag emoji I trust you’ll call or text to warn me.” If you don’t want to read all 600-ish words in this piece, the top three are “encryption is your friend.”

8/12/2019: This tech could secure voting machines, but not before 2020, Yahoo Finance

One of the big reasons I decided to stick around Vegas for DEF CON–even though it meant I’d have to pay $300 in cash for that conference badge–was the chance to see the exhibits and presentations at its Voting Village. The proceedings did not disappoint, even if a DARPA demo from a project with the delightful acronym of SSITH is far from yielding shipping voting hardware.

8/12/2019: Google got Apple to fix 10 security flaws in the iPhone, Yahoo Finance

Black Hat offered a two-course serving of Apple-security news. Its first day featured a briefing from Google Project Zero researcher Natalie Silvanovich about how her team uncovered 10 serious iOS vulnerabilities, and then its second day brought a talk from Apple security-engineering head Ivan Krstić that ended with news of a much more open bug-bounty program.

8/14/2019: This Morning with Gordon Deal August 13, 2019, This Morning with Gordon Deal

I talked about my USAT column on this business-news radio program; my spot starts just after the 13th minute.

Weekly output: mobile payments, Black Hat security, travel tech

I left Black Hat feeling a little overwhelmed–not because of how little time I had to take in things between my arrival in Vegas Tuesday afternoon and my departure Thursday night, but because of how many fascinating briefings I had to miss because I was attending others. And then there’s everything I missed by flying home before DEF CON

8/6/2018: Hang on, Apple: Phone payments still need work, USA Today

Seeing all the hype over Apple announcing that CVS will finally succumb to reality and accept Apple Pay (meaning you can also pay with any non-Apple phone that does NFC payments) got me feeling cranky enough to write this reality-check post. I’ve since received an e-mail from a reader saying he’s had no problem paying for stuff with his iPhone in Mexico, contrary to a statement in the column based on an incorrect reading of Apple and Google support documents. I’ve asked my editors to correct that part.

8/9/2018: Black Hat attendees are surprisingly lax about encryption, The Parallax

As I was putting together my Black Hat schedule, I got an invitation to tour the network operations center supervising the conference’s WiFi. I thought that visit would allow me a chance to look at a lot of blinking lights, but instead it provided up-close evidence of some horrifyingly slack security practices among a minority of Black Hat attendees.

FTU DC badge8/11/2018: Welcome and Keynote with Rob Pegoraro, Frequent Traveler University Washington, DC

After years of profiting from tips shared in various frequent-flyer forums, I had a chance to give back when FTU host Stefan Krasowski asked if I’d like to talk about my travel experiences to open this two-day program of seminars about airline and hotel loyalty programs and other sorts of travel hacking. We had a great conversation about freelance business-trip economics, the gadget accessories I take on the road, two underrated virtues of United elite status, and my worst airport-transit experience ever. My only regret: Since I couldn’t stick around for the rest of the day, I didn’t have a chance to meet the other FTU speakers, a few of whom I’ve been reading for years.

Weekly output: facial recognition, Washington Apple Pi

This was a challenging week, since our daughter’s camp schedule had her at home during most of the day. If I had a dollar for every time I was asked to help find a Lego piece… I’d buy our kid more Legos, because they are awesome.

7/27/2018: Microsoft argues facial-recognition tech could violate your rights, Yahoo Finance

My inspiration for writing this was Microsoft president Brad Smith calling for government regulation of this technology; having the ACLU report that Amazon’s Rekognition facial-recognition service falsely identified 28 members of Congress as criminal suspects motivated me to finish and file the post.

7/28/2018: Rob Pegoraro, ronin technology columnist, Washington Apple Pi

I spoke at the monthly meeting of this Mac/iOS user group about changing notions of security–or, to phrase things less politely, how foolish and gullible we’ve been in prior years. (Seriously, the defaults most people operated on in 1995 and 2000 look horrifyingly stupid now.) I also called out such lingering obstacles in infosec as Apple’s unwillingness to support “U2F” two-step verification via encrypted USB keys and Microsoft’s bizarre stance that full-disk encryption is something only business users need. In the bargain, I donated my now-deceased MacBook Air to the Pi’s MacRecycleClinic and gave away a bag of trade-show swag, including a couple of U2F keys.

Update, 7/31/2018: I had an embed of the Pi’s YouTube clip of my talk, but I didn’t know that stream had playback disabled on other sites until a reader called that out in a comment. (Thanks, jeffgroves!) So I’ve replaced that with a link to the clip.

Weekly output: Michael Chertoff on privacy, TV-streaming rate hikes

I only had four workdays this week, thanks to Monday being spent in the air on my way back from London to D.C. That said, my productivity was not as bad as this scant list would suggest, since I filed three other posts in those four days… and now I can find out how much more work edits on those posts will entail.

7/12/2018: Ex-Homeland Security chief Chertoff wants EU-style data privacy laws, Yahoo Finance

I spent about half an hour on the phone with Michael Chertoff Wednesday afternoon about his views on various privacy and security issues and came away with far more material than I could fit in this post, as well as a renewed appreciation of the time it takes to transcribe quotes from a recording of an interview.

7/15/2018: As cord-cutting prices rise, here’s what you can do to keep costs down, USA Today

No, rate hikes at such live-TV streaming services as DirecTV Now and Sling TV don’t mean that returning to the embrace of cable or satellite TV–both subject to the same inflationary pressures, both also fond of sticking you with monthly fees to return a tuner box–now makes financial sense for a lot more people.

Bandwidth battles in China

SHANGHAI–Crowded gadget trade shows like CES and Mobile World Congress usually entail connectivity complaints. But when you put the gadget show in China, you level up the complexity, thanks to the need to run a Virtual Private Network app to preserve access to U.S. sites blocked by China’s Internet filters.

In theory–and in every PR pitch from a VPN service advertising itself as the surefire way to stop your ISP from tracking your online activity–that should add no difficulty to getting online. You connect, the VPN app automatically sets up an encrypted link to the VPN firm’s servers, and then you browse as usual.

PIA VPN exit-server menu

The reality that I’ve seen at CES Asia this week while using the Private Internet Access Windows and Android apps has been a good deal less elegant.

  • Often, the PIA app will connect automatically to the best available server (don’t be like me by wasting selecting a particular U.S. server when the app usually gets this right) to provide a usable link to the outside world. But it’s never clear how long that link will stay up; you don’t want to start a long VoIP call or Skype conference in this situation.
  • On other occasions, the app has gotten stuck negotiating the VPN connection–and occasionally then falls into a loop in which it waits increasingly longer to retry the setup. Telling it to restart that process works sometimes; in others, I’ve had to quit the app. For whatever reason, this has been more of a problem on my laptop than on my phone.
  • The WiFi itself has been exceedingly spotty whether I’ve used my hotel WiFi, the Skyroam Solis international-roaming hotspot I took (a review loaner that I really, really need to send back), the press-room WiFi or, worst of all, the show-floor WiFi. Each time one of those connections drop, the VPN app has to negotiate a new connection.

If you were going to say “you’re using the wrong VPN app”: Maybe I am! I signed up for PIA last year when the excellent digital-policy-news site Techdirt offered a discounted two-year subscription; since then, my client Wirecutter has endorsed a competing service, IVPN (although I can’t reach that site at the moment). Since I don’t have any other trips to China coming up, I will wait to reassess things when my current subscription runs out next April.

Also, it’s not just me; my friend and former Yahoo Tech colleague Dan Tynan has been running into the same wonkiness.

To compound the weirdness, I’ve also found that some connectivity here seems to route around the Great Firewall without VPN help. That was true of the press-room WiFi Thursday, for instance, and I’ve also had other journalists attending CES Asia report that having a U.S. phone roam here–free on Sprint and T-Mobile, a surcharge on AT&T or Verizon–yielded an unfettered connection.

At the same time, using a VPN connection occasionally left the CES Asia site unreachable. I have no idea why that is so.

What I do know is that I’ll very much appreciate being able to break out my laptop somewhere over the Pacific in a few hours and pay for an unblocked connection–then land in a country where that’s the default condition.

Weekly output: “responsible encryption,” Flash and Silverlight

It’s been another week with less stories to my name than usual. I’ve done more work than the number of links would suggest–over the past two weeks, I’ve filed three pieces that have not yet been posted–but it does look bad.

10/20/2017: Why the Feds want to make it easier for them to get into your phone, Yahoo Finance

I’ve written dozens of posts about the angst of law-enforcement types over the rise of encrypted devices and apps that they can’t search, so for this one I quizzed a few different sources… and came up with the same overall conclusion as before.

10/22/2017: Why Flash and Microsoft Silverlight frustrations just won’t go away, USA Today

I had what I thought would be a decent column with meaningless quotes from publicists at three sites that still ask their users to install Flash or Silverlight–but then a publicist for Major League Baseball told me that they’d move from Flash to HTML5 video for the 2018 season, a fact they had yet to announce.

 

Weekly output: SXSW tips, Rudy Giuliani, 5G, WikiLeaks and CIA hacks (x2), SXSW marketing, Entrepreneur, Chris Sacca, Vint Cerf

AUSTIN–Welcome, readers frustrated by adjusting their Timex sport watches for Daylight Saving Time. You’re reading a weekly feature here, in which I recap my various media appearances over the last seven days. Most of this week’s items relate to the South By Southwest conference, which I’m covering for my sixth year in a row. Total number of tacos consumed so far: at least nine.

3/7/2017: 5 Insider Tips for Surviving SXSW, CyberCoders

My friend Andrea Smith interviewed me about how I try to stay on top of this sprawling conference. I was going to forget to pack a travel power strip until reading my own advice in this story–but I haven’t used that gadget here anyway.

3/7/2017: Giuliani talks security, Trump at cybersecurity conference, Yahoo Finance

I did not see the foaming-at-the-mouth Rudy Giuliani of the campaign season; instead, the former mayor drew a diagram to illustrate the cybersecurity contractors a company will need (see Violet Blue’s post on her Patreon page for context on that). He also noted that President Trump has more faith in private-sector cybersecurity efforts than the government’s, which led one reader to inquire on Twitter: “So a private email server would be more secure than a government server?”

3/8/2017: 5G data is coming, and it will supercharge your internet connection, Yahoo Finance

This last Mobile World Congress post explains the next generation of wireless generation–as in, why it’s a couple of years before you should be devoting any mental processor cycles to the topic.

3/10/2017: The real lesson of WikiLeaks’ massive CIA document dump — encryption works, Yahoo Finance

I wrote this largely out of annoyance with first-round coverage that played into the WikiLeaks-promoted storyline that the CIA has broken encryption apps. That group has yet to produce any such evidence, although some readers unaware of its increasingly apparent role as a Russian cut-out don’t seem to recognize that.

3/10/2017: WikiLeaks’ CIA-hacking disclosures, Al Jazeera

My Skype interview ended abruptly when the hotspot I’d been using ran out of battery, and that’s entirely my fault for assuming it had enough of a charge instead of checking beforehand. #fail

3/11/2017: How to avoid the marketing hype at SXSW, USA Today

There’s the SXSW that promises insights about the intersections of technology, society, culture, politics and business, and then there’s the SXSW that is essentially a Marketing Spring Break. Neither one can quite exist without the other.

3/12/2017: A Well-Known Tech Watchdog Dishes on the Writing Beat, Entrepreneur

Jordan French interviewed me in February about my history in the business. I’m not sure about the “well-known” part, but I’m not going to turn that description down either. Note that this story references me speaking at the PR Summit conference, which did not happen.

3/12/2017: Venture investor on Trump: ‘We are in absolute unmitigated crisis’, Yahoo Finance

Chris Sacca’s talk at SXSW was 💯, as the kids say. As a journalist, I had to appreciate his newsroom-level ability to use the f-word as a comma. I was only half-joking when I suggested this headline

3/12/2017: Google’s chief internet evangelist seems nervous about Trump’s tech policy, Yahoo Finance

Cardinal rule of tech journalism: If you have a chance to see the guy who co-wrote the core protocols of the thing you use everyday, you should show up. The payoff for me: a tweet that went slightly viral and a post I enjoyed writing–once I’d decided what parts of Cerf’s wide-ranging talk couldn’t fit in the post.