Weekly output: “Beyond television,” cable boxes and apps, Google I/O (x3), Chrome OS, security, Android N

I had a two-city, four-airport week: I spent Sunday afternoon through Tuesday evening in Boston for the cable industry’s INTX show, flew to SFO that night and spent Wednesday through Friday at Google I/O before flying home Saturday morning. I am seriously exhausted… so it’s not optimal timing that I’m writing this from Dulles. Why? I was invited to moderate a panel at the Connected Conference in Paris later this week (and on the side, meet a bunch of French startups the government wants to show off). I haven’t been to my family’s one-time expat home in 25 years, so this would have been difficult to turn down. But I did think about that.

5/16/2016: Beyond Television: Extending the Media Brand Across the Digital Forever, INTX

I moderated this discussion with BET’s Kay Madati, Fusion’s Jigar Mehta and Scripps Networks Interactive’s Vikki Neil about how cable networks are trying to connect with current and potential fans outside the big screen. I may be a cord cutter, but I do have one of Alton Brown’s cookbooks and I often turn to Fusion’s tech coverage, so I guess I’m an example of successful beyond-television marketing.

Consumer Reports I O preview5/17/2016: What to Expect from Google I/O 2016, Consumer Reports

My debut piece for CR (no subscription required to read it) was a preview of Google I/O’s expected news that I think mostly holds up.

5/18/2016: Live at Google I/O, Jefferson Graham

Right after I picked up my press badge, I ran into Jefferson and a few other USAT pals, and he elected to do a Facebook Live stream on the spot.

5/18/2016: Cable operators are trying to fix the single biggest problem with their apps, Yahoo Finance

I wrote a reality-check piece about the cable industry’s “but we have apps!” response to the Federal Communications Commission’s “unlock the box” proceeding. The cable operator that now seems most far along in providing TV apps that can take a cable box’s place without compromising on major features? Comcast.

5/18/2016: Google just made it clear that it’s trying to catch up in 3 big areas, Yahoo Finance

This recap of the keynote that opened up I/O disappeared sometime between Wednesday night and Thursday afternoon due to a publishing glitch nobody noticed at the time. Sorry for the mess!

5/19/2016: Google just revealed it’s ‘bringing the Play Store to Chromebooks’, Yahoo Finance

The news that Chrome OS laptops and desktops shipped in the last two years will get a free update opening them up to the Play Store’s catalogue of 1.5 million Android apps may have been the biggest consumer news out of I/O.

5/20/2016: Google: 3 steps you should take now to secure yourself online, Yahoo Finance

Like at last year’s I/O, Google’s security chief Stephan Somogyi gave a great presentation about the state of security that I judged worth a writeup.

5/22/2016: 6 big changes coming to Android phones, USA Today

My last I/O post broke down the changes coming to the next major Android release. I wound up finishing it on my Android phone–an excruciating experience–after my laptop ran out of battery on Caltrain on the way into San Francisco.

Weekly output: mobile payments, FCC regulations, Apple and the FBI, flash drives to North Korea, smart cities, Apple at 40, fiber Internet hardware fees

I wrote three of the stories below before this week–in one case, months before this week–so don’t get the wrong idea about my personal productivity over the last six days.

Yahoo Tech mobile-payments post3/29/2016: Don’t take my money: Why mobile payments haven’t taken off — yet, Yahoo Tech

In what I can only call epic timing, I had to have one of my credit cards reissued only hours after I filed this last week. Some joker had somehow obtained the number and used it for an online transaction at a random Ukrainian merchant. That’s the scenario that mobile payments could have prevented–if the unknown merchant that lost my card’s digits had accepted NFC phone payments, which is nowhere near a sure thing.

3/29/2016: Shining the Spotlight on the FCC: How Rules Impact Consumers and Industries, American Action Forum

I moderated a debate about the Federal Communications Commission’s recent regulatory initiatives with AAF’s Will Rinehart, Public Knowledge’s Meredith Rose and Tech Knowledge’s Fred Campbell. Rose and the other two come at this topic from different perspectives, as you can see below, but we had a civil and entertaining exchange.

3/29/2016: Lessons from the Apple-FBI fight, Yahoo Tech

When I wrote this, it still seemed possible that the FBI might disclose the vulnerability it exploited to unlock the phone used by one of the San Bernardino murderers. That now seems exceedingly unlikely. My hunch is that the Feds have bought themselves a short-term advantage that’s likely to set them back in the long run.

3/30/2016: New use for old flash drives: Subverting the regime in North Korea, Yahoo Tech

This story came about because I set aside a couple of hours on my last day at SXSW to tour the show floor and therefore came across this fascinating demo. The idea of smuggling flash drive into the “Democratic” “People’s” “Republic” of Korea might seem a wildly optimistic exercise in slacktivism, but two experts on North Korea told me it’s worth doing.

3/31/2016: The Internet of Things Drives Smart Transportation Projects, StateTech

I filed this piece about interesting smart-city projects in Chicago and Washington quite some time ago, but the story got held up for various reasons until the appropriate “publish” button was finally clicked this week.

4/1/2016: Apple turns 40, Al Jazeera

The news network’s Arabic channel had me on (overdubbed in Arabic by a translator) to talk about Apple turning 40. I answered a question about the state of the company post-Steve Jobs by saying that its hardware looked as innovative as ever, but its services remain a mess.

4/3/2016: Hardware fees not just for cable Internet, USA Today

Your e-mails asking about cable-modem costs at U-verse (note: not a cable system) got me thinking, and then I realized that AT&T’s mandatory hardware fee for its fiber service makes most cable operators’ price structure look reasonable.

Updated 4/4, 8:26 a.m. to add Friday’s Al Jazeera interview.

Weekly output: iOS updates, Mac ransomware, ISP privacy (x2), wedding gifts, e-mail security

AUSTIN–I’ve been here since Friday morning, and somehow I have not eaten any brisket yet. If you choose to regard that oversight as a character issue, I can’t blame you.

3/7/2016: How to recover from iPhone update gone bad, USA Today

I made a mistake in this column–I misread an Apple tech-support note about restoring an iPhone in an Apple Store as evidence that you could also borrow a computer there to backup your iPhone and then restore it. That’s not the case, as two people pointed out, so I’ve asked my editor to correct the piece.

Yahoo Tech ISP-privacy post3/7/2016: Your ISP might not be spying on you now — but you’d be crazy not to worry that it will, Yahoo Tech

This post started life as a simpler, shorter unpacking of a report about the limits to Internet providers’ visibility of their subscribers’ online activity, but the topic and the word count expanded a bit from there.

3/8/2016: Ransomware on the Mac: Turns out identify theft is a problem for apps, too, Yahoo Tech

After this ran, a friend commented on my Facebook page that he uses the Transmission app but had chosen to skip the update that had been contaminated with a ransomware payload. Yikes.

3/9/2016: Great Wedding Registry Gift Ideas, The Sweethome

As part of this long guide to wedding presents, Casey Johnston interviewed my wife and I about the stand mixer that (I think) some of her parents’ friends gave us, and which I use to make bread every week.

3/11/2016: FCC proposes new broadband-privacy rules — and your ISP probably hates them, Yahoo Tech

Federal Communications Commission chairman Tom Wheeler proposed some not-too-sweeping proposals to limit what your ISP can do with the data it collects about your online activity, and Big Telecom is not amused.

3/13/2016: How to give your email a security checkup, USA Today

I was pleasantly surprised to see some large Internet providers support IMAP syncing and TLS encryption–but others have horribly obsolete and insecure setups. Think about that when you hear somebody insist that the only way to get a good and reliable service online is to pay for it.

Okay, maybe this SXSW commercialism really has gotten out of hand

AUSTIN–SXSW is really two events. One is the long series of panels and keynotes that teach me new things and get wheels turning in my brain for weeks afterward–for instance, yesterday President Obama did a Q&A that was supposed to be a sales pitch for SXSW techies to lend their talents to making government work better but wound up being his most revealing discussion about device encryption ever.

Sixth Street during SXSW(Twitter was not pleased with Obama’s displeasure about “fetishizing our phones above every other value,” to judge from my own timeline.)

But there’s also the Marketing Spring Break that surrounds this conference, in which every other social media manager, PR rep, advertising executive, and brand ambassador in America takes their employer or client’s corporate credit card and goes on a spending spree with restaurants, bars and caterers here.

The result is a schedule crammed with happy hours, receptions and parties, this year even more so than in the four before that I’ve been privileged to attend this event. My own calendar this evening features five events, most overlapping each other’s time slot. I am not sure what I could say to a normal human being’s “I hate you” assessment:

2) “Don’t hate the player, hate the game!”
3) Actually, just go ahead and hate me.

It’s not just tech startups lighting their investors’ money on fire in the hope of repeating Twitter’s 2007 SXSW breakout. The social scene here also features a wide variety of big-name Establishment firms looking to capture “mind share” by giving away free beer, tacos and BBQ–anytime I am overcome with SXSW-scheduling angst over which panel I won’t be able to attend, I can chill at the Scotts Miracle-Gro Connected Yard, the McDonald’s Loft, the Budweiser Beer Garage, or the Comcast Social Media Lounge.

I don’t know how all of these companies can get an acceptable return on their investment. What I do know: I’m not getting out of this place any skinnier.

Weekly output: Israeli cybersecurity, 2016 tech outlook, Apple vs. the FBI

BARCELONA–I’m here for my fourth Mobile World Congress in a row. The show doesn’t start until tomorrow, but today included LG and Samsung’s phone debuts and two other product-demo events. I’m here through Thursday, which will probably not be enough time to take everything in.

If you were going to use this space to ask what’s up with Yahoo Tech… I’d have to reply that you’re asking a good question. One thing I know for sure is that my editor and friend Dan Tynan is out and moving on, but other things are unsettled, and in the meantime I’m going to keep doing my work.

2/16/2016: What Israel Could Teach the U.S. about Cybersecurity, Yahoo Tech

The product of my trip to Israel at the end of January finally came together, with my last phone interview happening the morning this got posted. Please read the comments for a note from me about a mistake we fixed post-publication; please don’t read them if you’d rather not see one commenter’s anti-Semitic garbage.

Hub 2016 tech outlook panel2/17/2016: Tech & Telecom Outlook 2016: Tapping Opportunities in the Transforming Digital Economy, The Hub

I had a good conversation at this local tech group’s Tysons Corner event with Consumer Technology Association research director Jack Cutts, CIT Gap Funds investment director Sean Mallon, SAP Mobile Services strategy director William Dudley, serial startup founder Shahab Kaviani, and Wiley Rein partner Megan Brown.

2/17/2016: FAQ: What You Need to Know about Apple’s Encryption Fight with the FBI, Yahoo Tech

I wrote this post in record time–some in the morning before I had a dentist’s appointment, the rest after coming back from the Hub event. Key development since: The FBI told the San Bernardino police to reset this iPhone’s iCloud password, which defeated one of the workarounds Apple recommended to reveal the device’s contents without having to write any custom software to weaken its security.

 

Mail encryption has gotten less cryptic, but some usability glitches linger

I seriously underestimated you all late last year. In a Dec. 7 post about encryption, I wrote that I hadn’t gotten an encrypted e-mail from a reader in years and said I expected that streak to continue.

PGP keysIt did not. Within a week, a dozen or so readers had sent me messages encrypted with my PGP public key (under subject lines like “Have Faith!” and “Challenge Accepted”), and several others have done the same since. That’s taught me that the crypto user experience has, indeed, gotten pretty good in GPG Suite, the Pretty Good Privacy client of choice in OS X.

But at the same time, some awkward moments remain that remind me the woeful state of things in the late 1990s.

Most of the them involved getting a correspondent’s public key, without which I could not encrypt my reply. When it was attached as a file, dragging and dropping that onto the GPG Keychain app had the expected result, but when it came as a block of text in the decrypted message, I (like other users before me) wasted a few mental processor cycles looking for an import-from-clipboard command when I only had to paste that text into GPG Keychain’s window.

I should have also been able to search keyserver sites for a correspondent’s e-mail address, but those queries kept stalling out at the time. One reader did not appear to have a key listed in those databases at all, while I had to remove a subdomain from another’s e-mail address to get his key to turn up in a search.

One more reader had posted his public key on his own site, but line breaks in that block of text prevented GPG Keychain from recognizing it.

The GPGMail plug-in for OS X Mail is in general a pleasure to use. But its default practice of encrypting all drafts meant that I could no longer start a message on my computer and finish it on my phone–and one e-mail that I’d queued up in the outbox while offline went out encrypted, yielding a confused reply from that editor. I’ve since shut off that default.

It’s quite possible that the upcoming stable release of GPG Suite for OS X El Capitan will smooth over those issues. But that version was supposedly almost ready in late September, and there hasn’t been an update on that open-source project’s news page since. I suppose having to wonder about the status of a crucial software component counts as another crypto-usability glitch.

 

Weekly output: encryption explained, OS X autocorrect, DoubleClick dialog

Yes, I did get your CES PR pitch.

Yahoo Tech crypto FAQ12/7/2015: FAQ: How Encryption Works And Why People Are So Freaked Out About It, Yahoo Tech

The 1.0 version of this column was a detailed look at how encryption works in Pretty Good Privacy and in iOS 8; not for the first time, an editor said I’d gotten too far into the weeds and asked for a rewrite. After this 2.0 version ran, I was pleasantly surprised to have several readers send me PGP-encrypted messages.

If you’d like to know more about this issue, including some of the history behind this debate, see Andrea Peterson’s longer FAQ in the Washington Post.

12/11/2015: Tip: Best Way to Fix OS X’s Autocorrect? Turn It Off, Yahoo Tech

With my USA Today column no longer including a weekly tip at the end, Yahoo was happy to run this tip… which was really more of a rant.

12/13/2015: DoubleClick message should have prompted double take, USA Today

A brief snafu at Google’s advertising subsidiary may not have been sufficient material for a column, but I’d like to think that using it to remind people to be wary of strange requests from even familiar Web sites was a worthwhile exercise.

Weekly output: encryption politics, Thanksgiving tech support

I did better than I expected at avoiding work e-mail over this weekend, but I did have to set aside time to revise two Wirecutter pieces. On Monday, the latest iteration of our guide to the major wireless carriers went up, covering price shifts at Sprint and T-Mobile and improved international-roaming options at Sprint and Verizon Wireless. Then on Wednesday, we corrected last week’s guide to prepaid and resold wireless service to explain how our pick, Consumer Cellular, had begun wholesaling T-Mobile’s service as well as AT&T’s. I missed that non-trivial change, and I’m still annoyed about the oversight.

11/24/2015: The Paris Attacks Were Tragic, but Cryptography Isn’t to Blame, Yahoo Tech

I returned to the debate over whether tech companies should be required to build in back doors for law enforcement–my last such post ran in September–to argue that the argument for compromised crypto is even weaker when you look at adversaries like the Paris murderers. Who, by the way, hardly bothered to cover their tracks.

USAT Thanksgiving 2015 tech-support column11/27/2015: How to improve family’s Wi-Fi and other tech support tips, USA Today

My original concept of this column was to write a sort of greatest-hits compilation of earlier pieces, but I soon realized that this story could and should note the ways these consumer-tech problems had gotten better or worse since I’d last covered them for USAT. I’m not sure what made this piece so widely shared on Facebook–though having my column run two days early must have helped–but I’m flattered anyway.

Writing this also reminded me that I was sorely overdue to uninstall Oracle’s Java software off one laptop. I had disconnected that program from my browser long ago, but it still didn’t justify its storage footprint.

Weekly output: encryption, wireless carriers, Gear S2, IFA

I’m home from Germany, but not for long. Tuesday afternoon, I depart for CTIA’s Super Mobility Week show, and two days later I head over to Portland for XOXO. I thought about skipping CTIA’s show, but two nights’ hotel in Vegas and the extra air travel added so little to my trip costs that I decided to go ahead with it. (No, I’m not going to Apple’s event Wednesday in San Francisco; Yahoo and USA Today already have reporters covering it.) Check back next weekend to see if I still think this schedule was a good idea… I already have my doubts.

9/1/2015: What Politicos Don’t Know About Encryption Could Make Us All Less Safe, Yahoo Tech

I filed this somewhat overdue update on the encryption debate (hint: security experts say there’s nothing to debate) Monday evening over one of Canada’s maritime provinces. I’d complain about the WiFi cutting in and out, but it’s important to keep perspective: I wrote from a chair in the sky! With Internet access!

Wirecutter best-carriers guide9/1/2015: The Best Wireless Carriers, The Wirecutter

Didn’t I just update this guide? Yes, I did. But then AT&T revised its prices, Sprint announced it would drop two-year contracts by the end of the year, and some new third-party research came out. I took advantage of the opportunity to redo our usage scenarios to reflect reports of higher average data consumption.

9/3/2015: Hands On: Samsung’s Gear S2 Brings Some Elegance to the Smartwatch, Yahoo Tech

I had about an hour to play with this interesting smartwatch Wednesday evening in Berlin. The lede popped into my head the next morning, in plenty of time for me to file before Samsung’s embargo expired.

9/6/2016: Four trends spotted at the IFA tech conference, USA Today

A few weeks ago, the folks at USAT asked if I could occasionally switch up my column from the usual Q&A format to address issues raised at tech-industry events like IFA. I said that sounded like a reasonable idea, and this is the result. Next weekend will probably see me again hold off on the Q&A to write about whatever I learn about the wireless industry at CTIA’s event.

Cert-ifiable: How my Mac didn’t trust a new secure site from the Feds

For about three minutes on Monday, I thought I’d uncovered a gigantic security flaw in a new government site set up to push other .gov sites towards secure browsing: When I tried visiting The HTTPS-Only Standard, my iMac’s copy of Safari reported that it couldn’t verify that site’s identity and its copy of Chrome said my connection wasn’t private.

https.cio.gov cert errorBut when you think you’ve uncovered an obvious error in a site that’s been out for over a week, it’s usually your own setup at fault. And within minutes of my tweeting about those warnings, I got a reply from the guy who configured the site saying he couldn’t reproduce the problem.

After some quick testing on this computer, my MacBook Air, my iPad and my phone (during which I silently congratulated myself for editing some accusatory sarcasm out of that tweet before posting it), I realized this fault was confined to Safari and Chrome on my two Macs. Every other browser, including Firefox on my iMac, got through to that HTTPS-Only site normally.

Further Twitter conversations pointed me to each Mac’s store of saved site certificates, accessible in the Keychain Access app. For Safari and Chrome to encrypt a connection to that government site, OS X needed to match its digital certificate against a sort of master key, a “root certificate” stored in the system.

old Comodo certificate(For a better description of how the mathematical magic of encrypted browsing happens, consult my friend Glenn Fleishman’s 2011 explainer for the Economist.)

Both Macs had an old copy of Comodo Group’s root certificate, one not listed on Apple’s inventory of trusted root certs. I tried deleting that certificate, figuring it probably wouldn’t make things worse–and that was all it took for the HTTPS-Only site to work as advertised and for one or two other sites to stop coughing up security warnings.

With my encrypted browsing back to normal, I’m left to wonder how my system keychains got tangled up like that. Any theories? Before you ask: Yes, I’ve done a full scan with the ClamXav malware scanner and haven’t found any issues.