Weekly output: Biden-Harris cybersecurity efforts, X sues ex-advertisers, election security, security meets usability, Black Hat network follies

Posted on by
Reply

This week took me to one place I know far too well, Las Vegas, and one I’d never visited before, Mojave Air and Space Port. I’m not done writing about what I learned at the first destination during my fifth time covering the Black Hat information-security conference, and I haven’t started the story I owe from my second stop checking up on Boom Supersonic.

Fast Company Biden cybersecurity story8/7/2024: The Biden administration has been trying to improve the U.S.’s cybersecurity—no thanks to Congress, Fast Company

The idea for this piece started at Black Hat last year, when I was struck by the level of detail in the advice government officials offered in talks at this event. I quizzed a handful of security experts for their thoughts about how the Biden administration had fared in its efforts to strengthen the nation’s information-security defenses–then after President Biden dropped out of the presidential campaign to pass the torch to Vice President Harris, I had to circle back to most of them to get their perspective about how she might continue that effort.

8/7/2024: X Sues Advertising Group Over Boycotts: ‘Now, It Is War,’ Musk Says, PCMag

Since the legal complaint didn’t recap all the things that the former Twitter has done under Elon Musk’s chaotic misrule to make itself repulsive to name-brand advertisers, I used this post to remind readers of that recent history.

8/9/2024: Feds Make a Pitch for Election Work: Here’s What I’ve Learned as a Poll Worker, PCMag

The panel that opened Black Hat Wednesday morning featured Cybersecurity and Infrastructure Security Agency director Jen Easterly inviting people curious about election security to talk to the people who run their elections–and asking attendees to serve as poll workers themselves. Since I have been doing that since early 2020, I thought this was a good opportunity to share some of my own experiences

8/9/2024: Signal Developer Explains Why Early Encrypted Messaging Tools Flopped, PCMag

The first part of Signal developer Moxie Marlinspike’s Thursday-morning appearance at Black Hat was a philosophical and somewhat meandering talk that didn’t look to me like grist for a post. But then his conversation onstage with Black Hat founder Jeff Moss surfaced some good insights about the intersections of security and usability.

8/9/2024: The Only Real Problem With Black Hat’s Wi-Fi Was the People Using It, PCMag 

Since I first covered Black Hat in 2018, the panel in which the people who run the event’s WiFi recount the poor life choices made by attendees on the network has been a reliable source of enlightenment as well as amusement. 

Migrating to a new Android phone without the old one around–or alive

Posted on by
Reply

I spent less of Sunday morning than I’d feared on a chore that I’d last had to tackle in the summer of 2017: setting up a new Android phone without the old one operational, leaving me to restore only from an online backup.

A Pixel 8a shows grayed-out icons for apps that have not yet been installed, with the Capital Bikeshare app in mid-install. That phone rests on top of a dead Pixel 5a with its back camera facing up.

Having this process go smoothly took some of the sting out of having my previously trusty Pixel 5a die on me. So did having this phone’s demise happen while I was at home and with a light schedule–after which a PCMag colleague shipped me their loaner Pixel 8a, which FedEx deposited on our front porch at 11:25 a.m. Sunday.

Signing into the 8a with my Google account and selecting the 5a’s backup kicked off a restore routine that, like when I set up the 5a at the end of 2021, not only had all of my apps quickly reinstalling from the Play Store but also recreated my carefully tended app-icon layout. The only app that I had to install separately was MetroHero, by virtue of that helpful Metro train tracker being a Web app saved as a home-screen shortcut.

But unlike that last time, I didn’t have any wonkiness with Google Voice and did not need to deal with a weird phone-number-driven onboarding in Google Pay, Google having finally killed off that mediocre mobile-payments app in favor of Google Wallet.

And I had the added advantage of a Titan USB-C security key–an exceptionally useful bit of swag from a SXSW reception that Google had hosted at its Austin offices this March–to authenticate my most important logins. After my Google account itself, I used that to confirm my login into 1Password’s app, which then streamlined signing into my other apps.

But four apps have come with post-install complications:

  • Today Weather didn’t preserve my list of saved cities, so I’ve had to repopulate that from memory.
  • My old messages in Signal are gone, because that end-to-end encrypted messaging app requires either access to the old device or a backup created from it.
  • Chrome doesn’t have a shortcut to open every page that was open in the previous copy, so five days later I’m still recreating some of the tab groups I had curated over time.
  • The Metro SmarTrip card that I’d added to Google Wallet on the 5a is visible in that app but useless, with online transfers of digital cards from defunct to operational mobile devices reserved for iOS while Android users have to report a digital card as lost and have its balance transferred to a newly-purchased card.

I’d like to see the developers of these apps–but especially Google and WMATA–work to sand down some of those rough edges if possible, but I doubt they’ll have made much progress by the time I migrate from this loaner phone to whatever phone I buy to replace it.

Which will almost certainly be either a Pixel 8a or the about-to-be introduced Pixel 9. Because even after the unfortunate end of my Pixel 5a, I still value a phone that gets Android updates as fast as Google can ship them, allows an unusual degree of repairability, and includes the Hold For Me function that spares me from hours of listening to hold music every year.

Weekly output: passkey adoption, AI safety, net neutrality, DOJ v. TikTok

Posted on by
Reply

Tuesday, I’ll flee D.C.’s 90-something temperatures for the 100-something temperatures of Las Vegas–but as I’ve realized over previous trips to that desert city for the Black Hat information-security conference, it really is a dry heat.

In addition to the posts below, my Patreon readers got a recap of a very long day of travel on Thursday of the previous week that saw me returning home about 21 hours after I’d stepped off of the front porch that morning.

7/30/2024: These Are the Services Seeing the Biggest Uptick in Passkey Adoption, PCMag

What I thought would be an easy writeup of an embargoed copy of a Dashlane study about passkey adoption among users of that password manager wound up enlightening me about Facebook’s support of that authentication standard. And once again, I found Facebook’s documentation out of date and incorrect.

PCMag Microsoft AI-policy post7/31/2024: Here’s How Microsoft Wants to Shield You From Abusive AI–With Help From Congress, PCMag

I had ambitions of attending this downtown-D.C. event Tuesday afternoon featuring Microsoft’s vice chair and president Brad Smith, but my schedule ran away from me and I watched the proceedings online. And then I didn’t finish writing this piece until Wednesday morning, although that at least let me nod to news that day of the impending introduction of a new bill targeting AI impersonations of people.

8/2/2024: Circuit Court Throws a Stop Sign in Front of FCC’s Net-Neutrality Rules, PCMag

Reading this unanimous opinion from three judges–one named by Clinton, another a Biden appointee–that the Federal Communications Commission didn’t have the authority to put broadband providers into one of two possible regulatory buckets left me feeling like I’d been taking crazy pills over the last 20 years of the net-neutrality debate, during which the FCC has repeatedly done just that.

8/3/2024: Justice Department Sues TikTok, Alleging Massive Child-Privacy Violations, PCMag

I woke up Saturday thinking that somebody at PCMag was already covering the DOJ lawsuit against TikTok, but nobody had grabbed that story. So I set aside part of that morning to read the DOJ’s complaint, get a comment out of a TikTok publicist and write this post summarizing the department’s allegations.

A gadget writer’s minor equivalent of nuclear waste

Posted on by
2

My home office always needs cleaning, but there’s one part of it that stays especially resistant to tidying up–the small collection of old and inoperative hardware that might have my data in a condition that might be accessible.

I think of these probably-defunct devices as my own rough equivalent of nuclear waste, but instead of radioactive isotopes they may hold old personal data that I don’t want to see leak out. That’s “may” because unlike spent reactor fuel that we know has to be kept safe, these gadgets no longer function to a degree that would let me confirm that I’d wiped my traces from them or finish that device-reset work.

Defunct or nearly-defunct devices: Pixel 5a and Pixel 1 phones atop a 2017-vintage HP Spectre x360

The most obvious, meaning dustiest, example is the Pixel 1 I’d retired five years ago. I was all set to ship it back to Google for a trade-in offer of $25 when I bought my Pixel 5a at the end of 2021–but then I realized that it no longer charged, which zeroed out the return value.

I couldn’t remember if I’d done the right thing in 2019 and factory-reset the Pixel then. Android’s storage encryption should have meant nothing could be read off the phone anway, even if somebody could breathe electric life back into the thing–but at the end of a busy year it seemed easier to set the old phone aside and figure things out later. And “aside” is where that Pixel remains.

A year later, the HP laptop that I’d bought in late 2017 suffered an apparently fatal display malfunction that meant I could not expect to operate the thing for more than a few minutes after booting it up. That left a drive’s worth of data unprotected–for whatever stupid reason, this computer did not support Windows device encryption.

This output meltdown also left this HP unwipeable, in the sense that I couldn’t use the computer for long enough to install and run the open-source VeraCrypt disk-encryption utility. So once again, the easiest move was to set the device aside on my desk.

Thursday morning added a third device to this sad list: the Pixel 5a that apparently wasn’t aging as well as I’d thought. When I tried checking my notifications on that phone after waking up (I know, not a strong choice), it had mysteriously stopped responding to fingerprint unlocking, taps of its buttons or its screen, or any of the other troubleshooting steps outlined in a Google tech-support note.

This phone unquestionably has my information on it, but is that data in a Schrödinger-esque state of uncertainty? Or is it gone by virtue of the device’s circuitry suffering the kind of catastrophic failure that would make it so unresponsive?

Photo of VeraCrypt beginning to encrypt the drive on a 2017-vintage HP Spectre x360. The screen wallpaper visible behind that app's window is a picture of the International Space Station with Earth visible below it.

As I scrapped Thursday-night plans to work this problem, I thought that I might as well take another look at the laptop that had been gathering dust on my desk for the last two years.

And after one screen freeze, that seven-year-old HP somehow booted up and kept working long enough for me to install VeraCrypt and encrypt the disk with a complex passphrase generated by 1Password. That makes the entire PC unbootable and unreadable for somebody who doesn’t have that login.

Then the old laptop obliged me further by letting me add a local account and delete my own account. Perhaps I should push my luck further by reformatting the drive and then reinstalling Windows.

Or I could declare victory and take this device to the nearest Apple Store for proper recycling… but procrastination has its own half-life, so I doubt I’ll get that errand done right away.

Happy 10th birthday, Silver Line

Posted on by
Reply

Ten years ago today, the car-clogged, concrete sprawl of Tysons Corner became less distant from my walkable, leafy corner of Arlington when Metro finally opened the first phase of its Silver Line extension.

July 26, 2014 was a day long awaited. It had taken years of political maneuvering to get this project past obstruction and outright opposition from windshield-perspective politicians in Washington, Richmond and even Northern Virginia, followed by years of seeing the mostly-elevated segment inch through Tysons and beyond as construction delays pushed its planned opening from 2013 into 2014.

As a Silver Line train pulls out of the McLean station, a platform sign blurs while the view beyond showcases continued construction.

After all of that, boarding the first revenue-service westbound train on that Saturday–still one of the nerdier things I’ve done, which I realize is saying a lot–and then enjoying the view gliding above traffic felt like an epic win.

Knowing that I could take the train to the occasional work or social event in Tysons instead of taking my chances with traffic on I-66 and routes 7 or 123 represented an immediate upgrade to my NoVa logistics.

It took me a little longer to realize how having Metro get within seven miles of Dulles Airport would ease getting to and from IAD. And then I had to wait another eight years, vastly more than I would have imagined before the pandemic and even on our way out of it, to see the Silver Line reach Dulles itself.

I enjoyed that one-seat transit ride to Dulles yet again Thursday morning, which also gave me time to contemplate how that view from above Tysons has changed and how it hasn’t. While the McLean stop has undergone a remarkable level of urbanization that now features the tallest building in Northern Virginia, the Tysons station has seen less of a transformation–and the view to the south of Greensboro and Spring Hill has barely budged in that decade.

Meanwhile, walking outside the immediate vicinity of those stops can be as miserable as ever.

The scenery looked considerably better near the Wiehle-Reston East and Reston Town Center stations, where transit-oriented development has taken off without having so much of each neighborhood already chopped up by six- or eight-line roads.

My perspective on the Silver Line has also changed after seeing so many other transit megaprojects in the U.S. fly off their budgetary rails–for example, the Purple Line in Maryland, which has reached the tracks-on-the-ground stage of construction after billions of dollars in overruns and remains at least three years from opening. After all the angst over financing Metro’s farthest-reaching extension into the suburbs, we got this done at a per-mile cost cheaper than almost every other new transit project in the U.S. and even some overseas.

We should take a little pride in this public work… especially when talking to New Yorkers whose far more extensive subway system still doesn’t touch any of their airports.

Weekly output: zombie accounts, Boost Mobile, broadband ISP ratings, Android 15 beta, CrowdStrike, Mark Vena podcast

Posted on by
Reply

Sunday started with Joe Biden as the presumptive Democratic presidential nominee and is ending with Kamala Harris as the increasingly likely Democratic presidential nominee. I am struck by the selflessness involved in somebody at the apex of political power assessing the circumstances and the stakes and deciding that they require taking himself out of contention–and how well that grace, however grudgingly it may have come, compares to Donald Trump’s incessant self-worship. As Tom Nichols writes in The Atlantic: “Biden’s decision reflected a determination to put the fate of his country ahead of his personal vanity, a choice Trump is inherently incapable of making.”

7/15/2024: Automation Lessens Zombie Account Risks, FedTech

I last wrote for this publication in 2017, but I must have left a decent reputation there for an editor to e-mail me in April to ask if I could do a story about how government-IT types can ease staff transitions between administrations.

PCMag Boost Mobile relaunch post7/17/2024: Boost Mobile Unwraps New Plans As 5G Network Buildout Chugs Along, PCMag

We had to correct this post because I had missed how Boost’s most expensive plan does not include mobile hotspot use, even though two of its three cheaper options include it. Which is a dumb pricing game for any wireless carrier to play, but especially one that touts “simplified pricing” in its pitch for its new plans.

7/17/2024: On Speed, T-Mobile Is First in Mobile Broadband, AT&T in Home Internet, PCMag

Ookla, the company behind the Speedtest family of apps, offered me an advance on their latest connectivity report. I’m still confused by how they assessed only AT&T’s fiber service next to all of Verizon’s broadband options.

7/18/2024: Google Ships Fourth And (We Hope) Last Android 15 Beta, PCMag

This was the fifth time this year that I’ve written a short post about an incremental step in Android 15’s development cycle for PCMag.

7/19/2024: Prior to Microsoft Meltdown, CrowdStrike Exec Warned of ‘Single Point of Failure’, PCMag

As I read about the worldwide IT meltdown sparked by CrowdStrike’s epic failure of a driver update, I remembered seeing a CrowdStrike executive declaring at a Washington Post event in early June that “A resilient digital architecture should be able to weather a storm.” Awkward!

Patreon readers got a bonus post related to this story, in which I recounted the continuing utility of keeping notes in a searchable digital format but also revealed that I still have paper notepads from more than 25 years ago–and recently got some unexpected use out of one.

7/19/2024: Ep 103 SmartTechCheck Podcast–CrowdStrike, innovation drought, foldable phones and robotaxis, Mark Vena

I joined my industry-analyst friend’s podcast to talk about a grab-bag of tech topics, one of them being Waymo’s robotaxis as I experienced them in Los Angeles a few weeks ago.

Twenty years is a long time in one house

Posted on by
1

Wednesday marked a personal milestone that I had to research before gracing it with a calendar entry: Twenty years earlier, my wife and I moved into the house that we still occupy today.

Signing the papers for that 1920 bungalow represented a step into the real-estate unknown in 2004. A few months earlier, realizing that the condo I’d bought four years earlier had appreciated to almost double that purchase price, it had seemed sensible at least to see what was on the market nearby–and after visiting 10 properties, one with a big old front porch and what we thought was well-renovated kitchen seemed like it would fit into our budget and provide just enough room for a family.

The doorknob on our front porch, showing the red-painted wood behind it and glass next to it showing a reflection of the American flag hanging from our front porch.

So we considered the reality of housing not getting any cheaper around here and chose to take the step that turned out to be more of a leap.

We didn’t want to move anytime soon afterwards–I hate moving so much–two of us became three of us, the seasons rolled on by, and at a point I didn’t even think to look up in 2019, our tenure in this house surpassed the 15 years or so that I had spent in my childhood home.

An equally unknown date in 2020 marked our home’s presumptive 100th birthday (“presumptive” meaning that the property-tax records that aren’t specific on the construction date could have the year wrong too). But the pandemic that gave us so much around-the-house time meant we couldn’t properly celebate our abode achieving century-home status anyway.

Another four years have elapsed, during which I have begun to enjoy seeing how much the balance on the mortgage drops with each payment, and here we are.

We’ve shaped the house in our own ways, repainting it on the inside and out while making minor and major repairs and improvements that in 2008 turned a shoebox of a room upstairs into a legitimate home office and this winter finally gave us a new kitchen. And it’s shaped us, turning me in particular into not just a cook but a baker and occasional homebrewer and providing me with a much bigger canvas for my gardening than the condo’s balcony (alas, I still suck at growing tomatoes).

The neighborhood, meanwhile, has advanced immensely as buildings have continued to sprout around the two closest Metro stops while Arlington continues to carve out more room along our streets for pedestrians and cyclists. It’s not always clear that individual blocks near us have improved as much when homes looking like ours keep getting torn down and replaced by McMansions–but I know one address where that’s not going to happen anytime soon.

Weekly output: Uber in Paris, Mint Mobile in Canada, Waymo in L.A., fallout of AT&T data breach

Posted on by
1

The last time I saw headlines fill with news of somebody trying to kill a current, former or would-be president was 1981. I would have liked to see that streak continue instead of ending Saturday with the attempted assassination of Donald Trump at his rally in Pennsylvania and the murder of attendee Corey Comperatore. The U.S. has all sorts of problems–some the fault of Trump and his ilk–but gunning down politicians will not solve them and will spawn more horrible problems.

7/9/2024: Inside Uber’s new plan to route around traffic at the Paris Olympics, Fast Company

My first reaction to Uber pitching me on news that it was adding crash and traffic reporting to its driver app was surprise that they didn’t already offer that feature. My subsequent conversation with an Uber executive about the company’s plans to scale up for the Paris Olympics revealed some other changes it’s been making to improve the pickup experience–and one possible improvement that is not on its road map.

7/11/2024: Mint Mobile Adds Free Roaming in Canada to All Plans, PCMag

I was going to invoke poutine in the lede of this post, but after seeing the advance copy of the press release that T-Mobile PR provided me lean on that Canadian culinary trope, I went with Canadian city scenery instead.

PCMag Waymo report7/12/2024: Exploring L.A. in a Waymo Robotaxi: Peaceful, Cautious, Sometimes Tardy, PCMag

I didn’t file this story right after getting back from Southern California because I needed to get some details confirmed by Waymo before I could write the post. And then I missed one detail anyway, whether Waymo has the equivalent of Uber’s surge pricing. I was enlightened about that error by a comment in a discussion of the story on Reddit’s r/waymo subreddit that I had joined to invite feedback on the piece, after which I corrected that line. Afterwards, I posted extra photos of my Waymo rides to a Flickr album.

7/12/2024: AT&T Data Breach Fallout: Watch Out for Targeted Texts, Spoofed Calls, PCMag

After seeing the news of the theft of calling and texting records of AT&T wireless customers, I immediately thought of how much the National Security Agency values that kind of metadata, then thought about how it could be abused by scammers once it inevitably goes on sale. Unless that somehow doesn’t happen: Sunday afternoon, Kim Zetter reported for Wired that AT&T paid a little over $374,000 in Bitcoin to a member of the hacking team to delete the data and provide video confirmation of the deletion.

A not-all-that-old phone nears retirement

Posted on by
2

Two years and seven months should not rate as a lengthy tenure for an electronic device. But for the Google Pixel 5a I bought in late 2021, that span of time is starting to feel more like a career. And in the context of people who feel compelled to buy a new phone every year, my phone might as well be on its second afterlife.

The device still functions fine–the 5a’s 5G radio has yet to be made obsolete by T-Mobile deploying new spectrum bands–and looks decent overall. In particular, I’ve managed to avoid any damage to the screen I replaced with an iFixIt repair kit in October of 2021 after shattering the original screen a few weeks earlier.

The back of my Pixel 5a, showing the crack in the glass cover of its camera assembly.

But the glass cover over the back camera assembly has developed a crack that apparently lets in enough moisture at times to lightly fog some photos.

On the phone’s inside, more than two years of discharge-recharge cycles seem to have left their dent in the battery. I’m now more likely to look for the nearest outlet by the afternoon of a day on the go to ensure that the phone retains a healthy charge margin when I get back to home or a hotel.

This phone’s 128 GB of storage also doesn’t have much left, with 112 GB now eaten up by photos, music and a collection of apps overdue for culling.

None of that seems too bad on its own, considering that I’ve kept this 5a in daily service for longer than its three predecessors: a Pixel 3a used for about two years and five months, a first-gen Pixel that served me for just over two years and a month, and a Nexus 5x that succumbed to a fatal bootloop after just a year and eight months.

But the factor most likely to push me to buy a new phone in the coming months is not the 5a’s hardware but its software. Google’s Android-support lifecycle document only pledges version updates for it through August, three years after the 5a’s debut, and Android 15 will almost certainly ship a month or two later.

A Pixel 8a, the most likely replacement, would bring a commitment of Android updates until May of 2031–far longer than I can imagine myself continuing to use a 2024-vintage phone–as well as a better camera, more storage, and cordless charging.

But the 8a and, apparently, every future Pixel phone from Google, will not include a headphone jack. Finally knuckling under to that collective design delusion on a device I use more than any other is going to sting.