Weekly output: supply-chain attacks, Mark Vena podcast, password managers, 5G vs. IMSI catchers, fake vaccination cards

TALLINN, Estonia–I’m writing a post from the other side of the Atlantic for the first time since November of 2019 because of a press trip set up for this week by Estonia’s business-development types to show off the country’s tech sector. That sort of thing would be a non-starter were I on anybody’s staff, but I’m not and I’ve gotten a lot out of a few previous trips along these lines. It does help that Estonia is no Las Vegas in its approach to the pandemic. 

Screenshot of the story as seen in Safari on an iPad8/10/2021: More SolarWinds-style attacks are coming. Here’s how to stop them, Fast Company

I wrote up the keynote that opened Black Hat, in which security researcher (and excellent Twitter individual) Matt Tait outlined how getting hostile code into a software supply chain can yield rewards so outsized that attackers have to work extra to focus their attack.

8/11/2021: SmartTechCheck Podcast by Parks Associates, Mark Vena

This week’s edition of my tech-analyst pal’s podcast featured an unusually contentious debate over Apple’s announced plans to do on-device scanning of photos ready to be uploaded to iCloud for matches of known child sexual-abuse material.

8/12/2021: Best Password Managers of 2021, U.S. News & World Report

I contributed an update to the guide I helped write at the start of this year. My work this time includes profiles of 1Password, Bitwarden, Dashlane, Enpass, and LastPass, plus comparisons of 1Password and LastPass, Dashlane and LastPass, and 1Password and Dashlane.

8/13/2021: 5G defends against IMSI catchers – but implementation is critical, Light Reading

My Black Hat coverage-from-afar continued with this writeup of a briefing about 5G’s vulnerability to IMSI catchers, the fake base stations sometimes used by law-enforcement and national-security investigators as well as criminal enterprises to intercept people’s communications.

8/13/2021: Fake vaccination cards, Al Jazeera

I thought the Arabic-language news network would want me to talk about the technical difficulties involved in making counterfeit-proof vaccination cards, but instead they stuck to such big-picture queries as why people would even want to spend $100 or so on fake vax cards sold by random con artists on Telegram.

A laptop aging only somewhat gracefully

My not-yet-four-year-old laptop has spent most of the last year and a half parked on a desk and plugged into a power outlet, but the HP Spectre x360 I bought in November of 2017 is still showing its age in ways that are increasingly hard to overlook.

The most obvious sign of its time is the decaying battery life. It’s not so much that I can’t count on the battery to make it past two hours; it’s more an issue that the percentage-left estimates in the taskbar seem a lot less reliable once the computer falls below 30 percent. And that if I leave this laptop in sleep mode but unplugged, the battery seems to need much less time to exhaust itself.

Photo shows my laptop with its charging cable plugged in.

HP’s hardware-diagnostics app now rates the battery’s condition as “weak,” which doesn’t make a lot of sense considering it’s only seen 380 or so charge cycles out of the 1,000 for which it’s rated. If I had a major tech conference coming up, I would be looking at prices for a new battery. But with Black Hat behind me as an event I covered remotely, it now doesn’t look like I’ll have a battery-destroying, laptop-torturing tech event on my calendar before CES 2022.

The exterior of the laptop doesn’t look too banged up in comparison–unlike my previous MacBook Air at a younger age, none of the keys have had their labels start to wear thin. The hinges that let me rotate the screen 360 degrees and turn the device into a laptop–one of the primary reasons I ditched Apple to buy a Windows laptop–remain sturdy, even if the one on the left looks a little out of alignment.

But the rubber strips on the underside that were supposed to help it stay in place on a slick surface have almost entirely peeled away, making the bottom of the laptop look decidedly janky.

At least the computer itself still seems fast enough, its 512-gigabyte solid state drive is not that close to being exhausted, and Microsoft has yet to rule it too old for any Windows 10 updates.

Four years is a good run for any laptop, so the prospect of having to buy a new one doesn’t bug me that much. But I do wish I could get some extended hands-on time with upcoming hardware from the major vendors–which I won’t get until I can travel to a battery-destroying, laptop-torturing tech event like CES.

Weekly output: space tech, Fox earnings

Not going to Las Vegas for Black Hat deprived me of some conference receptions (excluding those that got canceled on account of the resurgent pandemic) and also reminded me of a failure mode specific to virtual events. As in, a speaker’s presentation stalled out on one slide, but he didn’t realize that because he apparently didn’t check the online chat and there was no IRL audience to say “next slide!” at increasing levels of volume.
 
8/3/2021: CES and Space Tech, Clubhouse

I finally opened my mouth on the audio-room app to chat about the intersections of private space-launch firms and next year’s CES with my space-nerd pal Doug Mohney. We had exactly one person show up in the audience, which I guess means we should have led off with cryptocurrency and blockchains.

Screengrab of FierceVideo post as seen in Chrome on an Android phone.8/4/2021: Fox touts Tubi in quarterly earnings, FierceVideo

Fierce asked me to fill in to write up Fox’s quarterly earnings. I found it weirdly fascinating to hear Fox execs voice total confidence in their prospects, pandemic or not–even though some of the most-watched Fox News hosts have repeatedly questioned the utility of mass vaccination against the coronavirus. (I made sure to include that angle in the story.) I hope people who have been suggesting that an ad boycott will bring Fox to its knees will read this story or one like it and be reminded of how much money this company makes from affiliate fees collected from every pay-TV subscriber, even those who never watch a second of Fox News.

Hertz IT needs some work

Renting a car for the first time in two years and change proved to be more high-maintenance than I’d expected, and I can’t even blame the crack this vehicle sustained in its windshield after a passing truck in southside Virginia kicked up a rock at just the right time.

Instead, my surprise was waiting in the mail two weeks after I’d wrapped up my drive testing for PCMag’s Fastest Mobile Networks report: a letter from Hertz Vehicle Control informing me that this car was “seriously overdue” and if that I did not return it within 10 days of receipt, “felony grand theft auto charges will be promptly filed with law enforcement.”

The problems with this letter started with its third line, complaining that I had not parked the car at the BWI rental-car center. Pursuant to the rental-car agreement for this assignment, I had dropped it off in Atlanta at the ATL rental-car center–where I had waved over a Hertz attendant to point out the windshield damage and then seen her note that by writing a large X on a window.

I had not asked for a printed receipt because I’ve spent a few decades renting cars on and off and had never had an issue with my return of a car vanishing down a bit bucket. I should have noticed that Hertz did not e-mail me a receipt, but I had a family trip to distract me and I had not received any feedback suggesting this car was lost–no e-mails, no phone calls, no late charges. Plus, my prior Hertz rental in the spring of 2019 had been completely satisfactory.

Not for the first time, Twitter made it easy to resolve this customer-service problem. My cranky tweet mentioning @Hertz about the nastygram got a prompt Twitter response inviting me to provide details via direct message; I did, and less than an hour a Hertz rep DMed to say “I have just sent an alert to the location to have them close out your contract and email you the final receipt.”

The next day, I got a reply to the e-mail I’d sent first to the address listed in that Hertz letter, apologizing for the mixup: “There was a delay in the contract being closed, which triggered the automatic overdue letter.”

I couldn’t resist writing back: “I have to ask: Is your normal first notice of an overdue vehicle involve a threat of felony grand theft auto charges? I did not appreciate being treated that way.”

The response: “I do apologize, unfortunately, the letter is standard verbiage that is sent to every file that is triggered as an overdue. That’s why we include at the bottom if it’s sent in error, to please let us know.”

I appreciate these apologies–especially if they stick and I don’t get any other letters asking about this vehicle–but the opening notice of an overdue car really shouldn’t include a threat of felony charges. On the other hand, I recognize that this could have gone much worse.

Weekly output: Mark Vena podcast, Twitter buys Brief, iMessage mess

Once upon a time, you could count on August to be a slow news month. The Trump administration put an end to that–and even with Trump gone, the pandemic will ensure nobody gets a break from breaking-news alerts anytime soon.

Screengrab of podcast episode page as seen in Chrome for Android7/28/2021: SmartTechCheck Podcast by Parks Associates, Mark Vena

My industry-analyst pal now works at Parks Associates instead of Moor Insights & Strategy, but the podcast he hosts continues to run on the same outlines. My contribution to this week’s episode, once again featuring my fellow tech scribs Stewart Wolpin and John Quain, was to call out the ridiculous pricing Verizon has slapped on its new Fios TV streaming apps.

7/30/2021: Twitter buys Brief, Al Jazeera

The Arabic-language news channel had me on for a few minutes to discuss Twitter buying the news-recap app Brief.

7/30/2021: Are your iMessage texts disappearing? The answer might just be checking your email, USA Today

Yet another episode of messages from an iPhone-using friend going to my iPad instead of my phone finally pushed me to dig into how Apple’s iMessage routes your chats. This column is paywalled, but the headline basically spells out the fix: If you use an Android phone, remove your regular e-mail address from your Apple ID profile.

My next in-person tech conference will have to wait a little longer

Next week was going to feature a conference badge and triple-digit temperatures, and now the only way I’ll get any of those things is if the forecast for D.C. turns out to be completely off.

Barely a month after I’d booked flights and a (refundable) hotel room for the Black Hat security conference, convinced that this security gathering in Las Vegas would represent my first in-person conference since February of 2020, I cancelled those bookings this week. Instead of flying to Nevada to take notes in the middle of a physical audience and then network in person at a series of receptions, I’ll follow the briefings online and then connect with nobody new as I have dinner at home.

It wasn’t any one thing about this conference happening in the middle of a not-yet-over pandemic that led me to bag this trip, even though I’ve been fully vaccinated since late May; it was all the things.

First, while I would expect most information-security professionals to evaluate their risks intelligently and therefore have gotten vaccinated long ago, there’s always going to be the exceptions.

Second, Black Hat is like everything else in Vegas in August in that it must exist in a series of air-conditioned bubbles. And while I wouldn’t have a problem wearing a mask while watching briefings, staying masked-up is a lot harder at a conference reception.

Third, Vegas has a giant tourist demographic that self-selects for poor risk management, raising the odds of me sharing an elevator or check-in line with some hard-partying idiot who has made pandemic denial part of his personal political brand.

Fourth, the city itself has a depressingly low vaccination rate, with only 41% of Clark County residents fully vaccinated. Seeing that many people spend that many months declining to use the best tool we have against the pandemic does not make me want to go to their city and spend my money.

The odds remain pretty low, as I understand them, that I would pick up the Delta variant of the novel coronavirus over those two days and change in Vegas. But when one of the people I’d see afterwards would be my not-yet-vaccine-eligible 11-year-old daughter, I can’t justify the risk posed by what strikes me as an especially bad scenario compared to any of the events I’m contemplating for later this year.

So even while I have resumed some business travel, it’s going to be a little while longer before I come home with a new conference badge to add to the collection that’s now been collecting dust for a year and a half.

Weekly output: Verizon earnings, Netflix casting, Verizon Fios TV apps, Redbox + Wurl, AT&T earnings, Twitter tests downvotes, Locast comes to Pittsburgh

I spent three days filling in at my trade-pub client FierceVideo covering industry developments–which allowed me to spotlight yet another example of customer abuse by a telecom conglomerate.

7/21/2021: Verizon Q2 earnings show video continuing to shrivel, FierceVideo

As I wrote in a Forbes post months ago, the sales pitch awaiting at Verizon’s site suggests this company is already acting like a post-pay-TV provider.

7/21/2021: Netflix launches in-house casting department, FierceVideo

Before writing this post, I would have guessed that Netflix had set up its own casting operation long ago, but I’m not exactly a student of Hollywood’s workings.

Screenshot of the story as seen on an iPad mini's copy of Safari

7/22/2021: Verizon adds Apple TV, Fire TV apps for Fios TV, FierceVideo

I had this story mostly written when I thought I should step through the ordering process on Verizon’s site to see if it would suggest its new Apple TV and Fire TV apps as alternatives to renting its Fios TV boxes–and then I was surprised and annoyed to see the company list a $20 monthly fee for the privilege of using these apps. Verizon’s inability to read the room here–even after it’s seen more than 20% of its TV subscriber base boil away in the last four years–is something to behold.

7/22/2021: Redbox turns to Wurl to boost its free-with-ads streaming TV, FierceVideo

My editor asked me to write up this bit of embargoed news she’d gotten; no problem.

7/22/2021: AT&T continues to shed video subs but touts HBO Max success, FierceVideo

AT&T’s earnings call confused me more than a little when the company spent so much time talking up the HBO Max video business that it will soon spin off into an independent company.

7/22/2021: Twitter tests downvotes, Al Jazeera

The Arabic-language news network had me on to discuss Twitter’s new experiment in letting some iOS users downvote replies–with that negative feedback only shown to the authors of those replies, not to the general Twitter public.

7/23/2021: Locast lights up Pittsburgh, FierceVideo

My last post for Fierce this week covered the expansion of this non-profit organization’s free streaming of local broadcast stations to the Pittsburgh market, which I used as an opportunity to educate readers about that region’s unusual second-person plural pronoun “yinz.”

Post-road-trip reflections

Ever since fleeing my rural upbringings for college in D.C., I have taken pride in how little I rely on driving to get around–to the point that I didn’t buy my first car until I was 26. But over the last week and change, I clocked 1,117 miles in a rented vehicle and did not hate it.

Getting paid for the time I spent behind the wheel as part of PCMag’s upcoming Fastest Mobile Networks report made a difference. But having each day’s drive be a one-off proposition instead of the latest iteration of a dreadful commute made its own difference. The first multiple-day road trip I’ve had in about 25 years took me to some interesting places, away from home and around the District.

Photo shows a black Chevy Spark with Hawaii plates, with the High Museum of Art across the street and midtown Atlanta buildings in the background

To start, having to stop and test the wireless carriers’ performance at multiple places scattered around each city on my itinerary–Baltimore, D.C., Raleigh and its Triangle neighbors, Charlotte, and Atlanta–allowed me to indulge my interest in transportation and development just by looking around.

All of these cities feature beautiful neighborhoods I wish I’d had time to walk around on this trip, and all made some dreadful mistakes decades ago with urban highways. (Spoiler alert: They often shoved them through Black people’s homes.) Some now seem to be making amends for those auto-centric excesses with bike lanes, light-rail lines and streetcars, sights that delighted my Greater Greater Washington-reading heart.

After months of having all three meals almost exclusively at home, I also had the challenge of getting breakfast, lunch and dinner without falling back on chain restaurants. All the mandatory test stops often got in the way of this and led me to atrocious lunch times after 2 p.m., but I did meet that challenge and now have a short list of places to return to. I’m not sure when I’ll next have a chance to get lunch at Fat Matt’s Rib Shack in Atlanta or NoDa Bodega in Charlotte, among others, but Open Crumb in Anacostia is only a few blocks off a bike trail I’m overdue to return to.

PCMag’s instructions for this drive testing encouraged avoiding Interstates between cities in favor of smaller, more rural roads that might expose the limits of the carriers’ networks, and that changed up the journey a little more. The four- or two-lane roads I found ate up more of my time but also relieved me of the sight of other cars’ brake lights–and often, of other cars at all. Large swaths of Virginia, North Carolina, South Carolina and Georgia remain forests with only the occasional town of a few intersections to change up the scenery.

(As a native New Jerseyan and now Northern Virginia resident, I did wonder how often I’d see Confederate battle flags on these rural stretches. I only spotted four such displays, which is more than I’d like but much less than I’d feared.)

All of this driving in not-straight lines and my own lack of experience with the drive-testing routine, however, left little time for me to play tourist or even meet people along the way. My late departure for Raleigh barely allowed the minutes for a detour through Richmond to see Monument Avenue devoid of most of its Confederacy whitewashing; I wrapped up my testing around the Triangle in time to go to a Durham Bulls game last Friday; I made sufficiently good time between Charlotte and Atlanta to get a quick lunch in Athens, Ga., and gawk at the remains of the trestle pictured on the back cover of R.E.M.’s Murmur; that was about it. I finally met a friend for dinner Monday night in Atlanta–better yet, it was at his house and he cooked.

Since coming home Tuesday night, I have yet to open the door of our car, much less take it anywhere. That’s been a pleasure, but I have to admit I won’t mind the next chance to drive somewhere on an indirect, inefficient route if it’s part of a reasonably well-paying freelance gig.

Weekly output: out of office

CHARLOTTE, N.C.–For the first time since January of 2019, I have no work to my name over the past week. That’s mainly because I’ve tied down since Tuesday working as one of the drivers for PCMag’s Fastest Mobile Networks report, as I noted here yesterday; days spent clocking a couple of hundred miles between cities or driving in circles around those cities leave little time for outside work. Fortunately, the jaunt through the Southeast that brought me here Saturday afternoon ends Tuesday in Atlanta. I’m looking forward to falling asleep in my own bed and not having to think about where to get breakfast the next morning.

Road trips, now and way back then

CHARLOTTE, N.C.–I’m in the middle of my first multiple-day road trip since… um… 1996. Things about motoring around the U.S. have changed just a bit for me since that trip from Los Angeles to D.C., much less the 1992 trek from Sacramento to the District that was my first cross-country drive.

The biggest differences are that I’m doing this trip solo instead of with a college friend–and that instead of having a room in a group house or apartment awaiting at the end of the trip, I am looking forward to seeing my wife and almost 11-year-old daughter again.

Then comes the fact that this road trip is for work instead of fun, or what passes for fun when you’re in your twenties. I’m spending a week as one of the test drivers for PCMag’s Fastest Mobile Networks project, taking a rental car and six specially configured test phones to locations picked in a series of cities.

Photo shows my rental car with the door open, six test phones sitting on the passenger seat, and a row of storefronts in the Little Five Points neighborhood of Raleigh.

This freelance gig on wheels started with a train–I boarded Amtrak Tuesday for the first time since February 2020 for a short ride to BWI to pick up this car Tuesday, after which I met the previous driver in Baltimore to get the test phones and spend the afternoon driving around Charm City. I devoted Wednesday to driving around D.C., went from home to Raleigh, N.C. Thursday; spent all of Friday on the roads of the Triangle; and had a considerably shorter day of driving Saturday to reach here. My tour of the southeast wraps up in Atlanta Tuesday, after which I fly home.

The vehicle in question, a Chevrolet Spark, isn’t much bigger than the Toyotas involved in 1992 and 1997. But it’s as new as rental cars get, versus the 1977 Corolla with a four-speed manual transmission that made it across the U.S. in 1992 or the 1986 Tercel with a crack in the windshield that did the same in 1996. And it has such modern conveniences as air conditioning, power windows and a backup camera.

And instead of driving entirely offline–taking old cars across deserts with neither GPS nor the ability to communicate must seem bizarre to my kid–I have a smartphone to navigate and keep me in touch via calls, text messages, e-mail, multiple social networks, and the Slack channel PCMag set up for this test. Plus the six test smartphones that spend each day on the passenger seat running their automated tests, as seen in the photo above taken in Raleigh Friday morning.

(I wrote a more detailed explanation of the testing process for Patreon readers Friday.)

But in one respect, the technology of road trips may have backslid a bit from the 1990s. Those old cars lacked CD players but did include tape decks, while this Chevy is like many new cars in not including any playback hardware for prerecorded music. I can plug in a flash drive or pair my phone via Bluetooth, but I have yet to get around to cobbling together a road-trip-relevant playlist on my phone or copying one to a flash drive. Instead, I have instead relied on a more traditional soundtrack source: the radio. And since I had an excellent college-rock station to keep me entertained around Raleigh, that hasn’t been so bad.

7/22/2021: Updated to fix a couple of inaccuracies I only realized when checking this post against old photo albums.