How to know when you are ready to expand your career

“There may be nothing I’ve seen wreck the careers of high-performing, hardworking people more commonly than stepping into a manager role the person isn’t ready for,” tweeted Kieran Snyder earlier this month. The CEO of linguistic analysis firm Textio then follows up this with some very cogent remarks about knowing when to take that leap into management that really resonated with me.

This is because I faced a similar circumstance in my own career back in 1990, when I took the job to run Network Computing, a brand new computer publication. I have often mentioned that decision as a pivot point in my professional life in these essays, At that time, I was managing a group of about a dozen editors for PC Week — and this would be a big promotion to running an entire publication, hiring its entire staff, and learning how to get the magazine from words to a coherent whole. It shaped the rest of my career, to be sure.

I also addressed this topic a couple of years ago in this post about whether super coders should take the next step into management. It is worth reviewing that piece and listening to a discussion with Jaya Baloo and Troy Hunt on the subject.

Snyder lays out four important questions you need to ask yourself whether or not you are ready:

  1. Can you communicate complex expectations clearly? And behind this question is also holding people accountable — and avoiding eventual disappointments — for these expectations too. Even when you know this, it is still hard to achieve. “This is an issue I have faced, and often management fails to set clear expectations,” said Alan Elmont, who has been a recruiter and staffing professional for decades. “This has been particularly an issue with small companies or mid-sized companies that are growing too quickly.”
  2. Can you engage and mange conflicts well? Being fair in these fights is more important that being well-liked.
  3. Where do you fit in the scale between being a hero and being predictable? “Managers mostly do hero work to compensate when their team isn’t delivering,” she says. That could be caused by a variety of failures, such as unclear feedback or expectations or poor solutions delivery — or a combination.
  4. Finally, do you have the right combination of technical skills and a solid functional foundation to properly lead your team? That is a tough one to dispassionately assess, either by yourself or with your prospective hiring manager.

Now let me take another moment from my career when I got a job to run another publication. It was a major failure, and because I couldn’t do any of the first three things that Snyder mentioned above. I barely lasted a year there before being fired. I should have spent more time understanding the lay of the landscape and the management style of my eventual boss. Now, this happened years after my Network Computing anecdote, so you would think being older and more experienced I would have spotted the danger signs. But no, I was too caught up in the thrill of being chased for a new job. Live and learn.

While on the topic of career development, I had an opportunity to talk to a group of mid-career folks who are considering jobs in cybersecurity this week. You can see my slides below, and some of the issues that we discussed.



How is that right to be forgotten going?

Right To Be Forgotten – Chicago PlaysThe right to be forgotten isn’t part of the US Constitution, or for that matter in any other country’s founding documents. But it is part of the more recent regulations, which define how this data is collected, how it is processed, and mostly importantly, how and when it is erased. The phrase refers to where individuals can ask to have their personal data removed from various digital repositories under certain circumstances.

It is not a new term. Indeed, the EU got going on this almost ten years ago, eventually enshrining rules in its General Data Protection Regulation (GDPR), which have been around now for almost five years. This motivated a few (and I emphasize very few — so far that number is five) states here in the US to enact their own privacy laws, including California’s Consumer Privacy Act (CCPA) and others that mention the “forgotten” rights. Here is a handy comparison chart of what the five states have passed so far.

Security blogger David Froud also wrote about the issue more than four years ago. He pointed out then that the term forgotten doesn’t necessarily mean total erasure of your data, such as the hypothetical case of a convicted criminal in applying for a job. But then, should the stain of that conviction follow someone for the rest of their life? Hard to say. And this is the problem with this right: the subtleties are significant, hard to define, and harder still to create a solid legal framework.

What got me thinking about this issue is a recent survey by Surfshark of the actual progress of the forgotten actions across European countries. They found that residents of France alone accounted for a quarter of the actions recorded by both Google and Microsoft’s search portals, with England and Germany residents together accounted for another quarter of cases. These requests are on the rise since the onset of Covid, and both Cyprus and Portugal have seen a 300% increase in requests since 2020. Interestingly, Estonia (which is a leader in implementing all sorts of other digital tech across the board) had the largest proportion of cases with 53 per 10,000 residents. Compare that to Bulgaria, which had 5.6 requests per 10,000 residents. At the bottom of the page linked above, you can see references to the various search portals’ request removal forms, and yes, you have to submit separate requests for each vendor (here is Google’s link). The EU “suggests” that the process from request to its fulfillment should take about a month, but the way they word it means there is no legal response time encoded in the GDPR. According to the Surfshark report, millions of requests have been filed since the law went into effect.

As the authors of the survey say, “Time will only tell which countries will join the fight for online privacy and to what ends our data is private online. Is the right to be forgotten a universal truth or a way to hide the past indefinitely?” I don’t honestly know.

Temper the Surfshark report with the results of a Spanish university research study that looked at the 500 most-visited websites in that country. They found a huge collection of tracking technologies that were hidden from any user consent, with less than nine percent of the sites actually obtaining any user consent.

But tech doesn’t stand still, and the right to be forgotten has taken on new meaning as the rise of AI chatbots such as ChatGPT that can seek out and find your personal data as a way to train their machine learning models. As my colleague Emma McGowen mentions in her Avast blog from last month, there is no simple mechanism to request removal of your data once the AI has found it online. You don’t know where your data is online, and even if you do there isn’t any simple form that you can fill out to request deletion.

Note: OpenAI released this opt-out form after I wrote this essay.

If you have ever tried to put a credit freeze on your accounts at the four major credit bureaus, you have some idea of the chore involved here. At least there are only four places that process your credit data. There are hundreds if not thousands of potential data collections that you would have seek out and try to get any action. Chances are your data is out there somewhere, and not just in Google’s clutches but on some hard drive running in some darker corner. Good luck tracking this down.

So where does that leave this right to privacy? It is a good sign that more countries and some US states are taking this seriously. But, each state has slightly different takes on what the right means and what consumers can do to remove their data. And for those you happily chatting up your AI bots, be careful about what private info you have them go searching for, lest you unwittingly add more data that you don’t want others to find about you.

25 years of ecommerce

In today’s post, I look back on the developments of ecommerce and my role in covering this technology. I was recently reminded of this history after writing last week about Paypal — this motivated one of you to recall events that happened in the early 2000s, back when the “internet bubble” was rising and then bursting.

I last took a long look back at ecommerce in 2014 with this blog post. In it I highlighted a series of other works:

While the web came of age in the 1990s, it took a while for ecommerce to get into gear. The technologies were bare-bones: back then, you could learn basic HTML coding in a couple of days and easily put together a static series of web pages. The key operative words in that sentence were “static” and “basic.” The 1990s era of HTML was waiting for the language to catch up with what we wanted to do with it, but eventually the standards process got there. The real stumbling block was making a site dynamic and being able to support online inventories that were accurate, checkout pages that were secure, and having access to software interfaces that were pretty crude and simplistic. All of that required other tools outside of HTML, which is somewhat ironic. Now if you look at the code behind the average webpage, it is almost impossible to parse its logic at first glance.

Yet, here we are today with ecommerce being a very sophisticated beast. HTML is no longer as important as the accompanying and supporting constellation of web programming languages and development frameworks that require lots of study to be competent and useful. Connecting various databases and using a web front-end is both easier and more complex: the APIs are richer, but how they are implemented will require a deft touch to pull off successfully. Payment processing has numerous vendors that occupy sub-markets. (Stripe,, and Klarna are three such examples of companies that are all involved in payments but have taken different pieces of the market.)

You might not have heard about Klarna: they are one of more than a dozen “buy now, pay later” services that pop up at checkout. No purchase is too small to be spread across a payment plan. Back in the pre-internet times, we had layaway plans that had one important aspect: you didn’t get the item until you completely paid for it. Now items arrive in days, but attached to a stream of loan payments stretching out several months. The downside is that there are potential late fees and 30% annualized interest charges too.

And then there is Amazon and Google. The former has both made it easier and more complex to do online shopping. It used to be both free and easy to return merchandise purchased on Amazon. Now it is neither. If you don’t pay attention when you are purchasing something, you could end up using one of their contract sellers, which complicates the returns process. And the cost of Prime continues to climb.

Google’s Lens technology has also transformed online shopping. If you have a picture of what you want to buy, you can quickly view what websites are selling the product with a couple of clicks on any Android or iPhone. My interior designer wife uses this tech all the time for her clients.

Before I go, I want to mention that Cris Thomas, known by his hacker handle Space Rogue, has a new book out that chronicles his rise into infosec security, including his time as one of the founders of the hacking collective L0pht. Its early days were wild by today’s standards: the members would often prowl the streets of Boston and dumpster dive in search of used computer parts. They would then clean them up and sell them at the monthly MIT electronics flea market. Dead hard drives were one of their specialties — “guaranteed to be dead or your money back if you could get them working.” None of their customers took them up on this offer, however. There are other chapters about the purchase of L0pht by @stake and Thomas’ eventual firing from the company, then taking eight years to get a college degree at age 40, along with the temporary rebirth of the Hacker News Network and going to work for Tenable and now at IBM. I review the book in this post, and highly recommend it if you are looking at reliving those early infosec days.

Time to say goodbye to Paypal

PayPal Phishing Scam Uses Invoices Sent Via PayPal – Krebs on SecurityI have been a user of Paypal ever since, well, forever, but certainly for at least 25 years by my guess. Today I closed my account, thanks to having gotten several invoices from fraudsters. Today I got an invoice that I couldn’t delete. {“An error has occurred” … no kidding. I felt a great disturbance in the force.) Brian Krebs wrote about this trend last year.
This isn’t the first time I have written about Paypal security and scams. Check out here for 2010, here for 2007, and here for 2006.
Last year, after getting another fake invoice, I took precautions by eliminating my checking account as a payment method, and left my account using a credit card as the sole source of funds. This comes after not having had any actual funds in my PP account for years, just using it as a transfer mechanism from some vendors that still paid me that way. Money would come in, and it would go out quickly.
It made me sad to close my PP account — the process which is very easy and just took seconds online, so thanks Paypal for making that simple. And I realize, as one of my friends remarked, that I am not really addressing the problem — any online payment vendor could become the next darling of the fraudsters and give me grief down the road. But I guess I feel that enough is enough. I already use Venmo (which is owned by PayPal), Apple Pay and Google Pay. Do I really need anything else? My son-in-law will start working at Melio, which looks interesting, but I really don’t need another service for my back office accounting.
A few months ago I wrote this piece for CNN’s Underscored about using mobile payment apps. I rated Apple Pay the best of the bunch — if you have an iPhone. But what about web-based apps? There is Google Pay, of course.
I would recommend reading my CNN piece for the caveats about how to stay safe using online payment products. But there is one thing that I didn’t mention — this concept of how to firewall your banking infrastructure. The bank account that was formerly connected to my now-gone Paypal account was my main corporate checking account. That wasn’t a good idea: some hacker could have gained access to those funds. Given the current state of fraudulent invoices, you should have a separate bank account that is just used as a repository for your online transactions. Ideally, it should be at a different bank than your “real” accounts. Just keep a small balance there when you need it. Or use credit cards (and accept the 3% processing fees are the cost of using them.
I just feel like the bad guys have won, and I hate that. I guess it could have been worse: I could have inadvertently paid that fake invoice. Keep sharp out there. Now if I could just stop those nearly daily phone calls from scammers trying to get me to sign up for various Covid cash schemes.

A report on inmates and their phones

If you are incarcerated, either in a local jail or a state or federal prison, chances are you are paying too much for your phone calls, in some cases more than 10x what a landline call from the outside would cost. While these rates are regulated by the FCC, the regulations aren’t comprehensive and the prison and jail providers have come up with various ways to soak inmates, paying high commissions to the local authorities. A recent report by the Prison Policy Initiative goes into details. “At a time when the cost of a typical phone call is approaching zero, a few companies are charging millions of consumers — the families of people in prison — outlandish prices to stay in touch with their incarcerated loved ones.” Although a few jails have reasonable rates such as one or two cents per minute for calls, most charge more, with the average jail charging $3 for a 15-minute call.

Lily Tomlin Previews Netflix's 'Laugh-In' Tribute — Plus, More Comedy Icons to Stream NowThese calls are made on pre-paid phone cards, which have largely replaced the collect calls that were once the mainstay of the prison population’s communications. Remember dialing 0 to get the operator? That is no longer an option as of this year for non-landline AT&T customers. Sadly, this means few people will remember Ernestine, that lovable character by Tomlin.

The PPI report shows which states have the most egregious phone plans, how rates have dropped as the FCC widened its enforcement, the differences between local and long-distance rates and how local jails in general charge more than the state and federal prisons. It shows the oligarchy involved: three phone vendors (ViaPath, ICSolutions and Securus account for 88% of the suppliers to prisons and jails). And it offers some solutions and improvements to make these calls more affordable.

But until things change, these prices could be why many people behind bars have obtained contraband cell phones. While there are some jails and prisons that do allow them, for the most part they are banned. There are some good reasons to prohibit them as you might imagine. But there are also some good reasons why people use them.

A story last month by the Marshall Project, a criminal justice advocacy group, describes many situations where inmates have used cell phones for furthering their education, obtaining medical care, and making money from various legit online activities. One prisoner interviewed for the article has a website for selling his artwork, others are day traders in stocks or cryptocurrencies or are freelance writers. Working remotely has been a boon for these sorts of things, which I find interesting.

The best situation was a group of 300 across the country that was learning computer programming using Harvard’s CS50 online classes. They use group messaging to communicate with each other, just like any other online class. We have several groups doing this here in St. Louis as part of our coding academies.

As I said, these stories are nice but still inmates run the risk of having extended sentences or other punishments. Years ago I gave a speech in Singapore. I recall a news story while I was there where an inmate was caught with a cellphone, he was there because of what we would consider a minor offense. His sentence was changed to life in prison as a result.

A reader’s guide to Twitter’s supposed demise

I asked last November if we were witnessing the end of Twitter, and point out that the company has become more town dump than town square. Let’s review what has happened at Twitter and what we have learned about its internal operations since then. The short answer: things are worse, but not necessarily in ways that were anticipated when Elon took the company private.

Yes, there have been some notable service outages, which is to be expected given how most of its engineering staff has quit or been fired over the past several months and because one of its major data centers was shuttered. But for the most part, the service is still running. That’s great, and we could credit Elon for perhaps picking the right people to keep the lights on. (This is why I use the “supposed” adjective in the title of this piece.)

There is this behind-the-scene story about what has happened post-Elon at Twitter in New York Magazine, taken from reporting from former employees’ interviews, and well worth reading. In summary, it was complete chaos. There is also another Washington Post piece that summarizes three primary source documents: First is the Jan.6th committee’s “Purple team report” draft that was never adopted by the full committee (and that the Post has published here.) The other two documents are transcripts of testimony of two former Twitter staffers taken by the committee last fall: one by “J Johnson” (a pseudonym) who was an engineer and part of a safety policy review team and one by Anika Navaroli who was a senior safety policy domain specialist with a legal and free speech background. I will return to these documents in a moment.

One of Elon’s major rallying cries has been to attempt to neutralize the bots. This isn’t a new problem: I first wrote about the problem with bots and their abuses of Twitter more than 10 years ago. I saw my own follower count plummet right after his takeover – whether that was people terminating their own accounts or through any bot cleansing I can’t really say. Clearly, this was never much of a priority at Twitter beforehand.

Another Elon focus was to reinstate previously banned users, most notably our former president who had nearly 88M followers when he was kicked off on January 8, 2021. Part of the reinstatement is that you can now review all his tweets — he has not posted anything since his reinstatement. (There is also this archive of his entire tweet corpus, including deleted tweets for your own reference.)

Before I dive into the Jan. 6 documents, I should mention one other historical note. Last summer, after the revelations of Mudge’s tenure at the company, I wrote about some of its major infosec operational failures. Ironically, Mudge was fired in January 2022 for poor performance and ineffective leadership, something which seems to be the new normal for post-Elon Twitter.

The Mudge report provides context for the great failures of social media to moderate their most dangerous and hateful content, which is documented in the Jan. 6 committee’s Purple team report which outlines these failures as it relates to that fateful date at the Capitol. The draft document was supposed to be included as an appendix to the full committee report but only made it as far as a draft. It covers more than a dozen different social media properties and how they wrestled with their content moderation policies, “terrified of the backlash they would get if they followed their own rules and applied them to Trump,” as Johnson testified. “My safety policy team colleagues were still very unclear about what we should be doing. Twitter leadership were aware of the risks we raised, but they didn’t do anything to help address those risks and concerns. They were reluctant to intervene and block these tweets.” Instead, the social networks helped amplify these messages. The Purple draft report shows just how hard it is to turn this around: the tools are blunt-force instruments at best.

Using language such as “locked and loaded” or “Be there, it will be wild” or the debate comment “stand back and stand by” concerned the moderation teams, who consistently raised alarms at how these words were being amplified across their network. Johnson testified: “There was never, to my knowledge, leadership convening a meeting and saying, Violence has broken out. You have the green light to take it all down. That never happened.”

Navaroli testified: “I do not remember ever seeing any threat model or threat analysis leading up to the election. Del Harvey was the executive in charge of Twitter’s content moderation and security teams. Navaroli said Harvey didn’t understand the need for policies to limit Trump’s speech, or the urgency to put them in place prior to the election of Nov. 2020, or that there was a gap in coverage of existing Twitter policies. Navaroli called it magical thinking, and that Harvey refused to take any potential threats seriously. This continued into 2021, when she eventually left the company.

Her testimony highlights the lack of any content analysis tools at Twitter: she used the same public search function on Twitter’s website like any of us. “All we had were hammers, and we needed scalpels, something more nuanced.” She also mentions that “Trump was a unique user who sat above and beyond the rules of Twitter. His tweets weren’t deleted, which is what happened with other world leaders,” (think Maduro of Venezuela or Bolsonaro of Brazil). She concludes that Trump and Twitter had a symbiotic if not parasitic relationship, and that Twitter bears the responsibility for Trump’s incitement to violence was posted and amplified. “I believe that January 6th was planned, orchestrated, and carried out on the Twitter platform within and right in front of our eyes using plain language and hashtags. And Twitter, in my eyes, bears the responsibility for hosting and promoting incitement to violence that led to the loss of life on January 6th.”

What does this mean for the future of Twitter? Here are a few of my thoughts:

  • Content moderation will continue to be hard, especially at the intersection of on and offline activities.
  • The legal environment is in a state of flux, with new cases before the Supreme Court as I wrote about last fall on Avast’s blog.
  • The social media landscape is complex and the interactions among the players are not well documented. Users of one network who are banned move quickly to others where they can ply their hate and incite violence. Coordination across platforms doesn’t exist.
  • There is little operational transparency of the social network operators. The Jan. 6 committee staffers got a lot of information as part of their work, some of which can be seen by the public, but most of it hasn’t yet been published. The Purple team draft raises lots of issues, and has numerous recommendations. Whether any will ever be implemented is anyone’s guess, but chances are slim that most won’t.

Bitcoin for banks takes hold

CBD is not what you think it is. I know many of us think that CBD has something to do with drugs, but another version of the abbreviation has to do with central bank digital currencies or CBDC to be more accurate. As the legal spectacle of  Sam Bankman-Fried of FTX unwinds in various courts, it might be time to focus our attention on CBDC and how the world’s banks are moving quickly into this legal type of cryptocurrency — call it bitcoin for banks if I want to be cute about it.

The idea is taking hold around the world. The Atlantic Council keeps track of these projects and to date 11 countries have active CBDC programs, mostly in the Caribbean plus Jamaica, Bahamas, and Nigeria. Yes, that Nigerian prince wants your bitcoins! How ironic can that be? Another 17 countries are engaged in pilot projects, most notably in China (which intends to expand its pilot from 230M people to cover the remainder of its population in 2023) and other parts of Asia along with several in the Middle East, including Saudi Arabia, UAE and Iran. And Australia, Thailand, Brazil, India, South Korea and Russia intend to continue or begin pilot CBDC testing in 2023.

CDBC has a lot of different reasons for this growth spurt.

  • First off, banks want to be a safer source of crypto. Certainly, a central bank moves slowly because they have to. But there is a lot of appeal and they want to be involved.
  • They also want to promote financial inclusion by providing easy and safer access to money for their unbanked and underbanked populations. Governments and central banks realized they needed a faster way to get money in people’s hands.
  • They can introduce competition and resilience in the domestic payments market, which might need incentives to provide cheaper and better access to money. This is not a new idea: net-based payments have been around since the 1990s. But the central banks could help make payments more efficient and also lower transaction costs.
  • CBDC also can help create a new category of programmable money, through smart contracts and other new payment automation methods.
  • The banks see an opportunity to improve transparency in money flows and make these flows more seamless.
  • The open source community has responded. MIT is spearheading an “Open CBDC” effort that has the US Fed’s interest.
  • Finally, the banks need to have better ways to transfer funds internationally. A cross-country CBDC system could be the solution, avoiding any need for the SWIFT system. The Ukraine war has also motivated banks to get on board with better international tracking methods that a cryptocurrency could provide.

CBDC isn’t for every country: there have been two cancelled projects so far — in Senegal and Ecuador — but that is to be expected.

“A CBDC could be an opportunity for a ground-up redesign of our legacy payment systems, offering a chance to reimagine market roles and incentives and to solve foundational problems in our financial system,” as the OpenCDBC project writes in their FAQ. The trick is navigating the numerous challenges around protecting user and payment data, understanding the resulting impacts to financial stability, and to properly leverage the current innovation in the private crypto sector. Certainly, that is a lot to consider.

Is this the beginning of the end of Twitter?

It isn’t a rhetorical question. We are certainly witnessing a unique moment in social media history and in the evolution or devolution of Twitter. I am gathering my thoughts for an interesting presentation that I have at the end of the week at a local high school entrepreneurship class.

For more than six years, I have been a guest lecturer at a class called Spark that meets at a local disused shopping mall. The topic of these lectures is how to use social media, and in particular Twitter, to promote your new business. I offer some of the spectacular Twit fails (remember Jonathan Schwartz’s resignation from being the CEO of Sun? Remember Sun?) and lessons learned by adults that can apply to the young business-owners-to-be  The students are fascinating as they try to imitate the now iconic Shark Tank pitches. They are largely self-funded, low budget operations, but what they lack in venture funding they more than make up for tremendous passion and insight into their nascent businesses.

This year there were two different sections of students, a nod towards the growing popularity of student business owners. My first lecture was about a month ago, and I basically used the same set of slides that I have had, updated through the years as we made the transition from presidents using Blackberries to presidents using their own social media networks. That was the before times. We knew Elon was up to something, we just didn’t know the deets.

Now we do. And so far the Bird is not faring well. Thousands of layoffs. Whipsawing technical requirements that literally change by the hour. Troll Tweeting by your CEO is not a way to set corporate (or national) policy. In my Spark classes over the years I have been consistent that the students should avoid any mention of sex, politics and religion. The new Twitter CEO has adopted the opposite stand. I don’t think things are going to end well.

Remember Orkut, Friendster, SixDegrees or Myspace? They have all come and gone over the past 25 years. Twitter may soon enter that realm. I feel as though I am witnessing the breakup of my first marriage, or the collapse of the British Monarchy and the less that I say about either of them the better.

Twitter has evolved from being the world’s town square and the global media assignment story editor to the place for shaming. Those blue checkmarks that seemed so valuable back in 2012 or so have turned into Troll-a-rama. Someone impersonating Eli Lilly’s account brought the stock price down the next day. And as if that wasn’t enough, a reporter for the Washington Post was able to obtain two fake accounts within minutes, impersonating a comedian and a US Senator (with prior permissions from both).

Many of my tech journo colleagues have begun the migration to Mastodon. You can find me here. I am still Tweeting too, but leery of what will happen. It is interesting to set out to learn another social media network. Hindsight is great: I am glad that I didn’t invest much time in Google+.

While I was preparing the new presentation for my Spark class, I also watched the 2021 documentary 15 Minutes of Shame, which was co-produced by Monika Lewinsky. It was well done, and shows us how public shaming has evolved since her Clinton intern days. I think Twitter’s new model is more the town dump than the town square.

My session should be interesting.  You can view my new slides here on Slideshare.

Still learning about making better backups

My blog went down this weekend for a couple of hours. What I want to tell you is how I learned that after all these decades working and writing about IT, I still could have lost some data, despite having what I thought were well-thought out backup procedures. Turns out I was still exposed.

Back about 20 years ago, I had my office in a small commercial building that had a music shop and a Subway on the first floor: my office was directly over both establishments. One day there was an electrical fire in the music shop, which happened when I was out taking a walk. When I returned I saw smoke rising off in the distance, and as I got closer I realized that was my building that had the fire.

That was the day that I learned about offsite backups. Back then, I had made copies of my data on tapes — tapes that were neatly stacked at the end of my desk. Had the fire damaged my building (fortunately for all of us, it didn’t), I would have been in big trouble.

Another time I was hosting my email server at a friend’s server. The friend’s basement got flooded, and my server was ruined. Thankfully he had backups and eventually I was back in business. I learned another lesson that day: make copies of everything (including the actual emails of you, my loyal subscribers) offsite.

Anyway, back to the present day. For many years I have had a WordPress blog that was hosted at various internet providers. It currently lives at, which is a solid provider that has exemplary customer support. I use the free tier of to notify me whenever the blog or my main website goes down. I got the first email after I quit work on Friday about an hour into the outage, and promptly sent off a support email asking what was going on. Within minutes — it might have been seconds — I got a reply saying they were aware of it (good) and working on the fix (even better). Service was restored (a database corruption issue) later.

Now for years I have also maintained a shadow copy of my blog that is hosted on Back when I did this, you could host a site with limited features for free. (Alas, now you have to pay a fee.) To do this, I first have to export my blog content from my Pair-based server to an XML file, and then import it to the server. That doesn’t take long, but I hadn’t done it in a few weeks.

Now what could I have done differently? For one thing, I could use a different hosting plan on Pair that is designed for managed WordPress deployments, and includes automatic backups. That plan costs more than my plain-Jane hosting account. Another way to approach this is to do more frequent manual backups. As you can see from a screencap of my files, in the past I was sort of cavalier about doing them, now I won’t be. I would have lost about three weeks’ worth of content had Pair not been able to restore my database.

So as you can see, I am a slow learner when it comes to backups. Many businesses are in the same boat: this is why ransom attacks are so successful, because they don’t backup everything, or as Joni sings, you don’t know what you’ve got until it is gone (I think she was talking about something other than digital data).

So the moral of my story: take the time to make the backups about the data that you care about and then think about what your life will be if something happens to the data that might not be mission critical, but is still important.

Cheaters gonna cheat

Magnus Carlsen: 'You need to be very fortunate to be No 1 in fantasy football' | Magnus Carlsen | The GuardianI live a block away from the chess complex that was the scene of a major incident last month. This is when world chess champion Magnus Carlsen (at left) literally walked off a match that he was losing to Hans Neimann, claiming Neimann was cheating with a remote computer. This week, Neimann is back in town for another chess match. This analysis by  is interesting, and while you can’t prove anything conclusively, the report says they don’t think he cheated in the game last month. He did admit to cheating at a few online games previously, however the pattern of his wins is suspicious, and the report says he probably cheated in more than a few games.

One of the things I have seen with cheaters is that they can’t just cheat a little, so this makes sense to me. If you have seen any of the various documentary films or read any of the books about Lance Armstrong’s cycling career (one of them is available here), you will likely have picked this up. Armstrong still maintains the “everyone is doing it” strategy,

Reading the report though is interesting, because I learned a couple of things. First, the latest generation of chess computers can easily beat the best grandmasters, and this is the case for mobile-based chess software over the past few years. This means that a cheater doesn’t need access to a roomful of gear, just a remote connection to someone offsite who can track the game’s play online. Remember when Garry Kasparov lost to IBM’s Deep Blue back in 1997? Garry is a fellow blogger at Avast, and you might be interested in his latest post where he analyzes the Ukraine war. Another tidbit: cheaters just need a few moves in a game to win. And most chess grandmasters have already risen to that level in their mid-teens.

The chess matches happening this week down the street here in St. Louis have taken steps to make it more difficult for the cheaters — they put in a 30-minute delay in the online matches, and only allow spectators for the beginning of each game. But as I said, cheaters will find a way around these strictures eventually. It is the same cat-and-mouse game that cyber attackers play.

If you want an even better illustration of how the cheating game is played, I would recommend watching Icarus, an amazing documentary about the Olympics-based doping efforts, from the point of view of someone who actually managed the Russian’s team cheating.  The Russians constructed a blood testing lab that had cutout befitting the KGB, so that someone’s sample was surreptitiously switched with a clean one to pass the tests. Like I said, cheaters gonna cheat. What was sad was how the consequences for these team-wide cheating were minimal.

It is sad that so much effort has gone into cheating. It really diminished my interest in professional cycling (back several years ago when this all came out) and it now diminishes my interest in chess, despite having a near-front-row seat in the neighborhood. BTW, if you do come and visit me, one incentive would be this fascinating exhibit at the World Chess Hall of Fame Museum on the historic 1972 match between Fischer and Spassky. You’ve got until next April to see it.