My love affair with MS-DOS

I wrote this in 2011 when I was running a piece of the ReadWrite editorial, and recently discovered it. Other than making a few corrections and updating the dates, I still share the sentiment.

Can it be that DOS and I have been involved with each other for more than 40 years? That sounds about right. DOS has been a hard romance, to be sure.

Back then, I was a lowly worker for a Congressional research agency that no longer exists. I was going to write “a lowly IT worker,” until I remembered that we didn’t have IT workers 40+ years ago: Information Centers really didn’t come into vogue for several years, until the IBM PC caught on and corporations were scrambling to put them in place of their 3270 mainframe terminals. Back in 1981, we used NBI and Xerox word processors. These were big behemoths that came installed with their own furniture they were so unwieldy. We had impact printers and floppy discs that were eight inches in diameter. The first hard drives were a whopping 5 MB and the size of a big dictionary. But that came a few years later.

At the agency, one of the things that I figured out was how to hook up these word processors to a high-speed Xerox printer that also was the size of a small car. We had to use modems, as I recall: you know those things beeped that used to be included on every PC? When was the last time you used a PC with an internal modem, or a floppy disc? I can’t remember, but it has been probably more than a decade for both. Remember the hullabaloo when Apple came out with a laptop without a floppy? Now we have them without any removable storage whatsoever: they are called iPads. Steve Jobs always was ahead of curve.

Basic MS-Dos Commands - BCA Nepal

Anyway, back to DOS. I used to pride myself on knowing my mistress’ every command, every optional parameter. And we had EDLIN, a very primitive command line editor. It wasn’t all that hard – there weren’t more than a dozen different commands. (Of course they are preserved by Wikipedia.) When a new version came out, I studied the new manuals to ferret out tricks and hidden things that would help me slap my end users who would love to do format c:/s and erase their hard drives.

And new versions of DOS were a big deal to our industry, except for DOS 4, which was a total dog. One of my fondest memories of that era was going to the DOS 5 launch party in the early 1990s: Steve Ballmer was doing his hyperkinetic dance and sharing the stage with Dave Brubeck. To make a point of how bad DOS 4 was Brubeck tried to play “Take Five” in 4/4 time, before switching to 5/4 time as it was intended. Those were fun times.

But DOS wasn’t enough for our computers, and in the late 1980’s Microsoft began work on Windows. By 1990, we had Windows v3 that was really the first usable version. By then we also had the Mac OS for several years and graphical OS’s were here to stay. DOS went into decline. It didn’t help that a family feud with DR DOS kept many lawyers engaged over its origins either. As the 1990s wore on, we used DOS less and less until finally Windows 95 sealed its fate: the first version of Windows that didn’t need DOS to boot.

I won’t even get into OS/2, which had a troubled birth coming from both IBM and Microsoft, and has since disappeared. My first book, which was never published, was on OS/2 and was rewritten several times as we lurched from one version to another, never catching on with the business public.

Once PC networks caught on, DOS wasn’t a very good partner. You had 640 kilobytes of memory – yes, KB! — and network drivers stole part of that away for their own needs. Multitasking and graphical windows also made us more productive, and we never looked back. For a great ten minute video tour and trip down memory lane, see this effort by Andrew Tait showing successive upgrades of Windows OS .

But DOS was always my first love, my one and true. I still use the command line to ping and test network connectivity and to list files in a directory. There is something comforting about seeing white text on a mostly black screen.

Yes, we haven’t been in touch in many years, and now when I need a new OS I just bring up a VM and within a few minutes can have whatever I need, without the hassle of CONFIG.SYS or AUTOEXEC.BAT. (Here is a column that I wrote a few years ago about getting Windows NT to work in a VM.) But happy birthday, DOS, and thanks for the memories. It’s been lots of fun, all in all.

Learning from Abe and Agatha

What do Abe Lincoln and Agatha Christie have in common? Let me rephrase that: what do actors who have portrayed both historical figures have in common? Both have used advanced technologies to help make their performances more believable and interesting to modern audiences. Let’s take a closer look at what is going on.

Last week, the NYTimes wrote a piece about a new series of lectures available on the BBC’s Maestro series delivered by Christie. Well, by the actress Vivian Keene who plays the part of the noted author and playwright. The lectures, which are available as a series here, are designed to teach you how to write fiction, and in particular crime fiction. They were assembled from her words and writings over her career, including the specifics of how she chooses her plots and characters. The lectures are supplemented with a variety of written exercises and other materials, and here you can watch an introductory episode for free. Otherwise, you need to pay about $90 for the whole lot. Keene is just one of many dozens of contributors that helped pull this production together. And what you hear is not her own voice but speech which has been altered by an AI tool to make it sound more like Christie. (BTW, there are a number of these tools available, such as from ElevenLabs.io, Hume.ai, and ReplicaStudios.com, just to name a few that I have used.)

I found the first few minutes of the freebie lecture interesting, but then my attention waned and I thought this wasn’t very compelling. Perhaps because I try not to write fiction I wasn’t really interested in spending the dough and watching the paid lectures. But I did like the fact that the underlying tech isn’t really all that noticeable, which I guess is the whole point of the BBC exercise.

It reminded me of watching Hal Holbrook play Mark Twain for many decades. Indeed, when you think of what Twain looked like, you probably recall the image of one of Holbrook’s performances. But he wasn’t trying to teach us anything about how Twain wrote his books, just entertain us.

Let’s move on to Lincoln and a production called “Ghosts of the Library” at his own presidential museum in Springfield, Ill. I saw it many years ago. To be accurate, Lincoln is not the star attraction of the show, who instead is an actor playing a librarian and who explains his craft. What is interesting about this live performance is that it makes use of a variety of technologies, one of which dates back to the Civil War era, to project holographic images on a glass panel which separates the set from the audience. (Back then the projections used candlepower rather than electricity.)

At the Lincoln museum, the technology is also not immediately apparent, and when I saw the show I was accompanied by the PR person who took time to explain it to me and introduce me to the actor. The show depends on split-second timing and the ability of the actor to hit his marks exactly so that he matches up with the projected images.

The other exhibits at the Lincoln museum are notable in how they used various tech trickery, something that I wrote about for a 2008 piece in the NYTimes. For example, when entering the room containing the exhibit about Lincoln’s death, the thermostats are set to cool the room so you feel a bit of a chill.

Tech will continue to improve the audience experience to be sure. The real effort is to make it part of the production background, and to do that right requires a lot of time and effort and expertise. If you do sign up for the BBC lectures, do let me know what you think.

How to become an American ex-pat

I have known Rich and Marcia, an American married couple, for decades, both of whom work in tech. This is their story about how they decided to pack up and move to a suburb of Lisbon Portugal. I recently interviewed them via Zoom.

They started looking at so-called Golden Visas back in 2016. (You can figure out the significance of that date.) This type of visa is a way for ex-pats to emigrate to a country, with sufficient means to live there permanently. The couple became interested in Portugal and vacationed there a few times before the Covid lock-downs. “There was no second choice country,” Marcia said. They got temporary resident status last summer, and moved there for good in March. They are both about my age, and mostly retired, although Rich continues to work in tech a few days a week. “We wanted a higher quality of life, and wanted to find a place where people aren’t as obsessed with work or doing the Silicon Valley 24/7 hustle to get ahead,” they said. So far things are working out — “We are eating better things that taste better and cost much less.”

Well, almost. “March was horrible,” she said. “Our cognitive load was intense, and we found bunching up errands wasn’t going to work. We had to spread them out more.” Part of the problem is the way Portuguese do things is somewhat different, such as activating a credit card (you first use it to buy something in an actual store, then go through the activation process in person) or doing more business f2f, or navigating governmental processes that involve multiple forms and understanding the sequence involved. (I would say I have the same problem dealing with the City of St. Louis.)

But since then things have gotten better. “It really changes your nervous system, and we are a lot more chill here than in the States,” she said. As an example, the recent extended power outage wasn’t any big deal for either the couple or their neighbors.

Here are some lessons they have learned:

  1. If you make the move, understand that you aren’t going to replicate your American lifestyle. “You need to figure out what the natives do and how they live, and build on that,” they said.
  2. Throw away any preconceptions that you have formed before the move. “Most of them were flat out wrong,” they said. Amazon Prime next-day delivery? Not in Portugal. Packages will arrive seemingly at random. (I could say the same thing about my own Prime service, sometimes.) Two-factor authentication works slightly differently too. Milk is sold via shelf-stable ultra-pasteurized containers, not in the fridge aisle. There is less of a selection of consumer goods but a wider range of less expensive options to balance it out.
  3. Be patient with building your personal friend community. “There is a lot more emphasis on f2f interactions,” they said, and also your community might end up spreading across several cities or even countries. Expect this to take months if not years to build up your network. They initially picked their location because of a large ex-pat English-speaking community, which while true still will take time to find their peeps.
  4. Understand your relationship dynamics as a couple. If you are thinking about moving as a couple, realize that after you move you will be dependent on each other for large portions of the day and the majority of situations. If you are used to spending time apart for particular activities, that may require some adjustments. “We are a much more tightly bound to each other and have a different dynamic, because we don’t speak the language and have to depend on each other,” she said.
  5. Get your consulting team together to ease the transition, especially if you aren’t fluent in the language. The couple does speak a little Spanish, which is a different language from Portuguese. “But it is the little things that catch us,” they admitted. Who is on their team? Someone who can help navigate the healthcare system (a combination of private and public providers), someone who can help navigate government paperwork and processes, a relocation consultant that is local to your target area to help set up your household, and a lawyer to handle the initial visa requirements. All of these folks will save you a lot of time and frustration and school you in how Things Get Done.
  6. Don’t make the move all about saving money. Yes, plenty of places are less expensive than the States (which the couple charmingly refer to as “the old country”), but not necessarily by a big enough discount. And not necessarily uniformly across all expense categories. For example: healthcare. “We get ten times the service at a tenth of the cost of what we had in the States,” Rich said. “Healthcare is a human right here,” said Marcia.

Privacy perils of the connected car

The connected car has become the latest casualty in the war on personal privacy. This is because your car’s “subscription-based features drastically increase the amount of data that can be accessed during law enforcement investigations,” Dell Cameron wrote for Wired magazine recently. And while most car makers state that they can’t obtain access to this data without some kind of court order, that isn’t the final answer. What congressional investigators found is that some car makers will divulge this data when contacted by law enforcement. And then there is this: there is no hard and fast rule of what data can be collected, because it varies by the make and model of your car, whether you once had any connected car subscription service (such as GM’s OnStar), and what broadband provider you use.

Re-read that last sentence again. Even if you cancelled your OnStar subscription, your Chevy might still be recording when you took it to the levee.  There is some direct evidence of this, based on data found in police documents that Wired and the ACLU saw from several investigations.

I wrote about connected car issues almost three years ago, but not from a privacy POV. That post shows that car companies have embraced subscription services, thanks to Telsa’s early lead (so much for that) and a realization that they could extract recurring revenue that had a better aura than so-called “extended warranties.” Figuring out the costs of the various subscription options is still not easy. For example, GM’s OnStar has a confusing series of different plans. With BMW, you can get an idea of what connected service is available here, but to get actual prices you will first have to become a BMW customer. Some features are free and some require the latest car OS v9 or are only available on particular vehicles. And for those of you still interested in Tesla, they have a free basic plan – which just includes GPS. If you want more features you will have to sign up for its premium plan that includes dozens of other features for $10 a month. And we found out the hard way that all Teslas are really roving reality video studios – meaning that they are constantly recording from their numerous cameras — when one of their cars blew up outside a Vegas casino.

Think of the data originating from your connected car as the hidden browser pixel: you know there is something fishy going on. Whether or not you are paranoid enough to worry about it, or just accept it as another part of modern life, is up to you.

 

Time to get online with the feds

I probably should have written this post a few months ago, but a friend reminded me that it is still relevant, even though many of us filed our taxes last week. As the number of federal employees drops, the time to get online with various agencies makes more sense. And for those of you that have so far resisted the effort to do this — and of course, it is an effort, even for the most technical and computer literate among us — now is the time to get online with the feds. If you have tried to call the IRS for example, or visit a local Social Security Administration (SSA) office (those that are still staffed), you will have to have a tremendous dose of patience.

I should state that getting online with the US government is not quite what it could be, and for that we should look to Estonia where they have been doing this really well for a number of years. The initial experience in getting on board was also somewhat daunting, but now every federal agency there has some form of online access using a single system.

Anyway, back home we have two different central authentication service providers, because why not? The two are ID.me and Login.gov. Not all agencies use both — such as the IRS, which only uses ID.me. But if you pay your taxes online through the EFTPS.gov service, and want to access your account with the SSA, you can authenticate with either one. The two providers have somewhat different processes to get your credentials verified and your account setup.

ID.me has had a lot of growing pains when it was first introduced several years ago. (I wrote about this for Avast’s blog here.) I would not recommend using ID.me if you can use Login.gov as a way into your accounts.

One additional caveat about the IRS. Every January you should be using your online account to request a filing PIN. This prevents anyone else from filing a return with your social and name. Make sure to put this PIN someplace where you will remember it when you do file several months later. you need to request a new PIN each year.

Still with me?

Once you sign up and prove who you are to the service(s) — and the effort isn’t trivial and can be frustrating — you can then create an online account with whatever federal (and in some limited circumstances, state and local) agencies you want to conduct your affairs with that supports the provider. And even if you aren’t old enough to start receiving SSA benefits, you should still have an account with them just to check and make sure your deposits over the years have been properly recorded.

The back sides of the USB-C/NFC Security Key and USB-A/NFC Security Key are shown side by sideOkay, one final caveat about setting up your accounts. You should protect your account with an additional authentication factor, and both Login.gov and ID.me offer numerous options. The one that I use is a USB hardware key (Google sells its Titan keys shown above, but there are other vendors if you would rather deal with someone else). If you go this route, you should buy at least two keys, and put them in different places (such as office and home). You and your spouse can share the same key if that works for you. After you login to either service, you are asked to insert the key in your computer or phone (or use its NFC radio) and press the blinking icon on the key to finish the login process. One authentication method you should NOT choose is to send a code via SMS to your phone.

Once you get a hardware key, you should augment your logins with it wherever you can. Google, Facebook, your bank, your insurance company, etc. Not all places that you’d like to use it support these keys, which is sad and frustrating. Some banks only support two different keys, which is annoying.

I understand that getting this all setup will take time, and working through the various user interfaces will try your patience. But once this is done, you can interact with the feds digitally, which is a Good Thing. And maybe someday we will approach the digital density that they have in Estonia.

Personal cyber insurance may be a good idea but has issues

(revised 4/25/25)

A few weeks’ back, I wrote about a friend of mine that I called Jane who had suffered from a phishing attack that led towards her losing more than $30,000 in a pig butchering scheme. She called me last week and stopped by to show me that thanks to her homeowners’ insurance policy, she was able to be reimbursed for $25,000 in losses. This is because of an endorsement that included personal cyber insurance. This is the first time that I have ever heard of such coverage, so naturally I wanted to take a deeper dive.

Probably the best starting point is this 2023 Nerdwallet blog, which also helpfully links to the various insurers. It shows you the numerous perils that could be covered by any policy and makes a point that this insurance can’t cover things that happened before the policy is in force. Another good source is this 2023 blog in Forbes. If scroll down past the come-on links, you will see the perils listed and some other insurers mentioned.

This complexity is both good and bad for consumers who are trying to figure out whether to purchase any cyber insurance. It is good because the insurers recognize that cyber is not just a category like insuring a fur coat, or some other physical item. If your washing machine springs a leak and you have coverage for water damage — something that happened to me a few years ago — it is nice to be insured and be reimbursed. Whether you get the level of reimbursement that will enable you to rip out your floors, replace it with something of approximate value, and get your expenses of having to move your stuff and live in a hotel for a couple of weeks is up to the insurer. And whether your claim will eventually trigger your insurer to drop you, and place you on a block list for the next five years is another story. But you can still purchase coverage and the coverage is — for the most part– well defined.

But cyber insurance is not well defined, because of all these various categories of perils can spill over. If your computer is infected with malware and the attackers ultimately get access to your bank accounts, how do you prove that causality to the satisfaction of the insurer? What happens if you are faced with a demand to pay a ransom to get access to your data? Or if you think you are sending funds to help a family member or co-worker in distress that turns out to be a criminal? Many of the problems happen at that hairy intersection between technology and human error.

Before you go any further down this path, I want to take a moment and describe an entirely different approach. What if the financial vendors took a more pro-active role in stopping cyber fraud? It is happening, albeit slowly and under certain specific situations.

One such example is Coinbase, who wrote about what they are doing in a February blog here. The post presents a series of situations where social engineering played a role in a particular fraudulent scheme. “Coinbase will never make an unsolicited phone call to a customer. Anyone who calls you indicating that they are from Coinbase and wants you to move assets is a scammer. Hang up the phone!” There are other recommendations that span the technical spectrum such as using better authentication factors and rotating API keys. As you may or may not know, Coinbase is deeply involved in crypto transactions, so this is a natural fit.

Contrast this with Bank of America, just to choose someone at random. If you know where to look, you can review five red flags used by scammers, including being contacted by someone unexpectedly, being pressured to act immediately, pay in an unusual way or asked for personal information. Unfortunately, they only allow you to specific two hardware security keys, which seems to go against best security practices.

And this is why we are in the state of affairs with scammers today. Incomplete, imperfect solutions have enabled the scammers to build multi-million dollar scam factories that prey on us all the time. Just this past weekend, both my wife and I got text reminders that the balance on our EZ Pass accounts was low. There were only two problems: neither of us use or even live near anyplace we can use them, and both originated from a French phone number. Sacre bleu! This is an attack which has been around for some time but recently resurfaced.

If you have decided to purchase this type of insurance for you or your family, there are two basic paths. First is to see if you can add a cyber “endorsement” to your existing homeowners or renters policy. If this is possible, decide how much coverage you need. Many insurers have these programs, and here it pays to read the fine print and understand when coverage will kick in and when it won’t:

If you have an insurer that doesn’t have this capability, you can go with one of two specialist cyber policies. Nerdwallet summarizes these offerings by NFP (they call it Digital Shield) or Blink, a division of Chubb. USAA (my current home insurer) works with Blink for example and offered me an add-on policy for $19/month. Blink doesn’t cover fraud from malicious family members or cyberbullying by employers, a widespread cyber-attack and some other situations. From my reading of the NFP’s Digital Shield webpage, it seems like these situations are covered by their policies. They told me, “We provide coverage under two different plan options, DigitalShield Advantage and DigitalShield Advantage Plus. Because it is a policy designed specifically to cover cyber risks, it may offer more flexibility and broader coverage than the options afforded by some of the “add-on” cyber options offered by home insurers. We offer coverage limits starting at $25,000 for $64 a year, with options up to $250,000 and also additional home office coverage.” You can price these out on this webpage.

The bottom line? While my friend was able to benefit from her cyber policy, you might not. Visesh Gosrani, who is a UK-based cyber insurance expert, told me “The limits these policies come with are normally going to be disappointing. The reason these policies are being bundled is that in the future homeowners are expected to realize that cyber insurance is important and more open to increasing their coverage if they have already had the policy. The short-term risk is that they end up being disappointed by the policy that they had for free or very little cost.”

Arctic shipping isn’t economical — yet

All this talk about Occupy Greenland this week got me reading this 2013 report from the US Naval Institute about the harsh realities about shipping goods across the Arctic seas. The TL;DR: shipping loads of containers across the top of the world, while shorter in distance than sending it through Panama and Suez — isn’t necessarily cheaper when you do the basic math. Here is why:

First off, the problem is that the typical container ships are huge, and they come that way for a simple reason: the more they carry, the cheaper the cost per container to send it from one port to another. The smaller container ships that could be run in the Arctic are because the ice breakers aren’t as wide. There are also shallower channels that restrict the size of these ships when compared to the global routes. When you add all these factors up, a container going through the Arctic will cost more than twice as much as sending it “the long way around.”

Second, the Arctic isn’t ice-free year round. In actuality, even with global warming, routes are ice-free for only a third of the year, and sometimes less. On top of this, weather conditions can change quickly. Global shipping depends on tight schedules. These also involve making several stops along the way to supply just-in-time manufacturing systems, and spreading the costs of shipping across the route. A typical 40-some-day trip from the eastern US to Asia route is shared by a series of six ships making regular stops. This is called the network effect. Going across the Arctic would not have as many intermediate stops.

But what about other kinds of shipping, such as minerals or energy products that come from Arctic sources? It is possible, but still depends on all sorts of infrastructure to extract and load this material — which does not exist and probably won’t for quite some time.

Finally, with or without Greenland, to send stuff across the Arctic isn’t the same as crossing the Pacific or Atlantic oceans because the connectivity is poor. A typical route has to transit a series of narrow straits that is currently claimed by Russia, with high fees to move through these straits.

“Arctic routes do not now offer an attractive alternative to the more traditional maritime avenues, and are highly unlikely to do so in the future,” the report concludes. And while things have changed somewhat since this report was written, the factors cited above are still valid.

Beware of evil twin misinformation websites

Among the confusion over whether the US government is actively working to prevent Russian cyberthreats comes a new present from the folks that brought you the Doppelganger attacks of last year. There are at least two criminal gangs involved, Struktura and Social Design Agency. As you might guess, these have Russian state-sponsored origins. Sadly, they are back in business, after being brought down by the US DoJ last year, back when we were more clear-headed about stopping Russian cybercriminals.

Doppelganger got its name because the attack combines a collection of tools to fool visitors into thinking they are browsing the legit website when they are looking at a malware-laced trap. These tools include cybersquatting domain names (names that are close replicas of the real websites) and using various cloaking services to post on discussion boards along with bot-net driven social media profiles, AI-generated videos and paid banner ads to amplify their content and reach. The targets are news-oriented sites and the goal is to gain your trust and steal your money and identity. A side bonus is that they spread a variety of pro-Russian misinformation along the way.

Despite the fall 2024 takedowns, the group is once again active, this time after hiring a bunch of foreign speakers in several languages, including French, German, Polish, and Hebrew. DFRLab has this report about these activities.They show a screencap of a typical post, which often have four images with captions as their page style:

These pages are quickly generated. The researchers found sites with hundreds of them created within a few minutes, along with appending popular hashtags to amplify their reach. They found millions of views across various TikTok accounts, for example. “During our sampling period, we documented 9,184 [Twitter] accounts that posted 10,066 of these posts. Many of these accounts were banned soon after they began posting, but the campaign consistently replaces them with new accounts.” Therein lies the challenge: this group is very good at keeping up with the blockers.

The EU has been tracking Doppleganger but hasn’t yet updated its otherwise excellent page here with these latest multi-lingual developments.

The Doppelganger group’s fraud pattern is a bit different from other misinformation campaigns that I have written about previously, such as fake hyperlocal news sites that are primarily aimed at ad click fraud. My 2020 column for Avast has tips on how you can spot these fakers. And remember back in the day when  Facebook actually cared about “inauthentic behavior”? One of Meta’s reports found these campaigns linked to Wagner group, Russia’s no-longer favorite mercenaries.

It seems so quaint viewed in today’s light, where the job of content moderator — and apparently government cyber defenders — have gone the way of the digital dustbin.

The case for saving disappearing government data

With every change in federal political representation comes the potential for data loss collected by the previous administration. But what we are seeing now is wholesale “delete now, ask questions later” thanks to various White House executive orders and over-eager private institutions rushing to comply. This is folly, and I’ll explain my history with data-driven policymaking that goes back to the late 1970s, with my first post-graduate job working in Washington DC for a consulting firm.

The firm was hired by the Department of the Interior to build an economic model that compared the benefit of the Tellico Dam, under construction in Tennessee, with the benefit of saving a small fish that was endangered by its eventual operation called the snail darter. At the time we were engaged by the department of the Interior, the dam was mostly built but hadn’t yet started flooding its reservoir. Our model showed more benefit of the dam than from the fish, and was part of a protracted debate within Congress over what to do about finishing the project. Eventually, the dam was finished and the fish was transplanted to another river, but not before the Supreme Court and several votes were cast.

In graduate school, I was trained to build these mathematical models and to get more involved in how to support data-driven policies. Eventually, I would work for Congress itself, a small agency called the Office of Technology Assessment. That link will take you to two reports that I helped write on various issues concerning electric utilities. OTA was a curious federal agency that was designed from the get-go to be bicameral and bipartisan to help craft better data-driven policies. The archive of reports is said to be “the best nonpartisan, objective and thorough analysis of the scientific and technical policy issues” of that era. An era that we can only see receding in the rear-view mirror.

OTA eventually was caught in political crossfire and was eliminated in the 1990s during the Reagan administration. Its removal might remind you of other agencies that are on their own endangered species list.

I mention this historical footnote as a foundation to talk about what is happening today. The notion of data-driven policies may be thought of as harking back to when buggy-whips existed. But what is going on now is much more than eliminating people who work in this capacity across our government. It is deleting data that was bought and paid for by taxpayers, data that is unique and often not available elsewhere, data that represents historical trends and can be useful to analyze whether policies are effective. This data is used by many outside of the federal agencies that collected them, such as figuring out where the next hurricane will hit and whether levees are built high enough.

Here are a few examples of recently disappearing databases:

Now, whether you agree with the policies that created these databases, you probably would agree that the taxpayer-funded investment of historical data should at least be preserved. As I said earlier, any change of federal administration has been followed by data loss. This has been documented by Tara Calishain here. She tells me what is different this time is that the number of imperiled data is more numerous and that more people are now paying attention, doing more reporting on the situation.

There have been a number of private sector entities that have stepped up to save these data collections, including the Data Rescue Project, Data Curation Project, Research Data Access and Preservation Association and others. Many began several years ago and are sponsored by academic libraries and other research organizations, and all rely on volunteers to curate and collect the data. One such “rescue event” happened last week at Washington University here in St. Louis. The data that is being copied is arcane, such as from instruments that track purpose-driven small earthquakes deep underground in a French laboratory or collecting  crop utilization data.

I feel this is a great travesty, and I identify with these data rescue efforts personally. As someone who has seen my own work disappear because of a publication going dark or just changing the way they archive my stories, it is a constant effort on my part to preserve my own small corpus of business tech information that I have written for decades. (I am talking about you IDG. Sigh.) And it isn’t just author hubris that motivates me: once upon a time, I had a consulting job working for a patent lawyer. He found something that I wrote in the mid-1990s, after acquiring tech on eBay that could have bearing on their case. They flew me to try to show how it worked. But like so many things in tech, the hardware was useless without the underlying software, which was lost to the sands of time.

Don’t fall for this pig butchering scam

A friend of mine recently fell victim to what is now called pig butchering. Jane, as I will call her, lives in St. Louis. She is a well-educated woman with multiple degrees and decades of management experience. But Jane is also out more than $30,000 and has had her life upended as a result of this experience, having to change bank accounts, email addresses and obtain a new phone number..

The term refers to a complex cybercrime operation that has at its heart the ability to control the victim and compel them to withdraw cash from their bank account and send it via bitcoin to the scammer. The reason why this scam works is because the victim is taking money from their account. The various fraud laws don’t cover you making this mistake. I will explain the details in a moment.

Many of us are familiar with the typical ransomware attacks, where the criminals receive the funds directly from their victims: these transactions might be anonymous but they are reversible. So let’s back up for a moment and track Jane’s actions leading up to the scam.

In Jane’s situation, the attack began when her computer received a warning message that it had been hacked and for her to call this phone number to disinfect it. Somehow, this malware was transmitted, typically via a phishing email. This is the weak point of the scam. Every day I get suspicious emails — most are caught by the spam filters, but occasionally things break through. As I was helping Jane get her life back on track, my inbox was flooded with email confirmations of an upcoming stay at a hotel. At one point, I think I had a dozen such “confirmations.” Perhaps the guest made a legitimate mistake and used my email address — but more likely, as these emails piled up, this was an attempted phishing scam. 

Anyway, back to Jane. She called the number and the attacker proceeded to convince her that she was the victim of a scammer — which ironically was true at the time, and probably the first and last thing he said that was true. Her computer was infected with all sorts of child porn, and she could be legally liable. She believed the scammer, and over the course of several hours, stayed on the phone with him as she got in her car, drove to her bank and withdrew her cash.

Now, in the cold light of a different day, Jane understands her mistake. “I was a lawyer. I should have recognized this was all a fabrication,” she told me, rather abashedly. “I should have known better but I was caught up in the high emotional drama at that moment and wasn’t thinking clearly.” Eventually, her attacker directed her to a bitcoin “ATM” where she could feed in her $100 bills and turn it into electrons of cybercurrency. Her attacker had thoughtfully sent her a QR code that contained his address. Think about that — she is standing in a convenience store, feeding $100 bills into this machine. That takes time. That takes determination. 

Jane is computer literate, but doesn’t bank online. She manages her investments the old-fashioned way: by calling her advisors or visiting them in person. She has a cellphone and a computer, and while I was helping her get her digital life back in order we were remembering where we were when we first used email many decades ago and how new and shiny it was before scammers roamed the interwebs.

So how did the scam unravel? After spending all afternoon on the phone, the scammer got greedy and wanted more fat on the pig, so to speak. She called him back on her special hotline number and he asked her to withdraw more money from her bank account. She went back to her bank, and fortunately got the same teller that she had the day before. He questioned her withdrawal and that brought the butcher shop operation to a halt when she revealed that she was being directed by the scammer.  

But now comes the aftermath, the digital cleanup in Aisle 7. And that will take time, and effort on Jane’s part to ensure that she has appropriate security and that her contact info is sent to the right places and people. But she is still out the funds. She knows now not to get caught up in the moment just because an email or a popup message tells her something. 

Avoiding pig butchering scams means paying attention when you are reading your email and texts. Don’t multitask, focus on each individual message. And when in doubt, just delete.