These two political opposites can agree on these five things

By David Strom and David Strom  

No you are not seeing double: we are two different people. Democrat David Strom and Republican David Strom. 

Having a well-worn internet presence means that after some time, you get to meet some of your namesakes. Since both of us are authors (Minneapolis David is a Republican who writes on conservative political topics. And as you know me — St. Louis David — as a Democrat who writes about business technology), we thought we would jointly pen a blog post about things that we can both agree on — and where we diverge as well — for our respective audiences. We found these five broad topics.

1) A path towards legal immigration

We both agree that our immigration laws should be updated to allow for a legal path towards citizenship for those who come to our country. That leaves plenty of daylight between us in terms of how this will be implemented, but both of us aren’t happy with the current situation. 

Minneapolis David: It’s not just a truism that immigrants built this country–they continue to make enormous contributions to America. But you can have too much of a good thing, and as we have seen open borders have created a crisis that is splitting this country apart. It’s time to get control of our border and a consensus on the number of immigrants the country can import without causing social distress. 

St. Louis David: I was surprised when I learned how few countries offer birthright citizenship. We need some consistent policy among the various government branches and across federal, state and local authorities. Wishful thinking, I know.

2) Respect for the rule of law and individual decency

BOTH DAVIDS: Calling for the overthrow of our government by anyone shouldn’t be tolerated. The same holds for threatening law enforcement members, or members of Congress, or really anyone for that matter. We should tolerate people of different points of view — one of the reasons why we are jointly writing this blog post. (Democrat David is married to a conservative Republican, BTW.) And by tolerate we mean being able to disagree without the threat of any violence on that person.

Talk of a civil war–and the increasing number of violent incidents related to political disagreements–make solving real problems nearly impossible. Distrust begets distrust. Neither of us have any idea how to solve the problem, but we need to get a handle on it. Political leaders need to take the first step to calm down the rhetoric. 

3) Understanding the role played by the First Amendment and freedom of speech

Until this year, this amendment only applied to government entities. Now we have two court rulings in Texas and Florida that have different interpretations when it comes to the role of social media and how freedom of speech protections should apply. We both deplore and avoid hate speech.

St. Louis David: Regardless of how these cases play out, all of us should be allowed to say what we want, as long as we aren’t promoting violence on a particular group.  

Minneapolis David: Maybe I read John Stuart Mill at an impressionable age, but I have long believed that the more you suppress ideas, the more disastrous the outcome. Let people speak. Some people will say things that are wrong, stupid, or just different from what you think is responsible. A lot of people will think the same of you. Deal with it. 

4) Importance of science research and respect for the scientific method

St. Louis David: This should be easy. Those people who want to “do their own research” or criticize our scientists for explaining a particular result should fully understand the scientific method of testing hypotheses and running double-blind experiments. Part of respecting scientific research is believing that innovation is a key element of this activity, and accepting the role played by innovation in our society. We may differ on how our governments implement these results, however. Neil DeGrasse Tyson offers some sound advice in his latest book: “Do whatever it takes to avoid fooling yourself into believing that something is true when it is false,  or that something is false when it is true.

Minneapolis David: I agree with St Louis David, with a big “but.” I think that scientists have played a big role in the loss of trust in science. Science is about discovery. Its results are better or worse hypotheses. The goal is truth, but we can only approximate the truth asymptotically (look it up!). Scientists need to project more humility, or their mistakes will only undermine confidence. Example: nutrition science, where it seems like they get it wrong all the time, but with great confidence. 

5) Respect for life 

Both of us agree that we should respect life, which we hinted at above. But we realize that we all might have different definitions of what constitutes the precise moment when we think it begins or ends. Polling shows that there is ample room for reasonable compromises. 

St. Louis David: I believe that our government should allow women to choose, and not make their choices a criminal act. 

Minneapolis David: I consider myself “pro-life” in the sense that you know it. I also understand that there are legitimate differences about how we can best determine when life begins. We need to get beyond shouting at each other and have serious discussions, not shouting matches. 

One final note on something we can also agree on: both of us are Mac/iPhone users, and both of us have re-invested in Apple products this past year. 

KYC — Know your customer

KYC – Know Your Client – Argos KYC – ARGOS KYCTwice this week I have run into issues involving KYC or know your customer policies, and both were rather odd circumstances. I am preparing to go visit my family in Israel, and this time around I am purchasing an eSIM or virtual SIM card for my phone. Before I could do so, however, I had to upload a photo ID and my own portrait to verify that I am indeed a real person. The process was very smooth and just took a moment to get it all organized.

The second KYC moment happened as part of being onboarded for a new client. (Don’t you just love that term? It seems like it is almost as painful as waterboarded.) I got a strange email from someone in India, who was asking me to get on a Zoom call to verify that I am who I said I am. Now, I had never corresponded with this person, and my contact hadn’t prepared me for the email. So I fired off my own email to my contact to do a bit of my own KYC intelligence.

I don’t fault them for being careful. Things aren’t what they appear to be these days. Remember my blog post from earlier this year about inadvertently hiring North Korean developers? I was reminded of this from a recent post by Brian Krebs about fake CISOs that are on LinkedIn. What is worse is that these phonies have made their way to one publication’s “top CISO” list. You can’t vet people enough. Many of the job descriptions on LinkedIn were clearly lifted from real people. Krebs suggests that LinkedIn could make things easier by including a “freshness” date when the profile was first created, which is something that Twitter does.

Finding authentication in interesting places

What does baseball memorabilia have to do with the recent Uber hack? It turns out both depend heavily on authentication. I wrote about the latter for Avast here. The hacker — who claimed to be from Uber’s IT department — set up a man-in-the-middle portal that tricked an Uber contractor into revealing his authentication credentials. This is the same person, or group, that also broke into a gaming studio recently. The contractor did have multifactor authentication enabled, but wasn’t paying attention and the hacker was able to fool them into entering the credentials.

And this week Microsoft researchers found other hackers using malicious OAuth applications were compromised because they lacked any multi-factor authentication credentials.

Authentication — proving you are who you say you are — figured large in a series of emails that I had to regain control over my wife’s website. I had to show both a government picture ID and that I had some financial responsibility over the account. As if that wasn’t enough, I started reading this piece in the NY Times about how Major League Baseball authenticates the items used in its games. Remember how you could just catch an errant fly ball or better yet, one used for a home run? Well, MLB has made some effort to ensure that the ball so used is actually legit, using a chain-of-custody process (off-duty cops collect the items and certify them) along with special tamper-proof holograms that are placed on the objects used during its games.

The Times piece mentioned that lots of stuff gets authenticated, particularly at the end of a season or when a player is about to break a record. These include not just the bat and ball but shoe spikes, gloves, the actual bases, uniform clothing and even the dirt on the infield and decommissioned Shea Stadium seats. Our home team favorite, Albert Pujols, will have specially-marked balls pitched to him for the rest of the season as he climbs the home run chart. About half a million items used in the games a year are authenticated, according to MLB officials.

MLB began using holograms back in 2001, according to this webpage, and this year improved on the tags. They are placed on a variety of memorabilia objects and licensed MLB products, each with a unique code that can be looked up on that page (or on the page of tech supplier, Authenticators Inc.) to determine if it is authentic. (The MLB page returns the status in the URL with the code explicitly listed, which probably means it could be subject to an injection attack, but what do I know?)

The tags are produced by OpSec Security, which also does tags for a wide variety of manufacturing vendors (such as used by GM Europe to insure that genuine parts are sold).  If you try to remove the tag, the hologram is unreadable. Of course, this means your souvenir has this tag on it, but I am guessing that most collectors would rather have the assurance that their item is the real thing.

While Uber’s next step to up their authentication ante will most likely be to use FIDO2 tokens and passkeys, maybe they need a few MLB umpires and off-duty cops to get involved in auditing their authentications.

Nicki’s Central West End blog: Coding camps in the neighborhood

I live in an area of St. Louis called the Central West End, and we are fortunate to have not one but two world-class computer coding training facilities located here: Launchcode and Claim Academy. Both have been in operation for several years and have trained numerous programming professionals through some innovative instruction techniques and by focusing on non-traditional sources for their students. By non-traditional, I mean classes designed for people that have little or no formal programming experience and who want to make a mid-course career correction. In this post for a local blog, I describe their programs, their cost, and their advantages in training newbie programmers.

If you are interested in a programming career, you might want to first read a blog post that I wrote many years ago on how to pick the right online class for Computerworld. I cover things such as knowing what type of learner you are (visual, auditory, etc), figuring out if you have the necessary bandwidth to devote to the classes, thinking about what other support you will need besides the lectures, and understanding what learning programming skills really means.

The changing world of the engineer c.1900

I have been reading David McCullough’s books on the Wright brothers and the building of the Brooklyn Bridge. Both give a very vivid picture of what the life of an engineer was more than a century ago. This life was a very different one from what we know of today. What fascinates me about how both the Wright brothers and the Roeblings (first John, then his son Washington, the engineers behind the bridge) that built things back in the day. Let’s look into their toolsets, their work habits, and their thinking processes.

First and foremost for both situations was the power of observation. Wilbur Wright spent countless hours watching how birds flew, and then tried to figure out a collection of materials that could mimic them. Within a decade people were building airplanes out of paper and wood, what we would consider mere toys today. But using some of those early calculations enabled us to build 747s and SR-71s that fly fast and are built with very advanced materials. And are anything but toys, to be sure.

Second was understanding your materials. The Wright flyer worked because it was extremely light and flexible. The Brooklyn Bridge worked because it was heavier than previous bridges: that it could withstand and distribute the loads properly. The bridge is still in great shape, more than 100 years later. We tear down lesser structures after a decade.

Washington Roebling spent his days watching his bridge being built from a nearby house. He was severely injured from getting a bad case of the bends before anyone knew what this was. Perhaps this could be the first attributed case of remote work, although the distance was covered using a telescope rather than a VPN, Slack and email. His father was also injured on the job from a ferry accident and dies shortly thereafter. All four men got in the middle of things and spent lots of hands-on time to refine their calculations and their drawings and their builds.

About those calculations. We are talking about basic math, using pencil and paper. We tend to forget how easy it is to revise things now that we have powerful computers that can instantly spot grammatical or coding errors and even suggest changes as we type. Back in those days, it was a lot more work and required often starting from scratch.

The slide rule was about as fancy as things got back then, something that I used when I first began my college education. When I went to grad school in the late 1970s, computers were still the size of rooms. Look at the evolution of IBM, from making those roomfuls of computers to changing the desktop world with its PC business, which was eventually sold to a Chinese company. Now IBM is a software and services company.

The first airplanes and bridges were built in the era before electricity. If you ever have an opportunity to visit the Detroit area, you should see the actual bicycle shop that the Wrights used to machine their parts. It isn’t recognizable because it ran on steam power, with these long leather belts that rotated the equipment. Now we think nothing of plugging something into the wall, and complain if the cord isn’t long enough. (You might remember my post about the invention of the electric light bulb and other wonders on display at the Henry Ford Museum.)

Engineers are taught how to solve problems. What is interesting about the stories in both books is how the context of the problems is explained in clear language, with gripping narratives about the various lives involved and the decisions made. You are there with the Wrights on a desolate barrier island as they struggle to figure things out, or inside the bridge piers or watching the cables being strung across the river. They are tales that have stood the test of time.

One reason is that both these books (as well as a third one on the building of the Panama Canal) are extraordinarily researched and well-written. I really enjoyed watching this interview McCullough did with Librarian of Congress James Billington on another of his books, the first part devoted to his writing tips.

The Goldberg variations: Every Good Spy Deserves Favor

If you didn’t attend the RSA conference this year, you might have missed this presentation about a rather interesting application of codes and ciphers. I call it the Goldberg variations, and those of you that are musically inclined might get the references in my post’s title.

Channeling the power of arts into education - The San Diego Union-TribuneRSA conference usually has one of these sessions, where the organizers like to highlight a moment in history where people played an important role in cryptography. This year’s moment was a presentation by Merryl Goldberg, who in 1985 was part of a Klezmer band that toured the former Soviet Union. (Today she is a music professor at CalArts,) In reality, they were spies on a mission to help identify Jews and get them out of the country. Her hosts were fellow musicians that were part of the Phantom Orchestra, so named because it was composed of dissidents who were being watched and harassed by the KGB. At the end of this blog, I will link to another presentation that highlighted another code-breaking pioneer of the past.

The band members knew that their bags would be searched, because let’s face it, in 1985 the USSR wasn’t high on the tourist trail and travel blogging hadn’t yet been invented as a profession. Goldberg came up with a very clever coding scheme that used musical notation to document her efforts, and smuggle information out of the country to help the dissidents eventually escape. Musical note names span the letters A to G, so Goldberg assigned the remaining letters of the alphabet to notes in the 12-tone chromatic scale using sharps and flats. She used other notations to make her music look more like music to pass casual inspection.

When the band arrived in Moscow, they were detained. Goldberg describes how one customs official went through her music book sheet by sheet. The coded messages were disguised as separate compositions. If you could sight-read music, you would very quickly figure out that the notes didn’t make much sense — perhaps if you were a Philip Glass fan you might think this is more modern music. Anyway, her steganography worked and the band was able to enter the country, play their music, and identify the dissidents and complete their mission. The trip wasn’t without drama: the Americans were tailed by the KGB and eventually expelled, as documented in this news clipping:

Newspaper clipping reading 4 Americans expelled after Soviet meeting

Music “is a way to find space when you’re dealing with bad guys and bad things gives you that energy inside your brain,” she said at the conference. I find it an interesting story, and glad Goldberg was around to remind us that EGBDF is an important acronym for more than musical notation.

If you enjoyed this little moment of history, you might want to take in a documentary that will air next month on PBS about the life of Elizebeth Friedman. She literally paved the way for the modern era of codes and ciphers nearly 100 years ago, and a skit featuring actors portraying her and her husband I believe was presented at RSA’s 2005 conference.

Using a third-party clipping/portfolio service for freelancers

This post originated with some online discussions with my freelancer peers on keeping track of your clips or portfolio spurred me to do further research. There are six major providers that I know of, broken into two rough categories. I have provided links to my own sites in the case of the free providers, and showcase those who have paid for their sites.

Those that are mostly about the clips:

Those that offer a bunch of other features besides tracking your clips: 

I went overboard with my page in Contently, putting more than 400 article links together.  I think they have the best of the three systems. Not sure that after you have more than 25 stories in your portfolio if it really matters and then you still have to weed out the dead links manually.  I was into them early on, when they offered a decent wage (defined as >$1/word). They mostly offer much, much less. A recent inquiry from an assignment editor for this rate resulted in no real response back from the actual client, so consider that before you invest much time here.

I was also early into Skyword, and they have suffered much the same fate as Contently, including moving to the cheap side of the fee structure. So steer clear if you can. 

MB has a bunch of different services, including a database of FL opps, a page of links to your published work (which you have to manually construct), links to various editorial mastheads and edit cals, tons of online courses (such as fact checking for journalists, essential digital journalism skills, and building your brand voice), and ways to build your career. You can sign up for a 14-day trial. Here is Esther Shein’s site. She told me that like Contently and Skyword, she got a lot of business early on but now uses it mostly for maintaining her clips. 

My recommendations? First, if you haven’t built a portfolio page somewhere online, now is the time to get started. Take a couple of days, find 10 (or whatever) of your best pieces, and just collect the URLs (if they are still online) or construct a page of PDFs (if not, if you can reconstruct them somehow). Find some images that would be relevant to attach each piece, and decide how you are going to present yourself. Dan Dern has a lot of comments about different ways to do this that could be helpful if not overwhelming.

Besides the vendors mentioned above, you have a few other choices. I still recommend you set up your own clips website outside of these systems for complete control (I use my own hosted WordPress for this:  blog.strom.com, and a mailing list hosted using mailman.) You also can construct various LinkedIn pages that showcase your work. 

Second, if you want to maintain a historical and automatic archive of your work, look at either MuckRack or Authory. The other four require you to manually enter your piece, which wears thin after the initial effort to get things setup. MuckRack is free, it mostly will find your bylined pieces (there doesn’t seem to be any method to what gets found and what doesn’t), and you don’t have to do anything once you set up your page. Authority will cost you, and you have to tell them what pub to look for your stuff, but then they collect the piece and preserve it forever, even if the pub moves or deletes your cheese (that is a problem for the other four providers, where you have to manually maintain the links). Todd Weiss’ Authority page can be found here for reference. Also, both Authory and MuckRack will connect to your social feeds and display what you post there. 

Another use for these providers is to track who views your purple prose. Contently, Skyword, and MediaBistro don’t have any. The other three have some — MuckRack has the best analytics, Clippings.me integrates with Google Analytics, and Authory has some data. 

Finally, and I can’t emphasize enough, this effort for building a portfolio should be complemented by constructing and regularly writing an email newsletter. That is the single best thing that I ever did to build my business, and continues to pay dividends 25 or so years later. 

CNN Underscored: Best mobile payment apps reviewed

Mobile payment apps can be a convenient way to send and receive money using your smartphone or smartwatch. Paying for items this way has never been easier, thanks to the availability of numerous mobile payment apps, better payment terminal infrastructure, and wider support for Bluetooth/near-field communication (NFC) contactless credit cards by American issuers. The coronavirus pandemic has also helped to make contactless “everything” more compelling. I tested out five different mobile payment apps: Apple Pay, Google Pay, Samsung Pay, Venmo (by PayPal) and Cash App (by Block, formerly Square) recently, and wrote my review for CNN/Underscored here.

Tracking the web of misinformation and copycats

How fast does misinformation spread across the web? Turns out, when it comes to the Kardashians, pretty darn fast. But even for those of us who are mere mortals and write about boring stuff like tech, still plenty fast. Let me explain.

Shelly Palmer also writes about tech stuff, and one of his articles quoted Kim and Kylie from an article in CNBC The quote contained a typo, namely, “Strop trying to be tiktok I just want to see cute photos of my friends.” Note the italics. He saw the typo and called CNBC, and within minutes the typo was fixed. No matter. By that short moment in time, hundreds of sites picked it up and included the original typo. Shelly used the typo as a “misinformation DNA marker,” as he puts it, to track who was more diligent about the typo and who could care less. It’s all about the clicks, and when it comes to Kim and Kylie, well, that can supercharge a story.

Shelly found the original phrase, with correct spelling, on a Change.org petition the women signed. What is interesting about his investigation was showing exactly how there are still close to 200 sites that haven’t changed the typo when I did my own search just now.

I feel for both Shelly and the CNBC reporter Jonathan Vanian who admitted to making the typo. I have found copycat websites all over the place that have taken my stories and posted exact replicas — some including my own byline — as if they were syndicating my content legally. They are not. It helped that I included (unintentionally at first, but now more deliberately) my own misinformation DNA marker in the form of a link to a previous blog post on my own blog. WordPress does a very solid job of tracking when someone else is posting to another WordPress blog with a link back to my content. I have seen dozens of these copycat posts, some within minutes of my story going live on the corporate blogs that have paid me to write for them. Of course, I notify my editors, but there is really very little that they can do. These copycat sites are often in other countries, and getting a takedown notice is nearly impossible, expensive, time-consuming, or all three.

Miss Manners: If I'd wanted your opinion, I'd have asked | News, Sports, Jobs - Daily HeraldAll this talk about copycat websites reminds me of a story from my early career at PC Week back in 1988. I wrote a column for the paper that envisioned the advice columnist Miss Manners giving out computing advice for common situations of that era. I have to say, first, I got her tone and style down cold (I will tell you why in a moment). And second, the piece has held up well after all these years, even though it uses terms that many contemporary PC users might never have heard of before. About a month after the piece ran in PC Week, I got a cease and desist letter from her syndicate’s lawyers. That to me was one of the high moments of my tenure at the pub, and an indication of how well the parody had gotten things.

Now, if any of you dear readers would like to try your hand at parodying my own style, please have it. I promise not to engage any lawyers.

 

CNN Underscored: Best cloud personal storage apps

It used to be that 1 TB of storage was a lot, but now this amount of storage is quite common to find on even the least expensive laptops. Over the years, a number of cloud-based storage vendors have begun to support the TB era and now many of them offer monthly storage plans for a reasonable price. We tested five different cloud-based storage apps—Apple iCloud+, Box, Dropbox, Google One, and Microsoft OneDrive—to see which one is the best cloud-based storage app for you. OneDrive comes out on top and it was easier to install on Macs than on some of our Windows PCs that had additional browser-based security that blocked the desktop client downloads.

You can read my full review here.