My blog went down this weekend for a couple of hours. What I want to tell you is how I learned that after all these decades working and writing about IT, I still could have lost some data, despite having what I thought were well-thought out backup procedures. Turns out I was still exposed.

Back about 20 years ago, I had my office in a small commercial building that had a music shop and a Subway on the first floor: my office was directly over both establishments. One day there was an electrical fire in the music shop, which happened when I was out taking a walk. When I returned I saw smoke rising off in the distance, and as I got closer I realized that was my building that had the fire.

That was the day that I learned about offsite backups. Back then, I had made copies of my data on tapes — tapes that were neatly stacked at the end of my desk. Had the fire damaged my building (fortunately for all of us, it didn’t), I would have been in big trouble.

Another time I was hosting my email server at a friend’s server. The friend’s basement got flooded, and my server was ruined. Thankfully he had backups and eventually I was back in business. I learned another lesson that day: make copies of everything (including the actual emails of you, my loyal subscribers) offsite.

Anyway, back to the present day. For many years I have had a WordPress blog that was hosted at various internet providers. It currently lives at Pair.com, which is a solid provider that has exemplary customer support. I use the free tier of Uptrends.com to notify me whenever the blog or my main website goes down. I got the first email after I quit work on Friday about an hour into the outage, and promptly sent off a support email asking what was going on. Within minutes — it might have been seconds — I got a reply saying they were aware of it (good) and working on the fix (even better). Service was restored (a database corruption issue) later.

Now for years I have also maintained a shadow copy of my blog that is hosted on WordPress.com. Back when I did this, you could host a site with limited features for free. (Alas, now you have to pay a fee.) To do this, I first have to export my blog content from my Pair-based server to an XML file, and then import it to the WordPress.com server. That doesn’t take long, but I hadn’t done it in a few weeks.

Now what could I have done differently? For one thing, I could use a different hosting plan on Pair that is designed for managed WordPress deployments, and includes automatic backups. That plan costs more than my plain-Jane hosting account. Another way to approach this is to do more frequent manual backups. As you can see from a screencap of my files, in the past I was sort of cavalier about doing them, now I won’t be. I would have lost about three weeks’ worth of content had Pair not been able to restore my database.

So as you can see, I am a slow learner when it comes to backups. Many businesses are in the same boat: this is why ransom attacks are so successful, because they don’t backup everything, or as Joni sings, you don’t know what you’ve got until it is gone (I think she was talking about something other than digital data).

So the moral of my story: take the time to make the backups about the data that you care about and then think about what your life will be if something happens to the data that might not be mission critical, but is still important.

I live a block away from the chess complex that was the scene of a major incident last month. This is when world chess champion Magnus Carlsen (at left) literally walked off a match that he was losing to Hans Neimann, claiming Neimann was cheating with a remote computer. This week, Neimann is back in town for another chess match. This analysis by chess.com  is interesting, and while you can’t prove anything conclusively, the report says they don’t think he cheated in the game last month. He did admit to cheating at a few online games previously, however the pattern of his wins is suspicious, and the report says he probably cheated in more than a few games.

One of the things I have seen with cheaters is that they can’t just cheat a little, so this makes sense to me. If you have seen any of the various documentary films or read any of the books about Lance Armstrong’s cycling career (one of them is available here), you will likely have picked this up. Armstrong still maintains the “everyone is doing it” strategy,

Reading the chess.com report though is interesting, because I learned a couple of things. First, the latest generation of chess computers can easily beat the best grandmasters, and this is the case for mobile-based chess software over the past few years. This means that a cheater doesn’t need access to a roomful of gear, just a remote connection to someone offsite who can track the game’s play online. Remember when Garry Kasparov lost to IBM’s Deep Blue back in 1997? Garry is a fellow blogger at Avast, and you might be interested in his latest post where he analyzes the Ukraine war. Another tidbit: cheaters just need a few moves in a game to win. And most chess grandmasters have already risen to that level in their mid-teens.

The chess matches happening this week down the street here in St. Louis have taken steps to make it more difficult for the cheaters — they put in a 30-minute delay in the online matches, and only allow spectators for the beginning of each game. But as I said, cheaters will find a way around these strictures eventually. It is the same cat-and-mouse game that cyber attackers play.

If you want an even better illustration of how the cheating game is played, I would recommend watching Icarus, an amazing documentary about the Olympics-based doping efforts, from the point of view of someone who actually managed the Russian’s team cheating.  The Russians constructed a blood testing lab that had cutout befitting the KGB, so that someone’s sample was surreptitiously switched with a clean one to pass the tests. Like I said, cheaters gonna cheat. What was sad was how the consequences for these team-wide cheating were minimal.

It is sad that so much effort has gone into cheating. It really diminished my interest in professional cycling (back several years ago when this all came out) and it now diminishes my interest in chess, despite having a near-front-row seat in the neighborhood. BTW, if you do come and visit me, one incentive would be this fascinating exhibit at the World Chess Hall of Fame Museum on the historic 1972 match between Fischer and Spassky. You’ve got until next April to see it.

Twice this week I have run into issues involving KYC or know your customer policies, and both were rather odd circumstances. I am preparing to go visit my family in Israel, and this time around I am purchasing an eSIM or virtual SIM card for my phone. Before I could do so, however, I had to upload a photo ID and my own portrait to verify that I am indeed a real person. The process was very smooth and just took a moment to get it all organized.

The second KYC moment happened as part of being onboarded for a new client. (Don’t you just love that term? It seems like it is almost as painful as waterboarded.) I got a strange email from someone in India, who was asking me to get on a Zoom call to verify that I am who I said I am. Now, I had never corresponded with this person, and my contact hadn’t prepared me for the email. So I fired off my own email to my contact to do a bit of my own KYC intelligence.

I don’t fault them for being careful. Things aren’t what they appear to be these days. Remember my blog post from earlier this year about inadvertently hiring North Korean developers? I was reminded of this from a recent post by Brian Krebs about fake CISOs that are on LinkedIn. What is worse is that these phonies have made their way to one publication’s “top CISO” list. You can’t vet people enough. Many of the job descriptions on LinkedIn were clearly lifted from real people. Krebs suggests that LinkedIn could make things easier by including a “freshness” date when the profile was first created, which is something that Twitter does.

What does baseball memorabilia have to do with the recent Uber hack? It turns out both depend heavily on authentication. I wrote about the latter for Avast here. The hacker — who claimed to be from Uber’s IT department — set up a man-in-the-middle portal that tricked an Uber contractor into revealing his authentication credentials. This is the same person, or group, that also broke into a gaming studio recently. The contractor did have multifactor authentication enabled, but wasn’t paying attention and the hacker was able to fool them into entering the credentials.

And this week Microsoft researchers found other hackers using malicious OAuth applications were compromised because they lacked any multi-factor authentication credentials.

Authentication — proving you are who you say you are — figured large in a series of emails that I had to regain control over my wife’s website. I had to show both a government picture ID and that I had some financial responsibility over the account. As if that wasn’t enough, I started reading this piece in the NY Times about how Major League Baseball authenticates the items used in its games. Remember how you could just catch an errant fly ball or better yet, one used for a home run? Well, MLB has made some effort to ensure that the ball so used is actually legit, using a chain-of-custody process (off-duty cops collect the items and certify them) along with special tamper-proof holograms that are placed on the objects used during its games.

The Times piece mentioned that lots of stuff gets authenticated, particularly at the end of a season or when a player is about to break a record. These include not just the bat and ball but shoe spikes, gloves, the actual bases, uniform clothing and even the dirt on the infield and decommissioned Shea Stadium seats. Our home team favorite, Albert Pujols, will have specially-marked balls pitched to him for the rest of the season as he climbs the home run chart. About half a million items used in the games a year are authenticated, according to MLB officials.

MLB began using holograms back in 2001, according to this webpage, and this year improved on the tags. They are placed on a variety of memorabilia objects and licensed MLB products, each with a unique code that can be looked up on that page (or on the page of tech supplier, Authenticators Inc.) to determine if it is authentic. (The MLB page returns the status in the URL with the code explicitly listed, which probably means it could be subject to an injection attack, but what do I know?)

The tags are produced by OpSec Security, which also does tags for a wide variety of manufacturing vendors (such as used by GM Europe to insure that genuine parts are sold).  If you try to remove the tag, the hologram is unreadable. Of course, this means your souvenir has this tag on it, but I am guessing that most collectors would rather have the assurance that their item is the real thing.

While Uber’s next step to up their authentication ante will most likely be to use FIDO2 tokens and passkeys, maybe they need a few MLB umpires and off-duty cops to get involved in auditing their authentications.

I have been reading David McCullough’s books on the Wright brothers and the building of the Brooklyn Bridge. Both give a very vivid picture of what the life of an engineer was more than a century ago. This life was a very different one from what we know of today. What fascinates me about how both the Wright brothers and the Roeblings (first John, then his son Washington, the engineers behind the bridge) that built things back in the day. Let’s look into their toolsets, their work habits, and their thinking processes.

First and foremost for both situations was the power of observation. Wilbur Wright spent countless hours watching how birds flew, and then tried to figure out a collection of materials that could mimic them. Within a decade people were building airplanes out of paper and wood, what we would consider mere toys today. But using some of those early calculations enabled us to build 747s and SR-71s that fly fast and are built with very advanced materials. And are anything but toys, to be sure.

Second was understanding your materials. The Wright flyer worked because it was extremely light and flexible. The Brooklyn Bridge worked because it was heavier than previous bridges: that it could withstand and distribute the loads properly. The bridge is still in great shape, more than 100 years later. We tear down lesser structures after a decade.

Washington Roebling spent his days watching his bridge being built from a nearby house. He was severely injured from getting a bad case of the bends before anyone knew what this was. Perhaps this could be the first attributed case of remote work, although the distance was covered using a telescope rather than a VPN, Slack and email. His father was also injured on the job from a ferry accident and dies shortly thereafter. All four men got in the middle of things and spent lots of hands-on time to refine their calculations and their drawings and their builds.

About those calculations. We are talking about basic math, using pencil and paper. We tend to forget how easy it is to revise things now that we have powerful computers that can instantly spot grammatical or coding errors and even suggest changes as we type. Back in those days, it was a lot more work and required often starting from scratch.

The slide rule was about as fancy as things got back then, something that I used when I first began my college education. When I went to grad school in the late 1970s, computers were still the size of rooms. Look at the evolution of IBM, from making those roomfuls of computers to changing the desktop world with its PC business, which was eventually sold to a Chinese company. Now IBM is a software and services company.

The first airplanes and bridges were built in the era before electricity. If you ever have an opportunity to visit the Detroit area, you should see the actual bicycle shop that the Wrights used to machine their parts. It isn’t recognizable because it ran on steam power, with these long leather belts that rotated the equipment. Now we think nothing of plugging something into the wall, and complain if the cord isn’t long enough. (You might remember my post about the invention of the electric light bulb and other wonders on display at the Henry Ford Museum.)

Engineers are taught how to solve problems. What is interesting about the stories in both books is how the context of the problems is explained in clear language, with gripping narratives about the various lives involved and the decisions made. You are there with the Wrights on a desolate barrier island as they struggle to figure things out, or inside the bridge piers or watching the cables being strung across the river. They are tales that have stood the test of time.

One reason is that both these books (as well as a third one on the building of the Panama Canal) are extraordinarily researched and well-written. I really enjoyed watching this interview McCullough did with Librarian of Congress James Billington on another of his books, the first part devoted to his writing tips.

If you didn’t attend the RSA conference this year, you might have missed this presentation about a rather interesting application of codes and ciphers. I call it the Goldberg variations, and those of you that are musically inclined might get the references in my post’s title.

RSA conference usually has one of these sessions, where the organizers like to highlight a moment in history where people played an important role in cryptography. This year’s moment was a presentation by Merryl Goldberg, who in 1985 was part of a Klezmer band that toured the former Soviet Union. (Today she is a music professor at CalArts,) In reality, they were spies on a mission to help identify Jews and get them out of the country. Her hosts were fellow musicians that were part of the Phantom Orchestra, so named because it was composed of dissidents who were being watched and harassed by the KGB. At the end of this blog, I will link to another presentation that highlighted another code-breaking pioneer of the past.

The band members knew that their bags would be searched, because let’s face it, in 1985 the USSR wasn’t high on the tourist trail and travel blogging hadn’t yet been invented as a profession. Goldberg came up with a very clever coding scheme that used musical notation to document her efforts, and smuggle information out of the country to help the dissidents eventually escape. Musical note names span the letters A to G, so Goldberg assigned the remaining letters of the alphabet to notes in the 12-tone chromatic scale using sharps and flats. She used other notations to make her music look more like music to pass casual inspection.

When the band arrived in Moscow, they were detained. Goldberg describes how one customs official went through her music book sheet by sheet. The coded messages were disguised as separate compositions. If you could sight-read music, you would very quickly figure out that the notes didn’t make much sense — perhaps if you were a Philip Glass fan you might think this is more modern music. Anyway, her steganography worked and the band was able to enter the country, play their music, and identify the dissidents and complete their mission. The trip wasn’t without drama: the Americans were tailed by the KGB and eventually expelled, as documented in this news clipping:

Music “is a way to find space when you’re dealing with bad guys and bad things gives you that energy inside your brain,” she said at the conference. I find it an interesting story, and glad Goldberg was around to remind us that EGBDF is an important acronym for more than musical notation.

If you enjoyed this little moment of history, you might want to take in a documentary that will air next month on PBS about the life of Elizebeth Friedman. She literally paved the way for the modern era of codes and ciphers nearly 100 years ago, and a skit featuring actors portraying her and her husband I believe was presented at RSA’s 2005 conference.

This post originated with some online discussions with my freelancer peers on keeping track of your clips or portfolio spurred me to do further research. There are six major providers that I know of, broken into two rough categories. I have provided links to my own sites in the case of the free providers, and showcase those who have paid for their sites.

Those that are mostly about the clips:

• authory.com  ($8/mo if paid annually, $10/mo if not) 
• muckrack.com/dstrom  free 
• https://www.clippings.me/users/davidstrom (10 free clips, $100/year if you want more. Note: This is NOT clippings.com, which is for furniture pictures.)

Those that offer a bunch of other features besides tracking your clips: 

• https://davidstrom.contently.com/  Free

I went overboard with my page in Contently, putting more than 400 article links together.  I think they have the best of the three systems. Not sure that after you have more than 25 stories in your portfolio if it really matters and then you still have to weed out the dead links manually.  I was into them early on, when they offered a decent wage (defined as >$1/word). They mostly offer much, much less. A recent inquiry from an assignment editor for this rate resulted in no real response back from the actual client, so consider that before you invest much time here.

• http://davidstrom.skyword.com  Free

I was also early into Skyword, and they have suffered much the same fate as Contently, including moving to the cheap side of the fee structure. So steer clear if you can. 

• https://www.mediabistro.com/freelance-connect/  ($10/mo if paid annually, $15 if not) 

MB has a bunch of different services, including a database of FL opps, a page of links to your published work (which you have to manually construct), links to various editorial mastheads and edit cals, tons of online courses (such as fact checking for journalists, essential digital journalism skills, and building your brand voice), and ways to build your career. You can sign up for a 14-day trial. Here is Esther Shein’s site. She told me that like Contently and Skyword, she got a lot of business early on but now uses it mostly for maintaining her clips. 

My recommendations? First, if you haven’t built a portfolio page somewhere online, now is the time to get started. Take a couple of days, find 10 (or whatever) of your best pieces, and just collect the URLs (if they are still online) or construct a page of PDFs (if not, if you can reconstruct them somehow). Find some images that would be relevant to attach each piece, and decide how you are going to present yourself. Dan Dern has a lot of comments about different ways to do this that could be helpful if not overwhelming.

Besides the vendors mentioned above, you have a few other choices. I still recommend you set up your own clips website outside of these systems for complete control (I use my own hosted WordPress for this:  blog.strom.com, and a mailing list hosted using mailman.) You also can construct various LinkedIn pages that showcase your work. 

Second, if you want to maintain a historical and automatic archive of your work, look at either MuckRack or Authory. The other four require you to manually enter your piece, which wears thin after the initial effort to get things setup. MuckRack is free, it mostly will find your bylined pieces (there doesn’t seem to be any method to what gets found and what doesn’t), and you don’t have to do anything once you set up your page. Authority will cost you, and you have to tell them what pub to look for your stuff, but then they collect the piece and preserve it forever, even if the pub moves or deletes your cheese (that is a problem for the other four providers, where you have to manually maintain the links). Todd Weiss’ Authority page can be found here for reference. Also, both Authory and MuckRack will connect to your social feeds and display what you post there. 

Another use for these providers is to track who views your purple prose. Contently, Skyword, and MediaBistro don’t have any. The other three have some — MuckRack has the best analytics, Clippings.me integrates with Google Analytics, and Authory has some data. 

Finally, and I can’t emphasize enough, this effort for building a portfolio should be complemented by constructing and regularly writing an email newsletter. That is the single best thing that I ever did to build my business, and continues to pay dividends 25 or so years later.