If you didn’t attend the RSA conference this year, you might have missed this presentation about a rather interesting application of codes and ciphers. I call it the Goldberg variations, and those of you that are musically inclined might get the references in my post’s title.

RSA conference usually has one of these sessions, where the organizers like to highlight a moment in history where people played an important role in cryptography. This year’s moment was a presentation by Merryl Goldberg, who in 1985 was part of a Klezmer band that toured the former Soviet Union. (Today she is a music professor at CalArts,) In reality, they were spies on a mission to help identify Jews and get them out of the country. Her hosts were fellow musicians that were part of the Phantom Orchestra, so named because it was composed of dissidents who were being watched and harassed by the KGB. At the end of this blog, I will link to another presentation that highlighted another code-breaking pioneer of the past.

The band members knew that their bags would be searched, because let’s face it, in 1985 the USSR wasn’t high on the tourist trail and travel blogging hadn’t yet been invented as a profession. Goldberg came up with a very clever coding scheme that used musical notation to document her efforts, and smuggle information out of the country to help the dissidents eventually escape. Musical note names span the letters A to G, so Goldberg assigned the remaining letters of the alphabet to notes in the 12-tone chromatic scale using sharps and flats. She used other notations to make her music look more like music to pass casual inspection.

When the band arrived in Moscow, they were detained. Goldberg describes how one customs official went through her music book sheet by sheet. The coded messages were disguised as separate compositions. If you could sight-read music, you would very quickly figure out that the notes didn’t make much sense — perhaps if you were a Philip Glass fan you might think this is more modern music. Anyway, her steganography worked and the band was able to enter the country, play their music, and identify the dissidents and complete their mission. The trip wasn’t without drama: the Americans were tailed by the KGB and eventually expelled, as documented in this news clipping:

Music “is a way to find space when you’re dealing with bad guys and bad things gives you that energy inside your brain,” she said at the conference. I find it an interesting story, and glad Goldberg was around to remind us that EGBDF is an important acronym for more than musical notation.

If you enjoyed this little moment of history, you might want to take in a documentary that will air next month on PBS about the life of Elizebeth Friedman. She literally paved the way for the modern era of codes and ciphers nearly 100 years ago, and a skit featuring actors portraying her and her husband I believe was presented at RSA’s 2005 conference.

This post originated with some online discussions with my freelancer peers on keeping track of your clips or portfolio spurred me to do further research. There are six major providers that I know of, broken into two rough categories. I have provided links to my own sites in the case of the free providers, and showcase those who have paid for their sites.

Those that are mostly about the clips:

• authory.com  ($8/mo if paid annually, $10/mo if not) 
• muckrack.com/dstrom  free 
• https://www.clippings.me/users/davidstrom (10 free clips, $100/year if you want more. Note: This is NOT clippings.com, which is for furniture pictures.)

Those that offer a bunch of other features besides tracking your clips: 

• https://davidstrom.contently.com/  Free

I went overboard with my page in Contently, putting more than 400 article links together.  I think they have the best of the three systems. Not sure that after you have more than 25 stories in your portfolio if it really matters and then you still have to weed out the dead links manually.  I was into them early on, when they offered a decent wage (defined as >$1/word). They mostly offer much, much less. A recent inquiry from an assignment editor for this rate resulted in no real response back from the actual client, so consider that before you invest much time here.

• http://davidstrom.skyword.com  Free

I was also early into Skyword, and they have suffered much the same fate as Contently, including moving to the cheap side of the fee structure. So steer clear if you can. 

• https://www.mediabistro.com/freelance-connect/  ($10/mo if paid annually, $15 if not) 

MB has a bunch of different services, including a database of FL opps, a page of links to your published work (which you have to manually construct), links to various editorial mastheads and edit cals, tons of online courses (such as fact checking for journalists, essential digital journalism skills, and building your brand voice), and ways to build your career. You can sign up for a 14-day trial. Here is Esther Shein’s site. She told me that like Contently and Skyword, she got a lot of business early on but now uses it mostly for maintaining her clips. 

My recommendations? First, if you haven’t built a portfolio page somewhere online, now is the time to get started. Take a couple of days, find 10 (or whatever) of your best pieces, and just collect the URLs (if they are still online) or construct a page of PDFs (if not, if you can reconstruct them somehow). Find some images that would be relevant to attach each piece, and decide how you are going to present yourself. Dan Dern has a lot of comments about different ways to do this that could be helpful if not overwhelming.

Besides the vendors mentioned above, you have a few other choices. I still recommend you set up your own clips website outside of these systems for complete control (I use my own hosted WordPress for this:  blog.strom.com, and a mailing list hosted using mailman.) You also can construct various LinkedIn pages that showcase your work. 

Second, if you want to maintain a historical and automatic archive of your work, look at either MuckRack or Authory. The other four require you to manually enter your piece, which wears thin after the initial effort to get things setup. MuckRack is free, it mostly will find your bylined pieces (there doesn’t seem to be any method to what gets found and what doesn’t), and you don’t have to do anything once you set up your page. Authority will cost you, and you have to tell them what pub to look for your stuff, but then they collect the piece and preserve it forever, even if the pub moves or deletes your cheese (that is a problem for the other four providers, where you have to manually maintain the links). Todd Weiss’ Authority page can be found here for reference. Also, both Authory and MuckRack will connect to your social feeds and display what you post there. 

Another use for these providers is to track who views your purple prose. Contently, Skyword, and MediaBistro don’t have any. The other three have some — MuckRack has the best analytics, Clippings.me integrates with Google Analytics, and Authory has some data. 

Finally, and I can’t emphasize enough, this effort for building a portfolio should be complemented by constructing and regularly writing an email newsletter. That is the single best thing that I ever did to build my business, and continues to pay dividends 25 or so years later. 

How fast does misinformation spread across the web? Turns out, when it comes to the Kardashians, pretty darn fast. But even for those of us who are mere mortals and write about boring stuff like tech, still plenty fast. Let me explain.

Shelly Palmer also writes about tech stuff, and one of his articles quoted Kim and Kylie from an article in CNBC The quote contained a typo, namely, “Strop trying to be tiktok I just want to see cute photos of my friends.” Note the italics. He saw the typo and called CNBC, and within minutes the typo was fixed. No matter. By that short moment in time, hundreds of sites picked it up and included the original typo. Shelly used the typo as a “misinformation DNA marker,” as he puts it, to track who was more diligent about the typo and who could care less. It’s all about the clicks, and when it comes to Kim and Kylie, well, that can supercharge a story.

Shelly found the original phrase, with correct spelling, on a Change.org petition the women signed. What is interesting about his investigation was showing exactly how there are still close to 200 sites that haven’t changed the typo when I did my own search just now.

I feel for both Shelly and the CNBC reporter Jonathan Vanian who admitted to making the typo. I have found copycat websites all over the place that have taken my stories and posted exact replicas — some including my own byline — as if they were syndicating my content legally. They are not. It helped that I included (unintentionally at first, but now more deliberately) my own misinformation DNA marker in the form of a link to a previous blog post on my own blog. WordPress does a very solid job of tracking when someone else is posting to another WordPress blog with a link back to my content. I have seen dozens of these copycat posts, some within minutes of my story going live on the corporate blogs that have paid me to write for them. Of course, I notify my editors, but there is really very little that they can do. These copycat sites are often in other countries, and getting a takedown notice is nearly impossible, expensive, time-consuming, or all three.

All this talk about copycat websites reminds me of a story from my early career at PC Week back in 1988. I wrote a column for the paper that envisioned the advice columnist Miss Manners giving out computing advice (link) for common situations of that era. I have to say, first, I got her tone and style down cold (I will tell you why in a moment). And second, the piece has held up well after all these years, even though it uses terms that many contemporary PC users might never have heard of before. About a month after the piece ran in PC Week, I got a cease and desist letter from her syndicate’s lawyers. That to me was one of the high moments of my tenure at the pub, and an indication of how well the parody had gotten things.

Now, if any of you dear readers would like to try your hand at parodying my own style, please have it. I promise not to engage any lawyers.

The Verge has this piece about how carmakers have discovered subscription pricing, thanks in part to the leadership of Tesla. I have always thought of Tesla as a software company that installs their code in a big computer that happens to look a lot like a car. Now the traditional car companies have gotten more interested in selling subscriptions. For GM, these generate $2B annual revenues, which works out to customers paying around $40 a month for various options such as OnStar or SiriusXM.

But as Hawkins points out in his piece, this has fast become a nightmare for those citizens that don’t want to debug their car’s software and just want to drive them from one place to another. BMW was selling subs overseas to turn on the option for heated seats. Granted, most of the subs are for things like entertainment or driver-assisted features.

The problem with subscription cars is that the Netflix (or choose your favorite SaaS supplier) model breaks down quickly. There are several reasons. First, the software that comes with your car is most certainly out of date, sometimes by about a year even if you buy the current year’s model when it first goes on sale the previous fall. This is because it takes time to design the car and get subs it from the factory to your dealer and then to you. But another reason is that the car companies are not doing nightly software builds or set up like software companies — until Tesla came along.

Second, the car needs connectivity to update itself, and until lately that connectivity was either expensive (for cellular broadband) or inconvenient (such as using Bluetooth to get to your phone), or both.

Third, car subscribers are often paying to remove a software block on a functionality that already exists when the car rolled off the line. That can be frustrating for consumers, although Tesla owners seem ok with it for now.

Next, unlike SaaS vendors, you can’t usually try before you buy the subscription. Some of the car companies do offer enticement — when I got my used GM car from the dealer, they bundled in SiriusXM for a limited time. But for the most part, they haven’t fully embraced the SaaS model. Plus, the collection of features for the “free pricing tier” — if such a thing existed to the extent that it does in the SaaS world — is just brutally hard to figure out. It is hard to figure out a decent price point (see BMW’s mistakes charging upwards of $80/month for some of their services). It is hard to price something (like a heated seat) that was in the “free forever ” tier. And it is hard to support. Call your dealer? Yeah, right.

That brings up another point. How do you recover from a car’s software error? No one wants to see a blue screen in their car. My aging car’s GPS gets “lost” and has me driving through empty places on its map, which is somewhat disconcerting. It is one thing to wait for a file to download from some cloud server but another thing if you are going along at 70 mph down the freeway. Can I get a software update on my GPS? Nope.

Finally, the biggest issue is that carmakers are looking at subscriptions as found money when they should be dropping prices and using them as a way to amortize the vehicle sale. As prices on vehicles is rising faster than (insert your favorite supply chain metaphor here), you would think this is obvious. But no. This just adds to the distrust many of us have when the time comes to buy our next car and have to enter the 12 circles of hell otherwise known as the showroom.

Still, there is Tesla. Like I said, not your dad’s Buick.

Let’s talk about layoffs for a moment. More specifically, let’s talk about the process by which a company fires its people. How does it work to terminate someone’s digital access? It is tricky.

I have been laid off a few times over my career. The one that I wanted to tell you about was when I worked for the IT department for a large insurance company. My office was in a downtown LA high rise, and coincidentally, my wife also worked in the same building, for a different subsidiary of the company. Indeed, she worked on the same floor. I had just given my two weeks’ notice that I was quitting to go work for PC Week (now called eWeek). As was the custom of the times (this was in the 1980s), I was immediately terminated. My access to the mainframe was turned off, and I was accompanied by a security guard to clean out my desk, hand in my badge, and take me down the elevator and escort me out the door to the street.

There was just one problem: I had to tell my wife that I was fired, and this being the era before cell phones, I had to come back up to our floor. Also, our building didn’t have controlled access, so there really was no way to keep me out of the place.

Now let’s talk about today. How do you announce a layoff to everyone, including the folks that are still gainfully employed? Well, via email and Slack of course. But the timing is critical: if you terminate an employee’s accounts, they won’t get the memo. Some businesses wait a day. This recent survey shows that only 51% of organizations said they typically remove a user’s access to corporate systems the day (35%) or the day after (16%) the employee leaves. A day after is too late: there is a lot of damage a vengeful now ex-employee can do in that day.

Of course, it matters how many people are laid off at once, and where in the corporate hierarchy they are. If it is just a few people, you might get the security escort as I did. But what if dozens are terminated? This is what happened at Coinbase recently. They took a somewhat different approach. First, they cut off the terminated staff’s access to emails and other corporate accounts. Then the CEO sent out this note to their personal emails:

“If you are affected, you will receive this notification in your personal email, because we made the decision to cut access to Coinbase systems for affected employees. I realize that removal of access will feel sudden and unexpected, and this is not the experience I wanted for you. Given the number of employees who have access to sensitive customer information, it was unfortunately the only practical choice, to ensure not even a single person made a rash decision that harmed the business or themselves.”

I think this was the right sequence for Coinbase, but as I said timing is everything. If you are faced with a group layoff, here are a few suggestions.

First, make sure your HR department has the most accurate information about your staff. This means having both personal and work contacts, including private emails and cell phone numbers. You should have done this for all sorts of reasons outside of potential layoffs, such as being able to reach someone’s family in case of emergencies for example. And part of this census is ensuring that you don’t have active accounts for long-ago terminated staff.

Second, you should create a policy on who and how you will communicate company-wide news, both good and bad. How will this information be shared with the news media, and do you have the right media contacts too?

Next, how do you track all your corporate digital resources, and who has what kind of access to these resources? Does someone on your dev team use a private GitHub account? Are people creating Google shared workspaces with their Gmail accounts? Given how easy it is to setup a private cloud repository, you need to be aware of this as best as you can. Having all this information and accounting for the various communications channels correctly will take some effort.

Finally, you need to pay special attention to staff that have elevated access rights to various resources. Can you track if one of these privileged users have made copies of business or personal data? (This is the role of data loss prevention products, by the way.) Do you have too many administrators? That is usually a common problem.

Terminating people safely is a process, both from the affected individuals’ and the company’s perspectives. While the process chosen by Coinbase may not work for everyone, it is a useful template that can provide some important guidance.

There is a lot more to be said about termination policies and practice, and I would urge you to read this blog by Erica Marom and Uri Ar on how to build an employer brand.At the end of that post, they talk about how to craft a positive message and how to communicate it.

I have been writing about the challenges of online collaboration for years (here is a piece I wrote about synchronizing online calendars for the NY Times back in 2009)., and here is a link to my review of personal cloud storage that I recently did for CNN) When it comes to working on the same document (or spreadsheet or slide deck), it sadly still isn’t easy. Sure, there are tons of tools, including cloud storage vendors (like Dropbox, Google Workspace and Microsoft’s basketful of deplorable apps), team messaging apps (like Slack and Teams), and various other SaaS apps that claim to be collaboration forward but are still back in the dark ages.

What is wrong? All of this technology comes down to a bad marriage between the personal and sharing mindsets. And while the tools supposedly get more sophisticated, they still have fundamental and foundational issues, like these:

Our first problem is the personal computer is inherently personal. Back in the 1980s when we each had a huge 4 MHz CPU sitting on our desktops, we could run whatever apps we wished out of a tiny floppy disk. We didn’t share nothing with nobody. There was no internet, no SaaS stuff, no web browser. There weren’t even any graphic interfaces. Life was simple, and it was good, or so we thought. But now we have all this power: multiple CPU/GPU cores to run all sorts of complex stuff, gigabit speeds coursing through our home offices. But we still tend to think about the document that is sitting on our screen as our own proprietary property.

This background hasn’t made sharing easy. For a project that I am working on for a client, they set me up on their internal email system because they were using GDocs/Workspace. If you aren’t part of the domain, GDocs goes through some trouble and getting you in synch is painful. Much easier to just create a new email on their domain and share that way. Something is wrong with this picture.

Microsoft isn’t much better. They have almost as many varieties of sharing tech as Heinz has ingredients in their condiments. You have a Sharepoint drive, which isn’t the same thing as the Teams shared drive which differs from One Drive which isn’t the same One Drive on the E6 Enterprise license of Office 365, and oh by the way login.microsoft.com presents a different dialog from all of the above and is needed to manage all your various identities and sharing permissions.

Underlying all this tech are two basic ways to share stuff: either by URL (or by email, which embeds a URL in the message body), or by working with user identities, which also makes use of email addresses. Sometimes one method works better than the other. The ideal collaboration tool allows for setting basic access rights (view or edit your content), and sometimes these work, sometimes these are assigned to someone’s personal Gmail address when it should have been assigned to the common work domain address. Maybe this was an issue back in 2009, but it is still an issue today.

The sharing routines are broken because you have multiple paths and devices and apps to get you to your content. You can use a desktop or mobile app, a cloud app, a plain-Jane browser session. If you don’t have a desktop license to the word processor or presentation app, you have to bring up the browser and hope that you can run the app inside your browser — for those corporate-managed Windows machines that are under app lockdown, you might have to go through some hoops to get the right collection of permissions.

Plus doing this in near-real-time can be an issue if you are spread across a bunch of time zones around the planet and keeping track of what was done on a previous edit. This happened to me recently as one of my editors is in Europe while another is in California.

Sometimes I just give up and email someone the Word doc we are working on and just call it a day. That is absolutely the worst way to collaborate, bouncing bits back and forth across the internet. I hope it doesn’t take another decade to fix the collaboration problem.