Three ways to track freelance income–none of which may be right

My work for this year isn’t done, but my income almost is. One client’s payment arrived today (having that happen less than three weeks after invoicing ranks as a Christmas miracle), another has told me to expect a direct deposit next week, and that’s all the positive cash flow I’m expecting for 2018.

Nearing that taxation-and-accounting finish line has me thinking once again of how I try to keep track of what I’m making throughout the year. I have three different models for this, and each can be wrong in their own ways.

What I file in a month: This approach has has the advantage of focusing on the one thing I can control the most. But a lot can happen after I file my copy, by which I mean it can go through a prolonged edit that pushes back completion of the work by weeks.

Or by months: An editor’s departure at one site earlier this year left a post collecting dust for several weeks until one of his now-overworked colleagues could tend to it between other tasks.

What I invoice in a month: Sending in the form itemizing your work and requesting payment has a pleasing finality, but not everybody sends the direct deposit or the check on the same timetable. Thirty days is typical, but USA Today and Wirecutter usually beat that number by at least a couple of weeks (having two of America’s largest newspapers turn around a payment that quickly continues to amaze me). Sometimes the same client’s payments arrive on wildly varying schedules for no apparent reason.

Last year, I also had a client reject an invoice because of a glitch with the bank deposit information I’d provided, and because the parent firm of this site picked an invoicing system for its fundamental meanness, I had to start the invoicing process for that story from scratch. Fortunately, I’ve not yet had to send more than a few nagging e-mails to get a invoice paid out, which is not a given in this line of work.

What I get paid in a month: There’s no arguing with the numbers on a bank statement, but this can often be a fake metric because it reflects work done months later. And for every month where a round of overdue payments finally land and make me look like a business genius, there’s going to be another where a couple of invoices get processed just late enough to have that money hit my account not on the 29th or the 30th but on the 1st or the 2nd of the following month.

As it happens, it looks like I’ll get a reasonably large deposit from one site early next month. I’ll try not to let that cash flow get to my head… because I really thought I would have seen a chunk of that change by now.

Advertisements

Credit where it’s due: Thanksgiving tech support has gotten easier

I spend a lot of time venting about tech being a pain in the neck, but I will take a break from that to confirm that my annual Thanksgiving-weekend routine of providing technical support has gotten a lot easier over the last 10 years.

The single biggest upgrade has been the emergence of the iPad as something usable as the only computer in the house. It took a few years for Apple to make that happen–remember when you had to connect an iPad to a computer for its setup and backups?–but Web-first users can now enjoy a tablet with near zero risk of malware and that updates its apps automatically.

As a result, when I gave my mom’s iPad a checkup Wednesday afternoon, the worst I had to do was install the iOS 12.1 update.

That left me free to spend my tech-support time rearranging that tablet’s apps to keep the ones she uses most often on the first home screen.

Things have gotten easier on “real” computers too. Apple and Microsoft ship their desktop operating systems with sane security defaults and deliver security patches and other bug fixes automatically. The Mac and Windows app stores offer the same seamless updates for installed programs as iOS and Android’s. And while Google Chrome and Mozilla Firefox aren’t in those software shops, they update themselves just as easily.

But the openness of those operating systems makes it easier for people to get into trouble. For example, a few weeks ago, I had to talk a relative through resetting Chrome’s settings to get rid of an extension that was redirecting searches.

Other computing tasks remain a mess. On a desktop, laptop or tablet, clearing out storage to make room for an operating-system upgrade is as tedious as ever, and it doesn’t help when companies like Apple continue to sell laptops with 128-gigabyte SSDs. Password management continues to be a chore unless (duh) you install a password manager.

Social media looks worst of all. Facebook alone has become its own gravity well of maintenance–notifications to disable to curb its attention-hogging behavior, privacy settings to tend, and propaganda-spewing pages to avoid. There’s a reason I devoted this year’s version of my USA Today Thanksgiving tech-support column to Facebook, and I don’t see that topic going out of style anytime soon.

Credit-card fraud doesn’t care how much you obsess about security

Once again, I have a credit card cut into pieces and dumped in a trash can, thanks to somebody trying to treat themselves to a spending spree on our account.

This time, the card was a Citi Double Cash MasterCard, and the transaction that got my attention was a $969.90 Lenovo purchase. Neither my wife nor I had any recollection of making that–and neither Citi nor Intuit’s Mint personal-finance app had flagged it as suspicious.

After spotting that in our account, I saw two other, sub-$10 transactions with “OTC Brands” that also didn’t match up with anybody’s memory. A 14-minute call later, Citi had canceled our cards and ordered up replacements–I can already shop online with the new number–and pledged to investigate these three sketchy purchases.

So overall, we got off easy. But the experience has been a useful reminder that sometimes security is entirely out of your hands. There’s nothing we could have done to stop this from happening; at best, Citi’s security would have flagged the Lenovo purchase and asked me to approve or deny it, as it did when an unknown party tried using our card in March of 2016 at a Ukrainian site.

And no, having an EMV chip on this card did not enhance its security for card-not-present transactions. Even if this card had required me to key in a PIN instead of sign for in-person purchases, that also would have likely made no difference online.

Sometimes you just have to hope that the system works–and when it doesn’t, hope that you don’t wait too long for the system to get your money back. Having gotten Equifaxed last year, I can confirm that things could be worse.

It’s been a trying week to keep a politically open mind

For years, one of the non-obvious pleasures of writing about tech policy has been knowing that the good and bad ideas don’t fall along the usual right/left lines.

I might not want to hear Republicans like Rep. Darrell Issa (R.-Calif.) and former Rep. Jason Chaffetz (R.-Utah) say a single word about Benghazi, but they were right on a lot of intellectual-property issues. At the same time, I have not enjoyed seeing Democrats I otherwise find clueful like Sen. Pat Leahy (D.-Vt.) repeat entertainment-industry talking points.

But as the past couple of years and these past few days in particular have reminded me, the GOP looks different these days. When a Supreme Court nominee can snarl about left-wing conspiracies in a way that invites the description “Justice Brett Kavanaugh (R)” as the White House rushes through an investigation of sexual-assault allegations against him, and then all but one Senate Republican approves… well, that didn’t happen under President George W. Bush, as awful as things got then.

As a voter, I find nothing to like about what’s now the party of Trump. I’m struggling to think when I might once again cast a contrarian vote for a Republican for Congress in my deep-blue district–especially since my current representative lacks his predecessor’s history of questionable financial transactions.

But at the same time, it’s not good for my health to turn into a ball of rage, and I don’t want to respond to a bout of tribalism on the Republican side by returning the favor. So I’ve been trying to keep a few thoughts in mind.

One is that coherent political philosophies can deserve respect, but blind loyalty, an unprincipled will to power or rank bigotry do not. I may not agree with your notions on government power or individual responsibility, but if I see you speaking and acting in accordance with them, I can at least try to understand where you’re coming from. If, however, you’ve abandoned past positions because they conflict with fact-starved Trump talking points, why should I take you seriously?

If the logic of your current policy positions boils down to “this will help my team,” the same response applies. And if you spout racist or misogynistic nonsense, crawl back under your rock.
A second is that today’s Republican Party and conservatism aren’t the same thing, as one of this year’s dumber tech-policy debates illustrates. It’s become fashionable to describe (groundless) GOP complaints over social-network bias in terms of unfairness to “conservatives,” but the people doing the whining are solidly in Trump’s corner and back such Trump moves as imposing a hidden tax through massive tariffs and propping up dying resource-extraction industries–neither the stuff of small-c conservatism.

A third is that Democrats left alone can still screw things up. Living in D.C. in the mid 1990s, I had the privilege of helping to pay Marion Barry’s salary with my taxes; I know the risks of unchecked one-party rule. We still need a party that can point out that market forces can solve some problems on their own and that abuse of power isn’t just a sport for big business.

I assume it will take at least one electoral wipeout to break Trump’s spell on the Republican Party and let it try to recover that role–as that bomb-throwing liberal George Will wrote in June. In the interest of not trying to pretend I have no opinion on things I see everyday, I will admit that seeing such a beatdown would not make me sad.

Why I attended two monetization-resistant conferences

I spent the past two weeks betraying a basic rule of self-employment: Don’t go someplace without having enough work lined up to pay for the trip. Worse yet, I paid for a conference badge–twice.

I had my reasons. The XOXO festival in Portland promised a repeat of the mind-expanding, heartening talks I watched with rapt attention in 2013 and 2015, plus the side reward of getting to spend a few days in a city I like but hadn’t visited since 2015. The Online News Association conference in Austin, meanwhile, would bring its usual mix of professional development and catching up with old friends.

XOXO stageI had hopes of selling a post or two from each, but I’d still lose money from each trip (and then I wound up not selling anything at all). So what did I get for my $500 XOXO pass and $439 ONA registration, plus airfare and lodging for each?

This year’s XOXO was not the same independent-creativity pep talk as before, because most of the speakers didn’t address that theme. But there were some seriously compelling talks anyway:

  • Jonny Sun and then Demi Adejuyigbe talked with candor and hilarity about battling impostor syndrome;
  • Jennifer 8. Lee explained how she worked the emoji-governance system (yes, there is one) to get a dumpling emoji added;
  • Claire L. Evans retold some forgotten stories about female computing pioneers;
  • Helen Rosner spoke about being defined by an out-of-context tweet and having to defend her expertise, then led the audience in a recitation of this pithy, profane self-affirmation: “I am really smart, and I am really good at what I do, and you should fucking listen to me.”

Trust me, you will want to watch these whenever the organizers post the video to their YouTube page.

XOXO also had a day of meetups across Portland and endless conversations with fellow attendees. Somehow, this conference manages to attract some of the kindest, nicest people on the Internet; it’s a wonderful contrast to the acid bath that is Twitter on a bad day.

XOXO postcardThe people at ONA may not have been as uniformly pleasant–look, if we journalists had a full set of social skills, we’d all have real jobs–but that event had the advantage of being much more tightly focused on my professional reality. It’s not by accident that I’ve gone to every ONA conference since 2014.

There, too, the talks were terrific:

ONA was as great as ever for networking, I had more than my fill of delicious tacos, and I got to hear Dan Rather give a brief talk at an evening event and then shake his hand afterwards.

In retrospect, XOXO is an expense I wouldn’t repeat–although I’ve yet to go to that festival in consecutive years anyway. My takeaway from this year’s version is that instead of flying across the country to get these different perspectives, I should try harder to find them around D.C.

ONA, however, is pretty much guaranteed to be on my schedule next year–the 2019 conference will be in New Orleans. How can I not do that?

How to pick a panel out of a lineup

AUSTIN–Once again, ONA is bringing some serious FOMO. Like any conference with multiple panel tracks, the Online News Association’s gathering here requires me to choose between as many as 13 talks happening in the same timeslot.

ONA 18 badge backThe past five ONA conferences I’ve attended have featured few lackluster panels, so this choice is not easy unless I think I can sell a story from the talk.

Setting aside that mercenary motivation, when I’m looking at two or three panels of equal interest to me, I have to ask myself a series of questions. Does the talk feature people I’ve heard before and liked? Or would I rather hear from speakers I’ve never seen? Do I want to say hi to the people on the panel afterwards? Will the conversation make me uncomfortable? (That’s usually a good thing.) And will the panel I skip have audio or video posted that I can check out later on?

At least all of ONA’s panels occupy a few floors of the J.W. Marriott here, so it’s not like SXSW and its archipelago of venues. There, the panel choice is often made for you by your location.

As a last resort, I may pick my spot for the next hour on a simpler metric: Does the room have a power outlet open near a chair?

Black Hat priorities: don’t get pwned, do get work done

LAS VEGAS–I took my own phone and laptop to the Black Hat USA security conference here, which is often held out as a bad idea.

Before I flew out to Vegas Tuesday, I got more than a few “Are you bringing a burner phone?” and “Are you leaving your laptop at home?” questions.

Black Hat backdropBut bringing burner hardware means dealing with a different set of security settings and doesn’t address the risk of compromise of social-media accounts. And writing thousand-word posts on my phone risks compromising my sanity.

So here’s what I did with my devices instead:

  • Put my laptop in airplane mode, then enabled only WiFi to reduce the PC’s attack surface to that minimum.
  • For the same reason, turned off Bluetooth and NFC on my phone.
  • Set the Windows firewall to block all inbound connections.
  • Used a loaner Verizon hot spot for all my data on both my laptop and phone–I even disabled mobile data on the latter gadget, just in case somebody set up a malicious cell site.
  • Connected only though a Virtual Private Network on both devices, each of which were set to go offline if the Private Internet Access app dropped that encrypted connection.
  • Did not plug in a USB flash drive or charge my phone through anything but the chargers I brought from home.
  • Did not download an update, install an app, or type in a password.
  • Did not leave my laptop or phone alone in my hotel room.

Combined, this probably rates as overkill–unless the National Security Agency or a comparable nation-state actor has developed an intense interest in me, in which case I’m probably doomed. Using a VPN alone on the conference WiFi should keep my data secure from eavesdropping attempts, on top of the fact that all the sites I use for work already encrypt their connections.

But for my first trip here, I figured I’d rather err on the side of paranoia. (You’re welcome to make your case otherwise in the comments.)

Then I showed up and saw that everybody else had brought the usual array of devices. And a disturbing number of them weren’t even bothering to use encryption for things as basic as e-mail.