Sorry I've been out of touch (my adrenal adenoma is to blame)

Just a quick post to let folks know that I came through my recent medical procedure unscathed (apart from a small hole below the belt line that is healing nicely). For the sake of other folks out there who may need to undergo adrenal venous sampling I am writing up the procedure, the reason for it, and the possible long term prognosis, which is very good.

I also wanted to extend a broad apology to those friends and family with whom my communications in recent years have been less than stellar. I have been beating myself up for some time over this, but recent medical adventures have led me to see things differently:
  • I have been feeling seriously fatigued for several years now, leaving me with little energy at the end of the workday/week to reach out and communicate.
  • I assumed that this lack of energy was due to the demands of a stressful life (dealing with Chey's disabilities, the aftermath of the 2008 financial disaster, the demands of a new job--on which I've been working many evenings and weekends, the stresses of moving 3,000 miles to a new city, and so on).
  • I also thought to myself: "this must be what getting old is like"
  • In fact, it appears that I have been suffering the effects of something called primary aldosteronism due to an adrenal adenoma, of which there will be more blogging later.
The good news is that primary aldosteronism--talk about a disease that needs a catchier name--can be treated and, in some cases, cured. That could mean I get back to 100%! Staying in touch will no longer be such a challenge.

I got the diagnosis in April, however it has taken me a fair amount of time to put the implications into perspective. At first I was hung up on the fact that this should have been diagnosed years ago. Right now I am focusing on the positive, the fact that it was finally diagnosed, and I have good access to some good doctors who can treat it.

Yesterday I took a big step toward treatment by undergoing AVS, which will determine if one of my two adrenal glands is responsible for pumping out excessive amounts of the hormone called aldosterone. Thanks to a CT scan I already know that there is a lump, called an adenoma, on one of those glands. That lump could be the culprit. Oddly enough, that condition, an aldosterone  producing lump on an adrenal gland, is called Conn syndrome.

I plan to write up more of what I have learned about primary aldosteronism. Readers and Googlers may benefit from this because, from what I can tell, this is an under-diagnosed condition. For now, please accept my apologies for sub-par performance in the friend and correspondent department. I hope to be able to do better.

I leave you with a list of primary aldosteronism symptoms that I have been experiencing, some for many years:
  • High blood pressure not well controlled despite multiple medications
  • Chronic low potassium or hypokalemia
  • Abnormal heart rhythm and atrial fibrillation (my heart sounds like my dog's)
  • Sodium retention, increasing blood pressure, causing swollen ankles, legs
  • Muscle cramps and muscle weakness
  • Decreased cardiac output associated with elevated renin levels
If I am lucky, my AVS results will indicate than an adrenalectomy can eliminate these symptoms. Stay tuned!

Cobb's blog is back, after dealing with WordPress and Linux server hacks

If you have missed this blog lately, that's because it was offline for several weeks while I rebuilt it after a nasty case of criminal hacking forced it off the 'net. What's that you say? You're shocked that a server belonging to security expert Stephen Cobb got hacked. Well, I'm not. Not surprised that is...because I don't spend all of my time being a security expert.

In the very earliest days of the Internet I made a conscious decision to live at least part of my online life like an "ordinary" person, that is, someone who is not well-versed in the risks of being online or the strategies for mitigating those risks. And sure enough, living like that can lead to problems.

You don't need to attend a cybercrime conference in Argentina to know that there are a lot of bad guys out there, armed with an extensive array of easy-to-use attack tools with which to perpetrate whatever online mayhem makes them the most money. But I did attend such a conference, a very fine conference put on last week by the APWG (Anti-Phishing Working Group) and sponsored, I am proud to say, by my current employer, ESET (the Latin American office of ESET, but ESET all the some).

One of the many valuable things I learned at the conference (full title: Computer eCrime operations Summit VII) was that my own impression of a rising tide of nastiness preying on Linux webservers was in line with the data that is being collected by groups like APWG. Indeed, from my hotel room in Argentina I published a timely blog post by my Canadian colleague, Pierre-Marc Bureau, on new Apache backdoor malware (the image of a back door at the top of the post was actually taken from a photo I snapped from the window in my hotel room).

From malware like that, to the mass compromise of webservers that is behind the ongoing Brobot attacks on American banks, the focus of malicious attention on Linux boxes, many of them running WordPress, many of them rented from hosting providers, is now clear. In fact, reporting of the latest APWG survey, released at the CeCOS event, leads with this finding:
A new phishing survey by the Anti-Phishing Working Group (APWG) reveals that phishers are breaking into hosting providers with unprecedented success, using these facilities to launch mass phishing attacks.

Now, as for this blog right here, it does not get a lot of traffic. Let's face it, I don't keep the content very fresh. But that didn't stop some criminal scumbag somewhere from breaking into the computer that serves up this content. No files were erased and no personal data was stolen (because there is no private data on that box). But a collection of malicious .php scripts were installed in the directory of an unused WordPress theme on an even more neglected domain. These scripts enabled the criminal hacker who put them there to use the box to launch DDoS attacks on other systems.

Ironically, up to that point the attack was not noticed by the system administrator (me) nor the hosting provider who owns the server and rents it to me. But when the DDoS capability was activated, the hosting provided was alerted, possibly by the victim of the DDoS attack, and I was informed that the server had been taken offline. That's where the fun--no sorry, the opposite of fun--began for me, but I will write that up another time. For now, here are some lessons learned:

  • If you have a rented webserver somewhere--like a virtual private server, hosting slice, or web hosting account--that you have not touched or upgraded in a while, you might want check on it now.

  • If you are a hosting provider, ask yourself if you could be doing more to help your customers avoid getting hacked like this. I know my provider could have done a lost more than they did.

  • Do you know the current backup status of your rented webserver? Are daily backups being made? Do they include the entire servers? Does that mean the databases powering your WordPress blog[s] are backed up?

  • If you use WordPress on your own/rented server, have you set the WordPress Database Backup plugin to email a database bakcup to you on a regular basis? (This saved my bacon when my machine had to be wiped out to remove malware and any potential backdoors.)

  • Avoid storing any personal information--such as customer data--on your rented server.  More than 45 states now have data breach notification laws which might apply to you if your server is hacked and it did have confidential personal data on it.


Speaking of private data and privacy, I have just revived my "Privacy Think" blog, partly to coincide with Privacy Awareness Week. In my latest post I highlighted the availability of my privacy book, the first few chapters of which are still a decent primer on privacy for business, despite being about ten years old (and are still free to download).

So Long 2012: Year of multiple infosec anniversaries

30 years ago this month, December 1982, I sat down at my first personal computer, a KayPro II, and started learning word processing, spreadsheets, databases, and something called an operating system (in this case CP/M). I got my first book contract 5 years later, in other words, 25 years ago this year. Within 5 years I had written a dozen books on word processing, spreadsheets, and database management. In 1992, my first book on computer security came out, so 2012 is the 20th anniversary of that event.

Mine was not the first book on computer security, but I think it was the first book to address personal computer security in a comprehensive manner, from physical security to power supply, anti-theft to antivirus, risk assessment to contingency planning. Previous computer security books had been written for previous generations of computers, mainframes and minis. I looked at things from a desktop and portable computer perspective and provided a blueprint of what the "layered defense" of a personal computer system might look like.

[caption id="" align="alignright" width="380" caption="Company photo of KayPro II (from the delightful "Obsolete Technology Website" at www.oldcomputers.net)"][/caption]

BTW, my first computer, that KayPro II, was a "portable" computer. (Yes, it weighed 26 pounds, but the keyboard could be fastened across the 9 inch screen and the unit could be carried using a built in handle.) The KayPro II enjoyed an anniversary this year as well: it was introduced in 1982. Fun fact: There was no KayPro 1. The name KayPro II was used to one-up its main rival, the Osborne 1.

Another fun fact is that the KayPro was built in San Diego, which is where I live these days. The original manufacturer was a company called Non-Linear Systems, founded by Alan Kay, who also founded the Rotary club of Del Mar in San Diego County. And to return to the theme of anniversaries, the company that brought me to San Diego, ESET, had two anniversaries of its own this year. The founders of ESET created their first antivirus technology 25 years ago and the company was founded 20 years ago.

To round out this roundup of 2012 anniversaries, the twentieth DEF CON was held this past summer. The now legendary hacker conference/convention first happened in 1993 and was called, logically enough: DEF CON I. My first DEF CON was DEF CON III in 1995. I was invited to speak and had a great time doing so. It was a pleasure to return in 2012 and see so many friends, despite the huge crowds.

Finally, 2012 marks 10 years since I published my book on privacy: Privacy for Business, a modest attempt to provide businesses with a primer on digital privacy issues. While some of the information in the later chapters is a bit dated, the principles covered in the early chapters still apply and you are free to download a PDF of the book. Again, I was not the first person to write a book on privacy in the digital age, but I think it is fair to say that I was one of the first people in computer security to signal the huge impact that privacy concerns would have on the evolution of security. I certainly enjoyed the time I spent in the early days of HIPAA and GLB and such, educating privacy people about security and security people about privacy.

I have also enjoyed the symmetry and happy coincidence of so many anniversaries this year but it is now time to say goodbye to 2012, a year of milestones remembered, and look forward to what the next 10, 20, 25 and 30 year markers may bring.

Boxing Day: The play time holiday (that comes with a touch of giving)

I was born and raised in England, where the day after Christmas Day is Boxing Day. It is a national holiday and also my favorite day of the year. 

When I went to live in America in the 1970s I was disappointed to find that Boxing Day was not a holiday and, shockingly, employers expected you to work that day.

Back then, many Americans were unfamiliar with Boxing Day, just as a lot of people in England were unfamiliar with Thanksgiving Day. In recent decades there has been a growing transatlantic awareness of the basic facts of these two days, as provided in Wikipedia (see Boxing Day and Thanksgiving Day). However, the facts cannot be expected to evoke the feelings that come from living those days, year after year.

Over the years, when Americans asked me about Boxing Day, they got my version, which I tended to universalize as "this is how Boxing Day is in England." I now realize I was giving them "what I liked about the Boxing Days that I enjoyed in England in the 1950s through the early 1970s."

So, this Boxing Day, I wanted to give a sense of how it was for me as a boy, without pretending to know if this is what it was like for other children, or what it is like in England today. I will start with the meaning of the term, as I understood it: Boxing Day comes from the tradition of rich people boxing up the Christmas leftovers and taking them to the poor people on the day after Christmas. 

I should note that not everyone agrees that this is origin of the term "boxing" as applied to this day. However, the archetype of this "boxing" behavior is represented in the series of British stamps on the right. 

The story they illustrate is that of "Good King Wenceslas," immortalized in the Christmas carol of the same name. The first line of that carol is "Good King Wenceslas looked out on the feast of Stephen." (For the tune and the rest of the verse, see below.)

The feast day of Saint Stephen is December 26, a.k.a. Boxing Day, the day on which the Saint Wenceslas miracle occurred. This involved the high-born Wenceslas and his page taking alms to the poor, in the snow. (It is a story that I have previously referenced for the strange reason noted here.)

To understand my love of Boxing Bay you need to know what my Christmas Day was like back in the 1950s and 60s. It began with going downstairs on Christmas morning to find gifts under the Christmas tree (after the age of nine it began with me trying to stop my younger brother getting up before dawn to go downstairs). 

After unwrapping our gifts and waking our parents--not always in that order--there would be an abbreviated period of playing with new toys, cut short by the need to tidy up the house for Christmas dinner and get ourselves ready for church.

After the Christmas morning service at church, where we would see an assortment of friends and family—and talk about the presents we had received that morning—we would embark on a series of house visits taking Christmas presents to relatives. This always included at least one great aunt and my dad's parents. (My mum's mum lived with us and usually stayed at home on Christmas morning to ease the Christmas dinner through the final stages of preparation.) 

After these visits, which involved a lot of good manners and sitting properly, we eventually got home to the Christmas dinner. After that, it was time to watch the Christmas programming on television. (These were often shows created for that particular Christmas, going out live; in other words: watch it now or never see it, ever, no repeats.) 

And that's about where Christmas Day ended. In our house children went to bed many hours before grownups. But we didn't mind because we had been blessed with new toys. We had done our duty to family. We had been entertained. 

On the other hand, Christmas day seldom provided a whole lot of time to play. So then came Boxing Day! No shops open, no need for dad to go to work. Plenty of time to play, inside with our toys, but also outside if weather permitted. If there was snow then it was time for tobogganing. If there was no snow, there might be a friendly game of rugby or football (soccer). 

Of course, there were Christmas leftovers to fuel the day, and, for most families, an opportunity to relax and enjoy the spirit of the season. At least, that's how I remember it. And that's how I have tried to keep Boxing Day, despite the fact that it was not a 'standard' holiday in America, where I have lived for big chunks of my adult life.

I don't go to the stores on Boxing Day. I don't work, if I can possibly avoid it. I just spend the day relaxing, maybe communicating with friends. There is no set agenda for Boxing day. You make it up as you go along, it's a Do-It-Yourself holiday (and not a bad day to try one of the DIY projects you've been looking forward to). This year I had a lingering cold and sore throat on Boxing Day and so I spent most of the day reading fiction and writing non-fiction, including this blog post.

As you may have noticed, my celebration of Boxing Day does not follow in the footsteps of Wenceslas. I didn't take any alms to the poor. However, this year I did make time on this day to re-invest some of my micro-loan funds at Kiva. I also took some time to acknowledge my great good fortune in being able to spend this day the way I wanted to. 

So there it is, I'm not looking to start a Boxing Day movement or fight the rampant commercialism of Boxing Day, depressing as that can be. I'm just saying Boxing Day is my favorite day of the year, and now you have some idea why.

Good King Wenceslas


1,000 MPH on Land? The SSC Bloodhound takes aim

At the end of the English street where I was born sat the Alvis factory, turning out automotive works of art in a part of the world--The Midlands--that still harbors some of best engineering talent in the world. I've been a car nut and land speed record junkie since I was a boy, no doubt encouraged by learning that one of the legendary record holders was John Cobb (exact connection to family tree not known).

John Cobb was the first person to take a ground vehicle over 400 mph, back in 1947, and arguably held the land speed record longer than anyone (1939 to 1964). Cobb's Railton Special, with its twin W12 Napier aircraft engines, was the height of internal combustion-powered, wheel-driven technology. After Craig Breedlove put a turbojet in Spirit of America around 1963, the focus of land speed records shifted to jet propulsion. That is what took Andy Green and ThrustSSC through the sound barrier in 1997. Where do you go after breaking the sound barrier? How about 1,000 mph, the target speed of the BloodhoundSSC shown in this amazing computer visualization.
The power system for BloodhoundSSC is complex to say the least, incorporating a Cosworth V8 gasoline engine, a jet engine, and a rocket. Yes, a rocket. In fact, Gary Gabelichused a rocket to take his Blue Flame to 630 mph in 1970, setting a record that stood until 1983 when Richard Noble hit 634mph in Thrust2. BloodhoundSSC was originally designed as a rocket car but a jet engine was added for greater control.

The Cosworth V8, made in the Midlands and currently used in a number of Formula One racing cars, will not drive any wheels; its job is to pump rocket fuel and support the electrical and hydraulic systems on this huge vehicle.

The first attempt on the world land speed record with BloodhoundSSC should take place in 2013. To learn more about this extreme automotive adventure, check out the official BloodhoundSSC site.

Facial recognition technology and the Right of Publicity: Could this hot tech trend violate state laws?

If someone uses a photograph of your face for commercial purposes they could be breaking the law. In an odd way, this statement connects two areas of my life, information security and movie making. Photographs of faces are used in some security systems and lots of movies. When you make a movie it is standard procedure to ask permission to use a person's picture. You record that permission with an "Image Release" that is signed by the person, or their guardian if they are under 18. Here is part of a standard release like the one we used for our movie:
"I grant permission to The Movie and its producers, to take and use visual/audio images of me for their production. The images may be used in any manner or media such as publication, promotions, broadcasts, advertisements, posters and theater or home video distribution. I wave any right to inspect or approve the finished images...I release The Movie and its producers and agents...from any claims, damages, or liability which I may ever have in connection with the taking of and use of the images or printed material used with the images."

The reason for such broad language is the breadth of a legal right with which many Americans are not familiar: The Right of Publicity or RoP. Now might be a good time for venture capitalists and Silicon Valley engineers to familiarize themselves with RoP. Why? Consider what my good friend and colleague Cameron Camp recently wrote about over on the ESET Threat Blog: the use of facial recognition for commercial purposes. Cameron provided some interesting commentary on a startup venture that had the following idea, something that might sound like a cool marketing ploy but which might also be, as I will argue, illegal:
Networked cameras in shops scan the faces of customers and try to match them with faces of Facebook users who have signed up for special deals.

At first blush this sounds like an automated version of my brother's butcher. The analogy goes like this: My brother works from home so he tends to be the one cooking dinner and, because he and his wife like to live in small villages in Europe, he buys the meat for those meals fresh, almost every day of the week, not in a weekly trek to a big supermarket. So my brother gets to know his local butcher and the local butcher rewards local customers with special deals, made on the spur of the moment, based on a form of facial recognition that I like to call: "Hi Mike, how's it going?"

The problem with the computerized version is that having your picture taken by a digital camera is a lot different from your local butcher memorizing your face in his brain. Transferring that digital image over the public Internet to a vast server farm that might be thousands of miles away, possibly in a different country, introduces concerns way beyond any misgivings you might have about the butcher remembering your face. Consider what has to happen to reward people who have opted in to this facial-deal scheme:

  1. Take a picture of every customer.

  2. Isolate the face within each image and send to a server which can scan it against a database of known faces belonging to people who have opted in.

  3. Return a result when there is a match.


In other words, you are photographing people in such a way that their identity is clear, then using those photographs for commercial purposes (specifically deciding who gets a particular deal but in general promoting your business so it is more appealing than your competition). Now consider this piece of law, on the books since 1903, namely Article 5, Section 50 of New York State Consolidated Laws:
Sec. 50. Right of privacy. A person, firm or corporation that uses for advertising purposes, or for the purposes of trade, the name, portrait or picture of any living person without having first obtained the written consent of such person, or if a minor of his or her parent or guardian, is guilty of a misdemeanor.

I know this statute is labeled "Right of privacy" but lawyers assure us it is the basis of the Right of Publicity. The key words are: Uses the picture of any living person for the purposes of trade.

So, if you design a facial recognition deal scheme based on photographing everyone, regardless of permission, in order to pick out specific individuals who have given permission, you would seem to be violating this law and the Right of Publicity, which is enshrined in many state statutes, as described on the Right of Publicity website, rightofpublicity.com:
As of this writing, nineteen states recognize the Right of Publicity via statute (California, Florida, Indiana, Illinois, Kentucky, Massachusetts, New York, Nebraska, Nevada, Ohio, Oklahoma, Pennsylvania, Rhode Island, Tennessee, Texas, Utah, Virginia, Washington and Wisconsin). The majority view is that the right exists by common law in every state that has not defined its position through legislation. The American Law Institute’s Third Restatement of Unfair Competition (1995) §46 also recognizes the Right of Publicity as a distinct and viable legal theory.

I don't want this blog post to come across as an attack on a particular startup or technology, but I do note that one of the states in the above list is Tennessee, which is where the startup described by Cameron is located. One might argue that the Right of Publicity is more widely known in Tennessee than some other states because Tennessee law extends the right to deceased persons, Elvis Presley being the most frequently cited example. Unfortunately, this emphasis on celebrity cases leads some people to assume that only celebrities have a Right of Publicity but this is not the case. Numerous states have made this quite clear: You don't have to be famous for use of your face, without permission, for commercial purposes, to be against the law.

Facial recognition technology is currently hotter than hot in VC and startup circles, partly driven by Facebook's massive accumulation of facial data (it reportedly scans 300 million photos a day for faces). The hottness of facial recognition seems to have increased of late despite the fears expressed by privacy advocates. Yet I don't hear many people loudly proclaiming that commercial facial recognition, through its requirement that non-opt-in faces be checked for opted-in faces, violates the Right of Publicity. (There are some instances of people raising aspects of this point: Tim Bukher, Derek Bambauer, and hopefully it was considered at the FTC forum on the topic.)

Of course, I need to put the standard disclaimer out there: I am not a lawyer. On the other hand I have spent 25 years thinking hard about the spaces where privacy, security, and technology intersect. I have also started several successful companies and produced an award-winning movie. While it is entirely possible that I am missing something that invalidates my argument, I have a strong hunch that some forms of facial recognition violate the Right of Publicity.

(Unless someone points out a big hole in my argument I will try to write more about this topic when I get time, perhaps looking at how facial recognition in a commercial security system is affected by RoP, but my immediate task is to review the terms and conditions over on Facebook to make sure they include, as I suspect they do, permission to use my face for commercial purposes--I'm sure the lawyers at Facebook took heed of RoP, right?)

Paying Forward: Giving a little back while we do the paperwork

Why so quiet here on Cobbsblog? To be honest I took the month of July to recover from our medical nightmare in June. But now I'm back and working on paying back a little if I can. My decision to document my wife's atrocious treatment had mixed results but many of them were favorable. We got a lot of good advice and good wishes from friends (THANKS friends!).

We persuaded our healthcare provider to provide us with a better doctor and the treatment since then has been excellent. However, the task of documenting what went wrong in order to help prevent it happening to someone else has proved daunting. Chey has been working on that, on days when she feels able, which are more frequent than they used to be but still far from 7/7. And of course, I have a full time job, which has been more than full time the last few months as I worked nights and weekends to complete a short video for one of ESET's causes: Securing Our eCity. (If you check that link you will see a player for the video, or you can watch it on YouTube in HD...go full-screen and crank up the volume...it is an ad for an upcoming information conference, styled as a movie trailer.)

But what to do about healthcare? I decided to put some time in to hemochromatosis awareness, mainly by perking up the Facebook Hemochromatosis page. This needed work anyway, due to Facebook's latest round of design changes, and the page is worthy of attention. Frankly, this page is a living testament to people coping with one of our country's least recognized medical conditions. Lost amid the deafening roar of political rhetoric about healthcare costs, the simple truth is that our country could save a ton of money if it improved early detection and proper treatment of this major cause of diabetes, heart disease, liver disease, and joint replacements. Heck, the treatment of hereditary hemochromatosis can actually pay for itself! Harvesting the blood taken from HH phlebotomies would boost the nation's blood supply considerably, saving millions of dollars.

I'm also trying to cook something special up for next month when I will reprise my post on hemo-pause and explain how America's baby-boomers can save themselves a lot of pain and suffering. In the meantime, here are some of the past articles on hemochromatosis and links to two of my favorite hemochromatosis sites:

The Rich Guy's Maserati GranTurismo by Pininfarina

For me, born and raised among some of the great automobile marques, one of the pleasures of living in Little Italy, a neighborhood within San Diego, is observing some excellent automobile designs up close. I do this while walking the dog or walking to the coffee shop or walking to work. In fact, walking is a great way to see cars, especially when they are parked. Which is how I came upon this beauty:


As many cars fans will immediately know from the distinctive trident emblem on the grille, this is a Maserati (the current Maserati GranTurismo to be more precise). Ask any automotive design aficionado which design house came up with this look and they are likely to say, without any additional data: Pininfarina. And they would be right. So who would own such a car without knowing that? Apparently the guy who owns this car.

While I was admiring this superb piece of automotive styling a man walked across the street making a b-line for the car and I asked him: "Yours?" He replied that it was. "Beautiful car," I said. He agreed. "One would expect no less from Pininfarina," I said. To which he responded "Huh?" Fearing it was my accent that confused the man, who was now standing by the driver side door, I explained: "Pininfarina design, always outstanding." I nodded toward the classic logo spelling out the name between the wheel arch and the door:



To which he replied: "I thought that had something to do with the rims." And he wasn't wrong, because the design of the wheels on this model does echo the trident emblem, repeated three times, but he clearly had no clue that Pininfarina designed the entire look of his car, or that Pininfarina is a legend in automotive design. Here's Wikipedia:
Founded as Società anonima Carrozzeria Pinin Farina in 1930 by automobile designer and builder Battista "Pinin" Farina, Pininfarina has been employed by a wide variety of high-end automobile manufacturers, including FerrariMaseratiRolls-RoyceCadillacJaguarVolvoAlfa Romeo,HondaFiatPeugeot and Lancia. It also has designed trams in France and Greece, high-speed trains in Holland, and trolleys in the USA. Since the 1980s Pininfarina has been consulted on industrial and interior design.
I might not be able to afford a Maserati, and frankly I don't need a Maserati, what with all the walking and public transportation, and cheap pay-as-you electric cars parked all around. However, I would like to think that people who can afford a six figure car at least have some idea of where it came from, but apparently that is not always the case. Sigh...

Rural broadband content links

A few recent links to useful content about broadband service outside the standard ISP model.

A session about cheap, fast service on Blog Talk Radio.

An article about funding community broadband.

Lots of good material at Community Broadband Networks.

As some readers may know, I am moving to the city and will not be so closely involved with rural broadband in the future. But I still think the future for rural communities lies with broadband.

And on the seventh day: Relief, rest, and ruminations on responsibility

If my wife's pain relief nightmare began on Wednesday of last week, then the seventh day of that nightmare was yesterday. I am thankful to report that the day went well and the nightmare may now be over, although it wasn't actually a nightmare, it was a reality, one we had to live through, and doing that burned a lot of energy. So I decided to rest my blog on the seventh day and just use Twitter and Facebook to let people know the good news: Chey now has a doctor who cares!

ThChey's off-road racere new doctor seems to be just what a doctor should be: she is compassionate, a good listener, a good communicator, thorough, knowledgeable, and able to acknowledge, as we all must do, the limits of our current knowledge, as well as a willingness to further expand our knowledge. Of course, the relief that comes with this news is tempered by the indignity and distress experienced in getting to this point.

But the bright side is still bright: Chey now has an improved regimen of pain medication and NO pain contract. (I decided to celebrate with a photo of Chey smiling, from the front page of the local newspaper in Alice Springs, Australia, where she was preparing to take part in the Finke Race 2000).

Something great about Chey's new doctor? She is not a fan of pain contracts. In fact, if you find yourself looking for a doctor, perhaps after moving to a new city like we did, a good tip is to ask any prospective doctor: What do you think of pain contracts? If the doctor agrees with Dr. Kevin Pho that pain contracts threaten the doctor-patient relationship, then you probably have a winner (but no, Dr. Pho is not our new doc).

Finally connecting with a good doctor yesterday was such a reversal of medical fortunes that both Chey and I are suffering from a sort of psychological whiplash. We will take a few days to recover, but then it will be time to move on to post-crisis analysis and lessons learned. Perhaps the biggest question to answer is: Why did things go so horribly wrong? Who was responsible? If we can answer that we may be able to save other people from a similar fate.

Talking of responsibility, I do feel obliged to keep spreading the word about some of the nasty things this incident brought to light, like pain contracts. Expect a blog post on the topic later this month delving into questions like:

  • Are they legal?

  • What should they include to protect you, the patient?

  • How to add a clause that protects you?


Let me close with another big THANK YOU to everyone who expressed support for Chey and outrage over her mistreatment. We will try to do what we can to inform others and prevent this from happening to anyone else.