Main | « May 2004 | July 2004 » | Archives
First Hero of IT
I just found out that I'm supposed to get an actual physical trophy for the InfoWorld award I wrote about last month. I hope it looks like this. If not, the InfoWorld editors are free to borrow my design for next year's model; he's the original “IT Hero”, you know.
You might have to work out licensing issues with Hasbro.
[Preempting some comments: Yes, I own one of these robots. No, it cannot pick up a cup of coffee.]
June 30, 2004 | Permalink | Comments (1)
The other shoe
[This is the third, and longest (yikes) part of my “Too Frequent Traveler” series. See parts one and two.]
Many flight attendants are so practiced at constantly repeating the same things at the same times that their body language subtly changes when they’re about to say something new. I saw this happen a few days ago while struggling to simultaneously tie my shoe and buckle my seatbelt after a clumsy sprint from airport security to the gate. At the conclusion of a stiffly rendered pre-flight safety video, the lead flight attendant paused oddly before announcing:
“What our new safety video didn’t mention is that if you have to put on your life jacket in the event of a water landing, please inflate only one side inside the cabin and wait until you’re outside to inflate the other side. That’s not going to happen today since we’re going to have a great, landlocked, flight from Chicago to San Jose.”
This must be a fairly new policy since I distinctly remember snickering at past safety brochures and videos that clearly depicted eerily calm people dutifully blowing into their air vests while the voice-over admonished real-life passengers NOT to inflate their vests inside the plane. Here’s my completely uneducated guess about how this happened: Once there were two panels of industry experts. One panel argued that obese people with inflated vests might get stuck in the emergency doors. The other panel argued that poor swimmers might panic upon hitting the water and lack the presence of mind to inflate their vests. They commissioned a study to determine the ratio of obese people to poor swimmers on domestic and international flights. After much debate, a compromise was reached: tell passengers to inflate only half the vest. A number of routes were selected to participate in a pilot study of the newly revised announcements. Naturally, to minimize risk, they were all completely over-land routes. The follow-up study to determine the optimal half to inflate first is still in progress.
Perhaps I’m being unfairly pessimistic about this new “half-full” policy, but common sense is not the strong suit of the American air travel security system. Neither is openness to questions. This is a shame because arbitrary, opaque and confusing procedures are exactly what’s wrong with flying today. Opaque security slows down the process, strains already overworked personnel and leads to passenger resentment and disenfranchisement. This last side effect blunts the industry’s best anti-terror weapon: The vast majority of travelers would be more than willing to help with security if they only understood the reasons behind the policies. There is a big difference between actual help and the type of passive-aggressive “cooperation” that we’re habitually being thanked for when subjected to inconveniences and delays. Passengers can’t help the system if they’re kept in a perpetual state of surreal resentment and confusion. Who even knows what’s normal in airports these days? That guy running around with no pants? Maybe he just had to remove his belt for the metal detector and is about to miss his plane.
Let’s get rid of the arbitrary stuff, the confusing stuff, the misleading stuff and the silly stuff. Instead of fear and bemusement, let’s earn the useful respect of the public. What do I mean by arbitrary and misleading? Everyone’s got their favorite illustrations:
I was once granted an extra-thorough search for simply asking why my flimsy cardboard poster tube couldn’t be brought as a carry-on (it was “club-like”), and I’m nearly paralyzed with fear at the sight of those “No Joking!” signs present at many screening checkpoints. What if I only look funny? When I asked a high-ranking member of the TSA why my friend was subjected to extra searching on each of his last dozen flights, I was assured that it was purely “random.” There’s “flips a coin” random and then there’s “moves in mysterious ways” random. The government is not an institution that ought to be permitted the latter definition.
Another problem with arbitrary policies is that security personnel don’t understand them either. Poor understanding often leads to poor execution, which often leads to funny results. Unfortunately, funny isn’t the goal.
For example, when my wife and I were returning from Alaska, we brought four suitcases to the check-in counter. The ticket agent punched in some numbers and told us that while my bags were cleared for check-in, my wife’s had been selected for a random hand-inspection. The agent wanted to know which bags were my wife’s. I tried, “Um, they’re all mine”, but she dutifully informed me that we were allowed only two bags per person and so would I please select which two were mine – and would therefore go straight on the plane, and which two were my spouse’s – which we would have to take back and carry to another line for hand-searching. Had I hypothetically stashed a box of Cuban cigars in one of the bags, that would have been a hypothetically good time to remember which one. At least I didn’t make a joke!
This is making us safe?
Ralph “Where’s” Waldo Emerson famously wrote, “A foolish consistency is the hobgoblin of little minds…” I used to love that quote in junior high school because (1) it justified the state of my room and (2) I knew what a hobgoblin was. Thing is, I didn’t do a lot of business travel in junior high. Now I think a bit of consistency is just what good and lawful security should have.
Take the selection of cutlery that gets served with in-flight meals. On domestic flights, I always get plastic butter knives, but in international business class I often get metal ones – even when departing from a U.S. airport. The dull two-inch blades are completely non-threatening and someone attempting to wield one in a melee would find themselves at a severe tactical disadvantage against any sufficiently blunt object. But why allow the knives on some flights and not on others? Why make such a transparent mockery of security procedures? Much of the time, the plastic knife comes with a sharp metal fork. Did someone decide that it was less dangerous to get forked than buttered? I smell a committee compromise.
On a recent flight from Japan I was actually given five knives – three for dinner and two for breakfast. By TSA logic, that would have been enough to fight off a whole ninja clan, should one have stowed onboard. Also, do they allow women’s stiletto heels on-board? Hang on while I look… they do!
Which brings me full circle to my favorite example of pseudoscientific and counterproductive airport security: the shoe removal ceremony. This started immediately after the “shoebomber” incident and many people think it’s done so the shoes can be checked for explosives. This is patently not true – the shoes are simply run through the x-ray machine so they don’t set off the main metal detector. The fact that shoes don’t set off metal detectors in any other country just proves that the sensitivity on US metal detectors is jacked up to 11. A couple of times, I’ve seen a TSA employee will walk up and down the security line and scan shoes with a wand so as to warn people in advance if their shoes had metal in them. I’m fairly certain that the wand was set to detect homeopathic amounts of metal, because it went off on literally every single shoe he scanned – including the “airport friendly: contains no metal” shoes I had just purchased for the trip. Of course everybody knows that sneakers don’t have metal, so he didn’t bother scanning those.
Taking off shoes and belts is not just frustrating. It actively hurts security by creating a mass of disorderly, irritable and partially disrobed passengers clogging up the line. That kind of confusion is exactly what a patient terrorist needs to better his chances of exploiting the system. Some expert panel really ought to study this carefully. Of course should it come to that, I’ve got the perfect compromise: hold your pants up with one hand and hop through on only one shoe.
[The TSA and airline security folks have a very tough job. Despite my criticism in the last two parts, there's a lot that they're doing right. The next and final part will be about the stuff that works today, the stuff that'll work soon, and how to get there from here.]
June 28, 2004 | Permalink | Comments (1)
SpoofStick on TV
A few days ago, PC World columnist Steve Bass demoed SpoofStick on G4TechTV’s “The Screen Savers”. Everyone who has come to my house since then has been forced to watch it on Tivo.
Other recent SpoofStick coverage is on the CoreStreet SpoofStick homepage.
June 27, 2004 | Permalink | Comments (0)
Don’t [expletive deleted] where you eat, my friend
You’d think with corporate email becoming virtually useless as a customer communication medium due to spamming and phishing, serious companies would be a little more careful to preserve the customer-trust level of written letters.
You'd be wrong.
Here’s an important looking envelope from United (airlines) with one of those telegraph-delivery stickers attached to the outside. Open it and... Oho! It’s just a trick to get you to subscribe to another unwanted credit card. The telegraph sticker is a printed-on fake.
How exceedingly clever of United! Now I’ll be extra-certain to give their next piece of communication all the critical attention it deserves. I’ll especially treasure their emails. After all, if they’re so fastidious about keeping costly paper mailings honest just imagine the care they must put into their bulk email.
If anyone from the United marketing team is in the audience, I recommend two additional pieces of reading: One and two.
And you wonder where the scammers learned their tricks.
[Update: Where do I send the bailout check?]
June 23, 2004 | Permalink | Comments (1)
Vastly important origins
Marketing Sherpa has published a brief case study on the hows and whys behind your humble narrator’s fine Internet publication. This is the first article ever written that’s entirely about this blog. I’m naturally very pleased and looking forward to seeing a second story so I can proclaim an important trend and maybe issue a press release.
It’s all true, except for the bit about SpoofStick only taking a few hours to program. It took a few hours to hash out the details, but programming was a longer and not-altogether painless process.
June 20, 2004 | Permalink | Comments (0)
I don't think it means what you think it means
I was just watching CNN (with camera and Tivo at hand) and saw a quick commercial for Michael Moore's upcoming film "Fahrenheit 9/11". The ad starts with a definition of the word "Fahrenheit":
Fahr-en-heit adj. The temperature in the atmosphere when it reaches the boiling point.
Mr. Moore’s publicists must be using a very thorough dictionary; I had not previously been aware of that definition.
June 19, 2004 | Permalink | Comments (0)
A better tomorrow
Remember how disappointed you were when the year 2001 came and went and we still didn’t have jetpacks or instant-turkey-dinner pills? You’d be less disappointed if you lived in Japan.
The taxicabs in Tokyo have passenger doors that automatically open and close, and big GPS systems that display real time traffic levels on the map. For all these years, I’ve been opening cab doors with my own hands. Like a sucker.
Carwashes are fully automated and only about the length of a single car. You park under it, and the carwash moves back and forth over your car bristling with nozzles and brushes and wipers and other, less identifiable, cleaning apparatus. At subway and garage exits, there are machines that suck up your paper tickets or cash at impressive speeds and regardless of the input angle; then they bow at you. The forced-air hand driers in public bathrooms actually manage to dry your hands with a speed and efficiency that show severe disrespect to the ornamental driers found in American bathrooms.
Don’t even get me started on the unforgivable lack of heated water jets on our toilets.
A Japanese visitor to the US must feel like I feel while walking through the Neanderthal man dioramas in the Museum of Natural History.
[This blog entry was filed during a Tokyo cab ride where the ubiquity of wireless broadband doesn’t quite make up for the oppressive distance and traffic.]
June 17, 2004 | Permalink | Comments (4)
Earning electric karma
The life of my average gadget is not a particularly dignified one. Many of my electronic purchases lie neglected at the bottom of random home and office drawers, dinged through careless handling, with missing accessories and batteries slowly leaking in their springs.
This was the fate of a Garmin hand-held GPS unit that I bought three or four years ago. When I first took it out of the UPS box and popped in a fresh set of batteries, it blinked awake and displayed a world map with the cursor centered on Japan. “How cute”, I remember thinking, “it thinks it’s still home.” A few seconds later, as the Garmin started to receive satellite signals, it realized that it was somewhere else. It took a minute or two for the precise truth to sink in: It was far from its carefree birth and testing lab; it was on the other side of the world in Cambridge, Massachusetts. It might have been quietly sad.
Over the next few years, the Garmin has been driven across the United States, left forgotten under stacks of paper, wearily fingered by airport security guards, dropped into puddles in Stockholm and down stairs in Hong Kong. Throughout it all, the GPS carried out its duties with stoic honor and never mentioned home again.
Yesterday, I finally turned it on outside my hotel in Tokyo. The Garmin took some time to catch up with the months and miles since it was last awake, but it soon displayed the exact same map that had never appeared since the first few seconds of its professional life. There was no happy animation or other outward indication, but I’d like to think that somewhere inside, a fuzzy-logic chip grew warm for a while.
June 14, 2004 | Permalink | Comments (0)
Fortified answers
The Fortifying Network Security newsletter asked me to answer three questions for their June 9th issue. Here’s what I had to say:
Question: What authentication method(s) offer the best performance and lend themselves to widest, secure use (PKI, biometrics, smart cards, etc.)?
Libin: The most secure and most reliable method of authentication is a one-to-one, locally matched biometric, recorded in a validated digital certificate and stored on a PKI smart card. The PKI smart card is almost impossible to duplicate, providing a very solid "something you have" factor. The local one-to-one match protects privacy and greatly reduces false identifications; a validated digital certificate proves that the whole package hasn't been tampered with and that it's still good right now. This triple-holy-grail of authentication used to be very expensive and cumbersome, but recent technology advances have brought both price and complexity way down.
Question: When adding authentication to the security mix, how can enterprises avoid adding management complexity from new identity management tasks?
Libin: Some work is always required when introducing additional technology, but a properly designed authentication scheme should reduce overall complexity, not increase it. Once you have a consistent way of doing authentication ¬ knowing who everyone is, and validation, knowing what each user is allowed to do ¬ tasks and applications that use your identity management scheme actually become easier to write and manage. Do some work up front; save a ton of work later.
Question: What key feature or element should enterprise customers insist on where authentication is concerned?
Libin: Convenience. If it's hard for the user, they won't use it, and you'll be worse off than before you implemented it. Period.
---
On another topic, I’m in the midst of some marathon traveling, so the frequency of my posts for the next week will depend on the complex and unpredictable interactions of airport delays, food digestibility, broadband availability and general time zone wackiness. On the upside, I hope to buy some keen gadgets.
June 11, 2004 | Permalink | Comments (0)
Washington Post reviews SpoofStick
Rebecca Rohan has written a quick and positive review of SpoofStick, CoreStreet’s free anti-phishing utility, for today’s Washington Post. Her conclusion:
SpoofStick is reassuring to have around, but it can't replace common-sense skepticism.
This is exactly right. We never intended SpoofStick to be a comprehensive solution for all the possible bad things that can happen while using your computer. SpoofStick is a straightforward tool that does one thing well: it cuts through the clutter of confusing, malicious or mislabeled URLs to tell you what web site you’re actually on. We were trying for simple and useful, and I think that’s what we got.
About 30,000 downloads so far. If anyone’s got suggestions for improvements, I’m all ears. All the other SpoofStick news can be found here.
June 7, 2004 | Permalink | Comments (4)
