Posts tagged “security”

lock, lock, lock the gate

[Props go to Emily for this photo, and for the whole group on the hike for the noticing and commenting on this; I post it here with shared credit to all]

This is the gate a hiking area called Sweeney Ridge. Normally to enter you must follow a torturous narrow zig-zag barely able to accommodate a human+backpack. This keeps out motor vehicles and other heavy equipment.

But those that look after the properly still need to be able to get in with their maintenance equipment and so the gate swings open for them. Simply having a lock isn’t sufficient; here they need at least eight locks. Eight different locks! So if one could be picked or someone has a master key, the other seven will back them up. Redundancy and diversity as approaches to security!

I’d love to see who shows up to open the gate; what kind of key ring they are carrying and what their frustration level is in opening up every single lock. Comedic possibilities abound. Update: wrong! See comments for explanation.

On Beyond Zebra

This article in Wired considers the vulnerabilities of supposedly theft-proof electronic systems. Turns out there are “back-doors” in some of these technologies.

He called an acquaintance who worked at a Honda dealership. I listened, awestruck, as Montes fed the guy a barely credible story about a cousin who had dropped his keys down a sewer. The dealership employee was at home but evidently could access the Honda database online. I gave Honky’s VIN to Montes, who passed it along to his friend. We soon had the prescribed sequence of pulls, which I scribbled down in my notebook.

I walked outside and approached Honky. The door lock would have been easy – a thief would have used a jiggle key, and a stranded motorist would have had a locksmith cut a fresh one. I just wrapped the grip of my key in tinfoil to jam the transponder. The key still fit, but it no longer started the car.

Then I grabbed the emergency brake handle between the front seats and performed the specific series of pumps, interspersed with rotations of the ignition between the On and Start positions. After my second attempt, Honky’s hybrid engine awoke with its customary whisper.

The story is interesting on many levels, but I was really taken by the interface to this back door. Our user model for automobile controls sees the different systems as entirely separate. Who knew the emergency brake could talk to the ignition?

I have always loved the idea of neat little tricks; unexpected ways of interacting with something, outside of the fixed rules of how you’re supposed to use it. It’s not so much the idea of unauthorized access, but simply the secret Toontown world that lurks beyond the mundane and familiar. I remember during the dial telephone era there was a way to get your own phone to ring back (it may have worked with tone, but I remember it as a dial hack); Dial 57 and the last 5 digits (or something) and then hang up, or hang up twice in succession. And the phone would ring. Great for messing with family members or when visiting someone else’s house.

The outcome was fun, but I’ll emphasize that much of the pleasure came from this possibility of navigating cleverly outside the interaction flow of receiver/dial tone/dialing/ringing/other party answering.

Sure, we’ve got Google hacks nowadays where there oodles of hidden functions, but it’s basically a command-line interface that reads more codes that you know about. So what? Isn’t that what Unix was? The delight (and I’m not talking about usefulness, just the fun and discovery) comes from the rupturing of the interaction model and the seemingly irrelevant actions leading to some new effect.

I don’t need anyone to reveal security vulnerabilities, but I’d be curious to hear about any favorite back doors!

Interisland zaniness

During our recent vacation we took an interisland flight from Honolulu to Lihue on Kauai. The Honolulu terminal is laid-back, to put it mildly. I’ve boarded from the tarmac elsewhere and it’s usually very clear where you can and can’t walk; with barricades, and people blocking your path and pointing which way to go.

Not so in Honolulu. The boarding area is rectangular, with one wall facing the tarmac and a series of doors, each a different gate. When you go through the gate and surrender your ticket, they tell you nothing about where to go next. You are standing on the tarmac facing a whole bunch of planes. Each gate leads to roughly the same place, with no wayfinding or anything to guide your passage to the plane itself.

We looked at the different logos and figured which gathering of small planes would be the one from our airline and we started wandering that way. Some passengers were cutting across the open paved space, others were walking along the edges. Eventually we found some ground crew who tried to figure out which plane we should be on; but the interaction was so slack that clearly this was not part of their ordinary role.

It hardly seemed safe; it absolutely wasn’t secure, and it was ridiculous customer service. There’s a difference between the Aloha Spirit and just leaving people to fend for themselves with no information or guidance. I wasn’t impressed.

Don’t Blame the Web When Newspapers Die

I love it when I’m mulling something over and an article appears that sums it up, at least partly. Don’t Blame the Web When Newspapers Die is one such example

The disappearance of the paperboy. I was a paper-boy as a kid. It was good money, and my knocking on doors seeking subscriptions or asking to be paid put a human face on the paper. Circulation grew with the population, but now newspapers must offer free subscriptions to sucker the rubes to renew. These offers come from Mumbai by phone, usually when you’re at dinner. The bean counters love it. Some middle-aged man now delivers the paper out of an old Chevy.

We are reading a lot about people getting their news from the web instead of print, or the failures of news companies (MSM – or “main stream media”) to allow sharing and get with the co-creation program, blah blah blah.

But really, these newspaper companies are messed for other reasons (such as are outlined in the article). They can’t provide their basic service very well – to get a printed piece of a paper to your door every day, and to stop getting you those printed pages when you ask them to.

Every single time I travel I have to put two papers on hold (the SF Chron and the NYT). I’ve started putting them on hold a day early, even though I’d like a paper that day, I have to ensure they actually do stop the paper when they are supposed to.

Last week we went away and I did my usual. One paper still arrived, so I called and spoke to a human who verified my hold was in the system and indicated that they would escalate a notice to some district person to get it stopped. The next day a paper arrived – and I was already in Toronto – so I called long distance (the 800 number doesn’t work outside the US, of course) and restated the situation again and told them I did not want to come home to a pile of papers. “Absolutely, we’ll let the supervisor know and get that sorted out.” The phone call, mind you, cost $8.00 from the hotel. Cheaper than my international roaming charges on Verizon? I dunno.

And we came home to find, indeed, a pile of papers. They didn’t follow the first notice, they didn’t follow the first escalation, or the second escalation, nor did they respond to the pile of papers sitting in the driveway (hey, maybe that would be a clue that they should not be delivering them).

The day after we got back, the other paper didn’t arrive. I had to call in to get that delivery problem sorted out. I’m so fed up with these papers – you can’t get anyone at the main office to take you seriously, all they can do is pass a message onto a mysterious supervisor who presumably deals with the middle-aged man in the old car who drives down my street early in the morning.

One day a few months ago neither paper arrived (and unrelated to any vacation hold, even), so I called both offices. And I actually got a followup call from the carrier, telling me to call them if I had a problem (in other words, don’t let our boss know). And – for the two papers – it was the same carrier!

Meanwhile, I’m feeling totally unresolved about last week’s unwanted deliveries. I’m not calling in and speaking to another drone again; I sent an email asking for a supervisor to call me about an unresolved problem, and I’m thinking about canceling the paper if they don’t take me seriously. The fact is, I need them more than they need me. They aren’t interested in me as a customer – the delivery mechanism is so far removed from the news gathering organization, that there’s no one who is going to respond in any fashion, let alone take any actual steps to keep this from happening. It’s just a lousy single customer for them, but it’s more than inconvenience for me, it’s about home security – there’s nothing worse than a bunch of papers to advertise that the house is prime for breaking and entering and stealing and leaving. If I can’t travel without worrying that a disinterested low-paid employee is going to put my safety and security at risk, then it’s maybe not worth it.

I still like the paper, and I like reading it cover to cover more than I could ever do online. But they don’t deserve my meager business.

I’m not sure if this consistently poor level of customer service is what’s going to further destroy the newspaper business, or if we’ll just tolerate it like we do with banks, HMOs, utilities, phone companies, Best Buy, and so on.


Saw this in a building today. To gain entry, you had to walk up to a machine – a video camera on a podium with a small screen – and state your name and who you were there to see. It wasn’t quite like some Star-Wars-esque door or anything; the machine stood in the middle of a open area, with straps-on-posts to guide you to the right place. Further, there was a security attendant/hostess who stood sat many feet behind the podium at her own desk and sort of offered guidance/instructions on how to proceed. I didn’t feel comfortable taking pictures of it, unfortunately. The machine was covered with signage made out of the same red plastic with white letters – there were several signs visible to address various interactions and warnings. Very kludgey, and since no one checked ID or called up to the floor you were planning to visit, it didn’t feel very secure, even if they had me on tape.

BTW – I guess there’s something new called Blogger Images whereby you can upload images to a Blogger blog. I only found out about it because there was some problem with it and the Blogger Status feed I subscribe to had info. I actually couldn’t’ find any sort of announcement about it. Thanks for nothing, Blogger.

Valet screening

Yesterday I was selected for secondary screening while going through airport security at SFO. It started off rather typically, with no explanation from the person who checks ID and boarding passes, only an instruction to follow a certain path. It’d be nice at that point if they told you what was going on. I follow the path I was directed to – a long and narrow corridor between the wall and those straps-on-poles (were that I was hip enough to name those by brand!) – a long and twisting path that eventually reached a dead-end. I was confused, so I turned around only to find a security person was ducking under the straps to join me.

He was exceedingly polite, and extremely patient while I did as he requested, provided boarding pass, unloaded my laptop, took off my shoes. He made suggestions gently (“I’ll get you a container for you to put your bag and your shoes in”). And he told me what was going to happen next (“If you could come with me, sir, we’ll just stand here and wait to go through”).

Instead of treating me like a presumed criminal, I actually felt a bit of privilege. Partly by singled out, but partly because of a certain experience of access. My bags were put through the X-ray machine ahead of others, with somebody carrying them for me and getting the nod to lay them on the belt as soon as possible. Meanwhile, I was able to stand out of the line, in a space in the middle where no one else could stand (since they had to remain in line). I went through the metal detector myself and was directed to a little holding area. After a call of “male, secondary” went out, I encountered a man waiting there for me told me immediately (calling me sir) where I could go next, pointing to an area that required me to pass the end of the X-ray machine, and go around behind. And then I was “free” to traipse over there myself, crossing several zones and lines that the normal passenger wouldn’t go through.

Two different people greeted me there, one of whom smiled nervously (the nervous smile of youth and introversion, simply) at me with a mouth full of braces. He dealt with my bag, and another did the search. They weren’t extroverted, they weren’t bossy, they were comfortable and friendly. Stand like an airplane, palms up. Face this way, so you can see your bags being searched. I never felt manhandled. The warned me my wallet and keys would be re-X-rayed.

I have been to the hairdresser (oops, I mean barber) and been treated more like a piece of meat than today. Or that all-too-familiar experience (like last week at Ross Dress For Less) when the cashier was engaged in a phone conversation for the entire duration of my transaction. Or the flight attendant on yesterday’s flight who walked through the cabin distributing the “snack” (Oreo, cheese spread, cracker-wafer-thing, world’s-smallest-box-of-raisins) with an amazing lack of interpersonal energy – no eye contact, no words, just place the snacks on the trays and move along.

Anyway, while traveling, all of my clothes and toiletries were in checked baggage, so I’m sure that reduced the sense of violation of having stuff opened, touched, looked at.

Two interactions felt more like cooperation than victimization, and they were small but significant. In one part of the search of my b, the wanded the button that closes my jeans – and of course it beeped. They asked me to twist it over (a gesture that is difficult to describe but is akin to walking around with your collar up, rather than any kind of underwear-proximal violation) and he said “good enough” in response. Secondly, when my bags were finished being searched, the bag-handling guy put a lot of hole punches into the boarding pass. When the wanding guy returned with my re-x-rayed wallet and keys, he asked me if the other agent had punched my boarding pass.

I suppose those may be signals of lax security, but I’m only talking about it from my perspective, the traveler. I think I finished up before anyone who entered the regular line before I did, and I got “special” treatment that didn’t make me feel bad or weird. And I wasn’t in a rush so I wasn’t worried about that, either.

Overall, it was an incredibly powerful reframe – from being a suspect to receiving valet service. Some minor cues (with a different mindset behind them, no doubt) changed the perspective of an ordinary experience about 180 degrees.


About Steve