Trust Your Senses, security poster, London Underground, 2008

Eye Bee M, Paul Rand, 1970

See more of my London and Sheffield pictures here.

The NYT has a story about self-selecting airport security lines.

…a black diamond line for expert travelers, defined as those who fly more than twice a month and are skilled at security procedures, always ready with items removed; a blue square for casual travelers, who are familiar with the screening process; and a green circle for families and those needing assistance or more time.

I think this is an exciting idea, although it doesn’t appear to be working perfectly. It seems that people are overestimating their own expert-ness (or perhaps fudging their self-analysis in favor of a perceived “express line”) although families feel relief from the pressure of other travelers.

This seems like a classic web design problem, with different types of users (who have very different abilities, needs, and expectations) coming in the same front door. And when there’s a choice, people will obviously act in their own perceived self-interest.

I think separating “normal” from “expert” is going to be a tough thing to figure out in any situation; unless “expert” carries with it an intimidation factor, I suspect most people will escalate their capability. Otherwise “normal” starts shifting to “stupid.”

Again, an interesting approach to a problem, and as with most prototyping efforts, lots of learning about how the proposed solution is and isn’t working, yet.

I’ve uploaded nearly 1300 of my Japan pictures to Flickr. For reasons I’m sure you’ll understand, I haven’t added titles or tags or descriptions proactively, but please add comments or questions on flickr and I’ll gladly offer a story or explanation.

Meanwhile, I’m including some of my faves here, as well as part 1 and part 3.

A couple of weeks ago there was some concern over the SF Indian Consulate getting rid of old visa applications in a very insecure manner:

Thousands of visa applications and other sensitive documents, including paperwork submitted by top executives and political figures, sat for more than a month in the open yard of a San Francisco recycling center after they were dumped there by the city’s Indian Consulate.

The documents, which security experts say represented a potential treasure trove for identity thieves or terrorists, finally were hauled away Wednesday after The Chronicle inspected the site and questioned officials at the consulate and the recycling facility.

The article goes on to detail what data about what types of people they found in their examination of the site and the expected quotes from security experts about what type of risk this creates.

Having gone through the visa application process ourselves for our trip to India last January, it’s a little disturbing to read that

a sampling of documents obtained by The Chronicle indicate that the boxes contained confidential paperwork for virtually everyone in California and other Western states who applied for visas to travel to India between 2002 and 2005.

But I was sadly amused by the response from the consulate

Consul General Prakash said there may be a cultural dimension to the level of outrage related to the incident among Western visa applicants.

“In India, I would not be alarmed,” he said. “We have grown up giving such information in many, many places. We would not be so worried if someone had our passport number.”

Deputy Consul General Sircar said that in other countries, Indian officials are able to go to the roofs of their offices and burn documents they’re no longer able to store.

“In America, you cannot do that,” he said.

You can just hear the bristling bureaucratic response, colored with that cliched “no-problem”!

Staples ladders up to a higher-order benefit, from commodity office supplies to a sense of well-being. Selling security without using fear; nicely done. Seems empowering, rather than manipulative.

[Props go to Emily for this photo, and for the whole group on the hike for the noticing and commenting on this; I post it here with shared credit to all]

This is the gate a hiking area called Sweeney Ridge. Normally to enter you must follow a torturous narrow zig-zag barely able to accommodate a human+backpack. This keeps out motor vehicles and other heavy equipment.

But those that look after the properly still need to be able to get in with their maintenance equipment and so the gate swings open for them. Simply having a lock isn’t sufficient; here they need at least eight locks. Eight different locks! So if one could be picked or someone has a master key, the other seven will back them up. Redundancy and diversity as approaches to security!

I’d love to see who shows up to open the gate; what kind of key ring they are carrying and what their frustration level is in opening up every single lock. Comedic possibilities abound. Update: wrong! See comments for explanation.

This article in Wired considers the vulnerabilities of supposedly theft-proof electronic systems. Turns out there are “back-doors” in some of these technologies.

He called an acquaintance who worked at a Honda dealership. I listened, awestruck, as Montes fed the guy a barely credible story about a cousin who had dropped his keys down a sewer. The dealership employee was at home but evidently could access the Honda database online. I gave Honky’s VIN to Montes, who passed it along to his friend. We soon had the prescribed sequence of pulls, which I scribbled down in my notebook.

I walked outside and approached Honky. The door lock would have been easy – a thief would have used a jiggle key, and a stranded motorist would have had a locksmith cut a fresh one. I just wrapped the grip of my key in tinfoil to jam the transponder. The key still fit, but it no longer started the car.

Then I grabbed the emergency brake handle between the front seats and performed the specific series of pumps, interspersed with rotations of the ignition between the On and Start positions. After my second attempt, Honky’s hybrid engine awoke with its customary whisper.

The story is interesting on many levels, but I was really taken by the interface to this back door. Our user model for automobile controls sees the different systems as entirely separate. Who knew the emergency brake could talk to the ignition?

I have always loved the idea of neat little tricks; unexpected ways of interacting with something, outside of the fixed rules of how you’re supposed to use it. It’s not so much the idea of unauthorized access, but simply the secret Toontown world that lurks beyond the mundane and familiar. I remember during the dial telephone era there was a way to get your own phone to ring back (it may have worked with tone, but I remember it as a dial hack); Dial 57 and the last 5 digits (or something) and then hang up, or hang up twice in succession. And the phone would ring. Great for messing with family members or when visiting someone else’s house.

The outcome was fun, but I’ll emphasize that much of the pleasure came from this possibility of navigating cleverly outside the interaction flow of receiver/dial tone/dialing/ringing/other party answering.

Sure, we’ve got Google hacks nowadays where there oodles of hidden functions, but it’s basically a command-line interface that reads more codes that you know about. So what? Isn’t that what Unix was? The delight (and I’m not talking about usefulness, just the fun and discovery) comes from the rupturing of the interaction model and the seemingly irrelevant actions leading to some new effect.

I don’t need anyone to reveal security vulnerabilities, but I’d be curious to hear about any favorite back doors!

During our recent vacation we took an interisland flight from Honolulu to Lihue on Kauai. The Honolulu terminal is laid-back, to put it mildly. I’ve boarded from the tarmac elsewhere and it’s usually very clear where you can and can’t walk; with barricades, and people blocking your path and pointing which way to go.

Not so in Honolulu. The boarding area is rectangular, with one wall facing the tarmac and a series of doors, each a different gate. When you go through the gate and surrender your ticket, they tell you nothing about where to go next. You are standing on the tarmac facing a whole bunch of planes. Each gate leads to roughly the same place, with no wayfinding or anything to guide your passage to the plane itself.

We looked at the different logos and figured which gathering of small planes would be the one from our airline and we started wandering that way. Some passengers were cutting across the open paved space, others were walking along the edges. Eventually we found some ground crew who tried to figure out which plane we should be on; but the interaction was so slack that clearly this was not part of their ordinary role.

It hardly seemed safe; it absolutely wasn’t secure, and it was ridiculous customer service. There’s a difference between the Aloha Spirit and just leaving people to fend for themselves with no information or guidance. I wasn’t impressed.

I love it when I’m mulling something over and an article appears that sums it up, at least partly. Don’t Blame the Web When Newspapers Die is one such example

The disappearance of the paperboy. I was a paper-boy as a kid. It was good money, and my knocking on doors seeking subscriptions or asking to be paid put a human face on the paper. Circulation grew with the population, but now newspapers must offer free subscriptions to sucker the rubes to renew. These offers come from Mumbai by phone, usually when you’re at dinner. The bean counters love it. Some middle-aged man now delivers the paper out of an old Chevy.

We are reading a lot about people getting their news from the web instead of print, or the failures of news companies (MSM – or “main stream media”) to allow sharing and get with the co-creation program, blah blah blah.

But really, these newspaper companies are messed for other reasons (such as are outlined in the article). They can’t provide their basic service very well – to get a printed piece of a paper to your door every day, and to stop getting you those printed pages when you ask them to.

Every single time I travel I have to put two papers on hold (the SF Chron and the NYT). I’ve started putting them on hold a day early, even though I’d like a paper that day, I have to ensure they actually do stop the paper when they are supposed to.

Last week we went away and I did my usual. One paper still arrived, so I called and spoke to a human who verified my hold was in the system and indicated that they would escalate a notice to some district person to get it stopped. The next day a paper arrived – and I was already in Toronto – so I called long distance (the 800 number doesn’t work outside the US, of course) and restated the situation again and told them I did not want to come home to a pile of papers. “Absolutely, we’ll let the supervisor know and get that sorted out.” The phone call, mind you, cost $8.00 from the hotel. Cheaper than my international roaming charges on Verizon? I dunno.

And we came home to find, indeed, a pile of papers. They didn’t follow the first notice, they didn’t follow the first escalation, or the second escalation, nor did they respond to the pile of papers sitting in the driveway (hey, maybe that would be a clue that they should not be delivering them).

The day after we got back, the other paper didn’t arrive. I had to call in to get that delivery problem sorted out. I’m so fed up with these papers – you can’t get anyone at the main office to take you seriously, all they can do is pass a message onto a mysterious supervisor who presumably deals with the middle-aged man in the old car who drives down my street early in the morning.

One day a few months ago neither paper arrived (and unrelated to any vacation hold, even), so I called both offices. And I actually got a followup call from the carrier, telling me to call them if I had a problem (in other words, don’t let our boss know). And – for the two papers – it was the same carrier!

Meanwhile, I’m feeling totally unresolved about last week’s unwanted deliveries. I’m not calling in and speaking to another drone again; I sent an email asking for a supervisor to call me about an unresolved problem, and I’m thinking about canceling the paper if they don’t take me seriously. The fact is, I need them more than they need me. They aren’t interested in me as a customer – the delivery mechanism is so far removed from the news gathering organization, that there’s no one who is going to respond in any fashion, let alone take any actual steps to keep this from happening. It’s just a lousy single customer for them, but it’s more than inconvenience for me, it’s about home security – there’s nothing worse than a bunch of papers to advertise that the house is prime for breaking and entering and stealing and leaving. If I can’t travel without worrying that a disinterested low-paid employee is going to put my safety and security at risk, then it’s maybe not worth it.

I still like the paper, and I like reading it cover to cover more than I could ever do online. But they don’t deserve my meager business.

I’m not sure if this consistently poor level of customer service is what’s going to further destroy the newspaper business, or if we’ll just tolerate it like we do with banks, HMOs, utilities, phone companies, Best Buy, and so on.

Saw this in a building today. To gain entry, you had to walk up to a machine – a video camera on a podium with a small screen – and state your name and who you were there to see. It wasn’t quite like some Star-Wars-esque door or anything; the machine stood in the middle of a open area, with straps-on-posts to guide you to the right place. Further, there was a security attendant/hostess who stood sat many feet behind the podium at her own desk and sort of offered guidance/instructions on how to proceed. I didn’t feel comfortable taking pictures of it, unfortunately. The machine was covered with signage made out of the same red plastic with white letters – there were several signs visible to address various interactions and warnings. Very kludgey, and since no one checked ID or called up to the floor you were planning to visit, it didn’t feel very secure, even if they had me on tape.

BTW – I guess there’s something new called Blogger Images whereby you can upload images to a Blogger blog. I only found out about it because there was some problem with it and the Blogger Status feed I subscribe to had info. I actually couldn’t’ find any sort of announcement about it. Thanks for nothing, Blogger.