Secrets of the "Clear" airport security line

Yesterday it was announced that "Clear" (Verified ID Pass) the special "bypass the line at security" card company, has shut its doors and its lines. They ran out of money and could not pay their debts. No surprise there, they were paying $300K/year rent for their space at SJC and only 11,000 members used that line.

As I explained earlier, something was fishy about the program. It required a detailed background check, with fingerprint and iris scan, but all it did was jump you to the front of the line -- which you get for flying in first class at many airports without any background check. Their plan, as I outline below, was to also let you use a fancy shoe and coat scanning machine from GE, so you would not have to take them off. However, the TSA was only going to allow those machines once it was verified they were just as secure as existing methods -- so again no need for the background check.

To learn more about the company, I attended a briefing they held a year ago for a contest they were holding: $500,000 to anybody who could come up with a system that sped up their lines at a low enough cost. I did have a system, but also wanted to learn more about how it all worked. I feel sorry for those who worked hard on the contest who presumably will not be paid.

The background check

Features for high-end digital cameras

I'm really enjoying my Canon EOS 5D Mark II, especially its ability to shoot at 3200 ISO without much noise, allowing it to be used indoors, handheld without flash. But as fine as this (and other high end) cameras are, I still see a raft of features missing that I hope will appear in future cameras.

Topic: 

Use the battery to power AC startup surge in an RV

Many RVs come with generators, and the air conditioner is the item that demands it be a high power generator. The Generator needs to be big enough to run the AC, and in theory let you do other things like microwave when you run it. It also has to be big enough to handle the surge that the AC motor takes when the AC starts up.

Topic: 

Anti-atrocity system with airdropped video cameras

Our world has not rid itself of atrocity and genocide. What can modern high-tech do to help? In Bosnia, we used bombs. In Rwanda, we did next to nothing. In Darfur, very little. Here's a proposal that seems expensive at first, but is in fact vastly cheaper than the military solutions people have either tried or been afraid to try. It's the sunlight principle.

First, we would mass-produce a special video recording "phone" using the standard parts and tools of the cell phone industry. It would be small, light, and rechargeable from a car lighter plug, or possibly more slowly through a small solar cell on the back. It would cost a few hundred dollars to make, so that relief forces could airdrop tens or even hundreds of thousands of them over an area where atrocity is taking place. (If they are $400/pop, even 100,000 of them is 40 million dollars, a drop in the bucket compared to the cost of military operations.) They could also be smuggled in by relief workers on a smaller scale, or launched over borders in a pinch. Enough of them so that there are so many that anybody performing an atrocity will have to worry that there is a good chance that somebody hiding in bushes or in a house is recording it, and recording their face. This fear alone would reduce what took place.

Once the devices had recorded a video, they would need to upload it. It seems likely that in these situations the domestic cell system would not be available, or would be shut down to stop video uploads. However, that might not be true, and a version that uses existing cell systems might make sense, and be cheaper because the hardware is off the shelf. It is more likely that some other independent system would be used, based on the same technology but with slightly different protocols.

The anti-atrocity team would send aircraft over the area. These might be manned aircraft (presuming air superiority) or they might be very light, autonomous UAVs of the sort that already are getting cheap in price. These UAVs can be small, and not that high-powered, because they don't need to do that much transmitting -- just a beacon and a few commands and ACKs. The cameras on the ground will do the transmitting. In fact, the UAVs could quite possibly be balloons, again within the budget of aid organizations, not just nations.

Authenticated actions as an alternative to login

The usual approach to authentication online is the "login" approach -- you enter userid and password, and for some "session" your actions are authenticated. (Sometimes special actions require re-authentication, which is something my bank does on things like cash transfers.) This is so widespread that all browsers will now remember all your passwords for you, and systems like OpenID have arise to provide "universal sign on," though to only modest acceptance.

Another approach which security people have been trying to push for some time is authentication via digital signature and certificate. Your browser is able, at any time, to prove who you are, either for special events (including logins) or all the time. In theory these tools are present in browsers but they are barely used. Login has been popular because it always works, even if it has a lot of problems with how it's been implemented. In addition, for privacy reasons, it is important your browser not identify you all the time by default. You must decide you want to be identified to any given web site.

I wrote earlier about the desire for more casual athentication for things like casual comments on message boards, where creating an account is a burden and even use of a universal login can be a burden.

I believe an answer to some of the problems can come from developing a system of authenticated actions rather than always authenticating sessions. Creating a session (ie. login) can be just one of a range of authenticated actions, or AuthAct.

To do this, we would adapt HTML actions (such as submit buttons on forms) so that they could say, "This action requires the following authentication." This would tell the browser that if the user is going to click on the button, their action will be authenticated and probably provide some identity information. In turn, the button would be modified by the browser to make it clear that the action is authenticated.

An example might clarify things. Say you have a blog post like this with a comment form. Right now the button below you says "Post Comment." On many pages, you could not post a comment without logging in first, or, as on this site, you may have to fill other fields in to post the comment.

In this system, the web form would indicate that posting a comment is something that requires some level of authentication or identity. This might be an account on the site. It might be an account in a universal account system (like a single sign-on system). It might just be a request for identity.

Your browser would understand that, and change the button to say, "Post Comment (as BradT)." The button would be specially highlighted to show the action will be authenticated. There might be a selection box in the button, so you can pick different actions, such as posting with different identities or different styles of identification. Thus it might offer choices like "as BradT" or "anonymously" or "with pseudonym XXX" where that might be a unique pseudonym for the site in question.

Now you could think of this as meaning "Login as BradT, and then post the comment" but in fact it would be all one action, one press. In this case, if BradT is an account in a universal sign-on system, the site in question may never have seen that identity before, and won't, until you push the submit button. While the site could remember you with a cookie (unless you block that) or based on your IP for the next short while (which you can't block) the reality is there is no need for it to do that. All your actions on the site can be statelessly authenticated, with no change in your actions, but a bit of a change in what is displayed. Your browser could enforce this, by converting all cookies to session cookies if AuthAct is in use.

Note that the first time you use this method on a site, the box would say "Choose identity" and it would be necessary for you to click and get a menu of identities, even if you only have one. This is because a there are always tools that try to fake you out and make you press buttons without you knowing it, by taking control of the mouse or covering the buttons with graphics that skip out of the way -- there are many tricks. The first handover of identity requires explicit action. It is almost as big an event as creating an account, though not quite that significant.

You could also view the action as, "Use the account BradT, creating it if necessary, and under that name post the comment." So a single posting would establish your ID and use it, as though the site doesn't require userids at all.

Topic: 
Tags: 

ClariNet history and the 20th anniversary of the dot-com

Twenty years ago (Monday) on June 8th, 1989, I did the public launch of ClariNet.com, my electronic newspaper business, which would be delivered using USENET protocols (there was no HTTP yet) over the internet.

ClariNet was the first company created to use the internet as its platform for business, and as such this event has a claim at being the birth of the "dot-com" concept which so affected the world in the two intervening decades. There are other definitions and other contenders which I discuss in the article below.

Apple blocks iPhone App because EFF blog points to my Downfall Parody

Last week, I posted a pointer to my parody of a famous clip from the movie Downfall and I hope you enjoyed it. While the EFF itself didn't make this video, I do chair the foundation and they posted a pointer to it on the "Deep Links" blog. All well and good.

Some time earlier, an iPhone app developer put together an iPhone app which would display the EFF blog feed. This wasn't an EFF effort, but the EFF gave them permission to put the logo in the app.

Gallery of my favourite panoramas

While I have over 30 galleries of panoramic photos up on the web, a while ago I decided to generate some pages of favourites as an introduction to the photography. I'm way behind on putting up galleries from recent trips to Israel, Jordan, Russia and various other places, but in the meantime you can enjoy these three galleries:

My Best Panoramas -- favourites from around the world

Hitler tries a DMCA takedown

New Update, April 2010: Yes, even this parody video has been taken down though the YouTube Content-ID takedown system -- just as my version of Hitler says he is going to do at the end. I filed a dispute, and it seems that now you can watch it again on YouTube, at least until Constantin responds as well as on Vimeo. I have a new post about the takedown with more details. In addition, YouTube issued an official statement to which I responded.

Unless you've been under a rock, you have probably seen a parody clip that puts new subtitles on a scene of Hitler ranting and raving from the 2004 German movie Downfall (Der Untergang). Some of these videos have gathered millions of views, with Hitler complaining about how he's been banned from X-box live, or nobody wants to go to Burning Man, or his new camera sucks. The phenomenon even rated a New York Times article.

It eventually spawned meta-parodies, where Hitler would rant about how many Hitler videos were out on the internet, or how they sucked. I've seen at least 4 of these. Remarkably, one of them, called Hitler is a Meme was pulled from YouTube by the studio, presumably using a DMCA takedown. A few others have also been pulled, though many remain intact. (More on that later.)

Of course, I had to do my own. I hope, even if you've seen a score of these, that this one will still give you some laughs. If you are familiar with the issues of DRM, DMCA takedowns, and copyright wars, I can assure you based on the reviews of others that you will enjoy this quite a bit. Of course, as it criticises YouTube as well as the studio, I have put it on YouTube. But somehow I don't think they would be willing to try a takedown -- not on so obvious a fair use as this one, not on the chairman of the most noted legal foundation in the field. But it's fun to dare them.

(Shortly I may also provide the video in some higher quality locations. I do recommend you click on the "HQ" button if you have bandwidth.)

Making of the Video, Legally

On ultralight vehicles vs. large mass transit vehicles

One of the questions raised by the numbers which show that U.S. transit does not compete well on energy-efficiency was how transit can fare so poorly. Our intuition, as well as what we are taught, makes us feel that a shared vehicle must be more efficient than a private vehicle. And indeed a well-shared vehicle certainly is better than a solo driver in one of todays oversized cars and light trucks.

But this is a consequence of many factors, and surprisingly, shared transportation is not an inherent winner. Let's consider why.

We have tended to build our transit on large, heavy vehicles. This is necessary to have large capacities at rush hour, and to use fewer drivers. But a transit system must serve the public at all times if it is to be effectively. If you ride the transit, you need to know you can get back, and at other than rush hour, without a hugely long wait. The right answer would be to use big vehicles at rush hour and small ones in the off-peak hours, but no transit agency is willing to pay for multiple sets of vehicles. The right answer is to use half-size vehicles twice as often, but again, no agency wants to pay for this or to double the number of drivers. It's not a cost-effective use of capital or the operating budget, they judge.

Weight

The urban vehicle of the future, as I predict it, is a small, one-person vehicle which resembles a modern electric tricycle with fiberglass shell. It will be fancier than that, with nicer seat, better suspension and other amenities, but chances are it only has to weigh very little. Quite possibly it will weigh less than the passenger -- 100 to 200lbs.

Transit vehicles weigh a lot. A city bus comes in around 30,000 lbs. At its average load of 9 passengers, that's over 3,000lbs of bus per passenger. Even full-up with 60 people (standing room) it's 500lbs per passenger -- better than a modern car with its average of 1.5 people, but still much worse than the ultralight.

Can airports do paging as well as a restaurant?

I have a lot of peeves about airports, like almost everybody. One of them is the constant flow of public address announcements. They make it hard to read, work or concentrate for many people. Certainly it's hard to sleep. It's often even hard to have a phone call with the announcements in the background.

One solution to this is the premium airline lounges. These are announcement-free, but you must watch the screens regularly to track any changes. And of course they cost a lot of money, and may be far from your gate.

Some airlines have also improved things by putting up screens at the gates that list the status of standby passengers and people waiting for upgrades. This also saves them a lot of questions at the gate, which is good.

But it's not enough. Yet, even in a cheap restaurant, they often have a solution. They give you a special pager programmed to summon you when your table or food is ready. It vibrates (never beeps) and they are designed to stack on top of one another for recharging.

Airports could do a lot better. Yes, they could hand you an electronic pager instead of/in addition to a boarding pass. This could be used to signal you anywhere in the airport. It could have an active RFID to allow you to walk though an automatic gate onto the plane with no need for even a gate agent, depositing the pager as you board.

Each pager could also know where it is in the airport. Thus a signal could go out about the start of boarding, and if your pager is not at the gate, it could tell the airline where you are. If you're in the security line, it might tell you to show the pager to somebody who can get you through faster (though of course if you make this a regular thing that has other downsides.)

Topic: 

Electronic panorama head with rotation sensor

In my quest for the idea panorama head, I have recently written up some design notes and reviews. I found that the automatic head I tried, the beta version of the Gigapan turned out to be too slow for my tastes. I can shoot by hand much more quickly.

Virgin America Airways and on-demand ordering

Yesterday I took my first flight on Virgin America airways, on the IAD-SFO run. Virgin offered a tremendous price (about $130 one way) but it's worth examining how they have made use of technology on their planes. Mostly I usually end up on United, which is by far the largest carrier at SFO. Because of this, I fly enough on it to earn status, and that it turn provides a seat in their Economy Plus section which has more legroom, priority boarding and in theory, an empty middle if there are empty middles. This is 90% of the value of the status -- the other main value, ability to upgrade, is hard to actually make use of because business class is usually full. The extra legroom is surprisingly pleasant, even for a widebody individual like myself who would much prefer extra width if I had a choice.

Other than Economy Plus (and some very nice business class on some of the long-haul planes,) United is falling behind other airlines. It would be hard to recommend an ordinary coach seat. The one big amenity that more and more other airlines are providing is power in coach, in particular 115v AC power which is more flexible than the older 15vdc "Empower" system United uses in business class. The main downside of the 115v connections is they tend to be mounted under the seats, making them hard to get to. Air Canada has put them in the personal video panels. Virgin placed them under the seats but high and forward enough to be reached (if you knew what you were looking for) but also so close as to make wall-warts bump against your legs. Virgin also offered USB jacks down under the seats, also hard to get to. Even if you don't want to put 115v up higher, USB charging jacks are better placed in the video console/seatback I think.

American Airlines has a mix of DC and AC power, but still makes it available in coach. Continental has put EmPower on some planes in the front half of coach, but some newer planes have AC power all the way through coach.

Topic: 

Two sources on energy, and using heat

I was reminded yesterday, after posting more on the cost-effectiveness of energy sources, to point out an interesting new book on the economics of energy. The book is Sustainable Energy With the Hot Air by David MacKay, a physics professor from Cambridge University. What's important about the book is that he pays hard attention to the numbers, and demonstrates that certain types of alternative energy are likely to never make sense, while others are more promising.

I only have a few faults to pick with the book, and he's not unaware of them. He decides to express energy in the odd unit of "kilowatt-hours per day" as he feels this will make numbers more manageable to the reader. Of course with time in the numerator and denominator, it's a bit strange to the scientist in me. (It's the same as about 42 watts.) In a world where we often see people say "kilowatt" when they mean "kilowatt-hour" I suppose one deserves credit for using a correct, if strange unit.

My real quibble is over his decision to measure energy usage at the tank, so that an electric car's energy usage is measured in the battery, while a gasoline car is measured in the fuel tank. Today we burn fuel to make electricity, and so electric cars actually consume 3 times the energy they put in the batteries. That's a big factor. MacKay argues that since future energy sources (such as solar) might generate electricity without burning fuel, that this is a fair way to look at it. This is indeed possible but I think it is necessary to look at it both ways -- how efficient the vehicles are today (and will be if we still generate electricity from heat) and how they might be in the future. Generating electricity from heat does complicate the math of energy in ways that people can't agree on, so I understand his temptation.

Yesterday I was also pointed out to a solar power site called SolarBuzz. This is a pro-solar-panel site, and is rare in that it seems to do its math right. I haven't looked at all the numbers, and I am surprised wthat with the numbers they show that they are such boosters. Their charts of payback times all focus on power costs from 20 to 50 cents/kwh. Those costs are found in Europe, and in the tiers of California, but the U.S. national average is closer to 10 cents, where there is no payback. They also use 5% for their interest rate, a low rate that is only found in strange economic times such as these -- but justifiable in a chart today.

Pure heating is highly wasteful

Topic: 

Is being evangelical about solar the right course?

The earlier post on whether solar gives the best bang per buck in greening our electricity ran into some opposition, as I expected. Let me consider some of the objections and issues.

As a recap, I put forward that if we are going to use our money and time to attain greener electricity, what matters is how many MWH we take off the "dirty" grid (particularly coal plant output.) I measured various ways to do that, both green generation and conservation (which do the exact same thing in terms of grid offset) and worked out their cost, the MWH they take off the grid and thus the cost per MWH. Solar PV fares poorly. Converting incandescent bulbs to fluorescent in your own home or even other people's homes fares best.

A big part of the blame lies on the fact that crystalline silicon is an expensive way to make solar cells. It is, however, quite common since many PV plants started with technology from semiconductor fabrication.

Evangelical green

One frequent objection is that purchasing expensive solar panels today encourages the market for solar panels, and in particular better solar panels. Indeed, panel makers are generally selling all they can make. Many hope that this demand will encourage financing for the companies who will deliver panels at prices that make sense and compete with other green energy.

I call this being "evangelical green." Leading by example, and through encouraging markets. While I understand the logic, I am not sure I accept the argument.

Topic: 

Proposition T: All ballot propositions must fit in 140 characters

I was reviewing the voter information guide for the upcoming California Special Election. Even though I can't vote it is interesting to look at the process. To my surprise, the full text of the propositions shows the real items to be incredibly complex. Proposition 1C, which updates lottery laws, is over 4 1/2 pages of dense print.

Topic: 

When the cell phone rings...

We've all experienced it. A cell phone starts ringing or vibrating. To be clever, it slowly starts getting louder in case the owner didn't hear or feel the initial signal. You see somebody going through their bag looking for the phone that keeps getting louder and louder. Finally they answer and it shuts up.

Topic: 

Connecting untrusted devices to your computer

My prior post about USB charging hubs in hotel rooms brought up the issue of security, as was the case for my hope for a world with bluetooth keyboards scattered around.

Is it possible to design our computers to let them connect to untrusted devices? Clearly to a degree, in that an ethernet connection is generally always untrusted. But USB was designed to be fully trusted, and that limits it.

Topic: 

Powered USB Hub in my hotel room, and more

What should be in a good hotel room?

Well, one thing that's easy to add to the list is a powered USB hub, with as many as 6 ports and a 3 amp power supply. Toss in some mini-USB cables (possibly just built into the hub) as they have become, for better or worse, the present-day universal charging standard. (At only 2.5 watts, USB is a bit anemic as charging standard, but it's what we have for now.) A mouse would be nice too, but is a security risk.

Alas, we can't have a keyboard on it, as nice as that would be, since that can't be trusted. It might have a keylogger put in it (even by the previous occupant of the room) to grab passwords.

Now this is a fairly cheap item (under $20) and like many other hotel items, it could also be available at the front desk, though it's so cheap I don't see a reason for that. While you could not be sure it would be there at every hotel, it would still be useful, since it can add to the charging you bring, and most laptops can be a charging station if you are willing to leave them on overnight. It's also useful as a hub. Indeed, have two, one on the desk, and one by the bed for cell phones.

We're almost ready to not need the hotel phone unless you are coming from overseas and pay ridiculous roaming charges. But they still need it to call you sometimes, and I don't want to have to hand over my mobile number at check-in.

Most hotel rooms now are getting a flat-screen HDTV. That's great, but rarely do they offer up the VGA port that many of these TVs have, or a cable to plug it in. I recommend a 1080p TV for each room, located in such a way that it can be an external monitor for my laptop. As such there should be a VGA cable connected or handy. The TV could also be connected to the USB hub, and use a video over USB protocol for devices that have USB out but not video out. (This usually needs a driver and has some limitations.)

Topic: 
Tags: 

Pages

Subscribe to Brad Ideas RSS Subscribe to Brad Ideas - All comments