pskl.us

Whining

The TSA and Your Privates

by on Nov.17, 2010, under Security, Whining

I’ve had a lot of thoughts lately on the TSA’s new practices for protecting us from terrorist shenanigans during air travel. My privacy-minded friends and I pass links back and forth each day with horror stories from people who have felt violated by the TSA. All of this came to a head today when Jeff Jarvis said this on twitter this morning:

I may stand alone, but I’d rather be groped than blown up in an airplane with a murderer who had not been groped.

This is clearly an oversimplification of the argument (it isn’t an “A or B” situation…a lot of people on twitter were shouting “False Dichotomy!!”) and is beneath Jeff, in my opinion. For those who don’t know Jeff, you can find info about him here http://www.buzzmachine.com/about-me/

Generally speaking, I’m a big fan of his work and of his opinions. Just about every time I hear him speak or read his blog, I feel like he “gets it.” Not so much today, though. Jeff kept spouting fallacious arguments in favor of the TSA’s policies and many people responded unfavorably to what he was saying (Jeff has about 55,000 followers, FYI). I think he’d agree that most of his twitter feedback was negative. I jumped in and sent a few replies but I was frustrated, as usual, by the 140 character limit. Jeff replied to a few of my tweets in a very civil manner, as one would expect, except for the fact that he called me a drama queen. Oh, and he joked that people who are against the TSA procedures must have small penises. Once again, this is beneath you, Jeff.

I won’t recap the entire conversation here (you can see it on twitter if you want to), but Jeff agreed to read my argument if I were to post it in blog form… so here we are. I’ll try to keep this as brief as possible, Jeff, I know you’re a busy guy.

“Enhanced” Security Screenings Are Merely Security Theater And Will Not Keep Us Safe

To many people, this is not news. Many years ago (pre-9/11), George Carlin put it brilliantly when he spoke of the illusion of safety. More recently, Bruce Schneier coined the term “Security Theater.” I don’t know why I’m even writing this post since so many others have already made the point so much better than I ever could, such as Noah Shachtman in this piece from the WSJ….but I’ll do it anyway because I have some bits I’d like to add.

Fallacy #1: If we had these measures 10 years ago, it would have prevented 9/11

My opinion:

The only thing preventing 9/11 from happening again is 9/11 itself. Today’s terrorists know they can’t pull off another 9/11-style hijack-then-crash-into-specific-targets attack again because the passengers won’t stand for it. On September 10th, 2001, we were all told that we should comply and be quiet if we are on a hijacked plane. The September 11th attacks depended upon that and, for the most part, it worked. Evidence has shown that this is no longer the case. Passengers that get goofy on a flight get a first-class ass kicking courtesy of their fellow passengers.

So if we had today’s security and September 10th’s mindset, could they have pulled it off? Of course they could have. They possibly wouldn’t have their boxcutters but there are plenty of other ways to intimidate Sept 10th-mindset passengers with equipment you can still get on a plane. Don’t make me list specifics, I don’t want to get a visit from the FBI. Use your imagination… that’s what the terrorists do. Even using something as simple (and previously thought of as harmless) as boxcutters was fairly inventive on their part. They made use of something they were pretty sure they could get through security. When all you have to do is sit around, day after day, thinking of ways to beat a system, you will find a way. As long as the TSA procedures are made public and the limitations are detailed, which has to be the case, the enemy will think of a method to abuse those limitations. Remember, we cannot project our perception of what is acceptable behavior onto them: they will use children or other extreme measures that will make us sick to our very cores if it will help them accomplish their goals.

Fallacy #2: Today’s security would have caught the underwear bomber.

My opinion:

This one comes straight from one of Jeff’s tweets. While this is essentially true, it misses the point entirely. We started taking our shoes off because of the “shoe bomber” and now we get groped because of the “underwear bomber.” Do you see the pattern? There was never another shoe bomber, there will probably never be another underwear bomber (I’d also like to point out that neither of these dingbats boarded a plane in the US…they both went through European security). Both of them sat around their (no doubt) smelly apartments for weeks formulating a plan based on the limitations of the security through which they would have to pass. I really really hate to say it, but there are probably more dingbats sitting in smelly apartments thinking about the same stuff right now.

We keep reacting to previous threats and the bad guys keep evolving. That is the very crux of security theater: make it look like we’re “doing something about the problem.” Would there have been another underwear bomber if we hadn’t started the new procedures? Possibly, but he probably would have been just as successful as the first one. My understanding of the underwear bomber is that he was a nervous mess. He would have been denied access to a plane in Israel simply from one of their well-trained security people talking to him. They probably would have snagged the shoe bomber, too.

Fallacy #3: The logical conclusion is that we’ll all end up flying naked. THEN we’ll be safe for sure.

My opinion:

This may not come as a surprise, but the goal of a terrorist attack is not “blow up planes” or “hijack planes” … it is to kill or injure a very large group of people. Airlines were, for a long time, an ideal target for this kind of action. Some planes carry over 200 people and none of them can get away from the bad guys. Security was really lousy up until the hijack-happy 80’s when people suddenly became afraid to fly. Security was beefed up and hijackings went way down (especially on flights coming out of the US). As a result of this heightened security, pulling off the September 11th attacks took a great deal of planning, organization, and luck.

After September 11th, airlines in the US ceased to be a viable target for serious terrorists. I say “serious” terrorists because the terrorists who have tried to walk through security since then are crackpots and utter failures. The combination of heightened security efforts (pre-gropefest) and passengers who will not be cowed into compliance makes the chances of success drop lower and lower. I’m not saying that there will never be another airplane-based terror attack, I’m just saying the chances are extremely slim at this point. The bombs-disguised-as-toner recently showed that airplanes can still work for terrorists on SOME level but it also shows that they are not willing to try their luck with security checkpoints any more.

If you look at it from the viewpoint of a terrorist who hates America (I know it makes you feel dirty, but you have to understand the enemy if you ever wish to defeat them), I’ll bet you can think of a LOT better targets than airplanes for accomplishing your goals. Once again, I’m not going to name specifics, but I’ve only thought about this for a few minutes and I can think of a few horrific ideas. Now imagine that you are a terrorist and this is ALL you think about.

I’m not saying all this so that you live your life in fear. We simply can’t allow that to happen. The truth is you have a much better chance of being struck by lightning than being injured in a terrorist attack. This doesn’t mean we should not be diligent, but there are limits to what is APPROPRIATE diligence. I feel strongly that the new TSA procedures cross that line. There are better ways to accomplish the overall goal and it is the job of the TSA to find these methods. Replace security theater with actual security.

I don’t know who said it first this morning, but somebody on twitter brought up the following Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety

Couldn’t be more apt.

Some other reading you might be interested in:

Bruce Schneier talking specifically about new TSA procedures
Bruce Schneier – Beyond Security
Jason Alexander’s take on the situation
TSA confiscates heavily-armed soldiers’ nail-clippers
Former FBI Agent shares his feelings about the TSA

2 Comments :, , , , more...

The InGrid (or LifeShield) Home Security System – Is It Awesome? (Part 2 of 2 – The Install)

by on Mar.09, 2010, under Group News, Presentations, Reviews, Tutorials, Whining

NOTE: InGrid recently changed their name to LifeShield, but the equipment and service is still the same as is reviewed here

If you are interested in how I got to this point, check out the first post.

UPDATE 10-18-2010: LifeShield has added a few items/features you should know about:
They now sell the cellular backup unit. Add it to your system and your alarms will go through even if your phone lines and internet connection are cut.
They also now offer a smartphone app for the iPhone, Android, and BlackBerry. I’ve used the Android and BlackBerry versions and I’ll review them here ASAP.
One last thing, I’ve reviewed their Wireless Homeview Camera which integrates with the security system.

UPDATE (05-10-2012): I’ve been less-than-thrilled with the business practices of LifeShield lately. I still am a big fan of their products and services, so these reviews stand true, but if you’d like to know what they are up to, read this blog post.

UPDATE 10-18-2010: LifeShield has added a few items/features you should know about:

They now sell the cellular backup unit. Add it to your system and your alarms will go through even if your phone lines and internet connection are cut.

They also now offer a smartphone app for the iPhone, Android, and BlackBerry.

One last thing, I’ve reviewed their Wireless Homeview Camera which integrates with the security system.

UPDATE 11-11-2010: The battery in my Siren Detector died already, which is odd, but the good news is that it uses the same batteries as the door/window sensor: a CR2450 coin-cell battery. These can be purchased from amazon.com for pretty cheap…I bought a 5-pack for under $7 shipped.

UPDATE 12-08-2011 – THIS IS AN IMPORTANT ONE: In the past year LifeShield has changed their business plan a lot. As you read the review below, bear in mind that the following things are now the case for new customers:

  • They no longer sell the base systems outright, they are free-ish and subsidized by a…
  • Minimum 3 year contract. Sign up for a 5 year contract and your monthly rate will be cheaper (of course). Minimum $35/month for a 3 year contract, minimum $30/month for 5 year. One nice thing about being on contract is that the hardware is completely supported by LS, even including the batteries in your sensors.
  • There is a (minimum) $99 activation fee. It can be higher if you select certain options, such as the Cellular Backup unit

All this being said, it is still a decent deal. If I were security-system shopping today (instead of 2 years ago), I’d probably still go with LifeShield. I recommend you call the competition and get a quote, then check out LifeShield and see how it compares. If you are handy enough to install the system yourself (and you are… it isn’t hard), I think you’ll end up being happier with the LifeShield system.

Original Review:

As I discussed in the last post, I decided to go with the InGrid (LifeShield) security system. I ordered up all the parts I wanted and waited for them to arrive. Before you even receive your hardware, you can set up your account with the web portal (http://myingrid.com/). You create a password for accessing the account as well as other security questions. All of this can be edited later but you might as well get it out of the way now. Once you finish, you can poke around the site and see what kind of settings are available to you. Interesting, but I just couldn’t wait for the hardware to arrive so that I could get started with…

The Install

InGrid hardware

The packaging and documentation were all very impressive. There’s a great attention to detail they show here and it does not go unappreciated. The photo above shows all the stuff I got to start with, although I might add more later. It includes some very nice signs which I think I’ll be leaving in the box. Letting people know you have an alarm system is one thing, letting them know exactly what kind you have is another. Maybe I’ll put up some Brinks signs or something. When you open up the big box, you get this:

InGrid big box 1

A paper telling you, among other things, that “specialty sensors” can’t be added until 24 hours after system activation. No problem, plenty of other sensors to install first. It ended up being less than 24 hours for me anyway. Also included is a CD with PDFs of all the manuals. Then you get to the meat of the system:

InGrid big box 2

The numbered boxes make it even easier than I thought it would be. These 4 units make up the backbone of your security system. They are already associated with each other so there is no “syncing” to be done with these items. Just follow the simple instructions for each box (basically, connect the internal backup battery and plug it in) and you are good to go. Here is a shot of the book showing how simple the instructions are:

InGrid Instructions

As I mentioned, all of the items have internal backup batteries. Supposedly, the batteries will last around 24 hours if your power goes out. They are all simple rechargeable-phone-type batteries that you can buy at WalMart. First up is the base unit:

Base unit still in the box

Base unit still in the box

Base unit front

Base unit front

Base unit back

Base unit back

This guy is the real brain of the operation. You plug it into your internets and into your phone system (VOIP, in my case). It has a cradle for charging the phone unit, but the phone also comes with a charging base, so you don’t NEED to use this to charge the phone. I prefer hiding this somewhere out of sight so that nobody knows where to look to disable your system. If you are using your phone system as a backup, two of the other parts have phone jacks (the Console and the Grid Extender)…which means that this unit could be destroyed but either of those units could still phone home to the monitoring service. That’s part of what is so cool about this system…it is so decentralized.

Next up is the Handset and charger. Here is a pic next to a soda can for size reference:

InGrid handset

This handset has all the functionality of the Console, which is up next:

InGrid console

Either the handset or the console can be used to arm the system, disarm the system, view the status of sensors, and act as a phone (the console acts as a speakerphone). You can set the console on a countertop or mount it on the wall. It needs to be connected to AC power at all times (the battery is really just for backup purposes) so you are somewhat limited in mounting options. These units are also used for adding sensors and other goodies to the system. We’ll get into that shortly. I should also mention that you can view your current weather on either of these units as well as any “weather alerts.” Neato.

IMG00165-20100309-0734

I didn’t take a photo of the grid extender… it isn’t very exciting. Basically a brick that you plug into the wall. As I mentioned before, it has a phone jack which will be used to call the monitoring center if other systems fail. The grid extender also does what the name implies… it physically extends the network for sensors and other devices to be recognized by your system, so you should take that into account when deciding where to place all this stuff. You can even put a grid extender in your neighbor’s house (with permission, of course) and plug it into their phone line. That way, a thief would have to cut your internets, your phone, AND your neighbor’s phone to stop the system from calling in an alarm. If power, phone, and cable are knocked out for your entire neighborhood…well… I guess you are SOL… but InGrid says they have a GSM backup module coming soon, so you’ll be able to breathe easy (UPDATE: the GSM backup module is now available from lifeshield.com)

Once you have these 4 items powered up, you can activate your system online with myingrid.com. Very simple process that involves getting a code from the website and then entering it into your handset. Done. Now you can start adding open/closed sensors to your windows and doors. Here’s a little video introduction to the open/closed sensors, followed by a video I made explaining the very simple process of adding a sensor to your security system:

Easy, right?

You can add a bunch of these sensors and then sit down at your computer and name them appropriately from there (if you don’t want to do it from the handset or console).

Once the 24 hours have passed, you’ll get an email to tell you that your system has been activated and you are now in “Practice Mode” for 7 days… which means that any alarm you set off won’t call the monitoring system. So you have 7 days fool around and see how things work without being afraid that the cops will show up and yell at you. This activation email also means you can install your other sensors and dealies. In my case, that meant keyfobs, a siren detector, and a motion detector.

Here are a few videos showing my experience with those 3 addons:

All of that was pretty painless, right? I was a bit annoyed at how the motion sensor integrates with the system, so it gave me an excuse to call their tech support. The problem is that it logs motion events whether the system is armed or not. I understand that concept with door/window sensors, but not with motion sensors… The idea is to keep them in living spaces, so that means you’ll be tripping it all day long. Every time it senses motion, the console and the handset both display “Open: Motion Sensor” as if it is a window you keep opening and closing. My event log on myingrid.com very quickly just gets spammed with these “events.” Sure, I can filter the event log, but I shouldn’t have to. I asked tech support about it and they basically told me that it “isn’t a big deal” and that’s just how it works. They are right, it isn’t a “big deal,” but it IS annoying. There should at least be an OPTION to set it so that motion detector events only get logged (or noticed at all) when the system is armed. Working the way it does, I’m going to put a cover over my motion detector and only take it off when I leave the house or go to bed at night.

Now that the system is up and running, the only thing left to do is give you a quick tour of the myInGrid web UI. The following slideshow takes you through a bunch of the important screens. Many of the features shown here are also available via their mobile-friendly version of the myInGrid site, including being able to look at content grabbed by the cameras attached to your system (I really need to get one of their cameras). If you move your mouse over the slideshow, the controls pop up at the bottom which will allow you to pause it or move forward or backwards in the slideshow. The caption on each screenshot explains what you are looking at.


View the screenshots here if you want to look more closely.

I already mentioned the cameras they offer to integrate with the system. They have a few other items that I don’t (yet) own, but you should know about:

  • Glass break sensors – these recognize the sound of glass breaking and trigger the alarm
  • Water/temperature sensors – these are convenience sensors that alert you to a change in temperature and/or water where it shouldn’t be. I need one of these for our upstairs laundry room.
  • Smoke/heat detectors – you can use these rather than the siren detector I’m using.

I’m hoping that they’ll release some new products soon, such as:

  • A thermostat – would be killer to be able to see the current temperature and change the desired settings remotely
  • Light/appliance controls – or just add a module that supports X10 stuff
  • An outdoor camera – preferably wireless. If it is wired, make it support PoE and include a power injector. Seriously. I will pay for this.
  • A doorbell. This would be interesting to log events on, and it could just ring through all the same units that chirp when a door opens.
  • How about a module with a dry contact interface so we can start to have some REAL fun with this thing…

The Conclusion

So that’s pretty much it… If you have any questions that I have not answered, feel free to ask in the comments and I’ll do my best. Aside from the motion detector silliness, I think this is the perfect home security system…well, it is perfect when used in conjunction with the .44 Desert Eagle I keep in my bedroom. Maybe I should put a picture of THAT in my yard rather than the InGrid signs…

108 Comments :, , , , , , more...

Why you won’t find PSKL at ShmooCon this year

by on Jan.22, 2010, under Group News, Whining

Well, it’s that time of year again: ShmooCon is right around the corner. Unfortunately, after attending every single ShmooCon thus far (also presenting at two of them, not to mention the commercials we made), we’re not going to be there this year.

Our spirits have finally been completely broken by the travesty that is the ShmooCon ticket purchasing process. Every year was a battle, but we really really thought they’d have it worked out by now.

They haven’t.

We’re fed up and we’re simply not going.

Before I go any further, I want to get a few points out of the way. This entire diatribe is based on a few assumptions. If these assumptions are not correct (or if you simply don’t agree with them), don’t bother reading any more. Also, if somebody from the Shmoo group were to tell me that these assumptions are absolutely not correct, then the con is not what I thought it was and it is not for me.

Assumption 1: The Shmoo group would like to build a community around ShmooCon. A lot of familiar faces (both presenters and attendees) make this small con special. While we understand perfectly well that ShmooCon will go on happily without us, we’d like to think that we’re part of that community (and valued as such).

Assumption 2: The Shmoo group’s motivation for selling tickets the way they do is that they want to keep the price down and allow people of all income levels to attend. Their motivation is NOT to create ridiculously over-inflated demand, force people to hoard tickets so that all their friends can attend, and then have an ebay market created around the hoarded tickets that are left over.

We tried to get tickets this year at all 3 chances. Only one of us succeeded. Others were foiled by the crappy captcha system, the link showing up at random places on the page, coding errors on the website, and general problems just connecting to the site while it is being crushed by traffic. Some of these problems were documented here http://ow.ly/RJOm

Many people seem amused that acquiring tickets has become a hacking contest or even a lottery of sorts. We are not amused. Shmoocon should not be amused. We have jobs, we have lives, we don’t need more challenges just to get friggin’ tickets to attend a con we’ve been supporting for the past 5 years. So what are the real problems here?

There are many.

  • The Shmoo Group should just give up trying to run the ticket sales themselves. They don’t have the hardware, the expertise, or the attention to detail needed to make the process fair. Let professionals handle it.
  • The idealistic “we’ll keep the price down” philosophy goes against all the rules of supply and demand. The size of the venue limits supply to a level significantly lower than demand. This is not natural. Nature abhors this kind of inequity and it should be remedied.
  • If a group of people would like to attend, they have no choice but to have every member try to buy as many tickets as possible in the hopes that they’ll have enough total tickets once the dust settles. Usually they end up having a few too many and the extras end up on ebay. Tickets on ebay often sell for $300 to $400.  Many people have figured out that proper hoarding of tickets + ebay sales ends up netting enough profit to pay for their own ticket along with travel expenses. This high-demand, high-profit market should not exist.

We’re not just about bitching, we’re also about solutions. So here are our pie-in-the-sky ideas to address the problems:

Option 1: The Shmoo Community

Each November, email the prior year’s attendees with a unique code. That code can be used one time within 30 days to purchase a barcode for the upcoming conference. The attendee can choose to pay either $150 for a normal ticket or $300 for the “I Love ShmooCon” package. Tickets that are not sold after 30 days go up on ebay. Profits go to ShmooCon, not to Joe Tickethoarder. Sure, some people would buy tickets using their code and then sell them on ebay…but at least they can’t buy a BUNCH of tickets and sell them on ebay.

This would ensure that a community builds around ShmooCon. The downside is that lots of people can’t get in..which brings me to:

Option 2: The Venue

The Wardman Park Mariott has been a great venue for ShmooCon, but the available space really limits the number of attendees. As I mentioned before, demand for tickets is significantly higher than supply. You can fix this in one of two ways: decrease demand (by raising the price) or increase supply (by changing to a larger venue). Personally, I’d like to see the venue grow rather than the price. I understand, however, the Shmoo group’s hesitance to do so. They have a good relationship with the WPM and the size is “manageable” for their staff. A larger venue would introduce a number of logistical nightmares they would rather avoid (this is an assumption on my part).

So raise the price.

Option 3: The Price

I know, I know. You want to keep the prices down. Honestly, all you are doing is making the profits bigger for the people who buy the cheap tickets and sell them on ebay for the REAL going rate….and forcing the stampede at ticket release time.

The problem is: you can’t have it both ways. You can’t have a limited venue AND get everybody in who wants to come. This is why they didn’t hold Woodstock at Radio City Music Hall. By holding the conference in a small-ish venue, you have CREATED the exclusivity. There is nothing wrong with exclusivity. Use it. Profit from it….and use the profits to make the Con even BETTER.

One way to find the REAL going rate of your tickets is to let the open market determine it. Just list ALL the tickets on ebay, in waves, and see how much they go for. I’m willing to bet they would go for $250-$300 on average. Certainly cheaper than they sell for now, and I’d feel more confident buying them directly from the Shmoo Group rather than some shady seller. There’s nothing stopping some sneaky ass from selling the same barcode over and over again on ebay (or barcodes from previous years)…might be happening right now. Nobody would know anything was wrong until all the buyers showed up at the Con and tried to get in.

I’m genuinely disappointed that we won’t be attending this year. We really like ShmooCon and we really like the people who make it happen. I hope that they can find a way to keep it the Con they always wanted it to be, yet still be fair to the people who are willing to pay to attend.

Feb 3 UPDATE: ShmooCon 2010 tickets have sold on eBay for as much as $667. The 20+ tickets I can see that sold on eBay since late January (as far back as their history goes) have sold for an average of $443.

2 Comments :, , , , more...

The Badly Broken Shmoocon Ticket System

by on Jan.01, 2010, under Whining

Once again, ticket sales for Shmoocon proved again how badly broken the system is..  It went from broken-website to “sold out” in about five minutes.

shmooticketbullshit

shmooticketbullshit2

Update:  More proof that the system is fundamentally broken.    The ticket scalpers are already showing up on Ebay…

on-ebay-already

Leave a Comment more...

Why even ask me for a username?

by on Nov.20, 2009, under Whining

From the Administrative Login Page of a Kyocera Copier comes this nugget of javascript wisdom:

lsPassword = window.document.frmLogin.elements[“PASS”].value;

var liSize = lsPassword.length;

if(window.document.frmLogin.elements[“USERNAME”].value != “Admin”)

{ alert(“Please enter valid username.”);}

Leave a Comment more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!