Wednesday, July 29, 2015

Make a run for the border

Just testing the embedding of Vine videos.

This particular video, by the way, is one of me at a trade show in Washington, DC in March. The product is my company's MorphoWay gate which reads information on a passport and confirms that the person passing through the gate is the person on the passport.

Monday, July 27, 2015

Overcoming illusory superiority

Are you an above average driver?

Do you think you're an above average driver?

Back in 2011, Allstate looked at that very question:

Nearly two-thirds (64 percent) of American drivers rate themselves as "excellent" or "very good" drivers.

So do we have a positive attitude about ALL drivers on the road? Not exactly.

American drivers' positive self-rating is more than twice as high as the rating they give to their own close friends (29 percent "excellent" or "very good") and also other people their age (22 percent).

In other words, Josephine thinks she's a great driver and Wayne is terrible...while Wayne thinks he's a great driver and Josephine is terrible.

They can't both be right.

Another example of this was found by the AAA Foundation for Traffic Safety. Its most recent survey of traffic culture attitudes repeated something that the AAA Foundation had observed in prior years.

As in previous years, the survey also highlights some aspects of the current traffic safety culture that might be characterized most appropriately as a culture of indifference, in which drivers effectively demonstrate a “Do as I say, not as I do” attitude. For example, substantial numbers of drivers say that it is completely unacceptable to drive 15 mph over the speed limit on freeways, yet admit having done that in the past month.

Of course it's OK for us to speed, since we're above average drivers. The problem happens when all those other incompetent drivers speed. Right?

These are just a few examples of the phenomenon of illusory superiority.

Illusory superiority is a cognitive bias that causes us to overestimate our positive qualities and underestimate our negative qualities. People tend to think their memories are better than they are, that they're more popular than they are, or that they're healthier than they really are.

This can be a challenge in business, if you are offering a product that people desperately need...but the consumers themselves don't think that they need it. Sticking to the driving example, I've been to traffic school after receiving a traffic citation. The citation was a wake up call; after receiving it, I said to myself, "Hey, I'm a bad driver. I'd better go to traffic school."

Actually, I didn't do that. I went to traffic school because it was better than the alternative of not going to traffic school. In essence, I only went because I was forced to do so.

After all, I didn't need to go to traffic school. I'm an above average driver.

So if you're marketing a product, and you have to battle illusory superiority in your potential customer base, how do you overcome it?

Friday, July 24, 2015

Maybe Howard Schultz IS Harlan Koch

I love it when I'm wrong.

Way back in 2009, I took Starbucks' Howard Schultz to task after hearing that Starbucks was going to cut back on the types of fresh coffee that it was offering to its customers. In my post, I talked about people who were passionate about their products - Harlan Sanders of Kentucky Fried Chicken (not KFC) fame, Jim Koch of Samuel Adams fame, and a younger Howard Schultz, who was so passionate about coffee that he actually left Starbucks for a while and started Il Giornale. Since 2009, I have used the character "Harlan Koch" to emphasize someone who is really, really passionate about a product.

But you don't just have to be passionate about the product. You can be passionate about other parts of the experience.

Take one company head who recently made the following comments:

Two years ago I reported on the seismic shift in consumer behavior that would significantly impact traditional bricks-and-mortar retailers. I was not clairvoyant. Since then, many traditional retailers have responded simply by substantially increasing their digital advertising budgets — significantly driving up their customer acquisition costs and producing little to show for it. We, on the other hand, took a very different approach.

What did this company head do?

By further enhancing our already world-class digital technologies through the introduction of capabilities like Mobile Order & Pay — and soon to be delivery — and expanding our loyalty program, we are driving traffic as reflected in the 4 percent growth in traffic seen in Q3.

Basically, the company leader was passionate about the way that he was doing things, and everyone else be damned. His company wasn't going to offer deals on Snapchat just because Snapchat was cool. His company was going to do things that actually got his product to his customers, and he saw results from this.

You've probably guessed who the company head is, but if you haven't, these financial results from PYMNTS should clarify things.

Starbucks CEO Howard Schultz has always said that Starbucks is an “undisputed leader in mobile commerce.”

And he uses the mobile stats that he presents each quarter as fodder to support his claim. And the company’s third-quarter earnings call yesterday (July 23) was no exception.

Schultz shared that Starbucks’ mobile transactions now account for 20 percent of all in-store sales — more than 9 million mobile transactions a week — and a 4 percent increase in foot traffic.

“Our mobile commerce platform is literally stronger than ever,” Schultz said, noting that the 20 percent figure was more than double the mobile transaction sales figures seen just two years ago.


You already know about my anecdotal experience. Since my first trial use of Mobile Order & Pay, I've used the service several additional times, with success. Frankly, it's convenient; punch in the order before I start the car, then pick it up a few minutes later.

And many people obviously agree with me.

So Howard Schultz appears to be reclaiming his Harlan Koch credentials. He's already passionate about what he drinks; now he just needs the white suit.

Thursday, July 23, 2015

Living wages and family-owned tilapia suppliers

The news around here, as it probably is in your part of the country, is living wages. The unincorporated parts of Los Angeles County will be the latest areas that will eventually require a "living wage" of $15 per hour.

However, no living wage ordinance can fully affect wages. While the people who work in the unincorporated areas of Los Angeles County will get the wage, people who work for suppliers outside the county will not.

And I'm not just talking about workers outside the United States.

(A little secret: if you want illegal immigration to the U.S. to dry up, just use NAFTA or some other vehicle to require Mexico to pay a living wage of $15 per hour. Of course, then Mexico will get all sorts of illegal immigrants from Central America.)

I don't know if Whole Foods Markets has any stores in unincorporated areas of Los Angeles County, but Whole Foods happens to sell tilapia. Yes, vegans are outraged, but Whole Foods sells tilapia. Whole Foods (at least in New York) sells tilapia that comes from a family-owned firm called Quixotic Farming.

Quixotic Farming is an environmentally conscious, family-owned company that raises Tilapia without the use of chemicals or hormones in Colorado and Missouri. The company began when its owner discovered the benefits of a fish raised in the United States that can be traced from our farms to your plate. Our fish thrive in an amazing filtration and recirculation system that gives our Tilapia a cleaner taste, and your family a safer choice for fish.

Warms your heart, doesn't it?

But there's a catch - some of the U.S. based workers who construct the fish tanks and raise the fish are sometimes pay $4 an hour...and sometimes $0.74 an hour.

How is that legal?

Simple. They're prison inmates:

Quixotic Farming, a family-owned tilapia farming company with farms in Colorado and Missouri, pays Colorado to have inmates construct fish tanks and then raise tilapia for it. The department gets 85 cents a pound for the tilapia. Quixotic then sells to vendors. Tilapia was being sold for $11.99 a pound at Whole Foods on a recent day in New York. Inmates are paid as little as 74 cents to as high as $4 a day.

The program is defended because it teaches inmates valuable skills, cuts the recidivism rate, and makes a little money for the prison system to boot. But others aren't happy.

Alex Friedmann of Prison Legal News and a prisoner rights' advocate said, "It's basically exploiting prisoner's labor. It's strictly exploitation from our perspective."

It should be noted that Whole Foods is not the only company that sells products from Quixotic Farming. HyVee also sells its products. And, of course, this isn't the only farming product that is produced by prison labor.

Do prison laborers deserve a living wage? Or should that be reduced because they have the "benefit" of free housing?

And if Jameis Winston ever gets in trouble again, will he end up working for a prison crab legs supplier?

Monday, July 20, 2015

Americans know nothing about "big data"

In Silicon Valley, Boston, Los Angeles, and elsewhere, you can hear a lot of us Americans prattling on about "big data," and about our expertise in big data.

But if you really want to understand big data, you have to go to a place where the total population isn't measured in the mere hundreds of millions.

China's not technologically there yet, but India certainly is.

Dataquest recently wrote about an Indian company that performed data analytics on 81.4 crore voters. And if you don't know about the crore unit of measurement, you'd better learn or be left behind (not in the dispensationalist sense).

The large numbers of voters weren't the only issue that Modak Analytics faced:

Some additional challenges were peculiar to India — voter rolls were in PDF format in 12 languages. Modak Analytics had to analyze over 9 lakh PDFs amounting to over 2.5 crore pages to be deciphered for any analysis. This data was mapped to 9.3 lakh polling booths across 543 parliamentary and 4,120 assembly constituencies.

“Every state had the data in their own vernacular language. For example, Tamil Nadu had the data in Tamil, Maharashtra in Marathi and Karnataka had this data in Kannada. To do any kind of data analytics, it was important to convert the data into a single language."


To overcome these and other challenges, Modak Analytics had to perform a lot of automation in its analysis.

Read the details here.

Friday, July 17, 2015

Hey, Zuck, how's the wife? Uh...why are you ignoring me? I THOUGHT YOU CARED!

One of the tiredest phrases in business is the phrase "we care." Now perhaps the phrase is believable when you're talking to a small business owner who is handing out free lemonade at the Fourth of July parade, but even in that case you know that there are ulterior motives behind the caring.

And when a multinational corporation posts pre-printed signs that include the phrase "Because we care," I immediately roll my eyes.

But a corporate person doesn't need a physical presence to demonstrate its "caring" attitude. Here's part of something that greeted me on Facebook this morning.


In this particular case, the picture was unremarkable. It was something that I found online that changed the word "music" to the phrase "the sound of music." Ha ha, I said to myself two years ago as I shared the picture and tagged my Facebook friend who is a complete "The Sound of Music" fanatic. Seriously. When she lived in California, and "The Sound of Music" came on TV, forget about communicating with her for the next few hours.

Now a few weeks ago, the caring company Facebook did share an old picture with me that was a little more memorable. So Facebook's old picture algorithms, like its suggested posts, are hit or miss.

So why did Facebook feel the need to dredge up this hopefully pleasant memory from two years ago? Read what appeared after the old picture.


Now there are two ways to read this statement. One, completely vetted by caring Facebook lawyers, is an assurance that this old memory is currently only visible to you, and not to anyone else. Facebook isn't just strewing your old memories around everywhere.

Of course, there's another interpretation of the statement - one that people (not me) would call the sociopathic interpretation.

OK, JOHN, WE'VE DONE OUR WORK IN DREDGING THIS INFORMATION UP THAT WAS ONCE IMPORTANT TO YOU. NOW IT'S YOUR TURN. YOUR TASK RIGHT NOW IS TO CLICK THAT "SHARE" BUTTON BELOW AND ENGAGE MORE PEOPLE, ALLOWING US TO REUSE OUR CONTENT (IT'S NOT YOUR CONTENT ANY MORE) ONE MORE TIME, TO GET PEOPLE TO STAY ON FACEBOOK LONGER. CLICK THE SHARE BUTTON. FEED THE BEAST. DO IT NOW.

Let's...um, face it; in 2015, Facebook wants to keep you in the walled garden just like they did in 2009. I linked to a Steven Hodson post on that very topic.

It is this place that Facebook strives to give the illusion of openness while at the same time making sure that none of the potentially lucrative data they are collecting every minute after every second....

Already Facebook is in position to cause Google a lot of financial pain as more and more traffic is being driven blogs and websites from within the walls of Facebook. The battle of SEO supremacy may already have been lost without a shot being fired. Google’s big guns of SEO have come up against an enemy that doesn’t need to rank anything because its members are more interested in what their friends suggest rather than cold analytically produced results. To top it off Facebook is the biggest part of the web that Google’s spiders can’t crawl.


And the situation hasn't changed much today. Most tech companies have a short shelf life, but Facebook is not one of them. Example - CBS News has been around for almost a century, and is in the business of providing news to consumers via television and streaming services. A media company itself, CBS News has its own page on Facebook. Heck, even Google has its own page on Facebook.


So why would Google set up a page on its fiercest competitor?

Because Google cares.

Why I explicitly included "parbunkells" in this post's title

PYMNTS.COM has an interesting story about an artist and a billboard:

[Julia] Weist, a New York-based artist, was allocated unused billboard space belonging to outdoor advertising company Lamar by artist initiative 14×48. The latter organization’s very purpose is to temporarily re-purpose unused advertising real estate as a display for artists’ work, until such time as someone ponies up to lease the original blank canvas.

So what did artist Weist choose to do with the billboard space? Using Apple Garamond font, she put a single word on the billboard: "parbunkells."

Why that word? Because, at that time, the word could not be found on the World Wide Web. Weist found it in a rare book, and just threw the word up there.

So what happened?

Her personal website, which just happened to include that same word, got an increase in traffic.

As her personal website notes, she programmed a lamp in her residence to turn on when her webpage is visited. For her sake, I hope the lamp isn't in her bedroom.

Weist has been interviewed by the New Yorker.

Finally, and most importantly, Julia Weist's name has been mentioned in the Empoprise-BI business blog.

Talk about reach.

Oh, and a lot of businesses really want to see her website traffic analytics.

If you want to perform the experiment yourself, you don't have to go to the rare books library. You can just randomly create a word of your own.

Just don't use tymshft. It's been done.

Thursday, July 16, 2015

On unsavory name associations

One of the duties of my new job - and, frankly, one of the duties of my old job, and of your job - is to keep abreast of ALL news that could positively or negatively impact your company. In my typical "I am not trendy" way, I was late to the party in one instance, because I did not discover this press statement from my corporate parent until some time after it was released.

07/09/2015
Press statement - Morpho (Safran) has no link with the « Morpho » hacker group

Morpho (Safran), a global leader in identity and security solutions, learned yesterday that reports and associated articles are circulating within media and social media channels concerning the emergence of a corporate espionage group named “Morpho”.

To avoid any confusion with our customers and partners, we formally state that there is absolutely no connection with the aforementioned hacker group and Morpho.

Our activities are fully dedicated to ensuring a safer digital and physical world.


Needless to say, if your company's mission is to ensure a safer digital and physical world, it can be quite distressing to have a hacker group use the same name as your company's name. Luckily for us, by the time I finally heard about the whole affair, Symantec was now referring to the hacker group as "Butterfly.". Good - unless you're Crazy Town, Heart, or Bob Carlisle.

But my company isn't the only one to be hit with an association that we didn't like. Take this incident from the 1980s, chronicled by Peter Kramer. For those who weren't around in the 1980s, let me clarify one teensy weensy thing: U.S. President Ronald Reagan didn't like the Soviet Union. As Kramer notes, President Reagan gave a speech on March 23rd, 1983 in support of the defense budget that he had submitted to the U.S. Congress. As part of this speech, which referenced a then-unnamed program designed to defend the United States against a Soviet attack, Reagan referenced the following:

...a decision which offers a new hope for our children in the twenty-first century...

A new hope? Some of you can see where this is going.

The next day, on March 24, Senator Edward Kennedy was on the floor of the U.S. Senate. Now Kennedy had been known to work with his political opponents - he famously cosponsored a bill with fellow Senator Dan Quayle, and admitted long after the fact that President Gerald Ford did the right thing for the country when pardoning Richard Nixon. But Kennedy was also known as a fierce battler. And he didn't like Reagan's idea one bit, saying that the President was engaging in

...misleading Red Scare tactics and reckless Star Wars schemes...

So by March 1983, Reagan's program had a name. Actually, it got an official name a year later, when it was called the Strategic Defense Initiative. But everyone still called it "Star Wars."

This perturbed a certain resident of Marin County, California. Now it's no surprise to know that the people of Marin County, California were no great fans of Reagan. However, this one resident was especially perturbed because he - George Lucas - was responsible for a series of popular films known as "Star Wars." The fact that Reagan had also used the phrase "evil empire" to refer to the Soviet Union didn't please Lucas, either.

In 1985 Lucas brought a suit against two advocacy groups that campaigned for SDI, intending to forbid them the use of the `Star Wars' label. However, in November 1985 US District Judge Gerhard Gesell ruled that anyone could use the term `Star Wars' in `parody or descriptively to further a communication of their views on SDI'. As far as Lucas was concerned, the dark side of the Force seemed to have won.

To add to the sting, Judge Gesell was the same judge who had presided over the trials of many key Watergate figures. For Lucas, who had based his Emperor character on Richard Nixon, that must have been a crushing blow.

And what of SDI? It kinda sorted...um, morphed into a new system under the Clinton Administration, and Ronald Reagan had a ballistic missile defense test site named after him.

And no, it's not off the coast of Marin County.

Wednesday, July 15, 2015

Making an Exceptional Sales Presentation...when you're not at the presentation

Chris Peterson of Vector Firm wrote a post for the Security Industry Association blog entitled "Making an Exceptional Sales Presentation." He spoke of three key ingredients, two of which I'm not going to cover. (Read his post.) But I do want to elaborate on a point that he made regarding his first key ingredient, "Write the presentation before building the Power Point." When discussing this, he said the following:

A PPT should support the story; it shouldn’t *be* the story.

On the one hand, I heartily agree with Peterson. I have given presentations numerous times, and realize that the focus of the presentation is the words that I am saying, as supplemented by PowerPoint or music or gadgets or whatever else I use to, in Peterson's words, "support the story."

On the other hand, many sales presentations are given to multiple audiences - the audience that was there during the presentation, and the audience that was not there.

Let me give you an example. A computer software company is giving a presentation to a government agency. The government agency is represented by its Assistant Director, along with various staff members. The computer software company is represented by a suit and a t-shirt. With an artfully designed PowerPoint presentation in the background, the t-shirt shows the insanely great software, while the suit explains the benefits to the agency, telling a few stories along the way. The suit and t-shirt answer questions, suggest options, and hold what appears to be a very successful meeting. The agency people are also pleased.

Next Monday, everyone meets with the Director and provides a summary.

"I'd like to see the presentation," the Director says.

So a staff person at the agency contacts the suit at the software company and asks, "Can you send me a copy of your presentation from last week? The Director wants to see it."

A PDF file is dutifully passed on, and the Director opens the four-slide presentation.

Super-Duper Software
Allowing Your Agency to Provide Better Services for Less Money

Super-Duper Software Demonstration
Agnes Harvard
Sr. Software Engineer
MegaCorp, Inc.

Benefits
John Gonzalez
Business Development Manager
MegaCorp, Inc.

Questions


The Director, underwhelmed by the slides, calls the Assistant Director. "I thought you said that this was a great, informative presentation! I got nothing out of it!"

The Assistant Director replies, "You had to be there."

So how do you balance the need to cater to the multiple audiences who view a sales presentation?

Tuesday, July 14, 2015

If you're a Muslim imam driver for a non-licensed taxi service...

In business and in life, there are continuing debates regarding the freedom to say what you want to say vs. the responsibility to ensure that statements are accurate.

Or approved.

Canada, like many other Western countries, is battling small groups of extremists. In an effort to control the activities of one such group, Canadian Senators have drafted some recommendations. One in particular caught the eye of many:

Recommendation No. 9 in the report – the push to certify imams – calls on the federal government to “work with the provinces and the Muslim communities to investigate the options that are available for the training and certification of imams in Canada.”

Presumably such a certification would only be granted after the imam in question swore on a stack of Bibles - whoops, maybe not - that the imam would never ever ever advocate shooting up everyone in sight on Parliament Hill.

Of course, that would never happen in my own country. We'd just outlaw imams.

The whole idea of certification and licensing is not just confined to expression of religious views. As I noted in a Tad Donaghe thread on Facebook, one of the reasons why people object to Uber and Lyft is because their employees - I mean contractors - do not submit to the same regulations that are imposed on taxi drivers. For example, here are the differences between Uber drivers and taxi drivers in Ocean City, Maryland:

The main complaint is that while Uber drivers are required to go through a background check, an application process and have a certain type of vehicle, they don't have to jump through the same hoops as cab drivers. Those obstacles include inspections, stickers, a special type of insurance and, in the case of Ocean City drivers, a medallion. This can cost up to $7,000 to buy, depending on who it's bought from, and $500 to renew each year....

The annual inspections for Ocean City taxi's cost $150, and the annual drug screenings cost $120. Uber drivers don't have to abide by that, nor do they have to operate under the price cap that taxi drivers have to.


So if you're an unlicensed imam in a political jurisdiction that requires imam licensing, and you also work for Uber or Lyft in a jurisdiction that requires taxi licensing, you could run into some problems.

And it could be even worse.

As you drive your customers from place to place, you could dispense medical or legal advice. Then you'll REALLY be in trouble.

Friday, July 10, 2015

MTPAS, peer-to-peer mobile communications, and .@TerraNetAB - what's in it for me?

In situations ranging from mobile phone use to grocery shopping, the usual procedure is to set up some type of centralized system to manage the service. For example, the person who runs your local Walmart doesn't have to spend the day trying to find goods to sell in the store; there are people in Arkansas who take care of such things.

But what if something happens? What if Ontario, California's water supply becomes contaminated, and everyone runs to the local Walmart to buy water?

Or what if a bomb goes off in central London, and everyone in the area wants to use their mobile phones? And I mean EVERYONE.

At times of crisis communications are essential. The emergency services need to coordinate their response while the general public want to contact loved ones and find out what’s happening. The problem is that there simply isn’t enough capacity for everyone to use the networks simultaneously, particularly in densely populated areas like central London.

Networks of all types are designed to cope with typical traffic demands, and so in exceptional circumstances they become massively overloaded.


Economics teaches you that there are ways to resolve spikes in demand. For example, when everyone is running to the local Walmart to get water, Walmart can respond by raising the price of water.

In the case of central London, where a bomb did go off in 2005, a different scheme was used - not allocation by money, but allocation by power.

On July 7 2005, police requested O2 to invoke...Access Overload Control or ACCOLC...within one square kilometre of the Aldgate Tube Station for a period of four hours.

For the benefit of dumb Americans like me, O2 is a British mobile phone service provider, and ACCOLC (since replaced by MTPAS) is a privileged access scheme that allows the mobile phone network to be limited to privileged users, such as police and emergency personnel.

So when the police requested O2 to invoke ACCOLC, most people were shut out of the phone network. While this prevented your average Nigel or Ian from ringing up their wives to say that they hadn't been blown up, it did allow police and emergency personnel to get their calls through. Mostly.

Unfortunately this was only partially successful because not all emergency service personnel at the time had [the correct SIM cards in their phones to access the privileged network], which meant their calls were blocked too.

Much of the material in this post is based upon a Nigel Linge post entitled "When the phones went dead: 7/7 showed how disasters call for tomorrow’s tech." Professor Linge's post discussed the issues of allocation of scarce network space in the event of a crisis, and how the technology - and the demand - have moved forward since 2005.

But what if you didn't need the central authority to allocate the service? What if the local Walmart manager ignored Bentonville and bought a few million gallons of water directly? And what if the mobile phones on 7/7 didn't depend upon towers? In the comments to Professor Linge's post, Louis Lavery raised the second possibility:

Mobiles receive and transmit and can, if so rigged, contact one another direct, maybe hopping from one to another to make a more remote connection - without use of a service provider. What we have is a centralised system, we ignore totally the other half - a decentralised system. If we had both, or hybrids, we'd have a far better and a more robust system capable of functioning even if fixed relay points go down. But who's going to start up such a system when there's no easy way to cornering the profits? Crowd funding maybe?

Lavery notes the problem - O2 or Verizon or AT&T or whoever isn't going to want to invest a ton of money into the development of peer-to-peer communications. What's in it for them? When a Swedish company (TerraNet) pioneered the idea in 2007, most large companies stayed away. TerraNet is still around today, but I see a distinct lack of customer success stories on the site.



Of course, a really big customer - such as the police - could tell the phone vendor that they have to provide peer-to-peer communication in emergencies, or else the police won't buy phones from them.

Thursday, July 9, 2015

Get off my lawn, selfie biometrics d00dz!

Via Klout, I was led to a CNN/Money article that touches on the industry in which I am employed. As the article notes, MasterCard is partnering with cellphone manufacturers and banks to use fingerprint and/or facial biometrics to authorize phone-based purchases.

The article touches upon a number of serious issues that affect my industry, including spoofing, the type of data that is to be stored (image or template), and the location of the data storage (phone or server).

But I'm going to ignore the serious issues. Because biometrics is like kewl and stuff.

Don't believe me? Ask Ajay Bhalla of MasterCard:

"The new generation, which is into selfies ... I think they'll find it cool. They'll embrace it."

I have been in the biometric industry for a long time. So long, in fact, that I view Bhalla's statement through the prism of a song released over 30 years ago by Frank Zappa, featuring his daughter Moon Unit. If Bhalla, rather than Zappa, were writing the lyrics to "Valley Girl," they'd probably go something like this:

So, like, I wanted to get my nails done because they were like TOTALLY grody, and I went to that new place in the Westside Pavilion. So it was time to pay, and the lady said "Just take a selfie!" So like I took one, and my bank paid it and all, but my face was totally scrunched up and gross and if that picture ends up on Snapchat I will never be able to show my face at school again!

To be fair to Bhalla, he is not this generation's Ludo Cremers. Bhalla is seriously interested in ensuring that MasterCard's offerings are "at the leading edge of safety and security," and he is paying as much attention to the back-end as he is to the front-end.

But I was curious to see if anyone else has used "biometric" and "selfie" in the same sentence. And one of my favorite biometrics news sites, FindBiometrics, fused the words together in January 2014.

[B]iometric security tech company Facebanx announced the launch of its newest software solution that allows for security by way of selfie.

The solution is multifactor in nature, combining Facebanx’s face and voice biometrics to replace passwords on smartphones, tablets and PCs. According to the company the solution performs with an accuracy of 99.8 percent, measuring the user’s face metrics with a front facing camera and combining that with their voice print, captured by having the user speak aloud a four digit numerical one time password (OTP).


In passing, I should note that the multifactor aspect is key. When I started in the fingerprint identification industry many years ago, there were fingerprint companies, and then there were separate facial recognition and iris recognition companies. As time went on, many in the industry (notably Robert LaPenta) realized that future biometric applications would require multiple biometrics, and therefore these separate companies started merging together to offer multifactor solutions.

[TIME FOR THE DISCLOSURE: ROBERT LAPENTA'S COMPANY WAS EVENTUALLY BOUGHT BY THE FRENCH COMPANY MORPHO, WHO RENAMED IT MORPHOTRUST. MORPHO IS ALSO THE PARENT OF MY EMPLOYER, MORPHOTRAK.]

OK, enough serious stuff. Back to selfies. Despite my advanced age (when I think of Frank Zappa, I think of "Smoke on the Water"), I realize that it is necessary to inject phrases such as "selfies" into the biometric conversation. But what's next? Twerking?

However, even the terms "selfie" and "twerking" are several years old, and are probably ignored by anyone in a valued target demographic (as opposed to the non-valued ones). Now, civil libertarians worry that the FBI is on fleek turn up thirsty for info on my bae. However, professionals in the industry worry that companies are not dope to new trends, although the companies think winning.

P.S. And why did I choose to insert the Westside Pavilion into Moon's dialogue, even though it didn't exist when "Valley Girl" was released? Because of another dated reference. (Heh.)

Tuesday, July 7, 2015

(empo-utoobd) On Devangelism and Quora Banning - Warning, Explanation, and Recourse

In the early 1980s, the company then known as Apple Computer took the religious term "evangelism" and applied it to secular concerns - well, I guess it's secular if you don't consider the Cult of Mac to be a religion. However, although Apple Computer employed and paid salaries to "evangelists," it recognized that some of Apple's best evangelists were, and are, people who are so enthusiastic about Apple that they sing the company's praises through word of mouth.

By the same logic, if someone is so unenthusiastic about a company that he or she spreads negative word of mouth, I guess you can say that person is a "devangelist." While some use this term to refer to developer evangelists, others (h/t) use it to refer to the opposite of evangelism - rather than attracting people to your god or your cause, you are instead driving them away.

As my previous entries in the "empo-utoobd" category show, I guess that I have become a devangelist for YouTube, ever since YouTube permanently disabled my account in 2009 without warning and, until 2013, without explanation. The 2013 explanation? According to Google, I violated TOU #4 Section H (You agree not to use or launch any automated system, including without limitation, "robots," "spiders," or "offline readers," that accesses the Service in a manner that sends more request messages to the YouTube servers in a given period of time than a human can reasonably produce in the same period by using a conventional on-line web browser....). And yes, it still bugs me, especially since I don't even know how to launch such an automated system, and since I have no recourse to rectify the issue.

Well, unless things are rectified soon, it looks like I may be devangelizing another service.

On Sunday night, I used one of my mobile devices to start up the Quora app, and noticed that I was being asked to log in. That's odd, I thought. When I did log in, I was not allowed to access Quora. Eventually, after trying to log in on other devices, I figured out why.


Yup...I've been banned by Quora.

Remember how my YouTube account was permanently disabled with no warning, (initially) no explanation, and no recourse? Let's see how Quora measures up.

I figured that I'd check the email associated with my Quora account to see if there was any notice saying why I was banned. The last email that I received from Quora, on July 4, was a Quora Digest (What do Americans think about Bobby Jindal?) The message that I received on July 2 mentioned nothing about banning.

Quora Moderation has flagged your answer to "What possible alternatives are there to Facebook's "real names" policy?" as not complying with policy.

Your answer should be a comment

Answers that do not answer the question will be collapsed.

To request clarification on a question or make commentary on the question itself, a comment should be used, not an answer. Answers should only be used to directly answer the question.

For more information, see Quora's policy on comments.

To make these improvements, visit:
http:/​/​www.​quora.​com/​login/​auto_login?.​.​.​


Re-reading the message again, I see that reading the first three paragraphs alone may not have been enough. I figured that my answer was flagged and collapsed, and that was the end of it. But buried at the bottom was the "To make these improvements" text.

Was I banned for not removing an answer that had already been collapsed, as well as for one other violation? (Note that I have apparently been banned for "repeated policy violations.")

So, on Monday afternoon, I sent the following message to the Appeals address at Quora.

Dear Appeals,


Since July 5, I have received the message above when I attempt to log in to my Quora account.

The only violation of which I am aware is the one documented in the July 2 message below. I had understood - perhaps mistakenly - that the answer in question would be collapsed.

Was I supposed to actually delete the answer in question?

Since the banning notice mentions "repeated" violations, is there some other item(s) that need(s) correction for my Quora account to be reinstated? If so, how can I make these changes since I am not able to access the service?

Thank you for your reconsideration.

John Bredehoft


After sending that message, I got the following reply from Quora. You know how the message told me to send my appeal to appeals@quora.com? Apparently I'm not supposed to do that.

Hello,

Thank you for writing in!

We receive many appeal requests each day and will work to get to your appeal as quickly as possible. In order to better assist you with your appeal, we ask that you please forward your appeal request to one of the following addresses:

appeals+ban@quora.com - If your appeal is in regards to a banned account.
appeals+name@quora.com - If your appeal is in regards to a name change.
appeals+anonymity@quora.com - If your appeal is in regards to your anonymity.***
appeals+bnbr@quora.com - If your appeal is in regards to a violation of our Be Nice, Be Respectful policy.
appeals+spam@quora.com - If your appeal is in regards to content that has been marked as spam or not disclosing relevant affiliations.
appeals+other@quora.com - If your appeal is in regards to any other violation.

***Appealing revoked anonymity: Please be aware that you will have to include a link to your anonymous content when appealing revoked anonymity. By providing us a link to your anonymous content, we may be able to link your anonymous activity to your email address. If you are not comfortable with this, please make sure to email us from a throw away email address.

To learn more about our policies, please visit the following links:

* Banned accounts - http://qr.ae/EJe7p
* Spam - http://qr.ae/IVyaF
* Relevant affiliations - http://qr.ae/EJiEn
* Anonymity - http://qr.ae/EJaob
* BNBR - http://qr.ae/EJaiQ
* Name change - http://qr.ae/jNpRh
* Quora policies and guidelines - http://qr.ae/EJeRT

Please make sure to include a link to the content that you are appealing, as well as a link to your profile URL. Due to the large volume of appeals that we experience, please note that we will only be able to provide you with a response if we determine that your appeal is valid.

Thank you,
The Quora Team


(Interesting aside from the "banned accounts" link: "In most cases, admins have the discretion to make edit-block and banning decisions based on their own judgment.")

I then replied:

As instructed, I am resending my message to appeals+ban@quora.com.

I was asked to provide a link to the content that I am appealing, as well as a link to my profile URL. Since I cannot log into my account, I do not know my profile URL - however, the email address associated with this account is [REDACTED]. As for the content that I am appealing, I only know of one violation, as I stated in my original message (reproduced below).


I then reproduced my original email to appeals@quora.com, including Quora's July 2 message.

Quora will presumably respond, either quickly or not to quickly, in one of three ways:

1. Documentation of all of my repeated policy violations (explanation). Ideally, Quora would also say how to correct these, and how to get my account reinstated (recourse). Or, Quora might say, "Sorry, bud" (no recourse).

2. A simple statement that I violated Quora's policies, with no explanation and no recourse.

3. Silence, which obviously implies no explanation and no recourse.

So I'm waiting for the response, mainly due to curiosity - did I really get banned for putting a comment in the form of an answer? Is Alex Trebek an investor in Quora?

Or perhaps I should take the advice of my former school classmate, who offered this comment when I discussed this on Facebook Sunday night:

Sounds like somebody did you a favor John

To be continued...

Thursday, July 2, 2015

Another...um, salvo in the privacy war - throwable cameras

When considering use of cameras, there are numerous distinctions that need to be made between public use and private use, and there are numerous distinctions that need to be made between lawful law enforcement use and other uses.

In most cases, with a few exceptions, the camera is located in a stationary position.

Well, add another exception to the list:

Unseen areas are troublesome for police and first responders: Rooms can harbor dangerous gunmen, while collapsed buildings can conceal survivors. Now Bounce Imaging, founded by an MIT alumnus, is giving officers and rescuers a safe glimpse into the unknown.

In July, the Boston-based startup will release its first line of tactical spheres, equipped with cameras and sensors, that can be tossed into potentially hazardous areas to instantly transmit panoramic images of those areas back to a smartphone.


So now law enforcement and public safety agencies will have this tool.

As will everyone else. You can buy the high end version for less than US$2,500.

And you know that these won't only be sold to law enforcement. (They may not have the money anyway.) I bet you Robert Scoble is using one to play catch with his kids right now. And who knows what will happen when the Jenner kids start tossing these around the house.

But the party may end soon. I'm sure that NBC, using the Late Night with David Letterman monkey cam segment as precedent, will claim that this is NBC's intellectual property.

Wednesday, July 1, 2015

The world we live in (and life on video)

[DISCLOSURE: MY EMPLOYER IS INVOLVED IN THIS INDUSTRY, AND REGULARLY DOES BUSINESS WITH LAW ENFORCEMENT AGENCIES.]

I was debating whether to include this story in the Empoprise-BI business blog, or the tymshft blog. While it fits in tymshft's "we never did this before" theme, the activities described here indicate how things are being recorded - not only by my employer's customers (law enforcement agencies), but also by individuals (Glassholes, TMZ contractors, and the like).

Back in June, Tucson station KVOA posted a story about a confrontation between a driver and police. Let me start by sharing the second paragraph of the story.

Just before noon on Friday, officers pulled a man over at 12th Avenue and Ajo Way. After the stop, he rammed multiple cars in a drug store parking lot. At least 3 officers shot at him as he pulled out on Ajo Way, according to Tucson Police Sgt. Kimberly Bay.

That isn't why I read the story. The part that caught my attention began in the third paragraph.

Cell phone video captured the truck colliding with another truck at 12th Avenue.

Let's face it - if people are walking around with their cell phones and see something extraordinary, at least some of them are going to go the citizen journalist route (or at least the "wait until my friends see this" route) and capture the event on video. And, as the 1991 Rodney King beating incident demonstrates, you don't even need a smartphone.

But that wasn't the only video that was captured.

Video provided by the city's photo enforcement camera vendor, American Traffic Solutions, shows he continued toward 6th Avenue where he ran a red light....

And the video shows much more than that, as the KVOA story notes.

Has government, business, and individual video capture affected our society? Just ask Ray Rice.

Or Eric Casebolt.

Tuesday, June 30, 2015

The Ignite Game

There are all sorts of games that you can play to make a conference more interesting. While I wasn't enamored with the whole marketing free thing, I had better feelings about unconferences, although when I presented at a 2008 unconference myself I had to be a little...um, agile about the presentation title.

Around that time (specifically, in 2006), a new parlor game came along called Ignite.

Imagine that you’re in front of an audience made up of your friends, family, and people from your community, about to present a 5-minute talk on the thing you’re most passionate about. You’ve brought 20 slides, which advance every 15 seconds whether you’re ready or not. You have a few last-minute butterflies, but off you go—and the crowd loves it. Welcome to Ignite.

Nine years later, Ignite has either entered the mainstream or jumped the shark - take your pick. The Association of Proposal Management Professionals included eight Ignite presentations in its 2015 conference, and plans to include ten in its 2016 conference.

Monday, June 29, 2015

#empoexpiire - In which unicityd's mind changes

Another in the #empoexpiire series. (See the other posts here.)

In 2012, unicityd reconsidered something that he wrote in 2006.

I previously posted a defense of password expiration on this blog. Since that time, my perspective has changed and I no longer consider password expiration to be a useful security measure. Here is my reasoning...

By 2012, unicityd had concluded that the benefits of a password expiration policy are relatively minimal. unicityd also noted that password expiration policies encourage a potentially bad behavior:

Frequent password expiration encourages users to pick weaker passwords and/or write them down*. That means we have to weigh any potential benefit from password expiration against the negative consequences of poorer password selection and management. If the user writes his password down and stores it in an insecure location, it is vulnerable to any local attacker (e.g. malicious insiders).

unicityd doesn't object to passwords stored in a secure location. unicityd just objects to some common practices to remember passwords that frequently change. And I'll admit that I have been known to write a password on a piece of paper and keep it next to my computer monitor.

Alan Henry, who was often asked to perform urgent computer maintenance for someone who had left for the day, was often able to perform the maintenance anyway because his users left their passwords in easy-to-find locations. (Henry's article, incidentally, includes a picture of a computer with a Post-It Note that says "ADMIN / ADMIN." One would think that an admin would never used the password "ADMIN," but sadly there are admins who do this.)

One of Henry's stories:

I knew one person who put post-it notes [with her passwords] on the bottom of their chair—she was livid when she arrived one morning to find a colleague had borrowed her chair for an impromptu meeting in her office next door.

More of unicityd's thoughts on password expiration can be found here>

Friday, June 26, 2015

NIMBY in Kansas - but if the National Bio and Agro-Defense Facility is not in Kansas, where can it be?

I haven't written about hazardous sites in a while. In 2014, I wrote about biohazards in Boston and nuclear waste in South Carolina. In both cases, there were proponents who really really wanted the facility in their town - primarily for economic reasons - and there were people who didn't want the facility there.

The latest story comes from Manhattan, Kansas, which came to my attention via Slate's Laura H. Kahn. It turns out that a facility that deals with biological samples, and which is managed by the Department of Homeland Security, is about to be relocated.

The U.S. Department of Agriculture established an animal disease research center on Plum Island, New York, in 1954, for the express purpose of studying foot-and-mouth and other deadly animal diseases. Today, in addition to foot-and-mouth, the center studies viruses like African swine fever, which, if inadvertently released, could devastate the U.S. livestock industry.

As Kahn sees it, the current facility location is ideal.

The isolated island sits off of the far eastern end of New York state’s Long Island, where the prevailing winds blow toward the ocean. If the foot-and-mouth virus—or any other airborne danger—escaped from the lab, the air currents would likely carry it beyond where it could cause harm.

Well, DHS wants to relocate the facility to Kansas State University in Manhattan, Kansas. And Kahn is not happy.

[I]t is absolutely mind-boggling that Homeland Security has decided to move the lab, to be known as the National Bio and Agro-Defense Facility, to the Kansas State University campus in Manhattan, Kansas, smack in the middle of cattle country and Tornado Alley.

Read the rest of the article here. Kahn, incidentally, "works on the research staff of Princeton University’s Program on Science and Global Security."

So if you agree that it's a really bad idea to locate a hazardous facility (such as a nuclear facility) in Tornado Alley, where do you locate it? Ideally, in a place that is not subject to natural disasters.

Good luck.

When Janey Osterlind tried to identify the 10 safest cities in America from natural disasters, Osterlind immediately ruled out a good chunk of the country.

From a list of American cities with populations over 100,000, those cities that had a higher likelihood of being struck by tornadoes (in Tornado Alley) were eliminated, as were those cities that were more likely to be hit by a hurricane (Gulf Coast cities and some Atlantic Coast cities). Cities that had a higher probability of experiencing a tsunami (Pacific Coast cities) or that were located near active volcanoes (concentrated in the Pacific Northwest) were also eliminated. Finally, cities in areas most likely to experience earthquakes (according to the U.S. Geological Survey) were removed from the list.

OK, so Manhattan, Kansas was not on Osterlind's list. But what about Long Island? It is subject to hurricanes.

And Kahn's working place in Princeton, New Jersey, was adversely affected by Hurricane Sandy.

So where did Osterlind recommend? Oddly enough, she put Chesapeake, Virginia at the top of the list. While Chesapeake does not have as many hurricanes as, say, New Orleans, it's not what I'd call an entirely safe place.

Many of the other sites were in a range between Pennsylvania and Minnesota - far enough inland to escape hurricanes, but not as likely to suffer tornado damage (although some of the area could be subject to tornadoes.)

Outliers: Henderson Nevada, Phoenix Arizona, and Provo Utah - all between Tornado Alley and Earthquake/Volcano Land. Of course, any worker in Henderson or Phoenix could fry to death in the summer heat.

What area is safe from a natural disaster? None.

Thursday, June 25, 2015

Java users, your long nightmare is over. Insert exclamation here.

I have reason to believe that one day, Larry Ellison went to his computer and engaged in his usual practice of asking questions with the ask.com toolbar. The question that he asked that fateful day was as follows:

Is Oracle doing everything it can to promote Java?

The ask.com toolbar replied:

Yes, master. People love Oracle's Java distributions. The fact that you provide helpful software with the Java installations by default is especially impressive.

Ellison smiled, but then he realized something. Is it good to question the ask.com toolbar about the usefulness of the ask.com toolbar? He decided that he had better get a second - and a third - opinion.

"Safra and Mark, thanks for stopping by," Larry said. "I wanted to ask you something - is Oracle doing everything it can to promote Java?"

"Glad you asked, Larry," replied Safra Catz. "People hate our guts."

Mark Hurd chimed in. "They can't understand why we'd bundle what they call 'malware' with Java, just for the sake of a few bucks."

Safra typed something on her (unreleased) Oracle tablet. "Look at what this noted blogger said back in 2013," she said. "He stopped installing new versions of Java and OpenOffice because of Oracle's policies."

"But we got rid of OpenOffice back in 2011," replied Larry.

"He didn't know that," said Safra.

Larry thought for a moment, said "Next slide, please," but then remembered that he wasn't giving a presentation. "So the bundling of the ask.com toolbar with Java is angering the very technical community that we want to court for our line of business products." He thought some more. "So I think that we should ditch our agreement with ask.com..."

Safra and Mark were about to jump for joy, but Larry continued.

"...and sign an exclusive deal with Yahoo so that we can fool Java installers into installing Yahoo as their default search engine! This will be great!"

As Safra and Mark left the room, Safra heard Mark mutter under his breath, "I wonder if HP will take me back."

Why is the SuperShuttle app so bad? The dangers of "condensed" apps

I was reading the information for a company's upcoming conference, and I noticed that the company had chosen SuperShuttle as its official shuttle provider. The material noted that SuperShuttle has an iOS app. Since I happen to have a SuperShuttle account, I figured that it would be a good idea to get the app.

While the app was downloading, I noticed that the review ratings were pretty low on the app, and I wondered why.

The first problem is that there is no way to log into account.

Ouch. So much for establishing all of that information in my SuperShuttle profile.

I figured I'd see if the app was usable anyway, but when I did, I encountered the problem mentioned by another reviewer:

When you select My Profile a message comes up saying "You don't have any profile information yet. Profiles are created when you book a new reservation.

After I removed the app from my phone, I began wondering how this could come to be. The app has apparently been out for several monthsyears, but still doesn't have a lot of functionality. And it's not a beta app, either; its official version is 1.8. So, what changes did SuperShuttle make in version 1.8 of the app in January 2015?

What's New in Version 1.8
Modified font for terms and conditions.


Well, that's important.

Still curious as to how this happened, I ran across a lot of material from 2010, when the iOS and Android apps were released. The problem is highlighted in a comment made by a SuperShuttle executive back in 2010.

“The target demographic is any iPhone or iPod touch user who travels,” said Ken Testani, senior vice president of global marketing and partnerships at SuperShuttle, Scottsdale, AZ. “We’re trying to provide a much easier way for folks to book their ground transportation and also track where their vehicle is when it is their time to be picked up.

“App users can book reservations, cancel reservations and it allows for folks to earn airline miles,” he said. “It pretty much mirrors the capabilities of our Web site’s booking engine, but I actually think the process is much easier using the iPhone app, because it’s a more condensed version."


Catch that? Because the app is "condensed" - a nice way of saying it doesn't have as many features as the web version - it's better.

“Any kind of travel service is really going to mobile, and we’d be missing the boat if we didn’t have a mobile app at this point—for the travel sector in particular it’s key to be mobile right now.”

So SuperShuttle has a mobile app - and over four years after its release, the mobile app won't let you log into your account.

Of course, part of the problem may be the partner that was used to complete the app. The 2010 article included a link to MobiLaurus, the company that worked with SuperShuttle on the app. I clicked on the link to mobilaurus.com, and got an error 404 from HostGator. A web search indicated some restaurant information at www.mobilaurus.com, but when I clicked on the site's index.htm page, I got errors also.

If MobiLaurus can't manage its own website, it's understandable why the app that it developed has so few features.

Wednesday, June 24, 2015

Why this online seller is NOT recommended by Angie's List

Angie's List has been around for a long time - as long as, say Yahoo. It's a curated service listing a number of local vendors that provide services.

Last year, someone else entered that market niche - Amazon, with a service called Amazon Local.

The question that immediately arose - when the big disruptor enters the services marketplace, after having already disrupted the book market, was Angie's List in trouble?

Perhaps. After Amazon Local's launch, some people on Angie's List started getting calls:

Kristin Baker, a "project launch specialist, used her account to contact a business and tell it: "I am reaching out to see if you would be interested in doing a similar offer on Amazon as you are doing on Angie's List."

...Samantha McDonald, an Amazon Local "regional marketing consultant," did the same thing, sending an Angie's List contact a message: "I'm reaching out to you because I work for Amazon.com and run our site in the Syracuse area that features local businesses to our Amazon.com shoppers in your area. We are looking to feature a chimney sweeping offer to our customers and I came across your business on Angie's List and see you have great reviews."


Seems legit, right? Except that to find out who is on Angie's List, you actually have to join Angie's List. And Angie's List doesn't like it if you take their lists to other companies...like Amazon.

Angie's List claims that Amazon Local and its employees breached and tortiously interfered with contracts by violating its membership agreement to identify credible service providers and solicit their business.

To steal this information, Amazon Local employees signed up for Angie's List accounts, some under false names and addresses, and searched for businesses, many of them far away from their homes, Angie's List says....Its membership agreement "explicitly prohibits the use of Angie's List's accounts and information for commercial purposes," according to the lawsuit.


Several statutes are cited as the basis for Angie's List's legal complaint, including the Stored Communications Act. And there are penalties for violating the Stored Communications Act.

This provision is intended to address "computer hackers" and corporate spies. The provision is not intended to criminalize access to "electronic bulletin boards," which are generally open to the public. A communication will be found to be readily accessible to the general public if the telephone number of the system and other means of access are widely known, and if a person does not, in the course of gaining access, encounter any warnings, encryptions, password requests, or other indicia of intended privacy....

If a violation of 18 U.S.C. § 2701(a) was committed for commercial advantage, malicious destruction or damage, or private financial gain, the violator could receive up to a year in prison and a fine as provided by Title 18, United States Code, for the first offense and up to two years imprisonment and a fine as provided by Title 18 for a second or subsequent offense. In all other cases, a jail term of up to six months and a fine under Title 18 could be imposed.


This law can apply in other situations, such as the allegations that the St. Louis Cardinals baseball team hacked the Houston Astros computer system.

Tuesday, June 23, 2015

The World Wide Web isn't

Remember how the World Wide Web was supposed to unify us, and was supposed to cross borders, and allow Twitter users in San Francisco to liberate the peoples of Egypt?

It turns out that connectedness is about as effective as a smuggling ship - technically able to illegally cross over borders, but fraught with peril.

Google Noticias is still dead. I previously noted how Google chose to shut down the Spanish version of Google news rather than conform to specific laws in Spain.

But Google isn't the only Silicon Valley company whose quest for world domination has been blocked.

A week ago, a Facebook product manager trumpeted an announcement of a new product. The trumpeting started as follows:

With a phone at everyone’s fingertips, the moments in our lives are captured by a new kind of photographer: our friends. It’s hard to get the photos your friends have taken of you, and everyone always insists on taking that same group shot with multiple phones to ensure they get a copy. Even if you do end up getting some of your friends’ photos, it’s difficult to keep them all organized in one place on your phone.

To help make this easier, today we’re announcing a new standalone app called Moments.

When you go to a wedding, for example, there are many people taking great photos throughout the day. You all want a quick way to share your photos with the friends who are in them, and get photos that you’re in back. The same is true for smaller events too, like a kayak trip or a night out.

Syncing photos with the Moments app is a private way to give photos to friends and get the photos you didn’t take. Moments groups the photos on your phone based on when they were taken...


Great! Then, product manager Will Ruben continues:

...and, using facial recognition technology, which friends are in them.

Excuse me for a moment while I do the disclosure:

[DISCLOSURE: MY EMPLOYER IS IN THE FACIAL RECOGNITION TECHNOLOGY INDUSTRY.]

It turns out that the facial recognition feature in Moments - which, in effect, drives the whole danged product - makes it a problem in some parts of the world.

So Europeans aren't going to get it:

It's unclear whether Facebook – which has its European headquarters in Ireland – is in private talks about the tech with the Irish Data Protection Commission.

The Reg sought comment from the watchdog....

An Irish [Data Proection Commission] spokesman has since responded to El Reg's questions. We were told on Wednesday morning:

"In relation to the app called Moments, as it is a US product only, we have not been consulted by Facebook Ireland on it, we would only expect to be consulted if it was being introduced in Europe.

"This office has not been consulted on any planned roll out of facial recognition products in Europe, we would expect to be consulted if such products are being considered for Europe."


Monday, June 22, 2015

#empoexpiire - How password expiration policies solve another problem - but are they the best solution?

I'm writing about password expiration policies under the hashtag #empoexpiire (you'll note that I try to choose unique hashtags). And I'll admit that while they're a hassle from the user perspective, there can be some justifications for them. Let's look at a 2009 post by Matt Weir that, among other things, details a really good reason to have password expirations.

I can't name the number of places where I've gone back a year latter for some reason and all my old accounts are still valid. Let's be honest, proper authentication revocation almost never happens when people leave, move on, or are promoted. This goes double for anyone who is a system admin, network admin, or basically has access to the good candy.

Think about this for a moment. If I, a mere mortal, leave a particular company, there's a chance that my account won't be deactivated. If I were a wise system administrator, and I left a particular company, there's an EVEN BETTER CHANCE that my account won't be deactivated. In other words, the people who have the knowledge - and the computer privileges - to do damage at a former employer are those who are most likely to still have the ability to do so.

What a password expiration policy does is to help automate authentication revocation. If someone hasn't logged in to the system in six months, then they are locked out regardless if someone remembered to delete their account or not.

Outstanding! If a company doesn't think to stop people from logging into accounts after they've left the company, then just force them out!

But there's a critical caveat here:

For this to work though you have to have true password expiration. You have to lock the account after a certain amount of time. If they log in two years later and all the system does is force them to choose a new password this doesn't help. This actually can cause a lot of problems.

What's the better solution? As part of a company's standard procedures when an employee leaves the company, deactivate the danged account.

P.S. As I was typing this post, I remembered that I have sysadmin access to a particular third party service.

A service that also has another sysadmin.

Who has since left the company.

I bet you can guess what I'm going to do after I finish typing this sentence.