Backwards Apostrophes

One of my pet peeves is backwards apostrophes, so you could imagine my discomfort when I walked into a store with these signs posted all over. I had to leave the store.

backwards_apostrophe

How does a big national chain make an error like this on such a grand scale? You’d think an error like that would jump out at the graphic artist who made the signs. Presumably a big marketing campaign has an approval chain. Did nobody spot the error?

Of course, the real problem is the so-called “smart” quotes feature of most word processors. They use a simplistic rule for trying to figure out if you intended for the apostrophe to be a left single quotation mark. The rule doesn’t work when the apostrophe belongs at the beginning of a word or a number. It’s time for real smarts in smart quotes.

Sony adds DRM against author’s wishes

It has come to my attention that the Sony Reader Store added DRM (Digital Restrictions Management) to copies of my novel Blue Screen of Death. I do not approve of DRM, and it was never my intention for my book to be sold with it.

I’m not sure why Sony did this. They do not add DRM to all of the books they sell, but Sony does have a terrible history of putting anti-consumer technologies into their media products, which is why I try to avoid purchasing Sony products.

I’ve begun the process of removing my book from the Sony store, and I do not plan to make future work available there. If you were one of the readers who purchased Blue Screen of Death from Sony, I would like to replace your copy for one without DRM. Contact me at nodrm@aidtopia.com, tell me approximately when you purchased your copy and where you live, and I will send you a DRM-free copy of the book to replace the defective copy sold to you by Sony. (This offer ends when I believe I’ve replaced all the copies indicated in my Sony sales statements.)

DRM is not the solution to piracy. The solution is to provide good products at fair prices. Amazon, Barnes & Noble, iTunes, and other ebook retailers have authorized, DRM-free copies of Blue Screen of Death available at a bargain price. Please support these booksellers who honor the wishes of their authors.

Response to TSA Proposal to use AIT

In regard to Docket Number TSA-2013-0004:

The TSA’s proposal to use advanced imaging technology routinely as a primary screening method at transportation security checkpoints should be denied.

The proposal utterly fails to justify the costs against the infinitesimal incremental improvement in the ability of the TSA to detect a weapon that poses a significant threat to safe air travel. The proposal makes specious, unsubstantiated assertions, uses flawed reasoning, ignores certain costs, and misleadingly suggests that unrelated facts are somehow relevant to the alleged need for the AIT systems.

Cost

The TSA’s estimate of the net economic cost of the AIT systems are $2.4 billion over an eight year period, which includes the early trial period where costs were significantly lower. The run rate for just 2015 is $357 million.

By itself, this is a substantial incremental cost to justify. Certainly there are better ways to spend that kind of money that are less invasive and have a more substantial (and quantifiable!) net benefit. Consider the lives that could be saved by spending $357 million per year on roadway improvements in dangerous locations.

The TSA’s cost estimate is incomplete. The TSA screens approximately 1.8 million passengers per day or 660 million per year. The TSA analysis fails to compute the cost in lifetimes lost to the additional delay of AIT (and, as usual, they have provided no data to quantify this delay). If we conservatively assume that the security lines in airports are, on average, one minute longer with AIT than with traditional walk-through metal detectors (WTMD), that amounts to 18 lifetimes per year lost to waiting in line.

Also consider that many passengers are sole-proprieters, and thus “small entities” impacted by the rule change. Where has the TSA estimate the costs to them for time lost?

Non-Metallic Threats

The proposal argues that AIT is necessary because terrorists are focusing on non-metallic explosives, rendering the checkpoint WMTDs useless. They point to the shoe bomber, the underwear bomber, the alleged liquids plot, and to plots entirely outside of (and not targeted at) the United States. While it may be true that terrorists are considering non-metallic weapons, letting the TSA use AIT–even if AIT was 100% effective–wouldn’t have stopped any of these attempts, since none of them originated at airports where the TSA does screening.

Furthermore, the underwear bomb and the shoe bomb failed, in part, because it’s extremely difficult to detonate reliably a purely chemical explosive. Even the 1994 Bojinka Plot, which successfully detonated liquid explosives aboard an airliner headed for the U.S., relied on a detonater with metallic components that would have been detected with a modern WTMD. (It’s also interesting to note that today’s TSA rules wouldn’t even have stopped the bomber from bringing the liquid explosive through a checkpoint.)

Janet Napolitano was absolutely correct when she claimed success after the failure of the Umar Farouk Abdulmutallab to detonate his bomb. The rules in place before AIT are sufficient enough to drive would-be terrorists into desperate, risky schemes that involve unreliable devices. The plane landed with the suspect in custody an no injuries, except to Abdulmutallab. This is exactly what success looks like.

Effectiveness

Let’s look at the effectiveness of AIT. Oh, that’s right. We can’t. The TSA either doesn’t know or won’t tell us the rates of false-positives and false-negatives. (Though John Pistole testified that the false-positive rate was higher than desired.) Without this data, it’s impossible to do a cost-benefit analysis.

If we look to other countries to get clues as to the effectiveness of AIT machines, we find that the German interior ministry has declined to roll them out because there are too many false positives to make them a useful screening tool. Italy found that the machines are too slow and ineffective.

My own experiences have indicated a tremendously high false-positive rate, causing lines to slow to the point that TSA agents allow some passengers to go through the WTMD instead simply to relieve the backup. (If the TSA proposal can rely on nothing but anecdotal evidence, then so can I.)

By replacing WTMD with AIT, the TSA is actually reducing its ability to reliably detect metallic weapons. They assert that any metallic anomaly on a person would be detected by AIT as reliably as by WTMD. This is false, as has been publicly demonstrated multiple times. Furthermore, a peer-reviewed article in a scientific journal explains how AIT scanning can fail to detect PETN explosives shaped to conform to the body. Perhaps this is why the Israeli airport security doesn’t think they’re useful.

If we examine the TSA Blog posts on prohibited items that have been found, we learn that virtually no prohibited items have been detected with AIT. Some of those finds (like the gun strapped to a passenger’s ankle) would have been found just as easily with a WTMD. Others, like small ceramic knives, might actually be allowed today as the TSA has wisely revised the guidelines about small knives.

Like many of the TSA’s rules, AIT makes the traveling public less safe in small ways. To submit to AIT or a patdown, the would-be passenger must remove virtually everything but they’re actual clothes. With a WTMD, you can keep your wallet (identification, cash, bank cards) and your boarding pass. With AIT, you cannot. Instead, the passenger must relinquish control and view of their most vital, hard-to-replace items. While the consequences of an individual lost wallet or boarding pass are small compared to explosives on airplanes, the AIT process greatly increases the rate of such losses while doing nothing to thwart the large-but-very-rare threats.

Until the TSA installs AIT on every security lane at every checkpoint in every terminal at every airport, it means that an observant terrorist with a non-metallic weapon can simply choose the WTMD line and avoid detection. Only the innocent are forced into the lose-lose proposition of AIT or patdown (often both). The proposal does not indicate if the costs of getting to the point where very lane has an AIT scanner are included in the eight-year cost projections.

Without real data as to the effectiveness of these devices, the TSA cannot possibly expect the traveling public to bear the invasiveness of the scanners and expect all tax payers to bear the tremendous cost of instituting this screening regime.

Acceptability

The TSA proposal asserts that there has been massive public approval of the body scanners, but they provide absolutely no data to back that assertion.

It seems, at nearly every airport, there is a checkpoint lane available that allows passengers to self-select for a WTMD instead of an AIT scanner. From observing the crowds at checkpoints, it’s very clear that the vast majority of people who recognize the opportunity to select the WTMD line will indeed choose that option over the AIT scanner. Every one of them should be considered an opt-out for AIT scanning.

The official way to opt out of AIT scanning is to submit to an invasive patdown. That’s a false choice. If TSA actually kept accurate tallies of opt-outs and opt-ins, the numbers would tell us nothing except whether passengers preferred one invasive form of search over the other. There’s no indication of how acceptable they find the concept of an invasive search overall.

Whether the opposition to AIT is a vocal minority, is irrelevant. The burden is on the TSA to demonstrate that AIT scanning is a cost effective, meaningful improvement to the screening process that remains within the bounds of theit mandate to perform minimally-invasive administrative searches for weapons.

Conclusion

No screening method will stop every threat. Every screening method has direct and indirect financial costs and some amount of unwanted invasion of privacy. When evaluating the addition of a new screening method to the mix or, as here, evaluating a replacement of one screening method (WTMD) with another (AIT scanning), we have to weigh the incremental costs against the incremental benefits. If the new screening method is approved, the terrorists will find a way past it. This arms race never ends. We’ll never get to 100% detection of weapons even with an infinite budget and limitless tolerance for invasive searches.

“Security at any cost” is impossible and a bad strategy. At some point, we have to draw a line and realize that additional spending and sacrifice of personal dignity won’t significantly improve the screening process.

The TSA, as usual, has not actually done a cost-benefit _analysis_. Instead, they’ve totaled up the bills and provided a vague, unconvincing argument that they must do something about non-metallic threats. They assert–without any supporting data whatsoever–that AIT is effective at detecting non-metallic items. This reasoning is faulty in so many ways that I find it hard to believe they can argue the point with straight faces. Clearly, as a nation, we’d be better off spending $357 million per year bringing logic and statistics courses back into the core curriculum of our education system.

Dear Tech Support

Dear CBS/TVCity Entertainment Panel/Sony/Nielsen/ReelResearch/ReelSurvey tech support:

I am unable to get the promotional videos that are part of the latest entertainment survey to play.

I ran the survey using Internet Explorer, despite the fact that it is a far less secure browser. I’m running Internet Explorer 8.0.6001.18702 on Windows XP SP4. I have Windows Media Player 11.0.5721.5280 because I got tricked into upgrading to the crappy, locked-down version a couple years ago. I even happen to have Flash installed this week. (I often uninstall Flash because Adobe is so bad at security, Flash-based ads are abusive of my bandwidth, and Flash-based web sites may as well be content-free.)

When I clicked the link to play the video, I got the following message:


You do not have the rights to play this file. Go to the content provider[']s Web
site to find out how to obtain the necessary play rights.

Address:

http://drm1.reelsurvey.com/RR/Video/V7LicPage.asp

Web pages can contain elements that could be harmful to your computer. It is
important to be certain that the content is from a trustworthy source before
continuing.

So far, I’ve been called a cheater and told to be very suspicious of you.

Just who are you anyway? The survey invitations are sent to an email I gave only to CBS, the emails claim to be from TVCity Entertainment Panel, which appears to be affiliated with Sony—the criminals who got away with compromising the security of hundreds of thousands of PCs by distributing a rootkit on audio CDs. The page titles say Nielsen, and the survey URLs vary between reelresearch.com and reelsurvey.com. You could at least use https and give me a certificate to check out.

Against my better judgment, I clicked through. A poorly-drawn, non-resizeable window popped up, and an error popped up on top of that. The error dialog said:


An error has occurred in the script on this page.

Line: 8
Char: 2
Error: 'netobj' is undefined
Code: 0
URL: http://drm1.reelsurvey.com/RR/Video/V7LicPage.asp

Do you want to continue running scripts on this page?

Curious as to just how much farther this train wreck could go I clicked ‘Yes’. The error dialog vanished and returned me to the non-resizeable window which was mostly black, with the text: “A license for the media file has been downloaded to your system. Please click play.” Unfortunately, the Play button was disabled.

At the top of the window was an IE gold message bar. The message bar said: “This web site wants to run the following add-on: ‘DRM ActiveX Network Object’ from ‘Microsoft Corporation’. If you trust the web site and the add-on and want to allow it to run, …” [The ellipsis is the original text, not an edit on my part.]

Well, I was pretty sure I didn’t trust the web site, and even if I was morbidly curious about what kinds of atrocities would be waged against my computer, I couldn’t continue because the instruction was cut off because somebody thought it would be a good idea to keep the user from resizing the window.

Why—oh why!—do you put DRM on a frakkin’ promotional video? Don’t you want promotional videos to be seen?

When will the entertainment industry realize that Digital Restrictions Management makes their products less valuable by hindering only legitimate consumers? If you want to give your clients some valuable feedback, tell them to wise up about treating their customers like criminals.

P.S. Submitting this message through the web form resulted in a server error.

Reconcile This

One of the reasons I’ve used Quicken so consistently to track our finances is that it so often saves me money. In a typical year, I used to catch $75 to $150 worth of bank errors, usually with credit card charges. These erroneous transactions are things that I would have missed with a visual inspection of the monthly statement, but are easy to nail when reconciling my records against the bank’s.

Common errors I catch:

  • Transposed digits. That $34 dollar meal is mistakenly entered as $43 by the hurried waiter. Small enough that I’d never notice, but easy to catch in Quicken. I got pretty good at contesting these.
  • Double charges. When you charge a meal at a restaurant, the waiter enters the pre-tip total and brings you the receipt. On the receipt, you enter the tip amount and sign. The waiter then enters a second charge for the total with the tip, and reverses the original charge. But sometimes, the reversal doesn’t work, and you’ll end up paying for your meal twice.
  • Charges at the statement cutoff. Twice I’ve had a charge show up as the last transaction of my monthly statement, and again as the first charge of the next monthly statement.

Mistakes like these are one of the main reasons I’ve stuck with an older version of Quicken that emphasizes reconciling over downloading.

Over the past few years, I’ve noticed a change in the types of errors I catch. There are fewer and fewer of those common charge errors in the vendor’s favor and more and more in my favor. In fact, the most common type of error I see now is the transaction that never posts to the account.

For example, I have a charge slip (actual ink on a physical piece of paper) showing that I paid our veterinarian $77.64 with our Visa card last December, but that charge has never appeared on our credit card statement. And it’s not just small vendors like the local vet clinic. TJ Maxx, Crate & Barrel, H&M, Target and other big name retailers sometimes fail to get a charge through.

I wonder who is losing out. Are these vendors not getting paid or is the bank failing to bill me? The first few times this happened, I called the bank. I gave specific information about the time, place, and amount of receipts that I had that didn’t post to my account. The rep said they didn’t have a record of any of those charges, and suggested that I called the vendors—if I cared. I called a couple of smaller ones, like the local vet clinic. They were uncertain how to verify payment for a specific credit card charge. In general, they seemed unconcerned—they didn’t think the credit card companies were underpaying them.

Ignorance is bliss, I guess.

In the past, the paper trail was king. A printed receipt was the final arbiter of the transaction. If the charge on the statement didn’t match the receipt, you sent a copy of the receipt to the bank, and the bank fixed their records. But today, it seems, the bank’s database is the final authority—reality be damned.

If the bank is happy and the vendors are satisfied, I guess I’m the only one with a problem. Sure, I’m ahead a couple hundred dollars, but my statements don’t reconcile. To a hardcore Quicken user, that’s torture.

105% Complete

One of my UI pet peeves is misleading progress indicators.

This morning, I’m running a disk drive diagnostic program. The first test claimed it would take 200 seconds. After only 10 seconds, the display said “10% done”. Huh? Last time I checked, 10 ÷ 200 was 0.05, or 5%. Near the end of the test, the display said “100% done” about 10 seconds before it actually completed.

To a user, incorrect progress bars are annoying and useless. I don’t know about you, but when something is “100% done”, I think of it as, well, done. Not close to done. Those eternal seconds between “100% done” and actually done are immensely frustrating. People have even done research papers on designing progress bars to improve the user’s perception of a program’s progress. But this kind of research is light years ahead of real life, where we can’t even get a decent linear progress bar to work.

From my programmer’s perspective, misleading progress indicators are especially perplexing. You have to write extra code to get it wrong. Since programmers are lazy, nobody should be writing extra code, and all of our progress bars should just work.

Consider the disk drive diagnostic. You’d expect a plain jane linear progress indicator to be computed something like this:

indicator_value = work_done / total_work

Pretty simple, right? Ten seconds into a 200 second test should give us 0.05.

Now it’s likely that the calculation is done with integer arithmetic, and the final result will be presented as a percentage. So we have to scale up the numbers like so:

indicator_value = 100 * work_done / total_work

Now, 100 * 10 seconds ÷ 200 seconds gives us 5. So why in the world would the disk diagnostic claim 10%? Because somebody decided to do more work than was necessary.

Somebody apparently decided to have the indicator display progress in 10 percentage point increments (10%, 20%, 30%, etc.). Fine, you have to draw the line somewhere. So we revise our code to something like this:

indicator_value = 100 * work_done / total_work / 10 * 10

Mathematicians unfamiliar with integer arithmetic in most programming languages are now scratching their heads. The salient detail is that there’s an implicit floor function on the result of each division operation when working with integers. Conceptually, the above is equivalent to:

indicator_value = floor(floor(100 * work_done / total_work) / 10) * 10

Any programmer who find him- or herself at this point should stop, take a breath, and check off the progress indicator feature as complete.

But many programmers don’t stop there. Something bothers them. They instinctively worry about the “rounding down” that the integer division does. They want to fix it. They want to round up. Next thing you know, they’ve written an expression like this:

indicator_value = (100 * work_done / total_work + 5) / 10 * 10

Adding 5 (which is half of the 10 percentage point interval) will bias the number up. In many cases, this is the right thing to do. If you’re writing code to credit frequent flier miles to my account, I want you to round up. But we’re talking about code for a progress indicator. Don’t over-promise. Manage the user’s expectations.

It’s true that, 10 seconds into a 200 second operation, we’re closer to 10% than we are to 0%. But we’re not 10% done. We’re not even close. And, at the other end, you’ll show 100% done 10 seconds before we’re actually done. That’s an outright lie. User interfaces shouldn’t lie to users.

Don’t round up on progress indicators. Ever!

“But now users will panic,” some of you are sure to complain, “because it’ll seem like nothing is happening for 20 whole seconds!”

Perhaps so. Maybe it’s time to revisit the decision to show progress in 10 percentage point increments. You could have done even less work.

[Happy Pi Day!]

Claiming My Chase Account

I had a long-term CD account at Washington Mutual, which was bought by Chase during the econopocalypse. In my latest quarterly statement (which Chase has managed to bloat into two pages), there was a note that I had to “claim” my account or they would be forced to turn it over to the FDIC. I called the number and here is roughly what transpired.

Recording: Thanks for calling Chase to claim your account. You can claim your account by executing a transaction on it.

Me: No, I can’t, not without incurring an interest penalty. It’s a long term CD that doesn’t mature until 2010.

Recording: Or by visiting a branch.

Me: I haven’t been inside a bank branch in years.

Recording: Or by logging into your Washington Mutual online banking account.

Me: I don’t have one of those.

Recording: Or by remaining on the line to talk to a banker.

Me: Now we’re getting somewhere.

Recording: If you’d like to participate in a customer satisfaction survey, please stay on the line after the banker disconnects, and you’ll be automatically connected to the survey.

Banker: Thanks for calling Chase. How can I help you?

Me: I got a note in my statement that I have to claim the CD account I had with Washington Mutual.

Banker: No problem. What’s the account number?

Me: [reads number from the statement]

Banker: Hmm. I don’t see an account with that number.

Me: It’s the number right from the statement.

Banker: Did you open this account in California?

Me: Yes. I opened it with Great Western Savings in California. After the savings and loan melt-down, Great Western Savings became Great Western Bank, which was bought by Washington Mutual, which closed my branch without notice, and now they’ve been bought by you.

Banker: Wow, you’ve had that CD for quite a while.

Me: Yes, and this is the most work I’ve ever had to put into maintaining it.

Banker: Maybe I can look it up by your name.

Me: [gives name, address, date-of-birth, and full Social Security number, and hopes that this isn't some scam]

Banker: Oh, OK, here it is. I see it was opened in 2002.

Me: Quicken says I’ve had it since at least 1992. I think that was after Great Western switch from an S&L to a bank.

Banker: Let me confirm the balance with you then. [tells me the balance]

Me: Yeah, that’s right.

Banker: OK, you’ve now claimed your account.

Me: Gee, that’s a relief, because it seems like you didn’t have it there for a minute. And I don’t really understand why I had to claim it. Every bank account I’ve ever had has changed hands at least once before, and I’ve never had to claim any of those.

Banker: It’s just a regulation, sir.

Me: Then it’s a regulation no other bank follows.

Banker: Is there anything else I can do for you?

Me: No, just keep my money safe, thanks.

Banker: Thanks for calling Chase. Goodbye.

Me: [waits on the line for the promised customer satisfaction survey]

Me: [… and waits]

Me: [… and waits]

Click. Dial tone.

Me: Note to self, move the CD when it matures next year.