A Short Collection of Experiences

Failing Facial Boarding Pass

On a recent flight, I was coerced strongly encouraged to "use my face as my boarding pass". I was told "it is faster, more efficient, and they already have your photo in the cloud".  Uhh, no?!  Let's take this by each claim:

faster?

As I watched first class board, each person took an average of 10 seconds to:

1. stand in front of the camera properly
2. wait for the camera to decide identify or not (green or red lights)
3. the person to walk back in line and start down the walkway to the plane.

In comparison, it took on average 4 seconds for the person at the gate to check passport and boarding pass. Grade: F

efficiency?

I'm not sure how to measure this one. Let's take that there were 3 staff to direct people to the camera, stand at the boarding pass scanner in case of failures, and a third to help people stand in the spot correctly.  Normally, those three staff would be handling boarding passes and getting people on the plane. Grade: F

already have photo in the cloud?

In the USA, Customs and Border Patrol (CBP) do already have your photo stored in their systems, tied to your passport photo, and Global Entry--if you have it. The Global Entry/Trusted Traveler program is actually run by a CBP contractor for CBP. The facial recognition program is run by a private company called IDEMIA. All these infographics and feel good stories about "biometric boarding passes" are their marketing department. 

I understand we're in the world of SARS COVID-19 here and touching things and talking to people "is risky". However, speeding into biometrics with slim oversight and nearly zero alternatives isn't a real answer. It's a forced path to make companies their next billions in revenue. It's creepy.

Further, when doing my facial scans for border crossings, I've failed the facial recognition twice. Stare at the camera for an eternity and still fail. There is always a non-tech way to do it; the border crossing agent compares my passport to my actual face in front of them. 

Grade: F

Pandemic -> Endemic

Much like "the flu" and STI's we have to learn to live with SARS virii. I think it's clear that we're never going to get to global herd immunity and the virus mutates faster than we can produce vaccines for it. I'm 100% saying we should try and everyone should be vaccinated, but reality gets in the way. I've moved from double-layer cloth masks to KN-95 masks in public. 

I also think about the systemic view of these masks. We need to better engineer a systemic more closed-loop system where we can produce masks that can be re-used and recycled into new masks. 

As a friend joked, maybe we should engineer a variant that's super transmissible and also is the vaccine itself. 

Experiments in Financial Donations

This year I took a different approach to donations. I looked at the various projects I wanted to support and donated small amounts monthly. Starting at $25/mo and going up, I donated to a bunch of different projects. My Open Collective page shows which projects received donations and the total amount. I also donated directly from my paycheck to organizations not on Open Collective. My employer double matches the donations, so it has more impact. It's been interesting which organizations respond with either thank you notes, ask me to sign up for their newsletters, and those I never hear from at all. I donate to a lot of open source projects because I want to see them survive, because I use them daily, or because I want to support someone working on it full-time to fix bugs and make it better. I'm not sure what's the best method between sending small amount monthly or batching it up and donating larger amounts to fewer orgs. We'll see what happens in 2022.

Returning to XMPP for Secure Chat

After a multi-year hiatus, I've gone back to XMPP for secure chats. I've used nearly every "secure messenger" system out there: Wire, Wickr, Signal, Threema, Jami, Manyverse, Briar, DeltaChat, Viber, Telegram, Matrix, etc. The list is long. However, almost all are tied to some company or someone else maintaining the servers and availability. Almost all of them use AWS for their infrastructure. It should be easy to both run the server and setup the client to use it. Configuring an XMPP server isn't that hard, if you're used to running daemons in linux/freebsd. Ask an average user and it's far easier to just use a third party service. I hope systems like Snikket get wider adoption. It's "easy" to install and run, especially inside docker. If you have an email address, you should be able to use XMPP with OMEMO encryption. I know, funny words there. However, as far as I can research, XMPP with OMEMO encryption running on your own server is the most secure and private option available today. And don't just assume it's for individuals, most the US intelligence and military orgs use XMPP for their internal secure chat systems.

ConverseJS is a pretty nice web interface to XMPP/OMEMO. I look forward to seeing Snikket and others progress so that everyone can run their own server and chat securely. There are a ton of open, public XMPP servers around for anyone to use, but the whole point is to get you to run your own and move everyone to it.

Web3 Craziness

The more and more I dig into Web3 technologies, the more I realize it doesn't deliver on its own promises.  Let's just start with Distributed Autonomous Organizations (DAO). The technology here is fairly irrelevant. Yes, you can write "smart contracts" on Ethereum and automate some parts of the organization. I fail to believe a non-technical person is going to pick up Solidity and write sane code. This is the code that runs your organization, so it better be pretty well thought out and well written. 

Besides the barrier to entry with coding and logic, you have the classic governance challenges. A pure democracy where everyone has one token and there has one vote, turns into a popularity contest. The most popular, best marketed ideas win the votes, and the DAO will then execute the results per its coding. The other challenge is where those with more tokens get more influence or votes. This turns into the royals vs non-royals circumstance. If there is an elite class that can out-vote or override the masses, then you have a defacto two class system and it loses the democratic ideals behind the DAO. Think of "proof of stake" as "those with the most gold, make the rules".

And then we get into Dapps and how everything Web3 seems to be JavaScript or some derivation of JavaScript. My personal dislike of JavaScript aside, looking at the underpinnings of many of the projects brings you down to npm. The first steps for most dapps is to "npm install" something, which then installs like 20 dependencies. Each of those 20 dependencies then installs 20 more. And pretty soon you're at a few hundred packages to run the dapp. As we've seen time and time again, using un-vetted, third party packages is a scenario for exploits, bugs, and disasters.

What comes into play the most with Web3 is the same challenges traditional companies have to cope with now: generating revenue, employee motivation, customer satisfaction. How the company runs and how it's decisions are made, whether in code or meetings, is mostly irrelevant.

Many of these web3 companies talk about decentralization and democratization. One simple question cuts through all this marketing bs, "Will your blockchain/token survive if the company doesn't?" Invariably, the answer is no. They run their own blockchain and without them, it all falls apart.

I have friends making decent money from Web3, mostly NFTs, and more power to them. There's a market for everything, so might as well make money while the market exists. I also realize that alot of what's happening with KYC/AML BS is that the traditional financial world is horrified that someone can be better than them. Their response seems to be to regulate them to death because they can't handle competition.

Paying for Great Customer Service

I find myself returning to the vendors that provide great customer service and spending more money with them. I mentioned what I like in a past post. The topics in common are:

1. They send emails from a real email address to which you can reply.
2. They actually reply in less than 24 hours (typically) with helpful answers.
3. They answer the phone with a real human who is helpful. No phone trees, no bs.
4. They make great products that last long and they stand behind them with strong warranties.
5. They have a staff that seems actually happy and wants to help.

If you want to make someone's day, after going through phone trees and finally getting to a human, simply ask them how they're doing today, and wish them a great day at the end. The call center staff are so used to people yelling at them, they light up and provide better customer service for you. Simple compassion and kindness go a long way.

That being said, I'm in process of leaving these giant companies where I'm a problem to be dealt with rather than a paying customer. I am a paying customer, but the attitude behind the company is "f**k off and give us your money and you'll like what we give you". Two can play that game. Buh-bye.