20061230

Satellite Radio - Are you Sirius??

I cannot for the life of me understand the American consumer. I admit this freely, that's why I prefer to rely upon objective data when making decisions regarding marketing and product feature selection. Suffice it to say that you can never completely predict how customers will react to product introductions. You either know it in your gut, or get the answers directly from the people.

I do, however, claim to fully understand American business motivations. This is simple. American business is motivated by greed and short-term gain. Key metrics include stock price, revenue, and earnings, all measured within the near-term, say the next 5 quarters. Therefore, in order to optimize these metrics, businesses need to motivate consumers to buy things and, preferably, continue buying over an extended period.

Enter the "annuity stream" concept of business:

The concept is simple. Get a consumer to buy in at a ridiculously low price, then force them to continue paying a "nominal" fee for a very, very long time. It seems obvious that the American consumer is OK with this. Data clearly suggests that the American consumer will opt for a low entry price regardless of the ongoing "service" fees associated with them. This has been proven with the cell-phone industry. We are. apparently, ok paying $40, $50, even $100 a month for cell phone service, as long as the phone itself is "free". The logic is ridiculous. Yet it works.

This concept was initially applied to TV by the cable industry. People used to watch TV or free by using an antenna. Not much of a revenue stream there. Enter the cable companies, who "gave" the consumer a cable box (which actually costs several hundred dollars), and then provided a "service" for a "nominal" monthly fee of between $40-$100/month or more. Great business model.

Now the same is being applied to...believe it or not...radio. Same idea. You get a satellite reciever for a very low cost (sometimes free), and then pay between $10-$15 a month to listen to (supposedly) commercial-free radio stations with CD quality sound.

I cannot for the life of me understand why people would do this, especially for listening to music in the car. Now, in case you're wondering, I am a music lover. I love listening to great music. But when I'm driving my car around Boston, I just don't consider it imperitive that I get the absolute best quality sound in the cabin of my Volkswagon Passat. And I would never consider paying someone a monthly fee for the priviledge.

Compounding that are the myriad options available to people without a monthly fee. FM radio ain't bad, especially in the city, but I can see that some rural locations may not consider that an option. However, tapes, CD players, and even iPod connections are very low cost, and then you can listen to what you want when you want, without paying a monthly fee.

It also appears the car companies, accessory vendors, and car stereo vendors are complicit in this farce. This entire problem could go almost completely away by providing an AUX input jack (the same jack that is on your iPod for headphones) on the front panel of every car stereo. Then you could simply plug your iPod into this jack and listen to what you want using the iPod controls. It amazes and baffles me that no one has suggested this (NOTE: in the future all stereos should have a stereo/multi-channel bluetooth input available for any bluetooth device to wirelessly connect to). Yet there are the continuous round-ups of the overly-complex, substandard, and completely ridiculous FM transmitter accessories for players like the iPod that get all the coverage. Do you know why? Because these things MAKE MONEY, and a stupid $0.50 AUX jack would NOT make anybody a cent.

As long as the American consumer is willing and able to part with their money so easily, American businesses will continue to take it. It's a match made in heaven.
Posted by at No comments:
Labels: ,

20061204

Biometrics, take me away!

Passwords are a real pain. Every program that your company "lets" you use for your job requires a password. I get that, and I'm fine with it in general, but sometimes the IT folks, in their diligence to be measured favorably, don't seem to give a hoot about usability. Let's face it, without me doing my job, we really don't need them, so it does matter a little bit about how easy or hard it is to do my job. Requiring me to change my password "periodically" seems innocuous...at first. Until you read the fine print.

Let's see...I have only a small number of corporate accounts requiring password authenication. They are:

  1. General corporate Internet access account.
  2. My computer's workgroup account.
  3. My company's email client account.

--> Each of these accounts requires me to use a password, and change it "periodically". What really does that mean? Here are the rules:

  1. You need to use a "strong" password. That usually means something difficult to guess. The IT folks define "strong" as having both letters and numbers, not using any known or easily guessed names, words, or phrases. A password like "b42wd3fg" is considered "strong".
  2. You must change your password periodically. For the IT folks, periodically means every 90 days.
  3. You cannot repeat the use of a password for a "while". This is where things get interesting. For our wonderful IT folks, that means NEVER. But they are more reasonable than that. They'll let you repeat a password, but only after you have used FIFTY other passwords. Yep, that's right. No repeats until after 50 unique passwords have been used.
--> Now if you combine these three rules, over the three separate accounts I have, you begin to see the issue. This "simple" procedure mushrooms into an unGodly mess.

Every 90 days I'm forced to come up with a new, unique, strong password, that has not been repeated in less than 50 sessions, for each of my three accounts.

Sure, I could try to use the same password for each account. Problem is the 90 day renewal cycle is not synchronized, and eventually will "beat" against each other mercilessly.

Bottom line: Anybody who thinks this is the best way to safeguard our security is an idiot. Here are two better ways:

  1. Dongle. Use a USB-key as a physical dongle that needs to be inserted into the USB port of the computer you are trying to access. The key generates a random, rotating key that cannot be copied or subverted. Add to it a simple, easy to remember password that I don't have to change very often and you have GOOD ENOUGH security unless you are in charge of nuclear weapons.
  2. Biometrics. Please, PLEASE, someone get this right. If the USB dongle alone is not enough, add a simple fingerprint scanner to the USB key itself. I've seen these things in the wild, but they dont' really work well enough or correctly yet. Here is just one example. There is no reason this could not work extremely well if someone really wanted to perfect the technology.
---> Combining #1 and #2 above would provide a robust and secure AND simple-to-use system that would provide acceptable security for 90+% of the world's applications.

Why is this not done today? Simple. The IT folks are not measured on "simple-to-use" so they don't care. No one is sufficiently motivated to make this problem go away. As with most things, wherever there is a "loose connection" between a problem and a solution, it does not occur.
Posted by at No comments:
Labels: ,

20061201

RFID tags for US passports - what is the big deal?

I travel all the time, mostly for my job. Often, this takes me out of the U.S. I'm what the airlines call a "frequent", ostensibly for "frequent flyer". What this really means is, I get routinely abused by the travel industry. But that's another blog. This one is about RFID (Radio-Frequency IDentification) tags. These little buggers have been around (technologically) for decades, but only now are starting to become ubiquitous. Bottom line, these things will be everywhere.

First, what the heck is an "RFID tag"? Put simply, it's a small electrical circuit that gets stuck to an object that someone wants to track, identify, or otherwise hold descriptive information for. An example would be a package that is being shipped across the country. The shipper places a sticker containing an RFID tag on or in the package. That way, the shipper can easily track the package wherever it goes. It's much harder to lose something you can track this easily. These things can be incredibly small (like a postage stamp or smaller), and, lately, pretty cheap to make. How cheap? Literally cents.

Given these things WILL be everywhere, allowing the simple, cheap tracking of objects, the U.S. Government has decided that it might be a good thing to place one of these things inside all of our U.S. Passports. Therefore, starting early 2007, some if not all new or renewed U.S. Passports will contain RFID chips that mimic the information printed on the passport. Eventually, readers will be used at airports and in other places to verify the passports' contents.

Many people are not happy about this. Expect more media coverage and public discussion as the date for the first of these new passports to be issued draws nearer. The media simply has not noticed this issue yet, but they will. To prepare, read on, and check out these other sites:

This link will take you to the US Gov site and many links they provide to describe the new epassport. My take is that this is a good thing for our security, but not everybody agrees with me. Here is a general story from CNet. And here is a more technical site if you want more detail. You can read all the Orwellian horror predictions here.

For me, I simply do not understand why certain people are continually afraid of new technology like this. RFID tags will not reduce your security, they will increase it. Here's how:
  1. Access to the digital info is more difficult. In order to read the digital info stored in the RFID tag in your passport, an unscrupulous person would have to: 1) illegally obtain a reader device, 2) get to within 12-24 INCHES of your passport, 3) circumvent any type of RF-shielding (I plan to get a new passport holder that incorporates a simple RF-shield (like alumium foil)) present, and 3) bypass all the data encryption inherent in the RFID tag. Compare this to simply stealing your passport by hitting you over the head in a dark alley...
  2. The digital info simply encodes the analog info. There is not supposed to be anything encoded in the RFID tag that is different from what you could see and read if you opened the passport and simply looked at it. It's not like there is some additional, more sensitive info in there. Of course, it is the government ;)
  3. If somebody does steal your passport, or if it is lost, it will be much easier to replace and re-validate. The government can simply "invalidate" the RFID tag in your stolen passport instantly, such that it will be flagged by every computer from here to Bangladesh. Then they can issue you a new one, including the picture, instantly.
I know it's scary to some folks when a government encodes data about you and stores it. But really this is no different from credit card companies issuing you a credit card with a magnetic stripe. What do you think is on that stripe? Are you sure it's protected? How easy is it to read? How many of those cards do you have in your wallet right now?

As a frequent, I'm happy to see anything that can be used to protect my security and enhance the efficiency of the travel industry. As long as the potential for abuse is constantly monitored and minimized, these technologies will make things better, not worse.
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)