Mathematicians are hackers, too

July 17, 2008 – 9:00 am

Mathematicians are hackers, too. And by “hackers”, I don’t mean like the young Angelina Jolie movie. I mean much more like the Steven Levy book (which by the way is one of my favorites of all time–you really must read it). Or even as in the definition from The Hacker’s Dictionary: “One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.”

One of the best math hacks of all time was when Cambridge mathematicians Thomas Fink and Yong Mao teamed up to exhaustively consider 85 possible necktie knots. In their journal paper, they mathematically explore each knot’s size, shape, symmetry, balance, and ease of untying. By doing this work, they discovered 6 new necktie knots that have excellent aesthetic properties but were not previously in common use.

A second math hack which for some inexplicable reason I can still remember is someone doing the math to design a crochet project for the Lorenz manifold. I don’t really know what the Lorenz manifold is, or why you’d want to crochet it, but that is indisputably a mathematical hack.

By Scott Blomquist | Posted in Hacks | Comments (0)

TSA "Black Diamond" dumbness

July 14, 2008 – 7:00 am

Despite how obnoxious they make the airport security experience, I try extremely hard to give the Transportation Security Administration a fair shake–I remind myself they’re mostly normal people who get searched when they fly just like the rest of us, I read their well-written and mostly credible propaganda blog, and I sit on my rants for a couple of flights before I blog about them doing something completely ludicrous.Photo of Expert

Well, this weekend I finally confirmed in multiple airports that their "Black Diamond" program is, in fact, the dumbest change I’ve ever seen them make. The program is aimed at speeding seasoned travelers through one set of security lines while giving "casual travelers" extra time and assistance in a different set of security lines.

They began piloting the program in February 2008 in Salt Lake City and Denver, and on their blog reported an incredible success and thus began a complete national rollout. I initially became suspicious about the quality of the program when I first encountered it in Tulsa in May. My wife and I both have frequent flier status on more than one airline because of our frequent trips to the West Coast. Therefore, the first time we encountered the TSA’s signs describing the program, we self-selected the "expert traveler" line. We noticed that despite there being at least 2 times as many screening lanes for casual travelers, there were only 50% people in that line. I picked someone in the "casual" line to watch go through it, and they edged us out for fastest trip through. Furthermore, in the "expert line" I noticed absolutely no difference in treatment from what I expect to normally get, or behavior of the people around me.

My next few trips were met with a few more trips through the line, and it was a common occurrence for one line to be insanely longer than the other or for people to block traffic at the entrance while solving the self-selection puzzle ("I wonder which line is better?" perhaps more often than "I wonder if I’m an expert?"). This struck me as less-than-ideal, but I managed to stay calm. I just reserved the right to pick whichever line looked subjectively "better" by whatever standards struck me–exactly how I’d handle any situation with multiple asymmetric lines.

Photo of Casual Traveler signThen by June, some things began to happen that caused me to flip the bozo bit associated with the Black Diamond Program in my mind. On one trip, I was traveling with some people from work who had never encountered the signs before, and so they were doing what any reasonable person would and reading the signs to choose their category when a gruff woman from the TSA walked up and tried vectoring our entire group toward the casual traveler line. I explained to her that I travel all the time, and that I preferred the expert line. She continued to attempt to divert me on the grounds that "families go to the right". I explained that I wasn’t traveling with my family, but was instead with a group from work and that we might all end up in different lines. By this point, a significant backlog had been generated at her sorting station.

On another trip a couple weeks later, my wife was flying out to visit her parents, and there was a different sorting specialist on duty. This sorting specialist tossed her mental coin and decided to ask Jennifer to go to the casual line, while bodily blocking the expert line. Jennifer wanted to make sure the lady understood that she wasn’t, in fact, a casual traveler and mentioned her frequent flier status. The lady then backpedaled ever-so-slightly and said that she was sending her that way because "she had so many bags". Ummm, she had a roll-aboard suitcase and a laptop bag, which would be exactly what the tall slender gray-haired Tulsa oilmen in suits would be carrying. The issue here isn’t that Jennifer was miscategorized for whatever reason, it’s that the TSA has now introduced process that provides an opportunity for people to be surprised or disappointed or confused. This can’t do anything but slow things down!

Or at least it slows things down in airports that actually bother to do anything whatsoever with the program. Remember way back at the beginning of this long rant where I mentioned that I confirmed the program’s dumbness in another airport? Well, this is actually a different kind of dumbness. In fact, it’s a better kind of dumbness.

When flying back from the National Puzzlers’ League convention in Denver last night, I kept alert for signs of the Black Diamond program. There was no agent on sorting duty, and not even a different line for the experts. There was the usual bypass for First Class passengers and 2nd-tier frequent fliers, but that existed well before the Black Diamond program began this year, and made no mention of self-selection or expertness.

Photo of Families and Special Assistance signI finally spotted the one-and-only indication that this was, in fact, an airport that was "with the program". They had a Black Diamond sign by one of the security lanes that was well above eye level, and a correspondingly invisible Green Circle line at the far opposite end. Presumably the other 10 or so lanes were Blue Square. (Or Purple Horseshoe–not quite sure.)

It wasn’t causing people to self-select at all. To everyone who didn’t already have a special awareness of the program, it was as if the program didn’t exist. Yet somehow it provides a 35% increase in throughput and a 20% increase in customer satisfaction.

So, yeah, the program slows things down when sorting is actually occurring, and in the "successful" airports, it isn’t even visible. Which makes this the dumbest change I’ve ever seen the TSA make.

By Scott Blomquist | Posted in Airlines, Rants | Tagged , , , , | Comments (4)

Notes from trivia panel at NPL Convention 2008

July 11, 2008 – 3:23 pm

At the NPL convention today, there was an experts panel that spoke about trivia: what makes a good question, how do you research questions, what about pub trivia, trivia in crosswords, and some stories from researching for Who Wants to be a Millionaire. I figured I’d post my notes for those who couldn’t be present to see, and for those who were here to refer back to. You can discuss the notes and ask questions of the panelists and attendees at the Puzzle Hunters forum.

Read More »

By Scott Blomquist | Posted in Conventions, Presentations | Comments (0)

Google Code Jam 2008 better than ever

July 10, 2008 – 7:00 am

I first heard about the world of online competitive software development from an announcement on Slashdot back in 2003. It guided me over to TopCoder to sign up for the second annual Google Code Jam .

I think I missed (by mere minutes) the registration deadline for actually competing in Code Jam, but since that introduction, I spent a little time on TopCoder over the years. It was extremely cool to be able to hop online and develop solutions to competition-style algorithms problems against some of the most brilliant algorithms guys in the entire world. Sometime soon, I hope to have some time freed up to give it another go.

Since then, TopCoder has added many types of competitions other than algorithms, including Architecture, Assembly, Testing, Design, Development, and more. I haven’t tried any of the competition formats other than the original Algorithms competition, but many of them actually have a cash prize purse.

At any rate, back to Code Jam. Google ran the first six Code Jams on the TopCoder engine, but this year made the switch to running on their very own AppEngine. They’re going to allow you to download a dynamically-generated question in the style of the Google Treasure Hunt 2008, and you’re then on the clock to upload a correct set of answers back to their AppEngine app for scoring within the allotted time.

One of the biggest improvements that results from this switch is that you can now use any programming environment that you’d like. The only requirement is that it runs on your computer. Gone are the days of choosing one of TopCoder’s 4 languages (C#, C++, Java, or VB.net), Google Code Jam’s 5, or the 22 supported by the ICFP’s official LiveCD.

By Scott Blomquist | Posted in Technology | Comments (0)

National Puzzlers' League Convention: Day 1

July 9, 2008 – 10:26 pm

Jennifer and I arrived into Denver this afternoon for the annual convention of the National Puzzlers’ League. We missed a picnic hosted by Mike Selinker (or at least he provided the entertainment). I don’t know exactly what the entertainment consisted of, but I know that it was based loosely on a game of his, Link 26.

Once we got to the hotel, we saw most of the usual suspects lurking in the hotel lobby or elsewhere in or near the hotel. We wandered into the League’s hospitality suite, and Jennifer played a brilliant game that was designed by Darren Rigby called Lexagon. I’ll let those who have actually played it fill in the fine details, but the short version is that you’re given a set of hexagonal tiles that you sorta play onto the playing area domino style where instead of matching numbers, you have to name a word that matches all of the properties described by all of the tiles that are adjacent to your current play.

The last League-member invention that I saw this evening was a really slick laser-etched tile set for Roy Leban‘s Scrabble-ish game “WIM“.

After all of that, Jennifer and I and several other League members went downstairs to the Inverness Hotel‘s Spotted Dog pub for some food and drink.

[Finally, for any of you NPLers who know what Twitter is (or would like to know what Twitter is), go over to http://twitter.com/puzzlers, and follow it for convention dialog and announcements throughout the weekend. I'll start getting the word out on Thursday.]

By Scott Blomquist | Posted in Conventions | Comments (0)

Software schedule estimation

July 7, 2008 – 7:00 am

One of my bosses at Microsoft told me about some advice that a Software Engineering professor of his gave him:

Once you’ve estimated how long a particular work item will take, you have to pick a fudge factor. Multiply by ‘e’ if you’re confident in your estimate, or ‘pi’ if you’re not.

By Scott Blomquist | Posted in Short Stories | Comments (0)

Simple solutions to stupid password policies

July 3, 2008 – 12:26 am

Roy Leban blogs about stupid password policies over at his thisUser blog. I’ve got some good news for Roy and his readers: I’m currently making a living turning all of the things that he rants about into relics of the unenlightened past. And while I have to concede that it’s a slow uphill climb, there are some very exciting things that you can do today to start simplifying your online life.

The first one worth mentioning is a thing called OpenID, which is pretty much just single sign-on for the Internet. This is not a terribly new idea–Microsoft has been pushing for something very similar in the form of Microsoft Passport Windows Live ID for around a decade. OpenID has the added benefit that you can use it even if you’re not convinced you’d like to involve Microsoft in your online life.

In fact, you can even host your own OpenID. For example, I use the address of this very blog (http://scott.blomqui.st) as my personal OpenID. (You can see it in action in my previous comments on Roy’s blog such as here. Notice the shiny orange OpenID icon to the left of my nickname?)

If you want an OpenID, I’d suggest myVidoop. (Full disclosure: I’m the CTO of the company that built it.) We’re one of the better-known OpenID providers, and unlike the other OpenID providers, we actually have a way of making money.

username and password automatically filled in by our password manager The big problem with OpenID today is that there are much fewer than 20,000 sites that allow you to log in today using OpenID. Which brings us to the other neat thing about myVidoop–we provide a cross-platform browser plug-in that helps you by managing your usernames and passwords as you cruise around the web. This enables you to sign in once when you open your web browser, and then we take care of signing you in to the other sites that you visit, whether OpenID-enabled or not. (Oh, and we also use a fun alternative to passwords for signing you in to the myVidoop site, so it can literally make your life almost password-free.)

I’d be thrilled if you’d give myVidoop and our password management plug-in a try and give us your frankest feedback over on GetSatisfaction.

Finally, I’ll mention for the benefit of the web site owners in the audience, there’s an experimental Vidoop project called Email to ID. If you have a web site that would be using OpenID if only most users already had one, Email to ID is your solution. Email to ID gives every user an OpenID, and the authentication mechanism is their email. (As strange as that sounds, that’s the way things already work only less conveniently–you can reset pretty much any of your passwords by simply requesting an email, so we just made the security dependency on your email box explicit.) You can find some more detailed analysis of Email to ID at Silicon Florist.

By Scott Blomquist | Posted in OpenID, OpenID Ideas, Technology, Vidoop | Comments (2)

All bytes created equal: net neutrality and SMS

July 1, 2008 – 2:42 pm

A post on TechCrunch today about how incredibly much AT&T charges, per byte, for SMS messages reminded me to throw up my quick thoughts on my dream for a future where bytes aren’t discriminated against based on information about their content. Or at least not quite like they are today.

While I have to tip my hat to the cellular providers for managing to pull off the biggest market segmentation coup since airlines discovered that businessmen don’t stay over Saturday night, I have to admit that I find it frustrating that it’s far more expensive for me to update my twitter status sending an SMS than using my mobile web browser, despite that thousands fewer bytes get transmitted for the SMS with lower expectations on speediness.

The net neutrality purists might argue that the way to fix this bizarre state of affairs would be to require that no data should be discriminated against under any circumstances. That definitely sounds like a worthy goal, but I don’t think that’s quite the right approach.

There are some applications, such as real-time video or voice, where I might want certain data to be bumped to the front of some line. If I want to make use of an application that has such requirements, seems to me to be totally fair for the data provider to charge me for that–perhaps I have to pay my broadband or cellular provider more for the monthly privilege of requesting that a certain amount of data be delivered with a low-latency guarantee or with a minimum throughput commitment.

Seems to me like that would let the market sort itself out. It gives the providers an incentive to give me options around network quality-of-service, it gives me an incentive not to ask to use such new features except in situations where such premium usage makes my life better, and it gives Internet application developers the tools that they need to offer their end users innovative new experiences so long as their users show up with the required premium features.

I’m probably completely neglecting the case where Google might offer to pay the low-latency premium for users who commit to using Google exclusively, or something like that. But I think I’m more interested in seeing ways to improve voice and video as long as my mundane traffic doesn’t perceptibly degrade from where we are today.

Update: removing the break in the middle of the post. Not sure how it got there, but it’s a little annoying.

By Scott Blomquist | Posted in Technology | Tagged , , | Comments (0)

Secure OpenID matters to Microsoft

June 18, 2008 – 9:43 pm

Kudos to Microsoft for announcing its intention to bring OpenID support to HealthVault, and congratulations to TrustBearer for being HealthVault’s first announced OpenID provider!

Assuming Microsoft isn’t just in this for the press release, and gets support for this turned on fairly quickly, this is the first public enterprise-grade OpenID Relying Party of which I’ve become aware. Very nice work to all involved!

image The biggest problem I have with TrustBearer being the only announced OpenID provider for HealthVault is that users will be obligated to buy a $40 gizmo from TrustBearer. Or provide their own second-factor hardware from an obscure list of approved devices (which surprisingly doesn’t even include PayPal’s obnoxious “use-anywhere” Security Key).

No one should pay anybody a single cent for any of these things! Technology isn’t supposed to put extra junk into your pocket. With the decade-old promise of device convergence, technology has been faithfully shucking devices out of your pocket. As an example, you probably have a phone, a day planner, a music player, and a camera all in one device in your pocket right now. And if used correctly, that single device (your cell phone) also serves very effectively as a second authentication factor that can be just as strong as the stuff peddled by TrustBearer and other security hardware vendors.

With luck, the smart folks at Microsoft (George Scriban, Kim Cameron, Mike Jones) understand that if there’s only one approved OpenID provider for HealthVault (and an expensive one, at that), then they aren’t really supporting OpenID. They might just as well start charging users for hardware to use to secure Live ID. Remember, fellas, that there are some of us OpenID providers out here (such as myVidoop, that of my employer) that provide two-factor security at absolutely no cost to the end user.

[Update: fixed a couple of minor typos.]

By Scott Blomquist | Posted in Uncategorized | Comments (4)

The trust screen on an OpenID Provider

June 9, 2008 – 10:07 pm

Nathan Bell blogs about how he wishes OpenID would just go away, or at least fade into the background so that users don’t have to know quite so much to use it. I really like how he’s thinking over there, and will take some time to write up my thoughts on most of it sometime soon.

Meanwhile, I wanted to throw in my two cents on requirement #3 that he laid out in his post. I and some other Vidoopsters (Michael, Chris, Will) were working on one of our OpenID usability efforts and ended up convincing ourselves that the trust page doesn’t matter if no profile data is being handed off. The boolean value that represents the success or failure of an authentication attempt is certainly no more of a data leak than the claimed identifier that had already been submitted.

Or am I missing something?

By Scott Blomquist | Posted in OpenID | Tagged | Comments (1)