TSA, Thanksgiving Travel and Me

After reading all the articles on the risks of the back-scatter technology (never mind the privacy implications) and watching the videos of screaming children getting "enhanced" pat-downs, I was nervous about traveling for this Thanksgiving holiday in the US. I was ready to 'opt-out', but wasn't sure how I felt about the "enhanced" pat down.

Back in October I received an 'old-style' pat-down from a male TSA agent in LAX. I was fine with it. I did not feel violated, nor did I feel that the agent was missing out on anything by not feeling the underwire in my bra.  The agent was friendly, apologetic for the inconvenience and even found a place he could search my bag where I could sit and watch (my injured knee wasn't up to doing anymore standing after a day at the Women's Conference).

Then I saw the videos of the screaming children and I suddenly became very uncomfortable with this. Many women, including myself, (and men) have an event in their past when they were touched/fondled/groped/etc in an unwelcome manner. To have to relive that moment in public at the airport just to travel is unsettling.

So, very nervous, I entered SJC on Thursday morning... only to find most of the back-scatter machines turned off. The one I saw in use was being used to scan a women's personal wheelchair - I couldn't help but think that was a perfect use for the scanner!  The woman, like all travelers in wheelchairs, was receiving an 'old-style' pat down.

I went through, like everyone else, in the same fashion I have for years - removed my belt, watch, shoes, jacket, liquids, laptop and medications...*whew* and "simply" went through.

It was the same on my return through Seattle. One machine was on, but people could just choose to go through a different line. No questions asked, no extra screening.

What made me angry was all of the main-stream news outlets, including our local KGO, reporting that the back-scatter machines had not slowed down the lines. The main report I heard was that passengers would rather get the scan and get through quickly.

But that wasn't true at all. The machines were not on. The "enhanced" pat-downs weren't happening.  How dare they say the launch weekend was a success when they were not using them?

That's a waste of our money and a gross misrepresentation of the events. I'm afraid Bruce Schneier has it right - the TSA is not going to back down, because they'd seem like idiots.  Another example of how lobbyists for manufacturers are shaping policy, instead of policy shaping manufacturing.

The TSA is inconsistent at every airport I go to. During that trip to LA, the TSA ID checker screamed at me when I approached his podium with my traveling companion.  He would not begin her screening until I returned to behind this blue line, which was difficult as the entire line had already moved up.  Yes, I can read (but thanks for pointing it out) the sign saying to stay behind the line until he was ready to process us - I just assumed that, like every other airport, you could go up with your entire party.  At least the agent that had to do my pat-down in LAX was friendlier.  Oh, yeah, in Seattle, they actually have a sign on the podium directing people to be at each side - they can process you faster if you come up with your entire party or 2 at a time (even with strangers).

Another disconcerting thing I noticed: no where to do a private screening if requested!  Why not have a few privacy screens up?  They could be set up like a maze or other formation to take up the least amount of space while still providing privacy (and room for your witness, if requested).

Boy, am I glad I'm not flying for Christmas!

Adam Carolla and Me

I guess it's safe to say that I am a huge Adam Carolla fan. I've listened to him on Loveline, watched him on the Man Show and the Adam Carolla project, listened to his CBS radio show, and never miss a podcast (even listen to Car Cast, where I am actually learning about cars).

That being said, I couldn't believe I didn't know Adam Carolla was coming to San Jose! On Thursday afternoon, I caught a tweet from the San Jose Improv and canceled our previous plans and asked my husband if he wanted to come with me (as I was going, alone or not!)  We got there early for dinner, which got us front row seats.  It was like having a private conversation with the Ace man for nearly 2 hours. He was funny, charming and brought lots of new material to the stage.  Having the extra component of a slide show (so we really could see exactly what Adam was ranting about) made it all that much more entertaining.

I even nodded along as Adam ranted at me that, as a woman, I need to know that when my husband just starts saying "will do. will do.... will do." (ala Dr. Drew Pinsky), it means he wants to get off the phone.  Don't worry, Adam, I promise I will!



I am a good/bad audience member (depending on your perspective), because if you're funny, I will laugh uncontrollably. Thursday night, I nearly went into coughing fits due to my manic laughter :-)

If you get a chance to see him live, don't miss it. It's a great show and Adam takes the time after the show to meet, greet, sign books, and take pictures (as long as you're quick!)

Get it on!

Oh, and thanks to my husband, for being indulgent, riding his bike home at a frantic speed so we could make the express train to San Jose, and holding my place in the autograph line while I ran to the bathroom :-)

Security Friday for Oracle Solaris 11 Express 2010.11

Dan Anderson, performance guru extraordinaire, has written up some great articles on enhancements he made to the Oracle Solaris Cryptographic Framework for Oracle Solaris 11 Express 2010.11:

• Intel AES-NI Optimization on Solaris, provides background on the AES algorithm and describes how he was able to leverage Intel's AES instruction set built into the chip in order to boost performance.
• Carryless Multiplication Optimization for AES GCM Mode in Solaris, an excellent overview of what exactly GCM mode is and how this feature in the Intel chipset can be leveraged for better AES performance in the kernel.

Both are great reads and a good window into the innovation we are still doing on the Oracle Solaris Cryptographic Framework team. Thanks, Dan!

Dancing with the Stars mini-rant & question...

Spoiler Alert.... if you didn't watch last night, then don't read this.

Before I start my rant, anyone know who the dancers were for Annie Lennox's "Universal Child" performance? They were amazing!



Bristol Palin somehow, yet again, was at the bottom of the leader board and sailed into the next round - this time, the finals!  Sure, she is charming and an "every day person" - not a celebrity (but, why is she on Dancing with the Stars in the first place if not for being famous?). I get that. She seems like a wonderfully sweet young woman, but her dancing is not up to par. Routinely she freezes in the middle of the routine and stops dancing, and yet she makes it into the next round.

Last night she claimed that her success of moving forward was not politically motivated, yet there are actual political sites running 'Vote for Bristol' campaigns.  Come on people, this is a dancing competition! I've always loved it for not turning into a popularity contest, and it's worse now that a contestant is moving forward based solely on her mother's political affiliation.

Okay, it is only a TV show, but one I really enjoy watching. Great music, great performances and real personal journeys without fake drama.

... for now.... :-)

Neil Young's LincVolt has gone up in flames

I was sad to hear the news today that Neil Young's 1959 Lincoln Continental that he had converted into a hybrid caught fire and burned up. Seems that not only is this neat car that Neil brought to the Sun Menlo Park campus for a visit gone, but so are some of his other memorabilia from his long and interesting career. Luckily, nobody was hurt and the team seems to have learned something about the charging system.

Oracle Solaris 11 Express 2010.11: Trusted Platform Module

Wyllys Ingersoll wrote a great post today on the new Trusted Platform Module, and the plugin, pkcs11_tpm.so, that hooks it all into the Oracle Solaris Cryptographic Framework in Oracle Solaris 11 Express 2010.11.  You can enable and disable the TPM provider via cryptoadm:

# cryptoadm list -p provider=/usr/lib/security/\$ISA/pkcs11_tpm.so
/usr/lib/security/$ISA/pkcs11_tpm.so: all mechanisms are enabled.

# cryptoadm disable provider=/usr/lib/security/\$ISA/pkcs11_tpm.so mechanism=all

# cryptoadm list -p provider=/usr/lib/security/\$ISA/pkcs11_tpm.so
/usr/lib/security/$ISA/pkcs11_tpm.so: all mechanisms are disabled.

# cryptoadm enable provider=/usr/lib/security/\$ISA/pkcs11_tpm.so mechanism=all

You can find out more about configuring the actual TPM device over on Wyllys's blog.

Wow, Solaris 11 Express is out the door!

It's hard to really describe all of the cool things that have ended up in the Oracle Solaris 11 Express release that came out this morning. I mean, you've all heard about the new packaging system, new installer, and encrypted ZFS, but what about all of the other smaller things that have gone in over the years?

Like sedimented strong crypto algorithms - so customers no longer have to manage separate packages and patches?  These were installed by default as of Solaris 10 09/07 (aka Update 4), but I took a very different approach for Solaris 11 - removing those old packages from the OS and making strong crypto just part of all the basic modules. This greatly simplified the Oracle Solaris Cryptographic Framework source code and enabled a lot of projects to move forward, like libsoftcrypto and several projects in OpenSSL.

For the rest of this week, I'll try and highlight other Oracle Solaris 11 Express security features that we've all worked very hard on getting into this release.