Slashdot Mirror


TSA Paid $1.4 Million For Randomizer App That Chooses Left Or Right (geek.com)

An anonymous reader writes: For those of you who have traveled through U.S. airports in recent years, you may have noticed the Transport Security Administration (TSA) use a Randomizer app to randomly search travelers in the Pre-Check lane. The app randomly chooses whether travelers go left or right in the Pre-Check lane so they can't predict which lane each person is assigned to and can't figure out how to avoid the random checks. Developer Kevin Burke submitted a Freedom of Information Act request asking for details about the app. The documents he received reveals the TSA purchased the Randomizer iPad app for $336,413.59. That's $336,413.59 for an app, which is incredibly simple to make as most programming languages of choice have a randomizing function available to use. What may be even more intriguing is that the contract for the TSA Randomizer app was won by IBM. The total amount paid for the project is actually $1.4 million, but the cost is not broken down in Burke's documents. It's possible IBM supplied all the iPads and training in addition to the app itself.

206 of 334 comments (clear)

  1. Panama Papers by Anonymous Coward · · Score: 5, Funny

    TSA soon to be appearing in the Panama Papers...

  2. That breaks down to... by Anonymous Coward · · Score: 5, Funny

    $413 dollars in developer time to create the app and $336,000.59 in corporate overhead and bloat, the additional $1,000,000 is just for Evil

    1. Re:That breaks down to... by jd2112 · · Score: 1

      $413 dollars in developer time to create the app and $336,000.59 in corporate overhead and bloat, the additional $1,000,000 is just for Evil

      Much more than that. The requirements document was probably several thousand pages and required a dozen rewrites before it finally met specs.

      --
      Any insufficiently advanced magic is indistinguishable from technology.
    2. Re:That breaks down to... by mjwx · · Score: 1

      $413 dollars in developer time to create the app and $336,000.59 in corporate overhead and bloat, the additional $1,000,000 is just for Evil

      Government contracts == License to bill.

      Having worked on both sides of the government contracting fence it's not that the governments of the world are inefficient, it's that they're ineffectual.

      Government departments know and certainly care that they're getting ripped off, but they aren't permitted to do a thing about it. Companies know that is once given a job, it'll never go out to tender again so it's theirs to abuse as they see fit. Departments are not able to change the procurement process half way though no matter how disastrously it's going... but I'm sure the provider has a solution to fix that... it'll only be another $100,000.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
    3. Re:That breaks down to... by Luthair · · Score: 1

      I saw some suggestion that this actually included the cost of the devices which would make more sense. Though why not simply deploy quarters to every TSA agent and have them flip them....

    4. Re:That breaks down to... by Keybounce · · Score: 1

      $413 dollars in developer time ...

      Did they spend $612 to have someone troll slashdot with this news?

  3. Good ol' IBM, cutting out the little guy by zamboni1138 · · Score: 1

    I have practical and fool-proof system that requires no electricity or internet connection to operate.

    I can sell it to you for about $5 per TSA agent. Actual cost to me is $0. Just tell me where you want me to ship this jar of pennies.

    1. Re:Good ol' IBM, cutting out the little guy by PRMan · · Score: 1

      He already made $5 per TSA agent and I'm sure he charged them for shipping.

      --
      Peter predicted that you would "deliberately forget" creation 2000 years ago...
    2. Re:Good ol' IBM, cutting out the little guy by Anonymous Coward · · Score: 1

      Someone this desperate to avoid the point and jump in the mud of pendantic nitpicking MUST be a bureaucrat.

    3. Re:Good ol' IBM, cutting out the little guy by hawguy · · Score: 1

      maybe he found the pennies on the ground, meaning they would come at 0 cost to himself as that isn't a gain or a loss, had he just left them on the ground and really a penny is worthless today, which is why a few countries got rid of the thing to begin with.. And he could just ship a single penny to each TSA agent instead of a whole jar, which would bring the cost down so much that he'd make a healthy profit out of that $5 per agent.

      Everything has a cost, even "found" pennies -- you still have to pick it up, look at it to make sure it's really a penny, clean the dirt off it, store it somewhere, inventory it, pack it for shipping, etc.

      If you were really going to sell these pennies to TSA as a business, you'd likely be better off getting rolls of pennies from the bank.

    4. Re:Good ol' IBM, cutting out the little guy by PolygamousRanchKid+ · · Score: 1

      Just tell me where you want me to ship this jar of pennies.

      . . . but didn't IBM's precursor to their Cognitive Computer Platform named Watson beat Gary Kasparov at chess, "Deep Blue", and beat some dork at "Jeopardy", "Deep Cleavage on the assistant", and "Deep Pockets" at pitching pennies . . . ?

      So it's probably more than just a random number generator:

      "Watson, should this guy go left or right?"

      "Warning, Will Robertson . . . Danger! Danger!

      --
      Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
    5. Re:Good ol' IBM, cutting out the little guy by Lumpy · · Score: 1

      He sources his pennies from the "leave a penny take a penny" cups at stores.... so his cost is zero.

      --
      Do not look at laser with remaining good eye.
  4. Standard C library... by Etherwalk · · Score: 2, Insightful

    The question is whether it is truly random or not. If they spent $1.4M and got a truly random result, fine. It's absurdly pricey, but it works. If they spend $1.4M and got the rand() function, then terrorists might be able to exploit it to escape random searches.

    1. Re:Standard C library... by rwven · · Score: 5, Insightful

      That's really stretching things. If you use something as simple as microseconds on a clock as the seed for your "random" number generation, there's "pretty much" no way you can exploit that short of hacking the device itself. It's not like people are going to stand there with a stopwatch and tell the TSA guy "OK....press the button...Now!"

    2. Re:Standard C library... by Anonymous Coward · · Score: 2, Informative

      Well, you don't even need a cryptographically secure random number. You just need one that can't be predicted by anyone on that day, which isn't really a tall order. You could do it in any language of your choice, let everyone see the code, and seed the generator with the current time in seconds (or ms or whatever). Still nobody would be able to guess, because they can't predict when you're gonna press that button.

    3. Re:Standard C library... by ceoyoyo · · Score: 1

      I'll give you an iPad that gives you a truly random result for only $1 million. It will just feed numbers from https://www.random.org/.

    4. Re: Standard C library... by Anonymous Coward · · Score: 1

      And people aren't going to stand there for weeks figuring out the pattern/seed for the random number generator.

    5. Re: Standard C library... by amRadioHed · · Score: 2

      Good luck studying that for weeks when the seed is different for every device and probably resets daily.

      --
      We hope your rules and wisdom choke you / Now we are one in everlasting peace
    6. Re:Standard C library... by Iamthecheese · · Score: 1

      That cartoon villain level of planning isn't needed at all. There are gaping holes in the TSA security net. They take the "security" out of "security theater"

      --
      If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
    7. Re:Standard C library... by AK+Marc · · Score: 1

      And what if you don't rand() each result? You rand() the day, so each result is not random compared to the previous choice. Thus, watching long enough (or knowing the system it was built on and watching some shorter time), one could be able to predict the outcomes.

    8. Re:Standard C library... by Anonymous Coward · · Score: 1

      Even better, just flip the ipad. Screen side up is right, screen side down is left.

    9. Re:Standard C library... by s1d3track3D · · Score: 1

      That cartoon villain level of planning isn't needed at all. There are gaping holes in the TSA security net. They take the "security" out of "security theater"

      Seriously, don't you all remember, the 95% ineffective part... http://www.citylab.com/commute...

    10. Re:Standard C library... by Anonymous Coward · · Score: 5, Interesting

      If you use something as simple as microseconds on a clock as the seed for your "random" number generation, there's "pretty much" no way you can exploit that short of hacking the device itself.

      You would be surprised in just how many ways random numbers can be screwed up.

      First "simple as microseconds on a clock" is good, I have seen quite a bit of "randomized" code seeded with the system time. 15 milisecond resolution is the normal case and often leads to duplicated random sequences. High resolution timers exist and are widely available today, however they have to be actually used to help. Alternatively why use a random number generator if you could just request the microsecond time for each request - the low bits should be rather random.

      Second mapping the range of the random number generator to your target range without killing the distribution is often non trivial. C++11 came with a whole library to replace rand() and several presentations on the topic, including how rand() % 2 isn't a 50:50 split when the original range has an uneven amount of values.

      Third you often don't want a random selection - a fully random sequence can contain long stretches of only left or only right, which can overburden the affected lane while the other remains empty. Which means you somehow have to enforce the wanted distribution over shorter sequences. A simple solution can be implemented by shuffling a list with the wanted ratio of left/right values and a reshuffle each time the list is used up, games sometimes use this to avoid long loose streaks and prevent long win streaks.

    11. Re:Standard C library... by gweihir · · Score: 2

      There is absolutely no need for "true" random (whatever that is, the physical processes called "true random" are actually "we have no clue how it works, but we have a statistical model"). CPRNGs (Cryptographic Pseudo Random Number Generators) are entirely fine for this, because they are not predictable, unless you have the full state. Nobody needs "random" for this application here, non-predictable is entirely fine. As to seeding, a few precisely timed button-presses on start, a seed file from the day before and just timing whenever a new decision is asked for gives you a good initialization without problem.

      This is a _solved_ problem.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    12. Re: Standard C library... by Lumpy · · Score: 2

      reset the seed hourly based on user input like keys and mouse movement. 100% hackerproof unless the machine is compromised.

      --
      Do not look at laser with remaining good eye.
    13. Re:Standard C library... by mysidia · · Score: 1

      Since it's random and all; If they keep sending a number of new bad guys through, instead of just one, someone will get in eventually.

    14. Re:Standard C library... by Rockoon · · Score: 1

      Slashdot has gone way downhill because this sentiment above has been repeated multiple times.

      If you seed the generator before every call, you are doing it very very wrong.

      --
      "His name was James Damore."
    15. Re:Standard C library... by Jason+Levine · · Score: 4, Insightful

      That cartoon villain level of planning isn't needed at all. There are gaping holes in the TSA security net. They take the "security" out of "security theater"

      Not to mention the huge security hole before you hit the TSA checkpoint. Especially if you are in a large airport during a busy time of the year.

      TSA: "We spent $14 million to make our security process safer and more effective!"
      Terrorists: "That's nice. We think we'll detonate our bombs in this nice, crowded security line. Not only will we kill a lot of people, but then you'll shut down this airport for days wrecking even more havoc on people's travel plans."

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    16. Re:Standard C library... by AK+Marc · · Score: 1

      You don't watch the clock (seed), but watch the pattern of chosen people and deduce the next one from that pattern.

    17. Re:Standard C library... by Darinbob · · Score: 1

      They possibly used the rand() function in their billing department.

    18. Re:Standard C library... by vlad30 · · Score: 4, Insightful

      Terrorists: "That's nice. We think we'll detonate our bombs in this nice, crowded security line. Not only will we kill a lot of people, but then you'll shut down this airport for days wrecking even more havoc on people's travel plans."

      Always wondered why terrorist chose airports why not a church/synagogue packed with people on a Sunday/Saturday and zero security its easy pickings, then it would be Christians and truly a religious war but they attack airports sporting events concerts, symbols of western affluence. sort of answered my own question its not really about religion is it.

      --
      Your'e all thinking it, I just said it for you
    19. Re:Standard C library... by Anubis+IV · · Score: 2

      A) If IBM discovered a way to make something that is truly random, then $1.4M is not only a bargain, it's revolutionary.

      B) IBM didn't make something truly random. They used a psuedo-random number generator (PRNG), the same as the rest of us, and we already have ones that are good enough for advanced cryptography. For a left/right decision, you could seed it with something trivial like the time of day accurate to the ms and have a degree of randomness sufficient to thwart attempts at exploiting the randomness of the decision.

      C) The decision itself is flawed in its conception, since you only need to have a few terrorists lined up consecutively to have a high degree of certainty of having one or more go through the line you want.

    20. Re:Standard C library... by KGIII · · Score: 2

      A couple of things to add to the above...

      While it's a philosophical matter, I do not know if we even have true random. We have unpredictable pretty well covered and we have some things (like radioactive decay) that aren't yet understood well enough to be predicted. There are suitable sources for unpredictable results but I'm not really sure that we've got true random. I think that, in the few areas where we do have something close, that it's actually a lack of understanding on our part that makes us think that it is random.

      Then, they don't want random - not in the sense that lots of people seem to think. If everyone were randomly selected then a near 50% would go through the line to get the extra searching. They don't want that - they might want something like 1:20 to go through that line, so what they really wanted was something that was randomly selecting someone 1:20 (or whatever) and not something that was random 1:1 like a lot of people posting in this thread seem to be assuming.

      At the same time, this needs to not have a discernible pattern. Otherwise, the supposed terrorists would know that they'd have some room to spare if they had seen someone be selected for the extra search. They'd have, on average, a minimal of 10 non-extra search slots following each one, though I think the math would show that it would be closer to 20. I'll say 10 just to keep it short and not quibble over the details.

      The assumptions are *NOT* being made by the poster I'm responding to, by the way. Sadly, I have to make that clear.

      They're not randomly selecting if a person is going to go through the line so much as they're randomly selecting which, of X number of people, person is going through the line. I didn't feel like making multiple posts so I'm stuffing the two together and calling it good. I'm lazy today.

      And, on a personal note - not really related to this, they don't want random at all. Random is FUCKING STUPID! They damned well should be profiling. They should be selecting people based on certain criteria. They should be giving extra scrutiny to people who appear nervous, appear to be traveling alone, are not carrying much baggage, bought a one way trip, etc... That might mean that they're even picking people who appear to be of a certain religious persuasion or color. Security really doesn't give two shits about being politically correct, now does it? No, it does not.

      Alas, that's a subject for a different day.

      --
      "So long and thanks for all the fish."
    21. Re:Standard C library... by stealth_finger · · Score: 1

      Yeah, but the first time one gets caught with a bomb up his nose it's get that grabber thing from total recall and stick it up every ones nose and so on.

      --
      Wanna buy a shirt?
      https://www.redbubble.com/people/stealthfinger/shop?asc=u
    22. Re:Standard C library... by N1AK · · Score: 1

      Even if it was viable to stand there watching the line for long enough to detect a pattern, which I'm not remotely persuaded it is this still wouldn't be an issue. The odds of an organisation actually trying this as an attack vector is nominal, there ability to pull it off and then get in line carrying something that they need to get through screening in a way that ensures they get to the decision point in the right place is even lower.

    23. Re:Standard C library... by N1AK · · Score: 1

      It's not optimal, but calling it wrong is a perfect example of the old stereotypical out of touch with reality coder mentality. The purpose of the app is to make it effectively impossible to avoid random screening; even though seeding each event is poor practice it isn't "very very wrong" if the app fulfils its purpose.

    24. Re:Standard C library... by DivineKnight · · Score: 1

      Because people will notice you trying to bring a giant dufflebag into a church.

    25. Re:Standard C library... by houghi · · Score: 1

      It is not just rand() they used. It also checks the color of the skin. The hard part is that at the end the result must be 50% left and 50% right. So it needs to keep track of ALL the devices so it can be proven that it is random, while in reality it isn't.

      I started writing this as a joke, but the more I think about it, it might actually be true.

      --
      Don't fight for your country, if your country does not fight for you.
    26. Re:Standard C library... by gweihir · · Score: 1

      Two comments:

      1. It is completely unknown whether anything truly random exists in this universe. I fully agree with you.

      2. Profiling has advantages and disadvantages. To get the best results you will do both: Profile everybody and then add some randomly selected ones. As the TSA does not try to do actual security, they are happy with random only, something every actual security expert knows is not going to cut it.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    27. Re:Standard C library... by rhazz · · Score: 1

      Always wondered why terrorist chose airports why not a church/synagogue packed with people

      They do all the time. Bombings in the middle east are often in checkpoint line-ups (often lineups for police recruitment), crowded markets, crowded funerals, etc. Further west we have the London subway, Boston Marathon, etc. Airport bombings generally cause more commercial loss than the others though, so it really depends on the terrorist group's goal.

    28. Re:Standard C library... by thegarbz · · Score: 1

      Always wondered why terrorist chose airports why not a church/synagogue packed with people on a Sunday/Saturday and zero security its easy pickings,

      Because no one gives two shits about a bunch of people dying.

      Shutting down an airport, a street, or a subway station on the other hand has far more of an effect even if you don't manage to kill anyone.

    29. Re:Standard C library... by qbast · · Score: 1

      So what. It will be the last thing they notice in their lives.

    30. Re:Standard C library... by thoromyr · · Score: 1

      At its core, terrorism is about demonstrating that your government cannot protect you. This is in contrast to the alleged goal of terrorism -- usually to change a policy (such as military intervention in foreign domestic affairs). Governments enjoy this as it gives them an excuse to impose ever more draconian controls (nothing essentially evil there, just a basic truth about consolidation of power).

    31. Re:Standard C library... by david_thornley · · Score: 1

      some things (like radioactive decay) that aren't yet understood well enough to be predicted

      It's likely not predictable. Bell's Theorem tells us that quantum randomness cannot be explained by internal state (in the form of local hidden variables). There are theories that preserve causality and predictability, but which require things like instantaneous communication (whatever that is) between measuring instruments, which have their own problems. This isn't apparent randomness through lack of understanding, but understanding of the difference between true and apparent randomness, and experimental confirmation of true randomness.

      Last I looked, several hundred dollars would buy a nice randomness generator based on radioactive decay, which you would plug into a USB port. Given that, it's easy to select any desired fraction of people for additional screening. By changing the probability of selection based on how many people had been selected already, it's possible to damp down the random variability at the cost of predictability.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    32. Re:Standard C library... by david_thornley · · Score: 2

      A) Radioactive decay is probably truly random, and you can get generators based on it for a lot less than $1.4M.

      C) Assuming random selection with a fixed probability, it doesn't matter whether the terrorists are lined up consecutively or not.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    33. Re:Standard C library... by Tablizer · · Score: 1

      "Randomtologist" is the Next Big Career

    34. Re:Standard C library... by Anubis+IV · · Score: 1

      C) Assuming random selection with a fixed probability, it doesn't matter whether the terrorists are lined up consecutively or not.

      Quite right. I was merely intending to point out the ease with which it could be accomplished, but what I said could definitely be taken to imply that the consecutive ordering was important in some way, which it most certainly is not. Thanks for the correction.

    35. Re:Standard C library... by AK+Marc · · Score: 1

      If that's true, they should have issued pennies, and not spent so much on a system that won't even stop anyone anyway.

    36. Re:Standard C library... by AK+Marc · · Score: 1

      And you missed the point that it doesn't deter terrorism anyway, and if it did what it should 100% of the time, it's still a waste of time/money. If it sucks regardless of whether it works properly, it was a bad decision.

    37. Re:Standard C library... by Gussington · · Score: 1

      The question is whether it is truly random or not. If they spent $1.4M and got a truly random result, fine. It's absurdly pricey, but it works. If they spend $1.4M and got the rand() function, then terrorists might be able to exploit it to escape random searches.

      The cost doesn't matter since passengers opt in to use this service for a fee. With millions of passengers, all costs are recovered, so there really is no story here.

    38. Re:Standard C library... by Gussington · · Score: 1

      Terrorists: "That's nice. We think we'll detonate our bombs in this nice, crowded security line. Not only will we kill a lot of people, but then you'll shut down this airport for days wrecking even more havoc on people's travel plans."

      Always wondered why terrorist chose airports why not a church/synagogue packed with people on a Sunday/Saturday and zero security its easy pickings,

      Duh, haven't you heard of God? The guys with the bombs actually believe this creature exists, so it would be foolish to fuck with him.

    39. Re:Standard C library... by cwsumner · · Score: 1

      Randomness is a resource, you have to get it from somewhere. Just be careful where you get it...

    40. Re:Standard C library... by gweihir · · Score: 1

      Last I looked, several hundred dollars would buy a nice randomness generator based on radioactive decay, which you would plug into a USB port. Given that, it's easy to select any desired fraction of people for additional screening. By changing the probability of selection based on how many people had been selected already, it's possible to damp down the random variability at the cost of predictability.

      Waste of money. A reverse-breakdown source gives you about half tunneling noise and about half thermal noise, amplified nicely by avalanches. The whole thing costs a few EUR/USD and whatever you want to spend on the USB interface. Add some post-processing and you are good. Incidentally, a Geiger-Mueller tube also has thermal noise, known as the "zero rate", and it also has a time where it cannot detect pulses after a pulse, so you need some post-processing anyways.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  5. Maybe by Anonymous Coward · · Score: 3, Insightful

    "as most programming languages of choice have a randomizing function available to use"
    You mean has a psudo-random function that is not that hard to predict.
    Casino Level Randomization is a little harder.

    1. Re:Maybe by Anonymous Coward · · Score: 5, Informative

      A little harder, yes, but not by much.

      I work on regulated casino software. And we use the Mersenne Twister rather than any sort of dedicated randomization hardware.

    2. Re:Maybe by Anonymous Coward · · Score: 5, Informative

      Some casinos are using actual quantum RNGs. For $1k I can get a USB RNG that emits one photon at a time and a polarized mirror with a perfect 50% chance to go through or reflect off of. 4Mbit/s of RNG. For $35 you can get a pretty strong opensource USB RNG that uses a combination of several quantum level electric, electro-thermal, and EM noise. http://www.bitbabbler.org/

    3. Re:Maybe by Anonymous Coward · · Score: 3, Insightful

      Reset the seed to the millisecond the button was pressed each time it's pressed. Its breakable, but if you can bribe the guard to time it exactly, you can also bribe him to simply put you in one line regardless of what the app says. If you can't bribe the guard, good luck syncing the device's time and trying to social engineer the guy to press the button at an exact moment.

    4. Re:Maybe by TechyImmigrant · · Score: 4, Informative

      Some casinos are using actual quantum RNGs. For $1k I can get a USB RNG that emits one photon at a time and a polarized mirror with a perfect 50% chance to go through or reflect off of. 4Mbit/s of RNG. For $35 you can get a pretty strong opensource USB RNG that uses a combination of several quantum level electric, electro-thermal, and EM noise. http://www.bitbabbler.org/

      All nondeterministic RNGs are quantum in nature. All physical things are.

      What people mean by quantum RNG is actually that they are isolating a single quantum event from all the others. So it has a nice distribution. Only this does not happen. As far as I've been able to ascertain (and it's my job to know) all quantum RNGs are measuring the sum of multiple events and so getting a binomial distribution that then needs a traditional entropy extraction algorithm to get to data with nondeterminism, a uniform distribution and something close to 100% Renye min entropy. This is therefore no different to normal RNGs except there's a smaller number of things in the core nondeterministic process.

      For $0 extra, you can use the RNG in your computer. They're pretty good these days.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    5. Re:Maybe by gweihir · · Score: 1

      Depends on the language. Some use MT19997 and that is pretty good and still fast (not directly suitable for crypto though). And as soon as you have a crypto-library, you will get a CPRNG that is a lot better than what is needed here even if it is pretty bad, because of the low number of bits used.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    6. Re:Maybe by gweihir · · Score: 1

      Interesting. Do you encrypt the output or put it through a keyed hash? Or are you using little enough randomness that attacks become too hard? I would have expected a CPRNG being the minimal requirement, though.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    7. Re:Maybe by gweihir · · Score: 1

      The $1k thing is for idiots. Unless they do whitening, it _will_ have bias. Reverse-breakdown noise feeding a CPRNG is by far enough.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    8. Re:Maybe by gweihir · · Score: 1

      Look at reverse-breakdown noise in a storage oscilloscope with bandwidth > 100MHz. Individual tunneling events are visible as you get a randomized saw-tooth. True, that are not individual electrons tunneling, but individual avalanches caused by individual electrons tunneling. A bit similar to what a photo-multiplier or a Geiger-Mueller tube gives you, but a _lot_ cheaper.

      As to getting a good distribution, no physical system can do that. That is why anybody competent feeds the noise to a CPRNG instead of using it directly.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    9. Re:Maybe by Jason+Levine · · Score: 1

      Even if there's a bias, they can eliminate it by taking two readings and then reacting as follows:

      Left-Left => Ditch the result and try again
      Left-Right => Direct the user left
      Right-Left => Direct the user right
      Right-Right => Ditch the result and try again

      This should even out any bias and leave you with a 50-50 result.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    10. Re:Maybe by gweihir · · Score: 1

      You have not. You may have misunderstood how those TRNGs worked though.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    11. Re:Maybe by gweihir · · Score: 1

      And if you do that, you get higher-order non-random behavior. Seriously, it is known how to do this right.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    12. Re:Maybe by TechyImmigrant · · Score: 1

      I think you would do better to respond to what I wrote, not what you think I wrote.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    13. Re:Maybe by TechyImmigrant · · Score: 1

      Look at reverse-breakdown noise in a storage oscilloscope with bandwidth > 100MHz. Individual tunneling events are visible as you get a randomized saw-tooth. True, that are not individual electrons tunneling, but individual avalanches caused by individual electrons tunneling. A bit similar to what a photo-multiplier or a Geiger-Mueller tube gives you, but a _lot_ cheaper.

      As to getting a good distribution, no physical system can do that. That is why anybody competent feeds the noise to a CPRNG instead of using it directly.

      Actually it's normal and correct to feed the noise into an entropy extractor. Then feed the resulting full entropy seeds into a CSPRNG.

      You can go right in skipping the extractor and there are some proofs of the seeding process in some PRNGs being also an extractor. A 2 for the price of 1 deal. But it's not codified in any standards like SP800-90 or ANSI X9.82. The focus for these schemes is lightweight crypto and it hasn't panned out yet.
       

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    14. Re:Maybe by david_thornley · · Score: 1

      Suppose you have a true random-number generator that's biased, in the sense that it emits different numbers of 1s and 0s over time. If you use GP's method to remove bias, there is no higher-order non-random behavior to worry about.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    15. Re:Maybe by TechyImmigrant · · Score: 1

      That's correct. However if we ever get to the point where quantum computers have enough bits to attack crypto, then CSPRNGs will have a problem and instead we will need all RNGs to produce only full entropy bits, rather than random sequences with computational bounds on prediction.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    16. Re:Maybe by TechyImmigrant · · Score: 1

      >a polarized mirror with a perfect 50% chance to go through or reflect off of.

      On that I call bullshit. That ain't no thing as a perfect 50% reflectivity.

      From that imperfection, Pinkas's theorem is all you need to show your hopes of perfection are dashed on the harsh craggy rock of the mathematics of single input extractors.

      Sorry.
       

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    17. Re:Maybe by gweihir · · Score: 1

      First, you are not counting zeros and ones, you are averaging unsigned byte value. That is different, but lets overlook that for now.

      Bias is basically any deviation from not having memory and perfect 50:50 distribution. There are a lot of theoretical and concrete tests, but basically they all look at sequences of bits and check some variation or (for the practical tests) approximation of "all sequences of equal length must show up equally often".

      Now, as to your example: Calibrating a TRNG to a precision that actually approaches 50:50 and not having any whitening or other post-processing (that in effect does whitening) is in infeasible in practice. The precision needed for your example seems to be roughly somewhere around 0.1%, which is feasible in practice. The deviation between the two runs is large enough for the given sequence length that a systematic source (temperature, e.g.) seems likely.

      For a crypto-generator, 0.1% is a large bias. (For an example that this is a large bias in crypto, look at how RC4 was broken.) For a simulation generator, this may also be a rather large bias, depending on use. It causes higher-order correlations between the bits, and that can potentially be very bad. And this single-bit figure is not enough, as bits may be correlated in addition, for example, "10" showing up more often than "01", which will not even show up in single-bit statistics, or an occasional too-frequent short run of "1....1" which is not enough to skew the 0/1 statistics significantly, but which will be a huge problem both for crypto and for simulation.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  6. Happy to know1 by misanthropic.mofo · · Score: 1

    I'm just happy to know that my most favorite of government agencies is spending my tax dollars wisely.

    --
    --There are two kinds of people in this world. I don't like either of them.
  7. Re:Obviously they had to pay a lot by TWX · · Score: 4, Insightful

    I know you're being silly on purpose, but would a true randomizing device really be necessary? Human traffic patterns already have such a random element to them that even if one somehow could reliably predict the next number in the software algorithm, there are so many other factors that can't be controlled that it's still essentially random anyway.

    I honestly could see it being in the low five-figures to develop such an application, but that money would mostly be applied to figuring out how to design the user-interface of the application such that it best-fits with how the TSA is *supposed* to operate, and in beta-testing to confirm that it does what it's supposed to do and that any untrained TSA agent down to the junior-assistant-trainee who breathes with his mouth open could use it and understand it, but mid-six-figures is pretty ridiculous.

    --
    Do not look into laser with remaining eye.
  8. Why do you need an iPad and an app? by Anonymous Coward · · Score: 1

    A simple micro-controller, a button, and two LEDs would work just as well for just a few bucks.

    1. Re:Why do you need an iPad and an app? by John+Bresnahan · · Score: 4, Informative

      A simple micro-controller, a button, and two LEDs would work just as well for just a few bucks.

      A die (singular of "dice") would work just as well, and would handle up to 6 checkpoints.

      Amazon has them, 100 for $2.79.

    2. Re:Why do you need an iPad and an app? by cfalcon · · Score: 1

      > A die would work just as well, and would handle up to 6 checkpoints.

      Screw that, just hand out a set of polyhedral dice. You can trivially generate 1 or 2, 1-3, 1-4, 1-6, 1-8, 1-10, 1-12, 1-20, or 1-100, and that's without getting cute with rerolls or bases that aren't 10.

      https://en.wikipedia.org/wiki/...

      Not that you should need a link- this is slashdot, you know D&D.

    3. Re:Why do you need an iPad and an app? by shutdown+-p+now · · Score: 1

      I actually wonder why they need any randomization behavior here at all. Why not just switch between lanes in a round-robin fashion (i.e. for two lanes, 1-2-1-2-1-2-...)? Statistically speaking, this should produce the same distribution as a randomizer, so the effect on the queues would be the same, no?

    4. Re:Why do you need an iPad and an app? by shutdown+-p+now · · Score: 1

      Okay, that makes more sense now, thank you.

    5. Re:Why do you need an iPad and an app? by z0idberg · · Score: 1

      I hope you aren't suggesting that we entrust our security and a lives to just random chance are you??

      We need very sophisticated, very complicated and most importantly very expensive systems to determine which line I need to stand in in order for my loved ones and I to be truly safe.

    6. Re:Why do you need an iPad and an app? by Jason+Levine · · Score: 2

      I roll to dodge the Rapiscan line. *1* Rats.

      Ok. I roll to dodge to pass the scan without any anomalies. *2* Failed.

      Ok, so anomalies are found. I roll to protect against the TSA pat-down. *1* Failed.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    7. Re:Why do you need an iPad and an app? by Pseudonym · · Score: 2

      Presumably Pre-Check fliers get a saving throw?

      --
      sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
    8. Re:Why do you need an iPad and an app? by KGIII · · Score: 1

      Versus orcs, yes.

      --
      "So long and thanks for all the fish."
    9. Re:Why do you need an iPad and an app? by KGIII · · Score: 1

      You should have checked for traps, n00b. Also, you probably get a racial bonus - it's your job to remind the DM.

      --
      "So long and thanks for all the fish."
  9. Training? by Feral+Nerd · · Score: 4, Interesting

    The TSA's employees need training on an app that randomly tells people to go left or right?

  10. Nice nonsensical article. by Anonymous Coward · · Score: 5, Insightful

    ZOMG $1.4M for an app that randomizes a single bit!!! (*)

    * Note that it may have actually been $1.4M for hardware, training, and app.

    Seriously, how fucking asinine are these clickbait articles getting? If you can decisively say that they charged $300k+ or $1.4M+ for an app that simple, do so. Otherwise you're just full of shit.

  11. Re:Training? by Sebby · · Score: 1

    Better to train/pay a human then to buy robots or mechanical gateways to direct people randomly.

    --

    AC comments get piped to /dev/null
  12. When Mr. Trump says fraud and waste .... by Trachman · · Score: 4, Interesting

    He means precisely instances like that. One needs to find a more idiotic view: the app tells TSA person which way to show the finger. If anybody wants an example of fraud, waste and abuse: this is it. We could listen ad nauseum to TSA explanations, saying that app needs to be secure, or that they have to follow the procedures, or they needed many licenses.... blah blah blah

    The point is that if airport security would be private that kind of nonsense would not exist by definition. Now it is public money that were spent.

    This is not the only software that uses random function. There is another software that randomly selects passengers for additional screening. Here is how Israel does it, does it for free and very effectively: they let the screening agents to pick and choose any passenger that they want or have a hunch. So fare they are very effective in preventing bad dudes in boarding their planes.

    1. Re:When Mr. Trump says fraud and waste .... by E-Rock · · Score: 2

      Except this is America, and the TSA seems to pick from the bottom of the barrel, so your plan would just result in extra 'screening' for all the hot chicks? If you think that's absurd, see how good a job they did picking who to run through the body scanners.

    2. Re:When Mr. Trump says fraud and waste .... by beelsebob · · Score: 3, Insightful

      He means precisely instances like that.

      The problem is, that what he proposes, is more of this... He proposes that more of the country should be privatised, because "businesses can do it much more efficiently".

      The correct solution here was not to get any business involved at all, because as soon as you do that, they try and make a (huge) profit out of it. The correct solution was instead to get a software engineering intern on the government's payroll to write this app in one day.

    3. Re:When Mr. Trump says fraud and waste .... by drinkypoo · · Score: 1

      When Mr. Trump says fraud and waste, he means not the kind where he's making a profit.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    4. Re:When Mr. Trump says fraud and waste .... by Afty0r · · Score: 1

      Here is how Israel does it, does it for free and very effectively: they let the screening agents to pick and choose any passenger that they want or have a hunch.

      Yeah but errr... they're not private. What's your argument? We should privatise? OR we should do it like Israel? To do it like Israel will cost billions of dollars of public money because... the Israelis hire they're smart people and give them a great deal of training. Your average TSA grunt is so dumb they would have died off before reaching breeding age if they were born more than a few generations ago.

    5. Re:When Mr. Trump says fraud and waste .... by Trachman · · Score: 1

      That is a good one. To present a better statistical gymnastic, comparable to the one done at similar type of organizations as TSA, you better say the following:

        there is approximately one billion (almost) travelers per year. 1.4 million divided by one billion, only makes less than 0.1 cent per passenger per year.

      Keep dividing and you will always find a way to justify a waste.

      The point is that such app was completely unnecessary to begin with. The second point is that this is just a tip of an iceberg.

    6. Re:When Mr. Trump says fraud and waste .... by dbIII · · Score: 1

      OR we should do it like Israel

      That was the original idea and it would have cost a lot less but taken a lot longer to implement. With better trained people you do not need as many of them.
      Stupidity became the default and now it is a giant welfare scheme and money funnel to cronies (eg. Rapiscan). Shutting it down would be political suicide so nobody has the balls to stop the ball squeezing.

    7. Re:When Mr. Trump says fraud and waste .... by KGIII · · Score: 1

      You skipped the option for "less waste" and went right to "never any waste."

      If you were ever curious as to why people ignore you or call you names, that might be a good indicator.

      Do note: I've not offered a position or opinion on anything other than your inability to comprehend complexities involving more than binary choices. "But it's not perfect!" is retarded.

      --
      "So long and thanks for all the fish."
    8. Re:When Mr. Trump says fraud and waste .... by k6mfw · · Score: 1

      proposes that more of the country should be privatised, because "businesses can do it much more efficiently".

      there was a time when airport security was privatized, and as the years went by businesses made more "efficient" eventually those doing the screening were earning minimum wage (hey, they reduced operating costs to maximize profits).

      --
      mfwright@batnet.com
    9. Re:When Mr. Trump says fraud and waste .... by sribe · · Score: 1

      The point is that if airport security would be private that kind of nonsense would not exist by definition.

      Bullshit.

    10. Re:When Mr. Trump says fraud and waste .... by houghi · · Score: 1

      To have people go by a hunch, you either do not give a shit if they call you racist or you need to train people and that will have a cost as well.
      If you do not want to come off as a racist, it means also to hire people that will be more expensive than what they pay now. The cost would easily be much, much higher than what they pay now.

      And yes, if the airport security would be private, it would still exist. Or do you propose a system where you have competition of several seperate doors where you can select who does your check? So you select between three different TSA companies at the airport. Fast, cheap or secure. Take any one of them, so you do not have to deal with the other ones.

      Now if you think that nis a bad idea and it should be one company per airport, you are moveing the choice of the terrorist from the lines to the choice of airport.

      And if one company for all, the prices will start lower at first and then escalate year after year, while it will be handled by smaller companies. As companies are there to make money, not to bring security, they will look at how to reduce cost while increasing prices to get a bigger margin.

      I also like that at one point you say private companies are the solution and then how Isreael does it (not with private companies).

      You flip-flop as much as Trump.

      --
      Don't fight for your country, if your country does not fight for you.
    11. Re:When Mr. Trump says fraud and waste .... by gzuckier · · Score: 1

      Here is how Israel does it, does it for free and very effectively: they let the screening agents to pick and choose any passenger that they want or have a hunch.

      Yeah but errr... they're not private. What's your argument? We should privatise? OR we should do it like Israel? To do it like Israel will cost billions of dollars of public money because... the Israelis hire they're smart people and give them a great deal of training. Your average TSA grunt is so dumb they would have died off before reaching breeding age if they were born more than a few generations ago.

      Yes but that's because the israelis take it seriously and we're just playing security like a bunch of 6 year olds.

      --
      Star Trek transporters are just 3d printers.
    12. Re:When Mr. Trump says fraud and waste .... by david_thornley · · Score: 1

      The Israeli approach is to have a competent person spend at least a little time with each passenger. That's going to be a lot more expensive than a more mindless approach.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  13. Re:Training? by BeauHD · · Score: 2

    This may be the most surprising tidbit in the article.

  14. Re: Obviously they had to pay a lot by Anonymous Coward · · Score: 1

    Sorry, doesn't meet the specifications. Your solution picks "yes" or "no", but we require it to pick " left " or "right ".

    *sarcasm*

    It is idiots and red tape that cause simple things to explode into stratospheric costs.

  15. iPad has a camera by flargleblarg · · Score: 1

    Perhaps it snaps a picture of the person, analyzes it with deep neural learning, and decides whether or not the person looks suspicious.

    1. Re:iPad has a camera by The-Ixian · · Score: 1

      Maybe "Random" is the name of the app but has nothing to do with the functionality...

      --
      My eyes reflect the stars and a smile lights up my face.
  16. Tricky... by jjn1056 · · Score: 1

    This is one of those things that sounds like it could be tricky to actually get right. Still they could just do what that secret service does when choose travel options for the President; you flip a coin with one agent calling it in air and the other doing the flipping. Seems reasonable free from exploits.

    FWIW I don't think this about cryptographically secure random and more about a system that by design can't be hacked and such that you'd need to bribe an entire team to get through the line you want.

    --
    Peace, or Not?
  17. What if the NIST were involved? by Streetlight · · Score: 1

    If the random number generator used in the algorithm came from the National Institute of Science and Technology (NIST), it might not be as random as possible.

    --
    In a time of universal deceit, telling the truth is a revolutionary act. George Orwell
    1. Re:What if the NIST were involved? by david_thornley · · Score: 1

      Depends. Was the NSA required to be involved?

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  18. Sounds about right by Onthax · · Score: 2

    Honestly having worked with government, it sounds about right probably a 1000 hours of meetings to choose the colours, shape, discuss the randomizing algorithm etc. prob took no time at all to write.

    1. Re:Sounds about right by Moof123 · · Score: 1

      This.

      Heck any large organization comes with a very high decision tax. Some underling effed something in the past, so going forward VP level authority is needed to do anything that affects more than your part of the office. VP's are just as error prone and even more risk adverse, not to mention busy as hell. So pre-meeting meetings are held, consultants are brought in to provide unbiased opinions, lawyers have to be consulted since it crosses state lines, and finally the finance department will lose the darn invoice and so on. So even in "efficient" corporate America you can have something like this end up costing $100k's just to roll out.

    2. Re:Sounds about right by Verdatum · · Score: 1
      I mean, sure UI design by committee is a wonderful and common way to waste money, but even with pretty efficient development houses, you pretty much cannot design anything involving custom software for much less than a million dollars.

      This likely started out as an investigation of the problem. People doing research and modeling to determine what an optimal scenario would be to manage the issue of line-gaming. They probably tried out all sorts of clever and more complicated ideas that all had little problems of their own. Finally, at the end of it all, the conclusion is reached that 2 lines and a randomized coinflip mechanism is the best solution. I'd go into explaining just how friggin' expensive it is to employ people like developers and testers, and all the other people involved in writing custom software but, long story short, $336k would be about right for developing a stable custom application. The additional money, if applied to things like support contracts and hardware, would also not be surprising.

      Is it stupid? Sorta. But imagine the alternative. Instead of all that mess, a bright person at TSA looked at the problem, correctly made the educated guess that splitting people into 2 lines via a randomizer app was the right move, and then distributes a FOSS coinflip app or a dirt-cheap CotS app. This is all well and good until the educated guess turns out to be wrong. Or the unevaluated software has a glaring exploitable security flaw in it. Then instead of the article we see here, we get an article saying the TSA was completely stupid for not looking into this stuff decent enough to catch these sort of massive flaws. In the unlikely event that any of these problems contributed to a successful attack, the public would be screaming for blood.

      So yeah, 2 lessons here: custom professional software is pretty much always going to be really expensive, and an entity like TSA, given it's role, is pretty much always going to get stuck eating the cost of employing appropriate Risk Management techniques.

  19. Re:Training? by Anonymous Coward · · Score: 2, Funny

    The TSA employees first needed to be trained to understand "left" and "right".

  20. Re:I'd like to bid next time by sexconker · · Score: 1

    I have a system that is:
    - Analog
    - Does not require electricity
    - Durable
    - Ambidextrous
    - Gender neutral
    - Made in the USA

    It is called a flipping a US quarter. For $1.2M dollars, I will provide 1 case of 2000 quarters and a training video on how to flip coins.

    Training video here: http://putlocker.is/watch-goin...

  21. Re:I'd like to bid next time by amicusNYCL · · Score: 1

    I'm happy to compete, because I have a system that is more effective, easier to use, as well as cheaper. My solution only costs $1.1 million, and I will furnish 10,000 coins. Instead of bulky, heavy quarters my system uses a copper-plated zinc coin that is both smaller and lighter than a quarter, resulting in less physical strain in the workforce. The obverse depicts the profile of a man, while the reverse is of a rectangular building which cannot be confused with the obverse. In addition, my system contains all of the benefits of your system, with a 500% increase in deployment size, at a substantial cost savings to the taxpayer.

    --
    "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
  22. Rules and Regulations by TechyImmigrant · · Score: 5, Insightful

    Are you selling it to the federal government? [YES]
    Is a random number generator used in the product? [YES]
    Is the product intended for a security application? [YES]

    Requirement: The Random Number Generator be CAVS certified to SP800-90A and the module within which is operates be FIPS140-2 certified.

    That's $100,000 before you've got out of bed, to meet the government procurement requirements.

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    1. Re:Rules and Regulations by trout007 · · Score: 1

      The requirements are still up to the Contracting Team. Also if you go by Federal Acquisition Regulation (http://farsite.hill.af.mil/reghtml/regs/far2afmcfars/fardfars/far/12.htm#P39_4241) one of the the first thing you need to do is market research see if there are any commercial off the shelf products and use those.

      --
      I love Jesus, except for his foreign policy.
    2. Re:Rules and Regulations by TechyImmigrant · · Score: 1

      Yup. That doesn't lift the tick box certification requirements, although I bet you could waive you way through this one if you paid someone enough money.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  23. Why am I working for a living? by kheldan · · Score: 2

    I read stuff like this and it makes me question having ethics and conscience.

    --
    Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
  24. Exploit? by SuperBanana · · Score: 1

    "If they spend $1.4M and got the rand() function, then terrorists might be able to exploit it to escape random searches." Like lining up sequentially with 2, maybe 3 people?

    1. Re:Exploit? by bugs2squash · · Score: 1

      We'll never know

      --
      Nullius in verba
    2. Re:Exploit? by Anubis+IV · · Score: 2

      There are only two cases where exploiting the left/right randomization would matter to terrorists

      1) They already have a means of getting contraband through the screening on one side but not the other, in which case your system is already broken, since the terrorists already have a 50% chance of getting through screening, even if your RNG is working the way you want.

      2) There's a target on the one side but not the other, but if they want to make sure someone hits the target, they can just send a few terrorists through together in the line. Send four in a row and your odds are nearly 95% that at least one would end up on the side you want. And if they're all together, by the time the first one is discovered, the one you wanted would already be at his destination.

  25. $1.4 million just to flip a coin? by sk999 · · Score: 1

    Come on now, what could go wrong? Well, OK
    http://www.footballzebras.com/...

  26. In this thread... by fizzup · · Score: 1

    In this thread you will find out why it is unusual to find a software developer that can start a successful software development business.

  27. Re:Training? by argumentsockpuppet · · Score: 5, Insightful

    It's possible IBM supplied all the iPads and training in addition to the app itself.

    I know it is fun and easy to criticize the TSA, and I am in favor of replacing them entirely with any of a dozen different possibilities. That said, there is a big difference between developing an app and supplying hardware and doing testing and training. I could build the app but I have no idea what the cost would be to test it sufficiently to meet government standards, then train the staff to use them, then equip the staff with hardware to use it. The cost of the app could literally be $0 and still top $1 million after the testing, training and equipment costs.

    Someone else pointed out this is typical clickbait. It's got a shocking headline but then scant details on what actually caused the scenario. If they'd instead said "TSA has IBM develop an app that IBM contributed for free in exchange for exclusive rights to train staff for $10/hr each on how to handle customer service. Additionally, IBM will supply sufficient devices to have a minimum of two for each airport line at 5% profit per device" then the headline wouldn't generate nearly so much interest and the criticisms would be much better founded.

    I wouldn't be at all surprised to find out that the bureaucracy that guides the TSA spent far more than is reasonable. I just didn't see enough details in TFA to assume that is actually the case. Does *anyone* have a breakdown on what kind of training, what kind of testing, what kind of devices were purchased?

  28. Re:Training? by Calydor · · Score: 5, Funny

    That was surprising? Have you seen a TSA agent recently?

    --
    -=This sig has nothing to do with my comment. Move along now=-
  29. Re:There already exists a device for this... by Calydor · · Score: 2

    To be fair, can you imagine flipping a coin and flawlessly catching it thousands of times per day?

    --
    -=This sig has nothing to do with my comment. Move along now=-
  30. Re:training? by cfalcon · · Score: 1

    > What, how to press the "flip coin" button?

    Several million to design a physical UI so you really feel like you are flipping the coin?

  31. Re:I'd like to bid next time by cfalcon · · Score: 1

    You two best race to the patent office!

  32. Re:Training? by Actually,+I+do+RTFA · · Score: 1

    Presumably the app takes inputs like lanes open, pre-check lanes open, historical information on speed of processing each lane, etc, to decide how many people get assigned to the pre-check lane. And training the supervisors to upload all that data is a major cost, right?

    I do see the ipad on a nice ruggedized stand/enclosure, and I'd imagine the 1M non-development costs include those units.

    --
    Your ad here. Ask me how!
  33. SchrÃdinger's cat by PPH · · Score: 2

    Build a device with a small radioisotope source, detector, poison vial and cat. Calibrate the source to provide a 50% probability of a particle emission for the average passenger rate. Open the box and check the cat. Cat alive: Right lane. Cat dead: Left lane, reset vial, replace the cat and proceed.

    --
    Have gnu, will travel.
    1. Re:SchrÃdinger's cat by ChunderDownunder · · Score: 2

      Dear slashdot.

      Please fix foreign characters.

  34. Re:Obviously they had to pay a lot by Intron · · Score: 3, Funny

    What happens when ISIS uses one of the well-known DNS holes to redirect http://www.yesnogenerator.com/ to a site that returns the answer that they want? You just let 5 terrorists get through security.

    --
    Intron: the portion of DNA which expresses nothing useful.
  35. Re:Training? by Intron · · Score: 1

    The TSA's employees need training on an app that randomly tells people to go left or right?

    The app was the easy part. The expensive part was being able to answer "Do you mean my right or your right?" every time they tell someone which line to get in. Anti-violence training is expensive.

    --
    Intron: the portion of DNA which expresses nothing useful.
  36. Re:Obviously they had to pay a lot by mysidia · · Score: 2

    I know you're being silly on purpose, but would a true randomizing device really be necessary?

    I have a $0.01 alternative to this randomizer app.... Flip a fair coin. Designate one side of the penny Heads, and the other side tails....

    Also, even if they have 50,000 pre-check lanes, the total cost is still only $500.

  37. Re:I'd like to bid next time by Applehu+Akbar · · Score: 2, Insightful

    I have a system that is:
    - Analog
    - Does not require electricity
    - Durable
    - Ambidextrous
    - Gender neutral
    - Made in the USA

    Training video here: http://putlocker.is/watch-goin...

    Dear Mr. Sexconker,

    We are in receipt of your case of 2000 (two thousand) manually operated analog cupronickel randomization discs. We admire the evident durability and domestic origin of your product, and initial testing proves that the sequence of flips is suitably random. In addition, we are confident that your training video can be developed into a course that our agents will be able to complete in about six months.

    Unfortunately, your product does not meet the contracted criterion of gender neutrality. Al of the "heads" depicted are male.

    Yours,
    Monroe Fnord, Technology Director
    Transportation Security Administration

  38. TSA ended the program by tranquilidad · · Score: 1

    The TSA ended the managed inclusion program for which this app was built and deployed.

    They ended it when a notorious felonwas allowed to go through the pre-check line.

  39. Gimme money by AlexanKulbashian · · Score: 1

    rand() & 2; Where is my money?

    1. Re:Gimme money by AlexanKulbashian · · Score: 2

      Oops.. the beta version failed to work... here is a revision: rand() % 2;

  40. Dear TSA send me my $1.3 million please by JustNiz · · Score: 1

    #include
    #include
    int main(int ac, char* av[])
    {
          srand(time(NULL));
          while( 1 )
                printf("%s\n", (rand() RAND_MAX/2) ? "Left" : "Right" );
    }

  41. Re:Training? by Feral+Nerd · · Score: 1

    The TSA's employees need training on an app that randomly tells people to go left or right?

    The app was the easy part. The expensive part was being able to answer "Do you mean my right or your right?" every time they tell someone which line to get in. Anti-violence training is expensive.

    Hehe... I hadn't thought of that problem.

  42. In Soviet Russia... by R3d+M3rcury · · Score: 1
  43. assuming is Publically Financed Software by aklinux · · Score: 1

    This should fall under the government's recently published commitment to publish publically financed software. I'm thinking this should be one of the 1st pieces of software we get to see and criticize. Eh? https://news.slashdot.org/stor...

  44. Re:Obviously they had to pay a lot by Jason+Levine · · Score: 5, Interesting

    I have a $0.01 alternative to this randomizer app.... Flip a fair coin. Designate one side of the penny Heads, and the other side tails....

    I recently read "Lauren Ipsum: A Story About Computer Science and Other Improbable Things" to my eight year old. One of the (many) interesting substories involved "fair coins." Lauren's money isn't taken in Userland because her quarters can't be guaranteed as fair. However, someone points out that you can make any coin a fair coin by flipping it twice. If both flips result in the same side, you ignore it and flip two more times. If the two flips have differing sides, you take the first side.

    In other words:

    Heads-Heads or Tails-Tails = Flip again.
    Heads-Tails = Heads
    Tails-Heads = Tails

    Even if there's a bias towards one side, it will be cancelled out and the flip would be fair.

    --
    My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  45. Seriously 85% for interacting with gov't by raymorris · · Score: 4, Interesting

    Seriously, 80%-85% of the bid covers dealing with the US government. Multiple thousand-documents over the course of years, flying back and forth for pointless meetings, and maybe you eventually get paid.

    Here are my rates as a developer , for similar software delivered:
    Order online, by submitting my order form: $159
    Email me and discuss: $500
    Meetings to discuss, demo (local businesses): $1,500
    Local government bureaucracy: $8,000
    Federal government: $400,000

    1. Re:Seriously 85% for interacting with gov't by aberglas · · Score: 1

      +1. Plus you need well connected salesmen to deal with an organization like the TSA. They don't come cheap.

  46. Not similar to the TSA app, similar to each other by raymorris · · Score: 1

    The rates I mentioned above for "similar software" meant for software of the kind I write (network security), not the TSA app. For a random left/right app like the TSA wanted, prices would be a bit lower. Not much lower for the federal government though, they'll require a thousand man hours of BS for the simplest application. I used to work at a place that did federal contracts.

  47. This is in no way random by Gumbercules!! · · Score: 1

    Frankly, for $1.4million, I'd at least expect it to sense movement (you know, like the sensors on the automated doors about 5 meters away from the people in this video that cost a few dollars each) and automatically tell people left or right, without requiring an actual human to stand there and press the screen to randomly change left to right when they feel like pressing the screen (which is random, how??).

    Or if they insist on an iPad, at least use the camera to determine someone is there and then say left or right. How is it that this "random" system requires a human to press the screen to change the arrow. In what way is that random?

    1. Re:This is in no way random by Actually,+I+do+RTFA · · Score: 1

      without requiring an actual human to stand there and press the screen to randomly change left to right

      Well, the person is supposed to press the button for each group, it's not supposed to be randomly determined.

      --
      Your ad here. Ask me how!
    2. Re:This is in no way random by Gumbercules!! · · Score: 1

      but in the video she's clearly not doing that. Even if she is, her job is human-button-pusher. For that kind of money ($1.4 mil) I would expect total automation. Just have a turnstyle with two lanes that randomly opens one gate, for goodness sakes.

    3. Re:This is in no way random by Actually,+I+do+RTFA · · Score: 1

      She seems to be pushing it for each distinct group. And the 1.4 mil includes training (how?) and at least 200 of those stands of ruggedized iPads.

      --
      Your ad here. Ask me how!
  48. Re:Obviously they had to pay a lot by Kjella · · Score: 1

    I know you're being silly on purpose, but would a true randomizing device really be necessary? Human traffic patterns already have such a random element to them that even if one somehow could reliably predict the next number in the software algorithm, there are so many other factors that can't be controlled that it's still essentially random anyway.

    Small airport, obscure time there might not be much of a line. That said, if you look at the real requirements then no. All that's required is:

    a) Some form of initial seed so it's not the same left-right pattern every time you turn it on
    b) A non-predictable outcome, a slight bias like 55% right, 45% left is pretty much irrelevant

    Any kind of low quality seed and PRNG would do that, even the ones we'd generally consider flawed or broken. You could have the operator press the button a few times with a minimum delay on boot using the number of ticks between them as seed and RANDU and you could stand there all day, every day without finding a "safe" spot. To use a true cryptologically secure RNG is just massive overkill, even though that too shouldn't cost much these days.

    --
    Live today, because you never know what tomorrow brings
  49. Re:Obviously they had to pay a lot by Noah+Haders · · Score: 5, Funny

    the actual passenger-facing software was really cheap. what was expensive to develop and install is the cameras and computer detection algorithms to tell if the person is white, black or brown.

  50. It makes sense if you call them by the right name by Required+Snark · · Score: 3, Insightful

    Department of Homeland Pork, Transportation Pork Administration

    --
    Why is Snark Required?
  51. Why IBM? by dbIII · · Score: 1

    Why IBM?
    Wouldn't the Rand Corporation be a better match for once?

  52. MOD PARENT UP by n3r0.m4dski11z · · Score: 1

    finally some fucking intelligent comment!

    --
    -
    1. Re:MOD PARENT UP by thegarbz · · Score: 1

      You would be surprised in just how many ways random numbers can be screwed up.

      Nothing intelligent about it. All your hacking efforts fall down due to the wonderful chaotic input that is the frigging people involved in an airport security line. You could have the iPad produce results with zero randomness just going left right left right in a perfectly repeatable pattern and you won't be able to exploit it.

      Plus your terrorism buddies will laugh at you because your carefully planned exploit is defeated by grandma asking a complicated question of the staff member and them moving more people to another line to keep the queue flowing.

    2. Re:MOD PARENT UP by vivian · · Score: 1

      You could implement this with a simple 555 timer and a handful of other components for abut $5 worth of hardware - $10 if you want it in a nice box - it would be completely unhackable, and able to run off a single battery for days.

      http://www.dummies.com/how-to/...

    3. Re:MOD PARENT UP by thegarbz · · Score: 1

      Yeah and then just throw in a few thousand dollars for secure logging of results, reportable audit trail, network connection, NTP time syncing.

      We spend a lot of time on Slashdot coming up with wonderful solutions for the single line of the spec that we get given in a summary and then wonder why it was so hard.

  53. Re:more like a dull pocket knife by Tablizer · · Score: 1

    I could implement these simple standards in less than a day...It sucks there are so many retarded niggers in the united states government, including yourself

    But maybe they pay a premium to not have to put up with Asperger-like social deficiencies and racism.

  54. Re:Obviously they had to pay a lot by a+whoabot · · Score: 1

    That doesn't seem right. If the coin is biased toward heads, then what you describe as "Heads-Tails" would be more likely. If it's biased towards tails, then "Tails-Heads" would be more likely.

  55. Re:more like a dull pocket knife by Anubis+IV · · Score: 1

    But maybe they pay a premium to not have to put up with Asperger-like social deficiencies and racism.

    Not to mention people who use "Asperger-like" as a derogatory term?

    Please, continue calling out racists as you just did, because they do deserve to be called out, but be careful of the insults you choose.

  56. Re:Obviously they had to pay a lot by Anonymous Coward · · Score: 1

    That doesn't seem right. If the coin is biased toward heads, then what you describe as "Heads-Tails" would be more likely. If it's biased towards tails, then "Tails-Heads" would be more likely.

    "They don't think it be like it is, but it do."

    Try it. :-) Let's assume P(HEADS) = 2 / 3

    H -> HH, HH, HT
    H -> HH, HH, HT
    T -> TH, TH, TT

    Eliminating HH and TT, you're left with HT x 2 and TH x 2. Using this method, it's easy to prove by induction that for any whole number ratio (IOW for any P(HEADS) in the set of rational numbers between 0 and 1, exclusive), that HT and TH are equal. IMO the gaps between the rationals are small enough that it doesn't matter if you can prove this for irrationals, but someone smarter than me can probably give you a proof for irrationals too.

  57. Re: Obviously they had to pay a lot by TheRaven64 · · Score: 1

    It's probably more random, but when you're using entropy for security the most important thing is whether an attacker can guess it. If it's completely random, then this is hard. If the attacker can influence it, then it's easy. If an attacker can send WiFi packets to you and bias your random number generator, then that's pretty bad if, for example, one of the things that you're using your random number generator for is generating TLS session keys to stop people on the local WiFi from snooping in your data.

    --
    I am TheRaven on Soylent News
  58. Re:Obviously they had to pay a lot by TheRaven64 · · Score: 2

    Why? Let's say it's the probability is 0.7 of head, 0.3 of tails. The probability of head-heads is 0.7*0.7. The probability of tails-tails is 0.3*0.3. The probability of heads-tails is 0.7*0.3. The probability of tails-heads is 0.3*0.7. 0.3*0.7 = 0.7*0.3, so the probability of heads-tails is equal to the probability of tails-heads.

    This assumes that the coin tosses are independent.

    --
    I am TheRaven on Soylent News
  59. Re:Obviously they had to pay a lot by KGIII · · Score: 2

    > Human traffic patterns already have such a random element to them

    You'd think so. It's not. Neither vehicular nor pedestrian traffic is random. There is order to that chaos, it's just not easy to find and the herd is easily spooked.

    I lack the time and energy to get into the gritty details but I've gone into this quite a bit in the past. Feel free to scrounge through my posting history if you want. I modeled traffic (vehicular and pedestrian) and I'm pretty sure that it is chaotic but not truly random.

    It may appear random, it is not. How to describe it quickly.

    Okay, try this... Go to your nearest mall or department store - you might want to go to a few. Watch the people when they enter. If given a choice, they will (almost invariably) opt to go to the right. Stores, those who wish to curate the experience, will actually work to *force* you to go to the right. For example, they'll often have the bakery to the right - and lots of colorful objects. Why? Lots of reasons but because it's not *always* true that people go to the right - but it's true (far) more often than not.

    It doesn't seem to matter if the person favors one hand over the other, or is "goofy footed" or not, nor does it seem to have much cultural variation. Chances are REALLY high that you'll go to the right. The odds favor it so heavily that it's the assumed default and they'll literally make changes to a store's layout to force compliance - with some notable exceptions that are too long to detail here but include things like a pharmacy within the same store. They want you on that route because they don't want you to be able to quickly grab your needed/most often purchased items quickly and then leave.

    It's a lot of data. It's very chaotic. It's not random - not even remotely. Done well, you won't even notice. It's even true at outdoor events, in large auditoriums, and in sporting arenas. We don't know why this is true but, unless the data has changed in the past eight years, we humans are particularly fond of going to the right. There are a variety of other things to "count on" as a whole but it's not something I'm going to delve into in this post. I lack time and energy. That's one (of many) examples.

    There are many patterns and near-universal truths but you have to step back and make observations and have a whole lot of data before some of them become apparent. By a whole lot of data, I mean a whole lot of data. By the end of the 1990s it was to the point where we were using disk arrays that were a full terabyte in size. That might not seem like a lot but, going by estimates with your UUID, look at the time period that was and think about how much a TB really is. (It was also not very cheap back then.)

    --
    "So long and thanks for all the fish."
  60. Great, just what we need. by pablo_max · · Score: 1

    A TSA dungeon master. How much do you not want to go into that basement?

  61. Re:Obviously they had to pay a lot by lord+merlin · · Score: 2

    I know you're being silly on purpose, but would a true randomizing device really be necessary?

    I have a $0.01 alternative to this randomizer app.... Flip a fair coin. Designate one side of the penny Heads, and the other side tails....

    Also, even if they have 50,000 pre-check lanes, the total cost is still only $500.

    Sell the pennies to the government for $10 apiece.

  62. Choice of PRNG by hankwang · · Score: 1

    Mersenne twister (MT), having good statistical properties, is not a bad PRNG, but it's slow, needs a lengthy initialization, and is not cryptographically secure (CS): someone observing the output for a while can reconstruct the internal state and predict the next outcome.

    For an online casino, you'd want a CSPRNG. For computer simulations that need to draw trillions of numbers from the PRNG, you'd want a fast PRNG with good statistics, such as a multiply-with-carry (MWC) or xorshift. https://en.m.wikipedia.org/wik... . I don't really understand why MT is used so much.

  63. Re: Obviously they had to pay a lot by michelcolman · · Score: 1

    It can use the same PRGEN code that any HTTPS security suite provides to generate a strong source of random numbers.

    In fact, you only need to take the product of two large randomly selected primes modulo a 2^(block cipher's bit-width)-1, then use that as the key for any NIST approved cipher in CBC counter mode to generate a incredibly random source of 1's and 0's that won't repeat before the end of the universe. Once you've keyed your block cipher, you encrypt 0, then 1, then 2, etc. and each iteration produces a block of 256 or 512 or 1024, etc. bits to use as the next part of your bitstream.

    Alternatively, every so often just query the kernel for some randomness from its pool that does rely on the timing of system events, drive seeks, etc. and re-seed the cipher.

    Hell, you don't even need a cipher. You could do this with any hashing function. Take SHA512, salt with one block-length of random bits from /dev/random, then just keep hashing the the previous output to generate the next block of randomness.

    My point is that every device already has a source of strong randomness and a way to generate cryptographically strong pseudo randomness. That's how HTTPS gets itself started up initially.

    It's so damn trivial that if you did a search for "generate strong randomness" online you'd get pointed to the source code or syscall on a myriad of platforms which provide such a service already.

    Or you could take the number of tenths of a second since startup. Good luck trying to pass at exactly the right tenth of a second to not get frisked.

  64. Re:Obviously they had to pay a lot by Gamasta · · Score: 4, Insightful

    "IMO the gaps between the rationals are small enough that it doesn't matter if you can prove this for irrationals"

    Excuse me, but your opinion is wrong. Rational numbers are said to be sparse in the real number space. For the argument see "Lebesgue Measure." As for why there are more irrational numbers than rational numbers see "Cantor's diagonal argument".

    Your reasoning is however correct. If P(HEADS) = p, P(TAILS) = (1-p). The probability for coin tosses are:
    HH = p*p
    HT = p(1-p)
    TH = (1-p)p
    TT = (1-p)(1-p)

    Eliminating HH and TT leaves HT and TH at p(1-p) probability. There's no assumption on p being rational or not. However the further you are from p=0.5, the longer it takes to get a "valid" flip.

    --
    reason defies logic
  65. Re:more like a dull pocket knife by Tablizer · · Score: 1

    Fine, we BOTH have it, now fuck off!

  66. Re: Obviously they had to pay a lot by jovius · · Score: 1

    It's not the app that cost so much but the system to make the agent always be at the correct position to know which 'right' is the 'right' the app says to go.

    The manufacturing of such contraption at an airport * the number of needed agents = huge cost.

  67. Big tombola wheel by Hognoxious · · Score: 1

    Get a bloody great tombola wheel. You could even have prizes to relieve the boredom - bag of candy, jump the line, trip to Gitmo...

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  68. Re:Obviously they had to pay a lot by Anonymous Coward · · Score: 1

    Suppose the chance of heads is H and the chance of tails is 1 – H.
    This is the table of chances:
    Heads-heads: HH
    Tails-tails: (1 – H)^2
    Heads-tails: H(1 – H)
    Tails-heads: (1 – H)H
    Because multiplication is commutative, the last two are the same. Alternatively:
    Heads-tails: H – HH
    Tails-heads: HH – H
    Because addition is commutative, the chances are again the same.
    P.S. There is a square on my keyboard (AltGr+2) but /. removes it from comments. WTF

  69. Re:Probably not so simple by andremerzky400 · · Score: 1

    replying to revert a wrong mod rating - sorry...

  70. Re:Obviously they had to pay a lot by mwvdlee · · Score: 1

    Even if you need a cryptographic strength random number generator, the added cost amounts to a few hours of labour at most.

    As for the user interface; this thing is so stupidly simple you could even use it upside down. Literally. Nobody would notice.

    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  71. But is it just a coin toss app by DrXym · · Score: 1
    I could see how this might be ridiculously expensive if this just flips a coin and says left or right. But is it integrated with the airport security? Does it have failure modes? Is it adaptive to date, time, pressure on the system? Can it be remotely modified to respond to a threat level? Does it sound an alarm if persons don't go the way they're supposed to go? Does it capture and generate reports or metrics to some central location server? Is the server / networking part of the software infrastructure? Does it have authentication modes to access or override its settings? Does the code have to be audited? Does it have to be proven to have no biases? Is IBM on the hook to install and support this thing in every airport for 5 years?

    Yeah maybe it is a coin toss app and IBM are laughing at the stupid government procurements process. Or maybe there is other stuff which at least partially justifies the price.

  72. Re:Obviously they had to pay a lot by tburkhol · · Score: 2

    Go to your nearest mall or department store - you might want to go to a few. Watch the people when they enter. If given a choice, they will (almost invariably) opt to go to the right.

    I wonder if you would get the same result in the UK or Australia.

    But that's not the kind of 'random' at issue here. They're talking about the clock time when a person standing in a line triggers a sensor. For any sensor of human-sized objects moving at TSA-line speeds, I would expect sensor variability to be a large part of the "is the current millisecond even or odd" decision.

  73. Target selection is weird by swb · · Score: 1

    I was just in Washington D.C. and the security at EVERYTHING is airport crazy. Touring the house/senate galleries involves a backscatter X-ray machine, the Smithsonian museums have x-ray machines and metal detectors.

    Yet there is no security AT ALL at the Lincoln or Jefferson memorials, and they're open 24/7. Really? The symbolic value of these targets is enormous.

    I also wonder why shopping malls in the US haven't been targets, especially on the weekend after Thanksgiving. It would achieve a huge terror result as well as having a huge economic cost. Is our security that good against evildoers, or is there something else at work there?

    1. Re:Target selection is weird by dj245 · · Score: 1

      I was just in Washington D.C. and the security at EVERYTHING is airport crazy. Touring the house/senate galleries involves a backscatter X-ray machine, the Smithsonian museums have x-ray machines and metal detectors.

      Yet there is no security AT ALL at the Lincoln or Jefferson memorials, and they're open 24/7. Really? The symbolic value of these targets is enormous.

      I also wonder why shopping malls in the US haven't been targets, especially on the weekend after Thanksgiving. It would achieve a huge terror result as well as having a huge economic cost. Is our security that good against evildoers, or is there something else at work there?

      It would be a much greater victory to strike America in our nation's capitol compared to almost anywhere else. It would almost certainly result in politicians going more apeshit compared to if an attack was in any other place. If the goal was to get a reaction, attacking a place where every senator, congressperson, and the president visit at least sometimes would generate the largest possible reaction.

      The risk at the Lincoln or Jefferson memorials seems to me a lot lower than most of the other attractions in DC. They are both open to the outside air, so a chemical or biological attack would have a reduced effect due to wind. Explosives would similarly be less effective since a blast could dissipate to the outside easily, and there is little or no glass to cause injuries. My guess is that it would take a very large amount of explosives to damage either of these properties more than superficially. Additionally, both are surrounded by large areas of empty space, so there is time to spot anyone carrying large or unusual packages, assuming that there is adequate CCTV coverage and it is monitored. The actual building interiors are quite small compared to other buildings in DC. In the event of a shooting attack, victims have numerous potential escape paths since the buildings are open to the outside and have clear land around them 360 degrees around.

      Buildings such as the Smithsonian are a much better target. The interior volume holds substantially more people, and the exit routes are predefined and probably not entirely adequate for a multiple-shooter type attack.

      --
      Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
    2. Re:Target selection is weird by swb · · Score: 1

      The Lincoln and the Jefferson are symbols, though, and I do think that a blast inside either of them would do considerable damage. Lincoln is enclosed on three sides, and the statute itself is marble, which would likely break. Jefferson is more open but feels slightly smaller, but it still contained enough that a blast inside it would likely harm the structure. In either case, I would expect a certain amount of planning designed to actually do structural damage.

      The symbolism is important -- ISIS ripped up Roman ruins at Palmyra, probably because the ruins represented "Western Imperialism" and an example of "Islamic" peoples subjugated by European rulers (yes, I know the logic is tortured and in many cases wrong, since Islam wasn't even a religion during the Roman colonization of Syria).

      The monuments in DC are symbols in many ways of American exceptionalism and would have a huge symbolic value in being damaged, much more so than a museum. Most of the Smithsonian museums are so vast that you couldn't carry enough explosives in on foot to do more than very localized damage.

  74. Split by shortscruffydave · · Score: 1

    There's a lot of discussion here about the random number generation aspect, and how much it'd cost. I'd be interested to see how the costs were split between the software functionality, and the hardening of the software and device against external interference

  75. Re:Obviously they had to pay a lot by mysidia · · Score: 1

    The catch is the terrorists may have invented a "Smart" biased coin which is more likely to land on the opposite side of which it previously landed, Or is otherwise inconsistent between flips in regards to its unfairness (Dependent on initial conditions). Also, it might or might not contain a bit of implanted machinery with a wireless remote to allow the person in line to select whether the coin will flip "Left" or "Right" at the push of a button.

  76. Re:Obviously they had to pay a lot by tibit · · Score: 1

    For that kind of a price tag they could assign an official quarter to every TSA employee out there, and have them toss a freakin' coin. How stupid can the gov't get?

    --
    A successful API design takes a mixture of software design and pedagogy.
  77. Re:Obviously they had to pay a lot by JeffOwl · · Score: 1

    he is thinking like a developer... wanting to get paid.

  78. Reminds me of that old saying about IBM by Zontar_Thing_From_Ve · · Score: 1

    You may find better elsewhere, but you'll never pay more!

  79. Best results by fyngyrz · · Score: 1

    No, to get the best results in this particular quest, you search everyone. Anything less will perform more poorly.

    --
    I've fallen off your lawn, and I can't get up.
    1. Re:Best results by gweihir · · Score: 1

      That runs into a lot of problems, practical, legal, cost, performance and with customer acceptance, otherwise this limited approach would not be done. But sure, in Soviet Russia you certainly search everybody.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  80. Expensive for good reason? by GameboyRMH · · Score: 2

    [Tinfoil] It's not a real randomizer app, it's an advanced layered neural network program (IBM...Watson?) that automates racial profiling so that TSA workers are in the clear, they can say the machine made the decision for someone to go through heightened security, "at random." Teaching the program to pick out the right minorities took a lot of work. [/Tinfoil]

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  81. Buried the lede by LeadSongDog · · Score: 1

    According to TFA, "The TSA, which asked Congress for a $100 million cut in its 2015 budget..."
    So the real story here is that they can't spend fast enough. This likely just reflects a broken or understaffed procurement organization.

    --
    Oh, I'm sorry sir, I thought you were referring to me, Mr. Wensleydale.
  82. Re:Obviously they had to pay a lot by laurencetux · · Score: 1

    easy solution

    just tap a nearby casino for a case of dice

    if the roll is ODD go left if the roll is EVEN go right

    given that most casinos are only 1 gen away from being "Family Owned" im sure they can come up with some Fair Dice.

  83. Re:more like a dull pocket knife by TechyImmigrant · · Score: 1

    I could implement these simple standards in less than a day - just because it says "SP800-90A and the module within which is operates be FIPS140-2 certified." does not mean it costs 100,000.00 to develop.

    It sucks there are so many retarded niggers in the united states government, including yourself

    It costs real money to certify regardless of how cheaply you develop it.

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  84. Re:more like a dull pocket knife by cant_get_a_good_nick · · Score: 1

    Besides the troll statement at the end, you don't know what professional means.

    I worked on a printer "driver" (more like an LPR filter) for several UNIXes, to talk to one of a family of laser printers. This was back in teh day where a color laser printer cost more than your car.

    If i changed a single line of code, i had a testing matrix of N UNix platforms, both on GUI and command line, to go to X printers (this one has color, we need to test that it works B/W as well. this one has duplex, this needs to not show it has duplex,...)

    Each one line change caused at least 6 hours of testing. Obviously we bundled a lot of our code changes, or you'd go nuts. This is what being a professional and properly testing means.

  85. type I errors vs type II errors by gzuckier · · Score: 1

    Somebody's missing something here.... the idea is not to take a random sample of fliers to determine what percentage are carrying bombs, is it? Because I would have thought the idea was to catch all bombers. Therefore, the only way to do that is to search everybody.

    --
    Star Trek transporters are just 3d printers.
    1. Re:type I errors vs type II errors by david_thornley · · Score: 1

      How long does it take to effectively search one person for bombs, and how expensive is it to provide the people, the equipment, and the room? Multiply that by about 800 million each year. Now, figure what the flight delays are going to be, and when the whole system grinds to a halt and destroys commercial air travel in the US.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  86. Re:Obviously they had to pay a lot by siliconsmiley · · Score: 1

    I have a $0.01 alternative to this randomizer app.... Flip a fair coin. Designate one side of the penny Heads, and the other side tails....

    Also, even if they have 50,000 pre-check lanes, the total cost is still only $500.

    But then TSA has to hire skilled workers. They have to be able to flip a coin.

  87. Why is IBM... by CanadianMacFan · · Score: 1

    Why are they going after $1.4M contracts? It most cost them more than that to enter it into their accounts!

  88. Try this, no software needed by drew_kime · · Score: 1

    If there are fewer than N people in the pre-check lane, grab the next passenger (or group) from the regular lane. You can adjust N based on local conditions including number and experience of agents, etc.

    Sure, you could game this system if you really practiced and worked at it. But doing so would be harder than just blowing up the screening line anyway, so no one would bother.

    --
    Nope, no sig
  89. Re:What would be better... by Verdatum · · Score: 1

    Yeah! We also need a better mousetrap and a good 5-cent cigar! I'll have the boys in the lab start working on these projects right away!

  90. Re:more like a dull pocket knife by Verdatum · · Score: 1

    You can? If so, (no sarcasm) that's an incredible and lucrative skill you've got there! You know, if you show an employer that you are able to get an app certified without the project costing $100,000, they'd probably be happy to employ you for like $250,000 a year! Oh..wait, I found the flaw.

  91. Re:Obviously they had to pay a lot by david_thornley · · Score: 1

    While rational numbers are sparse, they're dense in the sense that you can find a rational arbitrarily close to any real you can specify (which, to be honest, is only a countable amount of them). If you have a continuous function on the rationals, then it extends to the reals very nicely.

    --
    "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  92. Re:Obviously they had to pay a lot by Gussington · · Score: 1

    I have a $0.01 alternative to this randomizer app.... Flip a fair coin. Designate one side of the penny Heads, and the other side tails....

    Also, even if they have 50,000 pre-check lanes, the total cost is still only $500.

    How many coin flippers do you need and how much do you have to pay each of them?

  93. Re:Training? by Gussington · · Score: 1

    The TSA's employees need training on an app that randomly tells people to go left or right?

    Yes, so what is your alternative? Hiring people that aren't as dumb as posts will cost you more than $1.4 mil.

  94. Re:Training? by Gussington · · Score: 1

    I wouldn't be at all surprised to find out that the bureaucracy that guides the TSA spent far more than is reasonable. I just didn't see enough details in TFA to assume that is actually the case. Does *anyone* have a breakdown on what kind of training, what kind of testing, what kind of devices were purchased?

    I've worked in different levels of govt you are 100% correct. The numbers make great headlines, but when you breakdown the costs, there usually is no cheaper way to do it (properly).
    Governance adds a big chunk to every project, but with public money it has to be done.

  95. Re:Obviously they had to pay a lot by lsatenstein · · Score: 1

    I suppose the randomizing algorithm would take into account the number of people in the QUEUEs. If there were only two individuals, whats the point, unless one of them was you.

    --
    Leslie Satenstein Montreal Quebec Canada
  96. Re:I'd like to bid next time by amicusNYCL · · Score: 1

    I'm sad for you APK. I'm sad for what you've become. Here, I'll play along to hopefully help you feel better.

    Oh, geez! Man, I hope people don't click on that link you posted! Boy, am I embarrassed! All of those quotes about how fantastic and professional your software is, and how people love you as a person, make me really look goofy! Oh, shucks. Man, I've really been thoroughly defeated, and I feel a great and burdensome sense of shame (not just on me, but indeed upon my entire extended family). You have really put me in my place APK, and clearly everyone on Slashdot recognizes and understands that you are an upstanding genius who only makes Slashdot better, while my entire life has no value. I am going to immediately cancel all internet services, destroy all of my electronic devices, donate my property to hungry children, and go live the life of a recluse monk in Nepal seeking a way to atone for all that I've done.

    --
    "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
  97. Re:Training? by samwichse · · Score: 1

    Heck, my guess is any training that went with the app would be to reinforce over and over for 30 minutes that they aren't allowed to profile based on race/gender/age/whatever, the have to USE THE APP. FOLLOW THE APP. DON'T PROFILE. And so on and on.