Slashdot Mirror
TSA Paid $1.4 Million For Randomizer App That Chooses Left Or Right (geek.com)
An anonymous reader writes: For those of you who have traveled through U.S. airports in recent years, you may have noticed the Transport Security Administration (TSA) use a Randomizer app to randomly search travelers in the Pre-Check lane. The app randomly chooses whether travelers go left or right in the Pre-Check lane so they can't predict which lane each person is assigned to and can't figure out how to avoid the random checks. Developer Kevin Burke submitted a Freedom of Information Act request asking for details about the app. The documents he received reveals the TSA purchased the Randomizer iPad app for $336,413.59. That's $336,413.59 for an app, which is incredibly simple to make as most programming languages of choice have a randomizing function available to use. What may be even more intriguing is that the contract for the TSA Randomizer app was won by IBM. The total amount paid for the project is actually $1.4 million, but the cost is not broken down in Burke's documents. It's possible IBM supplied all the iPads and training in addition to the app itself.
TSA soon to be appearing in the Panama Papers...
$413 dollars in developer time to create the app and $336,000.59 in corporate overhead and bloat, the additional $1,000,000 is just for Evil
"as most programming languages of choice have a randomizing function available to use"
You mean has a psudo-random function that is not that hard to predict.
Casino Level Randomization is a little harder.
I know you're being silly on purpose, but would a true randomizing device really be necessary? Human traffic patterns already have such a random element to them that even if one somehow could reliably predict the next number in the software algorithm, there are so many other factors that can't be controlled that it's still essentially random anyway.
I honestly could see it being in the low five-figures to develop such an application, but that money would mostly be applied to figuring out how to design the user-interface of the application such that it best-fits with how the TSA is *supposed* to operate, and in beta-testing to confirm that it does what it's supposed to do and that any untrained TSA agent down to the junior-assistant-trainee who breathes with his mouth open could use it and understand it, but mid-six-figures is pretty ridiculous.
Do not look into laser with remaining eye.
That's really stretching things. If you use something as simple as microseconds on a clock as the seed for your "random" number generation, there's "pretty much" no way you can exploit that short of hacking the device itself. It's not like people are going to stand there with a stopwatch and tell the TSA guy "OK....press the button...Now!"
The TSA's employees need training on an app that randomly tells people to go left or right?
ZOMG $1.4M for an app that randomizes a single bit!!! (*)
* Note that it may have actually been $1.4M for hardware, training, and app.
Seriously, how fucking asinine are these clickbait articles getting? If you can decisively say that they charged $300k+ or $1.4M+ for an app that simple, do so. Otherwise you're just full of shit.
He means precisely instances like that. One needs to find a more idiotic view: the app tells TSA person which way to show the finger. If anybody wants an example of fraud, waste and abuse: this is it. We could listen ad nauseum to TSA explanations, saying that app needs to be secure, or that they have to follow the procedures, or they needed many licenses.... blah blah blah
The point is that if airport security would be private that kind of nonsense would not exist by definition. Now it is public money that were spent.
This is not the only software that uses random function. There is another software that randomly selects passengers for additional screening. Here is how Israel does it, does it for free and very effectively: they let the screening agents to pick and choose any passenger that they want or have a hunch. So fare they are very effective in preventing bad dudes in boarding their planes.
A simple micro-controller, a button, and two LEDs would work just as well for just a few bucks.
A die (singular of "dice") would work just as well, and would handle up to 6 checkpoints.
Amazon has them, 100 for $2.79.
Are you selling it to the federal government? [YES]
Is a random number generator used in the product? [YES]
Is the product intended for a security application? [YES]
Requirement: The Random Number Generator be CAVS certified to SP800-90A and the module within which is operates be FIPS140-2 certified.
That's $100,000 before you've got out of bed, to meet the government procurement requirements.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
It's possible IBM supplied all the iPads and training in addition to the app itself.
I know it is fun and easy to criticize the TSA, and I am in favor of replacing them entirely with any of a dozen different possibilities. That said, there is a big difference between developing an app and supplying hardware and doing testing and training. I could build the app but I have no idea what the cost would be to test it sufficiently to meet government standards, then train the staff to use them, then equip the staff with hardware to use it. The cost of the app could literally be $0 and still top $1 million after the testing, training and equipment costs.
Someone else pointed out this is typical clickbait. It's got a shocking headline but then scant details on what actually caused the scenario. If they'd instead said "TSA has IBM develop an app that IBM contributed for free in exchange for exclusive rights to train staff for $10/hr each on how to handle customer service. Additionally, IBM will supply sufficient devices to have a minimum of two for each airport line at 5% profit per device" then the headline wouldn't generate nearly so much interest and the criticisms would be much better founded.
I wouldn't be at all surprised to find out that the bureaucracy that guides the TSA spent far more than is reasonable. I just didn't see enough details in TFA to assume that is actually the case. Does *anyone* have a breakdown on what kind of training, what kind of testing, what kind of devices were purchased?
That was surprising? Have you seen a TSA agent recently?
-=This sig has nothing to do with my comment. Move along now=-
If you use something as simple as microseconds on a clock as the seed for your "random" number generation, there's "pretty much" no way you can exploit that short of hacking the device itself.
You would be surprised in just how many ways random numbers can be screwed up.
First "simple as microseconds on a clock" is good, I have seen quite a bit of "randomized" code seeded with the system time. 15 milisecond resolution is the normal case and often leads to duplicated random sequences. High resolution timers exist and are widely available today, however they have to be actually used to help. Alternatively why use a random number generator if you could just request the microsecond time for each request - the low bits should be rather random.
Second mapping the range of the random number generator to your target range without killing the distribution is often non trivial. C++11 came with a whole library to replace rand() and several presentations on the topic, including how rand() % 2 isn't a 50:50 split when the original range has an uneven amount of values.
Third you often don't want a random selection - a fully random sequence can contain long stretches of only left or only right, which can overburden the affected lane while the other remains empty. Which means you somehow have to enforce the wanted distribution over shorter sequences. A simple solution can be implemented by shuffling a list with the wanted ratio of left/right values and a reshuffle each time the list is used up, games sometimes use this to avoid long loose streaks and prevent long win streaks.
What happens when ISIS uses one of the well-known DNS holes to redirect http://www.yesnogenerator.com/ to a site that returns the answer that they want? You just let 5 terrorists get through security.
Intron: the portion of DNA which expresses nothing useful.
I recently read "Lauren Ipsum: A Story About Computer Science and Other Improbable Things" to my eight year old. One of the (many) interesting substories involved "fair coins." Lauren's money isn't taken in Userland because her quarters can't be guaranteed as fair. However, someone points out that you can make any coin a fair coin by flipping it twice. If both flips result in the same side, you ignore it and flip two more times. If the two flips have differing sides, you take the first side.
In other words:
Heads-Heads or Tails-Tails = Flip again.
Heads-Tails = Heads
Tails-Heads = Tails
Even if there's a bias towards one side, it will be cancelled out and the flip would be fair.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
Seriously, 80%-85% of the bid covers dealing with the US government. Multiple thousand-documents over the course of years, flying back and forth for pointless meetings, and maybe you eventually get paid.
Here are my rates as a developer , for similar software delivered:
Order online, by submitting my order form: $159
Email me and discuss: $500
Meetings to discuss, demo (local businesses): $1,500
Local government bureaucracy: $8,000
Federal government: $400,000
Not to mention the huge security hole before you hit the TSA checkpoint. Especially if you are in a large airport during a busy time of the year.
TSA: "We spent $14 million to make our security process safer and more effective!"
Terrorists: "That's nice. We think we'll detonate our bombs in this nice, crowded security line. Not only will we kill a lot of people, but then you'll shut down this airport for days wrecking even more havoc on people's travel plans."
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
the actual passenger-facing software was really cheap. what was expensive to develop and install is the cameras and computer detection algorithms to tell if the person is white, black or brown.
Department of Homeland Pork, Transportation Pork Administration
Why is Snark Required?
Terrorists: "That's nice. We think we'll detonate our bombs in this nice, crowded security line. Not only will we kill a lot of people, but then you'll shut down this airport for days wrecking even more havoc on people's travel plans."
Always wondered why terrorist chose airports why not a church/synagogue packed with people on a Sunday/Saturday and zero security its easy pickings, then it would be Christians and truly a religious war but they attack airports sporting events concerts, symbols of western affluence. sort of answered my own question its not really about religion is it.
Your'e all thinking it, I just said it for you
"IMO the gaps between the rationals are small enough that it doesn't matter if you can prove this for irrationals"
Excuse me, but your opinion is wrong. Rational numbers are said to be sparse in the real number space. For the argument see "Lebesgue Measure." As for why there are more irrational numbers than rational numbers see "Cantor's diagonal argument".
Your reasoning is however correct. If P(HEADS) = p, P(TAILS) = (1-p). The probability for coin tosses are:
HH = p*p
HT = p(1-p)
TH = (1-p)p
TT = (1-p)(1-p)
Eliminating HH and TT leaves HT and TH at p(1-p) probability. There's no assumption on p being rational or not. However the further you are from p=0.5, the longer it takes to get a "valid" flip.
reason defies logic