On a different type of security entirely

I haven't been paying much attention to TSAstatus.net recently (first I went for an abortive hike of the Pacific Crest Trail, then I traveled around with just an iPhone for a month, and I can tell you that attempting to manage a database and writing code on an iPhone is not fun). While I was "away" the site started getting spam—posts like

I'm happy very good site Free Forbidden Lolita Pics :[ Lolita The Little Girl 256 Nudist Picture Lolita Girls =)) Nude Lolita Model Index xkjxun Lolita Bbs 10 Yo 3160 Preteen Lolitas Non Nude 8PP Nude Lolitas Modeling Toplist mdqoe Www Majic Lolita Com :-))) 3d Lolita Incest Toons tmdh Fotos Lolitas Dildos Machine :-D Young Girls Art Lolitas xpjzsk Small Lolita Sex Pics vozylh Lolita Preteen Pedo Pics %[[ Little Lolitas Russian Naked bhq Nn Preteen Lolita Models 185847 Lolitas Models Sample Videos qqalx Baby Dorki Little Lolitas >:P Hard Lolit Sex Young >:OO Loli Preten Pussy Pics roe Best Lolita Free Pics %-(((

with a lot of links (which I deleted here of course) became quite common. And if you follow the site regularly, you probably didn't notice. Why? Well, spammers (bots) aren't all that smart (although they do seem to read Nabokov), so while they we able to get the posts to post (I have no anti-spam protection whatsoever) they weren't able to get them to populate many (really, hardly any) of the airport specific pages. Why? Well, they didn't know that several of the fields needed rather specific information to show up in any of the queries, namely, they needed a valid 3-digit IATA airport code.

Now, if I knew how to code, and wanted to exclude international airports, I could enter those codes (there are only 382 airports in the country with more than 10,000 passengers annually—or 30 per day) and exclude others. But I don't—especially traveling around with an iPhone and little else. But, instead, the spam was filtered out, because using only the 26 A-Z letters, there are 17,576 possible three-letter codes, and using numbers, too, there are 46,656. So assuming the codes generated were random, one in every 46 to 182 would have been for a valid airport, and many of those would have been a tiny airports which only have a few flights per day. In other words, the spammers weren't flooding the pages for ATL, ORD and SFO.

The all statuses page did have a bunch of junk, but the spammers also didn't understand how to enter a current date, so many of the entries were for January 1, 2010, meaning they wound up at the bottom of the page. So unless you were (like me) obsessively scanning through that page, you didn't notice it.

Of course, once I got around to it, I spent more time logging in to the admin page for the database than it took to look up the MySQL to search for text within a field and delete the offending entries (how did I do it? I searched for any "notes" with the text "<a href"—there's no point in spamming without links) and exorcise them. I'm planning to find some code to disallow any post with html tags embedded (or, at least, anything with a "<" in it), but for now this works as well.

And thanks to everyone who is submitting real entries. Keep 'em coming!

Very interesting conversation: No one knows if the scanners work

I was flying out of MSP today and had a bit of extra time before my flight to wander around the terminal. I'd come in with a bag of skis (from the Birkie) and was directed to an elite line (yes, I'm a silver elite on Delta, although the BOS-MSP round trip did not yield anything in the way of upgrades) as there were pretty long bag check lines otherwise. Yes, the elite programs have their perks, and work well as customer loyalty programs.

I checked my bag and was I was wandering back and forth in the terminal, the woman (and, note, she was not a TSA agent but a Delta employee) saw me again and helped to direct me to the appropriate line. At heavy travel times, Checkpoint 4 is for "Sky Priority" members only (Gold status or higher on Delta) but there is a silver priority line at Checkpoint 2. I said to her, "but Checkpoint 2 has the scanners, so why would I want to go there?"

Her response was interesting. First, she told me that generally they let you choose whatever line you want, and it's quite rare that they pull people in to the scanners. Then, she said that a lot of people liked the scanners, like anyone who had a metal implant. I'm not sure that's "a lot" of people, but I can see how for some people the MMW scanner might be preferable to a metal detector they are surely going to set off.

This seemed like a good time to raise the question: if these machines are so important, why are they only at some checkpoints? And were they planning to install them at the rest? Her answer was something along the lines of "no one knows if these things actually work, and we might be spending a lot of money on a technology which is really no better than the x-ray machines." She told me that the elite line was no longer at Checkpoint 1 (which used to be the holy grail: no line and no machines) but that it was very unlikely that I'd be selected for a scan/pat down. (Oh, she also said the scanners were faster than metal detectors. Uh, no.)

I was set to go through checkpoint 1 until I spied the line. A line like that is a terrorist's dream: a bunch of people all packed together. That and the fact that I don't enjoy waiting in such queues. So, I got in the elite line, the MMW on the elite side was turned off (and elites were being put through the metal detector) and popped out the other side, unscathed by any radiation or invasive TSA maneuvers.

So, MSP is still "safe" from scanners if you know where to wait, and may be for some time. From the airport employees' point of view, the advantage is not one of security as much as it is comfort for certain passengers. It seems like a costly way to accommodate passengers with metallic implants, but right now MSP has spent about a million dollars (six machines, $150k each) so that folks with plates and rods can avoid pat downs. Otherwise, they're not actually serving any security purpose.

We're wasting our money

I just don't get it. The TSA says that body scanners are important to catch terrorists. They cost $150k each (!) and with close to 2000 planned for deployment, that's a bill of $300m. Nevermind that they are ineffective or that they are being pushed by industry lobbyists. If they were so bloody important, you'd think that, where they are deployed, the TSA would actually be using them!

But they're not. When metal detectors and x-rays went in to place a long time back, they started putting everyone through them. And they still do. You can beat a metal detector, but you can't avoid them. When someone walks in to an airport without passing through security, they evacuate the whole place. And you know what? That might be a bit overblown, but it's consistent, and it's security.

The scanners? You can opt out, although the pat downs are pretty thorough. But in so many cases, even where the scanner have been installed, it is so easy to just, well, get around them and go through the old-fashioned metal detectors. I just flew from BOS to MSP. In BOS, one of the three lanes open had an imaging machine in use. Now, if they were randomly selecting people for the machines, that would be one thing. But it's so easy to avoid the machines, it makes you wonder if they're actually that important or a possibly-dangerous, definitely invasive money sink?

At MSP, it was worse. In December, they had the scanners at some of their checkpoints, and not at others. Two months later, it's the same deal. And at 8 p.m. none of the scanner machine checkpoints were open. Not only is it easy to avoid the machines, but they are doing their best to not put people through them.

Maybe the TSA is still testing them. But if they were so important, they could be spread out, and at least put some element of chance in to whether you'd be put through. As it stands now, if you wanted to get on to an airline without passing through one of the scanners, your options are almost unlimited.

New UI, new TSA nonsense

First of all, new UI! I learned just enough php and mysql to copy and paste (read: steal from the Internets) enough code to make a page which automatically updates and can be searched by airport and such. So much more better than the old one. And easier for the webmaster, too, who doesn't have to rejigger Google Docs in to excel and then in to code each time an update is in order. Huzzah!

Also, my daily read of TSA nonsense: soon we can pay a nice fee to the government (I'm a big government liberal and I think this is ludicrous) to maybe get through security faster. Here's an idea: how about make security work better so that no one pays any fees and we actually know who is who.

Ugh.

Five colors going, going, gone?

Yes! After nearly ten years, word on the street is that the inane color scheme will be replaced. With what, no one knows. Maybe nothing. That would be fitting. By April 27, which we'll declare as a holiday if it happens.

One of the most notable changes to come: The public will no longer hear automated recordings at U.S. airports stating that the threat level is orange.

That's a relief. Since those messages mean nothing, as it's been orange out for years. Or maybe that's John Boehner's face.

Turn and cough

Conor Friedersdorf writes about security and gender at the Daily Beast. Somewhat satirical, but not completely. Anyway, the first person to send in evidence that, during a security pat down, they said "turn and cough" to the TSA guy wins, well, we don't have anything to give away, actually.

Oh, the onion

A recent "what do you think?" snapshot.