Opulence, we haz it: CrowdCache Launched!

May 9th, 2011 by Barrett Lyon

(Image source: DirecTV)
“When 3Crowd launched production product… I jump in it!”

All kidding aside: On May 10th we unleashed 3Crowd’s caching technology CrowdCache™. For the past year we have been quietly developing code, keeping our mouths shut, and now we’re ready to start a content delivery, streaming, and caching revolution. Much like what cellular phones did to landlines, CrowdCache will unravel the old delivery paradigm.

With the explosion of cloud computing, legacy CDNs should have gone the way of landlines. Nowadays it’s very easy to get computing and bandwidth power. In most cases, you no longer need to screw bare metal servers into racks. Yet, until recently, there was no easy method to tie virtual machines, servers, and other compute resources together in order to create a simple-to-manage, cohesive system that the legacy CDNs provided.

Our new technology CrowdCache does exactly that. Some of us are it calling it “elastic CDN”, I prefer to call it 3Crowd’s first “Cloud Application”.

CrowdCache is the next step in fundamentally changing the Internet bandwidth game. We have a lot more work to do but it’s going to be an amazing and wild ride.

Here is our official press release:


3Crowd Revolutionizes Content Delivery; Puts the Power Of CDN Technology In the Hands Of Everyone

CrowdCache Combines Caching Technology and Cloud Services to Enable Any Hardware to Act As A CDN System

SAN MATEO, Calif.–(BUSINESS WIRE)–3Crowd Technologies, the technology company defining the future of content delivery, today unveiled CrowdCache, an intelligent content delivery application that gives organizations greater control over how they deliver online content. CrowdCache will alter the legacy economics of content delivery networking by transferring bandwidth access to the content owner and away from a small cadre of Content Delivery Networks (CDNs).

“Our goal has always been to democratize content by modernizing its delivery. With the introduction of CrowdCache, we are a step closer to realizing a content economy where bandwidth is less restrictive, more scalable, and delivered more affordably. Networks that never cached and delivered content before will be unlocked.”
Unlike traditional CDNs and other cloud-based services, CrowdCache is an elastic caching system that functions on top of virtually any type of hardware and operating system and is piloted through a simple Web interface and API.

“For the past year we have been working aggressively to develop CrowdCache because we believe this technology will start a much needed disruption in an aging content delivery and streaming industry,” said Barrett Lyon, CEO and co-founder, 3Crowd Technologies. “Our goal has always been to democratize content by modernizing its delivery. With the introduction of CrowdCache, we are a step closer to realizing a content economy where bandwidth is less restrictive, more scalable, and delivered more affordably. Networks that never cached and delivered content before will be unlocked.”

The CrowdCache application removes the engineering complexity and operational overhead created by content delivery networks and allows users to quickly build and run an infrastructure to their exact specifications and needs. Built on the founding principles of utility computing, CrowdCache allows users to scale the delivery infrastructure, as necessary, without the steep learning curve of running a large scale, complex infrastructure.

“Content is a prevalent, if not central component of many of our customers’ offerings,” said Gerard Hiner of Webair, a leader in managed hosting solutions that offers a variety of Web hosting services including Cloud Hosting, Dedicated Servers and CDN services. “CrowdCache is giving Webair and our customers significantly greater control over this content and essentially allowing us to provide our customers with more elastic content delivery services.”

CrowdCache is controlled and operated by CrowdDirector, the management console that also acts as a globally distributed content load balancer for all 3Crowd products. CrowdDirector combines high performance analytics and best-in-class traffic control options to power an unlimited number of CrowdCache applications in one control plane.

The 3Crowd System – CrowdCache and CrowdDirector – comes in two varieties: “Carrier” and “Content.” The carrier option is designed to enable a carrier to provide a full-powered CDN offering to their customers. The content option is designed to allow content creators to control their own caching network. Regardless of the variety, some current uses for the CrowdCache application include:

  • Enhancing a current Content Deliver Network with additional delivery capacity
  • Leveraging expandable cloud resources to better respond to traffic and audience surges
  • Ensuring extra-resilience to an existing content serving platform at a moderate cost
  • Building an individual corporate Content Delivery Network
  • Building a personal Content Delivery Network

    “When we were designing CrowdCache, we discarded any pre-conceived notions and legacy principles about CDNs and the technology ascribed to these networks,” continued Lyon. “We realized that by combining caching technology and cloud services we could harness computing power and control in a distributed management interface and put real tools in people’s pockets to make content delivery simple and efficient.”

    About 3Crowd Technologies

    3Crowd Technologies is a San Mateo, CA-based software services company developing the future of content delivery. The company’s products and services are changing the economics of content delivery by giving greater control over how content is shared and internal IT assets optimized. Today, 3Crowd’s services include CrowdCache and CrowdDirector. Both are easily deployed and configurable and provide a cost model for maximum efficiency. 3Crowd’s investors include Storm Ventures, Canaan Partners, and angel investors, Kevin Rose and Jay Adelson, founders of DIGG and Revision3.

    Contacts
    104 West Partners for 3Crowd Technologies
    Jennifer Roane, 720-407-6065
    Jennifer.roane@104west.com

    • Tags: , , , ,
    Posted in 3Crowd, Akamai, Cloud Computing, Content Delivery Networks, Crowd Computing, Crowdsourcing | No Comments »

    “Splinternet” is marketing bullshit!

    March 23rd, 2011 by Barrett Lyon
    After reading a lot of marketing hype on the concept that the Internet is falling apart and becoming a “splinternet”, I have to respond:

    The Internet is not just simple access to web sites, it’s not your ability to use Skype on your AT&T smart phone, and it’s not IPv4 and IPv6. It simply is a network of networks that use a common underlying protocol (TCP/IP). The web is simply one of thousands and thousands of other applications that use their own protocols over IP. To some the Internet may simply be email, others chat. Even TCP/IP can be (and is) often filtered, yet it’s still a network of networks.

    What a country, corporation, or network decides to do with the way their networks function is really up to the policy of that network owner and the majority of its users. It always has been that way. Fourteen or fifteen years ago corporate America figured out that they can control what their users see and do, governments figured it out, and so did network providers.

    I’m not an advocate of network filtration, control, and restrictions — it’s repugnant. However, how a society polices itself is up to that society and does not dictate that the Internet is broken.

    In recent tweets I have seen companies push their products with comments such as, “How we broke the good old Internet, and why 90′s were simply better.” The link goes to their blog then shows how they fix the broken Internet. Marketing people, I don’t know if you remember but in the 90’s we had AOL and Prodigy and if anything resembled a “broke” Internet, it was that! Oh yeah… and broadband was measured in Kbps not Mbps or Gbps. Internet today is functioning fine, we may have a concentration of users on apps like Facebook and Twitter, yet the entire protocol stack is still available and by no means has the Internet fractured or splintered so badly that it is broken.

    If anything we may have outgrown a 30-year-old protocol that resembles a 1970′s used Cessna aircraft that has duct tape holding on parts of its interior, but just like the 70′s Cessna the Internet still works and does what it was built to do.

    I’ll accept a term like Splinternet when there really is a network that’s unique and separated from the Internet for public consumption. Maybe it is time a for a bunch of people to organize a world wide wireless network that cuts out all corporations and really have it splinter off the Internet. However, I would rather hear that called the Alternet (for nostalgic reasons) than a Splinternet. Yet, eventually this alternative network will join with the Internet and it will basically be… The Internet all over again.

    P.S. stormdriver.com can you please fix the credits on the image you are using. I have no idea who Matt Britt is but I made the image you are using for your marketing purposes. The original image is here

    Tags: ,
    Posted in Opinion, Philosophy | 1 Comment »

    Hey AT&T customers: Your Facebook data went to China and S. Korea this morning…

    March 22nd, 2011 by Barrett Lyon
    Quietly this morning customers of AT&T browsing Facebook did so by way of China then Korea. Typically AT&T customers’ data would have routed over the AT&T network directly to Facebook’s network provider but due to a routing mistake their private data went first to Chinanet then via Chinanet to SK Broadband in South Korea, then to Facebook. This means that anything you looked at via Facebook without encryption was exposed to anyone operating Chinanet, which has a very suspect Modus operandi.

    This morning’s route to Facebook from AT&T:

    route-server>show ip bgp 69.171.224.13 (Facebook's www IP address)
BGP routing table entry for 69.171.224.0/20, version 32605349
Paths: (18 available, best #6, table Default-IP-Routing-Table)
Not advertised to any peer
7018 4134 9318 32934 32934 32934

    The AS path (routing path) translates to this:

    1. AT&T (AS7018)
    2. Chinanet (Data in China AS4134)
    3. SK Broadband (Data in South Korea AS9318)
    4. Facebook (Data back to US 32934)

    Current route to Facebook via AT&T:

    route-server>sho ip bgp 69.171.224.0/20
BGP routing table entry for 69.171.224.0/20, version 32743195
Paths: (18 available, best #6, table Default-IP-Routing-Table)
Not advertised to any peer
7018 3356 32934 32934, (received & used)

    Translated: Your data goes from AT&T’s network to US based Level3 Communications to Facebook’s servers.

    What could have happened with your data? Most likely absolutely nothing. Yet, China is well known for it’s harmful networking practices by limiting network functionality and spying on its users, and when your data is flowing over their network, your data could be treated as any Chineese citizens’. Does that include capturing your session ID information, personal information, emails, photos, chat conversations, mappings to your friends and family, etc? One could only speculate, however it’s possible.

    This brings up a lot of questions:

    • Should Facebook and or AT&T have notified their customers that their personal information was flowing over a network that they may not trust?
    • Should Facebook enable SSL on all accounts by default?
    • Was this actually a privacy breach or just the way the Internet functions?
    • Does Facebook have an ethical responsibility to buy additional IP connectivity to major broadband and mobile networks to prevent routing mishaps?
    • Is it time to focus on new options within BGP to prevent high profile sites from routing to non-authenticated networks?

    This happens all the time — the Internet is just not a trusted network. Yet, I prefer to know that when I am on AT&T’s network, going to US located sites, my packets are not accidentally leaving the country and being subject to another nation’s policies. I guess that’s why you should not use Facebook in “bareback” mode and use HTTPS (SSL) any time you can.

    Food for thought.

    Thanks to Tom Scholl for the head’s up and thoughtful commentary on this subject.

    Tags: , , , ,
    Posted in Opinion, Philosophy, Security | 22 Comments »

    Reclaiming Geek Culture

    March 7th, 2011 by Barrett Lyon



    When I started using computers as a little kid, it was all-inclusive; if you were interested, you were in the club. Eventually, communities were built around things like Bulletin Board Systems (BBS) that were places for getting email, downloading files, chatting with other people, and playing games.

    The BBS operators wrote code and spent time designing a culture for their systems or communities. In the Northern California Foothills, we had what we called an MUPT meeting once a month. At our Modem User Pizza Thingy, we shared ideas, talked about communication, and generally were stupid, geeky nerds; and we loved it! I was too young to drive to the meeting so I had to be dropped off. Yet, that did not seem to matter to anyone. It was a blast and laid the foundation for my love of geek culture in motion and was ground zero for Northern California’s geek culture.

    The BBS culture carried into the Internet and, wow, that’s where things got interesting. There was so much to learn, so much to do, so much more to talk about. Nothing was set in stone, there were no rules or regulations, and the only best common practices we could find were from the military. It was a free-for-all learning fest and that original MUPT/BBS culture remained intact. It was essentially the early days of online community building at its best.

    Now, nearly 15 years have gone by and I have watched these groups of people that I deeply respect get older. Networking technology has aged with us and that original, youthful excitement has started to die. No longer is sharing considered a good thing. If you ask a “dumb” question on a large forum, you’re going to be flamed by some snarky person. This new culture has become one more akin to a “club” for only certain people and seems to be exclusive rather than inclusive like the geek culture I remember. Why is it that there are people that spend half of their day writing snide replies to prove that they are somehow smarter than the original poster?

    It’s funny, as I was writing this post, I stumbled upon the Patton Oswalt article in Wired “Wake Up Geek Culture, Time to Die.” He had me in the first few sentences, particularly his phrase: “back when nerd meant something.” But, Oswalt experienced this more from a dedication to film and music, whereas I was devouring technology. Oswalt calls it an obsessive interest that led to deep knowledge and produced new artists. He points out that this innovation is missing today. We are just repurposing, manipulating past innovations.

    Is this new culture the result or the reason for dwindling innovation?

    Think about it; IPv4 has pretty much been mastered by the packet slingers that have learned everything there is to know about routing, load balancing, and networking. New technologies are faster and better, but are they new? The lack of interest in gathering, sharing in an “obsessive interest” manner, is creating an anti-geek culture.

    All that said, I continue to choose to work in a start-up environment because I think it is one of the few remaining cultures that is working to foster innovation. It’s a place for creating and sharing new technologies to inspire. New ideas are new possibilities, and challenging the accepted is met with openness and consideration instead of arrogance or criticism. It feels brilliantly similar to the “old days.”

    And if geek culture has gone to the trolls, then maybe it’s time we reclaimed it and restored it to its former glory. Being a true geek among peers requires comfort, trust, and the ability to be wrong, awkward, stupid, brilliant, genius, nerdy, and “out there” without ridicule – and for that, I salute my geeks!

    Tags: , , ,
    Posted in 3Crowd, Opinion, Philosophy | 1 Comment »

    Anonymous IRC Logs: A Moment in Time

    December 16th, 2010 by Barrett Lyon

    The DDoS attacks against VISA and Mastercard (among others) were mostly symbolic and were executed by a group called The Anonymous. The group itself is comprised of anyone that wants to join; such loose membership requirements attracts a huge assortment of people. These attacks made by The Anonymous were the first Cyber Protests I have seen executed largely by non-techies. The average person was unaware of this, only hearing about the results of the attacks via pundits on the news. Typically, during a protest, photojournalists are able to capture the moment, showing the huge crowd in front of the White House or angry mobs of people with signs in Greek protesting against government austerity. In this case, (unless you know how to use IRC) it was quiet and invisible — a few web sites simply stopped working.

    However, it was not quiet or invisible. There were some 10,000 angry people online with digital voices working towards the same goal. I logged (as many people did) their IRC servers and their public channels. I took those logs and put them into a browser format that anyone can read. What you see in these logs is a captured moment in time; it’s a captured moment of that protest. It is really the only visual representation of the passion of these thousands of Cyber Protestors.

    The log represents about 30 hours of irc.anonops.net and are by no means complete. It’s a view into the protests of the future that don’t have lines drawn across tangible borders.

    To directly access the full page log, you can visit http://blyon.com/Irc

    Tags: , , ,
    Posted in DDoS, Hackers, Opinion, Philosophy, Security, Wikileaks | No Comments »

    Gawker and Your Password

    December 14th, 2010 by Barrett Lyon
    The other day, a popular site, Gawker Media, was brutally compromised resulting in the exposure of their entire user database of 1.3 million users. Basically each user ID and its associated encrypted password were compiled into a huge file that is accessible to the entire Internet. On the surface, who really cares if a basic site like Gawker was hacked, but digging a little deeper you’ll see that there is a cascading ramification that could potentially be dangerous to many of Gawker’s users – they probably use the same usernames and passwords for a lot of sites.

    Yesterday, I received what appeared to be a four-page email from a friend of mine via LinkedIn. The email was rather grotesque and went on and on about her love for pedophiles. It was pretty obvious that someone logged into her account and emailed that message to all of her connections on LinkedIn. When asked if she thought her account was compromised from Gawker, she was not sure however the timing was rather suspect.

    Today, I woke up to an email from LinkedIn stating that for security purposes my account has been locked until I change my password. They’re proactively locking accounts that appeared on the Gawker list; unfortunately other sites are not doing the same.

    Aside from this specific event, how can the average person do a better job securing their passwords online? How can they reduce the risk of a fun site like Gawker from causing social or financial calamity? I’ve assembled some of the tricks I use, which may help the average Internet user have a little less exposure to something like a Gawker compromise:

    Create Four Layers of Passwords:

      Some sites are more important than others, so rather than having a single password used on a lot of sits, create a “junk” or throwaway password that you use on sites that really have no bearing on your personal finances or privacy. For example, Gawker requires a login to comment on their posts, chances are you have accounts on a number of sites similar to Gawker, so use your junk password for those types of sites.

      For low security sites such as Gawker, you may also want to consider using OpenID or Facebook Connect rather than creating an account with the site itself. You’ll see those options presented when you’re about to interface with the site. Using a single ID such as OpenID does put all of your eggs in one basket, but it’s easy to change the password and update it.

      Social media sites should also have their own password set, thus a Gawker hack is only isolated to junk sites and not LinkedIn or Facebook. Shopping sites have a lot more importance because they may have personal information stored like your credit card, shipping addresses, etc. For those you should make a different password. Last, you should make a complex password that nobody knows, which you only use for online banking.

    Use Phrases and Acronyms:

      When creating a password, try to think of a phrase that is easy to remember, and turn that phrase into an acronym or something fun to type and easy to remember. For example, for years I used the password “cats&d0gs!” (cats and dogs). It’s easy to remember and you don’t have to write it down. Other phrases such as, “Ilrits2sh!” or “I love running in the summer to stay happy!” makes for an easy password to remember. Find phrases and word replacements that can assist in remembering a password and help create unique passwords.

    Replace Characters and Use Capitals:

      Replace common characters with replacement characters, the letter ‘o’ can be represented as the number ‘0’, or the letter ‘e’ can be the number ‘3’. You can swap characters such as I for L, or even toss in the occasional upper-ascii character or symbols such as an, ‘@’ or a, ‘#’. I cannot stress the importance of using symbols in your passwords, it greatly complicates the password and makes cracking them a bit more difficult.

    Use a Password Schema:

      For example, you may use the password Il2sM0n3Y (I love to spend money) on your VISA and American Express logins. However, you could reduce the impact of a compromised password by adding a character that’s common only to that site, for example, on American Express you vary the password from Il2sM0n3Y to AIl2sM0n3Y, (A for American Express), and do the same for the VISA account (VIl2sM0n3Y). It’s essentially the same password, but it’s different enough to prevent someone with a list of passwords from walking into each and every one of your high profile user accounts.

    I hope this helps out a bit. Keep safe out there folks!

    Tags: , ,
    Posted in Hackers, Opinion, Security | No Comments »

    Wikileaks: Who’s Really at Fault?

    December 9th, 2010 by Barrett Lyon
    Someone in the US Government (supposedly a US soldier) downloaded over 250,000 diplomatic cables and somehow NOBODY noticed. Imagine someone walking into Fort Knox and walking out with a bunch of gold and the theft wasn’t really noticed until the gold was given away on Craigslist. Who do you blame in that situation? Craigslist? In the Wikileaks debacle, doesn’t some of the blame fall on the shoulders of the US Government and their outdated information technology framework? After all, they were asleep at the wheel. It appears that there was a lack of auditing, no encryption, and no digital rights management on the documents. There were even compromises to physical security. Think of how much other information may have walked out the door and went unnoticed. Think about who else could have had access to these cables before Wikileaks. Julian Assange, the figurehead of Wikileaks, cannot be fully blamed for this mess. I disagree with some of the actions Wikileaks has taken, but I also disagree with the mob mentality hell-bent on taking them down, there were other people to blame as well — the operators of SIPRnet.

    If the diplomatic cables were not exposed on Wikileaks, nobody would have ever known that they were walking around in the wild.

    Now, granted, the US Government is trying to be open and share documents between its different agencies, and this is a good thing. However, they’re doing it like morons. They should look to Netflix or the adult video industry to see how to share secure documents. I’m willing to bet that the videos hosted on Netflix are more secure than shared data from compartmentalized top-secret documents. Why? Because the video industry uses encryption (DRM) to allow people to view videos (information) when they need to view it, and they have control of how and when someone can view a video. They can make videos expire; they can make them self-destruct. The same technology should be used for confidential documents within the Government’s SIPRnet (which has millions of people attached to it).

    Some streaming companies even have high-end watermarking technology that embed the viewer’s information such as the date and time the content was accessed, the user’s ip address, and user account information into the video itself. Why isn’t the US Government doing this?

    If the diplomatic cables were under a type of DRM technology and watermarked, the documents themselves would have no longer functioned by the time they were sent to Wikileaks. The reading and usage patterns could be tracked and if there were anomalies, the documents could have been locked. If they were transcribed, they would have had watermarks pointing directly back to the person that stole the information and exactly when they did so, and from where.

    Now, I am not suggesting that the US Government should use the same weak encrypt technology as Netflix, I would expect something a little more beefy. I am suggesting by using existing models for sharing and revoking access to content the government could have prevented the leaks and kept an environment of information sharing intact.

    In a world where everyone’s focused on how awful Wikileaks is, no one has taken a moment to look back and think, “how was this allowed to happen in the first place? Who else and what else is floating around out there?”

    Tags: , , ,
    Posted in Hackers, Opinion, Security, Wikileaks | 12 Comments »

    The Story Behind the Mastercard and VISA DDoS Attacks

    December 8th, 2010 by Barrett Lyon
    Right now, as you read this, there is a random group of about 5,000 people talking and plotting on how to exact revenge on various corporations that have been less than helpful with the operations of WikiLeaks. They call this “OperationPayback” and it has been broken down into several specific attacks to corporations like MasterCard, Visa, Amazon, Paypal, Swiss Postal Finance, and more. The group itself is called Anonymous, but they are operating under the online infrastructure called “anonops” (which is a tech term for anonymous operations).

    So, what is Anonymous? Well, it could be you. The general concept is simple, there are people that want to send a message that the Internet is a sovereign territory and they are grouping together on a specific cluster of Internet Relay Chat (IRC) servers. The active server right now is irc.anonops.net. When you join the server it suggests several channels for you to join (channels are like chat rooms): #vhost, #target, #WikiLeaks, #propaganda, #recruit, #setup, #lounge, and #anonops

    So what you do is join #setup and it tells you to go to a specific URL to get the DDoS attack software. There’s a really nice helpful FAQ and help page, which will show you want to do.

    Their DDoS tool is called LOIC or “Low Orbit Ion Cannon”, which was originally a web site load testing utility that was open sourced. These guys hacked in a new feature called HIVEMIND, which allows you to start LOIC and have it connect back to anonops for instructions. Once they get your computer to join their botnet, your computer joins the attack, at your will.

    “<snape:#Setup> TARGET: www.mastercard.com IP: 216.119.208.50 – 0 REQUESTS MEANS TARGET DOWN!”


    Support page/FAQ on how to attack Anonymous targets

    What is amazing is that these people are having success, they are operating a full PR campaign that has created logos, Wikipedia pages, web sites, operations infastructure, and attack software. Now, they are getting angry people all over the world to join in on their cause and start attacking whatever they choose. It’s hacktivism at its best.

    Their botnet is also rather unusual. Unlike botnets in the past (which take advantage of holes in operating systems to install the bot software) this botnet is made up of volunteers. It’s opt-in and if you follow their instructions, once it is up and running, you are to, “Sit back and watch the show”.

    Right now they are a bit disorganized and they don’t have much polish to what they are doing. For example, their IRC servers are not tuned for high amounts of users and often crash (which is when Mastercard’s web site comes back online). They are also heavily dependent on the domain anonops.net and anonops.info so if those sites go down it will take some work to get reorganized. Yet, over time, this could really become something resembling Flight Club where the group creates better attack software, better processes, has heightened security, membership vetting, and eventually their own governmental structure.

    Despite all of their rough edges — they do currently have a streaming radio station (which is quite good) radio.anonops.net and they did take down Mastercard and VISA.

    Welcome to the age of the Digital Native

    Tags: , , , , ,
    Posted in Crowdsourcing, DDoS, Hackers, Security | 27 Comments »

    The Exploding Snow Globe

    November 18th, 2010 by Barrett Lyon
    If the TSA is really about protecting the public from another 9/11, then why are there so many obviously gaping holes in the way they perform their jobs? For example, the contrast of no security with general aviation and the illusion of security in commercial airports. Well, what about other painful items that are overlooked that are so egregious and obvious that it makes all the rest of the TSA’s efforts moot?

    Flying back from Washtingon DC, a coworker traveling with me bought a snow globe for his daughter. He bought it at a store right next to the security line, and when he went through security the TSA agent promptly told him that a snow globe was not allowed to accompany him. I spoke up, “you’ve got to be kidding!?”. The agent replied, “You don’t know what’s inside there!” To me it’s pretty obvious, it’s water and sprinkles. My response, “Well you don’t know what’s inside a woman’s breast implants do you? What if they were packed with C4 rather than saline? If you’re going to kill yourself, you may as well surgically implant explosives in your own body. And how are you going to stop that?”

    His response summarized the TSA, “Well nothing is perfect, we can’t stop everything.” My thinking, well if you can’t even do a midly good job, the opportunity cost of what the TSA is doing is simply not worth it.

    Now as outragious as exploding breast implants sound, surgically implanting explosives in one’s body is really not far-off of an option to a terrorist. It’s actually more of a threat than a snow globe and there’s absolutely nothing the TSA can do about it. If someone surgically implanted a bomb in their body, the TSA cannot use intrusive pat-downs, body scanners, or x-ray devices to detect it.

    Cryptographer Bruce Schneier is a big opponent of the TSA and originally coined the phrase “security theater” to describe the TSA’s antics. He’s also very clear in his thinking that, “security is only as strong as the weakest link”. Thus, if there are a myriad weak links in the TSA’s security posture, then basically there is no real benefit in spending the billions of dollars required to do just the basics.

    Back to the snow globe: The day my coworker lost his snow globe, I was heckling a TSA agent with an aircraft transceiver radio in my backpack. I bought it as a backup to my own aircraft and I happen to have it in my backpack. It’s capable of talking directly to air traffic control and to other pilots during my flights. Sitting on the flight I let my mind wander and I thought, “wow I could turn on my radio and announce to the air traffic control that we have a hostage situation and that the plane is about to be under control of terrorists.” Something like,

    “PLATOMIC APPROACH VX77 HAS A HOSTAGE SITUATION, PEOPLE HAVE BEEN SHOT, UNABLE TO SQUAWK 7500…”


    Handheld UHF/VHF radio

    Given the right conditions, someone might hear it on the low powered handheld. It might be more efficient to mess with the pilots rather than ATC and just imitate air traffic control. One could tell the pilots that there was an aircraft directly ahead and to drop 5,000 feet or other whacky things. To a really accomplished mind (with a lot of funding), radio communication could be pretty dangerous.

    Granted, ATC have radios that will out power a tiny handheld, yet it could be used to overpower the air traffic control’s responses. Yet, taking off your shoes and having body scans don’t really address creativity and out of the box thinking.

    Let’s take this entire radio concept and blow it up to absurdity. Let’s say that terrorists take high powered radios and mount them inside of vans. Let’s say they take ten of these vans and go out near the transmission range of 10 air traffic control regions in the United States. Let’s say they learn the FAA’s air traffic control radio lingo and they start directing aircraft to fly into other aircraft.

    Now, I doubt any airplanes will fly into each other, however, it puts the trust of the entire US air traffic control system into question. Airports may have to shut down temporally. If it were done during Christmas travel, it would cause havoc for the holiday commuters and possibly places lives at risk.

    The entire air communications systems between pilots and control is based off a system developed in the 1930′s and is basically high powered walkie-talkies. There’s no way for a pilot to know if he or she is communicating to a real air traffic source or not and visa versa. Unauthenticated communications is a pretty creepy problem and it’s not going to be fixed by the TSA groping children at security lines.

    Now is any of this really feasible? Probably not. Yet, if someone wrote about 9/11 on 9/10 it might have sounded pretty unfeasible as well. Commercial pilots do have other communications methods to talk back to tower, but some asshole with a radio could make a lot of stress for a lot of people. There are times where pilots depend on very quick and short responses from ATC to maneuver properly and at times when there are no disruptions, even basic flight is difficult — especially during IFR conditions.

    Now, on to my real point: Is society better because of the TSA’s policies? Does it improve security for an American citizen to throw away his snow globe? I really doubt it. We are submitting ourselves to what amounts to groping, reduced privacy, and reduced freedoms in the airports because we think there is a benefit to it. These TSA security tactics do little to nothing to prevent a creative mind from doing something awful. The TSA cannot stop bad things from happening but they can treat good people as criminals.

    Tags: , , , ,
    Posted in Airport Security, Opinion, Security, Strange Laws, TSA | No Comments »

    How to Fly Without Airport Security!

    November 17th, 2010 by Barrett Lyon
    The Transportation Security Administration (TSA) have recently imposed new methods of inspecting travelers. These new methods include full body scans and intrusive pat-downs that some liken to being molested or groped. If a traveler refuses to have high resolution nude images taken of their body, their second option is to be inappropriately touched. This new groping technique includes children, the elderly, the injured, and even pilots. These rules and the TSA’s methods have made air travel a painful reminder that George Orwell’s 1984 was only off by 26 years or so.

    However, there is a solution to this bureaucratic madness! What if you want to fly and completely skip the TSA, skip the scanners, skip your baggage check, and just walk right onto the plane? I’m here to tell you that there is a way! You can actually travel via airplane the way people used to with no security at all! All you need to do is be rich!

    The wealthy that own their own aircraft do not need to be inspected by the TSA. They simply walk on their private aircraft or charter and fly anywhere they want, no scanners, no pat downs, no x-ray machine…. nothing. I own a small single engine private plane, and the only time I am subjected to airport security is when I am flying commercial. Learning about the lack of security as I became a pilot was eye-opening. In fact, when I land my plane at large private “jet centers” I am often greeted with a rental car that is waiting at my wing tip. I could only imagine what it would be like to travel via a jet capable of crossing oceans.
    Rental car waiting by the plane in LA.

    I feel these policies are unjust, unequal, and unfair — and are a massive gaping hole in the security posture of the TSA. It is so odd, so strange, that I do not understand it, and I cannot explain it.

    Why is it okay for a private jet to take off without screening the passengers? What’s the difference between travelers? It’s all in the name of security, right? I guess the argument is that Bono, Steve Jobs, and Bill Gates are not going to fly a plane into a building. However, what if they wanted to? They, or anyone else with money, could. I guess the thought is that everyone knows each other so it’s okay. Well, that’s not true as well. In some cases the pilots and crew have no idea who the passengers are on a charter.

    The TSA has clearly proven they’re in the business of creating security theater for the masses. The TSA wants to create an appearance that the United States can protect everyone. Apparently they don’t feel that the ultra rich, politicians, and the affluent need to feel that level of “comfort”. What’s worse is these are the people that have the ability to influence change within airport security methods, but they don’t even know what most people experience.

    So the next time you want to avoid the new screening procedures, taking off your shoes, your belt, your jacket, having your body imaged, having all of your belongings subject to inspection, and still possibly having someone grope you… just be rich and buy your own aircraft.

    While you are being groped, you might want to thank the minimally educated TSA agent for their help in creating a new class system in the United States. The rich and the rest of us that have to submit to the TSA’s absurd and broken policies.

    This is a first part series covering the TSA and airport security.

    Tags: , , , ,
    Posted in Airport Security, Opinion, Security, Strange Laws, TSA | 6 Comments »

    « Older Entries