Recently in opinion Category

The two sides of this story are:

  • Software requirements are often... mutable over time.
  • Developer work-estimates are kind of iffy.

Here is a true story about the later. Many have similar tales to tell, but this one is mind. It's about metrics, agile, and large organizations. If you're expecting this to turn into a frAgile post, you're not wrong. But it's about failure-modes.

The setup

My employer at the time decided to go all-in on agile/scrum. It took several months, but every department in the company was moved to it. As they were an analytics company, their first reflex was to try to capture as much workflow data as possible so they can do magic data-analysis things on it. Which meant purchasing seats in an Agile SaaS product so everyone could track their work in it.

The details

By fiat from on-high, story points were effectively 'days'.

Due to the size of the development organization, there were three levels of Product Managers over the Individual Contributors I counted myself a part of.

The apex Product Manager, we had two, were for the two products we sold.

Marketing was also in Agile, as was Sales.

The killer feature

Because we were an analytics company, the CEO wanted a "single pane of glass" to give a snapshot of how close we were to achieving our product goals. Gathering metrics on all of our sprint-velocities, story/epic completion percentages, and story estimates, allowed us to give him that pane of glass. It had:

  • Progress bars for how close our products were to their next major milestones.
  • How many sprints it will take to get there.
  • How many sprints it would take to get to the milestone beyond it.

Awesome!

The failure

That pane of glass was a lying piece of shit.

The dashboard we had to build was based on so many fuzzy measurements that it was a thumb in the wind approximation for how fast we were going, and in what direction. The human bias to trust numbers derived using Science! is a strong one, and they were inappropriately trusted. Which lead to pressure from On High for highly accurate estimates, as the various Product Managers realized what was going on and attempted to compensate (remove uncertainty from one of the biggest sources of it).

Anyone who has built software knows that problems come in three types:

  1. Stuff that was a lot easier than you thought
  2. Stuff that was pretty much as bad as you thought.
  3. Hell-projects of tar-pits, quicksand, ambush-yaks, and misery.

In the absence of outside pressures, story estimates usually are pitched at type 2 efforts; the honest estimate. Workplace culture introduces biases to this, urging devs to skew one way or the other. Skew 'easier', and you'll end up overshooting your estimates a lot. Skew 'harder' and your velocity will look great, but capacity planning will suffer.

This leads to an interesting back and forth! Dev-team skews harder for estimates. PM sees that team typically exceeds its capacity in productivity, so adds more capacity in later sprints. In theory equilibrium is reached between work-estimation and work-completion-rate. In reality, it means that the trustability of number is kind of low and always will be.

The irreducible complexity

See, the thing is, marketing and sales both need to know when a product will be released so they can kick off marketing campaigns and start warming up the sales funnel. Some kinds of ad-buys are done weeks or more in advance, so slipping product-ship at the last minute can throw off the whole marketing cadence. Trusting in (faulty) numbers means it may look like release will be in 8 weeks, so its safe to start baking that in.

Except those numbers aren't etched in stone. They're graven in the finest of morning dew.

As that 8 week number turns into 6, then 4, then 2, pressure to hit the mark increases. For a company selling on-prem software, you can afford to miss your delivery deadline so long as you have a hotfix/service-pack process in place to deliver stability updates quickly. You see this a lot with game-dev: the shipping installer is 8GB, but there are 2GB of day-1 patches to download before you can play. SaaS products need to work immediately on release, so all-nighters may become the norm for major features tied to marketing campaigns.

Better estimates would make this process a lot more trustable. But, there is little you can do to actually improve estimate quality.

It's not as widely known as I hope, but there are a host of workplace protections that apply to non-union, salaried, overtime exempt workers. Not all of them are written into the legal code, and are, in fact, work-arounds. To explain what I'm talking about, read this:

This is a small sample-set, but it works to illustrate the point I'm about to make.

If you find yourself in the position of reporting a coworker to HR for harassing behavior, suddenly find your performance reviews solidly in needs improvement territory, and get fired later; there are workplace protections that will help you get through this, and make the life of your harasser less good.

To get there, here are a few facts and common practices that contribute to the firing, and what could happen afterwards:

  • Performance reviews are as much subjective as objective.
  • Tattling on a co-worker can make the perception of your work move from team player to troublemaker.
  • When the perception shifts like that, top-marks reviews suddenly become remediation-required reviews.
  • Due to US labor law, as amended by State laws, creating a hostile work environment due to sexism, racism, etc, is a criminal act.
  • In spite of that law, very few cases are seen in court, and even fewer reach a verdict.
  • At-will laws mean you can be fired without stated cause.
  • Everyone has a price for their silence.
  • Pathologic workplace cultures have no room for empathy.

Performance Reviews, and Career Improvement Plans

These are often used as the basis for a firing decision. Not all workplaces do them, but many do. It may be hidden in the OKR process, in 360-degree reviews, or another company-goal tracking system, but it's still there. Sometimes they're simple exceeds/meets/needs-improvement metrics, or 1 to 5 ranked metrics, and always have manager input on them.

All of them have some component of plays well with others as one of the tracked metrics. No one likes working with assholes, and this is how they track that. Unfortunately, tattling to mommy that Kenny was mean to her is often seen as not playing well with others.

Buying Your Silence

The severance process you go through after termination is there to buy your silence. Employers know full well there is a marketplace of opinion on good places to work, and if they can keep you from bagging on them on Glassdoor or social media, that's a win for them. You also get a month or two of paid healthcare as you look for someplace new. The method of doing this is called a non-disparagement clause in the severance agreement.

Laws are there to incentivise people to not get caught

If you have a good enough papertrail to plausibly bring suit against the company for one of the legally protected things like racism or sexism, there are strong incentives for them to settle this out of court. Everyone has a price, and most people have a price that doesn't include a written admission of guilt as a requirement. This is why there are so few actions brought against companies in court.

Pathological Empathy

Of the three Westrum Typology types of corporate communication styles (Pathological, Bureaucratic, Generative), it's the pathologic that fundamentally treats non-managers as objects. When you're an object, it doesn't matter if your fee-fees get hurt; what matters is that you're on-side and loyal. If you are seen to be disloyal, you will need to find a new master to swear your fealty to or you will be disposed of through the usual at-will / severance means.

Not all companies are pathologic. The studies I've seen says it's less than a quarter. That said, if the company is big enough you can quite definitely have portions of it that are pathologic while the rest are generative.


That's a lot of framing.

There are certain legal nightmares that companies have with regards to labor laws:

  • Having a now-ex employee bring a discrimination suit against them.
  • Having a class-action suit brought against a specific manager.
  • Having the Department of Labor bring suit against the company for systemic discrimination.

All of these actions are massively public and can't be silenced later. The fact of their filing is damnation enough.

This works for you, even though none of these are likely to come about for your specific case. You see, they're trying to avoid any of that ever happening. To avoid that happening they need to buy you off. Don't think that this is their way of protecting the bad man from any consequence. It's their attempt to, it's up to you to make it actually painful.

Once the third person has been fired and levered themselves into a $200K hush-money severance package, you can guarantee that The Powers That Be are going to sit the bad man down and explain to him that if he doesn't stop with the hands, they're going to have to Do Something; you're costing us a lot of money. One person doing that is just a whiner trying to extort money. Two people getting that is an abundance of whiners. Three people getting that begins to look like a pattern of behavior that is costing the company a lot of money.

This only works because the consequences of simply ignoring your whiny ass are now dire. Thanks, New Deal!

Yesterday brought this tweet up:

This is amazingly bad wording, and is the kind of thing that made the transpeople in my timeline (myself included) go "Buwhuh?" and me to wonder if this was a snopes worthy story.

No, actually.

The key phrase here is, "submit your prints for badges".

There are two things you should know:

  1. NASA works on National Security related things, which requires a security clearance to work on, and getting one of those requires submitting prints.
  2. The FBI is the US Government's authority in handling biometric data

Here is a chart from the Electronic Biometric Transmission Specification, which describes a kind of API for dealing with biometric data.

If Following Condition ExistsEnter Code
Subject's gender reported as femaleF
Occupation or charge indicated "Male Impersonator"G
Subject's gender reported as maleM
Occupation or charge indicated "Female Impersonator" or transvestiteN
Male name, no gender givenY
Female name, no gender givenZ
Unknown genderX

Source: EBTS Version 10.0 Final, page 118.

Yep, it really does use the term "Female Impersonator". To a transperson living in 2016 getting their first Federal job (even as a contractor), running into these very archaic terms is extremely off-putting.

As someone said in a private channel:

This looks like some 1960's bureaucrat trying to be 'inclusive'

This is not far from the truth.

This table exists unchanged in the 7.0 version of the document, dated January 1999. Previous versions are in physical binders somewhere, and not archived on the Internet; but the changelog for the V7 document indicates that this wording was in place as early as 1995. Mention is also made of being interoperable with UK law-enforcement.

The NIST standard for fingerprints issued in 1986 mentions a SEX field, but it only has M, F, and U; later NIST standards drop this field definition entirely.

As this field was defined in standard over 20 years ago and has not been changed, is used across the full breadth of the US justice system, is referenced in International communications standards including Visa travel, and used as the basis for US Military standards, these field definitions are effectively immutable and will only change after concerted effort over decades.

This is what institutionalized transphobia looks like, and we will be dealing with it for another decade or two. If not longer.


The way to deal with this is to deprecate the codes in documentation, but still allow them as valid.

The failure-mode of this comes in with form designers who look at the spec and build forms based on the spec. Like this example from Maryland. Which means we need to let the forms designers know that the spec needs to be selectively ignored.

At the local level, convince your local City Council to pass resolutions to modernize their Police forms to reflect modern sensibilities, and drop the G and N codes from intake forms. Do this at the County too, for the Sheriff's department.

At the state level, convince your local representatives to push resolutions to get the State Patrol to modernize their forms likewise. Drop the G and N codes from the forms.

At the Federal employee level, there is less to be done here as you're closer to the governing standards, but you may be able to convince The Powers That Be to drop the two offensive checkboxes or items from the drop-down list.

Resumè of failure

| No Comments

There has been a Thing going through twitter lately, about a Princeton Prof who posted a resume of failures.

About that...

This is not a bad idea, especially for those of us in Ops or bucking for 'Senior' positions. Why? Because in my last job hunt, a very large percentage of interviewers asked a question like this:

Please describe your biggest personal failure, and what you learned from it?

That's a large scope. How to pick which one?

What was your biggest interpersonal failure, and how did you recover from it?

In a 15+ year career, figuring out which is 'biggest' is a challenge. But first, I need to remember what they are. For this one, I've been using events that happened around 2001; far enough back that they don't really apply to the person I am now. This is going to be a problem soon.

What was your biggest production-impacting failure, and how was the post-mortem process handled?

Oh, do I go for 'most embarrassing,' or, 'most educational'? I'd snark about 'so many choices', but my memory tends to wallpaper over the more embarassing fails in ways that make remembering them during an interview next to impossible. And in this case, the 'post-mortem process' bit at the end actually rules out my biggest production-impacting problem... there wasn't a post-mortem, other than knowing looks of, you're not going to do that again, right?

Please describe your biggest failure of working with management on something.

Working in service-organizations as long as I have, I have a lot of 'failure' here. Again, picking the right one to use in an interview is a problem.

You begin to see what I'm talking about here. If I had realized that my failures would be something I needed to both keep track of, and keep adequate notes on to refer back to them 3, 5, 9, 14 years down the line, I would have been much better prepared for these interviews. The interviewers are probing how I behave when Things Are Not Going Right, since that sheds far more light on a person than Things Are Going Perfectly projects.

A Resumè of Failure would have been an incredibly useful thing to have. Definitely do not post it online, since hiring managers are looking for rule-outs to thin the pile of applications. But keep it next to your copy of your resume, next to your References from Past Managers list.

Dunbar's Number is a postulate claiming that due to how human brains are structured, there is an upper limit to number of personal relationships we can keep track of. Commonly, that number is presumed to be about 150; though the science is not nearly as sure of that number.  This 150 includes all of your personal relationships:

  • Family
  • Coworkers
  • Friends
  • People you run into every day and have learned their names

And so on.

This postulate has an intersection with growing a company, and how the office culture evolves. When a company is 4 people in a shared open-plan office, it's quite easy for everyone to know everything about everyone else. You can still kind of do that at 20 people. Getting to 50 starts pushing things, since 'coworkers' begins to take up a large piece of a person's personal-relationship social graph. At 100, there are going to be people you don't know in your company. As it evolves, office-culture needs to deal with all of these stages.

One of the critiques to Dunbar's Number, more of a refinement, is a report by Matthew Brashears (doi 10.1038/srep01513) that claims humans use compression techniques to expand the number of storable relationships. The idea is, in essence:

If the structure of relationships has an external framework, it is possible to infer relationships. Therefore, humans do not have to memorize every leg of the social-graph, which allows them to have more connections than otherwise are possible.

One such external structure has direct relevancy to how offices work: kin-lables.

The example used in the report are things like son, daughter, uncle, father. English is not a concise language for describing complex family structures, so I'll use something it is good at: company org-charts.

Dunbar's OrgChart

If you are a Senior Software Engineer in the Dev Team, you probably have a good idea what your relationship is with a generic QA Engineer in the QA Team. This relationship is implied in the org-chart, so you don't have to keep track of it. The QA team and engineering work together a lot, so it's pretty likely that a true personal relationship may be formed. That's cool.

Scaling a company culture begins to hit problems when you get big enough that disparate functional groups don't know each other except through Company Events. Take a structure like this one:

Dunbar's OrgChart - bigger

When the company is 20 people, it is entirely reasonable for one of the software engineers to personally know all of the marketing and sales team (all three of them). At 75 people, when each of these directorates have been fleshed out with full teams, and both Marketing and Engineering have split sub-teams for sales, marketing, front-end, and back-end, it is far less reasonable for everyone to know everyone else; there is little business-need for the back-end engineers to have any reason to talk to the sales team for any reason other than at Company Events.

This is where the cunning Director of Culture can start building in structure to stand in for the personal relationships it is increasingly impossible to maintain. All-hands Company Events help maintain the illusion of knowing everyone else, at least on a nodding basis. Another way is to start fostering team-relationships across org-chart boundaries using non-business goals, such as shared charity events. This would allow members of the Back-End Team to have a relationship with the Sales Team, which would further allow the individual members of the teams to infer personal relationships with the other team.

This only kicks the can down the road, though.

There will come a time when it will be simply impossible for everyone to know everyone else, even with fully implicit relationships. There will be parts of the company that are black boxes, shrouded in mystery, filled with people you didn't even know existed. A 500 person company is a very different thing than a 100 person company.

As a company grows, they will encounter these inflection points:

  1. Personal relationships can't be held with everyone in the company.
  2. Implicit relationships can't be held with everyone in the company.
  3. Parts of the company are largely unknowable.

As the company gets ever larger, the same progression holds within divisions, departments, and even teams. The wise manager of culture plans for each of these inflection points.

Short version: We tried that, but it doesn't scale. Eventually the one person self-nominated as the sole arbiter of 'good behavior' can't keep up with everyone and has to delegate. When that happens, their subjects start complaining about inconsistent rules and their enforcement.

An extensive, written code allows people to have a chance of living up to that expectation, and understand what'll happen when they don't. This is especially important for volunteer-run organizations who don't have professional, paid enforcers.


Long version

The legal code is just that: code.

Worse, it's a code that is interpreted, not compiled, and how the lines are translated into actions changes a little every time you run through them. Any time the Supreme Interpreter issues a ruling on something, whole swaths of that code will be subject to new interpretations, which will have unpredictable side-effects. Side-effects that will trigger new code to try and handle the edge-cases.

The legal system as it exists in most countries is extensive, written, and impossible for one person to fully understand. This is why lawyers are hated, the legal system seems arbitrary, and anything fun always seems to be illegal. And if that wasn't enough, case-law is its own unwritten thing that handles edge-cases in the lack of a written code. It's no wonder we hate extensive codes of behavior.

That said, there are very good sociological reasons why a code-of-conduct like:

Be Excellent To Each Other

Is a bad code. Take, for example, a basic value judgment:

Murder is bad, and will be punished.

Pretty obvious, and common-sense. And unlike 'be excellent', is narrower in scope. And yet.

Is killing someone accidentally while driving still murder?
Is killing someone in self-defense in your home still murder, or something else?
What is the exact punishment for murder?
Do you punish accidental murders different than intentional ones?
Do you punish killers-of-children different than killers-of-adults?

And so on. This is how we end up with ideas like 'manslaughter' and many grades of murder, with different punishments for each. Without those umpty-hundred pages of legalese defining everything, the answer to all of the above questions would be in case lawwhich is inaccessible to most non-lawyers.

Short codes: Easy to understand in general. But the specifics of what it means to me are completely opaque.
Long codes: Hard to understand in general, but are much more discoverable. If I need to know what it means to me, I can find out.

Nation-states have converged on the long code for very good reasons. But what about volunteer-run organizations like SF conventions, tech-conferences, and open-source projects?

People are hard, let's just party.

Unlike nation-states, volunteer-run organizations like these aren't big enough or well funded enough to have a professional enforcement arm. Relying on peer enforcement is unavoidable, as is relying on untrained people for adjudicating misconduct. These projects can and will attract people quite willing to be enforcers, and are generally the kinds of assholes we want to avoid. The people running these things almost to a person want to avoid conflict, or as it's sometimes called, DRAMA.

If one of your goals is to provide a fun place to code, party, or discuss contentious genre issues, you need a way to bounce the assholes.

Bouncing an asshole is conflict, that thing everyone wants to avoid. When the conflict becomes egregious enough to be officially noticeable, Responsible People tend to respond in a few negative ways:

  • Pretend they didn't see it, in the hopes one of the other Responsible People will notice and do something.
  • Talk themselves into thinking that it wasn't as bad as all that.
  • Pretend they're not actually a Responsible Person, and hope the complainer doesn't notice.
  • Officially notice, but wimp out on actually causing displeasure in the complainant.
  • Hide behind a committee, most of the members of which will be doing one or more of the four previous points.

If you have a "be excellent" code of conduct, point number 2 is where all the Official Drama will go to die; leaving a whole bunch of 'petty highschool bulllshit' to get in the way of the coding, party, or genre discussions. You will have assholes among you, but that's better than being the specific person who ruined someone's day (even if they are an asshole).

If you have a written code with if this BAD then that HARM in it, it allows the drama-avoidant Responsible Person too look at it and say:

Oh shit, this totally applies. Fuckity fuck fuck.

And actually do something about it. Which means, as it was written down, they know what that 'something' is. They may still try to pretend they never saw anything and hope someone else does, but having it written down makes it more likely that the next Responsible Person will do something. It also means that the committee meeting is much more likely to act in consistent ways, and maybe actually bounce assholes.

This is why we keep pressing for details in those codes of conduct. It allows the Responsible People to hide behind the policy as a shield to deflect the displeasure of the punished, and actually provide meaningful direction for the culture of the volunteer-run organization. You deserve that.

Why I'm not moving to California

| 1 Comment

Many companies I would like to work for are based there and have their only offices there, so this stance limits who I can work for. Remote-friendly is my only option, and happily that segment has enough demand I can still find gainful employment in the largest IT market in the US. There are two big reasons for why I won't move to California:

  1. I couldn't stay married if I moved.
  2. The California political system is functionally broken.

Number one doesn't make for a long blog-post, so I'll skip it to focus on the second point.

A failure of democracy: the initiative system

Democracy goes to those who show up.

Government goes to those who show up, are well organized, and have funding.

The initiative process for those of you who aren't familiar with them, is a form of plebiscate. Many western US states have initiative processes, as they were a trendy topic when the western territories were applying to become states. They're seen as a more pure form of democracy than representative democracy, which is what the rest of the US political system is based on. If a group of citizens can gather enough signatures for a bit of legislation, they can get that legislation passed in the next election; in most cases, such legislation can not be overridden by the State legislature.

The intent here is to provide a check on the overriding power of the State legislature, which at the time had a tendency to be captured by industrial interests. Rail-barons and monopolists were a real thing, after all.

With the advent of modern media, a much larger percentage of the population is reachable with relatively little effort compared to the 1910's. In 1910, a special interest (be it a railroad, oil company, or anti-gambling crusader) found their biggest impact on public policy was by lobbying state legislators and other public officials. Best bang for their buck, and didn't require an army of canvassers and hawkers. That didn't stop grassroots organizers from trying to push public policy, they just weren't very good at it; 1914 had 46 initiatives on it, of which 6 passed.

Since the 1910's changes to the initiative process have been made to ensure only initiatives with broad enough public support would be put on the ballot, as voters were getting tired of spending half an hour to vote and way longer in voting-place lines. With modern media, scrounging enough signatures to get a special-interest initiative on the ballot is an intensive advertising campaign away. If an interest can get an initiative passed, the State Legislature can't do anything about it other than live with the impacts.

Democracy goes to those who show up, are organized, and have funding.

Initiative sponsors are the very special interests the initiative process was designed to oust. This leads to initiatives focusing on narrow pieces of government, that over time build a hodge-podge legal system that makes it hard to function.

Raising certain taxes requires a 2/3rds super-majority.
Oh, how about if we ensure budgets have a broad consensus, and require budget-bills be passed with a super-majority.
Education spending is the basis of a healthy population, protect that funding from budget-cuts.
Three felony strikes, and you're outta the public eye for life!
Okay, that's a lot of people serving life sentences, perhaps drug-offenders can get treatment instead.

And so on. It's the kind of code-smell (legal code is still code) that makes you itch to refactor, but refactoring requires going before a committee of managers, some of whom don't know how the system works anymore and are the kind of manager that others need to keep happy.

All of this leads to a government that has to jump through too many hoops, or require unreasonable levels of cooperation between the political parties, to be effective. I don't want to live in a place with government that broken.

There are calls for California to flush it all and rewrite it from scratch have a constitutional convention to deal with this mess, but it hasn't happened yet.

And then there is the Bay Area

To the tech industry, the rest of the state doesn't matter so I'm not going to talk about it.

Did you know that you can do local initiatives too? You bet. But when you get to local politics, only the most invested of interests show up, which selects for existing property owners looking to increase value. Not In My Back Yard is an impulse every city-council meeting has to grapple with. Due to the money involved in the Bay Area, ideas that sound good so long as you're not next door to them get little traction. The few that do end up getting passed face well funded lawsuits by property-owners looking to undo it.

Office-rents in SFO already exceed those of Manhattan. For residential housing, if you can get a mortgage, you're almost certain to be paying more than $2000/mo on it. For renters, over 40% of them are paying more than 30% of their income on the rent (based on US Census data from 2014). Non-census sources suggest rents are even higher, with 2BR units going for north of $3500 on average. To support a housing-payment of $3500/mo, you need to be making $140K/year at least in household-income. For those of us who are single-income families, even Bay Area salaries mean I'll be spending two or more hours a day commuting to work.

Also, San Francisco is the #1 renter-hostile market according to Forbes. San Jose and Oakland take the net two spots. Once you've found a place you can afford, there is zero guarantee it'll still be there in a year or you'll have the same rent.

In the way of big-city in-fill, unit sizes are getting smaller all the time as the available space shrinks.

Impacts to things people generally don't care about, like 401k contributions

There is a funny thing that happens when you make $140K/year, you start running into limits to how you can contribute to your retirement.

If you make more than $132K/year, and are single, you can't contribute to a Roth IRA. But that's a minor thing, since most people are married by the time they hit their 30's, and the limit for household is $189K/year.

The 2016 limit for 401k contributions is $18K. That sounds like a lot, but keep in mind that if you're earning $140K/year, that 18K is only 12.8% of your income. By the time you hit 40, you should be saving 10% or more for retirement. Employer matching contributions can help you get there (and are NOT subject to the contribution limits), but such contributions are few and far between in the startup space, and when they exist at all are not generous.

If you're paying over 30% of income on rent, paying another 10% for retirement is pretty hard.

This is the Federal Government's way of saying:

You will not be retiring in the Bay Area without extensive non-Retirement savings.

Yeah, not dong that.

Nope. I've never lived there. I don't have roots there. Migrating there to chase the labor market is a bad idea for me.

Thanks for reading.

Internet of Patches

| No Comments

This is a good recommendation:

As a sysadmin, I've been saying fuckno to things like Smart TVs and fridges. I do that game professionally, and I know what it takes to keep a fleet of software up to date. It ain't easy. Keeping firmware updated in things like... non-Nest internet attached thermostats (yes, they exist), the PC embedded in the fridge, the hub that runs your smart lighting, the firmware in your BluRay player, internet-attached talking dog toys... It's hard. And it only takes one for Evil People to get inside your crunchy exterior and chow down on everything else.

You can probably trust a company like Schlage to treat their software like a security-critical component of a network. You probably can't say the same about the internet-attached talking dog toy, even though they're likely on the same subnet. The same subnet as all of your iPads, MacBooks, and phones. Segmenting the network makes it harder for evil coming in on the, shall we say, vendor supported side from the more routine evils faced by general web-browsing.

Not that segmenting is easy to do, unfortunately.

The web of trust shrinks

| No Comments

http://techcrunch.com/2015/12/16/a-call-to-arms-against-mccarthy-2-0/

Legislation is passing Congress right now, with a promise of a signature, to add new exceptions to the Visa Waver Program for a broader class of visitors to the US:

  • Nationals of Iran, Sudan, Iraq, or Syria, regardless of any other passports they hold.
  • Anyone who has traveled to those four countries within the last five years.

Because, terrorism.

Iran and Syria have expansive rules for who may be considered a national, which means people who have never been inside one of those countries may be governed by this new rule. Among those are Steve Jobs family.

The EU is promising Dark Vengeance (well, firmly worded disappointed words, followed by a possible reciprocal attack on US entry).

Because Canada and Mexico both allow US citizens a visa-free entry, most Americans have zero idea how travel to a visa-requiring country works. Or even what is required. It's specific to each country, there is sometimes an application fee, being denied entry does not get you your money back, and more and more countries are requiring biometric data (fingerprints, eye-scans) as part of the application or entry processes. It introduces friction to international commerce and travel, which is why the US introduced the Visa Waver Program in the first place.

But, terrorism.

And trusting your neighbors well enough to police their own borders.

And dealing with domestic cries to vilify whole peoples.

We are seeing the continued erosion of the US web of trust. The EU used to be a prime partner in just about everything; we spent so much rebuilding Europe in the 1940's and 50's, those relationships don't die easy. And yet, here we are, about to say:

We trust you to tell us who are bad people. But these people will require us to do the determining, sorry.

It's throwing sand into the wheels of commerce, a point the EU ambassadors have made.

That trust is a big thing. Participation in the Visa Waver Program is why EU passports have biometric chips in them now. In the background Travelers from waver countries still have their details run through the same electronic background check that visa-countries require. A country can't get entry to the waver program unless you meet some heavy requirements, some of which are political ("shared democratic worldview").

By forcing people from these four countries to go in person to a US Embassy and obtain a tourist visa for entry, we are greatly increasing the effort it takes to travel here. Business people in, for example, London will need to add at least 7 days to their travel prep-time in order to get an appointment at an Embassy; there will be no hopping on a plane with three days notice to go to a meeting in New York.

This is pandering to the domestic crowd at the cost of our economic flexibility, with no significant increase in our security.

Security profiling: TSA

| No Comments

Being of a gender-nonconforming nature has revealed certain TSA truths to me.

Yes, they do profile.

It's a white-list, unlike the police profiling that gets people into trouble. There is a 'generic safe-traveler' that they compare everyone to. If you conform, you get the minimum screening everyone gets. If you don't conform, you get some extra attention. Some ways to earn extra attention:

  • Don't look like your government ID.
  • Wear your hair up, or in braids (they've seen those kung-fu movies too)
    • Yes, they put their gloved hands in your hair and feel round. Anyone with dreads knows this all too damn well.
  • Fly with a name other than the one on your government issued ID.
  • Have body-parts replaced with things, such as a prosthetic leg, or knee (if going through metal detectors).
  • Have junk when there shouldn't be junk (or so they think).
  • Have breasts when there shouldn't be breasts (or so they think).
  • Have breast prosthesis instead of actual breasts (mastectomy patients love this).
  • And many more.

Here is an exercize you can try the next time you fly in the US. When you get to the other side of the scanner (this only works for the porno-scanners, not the metal-detectors), while you are waiting for your stuff to come out of the X-ray machine, look at the back of the scanner. Watch the procedure. Maybe put your shoes on slow to catch it all. You'll notice something I've noticed:

There are always two officers back there, a man and a woman. When someone steps in to get scanned, they have to either hit a button to indicate the gender of the person being scanned, or are presented with a side-by-side with both genders and the officer has to chose which to look at. They have a second, maybe two, to figure out which body baseline to apply to you, and those of us who are genderqueer confuse things. I fail the too-much-junk test all the time and get an enhanced patdown in my inner-thighs.

Yes, but with PreCheck you can skip that.

This actually proves my point. By voluntarily submitting to enhanced screening, I can bypass the flight-day screen annoyances. It's admitting that I no longer fit the profile of 'generic safe traveler' and need to achieve 'specific safe traveler' status. That, or I can have my bits rearranged and conform that way. Whichever.

Other Blogs

My Other Stuff

Monthly Archives