A colleague recently sent me an article that talked about the FTC’s stance on face recognition.   The FTC was cautioning companies to be careful about using face recognition in ways that would violate current privacy laws:

Even if the technology isn’t fully mature yet, it will soon be possible for the technology to match a name with a face and be able to access data about jobs, credit history and health without the user even being aware of it, according to Leibowitz.

Face recognition technology is pretty mature already.  It isn’t quite as mature as Hollywood would portray in the movies, but it is plenty mature enough to start violating people’s privacy.

Here is a hypothetical example.  I could easily build an “smart ad” type project that would show a Victoria’s Secret ad, along with a camera to watch people passing by.

I could register that you looked at the ad, and how long you looked at it.  I could keep metrics on you over time – you looked at the ad every day between 7:30 and 8:00.  At this point, I don’t know who you are, but I do know you as a unique individual – person #5634.   Am I violating your privacy yet?  Maybe, maybe not.  It depends on your individual views on privacy.

Now, I decide to try to link that to your Facebook profile.  That’s not going to be terribly successful, but it will work in some cases.  I make a leaderboard and post it online, saying “John Smith has looked at our lingerie models a total of 20 minutes and 30 seconds this month!”  Have I violated your privacy yet?  Probably true for a lot more people.

Next, let’s say my company is large database company that manages health records.  I use that information to flash up a message on my billboard, saying “Hey John Smith – I bet our models can help with your ED problem!”  At this point I have probably violated the privacy of almost anybody.

The key point here is that there is no single definition of privacy that fits everyone.  The FTC is primarily concerned with health records and credit information, but those are not the sole definition of privacy by any means.   In the US, what you do on your workplace computer is owned by your employer, but in Germany that information is strictly protected.   Some companies religiously protect your information and others sell it to anyone and everyone they can.  In terms of privacy and face recognition, we are in a bit of conundrum, though.  In regular commerce, you can decide whether to give your information to a company or not.  If you don’t like the company’s privacy policy, you can choose not to do business with them.  Most companies post their privacy policy information, so you can easily see what their policy is, assuming you can read the legalese.  Faces are a little different.  The only way you can choose not to share your face is to not go outside, and that is not really fair, of course.

I sincerely believe you should have the right to control your data, even if it is data that is available in the public.  If a company is going to take a picture of you, especially if they are going to use biometrics, they should be subject to the same rules that exist for any other data collection.  First, they should be required to notify you (16 pt font, minimum) that they are collecting your face or face biometric.  They should be required to post what they are going to do with data, how long they are going to retain it, and who they are going to share that data with.  Then, you can decide whether you want to patronize that business or not.

As an aside, I was in Kinko’s today and counted 10 separate surveillance cameras.  Next time you are bored standing in a line somewhere, count how many you can see.  They are everywhere.

We are working on a project where we have to integrate our software with the software from a large biometrics company. I’m working at the company’s HQ, and one night I needed to work late in order to do some of my own testing. The manager at the company said he trusted me to work there alone, and I jokingly told him that I was planning to steal all of his software during the night while I was alone. As I was waiting for SQL Server to ask me the 10,000 questions it needs to install, I started thinking (abstractly) about my joke. The interesting thing is that for most modern software, stealing it will not really buy you any competitive advantage. In the case of this company, their software is a very complex Automated Fingerprint Identification System (AFIS) software that runs on clusters of dozens of machines. Having seen this company work on the software, their is no one person who understands it all – they have teams of people, each of which understands one small part of it. If I were to steal their binaries, I would not have much hope of getting it to work on my own, and even less hope of supporting it if I tried to deploy it to a customer.

So maybe I (hypothetically) should just steal the source code instead? Well, I know this software has been around for about 15 years, with continual development during that time. I would bet anything that the software is a mess of code that contains arcane sections that only that one special guy in company understands. I would give myself a very low chance of getting their software to compile, and even if I could, there would be little I could do with it without spending a lot of time getting into the guts of the code. I might be able to change a button color, or some minor aspect of the workflow, but that would be about it. So maybe the answer is to steal the code and then hire a team of developers to pore over it until they understand it? Perhaps, but I suspect that the effort required for this would be pretty similar to the effort needed to develop the code myself with that team.

So let’s say I defy all odds and steal some software that I can understand, build, and support. Now what? Now I have to market it; I have to build up a reputation; I have to have a sales force, and offices, help desk, and all that other stuff that makes a business. This is one of the things a lot of software developers don’t understand, including me not too long ago. There is really no such thing as a killer app that will make the world beat a path to your door. The idea, the software is very important. But it is just one small piece of a big puzzle, and all of the pieces have to work for the business to take off.

So much for getting rich the easy way.

I love LINQ.  It allows me to express things really concisely, and it is a much more declarative style of programming.  I like the idea of telling the computer what I want, and let it figure out the most efficient way to do things. 

I recently wanted to check to see if a byte array was ASCII, so I used the following block:

 foreach (var b in input)
 {
      if (b > 127)
    return true;
 }
return false;

Resharper said to me “Hey, dummy, you can convert all that code to this:”

return input.Any(b => b > 127);

That’s pretty cool.

I’ve been working on a project that has to parse through a very odd mixed ASCII-binary file structure without any header pointers. This means I have to scan through the file as a byte array looking for certain markers, skip ahead, grab bits of data, etc. So I decided to use my old friend LINQ, mainly for clarity. So I had a lot of constructs that looked like this:

var slice = someArray.Skip(start).Take(length).ToArray();

That seems very clear to me, and surely LINQ will do the right thing and convert this expression to something really efficient, right? Well, it turns out my code was running about 20X slower than it should, and the profiler pointed right to the “toArray()” call. I reluctantly changed all my code to use Array.Copy and things were fast again. So I decided to write a simple program to test this out:

var someArray = new byte[100000];
            var random = new Random();
            for (int i = 0; i < 100000; i++)
            {
                someArray[i] = (byte) random.Next(0, 255);
            }

            var sw = Stopwatch.StartNew();
            sw.Start();
            for (int i = 0; i < 100000; i++)
            {
                var start = random.Next(0, 10000);
                var length = random.Next(0, 100000 - start);
                var slice = new byte[length];
                Array.Copy(someArray, start, slice, 0, length);
            }
            sw.Stop();
            Console.WriteLine("Array Copy: " + sw.ElapsedMilliseconds);

            sw = Stopwatch.StartNew();
            sw.Start();
            for (int i = 0; i < 100000; i++)
            {
                var start = random.Next(0, 10000);
                var length = random.Next(0, 100000 - start);
                var slice = someArray.Skip(start).Take(length).ToArray();
            }
            sw.Stop();
            Console.WriteLine("LINQ: " + sw.ElapsedMilliseconds);

This program simply creates an array of 100,000 random bytes, then takes a random slice from the array, using LINQ and using Array.Copy. The Array.Copy version took around 4 seconds and the LINQ version took 191 seconds. That’s incredible!

I will admit that I don’t understand the internals of LINQ well at all, maybe someone can explain in comments why this is happening. However, the lesson is that you do have to keep tabs on declarative style constructs to make sure they are working for you in an efficient way.

I have been watching tablet computing for a while, even back in 2000 when the first consumer Windows tablets were available.  Those old machines were basically laptops that allowed for the screen to flip around.  At the time, they were pretty impressive — the handwriting recognition was very good, and programs like Microsoft OneNote provides some pretty cool ways to organize notes.  However, they suffered from the same problems as laptops — the battery life was not very good, and they were heavy.  They also required a stylus in order to enter handwriting data.

I have been looking for a device that can function as a very dynamic notebook, allowing me to take notes pretty much wherever I am.  For a while, I have been using the Livescribe SmartPen, which is a nifty little electronic pen and a special paper notebook.  The SmartPen works quite well as a genertic notebook — you can take it anywhere, it is easy to use, it uploads to the computer, and it also record audio if you want.   However, it does have some limitations.  You have to sync it up with your computer, and the interface is not the best for searching and finding old notes.

I use an Android smartphone, and this is a wonderful portal for *getting* information, but is not that great for recording information, because of the small screen.  It would be ok for a couple of sentences or a contact note, but that is about it.

I watched with great interest the explosive growth of the Apple iPad.  Apple always leads in design, and the iPad is a wonderful piece of design, like most Apple products.  It feels wonderful in your hand, and has a gorgeous screen.  There are a wide variety of apps available, pretty much anything you could want, and it serves as a great portal for information of all kinds.  I saw many people saying they were abandoning their laptops in favor of the iPad.   I was initially skeptical, but the more I think about it, I see how this could work for some people.  If all you do on a computer is basically read things on the web, email, and minor gaming, a tablet would work quite well.

For a variety of reasons, I will never buy an Apple product, so I anxiously awaited the first Android tablets.  The initial ones were pretty wretched, as to be expected by the wide variety of companies rushing to market.   Then the Motorola Xoom came out, fresh with the latest Android release optimized for tablets, and it got pretty good reviews.  However, it was $599, which is just too rich for my blood.  Luckily, I stumbled upon a Woot deal where they were selling the Samsung gTablet for $279.   The gTablet is sorta equivalent to the original iPad.  It is more powerful, but has a screen that does not have as good of a viewing angle.

However, the gTablet suffered from a devastating problem — it has an *awful* OS shell built on top of it by Samsung.  I think companies do this because they think Android is too complex for the average consumer.  To be fair, Android is more complex than iOS, but not by a whole lot; mainly it just has more customization options.   I know plenty of computer novices who figured it out quite easily.   However, I would wager 99.9% of the population would prefer a little more complexity over an unusable interface any day.  To add insult to injury, Samsung didn’t include access to the standard Android app store as well.   At market, the gTablet was pretty much an absolute failure.

However, the intrepid group of hackers (good hackers) at xda-developers stepped in to fill the void.  They provided an alternate version of the Android OS, optimized for this tablet.   I would guess their contribution is worth 100’s of thousands of dollars, easily.  Samsung should be giving them all free tablets for the work they have done.  Using a “mod” operating system, I was able to make the gTablet very useable, even though I am not running the latest 3.0 Android (Honeycomb) OS.  It isn’t a trivial task to undertake, but pretty much anyone who has ever installed an OS could figure it out and do the same thing.

I have been using the tablet for a week or so now, and overall I am really happy with it.

Positives:

• Wonderful battery life — close to 10 hours.  This is a killer feature
• Lightweight
• Nice screen (although you do have to keep it perpendicular to your FOV)
• Runs all the main apps great (but some games are messed up)
• Has a forward camera, but no rear camera (this is what the iPad 1 should have had)

Negatives:

• Weird aspect ratio.  The gTablet (as well as the Xoom) is standard “cinema” wide, which makes it narrower and taller than the iPad.  It is better for watching movies, but it feels weird in your hand

So far, it has worked pretty well as an all-around device.  I am able to take notes in Evernote, read books with the Kindle app, read Facebook, Twitter, Reddit, Google Reader, and general websites quite well.  I have a case with a built-in keyboard if I need to do a lot of typing, but typing on the screen is starting to grow on me.  It is really not too bad.  It is easy to carry around everywhere, and I don’t have to worry about it running out of charge.

The outlook is promising – maybe this time I can be free of paper forever.

I saw a recent article on Slashdot that discussed Australia’s use of “networked” biometrics in the pubs. The basic idea is that the pubs use biometrics to identify patrons, and if they are thrown out of the pub for violent behavior, they can be easily prevented from coming back for some time period. Furthermore, pubs can share the biometric data, allowing the violent patrons to be banned from a network of pubs. In the original linked article, the results are extraordinary — almost a complete elimination of violent incidences in the pubs that participate.

The Slashdot article shows some pretty predictable reactions to this kind of system. Most people feel it is a blatant violation of privacy rights, and vow to never go to a pub that uses such a system. However, according to the article, most of the pub patrons do not have any problem signing up for the service, and you can be assured that if such a system was really harming sales, the pub owners would drop it in a heartbeat. This kind of system hits an interesting intersection of privacy, business owner’s rights, and identity.

I am a strong advocate of privacy. However, I am also a strong advocate for allowing businesses to operate as they see fit, which puts me on both sides of this debate. First, let’s look at the privacy issues. Does giving your biometrics to a pub owner sacrifice your privacy? Absolutely! You cannot go to a pub anonymously; they know who you are, how often you go, when you go, maybe even what you buy. However, what most of the people who object to this system don’t realize is that you already lose a significant aspect of anonymity when you go to a pub. One of the Slashdot posters responds this way:

And, as someone who’s spent six years in the bar/restaurant business, this is just making electronic a system that has traditionally been word-of-mouth. People who work in the bar/restaurant industry hang out with other people in the business, and they swap war stories. By day two of working at a bar you know the problem people: angry drunks, people who’ve been kicked out of some other place, people who skipped out on a tab from the bar down the street, etc.

The only way to be truly anonymous is to not go to any particular pub with any frequency, so they don’t get to know you.  In effect, the biometric aspect of this system allows something that is already going on to work more efficiently.

The second issue is business owner’s rights.  I’m not sure about Australia, but in the U.S. it is generally accepted that business owners can refuse service to anyone they like, as long as they are not violating the law (like refusing service because of race).  This is basically just a recognition of property rights.  If I own the business, I should be able to control how it is run.  I will have to suffer the consequences, of course, if I offend my customers, but it is not the job of the government to tell me how to run my business.  Many of the Slashdotters say they would never patronize a pub that required biometrics, and that is perfectly fine.  If enough people do that, they will stop requiring biometrics.  Or maybe a pub will open up specifically to cater to people who don’t want to provide biometrics.   That is exactly how the system should work, with no interference from outside government entities.  Secondly, I would assume that most of the patrons don’t particularly want to deal with violent drunks, so they get a benefit from the system, as well as the bar owners.  Can the system be abused?  Sure — there is no real system for appeal, and a pub owner can easily use the system to prevent entry of someone they just don’t like.  But of course, all that can happen now, without the biometrics.

Finally, there is the issue of identity.  As many of the Slashdotters comment, such a database is not secure.  No one knows what the pub owners will do with the biometric data.  It might be hacked, or they could sell it, or they could do any number of nefarious things with it.  All that is true.    However, this view has always confused me.  People are worried about identity theft, but identity theft is not prevented by keeping your biometrics secure.  In fact, you “broadcast” your face all the time, and you leave fingerprints everywhere you go.  If I can steal your identity because I have those tokens, then the cat is already out of the bag.   The fact that they are in a database that can be stolen is irrelevant.  The problem of identity theft needs to be attacked at the point of verification.    Current biometric sensors are very good, and the fact that you have my fingerprint (or template) will not let you masquerade as me.   So, I don’t really see the issue here.  Your biometrics are you; trying to keep them secure and secret just doesn’t make sense.

So the real question is whether I would go to a pub that required me to register biometrics?  Personally, I would not, mainly because I have very strong feelings about privacy.  I would tell the owner that I didn’t want to be tracked, and then I would just go somewhere else.  However, this is partially because I don’t go to pubs much.  If I patronized them a lot, then I might be willing to give up my biometrics, just to be able to go to a place where there isn’t violence.   It is all a trade-off, and each individual has to make that decision for themselves.

OurBlook is a website combining the dynamic online atmosphere of a blog with the researched, in-depth analysis of a book. This online community is a collaborative resource created and used by academics, public policy officials, and journalists at the natural intersection of current events and the media. Everyday, these experts join OurBlook to engage in an on-going conversation with their colleagues that seeks out the responsible, sustainable ideas that will define our future.

OurBlook recently interviewed our co-founder, Dr. Alex Kilpatrick, to get his opinions on India’s project to biometrically enroll every citizen – the largest biometric program in history.

You can read the inteview here: The Internet & Society.

One of the motivations we had for starting TIS was the fact that biometric systems are WAY too expensive, and while there are many companies who are gleefully willing to charge premium prices, there were very few companies willing to serve the lower-end markets. We wanted to make biometrics accessible to a wide variety of organizations without multi-million dollar budgets. A secondary consideration was my innate “engineer” mindset, causing me to have a visceral reaction to things that are over-designed.

The field of “enterprise” software/hardware is similar. A piece of software that might cost $500 might be $500,000 when it adopts the enterprise moniker. Furthermore, many of the big enterprise companies (you know who you are) make a ton of money simply by selling their names associated with enterprise products. This is the classic defense for the poor risk-averse IT people – “no one ever got fired for buying IBM”

In the startup world, of course, we don’t have the budgets to buy things simply because they have a great pedigree. I’m more interested in getting actual real engineering value for our infrastructure, and I want every dollar to count for something real. We have a need for high-density storage, and storage “appliances” are ridiculously expensive – $10’s of thousands of dollars for SANs in the 50 TB range. I as thrilled, however, to find out about the Backblaze Storagepod as an alternative.

The nice folks at Backblaze have open-sourced their homegrown storage appliance, which is a staggeringly low $8K for about 57 TB.

If you have any doubt of the inflation of enterprise, take a gander at the relative costs of a petabyte:

Now, to be sure the Storagepod is not the exact equivalent of the devices shown. It isn’t as redundant as these devices, nor is it as fast. It doesn’t really support hot swapping. But it does do what a storage device is supposed to do — it stores a lot of bits, and it has redundancy, so one (or a couple) of drives can fail and you won’t lose any data. There are people who need more than that, but there are plenty of people who just need a lot of storage. Thanks to Backblaze, there are options for the rest of us.

Enough motivation. The purpose of this post, and the ones to follow, is to document my build process in detail, so other people can follow in my footsteps/mistakes. The first step is to figure out how you are going to order the items needed to build a pod. Luckily, Backblaze is willing to help out here. They have a detailed parts list along with links of where to order everything. However, if you research it, you will find that one of the parts is hard to order, namely the “Chang Fun” backplanes. If you aren’t familiar with a backplane, it is just a simple board with a bunch of slots to plug the hard drives into. It allows you to have 9 cables going out to the appliance from the motherboard instead of 45. Luckily, the nice folks at protocase have a solution. Protocase is the company that makes the custom case for the pod. Recognizing a business opportunity, they offer a bundle including the backplanes and the rubber bands. I have no idea why they include the rubber bands (and not all the other fasteners), but there you go.

To order the bundle, you can send an email to: gmatthews@protocase.com. Here is the price information (qty 1):

Next, we will look at the file system. The pod uses https, which is just not going to work for our application.

We met Tish Shute of www.ugotrade.com in New York. Tish is very interested in augmented reality and has a great blog that covers the gamut of interesting topics from augmented reality to mobile computer, social computing and sustainable living. We had a great conversation with her and she wrote wonderful things about us on her blog. I’m pasting an excerpt here because it’s a really long blog entry:

My favorite start up was a biometric service doing face, iris, and finger print matching, Tactical Information Systems.

Tim and Fred also liked them, and they have an interesting discussion about the merits or not of approaching your platform through a narrow first application as Tactical Information Systems are with WanderID -  an application to help identifying lost Alzheimer patients.  As Fred pointed out, they are potentially the Shazam for faces, so why start so small?

I  had asked TIS the same question when I met them in the “speed dating” session.  This is just their first toe in the water as they are a two person company at the moment. Their vision for their platform is big.  Mary Haskett and Dr Alex Kilpatrick, the founders of this quintessential jet pony for the algorithmic economies in the sky, are not only a partnership with the credentials to do a  Shazam for faces – see their bios here, they are the people I would want to be running a Shazam for faces!  They really get the consequences of living in a world of data – check out Dr Kilpatrick’s absolute killer Ignite talk, “Defeating Big Brother.” (screenshot below)”

Go check out http://www.ugotrade.com for this and a whole lot more. My favorite part is where she said we are the people she would want running a Shazam for faces – YES! We live the balance between privacy and the world of data every day and it’s an issue near and dear to us.

The whole subject of woman entrepreneurs is one I have stayed far away from. I don’t think of myself as a female entrepreneur any more than I think of myself as a female shopper when I’m at a store, a female concert goer when I’m at SXSW or a female exerciser when I’m running around the lake. I’m uncomfortable with the label because it doesn’t seem relevant. The focus should be on the company and our product, not on the founder. Who cares if I’m male or female?

On other hand, I was on my third company before I thought of myself as an entrepreneur at all. I am a female entrepreneur and even if I’m willing to close my eyes and pretend there is no difference between me and fellow male entrepreneurs, the first thing people notice when I do my pitch is that I’m female.

And then there is this:

How It Works - XKCD

So despite my reservations, I enrolled in and have just graduated from a wonderful program through Texas State University called “ACTiVATE” which is a year long mentoring program to help mid-career women start companies. From their website:

The original ACTiVATE® program was created at the University of Maryland, Baltimore County (UMBC) where classes continue to be offered. One of the goals of the program was to duplicate it in other regions of the country and for other groups underrepresented in entrepreneurship. Consistent with this goal, UMBC has licensed the ACTiVATE® program to the Path Forward Center for Innovation & Entrepreneurship (PFCIE), a not-for-profit organization that is focused on expanding the program nationally and internationally. With the October 2009 launch of the ACTiVATE® program at Texas State in Austin, Texas, PFCIE is well underway in its expansion efforts.

It is a wonderful program and I was interviewed by one of the program’s founders, Julie Lenzer Kirk, for “Enterprising Women” magazine recently.

Enterprising Women Oct 2010

This is not something that would have happened without the program. My natural inclination is to avoid this sort of thing. I’m an introvert although I have learned over the years to behave like an extrovert when needed. I’m willing to do it when it’s what is best for my company but it’s not the most fun thing in the world to do. So maybe there are more female entrepreneurs out there, but like me, they need to do a better job of getting noticed.

I was talking to a friend who has a new puppy. Listening to her stories of getting up in the middle of the night, dealing with the whimpering, having to buy stuff…

It was so familiar. It *reminded* me of something I’ve done before.

Right on the tip of my tongue – feeling sleep deprived, getting up in the night, crying, costs lots of money, more work than you ever expected, but really rewarding all the same…

THAT’S IT! Getting a new puppy is JUST LIKE starting a company!