The smoke alarm who cried wolf

Not that long ago I moved from Calgary to Kelowna, and Lori and I are now living in a brand new condo. While I really like this place, one thing is starting to drive me nuts:

There is a smoke/fire alarm in the kitchen. And not just any detector, it’s a super sensitive one! Note to the developer who made the decision to place it here: Don’t.

See, catching kitchen fires early is a good idea in theory, but in the real world, I’m sure my neighbours are tired of hearing about it every time I make toast, or in a spectacular example of stupidity in design, it went off earlier today when I was melted butter in the microwave, and the butter wasn’t even melted yet.


Signatures suck. At best, they’re a waste of time, and at their worst, they offer a false sense of security.

I’m not talking about that blurb on the bottom of an email containing a joke, quip or quote or meaningless unenforceable legal disclaimer, but a pen to paper, might-be-worth-something-if-I-get-famous John Hancock.

Cashiers don’t confirm them when using a credit card, this is easily tested — Write “Homer Simpson” on the signature line of a Visa receipt and see if anyone notices. Even the ones that make a big show of comparing your receipt to your card don’t notice, it’s robotic, and like most things in the security world, it’s theatre.

Even more useless are signatures on faxes. I regularly fill out or create documents electronically which I am supposed to print, sign, and then either fax or mail to a company. I don’t. I have a scanned copy of my signature which I can insert into a document before printing or faxing, and haven’t once been called on it — Why would I be, it looks completely legitimate to the recipient.

And that, right there, is the problem. How is the recipient supposed to verify that the signature belongs to me? If it can’t be authenticated, how does the recipient know it’s authorized? And if it’s not authorized, what good is it?

With 15 minutes to dummy up letterhead you can get ownership to all sorts of things, from domain names to packages at the post office to using someone’s credit card, or occasionally, even initiating a wire transfer.

Cheques are not verified, unless the cheque is large or otherwise suspicious an unsigned cheque will go through without any pain — Sure, you could dispute it, and probably get your money back, but a smart thief would be long gone before anyone noticed.

Now admittedly this is not a trivial problem to solve, and in fact it would probably take multiple layers depending on the value of the transaction, whether or not the parties are able to connect physically, and the likelihood of fraud.

Fast food is starting to get it right, no signature required for small purchases.

Some stores always ask for identification for credit card transactions, but rarely ask you to remove your ID from your wallet — Even Alberta’s rather impressively difficult to modify or reproduce, polycarbonate laser engraved identification cards defeated if the clerk isn’t paying attention — Just paste a new picture on top and no one will notice IF the card is only inspected through a plastic holder inside a wallet. I’ve yet to be asked to remove the card from my wallet anywhere except when applying for a passport.

Weird that we trust a signature so implicit, is it not?

More pointless privacy invasions mislabeled as security

According to a recent article

All non-Europeans would need to submit biometric data before crossing Europe’s frontiers under sweeping European Union proposals to combat illegal migration, terrorism and organized crime that are to be outlined this week.

Well isn’t that fantastic. It’s a good thing no terrorist or organized crime family would ever be able to obtain a European passport. And heck, if you can’t be bothered to purchase false identification, why bother with this at all, just skip immigration and head straight for the street.