Re: Dossiers and Customer Courtesy Cards

[Adam Shostack]

On Tue, Dec 31, 2002 at 11:02:48AM -0800, Tim May wrote:
| On Tuesday, December 31, 2002, at 09:49  AM, Kevin Elliott wrote:
| 
| >At 12:12 -0500  on  12/31/02, Adam Shostack wrote:
| >>Rummaging through my wallet...a grocery card in the name of Hughes, a
| >>credit card with the name Shostack, and an expired membership card in
| >>the name Doe.
| >
| >Interesting point on grocery cards... Why do they have your name at 
| >all?  Every grocery card I've ever gotten they've said "here's your 
| >card and application, please fill out the application and mail it in". 
| > I say "thank you ma'am", walk out the door and toss the "application" 
| >in the trash.  Not exactly strong (or any) name linkage...
| 
| * No store I have used has ever _checked_ that a name is "valid"...they 
| don't even care when my credit card or check says "Timothy C. May" but 
| my Customer Courtesy Card says J. Random Cypher, or Eric Hughes, or 
| Vlad the Impaler...or is just unattached to any name.

And as you say below, checking that a name is valid is hard, except
when you can free-load off the effort of the state to issue
identities.  Grocery stores don't bother, which was my point to Bill.
Free-loading off the identity infrastructure of the state is a huge
problem.  "Fair and Issac," "Experian" and the rest are parasites
whose gossip/cross-referencing/credit scoring/libel is only possible
because of the state's investment in identity cards.

That problem is getting worse because none of that information is
private, and many credentials, like drivers licenses, are very
valuable in relation to how hard they are to get.  And so identity
theft, inability to get a mortgage, etc, will have to be balanced
against al that cool credit that's made possible by the tracking
system.  In the end, it won't be worthwhile to many people to be
finger and iris printed as part of their daily lives.  Or maybe it
will.

Note that I'm not saying that they're easy to get:  Thats irrelevant.
Such things are more valuable to get then they are difficult, and will
remain that way.  Drivers licenses, trusted traveller cards, etc, will
always be worth getting if you're a fraudster.

Adam

| * All in all, not a very interesting example of ID and tracking. Things 
| will get much more interesting, and worrisome, if there is ever a 
| national ID system (in the U.S.) and some kind of legislated 
| requirement (albeit unconstitutional!) that citizen-units must ID 
| themselves with valid ID for all purchases, or at least of certain 
| classes of purchases (beyond guns, for example).


-- 
"It is seldom that liberty of any kind is lost all at once."
   -Hume

Re: Dossiers and Customer Courtesy Cards

[Kevin Elliott]

At 12:03 -0800  on  12/31/02, Tim May wrote:

Yes. So?

Notice that exactly the same type of coupon is printed out with a 
cash or non >courtesy card purchase. It's a purely local 
calculation. In programming terms, >a purely local variable 
situation.

No.  Obviously the coupon was closely linked with my buying pattern, 
and in at least one case I received one of these "buy several" 
coupons without having purchased that product that particular trip 
(though I'd purchased it the the past).

In my normal insulting way I would say "Duh" here. But I am 
attempting to be >more polite, so I will say  "Am I missing 
something in your analysis?"

My oh my.  Getting an early start on your new years resolution? 
--
___
Kevin Elliott   
ICQ#23758827   AIM ID: teargo
___

Re: Dossiers and Customer Courtesy Cards

[Kevin Elliott]

At 11:02 -0800  on  12/31/02, Tim May wrote:

On Tuesday, December 31, 2002, at 09:49  AM, Kevin Elliott wrote:


 At 12:12 -0500  on  12/31/02, Adam Shostack wrote:

 Rummaging through my wallet...a grocery card in the name of Hughes, a
 credit card with the name Shostack, and an expired membership card in
 the name Doe.



* Dossier-compiling does not seem to be the motivation...at least 
not yet. The >data are too sparse, it seems to me. I don't know if 
people who "honestly" gave >a name and mailing address, and whose 
data were keypunched accurately, are >getting the "targeted 
mailings" for Midol, Attends, Trojans, etc. that the >technology can 
support.

I am almost CERTAIN that at least some stores are keeping track of 
what's being bought and using it to encourage buying.  i.e. when I 
still lived in the Great State of Illinois, Kroger had an interesting 
habit of giving out "coupons" with your receipt.  They'd custom print 
a coupon when the printed your receipt.  It didn't take much thinking 
to notice that the coupon they gave you was VERY closely correlated 
to what you bought.  My favorite case was when I happened to buy 8 
boxes of HotPockets and they responded with a "Buy 7 get 1 free 
coupon".

However, this personally doesn't bother me.  They don't have my name, 
all they have is that the person who carries this token like 
HotPockets, so lets give him a coupon to keep him hooked.  Very 
sensible to me...
--
___
Kevin Elliott   
ICQ#23758827   AIM ID: teargo
___

Re: Dossiers and Customer Courtesy Cards

[Tim May]

On Tuesday, December 31, 2002, at 11:32  AM, Michael Cardenas wrote:

But what if this data is used as part of a larger picture, such as in
TIA. It definitely can be used, along with gas purchases, to track
where a suspect, aka a citizen, is living.  Also, many possible
weapons such as perscription drugs, box cutters, and kitchen knives
can be purchased at a grocery store, which combined with case data
could be useful in framing, aka finding, the suspect.


_Can_ be used is different from _must_ be used.

Collecting valid name information costs a vendor money (both in labor, 
computerization/records, and in driving some customers elsewhere). It 
also deters some people from completing transactions.

Given free choice, most parties to a transaction in a store will not 
exchange name information. Examples abound of this. No time today to 
describe the examples of where people choose not to give names. Flea 
markets, gas stations, grocery stores,  hardware stores, etc.

A gas station which refuses to take paper currency limits its sales. J. 
Random Terrorist will likely buy gas with cash.

Only an enforceable (and unconstitutional, for various reasons) 
requirement for ID will work.

As for your point about prescription drugs, box cutters, kitchen knives 
being trackable, I assume this is a troll or something you haven't 
thought through. Treat it as a signal to noise problem, with millions 
of such purchases every day. Again, I don't have time to describe this 
in detail. Think about it.


--Tim May

Re: Dossiers and Customer Courtesy Cards

[Michael Cardenas]

On Tue, Dec 31, 2002 at 11:02:48AM -0800, Tim May wrote:
> On Tuesday, December 31, 2002, at 09:49  AM, Kevin Elliott wrote:
>
> >At 12:12 -0500  on  12/31/02, Adam Shostack wrote:
> >>Rummaging through my wallet...a grocery card in the name of Hughes, a
> >>credit card with the name Shostack, and an expired membership card in
> >>the name Doe.
> >
...
>
> * Dossier compiling at grocery stores is not very useful for Big
> Brother, either. Who consumes Midol, Attends, Trojans, etc. is not
> interesting even to George Bush and Dick Cheney. And few hardware or
> electrical supply stores have courtesy cards. In any case, no
> requirement to use cards, etc.
>
> * All in all, not a very interesting example of ID and tracking. Things
> will get much more interesting, and worrisome, if there is ever a
> national ID system (in the U.S.) and some kind of legislated
> requirement (albeit unconstitutional!) that citizen-units must ID
> themselves with valid ID for all purchases, or at least of certain
> classes of purchases (beyond guns, for example).
>
> I don't see this happening in the next 15 years unless some major new
> terrorist incident occurs.
>

But what if this data is used as part of a larger picture, such as in
TIA. It definitely can be used, along with gas purchases, to track
where a suspect, aka a citizen, is living.  Also, many possible
weapons such as perscription drugs, box cutters, and kitchen knives
can be purchased at a grocery store, which combined with case data
could be useful in framing, aka finding, the suspect.

--
michael cardenas   | lead software engineer, lindows.com
hyperpoem.net  | GNU/Linux software developer
people.debian.org/~mbc | encrypted email preferred

Listening to: A Tribe Called Quest - Scenario

"Each molecule preaches
   perfect law,
 Each moment chants true
   sutra;
 The most fleeting thought
   is timeless,
 A single hair's enough to
   stir the sea"
- Shutaku

[demime 0.97c removed an attachment of type application/pgp-signature]

Re: Dossiers and Customer Courtesy Cards

[Tim May]

On Tuesday, December 31, 2002, at 11:41  AM, Kevin Elliott wrote:


At 11:02 -0800  on  12/31/02, Tim May wrote:

On Tuesday, December 31, 2002, at 09:49  AM, Kevin Elliott wrote:


 At 12:12 -0500  on  12/31/02, Adam Shostack wrote:

 Rummaging through my wallet...a grocery card in the name of 
Hughes, a
 credit card with the name Shostack, and an expired membership card 
in
 the name Doe.


* Dossier-compiling does not seem to be the motivation...at least not 
yet. The >data are too sparse, it seems to me. I don't know if people 
who "honestly" gave >a name and mailing address, and whose data were 
keypunched accurately, are >getting the "targeted mailings" for 
Midol, Attends, Trojans, etc. that the >technology can support.

I am almost CERTAIN that at least some stores are keeping track of 
what's being bought and using it to encourage buying.  i.e. when I 
still lived in the Great State of Illinois, Kroger had an interesting 
habit of giving out "coupons" with your receipt.  They'd custom print 
a coupon when the printed your receipt.  It didn't take much thinking 
to notice that the coupon they gave you was VERY closely correlated to 
what you bought.  My favorite case was when I happened to buy 8 boxes 
of HotPockets and they responded with a "Buy 7 get 1 free coupon".

Yes. So?

Notice that exactly the same type of coupon is printed out with a cash 
or non courtesy card purchase. It's a purely local calculation. In 
programming terms, a purely local variable situation.

In my normal insulting way I would say "Duh" here. But I am attempting 
to be more polite, so I will say  "Am I missing something in your 
analysis?"

--Tim May

Re: Dossiers and Customer Courtesy Cards

[Michael Cardenas]

On Tue, Dec 31, 2002 at 12:12:02PM -0800, Tim May wrote:
> On Tuesday, December 31, 2002, at 11:32  AM, Michael Cardenas wrote:
> >But what if this data is used as part of a larger picture, such as in
> >TIA. It definitely can be used, along with gas purchases, to track
> >where a suspect, aka a citizen, is living.  Also, many possible
> >weapons such as perscription drugs, box cutters, and kitchen knives
> >can be purchased at a grocery store, which combined with case data
> >could be useful in framing, aka finding, the suspect.
>
...
>
> As for your point about prescription drugs, box cutters, kitchen knives
> being trackable, I assume this is a troll or something you haven't
> thought through. Treat it as a signal to noise problem, with millions
> of such purchases every day. Again, I don't have time to describe this
> in detail. Think about it.
>

Isn't the whole purpose of TIA (or the claimed purpose) to be able to
say person A bought weapon B on this day, bought C gallons of gas to
drive to govt building D, and then blew up building D with weapon B,
therefore person A must be the criminal?

--
michael cardenas   | lead software engineer, lindows.com
hyperpoem.net  | GNU/Linux software developer
people.debian.org/~mbc | encrypted email preferred

Listening to: Sonic Youth - Inhuman

"Existence is a fullness which man can never abandon."
- Jean-Paul Sartre

[demime 0.97c removed an attachment of type application/pgp-signature]

Re: Dossiers and Customer Courtesy Cards

[Bill Stewart]

At 12:27 PM 12/31/2002 -0800, Michael Cardenas wrote:

On Tue, Dec 31, 2002 at 12:12:02PM -0800, Tim May wrote:
> On Tuesday, December 31, 2002, at 11:32  AM, Michael Cardenas wrote:
> As for your point about prescription drugs, box cutters, kitchen knives
> being trackable, I assume this is a troll or something you haven't
> thought through. Treat it as a signal to noise problem, with millions
> of such purchases every day. Again, I don't have time to describe this
> in detail. Think about it.

Isn't the whole purpose of TIA (or the claimed purpose) to be able to
say person A bought weapon B on this day, bought C gallons of gas to
drive to govt building D, and then blew up building D with weapon B,
therefore person A must be the criminal?


The scalability of the problem is much different depending on your goals.
If you want to sort through the transcriptions of people who
bought drugs and knives and airline tickets but no luggage
in an effort to find potential terrorists, that's useless.

But if you've already got a suspect, like a Green Party member
who wrote an annoyed letter to the President and threatened to
tell her Congresscritter in person what a bad President he is,
and you're trying to find suspicious-sounding evidence,
then government access to tracking data can make it possible for you
to find out that she bought some toenail scissors before her trip,
and bought unspecified "merchandise" at a garden store,
and bought far more gasoline for her SUV than she'd need to
drive it to the airport and back, and bought some new shoes,
then obviously she's a planning to hijack a plane and
go shoe-bomb the President with ANFO so it's ok to bring her in
and force her to rat out her co-conspirators.

But it's much more realistic to use all that data to
send her an L.L.Bean catalog and the web page for Burpee's,
maybe even including the hidden link for hydroponic gardening
and plant-cloning supplies

Re: Dossiers and Customer Courtesy Cards

[Peter Gutmann]

Tim May <[EMAIL PROTECTED]> writes:

>Collecting valid name information costs a vendor money (both in labor,
>computerization/records, and in driving some customers elsewhere). It also
>deters some people from completing transactions.

To see an example of data collection done on a grand scale, have a look at
http://www.flybuys.com.au/information/fly_web_inf_pa_002.asp.  The information
they collect is (from their web page):

* name, address & telephone number(s)
* e-mail address
* names of additional cardholders
* date of birth
* ages of household members
* transaction details associated with the collection of Fly Buys points
* points collected and awards provided.
Members' signatures/authorities are also collected by Fly Buys.

where "transaction details" cover everything you buy over $5, not just the
usual groceries and whatnot but extending to things like travel, phonecalls,
power bills, car rentals, petrol, banking, hotels, etc etc etc.  The usage is:

  Information about members and supplementary cardholders (whether provided on
  application, or by participating companies and/or reward providers about
  member transactions) will be collected by Fly Buys [...] This information
  will be used by Fly Buys, and its agents, to provide services relating to
  the Fly Buys programme including to provide a telephone service centre,
  membership and supplementary cards, Point Summaries and market research.
  Information from the database will also be used by Fly Buys for marketing
  purposes, planning, product development and research.

Someone looked at some of the details a few years back and found that "its
agents" seemed to be a maze of affiliated companies that were difficult to
trace.  At the moment it's targeted purely at customer loyalty and to a much
lesser extent marketing, but it's a ready-made TIA facility if the government
ever decides they need it (actually knowing the Australian government, ASIO
may have already decided they need it).

Peter (who gets sick of being asked if he's been assimilated yet on every
   purchase he makes).

Re: Dossiers and Customer Courtesy Cards

[R. A. Hettinga]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

At 5:07 PM +1300 on 1/1/03, Peter Gutmann wrote:


> She didn't bat an eyelid,
> nor was she concerned that he had the cards and I was buying the
> books.  Not My Problem.

I'm sure many other people besides myself have had a cashier swipe
her own card on behalf of a non-cardholding customer, "just to be
nice". :-).

More proof that the correlation is the thing, not the mystification
of identity.

However, I do wonder what deflation would do this stuff.

I expect that cash discounts would become *real* popular in a
deflationary environment, and, in the interest of economy in a time
of tight money, no manager worth his job would pay to replace these
mostly useless customer database systems, wonders of conjoined
purchasing data or no.

The best market information is, as usual, an efficiently discovered
price...

Cheers,
RAH

-BEGIN PGP SIGNATURE-
Version: PGP 8.0 - not licensed for commercial use: www.pgp.com

iQA/AwUBPhJy1sPxH8jf3ohaEQKTAACeICxBnPID9gy/fLcMYmrBjLNwc30AnjcM
xdKUxFD5QEsYCw9p/oWhN+Th
=BBj1
-END PGP SIGNATURE-

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Dossiers and Customer Courtesy Cards

[Peter Gutmann]

Tim May <[EMAIL PROTECTED]> writes:
>On Tuesday, December 31, 2002, at 09:49  AM, Kevin Elliott wrote:
>>At 12:12 -0500  on  12/31/02, Adam Shostack wrote:
>>>Rummaging through my wallet...a grocery card in the name of Hughes, a
>>>credit card with the name Shostack, and an expired membership card in
>>>the name Doe.
>>
>>Interesting point on grocery cards... Why do they have your name at
>>all?  Every grocery card I've ever gotten they've said "here's your
>>card and application, please fill out the application and mail it in".
>>I say "thank you ma'am", walk out the door and toss the "application"
>>in the trash.  Not exactly strong (or any) name linkage...
>
>* No store I have used has ever _checked_ that a name is "valid"...they
>don't even care when my credit card or check says "Timothy C. May" but
>my Customer Courtesy Card says J. Random Cypher, or Eric Hughes, or
>Vlad the Impaler...or is just unattached to any name.

I was book-shopping with a friend a few years back when he remembered he had a
discount card for that store.  In front of the person at the checkout, he
pulled a large stack of the store's discount cards out of his pocket, picked
one at random from the pile, and handed it to her.  She didn't bat an eyelid,
nor was she concerned that he had the cards and I was buying the books.  Not
My Problem.

Peter.

Re: Dossiers and Customer Courtesy Cards

[John Kelsey]

At 01:46 PM 12/31/02 -0800, Bill Stewart wrote:
...

The scalability of the problem is much different depending on your goals.
If you want to sort through the transcriptions of people who
bought drugs and knives and airline tickets but no luggage
in an effort to find potential terrorists, that's useless.



But if you've already got a suspect, like a Green Party member
who wrote an annoyed letter to the President and threatened to
tell her Congresscritter in person what a bad President he is,

...

It's worth pointing out that if you can afford to do the computerized part 
of this search for your top 16 suspects today, you'll be able to do it for 
your top thousand suspects in less than ten years, just assuming processing 
and storage gets cheaper at current rates


--John Kelsey, [EMAIL PROTECTED]

Re: Dossiers and Customer Courtesy Cards

[Mike Rosing]

On Tue, 31 Dec 2002, Tim May wrote:

> * I expect most uses of "customer courtesy cards" are to try to get
> some kind of brand loyalty going. People thinking "Well, I have a card
> at Albertson's, but not at Safeway, so I'll go to Albertson's."

They'd love that, but know better.

> * Dossier-compiling does not seem to be the motivation...at least not
> yet. The data are too sparse, it seems to me. I don't know if people
> who "honestly" gave a name and mailing address, and whose data were
> keypunched accurately, are getting the "targeted mailings" for Midol,
> Attends, Trojans, etc. that the technology can support.

Well, my wife has gotten 2 (!) flower pots for being the "in top 10
spenders" at our local grocery store.  They delivered to our door.
Couldn't do that if it wasn't a real address.

They do print out coupons based on products purchased - they try to
get you to buy competitors brands.  I don't know how much the competitors
pay for this service, but it's definitly tied into purchase patterns.

What will Ridge do with that info?  Who knows, but it ain't good.

> * Dossier compiling at grocery stores is not very useful for Big
> Brother, either. Who consumes Midol, Attends, Trojans, etc. is not
> interesting even to George Bush and Dick Cheney. And few hardware or
> electrical supply stores have courtesy cards. In any case, no
> requirement to use cards, etc.

But we have a military division devoted to psychowar.  I would assume
they'd use brand and product tracing to get a handle on how to freak
people out.

> * All in all, not a very interesting example of ID and tracking. Things
> will get much more interesting, and worrisome, if there is ever a
> national ID system (in the U.S.) and some kind of legislated
> requirement (albeit unconstitutional!) that citizen-units must ID
> themselves with valid ID for all purchases, or at least of certain
> classes of purchases (beyond guns, for example).
>
> I don't see this happening in the next 15 years unless some major new
> terrorist incident occurs.

It will.  The dictatorship isn't quite as complete as they'd like.

Patience, persistence, truth,
Dr. mike

Re: Dossiers and Customer Courtesy Cards

[Mike Rosing]

On Wed, 1 Jan 2003, Todd Boyle wrote:

> Its not enough to put the chips next to the beer.  They want
> to examining the layout of all their shelf space.
> The cash register data alone, is enough to do this, but
> it doesn't work very well for shoppers who come and
> buy chips on tuesday and beer on wednesday.  The
> card lets them associate your whole shopping cart
> for the month.

It's a nice idea, but they have several people on one card.
When my kids are teenagers, they'll have the same card I
and my wife have.  So they have whole families in that data
mix.  I'd think they would try to correlate the cash register
data with each person - the kids are in the candy corner,
the dad is getting the beer and mom is getting the chips.
Doesn't seem like a very simple problem to me!

Patience, persistence, truth,
Dr. mike

Re: Dossiers and Customer Courtesy Cards

[Todd Boyle]

At 07:12 PM 1/1/2003, Mike Rosing wrote:

On Tue, 31 Dec 2002, Tim May wrote:

> * I expect most uses of "customer courtesy cards" are to try to get
> some kind of brand loyalty going. People thinking "Well, I have a card
> at Albertson's, but not at Safeway, so I'll go to Albertson's."

They'd love that, but know better.

> * Dossier-compiling does not seem to be the motivation...at least not
> yet. The data are too sparse, it seems to me.


The goals of loyalty cards in supermarkets are to
identify actionable patterns.  Apparently they have theories
which the data allows them to test, and, they also just
unleash a neural net or other algorithm to find patterns.

They want to know what "type" of customers they have in what
numbers.  This "segmentation", I seem to understand
that supermarkets want to position affinity products together,
in the store and maybe in the ads.

Chains can make inferences based on what they know
nationwide but the customers can be quite different from one
store to another, they can't put the same product mix, in the
same location, for all Safeways.

Its not enough to put the chips next to the beer.  They want
to examining the layout of all their shelf space.
The cash register data alone, is enough to do this, but
it doesn't work very well for shoppers who come and
buy chips on tuesday and beer on wednesday.  The
card lets them associate your whole shopping cart
for the month.

Todd

Re: Dossiers and Customer Courtesy Cards

[Eugen Leitl]

On Wed, 1 Jan 2003, John Kelsey wrote:

> It's worth pointing out that if you can afford to do the computerized
> part of this search for your top 16 suspects today, you'll be able to
> do it for your top thousand suspects in less than ten years, just
> assuming processing and storage gets cheaper at current rates

I think you're being very conservative here. You can package several
GBytes of memory and about a TByte worth of EIDE RAID drive into a 1U
system with dual GBit Ethernet. A single facility with a redundancy pool
of spares could contain 10^3..10^4 nodes, running for about a
megabuck/year for juice and air conditioning. 10 PByte of nonvolatile
storage and ~40 TByte of RAM accessed by dual CPUs could easily run data
mining on the entire Earth's population (in reality only a fraction of it
which generates traffic will be of interest), especially if they run
custom dbase code out of core, and use nonvolatile storage mostly as
libraries.

Assuming there are some 100*10^6 users each of them is sending a 1 kByte
pure text email/day a single HD drive will hold a day of world's worth of
email traffic, uncompressed. Good quality human voice compresses to about
1.5 kByte/s. Above assembly could store about 3 hours of 100 million
people jabbering simultanously. You can of course also run voice
recognition either in realtime, or do batch processing of selected stuff
from the library.

That's the theory, no one knows who is running where what.

Re: Dossiers and Customer Courtesy Cards

[Sunder]

Not in any 1U system that I know of unless you mean multiple racks.
The biggest ATA drives I see on the market today are 200GB.  Most 1U
systems won't hold more than two of these.  That's nowhere near 1TB!

Also you're forgetting about doing backups; and I don't know about you,
but I get a fuckload more email than 1K/day.  Granted, averaged out over
the entire population of the earth - what over 99% of don't even have
email, it may well be 1k/day/person.

Further, you'd want more than one GigE port on these machines just so as
to deal with the traffic.

And you'll need lots of cage monkeys to run around replacing failed disks.
Do the math if the MTBF of one disk is 10,000 hours, what is the MTBF of
say 2 spindles (disks) per machines multiplied by 1 machines? One
failure every 5 hours?   Hell, that's even assuming MTBF is that high!

Have you see: http://www17.tomshardware.com/column/200210141/index.html ?

You're probably also discounting the sheer amount of bandwidth required to
copy all that data, route it to each of those thousands of 1U nodes, and
then analyze it near real time and provide the ability to search through
the results.  Oh, You'd need several such centers since the worlds data
flows aren't centralized.


I wonder what the specs are for those nice Echelon centers already in
existence  Likely they're very different from what you propose.


--Kaos-Keraunos-Kybernetos---
 + ^ + :NSA got $20Bil/year |Passwords are like underwear. You don't /|\
  \|/  :and didn't stop 9-11|share them, you don't hang them on your/\|/\
<--*-->:Instead of rewarding|monitor, or under your keyboard, you   \/|\/
  /|\  :their failures, we  |don't email them, or put them on a web  \|/
 + v + :should get refunds! |site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

On Sat, 4 Jan 2003, Eugen Leitl wrote:



> I think you're being very conservative here. You can package several
> GBytes of memory and about a TByte worth of EIDE RAID drive into a 1U
> system with dual GBit Ethernet. A single facility with a redundancy pool
> of spares could contain 10^3..10^4 nodes, running for about a
> megabuck/year for juice and air conditioning. 10 PByte of nonvolatile
> storage and ~40 TByte of RAM accessed by dual CPUs could easily run data
> mining on the entire Earth's population (in reality only a fraction of it
> which generates traffic will be of interest), especially if they run
> custom dbase code out of core, and use nonvolatile storage mostly as
> libraries.
> 
> Assuming there are some 100*10^6 users each of them is sending a 1 kByte
> pure text email/day a single HD drive will hold a day of world's worth of
> email traffic, uncompressed. Good quality human voice compresses to about
> 1.5 kByte/s. Above assembly could store about 3 hours of 100 million
> people jabbering simultanously. You can of course also run voice
> recognition either in realtime, or do batch processing of selected stuff
> from the library.

Re: Dossiers and Customer Courtesy Cards

[Eugen Leitl]

On Sat, 4 Jan 2003, Sunder wrote:

> Not in any 1U system that I know of unless you mean multiple racks.

It doesn't matter. While NSA builds their own hardware, you can as well 
think in terms of vanilla Dells.

> The biggest ATA drives I see on the market today are 200GB.  Most 1U
> systems won't hold more than two of these.  That's nowhere near 1TB!

Dell 1U have three drive bays. Whether it's 200 GB, or 300 GByte or TByte
apiece (such drives exist) or how many U they occupy it doesn't matter, as
this is an order of magnitude estimate.

> Also you're forgetting about doing backups; and I don't know about you,

I would not do backups for raw signint data. (If I would have to do
backups I'd use RAID at disk or mirrored servers). I would do backups for
targeted and destilled data, which is a tiny fraction of the entire sea of
nodes.

> but I get a fuckload more email than 1K/day.  Granted, averaged out over

The point is not how much you're getting (personal mail, mailing lists are 
redundant, so is spam -- NSA could offer the best spam filtering sources 
ever), the point how much people are _writing_. On the average.

> the entire population of the earth - what over 99% of don't even have
> email, it may well be 1k/day/person.
> 
> Further, you'd want more than one GigE port on these machines just so as
> to deal with the traffic.

Off-shelf Dells come with twin GBit Ethernet ports. You can throw in other
interconnects which scale better. The traffic is not that high, if you
remember that you can hold entire's day email traffic in your hand.
 
> And you'll need lots of cage monkeys to run around replacing failed disks.
> Do the math if the MTBF of one disk is 10,000 hours, what is the MTBF of
> say 2 spindles (disks) per machines multiplied by 1 machines? One
> failure every 5 hours?   Hell, that's even assuming MTBF is that high!

How much cage monkeys do you need to deal with a hardware failures in a 10
kNode installation which happens a few time in a workday? One. Two, if you 
want to deal with the failure immediately. You should look at personnel 
requirements and failure rate for COTS clusters in academic environments.
 
> Have you see: http://www17.tomshardware.com/column/200210141/index.html ?
> 
> You're probably also discounting the sheer amount of bandwidth required to
> copy all that data, route it to each of those thousands of 1U nodes, and

Email and fax and telex are easy. Voice might be tight. Dunno about 
videoteleconferencing, not many people are doing it yet.

> then analyze it near real time and provide the ability to search through
> the results.  Oh, You'd need several such centers since the worlds data
> flows aren't centralized.

The system I mentioned was an illustration that you can process entire
world's traffic in a single, not very large hall. On a very unremarkable
budget. Yes, you can centralize the world's traffic (a TBit/s fiber link
can feed one kilonode), but you don't have to. You can just switch the
individual clusters into a grid with dedicated fiber lines, and treat it
like a whole. It's just a database, after all.
 
> I wonder what the specs are for those nice Echelon centers already in
> existence  Likely they're very different from what you propose.

I have no idea what the specs are. All I'm saying that it can be done,
now. The capabilities grow a lot faster than the number of subjects to
survey, though threshold countries coming online (see DSL numbers for
Chinese users) will result in a sudden surge of growth. After the world 
has saturated new growth will only come from intermachine traffic and new 
forms of communication (broadband video feeds).

One would hope that by then the bulk of that traffic is encrypted, making 
gathering data largely an exercise in futility.

Re: Dossiers and Customer Courtesy Cards

[Tim May]

On Monday, January 6, 2003, at 07:44  AM, Trei, Peter wrote:

Actually, many stores go to a lot of trouble to find a pessimal
arrangement of items - the more shelves a customer walks
past, the more impulse buys he/she is likely to make. There's
a reason the dairy section is usually the furthest from the door.


Ditto for meat, and for produce (vegetables, fruits). However, another 
primary reason is because dairy, meat, and to a lesser extent produce 
all benefit from wall space so that stocking can be done from behind. 
Butcher areas are usually behind the meats, and dairy is stocked from 
the large refrigerators behind the dairy cases. Ditto for beer.


At Shaw's (one of our local chains) using the courtesy card
can sometimes lead to quite substantial savings - 50% on
some items such as meats. At times, my overall grocery bill
has been cut 20% by using a card.


Mostly a scam. Prices on "$$$uper $$$aver" items, by whatever name, 
are often jacked-up before the Customer Satisfaction Reward! is applied.

Items which are truly discounted, due to vendor surpluses, etc., are 
usually discounted just as much at stores with no such cards. (In the 
Bay Area, Nob Hill/Raley's, Albertson's prior to the card, and numerous 
other independent stores have no cards, and just as many discounts.)

I don't dispute the notion that the major chains have all decided to 
try to keep customer loyalty by offering such cards.

"So great that everyone ought to offer one" is the chestnut about a 
rare service becoming ubiquitous, and thus useless. This is one reason 
things like these cards go in cycles.

As I said, I just picked up several more Safeway cards just by reaching 
over the counter in an aisle which was shut down. I keep a pile in my 
vehicles. And if I don't remember to pick one up before entering a 
store, I either get a new one (no name, of course) on the spot, have 
the checker wand a generic card, or grab a new one from near a locked 
cash register.

But I certainly realize the supposed "savings" are hype based on the 
usual marketing principles.

--Tim May

RE: Dossiers and Customer Courtesy Cards

[Trei, Peter]

> Mike Rosing[SMTP:[EMAIL PROTECTED]] wrote:
> 
> 
> On Wed, 1 Jan 2003, Todd Boyle wrote:
> 
> > Its not enough to put the chips next to the beer.  They want
> > to examining the layout of all their shelf space.
> > The cash register data alone, is enough to do this, but
> > it doesn't work very well for shoppers who come and
> > buy chips on tuesday and beer on wednesday.  The
> > card lets them associate your whole shopping cart
> > for the month.
> 
> It's a nice idea, but they have several people on one card.
> When my kids are teenagers, they'll have the same card I
> and my wife have.  So they have whole families in that data
> mix.  I'd think they would try to correlate the cash register
> data with each person - the kids are in the candy corner,
> the dad is getting the beer and mom is getting the chips.
> Doesn't seem like a very simple problem to me!
> 
> Patience, persistence, truth,
> Dr. mike
> 
Actually, many stores go to a lot of trouble to find a pessimal
arrangement of items - the more shelves a customer walks 
past, the more impulse buys he/she is likely to make. There's
a reason the dairy section is usually the furthest from the door.

At Shaw's (one of our local chains) using the courtesy card
can sometimes lead to quite substantial savings - 50% on
some items such as meats. At times, my overall grocery bill
has been cut 20% by using a card.

Peter Trei

Re: Dossiers and Customer Courtesy Cards

[Michael Motyka]

If I remember correctly, right after the WTC attack one of the grocery chains, I think 
it 
was Safeway, immediately offered it's customer lists to the FBI. What were they going 
to do profile people who bought excessive amounts of chick peas, garlic and lemons?

Albertson's has recently returned to the stupid card but I notice that there is a 
checkbox 
that says you do not wish to give personal information. Fine. Of course you then lose 
the fantastic benefit of possibly having lost car keys returned via your friendly 
neighborhood grocery.

It's all marketing bull with the added benefit of of contributing to that giant 
database in 
the sky. 

M

Re: Dossiers and Customer Courtesy Cards

[Todd Boyle]

Somebody said,
> Frankly, if using my card saves me $10 on a roast,
> it's hard for me not to think it's a good exchange..

Hogwash.  It's not saving customers anything at all.

Same gimmick as credit cards.  Take away a percentage
from noncard-holders and give it to the cardholders.

What economic efficiency or productivity could these
cards actually achieve??

One cannot argue, "Identity cards enable the store to
improve product mix thereby improving service" because
the chains have adequate cash register data.

I don't think the cards are achieving *anything* except
a carveout from the customers themselves. First of all
they get a dollar, from day one, by selling our personal
information to other corporations.  That is pure profit,
after a low-cost software module on their card reader.

The rest of the payoff comes from calculating YOUR
behavior in order to stick their knife deeper into you.
The cards strengthen their pricing power against YOU.
For example, avoid offering discounts for things you
are going to buy anyway.   Watch and see-- in a couple
of years there will be "Dynamic Pricing."  You'll find
out you're paying higher prices on bread than the guy
next to you!!   But in the meantime they will jsut use
the data to confuse you to death, changing prices and
unit sizes and locations of everything in the store, so
it's impossible to comparison shop.

Consumers should begin to request our purchase history
(so we can submit it to regional grocery auctions, competing
chains, comparison websites, etc.)   The chains will say
"HELL NO, are you kidding?"   That will show why they
are really installing the cards!   guffaws!

What's needed is a little embedded linux device with a cheap
scanner, where shoppers can pay a dime, insert their receipt,
and receive their shopping list in XML format, by email.  Thise
should be in front of every store, between the pay phone,
the coinstar, photo kiosks, etc.

I believe it would become clear, grocery stores are as much
an information phenomenon as logistical one.  Direct supply
by producers to residences, for some commodities would
become economically possible. You'd have a critical mass
of information.

Todd Boyle cpa kirkland wa www.gldialtone.com
a rant a day keeps the clients away

Re: Won't someone think of the stoned data-entry keyboarders? (Re: Dossiers and Customer Courtesy Cards)

[Tim May]

On Wednesday, January 1, 2003, at 07:34  PM, Major Variola (ret) wrote:


Its very common, if the person in front of you hasn't a card, to loan
your
card (to a total stranger!  gasp!)  when you them without.  I've also
noticed that the checkers now
keep a working card to use in these situations.




I picked up a stack at Safeway a few days ago (just go to any cash 
register lane that isn't open. Usually the stack of blank cards (and 
sometimes the forms) is next to the register. Just reach over and grab 
a pile.

None of these are registered in any way to oneself.

Of course, for grins, one can fill out the forms with various seditious 
names, including the store's manager's name. Deposit the form, put the 
cards back where people will find them and think "Cool, I'll just use 
this card, sitting here next to the Lifesavers and pens."

(Same kind of hack as modifying counter deposit slips with either 
random magnetic digits or, more dangerously, with one's own deposit 
number.)



--Tim May
"The Constitution is a radical document...it is the job of the 
government to rein in people's rights." --President William J. Clinton