{“MOST IT GEEKS COULDN’T CARE LESS ABOUT
where they end up in the company, compared
with how much power they exert over the
servers. For them, that is true power.”
Jennifer Ramirez Johnson
DNP Photo Imaging America
San Marcos, Texas
I found Larry Walsh’s
column about fashion
faux pas ( www.baselinemag.
com/c/a/Careers/Sense-for-Fashion-Does-It-Matter) amusing and
informative. I liked the way he
tried to take into account some
of the corresponding issues
for females in IT—the few and
proud—which so many writers
tend to ignore.
As much as I agree with
a lot of what Walsh wrote, a
majority of it is nothing new to
either women or minorities in
IT. We have to work that much
harder to be taken seriously in
the workplace, let alone in the
boardroom. There is always
some confusion about what
to do with the dress code as it
applies to the “fairer sex.”
No one is quite sure what
“casual” denotes for women,
let alone “business casual.”
Men may wear polo shirts and
chinos to work, but the range of
clothing for women ranges from
dress slacks with heels to jeans
with hiking boots. Women who
don’t dress up are, generally,
unconcerned about “keeping
up” with male counterparts.
Those of us who are more
ambitious (myself included)
tend to wear heels with slacks,
even though it would be much
easier and more comfortable to
wear T-shirts, jeans and sneakers.
I may wear my sneakers on
“casual Fridays,” but never with a
T-shirt, and my jeans are always
neat, pressed and without holes.
And it goes without saying that I
never go without makeup.
I think Walsh’s points are
valid, albeit wasted. Most IT
geeks couldn’t care less about
where they end up in the
company, compared with how
much power they exert over the
servers. For them, that is true
power. They may dress for social
occasions—and when the boss
makes them—but the grumbling
that accompanies this is usually
not worth the effort it would
take to untangle their hair. I
think most people who deal with
I T know that.
Jennifer Ramirez Johnson
Supervisor, Information Development
DNP Photo Imaging America
San Marcos, Texas
Real-Life Voting Mishap
Buried midway in your electronic voting article (Topline,
March 2008) is a statement that
explains the kind of experience
that repeatedly bedevils voters
such as me: “Accuracy dropped
below 90 percent when the task
got more complicated, such as
voting for more than a single
candidate in a race.”
When a touch-screen
machine refused to accept my
selection for a critical U.S. Senate
seat in Virginia (upstart Jim
Webb unexpectedly defeated
George Allen, thus changing
the power structure in the U.S.
Senate), I refused to push the
“Vote” button. I was one of
many voters in the Fairfax City,
Va., precinct who encountered
misfiring machines, but the
others became resigned to their
fate and let the machine decide
their votes.
Realizing the importance
of this election, I refused to
vote and complained. When
the election judges ignored my
complaint, I started walking
out. The precinct had only
two touch-screen machines to
handle the unexpectedly large
voter turnout, and my jammed
voting machine would have
crippled one of them.
Finally, the visibly annoyed
election judges relented and
used their magnetic-stripe card
to override the machine and
cancel my selections, so I could
try again. The machine worked
that time, thanks to human
intervention.
Chief Donald E. White
Director of Safety and Security
Northern Virginia Mental
Health Institute
Falls Church, Va.
WRITE TO US What do you think about
our cover story in this issue? Write to us
at editors@baselinemag.com.
Misplaced Faith in
Biorhythm Security
I find it ironic that in the same
issue of Baseline (February 2008)
where TJX is taken to task for
putting costs before security,
Forum Credit Union is praised
for making the very same
choice with BioPassword.
The traditional legs of
authentication are “something
you know,” “something you
have” and “something you are,”
but that’s not enough: None of
those three may overlap. Going
with typing cadence as a security mechanism—as provided by
BioPassword’s product—adds
the “something you are” leg, but
what works in a corporate environment does not necessarily
apply when your user is on an
unsecured computer.
You have to assume that
any information entered into
a remote computer is potentially available to a hacker.
When that’s the case, any non-changing information can be
trivially abused, and the whole
reason cadence analysis works
is because it doesn’t change. In
essence, “something you know”
has become “something your
computer can know,” and in
that context, typing cadence is
just another static password.
The reason most USB
tokens and key fobs are secure
is that they generate one-time
passwords synchronized (on a
per-device basis) with a server in
the back office. The hacker can
get the password, but it’s only
good for a single use within a
60-second time span.
I believe Forum Credit
Union would do well to reconsider whether $20 is really too
much to spend to truly secure a
customer’s bank account.
Kee Hinckley
CEO/CTO
Somewhere Inc.
Winchester, Mass.
