Friction Is Bad

(NOT part of the biometric product marketing expert series)

Friction is bad.

I know some people think that friction is good, because if you tolerate the friction to get to the thing, then you must really want it.

But more often than not, friction is bad.

Which is why when I create a reel, I try to post the native reel in all places where appropriate.

Take my most recent 8 second “biometric product marketing expert” reel.

But you don’t have to leave this blog post to see the original reel.

See how easy a frictionless experience can be?

More here.

Biometric Product Marketing Expert.

KYI Stands For Know Your InMailer

KYC stands for Know Your Customer.

So I guess KYI stands for Know Your InMailer.

My broad and rich skillset

This afternoon I received an email and a LinkedIn InMail from “Alice Ives,” purportedly with Maharah according to her profile. She wanted to tell me about an opportunity.

The email.

“Your broad and rich skillset will be of great benefit to our company’s development. The employer is seeking a remote consultant. We look forward to discussing further cooperation opportunities with you. Hope to hear from you soon.”

The InMail after “Alice’s” profile disappeared.

But when I asked for her Maharah email address she didn’t respond, and her profile became invisible to me. I don’t know if “Alice” deleted her profile, if she blocked me, or if LinkedIn removed her.

Know Your Customer in the real world

Of course in the real world outside of social media, Know Your Customer procedures can be rigorous, encompassing government-issued identity documents, biometrics and liveness detection, information from public and private databases worldwide, and even geolocation.

But from what I recall before Alice’s profile disappeared, her claimed geolocation was “United States.” Just one possible indicator of fakery. 

Did you spot the others?

Jay Littleton Ball Park Destroyed By Fire

Jay Littleton Ball Park in Ontario, California was destroyed by fire this week.

From the ABC7 story:

The historic baseball field was built in the 1930s with a wooden frame grandstand.

It’s owned by the city and operated by the public works agency. It was designated a historic landmark back in 2003.

It’s been renovated several times, but officials said there was still likely a lot of old wood in the structure, which is dry and burns quickly.

The Ontario Eastern Little League is sponsoring a GoFundMe for repairs.

Jay Littleton Ball Park, August 24, 2024.

Graber For Sale Confirmed

According to Loopnet (and, according to Amanda Matthiesen, Coldwell Banker), the Graber Olive Company property at E 4th St in Ontario IS for sale at an asking price of $4 million.

“They would love a partner or someone to continue the Graber Olive brand but understand the property may be developed.”

(If zoning allows. I’m sure some residents would raise a stink if a condo developer bought the property.)

Oh, and some business details:

“Their online sales are normally $75000 to $150000 per month, including selling to Augusta National for the past 70 years.  This last year due to poor Olive production they elected not to produce the Olives in 2023.”

From https://www.loopnet.com/Listing/315-E-4th-St-Ontario-CA/30543340/

On Attribute-Based Access Control

In this post I’m going to delve more into attribute-based access control (ABAC), comparing it to role-based access control (RBAC, or what Printrak BIS used), and directing you to a separate source that examines ABAC’s implementation.

(Delve. Yes, I said it. I told you I was temperamental. I may say more about the “d” word in a subsequent post.)

But first I’m going to back up a bit.

Role-based access control

As I noted in a LinkedIn post yesterday:

Back when I managed the Omnitrak and Printrak BIS products (now part of IDEMIA‘s MBIS), the cool kids used role-based access control.

Public Domain, https://commons.wikimedia.org/w/index.php?curid=6907222.

My product management responsibilities included the data and application tours, so user permissions fell upon me. Printrak BIS included hundreds of specific permissions that governed its use by latent, tenprint, IT, and other staff. But when a government law enforcement agency onboarded a new employee, it would take forever to assign the hundreds of necessary permissions to the new hire.

By Love Makes A Way – https://www.flickr.com/photos/lovemakesaway/15802177909/, CC BY-SA 2.0, https://commons.wikimedia.org/w/index.php?curid=101171928.

Enter roles, as a part of role-based access control (RBAC).

If we know, for example, that the person is a latent trainee, we can assign the necessary permissions to a “latent trainee” role.

  • The latent trainee would have permission to view records and perform primary latent verification.
  • The latent trainee would NOT have permission to delete records or perform secondary latent verification.

As the trainee advanced, their role could change from “latent trainee” to “latent examiner” and perhaps to “latent supervisor” some day. One simple change, and all the proper permissions are assigned.

But what of the tenprint examiner who expresses a desire to do latent work? That person can have two roles: “tenprint examiner” and “latent trainee.”

Role-based access control certainly eased the management process for Printrak BIS’ government customers.

But something new was brewing…

Attribute-based access control

As I noted in my LinkedIn post, the National Institute of Standards and Technology released guidance in 2014 (since revised). The document is NIST Special Publication 800-162, Guide to Attribute Based Access Control (ABAC) Definition and Considerations, and is available at https://doi.org/10.6028/NIST.SP.800-162.

Figure 2 from https://doi.org/10.6028/NIST.SP.800-162.

Compared to role-based access control, attribute-based access control is a teeny bit more granular.

Attributes are characteristics of the subject, object, or environment conditions. Attributes contain information given by a name-value pair.

A subject is a human user or NPE, such as a device that issues access requests to perform operations on objects. Subjects are assigned one or more attributes. For the purpose of this document, assume that subject and user are synonymous.

An object is a system resource for which access is managed by the ABAC system, such as devices, files, records, tables, processes, programs, networks, or domains containing or receiving information. It can be the resource or requested entity, as well as anything upon which an operation may be performed by a subject including data, applications, services, devices, and networks.

An operation is the execution of a function at the request of a subject upon an object. Operations include read, write, edit, delete, copy, execute, and modify.

Policy is the representation of rules or relationships that makes it possible to determine if a requested access should be allowed, given the values of the attributes of the subject, object, and possibly environment conditions.

So before you can even start to use ABAC, you need to define your subjects and objects and everything else.

Frontegg provides some excellent examples of how ABAC is used in practical terms. Here’s a government example:

For example, a military officer may access classified documents only if they possess the necessary clearance, are currently assigned to a relevant project, and are accessing the information from a secure location.

Madame Minna Craucher (right), a Finnish socialite and spy, with her chauffeur Boris Wolkowski (left) in 1930s. By Anonymous – Iso-Markku & Kähkönen: Valoa ja varjoa: 90 kuvaa Suomesta, s. 32. (Helsinki 2007.), Public Domain, https://commons.wikimedia.org/w/index.php?curid=47587700.

While (in my completely biased opinion) Printrak BIS was the greatest automated fingerprint identification system of its era, it couldn’t do anything like THAT. A Printrak BIS user could have a “clearance” role, but Printrak BIS had no way of knowing whether a person is assigned to an appropriate project or case, and Printrak BIS’ location capabilities were rudimentary at best. (If I recall correctly, we had some capability to restrict operations to particular computer terminals.)

As you can see, ABAC goes far beyond whether a PERSON is allowed to do things. It recognizes that people may be allowed to do things, but only under certain circumstances.

Implementing attribute-based access control

As I noted, it takes a lot of front-end work to define an ABAC implementation. I’m not going to delve into that complexity, but Gabriel L. Manor did, touching upon topics such as:

  • Policy as Code
  • Unstructured vs. Structured Rules
  • Policy configuration using the Open Policy Administration Layer (OPAL)

You can read Manor’s thoughts here (“How to Implement Attribute-Based Access Control (ABAC) Authorization?“).

And there are probably ways to simplify some of this.

AI Articles in Ten (Not Five) Minutes—But I Can’t Tell You Why

More on the “human vs. AI vs. both” debate on content generation, and another alternative—the Scalenut tool.

The five-minute turnaround

Public Domain, https://commons.wikimedia.org/w/index.php?curid=118555856.

I’ve been concerned about my own obsolescence for over a year now.

I haven’t seen a lot of discussion of one aspect of #generativeai:

Its ability to write something in about a minute.

(OK, maybe five minutes if you try a few prompts,)

Now I consider myself capable of cranking out a draft relatively quickly, but even my fastest work takes a lot longer than five minutes to write.

“Who cares, John? No one is demanding a five minute turnaround.”

Not yet.

Because it was never possible before (unless you had proposal automation software, but even that couldn’t create NEW text).

What happens to us writers when a five-minute turnaround becomes the norm?

The five-minute requirement

I returned to the topic in January, with a comment on the quality of generative AI text.

Never mind that the resulting generative AI content was wordy, crappy, and possibly incorrect. For some people the fact that the content was THERE was good enough.

OK, Writer.com (with a private dataset) claims to do a better job, but much of the publicly-available free generative AI tools are substandard.

Then I noted that sometimes I will HAVE to get that content out without proper reflection. I outlined two measures to do this:

  1. Don’t sleep on the content.
  2. Let full-grown ideas spring out of your head.

But I still prefer to take my time brewing my content. I’ve spent way more than five minutes on this post alone, and I don’t even know how I’m going to end it yet. And I still haven’t selected the critically important image to accompany the post.

Am I a nut for doing things manually?

You’ve gone from idea to 2500+ word articles in 10 minutes.

By GFDL, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=1109869.

Now that I’ve set the context, let’s see what Kieran MacRae (quoted above) has to say about Scalenut. But first, let’s see Kieran’s comments about the state of the industry:

Sure, once upon a time, AI writing tools would write about as well as a 4-year-old.

So what does Scalenut do?

With Scalenut, you will reduce your content creation time by 75% and become a content machine. 

The content gets written in your tone of voice, and the only changes I made were adding personal anecdotes and a little Kieran charm.

From https://www.scalenut.com/.

But…why?

Why is Scalenut better?

Kieran doesn’t say.

And if Scalenut explains WHY its technology is so great, the description is hidden behind an array of features, benefits, and statistics.

Maybe it’s me, but Scalenut could improve its differentiation here, as outlined in my video.

Differentiation, by Bredemarket.

What Scalenut does…and doesn’t do

I should clarify that copyrighting is but one part of Scalenut’s arsenal.

Scalenut is a one-stop-shop AI-powered SEO writing tool that will see you through keyword selection, research, and content production. Plus, you get full access to their copywriting tool, which can create more specific short-form content like product descriptions.

You optimize SEO content by adding NLP keywords, which are the words that Google uses to decide what an article is about.

MacRae cautions that it’s not for “individuals whose writing is their brand,” and Scalenut’s price point means that it’s not for people who only need a few pieces a month.

But if you need a lot of content, and you’re not Stephen King or Dave Barry or John Bredehoft (not in terms of popularity, but of distinctness), then perhaps Scalenut may help you.

I can’t tell you why, though.

(And an apology for those who watch the video; like “The Long Run” album itself, it takes forever to get to the song.)

From https://www.youtube.com/watch?v=Odcn6qk94bs.

Bredemarket’s Five Secrets to Hosting a Successful LinkedIn Audio Event

Bredemarket, the curious wildebeest, wanted to learn more about LinkedIn Audio Events. So I hosted my own. Based upon my now-extensive experience in this medium, I can share my five secrets to hosting a successful LinkedIn Audio Event.

Don’t start early

Um…I failed to do this. The event was supposed to start at 8:00 am Pacific Daylight Time, and I started at 7:58.

Meticulously plan

I didn’t do this either. I scheduled the event at 7:41, 19 minutes before it was supposed to start, and only 17 minutes before it actually started.

Use the best audio equipment for stellar sound

Um…this was on my phone, with no headset.

Host from a quiet place with no distractions

I definitely failed here. I started the event outside the (former) Yangtze Reataurant on very busy Euclid Avenue in Ontario, California. If anyone had joined the last-minute event, they would have heard all sorts of traffic noises.

Have a purpose for the event

This is the only thing I did right. My purpose? To learn the mechanics behind LinkedIn Audio Events. I didn’t learn everything—since I was the only attendee, I couldn’t channel my inner Anna Morgan and invite another speaker to the stage. But I figured out some of the mechanics.

Lessons learned

(Personal preference: I don’t refer to this as a “post mortem.” No one died.)

In addition to the lessons implied above (plan, ensure a superior audio experience, etc.), I learned that you will never get to listen to this morning’s event. LinkedIn doesn’t post recordings of the event after the fact. So I can lie and say that I shared the most scintillating details, even though I didn’t.

But I achieved my purpose, and maybe I will host a real audio event some day.

I did some more experimentation this morning, but my other experiments were live video tests on Facebook, on the Bredemarket page (not the groups; another lesson learned).

Were You Affected by the National Public Data Breach?

(Part of the biometric product marketing expert series)

Fiona Jackson of TechRepublic shared this two days ago.

In August, a hacker dumped 2.7 billion data records, including social security numbers, on a dark web forum, in one of the biggest breaches in history.

The data may have been stolen from background-checking service National Public Data at least four months ago. Each record has a person’s name, mailing address, and SSN, but some also contain other sensitive information, such as names of relatives…

Note that 2.7 billion data records does not equal 2.7 billion people, since a person may have multiple data records.

Was your data leaked?

Rich DeMuro posted a link to see if your data was leaked. If you want to check, go to https://npd.pentester.com/, enter the requested information (you will NOT be asked for your Social Security Number), and the site will display a masked list of the matching information in the breach.

From https://npd.pentester.com/.

One lesson from the National Public Data breach should have been obvious long ago: anyone who relies on a Social Security Number as a form of positive identification is a fool.

If You Don’t Want Generic Content For Your Identity/Biometrics Firm

For better or worse, I write my own content. If I’m going to write yours, then I should write mine.

So I’m always amused when I receive pitches to write for the Bredemarket blog. Invariably these pitches do NOT mention:

  • Biometrics. If they’re going to write identity/biometrics content, I want to know their credentials.
  • The seven questions. Or any details of how they work.
  • Wildebeests. Enough said.

By Danijel Mihajlovic – https://thenextcrossing.com/wildebeest-migration-kenya, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=96024366

But a recent pitch excelled in its, um, genericism. Here’s the relevant part:

I run a white-label marketing company and am reaching out to ask if you need help with content creation? I work with several other marketing agencies on campaigns like Airbnb’s.

I’m not sure how Bredemarket relates to Airbnb, but it really doesn’t matter because they have worked on campaigns LIKE Airbnb. So I do not know what they’ve done. (Although ghostwriters have this problem.)

Ghostwriters like me. But I’ve never worked for companies like Airbnb.

I recently sent out a mailing that was hopefully much more targeted. I knew my hungry people (target audience), so even though it was a mass mailing (OK, not “mass”), it was relevant.

If you didn’t receive the mailing, you can view the repurposed version here.

Contact Bredemarket if you need content that benefits from my 29+ years of identity/biometrics experience.