Man recreates TSA's $47,400 "head this way" app in 10 minutes


#1

[Read the post]


#2

… and now he’s got to spend the next 2 years jumping through the government procurement hoops. On $47K, He’ll still end up losing money.

Misdirected anger, folks.


#3

How is this possible? What the hell. 1.4 million for something that gets used for a year?


#4

Just to put in perspective:

The TSA spent about $36 million on devices that puff air on travelers. All 207 of those machines sit in warehouses.


#5

idiots. they could have made a fortune.


#6

Now if we can only get those lines to move faster?


#7

the theatre theater of the absurd


TSA Agents in training:


#8

That was 36 million well spent when you realize the alternative was Big Steve and a straw to do the same thing. And he just had an Italian sausage with peppers.


#9

Where’d you get that from? 1982?

If anything the private/public partnership is a mess because of the private side. He doesn’t have to worry about a straightforward purchase order, he has to worry about patent trolls.


#10

FTFA:

In fact, creating a random number generator is a commonly used beginning programming lesson.

You should roll your own random number generator at the same time you roll your own crypto, and only when you do that.

The clone application as presented was not secure. There’s at least two security flaws (using Random at all, using Random incorrectly). It can be argued that it was “good enough”, but how much do you spend demonstrating that?

Spending $47K was a waste for something that could probably be done another way, but add in speccing out, development, code review, qa, acceptance testing it doesn’t seem that far out of the ballpark once the decision was made.


#11

You’re awfully snarky, Rob, for a guy whose life depends on the fine work of these selfless TSA agents. [chortle]


#12

$13 solution, but I could probably get a much cheaper version.


#13

I’ve written Rand generators and crypto, and they have all been uniformly awful. But as I suspect you know this whole thing misses the forest for the trees. A semi random sample of people using the safest manner of travel for acts that are less likely than winning Powerball is madness.


#14

Where’d you get that from?

I was assuming the TSA contractor certification process was something like that which I read about for Obamacare. I recall a figure that government “tech” contractors average about 65% of their budgets for legal and admin fees. I can’t find the stats off-hand, but here’s some background:

http://www.npr.org/sections/alltechconsidered/2013/10/23/240247394/the-obamacare-tech-mess-its-a-familiar-government-story

Do you know for certain that TSA procurement is as simple as a purchase order?

Anyway, $47K for an app really doesn’t seem like that much. The end-user UI is very simple, that’s true. But there are far more user stories than “I’m a traveller trying to get through security”. TSA probably also wants reporting, analytics, paper trail, training, documentation, unit testing, etc. – all of which has to stand up in court when TSA is defending their randomization procedure against a discrimination lawsuit.

It’s not so black and white, is all I’m getting at.


#15

#FTFY 


#16

It’s not, but I specifically mentioned the private/public partnership one of my only two sentences earlier, and the private/public partnership is in part used to solve inexpensive problems quickly and creatively.

For example…

Anyway, $47K for an app really doesn’t seem like that much. The end-user UI is very simple, that’s true. But there are far more user stories than “I’m a traveller trying to get through security”. TSA probably also wants reporting, analytics, paper trail, training, documentation, unit testing, etc. – all of which has to stand up in court when TSA is defending their randomization procedure against a discrimination lawsuit.

Those sound like billable hours to me, so ‘regulation hell’ is what lots of us call ‘employment’

The intent was to point out that there are lots of scenarios, and honestly the ‘we can’t get this software because of the government’ argument is more anecdotal than real.


#17

Selling to the federal government is still a huge pain in the ass. An independent person like that is going to have to use a middleman. In the past, I’ve worked at a company that sold through Carahsoft.

I would be astounded if you could sell an app to the TSA for $47k and make any money at all.


#18

Yea for us, we have to put in dozens of hours just to create all the documentation they want. And, yes we sell to a contractor who does most of the work, so we don’t see half of what is required.


#19

The level of absurdity here is so high I can’t even be bothered to care about the app. Don’t forget, you can sign up for the pre-check program for reduced security for a measly $85. Are they even pretending to fight an international terrorism network any more?

…Unless there’s actually more security on the pre-check line, because they want the terrorists to think we’re that stupid. Touché, TSA.


#20

This is silly, as the comments in the Reddit page point out.

Yes, I’m against wasteful spending, and the TSA, and security theater, but in no way did this person recreate the app, any more than a set designer creates a complete house, to code, with electricity and plumbing: he recreated the facade of the app.

  • Is the random generator random? Can he prove it?
  • Did all the developers have security clearance?
  • Does the app log the data for later analysis?
  • Where is the database for the logs? Is it secure? Who has permission to access it, and how does that get granted? Can you download an anonymized dataset?
  • Is it logging the time, GPS location, TSA agent, and lane?
  • What if it can’t get a WiFi signal? Does it batch up the logs? Is this tamper-proof, or can you disable to wi-fi to cover-up the fact that you deliberately let someone through the no-check lane?
  • Have you mocked up different versions and seen which one TSA agents find most intuitive? (An arrow is simple to recreate after the work has already been done deciding on that.)

$47,000 is just six days for a five-person team at $200/hr (which is a reasonable rate for a developer). But less than half of that is going to be left over for the developers once you’ve added a two hour planning meeting with eight people, a wireframe sketch-up, two managers to sign off, a review, multiple revisions because each TSA bureaucrat wants it to be slightly different and has an opinion on arrow color, QA, and documentation.

You’re probably left with three days of coding for three people, at that budget.

This is what enterprise software costs. If NASA or JPL or PBS some other big company, governmental or not, were creating an app of similar scope, it would cost the same.