Twice this week I have run into issues involving KYC or know your customer policies, and both were rather odd circumstances. I am preparing to go visit my family in Israel, and this time around I am purchasing an eSIM or virtual SIM card for my phone. Before I could do so, however, I had to upload a photo ID and my own portrait to verify that I am indeed a real person. The process was very smooth and just took a moment to get it all organized.

The second KYC moment happened as part of being onboarded for a new client. (Don’t you just love that term? It seems like it is almost as painful as waterboarded.) I got a strange email from someone in India, who was asking me to get on a Zoom call to verify that I am who I said I am. Now, I had never corresponded with this person, and my contact hadn’t prepared me for the email. So I fired off my own email to my contact to do a bit of my own KYC intelligence.

I don’t fault them for being careful. Things aren’t what they appear to be these days. Remember my blog post from earlier this year about inadvertently hiring North Korean developers? I was reminded of this from a recent post by Brian Krebs about fake CISOs that are on LinkedIn. What is worse is that these phonies have made their way to one publication’s “top CISO” list. You can’t vet people enough. Many of the job descriptions on LinkedIn were clearly lifted from real people. Krebs suggests that LinkedIn could make things easier by including a “freshness” date when the profile was first created, which is something that Twitter does.

What does baseball memorabilia have to do with the recent Uber hack? It turns out both depend heavily on authentication. I wrote about the latter for Avast here. The hacker — who claimed to be from Uber’s IT department — set up a man-in-the-middle portal that tricked an Uber contractor into revealing his authentication credentials. This is the same person, or group, that also broke into a gaming studio recently. The contractor did have multifactor authentication enabled, but wasn’t paying attention and the hacker was able to fool them into entering the credentials.

And this week Microsoft researchers found other hackers using malicious OAuth applications were compromised because they lacked any multi-factor authentication credentials.

Authentication — proving you are who you say you are — figured large in a series of emails that I had to regain control over my wife’s website. I had to show both a government picture ID and that I had some financial responsibility over the account. As if that wasn’t enough, I started reading this piece in the NY Times about how Major League Baseball authenticates the items used in its games. Remember how you could just catch an errant fly ball or better yet, one used for a home run? Well, MLB has made some effort to ensure that the ball so used is actually legit, using a chain-of-custody process (off-duty cops collect the items and certify them) along with special tamper-proof holograms that are placed on the objects used during its games.

The Times piece mentioned that lots of stuff gets authenticated, particularly at the end of a season or when a player is about to break a record. These include not just the bat and ball but shoe spikes, gloves, the actual bases, uniform clothing and even the dirt on the infield and decommissioned Shea Stadium seats. Our home team favorite, Albert Pujols, will have specially-marked balls pitched to him for the rest of the season as he climbs the home run chart. About half a million items used in the games a year are authenticated, according to MLB officials.

MLB began using holograms back in 2001, according to this webpage, and this year improved on the tags. They are placed on a variety of memorabilia objects and licensed MLB products, each with a unique code that can be looked up on that page (or on the page of tech supplier, Authenticators Inc.) to determine if it is authentic. (The MLB page returns the status in the URL with the code explicitly listed, which probably means it could be subject to an injection attack, but what do I know?)

The tags are produced by OpSec Security, which also does tags for a wide variety of manufacturing vendors (such as used by GM Europe to insure that genuine parts are sold).  If you try to remove the tag, the hologram is unreadable. Of course, this means your souvenir has this tag on it, but I am guessing that most collectors would rather have the assurance that their item is the real thing.

While Uber’s next step to up their authentication ante will most likely be to use FIDO2 tokens and passkeys, maybe they need a few MLB umpires and off-duty cops to get involved in auditing their authentications.

I have been reading David McCullough’s books on the Wright brothers and the building of the Brooklyn Bridge. Both give a very vivid picture of what the life of an engineer was more than a century ago. This life was a very different one from what we know of today. What fascinates me about how both the Wright brothers and the Roeblings (first John, then his son Washington, the engineers behind the bridge) that built things back in the day. Let’s look into their toolsets, their work habits, and their thinking processes.

First and foremost for both situations was the power of observation. Wilbur Wright spent countless hours watching how birds flew, and then tried to figure out a collection of materials that could mimic them. Within a decade people were building airplanes out of paper and wood, what we would consider mere toys today. But using some of those early calculations enabled us to build 747s and SR-71s that fly fast and are built with very advanced materials. And are anything but toys, to be sure.

Second was understanding your materials. The Wright flyer worked because it was extremely light and flexible. The Brooklyn Bridge worked because it was heavier than previous bridges: that it could withstand and distribute the loads properly. The bridge is still in great shape, more than 100 years later. We tear down lesser structures after a decade.

Washington Roebling spent his days watching his bridge being built from a nearby house. He was severely injured from getting a bad case of the bends before anyone knew what this was. Perhaps this could be the first attributed case of remote work, although the distance was covered using a telescope rather than a VPN, Slack and email. His father was also injured on the job from a ferry accident and dies shortly thereafter. All four men got in the middle of things and spent lots of hands-on time to refine their calculations and their drawings and their builds.

About those calculations. We are talking about basic math, using pencil and paper. We tend to forget how easy it is to revise things now that we have powerful computers that can instantly spot grammatical or coding errors and even suggest changes as we type. Back in those days, it was a lot more work and required often starting from scratch.

The slide rule was about as fancy as things got back then, something that I used when I first began my college education. When I went to grad school in the late 1970s, computers were still the size of rooms. Look at the evolution of IBM, from making those roomfuls of computers to changing the desktop world with its PC business, which was eventually sold to a Chinese company. Now IBM is a software and services company.

The first airplanes and bridges were built in the era before electricity. If you ever have an opportunity to visit the Detroit area, you should see the actual bicycle shop that the Wrights used to machine their parts. It isn’t recognizable because it ran on steam power, with these long leather belts that rotated the equipment. Now we think nothing of plugging something into the wall, and complain if the cord isn’t long enough. (You might remember my post about the invention of the electric light bulb and other wonders on display at the Henry Ford Museum.)

Engineers are taught how to solve problems. What is interesting about the stories in both books is how the context of the problems is explained in clear language, with gripping narratives about the various lives involved and the decisions made. You are there with the Wrights on a desolate barrier island as they struggle to figure things out, or inside the bridge piers or watching the cables being strung across the river. They are tales that have stood the test of time.

One reason is that both these books (as well as a third one on the building of the Panama Canal) are extraordinarily researched and well-written. I really enjoyed watching this interview McCullough did with Librarian of Congress James Billington on another of his books, the first part devoted to his writing tips.