Android lock patterns

News you can use if you have an Android phone (or are trying to break into one):

She found that a large percentage of them—44 percent—started in the top left-most node of the screen. A full 77 percent of them started in one of the four corners. The average number of nodes was about five, meaning there were fewer than 9,000 possible pattern combinations. A significant percentage of patterns had just four nodes, shrinking the pool of available combinations to 1,624. More often than not, patterns moved from left to right and top to bottom, another factor that makes guessing easier.

H/T to Bruce Schneier.

I’m a little surprised that brute forcing would be viable on Android phones. Windows phones will require significant delays after (IIRC) three failed attempts to log in. Then after a few more failures the phone will reset.

We need a bigger hammer

It turns out that unlike many of the elements common on earth gold cannot be created as part of the nuclear reactions in stars as they burn their low atomic weight fuels. So scientists have wondered where gold comes from. They now have an answer to that question:

Unlike elements like carbon or iron, it cannot be created within a star. Instead, it must be born in a more cataclysmic event – like one that occurred last month known as a short gamma-ray burst (GRB). Observations of this GRB provide evidence that it resulted from the collision of two neutron stars – the dead cores of stars that previously exploded as supernovae. Moreover, a unique glow that persisted for days at the GRB location potentially signifies the creation of substantial amounts of heavy elements – including gold.

“We estimate that the amount of gold produced and ejected during the merger of the two neutron stars may be as large as 10 moon masses – quite a lot of bling!” says lead author Edo Berger of the Harvard-Smithsonian Center for Astrophysics (CfA).

The alchemists of a few hundred years ago that attempted to turn lead and other common materials into gold apparently just needed much bigger hammers.

Good news, bad news

Remember the big Ebola concerns about a year ago? We just had to be careful to avoid direct contact with body fluids and we wouldn’t get infected, right? Everyone knew that even though some people were saying there was evidence it could be airborne. But the airborne hypothesis was mostly dismissed.

Good news and bad news just came out. There is a vaccine which is working in the first primate trials. Inhalable Ebola vaccine effective in primates:

One dose of an inhalable Ebola vaccine was enough to protect monkeys exposed to 1,000 times the fatal Ebola dose from being infected by the disease, according to a new study.

An inhalable version of the vaccine means that highly trained medical personnel would not be necessary to distribute it, however researchers remain cautious because one vaccine this year already was shown to have no effect on humans despite working well in primates.

Researchers compared the effects of the aerosol and liquid forms as well, finding that the aerosol appeared to induce a stronger immune response in the respiratory tract than the liquid form. Because Ebola, which can be spread through the air, often enters the body through the lungs and respiratory system, the extra protection from the virus there is seen as important to its efficacy.

Emphasis added.

Two thousandths of an inch

As I reported last weekend I put all my polymer coated lead bullets through a max case gauge and still had problems with my new STI. I had saved one of those cartridges to diagnose the problem.

The cartridge still failed to chamber when stripped off the magazine by the slide when I tried it again at home. The bullet in that cartridge was seated too deep by about 0.040”. None of the others were too deep so I suspect it happened during the chambering of the cartridge. I pulled the bullet and reseated it at the proper depth and it chambered just fine. Hmmm… maybe the crimp just isn’t tight enough, the bullet gets driven deeper into the case, then the cartridge fails to nose down into the chamber as it comes off the magazine.

I shot in another steel match yesterday to get more samples.* On the first stage the first few strings went fine then a round failed to chamber the entire depth. I couldn’t pull the slide back. The gun was essentially locked up. I dropped the magazine, held tight to the slide then pounded the grip forward with the web and palm of my hand. The extractor pulled the round out and it was ejected. I put in a fresh magazine and completed the string in 17.xx seconds. I switched to my Montana Gold JHP handloads for the rest of the match and had no more problems.

I brought home the problem round and put in the case gauge. It fit just fine. I put it in a magazine and tried to to chamber it. It failed to chamber all the way. I tried dropping it directly into the chamber and dropping the slide. It chambered but again I couldn’t extract it without slamming my hand into the grip.

But the round fits just fine in the case gauge!

I measured the round. At the largest point it is 0.425”. The specification for .40 S&W is 0.423. So, it is oversized by 0.002”. But CASE GAUGE!

Hmmm… Maybe I have another case gauge around here… I did. I had lost one for a while and purchased another. I pulled out the other case gauge and the cartridge failed, big time.

These pictures are of the same cartridge in two different case gauges:

IMG_3314IMG_3313

In the picture on the left I applied a couple ounces of pressure to get it to seat all the way. In the second picture I put the maximum amount of pressure I could comfortably apply with my thumb to get it in that far.

So why is just the ammo with the polymer coated lead bullets giving me problems?

I measured a few bullets. Depending upon which axis I measure the bullets they have a diameter of 0.400” to 0.403”. The specification is 0.401”. The Montana Gold JHPs I measured have a diameter of 0.399.

Here is the cartridge:

IMG_3315

You can’t really see it but you can feel a bulge where the base of the bullet is in the cartridge.

Five conclusions:

  1. With a slightly over spec bullet and probably max thickness brass** I end up with an oversized cartridge.
  2. The Midway case gauge, on the left, is slightly oversized.
  3. My gun has a minimum sized chamber.
  4. Two thousands of an inch can make a huge difference in the reliability of a gun.
  5. I must use the L.E. Wilson case gauge (on the right above) for this gun.

I might be able to use the Midway gauge for some other gun(s).

Scary thought… Can you imagine needing your gun in a life or death situation and losing the fight because of two thousands of an inch?


* I can’t use this ammo at indoor ranges and I don’t have easy access to any outdoor ranges except when I shoot at matches.

** Not all cartridges with polymer coated lead bullets fail the tighter case gauge. Only some of them fail.

Barrel analysis

After my gun barrel split open I had a reader request that I send the barrel to him for analysis. This is what I know so far:

May 21, 2015:

I cut the end off the barrel to expose the fracture surfaces.  I see no evidence of fatigue at the macroscopic level, the barrel will have to go under the microscope.  I took the intact muzzle section and put it under the hardness tester.  KKM advertises their barrels as being heat treated to 45 HRC.  I measured an average value of 42 HRC with a minimum value of 40.9 HRC.  Heat treatments on small parts are generally +/- 3 HRC meaning a barrel in spec will range between 42 and 48 HRC.  I would state at this point that this barrel was in spec for heat treatment, but just barely and on the low end.  Of course I will send the data out to my senior engineer for review.  He was the chief metallurgist for Remington and I’ll get his opinion on the heat treat spec.

June 4, 2015:

I put the fracture surfaces of your barrel under the microscope today, as well as having the chemistry done.  The chemistry was within specifications, but the manganese to sulfur ratio was low.  What I saw the was most interesting was a crack at a 45deg angle coming down from the front of the first locking lug into the barrel, almost 1/4 of the way through the thickness of the barrel.  This crack looks to have been formed during the repeated firing/cycling of the gun and caused the barrel to rupture in front of the chamber and at the 12 o’clock position.  As the top surface of the barrel came free, this imparted a bending moment on the opposite side of the barrel and caused it to split at the 6 o’clock position.  

I am frankly amazed at this failure.  I have never seen shear fatigue in a gun barrel before.  I’m going to send this off to my firearms expert, he’ll find this interesting. 

June 8, 2015:

LHS is “left hand side” and RHS is right hand side (breach towards you, muzzle away, in the as-assembled orientation), the barrel having been split in half along the major fracture surfaces.  As you can see there is a crack at about 45 deg from the front of the first locking lug going in the muzzle to chamber direction.  It goes about a quarter of the way though the thickness of the barrel.  I am having the barrel cut by our machinist to expose that crack fracture surface to look for evidence of fatigue.

The color pics are optical microscopy, the black and white are scanning electron microscopy (SEM).

He sent me 18 pictures. I’m posting the more interesting ones:

LHS_003
LHS 003

LHS_01
LHS 01
LHS_02
LHS 02

LHS_08
LHS 08

RHS_01
RHS 01

RHS_002
RHS 002

RHS_04
RHS 04

Finding bugs

I’ve sometimes searched for a week or more trying to find a bug. But nothing like this:

After more than a month of tireless research and testing, we have finally gotten to the bottom of our ZooKeeper mystery. Corruption during AES encryption in Xen v4.1 or v3.4 paravirtual guests running a Linux 3.0+ kernel, combined with the lack of TCP checksum validation in IPSec Transport mode, leads to the admission of corrupted TCP data on a ZooKeeper node, resulting in an unhandled exception from which ZooKeeper is unable to recover. Jeez. Talk about a needle in a haystack…

Another guy at work says we will probably be using ZooKeeper in the project we are working on. I’m glad these guys found it before we ran into it.

The problem occurred when the system received a single corrupted network packet.

Effectiveness of linear-feedback shift registers in testing digital circuits

In 1984 I wrote a paper for the company I was working for at the time. It was in support of a new test instrument the company was about to release. The paper was published in the IEEE Instrumentation and Measurement Technology Conference Proceedings. I was scheduled to go to Long Beach California and present the paper during the conference January 17-18, 1984. But the company cancelled the release of the product and I did not attend the conference.

Before there was the World Wide Web there were online services you could subscribe to, dial up with a modem (1200 baud rocked!) and do searches of periodicals, journals, papers, etc. This is what one of those services, Dialog, had in their records in July of 1984:

EffectivenessOfLinearFeedbackShiftRegistersInTestingDialogEntryCropped

A scan of the paper is here (click on each to get a readable version):

EffectivenessOfLinearFeedbackShiftRegistersInTesting01 EffectivenessOfLinearFeedbackShiftRegistersInTesting02 EffectivenessOfLinearFeedbackShiftRegistersInTesting03
EffectivenessOfLinearFeedbackShiftRegistersInTesting04 EffectivenessOfLinearFeedbackShiftRegistersInTesting05

Today, over 30 years later, there is probably very little of the paper which is applicable to modern test equipment. But something I learned while writing the paper is something I still occasionally “put people in their place” with.

Unless you know the something about the error statistics of whatever digital system you are trying to test then it almost doesn’t matter which checksum, hash, or CRC you use for error detection. In fact, surprising to nearly everyone, if you assume that all errors are equally likely, then you can just pick the last (or first, whatever) 256 bits of a digital message and have just as good error detection as any other 256-bit hash. Or if you are using a 16-bit checksum then you might as well use the last (or first, whatever) 16 bits of the message.

It all boils down to the assumptions about the types of errors in the message. You, whether you realize it or not, make lots of assumptions about the types of errors in a digital message. For example you assume it is very unlikely, compared to other types of errors, that every 17th bit will be inverted. Or that every DWORD will be XORed with 0xBAADF00D. But the assumption, “every error is equally likely” means the math for detecting those errors will arrive at an interesting conclusion:

For a message N bits long there are 2N-1 possible errors. Any hash, checksum, etc., M bits long can only have 2M different states. One of those states represents a valid hash/checksum/etc. The other 2M – 1 represent detected errors.

If all errors are equally likely then those 2N-1 possible errors are equally mapped into each of the 2M possible states of the hash. It will only detect a fraction of those errors. The fraction will be (2M-1)/(2M). Or stated differently the fraction of errors which map into the valid hash is 1/2M. For a N bit message (2N-1)/2M errors are missed. For 2N >> 1 (all real world cases) this is essentially equal to 2N/2M or 2(N – M).

If you use the last M bits of the message it will detect all 2M-1 errors in the last M bits and miss 2(N-M) errors in the previous part of the message.

Hence it does not matter if you use a M bit hash of the entire message or the last M bits of the message. The same number of errors will be escape detection.

In “real life”, not all errors are equally likely. This is particularly true when you are trying to detect messages which have been altered by an attacker. But there are many situations where people spend way too much effort trying to determine the “best” hash to use when just using the first/last/whatever M bits or a simple checksum of M bits will work just as well as the latest NSA blessed crypto hash and consume far less computational resources.

I find this counter intuitive and very interesting. I suspect it says more about our intuition than anything.

Quote of the day—John Lott

3-D printers mean an end to any gun control. The government is not going to be able to ban magazines for guns, or ban guns themselves, and the notions of background checks would be even more impossible to do. Anyone with access to a 3-D printer can make guns functionally and indistinguishable from a gun that can be bought in a store. I don’t know how the government will stop people from obtaining a printer.

Just look at the illegal download of television shows and movies. Millions of copies have been downloaded and the government has been unable to stop it. Why would the government be successful in stopping other information like these files from being downloaded?

John Lott
May 7, 2015
Why Gun Control is Ultimately Doomed to Fail
[Well… the government can ban magazines and guns but they can’t effectively enforce the ban. It will be incredibly obvious it is like banning alcohol in the 1920s. Or even banning sex outside of marriage. It will be trivial to supply the black market and people will mock those who attempt to support it.—Joe]

Case prep

I thought mine was getting complicated and expensive. Actually it’s complete ammunition manufacturing.

The guy giving us the tour obviously isn’t a hand loader, is he?

So anyway; you want a complete home loading facility, it would look something like that. The QA alone is quite an impressive operation.

I’d need a rather larger spare bedroom than the one I currently use for reloading.

Hat tip; Sipsey

Stuffing gas!

I’ve warned people in the past of the potential dangers of stuffing gas, but it’s never been taken seriously. Last thanksgiving while we were putting away leftovers, I gave out the warning again.

“DON’T use aluminum foil over the stuffing!”
(Der…)”Why not.”
“It dissolves the aluminum in short order, and I don’t want to eat stuffing with that much metal dissolved into it.”
(Derp) “Heh. Don’t be silly.”
“I’m telling you, I’ve seen it many times.”
(Rolls eyes, like I’M the idiot) “OK fine, we’ll put some turkey over the stuffing. That way no stuffing will be in contact with the tin foil.” (still thinks foil is made of tin – go ahead and try to find actual tin foil at the grocery store)

Less than two hours later I opened the fridge and this was the result. The stuffing gas had wafted up past the slices of turkey and eaten dozens of little holes in the aluminum.

Stuffing gas!

Stuffing gas!

If stuffing gas were to be weaponized, no aluminum structure would be safe. Keep an eye on Mrs. Cubbison!

There is some truth in this

Study reveals average tech worker’s wardrobe is 85% free tech t-shirts:

A team of UC Berkeley researchers has discovered that the 85% of the average tech worker’s clothes are free tech t-shirts, hoodies, and other assorted clothing.

The study of this prevalent free clothing, known by tech workers as “swag,” has come at the same time as a massive tech boom that has swept the Bay Area. On a normal weekday in San Francisco, you’re liable to see dozens of young hipsters walking down the street wearing t-shirts, jackets, hats, and even socks emblazoned with the names and logos of companies ranging from tech titans to ten-person startups. Tech companies hand out free logo-festooned paraphernalia at career fairs, company events, and almost any opportunity available.

It’s a joke article but there is a lot of truth in it.

Most of my casual shirts and some of the shirts I wear to work have some gun reference to them. But probably 10% of my shirts are Microsoft branded. MS gave out a lot of shirts, hats, coats, sweatshirts, etc. and I still have most of them. There are other tech companies represented as well but it’s far from 85%.

Smart bombs and stupid people

How Dumb Cluster Bombs Are Becoming Heinously Smart is a fascinating post on smart cluster bombs. For example:

Once these 64 pound, 31 inch long submunitions are released, each will deploy a parachute, slowing their forward movement and orientating them vertically in relation to the ground. Then, a rocket motor fires and forces these cylinders into a slight climb, although at a distance it would look like the BLU-108s are hanging in mid-air. This rocket also causes the BLU-108s to spin rapidly.

As the submunition spins while almost hovering in mid-air above the target area, each BLU-108 cylinder will throw four individual sub-submuntions, known as ‘Skeets,’ from its body. Each Skeet is slung in a different direction at a 90 degree vector from the now empty BLU-108 cylinder. As these hockey puck-like Skeets fly through the air while rapidly spinning, a small infrared imager and laser ranging system activates on each one. The infrared seeker rapidly scans the ground below for an enemy vehicle or weapons fixture that it can recognize, while the laser ranger provides a ground contour map.

the Skeet fires off its 2lb explosively formed penetrator along with a fragmentation ring, sending a molten spear into the target along with a handful of dense shrapnel covering the area around it. The idea is that the penetrator kills the vehicle from top, where even main battle tanks are vulnerable, while the shrapnel kills who is inside (if it is a lightly armored target) and anyone in the targeted vehicle’s immediate vicinity.

the Sensor Fuzed Weapon’s unique discriminating abilities, and its WCMD delivery system, will most likely morph into even more dynamic submunition capabilities. Ones where taking out individual soldiers via large-insect sized flying explosives, capable of loitering above the target area for long periods of time, could become a reality. Or even a future where small nano-robotic mites are dropped using a WCMD-like dispensers over a convoy of enemy armor, their mission to destroy vehicles’ electronics from the inside out without causing so much as a single explosion, may also become a real capability one day.

In many ways conventional warfare is obsolete because equipment on the ground is so vulnerable. Unless a force can successfully challenge the air superiority of their opponent wars will (and are) be fought using Fourth and Fifth-Generation Warfare.

The most naïve and stupid comment I found on the post is the following:

Why can’t we use this technology to deliver food to hungry people? Smart fruit, laser guided bananas. Something positive, and far cheaper.

Nevermind, answered my own question. There’s no profit in peace or help, only in violence and destruction.

I would try to explain it to them but I don’t think we have enough in common to form a means of communication such that they could understand what I was saying.

Machine generated twitter accounts

This image came from this tweet via a tweet from Linoge:

B7O-0oeIUAA9pbR

It’s a good example of Markley’s Law but what I found far more interesting was that the Twitter account it came from appears to be fake. I’m pretty sure this account is machine generated and the three tweets from that account are copied at random from the Twitter universe.

See also the followers of this account. I suspect they are all machine generated as well.

If I had the time and the interest I see what Twitter accounts they follow which are in common. I suspect it is a means of generating fake followers for some real account.

Interesting

The entire Seattle Smart Gun Symposium video is on YouTube. But they have the video “unlisted”. It is embedded on the Washington Technology web page however.

Also, I had one person on a Smart Gun Symposium panel request I remove their name from my blog. It was very polite and they indicated they wished that we remain in contact in regards to technical issues with the technology so I complied with their request.

I find this all very interesting.

My previous posts on the Symposium are:

Making power factor

The January/February 2015 issue of Front Sight magazine has an interesting article on the statistics of making “power factor*”.

While I certainly had the background in statistics it never occurred to me to apply them to the chronograph data from my hand loaded ammunition to determine the chances of me failing to “make major” at a match. This is despite very nearly failing to make major in the 1998 Area One USPSA match.

Looking at my log files for the ammunition I made for that match I found the following data:

Mean velocity: 992.6 fps
Standard Deviation: 11.3 fps
Bullet Mass: 180 grains
Power Factor: 178.67

Back then you had to have a power factor of 175 to make major and for some reason I thought I had plenty of margin.

At the 1998 Area One match staff pulled eight cartridges at random from the magazines on my belt and tested them as per USPSA regulations. They pulled the bullet from a cartridge and weighed it. They fired three rounds and found I failed to make major. They, as per procedure, fired another three rounds, used the highest three velocities from the six rounds fired and found I was closer but still failed. They had one round left and, as per procedure, asked me what to do with it, “Fire it or weight the bullet?” I had them fire it and using the highest three velocities from the seven rounds fired I just barely made major power factor.

It wasn’t until I read the title of the article in Front Sight article, “The Power of Statistics How to Meet Power Factor with Confidence” that I felt stupid for my experience at Area One.

The bottom line is that your chance of failing the test procedure depends on how many standard deviations you are away from the velocity threshold for the power factor you want to meet.

Using my example from the Area One match the velocity threshold is 972.22 fps (175,000 / 180). My mean velocity was 992.6 fps or 20.378 fps above the threshold. With a standard deviation of 11.3 fps the ammo was 20.378 / 11.3 or 1.8 standard deviations (commonly called ‘Z’) from the threshold. Using a normal distribution table or the article you will discover my chances of failing were about 13%.

Update:

Using this table from the article you will discover my chances of failing were about 13%:

Z Chance of Failing Power Factor (per USPSA rules)
2.5 5%
2.0 10%
1.9 11%
1.8 13%
1.7 15%
1.5 21%
1.4 26%
1.2 36%
1.1 40%
1.0 44%
0 50%

This table is not a standard distribution table. It is a mapping from Z (number of standard deviations away from the mean) to the chances of failing the PF test under USPSA rules. This was obtained using a t-distribution because of the small sample size used by the USPSA regulations. It is assumed the shooter obtained the mean velocity and standard deviation with a sample size of eight.

End update.

I’m going to range today to measure the velocities of a new load I plan to use for competition. I’m going to make sure I’m about 2.5 standard deviations away from the threshold which would put my odds of failing to make major at about 5%.


* Power Factor is defined as the mass of the bullet in grains multiplied by the velocity in feet per second divided by 1000. Or:

Power Factor = bullet weight (grains) x average velocity (feet per second) / 1000

In many competitions your targets are scored differently depending on the power factor of the ammunition you are shooting. For example if you are shooting Limited Class USPSA you “make major” with a power factor of 165 or greater and “make minor with a power factor of 125. For major power factor ‘B’ and ‘C’ zones hit are scored as 4 points and ‘D’ zone hits are scored as two points. If you “make minor ‘B’ and ‘C’ zones hit are scored as three points and ‘D’ zone hits are scored as one point. If you don’t have ammunition which gives you a power factor of 125 or greater all zones are scored as zero. I.E. you aren’t participating in the competition.

Quote of the day—Marc Lane

This needs to be enforced and standard on all guns. Not only does it make sure we don’t have unintentional shootings with children, but also completely eliminates gun resales. Standardizing this technology and reinforcing background checks is part of the way to cure American’s gun problem.

Marc Lane
2014
Comment on this video:

[The stupid is strong with this one. Every single thing he said is wrong.

  • As long as there exist functional guns and children it will be possible and probable there will be unintentional shootings with children involved.
  • How can it possibly eliminate gun resale any more than it would original sales? Apparently he is of the belief there is some sort of pairing between the original owner and the gun such that the bond can never be broken.
  • It appears he equates “standardization” with mandating. These are two completely different things.
  • I have no idea what he means by “reinforcing background checks”. I know how to reinforce a physical structure or even an argument or theory.
  • His last statement assumes facts not in evidence as well as being nonsensical. He must first demonstrate American has a “gun problem” then he must articulate the problem in a manner in which there exists the possibility of multiple solutions.

But what do you expect from an anti-gun person? Ignorance and stupidity is their currency.—Joe]

The future of dynamic grip recognition for “smart guns”

I have completed my report on the Seattle Smart Gun Symposium:

I’m going to now review the technologies and give you my semi-expert opinion on the technological future of smart guns.

Keep in mind there are two primary numbers associated with biometrics. False acceptance of an authorized user and false denial of an authorized use. The device can almost always be adjusted such that as one type of failure is decreased the other increases. Usually a single number is given such that these two failure rates are equal. But this might not be the appropriate thing to do for a gun. You might be comfortable with a one attempt out of 1000 failing to fire when a second attempt can be made a tenth of a second later when you use your gun primarily for four legged pest control. But you want the rate to be one out of 100000 when little Johnny found the gun while you were in the back yard working in the garden.

The first technology I want to discuss is the one from the New Jersey Institute of Technology (NJIT). I have corresponded with a representative from NJIT who has been working on a “smart gun” for 14 years. They call it “Dynamic Grip Recognition”. The grip of the gun contains pressure sensors which authenticate the grip for every shot. Here is what I believe is their latest video describing the current status of their project:

In 2013 NJIT was invited to the White House for the “discussions on curbing gun violence”. They probably have the highest visibility in the technology space of “smart guns”.

After 14 years they still don’t have something would be accepted by the police for self-defense. They emphasis the potential to reduce children shooting a gun without authorization. They do not claim the existing technology will prevent a smart gun from being fired by someone who has just taken your gun away from you in a struggle. They do not claim the technology cannot be defeated by a thief with tools from your local hardware store.

They do not claim the technology is ready for commercialization. They want to build the next generation with more and better sensors in the grip.

From reading about their technology, my discussion with Allied Biometrix and the representative from NJIT it is clear they haven’t done the testing really needed. I’ll get into that in a moment, but first let me cover the testing which that probably have done a decent job on.

They have done testing of shooters under stress. It’s not real world with real bullets being fired at the person with the smart gun but with what knowledge I have of their algorithm and their test results I believe has a good chance of not being an issue.

They have done testing with shooters wearing “police issue needle stick gloves”. There was no difference in the results.

They have done testing with children versus police officers. Children, due to their smaller hands, are extremely unlikely to be able to fire gun that has been authorized for use someone with significantly larger hands.

What I do not believe they have done is compare the failure rate for children attempting to fire a gun which has been authenticated for adults with small hands. I remember that I was wearing the same size shoes as my mom when I was in the sixth grade. I expect my hands were just as large as hers too. And Mom was only slightly below average size for a Caucasian woman. What would be the crossover point for hand size of an above average male child and a small Asian woman? I’m guessing it could be 10 years old or younger.

The biometric data they have collected is from a very small number of adults. I asked about but did not receive a direct answer as to whether this data included a gun authenticate for the shooter firing in four different manners:

  1. Right handed.
  2. Left handed.
  3. Right handed with left hand supporting.
  4. Left handed with right hand supporting.

I did not receive any data on the failure rates as the number of authenticated shooters for a given gun is increased. I suspect these tests have not been done. As the number of authenticated shooters in increased and the number of grips is increased the failure rate for falsely authenticating someone to fire the gun may not a simple factor of the number of authenticated grips. It may much greater than that. This will be catastrophic for the acceptance of this technology.

For example, suppose the false authorization rate for gun programmed to accept one grip for one person is that one out of 10,000 random people*. If two people are authenticated, each with four different grips as noted above then it is reasonable to expect that failure rate will be at least eight times worse. This would be one out of 1,250 for each of these random shooters just attempting one natural grip. If they tried each of the four different grip styles it would be reduced by another factor of four bring the total factor to 32. Which yields odds on the order of one out of 312. This is the best that can be expected. My experience with biometrics leads me to believe that it won’t be a simple factor. It is more likely to be more likely to be something approaching an exponential. If it were an exponent of 2.5 raised to the 32nd power, instead of 1 raised to the 32nd power, then we have over a 50% failure rate.

In conventional use of biometrics this dramatic increase in failure rate with many people authorized for access to a given resource (building, computer, gun, etc.) is handled in a different way than is possible for a defensive gun. Biometrics in a many user environment are conventionally used for identity verification, not identification. That is, I claim I am Joe Huffman and my voice is used to confirm this. How would you do this with a gun in a way that couldn’t easily be defeated by a child? A switch for “shooter one, two, or three” followed up by gripping the gun doesn’t really work. The child will try all the switch settings.

It is a fair to point out that fingerprints are used to uniquely identify people. But “dynamic grip recognition” is far, far different than a fingerprint. Fingerprints are constant with time, contain a lot more information than grip patterns, and are not nearly as subject to deliberate attempts to defeat the technology as grip patterns are.

I have another email to NJIT about how fast their technology does the authentication. Will it limit the rate of fire to something below the mechanics of the gun? If so then this is a problem. I know people that out shoot their gun. Adding any delay beyond that of the gun is not acceptable.

My expectation is that dynamic grip recognition will never meet their goal of one error in 10,000 for false acceptance when you have someone deliberately attempting to defeat it. A random person using their natural grip is far different case from this and they can’t even achieve that goal now. As multiple users, multiple grips, and people deliberately trying to defeat it I will be surprised if they can do better than a combined false acceptance and false rejection rate better than one out of ten. Even one out of 100 is probably insufficient for it to be acceptable in the marketplace and I think this is unachievable.

I think that it can work for certain cases such as prevention of child accidents. If the gun is authorized for people with large hands then small hands will be very unlikely to defeat it. But if the adult has very small hands then the protection from child use will become minimal.

With such limited use cases any attempt to legally mandate this technology will be met with significant resistance in both the legislature and the courts.


* They do not currently claim such rates. They hope to achieving this with the next generation version so this is being quite conservative.