Matthew J. Harmon: Minneapolis, Minnesota, États-Unis, Earth

Action and Adventure on the High Seas of Information Security

In Memorial, Craig K. Harmon RIP 1947-2014

Jul 18, 2014

Craig K. Harmon RIP

My father, Craig K. Harmon, retired in the afternoon on July 3rd, 2014 when his heart gave out after only 67 years of brilliance. I've shared the following story with some friends but I see no reason to not share it with everyone, it is the story of how this amazing man encouraged me to become a hacker (and submit patches) through international standards development.

Several of you have asked in one way or another where I got my passion, desire, crazed instance on making impossible things happen and more so why (against all odds) I want to bring this community together. It is due to one man, my father.

At the age of 11 my father, Craig Kenneth Harmon took me to the founding meeting of this international Sub Committee 31 (SC 31) within ISO the International Organization for Standardization called "JTC 1/ SC 31, Automatic Identification and Data Collection" that he made through building relations between 17 different countries that stuck around after the founding of JTC 1, Joint Technical Committee 1 which later spawned a slew of other standards including SC 27 "IT Security Techniques." There was this SC31 AutoID standard being worked on numbered DRAFT 15438 and would later be called PDF417. (If you don't recognize it, pull out your drivers license and look at the back or look at your Geneva Card (DoD CAC Card and compare it to this: http://en.wikipedia.org/wiki/PDF417). Well, at this meeting the committee was demonstrating that you could take out individual pixels (representing damage) or put various lines through the code and it would still work due to a mix of error correction features in the code words (Reed-Solomon Err Correction) and design features as well as - for lack of a better term, redundant and distributed data built into the protocol itself, really cool stuff and it is being brute tested behind us constantly scanning with minor attacks via scribbles being made and it keeps beeping along.

So I prepped ahead of time, read up on the standard, technologies implemented, design features and specs as well as doing some silly math problems to "build my own 15438 code" by hand filling in grid paper blocks (It took several weeks but my father helped me do it.) so I could talk about it in this fancy pants ISO based meeting sponsored by the UN in Seattle in front of international delegates, at 11, but I was determined to go and my Dad was cool with it and I could participate as long as I knew what I was talking about. At one point I catch myself staring at the scanner silently scanning with an OK output.

We get to the sub-committee meeting with all of these formal parliamentarian (Robert's Rules of Order) procedures are being used and I politely sit back, take notes and follow along with a dozen or so delegates glancing at this kid the corner. Now, you have to understand these kind of specs must include studies and reports from technical groups underneath them that get down to the nitty gritty of what should the scanner interface lens system consist of or colors that we must use to be read at a confidence rating down to 60% and must do error correction. These standards are why your DL uses the specific opposite shades of white and black for greatest contrast, yet a can of soda can have both blue and silver or red and silver for a Code 39 symbol representing a UPC identifier. Contrast and reflection are the key elements, almost half of the symbol is gone from attendees adding a black mark or scribbling with a pen, the output is still OK.

After we come back from our break for lunch, I walk over to the machine and decide to test a theory. While you can entirely black out the middle of the symbol, can the error correction handle excessive light beam damage from light refraction? Can we test this with a single droplet of water? Let's do it. So I grab a water glass and take a single small drop and land it in the middle of the code. INPUT ERROR. The machine starts audibly erring with a you-broke-me-beep, my Dad looks over, the whole room looks over, all eyes are on me and the machine that I just broke.

My Dad walks over, grinning from ear to ear, and jokingly reprimands "What did you do?" to which I can't help but laugh

I quickly realize the rest of the room wasn't happy with my laughing as several representatives of several international delegations start to get up and walk towards me, so I stammer out "Uhm… I broke it with a drop of water" and half the room starts laughing.

"Do it again, with a fresh piece of paper"

"OK"

So I print out another PDF 417 symbol, which quite seriously had written into it portions of the Declaration of Independence, and put it under the scanner.

OUTPUT OK

I take a drop from a water glass and place it in the middle

INPUT ERROR

Murmuring and neighbor discussion about causes with constant glances my way

"Humidity must be an environment factor considered and the paper water resistance should be studied," I manage to creep out after a while

The rest is a bunch of of administrative bureaucratic procedure, but together we were able to build relations for adopting paper types and setting refraction prevention techniques as well as specifications for the symbol reader.

My first hack (and patch) was due to my father, Craig K. Harmon who also taught me the importance of bringing together people of different backgrounds, languages, cultures and nationalities to build something amazing that can change the world. This symbology proved to the world that we could reliably mark individual items and eventually lead to package tracking systems, the Internet of Things, QR Codes, commercialized radio frequency identification and commerce today being possible.

I love you and deeply miss you Dad. The world was a better place with you around.

More at https://qed.org/ckh

Updated and Archived from Google+

Matthew J. Harmon
Matthew J. Harmon - http://www.linkedin.com/in/matthewjharmon/

Passionate security researcher, entrepreneur, consultant. Owner, founder, maker, mentor, teacher.

Loading Google+ Comments ...