The Hacker Factor Blog

A couple of days ago I wrote about my need for wireless network capabilities when traveling, and my fear of becoming an early adopter of new peripherals. The feedback I got back was amazing. A few people posted comments but nearly a dozen people wrote to me directly with advice, suggestions, and horror stories.

The feedback identified three classes of solutions:

Standalone hubs. There is a class of 3G router that connects to the network and acts like a local WiFi hotspot. As long as your computer can talk regular 802.11 (a/b/g/i/whatever), it can connect to the hub. The hub connects to the 3G network, giving you Internet access. Dr. Silk recommended the MiFi 2200 from Verizon. I gotta agree with him -- this looks like an excellent solution, especially for residences that cannot get cable or DSL but with 3G coverage (like my friend who lives a few miles outside the city limits). The downsides are not too extreme: claimed 4 hour battery life (forums make it sound like 2 hours with heavy use) and tied to Verizon's 5GB limit for an expensive $60/month. Again, if you can keep it plugged in and have a couple of people at home using it, then $60/month isn't bad at all.

Tethered. A tethered solution is where you have a USB cable going from your computer to your cell phone. The cell phone provides the modem/router support and connectivity to the 3G/Edge/4G/etc. network. As long as your cell phone works, you should have network connectivity. This is a great solution for anyone with a smartphone (like the iPhone or Android) -- particularly since you are probably already paying for the bandwidth and you're just not using it.

Every now and then I looked into smartphones. Right now the battery life isn't acceptable for me. My current phone can go nearly a week with heavy use (well, heavy use for me) before needing a charge. It can go nearly 2 weeks if I rarely use it and leave it turned on. My EeePC gets about 7 hours per charge and that includes heavy use (programming and compiling and networking). In contrast, most smartphones last 4-8 hours at best.

In my case, I don't have a smartphone. While I do have a cell phone, it is almost always turned off. (I don't like cell phones and I only use it when traveling.) I'm actually on a pay-as-you-go plan and I usually spend about $100 a year on the phone. For my use model, the prepaid option is a great and inexpensive choice. For this reason, I cannot justify getting another phone (a smartphone to replace my Motorola v195) for the sole purpose of having network access when I travel.

Frankly, I'm griping about paying $10/day for Internet use at hotels. For the $60/month plan, then means I need to stay at hotels more than 6 days per month for this to be a viable option. And this doesn't take into account the $50-$200 price of the smartphone with a 2-year commitment. (Some smartphones are free with a 2-year contract, but they are either not iPhone/Android, or are running older operating system versions.)

USB Dongle. At first glance, these USB dongles seem perfect for me. The calling plans are usually not as expensive as a smartphone, there's no extra power supply (it runs off the USB power), and the use model is intended for laptops and travelers. However... these dongles are not just regular modems.

My Bad Experience

After a lot of soul searching, I finally settled on the T-Mobile webConnect USB dongle. As I understood it, there is a 200MB plan with overage fees and a 5GB plan with no overages for $40. And best yet, T-Mobile is having a sale, so the webConnect is only $20 instead of $45 (with 2 year contract). While the device only says that it supports Windows and Macs, there are plenty of people in the forums who say that have it working for Linux.

Well, spoiler alert: nothing is as it appears.

Remember the old days when modems spoke that Hayes "AT" control code stuff over a serial port? It didn't matter what kind of computer you had as long as you spoke RS232 and used the standard AT command sequences. That's not the case today. +++

Today, the USB dongles do speak the AT command set (with additional commands for broadband negotiation). However, there is nothing standard about how you access the modem. There are three types of devices on the market right now, and if you choose wrong, you'll get screwed.

Plain modem or NIC. There are a few USB dongles that plugin and look either like a serial modem or like a network interface card. These have out-of-the-box support by most Linux distributions. Unfortunately, these seem to be limited to the older devices. Some don't support 3G and most have no means for supporting the new 4G and HSPA+ networks.

Dual device and ZeroCD. The description from the usb-modeswitch package for Linux describes this very well:

Several new USB devices have their proprietary Windows drivers onboard, especially WAN dongles. When plugged in for the first time, they act like a flash storage and start installing the driver from there. If the driver is already installed, the storage device vanishes and a new device, such as an USB modem, shows up. This is called the "ZeroCD" feature.

Most versions of the T-Mobile webConnect device are in this category. If you put it in and it doesn't work as a serial modem, then install the usb-modeswitch package. This will temporarily turn off the ZeroCD feature and allow you to access the modem.

Total software solution. Beginning last December, a few manufacturers began to roll out "lite" versions of these USB modems. From what I can tell, they totally removed most of the firmware and do most things in software. I suspect that this was done more for cutting hardware costs than for any actual performance or flexibility gain. Unfortunately, there is unlikely to be any Linux support unless the manufacturers port their code to Linux.

Hear No Evil

At the time I was doing the purchase, I specifically asked about Linux support. The woman who was helping me at the T-Mobile store wanted to make sure too, so she called their technical support. The first two people she spoke with didn't know what Linux was. (OMG! Are you kidding me? It's 2010! My Grandmother knows what Linux is! Every sales person in the store knew about Linux! And this is the T-Mobile technical support?)

She finally reached one technical support person who basically said, "Does it work under Linux? I should know the answer to that, but I don't know and there really isn't anyone else if I escalate this." Since the Linux forums had many success stories with the webConnect (before I knew about the "lite" versions), I decided to risk it. Bad choice on my part.

As it turns out, the $20 "on sale" device from T-Mobile is actually a Huawei UMG1691 (also called the E1691). The 1690 and 1692 are ZeroCD devices and appear to be supported by usb-modeswitch. The 1691 is a lite version and only has software for Windows and Mac. After a few days of fighting with it, doing much more homework, and even calling tech support, I finally learned about the UMG1691 -- it is a total software solution and will never work under Linux (without additional software that doesn't exist today).

See No Evil

At this point, I had two options: return it or exchange it for a different version. As long as your CPU isn't running at a full load, the performance between the ZeroCD and Lite devices should be similar. I gave it a quick try in my Mac desktop system to see if it was worth exchanging. I ended up noticing two things.

First, the bandwidth was limited to 200MB. Huh? I paid for the 5GB and no overages for more than the advertised $40 price. Well, the offer on the web site doesn't match the offer in the store. In the store, it is 200MB with or without overages. The store does not offer an Internet-only plan for $40 with 5GB and no overages.

After you go over your monthly limit, they either charge you $0.05 per MB or nothing (no overages). In the latter case, they simply reduce your bandwidth.

So how fast is the bandwidth? My Mac's benchmark reported at about 400KB per second down, and much less up. Uh, I deal with computer forensics. I'm usually transferring very large files -- CDs or DVDs or on some occasions, multiple DVDs. For me, 1MB per second is slow and 400KB/sec is unacceptable.

T-Mobile is Evil

The upside is that I was allowed to return it to T-Mobile within the 2-week window for a refund. (I was 3 days into the contract.) No connection fee, reimbursed for the hardware, and they waved the 1MB of bandwidth I used (no prorating service since I couldn't get it to work on the desired system). However, they did keep a $10 "restocking fee" that was buried in the fine print. (Had I known that there was a chance of failure and a $10 restocking fee, I would have passed on this experiment.)

So to summarize: (1) Stay away from the UMG1691 like the plague -- it is the 3C501 of the USB wireless broadband world, (2) watch what they are selling and make sure it matches their offers on the web site, (3) if you have the option to use a hub or tethered solution, do that instead of the USB dongles, and (4) ask about any restocking fees -- even if they tell you that you will get a full refund within a 14 day grace period.

Finally, I have to think that there is something seriously wrong with the mobile phone market. Every store I went into (T-Mobile, Verizon, AT&T, and Sprint) had a huge number of customers hanging around. T-Mobile, Sprint, and AT&T each had a person adding names to a waiting list. In each case, the majority of customers were not there to buy -- they were there seeking returns, refunds, or corrections. The last time we saw something like this, the housing market collapsed and huge numbers of people defaulted on loans. Are we heading toward a communication breakdown since the phone companies are investing in an acceptable level of service?

The recent attempted bombing of Northwest Airlines Flight 253 has me concerned on many levels. I actually cannot decide which is worse: the attempted bombing, or TSA's response.

The First Failure

The first failure is obvious: A man with a bomb got on board an airplane. This, by itself, is enough to identify massive failures in the entire screening process.

There are people who have pointed out that he did not board at a US airport. However, other countries screen passengers at foreign airports. You cannot board an El Al flight without undergoing their rigorous screening process. Qantas screens passengers before they head to Australia. And China Airlines has their screening process. Either TSA is not doing this and they should, or they are doing this and they failed.

Screeners also missed obvious clues. For example, he had no checked bags and only a small carry-on for an intercontinental flight. Did he even have a jacket? (Detroit is cold this time of year.) He mentioned traveling for a "religious ceremony". According to Jihad Watch, Muslim extremists who are suicide bombers refer to their martyrdom as a "religious ceremony" (because they are about to marry 72 virgins). And details like paying for his ticket with cash, recent travel to Yemin, and warnings from his own father were ignored.

But the failures do not end there. The bomber failed -- not because of security screeners and checkpoints, but because of his own incompetence. It was only through passenger vigilance and quick action that it was not worse. And it wasn't a US passenger who saved the day! It was a flying Dutchman named Jasper Schuringa. While Jasper is a true hero (and the flight was lucky to have him on board), this is clearly not a US success.

With all of these failures, I am dumbfounded by Homeland Security Secretary Janet Napolitano stating that the system worked.



Granted, she is talking about after the attempted bombing. After he tried to bomb the plane, all of the communications that were in place worked! That's like saying "After the drunk driver was stopped at three DUI checkpoints, he sideswiped twelve cars, ran over five pedestrians, and flipped his vehicle. The police were dispatched and successfully removed the man from the wreckage and took him into custody." There were far too many failures leading up to the part that worked. I think it is time for Janet to be replaced.

But it gets worse

Now we reach the point where we can only laugh at the incompetence. The screeners failed. The background check failed. The "terrorist watchlist" failed. In-air security failed.

We're beginning to learn that the US government was warned by the bomber's father -- he thought his son had fallen in with extremists. Of course, I can fully see how government officials could have ignored this warning. The alert probably looked something like this:

Date: June 15, 2009
Subject: Urgent Message! Please Call Me Or Email !!+++

DEAR US EMBASSY,

MY NAME IS ALHAJI UMARU MUTALLAB. I AM THE FATHER OF UMAR FAROUK ABDULMATALLAB AND I AM THE RETIRED CHAIRMAN OF ONE OF NIGERIA'S TOP BANKS. I NEED YOUR HELP...

Then again, TSA's knee-jerk reaction is equally bad.

• Electronics. There are no reports of Abdulmutallab carrying any electronics. So... TSA tightened restrictions on the usage of electronic devices.
  
  
• Luggage. Passengers are no longer allowed to access their personal belongings in overhead compartments... even though there are no reports of Abdulmutallab doing this. In fact, Abdulmutallab reportedly only had a small carry-on, and small carry-ons are supposed to go under the seat in front of you.
  
  
• Moving about. Passengers are no longer permitted to stand up during the last hour of the flight. Previous flights had a 30-minute window, now it is 60 minutes. Does TSA think that airline bombers won't try to blow the plane 90 minutes before landing?
  
  
• Blankets. The only new rule I can almost understand: Abdulmutallab tried to light the bomb in his lap. So, no blankets covering laps. I've been on some really frigid flights, so this will become interesting. Can I still wear my jacket if it covers my lap? What about a Snuggie? People wear these on planes...
  
  Then again, TSA just had to make this funny. They decided that "At the captain's discretion, passengers can once again have blankets and other items on their laps or move about the cabin during the tail end of flight." Yet, the cockpit door is supposed to be closed and locked during the entire flight. So... how can the captain review the situation and make a blanket determination?

Richard Reid attempted to blow up an airplane with explosives hidden in his shoes. TSA responded by requiring all passengers to remove shoes for screening. Abdulmutallab hid explosives in his underwear. So logically...

At BlackHat 2009 last month, two researchers presented a very interesting finding regarding social security numbers. In their paper titled, "I just Found 10 Million SSNs", Alessandro Acquisti and Ralph Gross explained how SSNs are not randomly distributed.

Prior to 1972, SSNs we assigned by each state. Everyone in California has an SSN that begins with a number between 545 and 573, Iowa residents received 478-485, and Mississippi received 587. The first three digits of any resident can be used to identify the state that issued the SSN.

The middle two digits identify the group number. States decide how these are allocated. (It's a confusing even/odd thing.) And the final four digits are the unique identifier.

After 1972, all SSN allocations were centralized. This should mean they are random, but they are not...

Predicting SSNs

So here's what the researchers found. The Social Security Administration publishes a Social Security Death Index. This database is available online by places like Ancestry.com. The SSDI includes names, birth dates, death dates, last known address, and the SSN.

If you know where someone was born (state) and their date of birth, then you can find the SSN of other (dead) people who have that same date of birth and state. The unknown SSN of the live person is likely similar to the SSN of the dead person.

How likely is "likely"? Depending on the state, their prediction rate for all 9 digits was between 3% and 58%. The range varies based on the state's population: more births per day means a wider range and lower prediction rates. So someone born in Alaska in 1998 has a 58% chance of having their SSN guessed with less than 1000 tries, while a New Yorker would be 3%.

Granted, a 3% chance of a perfect match given 1000 guesses is not a great success rate. However, identity thieves have the time and the incentive. If they have a list of people, states, and birth dates, then they can quickly guess the SSN and steal an identity -- without ever compromising any computers. Making things even easier, search services like ZabaSearch and Veromi can tell you the state and year of birth.

But things still get easier... Prior to 1989, people had to request a SSN. Some families requested SSNs for their children at birth. Others waited until they started school or went for their first jobs. However, after 1989, hospitals began to request the SSN automatically. Thus, it becomes much easier to predict the SSN for people born after 1989 since you know the date it was requested -- it's the birthday.

The Friendly Skies

TSA recently started a new security screening processes. (And I use the term "security" loosely.)

The terrorist no-fly list has a lot of false positives. Since names are not unique, people with similar names as those on the lists were denied access. People with names on the watch list include (Senator) "Ted Kennedy", (Representative) "John Lewis", (singer) Cat Stevens, (Senator) Ted Stevens, and even Nelson Mandela.

To address the false positives, TSA has decided to request more information. (Can you see it coming?) They want your gender and... date of birth. The idea is that the "Ted Kennedy" on the terrorist watch list is probably not male (uh, how many female people named "Ted" are there?) and won't have the same birthday -- assuming the terrorist wasn't trying to impersonate the senator and was really named Ted Kennedy. (No terrorist would lie about their name, right?)

So let's see... TSA does not have a good track record for any real security. They now have a group of airport employees and airplane ticket agents who will have access to names and birth dates. Anyone with access could steal the list and use it, along with the Social Security Death Index and services like ZabaSearch or Veromi, to guess social security numbers.

And let's not forget that the TSA screener who checks your ID never compares your ID with the terrorist watch list. This additional information won't stop terrorists, it will only inconvenience honest people. Just be sure to print your boarding ticket at home, and you won't get hassled at the ticket counter -- since that is where the watch list is checked. (And terrorists always use the ticket counter, since none of them can use home printers. Right?)

Then again, just two years ago TSA lost payroll information -- including SSNs -- for 100,000 TSA workers. So maybe collecting birthdays for every passenger is not as bad as if they collected more sensitive information.

Between Defcon and other conferences, I've been to Las Vegas nearly two dozen times in the last ten years. During that time, I've seen a lot of changes and few have been are positive. Basically, I truly believe that Las Vegas is dying.

Hotels

I rarely stay at the same hotel twice. It isn't that there are not some really nice hotels, but rather, I want to experience different locations.

The MGM Grand tops my list of really nice hotels. After all of the noise and lights from the casinos and The Strip, it is nice to go into a spartan room that just oozes "calm". The MGM actually has two types of rooms (that I know of). The first are big rooms with beige walls. The second, found in the West Wing, are really creepy -- mirrors line all the walls and all are aimed at the bed. This might be nice for an attractive couple who want to party all night, but it was way too creepy for me.

Caesar's Palace is more of a hit-and-miss hotel. You'll either get a very nice room, similar to the MGM Grand's nice rooms, or something creepy with mirrors over the bed and frosted glass walls around the toilet.

Aladdin/Planet Hollywood reminded me of a La Quinta. That's not bad, it's just not outstanding. (But when I forgot to pack my dress shirts from the closet, they mailed them to me for free -- so they get a gold star for that.) Then again, when the architecture conferences come to Vegas, they always tour this hotel. It is a perfect example of how NOT to layout a casino. (In contrast, Caesars, MGM, and Mandalay Bay are all laid out very well. Between off-track betting, slots, tables, shopping, and hotel, it's hard to get lost at Caesars.)

On the low-quality end are places like the Luxor. I'm sure the Luxor was really nice when it was built in 1993. Unfortunately, it hasn't aged well. I don't like waiting 10 minutes for an elevator, or having cigarette burns all over the carpet in a non-smoking room. It really struck me as a one-star hotel with a three-star price.

But nothing beats the Casino Royale for inadequacy. It's a hole in the wall between the Venetian and Harrahs. It has a good location and it's cheap, but it's a dump. The door locks were broken, the door didn't close right, tiles in the bathroom were chipped, and there were exposed pipes in the hallways. The only pleasant surprise was when I didn't find bugs in the bed or drug dealers down the halls. (I really expected both.)

I can understand why Vegas blows up casinos rather than remodels. For the cost to remodel, it is cheaper to destroy and rebuild. Unfortunately, I think more casinos need to be destroyed soon. Most places really have not aged well.

But Are They Happy?

When I first went to Vegas (more than 20 years ago), it was like Disneyland for adults. Everyone was smiling and everyone was having fun. But over the years, there are fewer and fewer smiling people.

This year, as I checked into the Monte Carlo, I got a bad vibe. A newlywed couple were ending their honeymoon and got onto the elevator to leave. She said to him, "I can't wait to leave here and go some place fun." It isn't that the Monte Carlo was a bad hotel. Quite the contrary, the room was very nice, virtually no wait at the elevators, the place did not reek of smoke (unlike Caesars), and even the breakfast buffet was cheaper than most other casinos ($12 vs Planet Hollywood's $14 for weekday breakfasts). Rather, it wasn't a happy place. I would walk past the table games and the dealers would look down or look away -- no eye contact, and nobody smiled. And it wasn't just me -- a craps table would be packed with people and none of the players and none of the employees would be smiling. It lacked "fun". In fact, in the week I was there, the only employees who I ever saw smiling were the registration clerks.

Looking at the visitors, I really only saw three types of people. First, there were the really old people. If they were alone, then they would not smile. But put three or more of them together and they were clearly having fun. Whether it was slots or just walking, old people were happy in groups.

The second type were the party crowd. Either a bunch of frat-boys celebrating together, or a bunch of party girls looking to get drunk. But I think their smiles were fake -- I would see a frat-boy look around the casino without a smile, then put on the smile to address the group.

The third type were the individuals. There were a good number of people wandering around alone. These people were likely there for a conference or meeting, or were just separated from their group. None smiled.

Now, let's look at this with regards to long-term revenue. Old people die -- no long-term clientele. The party goers might return one time for a conference, decide it is boring, and never return again. In fact, the real people with money are the individuals -- and they were not happy.

As an individual, I found the casinos to be boring. If I wasn't there for a conference, then I wouldn't go there.

What Do People Want?

In Vegas, meals are expensive, shows are expensive, and gambling is expensive, but I don't mind the expense if I'm having fun.

What really got me were the nickle-and-dime spending for everything. For example, my hotel room only had about a dozen channels (ABC, NBC, ESPN, etc.), but no "extras" for free -- no movie channels like TNT, AMC, or even HBO. In fact, any La Quinta in California has better TV selections than any place I have stayed in Las Vegas. In LV, you can purchase a movie on demand, but otherwise, they don't want you to relax and watch TV at night.

With everyone getting overweight, I've taken up walking on a treadmill, biking, and doing weights. I know, with all of the walking around, you'd think I wouldn't want to exercise at the hotel -- but I've become used to it and it makes me happy. At the Monte Carlo, they have a fitness center, but it isn't free. If you want to use a treadmill or go spinning, it will cost $19 per day. I can join a full health club for $35 per month, so $20 per day is outrageous. But more amazing were the hours -- they open late and close early (I think the hours were 9am - 9pm). If you're into exercising, then you probably do it in the morning, or at night. So the fitness center isn't even available.

And then there is Internet access... In today's always-connected world, everyone needs Internet access. Even when on vacation, you need to stay connected. Yet, none of the casinos offer free network access. It is usually $12 - $15 per day. Now, keep in mind, T-Mobile offers unlimited Internet access for $5 a month, so $15 a day is unrealistic. Then again, T-Mobile doesn't offer a hotspot on The Strip (not even at the plethora of Starbucks locations). I ended up walking to Planet Hollywood's Coffee Bean and Tea Leaf (coffee shop), or Krispy Kreme in Excalibur, which both offer free access (when their connectivity was not offline).

One feature at Defcon is the Wall of Sheep, where they sniff usernames and passwords for anyone using the network. Twitter was really popular this year and was constantly at least half of the sheep traffic.

Ignoring the security aspect of it (Twitter has no security), Twitter is popular. At many casinos that I visited, I saw kids (well, people younger than me) congregated around doors or anywhere there was good cell phone coverage, and tweeting or IM'ing. In fact, you're not allowed to use a cell phone, blackberry, or other electronic device when you are in the gambling areas. These kids have money, and the casinos are not catering to them.

Hey Taxi!

I always chat with taxi drivers. They know everything. But this year, things were interesting... I asked every cab driver the same question: Is Vegas slower this year? Everyone said yes, but the reasons differed.

The first two cabbies blamed Obama. The administration has decided that bailout companies cannot hold conferences in Vegas. The reason is pretty simple: this is TAXPAYER MONEY. Vegas is expensive and the casinos hold onto most of the revenue. So for the cab drivers, ask yourself this: do you want $1 of your taxes to go to Vegas, where less than $0.05 will come back to you? Of course not.

One cabbie said that Vegas has become a party and drug town (more so than ever). Kids go to the clubs for sex and/or drugs, and that's where the money stays. But then again, these are not long-term clients; after a year or two, they will get burned out, arrested, or dead. I asked this cabbie about long-term clients and she laughed; Vegas used to cater to business people and vacationers, but that stopped years ago.

Then again, the cost of a cab ride has increased. I used to be able to travel from one end of the strip to the other for $15 (including tip). Now it is $20. That's $40 round-trip. For $40 a day, renting a car is cheaper and more convenient.

Insult To Injury

As I previously wrote about airports, I measure success based on the cost of orange juice. At the Las Vegas airport, a small bottle of OJ costs $5. It is the single most expensive price I have ever seen for orange juice.

So after all my complaints about the cost for network access, fitness, food, shows, and entertainment, I get hit with a $5 cost for OJ. And I want to return to Vegas because...

I usually go to Vegas at least once and sometimes three times a year. I have already canceled my next trip to Vegas -- the conference is not worth the additional costs. And if Defcon wasn't held there, then I probably would not go again.

I recently got back from another trip and I must say: as much as I criticize TSA and airport security, I never thought that they would surprise me.

In my previous blog entry about airports, I outlined all of the different security steps and how nearly all are trivial to bypass. In truth, there are really only two real security steps before you get onto the airplane. First, there is the metal detector and X-ray system. While this can be defeated, it is still a real preventative measure.

The second provably effective method is when the boarding pass gets scanned. This happens right before you actually board the plane. Unfortunately, this is the first and only time your boarding pass is checked for validity. However, my experience with this latest trip surprised and disappointed me.

Going...

On the way out, everything seemed to be going according to schedule. Row numbers were called, people got in line, boarding passes were scanned, and people got on the plane. Except...

When the plane was mostly seated, the flight attendants made an announcement: "Will Mr. [whatshisman] please press your call button? You're going to Louisiana, but the rest of us are going to California." Yes: someone got on board the wrong plane. So I've got to ask: if the barcode scanner isn't validating that you are on the correct plane, then what is it doing?

Going...

But that wasn't the worst part. On the return flight, the scanner wasn't able to read many of the barcodes. As a result, about half of the passengers ahead of me (including myself) managed to board without ever having our boarding passes validated.

So let's see... if you managed to get past the security checkpoint with a fake boarding pass (a trivial feat since they don't check it), then you can still get onto an airplane. In the best case for the attacker, the scanner won't be working. In the worst case, the barcode will "cause problems" and won't be validated. Of course, this is all assuming that the barcode scanner is doing any validation in the first place (which does not seem to be the case). Regardless of the validity, anyone can get onto an airplane with a fake boarding pass.

Again: Where is the security? It's in their name: Transportation Security Administration. Their middle name is security, so you should feel secure.

Gone!

So who is really benefiting from all of this security? The vendors. In the Denver airport, there seems to be some price fixing going on. All water bottles -- regardless of the vendor -- are $2.15. This is the same amount as a bottle of orange juice. At the San Jose International Airport, LAX, and other airports, water costs more than orange juice.

This is nothing less than price gouging. At every grocery store I have visited, from Safeway to HEB, King Soupers, and Harris Teeter, a bottle of orange juice is always more expensive than the same size bottle of water.

And let's not forget that luggage theft is on the rise.

I'm so glad that we have the TSA to keep the criminals away and making the public safer. Oh wait, they haven't.