Sunday, October 26, 2008

The Danger of Microsoft Flight Simulator

Some time ago I flew from the east coast to Orange County airport on an A320. The flight was uneventful right up to the final approach. As we lined up on the runway, the pilot veered off and accelerated. He announced over the PA system: “Well, folks, some days everything just seems to go smoothly, and other days is doesn’t.”

Why is it that all airline pilots sound like they were raised in west Texas and have names like Billy Roy?

Our pilot, Billy Roy, continued: “The on-board computer seemed to think that the flaps weren’t balanced, so it automatically retracted the flaps. We’re going to run a quick diagnostic and we’ll have you on the ground right away.”

Why is it that the notion of being in the ground right away is supposed to inspire confidence? There are times when I’d be more confident if I know we could stay up in the air until everything was fixed.

After a few moments, Billy Roy got back on the PA system: “So the flaps are up and the computer is sure that they aren’t balanced, so we’re just gonna scoot up to LAX and land there. They’ve got real long runways so we’ll be just fine.”

At this point everyone in the front of the plane, where I happened to be for this trip, got very nervous. We all had played with Microsoft Flight Simulator, and we all know what happened when you tried to land with zero flaps. Basically, the plane can’t slow as much as the pilot would like, because the flaps provide extra lift at lower speeds. If you try to slow down too much without any flaps, your aircraft will stall and fall out of the sky. So when you land with no flaps, you hit the runway about 40 or 50 knots faster than you would like. This puts extra stress on the brakes, which might fail. Even if the brakes hold up, you’ll take up a lot of tarmac before you get to a stop. Hopefully not all of it.

Billy Roy got back on the mic: “So we’re gonna land here at LAX and just as a routine procedure you might notice some equipment along the runway, but again this is simply a routine procedure and we’ll be fine. Once we get to the gate we’ll get this all sorted out and we’ll just get on down to Orange County and have you folks home real soon.” Orange County airport is also known as John Wayne Airport. It seemed to me that Billy Roy was trying to channel the Duke.

We came in at about 240 knots, and sure enough there was some equipment along the runway: Ambulances, fire trucks, and a couple of other vehicles I couldn’t name, although I thought I’d seen them in the final scene of the movie Airplane!

When we did come to a stop, about 15 yards from the end of the 2-mile long runway, Billy Roy got back on the air: “We’ll be transferring your luggage to busses for the short drive to Orange County. If you would like to make other arrangements, please see the agent at the gate to collect your bags at the baggage carousel.” I called my favorite car rental company from my seat and booked a Taurus. And I promised not to make any zero flaps landings on Flight Simulator again.

Wednesday, September 24, 2008

Eureka, a 21st Century Morality Play

Eureka manifests a deep medieval Christian morality, with Sheriff Carter as Everyman. Cast as the simple believer, the Sheriff trusts all but judges few, unblinkingly learning from the circumstances and personalities evolving rapidly around him. His subtle core values of honesty, integrity, and openness to the new and unexpected, help us deal with our rapidly evolving world, where experts in disciplines many of us cannot even pronounce, let alone describe, propose solutions to dilemmas never seen before in human history.

In vivo fertilization? Transmigration of the soul? The collapse of the Communist ideology followed two decades later by the near-collapse of the bastion of capitalist economic theory? Is government bad or good? Is more government necessary or dangerous? Should business seek less regulation to pursue profit maximization, or endure more to mitigate investor risk? When, if ever, is property theft?

Café Diem’s food is free – but Vincent, the café owner, does not trade on that munificence to accumulate political or personal power, rather he serves everyone anything they want, regardless of their behavior, character, or status in the community. This conviviality is economically unsustainable, so must be interpreted symbolically. (It would trivialize the story to interpret it as political economics.) Manna, water from the Rock, a boundless gift.

Henry’s Garage fixes everything without counting the cost. Who else but Henry would officiate at weddings, become mayor by acclimation, and speak truth to power – his defiance of Eva Thorne is signatory. He refused to participate in a morally ambiguous activity, not because it is evil but because he does not have sufficient information to determine if it is evil or good. His wise pragmatism, a counterbalance to naïve enthusiasm, makes him an ideal confidant and teacher to the Sheriff’s late-Jobian incomprehension and acceptance of the mystery and power of Science, the symbolic manifestation of the Deity in our pragmatic 21st Century.

We each have our Vincent, our Henry, and our Eva. We each face demands for moral choice in the face of ambiguous but powerful forces beyond our comprehension. How to find a trusted wise counselor, and avoid a con man? Each day we awake to a new world, trusting in some of our gifts, assaying our strengths and weaknesses, reflecting on the path we have trod so far, contemplating our next steps. Sheriff Carter’s gumption and plain common sense in the midst of chaos offer a healing presence, a promise that we can make the right choice.

Sunday, July 20, 2008

FlowerPower Foundation Experience


At 3:30 I turned off the Mets at the Reds (tied), picked up the map I’d Googled last night, and walked out to the car. Man it was hot! The AC kicked in soon and I rolled down the Merritt towards New York City. At 4:50 I was parking outside Butler Hall on West 119th. The guard told me that any elevator would go to the top floor, just push “R” for restaurant. I stepped out into a smallish alcove and met M., the event planner. She was expecting me. I asked her if there might be a food service cart of some kind. She said that the back was already closed and everyone had gone home, so, no, there wasn’t anything available.

She pointed to a beautiful floral place setting with purple iris, hydrangea, and some white and blue flowers I didn’t recognize. “There’s that centerpiece, and there are 15 table arrangements over there.” These were described as 6x6 – they were 6” tall glass cylinders, 6” across, stuffed with the same types of flowers as the main piece, but without the hydrangea. They were nearly full of water which meant they each weighed a bit more than I’d expected, but pouring out the water would have risked the flowers all wilting on their journey and that would make the trip less worthwhile. So I took them down to the car two at a time. My biceps got a fair workout! M. had a helpful suggestion: She would hold the elevator at the restaurant while I loaded it up with arrangements, and the guard on the lobby would hold the elevator while I unloaded them. I thanked her for the idea and followed that plan. Much better! The flowers all fit nicely in the back of the car.

I drove down Amsterdam Ave. and took a left at 114th St. There was no place to park, though; so I tooled around the block until I saw a space open up on the northbound side of Amsterdam Ave. I carried the first two arrangements into the lobby at St Luke’s hospital, signed in, and asked the guard how to get to 9 West - the geriatric ward. Up the elevator to 9, then turn left when you get to the corridor. 9 West is at the end. I thanked him then asked if he might have some kind of cart or even a spare wheelchair. (My forearms were feeling the burn.) He looked around but nothing was available. With his permission I left the first two arrangements behind his desk then walked back to the car to get another pair.

After the fourth trip, he found a cart – a nice one, with two decks. I rolled it out to the car, thanking the inventor of the wheel, put the large centerpiece on the top, and filled the base with the remaining seven arrangements. The ride had seemed smooth but most of the arrangements had splashed a bit, their sides were slippery. I did not want to drop one and have the glass shards scatter all over the floor! That would be a déclassé introduction. But every piece made it up to the ward safely. When I came down the corridor with my cart, every nurse stopped to say how beautiful the flowers were! I said, thanks – it gets better. I asked them if I could put the large arrangement on their station, and they were very happy about that. Then I picked up one of the arrangements and walked into a patient’s room.

“Hi, I brought this for you. Where would you like it?”

The elderly woman in the bed had a visitor, a man leaning back in a chair. He offered to take the vase but I told him that it was a bit slippery and heavy, so I would just put it on the window if that was okay. She asked, “How much does it cost?” Nothing, there was a wedding a few blocks from here and they asked if I could bring the flowers to you. They are already paid for.

Her room-mate was alone and seemed introspective. I told her that I’d brought her some flowers and where would she like them? She was shocked and exclaimed that she was beginning to feel a bit depressed but this certainly snapped her out of that! Then she recited a lengthy prayer in rhyme. We said Amen, and I thanked her for the blessing, and wished her a happy Sunday. As I was leaving, she reminded me to thank the people who donated the flowers.

Down the hall, the elderly man in the breathing mask didn’t want any flowers, so I turned to his room-mate, who said that he did not want the whole arrangement, but that he would like a single purple flower. Purple was his favorite color. He asked how long it might last, and I said that if we put it in a bit of water it should be good for a few days. I went to the nurse’s station and asked them if they might have an empty water bottle or something to use as a vase. Patient C. didn’t want the whole arrangement, he just wanted one iris. A nurse produced a glass vase and C. got his one purple flower for his bed-table.

I took the cart back downstairs and filled it with the remaining arrangements. One of the assistants took some grief from a nurse who asked him why he never brought her some flowers. I said in a stage whisper that I’d put his name on a gift card in the next batch –

By the time I got back, the nurses had picked out where the rest of the arrangements would go. Many, many smiles and thanks. I brought the cart back to the lobby, thanked the guard (after telling him about the dialog between the nurse and the assistant) and drove home, feeling very good.

I snapped this picture of the guard's desk with the last batch of arrangements at St Luke's:

The FlowerPower Foundation takes donations of flowers from weddings, funerals, and corporate events. Volunteers re-purpose these flowers into vases and deliver them to people in hospices, long term care facilities, and, as today, geriatric wards. There are chapters in New York and Los Angeles. If you would like to donate your time, flowers, or funds to FlowerPower, please visit their web site at http://www.flowerpowerfoundation.org

Saturday, July 5, 2008

Regular PC Maintenance

Here's a list of things to do to keep your PC running at its best. PCs require regular attention. Over time they get cluttered up with obsolete system files, the hard disk gets fragmented, and your system runs much more slowly.

How does this happen? When you edit a file, the operating system finds the next available space on the hard disk to hold the changed part of the file. When you finish, the operating system marks the space on the hard disk where the old copy of the file resided as deleted. Over time, those old pieces accumulate. The folder that contains the file also contains lots of pieces of unused space. The file is fragmented, with pieces scattered all over the hard disk. The system runs more slowly because it spends extra time to find and put together the fragments of the file. Defragmenting the file means moving the in-use pieces of the file together and freeing the big block of space at the end. This process is also called "degassing" the file.

First: Update Windows for any Microsoft updates and security fixes. Start -> Programs -> Microsoft Update and say “Yes” if it asks if you want to update the download agent. Select all critical updates – some might have to be installed by themselves but most can go together as a bunch. You will probably have to restart your computer after the update completes.

Second: Update your anti-virus software. Each program has a “Live Update” feature to get the latest list of bad code that needs to be prevented from running on your computer. You might have to restart after this, as well.

Third: Run a virus scan. Start your anti-virus software program and run it. Depending on your computer this can take from five to 30 minutes.

Fourth: Scan for spyware. Get a copy of “Spybot – Search and Destroy” from http://www.Majorgeeks.com/ and download it. After you have updated that program pick “Immunize” to block spyware from attaching itself and then run Scan to identify and delete spyware.
There are other spyware programs out there. Microsoft Antispyware is available for free off the Microsoft home page. Webroot sells for $30 from Circuit City and is pretty good; LavaSoft is free to individuals, Spywareblaster is also free (and will accept donations like Spybot does). Norton and McAfee both have additions for spyware and AOL has some code that works, too. I use all of them, because each has its strengths and they don’t interfere or consume excessive resources. Trend Micro is pretty good, too.

Fifth: Remove temporary files. Start -> Search -> For files and folders and pick “All files or folders.” Select TEMP, and once you’ve found the folders, open them each and delete all their contents. Some contents may not be deletable – they are in use and that’s okay. Skip those and get rid of the rest. Close the search window, go to the recycle bin, and empty it. Then find all files and folders that have “*.tmp” in their names. Select them all and delete them. Again, some of them may not be able to be deleted because they are in use, skip them and get rid of the rest.
After this, go to the recycle bin again and empty it. That actually marks the space the files occupied as available.

Finally: Go to Start -> Programs -> Accessories -> System Tools -> Disk Defragmenter and run that utility. The first time you do this it may take a long time – an hour or more.

Do this every month or two, depending on the amount you use the computer. Also, after you install a new program, a major upgrade or a big security update, you might go through this again too. These directions apply to Windows XP but the same process works for Vista.

Sunday, March 30, 2008

Black Bean Soup

This soup is wonderful for a cold evening – and it is very easy to prepare. The crushed pineapple helps soften the beans, and the flavor blends in completely. The beans improve after a night in the fridge. To re-heat, melt a pat of butter in a heated pan and add some water, bring to a gentle boil. The butter adds a nice flavor and will keep the beans from sticking to the pan, as well. Remember that any starch absorbs salt, so correct the seasonings.

Ingredients:

Dried black beans, 1 # bag
Butter, 1 tsp
Olive oil, 1 Tbsp
Small sweet onion in small dice
Garlic, 1 Tbsp, minced
Salt, 1 tsp
Crushed pineapple, drained, 1 oz

Method:

Sort beans and soak overnight. (Some may think this is excessive but I find it makes the soup creamer.)
Heat sauce pan, then add oil and butter. Clarify garlic and onion. Add drained black beans and stir thoroughly over medium-high heat till any remaining water is evaporated. Add 1 tsp salt and crushed pineapple.
Just before beans begin to sizzle, add 8 cups water and reduce heat to medium. Let the beans cook until softened, about 2 hours, stirring occasionally. You can crush the beans a bit with a wooden spoon, but the stirring should be enough.

Serve with a dollop of sour cream or plain yogurt.

Saturday, February 16, 2008

Daddy, What Does a Chief Technology Officer Do?

My daughter asked me to explain my job for her class’s career day. I did some research, and made some interesting discoveries. There are a surprising number of jobs that carry this title. I’ve seen openings for a “CTO” whose responsibilities include maintaining servers and managing the help desk. One firm had a CTO that was chartered to run a group of developers. So, what should a CTO do, and when does a company actually need one?

Let’s begin by talking about what a CTO should not do. The CTO should not manage developers. The head of development spends his or her time working to keep the development team on track against a set of product plans. Inside the development organization, this Director attends to staffing, training, workload and productivity metrics, budget, and scheduling. Working with the customer organizations, the Director keeps up to date on shifting priorities, changes in product requirements, and new potential opportunities that the developers may need to supply. This is a full time job. The performance plan for the Director of Development is quite simple: Deliver high quality programs that meet or exceed customer requirements on time and within budget.

A CTO should not manage a hardware team or an infrastructure group. The CTO might have a lab (for test purposes, not production or QA). But the CTO does not own a production facility and should not be measured against that criterion. Functional strategies (productivity, headcount, floor space, training, power and cooling, etc.) should rest with a COO; the CTO is a research and ad tech discipline in the strategic planning domain.

The Chief Technology Officer matches new technological capabilities with business needs, and documents that match so the business can decide whether to use the new technology or not. The CTO is not an advocate, but a strategic planner and thinker. A business that sells information technology uses the CTO to articulate how the new technology can address business needs for its prospects. So the CTO needs to understand his firm’s capabilities and something of the business processes of his firm’s target market. A business that uses information technology needs its CTO to select potentially useful new technologies for use in its internal business processes. This CTO should understand a good deal about a broad range of new technologies and must have a deep sense of the business’s core processes and goals. The CTO should not be an advocate, but must be unbiased. The CTO needs to understand the abstract potential that a new technology might offer, and must know the underlying architecture of the firm’s business processes.

The CTO must have a high degree of professional integrity – there will be times when the CTO will be the only person that the senior leadership team can turn to for an unbiased and well-grounded assessment of a potentially valuable new technology. A vendor CTO whose primary function is outbound marketing does a disservice to the vendor for whom he or she works. A user CTO whose bias is towards always trying new things adds no value to the firm looking for a sustainable, cost-effective competitive edge.

Consider how firms today confront Web 2.0 – the combination of blogs, wikis, and social networking technologies sprouting up. A user organization that wants to interact with consumers may already be all in. Coca-Cola runs over 500 web sites for consumers, and sponsors videos on YouTube; even IBM has space on Second Life. Other firms may shy away from the uncontrolled side of these technologies. Publicly-traded firms and others facing regulatory scrutiny may fear the consequences of an unguarded comment on a quasi-official channel, and rather than manage that risk they opt to deny employees the ability to participate at all. Of course, this draconian measure does not work; employees can blog under another name, or contribute to a wiki pseudonymously. The CTO would have looked at the potential strengths and liabilities of each medium and present the firm a view of the potential benefits (closer interaction with customers and partners), costs (incremental IT investment, potential lost productivity on other tasks by bloggers), and risks (uncensored commentary reaching the public). The CTO’s performance plan is simple: to evaluate for the executive leadership team potentially useful new technologies – showing how they might fit in specific business processes to the firm’s benefit.

Could that job be done today by another function within the organization? The IT project office might render an opinion about investing in Web 2.0, but that could be characterized as self-serving. The marketing department might argue that Web 2.0 will give them a competitive edge, but that could be marginalized as just the goofy marketing guys wanting more toys to play with. Without a CTO, these organizations might choose to spend money covertly to test the technology, potentially placing the organization in jeopardy. The CTO alone must offer an unbiased, insightful analysis of the potential of the new technology.

How does the CTO improve? A good CTO isn’t just lucky, although never underestimate the value of good luck. Rather, a good CTO describes the environment in which the new technology may fit, and then defines how that fit might occur. If the projection is correct, the CTO celebrates. But if it’s wrong, the CTO has solid documentation to review. By using that documentation, the CTO can learn which element of the current environment he missed or mis-characterized, or what step in the chain of reasoning was flawed. Through this process of self-evaluation and learning, a good CTO gets better over time.

Some companies need a CTO more than others. Firms that tend to adopt leading edge technology not only need a CTO to understand the capabilities on offer (most vendors of leading edge tools don’t know what they are actually for), but they need other processes to manage that raucous environment. The firm’s purchasing department needs to understand how to negotiate with start-ups. The firm’s development team must be able to integrate primitive, early-stage technologies. The firm’s operations area may have to cope with poorly documented, unstable products. But the benefit could include being the first to open and capture a new market.

Companies that deal with established major vendors will spend much less time and effort dealing with these teething pains. But, they will have to wait. Microsoft’s Internet Explorer was years behind Netscape. Some of firms that jumped on Netscape early established dominance over their target market – eBay and Amazon.com, for instance. In both of those company’s cases, the CTO was the CEO. Sam Walton’s vision of a frictionless supply chain drove Wal-Mart’s very early use of e-commerce (predating the term by a decade or more) with its suppliers. Middle of the pack firms don’t leverage their CTO much, they use him for insurance, not strategic planning.

Lagging companies adopt technology after the market figures out its parameters. These firms try to grab a bit of profit by squeezing in under the dominant player’s margins – selling hardware more cheaply than Dell, or audit services at lower rates than the Big Four. Picking up nickels in front of a steam-roller is a dangerous game. Larger vendors will always be willing to sacrifice a few margin points to protect market share, so a successful laggard risks extinction. Trailing-edge firms don’t need a CTO; they need a sharp financial team.

So my daughter got more than she expected, and her class got a peek at how the various functions in a strong, self-aware corporation align with the firm’s goals and vision. How does your firm use its CTO? How might it?

Friday, February 1, 2008

PCI DSS Class Thoughts

On Thursday, January 24, the New Jersey ISACA chapter held a class on the Payment Card Industry Data Security Standard (PCI DSS), which I taught. Thirty five people attended. Most were IT auditors, some were in information security roles, and a few were educators or administrative staff. The goal of the class was to give the attendees a clear understanding of the history of the standard, what it means now, what forces will most likely drive its development, and what it could become in the future.

The standard came about as a result of the efforts of the then-CISO at Visa, who I’ll name if he wishes. In the late 1990s he was concerned that merchants weren’t protecting their customer’s credit and debit card data suffficiently, so he floated the idea that merchants should follow a code of good practice: Use a firewall, use anti-virus software and keep it current, encrypt card data both when it’s stored and when it’s in flight, restrict access to systems that process card data, have a security policy that informs people that they should keep card data safe, and so on.

The idea caught on and in 2000 Visa announced its Cardholder Information Security Program (CISP). Shortly MasterCard, American Express, Discover, and the rest all launched their versions of the standard. At that point merchants became dismayed that they would have to follow a handful of similar standards with annual inspections from each, so the various firms providing payment cards banded together into the Payment Card Industry Security Council, which released its first standard in January 2005.

The threat landscape continues to evolve rapidly. In the 1990s merchants were worried that a hacker might capture a single card in transit. Now the bad guys can hire a botnet to scan millions of firms for vulnerabilities. The Atlanta-based start-up Damballa maintains statistics on botnets, and they are frightening. At present more than 1 in 7 PCs on the Internet is infected with some form of malware. The Storm botnet seems to have over 50 million zombies (Internet-connected PCs that are receiving and responding to commands from its control infrastructure). Estimates vary but there are now about 800 million PCs connected to the Internet, with the total expected to pass 1 billion machines by 2010.

Traditional information security measures are necessary but not sufficient. Someone once said that using basic information security was like putting a locking gas cap on your car. It may slow someone down, but it won’t keep a determined thief from punching a hole in your tank and draining the gas out. While that is true, for a long time we took a modicum of comfort in the thought that a thief in a hurry would see the locking gas cap and move on to the next car. But in this new threat model, the thieves use stealthy automation, have lots of time, and need almost no effort to undetectably siphon off sensitive data from everyone.

Now there is a whole industry around this standard: about 1,400 merchants globally are so large that they must have annual examinations. There are dozens of firms that are certified to perform those exams, and another slew of firms that are certified to perform the quarterly scans the standard requires. The PCI council certifies both examiners and scanning firms. Note that they don’t certify products; they certify a company’s skill and methodology. So if a scanning vendor uses tool A for certification and switches to tool B, they need to be re-certified.

Certification is valid for one year only. But certification doesn’t guarantee that a merchant won’t get ripped off. TJX suffered the largest breach known so far, with 94 million credit and debit cards stolen. During the 17 months that the bad guys were prowling around TJX’s systems, the firm successfully passed two full examinations and five quarterly scans, all performed by large and reputable vendors. The exam is an audit, not a forensic investigation. And the bad guys are more persistent, diligent, and motivated than the examiners. Some firms believe that since they passed an exam, they must be secure. All that passing the test means is that the firm is meeting minimum requirements. Creative, persistent, diligent information security measures, proactively applied by the firm itself, are the only way any firm will have a chance of finding the bad guys and shutting them down.

The class helps firms that handle credit and debit cards understand the obligations under the standard, but more importantly what additional measures they might take to avoid bad things happening. We look at the TJX breach in depth, reconstructing the apparent chain of events to highlight the tenacity and dedication of the bad guys. Remember that information security is entirely about economics: if the value of the information is greater than the cost of getting it, the information is not secure. For more information about the economics of information security, check out the Workshop on Economics and Information Security (WEIS).

If you use a credit card, be aware of small but unexpected charges. The thieves can get a million dollars just as easily by taking one dollar from each of a million users as they can from taking ten thousand dollars from each of one hundred users. The difference is that nobody complains about losing a buck. The thieves are evolving into endemic, chronic, annoying parasites. Being a 21st century cyber-crook may not be glamorous, but it is lucrative, low risk, steady work.

Sunday, January 20, 2008

5, 6, 8, 12, 19, 23

The first problem with winning the Powerball lottery is figuring out who to tell first. My college buddy? An old girlfriend? My boss? Of course, since the grand prize is $312.5 million, it won’t be long before just about everyone who has ever met me, seen me, heard me, read something I wrote, or received my business card, will become one of my closest and dearest friends. Very soon I’ll start hearing about unique business opportunities. I’ll learn a great deal about the importance of having adequate life insurance. I’ll have to change my phone numbers, and not list the new ones.

It turns out there were twenty other winning tickets! So each ticket is worth only $15.6 million, or about $781,000 per year for twenty years. After taxes that’s about $470,000. The ex gets half, so I’m down to $235,000. It’s hardly worth turning the ticket in.

On the plus side, I’ll be able to pay off my debts, and get the car fixed. It’s time for a new car, anyway. And I’ll be able to get to St. Warm for a long weekend in the sun. I haven’t had a real vacation for years. I’ll bring the kids – they will have a great time. They both like fresh fish, and love to swim.

I can make up for the lame presents I was able to get them last Christmas. They both want computers, and now I can get them the laptops they’ve picked out on-line. Birthdays will be bountiful this year! Better, they will have their college all set.

I hope they don’t get spoiled.

[Postscript: This is a work of fiction. I have never won the lottery. In fact, I don't know anyone who has. Statistically speaking, I never will. This fantasy was intended to play with the idea of winning the lottery; and I hope it was enjoyable.]

Saturday, January 12, 2008

Shall I Check the Tires, Sir?

Some of us may recall the days of full service gas stations. For those who don’t, take a look at the scene in “Back to the Future” where Marty (Michael J. Fox) watches a car pull into the Texaco station in his home town in the 1950s. The attendants leap into action – one checks the oil, another pumps the gas, a third washes the windshield, and a fourth checks the tire pressure.

Why does the tire pressure matter? An underinflated tire experiences higher rolling resistance. This excess friction generates excess heat in the tread. This had three consequences. First, excess heat increases wear – the tire gets old faster. Second, excess heat compromises traction. Finally, underinflated tires use more gas. The difference is significant. By raising the tire pressure from 24 psi to 30 psi the car’s mileage will improve by 3% to 4%. See the US Department of Energy site on fuel economy here. And most cars are not running at the correct tire pressure. To verify this, check the pressure on the next rental car you use. You will find that the tires are usually low. This increases road comfort – most Americans like a soft squishy ride. The rental car companies don’t care – the cost of replacing tires is part of normal maintenance and already figured into their operating expense. Most users refill the gas tank rather than pay the high charge the rental car companies impose.

Three to four percent may not seem like much, but that matches the total contribution that the Arctic National Wilderness Refuge will provide should it be exploited to capacity. But more pragmatically, what can individuals do? By checking tires, each of us can benefit individually by spending a little bit less for fuel, driving with a little bit more safety and having the tires last a little bit longer. Could manufacturers do anything? Yes, and they already have. Many newer model cars have tire pressure sensors built into the rims, so the driver doesn’t have to get into a service station and scuttle around with a tire pressure gauge, getting road dirt on one’s fingers and clothing. Should newer models have a warning light to alert the driver? Should States require tire pressure checks as part of the annual safety inspection? Or should responsibility remain with the car owner, as sovereign?

This is a particularly interesting test case in that the benefits to the individual and to society are perfectly aligned. By keeping tires at the optimal running pressure, the individual gets a safer, longer lasting, more economical car, and society gets safer traffic and reduced fossil fuel consumption. The only losers in the bargain are the tire manufacturers, who sell fewer replacement tires, and the gas companies, who sell less gasoline. Tire manufacturers like being known for safe, long-lasting, economical tires, and all offer tips to improve these qualities, such as Goodyear and Michelin. Tire manufacturers grade their tires on three parameters: wear, traction, and temperature resistance. The US Department of Transportation describes this grading system here.

States are free to determine whether to inspect cars for safety, emissions, or neither, and how frequently – annually, on sale only, or at some other frequency. About ten states only require emission testing in metropolitan areas, such as Atlanta, GA, which helpfully summarizes inspection programs nationally here.


A tire pressure gauge is inexpensive. Serviceable models cost under $5 at any car parts store, top of the line digital models cost $15 or so. They fit in the glove compartment. Checking the tire pressure takes a few minutes and will save a few dollars.