ui

Steve Jobs, genius

From Stephen Fry’s “Steve Jobs” (The New Adventures of Stephen Fry: 6 October 2011):

Henry Ford didn’t invent the motor car, Rockefeller didn’t discover how to crack crude oil into petrol, Disney didn’t invent animation, the Macdonald brothers didn’t invent the hamburger, Martin Luther King didn’t invent oratory, neither Jane Austen, Tolstoy nor Flaubert invented the novel and D. W. Griffith, the Warner Brothers, Irving Thalberg and Steven Spielberg didn’t invent film-making. Steve Jobs didn’t invent computers and he didn’t invent packet switching or the mouse. But he saw that there were no limits to the power that creative combinations of technology and design could accomplish.

I once heard George Melly, on a programme about Louis Armstrong, do that dangerous thing and give his own definition of a genius. “A genius,” he said, “is someone who enters a field and works in it and when they leave it, it is different. By that token, Satchmo was a genius.” I don’t think any reasonable person could deny that Steve Jobs, by that same token, was a genius too.

Steve Jobs, genius Read More »

Refusing a technology defines you

From Sander Duivestein’s “Penny Thoughts on the Technium” (The Technium: 1 December 2009):

I‘m interested in how people personally decide to refuse a technology. I’m interested in that process, because I think that will happen more and more as the number of technologies keep increasing. The only way we can sort our identity is by not using technology. We’re used to be that you define yourself by what you use now. You define yourself by what you don’t use. So I’m interested in that process.

Refusing a technology defines you Read More »

How to deal with the fact that users can’t learn much about security

From Bruce Schneier’s “Second SHB Workshop Liveblogging (4)” (Schneier on Security: 11 June 2009):

Diana Smetters, Palo Alto Research Center …, started with these premises: you can teach users, but you can’t teach them very much, so you’d better carefully design systems so that you 1) minimize what they have to learn, 2) make it easier for them to learn it, and 3) maximize the benefit from what they learn. Too often, security is at odds with getting the job done. “As long as configuration errors (false alarms) are common, any technology that requires users to observe security indicators and react to them will fail as attacks can simply masquerade as errors, and users will rationally ignore them.” She recommends meeting the user halfway by building new security models that actually fit the users’ needs.

How to deal with the fact that users can’t learn much about security Read More »

The watchclock knows where your night watchman is

Detex Watchclock Station
Creative Commons License photo credit: 917press

From Christopher Fahey’s “Who Watches the Watchman?” (GraphPaper: 2 May 2009):

The Detex Newman watchclock was first introduced in 1927 and is still in wide use today.

&hellip What could you possibly do in 1900 to be absolutely sure a night watchman was making his full patrol?

An elegant solution, designed and patented in 1901 by the German engineer A.A. Newman, is called the “watchclock”. It’s an ingenious mechanical device, slung over the shoulder like a canteen and powered by a simple wind-up spring mechanism. It precisely tracks and records a night watchman’s position in both space and time for the duration of every evening. It also generates a detailed, permanent, and verifiable record of each night’s patrol.

What’s so interesting to me about the watchclock is that it’s an early example of interaction design used to explicitly control user behavior. The “user” of the watchclock device is obliged to behave in a strictly delimited fashion.

The key, literally, to the watchclock system is that the watchman is required to “clock in” at a series of perhaps a dozen or more checkpoints throughout the premises. Positioned at each checkpoint is a unique, coded key nestled in a little steel box and secured by a small chain. Each keybox is permanently and discreetly installed in strategically-placed nooks and crannies throughout the building, for example in a broom closet or behind a stairway.

The watchman makes his patrol. He visits every checkpoint and clicks each unique key into the watchclock. Within the device, the clockwork marks the exact time and key-location code to a paper disk or strip. If the watchman visits all checkpoints in order, they will have completed their required patrol route.

The watchman’s supervisor can subsequently unlock the device itself (the watchman himself cannot open the watchclock) and review the paper records to confirm if the watchman was or was not doing their job.

The watchclock knows where your night watchman is Read More »

Steve Jobs on mediocrity & market share

From Steven Levy’s “OK, Mac, Make a Wish: Apple’s ‘computer for the rest of us’ is, insanely, 20” (Newsweek: 2 February 2004):

If that’s so, then why is the Mac market share, even after Apple’s recent revival, sputtering at a measly 5 percent? Jobs has a theory about that, too. Once a company devises a great product, he says, it has a monopoly in that realm, and concentrates less on innovation than protecting its turf. “The Mac user interface was a 10-year monopoly,” says Jobs. “Who ended up running the company? Sales guys. At the critical juncture in the late ’80s, when they should have gone for market share, they went for profits. They made obscene profits for several years. And their products became mediocre. And then their monopoly ended with Windows 95. They behaved like a monopoly, and it came back to bite them, which always happens.”

Steve Jobs on mediocrity & market share Read More »

ODF compared & constrasted with OOXML

From Sam Hiser’s “Achieving Openness: A Closer Look at ODF and OOXML” (ONLamp.com: 14 June 2007):

An open, XML-based standard for displaying and storing data files (text documents, spreadsheets, and presentations) offers a new and promising approach to data storage and document exchange among office applications. A comparison of the two XML-based formats–OpenDocument Format (“ODF”) and Office Open XML (“OOXML”)–across widely accepted “openness” criteria has revealed substantial differences, including the following:

  • ODF is developed and maintained in an open, multi-vendor, multi-stakeholder process that protects against control by a single organization. OOXML is less open in its development and maintenance, despite being submitted to a formal standards body, because control of the standard ultimately rests with one organization.
  • ODF is the only openly available standard, published fully in a document that is freely available and easy to comprehend. This openness is reflected in the number of competing applications in which ODF is already implemented. Unlike ODF, OOXML’s complexity, extraordinary length, technical omissions, and single-vendor dependencies combine to make alternative implementation unattractive as well as legally and practically impossible.
  • ODF is the only format unencumbered by intellectual property rights (IPR) restrictions on its use in other software, as certified by the Software Freedom Law Center. Conversely, many elements designed into the OOXML formats but left undefined in the OOXML specification require behaviors upon document files that only Microsoft Office applications can provide. This makes data inaccessible and breaks work group productivity whenever alternative software is used.
  • ODF offers interoperability with ODF-compliant applications on most of the common operating system platforms. OOXML is designed to operate fully within the Microsoft environment only. Though it will work elegantly across the many products in the Microsoft catalog, OOXML ignores accepted standards and best practices regarding its use of XML.

Overall, a comparison of both formats reveals significant differences in their levels of openness. While ODF is revealed as sufficiently open across all four key criteria, OOXML shows relative weakness in each criteria and offers fundamental flaws that undermine its candidacy as a global standard.

ODF compared & constrasted with OOXML Read More »

My new book – Google Apps Deciphered – is out!

I’m really proud to announce that my 5th book is now out & available for purchase: Google Apps Deciphered: Compute in the Cloud to Streamline Your Desktop. My other books include:

(I’ve also contributed to two others: Ubuntu Hacks: Tips & Tools for Exploring, Using, and Tuning Linux and Microsoft Vista for IT Security Professionals.)

Google Apps Deciphered is a guide to setting up Google Apps, migrating to it, customizing it, and using it to improve productivity, communications, and collaboration. I walk you through each leading component of Google Apps individually, and then show my readers exactly how to make them work together for you on the Web or by integrating them with your favorite desktop apps. I provide practical insights on Google Apps programs for email, calendaring, contacts, wikis, word processing, spreadsheets, presentations, video, and even Google’s new web browser Chrome. My aim was to collect together and present tips and tricks I’ve gained by using and setting up Google Apps for clients, family, and friends.

Here’s the table of contents:

  • 1: Choosing an Edition of Google Apps
  • 2: Setting Up Google Apps
  • 3: Migrating Email to Google Apps
  • 4: Migrating Contacts to Google Apps
  • 5: Migrating Calendars to Google Apps
  • 6: Managing Google Apps Services
  • 7: Setting Up Gmail
  • 8: Things to Know About Using Gmail
  • 9: Integrating Gmail with Other Software and Services
  • 10: Integrating Google Contacts with Other Software and Services
  • 11: Setting Up Google Calendar
  • 12: Things to Know About Using Google Calendar
  • 13: Integrating Google Calendar with Other Software and Services
  • 14: Things to Know About Using Google Docs
  • 15: Integrating Google Docs with Other Software and Services
  • 16: Setting Up Google Sites
  • 17: Things to Know About Using Google Sites
  • 18: Things to Know About Using Google Talk
  • 19: Things to Know About Using Start Page
  • 20: Things to Know About Using Message Security and Recovery
  • 21: Things to Know About Using Google Video
  • Appendix A: Backing Up Google Apps
  • Appendix B: Dealing with Multiple Accounts
  • Appendix C: Google Chrome: A Browser Built for Cloud Computing

If you want to know more about Google Apps and how to use it, then I know you’ll enjoy and learn from Google Apps Deciphered. You can read about and buy the book at Amazon (http://www.amazon.com/Google-Apps-Deciphered-Compute-Streamline/dp/0137004702) for $26.39. If you have any questions or comments, don’t hesitate to contact me at scott at granneman dot com.

My new book – Google Apps Deciphered – is out! Read More »

To solve a problem, you first have to figure out the problem

From Russell L. Ackoff & Daniel Greenberg’s Turning Learning Right Side Up: Putting Education Back on Track (2008):

A classic story illustrates very well the potential cost of placing a problem in a disciplinary box. It involves a multistoried office building in New York. Occupants began complaining about the poor elevator service provided in the building. Waiting times for elevators at peak hours, they said, were excessively long. Several of the tenants threatened to break their leases and move out of the building because of this…

Management authorized a study to determine what would be the best solution. The study revealed that because of the age of the building no engineering solution could be justified economically. The engineers said that management would just have to live with the problem permanently.

The desperate manager called a meeting of his staff, which included a young recently hired graduate in personnel psychology…The young man had not focused on elevator performance but on the fact that people complained about waiting only a few minutes. Why, he asked himself, were they complaining about waiting for only a very short time? He concluded that the complaints were a consequence of boredom. Therefore, he took the problem to be one of giving those waiting something to occupy their time pleasantly. He suggested installing mirrors in the elevator boarding areas so that those waiting could look at each other or themselves without appearing to do so. The manager took up his suggestion. The installation of mirrors was made quickly and at a relatively low cost. The complaints about waiting stopped.

Today, mirrors in elevator lobbies and even on elevators in tall buildings are commonplace.

To solve a problem, you first have to figure out the problem Read More »

To combat phishing, change browser design philosophy

From Federico Biancuzzi’s “Phishing with Rachna Dhamija” (SecurityFocus: 19 June 2006):

We discovered that existing security cues are ineffective, for three reasons:

1. The indicators are ignored (23% of participants in our study did not look at the address bar, status bar, or any SSL indicators).

2. The indicators are misunderstood. For example, one regular Firefox user told me that he thought the yellow background in the address bar was an aesthetic design choice of the website designer (he didn’t realize that it was a security signal presented by the browser). Other users thought the SSL lock icon indicated whether a website could set cookies.

3. The security indicators are trivial to spoof. Many users can’t distinguish between an actual SSL indicator in the browser frame and a spoofed image of that indicator that appears in the content of a webpage. For example, if you display a popup window with no address bar, and then add an image of an address bar at the top with the correct URL and SSL indicators and an image of the status bar at the bottom with all the right indicators, most users will think it is legitimate. This attack fooled more than 80% of participants. …

Currently, I’m working on other techniques to prevent phishing in conjunction with security skins. For example, in a security usability class I taught this semester at Harvard, we conducted a usability study that shows that simply showing a user’s history information (for example, “you’ve been to this website many times” or “you’ve never submitted this form before”) can significantly increase a user’s ability to detect a spoofed website and reduce their vulnerability to phishing attacks. Another area I’ve been investigating are techniques to help users recover from errors and to identify when errors are real, or when they are simulated. Many attacks rely on users not being able to make this distinction.

You presented the project called Dynamic Security Skins (DSS) nearly one year ago. Do you think the main idea behind it is still valid after your tests?

Rachna Dhamija: I think that our usability study shows how easy it is to spoof security indicators, and how hard it is for users to distinguish legitimate security indicators from those that have been spoofed. Dynamic Security Skins is a proposal that starts from the assumption that any static security indicator can easily be copied by attacker. Instead, we propose that users create their own customized security indicators that are hard for an attacker to predict. Our usability study also shows that indicators placed in the periphery or outside of the user’s focus of attention (such as the SSL lock icon in the status bar) may be ignored entirely by some users. DSS places the security indicator (a secret image) at the point of password entry, so the user can not ignore it.

DSS adds a trusted window in the browser dedicated to username and password entry. The user chooses a photographic image (or is assigned a random image), which is overlaid across the window and text entry boxes. If the window displays the user’s personal image, it is safe for the user to enter his password. …

With security skins, we were trying to solve not user authentication, but the reverse problem – server authentication. I was looking for a way to convey to a user that his client and the server had successfully negotiated a protocol, that they have mutually authenticated each other and agreed on the same key. One way to do this would be to display a message like “Server X is authenticated”, or to display a binary indicator, like a closed or open lock. The problem is that any static indicator can be easily copied by an attacker. Instead, we allow the server and the user’s browser to each generate an abstract image. If the authentication is successful, the two images will match. This image can change with each authentication. If it is captured, it can’t be replayed by an attacker and it won’t reveal anything useful about the user’s password. …

Instead of blaming specific development techniques, I think we need to change our design philosophy. We should assume that every interface we develop will be spoofed. The only thing an attacker can’t simulate is an interface he can’t predict. This is the principle that DSS relies on. We should make it easy for users to personalize their interfaces. Look at how popular screensavers, ringtones, and application skins are – users clearly enjoy the ability to personalize their interfaces. We can take advantage of this fact to build spoof resistant interfaces.

To combat phishing, change browser design philosophy Read More »

The Vitruvian Triad & the Urban Triad

From Andrés Duany’s “Classic Urbanism“:

From time to time there appears a concept of exceptional longevity. In architecture, the pre-eminent instance is the Vitruvian triad of Comoditas, Utilitas, e Venustas. This Roman epigram was propelled into immortality by Lord Burlington’s felicitous translation as Commodity, Firmness and Delight.

It has thus passed down the centuries and remains authoritative, even if not always applied in practice; Commodity: That a building must accommodate its program; Firmness: That it must stand up to the natural elements, among them gravity; Delight: that it must be satisfying to the eye, is with the aberrant exception of the tiny, current avant garde, the ideal of architecture. …

Let me propose the urban triad of Function, Disposition and Configuration as categories that would both describe and “test” the urban performance of a building.

Function describes the use to which the building lends itself, towards the ideal of mixed-use. In urbanism the range of function a first cut may include: exclusively residential, primarily residential, primarily commercial or exclusively commercial. The middle two being the best in urban performance although the extremes have justification in the urban to rural transect. An elaboration should probably differentiate the function at the all-important sidewalk level from the function above.

Disposition describes the location of the building on its lot or site. This may range from a building placed across the frontage of its lot, creating a most urban condition to the rural condition of the building freestanding in the center of its site. Perhaps the easiest way to categorize the disposition of the building is by describing it by its yards: The rearyard building has the building along the frontage, the courtyard building internalizes the space and is just as urban, the sideyard building is the zero-lot line or “Charleston single house” and the edgeyard building is a freestanding object closest to the rural edge of the transect.

The third component of the urban triad is Configuration. This describes the massing, height of a building and, for those who believe that harmony is a tool of urbanism, the architectural syntax and constructional tectonic. It can be argued that the surface of a building is a tool of urbanism no less than its form. Silence of expression is required to achieve the “wall” that defines public space, and that reserves the exalted configuration to differentiate the public building. Harmony in the architectural language is the secret of mixed-use. People seem not to mind variation of function as long as the container looks similar. It is certainly a concern of urbanism.

The Vitruvian Triad & the Urban Triad Read More »

Vitruvian Triad terminology

From “Good Architecture“:

In ‘building architecture’, for comparison, we have the 3 classic Vitruvian qualities to which ‘GoodArchitecture’ aspires:

‘Firmitas, Utilitas and Venustas’ (Marcus Vitruvius Pollio ‘The Ten Books of Architecture’ 1st C AD).

These qualities may be translated as: ‘Technology, Function and Form’ (C St J Wilson ‘ArchitecturalReflections?; Studies in the Philosophy and Practice of Architecture’ 1992 ISBN 0-7506-1283-5

or, in the slightly more familiar but antique: ‘Firmness, Commodity & Delight’

— MartinNoutch

Vitruvian Triad terminology Read More »

The structure & meaning of the URL as key to the Web’s success

From Clay Shirky’s “The Semantic Web, Syllogism, and Worldview“:

The systems that have succeeded at scale have made simple implementation the core virtue, up the stack from Ethernet over Token Ring to the web over gopher and WAIS. The most widely adopted digital descriptor in history, the URL, regards semantics as a side conversation between consenting adults, and makes no requirements in this regard whatsoever: sports.yahoo.com/nfl/ is a valid URL, but so is 12.0.0.1/ftrjjk.ppq. The fact that a URL itself doesn’t have to mean anything is essential — the Web succeeded in part because it does not try to make any assertions about the meaning of the documents it contained, only about their location.

The structure & meaning of the URL as key to the Web’s success Read More »

The history of tabs (card, folder, & UI)

From Technology Review‘s “Keeping Tabs“:

Starting in the late 14th century, scribes began to leave pieces of leather at the edges of manuscripts for ready reference. But with the introduction of page numbering in the Renaissance, they went out of fashion.

The modern tab was an improvement on a momentous 19th-century innovation, the index card. Libraries had previously listed their books in bound ledgers. During the French Revolution, authorities divided the nationalized collections of monasteries and aristocrats among public institutions, using the backs of playing cards to record data about each volume. …

It took decades to add tabs to cards. In 1876, Melvil Dewey, inventor of decimal classification, helped organize a company called the Library Bureau, which sold both cards and wooden cases. An aca­demic entrepreneur, Dewey was a perfectionist supplier. His cards were made to last, made from linen recycled from the shirt factories of Troy, NY. His card cabi­nets were so sturdy that I have found at least one set still in use, in excellent order. Dewey also standardized the dimension of the catalogue card, at three inches by five inches, or rather 75 millimeters by 125 millimeters. (He was a tireless advocate of the metric system.) …

The tab was the idea of a young man named James Newton Gunn (1867–1927), who started using file cards to achieve savings in cost accounting while working for a manufacturer of portable forges. After further experience as a railroad cashier, Gunn developed a new way to access the contents of a set of index cards, separating them with other cards distinguished by projections marked with letters of the alphabet, dates, or other information.

Gunn’s background in bookkeeping filled what Ronald S. Burt, the University of Chicago sociologist, has called a structural hole, a need best met by insights from unconnected disciplines. In 1896 he applied for a U.S. patent, which was granted as number 583,227 on May 25, 1897. By then, Gunn was working for the Library Bureau, to which he had sold the patent. …

The Library Bureau also produced some of the first modern filing cabinets, proudly exhibiting them at the World’s Columbian Exposition in Chicago in 1893. Files had once been stored horizontally on shelves. Now they could be organized with file folders for better visibility and quicker access. …

But the tab is [Gunn’s] lasting legacy. And it is ubiquitous: in the dialogue boxes of Microsoft Windows and Mac OS X, at the bottom of Microsoft Excel spreadsheets, at the side of Adobe Acrobat documents, across the top of the Opera and Firefox Web browsers, and—even now—on manila file folders. We’ve kept tabs.

The history of tabs (card, folder, & UI) Read More »

Tools vs. tasks

From Adam Fields’s blog post, "Unthrilled with the Office 12 UI":

Over many years of designing custom content management interfaces for lots of people to use, it became crystal clear that there’s a huge difference between a “tool” and a “task”. A tool is a function that lets the user do something, but a task is a function that lets the user accomplish something.

In my experience, most successful content management interfaces are primarily task-based. When the user sits down in front of the computer, the goal is to get something done, not just use some tools. Tasks are for most people (beginners and power users alike), but tools are for power users. If you know what you want to do, but it doesn’t fit nicely into the framework of getting something done, you need a tool. Tasks should be the default.

Tools vs. tasks Read More »