Random thoughts
Monday, June 29, 2009
The return of the curvy cucumber
For two decades, the European Union carefully regulated the size and shape of fruit. Often this has been quoted, and rightly so, as an example of the over-regulation by the commission.
Announced in November 2008, the return of the curvy cucumber will become effective on July 1, 2009. Now all those cucumbers and carrots will be “allowed” to grow in all shapes and sizes again (not that they cared too much about EC directives anyway).
Standards usually make life convenient. Just imagine what driving a rental car would be like if manufacturers implemented their own concept of speed and steering controls (too bad that other controls like air condition and radio aren't standardized and often not self-explanatory). Or withdrawing money from the bank without standardized bank cards and ATMs. Or connecting to networks if they weren't all using the same protocols.
Regulating the size and shape of fruit and vegetables, on the other hand, doesn't make life more convenient unless you like to see the cucumbers lined up nicely in the fridge. To me, this is mostly an indication of an unhealthy desire to control everything, including Mother Nature. More than two decades ago, the movement which eventually became the Green party started questioning large technology projects, be it nuclear power plants or ecologically questionable hydropower plants. Many of the environmental and energy related issues still need to be addressed. But, at least we have the curvy cucumber back.
Announced in November 2008, the return of the curvy cucumber will become effective on July 1, 2009. Now all those cucumbers and carrots will be “allowed” to grow in all shapes and sizes again (not that they cared too much about EC directives anyway).
Standards usually make life convenient. Just imagine what driving a rental car would be like if manufacturers implemented their own concept of speed and steering controls (too bad that other controls like air condition and radio aren't standardized and often not self-explanatory). Or withdrawing money from the bank without standardized bank cards and ATMs. Or connecting to networks if they weren't all using the same protocols.
Regulating the size and shape of fruit and vegetables, on the other hand, doesn't make life more convenient unless you like to see the cucumbers lined up nicely in the fridge. To me, this is mostly an indication of an unhealthy desire to control everything, including Mother Nature. More than two decades ago, the movement which eventually became the Green party started questioning large technology projects, be it nuclear power plants or ecologically questionable hydropower plants. Many of the environmental and energy related issues still need to be addressed. But, at least we have the curvy cucumber back.
Labels: business, technology
Wednesday, June 24, 2009
Absentee voting and security
The disputed presidential elections in Iran reminded me of an observation a few weeks ago when the European Union held elections for the European Parliament.
Absentee voting, and mail voting in particular, present some interesting security and privacy challenges. For the European election, voters who wanted to cast their vote outside of their electoral district could request absentee ballots to vote in other districts or by mail. In a commendable effort to make voting as convenient as possible, the administration only required name, address and passport number for requesting absentee ballots and delivered them to voters by regular mail, leaving ample room for misuse already.
But I was unpleasantly surprised when I found a sticker(!) on my mailbox indicating that “important electoral mail” had been delivered:
Well intended for sure, but in my opinion the service orientation really went overboard here. With all the trust in the administration, the electoral process and the people in our neighborhood, privacy and security concerns should be considered.
Absentee voting, and mail voting in particular, present some interesting security and privacy challenges. For the European election, voters who wanted to cast their vote outside of their electoral district could request absentee ballots to vote in other districts or by mail. In a commendable effort to make voting as convenient as possible, the administration only required name, address and passport number for requesting absentee ballots and delivered them to voters by regular mail, leaving ample room for misuse already.
But I was unpleasantly surprised when I found a sticker(!) on my mailbox indicating that “important electoral mail” had been delivered:
Well intended for sure, but in my opinion the service orientation really went overboard here. With all the trust in the administration, the electoral process and the people in our neighborhood, privacy and security concerns should be considered.
Disagreeing with Jakob Nielsen on security—Password masking makes logins more secure
When it comes to usability, disagreeing with Jakob Nielsen is usually not an option. After all, he has been called king, czar, guru or Web usability for a reason, and his Alertbox offers invaluable advise most of the time.
Disagreeing with Jakob Nielsen on security is easier, especially when he advocates to remove password masking as a means to improve usability and claims that this doesn't lower security.
While not offering a high degree of protection, the password masking does a pretty good job for most situations. Certainly, a determined and skilled criminal would be able to observe which keys are pressed, or use other attack vectors to intercept my Web interactions. I am often surrounded by trustworthy people who still shouldn't know my passwords, don't care about my passwords and even politely turn their eyes away while I am logging in. Whether showing someone a Website or doing a demo to a larger audience, accessing protected areas of a site in a semi-public environment like a desk-sharing area at work or logging in from a mobile device, those little stars or dots protect my passwords well from becoming exposed.
Security and usability should not be conflicting objectives; in fact usability is an important aspect for any security system, or users will work around usability issues and use it in unintended ways, like copying and pasting passwords from a text file as Nielsen mentions. An extra checkbox to enable password masking just adds complexity to the user interface and may confuse users more than not being able to see their password.
Typing passwords on mobile devices (or foreign keyboards, for that matter) can be challenging. Some smartphones like the iPhone or the Nokia N95 show the letter as typed but then quickly replacing it with an asterisk, which is a reasonable compromise.
Instead of cluttering Web forms with additional checkboxes, web developers should demand that browsers and mobile devices provide an option to remove password masking when desired by the user. This would maintain the current level of security by not exposing the passwords to people looking over users' shoulders and address the usability issue for those who have difficulty typing their password and would benefit from visual feedback.
Until then, use this JavaScript bookmarklet to unmask password fields as needed:
(all on one line, or simply drag the Unmask passwords bookmarklet link to your bookmarks).
PS. More ways to reveal passwords in a controlled manner can be found in Martin Brinkmann's blog post Reveal your saved Passwords in Firefox.
Disagreeing with Jakob Nielsen on security is easier, especially when he advocates to remove password masking as a means to improve usability and claims that this doesn't lower security.
While not offering a high degree of protection, the password masking does a pretty good job for most situations. Certainly, a determined and skilled criminal would be able to observe which keys are pressed, or use other attack vectors to intercept my Web interactions. I am often surrounded by trustworthy people who still shouldn't know my passwords, don't care about my passwords and even politely turn their eyes away while I am logging in. Whether showing someone a Website or doing a demo to a larger audience, accessing protected areas of a site in a semi-public environment like a desk-sharing area at work or logging in from a mobile device, those little stars or dots protect my passwords well from becoming exposed.
Security and usability should not be conflicting objectives; in fact usability is an important aspect for any security system, or users will work around usability issues and use it in unintended ways, like copying and pasting passwords from a text file as Nielsen mentions. An extra checkbox to enable password masking just adds complexity to the user interface and may confuse users more than not being able to see their password.
Typing passwords on mobile devices (or foreign keyboards, for that matter) can be challenging. Some smartphones like the iPhone or the Nokia N95 show the letter as typed but then quickly replacing it with an asterisk, which is a reasonable compromise.
Instead of cluttering Web forms with additional checkboxes, web developers should demand that browsers and mobile devices provide an option to remove password masking when desired by the user. This would maintain the current level of security by not exposing the passwords to people looking over users' shoulders and address the usability issue for those who have difficulty typing their password and would benefit from visual feedback.
Until then, use this JavaScript bookmarklet to unmask password fields as needed:
for(var i=0;(var a=document.getElementsByTagName("input")[i]);i++){
if(a.getAttribute("type").indexOf("password")!=-1){
a.type="text"
}
}
window.focus();
(all on one line, or simply drag the Unmask passwords bookmarklet link to your bookmarks).
PS. More ways to reveal passwords in a controlled manner can be found in Martin Brinkmann's blog post Reveal your saved Passwords in Firefox.
Labels: technology, usability, webdevelopment
Friday, June 5, 2009
World Environmental Day 2009
Just in time for the World Environmental Day 2009, this morning a colleague shared an amazing animation showing air traffic over a 24 hour period:
Every yellow dot represents a flight with at least 250 passengers.
The animation was developed by the ZHAW Zürcher Hochschule für Angewandte Wissenschaften in cooperation with the Swiss science center Technorama (Larger version of the Air Traffic Worldwide video from ZHAW).
Watching this it becomes clear how even smallest improvements in fuel efficiency, reduction of emissions and optimization of flight patterns reduce the environmental impact (not that flying or most other forms of transportation will ever become eco-friendly). Smart traffic and transportation is also a theme in IBM's Smarter planet initiative.
So what did I do on World Environmental Day 2009? Nothing special, I used public transport as I do whenever possible, looked for local, organically grown food when doing my grocery shopping at the Naschmarkt (although a recent study suggests that shipping fruits and vegetables from warmer countries like Spain may be better environmentally than growing them in greenhouses locally, so much for trying to do the right thing), separated my waste—and calculated my ecological footprint at ecologicalfootprint.com and myfootprint.org, a great reminder how many of us use an above average share of natural resources.
Every yellow dot represents a flight with at least 250 passengers.
The animation was developed by the ZHAW Zürcher Hochschule für Angewandte Wissenschaften in cooperation with the Swiss science center Technorama (Larger version of the Air Traffic Worldwide video from ZHAW).
Watching this it becomes clear how even smallest improvements in fuel efficiency, reduction of emissions and optimization of flight patterns reduce the environmental impact (not that flying or most other forms of transportation will ever become eco-friendly). Smart traffic and transportation is also a theme in IBM's Smarter planet initiative.
So what did I do on World Environmental Day 2009? Nothing special, I used public transport as I do whenever possible, looked for local, organically grown food when doing my grocery shopping at the Naschmarkt (although a recent study suggests that shipping fruits and vegetables from warmer countries like Spain may be better environmentally than growing them in greenhouses locally, so much for trying to do the right thing), separated my waste—and calculated my ecological footprint at ecologicalfootprint.com and myfootprint.org, a great reminder how many of us use an above average share of natural resources.
Labels: travel