Category: Usability

Revisiting Security UI – Part 1 of 2

I tend to get excited about things. I’d say one of the key problems I have when writing – blogs, articles, books will probably be even worse here – is that, since I tend to be excited about things, my writing tends to wander to whichever dog has a puffy tail at the moment, and I sometimes look back and end up wishing each piece was tighter and more single-minded.

Take my post last week. Right now I’m excited about Firefox security UI, and about how to do a better job with the way we give users information. This is a good thing for me to be excited about, since it pays my bills. But I want to engender conversation about it, and to build context around my thoughts on the matter, and meandering isn’t necessarily the best way to do that.

So. This is the first of two posts I will write in the next week or so about this stuff. The goal is to outline:

  1. The way things are, and why we need to change them
  2. My thoughts on where we need to be looking to go

This is the first. What are we, as browser builders, doing for the user today when it comes to security UI?

Continue reading “Revisiting Security UI – Part 1 of 2”

2.8 Billion Reasons to Do Better

Padlock by JohnathSo PC World is running an article by Robert McMillan about phishing. It’s not a bad article or anything, it cites the antiphishing workgroup and various Gartner research in non-inflammatory ways (phishing is up 700% year over year, losses for 2006 estimated at $2.8B USD), and basically concludes that the current state of the internet, vis a vis your[1] financial information, is somewhere towards the “festering cesspool of thievery from which no good thing can escape unscathed” end of the spectrum. Pretty standard stuff.

If Robert McMillan should be chastised for any part of it, it is his closing sentence, wherein he takes the too-obvious way out, no doubt because he was reaching his wordcount ceiling, and what the hell else is he going to say:

But to combat ever-adapting phishers, your best protection remains…you.

It’s not Bob’s fault, but this is a pretty awful way to leave things. How on earth are people supposed to do what he asks, particularly when all the evidence he’s just cited points to how profoundly they can’t?

Continue reading “2.8 Billion Reasons to Do Better”

Day 2

I have officially begun. Friday was my first day of paid work with the Mozilla Corporation, and it was tiring. As expected, it mostly revolved around logistical stuff, though I did find some time with beltzner in the afternoon to watch an hour-long introduction to how Mozilla builds a DOM tree (thanks Johnny!)

Basically, what Friday allowed me to do was get my feet sufficiently under myself to come up with this:

bubbl.us Mindmap

I haven’t, historically, done much with mindmapping and other “thinking aids” but right now there is too much bubbling around to keep track of, so it seemed like a useful exercise. Attentive readers will note that the current list of thoughts is both incomplete and horribly short-sighted, stretching out a month at most. This is deliberate – I think it relatively stupid to hop on board on day 1 and to start making long term plans on day 2. I suppose someone will tell me that this makes me an “analytic” personality type, or some such, obsessed with having all the information before making a decision. I would suggest that this is grossly overgeneralized (as personality-classification schemes always, perforce, are) though I will confess to a preference for having some information before making any momentous statements of direction. I have always been nutty that way.

On a personal note, the first day (and, indeed, those leading up to it) has been grand. People at Mozilla are welcoming and congratulatory, people at IBM are well-wishing and congratulatory and, on balance, my LinkedIn profile has never been happier (though it is notably wanting for some more 1-degree-of-separation Mozilla love).

I really do think this was the right move to make, I’m pretty excited to be getting going. I’ll be heading to New York in early March with beltzner to talk to some of the people in the CA/Browser forum, and then later in March I’ll be in Mountain View to meet with some more of my newfound comrades-in-arms. In the meantime I’ll be trying to knock down that web of questions while simultaneously, no doubt, adding whole new subtrees. If anyone reading this wants to point out answers to some of the leaf nodes in that web, or alert me to obvious swaths of unmapped work, I can now officially be reached at johnath@mozilla.com. Huzzah! (Yes, my home email still works just fine, too).

[Update: Yes, the map was made with bubbl.us, mea culpa for not providing tasty linkage. ]

[Update2: Yes, the Johnny Stenback video is available online here. ]

Green Threads

Yesterday I got a package from Dr. Dobb’s Journal with three copies of the January edition, confirming that not only was my latest article in print, but it was a front page feature, huzzah! The article itself can be found online here. My sister-in-law Barb said that it sounded “Drier than toast” so don’t say I didn’t warn you, but I do manage to mention my wife and marijuana grow ops in the first sentence, so really, you knew it had to go downhill from there.

The rest of this post will be dedicated to reprinting an email exchange I just had with a DDJ reader in the States, in anticipation of the fact that he might not be the only person to ask his particular question. Future respondents can thus be directed here, saving the tubes literal hojillions of electrons. [Editor’s note: Firefox 2’s sexy new spellcheck doesn’t like the word hojillions and recommends, instead, “gazillions.” I love you Firefox. Pat, pat.]

Continue reading “Green Threads”

Shibboleth Resumé

HeadshotResumés are funny things because the one thing they don’t tell you is the one thing you want to know. As an employer, what I suspect I really want is a way to separate wheat from chaff. I want a way to say “Yes, fine, you have all the necessary checkboxes in place, but are you one of the good ones?” Even if you allow yourself the confidence necessary to believe that you are indeed one of the good ones, a resume is a terrible medium since, stylistically, it tends to force people down the path of enumeration-sans-substance. What is needed is a shibboleth. Don’t tell me which certifications you have, tell me that you are part of the culture. Don’t tell me what programming languages you know, tell me that you can kick ass and take names. Everyone who isn’t a bozo (seriously, go read that if you’re ever hiring someone) should be trying to hire the brightest lights in the building, so show them how you roll, or find another job to apply for.

That is how I would like things to go down, but even very hip HR folk would have trouble with a shibboleth resumé, I’m guessing. If I were applying for a job tomorrow, it would probably be something involving usability, security, and overall technology development. The resumé I’d send to a shibboleth-friendly company might read like this (standard disclaimers about the fact that any decent resumé almost automatically sounds boastful and egocentric; my apologies): Continue reading “Shibboleth Resumé”

Taskbar Navel Gazing

In Cryptonomicon, Waterhouse beats himself up at one point (I think most people will not remember this part, but it stuck with me for whatever reason) for not being capable enough to decode the waves. The movements of German troops must, so the argument goes, have some seismic influence on the patterns of the waves in the ocean which we ought therefore to be able to decode at the receiving end. Our poor finite brains though, being poor and finite as they are, simply can’t cope with all the interfering variables and hence that information is lost to us. This is an observation that can keep me up nights when I think too much about it, but most of the time I’m content with the watered down version, which is that sometimes a seemingly trivial piece of information can allow a person of suitable constitution to extract deep and elaborate detail.

What with my previous post being a relatively low-res look at how my life has changed at work, I thought another might be in order because what is a blog, really, if not an uninteresting pile of introspective garbage? Behold, my taskbar:
Continue reading “Taskbar Navel Gazing”

On the delicate art of not sucking

Padlock

For those who don’t know me, some introduction. I am an IBM usability specialist. I am also a bit of a computer security hobbyist. I am lots of other things besides, but for the purposes of this article, these two are the relevant bits. As a usability specialist, I work on WebSphere Integration Developer, possibly one of IBM’s most usable software products to date, certainly one of the biggest usability challenges since it involves taking Nth-generation IT concepts like services-oriented architecture and loosely-bound component based application design in a J2EE application environment, and making it accessible to business people without programming skills. As a security hobbyist, I have worked (informally and unpaid) with companies like Cisco and FedEx to fix security issues in their apps before some nastier person got ahold of them. I really don’t want this to sound like strutting because it isn’t, there are lots of people in each domain with much more impressive resumes. It’s just an attempt to establish bona fides so that the next thing I say won’t sound totally stupid.

Security and Usability are basically the exact same kind of problem, and you’re probably doing them wrong.
Continue reading “On the delicate art of not sucking”