Archive for the ‘Edge Case Design’ Category

Minimal GPS for a Motorbike

June 30, 2018

As a motorcyclist I often need a GPS to help get somewhere. I don’t want or need a dedicated unit because (a) they’re expensive and (b) Google Maps, Waze, or Here on my phone are rock solid and why would I want to pay for something that doesn’t do as good a job. Yes, I know they need phone coverage for live traffic routing, and apart from Here they don’t have a good download/off-line solution, but its rare that I have no coverage with my riding (YMMV of course).

What I don’t like though is clunky phone mounts that leave my expensive pocket computer at the mercy of the weather, stone chips, and taking a tumble if I don’t get it properly secured. And to be honest, while the mapping apps have great UX for a car driver or pedestrian, as a motorcyclist I really want a very focussed, minimalistic UI so minimize distraction.

I think my ideal solution would be a small waterproof/shockproof device, that has versatile mounting options (to cater for everything from pushbikes, to scooters, to Cruisers, Tourers, or Street Bikes), can be powered from the bike and/or contain a rechargeable battery, that supports Bluetooth (4.x/LE) to be driven from the phone and has an eInk display with a photocell and backlight for automatically providing good visibility in any lighting condition.

The display would show just the basics of what I need to navigate – the turn I’m coming up to (and how far away it is, and ideally an indication of what comes after that if it’s going to be in close proximity), what lane I need to be in (especially helpful for roundabouts or complex junctions) and not much else. Speed limit reminders, clock, time to destination, and other notifications would be handy but optional (my bike has a clock so I’d be happy to have the screen real estate optimized to not show that, but as my previous bike didn’t have one I would have liked it, so let the rider decide).

While I’m not a fan of notifications about text messages, emails, snapchats etc I can see the benefit of a non-obtrusive icon to allow filtered notifications (eg let me know my family is trying to get hold of me).

Sadly I think we’re stuck with a catch-22. Without a hardware device to display this information there’s no incentive for Google, Apple, or Here to add support for a minimal external display to their Maps apps, and without the APIs or support in the apps to pipe minimal directions and graphics then it’s hard to see anyone going to the expense of creating the device.

As we slowly get to a future where HUD displays become more of a reality for motorcyclists (I always wanted to try Google Glass in that scenario) having this minimal UX available to project in that limited space would be a great way for a mapping provider to win hearts and minds of a sizable community…

Update: Looks like there’s a possible solution in the Beeline Moto … pledged for one of these so maybe it’ll answer my need (though not sure if the single arrow display is too minimal)

Calendars still need too much thought

June 27, 2018

Scheduling a meeting is a pain. Finding free spots on people’s calendars can be difficult especially with a distributed team that might span a couple of timezones. Another wrinkle is being able to combine work and personal calendars to avoid needing to try and keep things like dentist appointments in sync across both. I’ve yet to find a calendaring app that deals particularly well with these sorts of real-world problems.

Having the ability to “share, but not co-mingle” work and personal calendars would be great. By default personal appointments would be private but visible to the owner, and editing in either the work or private calendar would sync (across systems and domains – don’t expect people to do everything in just Google or Exchange). Only personal appointment specifically marked as ‘blocking’ would show as unavailable during work hours (but when viewing a calendar request I’d see any work or personal appointments that might conflict).

I have an added level of complexity for scheduling though. I travel quite a lot, and often in very different timezones so scheduling a meeting (or letting other people book my time) can be complicated. It shouldn’t be, computers really should be able to help us with things like this.

If my travel plans are available, there is a way to find out when I’m on flights (and Outlook does a pretty good job of understanding the reservation emails and blocking out my calendar) so it knows where I’ll be… why not adjust my ‘work hours’ to local time and make that availability visible to people trying to schedule appointments to avoid the need for me to reply and try and reschedule (often multiple people).

Calendaring is such a fundamental part of everyones lives, it seems strange that despite lots of pretty UI changes and the ability to import holidays the capabilities haven’t really improved that much since the tools I was using in 1999 to todays systems.

Conference Calls – room for innovation

June 26, 2018

How often have you wanted to join a conference call, but been thwarted or frustrated by the complexity of actually dialing in. Even with dedicated apps like WebEx or Skype for Business it’s not easy, and all the vendors seem to exhibit a certain arrogance about the value of their service that precludes actually addressing usability. (more…)

A visit to the optician opened my eyes

May 30, 2017

For many years the annual trip to the optician, courtesy of my sub-optimal eyesight, was a routine chore that was always accompanied with a nagging sense of failure.

If you’ve ever had your eyes tested you probably know the feeling. Does option 1 make it clearer or darker, or option 2? Is A crisper or B? And no matter what you answer it always feels like, because you are conscious of your ocular faults, it feels like you’re wrong.

When it comes to designing systems – be it functional design, or the user experience – there’s always that same risk. The person answering the question feels like they are somehow “wrong” with their answers. And that makes them hesitant to elaborate.

At my latest eye exam – as it turns out for Lasik – I mentioned that awkward feeling to the optician and they told me something that I wish I’d heard on one of my first visits. “The answers are not right or wrong, they’re just parts of the diagnostic process”. Option1 or 2, A or B. It doesn’t matter. What matters is the differential data it provides the questioner to help refine their understanding of the problem and deliver a correct solution.

My takeaway from this realization is simple. Before asking someone what they need from a system it is important to help them understand that there are no “right” or “wrong” answers, but any responses (and the weight that they give those responses) simply helps provide data to inform the decision. In fact, as a good diagnostician the answers will simply help guide the discovery process rather than just delivery a binary result.

Of course, that still means that the questioner is going to have a subtle, nagging sensation that they’re not asking the right questions… but that’s probably a good thing as that will encourage them to keep refining their approach, and continue to iterate, as they learn more, both from individual interviews but also repeated experiences.

Oh, and the Lasik operation … amazing. Wish I’d stepped out of my comfort zone and done it many years ago.

jsNoSpam – make it harder for bots to find your email address

March 6, 2016

If you want to put an email address on a web page, and have it human readable and easy to click on to open up in a mail client you run the risk of exposing yourself to one of the sleazier sides of the internet. Spam email. There are bots out there which relentlessly hunt down email addresses so their masters can deluge you with unsolicited commercial email (or worse, virus infections).

The best solution is to never show the email address – get your users to use a “Contact Us” form or similar so that there’s nothing for the bots to find. But sometimes you can’t do that, either because of how the pages are hosted or your client simply doesn’t want you to.

So… jsNoSpam was born. 100% javascript, so all client side and easy to insert anywhere that allows you to edit raw HTML and include javascript.

The script works by doing a number of things…

  • Requires you to encode the email addresses so they never appear in a recognizable form in the script or HTML source.
  • Supports decoding the email address back to a usable format
  • Allows you to display the de-coded address on the page, or to require a user action (mouse over, click, keyboard navigation etc) before revealing the address.

Because the email address which is inserted into the page via the script is clickable and usable like any regular mailto: link would be user inconvenience is reduced to a minimum, but the effort for a bot to scrape the address is increased and hopefully as there are enough potential variants in how the script can be applied it will keep it ahead of the game.

Here is a live demo of the code in action.

The code is hosted on GitHub, and is open source and unrestricted license (though it would be great if you find it useful if you comment here). It’s been tested in as many browsers as I can and also with assistive technologies (eg NVDA) but if you do find an issue please comment (or better yet fire off a pull request for me to incorporate your fix).

On their own, the techniques used (encoding the address, requiring user intervention etc) are not new, but hopefully combined they will produce a robust enough solution for people who need this workaround.

Security of individual accounts matters (but not to Starbucks)

June 22, 2015

There has been a lot written recently about major system compromises, where banks, Government departments, Healthcare, and other companies are targeted and huge collections of personal information get harvested. Often lasting for months before discovered these attacks reveal PII (Personally Identifiable Information) such as social security numbers, dates of birth, addresses, email addresses and, in too many cases, passwords.

Defending against these attacks is an on-going challenge, but storing information in a way that it can be harvested has a significant impact on users of the service – ranging from identity theft to direct financial loss.

But it is not just servers where the risks lie. Poor information security on the end user experiences compromise individual accounts and can be hard to detect, easy to overlook because of how it’s reported.

Starbucks original logoEarlier this year Starbucks was mentioned as a possible victim of one of these attacks as users accounts mysteriously were being accessed. To remedy this Starbucks rolled out an update to their iOS app and presumably their Android app. This may or may not have improved things for their website or for 3rd party apps running on other platforms. Most of their response appeared to have been PR and damage limitation rather than really beefing up security.

Recently I experienced one of these mysterious losses. While I was in Australia on business someone in Ontario Canada was apparently using my card. And thanks to the convenient auto-reload facility on my account the system kept merrily making more funds available to the thief.

(more…)

Connected Cars and Smarter Smartphones

June 25, 2014

As smartphones get smarter, and cars more connected it seems to me that there is a huge untapped market. Not everyone will replace their car along with their phone (or vice versa) so an opportunity exists to create a flexible, standards based solution both for new vehicles and aftermarket retro fit scenarios.

Luckily many of the standards needed to deliver this already exist. Bluetooth, NFC, wireless charging, ODB-II can all combine to present a seamless experience – if only the software was available to tie it all together… (more…)

Lazy developers make for bad user experiences

March 18, 2013

As a developer I can appreciate that dealing with user input is a pain. Dealing with anything messy humans do is always more annoying than handling nice clean inputs from an API. Developers and designers are human too, and they should think about the experiences they are creating, and how a little bit of consideration for the user can turn a frustrating process into a moment of delight.

  • Required fields: Indicate visually when a field is required, and ask yourself if the field is actually required for what the user is trying to do (delight them and they’ll come back and share more information incrementally). Especially in a world of security leaks I like to minimize what I share and you should help with that.
  • Formatting (phone and credit card numbers) is irrelevant: Should I enter my cell as (425)-555-5555, 4255555555, 425 555 5555 or something else? Actually all of those should be valid as it doesn’t take much effort to strip out spaces, dashes and brackets when you’re validating a credit card or phone number. If you need a particular format for your database or display then re-format it… but don’t force the user to comply with a rigid structure to make your life easier.
  • Don’t be redundant: Don’t make me tell you what type of credit card I’ve entered the number for. Using a simple issuer lookup you can tell me if I just entered an Amex or a Mastercard. If you need me to write an look-up API for you I will, just leave a note in the comments.
  • Passwords are a pain to remember: Just because you think the password rules on your site are obvious (at least one capital, one digit, only special character is an underscore and it must start with a different letter than your username) users have lots of passwords. Give them a reminder next to a where they have to enter it what those arbitrary rules are, ideally on initial entry and as an absolute must if validation fails.
  • Don’t ask me the same thing twice: In the US a ZIP code can tell me the City and State. Same in Australia or New Zealand or the UK and pretty much anywhere else. Can anyone explain to me why I have to enter both 90210 and Beverly Hills, California on a million forms? By all means display the City/State for me to confirm but don’t waste my time asking me to do a computers job. That thing I said about look-up APIs earlier, still true
  • Don’t be forgetful: Computers are good at remembering stuff, if developers are not being lazy. If I fill in a field or check a box on a form and something goes wrong with validation the only field I should reasonably be expected to re-enter is the password (and if you validate that and it passes assume I know my password and don’t make me rekey those asterisks again). If I checked “accept Ts&Cs” or “Don’t email me crap” the first time… I probably meant it so don’t forget it because I didn’t get my phone number in exactly the format you like.
  • On-the-fly, context sensitive validation is awesome: Make use of onchange and onblur events and Ajax to check each field as I go to save the user scrolling up and down a page to find what failed. Basic validation, like credit card checksums, for fields that are easy to miskey should not require a full form submission
  • When things go wrong, show me: When you finally get to a full round trip validation and have to show the user some errors you need correcting don’t just bundle some obscure messages at the top of the page – use visual cues and clear explanations to guide them to get it right

By making the process simple and eliminating points where the user can stumble your helping ensure that your form is not a roadblock where the user might get frustrated and abandon the process. When you go to the supermarket you look for the shortest line, or the easiest way to checkout, and you get frustrated if the process isn’t smooth. It’s just the same on the Web.

Even if you think you’ve gone beyond the things I mention above have you gone far enough? Are you watching your logs and other telemetry to see what fields users are stumbling on? Could you streamline the process further?

Your challenge: As designers and developers you should embrace the opportunity to streamline your users experience, and use every tool at your disposal to deliver a great user experience.

eBooks or paperbacks…

August 22, 2011

While I’m a fan of my Kindle (and the Kindle app on my phone) I still have a problem with the whole ebook pricing and licensing model and it’s best summed up with this picture…

Image001

So, I can buy a license to read the book I want (admittedly in a very convenient and handy package) for 8 bucks, or pick up a new paperback copy for half that. If I want second hand (and many of the second hand books on Amazon are indistinguishable from new) I pay a tenth of that.

Okay, so the downside is I may have a pay a little for shipping, and wait a couple of days rather than get instance over-the-air gratification but when I get it…. It’s all mine.

I don’t have to worry about a licensing issue making the book I’ve bought disappear. I don’t have to get anyone’s approval if I want to lend a copy to a friend, leave it in a coffee shop for a random stranger or sell it at our local Half Price Books to further my addiction (when I moved from Australia to the US I think books weighed more than any other item we shipped!)

I don’t have a problem with authors getting paid (I want them to keep writing after all!), I understand there are costs with marketing and distributing a book (but when it’s just bytes and electrons it’s a lot less than producing a dead tree format, and no risk on inventory) but this feels like a very one sided step into the future.

With my Zune Pass subscription I get an “all I can eat” subscription plan for music I can consume on my Zune (which also provides in-car listening), Windows Phone and laptop so I don’t worry about the fact I don’t actually own the content (though with Zune Pass you do get 10 credits a month to download to own tracks) and I know that the artists are getting paid behind the scenes

I would love a Kindle subscription service that lets me grab any book I want and read it. Every time I enjoy a book the author (and of course publisher etc) would get part of the monthly subscription (encouraging them to write better books!) and I wouldn’t have this hang-up about not being able to decide what to do with the book when I’ve read it.

I don’t think that eReaders like the Kindle are a fad. I think there is more evolution to come in both the reader hardware and the retail channels as the hardware gets smarter and cheaper and the author/reader relationship maybe gets redefined … but at the end of it all I really hope that the love of reading and the art of writing are what wins out…

Building a safe and portable way to get online

May 19, 2011

Over the last few months I’ve had a couple of friends go through some rather unfortunate domestic situations which have involved partners spying on their computer activities, intercepting and even sending emails from what they thought was a private account. They’ve used a variety of means ranging from simply accessing a machine that’s not been locked through to using a keylogger or network sniffer to steal passwords and read email.

There are weaknesses with any operating system, especially if you do not have sole access to the machine or a way to secure the local area network to avoid eavesdroppers, so to try and solve the problem I looked at ways to eliminate the risks of both physical access and software spying.

The solution I came up with is a little technical, but works pretty well and provides a good balance of security and ease of use

Image001

The first part of the solution is unobtrusive USB Flash Drives. These can take many forms but for convenience I’ve been using LaCie USB Keys that look like keys. They come in various sizes (though I consider 8GB the minimum for what I’m doing) and are easy to hide in plain sight, and you’re not likely to misplace it if it’s with your house or car keys.

The second part of the solution is a stand-alone installation of Ubuntu. While it’s not as user friendly or as familiar as Windows or OSX for a lot of people its fairly simple to set up a totally self-contained installation that runs entirely from the USB Key – it leaves no trace on the host machine, it never starts the host machine (so software key-loggers and other spyware are useless) and it’s fairly light-weight so you can start up or shut down in less than 30 seconds.

Setting Ubuntu up in this way doesn’t follow the usual path to build a LiveCD that most people use to try out Linux – with that style of setup you can’t store data on the drive or perform in-place upgrades (patching the build, adding new drivers or even migrating to a new version)

The final part of the solution is installing anti-virus scanners that you can use to examine the host machine, and a VPN client to secure your communications with the outside world…

Preparing the Bootable Ubuntu key

These instructions do assume you have a clue what you’re doing, and that you can deal with the consequences of doing something wrong along the way. If you follow the recommendations you should be okay but, as with anything of this nature, there may be dragons ahead…

Safely selecting the right drive.

You may omit this step if after partitioning you choose to install grub to the root of the usb drive you are installing Ubuntu to, (ie sdb not sdb1). Unless you do this correctly though you can overwrite the HDD MBR which can be a pain to deal with so it’s not recommended. If you don’t know what grub is… proceed with caution!

·         Turn off and unplug the computer.

·         Remove the side from the case.

·         Unplug the power cable from the hard drive.

·         Plug the computer back in.

Installing Ubuntu

·         Insert the flash drive.

·         Insert the Live CD.

·         Start the computer, the CD should boot.

·         Select language

·         Select “Install Ubuntu”.

·         Select Download updates while installing and Select Install third-party software.
If you have an active network connection (wired recommended) this will save time later on.

·         Forward

·         At “Allocate drive space” select “Specify partitions manually (advanced)”.

·         Forward

·         Confirm Device is correct.

·         Click “free space” and then “Add”.

·         Select “Primary”, “New partition size …” = 4 to 6 GB, Beginning, Ext4, and Mount point = “/” then OK.

Optionally configure a Home partition

If you’re only planning to have a single user and primarily store data in desktop folders then this isn’t required.

·         Click “free space” and then “Add”.

·         Select “Primary”, “New partition size …” = 4 to 8 GB, Beginning, Ext2, and Mount point = “/home” then OK.

Optionally configure swap space

This allows hibernation but from experience with this configuration it’s quicker and easier to shut down and start than hibernate.

·         Click “free space” and then “Add”.

·         Select “Primary”, “New partition size …” = remaining space, (1 to 2 GB, same size as RAM), Beginning and “Use as” = “swap area” then OK.

Finish installation

·         Confirm “Device for boot loader installation” points to the USB drive. Default should be ok if HDD was unplugged.

·         Click “Install Now”.

·         Select your location.

·         Forward.

·         Select Keyboard layout.

·         Forward.

·         Insert your name, username, password, computer name and select if you want to log in automatically or require a password.

·         Select “Encrypt my home folder” for added security (especially if there is a risk of losing the drive)

·         Select forward.

·         Wait until install is complete.

·         Turn off computer and reconnect the HDD.

·         Reboot computer and select the flash drive to start

·         Log in and complete installation, upgrading packages and adding options like Chrome browser or Evolution email client

Securing your connection

While having a stand-alone machine image that allows you to keep local content secure you want to make sure no one is sniffing communications on wired or wireless networks. At the very least you need to ensure people are not stealing passwords so in Chrome you want  to install something like the KB SSL Enforcer which will try to redirect any connection to a secure channel to make snooping a lot harder.

If you want to ensure none of your online communications are overheard then you want to install and configure a Virtual Private Network (VPN) connection with someone like StrongVPN – this has the added advantage for some that you can even choose which country you want to appear to be surfing from 🙂

There are a number of Linux based anti-virus solutions (such as ClamAV) that can be used to scan the host machine but I’d recommend if you want to clean a Windows machine that you get a bootable version of Spybot S&D (that you can also run from a Flash Drive and keep up-to-date) as that’s a more robust solution.

Email and Documents

Depending on your situation you may want to keep as much as possible on the USB Key and as little as possible on the web, vice versa or somewhere in between. Personally I recommend setting up a new webmail (Hotmail or Gmail) account only once you are securely connected (so the password is never visible on an unsecured connection) and using Evolution to keep that in sync with the local drive so you can work either from the disk in off-line mode, or log in from a web browser in an internet café or somewhere away from prying eyes. For documents a service like Ubuntu One (probably a good bet as it’s integrated with the OS), DropBox or SkyDrive gives you the flexibility of working locally or “in the cloud”.

Given the risks of losing the drive, or corruption happening due to an overzealous or early removal I would strongly recommend keeping important data backed up somewhere secure and online just in case. You might want to consider installing Prey on the image just in case you lose it.

Stay safe out there!

A lot of the things you need to do to stay safe is common sense – don’t share logins, don’t re-use password and things like that but sometimes you need to bring more sophisticated tools and techniques to bear… I’d love to see some comments about how to improve this solution or make it simpler. If you like the idea of having this sort of setup but the instructions have put you off I’m happy to build a key for you for a reasonable fee (to cover time and expenses). Support for Ubuntu or any other applications mentioned here should come from the respective suppliers.