Wednesday, March 30, 2005

[HCI] Discussion of guidelines for user observation

Good introduction to running a user study

Discussion of guidelines for user observation

From User Observation: Guidelines for Apple Developers, by Kathleen Gomoll & Anne Nicol, January 1990



User testing covers a wide range of activities designed to obtain information on the interactions between users and computers. Most user testing requires considerable expertise in research methods, as well as skill in using complex data collection tools. For example, user testing techniques include: interviews, focus groups, surveys, timed performance tests, keystroke protocols, and controlled laboratory experiments. Of the many user testing techniques available, user observation is one technique that can be used by anyone with a concern for including the user in the product development process.

User observation involves watching and listening carefully to users as they work with a product. Although it is possible to collect far more elaborate data, observing users is a quick way to obtain an objective view of a product.

Tuesday, March 29, 2005

[HCI] Apple Automator End-user Programming

http://www.apple.com/macosx/tiger/automator.html


Introducing Automator, an innovative application that helps you streamline challenging repetitive manual tasks without programming. It works like a robot inside your computer.

Sunday, March 27, 2005

[HCI] Joe Konstan Interview

Joe Konstan from University of Minnesota is interviewed on ACM Ubiquity about Recommender Systems, Collaboration, and Social Good.

http://www.acm.org/ubiquity/interviews/v6i10_konstan.html

Joe on recommender systems:

We have, and this is work that dates back to '99 or so, studied explaining to users what the system was doing as a way of helping them understand whether they should trust the computer systems' recommendations and we found that most of the explanations that were intuitively appealing to a computer scientist, things that got into the statistics and the processing, completely turned off ordinary people. At the same time, really simple three point charts or analogies were much more compelling to the average user.


Joe on research recommenders:


I've got a student who's working with a couple of other people that built a prototype of a research paper recommender. You can tell it which papers you've already read and it will recommend papers that you should read next? He's actually now working with data from the ACM digital library to see what types of recommenders we can build that would help you discover that an article just published is something you should know about. You're doing research now in this new area? Here's a set of things to get you up to speed.


Interesting followup:


Pedro Domingos at the University of Washington has done some work showing how to analyze a population to find out which people you should give a free sample to if your goal is to spread positive word of mouth.

Tuesday, March 22, 2005

[HCI-Sec] Phishing on the Rise

http://www.linuxinsider.com/story/business_news/41632.html



Symantec's report released this week reveals businesses suffered an average of 13.6 attacks per day overall in the second half of last year, up from 10.6 daily attacks in the first six months of the year. During that period there were 1,403 new vulnerabilities discovered, marking a 13 percent increase from the previous six months.

...

[P]hishing, with a 366 percent increase over the six months ending Dec. 31 compared to the six months preceding, is among the fastest growing threats. Symantec expects that phishing will continue to be a very serious concern over the next year.

...

Jupiter Research retail analyst Patti Freeman Evans told the E-Commerce Times that phishing is still a relatively small-scale threat today, but if online retailers don't take steps to stop it then it could become a huge problem for e-commerce.

Saturday, March 19, 2005

[HCI-Sec] [Privacy] NYTimes: Growth of Wireless Internet Opens New Path for Thieves

http://nytimes.com/2005/03/19/technology/19wifi.html



In 2003, the Secret Service office in Newark began an investigation that infiltrated the Web sites and computer networks of suspected professional data thieves. Since October, more than 30 people around the world have been arrested in connection with the operation and accused of trafficking in hundreds of thousands of stolen credit card numbers online.

Of those suspects, half regularly used the open Wi-Fi connections of unsuspecting neighbors. Four suspects, in Canada, California and Florida, were logged in to neighbors' Wi-Fi networks at the moment law enforcement agents, having tracked them by other means, entered their homes and arrested them, Secret Service agents involved in the case said.

More than 10 million homes in the United States now have a Wi-Fi base station providing a wireless Internet connection, according to ABI, a technology research firm in Oyster Bay, N.Y. There were essentially none as recently as 2000, the firm said.

...

Sometimes, suspected criminals using Wi-Fi do not get out of their car. At 5 a.m. one day in November 2003, the Toronto police spotted a wrong-way driver "with a laptop on the passenger seat showing a child pornography movie that he had downloaded using the wireless connection in a nearby house," said Detective Sgt. Paul Gillespie, an officer in the police sex crimes unit.

...

In the end, prevention is largely in the hands of the buyers and sellers of Wi-Fi equipment. Michael Coe, a spokesman for SBC, the nation's No. 1 provider of digital subscriber line connections, said the company had provided about one million Wi-Fi routers to its customers with encryption turned on by default. But experts say most consumers who spend the $60 to $80 for a Wi-Fi router are just happy to make it work at all, and never turn on encryption.

Monday, March 14, 2005

[Tech] Economist: The rise of the creative consumer

http://www.economist.com/business/displayStory.cfm?story_id=3749354


How does innovation happen? The familiar story involves boffins in academic institutes and R&D labs. But lately, corporate practice has begun to challenge this old-fashioned notion. Open-source software development is already well-known. Less so is the fact that Bell, an American bicycle-helmet maker, has collected hundreds of ideas for new products from its customers, and is putting several of them into production. Or that Electronic Arts (EA), a maker of computer games, ships programming tools to its customers, posts their modifications online and works their creations into new games. And so on. Not only is the customer king: now he is market-research head, R&D chief and product-development manager, too.

...

BMW's efforts to harness the creativity of its customers began two years ago, says Joerg Reimann, the firm's head of marketing innovation management, when it posted a toolkit on its website. This toolkit let BMW's customers develop ideas showing how the firm could take advantage of advances in telematics and in-car online services. From the 1,000 customers who used the toolkit, BMW chose 15 and invited them to meet its engineers in Munich. Some of their ideas (which remain under wraps for now) have since reached the prototype stage, says BMW. “They were so happy to be invited by us, and that our technical experts were interested in their ideas,” says Mr Reimann. “They didn't want any money.” [emphasis mine] BMW is now broadening its customer-innovation efforts.

...

At the heart of most thinking about innovation is the belief that people expect to be paid for their creative work: hence the need to protect and reward the creation of intellectual property. One really exciting thing about user-led innovation is that customers seem willing to donate their creativity freely, says Mr Von Hippel. This may be because it is their only practical option: patents are costly to get and often provide only weak protection. Some people may value the enhanced reputation and network effects of freely revealing their work more than any money they could make by patenting it. Either way, some firms are starting to believe that there really is such a thing as a free lunch.


What's interesting is that I know of several websites where people can list good ideas (for free!):

[HCI-sec] Wordlock Padlock

http://www.wordlock.com/


Not directly related to hcisec, but a very interesting idea with a good insight. I wonder how secure it is in practice, since it seems easier to guess a word than to try all numbers.

----

"On March 10 at the NASDAQ Market site in New York City, Staples held its Invention Quest™ final judging event. The winner is the WordLock™ -- a combination lock which uses easy-to-remember words instead of numbers."

Step 1: Start with your list of words based on your theme. List can be any 4 and 5 letter words.

Step 2: Unforgettable. Software program takes list of words as input. Creates list of final wheels with 10 letters per wheel. Maximizes number of word combinations.

Step 3: Ready to manufacture

[HCI] [Research] UIST 2005 Interaction Contest: Manipulating Objects in 3D Environments

Contest for this year is out.

http://www.cs.umd.edu/hcil/UIST05contest/

This year we chose the manipulation of objects in 3D scenes as the subject of the contest. We will make sample scenes, tasks and a required output log format available in early spring. In a live on-stage competition at the conference new scenes will be given to participants who will then compete to complete the tasks in minimum time with maximum accuracy. Audience preferences will also be taken into consideration. All the materials and quantitative data will be saved in a repository.

Tuesday, March 08, 2005

[HCI-sec] NYTimes on EBay Phishing

NYTimes has an article about some of the impacts of phishing on EBay, and how EBay is fighting back.



"At first those e-mails were a joke with the misspellings and mistakes," said Mr. Alofs about the phishes he received a couple of years ago, when the practice was relatively new. "Now with the copyright statements and the logos, they look so real. I don't know how you'll ever tell them apart."

For eBay, phishers are more than just an expensive irritation. EBay is among the five companies most frequently targeted by phishers, according to David Jevans, chairman of the Anti-Phishing Working Group, an industry association that includes eBay. Like phishers who go after customers of credit card issuers, those who target eBay users sometimes try to capture credit card numbers as well as general personal information.

...

"EBay is purely virtual," Mr. Jevans said. "They live or die by e-mail."

...

EBay is reluctant to discuss its security measures, but the company has taken three steps recently. A few months ago, it began offering users of Windows-based computers a free toolbar that flashes a warning when a browser is pointed toward what it believes to be a fraudulent Web site.

...

And eBay offers unique attractions for criminals, as Mr. Alofs's case shows. Many buyers will purchase expensive goods such as coins only from sellers with high ratings from previous customers through an online evaluation system. Mr. Jevans and others say that when phishers are able to take over accounts with high approval ratings, they use them to sell nonexistent or stolen goods.

[Research] [HCI] NSF Career Grants abstracts

NSF has a handy search engine for showing the list of recent NSF CAREER award recipients. Here are the results for the Division of Intelligent & Information systems (IIS), and here are the results specifically for human-computer interaction.

Monday, March 07, 2005

[Tech] [HCI] 20th century vs. 21st century C&C: the SPUR manifesto

http://doi.acm.org/10.1145/1047671.1047688

David Patterson, Berkeley professor and ACM's current president, has just written this two-page manifesto called SPUR (which, probably coincidentally, is a name of one of his previous projects).


...

What we didn't realize, however, was that when you connected your PC to the Web, millions of computers around the world could now access information on your computer, whether you allowed it or not. This insecure concoction leaves us open to computer crime, and potentially even to computer-assisted terrorism or war. Just as business embraced the Web five years ago, criminals are doing so now. In 2004, 1% of U.S. households were victims of successful phishing attacks. According to a recent poll, 17% of businesses received threats of being shut down by denial-of-service (DoS) attacks [2]. Indeed, one company refusing to pay extortion spends $100,000 per year to defend against DoS attacks.

...

In my view, we have taken ideas from the 1970s and 1980s to their logical extreme, providing remarkably fast and cheap C&C to hundreds of millions of people. But we now are all painfully aware of the drawbacks of 20th century C&C.

Hence, I believe for our new century we need a new manifesto for C&C, and, as is my nature, I offer a four-letter acronym to help us remember it:


  • Security/Privacy: We must protect the security and privacy of C&C users from criminals and terrorists while preventing the Orwellian vision of Big Brother. C&C in the 21st century should be as safe as 20th century banking.

  • Usability: C&C technology must match human abilities of both the operators and the end users. The ratio of cost of ownership versus purchase of 21st century C&C should match cost ratios of 20th century radio.

  • Reliability: We need to create C&C the world can depend upon, since some are already relying on it with technology that doesn't deserve our trust. Indeed, 21st century C&C should be as reliable as 20th century telephony.


To make genuine progress, the "SPUR" manifesto must move ahead of cost-performance in the priorities of 21st century C&C.

[HCI] [Privacy] [Ubicomp] Rant on Ubicomp and Privacy

I was invited to give a research talk at Intel's Usable Privacy form last week,
over in Hillsboro, Oregon. I decided to give a rant on ubicomp and privacy.

My main points:
  • We should push client-centered ubicomp more
    Local sensing, local storage, local processing
    Better user interfaces when sharing personal info

  • We should examine how people already manage their privacy today
    Better support for projecting desired personas
    Build plausible deniability in

  • We need better privacy risk models
    Rapid prototyping tools
    Analysis methods
    Metrics for privacy

  • We need better ways of aligning all stakeholders
    Figure out sustainable business models
    Support app developers

[HCI] The Power of GUIs and Smart Kids

I was at a post-wedding party this afternoon, and was entertaining some kids with my Kyocera smartphone (ie the "geekphone" or "oh my god how big is that phone?" phone).

What was really amazing was that these two kids from taiwan, around 7 and 11, just picked up playing a bunch of these games even though they could barely read any English. Through trial and error, and presumably some learned experiences with interaction design patterns, they just started figuring out how to play the various puzzle and action games I have on my phone. Simply amazing. I don't think I'd be anywhere as successful (or as absolutely fearless) playing foreign-language games.

Sunday, March 06, 2005

[Tech] Apple's Sudden Motion Sensor

http://www.kernelthread.com/software/ams/

This guy crafted some interesting visualizations and hacks based on a sensor built into Apple PowerBooks.


Apple added a feature called Sudden Motion Sensor (SMS) to the PowerBook line in early 2005. The sensor attempts to prevent data loss by parking the heads of an active disk drive after detecting a "sudden motion", which could be due to strong vibrations or a fall.

...

AMS Visualizer is a logical graphical extension of the amstracker command-line tool. It displays a 3D image of a PowerBook 15 that appears to "hang" in space.

...

This example creates a window displaying a bicycle wheel. The window is "stable" in the sense that if you rotate the PowerBook left or right, the window compensates by rotating itself by an equal amount in the opposite direction in an attempt to remain in its original orientation with respect to the ground. The bicycle wheel rotates too — independently of the window.

...

The "perturbed desktop" is hard to describe, and perhaps impossible to justify, even for a book example. It could be thought of as roughly the Stable Window concept applied to the entire graphical user interface, and then made unstable via some constraints. Now, nobody needs (hopefully) such "stable" windows in real life. Nevertheless, it is interesting to note the type of visual operations that are possible in Mac OS X.

[Cool] Re-Envisioning Harry Potter

http://www.illegal-art.org/video/wizard.html

I have no idea whether this re-envisioning of Harry Potter is any good or not (the image of Harry Potter looks a little creepy), but this is a very interesting idea.


Wizard People, Dear Reader is an unauthorized re-envisioning of Harry Potter and the Sorcerer's Stone, by Brad Neely. To experience it, viewers need to get a copy of the first Harry Potter movie (known as Harry Potter and the Philosopher's Stone in Europe) and watch it with the sound off, replacing Neely's narration with the original soundtrack.