Showing posts from 2007

This Blog is Rated: College Undergrad

Get a Cash Advance

Anti-Phishing Phil on CMU's main home page

Carnegie Mellon University computer scientists have developed an interactive, online game featuring a little fish named Phil who teaches players cybersecurity tips. "Anti-Phishing Phil" helps users to better recognize and avoid email "phishing" and other Internet scams.

Crayon Physics Game

This is a really cute game that has a nice, sketchy aesthetic.

Google's OpenSocial Platform

Many of you have probably heard about this new OpenSocial platform that Google has released, which is basically an open form of FaceBook that various other social network platforms (like Orkut, Ning, LinkedIn, Hi5, Friendster,, Oracle, iLike, Flixster, RockYou, and Slide) will conform to.

What's interesting here is that we actually covered this topic in our Social Web course (with some help from Information Rules), discussing why leaders tend to opt for closed platforms (primarily because they can force a lock-in and ensure customers) while a common strategy for those not in the lead to band together under an open platform to try and beat the leader. History may not repeat itself, but it does have themes.

Some of the questions in class included what Google's strategy would be (keep in mind that this was before the OpenSocial announcement), whether it would fit into their long-term goals ("take over the world", as one student said), and whether they could…

Why Should Any Smart Object Be Stealable?

I've been wondering for a while that, given the cost of "smart" objects, why don't more of them don't have anti-theft mechanisms built in? It seems that there are two basic approaches here: make the stolen object useless, or make it (or the thief) really easy to find.

An example of making the smart object useless comes from a post by Ed Felten talking about how DRM can be used for good, to help prevent your stuff from being stolen.

How might this work? One possibility is that when the device [iPod] is plugged in to a charger it hasn’t seen before, it makes a noise and prompts the user to enter a password on the iPod’s screen. If the correct password is entered, the device will allow itself to be recharged by that charger in the future. The device will become associated with a group of chargers over time.

There are obvious holes with this approach, most notably stealing the charger, but it seems to me a generally good idea.

An e…

Anti-Phishing Phil used in High School Class

Just heard about this, our game Anti-Phishing Phil is being used in a high school class, where the topic is "things that can get you in trouble online".

I like this excerpt from the teacher:

I’m doing a unit right on about plagiarism, scams, spam, phishing, urban legends, and all sorts of other things that can get you in trouble online. Students are fascinated by anything that’s illegal, so it’s actually going pretty well.


Even with a minimal game structure, students focus on the play and don’t seem to notice that they are being taught a whole set of skills and knowledge. But when it’s over, they can answer my questions. Great stuff.

Wanted: A PowerPoint Shrinker

I've noticed that you can often substantially reduce the size of PowerPoint files simply by saving the same file to a new filename. I just did this for a lecture on social networking theory, and it went from 7 megs to 3.5 megs.

I'm trying to guess why PowerPoint does this, and not coming up with any good ideas. It can't be for undo, since PowerPoint eliminates your undo queue whenever you normally save. It might be for faster saves, though I never notice any difference between saving normally and saving to a new file.

At any rate, one thing that would be really nice would be something that did this automatically before emailing it out or posting it on your web site, just imagine the savings!

Clever "Wheel of Lunch" Mashup

Finally, a technologically sound answer to the eternal question "where should we go for lunch?". Take Yahoo Local, mix with Wheel of Fortune, and you have Wheel of Lunch.

Buy that song now, through your iPhone

This is a brilliant idea and a really compelling use of ubicomp technologies.

Like that song you hear playing at Starbucks, but just cannot wait until you get to a computer to download the song?

Starting tomorrow at certain Starbucks stores, a person with an iPhone or iTunes software loaded onto a laptop can download the songs they hear over the speakers directly onto those devices. The price will be 99 cents a song, a small price, Starbucks says, to satisfy an immediate urge.

Anti-Phishing Phil in the News

Anti-Phishing Phil is in the news (1) (2) (3) (4) (5) (6) (7).

Anti-Phishing Phil is a game we've created to teach people not to fall for phishing attacks (ie those fake "please update your account" emails that lead to identity theft).

Try out the game here!

You can also read our research paper here (PDF).

Web Component Architectures

After seeing Fernanda Viegas and Martin Wattenberg's excellent talk about Many Eyes, a web site for social visualizations, it dawned on me that the web is starting to move towards a component architecture based on Application Service Providers.

To wit, if you want a video on your blog, you turn to YouTube, which makes it easy to embed one into your blog page. If you want a map, you turn to Google Maps. And now with Many Eyes, if you want an interactive visualization, you turn to them.

It's pretty clear Google has already caught on to this idea a while back, given their recent efforts in making it easier to embed Google Maps into web pages and their recent announcement about embedding embedding Google books as well.

One of my colleagues, Brad Myers, commented that there may be interesting analogies with ActiveX components. There used to be a somewhat active market for Visual Basic components about a decade ago (no idea how it's faring now). These components made it much easier…

Programmer Archaeologists

In his book A Deepness in the Sky, sci-fi author Vernor Vinge describes the profession of Programmer Archaeologists. The basic idea was that in the far future, pretty much every piece of software you could imagine has already been created. So, rather than creating new software, the job of the Programmer Archaeologist would be to search for software close to what you wanted, and then adapt that software for your particular needs.

There is a forthcoming paper at UIST2007 (User Interface Software and Technology)that takes us a step closer to this world. Entitled Assieme: Finding and Leveraging Implicit References in a Web Search Interface for Programmers (PDF), it describes a search engine that provides not only documentation of APIs, but also finds snippets of examples. A nice idea, and well-executed.

Google docs has an alpha feature?

This is new: companies used to release products and label them as alpha or beta. Then, web sites rolled out the perpetual beta. Now, Google Docs has a search and replace feature that is labeled alpha. I hope this is something that will not catch on, but as Software-as-a-Service becomes more pervasive, I'm afraid it will.

(FYI this screenshot also shows a working version of the syllabus for The Social Web course that I will be co-teaching this fall)

How much is a review on Slashdot worth?

Our book, The Design of Sites, was recently reviewed on Slashdot. I actually disagree with the reviewer on several points, in particular that patterns need to be "an elusive insight or 'trick of the trade'", but the main point I want to write about today is how much a review is worth.

About once a day, I check how our book is doing on Ever since our second edition came out in December 2006, it's been hovering around 2500-4000 in terms of overall sales rank. Checking this morning, our book is at #388. Assuming that Amazon's sales follow a Zipf curve (or is it power law or Pareto? I can never remember), this means a heavy increase in sales.

The problem, though, is that Amazon doesn't reveal what their rankings actually mean, and I only see how many books we sell in 6-month periods, so it's hard to say more with any precision.

TRANSCOM, General Norty Schwartz, and the Future of Carbon

A few weeks ago, as part of the Computer Science Study Panel, I had the opportunity to meet General Norty Schwartz, a four-star general that is currently the head of TRANSCOM. TRANSCOM is a unified command charged with all of the transportation issues in the military. As you might imagine, it is a pivotal but underappreciated part of the military.

Talking with General Schwartz was a really fun and insightful experience. He struck me as someone who is slow and steady, rock-solid reliable, the kind of person you would want managing your transportation needs.

However, the thing that pleasantly surprised me was General Schwartz' interests in carbon. Right now, among all of the cabinet departments, the Dept of Defense is the largest consumer of carbon-based fuels, and within the DoD, TRANSCOM is the largest consumer. He mentioned how this wasn't sustainable, and that they were looking into long-term solutions to this problem.

While I realize that his statement wasn't for reasons …

Anti-Phishing Phil in Portuguese

Wow, this is really cool! Portugal Telecom has taken our Anti-phishing Phil game, but has replaced our fish with a frog. It's like I'm reliving my Frogger days!

Jim Morris' Notes on Venture Capitalists

My department's former dean has a blog entry about a panel of venture capitalists, hosted by Berkeley and CMU West. My favorite point:

Avoid Web 2.0 companies based upon AAA - Ajax, Adsense, and Arrogance

This makes me wonder what the carrying capacity of Adsense is. How many companies / blogs out there can Adsense fully support?

Anti-Phishing Phil in the News

Our work on Anti-Phishing Phil is mentioned in a news article by AP

Heuristic Evaluation for PowerPoint Slides

"Death by PowerPoint" is a phrase the military likes to use to describe those presentations that cause your eyes to dry out and the drool to start coming out of your mouth. Being a tech-oriented HCI person, I figured we could actually develop heuristics, and possibly even a tool, to help address this problem.

Here's my list of heuristics that, all of which I think could be built as a plug-in for PowerPoint:

Fonts too small (try to stick to at least 24 points)
Too many animations
Too many sub-bullets
Too much text on the slide
Unreadable color combinations
Too many lines in a bullet
Too many fonts on the slide
Ugly fonts

Alon Halevy on the Database and HCI Communities

Alon Halevy is a former professor of computer science at University of Washington, now at Google. This latest entry from his blog on databases and HCI struck me as interesting for two reasons:

It is tempting to push these problems [of how users work with structured data and their information seeking needs - JIH] to the HCI community, but I would argue this is a mistake. These problems will not be high enough on the agenda of the HCI community (there, if your device doesn’t move or perform magic, it’s uninteresting), whereas for us they are crucial for identifying good research directions and evaluating them. As a community, we need to find a way to encourage research on usability and to learn from the HCI community how to evaluate such research. We need to bring this agenda squarely into our conferences.

The first interesting point is that he sees HCI primarily as being interested in wickedly cool devices. This isn't too far off the mark, unfortunately so in my opinion.

The second is…

Rick Rashid on Directions at Microsoft Research

Rick Rashid, Senior VP of Microsoft Research, has a great talk summarizing research directions at MSR. The most exciting work is perhaps helping developing countries. There is also an awareness that any help should not be done as a charity, as that isn't economically sustainable.

An online service that airports could use - line estimators

When I got to the Pittsburgh airport today, I was shocked to see how long the line for US Air was for an early Sunday morning. It struck me that airports could offer a really nice service, which is to provide an estimate of how long the line will be at a given time, both for check-in and for security.

I don't think it would be that hard to implement either. Airlines already know how many people should be checking in, and they should know the rough rate at which people can be processed. For the security line, you just need to aggregate the number of passengers across all airlines. Afterwards, calibrate your data (ie fudge the data a little) so that the numbers match reality.

Nokia SensorPlanet

Just finished a meeting with some visitors from Nokia. It looks like they are launching a very ambitious program called Sensor Planet, leverage mobile phones as a large scale sensor platform. I have to say it looks pretty exciting!

SensorPlanet is a Nokia-initiated cooperation, a global research framework, on mobile device-centric large-scale Wireless Sensor Networks.

The results of SensorPlanet are 1) a test platform that enables the collection of sensor data on a never seen scale, and 2) a central repository for sharing the collected sensor data for research purposes.

CMU Research Truck

Carnegie Mellon University will demonstrate its new Data Truck, a 36-foot mobile social science laboratory that will allow the university to conduct research involving groups of people, such as senior citizens, who cannot readily come to campus. The Data Truck can be used to interview people engaged in real-life situations to study events as they unfold — for example, the effect of exhaustion on marathon runners crossing the finishing line or the effects of alcohol on the judgment of people tailgating outside Heinz Field before a Steelers game.

I like this last example of a study. :)

A Wearable Display for Team Sports

Here's something that is heavy on the creativity scale:

TeamAwear is a next-generation basketball jersey which allows players to 'wear their performance' in order to enhance the awareness of information during game-play for all stakeholders, including: athletes, coaches, referees, and spectators.

Economist on "When Everything Connects"

The Economist has a special issue on ubiquitous computing, looking at such topics as different wireless technologies, sensors, and wireless energy. The articles look like a good overview of the current state of the art, I think it's likely I'll use these the next time I teach a course on ubicomp.

So far, my favorite new insight from the articles:

MANY companies claim to have built a better mousetrap. Rentokil has actually done so. The British building-services firm added a small sensor and a wireless module to its traps so that they notify the building staff when a rodent is caught. This is a big improvement on traps that need to be regularly inspected. A large building might contain hundreds of them, and a few are bound to be forgotten.

Analysis of Web-based Malware

This looks like an interesting paper:

The Ghost In The Browser: Analysis of Web-based Malware


As more users are connected to the Internet and conduct their daily activities electronically, computer users have become the target of an underground economy that infects hosts with malware or adware for financial gain. Unfortunately, even a single visit to an infected web site enables the attacker to detect vulnerabilities in the user’s applications and force the download a multitude of malware binaries. Frequently, this malware allows the adversary to gain full control of the compromised systems leading to the ex-filtration of sensitive information or installation of utilities that facilitate remote control of the host. We believe that such behavior is similar to our traditional understanding of botnets. However, the main difference is that web-based malware infections are pull-based and that the resulting command feedback loop is looser. To characterize the nature of this rising th…

[USAToday] Phones studied as attack detector

This is an interesting idea, related to the Hitchhiking work we've done in the past for detecting how busy a place is, and to my Worldspotting blog entry a while back.

Homeland Security officials are looking into outfitting cellphones with detectors that would alert emergency responders to radiological isotopes, toxic chemicals and biological agents such as anthrax.


The Homeland Security Department says the program, called Cell-All, might work this way: Detectors would be placed in cellphones, most of which are already linked to the Global Positioning System. If a detector recorded a hit, the GPS would transmit the location and time to local emergency responders and Homeland Security's operations center.

Of course, there's the question of too many false positives, as well as the very serious privacy concerns involved, especially since there is little direct benefit to end-users.

First Usenix Workshop on Offensive Technologies (or WOOT)

I used to think that ACM Transactions on Architecture and Code Optimization had the best geek acronym (TACO), but it has now been outclassed by the First Usenix Workshop on Offensive Technologies (WOOT)

CANTINA: A Content-Based Approach to Detecting Phishing Web Sites

Our paper entitled CANTINA: A Content-Based Approach to Detecting Phishing Web Sites was presented at WWW2007.

Phishing is a significant problem involving fraudulent email and web sites that trick unsuspecting users into revealing private information. In this paper, we present the design, implementation, and evaluation of CANTINA, a novel, content-based approach to detecting phishing web sites, based on the TF-IDF information retrieval algorithm. We also discuss the design and evaluation of several heuristics we developed to reduce false positives. Our experiments show that CANTINA is good at detecting phishing sites, correctly labeling approximately 95% of phishing sites.

Paper: PDF
Presentation: PPT

Is J2ME going to fail for Mobiles too?

While at CHI2007 this past week, I got into a discussion with some old friends about how difficult it was to program Java on mobile phones. In fact, some students working with me have decided to switch from J2ME to FlashLite, because it was faster to do prototypes and because the GUI looked so much better.

I can't help but wonder if Java is making the same mistake it did with desktop GUIs and web browsers. It's hard for me to name compelling Java applets that run in the browser (perhaps the best one I know of is GoProblems). The fundamental problem with Java is that it makes it hard to create attractive GUIs. It just doesn't make easy things easy. Unless J2ME developers get their act together, my prediction is that J2ME will fail on mobiles too.

We're Number 1!

Not only has the Pittsburgh area been rated the No. 1 place in the country for Baby Boomers to find love and keep it, but the City of Boomer Love also consumes more Ho Hos than anywhere else.

What Happened to 18000 Votes?

I just saw this great talk by Michael Shamos detailing an investigation (that he was part of) into 18000 undervotes in the 2006 election in Florida.

Although I couldn't stay for the whole talk, it looks like there were fairly substantial HCI problems, in terms of the ballot design. When Shamos showed the actual ballot screen in question, I actually didn't see that there were two separate races being shown. The race at the top of the screen was the one that had the huge number of undervotes, but was visually overshadowed by the second race, which had a larger header and had more people running. Of course, the button to go to the next screen is right under the second race, so I could see how people could have easily missed the race that is currently in dispute.

It strikes me that we really need a single ballot design, one that can be massively user tested to ensure usability and understandability. A key problem, though, is that ballots and voting machines are done on a local basis…

Mossberg on Usability and Security

Walt Mossberg has a nice report spotting three important computing trends, namely usability, security, and mobile phones (all three of which I coincidentally work in :)

On usability:

[M]y main criteria for judging digital consumer products have been simplicity, ease of use and reliability -- a sort of index for the burden on the user. And in 1992 most products failed miserably on that scale. They required far too much attention, knowledge and effort by users when theoretically they were supposed to do just the opposite -- namely, to make their lives easier.


And by then the World Wide Web had changed everything. It had vastly enriched the experience of computing, adding information, entertainment, communication and commerce on a grand scale.

On security:

[O]ver the past five years, the security problem has morphed into a major hassle for people who own and use Windows computers. Viruses and other malicious software programs are still with us, but now they've been joined by new catego…

The Social Web: Content, Communities, and Context

This fall, Robert Kraut and I will be teaching a course entitled The Social Web: Content, Communities, and Context (links to PDF of our course flier).

IEEE Pervasive Computing Special Issue on Security and Privacy

I'm a guest editor on a special issue of IEEE Pervasive Computing on security and privacy.


Author guidelines:
Submission address:
WIP Deadline: See below
Publication date: September 2007

IEEE Pervasive Computing invites submissions to a special issue on the topic of ÎéÎíSecurity and Privacy in Pervasive Computing.ÎéÎí Example topics include, but are not limited to, the following:
Establishing trust in pervasive hardwarePreserving security in cyber foragingSoftware and hardware attestation of remote executionsAuthenticating with low distractionUsing tamper-evident hardwareProviding peripheral awareness of trust contextCombining privacy with accuracy in location sensingCoping with physical threats to pervasive hardwareEncrypting on low-power computing devicesAnonymized computing with disposable devices and statesSecurity and privacy of RFID techn…

My Best Fortune Cookie Ever

Got this one a while back, it's now on my office door.

GPS for Dogs

Just when you thought you've seen it all, Garmin is selling a GPS for dogs. No, not to help the dogs navigate (that would be scary), but to help owners find their dogs.

WorldSpotting, A New Class of Ubicomp Apps

There's an interesting class of ubicomp apps that I'm calling WorldSpotting. These kinds of apps are mobile systems where people act both as sensors and as users of the system. Some examples WorldSpotting applications include:
Gawker Stalker, which lets you track and send updates on where celebrities are in ManhattanMobile Media Metadata, which lets you easily tag photos with place names, based on what other people have labeledWardriving, where people both collect data on the location of WiFi access points and use those, for general network access or for location positioningBustle, a system we are developing that lets you contribute information on how busy a place is, as well as query how busy places are. An example application would be to see how busy the local cafe is. The pros of WorldSpotting applications is that you can get massive scale without having to install lots of infrastructure, as has typically been done for many ubiquitous computing applications. Thus, WorldSpot…

But Capybara Aren't Fish!

If you hang around me long enough, you'll eventually hear my story about how South Americans consider capybara's, the world's largest rodent, as fish. (If you hang around me long enough, you'll also find out that Regis Philbin is my mortal enemy and that I once found myself with a black guy and two Filipinos in the middle of a KKK march, but those are stories for another time).

To wit, one of my friends (James Lin, of Lincoln Highway fame) has just forwarded me an article from the New York Times about the world's most delicious rodent (I bet Amazon's statistically improbable phrases would have fun with that one). As you can see in the picture below, it's pretty obvious that capybara aren't fish.

So here's the Gray Lady on rodent-fish:

The annual hunt comes before Easter, when capybara has a status in Venezuela similar to that of turkey during Thanksgiving. While the Roman Catholic Church generally forbids eating meat during certain days of Lent, many V…

Perceptive Pixel - Large Interactive Touchscreens

Jefferson Han, the person whose work on interactive touchscreens has been all over YouTube and featured at the TED conference, has founded a startup to commercialize his technologies.

I think it's interesting that large interactive screens have been around for quite a while. For example, Stanford's iRoom, Fraunhofer IPSI's iLand, the old Liveworks (that commercialized the LiveBoard), Smart Technologies (that sells SmartBoards), and MERL's DiamondTouch, just to name a few.

I remember being the session chair for Jefferson when he presented at UIST 2005, and thinking that there were two key differences. The first is that the technology is cheaper than anything else out there. Ridiculously cheaper by an order of magnitude. Most large interactive displays cost thousands of dollars, whereas Jefferson's work only required a cheap sheet of plexiglass, a projector, and a camera. It's cheap enough that I've been trying to encourage students in my classes to build their…

Motion Computing C5 Mobile Clinical Assistant

Looks like this is another push for tablet PCs in hospitals. The platform itself seems quite nice, in that it has wireless networking, barcode readers and a built-in camera to make it easy to get data, and has smooth surfaces all around to make it easy to clean and disinfect.

How Many People Does it Take to Change the World?

One interesting thing that happened last month was that I got to meet Alan Kay, one of the researchers at PARC that helped invent our modern conception of personal computing back in the 1970s. He said many things that struck me, but one stood out in particular, namely that it only took about 25 researchers at PARC to develop it all, from ethernet to GUIs, from Smalltalk to the laser printer. The key to it all, though, was having a shared vision that 25 really smart and independent people could agree on.

This is something I've noticed about the original Ubiquitous Computing project as well (also done at PARC), in that there was a grand shared vision that a lot of really smart people believed in and pushed for.

However, I'm not sure if this is something we could easily re-create today. It's hard enough to get 25 people to agree on anything, but there's also the funding issue, in that NSF can't fund projects that large and DARPA no longer will. I also don't think th…

How Little Web Sites Have Changed Over the Past 6 Years

In our book, The Design of Sites, we show how little major web sites have changed over the past few years. Below is an image (click to zoom) that shows this. Here's what we wrote in our book:

Figure 2.10 shows how the homepages of some prominent Web sites have changed during the past six years. With the exception of Google, which has always stressed simplicity, it is interesting to note that the only major change has been an increase in the information density of these Web pages. In fact, Web design has already converged on what we call the “common Web look and feel.”

The Design of Sites, 2nd Edition

The second edition of our book The Design of Sitesis finally out! It includes some new design patterns on the mobile web, AJAX technologies, and security.

There are also:

Seventeen new design patterns to add to the original ninety
More than twenty significantly updated patterns
450 four-color screen shots and diagrams, including more than 150 new images

You can also check out this interview with my co-authors, James and Doug (I was out traveling at the time :)

Kinetic Sculptures

BMW is featuring the work of Theo Jansen in one of their commercials. Mr. Jansen creates kinetic sculptures, which in this case is a large mechanical insect that uses wind to power its legs. You really have to see this video to believe it!

Thanks to Leila Takayama for telling me about this.