Wednesday, December 01, 2010

Using Location-based Services to Combat Credit Card Fraud

Oddly enough, I was thinking of a service like this when my credit card was declined in London. The problem of course is someone robbing you + your phone.


The company recently formed a partnership with ValidSoft and is going to start using information about the location of customers’ mobile phones to prevent credit card fraud.

Visa will be able to establish whether your mobile phone is in the same place as the merchant or ATM where your card is being used. In most cases, the two devices are in close proximity, which allows Visa to surmise that it is probably you using the card (even if you are outside of your usual shopping patterns). However, if the two devices are not in the same place, the system may send up an alert.

Monday, November 01, 2010

Four Common Misconceptions of Graduate School

Last Friday I participated in CMU's Fusion Forum, a really fun program designed to improve recruitment of minority students into graduate school. In the panel session, a bunch of faculty discussed their thoughts on what it was like in graduate school.

I framed my thoughts in the form of four common misconceptions of PhD level work. They are:

1. Grades still matter in PhD programs.
Grades matter a lot in undergraduate programs, because you need a high enough GPA to be a plausible candidate to be admitted. However, once you are in a PhD program, grades matter only insofar as you need a good enough grade to pass required courses, and a high enough grade not to antagonize the instructor (who may be on your dissertation committee one day). Nobody really cares about your grades when you do the job search. What they care about is whether you can do original and insightful research.

2. In computer science, a lot of students think that the majority of their time will be spent programming. I had this misconception when I first started graduate school. In reality, I spent maybe 15% of my time programming, with the rest of it spent on thinking about what problem to solve, reading related work, talking about ideas with other folk, and doing presentations. This is why I look for people who can write and communicate well, and can think really well about problems.

3. Some students come into graduate school thinking that there will be a lot of structure and that they just need to do the work assigned to them. This is still an undergraduate way of thinking. In graduate school, you need to be able to go beyond this, and eventually teach us, the faculty, new and interesting things. Part of the goal of graduate school is to give you the tools and mindset so that you can accomplish this.

4. Some students believe that graduate school is primarily an individual activity with just more coursework. Graduate school is an apprenticeship, where you not only learn the tools and skills to conduct original research, but also become a member of the local community at your university, as well as a member of the international research community. Phil Agre has a great description of this community aspect of graduate work in his essay Networking on the Network.

Hello, 世界

I like how Google's new Go programming language changes its first program from "Hello World" to "Hello, 世界" (Hello World in Chinese)

Wednesday, October 20, 2010

Our Facebook Security Quiz

Wombat Security Technologies has created a quiz on Facebook to test your knowledge of computer security. See if you can get the Golden Wombat!

Nicely Animated Talk on Motivation

I recently found a series of animated lectures on YouTube covering a number of topics, including motivation, economics, ethics, education, and more. By animated, I mean that there is an artist drawing what the speaker is saying, adding an incredible visual angle to the talk.

So far, the talk on what really motivates us is my favorite. It looks at how monetary compensation affects creative endeavors, and other ways of incentivizing people to be more effective.

Thursday, October 07, 2010

Heilmeier's Catechism

Just learned about this set of questions earlier this week at a DARPA workshop. They seem like a really useful set of questions, for product development and for research.

Locaccino blog entry at MIT Tech Review

One of the writers at MIT Tech Review has blogged about our work on Locaccino.

"Locaccino Shows How Facebook Places Should Work"

Thursday, September 16, 2010

CMU Mobility Monitor

Our research group is studying where people go, what it says about them, and what it says about the places they go. Our app is "CMU Mobility Monitor" on the Android Marketplace, please install if you can (no iPhone version yet). You'll also be put into a raffle to win some money.

Monday, August 23, 2010

Three General Features I'd Love to See in User Interfaces

1. Guaranteed performance levels, so that the system never locks the user out due to thrashing, virtual memory swapping, or cpu overload. For example, have the system always reserve (say) 10% of CPU exclusively for user interaction, so that the UI will always be responsive.

2. A "Wikipedia" like approach for collaborative user interface design, so that open source software developers can actually get real designers into the game. Make it so that it is possible to have a clean separation from back-end and front-end, and that anyone can go in and offer feedback and alternative designs.

3. Make it so that I can "patch" my own UI to fix bugs. For example, Intuit Quickbooks maps Ctrl-A to opening all accounts, instead of selecting all text like every other system out there. I still make this mistake despite using the software for almost two years. Alternatively, make it easy to send the patch to the developers, so that they can apply it and fix it in their next release.

Friday, August 13, 2010

In the Future, even Birds will have Mobile Phones

I had a great meeting with an ecologist in Pittsburgh earlier this week, and was pleasantly surprised to learn that there is a company building devices for tracking birds. The devices are essentially souped up mobile phones that combine cellular phone technology, GPS, and small solar panels, and are small enough that you can strap them onto the bird. Very cool!

Tuesday, August 10, 2010


Skypefast - the act of using Skype to eat breakfast together with your significant other

Monday, August 02, 2010

Things that would be nice to fix in Motorola Droid

After using the Droid for about two months, here's my list of things I hope they fix:

Text Input
  • Alt and spacebar. You're job is to input a phone number. You hit alt twice to put it into alt mode, so you can type in numbers, and then hit space to separate the groups of numbers. But wait, space in alt mode brings up a list of symbols. Very broken interface.
  • Why does the calendar show no event information whatsoever whenever it syncs? This is very broken, having to wait 10+ seconds just to see if you can schedule something.
  • Make a better time widget. Why bother giving people the option to start a meeting at 5:29PM? How about 15minute intervals by default, and a separate UI if that's not sufficient.
  • Why does the calendar start at midnight? Make better use of screen real estate, let people set the start of a day at, say, 8AM
  • I can't make an event in the calendar repeat every Tue and Thu from the phone? I have to go to the Google Calendar web site to do this? Didn't Palm OS figure this out already?
  • In fact, just steal the calendar design from Palm OS, they did it right 15 years ago.
Phone calls
  • The phone ringer on the Droid can be set to not even vibrate. This is horribly broken, I've missed several calls because I inadvertently lowered the volume too far. Make "vibrate" the lowest volume option
  • Why does the phone keep trying to make emergency calls when in my pocket? Please fix this.
  • Why does the phone let my cheek dial numbers when talking on it?

The Droid phone is good but is lacking polish in lots of places.

Tuesday, July 20, 2010

New Quote on My Door

"You know, it's amazing how many supervillains have advanced degrees. Graduate schools should probably do a better job at screening those people out."
-- Sheldon Cooper, The Big Bang Theory

WEIRD people

I got in this great discussion last week about how published psych studies may not necessarily generalize, primarily because the participant pool is typically comprised of undergrad students taking Psych 101. The example used was the Fundamental Attribution Error, where people over-emphasize personality attributes and de-emphasize situational factors.

In a separate discussion, Alessandro Acquisti forwarded this paper, which has one of the best titles I've seen: The Weirdest People in the World? Here, WEIRD stands for Western, Educated, Industrialized, Rich, and Democratic. The argument is essentially the same, that a lot of psych research is based on a narrow slice of the world population.

Defeating YouTube's Copyright Checker

I've been watching reruns of Glee recently and noticed something odd on YouTube clips of the show (what can I say, the tunes are catchy). Apparently, many of the clips have been posted in mirror image to defeat whatever system YouTube has in place to look for copyrighted materials. Very clever.

Tuesday, June 01, 2010

Onion Futures Act

I'm not making this up:

This law is notable as the first and only ban on the trading of futures contracts of a specific commodity in United States history, and as a unique modern case with which to study the effects of the existence of an active futures market on commodity prices.

I'm sure a more skilled comedian could come up with a good joke about The Onion, or build on the famous Simpson's reference.

Forbes on Disclosed to Death

Forbes Magazine has a nice article arguing that more disclosure isn't necessarily better, pointing out the complexity, the difficulty in making choices, and the legalese. My favorite passage:

One study found that despite the [Miranda] warning the overwhelming majority of suspects (78% to 96%) waive their rights ... "Next to the warning label on cigarette packs, Miranda is the most widely ignored piece of official advice in our society."

Four papers accepted to Ubicomp 2010

Our group had a good year for Ubicomp with four papers accepted, all on various aspects of privacy, location, and social networking.

Jialiu Lin, Guang Xiang, Jason Hong, Norman Sadeh. Modeling People’s Place Naming Preferences in Location Sharing.
This paper looks at how people name places when sharing with others.

Eran Toch et al. Empirical Models of Privacy in Location Sharing.
This paper examines what location information people share with others, using models of how public a place is, and how mobile that individual is.

Karen Tang, Jialiu Lin, Jason Hong, Norman Sadeh. Rethinking Location Sharing: Exploring the Implications of Social-Driven vs. Purpose-Driven Location Sharing.
Here, we examine the difference between two different kinds of location sharing. One is purpose-driven ("where are you now?"), the other is social-driven ("hey, I'm in Paris now").

Justin Cranshaw, Eran Toch, Jason Hong, Niki Kittur, Norman Sadeh. Bridging the Gap Between Physical Location and Online Social Networks.
Using co-location data, we apply machine learning models to make inferences about one's social network.

Monday, May 24, 2010

Droid vs HTC Hero

The Droid phones are really amazing in terms of functionality, though the biggest surprise for me is comparing the usability of the Droid vs the HTC Hero.

I've never liked virtual keyboards, so the Droid handily wins out here for me. However, the virtual desktop feels clunky on the Droid, but surprisingly useful on the Hero. In part, this is because the Hero comes with gorgeous widgets already set on the virtual desktop, providing easy access to photos, calendar, messages, and so on. These widgets are also far more useful than others I've looked for in the Android marketplace.

(I poked around to see if I could transfer the HTC widgets over to the Droid, but alas! It looks like these widgets requires additional software in the background. I'm hoping HTC will sell their widgets on the Android marketplace, but I doubt it since their goal is probably to differentiate their product so as to sell more hardware).

At any rate, if anyone knows of a good calendar app for Android, please let me know. It's embarrassing that my old trusty Palm Treo's calendar, which is not too different from the original Palm Calendar app, is far more useful and usable than a calendar app designed 15 years later.

Why Do Organizations Purchase Security Software?

After presenting at the ISSA CISO forum, I got into this really interesting discussion as to why corporations purchase security software. Given that I've been struggling to understand why technologies are and aren't adopted (especially those from the CHI community), I was naturally intrigued.

The manager of Schlumberger's enterprise services security listed three reasons:

  • There was a recent security incident
  • There is a new regulation or policy in place
  • The organization failed an audit recently

I'd add a fourth one, which is that everyone else is doing it. These days, people purchase firewalls, spam filters, and anti-virus software almost as a matter of fact.

Monday, May 17, 2010

Android SD Card Mounting

Note to self: to view the contents of the Android SD card on a PC, you plug it into the USB port and then in the Android notifications screen, choose to Mount it. Once you do this, though, you can't read or write to the SD card on the Android phone itself until it is unmounted.

Total elapsed time to figure this out: 46 minutes.

Thursday, May 13, 2010

Interesting Facebook Authentication

I just logged into Facebook while in Brazil, and was presented with an interesting challenge-response. Apparently, FB is doing some kind of profiling as to where you login (or alternatively, where lots of fake logins are happening).

After answering a captcha, I was presented with a series of photos from my friends list, and had to answer multiple choice questions, getting at least 4/7 correct.

I thought this was a compelling idea. The photos would be relatively hard for attackers to find, and not too hard for the owner to identify (unless you're one of those people that friend everyone they meet).

Thursday, May 06, 2010

Kook Emails

I can tell my research is getting more publicity. How? I'm starting to get more and more kook emails addressed to me. So far my favorite is the person that believes DARPA and NSA are monitoring his telepathic abilities (which, by the way, he's measured to have the same bandwidth as OC-192).

Recent Facebook Glitch Reveals Private Info

NYTimes reports on a rather nasty Facebook glitch that reveals personal info:

On Wednesday, users discovered a glitch that gave them access to supposedly private information in the accounts of their Facebook friends, like chat conversations.

I wonder what kinds of processes and procedures Facebook will put into place to prevent these kinds of things from happening in the future. Facebook is already facing a lot of heat from consumer groups regarding privacy. The worst case scenario for them is to have legislation passed dictating what they can and cannot do.

Not knowing anything about their system architecture and procedures, I'd suggest adding a significant number of regression tests for privacy, checking hundreds of scenarios to make sure that information that isn't supposed to be disclosed won't be disclosed.

Monday, May 03, 2010

People don't want backup...

A few weeks ago, Mark Bregman, Executive Vice President and CTO of Symantec, came by Cylab and gave a talk on Symantec's approach to customer-centric innovation.

He made a nice distinction between invention (which we researchers are very good at) and innovation (getting products out into the marketplace that people really want). He also made a statement that really resonated with me. After studying how people use backup systems, Symantec took a step back and thought more about what people really needed (and not what they said they wanted). It turns out it wasn't really backup that they needed, it was reliability, and backup was just one way of offering that.

I like this high-tech variant of "People don't want to buy a quarter-inch drill. They want a quarter-inch hole!". I'll find some ways to incorporate this idea more into my classes.

Comic on Psych Studies

This Saturday Morning Breakfast Club comic strip hits a bit too close to home.

Thursday, April 29, 2010

Emotiv Brain Computer Interface

Yesterday, Tanzeem Choudhury gave an overview of her work on modeling social networks based on sensor data. The machine learning was beyond my skills, but the core idea of basing the social network on real data and her early results were really fascinating.

I was also intrigued by her work on NeuroPhone as well. She and her colleagues were using Emotiv's Brain Computer Interface to interact with mobile phones, based on detecting brain patterns that fire off when people recognized the photo of the person they wanted to call.

Blog Resurrection

Going to resurrect this blog, it's been a really busy past year, with startup, research, and teaching.