Tag Archives: Software testing

Design: It’s All About Alarm Clocks

Business writer and entrepreneur Seth Godin throws out product ideas like other people throw out orange juice cartons:

For twenty cents or so, alarm clock manufacturers can add a chip that not only knows the time (via a radio signal) but knows what day it is too. Which means that they can add a switch that says “weekends.” Which means that the 98% of the population that doesn’t want to wake up on the same time on weekends as they do on weekdays will be happier (and better rested.)

But he’s not touting a new alarm clock, he’s making a point: “So why doesn’t every alarm clock have this feature?” he asks. “Because most people in that business are busy doing their jobs (distribution, promotion, pricing, etc.), not busy making products that people actually want to buy–and talk about.”

Indeed, companies are always far too busy doing what they’re doing to think about what they’re doing and wonder whether they can do it better. And, as Seth points out, this is because companies are compartmentalized into responsibilities, and brave is the person who tries to straddle departments.

The weekend alarm clock won’t be made by a big alarm clock company, it’ll be designed by someone like Gauri Nanda, who I mentioned a few weeks back as the inventor of Clocky, the alarm clock that goes walkabout. Gauri, needless to say, was working on her own.

Actually what I suspect happens in companies is that they just ignore the user entirely. This is partly because technical products are built (and much of them designed) by programmers and engineers. I hate to generalize, but these people thrive on complexity, not on usability. For them creating and mastering the opaque is an achievement, not a symptom of failure.

What usually happens is that there are two sides to product development: the people in the company who think it’s a good idea and the people who have to build it. But in my limited experience there’s no one in between who speaks both languages, and, most importantly, can see what the customer might expect and want.

This is the hardest bit: it’s called usability and it seems to be the last thing people think about. If you’ve ever grappled with an alarm clock, to continue Seth’s example, you’ll know what I mean.

My favorite is the alarm clock that makes a beep every time you press a button: not so useful if you’re trying to quietly set the alarm but not wake your loved one. One clock I have, despite being sophisticated enough to tell me the temperature, the time in Lima and how many thous in a furlong, even makes a beep when I hit the backlight button. And no, it can’t be switched off without a PhD in molecular biophysics.

I wish I could say that this is confined to alarm clocks, but it’s not. Nearly every device or program is dumb in its own way. But there are bright spots. One of the things I love about Web 2.0 is that the people designing the tools really seem to understand usability.

Of course, given the fact that Web 2.0 is one big feedback loop, where new versions pop up like mushroom after rain, it’s inevitable. But the result is websites that are easy to navigate and to figure out.

Apple, of course, figured this out long ago, But everyone else seems to be having problems understanding it. I tried out a website the other day which was supposed to help me find the best form of transportation between two places. The search engine was not smart enough to know a building’s earlier name, or even to recommend alternatives if I got the name slightly wrong.

The internal calculator was not smart enough to get the distances right (one walk I was asked to make between bus-stops would have taken me into the sea and halfway to the next country); neither was it smart enough to realize that was an error. All should have been spotted by any usability tests. All undermine the whole point of the website, which is to make it easy to figure out a way to get from A to B.

I won’t bore you with more examples: You are users, and you come across this stuff all the time. What worries me more is that we’re not listened to, at least in a way in that makes sense.

I was sitting in a seminar the other day listening to an employee of a global cellphone operator talking about she and her colleagues have been canvassing opinions about how consumers use cellphones. This is good, and what should be done, but I was surprised by how she went about it: Getting users together and asking them to make collages about how they use technology.

Frankly, I don’t think making collages is the right way to go about things. We need to get out on the streets, into the offices, bars and clubs, into the villages and factories, and observe how people actually use technology. Don’t expect people to fill in forms or do collages for you: Follow them around. Spy on them. I do.

One of the side-effects of the cellphone revolution is that it’s taken technology out of the usual places (office, den) and into every other room in the house (texting in the bath, watching mobile TV in bed) and beyond, into the bus stops, the subways, the village gazebo. Technology is now a seamless part of our lives. Researchers need to get out more.

The sad truth is that we’ve moved on and the geeks need to catch up. Because, lame as the alarm clock that beeps all the time and doesn’t know it’s the weekend is, nearly all our devices are no better: They’re too smart in the sense of feature density and too stupid in the interface that lets us use those features.

So, companies: Hire a usability consultant to tell you about your products and how they might be better. Or just try your own products: sleep in on a weekend or let your spouse try to find the alarm light button in the middle of the night and see how you like being woken up.

Then rub your eyes, get out of bed and head for the design table.

Seth’s Blog: Alarm clocks

Windows’ Gaping, Seven Month Hole

Quite a big hooha over this latest Microsoft vulnerability, and I readily ‘fess up to the fact that I didn’t really take this seriously. Seems like I wasn’t the only one.

But folk like Shawna McAlearney of SearchSecurity.com points out that the delay of 200 days between Microsoft being notified and their coming out with a patch is appallingly long. “If Microsoft really considered this a serious or critical vulnerability for nearly all Windows users, it should have been a ‘drop-everything-and-fix’ thing resolved in a short period of time,” Shawna quotes Richard Forno, a security consultant, as saying. “Nearly 200 days to research and resolve a ‘critical’ vulnerability on such a far-reaching problem is nothing short of gross negligence by Microsoft, and is a direct affront to its much-hyped Trustworthy Computing projects and public statements about how security is playing much more important role in its products.” Strong stuff.

So what is all the fuss about? The vulnerability in question can, in theory, permit an unauthenticated, remote attacker to execute arbitrary code with system privileges: That means a ne’er do well could do anything they want in your computer. And while it hasn’t happened yet, to our knowledge, it’s only a question of time, according to Scott Blake, vice president of information security at Houston-based BindView Corp.: “We believe attacks will be conducted remotely over the Internet, via e-mail and by browsing Web pages. We expect to see rapid exploitation — it’s simply a case of when it materializes.”

Paul Thurrot, of WinNetMag, weighs in with his view, pointing out that the flaw is a very simple one: “attackers can compromise the flaw with a simple buffer-overrun attack, a common type of attack that Microsoft has wrestled with since its Trustworthy Computing code review 2 years ago.”

News: A Patch In Time Saves You Online

 This from the guys at Information Security Magazine, a warning about some new, and serious vulnerabilities in Microsoft software. The most critical vulnerability is titled ?Flaw in Visual Basic for Applications Could Allow Arbitrary Code Execution? (MS 03037). Microsoft provided few details about the actual vulnerability, but says the flaw is dangerous and users of affected software should apply patches immediately. This is not just for techheads and sysops: Affected software includes Access (97/2000/2002), Excel (97/2000/2002), PowerPoint (97/2000/2002), Project (2000/2002), Publisher 2002, Visio
(2000/2002), Word (97/98(J)/2000/2002), Works Suite (2001/2002/2003) and several versions of Microsoft Business solutions.
 
There are other vulnerabilities too:
?Flaw in Word Could Enable Macros to Run Automatically? (MS 03035)
?Buffer Overrun in WordPerfect Converter Could Allow Code Execution? (MS 03036)
?Unchecked Buffer Overflow in Microsoft Access Snapshot Viewer Could Allow Code Execution? (MS 03038)
?Flaw in NetBIOS Could Lead to Information Disclosure? (MS 03034)
 
If we’ve learned nothing in the past month, we should have at least learned to patch, patch and keep patching.