Persistent Inappeasable Mind

thoughts about personal information management, human-computer interaction, interfaces, software ...

Calendar

Back October '14 Forward
Mo Tu We Th Fr Sa Su
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

Statistics

Last entry: 2014-09-26 08:49
339 entries written
152 comments have been made

Friday, September 26. 2014

The light switch not in sync

Physical Interfaces

This one is from "45 Photos That Will Annoy You More Than They Should". I'd say 'no way' but I have seen this so many times. WHY?!? This is not helping us to make mental maps of the world at all. This is probably just some electrician playing a trick.


Sunday, September 7. 2014

Download Organizer: an app for adding organisation to dump collections

PIM & Research We have three basic forms of information collections

  • Project collections: formed to support work on a project, contain project related files of diverse file formats organised in elaborated organizations [1, p 139].
  • Reference collections: include information items of usually one format, have a fairly flat organizational structure and are organised by metadata or key (time, name, topic) [1, p 139] (e.g. a collection of academic literature, a collection of music files).
  • Dump collections: are formed of arbitrary information items and usually consist of information that cannot be classified in the above collections [2]. The placement is usually of a temporary nature and items from them are sometimes deleted or renamed and moved to appropriate locations once their role is determined.But often they just remain untouched and forgotten.

Frequent dump collections are downloads folder and desktop folder. The downloads folder can be easily organised by e.g. creation time. But the Download Organiser (£2.99) pushes things further as it can:

  • automatically organise downloads by websites
  • organise based on user defined filters (file type, size, source)
  • open, preview files and open a containing folder
  • rename files from notifications when they are downloaded

It is an interesting idea on how to organise semi-automatically acquired files drawn form the considerate research on automatically organised email based on various criteria [3].


[1] W. Jones. Keeping Found Things Found: The Study and Practice of Personal Information Management. Morgan Kaufman, Burlington, MA, 2008.

[2] A. Kamaruddin, N. Admodisastro, and A. Dix. Before and after: User’s knowledge maturity within personal information management. International Journal of Scientific & Engineering Research, 4, Issue 5, May 2013.

[3] M. Kljun, J. Mariani, A. Dix. Transference of PIM Research Prototype Concepts to the Mainstream: Successes or Failures Interacting with Computers, Oxford University Press. First published online: November 12, 2013

Saturday, August 30. 2014

Is pasword management possible the way we are told it should be

PIM & Research

I just bumped into this story about 51% of internet users share their passwords. The  research result showed that

  • users are putting their personal information at risk by sharing user names and passwords with family, colleagues and friends and
  • they are potentially putting their personal information at risk by leaving themselves logged in to applications (e.g. email and social network) on their mobile devices.

Based on recommendations by security experts we should:

  • have a different password for every service/website/app we use
  • choose password of 8/10/12 chars long with a combination of letters, cases, symbols, numbers
  • never write down any of these passwords
  • never share any of these passwords
  • change passwords every X days
  • log out of any website/app when not using it

Is this possible?

I have 297 different passwords for web pages alone not counting routers, servers (ssh), etc. Do I know them all? Not really. The above recommendations are not feasible for the plethora of services we use today! Knowing them all would be mind blowing and time consuming. There are password managers that are of great help here. But this means that these passwords are written down and usually accessible with a master password. So one password to access all of them.

What about changing passwords every X days. This again would be an overkill. Having a calendar and change passwords for services we don't even care about or use every now and then. Not possible.

What about sharing. Sharing passwords with a partner is reasonable for many people. While some accounts can be shared among two or more (e.g. ISP, Netflix and even a bank account), people often share their-only-services' passwords (e.g. email) in case of hit-by-a-bus scenario. Not everyone is prepared to do it but many do. Sharing with colleagues can happen in some cases when several people cover each other or when they check the same service (e.g. an email account). I suppose the password sharing in this group is way lower than between partners. And sharing passwords with friends ... well ... maybe if they fix your IT equipment ...

And about logging out of web pages and apps. On the desktops where we are sole users I don't see the point. Well I don't see the point to logout of gmail (facebook, last.fm, twitter, you-name-it) on my mobile phone either. The point is to be logged in to get email/tweets/you-name-it in real time. This is why we have a lock screen.

So there is nothing surprising about this study. We can't really manage the passwords the way security managers want us to. There are a few security issues we have to sacrifice to make our life easier.

I use different and strong passwords for every service but I know by heart just 5 of them. I keep all passwords in a password manager with a strong master password which I share with my wife. On my desktop computer my browser knows all these passwords (which are not synced on any other device). I have my screen locked on my phone so people can't just access apps I'm logged in. And gosh, I probably changed some of these passwords over a year ago :/.

I don't see the problem in users. Rather the problem lies in the technology and how AAA is currently designed and implemented. There are other methods of authentication like: hardware and software tokens, digital certificates, challenge-response, biometrics, out-of-band authentication, one-time passwords like TAN, etc. While some might be more secure they are harder to implement and impose additional burden on users.

Another solution are OAuth and OpenID. The problem with the former is that many services take advantage of accessing other pieces of information besides authentication token (and many users don't know this). The problem with the latter is that its implementations are different and there is no uniform user experience. Besides, web pages don't get anything in return and users are more or less anonymous to them which is now addressed with OpenID Connect. If big companies don't push it forward (and why would the as e.g. FB has already Facebook Connect) it will not be easily adopted by general public. Besides a few successful stories (e.g. StackOverflow) OpenID doesn't really thrive.

Do I have a better solution? Unfortunately not. Until then we are left with username/password couple as the less costly and easiest solution for the benefits provided.

Saturday, August 23. 2014

The other side of could storage: how cloud storage can save the day

PIM & Research

A few posts back I wrote about a Dropbox disaster. To be fair, on many occasions Dropbox can save us as from our own mistakes


I was talking about it with a friend who wanted to close Dropbox account and took these steps:

  1. Opened Dropbox webpage and logged in.
  2. Deleted all the files stored on Dropbox.
  3. Then he uninstalled the client from his computer.

Only to realise that all the files were deleted on his computer as well! Fortunately Dropbox keeps the backup for 30 days and he was able to restore all his files.

Although I wrote that cloud storage can save us from our own mistakes the blame for what happened here is partly also in how Dropbox is designed. I suppose the designers haven't predicted all possible user actions and they just expect (as many times) the user to understand the cores of the technology. If one deletes everything on the website a BIG RED waning should be in place :).


Another friend shared this story. A night before submitting his thesis he permanently deleted it by accident (thinking about another file) from his Dropbox folder. He opened a website and realised that it was deleted there too. Only a few moments later he found a bin on the website and restored.


And I was able to get an old version of a file once after I have deleted a substantial part of the content.


...

As there are plenty of Dropbox related disasters covered online, there are plenty of stories of Dropbox helping to recover from a disaster:

Just don't let the cloud storage be your only backup!


Sunday, August 17. 2014

Costly spelling mistakes in filenames

PIM & Research

I was searching for a file for about an hour before realising I made a spelling mistake in the file name. I searched the web for similar stories. Unfortunately there aren't many. And the ones I found were not about one's own mistakes.

  • A builder for bootsptrap (written by a person) saved a bootstrap javascript file with a wrong name. There were many posts about this bug that made a lot of people wonder why the file could not be found.

"At javascript.html I can build bootstrap.min.js via http://bootstrap.herokuapp.com but return filename is boostrap.min.js. First time I didn't seen typo and saved it as is. Then I was unable to access bootstrap.min.js served by nginx and notified typo in filename."

  • I suppose this person had a similar problem than me (or maybe not) and posted a Superuser question about real-time spell checker for folder names. By the way, this is not possible in real-time at the moment but it is a really good idea to implement in current operating systems.

"Many programs are available to check for spelling mistakes or wrong grammar. Is it possible to use spell checking on folder names?"

I'd love to find more stories about it. I remember Keeping Found Things Found project that had a forum dedicated to PIM stories/mistakes - Tales of PIM. But it never got a spin and is under maintenance at the moment. Apparently people don't want to talk about their PIM problems or they just don't think about them. Once I read about how people feel guilty if not knowing something about technology and they rather pretend to know how to operate it than admit the lack of knowledge. I also read about how people feel ashamed at mistakes made even if interface is to blame. I just can't remember the sources. Maybe PIM is similar in this respect - people maybe feel that they are the only ones to blame for mistakes made.