29
Dec 13

My predictions for wearables in 2014

It’s the season for predictions, so I thought I’d offer you my predictions about wearables in 2014.

  1. Wearables will continue to be nerd porn in 2014 (in other words, when you say “wearable devices”, most normal people will respond, “what?”)
  2. Many wearable devices will be proposed by vendors.
  3. Too many of those will actually make it to market.
  4. A few of those will be useful.
  5. A handful of those will be aesthetically pleasing.
  6. A minute number (possibly 0) of those will actually be usable.

20
Dec 13

Security and Usability – Yes, you read that right.

I want you to think for a second about the key you use most. Whether it’s for your house, your apartment, your car, or your office, just think about it for a moment.

Now, this key you’re thinking of is going to have a few basic properties. It consists of metal, has a blade extending out of it that has grooves along one or both sides, and either a single set of teeth cut into the bottom, or two sets of identical teeth cut into both the top and bottom.

If it is a car key, it might be slightly different; as car theft has increased, car keys have gotten more complex, so you might be thinking about a car key that is just a wireless fob that unlocks and or starts the car based on proximity, or it might be an inner-cut key as is common with many Asian and European cars today.

Aside from the description I just gave you, when was the last time you thought about that key? When did you actually last look at the ridges on it?

It’s been a while, hasn’t it? That’s because that key and the lock it works with provide the level of security you feel that you need to protect that place or car, yet it doesn’t get in your way, as long as the key and the lock are behaving properly.

Earlier this week, I was on a chat on Twitter, and we were discussing aspects of security as they relate to mobile devices. In particular, the question was asked, “Why do users elect to not put a pin/passcode/password on their mobile devices?” While I’ve mocked the idea of considering security and usability in the same sentence, let alone the same train of thought while developing technology, I was wrong. Yes, I said it. I was wrong. Truth be told, Apple’s Touch ID is what finally schooled me on it. Security and usability should be peers today.

When Apple shipped the iPhone 5s and added the Touch ID fingerprint sensor, it was derided by some as not secure enough, not well designed, not a 100% replacement for the passcode, or simply too easy to defeat. But Touch ID does what it needs to do. It works with the user’s existing passcode – which Apple wisely tries to coax users into setting up on iOS 7, regardless of whether they have a 5s or not – to make day to day use of the device easier while living with a modicum of security, and a better approach to securing the data, the device, and the credentials stored in it and iCloud in a better way than most users had prior to their 5s.

That last part is important. When we shipped Windows XP, I like to think we tried to build security into it to begin with. But the reality is, security wasn’t pervasive. It took setting aside a lot of dedicated time (two solid months of security training, threat modeling, and standing down on new feature work) for the Windows Security Push. We had to completely shift our internal mindset to think about security from end to end. Unlike the way we had lived before, security wasn’t to be a checkbox, it wasn’t a developer saying, “I used the latest cryptographic APIs”, and it wasn’t something added on at the last minute.

Security is like yeast in bread. If you add it when you’re done, you simply don’t have bread – well, at least you don’t have leavened bread. So it took us shipping Windows XP SP2 – an OS update so big and so significant many people said it should have been called a new OS release – before we ever shipped a Windows release where security was baked in from the beginning of the project, across the entirety of the project.

When it comes to design, I’ve mentioned this video before, but I think two of Jonathan Ives’ quotes in it are really important to have in your mind here. Firstly:

“A lot of what we seem to be doing in a product like that (the iPhone) is getting design out of the way.”

and secondarily:

“It’s really important in a product to have a sense of the hierarchy of what’s important and what’s not important by removing those things that are all vying for your attention.”

I believe that this model of thought is critical to have in mind when considering usability, and in particular where security runs smack dab into usability (or more often, un-usability). I’ve said for a long time that solutions like two-factor security won’t take off until they’re approachable by, and effectively invisible to, normal people. Heck, too much of the world didn’t set ever set their VCR clocks for the better part of a decade because it was too hard, and it was a pain in the ass to do it again every time the power went out. You really don’t understand why they don’t set a good pin, let alone a good passcode, on their phone?

What I’m about to say isn’t meant to infer that usability isn’t important to many companies, including Microsoft, but I believe many companies run, and many software, hardware or technology projects are started, run, and finished, where usability is still just a checkbox. As security is today at Microsoft, usability should be embraced, taught, and rewarded across the organization.

One can imagine an alternate universe where a software project the world uses was stopped in it’s tracks for months, redesigned, and updated around the world because a user interface element was so poorly designed for mortals that they made a bad security decision. But this alternate universe is just that, an alternate universe. As you’re reading the above, it sounds wacky to you – but it shouldn’t! As technologists, it is our duty to build hardware, software, and devices where the experience, including the approach to security, works with the user, not against them. Any move that takes the status quo of “security that users self-select to opt into” and moves it forward a notch is a positive move. But any move here also has to just work. You can’t implement nerd porn like facial recognition if it doesn’t work all of the time or provide an alternative for when it fails.

Projects that build innovative solutions where usability and security intersect should be rewarded by technologists. Sure, they should be critiqued and criticized, especially if designing in a usable approach really compromises the security fundamentals of the – ideally threat-modeled – implementation. But critics should also understand where their criticism falls down in light of the practical security choices most end users make in daily life.

Touch ID,  with as much poking, prodding, questioning, and hacking as it received when it was announced, is a very good thing. It’s not perfect, and I’m sure it’ll get better in future iterations of the software and hardware, and perhaps as competitors come up with alternatives or better implementations, Apple will have to make it ever more reliable. But a solution that allows that bar to be moved forward, from a place where most users don’t elect to set a pin or passcode to a place where they do? That’s a net positive, in my book.

As Internet-borne exploits continue to grow in both intensity and severity, it is so critical that we all start taking the usability of security implementations by normal people seriously. If you make bad design decisions about the intersection where security and usability collide, your end users will find their own desire path through the mayhem, likely making the easiest, and not usually the best, security decisions.

 


17
Dec 13

Goodbye, Facebook

As I posted on Facebook earlier today. Don’t worry, FB, I’m still not using G+ either, as you two rapidly collide into each other.

I’m not going to make this complicated, Facebook. It’s not me, it’s you.

I liked it when we first met, I thought it was cool how you’d help me find friends, family, co-workers I hadn’t talked to for years, even some people I’ve known since preschool. That was nice, and you didn’t try to grab my wallet every time a friend would join, like some of the “social networks” did before you came along (looking at you, Classmates).

But over the years, you’ve gotten a little bit creepy, and you rarely tell me anything new or important anymore. In fact, in terms of a “social network”, you don’t really do much for me in terms of telling me what family and friends are really up to. Instead, my wall isn’t about what is important to me, it’s ads, links from Upworthy, ThinkProgress, and other sites that have learned how to game the social graph to become front and center. Now your content is just as worthless as when Google let Demand Media and others game SEO to backfill the Web with crap content.

I’m not exactly sure what demographic you’re trying to tune Facebook for, and it sure seems like you may not know either.

So with that, Facebook, I’m gonna have to let you go. I’ve downloaded my archive (man, we did have some good times), and I’m going to have to let you go. Tomorrow afternoon, I’m pulling the plug. If you ever need to find me, I’m easy enough to find on the Web, email, and Twitter.

Take care, Facebook. I hope you figure out what the heck you want to be when you grow up.

Wes Miller


15
Dec 13

Letter from Thomas Jefferson to Eli Whitney Regarding the Cotton Gin

Jefferson, Thomas
Nov. 16. 1793
Germantown
Eli Whitney
Whitney, Eli
TO ELI WHITNEY J. MSS.

Germantown,
Nov. 16. 1793.

Sir, —
Your favor of Oct. 15. inclosing a drawing of your cotton gin, was received on the 6th inst. The only requisite of the law now uncomplied with is the forwarding a model, which being received your patent may be made out delivered to your order immediately.

As the state of Virginia, of which I am, carries on household manufactures of cotton to a great extent, as I also do myself, and one of our great embarrassments is the clearing the cotton of the seed, I feel a considerable interest in the success of your invention, for family use. Permit me therefore to ask information from you on these points. Has the machine been thoroughly tried in the ginning of cotton, or is it as yet but a machine of theory? What quantity of cotton has it cleaned on an average of several days, worked by hand, by how many hands? What will be the cost of one of them made to be worked by hand? Favorable answers to these questions would induce me to engage one of them to be forwarded to Richmond for me. Wishing to hear from you on the subject I am c.

P.S. Is this the machine advertised the last year by Pearce at the Patterson manufactory?

Thomas Jefferson

Excerpt From The Works of Thomas Jefferson, Vol. 8.


09
Dec 13

Thomas Jefferson on congressional conflict of interest

“I said that the two great complaints were that the national debt was unnecessarily increased, that it had furnished the means of corrupting both branches of the legislature. That he must know everybody knew there was a considerable squadron in both whose votes were devoted to the paper stock-jobbing interest, that the names of a weighty number were known several others suspected on good grounds. That on examining the votes of these men they would be found uniformly for every treasury measure, that as most of these measures had been carried by small majorities they were carried by these very votes. That therefore it was a cause of just uneasiness when we saw a legislature legislating for their own interests in opposition to those of the people”

Excerpt From The Works of Thomas Jefferson, Vol. 1.

The more things change, the more they stay the same.


08
Dec 13

Siri, Topsy, and the Web – Context is everything

Last night, my youngest child and I were talking, and I wound up telling her about the scene from 2001: A Space Odyssey where the HAL 9000 computer, as he is being disassembled, sings the old song Daisy to Dave Bowman. My child loves music, and didn’t see the irony in immediately asking me, “How does the song go?” So I taught her – she hadn’t ever heard it before. At the time I didn’t get the irony in doing that either – not until I woke up this morning.

Think about that line right before Dave tells HAL to sing him the song:

“My instructor was Mr. Langley, and he taught me to sing a song. If you’d like to hear it I can sing it for you.”

Topsy is Siri’s Mr. Langley.

A little over two years ago I wrote about how Siri was the start of Apple escaping the Web, and escaping Google search. In that piece, I discussed how important context was for Siri. Over the last few years, Siri has been improved as Apple has connected it to (often very contextually specific) sources, such as sports and movie information, and demonstrated them at WWDC.

However, Siri had, and continues to have, rather large holes in her knowledge set. What we think of as very simple questions, Siri cannot answer. The child of mine I mentioned earlier is fascinated with technology, and Siri in particular. Periodically, she will come up with random obscure queries and throw them at Siri. While the Siri system often can’t answer them, sometimes it can.

Twitter is amazing because it can provide insight into the zeitgeist (the Web’s short-term memory), but it also has such knowledge of long-term events along a timeline as they happened. In many ways, Twitter is a bit of a knowledge mechanical turk, where Twitter users mine the Web and real-time events and surface their knowledge in discrete snippets of information. Topsy was uniquely situated to surface Twitter’s knowledge in an API-driven way, and is ideally situated for Apple to integrate into Siri (since Siri doesn’t really learn anything, it just connects into other systems.

Many people have said Topsy was acquired to enhance advertising or iTunes content. Both are tangentially right. But ads have never appeared to be a primary focus for Apple – which makes sense, because the customer they build their hardware, software, and services for usually isn’t a fan of ads. That said, the analytics from Topsy Pro could well wind up integrated into iAds. We’ll see in time. As for content discovery? Sure, that’ll happen too, and people will buy content as a result of their searches. But I don’t believe that this is what this acquisition was about.

People expect Siri to be able to answer their queries, and if it can’t, they disengage from the service, and potentially from Apple’s platform, if they don’t find that it just works the way they expect. That’s why I believe Topsy has everything to do with Siri, and that’s where the team will end up, and how we’ll see the technology demonstrated at WWDC next summer.

A few pundits have also made the association to Siri, but most analysis I’ve seen seems to focus on real-time search, not mentioning the (relative) long-term knowledge that Topsy surfaces from Twitter, and how that can only grow over time. Just as importantly, as I understood it Topsy had created an algorithm that enabled tweets to be sorted geographically. This is invaluable to Apple, as it then gives Siri location-based context, and will let the system help users find resources near you that others are discussing in near real-time through the Twitter firehose. I think the acquisition of Topsy by Apple is good news for Apple and their customers, as well as Twitter itself and Twitter users. I think it’s really bad news for Google.


03
Dec 13

Walter Chrysler on Troubled Companies

“The first thing I do when I start to look into the affairs of a failing company is to study the personnel of the organization and the individuality of the men. I am concerned first of all with executives, because if their principles are not right it is useless to look for results from the men. When I have measured up in my own mind the capacity of the executives, I get out into the operation of the plant and watch the men. I look around to see how many of them are standing still and how many of them are moving around the plant. Highly paid workmen should be busy with accomplishment, not useless motion. If there is a lot of movement I know the plant is being badly operated.

I do not believe in idle machines or idle men. Outside of the idle investment involved, it is bad policy. If a man is working next to an idle machine it not only has a bad effect on him mentally, but he takes less care of his own machine because he thinks he has a ready substitute. I believe in keeping people out of temptation, for many of them cannot resist it.” – Walter Chrysler – Excerpt From Automotive Giants of America (iBooks)

Even though the above advice is almost a century old, I believe it is still quite relevant. Too many companies today waste far too much time on meetings, bureaucracy, and busywork.


02
Dec 13

Jeff Bezos on Disruption

In general, the 60 Minutes interview of Jeff Bezos felt largely like a marketing piece. But what Bezos says at 13:30 is great.

“Companies have short lifespans… And Amazon will be disrupted one day…
I don’t worry about it because I know it is inevitable. Companies come and go. And the companies that are the shiniest and most important of any era, you wait a few decades and they’re gone.” – Jeff Bezos on 60 Minutes, Dec. 1, 2013

 

 


27
Nov 13

Resistance is Futile or: GenTriFicatiOn

The vocal minority. You’ve heard of them, but who are they?

Companies often seek to change their status quo by modifying how they do business. Generally, this is a nice way of saying just they want more. More what, you ask? Traditionally, it would have meant they simply want more money, as in raising the cost of the goods they are selling (or lowering the cost that they will pay to suppliers or partners). These of course are done to increase revenue, or decrease operating expenses, respectively.

In today’s world, personally identifiable information (PII) isn’t just data, but instead is a currency which is invaluable to advertisers. While Google was the first to really succeed in this economy (of sorts), Facebook, Adobe, Microsoft, and anybody else with skin in the Internet advertising or analytics game is in the same position today. For these companies, their ask is an ever increasing cross-section of your identity. In exchange, they offer you “free” services. However, like any other business, they want an ever-increasing amount of your personal information in order to continue delivering that service. We’ve seen it with Facebook and their PII land grabs really beginning in earnest in 2010, and we’re seeing it at the current time with the encroachment of Google+ across Google sites where legacy communities aren’t very welcoming to the G+ GenTriFicatiOn.

Whether you’re talking about raising costs (reducing expenses) or asking for increasingly accurate PII, these price uplifts (or gazumps) are often not greeted warmly. In fact, there’s usually a vocal minority that quite often speak out and fight the change.

On Twitter yesterday, Taylor Buley asked if the uproar due to YouTube’s shift to Google+ could generate enough momentum for a real YouTube competitor.

I responded to Taylor at the time that I didn’t think it could. Back in 2010, when Facebook made their (at that time) largest shift in privacy policy, there was a rather large outcry by people bothered by the changes. The alternative network Diaspora was launched (and failed) out of this outcry.

There comes a certain point where these outcries cause an opinion to turn into a degree of a PR problem. But this PR problem is usually short lived. In the end, only two things can happen:

  1. The change is reversed (unlikely, as it causes a strategic retreat and a tactical reassessment)
  2. The turbulence subsides, the majority of users are retained, and some of the vocal minority are lost.

I consciously chose the term GenTriFicatiOn when I was describing Google+ earlier. Google is trying to build a community of happy PII sharers. But a lot of Google’s legacy community citizens don’t fit that mold. Google’s services are provided “free” in exchange for the price that they (Google) deems adequate. If you don’t want to pay that price, Google seems happy to see you exit the community.

Google today, like Facebook several years ago, is in the position of the chef with a frog in a pot. Slowly turning the heat up, and actually trying to excommunicate users who aren’t going to be willing participants in the Google of Tomorrow. Facebook most likely flushed the vocal privacy critics several years ago. Consider this Google Trends chart on the query “Facebook privacy”. While there is a regular churn on the topic, high water mark event H aligns nicely with the most contentious (to that date) privacy changes Facebook made, back in 2010.

Facebook_privacy

When Google shut down Google Reader last year, there was a huge outcry. However, Google obviously knew the value that Google Reader users provided in terms of PII sharing before it shut down the site. (Answer? Not much.) As a result? A huge outcry followed by a deafening thud. Google didn’t lose much of what they were after, which is those data sharing, Google loving users. See the Google Trends chart of the Google Reader outcry below. Towards the right we can see the initial outcry, followed most likely by discussion of alternatives/replacements and… resignation.

Google_reader

When these sites increase their PII cost to end users (let’s call these end users producers, not consumers), they’re taking a conscious gamble. The sites are hoping that the number of users who won’t care about their privacy exceeds the number of users who do. In general, they’re likely right, especially if they carefully, consciously execute these steps one by one, and are aware of which ones will be the largest minefields. Of those Google properties remaining to be “Plussed”, Google Voice is likely the most contentious, although YouTube was also pretty likely to generate pushback, as it did. Again, those vocal users not happy with the changes aren’t going to be good Google+ users, so if Google+ is where Google believes their future lies, it’s in their best interest to churn those users out anyway.


22
Nov 13

Mutually Assured Distraction

Have you recently updated an app your computer or your smartphone (or accessed your favorite Web app), and been faced with the arrival of:

  1. New features out of the blue
  2. Changed behavior for existing features
  3. A release that removes or breaks a feature you frequently use
  4. A user interface change that completely modifies the way the app works?

If so, you might be a victim of mutually assured distraction (MAD). MAD can also alternatively be referred to as competitive cheese moving. 

Once upon a time, software companies released software on semi-predictable schedules, with a modicum of cheese moving. User interface elements might have been moved, but users familiar with the application (or sibling applications) could find their way around with some degree of ease.

However, with the arrival of milestone-driven and Web-based software, we increasingly find ourselves facing a world where applications we are comfortable with and used to are rapidly, somewhat inexplicably, shifting on us (quick apps?). Faced with increasing competition and the agile software approaches used by competitors, more and more (and larger and larger) software companies are pushing out software that’s sort of done, sort of usable, and sort of documented.

Mutually assured distraction allows company A to volley out a marketing message when they hit their milestone and release, only to be responded to when company B (and company C, D, ad nauseum) releases it’s own milestone months or weeks later – and the process repeats. With each milestone burp of a release, little nuanced changes in the software arrive, and it is up to the end user of the software to figure out what changed, if the implementation of their favorite checkbox feature from company B works better than the implementation of checkbox feature from company A did a month and a half ago. Or if it’s still even there.

The problem with MAD is the position it puts end users in (not to mention the organizations/employers that still support them, as these applications still often have to be used for collaboration between two or more employees – that is, people have to get work done).

Adding “value” all the time may seem like a boon for the end user. But it really isn’t. It makes understanding the features of the application as it exists today hard enough, and the reality is that no end user has the neurons available (or desire) to keep track of all the changes coming in the application. They just want to get things done and use software and hardware that just works.

It’s one thing when you add a completely new feature that doesn’t really shift the way the app works for end users. It’s something else entirely when you remove or modify functionality that users depend upon and are comfortable using. When you do that, you’re violating a cardinal rule of building software:

Don’t shit on your end user’s desk.

Yes, it seems simple enough. People don’t like surprise. They don’t like it when you move things around just so you can say, “Look! We changed things! We improved it! LOOK AT THE VALUE YOU’RE GETTING!!!”

If you’re going to make your development milestones visible to end users, you darn well better give them some clue about what features you plan to add back (and ideally, some timeframe for when you plan to do so). For me, I think that this increasingly industry-wide move to faster and faster releases of key software applications creates an unsustainable cadence where users can never be fully productive with the application, and anyone responsible for supporting, deploying, or licensing applications for them is in for just as much pain, or more.