Tuesday, July 29, 2008

Spam from GMail

I really like how GMail matches its advertisements to the content of my email. In this case, I had just marked an email as spam:

Sunday, July 6, 2008

Real World Worst Case Design

My father-in-law has Alzheimer's, so when I saw a post about a device that was supposed to help people with dementia, of course I read it.

The Memento Memory Lifebook is designed as a "wearable mobile product solution" to serve as a multi-faceted holistic mobile memory aid device as well as providing a security safeguard for elderly individuals with mild-to-moderate dementia.

It's a cool concept, the designer (Peter Sin Guili, a product design student at LaSalle-SIA College of the Arts in Singapore) thought a lot about the problems of potential users, and the design reflects thinking about those problems. That's a good start for any designer right there. The design is a "diploma project," meaning it will probably never see the light of day as a real product. Unfortunately, that's probably a good thing. I say it's a good thing because I think the design is off-base for its target market. And I say it's unfortunate because it would be great if there were a product that could help like Peter aimed to.

To say that there are special needs for people with dementia is an understatement.

Even in the early stages of Alzheimer's, I saw a gap between what my father-in-law thought he could do and what he could actually do. After retiring, he acquired a PC at home (he'd had one at the office), but, despite many hours of computer lessons, he was unable to learn how to use Outlook Express, Quicken, or Internet Explorer. They were the only programs he needed and they're not complicated programs.

As the disease has progressed, that gap has widened. At this point (about five years in), he has lost many skills that he once had. He thinks he can drive, but he can't. He thinks he can make phone calls, but he can't without assistance. And, perhaps surprisingly, it's more likely that he could drive than make a phone call on his own. If you're not going any place in particular, driving is very reactive -- the car is moving and you respond to what's happening. (I'm not saying this is safe!) But, to make a phone call, it's necessary to remember the number being dialed, and which digits you've already dialed, from start to finish. It's beyond him. And the gap applies even more to learning new things than to things that he already knows. At one point, we considered getting him a simple cell phone (like one of the ones with just two buttons) but we realized it would make less sense to him than the cell phone he already had and couldn't use. Even though it's simpler, it would be new. As he has declined, we kept thinking of technological solutions to help him and kept realizing that they wouldn't help at all.

In executing the design of the Memento Memory Lifebook, the designer made a list of things that would be a problem for someone with dementia, then came up with solutions for each of those problems -- a phone directory, a GPS locater, an RFID scanner for tracking belongings, medical reminders, photo reminders, etc. The device has a few clearly-targeted functions, clearly marked with simple icons. For many situations, those would be good designs.

But, the dementia patient doesn't know what they don't know.

They're confused, but they think they don't need any help. This means that, here, you need to look at the worst case, not the best case, or even the average case, and the sad reality is that people with dementia won't be able to figure out a device lke this at all or, for that matter, remember to use it. Normally, worst case design means that you're trying to avoid breaking in the worst case -- optimize for the average case, survive the worst case.

Here, we need to optimize for the worst case, because all of the users will eventually get there. And, unfortunately, the intended users are incapable of learning to use and using the device. From my experience, I think this is probably true even with people in early stages of dementia. And we complain when users don't read the manuals! Looking at the worst case, I would posit an underlying design axiom -- the product has to work without user interaction. For example, I see my father-in-law wandering around his house, looking for something to remind him of what he's supposed to be doing. He always thinks he's busy, but he can't remember what he's busy with. If you took the idea of using an RFID sensor and made it programmable by a caregiver, then made it announce recognized places and objects automatically as they were noticed, you might have something. But, even then, there are huge hurdles, like having him remember to wear this foreign object, him wondering why it's talking to him, etc. I honestly don't know if there are any technological solutions that can help.

It's nice to see designers, even a student designer, thinking about problems like this. I do applaud that. And I wish it was an easier problem.

See also: Gizmodo, MedGadget.

Tuesday, July 1, 2008

Stupid Password Policies

I have a friend who has a whole bunch of passwords written down, on a whole bunch of Post-It notes, right next to her computer. Why on earth would she do that? Well, it's not her fault. It's the fault of overzealous web sites that not only force her to have complex passwords, but have conflicting rules. She can't make up one password that she uses everywhere.I frequently recommend that people make up a rule for their passwords -- for example, name of their dog and a number, followed by something they can associate with the web site. This way they only have to remember a single, simple password but have a more complex password. This way, they might have passwords like spot3nile for Amazon, spot3junk for Ebay, spot3green for American Express, etc. But even this fails miserably because there are so many different conflicting standards. It's all part of the fake security that so many web sites have.Here are some of the password policies that I've seen recently:

  • no restrictions at all
  • 6 or more characters, no restrictions
  • 6-8 characters, at least one non-letter, symbols are recommended
  • 6-8 characters, at least 1 letter and at least 1 number, and at least 1 symbol
  • 6-8 characters, at least 1 letter and at least 1 number, and at least 1 symbol
  • 6-8 characters, at least 1 letter and at least 1 number, no symbols allowed
  • 8-12 characters, at least 1 uppercase, 1 lowercase, 1 number, no symbols allowed
  • 6-8 digits
I'm sure the list could be much larger if I did some research. In addition to this, there are case-sensitive and case-insensitive passwords. The thing I hate the most is the insistence on an upper case letter (the USPS web site is one of the sites that does this). I invariably forget the requirement and can't log in. Maybe if their web site said "don't forget: our stupid password policy means that your password has an uppercase letter in it" it would help me. I even use one web site where they use a Flash object that times inter-character intervals to see if it's really you typing your password. If you don't type your password in the same way, they ask you one of three random follow-up questions to make sure it's you. Without fail, every single time I have logged in, I have been asked one of the follow-up questions. Why not just ask it in the first place?!To make the whole situation even stranger, many sites provide a password reset mechanism which is incredibly easy to break. All you need is my zip code and my mother's maiden name, or some nonsense like that. I don't think I've ever seen a question that my brother and my wife wouldn't know the answer to. Hell, my kids know most of the answers!Who exactly are these password policies helping? 

Update: Serendipity! Just saw a New York Times Bits posting on pretty much this same topic: Falling Over Fallback Password Questions. An extra point from a comment that I wish I'd remembered -- how many sites are there that, after requiring you to use a ridiculously long and complex password, that you may well be using on other sites, simply email it to you in plain text when you go through the reset mechanism? What are they thinking?

Form Over Function

I recently bought a Jawbone Noise Assassin Bluetooth headset. The Jawbone, in many ways, is a designer's dream, starting with the packaging, which is incredibly elegant -- a clear plastic shell that contains black, folded paper boxes, a delight to open and explore. The headset itself is gorgeous. It's small, lightweight (about 1/3 oz), and comfortable. It comes with leather-wrapped earloops in two sizes, plus two more thin ones designed for use with eyeglasses, and three sizes of earbuds. It comes in black, silver, and gold.

There are a lot of nice touches to the design. One example: the first time you turn it on, it automatically starts in pairing mode so you can connect it to your phone. And, of course, it has the main selling point -- world-class background noise elimination which uses a combination of a patented voice-activity sensor and "advanced DSP algorithms," which have been improved singe the original model (the Jawbone Noise Shield). It may well be the best Bluetooth headset on the market. But, despite all this, there are a couple of significant missteps -- in which the designers have gone for form over function.

Buttons Aren't Bad 

First, for some reason, the designers seem to think that buttons are bad and they tout the fact that there are no visible buttons. Here's what they say:
No Visible Buttons
The "invisible button" policy at Jawbone accomplishes a clutter-free look. Touch-surface technology allows the user to operate switches by lightly pressing the outside shield.
I don't object to invisible buttons per se, but it seems the desire to hide the buttons has overridden the usability of the design. Take a look at the position of the Talk button:


How do you press this button? Well, basically, you press the whole headset into your ear. I don't know about you, but pressing a headset into my ear isn't comfortable, even with a super lightweight headset like this. To turn the headset on or off, you have to press that button for 2 seconds. I will note that this is an improvement from the first Jawbone, where both buttons required pushing the headset into your ear and they took noticeably more pressure to activate. Next time around, how about positioning the buttons so that you press them by grasping the top and bottom of the headset?

Standards Aren't Bad

Second, for some inexplicable reason, the Jawbone uses a completely non-standard power adapter. It has an elegant connector -- small, shaped to fit the Jawbone, and it attaches with magnets. It's a huge improvement from the very wacky, hard-to-fit adapter from the first Jawbone. But, why does it exist? Most small devices like this use a mini-USB connector and there is a new, smaller micro-USB connector standard. I have half a dozen devices in my house that all use a mini-USB connector. Why doesn't the Jawbone use a standard connector?

I could excuse it if they were trying to create a new standard -- perhaps a magnetically attached USB connector that others could use. But they're not -- their connector will never fit anything else because it is shaped to fit the headset. Sure, it's elegant. But, it's not elegant enough to override the pain of the extra cable. I have chargers for my cell phone at home, in my office, and in my car. But I have to carry the cable for the Jawbone around if I want to be able to charge it with me wherever I go. When I travel, I'll have to take an extra cable just to charge my Jawbone -- and, if I forget the cable, I'm screwed.

Documentation Isn't Bad

It's minor compared with the other problems, but the folded, white-on-black documentation, while gorgeous, is inadequate. How many volume levels are there? (Since the volume cycles only one way with a button press, you need to know this -- it's 5.) What is the funny sound I hear sometimes when I'm wondering around my house? (I think it's an out-of-range indicator.) How do I end a call? (Press the Talk button.) Is there anything else I need to know? How about a little table?

The Jawbone Isn't Bad

There are some other nits. For example, the LED indicator light, which lights in both red and white to indicate different things is underneath my finger when I'm pressing the Talk button. The LED lights up to confirm that 2 seconds has elapsed when I'm turning the Jawbone on or off, but I can't see it. Maybe I just have big fingers.

In the end, I still recommend the Jawbone Noise Assassin, but not by much (and I also recommend it over it's predecessor, the Noise Shield). It's a good headset, but it would be a home run if they fixed these flaws. For me, the advantages of their design, including the noise elimination, just barely outweigh these disadvantages.