Buhjillions

NatWest, my bank here in good ole England has seen fit to beef up security for some aspects of internet banking by moving to Strong Authentication.  Unfortunately, they haven’t seemed to have done the PR on this move as well as hoped.  Most of the reaction I’ve read on the net so far has been people annoyed.

Strong Authentication, or multi-factor authentication is considered by researchers to be significantly more secure than using a single factor.  A factor in this case is something that identifies a person, and factors are usually classified into 1) things a person knows, like a password or PIN, 2) things a person has such as a bankcard or keyfob built for this purpose, and 3) things a person is or does, like a retinal scan or fingerprint.  So online banking, which only required the user to enter in username/password combo relied on a single factor, whereas the ATM uses strong authentication since the user is required to have their bankcard and know their pin.

So NatWest (and I guess other RBS banks?) are sending that ATM-style authentication home to users by sending each a small calculator-like card reader for use with their bankcard.  It works pretty much exactly like the card readers in the grocery store, except that they give you a code online to enter in reader, and then the reader gives you a code to enter online.  I, for one am pleasantly geeked-out to use it, and glad to see that NatWest is taking the security of online banking seriously by putting so much money and effort into getting it out to users.

I don’t think they’ve done a particularly good job so far of allaying people’s concerns.  Lots of comments on blog posts are bemoaning the fact that they’ll have to carry the damn thing around with them—no, you wont.  You’ll only need it to make a payment to someone online if you’ve never made a payment to them before.  The readers are also entirely identical, meaning you can borrow your cubemate’s reader if he has his at work and you keep yours at home.  But I’ve heard rumors that the big reason NatWest is beefing up security is because they’ll be cutting down the delay between making a payment and the recipient getting credited.  It’s now about 3 working days, and apparently the plan is to make it happen in seconds.  If true, that’s a really important new feature that NatWest could use as a way to introduce the readers:  “We’re working faster to process your payments, but also means that we need to increase security.”

Finally, since the reader is just a standard thing (even readers from other banks will apparently work), I’m hoping either they’ll release software that works with laptop smartcard readers, or someone hacks it together.  The security is in the microchip on the card, so putting the reader as widely available as possible shouldn’t undermine the system.

It’s hard to come up with a decent name for your web startup. Believe me, we spent ages brainstorming, arguing, deciding everything we brainstormed was crap, and brainstorming some more before we came up with a name for the web startup that I was very briefly involved in. Whatever name we ended up with must have been underwhelming because I can’t actually remember it sitting here in front of my computer 3 years later.

Even the big boys—who can pay slickery consultants to sit in a room and pontificate on made-up words that will jive with whatever freaky internet talk them kids are sending down the tubes these days—come up with ridiculous names for services and websites. Please allow me to Joost up my Hulu-craft and so that we may partake in a Qoop down the Jaiku.

In a world where every English word is already registered on the .com top-level domain, the makers of Xobni can be forgiven for spelling “inbox” backward and calling it a day.

If you use Microsoft Outlook (2003/2007) for your email, then Xobni (even in its currently beta incarnation) is definitely worth a look. At its core, Xobni is an email-search tool, but it is decidedly different in its approach than what you’d get with Google Desktop or Windows Search. Xobni’s interface is people-centric. I don’t mean this in a dopey television ad way; Xobni’s interface is primarily organized to show you helpful information about the people you email. When you preview a message in Outlook, Xobni’s vertical panel shows you information about the sender, along with the most recent conversations you’ve had, and every file you’ve sent or received from that person. It automatically parses telephone numbers from mail, so you don’t have to go hunting, although this feature doesn’t always find them, in my limited experience so far.

It does take up quite a bit of screen real estate, and I feel like my preview pane is now slightly too narrow, but it does pack a bunch useful stuff into the small space. My geeky, data-visualization-loving side can’t help but appreciate the histogram of the sender’s emailing habits by hour of day, but I can’t yet to claim I’ve actually found this to be useful. One day!

OK, so I’ve blogged previously about how much email at Oxford sucks. But, as I alluded to, and as commented by our friendly neighborhood Oxford-IT-guy (thanks for reading, BTW), Oxford University Computing Services has a plan! The call it the Groupware for the University Project, or just groupware. Groupware is software designed to help groups collaborate. It’s been around forever, even though the name is new; and I guarantee that you’ve used it.

Email was the original groupware. It was the first “killer app” for the internet, and the vast majority of traffic on the early ‘net was email. Groups of researchers used it communicate in those early days, and today it is as mainstream as chocolate pudding. Usenet came next, in the 80s. It was a kind of discussion forum arranged around categories called newsgroups. Although it is still in use today, it has largely been supplanted by newer developments like web-based forums. The point is that lots of software is groupware: instant messanging, wikis, etc. So we all use different types of groupware for different purposes or for different groups. Other than email, there has been no University-wide attempt to give everyone a common set of groupware applications.

OUCS plans to begin deployment, according to the project page, in June of this year. However, the user requirements document was finalized in February, so we already have a pretty good “high level” idea of what the University hopes to accomplish. Even though the document breaks up requirements into 8 “components,” from a user’s perspective, there are 5 main applications:

1. Email
2. Calendaring and Resource Booking
3. Contact List
4. Shared Data Repository
5. Interface to Student Information System (SIS)

(The other 3 requirements components cover all the applications and are: encryption support, remote web access, and mobile access.)

Email is pretty self-explanatory, but there are a couple requirements worth noting:

• webmail needs to support a range of functions “typical of leading/common current webmail clients.”
• must have the ability to synchronize with mobile clients (e.g. syncML, Blackberry, ActiveSync)
• support for shared mail folders

The last one is particularly important for on-campus student groups, who often want to have an email inbox for the group which can be monitored by all the officers.

Calendaring is the ability to keep and manage one or more calendars which are stored on the server and accessible from either the web interface, a mobile device, or a desktop calendar client (iCal, Outlook, etc.). This becomes groupware when you have the ability to share your calendar with people or groups to aid in scheduling. Unfortunately, there isn’t a requirement to be able to schedule meetings with a visual representation of people’s Free/Busy information (generated from their calendar, if they choose to share it). This is one of my favorite features of using a system like MS Exchange Server. Let’s hope whatever we get has this feature anyway. Resource booking means being able to see when resources, like rooms or projectors, are unscheduled, and the ability to reserve them from the groupware. That’ll save a lot of time in trying to book tutorials.

The contact list is just like it sounds—an address book. They’ve included some much needed requirements that it is straightforward to import and export from the contact list. They’ve also mandated that the groupware interact with something called the Core User Directory, which I can only assume is the central University Admin’s database of all the people at Oxford. This should hopefully mean you can find contact information for people who are members of the University very easily.

The Shared Data Repository is a fancy name for a place to upload files you want to share with people or groups. Notably, though, it is required to have version control (yes!), be searchable, be cross-platform, and have directory-level access control.

The interface to the Student Information System is an integration requirement with Oxford’s existing system. The SIS is where students can look up administrative information about their status and update their contact information with the University (among other things).

I appreciate that OUCS has been careful to include requirements about platform-agnosticism: there would otherwise be the potential of many a Linux user being left out in the cold. The requirement that all groupware functionality be fully available via the web, securely, from any internet connection is a bold one, and I’ll be interested to see what software vendors come up with. I’m also pleased that at least for the email and calendaring they’ve explicitly listed mobile access as a requirement. It would be nice to see for the contact list as well, but there is a requirement about the groupware being compatible with 3rd party interfaces like Intellisync, so I’m hopeful this one will also end up being in the final implementation. I’d also liked to have seen a standards-based (i.e. Jabber) instant messaging system. I know that everyone already has their own favorite IM service/client, but the integration with the user database would make it much easier to find and make contact with people.

I have one final complaint: no wikis?

I’ll end by noting that I’m on the email list for the User Consultative Group, and we’ve just been having a discussion about “use cases” to send to software vendors.  So, I remain somewhat skeptical about them having a solution shortlisted and then chosen by June. My guess is that implementation is delayed until late summer at the earliest—but this is Hofstadter’s Law-style pessimism, so take it with a grain of salt.

Sure, email is an easy way to send important information out to a large number of people. It’s almost too easy, and many people’s definition of “important” borders on ridiculous. The marginal cost in computing resources and effort to reach additional people is so tiny, it can be neglected in any reasonably sized organization. In many cases, targeting a specific subset of an organization is significantly harder than blasting everyone. For this reason (among several others) everyone gets too much email in the sense that the majority of it is either straight up spam, “important” information that we’re not interested in, or poorly targeted emails which don’t apply to us. I get tons of the latter at The Department, “To all Post-doctoral Research Staff,” (I’m a grad student; you’d think they’d have separate lists).

It’s easy to get overzealous in clearing your inbox when you come back from an afternoon away from your desk. I’m very good about reading my email, but enough is enough. Anything with that stupid red exclamation point or the capitalized words IMPORTANT or PLEASE READ in the subject line is on its way to the Deleted Items folder faster than my average ping to icanhascheezburger.com. There are people who let emails sit unread and undeleted in their inbox for days, nay weeks. Which brings me, finally to my thesis:

You can’t depend on email to convey critical information, especially if it is time sensitive.

Yes, email is easy. Yes, finding other ways of communicating with your fellow humans feels so 1989. But email is a congested medium and people find that a lot of it just wastes their time. Don’t blame your users for this! The solution is not to tell them they need to pay more attention to their email. The solution is for you to pay more attention to them. Take a multi-pronged approach which is appropriate to your organization. Are there noticeboards? Information screens? Put notes in people’s mailboxes, or post extremely critical information on the door as they walk in. Like this guy:

This, on the door to our office, got my attention. They were going to shut down the power the next day–would I have seen the email in time? Maybe. Would I have realized it meant me before deleting it? Maybe. Alan in building services, well done.

Sometimes low-tech is better than high-tech.

Just over a week ago, I read a column from the ineffable Cory Doctorow in InformationWeek rightly blasting Facebook for (among other things) the way it notifies you about messages from others:

The clue is in the steady stream of emails you get from Facebook: “So-and-so has sent you a message.” Yeah, what is it? Facebook isn’t telling — you have to visit Facebook to find out, generate a banner impression, and read and write your messages using the halt-and-lame Facebook interface — Cory Doctorow

It seems Facebook might have heard him loud and clear. This morning, I noticed a subtle, but important change in the email I got regarding a wall post to my profile. It contained, in addition to the link to the site, the full text of the wall post! It didn’t even register at first–my mind filed it away in the “email from friend” category, and I automatically clicked Reply. When the reply window popped up, it was automatically addressed, not to Facebook, but to the honest-to-goodness email address of the friend who posted on my wall!

For years I too have found the Facebook messaging system slow and obnoxious, but it seems Facebook has finally relented and made it straightforward to go from their closed-off system to the familiar, comfy, and ubiquitous system of straight-up email. Can’t say for sure if it works for messages as well as wall posts, but it made my morning, anyway.

One of my favorite things to show people on my computer these days is a great piece of software called Enso, made by a small company called Humanized, Inc. I started using it about 6 weeks ago and I have not clicked the Start button since. It is quite possibly the best invention in human-computer interaction since high-quality internet search became a reality. It’s also proof positive that Windows users, like myself, have some hope of redemption when we get all jealous of the slick Mac OS X interface improvements—just don’t expect it to come from Redmont.

Enso is a fast, simple, and powerful alternative to the basic interactions you have with your computer: things like opening applications, switching windows, and saving shortcuts or bookmarks. Basically, Enso hangs out in the background until you press the <Caps Lock> key, at which point it snaps to attention for you to begin typing a command. Want to open a program? Photoshop, for example: just type open photoshop. Enso scans through all the items on your start menu as you type and finds anything that matches “photoshop.” The most likely candidate is displayed on top, with alternates listed below. To execute the command, just release the <Caps Lock> key. Brilliant! To hear it described doesn’t do justice to how much faster and easier this system is compared with trolling the start menu, trying to find the folder, then subfolder your shortcut is likely to be in.

But Enso’s usefulness doesn’t stop there. It acts as a kind of universal bookmark/shortcut system, which harnesses your ability to remember language to allow you to access a whole array of items by assigning them names. Highlighting anything—a file, a folder, a program, or a URL—and running the Enso command learn as open <name> stores a link to the object, which can be reached at any future time as open <name>. Common folders, web pages, and files are now only a few keystrokes away, all filed away neatly in my brain by associating them with words. I can certainly remember a lot more of those than I can <Ctrl>+<Alt>+<letter> -style shortcuts. And the most convenient thing is that it works seamlessly with websites: open rss brings up a Firefox Tab with Google Reader, while open quanta takes me directly to my tumblog.

The whole thing reminds me of how computer-sciencey people bemoan the death of the command-line interface (CLI) in favor of the windows, icons, menus, popups (WIMP) interface that form the core interactions on Windows, Macs, and most Linux machines. Yes, the WIMP interface is less intimidating and easier to learn, but it lacks the power of the command-line: you could string together complex commands, piping the output of one program to the input of another, allowing you to put together surprisingly powerful data manipulation commands in one go. Enso, and the paradigm it introduces (or reintroduces) seem to me the first steps toward reclaiming some of that power, while maintaining the approachability and information richness of a graphical interface.

I could go on about other useful commands, like the ability to highlight a word or phrase and issue the command youtube to get search results on youtube.com, or the ability to insert beautiful TeX equations just about anywhere—but seriously, what are you waiting for? Go download the 30 day evaluation version. Now.