Tonight was my last night teaching (maybe*). I started in 2006 teaching at the Art Institute of Las Vegas and after starting my Master’s program at UNLV, started teaching there as well. AILV was a much more practical approach, UNLV more theory and discussion. It’s had its up and downs, but in the end, it was a bit bittersweet.
The Things I Will Miss
Things I Won’t Miss
Anyway, I say maybe because there’s still a chance I might be returning for INF400 Web Security but not likely. So to those students who at least appeared eager that I would be back for one more round before UNLV shuts the doors on Informatics forever, I’m sorry I didn’t tell you but keep at it and don’t be afraid to email me if you have questions.
Following a tweet link from Smashing, I read a pretty good article by Shanshan Ma on UXmatters discussing the act of Flight Status checking on mobile devices. I’ve excerpted it below but couple of things.
First, interestingly, the article specifically asks for comments, yet (even when signed in) readers are never presented with a comment box. Frankly, I’dve just posted my comments there but now I feel compelled to write here.
Second, relative to the article itself … of all the sites presented, they all stink. The problem with Flight Status checkers is that fundamentally they all use similar methods, similar input tools, to acquire the data. What this means is that you get a screen with several selectors and several free-type inputs. Despite advances in the UI tools for both selectors and typing, they are still fundamentally difficult to use, particularly for situations that many users find themselves in when using these services (in my own case, I found myself driving in 6 inches of unexpected snow in NYC this October and trying to get a JetBlue status).
One of the nicest things about having been in the industry for so long is that I can reminisce and consider technologies that we don’t often see today but that may still have applicability. In this case I am referring to the “deck” principles used in HDML in early versions of phone browsers. The deck principle basically provided that multiple pages of data were transferred with each page call, reducing the number of times callbacks were required and increasing the individual interactivity by allowing data to be shuffled between “cards.” Couple that with good Ajax utilization, and you might have a pretty neat app.
For a good flight status checker to work, think in terms of the actual UI. In my own incident, I needed to not have to enter keyed data – just click and fire with easy-to-hit buttons and less on-screen information. What I propose is something more like this (and I apologize, I sketched this out real quick just now and sent it with my phone cam).
Here you get no more than a couple of selections per screen, always presented as click buttons. The beauty is that you can use Ajax effectively to pre-load all of the subsequent screens with minimal data transfer. For example, by coupling the Location Services data of the current location along with the user selections, you’d likely be able to guess the probable dates and flight numbers (no more than 3 days future, any given airport, within a 6 hour time window, the lookup is no more than about 40 flights).
Another problem I faced was that all of the interactions used POST, which means that it was impossible to go backward and still have the data intact (so I could modify one small bit and try again), forcing me to re-enter 6 fields of data each try. Using the hashtag approach, you’d also allow for backward and forward runs through the history.
Thinking through the user experience is part visualization, part interaction, and part data process and information architecture. Trying to remove any part of the puzzle leaves something to be desired in the final product. Flight status checkers are a great utilization of mobile web, but THINK the process, use it, determine what can be made better, and do it.
Continue Reading →
Nice…after many years of trying to get coding students to understand why one can’t directly access cross-domain resources and Web security students to understand its implications, the fourth IE10 Platform Preview features, amongst other things, support for CORS (cross-origin resource sharing). The full highlight list of HTML5-affected updates to IE can be found here but I am particularly gung-ho for the CORS and the video text captioning (which was always difficult in the past). It’s not that CORS wasn’t available in other browsers, particularly assisted by the including in the recent jQuery builds, but at least this sets the stage for better cross-browser compatibility in HTML5 applications.
Here’s a post on MSDN by Rob Mauceri with more details…
Having been in the industry for (eesh) 17 years+ now, I still remember (and regularly lecture on) the issue of bandwidth consumption and preservation and how poor performance is related to it. jQuery, which I love, is no pipe-hog by any stretch of the imagination, but it still comes with a bit of bloat attached in the form of methods you don’t need or use most of the time. Enter jquip, or jQuery-In-Parts, a stab at minimizing and modularizing the jQuery library. For more info and download, go to the jquip GitHub.
I’ll let you check out the rather extensive method and event list, but be assured that the things we really like about jQuery – the $(selector), the quick data methods, and several events for data handling – are all there. Plus there’s several plugins to tack on more methods and events without the total KB package jQuery sits on right now.
On the flip side, if we could just get everyone to DL the .js from the same source URL (such as //ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js) and reinforce caching, we wouldn’t have as much problem anyway.
[original article by Gerry McGovern, my commentary here]
Mobile is a platform. It is a tactic, not a strategy. What you need is a strategy for the connected customer.
If a Norwegian man is sitting on the toilet reading the news on his iPhone, is he mobile? Well, research indicates that one of the most favored places where Norwegian men use their phones is on the toilet. iPads are used a lot on the couch but the iPhone is more popular in bed.
Mobile is not necessarily mobile. It is flexible, convenient, fast, and private. Pictures of sexually transmitted diseases are often accessed through mobile devices. This could be because mobile is particularly favored by young people. It could also be because a phone is more private than a computer. A number of people might have access to the computer you use, for example.
I’ve read that mobiles will be used a lot this Christmas, particularly for last minute gifts. That implies that people using them may need advice on what to buy, because by definition they will not be buying for themselves.
“Desktop copywriting must be concise. Mobile copywriting must be even more concise,” Jakob Nielsen writes in his article ‘Mobile UX Sharpens Usability Guidelines.’ We need more than content reeducation according to Jakob. “The feature set should be much smaller for a mobile site than for a desktop site.”
However, the customer is not always in a hurry. Some people read more on their smart phones than they read on websites. So, one of the most important links any mobile website can have is a link back to the main website.
A major weakness of organizations is that they behave reactively rather than strategically. “We need a mobile app.” “We need to be on Twitter.” “We need more video.” “We need to blog.”
Web strategy is far more about psychology than technology, blogs, Twitter or any other forms of content. The more people use the Web to live their lives and do their jobs, the more web professionals need to invest in understanding human behavior. This is because the Web removes the human touch points, the opportunities to observe, the empathy zones.
Continue Reading →
So after a 7 month hiatus, a hard drive crash, and a job change, I’m finally getting back on blogging. I think…
I got a lot of new stuff to talk about – most of which revolves around my decision to leave iStreamPlanet after 10 years (and 3 weeks). My experience at iStream was incredible at the very least. From sitting on a milk crate in a tiny room with 2 other guys, trying to build solutions for clients who had no idea what DRM was, much less why they needed it, then 9 years later seeing the company get its first round of multi-million $ funding from Intel Development Corp.
In June I decided to join up with Reality Engineering, a small but stable software and content provider for dental patient education who’d moved their development operations to Las Vegas. The CEO, Lee Allen, is one part visionary, one part realist, one part salesman, and ten parts passion and it’s that passion that grabbed me. It hasn’t been all chocolate and roses, but in just five short months, we’ve managed to put together a fantastic team, get the new, streamlined version of the core product out the door, and get started implementing a scrum environment.
I’ll talk more about it in the next few months. I’m still teaching at UNLV and still doing a few freelance gigs (now that I’m in senior management, I didn’t want my skills to get rusty), but in the same time, Jen’s MadeByGirl and her new Cocoa & Hearts businesses have both taken off like a rocket, so I’ve had to spend a lot of time working on that too.
So obviously my blog has changed. Yea, part of the drive crash left me with a frustrated effort to rebuild both content and template so I decided to scrap all the teaching materials I used to have posted, refocus on the blog, and re-build a new theme. This one is a variation that uses concepts from Shaken Grid Lite but I suspect I’ll change quite a bit more of it over the next few weeks so it’s going to be a “UX-work-in-progress” for a bit.
So I’m back. Yea, I’m back. And I’m not so grumpy anymore.
It’s been a busy season and I’m just starting to catch up on things. Despite having left Art Institute to devote more time to school and teaching at UNLV (why, I’m not sure, but Dean Berghel has been extremely supportive).
Outside of the craziness that is iStreamPlanet with a couple of high profile gigs and a lot of cross-platform and mobile development, I’m focusing on doing more freelance work, particularly in the blog arena and WordPress as site development. With 10 jobs in the hopper right now, should be a good year. The biggest releases recently were Shop Cococozy and Cocoa & Hearts which are both off and running with a bang.
Congrats to the early-bird-exam-takers in my INF400 class who averaged over 90% on the final (last year, the average was below 82%) – nice job! Good luck to those taking it on the 9th.
Continue Reading →
[Original article by Jason Corns is a freelance web developer and full-time GUI developer for Systems Alliance, Inc., specializing in usability for all audiences.]
hough the methods used to gather website traffic statistics call into question the validity of the stats themselves, the fact is that some of your website’s visitors will have JavaScript disabled.
You could divide your traffic sources into four broad categories: search engines, mobile visitors, visitors using screen readersand visitors who have JavaScript turned off.
When planning your information architecture and design, you must figure out how to deal with these special groups.
I have assembled a few recent real-world scenarios to find clarity on the issue.
Continue Reading →
Original by Paul Boag (founder of UK design shop Headspace) for Smashing Magazine
Here’s a question for you: would you agree that creating a great user experience should be the primary aim of any Web designer? I know what your answer is… and youʼre wrong!
Okay, I admit that not all of you would have answered yes, but most probably did. Somehow, the majority of Web designers have come to believe that creating a great user experience is an end in itself. I think we are deceiving ourselves and doing a disservice to our clients at the same time.
The truth is that business objectives should trump users’ needs every time. Generating a return on investment is more important for a website than keeping users happy. Sounds horrendous, doesn’t it? Before you flame me in the comments, hear me out.
Continue Reading →
OK, maybe not really a true CMS but in working on this project, it was emphasized how important it was to make it simple. One of these days I’ll explain what it was for.
Update: having now left iStreamPlanet, I have no idea what ever happened to this. Originally it was supposed to be for live streaming of Sunday Night Football on iOS & Android via HTML5 but there were severe limitation imposed by the iOS in terms of playlists. We were working with DoubleClick to get through some of the problems (thanks to that team for some nice workarounds) but in the end, iOS prevents skipping to the next item in a live playlist unless the user causes a direct interaction (so no pseudo-actions via Javascript). Nonetheless, before the 4.3 update, it was working. Flawlessly.
This coming week I begin a series in INF400 Web Security on a group of attack vectors that work hand in hand – XSS, XSRF, hidden manipulation and parameter tampering (then following it up with SQL injection). It’s pretty easy to demonstrate all these but the tough part comes with explaining how the attacker looks at potential vulnerabilities when the student does not have much experience with HTML or Javascript.
Trying to make sure we get through all of the course material I figure I have just about 4 hours to do a fast script review and then demonstrate it. I’ve put together 4 short demos that will hopefully show how the four vectors get exposed, how the attacker finds the vulnerability and then exploits them – a simple forum post, a simple chat, an (online) shopping cart and a social network community wall. What do you think – any ideas on how to approach it the lecture(s) and get the most across?
By Francisco Inchauste on getfinch.com
Aspiring designers are failing. They are being let down by their schools and sometimes by our design community. In America,creativity is on a decline. The resources available online are massive; Quality content is hard to find.
“I’m eager to hire the next great class of designers, but to my dismay–and the dismay of many young hopefuls who’ve often spent many years and thousands of dollars preparing to enter the industry–I’m finding that the impressive academic credentials of most students don’t add up to the basic skills I require in a junior designer.” — Gadi Amit1
Continue Reading →
Image: The Disciplines of User Experience – Kicker Studio
reblogged from techi.com
Long long ago, in that distant, ancient era of the 2000’s, we heard unending chatter about this thing called ‘the semantic web’.
The semantic web was supposed to be like the holy grail of technology. At its heart, it was meant to do two things: to make all that impersonal data online accessible in regular, everyday language; and to make connections between that data in ways that aren’t always readily apparent.
There were a bunch of promising apps. Two of the biggest were Twine – which has since become evri – and Glue, which is now Getglue.
But now, those two semantic apps are social apps. And in 2011, talk of the semantic web has fizzled. Instead, these days, all the talk is about Facebook and, lately, Quora.
In teaching a class on Web Security (UNLV’s INF400 Special Topics in Informatics: Web Security), I spend a lot of time just trying to determine what topics I can cover. Despite a seemingly long semester – some 16 weeks – it is sometimes surprising how little one can actually cover in 40 hours of instruction.
It occurred to me in reviewing my notes from the time I taught it in the Spring (2010), that I ended up having to cover an inordinately large amount of basic background material. As I progressed through piecing the syllabus, I am finding myself looking for ways to streamline the ramping up process so we can get to the meat of it quicker.
For example, take the basic XSS (cross-site script) – just to even approach the topic, I have to consider that the student has a basic knowledge of the HTTP protocol (including headers, methods and responses), an understanding of browser comparatives (sandboxing and same-origin policy), a relatively good understanding of Javascript (and HTML for that matter), and willingness to spend time practicing and failing without getting frustrated. Or SQL injection the student needs a good understanding of the protocol, idempotency, RDBMS structures and the differences between engines, structured query language, and an understanding of the pass-through language (PHP, ASP, etc) along with how the forms interact and where lax validation and scrubbing might occur.
So I end up spending some 2-3 hours (which isn’t sufficient in the first place) just reaching the point that I can have a reasonable and engaging discussion about the dangers of XSS. And another 2-3 to do SQL injection. Add on top of that cross-site forgery, sidejacking, digital rights management, rogue CA, web server explots, caching breaches, DoS and DDoS, parameter polution and more, suddenly the 40 hours is gone very quickly.
I am also adamant that in a Web security course that students must have hands-on labs performing some hacking. In my experience, providing a platform for students to see and experience what a hacker eyes sees changes the perspective, giving them tools to think like the predator and seek better protection. Many of these students leave with a cognate in Cybersecurity (since UNLV’s now eliminated Informatics program is still an NSA Center for Academic Excellence – CAE – in cyber security).
My point is simply that there needs to be more. Students in any computer science, informatics, HCI, UX, web design, MIS or similar program should be required to take a course in Web Security and preferably more than one, simply because the material is so vast and quickly becoming more pronounced as the Web becomes increasingly part of the fabric of everyday life.
According to privacyrights.org chronology of data breaches, there were 342 million “records” breached from 2005-2009 alone. In 2010, another 167 million; this means 2010 had nearly 50% of the total breaches in the preceding 4 years – we’re almost reaching a geometric increase in such exploit. Of course this figure doesn’t include only records stolen through Web sources but as data becomes increasingly available and privacy only semi-transparent, it is sure to only add to this.
There is a prevailing need for more skilled workers with a good understanding of cyber- and web security, as much as the need for general public awareness. Just as computers and the Internet have become ubiquitous, so has the need for security in them.
I watched a TV documentary the other day about a professional soccer player. As well as his normal soccer training he mixed in training in other sports like boxing and yoga and I thought this sounded a bit odd. Why would somebody that earns his (considerable) daily bread playing soccer spend time learning and training in areas that are not directly related to his profession?
Well, it turns out that they are related in a round-about way. The athlete and his coaches went on to explain that training in other sports and physical activities, as well as regular soccer training keep certain parts of the brain active and stimulated, and this in turn improves soccer performance and prevents the brain and body slowing down.
This soccer player got me thinking about my own profession in design and made me analyse the way I deal with life as a designer. I mostly design for web these days and that can mean anything from interface design, banner advertising, as well as branding and logo design. It’s easy to drift into the same old routine for each project especially when work is coming in thick and fast — and when projects tend to overlap.
It turned out I wasn’t spending enough time “designing” away from a computer screen and out of the office. When I use the word “designing”, I don’t just mean putting together wireframes and pushing pixels in Photoshop — I mean actually gathering creative thoughts, images, videos and other forms of inspiration whilst living life.
As designers, we have an instinctive desire to collect things, from action figures to postcards to t-shirts and posters — it’s just something we do, right? Taking photos, recording videos, bookmarking web pages, ‘like’-ing and ‘favorite’-ing are all forms of collecting and it’s these things that shape us as designers.
Looking for inspiration can also be treated as a form of cross-training. Taking yourself away from your normal (daily) routine is a useful technique. Since my kids arrived a couple of years ago, we’ve found ourselves watching kids TV and movies as well as reading children’s books. Being exposed to these new forms of entertainment meant seeing a whole new world of animation and illustration and it was fun. Treating yourself to a show or a trip to the cinema to see something you wouldn’t normally watch can also be fun.
Read the entire post on Smashing Magazine
The article goes on to discuss learning new skills such as photography, sketching, and so on, and making sure you have the tools to use – a good DSLR camera (not a point-and-shoot or a smartphone job), sketch pads, a camcorder, a smartphone, etc. I would add one more to this – a PayPal account.
I’ve left teaching at Art Institute for the time being in order to get freelance work and everything else under control while I finish graduate school and decided it’s high time that (yea, yea, I’ve said before) I put more effort into posting articles. While I’m busting my head putting some together, I’ll be reposting some good finds (which is particularly easy at year-end when everyone is posting lists). So here we go…
This is a post from SixRevisions (always a good source) talking about questions you should ask when designing a web site.
We spend a lot of time asking ourselves, our clients and other people questions. Whether it’s choosing the perfect shade of green for our latest web layout or figuring out how to implement a complex typographical solution, the ability to ask the right questions is among the most critical of skills for a web designer. In this article, we’ll go over 60 specific questions that web professionals should ask before taking their website public.
Many professionals work with the aid of checklists, while others routinely check for certain issues as the design evolves. While there isn’t a sure-fire way to avoid the embarrassment of forgetting something post-launch, the habit of continually questioning your work as you develop a website is critical. Sometimes it can be as simple as “Does this work?”; in other cases, more technical questions need to be asked (and answered). (more…)
Not every HTML5 or CSS3 feature has widespread browser support, naturally. To compensate for this, enterprising developers have created a number of tools to let you use these technologies today, without leaving behind users who still live in the stone age.
The good news is that, except for Internet Explorer, you can create more semantic markup by using the new HTML5 elements — even in browsers which don’t officially support them. Just remember to set the correct display mode: block. The following snippet should reference all necessary elements:
article,aside,details,figcaption,figure,
footer,header,hgroup,menu,nav,section {
display: block;
}
The article goes on to detail HTML5 Shiv, Modernizr, Selectivizr and other great tools that you can use to move into HTML5 and CSS3. Enjoy!
The nature of what we do at iStream frequently calls for systems for internal staff and customers to be able to control content, but not in the traditional sense of things like textual, published data in the sense of a “traditional” CMS such as WordPress or CouchCMS. Instead, our focus is frequently on metadata and media-heavy asset management and event-based structures.
For this reason, my team spends a lot of time architecting, developing and designing custom content management systems. For example, say that you have a customer who needs a system to manage video assets from a conference where there might be multiple playlists comprised of several selected videos, published in multiple formats (ASX, XML, RSS, etc), publishable to unknown or indeterminate media players via syndication and time-manageable. This customer has a very specific need despite the flexibility that the CMS needs to handle.
Frequently developers lose focus of that need – delivering the content – and instead attempt to focus on the flexibility, which in most web shops tends to mean extending the scope into areas that don’t serve the client and increase the turnaround time. What a good project manager needs to bear in mind is that keeping the scope trim, while allowing for future scalability and extensibility, serves your customer and your developer team much better than trying to develop a CMS that does backflips. And it is the PM’s job to sell this to stakeholders. It does not mean that the end result has to be lusterless, devoid of a nice interface or polish. In fact, if anything, trimming the scope to the bare essentials accentuates the need to focus on the details.
I am, to be sure, a bit jaded as my team frequently works on heavily abbreviated schedules – one or two week turnaround times are more often than not the case. So we’ve become accustomed to looking for the streamlined data, reusable components and code, and simplified interfaces. We do back-end a lot with Ajax-to-Web Service exchanges, which is particularly eased with a framework like jQuery. The use of jQuery and the like also provides a step-ladder to support some nice tricks on the front end that give the final result enough polish to make the client smile.
Take for example this system. The client need was born out of the need to publish live event video to a standardized video player. There would be many events and many people using the system so we needed to be sensitive to the amount of data displayed and who was able to see certain things. The video type, because of the RIA player being used, needed to be able to be specified as one of several types, have associated stream metadata, and allow for a number of other content-rich objects such as multiple audio tracks, closed captions, markers, push starts (instruct the player to start at a point other than the first frame during VOD or DVR playback), etc.
The end result is what you see here. There are simply two screens (other than the login) – a dashboard that lists the “events” and an event edit screen. The interface uses a few jQuery UI tools (such as Accordion) to make it sleek and compact, but doesn’t go overboard.
Visual cues and large icons pinpoint missing data or action items, and data is validated on a per-field basis (and of course scrubbed at the SQL point). A single modal popup also provides confirmation of playback in the RIA player before publishing. The authentication system started as a simple “one-user-one-pass” system but was later retro-fitted with a multi-tier system of account-subaccount and admin-and-user privileges system that gives the administrator rights.
I personally use and evangelize using WordPress for a lot of things but for all its greatness, it has also started to become too complex for many people, and I find myself having to spend more and more time instructing clients how to use it rather than focusing on content generation. For MadeByGirl, we ended up producing a custom back-end because it was more specific to our need than packages could provide.
When beginning the process of determining how to manage content, whether it be basic textual content or something else, take the time to consider what will best serve the customer needs. Bigger is not always better, flashy is not always functional. Take care of the need, streamline the design, consider the human-computer interaction aspects and architect a usable system. The ultimate goal is to make the client happy and keep coming back to you (or even better, recommending you).
Courtesy of Shane Snow and Six RevisionsAn awesome and funny infographic, funny because it’s true. For any of my students (including the past ones who may or may not have heeded my advice) … take note and learn a server-side language (ummm, do I hear PHP or Perl or ASP.NET) and databases (SQL in general) and really get into your Javascript. It can make all the difference.
Experience “ū—”: The Last Distraction-Free Writing Environment You’ll Buy. Today.
