When you hear of “Brute force attacks”, you can generally find flaws.
First off a brute force attack can EASILY be avoided by a correctly configured server or firewall.
If the server can’t raise an alert or throttle a brute force attack after say 5 wrong attempts it’s really badly configured.
With that in mind:
Companies who sell security products for example with:
- long password lengths
- choosing certain digits of a password (note they would have to store an unhashed password, which is dumb)
To offer better security by mitigating brute force attacks on the client side, are wrong.
Conclusion: Brute force attacks in most cases should be handled by extra logic in the server, not the user.
Steve Ives talk I didn’t like. I didn’t like the thought that “user experience” testing was a novel thing. Putting the UI process down on paper is really basic. I also didn’t like the fact he advertised Taptu had 15-odd technology patents. He suggested I go to Google patent search to find what they are. No thanks and after visiting their Web page I don’t see anything innovative about mobile ring tone search. I wonder what kind of money they spend on doing “user testing” in their “mobile lab”. Opensource feedback channels are a lot cheaper and more valuable…
For example how do I leave a quick comment on Taptu’s feedback page? It says I have to log in! PLEASE. With Webconverger people leave really valuable feedback on a form that doesn’t even require an email.
My big problem with user experience testing described by Taptu and Scott Weiss was the short term nature of it. Getting a group of people in to test unfamiliar applications on unfamiliar devices for their impressions is just so naive. As mentioned before the opensource community feedback model is so much further advanced by being ongoing.
Scott Weiss’s Motorola comments were also disturbing. Using Motorola as an example of what happens when you don’t do their form of user experience testing was poor taste. His reasoning regarding RAZR‘s fourth soft key (wtf?) for Motorola’s poor performance of late was ever so slightly far fetched!
UI design and testing is rather relative. My collegue reminded me how first impressions of the Iphone was. Not good! Iphone won my respect over time. Another friend said to me how highly skilled testing really is. User experience is not really about getting people off the street and video-ing them.
Bryan Rieger’s talk on saving bytes by talking to your developers was better. But still a little misguided. Designers should know the limitations of CSS etc. on their target platforms like Iphone without “romancing” engineers. Bryan’s talk of a “less bytes” approach with say composite images was good, however he went too far by suggesting to generate graphics on the fly. Yes, that’s less bytes, but that’s very inflexible when you need a designer to change a graphic. Plus, most importantly, generating graphics from code doesn’t work on the most pervasive application platform on mobiles. The Web!
So uncharacteristically I didn’t ask any questions last mobile monday London UI because I thought I would just offend them if I spoke. To conclude I think their form of “corporate user testing” is far too expensive for the small company patent-free innovators. I don’t see how companies like Human factors can claim to have any “usability know-how”. Have you seen “Human factors” Web page? It’s overloaded! And the URL is laughable. If people are interested in usability and good UI design, check out useit and Edward Tufte.
- My sister has a problem with her Ubuntu installation, I recommended Ubuntu forums
- http://ubuntuforums.org/showthread.php?t=253801
- The answer isn’t really helpful
- Eventually I fix it myself. Problem was something muted one of the ALSA channels. Alsamixer to the rescue.
- So, I figure I should add my solution. So I login with my Ubuntu launchpad username and password
- You have entered an invalid username or password.
- Hmm, maybe I have the password down wrong. “Lost Password Recovery Form” and my email address…
- You have not entered an email address that we recognise. Please try again or contact the administrator.
- Ok, I’ll contact the administrator… oops “You are not logged in or you do not have permission to access this page.”
- Damn, guess I have to open another account. 144 accounts and counting so far, I guess there is room for another. So register…
- Forum Rules in a little textarea. Too long…
- I’ve wasted enough time already. Bye.
So Mozilla went from stupid popups to hidden headers in pages, which people ignore as they expect it to be a popup warning.
Sigh.
I hate having to restart Firefox after updating an extension. If it kept the state of all my open tabs like Opera does, then OK, maybe.
This update system scares me a little. Surely it undermines the Debian package system?