The web looks very different today than it did 10 years ago.
Back in 1994, Yahoo had only just launched, most websites were text-based and Amazon, Google and eBay had yet to appear.
But, says usability guru Dr Jakob Nielsen, some things have stayed constant in that decade, namely the principles of what makes a site easy to use.
Dr Nielsen has looked back at a decade of work on usability and considered whether the 34 core guidelines drawn up back then are relevant to the web of today.
"Roughly 80% of the things we found 10 years ago are still an issue today," he said.
"Some have gone away because users have changed and 10% have changed because technology has changed."
Sites for sore eyes
Some design crimes, such as splash screens that get between a user and the site they are trying to visit, and web designers indulging their artistic urges have almost disappeared, said Dr Nielsen.
"But there's great stability on usability concerns," he told the BBC News website.
Dr Nielsen said the basic principles of usability, centring on ease of use and clear thinking about a site's total design, were as important as ever.
"It's necessary to be aware of these things as issues because they remain as such," he said.
They are still important because the net has not changed as much as people thought it would.
"A lot of people thought that design and usability was only a temporary problem because broadband was taking off," he said. "But there are a very small number of cases where usability issues go away because you have broadband."
Design decision
Dr Nielsen said the success of sites such as Google, Amazon, eBay and Yahoo showed that close attention to design and user needs was important.
"Those four sites are extremely profitable and extremely successful," said Dr Nielsen, adding that they have largely defined commercial success on the net.
"All are based on user empowerment and make it easy for people to do things on the internet," he said.
"They are making simple but powerful tools available to the user.
"None of them have a fancy or glamorous look," he added, declaring himself surprised that these sites have not been more widely copied.
In the future, Dr Nielsen believes that search engines will play an even bigger part in helping people get to grips with the huge amount of information online.
"They are becoming like the operating system to the internet," he said.
But, he said, the fact that they are useful now does not mean that they could not do better.
Currently, he said, search sites did not do a very good job of describing the information that they return in response to queries. Often people had to look at a website just to judge whether it was useful or not.
Tools that watch the behaviour of people on websites to see what they actually find useful could also help refine results.
Research by Dr Nielsen shows that people are getting more sophisticated in their use of search engines.
The latest statistics on how many words people use on search engines shows that, on average, they use 2.2 terms. In 1994 only 1.3 words were used.
"I think it's amazing that we have seen a doubling in a 10-year period of those search terms," said Dr Nielsen.
Tuesday 29 May 2007
Email Validation Spec
The Internet Engineering Task Force (IETF) has adopted a vendor-developed specification designed to detect e-mail with bogus header information. The technology could help reduce spam and phishing attacks that clog Internet traffic.
Yahoo was the initial developer of the spec, called DomainKeys Identified Mail (DKIM), but other participants joined the effort, including Cisco, Sendmail and PGP Corporation for later revisions.
The hope is that the specification could succeed where other efforts have failed. It puts validation of both the sender and receiver at the domain level. Phishing almost always involves faking an address of a legitimate site, such as a bank or e-commerce sites like eBay and PayPal.
The spec will require a key for domains, but DKIM will distribute keys to any domain requesting one. Each domain has its own private and public keys. E-mail messages are signed with the private key and sent with the public key, which is embedded in the letter's header. The receiver then validates with the public key, and this tells the receiver that only someone with a valid private key could have originated the letter.
If the signature doesn't pass validation, the receiver has their choice of how to handle the letter. The DKIM spec doesn't dictate how to handle invalid letters. Most ISPs will likely label the letter junk mail although they have the right to block it.
Dave Crocker, principal consultant and founder of Brandenberg InternetWorking, is also involved in developing the spec and has decades of experience in working with e-mail systems. He said DKIM will be far more effective than the current method of IP filtering.
"IP addresses are a problem because they are associated with a machine rather than an organization or a person. Because they change, and they can be faked for all sorts of usage," he told internetnews.com.
One of the goals of DKIM is to create something easier to administer. A domain name is good for that, better than having it done on the individual clients. By having the server handle signing and validation, changes and updates are done on a few servers rather than every client computer.
However, that leaves DKIM open to a weakness. Crocker said it won't necessarily help defeat botnets (define), compromised computers with hidden software that pumps out spam unbeknownst to the computer's owner. Botnets are the primary source of spam on the Internet.
Because the client doesn't do the signing, the sending server does, DKIM has no way of knowing if an e-mail originated from the user's e-mail client or from a botnet program spitting out spam. And even if the good guys find a barrier, the bad guys find a way around it.
"DKIM is not about stopping botnets. It's about verifying that a message really involves whoever it says it involves. There's certainly an expectation it will be helpful against phishing because it allows you to start building for a basis for trust," he said.
It would also help that both sender and receiver are using DKIM. Moviola.com, a film equipment rental company in New York and Los Angeles, is one of the first companies to sign up for the service since its mail provider was involved in testing the specification, so it really isn't seeing benefits yet, said Shawn Silvas, system administrator with the company.
But he expects to. "It's going to change the nature of who's spamming," he said. "Hopefully it will help get rid of the spam, like zombies, but it won't help with business spam from legitimate companies like JC Penny. But if it can help reduce Viagra and stock spam, that will be nice."
Silvas said he doesn't care much for the existing spam blocking methods, such as IP black listing, because IP addresses can change on a DHCP network.
"Just because an IP has sent out spam in the past isn't always bad, and just because it's flagged as good doesn't mean I want it. That really hits hard on small businesses whose e-mail is legit because if they are on a DHCP connection, they could get blocked," he said.
The DKIM spec has been fully approved by the IETF and published as an RFC, so people can start deploying it now. Crocker maintains a list on his home page, which at this point is rather modest. He expects it to grow.
Yahoo was the initial developer of the spec, called DomainKeys Identified Mail (DKIM), but other participants joined the effort, including Cisco, Sendmail and PGP Corporation for later revisions.
The hope is that the specification could succeed where other efforts have failed. It puts validation of both the sender and receiver at the domain level. Phishing almost always involves faking an address of a legitimate site, such as a bank or e-commerce sites like eBay and PayPal.
The spec will require a key for domains, but DKIM will distribute keys to any domain requesting one. Each domain has its own private and public keys. E-mail messages are signed with the private key and sent with the public key, which is embedded in the letter's header. The receiver then validates with the public key, and this tells the receiver that only someone with a valid private key could have originated the letter.
If the signature doesn't pass validation, the receiver has their choice of how to handle the letter. The DKIM spec doesn't dictate how to handle invalid letters. Most ISPs will likely label the letter junk mail although they have the right to block it.
Dave Crocker, principal consultant and founder of Brandenberg InternetWorking, is also involved in developing the spec and has decades of experience in working with e-mail systems. He said DKIM will be far more effective than the current method of IP filtering.
"IP addresses are a problem because they are associated with a machine rather than an organization or a person. Because they change, and they can be faked for all sorts of usage," he told internetnews.com.
One of the goals of DKIM is to create something easier to administer. A domain name is good for that, better than having it done on the individual clients. By having the server handle signing and validation, changes and updates are done on a few servers rather than every client computer.
However, that leaves DKIM open to a weakness. Crocker said it won't necessarily help defeat botnets (define), compromised computers with hidden software that pumps out spam unbeknownst to the computer's owner. Botnets are the primary source of spam on the Internet.
Because the client doesn't do the signing, the sending server does, DKIM has no way of knowing if an e-mail originated from the user's e-mail client or from a botnet program spitting out spam. And even if the good guys find a barrier, the bad guys find a way around it.
"DKIM is not about stopping botnets. It's about verifying that a message really involves whoever it says it involves. There's certainly an expectation it will be helpful against phishing because it allows you to start building for a basis for trust," he said.
It would also help that both sender and receiver are using DKIM. Moviola.com, a film equipment rental company in New York and Los Angeles, is one of the first companies to sign up for the service since its mail provider was involved in testing the specification, so it really isn't seeing benefits yet, said Shawn Silvas, system administrator with the company.
But he expects to. "It's going to change the nature of who's spamming," he said. "Hopefully it will help get rid of the spam, like zombies, but it won't help with business spam from legitimate companies like JC Penny. But if it can help reduce Viagra and stock spam, that will be nice."
Silvas said he doesn't care much for the existing spam blocking methods, such as IP black listing, because IP addresses can change on a DHCP network.
"Just because an IP has sent out spam in the past isn't always bad, and just because it's flagged as good doesn't mean I want it. That really hits hard on small businesses whose e-mail is legit because if they are on a DHCP connection, they could get blocked," he said.
The DKIM spec has been fully approved by the IETF and published as an RFC, so people can start deploying it now. Crocker maintains a list on his home page, which at this point is rather modest. He expects it to grow.
Consumer Database Fraud
Cable & Wireless has served an injunction against a former executive following the theft of a 100,000 customer database, the BBC has learned. The injunction orders Seemab Zafar to hand over any part of the database of former subsidiary Bulldog, including names, addresses and financial details.
Ms Zafar, from London, denies that she holds any part of the database.
A BBC investigation has established that the database had been illegally used by call centres in Pakistan.
The call centres tricked customers into handing over credit card details.
One victim of the scam, Gareth Thomas, has subsequently been defrauded on his bank and credit cards, and had his identity cloned on the internet pay system Paypal.
Other victims complained of being relentlessly called by call centres in South East Asia, who won't reveal their identity nor what personal information they hold.
The High Court injunction was brought by Cable & Wireless because it owned internet services provider Bulldog at the time the database was taken.
Read more at BBC online.
Ms Zafar, from London, denies that she holds any part of the database.
A BBC investigation has established that the database had been illegally used by call centres in Pakistan.
The call centres tricked customers into handing over credit card details.
One victim of the scam, Gareth Thomas, has subsequently been defrauded on his bank and credit cards, and had his identity cloned on the internet pay system Paypal.
Other victims complained of being relentlessly called by call centres in South East Asia, who won't reveal their identity nor what personal information they hold.
The High Court injunction was brought by Cable & Wireless because it owned internet services provider Bulldog at the time the database was taken.
Read more at BBC online.
Less Clumsy Robots
The race to create more human-like robots stepped up a gear this week as scientists in Spain set about building an artificial cerebellum. The end-game of the two-year project is to implant the man-made cerebellum in a robot to make movements and interaction with humans more natural.
The cerebellum is the part of the brain that controls motor functions.
Researchers hope that the work might also yield clues to treat cognitive diseases such as Parkinson's.
The research, being undertaken at the Department of Architecture and Computing Technology at the University of Granada, is part of a wider European project dubbed Sensopac.
Read more at BBC online.
The cerebellum is the part of the brain that controls motor functions.
Researchers hope that the work might also yield clues to treat cognitive diseases such as Parkinson's.
The research, being undertaken at the Department of Architecture and Computing Technology at the University of Granada, is part of a wider European project dubbed Sensopac.
Read more at BBC online.
Subscribe to:
Posts (Atom)