Recent Posts

• SOUPS 2010: A short report
• Trust research
• Four years of usable security research at SOUPS
• Strangely, I feel vindicated
• Busy
• Good-bye Smaug
• Graphics Interface 2010 wrap-up: Lessons learned
• Images will be down this weekend
• CapCHI meeting this evening
• Phishing and Cory Doctorow

Topics

• Uncategorized
• Accessibility
• Awareness
• Birding
• Blogs
• Book
• Canada
• CapCHI
• Categorisation
• CfP
• CMC
• Collaboration
• Collaborative writing
• Colour
• Computer-based learning
• Conference
• Crafts
• CRC
• CSCW
• CSCW06
• Databases
• Design
• Dogs
• Emotions
• Ethics
• Experimental design
• Expertise
• Francais
• Free Stuff
• Future work
• Games
• Gender issues
• GI2010
• Graduate studies
• Haptic
• Hardware
• HCI
• Human factors
• Input devices
• Jobs
• Journal
• Lighthearted Diversions
• Linux
• Mobility
• My Blog
• My Web Site
• Network Security
• Neuroscience
• Open Source
• Ottawa Usability Consortium
• Personal
• Photoshop
• Portables
• Presentations
• Programming
• Project Collaborative Data Analysis
• Project Collaborative Gamers
• Project Smartphone
• Project social networks
• Project Tags
• Project TellTable
• Project Ubicomp
• Project VR
• Psychology
• Random musings
• Research Papers
• Research study
• Review
• Science reporting
• Search engines
• Security
• Sensors
• Smartphone
• Social Software
• Software
• Sound
• SOUPS
• Spams and Scams
• Statistics
• Symposium
• Tags
• Teaching
• Tips
• Travel
• Trust
• Tutorials
• Ubiquitous Computing
• Unclassifiable comments
• usability
• User Interface
• Videoconference
• virtual reality
• Visual information
• Weather
• Web
• Wikis
• wordpress
• Workshop
• World Usability Day
• Writing

SOUPS 2010: A short report

By sylvie on July 19, 2010

And so I’m back, though not from outer space; from Redmond, Washington, where I was attending the annual Symposium On Usable Privacy and Security.

This year’s SOUPS was held on the Microsoft campus itself, or at least one of them in the Seattle area (so I’ve been told). And it really is a campus, just like a university campus, with a huge number of buildings regrouped in the same area of Bellevue/Redmond. Apparently, the building we were at was where they work on the XBox. Or maybe it was next to the buildings where they work on that project. At least, that’s what the taxi driver told me. I wouldn’t be surprised, as there was a guy testing the Xbox 360 Knect system (unfortunately, I was never able to get myself organized enough to become a participant). One nice thing about the building where we were was the large cafeteria, with a variety of food outlets where we could get lunch without leaving the campus. The Post-it wizard in Figure 1 was in one of the buildings right next to where the conference was.

Fig. 1. Eight-bit wizard made from Post-it notes. Somebody at Microsoft has a lot of patience

Wednesday was workshop day, and although I hadn’t signed up in advance, I ended up attending the Usable Security Experiment Reports (USER) Workshop, organized by Sonia Chiasson and Robert Biddle of Carleton University. This turned out to be of value to me as the workshop was all about the various experimental procedures that are used in usable security and their advantages and disadvantages. Some of the issues mentioned are typical of all research (e.g., laboratory experiments have low ecological validity), but most were specific to usable security (e.g., the difficulties associated with observing secure behaviour in the field). One lesson that I took away from the workshop was the fact that security is a secondary task and that people’s primary task is something else: I have to log in (secondary task) to the website so that I can access my email (primary task); I have to set up a secure wireless home system (secondary task) so that I can securily connect my laptop to the internet (secondary task) so that I can look at YouTube videos (primary task).

I also learned that some researchers are using Amazon’s Mechanical Turk as a source of participants for certain types of research. I’ll have to go read the paper but I have the impression this approach works best for studies where you’re trying to recruit people to fill out questionnaires. It’s not perfect - the population using Mechanical Turk is not a reflection of the population at large - but unless you’re Statistics Canada (or a large corporation), you’re always going to get bias when recruiting participants. The important thing is to be aware of the bias and mention it in your research report. For a researcher in my situation, with access to a very limited participant pool unless I associate myself with an academic researcher, Mechanical Turk may be a good source for recruiting participants. My immediate plan is to sign up for it myself and test it out for a couple of weeks to see how it works.

The day ended with a barbecue.

Thursday morning was dedicated to authentication, with the first session being on passwords and accounts and the second on authentication for mobile devices. As there is already a lot of research going on in the area of authentication, I don’t think I’m going to select this as my primary research subject. Although, you never know, I’ve gotten into research areas I didn’t expect to just from knowing people. Anyway, I think I missed a good opportunity for a question. I should have brought along my World of Warcraft authenticator and asked people’s opinion about this kind of system.

In the afternoon, the first session was on privacy policies and the second session was a discussion session where people split up into various groups and talked about different subjects. As there wasn’t anything on trust, I joined the discussion on usable security and privacy for mobile devices.

That evening, we went on a dinner cruise.

Fig. 2. The Carleton Contingent at the prow of the cruise ship

Fig. 3. View from the cruise ship: Mount Rainier and a bridge

Friday morning’s first session was all about security policies, models and decision making. Lots of really fascinating research presented here, from the difference between the security of government and university sites versus corporate sites (such as Amazon) (surprise! the corporate sites require less secure passwords than government or university sites); to the mental models that people have about viruses and hackers (key takeaway: always explain why you want people to take security action X because if it doesn’t correspond to their mental model, they won’t do it); to how to help people set up a secure wireless home network (dear Ho, Truong & Dearman, please make your system available to everyone); to how to make people read your EULAs (surprise! use good visual design).

The second session was all over the place: the impact of sharing location feedback on mobile devices; using mobile devices to make parents feel more secure about their teenager’s whereabouts (this paper left me very skeptical, but mostly because I believe that technology is not the answer for this issue; other people feel differently); and a field study of real world ATM use (interesting study if only for the whole problem of observing people use ATMs without actually observing their pins or creeping people out).

In the afternoon there was a panel on crowdsourcing and cloud computing which was interesting. Unfortunately, a lot of people had already left so there wasn’t as much interaction from the audience as there should have been.

The day ended with an ice cream social and a short visit to one of the Microsoft usability research labs. If they were planning on making me jealous, it worked.

If you’re interested in seeing more photos from SOUPS 2010, there is my set at Flickr as well as Mary Ellen Zurko’s. Oh, and Mary Ellen has one of me in there. How embarrassing.

Updated 26 July
For another view of SOUPS 2010, there is Dana Chisnell’s report on the symposium. Like me, she was a first-time attendee. Unlike me, Dana is already familiar with the area of usable security, so her insights are interesting.

Tags: SOUPS2010, security, usability, privacy

Topics: Security, Symposium, SOUPS | 6 Comments »

Trust research

By sylvie on July 8, 2010

Did you know that there is a heckuva lot of research done in the area of internet security? I feel like someone who is new to the area of, say, CSCW. Research on groupware and on computer-supported collaborative work covers a wide area of research and it’s impossible for someone new to read it all. You need to specialize, pick one particular area and read on that, or you’ll spend the rest of your career just reading papers.

And so, for a variety of practical reasons, I’m concentrating on trust at the moment. There are basically two types of trust papers: computational trust and human trust. Computational trust attempts to model human trust and is conducted mostly by computer scientists. Human trust explores actual human trust behaviour and is conducted mostly by social scientists (psychologists, sociologists, marketing researchers, etc.). My colleagues here at the CRC are working on computational trust and good for them, but I just cannot do it. Well, I suppose I could, but really, it would take me forever to get to a point where I can understand and create models of trust, whereas they’re already doing an excellent job of it.

So I’m going to concentrate on human behaviour since my background is in psychology, and my subject of choice at the moment is the impact of trust in online retail.

By the way, if you’re aware of a seminal paper on this subject, I’d appreciate the pointer. Even by concentrating on this specific subject, I’ve still got a lot of papers to read through and I’d really like to be able to concentrate on the important stuff.

Topics: Trust | 2 Comments »

Four years of usable security research at SOUPS

By sylvie on June 22, 2010

With the change in my research area, I have also changed my annual conference. I usually attend CSCW, but this year I will be attending the Symposium on Usable Privacy and Security (SOUPS 2010), which will be held in Redmond next month.

One of the hardest things to do when you start doing research in a new area is figuring out what you should be working on. You need to find out (a) what people have been working on; (b) what the hot topics are at the moment; (c) what the future hot topics will probably be; and (d) what kind of work you can do, preferably from column (c). There are only two ways to do this: talk with other people who are working in the area and read what’s been published in the area.

Because I know practically nothing about usable security, I’ve decided to start off gently, by skimming all of the research papers that have been published at SOUPS from 2005 to 2009. This gives me an idea of the type of work that’s being done without having to read all of it.

The following is a first draft of the themes covered in the papers and posters presented at SOUPS from 2005 to 2009, so there may be some errors in how I’ve regrouped items and in how I’ve classified papers, but it should give you an idea of what people have been working on in the usable security area: SOUPS Research Categories (PDF file)

One thing that surprised me was the almost total absence of work on biometrics. Maybe there isn’t much you can do there, usability-wise? I don’t know. On the other hand, there is a lot of work going on in access control (who can read what where), in authentication (how to improve passwords and challenge questions), in privacy and website privacy policies, and in security (not surprisingly, since it’s a symposium on privacy and security).

As I said, it’s a first draft, so feel free to comment.

Tags: SOUPS, usable security

Topics: usability, Conference, Security, Trust, SOUPS | No Comments »

Strangely, I feel vindicated

By sylvie on June 15, 2010

One thing I was always grateful to my parents for was the fact that, in spite of the fact that I developed rhumatoid arthritis at only 11 years of age, they never treated me like a delicate flower in need of protection. They treated me as normally as possible and because of that, my illness was never central to my life. Of course, it helped that I had a mild case and so could pass for normally abled most of my life. In addition, my parents looked down on anyone who used their illness to elicit pity so I have always tended to not mention my arthritis to people.

When my left hip got worse a couple of years ago, I started using a cane to walk but I felt like a fraud, maybe because I could usually walk without a cane, though going up and down stairs hurt and became more and more of a problem. With time, though, I’ve found that it’s become harder and harder to walk for long periods of time. And still I felt like a fraud.
Over a year ago, I decided it was time to see if I could get a new hip. So I asked for an appointment with an orthopedist. This morning, I finally saw one at the Hull hospital. They took new x-rays of my hip and the doctor showed them to me. It was quite fascinating. Apparently, I have no cartilage left in the joint, and there are all sorts of deterioration in the hip area. Even though I knew already that my hip must be in pretty bad shape, having a doctor tell me in detail the problems made me feel as though I had been right all along to use a cane. How very strange.

We had a long conversation about the various hip replacement technologies, with the doctor listing the pros and cons of all the choices: plastic on metal, metal on metal, ceramic on ceramic, plastic on ceramic. The doctor suggested that my best bet was the ceramic on ceramic choice, as it is known that it can last up to 25 years. This means that I would be pain-free until 75. After that, I’ll probably end up in a wheelchair, but that’s okay.

So I signed up for the operation. There’s a 3 to 6 month wait, but I don’t mind. To be honest, I was convinced he was going to tell me I should wait another 10 years.

Topics: Personal | 1 Comment »

Busy

By sylvie on June 9, 2010

I’m working this week on various administrivia stuff. I have to collect some signatures to sign off on the technical paper that will bring an end to the virtual worlds project, and apparently I forgot to write my yearly report for 2009 (I blame Thom for not telling me to do it even though he’s retired ). I’ve been fighting with the new PDF form they’re using for the reports. I don’t know if it’s an error on their part or if it’s a Windows/Mac thing, but the text boxes in the form don’t wrap text, and it’s pretty hard to write down your accomplishments if you only have a single line to do it in.

I’ve written to someone to point this problem out (because that’s what an usability person should do), but in the meantime, I may just resort to the old form (which I think was in MS Word format).

I hope to finish all this this week and then get back to reading about usable security next week.

Appended

Just remembered that I also need to add a new program to my Mac for the security project. I need to find someone who will explain to me what it is I’m supposed to do.

Topics: Personal, CRC | No Comments »

Good-bye Smaug

By sylvie on June 6, 2010

I had never owned a big dog before we got Smaug and when we first got him almost 9 years ago, I was apprehensive about this new puppy. A big dog could easily bowl me over so if this puppy turned out to be difficult to control, I would be in trouble.

As it turned out, while Smaug was a high energy dog, he was also my dog, so there was never any problem. He would follow me around in the house. When I did the laundry, he would come downstairs with me and give me his ball. I would throw it around in between putting clothing into the washing machine. If I stayed up late to go on a WoW raid, he would sleep beside me. He usually slept on the floor next to my side of the bed.

Sadly, Smaug was a victim of bad genetics and had been born with severe hip displasia. While we could have had some surgery done on him in hopes of solving it, the cost was prohibitive to us and there was no guarantee that it would work, so we didn’t do it. In spite of his physical problems, he was a good dog, always in a good mood, rarely complaining about pain.

As a puppy, Smaug learned that Odin was the top dog in the house. And so, even though Odin weighs about 20 pounds when wet while Smaug would top off around 120-130 pounds, our big dog was always subservient to our small one. That was probably a good thing because if there was one thing that Smaug loved, it was food. He would snarf down anything and would steal Odin’s cookie if Odin happened to walk away from it. If Smaug had realized how big he was, poor Odin would never have been able to eat.
Smaug also loved playing ball. Every morning we would hand him his ball and every evening we would put it away (or he would have chewed on it all night long). In winter, we would play inside the house. As soon as the snow was gone, though, he would beg us to go out into the backyard to throw the ball for him. Although he would tire soon (because of his hips), he would soon be back at us, begging for another round.

This morning, when I put the dogs out, Smaug got excited and ran down the stairs. When I looked outside to see if there was an animal in the backyard, I saw that Smaug was walking on only three legs. He was keeping his right back leg off the ground. When I called them in, somehow this dog with the bad hips managed to somehow climb up a short flight of stairs on just three legs.

It was only 3 in the morning but I knew we’d have to go to the emergency vet. Smaug wasn’t complaining though, so I thought that his hip had just gotten out of its socket. Maybe the vet would be able to put it back in. So I didn’t wake up André. I let Smaug sleep upstairs and I stayed with him. When André finally woke up, around 6 and saw what had happened, he called the vet and we got an appointment immediately.

The vet took some x-rays of Smaug’s hips and his knee. The hips were in much worst shape than we had imagined but the problem was in his knee, most probably a snapped tendon. The vet told us quite frankly that while he could always do surgery on Smaug’s knee, because of his bad hips, there was a very real chance that our dog would just get the same problem in the other knee. The vet very gently suggested that perhaps it was best to put an end to Smaug’s suffering. After seeing the x-ray, I knew that it was the right thing to do, as did André. Not the easiest thing to do, though.

So we hugged our big boy goodbye. Although André wanted to leave before the vet gave Smaug the overdose, I wanted to stay. I thought it would be longer than it was, but it was almost instantaneous, for which I am grateful.

I’ve been crying all day. I miss him terribly and it will take some time to get used to the empty spot next to me.

Topics: Personal, Dogs | 6 Comments »

Graphics Interface 2010 wrap-up: Lessons learned

By sylvie on June 3, 2010

Well, it’s over; Graphics Interface 2010 that is, and I think that overall it was a successful conference. Yes, we had problems, small and large, but we managed to get through the conference with only a few technical hitches.

This was the first time I was co-chair of a conference, so I learned a lot of things, but the biggest lesson I learned was this one, which I will write in big letters because that’s how important it is:

BE PROACTIVE

When I was first invited last September to be co-chair of Graphics Interface 2010, I admit that I was completely surprised. First, because I had never heard of this Canadian conference (and I am truly embarrassed by that, although in my defense, I don’t really work on visualization issues). And secondly because I don’t work on visualization/graphics issues, so why ask me? Well, the HCI research community in Ottawa is very small, so it can be hard to find someone to do this kind of job, but someone I know recommended me (hi Lyn!), which is how I got on the short list of candidates.

Folks, don’t be afraid to volunteer for conference duty. It gets you known and people remember you as a potential volunteer for future conference work.

Now it turns out that being co-chair of GI is more like being the program chair on a larger conference like CHI. GI is part of a consortium of three conferences all held at the same time and there is an uber-committee that takes care of the boring details like making sure we have some place to present our conference, have money to do it, and other such important stuff. So my job consisted for the most part of making sure that we had papers and presenters: getting ads for the conference into the proper mailing lists, recruiting people for the programming committee, finding an invited speaker…

As this was the first time I was a (program) co-chair and I had never been part of a programming committee before, I really had no idea what I was doing.

Be Proactive

I must thank David Mould, my co-chair, for all the help and guidance he gave me during this period. I was constantly bombarding him with questions about what I should be doing and he was kind enough and patient enough to endure my emails.

One thing that I should have established with him from the start was a calendar of dates for things I should be doing. For example, I was late in starting to recruit people for the programming committee because I was expecting someone to tell me when to do that, instead of finding out myself when to do it.

Be Proactive

I also want to thank the HCI program committee members for volunteering for the job. I really appreciate their hard work at choosing the final papers that got into the conference.

Of course, PC members are also busy academics who have other deadlines, travel plans, and so on, which can have an impact on their availability to do the PC work. Don’t be afraid to send multiple emails as some can get lost in the shuffle (this happened a couple of times). I also had a problem with a couple of people misunderstanding or misreading some of the instructions. If you see that somebody isn’t doing something they should be, don’t be afraid to remind them or, if need be, do it for them (although this should probably be as a last recourse). I feel that this is where I failed the most.

However, in spite of these problems, we did manage to select quality papers and I am happy with the final result.

Be Proactive

Another place I was late was in starting to recruit an invited speaker. Again, my fault for not being more proactive about figuring out when I should be doing things.

I think I was very lucky to be able to recruit Catherine Plaisant from the University of Maryland. Catherine gave a very interesting talk on displaying temporal information. Thank you very much, Catherine, for that.

Be Proactive

Catherine almost didn’t show up in time because her flight was cancelled and she had to rebook a flight for the day of the conference itself. If I had been reading my email, I would have known this, but I was lazy on Sunday evening and didn’t check up on this. You’d think I’d want to make sure my speaker had arrived, wouldn’t you?

My only excuse is that we are in the midst of selling our house and we spent the Sunday evening (after I got back from the welcome cocktail) discussing houses we might buy.

Be Pro…No, wait, sometimes, there’s nothing you CAN do

If you follow my tweets, you’ll know that we had a series of technical mishaps during the conference: people couldn’t connect their computer to the projector; the projector lightbulb blew out; there wasn’t any food left during the first break. While we were able to come up with a solution for the connection failure (just transfer the slides to the in-cabinet computer) — and the connection was eventually fixed during the first break — there wasn’t much we could do about the lightbulb until somebody showed up with a new lightbulb. So we took an early break and when people came back into the room, the lightbulb had been fixed and we could continue.

So I guess the lesson here is “be flexible”.

As to the food, well, either the caterers or somebody in charge noticed the problem because after the first day, they kept some of the food wrapped up for later arrivals.

Be Kind, Rewind

Finally, I want to thank all of the other committee members, those in CHCCS and those in the uber-committee, for all their help in getting the conference organized; all our session chairs for helping shepherd the presenters so ably; WonSook Lee, our poster chair for her hard work in getting the posters organized; our presenters and poster authors, for making the conference worth going to; and of course everyone else who showed up for the conference.

And if I’m missing anyone, please consider yourself thanked as well

Topics: GI2010 | No Comments »

Archives

July 2010

S	M	T	W	T	F	S
« Jun
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

Mascot

Pingo is a happy camper

Twitter

Follow me on twitter as sylvien

Blogroll

My Bloglines blog roll

Meta

• Login
• WordPress
• Web Hosting Services

This blog is protected by dr Dave's Spam Karma 2: 57483 Spams eaten and counting...