You are here

Windows

GUIs: Control, Conveyance, Continuity, and Context

Windows 8 Animated EvaluationI'm a sucker for basic principles distilled into pithy prescriptions.

A freelance writer, Brian Boyko, has distilled the basic features of graphical user interfaces (GUIs) into four principles: Control, Conveyance, Continuity, and Context. He uses them to structure a well-reasoned though shrill critique of Windows 8

I've just checked a few of my favorite usability resources (Don Norman, Alan Cooper's About Face, Ben Shneiderman), plus a bit of Googling, and I can't find a "recognized GUI authority" who reduces the problem to these four aspects.

Even so, I think Boyko has hit on something good. When I tried to distill a modern set of security-relevant design principles for my textbook, I had no concise statement about usable security that was backed up by extensive industry practice. In other words, there are accepted design principles for security, but not for usable security. There are a lot of principles that outline what's nice to have, but none that trump security traditions (like impossible-to-memorize passwords).

Post category: 

RAID Backups with Snow Leopard

[SEE UPDATE due to changes in a Snow Leopard patch]

I've finally completed a whole RAID 1 backup cycle with Snow Leopard and I can reliably report on how it works.

The process, when performed reliably, is essentially unchanged from earlier versions of Mac OS X. [Details added 3/4/11].

Specifically, you must never attach an old software RAID 1 drive to the working RAID 1 set. If the set was missing a drive ("degraded") before you attach the  drive, it will treat the new drive as part of the set. THIS IS BAD.

You must always erase a drive's partition header completely before adding it back in to a RAID set. Otherwise it's misidentified as being an up-to-date part of the RAID 1 set even though it may not have been updated in months.

I had thought that changes made to RAID handling in Snow Leopard might have fixed this problem. Nope.

Post category: 

CPU-based Security Improvements Adopted Slowly

'Way, 'way back in the 1960s, computer designers tried out different techniques to limit how a computer executed its programs. Some should be pretty well known, like storage protection and the distinction between "kernel mode" for the operating system and "user mode" for applications. Another was data execution prevention (aka "DEP"), where the computer distinguishes between RAM that stores instructions and RAM that stores data. If the program tries to jump into instructions stored in data RAM, the CPU aborts the program.

DEC Alpha CPU

Fast forward to 2010. Most microprocessors were supporting DEP in the mid 1990s; a few supported it before that. OS support came more slowly. Windows as been using one form or another of this since 2004 in XP Service Pack 2. However, it doesn't matter for most major applications, because they didn't fix their code to take advantage of it. So, if they suffer a buffer overflow, there's nothing to prevent the computer from trundling off to la-la land.

Managing Your Passwords

In 2009, another blogger posted an article on password problems that suggests 10 hard-to-follow rules.

The author highlights an important problem: attackers can do systematic trial-and-error guessing attacks against on-line sites. She focuses on a Google Gmail problem recently reported on Full Disclosure.

Here's the point: use strong protection on high-value targets. Take the time to protect your major e-mail account, your financial resources, and anything else you really value. If you're going to slack off, do it when registering to post a one-off blog comment.

Let me take a stab at my own list of recommendations.

Post category: 

Sharing Files on a Desktop Computer

The easiest way to share files on a desktop computer is for everyone to use the same login, and leave all the files on the desktop or in the "Documents" folder.

On the other hand, a desktop can be a personal thing. If I put a file somewhere, I like to know it'll still be in that spot when I get back. Computers are tricky enough. We don't have to add the work of other unpredictable humans to make them hard to use.

Once a household starts using multiple logins, you run into a completely different problem: how do you share things? I took all those pictures and my daughter wants to see them. We took turns typing in Xmas presents as we opened them, now where do we put the list so everyone knows what Thank You notes to write?

Post category: 

Dell Laptop

I just bought a Dell laptop. I generally buy from vendors I know, and St. Thomas has been buying Dell systems for the past several years. I might have bought an Apple, but their lowest base price was $1,000. I knew I could do a little better. In any case, I wanted to run both Windows and Linux. Running OS-X would have been a plus (I'm addicted to Aperture) but not worth the extra dollars.

The hardware seems solid - an XPS 1330 - and it's comfortably compact. It has thumbprint authentication that seems tolerably robust. The major size limiters, the RAM and hard drive, are easy to replace. So is the 802.11g network card. It came with "Windows Home Premium." I'm astonished at the amount of Dell-branded software you have to trim back. And I'm appalled that the default search engine, "Live.com," directs you away from OpenOffice.org when you go looking for it.

Post category: 

Six Minute History of Information Security

I have been reading the ACM's Model Curriculum on Information Technology (a prototype "IT" major) with a special eye towards the information security coverage. I've been teaching information security courses and recently developed a major in the area.

The curriculum provides minimum times to cover major topics in the field, like 3 hours to cover "Fundamental Aspects" including the "history" of information assurance and security. After factoring out the other dozen 'learning outcomes' for that topic, one is left with six minutes to cover the "history" of information security.

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer