Ramblings of Narc

I feel a bit like I’m picking on a retarded kid, but I’ve been asked for instructions about changing one’s password on a Yahoo! account, and I figured that was a good excuse to analyze some of the pitfalls of bad UI. Having just tried to find it myself, I have to say it’s not very easily discoverable unless you know what to look for, and that’s pretty hard for a non-programmer.

First, a caveat: I’ve only tried to do this in the context of accessing Yahoo! Mail. It’s possible that other Yahoo! applications make this process a bit easier, but I’m going to assume the person who needs this (friend of my uncle’s, I’ve never met her) is a typical user who doesn’t care about anything other than Yahoo! Messenger and Mail.

With that said, let’s see how to do it:

First, go to http://mail.yahoo.com/ — the easiest way to get straight to Yahoo! mail:

If you don’t have automatic login enabled, you will probably have to sign in now:

In the above picture, note the “Forget your ID or password?” link that can help you if you can’t remember those.

And now we get to the really bad UI: Yahoo! Mail “non-classic” (click for bigger screenshot):

I know, that’s not the whole UI, I’ve cropped a lot of it out, but the interesting part is in there. See what I’ve highlighted there:

When you click it, this is what you see:

Now, you have to figure out that the “Edit My Account” link is likely to have the password-changing option (maybe not that huge a logic leap — I’m not a user, I don’t know how they think). It’s right there:

The result? Erm, you’ll have to enter your password again:

This helps, I’m sure (for instance, if you have auto-login enabled and some idiot goes to Yahoo! Mail on your behalf, at least they can’t change your password, right? But they can read your mail, and send mail as you. Oops.

On the other hand, the profile edit page appears to contain more sensitive information, such as home address, telephone numbers, and such. It would probably also contain credit card information, which is definitely something we don’t want an unauthorized prankster to see.

So, anyway, the result is you’ll be presented with this screen (click for bigger screenshot):

Which, among other things, contains this:

That’s right, there’s the Change Password link. It didn’t take long to get here, did it? Click it, and you get this:

After you fill out this rather standard password change form, you should be looking at this:

That’s it! Now, let’s see how much it took to get here:

• Two password prompts (one of which might not show up in some cases)
• Figuring out a UI element is actually a menu, and that it’s the one we want!
• Understanding that editing “my account” includes changing the password (as I said, maybe not so much of a logic leap)

The conclusion? It’s not too bad, but it could be better. I’d love to see this action — changing one’s password — be somewhat more easily discoverable without having to browse through a drop-down menu, but otherwise it’s pretty understandable once you spend a few minutes thinking about it.

And there’s the rub: you have to think about it. And it’s not in the obvious place, either — there’s an “Options” menu you might think was related, but it actually refers solely to the Yahoo! Mail options. I have no doubt a lot of people get hung up on this point: “I’ve looked everywhere and I can’t find it”. The profile menu is hidden away in the top-left corner next to the logo, and it looks like a greeting, rather than something with which to get stuff done. Further, there are so few options in that menu that they could all be shown directly below, like the “Sign Out” link is, and that might help a bit.

Alternatively, maybe the drop-down menu could be called “Profile Options” or “My Profile” or something, rather than “Hi, <first name>!”. That makes it look like website fluff rather than like an actually useful piece of user interface.

Oh, in case you’re wondering — I’ve removed my details from the screenshots mostly for clarity, rather than out of any fear of giving away any information. My “About Narc” page contains the personal info I’m okay with having out in the open, and you’ll probably note it’s pretty complete. I’m not that bothered by having random people know my personal information — I assume nobody really cares.

I was just reading a post from Alex_Boly’s blog, and found this brilliant explanation of what programming common sense actually is:

[Common] sense is a very elusive concept. How do you express it, how do you explain it to those people violating it in such an unimaginable manner? How can they learn it, use it, teach others? How did you get into its possession?

Hard questions, with no answer. Until now, when I have finally developed a theory of common sense. It may be proven right or wrong, but at least it’s a theory that is, I believe, worth exploring.

My theory can be summarized as following:

1. We start learning programming because we are attracted by it
2. We continue to learn and read more and more because it’s more and more interesting
3. The knowledge pieces we gather connect to each other
4. The connections solidify in patterns
5. The patterns become the second nature and the common sense is born

You can read the rest of Alex_Boly’s theory on common sense at his blog. It’s very much worth it.

I’ve just had the immense pleasure of reading a bunch of code written by someone who is, or should be, a non-programmer.

Among other things, this piece of code (written in PHP) tends to take very roundabout routes to get where it’s going, its functions are mixed up with program logic (including such things as if(condition) function something() {};, which hurts my brain just thinking about it), and calls a Perl script to do something that’s eminently simple to do in PHP — querying a URL.

Thanks to an unattributed image found on Jeff Atwood’s blog, I can now express what the person writing this code should have been seeing as he wrote it:

Because that’s what was happening in my brain as I was reading it.

Now, I can appreciate code reuse, and the fact that the Perl script this one is calling is written mostly by myself gives me a nice ego-boost, but I’m questioning the validity of the current approach.

Firstly, what’s the point of having someone who is so obviously not a programmer write a bunch of code when I and my co-workers are generally available throughout the entire Toronto workday?

Secondly, does anyone doubt that this piece of code will end up having to be supported by us, the same people who should’ve been asked to write it in the first place? As evidence of this, I present the fact that I was the one asked to “fix it”. All I know is, at some point, I’m going to end up having to do some more in-depth maintenance on this code, and I’ll end up rewriting the whole thing, top to bottom. It’s just that bad.

And don’t even get me started on the excess trailing whitespace I just removed by saving the file. Or the shitty indentation that’s sometimes done with spaces, and other times with Tab. And even when done with spaces, it’s inconsistent between two spaces, three spaces and four.

I just noticed another thing: it calls mysql_free_result() at the very end of the application. How clever! It’s as if the “programmer” didn’t realize it would be done automatically the moment the script ended execution.

I’m also curious if the person who wrote this, ostensibly someone with the username “tony”, can even speak English. The reason I’m asking is this comment here: “Retrive Form Value and Assosate Vlaue for Xsell ID”.

Fun stuff, isn’t it?

You’ve probably seen it — heck, you’ve probably done it yourself, many times. Almost everywhere you go online, if comments are available, or if there’s any kind of open forum, you will see these posts:

this is my opinion: i think [X] should be [Y], [Z]

Now, I’m very specifically not trying to draw attention to the content of the post, because some number of them are very decent, and the rest are mostly ignorable. No, what I’m specifically looking at is the writer’s apparent hatred for the Shift key on his keyboard. With the exception of the [X], [Y] and [Z] I used as placeholders, that post has no uppercase characters whatsoever.

So, my question is, why? Usually, the answer I get is “its extra effort to use the shit^Hft key, and im too lazy”. I don’t buy that. I’m possibly the laziest person I know, and to me, it’s harder not to use the Shift key. It actually takes more mental effort to write like that than it does to write with proper capitalization, punctuation, and spelling (typos notwithstanding). And I’m sure my readers (all two of you) appreciate it.

So why do we see so little capitalization? What is the hatred for the Shift key? Are we moving towards an e. e. cummings-style Internet, where the Shift key is banned, or limited only to articles on media websites like CNN.com? Same for the apostrophe, and (in extreme cases), the period. What’s going on here?

Now, here’s an odd one for you, courtesy of my friend, Cristian Chilipirea (Dark Hunterj):

#include <stdio.h>

int* holy_crap()
{
	/*static*/ int s;
	printf("%i\n", s);
	return &s;
}

main()
{
	int* x = holy_crap();
	*x = 2;
	holy_crap();
}

So, what are we looking at? Well, if you uncomment the “static”, you get the intended effect — holy_crap(), when called for the first time, (prints “0\n” and) returns the address of its static variable; the value in that address is changed to contain a 2, and then holy_crap() prints out “2\n”. This is as intended, and it is a very silly thing to do, but it works and is legal.

And then, you comment out the static as I’ve done, and… it still works? That’s odd… In theory, at least, the allocation of a non-static local variable can take place absolutely anywhere in memory, so the address read and returned by the first call to holy_crap() could be different from the address checked and returned by the second call. Yet, on my compiler (gcc version 4.2.4 (Ubuntu 4.2.4-1ubuntu3)) and on Dark’s, it actually does print “2\n” on the second call to holy_crap().

Granted, gcc does complain: “warning: function returns address of local variable”, but it still works, for whatever reason.

And it gets better! Check this out:

#include <stdio.h>

int * holy_crap()
{
	int s;
	printf("%i\n",s);
	return &s;
}

int huh_what()
{
	int test;
	test = 3;
}

main()
{
	int* x = holy_crap();
	*x = 2;
	huh_what();
	holy_crap();
}

This actually prints “3\n” on the second call to holy_crap()! We could probably reduce this further by removing the initial call to holy_crap() and the assignment of 2 to that pointer, but it doesn’t matter, because this is still some weird shit going on here.

Oh, and, I probably don’t need to tell you this but don’t ever rely on this happening for you! It’s very likely a combination of compiler, OS, and unoptimized compilation. I haven’t tried this in any conditions other than “gcc file.c -o file”, and I definitely do not recommend writing anything like this in any application beyond the most trivial/educational.

Still, any ideas to explain why this happens?

Okay, call me slow, but I’ve only just discovered the post Style Is Substance by Ken Arnold, and I had an epiphany (nor was I the first to have it, as evidenced by the attached comment thread): coding style (i.e. the rules of whitespace, formatting, and whatever) should be IDE-specific.

Wait, let me backtrack a minute first: the post in question specified that a language’s syntax should be standardized in the official language documentation, and that any deviation from it should be flagged as a compiler/interpreter error. Forcibly. With no way to relax the setting.

I’m going to let you digest that for a second.

Ready? Okay, here’s the next interesting part:

In the end, this requires only that editors and IDEs used by coders will let the user type stuff and it will make it look right. This is basically just reformatting on the fly, which many editors already do. We don’t need you to type zero, one or seventeen spaces between an if and its open paren, we just need the editor (assuming K&R C) to put exactly one space there. And getting even this right will be easier if there is only one style to worry about. It’s one of those things that those reformatting or style adapting cycles can go to.

(emphasis mine)

Now my epiphany: if the IDE could do this (and there’s absolutely no reason why it couldn’t), why can’t it also do the reverse, i.e. translate the standard form into something you like? And if everyone’s IDEs did that, it would finally let Billy code in his personal style, old timer Gabe in his, and have the assurance that the result won’t have several formatting styles because there is only one style!

Where does all this break down? Well, there are a few things, such as:

• whitespace for emphasis — in the comments thread, there is an example of a tic-tac-toe game board expressed as a continuous array, C-style, formatted into “lines” and “columns”, making it infinitely more readable than the equivalent all-on-one-line version.
• whitespace for emphasis, again — another example was of vertical whitespace (and comments) used as a delimiter for important code, making it stand out.
• uncheckables are given in the article — namely, Hungarian notation, and {get,set} method prefixes.
• IDE standardization was also put forward as a possible bad idea, but I personally fail to see the issue — it’s not standardization, but rather adding to a common feature set requirement.
• On that same point, though, I’d like to add in the inability to edit in Notepad, at least, not with ease. Maybe you have two or three IDEs to choose from, but you will have to use an IDE — Notepad just won’t cut it anymore. Not that it really does nowadays, what with the lack of syntax highlighting, but it’s still a valid point.

For some of these, I can envision some creative solutions, such as some (hopefully standard) special comments used as “hints” for extra whitespace or special formatting for display, while still forcing the generated code to adhere to the standard style — but once we do that, we’re back to square one since all the current style problems will get pushed into the comment hints instead. Maybe there’s a midway point there where we could (at least theoretically) have our cake and eat it, too. Maybe not. Any ideas?

Leo Notenboom of Ask Leo! has written a thoroughly useful article about wireless Internet connectivity. In the comments section, a reader pointed out the omission of satellite Internet from the list. The comment read thusly:

Great subject! Informative answers! But don’t forget about Satellite internet. The prices are comming down. I live in the country and have only dial-up. I’ve checked some different options and I found I can get broadband high speed for about $15 a week and not have to buy anything.

This was my reply, and I considered it so good (and long-winded, but that’s another story) that it was worth reposting on this blog (with some cleanup and additional formatting):

Satellite Internet is, indeed, another wireless connection type, and it’s a somewhat older one than most of the ones discussed in this article, thus we could say the technology is “proven”. However, its low adoption rate is not solely because of its price.

Satellite connections suffer from some limitations which can be hard to live with, depending on exactly how you’re using your Internet connection:

• firstly, and most importantly, satellite connections suffer from high latency. This is a function of basic physics — the satellites are far enough away from any point on the surface of Earth that it takes a non-trivial amount of time for data in the form of electro-magnetic impulses to reach them, reach the other point, and return. My current Internet connection gives me latencies on the order of 150 milliseconds, on average, from Romania (Eastern Europe) to the United States. By comparison, for satellite access you could be looking at latencies as high as 1 or 2 seconds (thousands of milliseconds!) for a round trip to a server that might be just a couple of miles away. And that’s on top of the pre-existing round trip from the other end of the satellite connection to the server you’re trying to reach.
• secondly, weather: as documented on Wikipedia, “[satellite] communications [are] affected by moisture and rain in the path of signal”; meaning, effectively, that a rainy day in the summer might leave you with a crippled, if not completely non-functional Internet connection. Add to that the likelihood of snow build-up on the satellite receiver dish, and thus the requirement of continuous maintenance, and it makes for a somewhat unreasonable connectivity solution.
• the third, least important but still potentially crippling disadvantage is that most satellite Internet providers tend to offer one-directional access only. That is, download-only (from the Internet to your computer). But all communication on the Internet, by virtue of the design of the TCP/IP protocol, is bi-directional: all packets sent must be acknowledged, and don’t get me started on the three-way handshake. What this all means is that you might still have to keep your dial-up connection and use it for the opposite direction, which will effectively slow down your communications to the rate at which your dial-up connection is capable of routing the acknowledging packets, which, although obviously smaller than the primary communication ones, are still a limiting factor.

There is also the further limitation of line of sight, specifically the communication-dampening effects of vegetation, meaning more continuous maintenance to ensure a tree (or, in a city environment, a building!) doesn’t come between your receiver dish and the satellite it’s trying to reach.

But the trifecta of latency, weather, and unidirectionality provides strong incentives to stay away from satellite connections except as a last resort. I’m also suspicious of your final statement of “not [having] to buy anything”, since contacting a satellite absolutely requires the existence of a satellite dish, but perhaps you already have that for TV.

If you’re curious, the uni-directionality limitation results from the fact that satellite communications are generally optimized for TV-like systems, wherein there is a single sender and many recipients. By contrast, an Internet connection by design is point-to-point, there being a sender-recipient pair for each such connection. This effectively results in satellites being a very poor method of transmission, having a very limited number of channels, which accounts for the relatively high cost of connection. Simply put, a satellite with, say, 1,000 channels could broadcast 1,000 TV programmes to potentially millions of viewers (who are all receiving the exact same data), or it could provide Internet access to exactly 1,000 people. Some magic is probably possible by splitting the channels into smaller ones, but the result of that will necessarily be a lowering of speed, and you may end up with a bandwidth the same as a dial-up connection but with a much higher latency.

---

I didn’t mean for such a long treatise of satellite connections, but I feel I’ve done a reasonable job of describing the pitfalls there. I’d like to restate that it could still be a potential option, just not one that is likely to be reasonably priced — either in upfront or hidden costs.

(or, just how much can you chew?)

Way back in late 2005 (a lifetime ago, as far as I’m concerned), a friend of mine came for a visit one day. He was coming to me on behalf of a (non-mutual) friend who needed a programmer because he had an application in mind. He tried to explain the application to me, and on the face of it, I didn’t think it was a particularly difficult one. I still don’t, actually, but that’s a purely academic distinction at this point.

So because I didn’t think it was going to be that difficult, I went ahead and told him to have his friend contact me; he did, and he did, and we met, and I got to sketch out a reasonable idea for the program both in my mind, and hopefully in the client’s mind as well.

And then things got bad.

I strongly suspect I was right, that the project was not particularly difficult. I also suspect that, just as I couldn’t finish (or even start) it then, I would be completely unable to finish it now. It’s just beyond my capabilities.

The first hint of this “too big to chew” property of the project was when I tried to start writing some kind of database abstraction for it and kept coming up with flaws in that abstraction. I had gotten a number of details on what the final application would have to deal with, and even though I had decided (together with the client) that the initial version would be limited to some much simpler-to-model data, it became more and more clear that this initial iteration would have to be thrown away almost entirely after its implementation.

And here’s where I went wrong: I could have created the initial, very limited application. It would’ve had to have been (at least partially) thrown away after its launch, and the next iteration would probably have been more complex, but it would have been something tangible, more than just a concept in our heads, but something that could be interacted with, could be tested, could be considered for the recycle bin or for the improvements treadmill. Instead, I froze. Almost literally. I couldn’t write the code. I couldn’t make it happen. All I could think of was how complicated an architecture would be required, and how it was so completely beyond me because man, I’ve never written something like this before and I’m so fucked; I told this man I’d deliver something and now I can’t deliver, I can’t do it, and I’d rather die than see this man again and dash his hopes after I made it sound so good…

Now, if that sounds like I’m maybe hiding the fact that I couldn’t bear the shame of not being able to write something, and I’m lying to myself (hello, armchair psychologists out there on the Interwebs!), the fact is I’m not. Yes, I was ashamed, but not that I couldn’t do it — I was ashamed that I’d ended up lying to my client about being able to do it. And, to be honest, I don’t think I even ever said I would be able to do it, but I’d made it sound so good, like it was just a few steps away from being real… which, of course, it never had been — except in my head. Before I’d really thought about it, that is.

So, the lesson I took from this was: don’t promise you can do something you’ve never done before, and don’t make it sound like you can. Because if you end up biting off more than you can chew, you’ll make a liar out of yourself, and your client will not only not want to hire you again, but they will also tell their friends that you’re unreliable, that you make promises you can’t deliver on, and that will fuck you more than anything. Obviously, this is just after-the-fact reasoning, the real reason for me was that it made me feel like shit — but it also happens to be true, and my feeling made me look at that, analyze it, and see it for myself. And now I can share it with you, anonymous reader.

The next post in the series is One Is The Most Important Number, and refers to the age-old programming concept: “Don’t repeat yourself”.

Last week, my father, Cristea Sandulescu, finally gave up his struggle on this earth. After more than 23 years battling Ankylosing Spondylitis, and seven months battling cancer (of the lungs and brain), further complicated by almost complete blindness (due to the cancer), Dad decided the time had come to leave. He will be missed by both me and my mother, who loved him very much and were with him throughout most of this struggle.

My biggest problem in all this has been to explain how I felt. I was aggrieved, yes, but not so very severely. I didn’t regret his death — I was happy he didn’t have to fight anymore, happy he didn’t have to live with the pain and suffering inflicted on him by all these things. I was (and am) also happy to have had a chance to know him, and talk to him on equal terms, and happy that we had nothing left unsaid between us.

But putting all this into words somehow doesn’t seem to explain it properly, and I worried that perhaps I seemed cold-hearted, or maybe in denial of the events happening around me. Which is where the amazing Randy Cassingham of This is True came in.

In an email conversation on the topic, he said the following (quoted with his permission):

Death is not only a true part of life (a fact many westerners try to ignore), but many times it’s a welcome end. When someone is suffering, it’s more obvious, but sometimes one is getting no more out of life and is ready to move on. My father was one of those; he was simply done, and I simply cannot feel grief over the extremely successful life he led — and was done with. He died in December — the day after he turned 89.

Randy is a brilliant writer and entrepreneur, as well as an extremely intelligent man — and his understanding, along with all the support I received from my (surprisingly many!) friends, helped me through these difficult times.

So, to all of you who helped, whether by a kind word, a hearty handshake, or even just by listening: thank you all.

I was pointed at this post explaining the REST architecture from, uh… somewhere. I think I may have found it on joel.reddit.com, but I’m not 100% sure.

Anyway, so I read the article, found it absolutely wonderful at explaining REST, and then moved on to the comments. I was honestly surprised at these accusations of sexism. And I don’t even understand for what — the choice of words? He stated from the start that he was talking to his wife. It was my assumption that he didn’t want to put her name out there for everyone to read, so he stuck to the “Wife” noun in describing her throughout the article. I don’t see how any of that was sexist in any way. Would it have sounded better if a homosexual man was explaining things to his boyfriend and used “Boyfriend:” throughout the article? Is there really a difference?

Um, right. Kinda got side-tracked there. The point was, I ended up reading the comments… and comment #152 had this (among other things) to say:

Programming is done sitting in a room in an illegal state of mind for long periods of time thinking about things that would make a math teacher scream

And I realized… yeah, that’s pretty much what it is. Good explanation. Is that why there are so few women programmers? Because programming is not a social experience? Probably. Is that a sexist statement? Maybe. Does it have anything at all to do with the article? Not really. But it is an interesting insight.

Leo Notenboom asks: “Where are the ethics?” in a post dated Feb. 14th, 2006. Almost two years later, I’ve stumbled across it, and I have to say I completely agree. The comments are worth a read, too, if you’ve got the time.

I estimate that somewhere between a quarter and a half of all questions asked [of me via email] are attempts to deceive, steal, hack or hide from the repercussions of questionable activity.

Not a day goes by that I don’t get a ton of “please recover my password” requests. Some may be legit I suppose, but many are blatant or poorly-disguised attempts to get me to supply a password into someone else’s account.

Okay, so I’ll admit he’s particularly visible as a tech/security writer, so his audience is self-selecting in that regard (Google can be pretty annoying sometimes; search for “crack hotmail password” and see if the first 10 results aren’t all security sites explaining how annoying and/or illegal that is), but this still seems to match the general “feel” of what non-tech interest in computers is about. At least a quarter of these people really are interested in doing nefarious things!

I think I know why, though. The computer world, to them, isn’t real. It’s all just a video game, on a perhaps subconscious level. They aren’t hurting real people. At least, that’s what most of the wannabe-hackers are probably thinking.

And then there’s the weirdos, the people who think their boyfriend/girlfriend/spouse’s business is *always* their business and “why would they not tell me the password unless they’re hiding something?” — to which I’d say, if you can’t trust them, don’t bother to stay with them anymore. A relationship is built on trust. That is its foundation. If you’ve lost it, you will break up/divorce within the year, so just get a head start and admit they’re not for you.

Sorry, didn’t mean to turn this into a lecture. My actual point in posting this was to show you a man who, at 50 years old (well, 48 at the time of making that podcast), still cares. I hope I still care when I’m 50; I hope I don’t turn into a cynical bastard like this world seems to want me to. ‘Cause I’ll say one thing: the temptation is *definitely* there.

Very much worth the read:

It is a cliche in our business that the first 90 percent of the work is easy, the second 90 percent wears you down, and the last 90 percent – the attention to detail – makes a good product.

— The Graphing Calculator Story

So it seems Mihai, one of my co-workers, has a new blog. I beat you to it by three weeks, dude! *g*

In other news, very soon now I’ll move this blog to http://wp.narc.ro/, so be careful of borken trackbacks.

Update 2007-11-21 18:01:00: It’s up, it’s up!