# A Wish for Things That Work

January 1, 20181 comment

As the end of the year approaches, I become introspective. This year I am frustrated by bad user interfaces in software.

Actually, every year, throughout the year, I am frustrated by bad user interfaces in software. And yet here it is, the end of 2017, and things aren’t getting much better! Argh!

I wrote about this sort of thing a bit back in 2011 (“Complexity in Consumer Electronics Considered Harmful”) but I think it’s time to revisit the topic. So I’m going to call out some things about UI design in hardware and software, both on desktop PCs and embedded devices, that are good and bad and ugly, and list some of the things I’d like to see.

## 2007 Toyota Prius

I drive a Toyota Prius and I love it, with a few minor exceptions. The gas mileage is great; I routinely get 43-45mpg (18-19km/L for those of you not in the land of bizarro-units), and it is easy to drive, the downside being that if you step on the accelerator, it doesn’t zoom ahead very fast because of a small engine (1.5L) and perhaps some kind of limitation on the throttle. So if you’re driving a Prius and merging in heavy traffic, and are trying to get in front of a semi truck before it smooshes you, think twice, and remember you have a wimpy vehicle. So far the car has held up well and I’ve had very few repairs.

Here are my quibbles:

• Battery location. I’m talking about the 12V battery, not the hybrid battery. I bought this car in 2012 and a few months later, the 12V battery died, so I popped the engine hood. No battery. Huh.

The guide that comes with the car informs you that the 12V battery is located in the trunk, not in the engine compartment. Okay. So I went to open the trunk. No luck. The trunk release is electronic, so if your 12V battery dies, you have to fold down the rear seats, remove any cargo from the trunk, locate the manual lever that is in a compartment under the floor mat, open the rear trunk. Then locate the 12V battery. It’s a special small “glass mat” lead-acid battery. I got someone to drive me to the auto parts store and I found a replacement. Problem solved, but yeesh, they make it a lot harder to deal with than a regular car battery in the engine compartment.

• Interior thermostat. This car, like many newer cars, has an “automatic” temperature controller. If you set it, for example, to 74°F (23°C), it will either vent warm air from the radiator or cool air from the air conditioner to reach the desired temperature. Except there’s only one setting. Home thermostats have two settings, a heat and a cool setting. Essentially, there’s an interval or zone of comfort, say from 68-79°F (20-26°C), and it will turn on the A/C only when you get to the top of the interval, and turn on the heat only when you get to the bottom of the interval. Which makes sense. I would really like something like this in my car. But instead, I only get to pick one temperature setting, so on those days when it might be cold in the early morning and hot in the afternoon, I have to fiddle with the thermostat twice a day. 74°F seems hot on a cold morning, but chilly on a hot afternoon. Why they don’t just make a car temperature controller that acts like the home thermostats that have been around for decades is beyond my comprehension.

• Idiot lights. Suppose something goes wrong with the car and you get an indicator light that turns on. Okay, now you need one of those OBD-II code readers. Or you bring it to an auto parts store and they can read the code. Or you follow some on-line hack about using a paperclip to short some pins on the OBD-II connector somewhere, and the check engine light will flash on and off and you can decode the pattern to figure out what’s wrong. I bought an OBD-II reader, so I’m all set. But this car has a fancy display screen. So why can’t they just display a message on the screen? Gah!

One time I was driving on a mountain road, and the display screen gave me this big red triangle with an exclamation point and said “Problem”. It turned out to be a low oil level. While writing this article, I found the following description online, and it’s almost word-for-word what happened to me:

In the last few weeks, I get the dreaded Red Triangle with exclamation point on the dashboard with just the word “Problem” on the display. It only happens when I make a left turn and barely lasts one second (Just long enough to read the word “Problem”). It only happens (so far) on a mountain road where I’m going pretty fast, though hardly recklessly. Short hard turns are less likely to cause an alert than a longer sweeping turn.

Here’s the thing:

• There’s a microcontroller somewhere in the car.
• It’s hooked up to a sensor.
• The sensor senses something (oil level?)
• The microcontroller is programmed to read the sensor and display a message on the fancy display that says “Problem”.
• So why can’t they just program the microcontroller to tell you what the problem is?!?!?!

How about: DANGEROUSLY LOW OIL in large print and then “(or oil level sensor broken) — please pull over to a safe place as soon as possible and add engine oil”?

• Power-on state machine. Let’s say you arrive somewhere while you’re listening to a really good song on the radio. You want to keep listening but you want to turn the engine off. In an older car with an ignition key, there are 4 key switch positions:

• OFF
• ACC (“accessories”)
• ON
• START

To start the car, you turn the ignition key to START, which is a momentary switch; you wait for the starter motor to engage, and let the key turn back to ON. If you want to listen to the radio, but turn the engine off, you turn the key to ACC. The engine stops but the lights and radio stay on. No problem.

In my Prius, I have a start/stop button and an RF key fob. As long as you have the RF key fob with you, you can start the car. There’s no key switch; instead, when you press the button, there’s some weird state machine that decides whether the engine turns on or not. I think it works by going from OFF to ON when you press the button, if you have the car in park and are pressing the brake; otherwise, when you press the start button, it changes from OFF to ACC and the radio will come on but not the engine. Anyway, so I arrive at my destination and I want to hear the rest of the song. So I hit the start/stop button. The car goes from ON to OFF. The radio shuts off. Then I have to hit the button again, to get it to go from OFF to ACC. You would think there would be an easy way to let the car know that I want the engine to shut off but keep the accessories powered. I miss the old ignition keys.

• Power windows. Hurray for power windows. Except that in the summertime I want to leave my windows open a little bit to help the air circulate. So every day when I arrive at work, the last thing I do before turning off the car is open the windows. The three passenger side windows are easy; for the driver’s side window, some person at the Toyota factory has decided that when you press the button to lower the window for just a moment, it’s appropriate to lower the window down completely, so it takes a bit of fiddling to get the window to stop lowering and then put it back up without closing it completely, otherwise I have to repeat the process. Anyway, what I would really like is a way to program the car so I could hit a button and the windows would open just a bit to where I want them.

The thing about these is that it really doesn’t take much to make the user experience better. Aside from the battery location, the rest of these are all software issues. Yes, it takes some design effort and elegance. But the cost of the product doesn’t have to change.

## Desktop Computing

Microsoft Windows has been the bane of my computing existence since being a software intern in college doing networking on Windows 3.1. I’ve already written about my annoyance at Microsoft’s products, so I’ll skip over my jabs at Microsoft and keep this short.

• FOCUS THEFT! I can’t tell you how often some application — usually the operating system itself — steals window focus. If there was a Ten Commandments of UI Design, one of them would be Thou Shalt Not Steal Focus! Window focus determines which window gets keyboard input in a GUI. Stealing focus means that your application suddenly asserts itself into the foreground and interrupts the previous application that had the window focus. So let’s say you’re typing up a report in MS Word or doing some work in Jupyter Notebook, and Webex Productivity Tools Update suddenly pops up a message box. BAM! Your key presses all go into the message box. It’s more than annoying; if you happen to be in the middle of typing something, you may inadvertently cause an action in the application that steals focus. Don’t do this! Ever! I don’t care if the computer is about to burst into flame. There are plenty of ways to get my attention: display a notification icon in the taskbar, or put up one of those semi-transparent popup notification windows in the corner of the screen that fades away after a few seconds. DON’T STEAL MY WINDOW FOCUS!

• Google Chrome and website security. This was a bad news story that has ended up being a good news story. Chrome and Firefox have taken the proactive step of deprecating http:// websites by displaying a little “Not secure” notification in the left of the URL bar in these browsers. Good websites use TLS through https:// URLs, with all auxiliary resources (CSS, Javascript, images) also from https:// URLs, and is this case you get the little lock icon and the label “Secure”. Great. Security is good.

Now, how does the browser know a site is secure? Because it goes through this clever little handshake with the server on the other end, which presents a cryptographic security certificate that is signed by a trusted root certificate authority (CA), or is traceable through other signed certificates to a trusted certificate authority, someone like Comodo or Verisign or Let’s Encrypt. What this means is the owner of the web domain has taken steps with the CA to verify their identity.

But how does the user know a site is secure?

There are some subtle visual cues, and Chrome doesn’t make it easy for computer-literate users to look closely at site security information. It used to be just a matter of clicking on the lock icon, and a window would pop up, but all Chrome 62 tells you is some bland dumbed-down information (“To check a site’s security, to the left of the web address, look at the security status: Secure, Info or Not secure, Dangerous…”) Information security has some really hard-to-handle aspects, and many of them are not technological but rather psychological. Until we can make it more straightforward for people to understand the security implications of the Internet, we will fail to keep it secure. At least that’s my contention; maybe I’ll look at that in another article.

Anyway, it turns out that there are three types of TLS certificates, somewhat like that old folk tale, The Three Little Pigs:

Let’s say that some new internet startup, Pig Battles LLC, wants to set up https://www.pigbattles.com to stream live video of mud wrestling with pigs. So they buy the domain and get a DV TLS certificate for www.pigbattles.com. All this means is that the CA asks them to put up some information somewhere on www.pigbattles.com to prove that they own the domain, and the CA will grant the DV certificate. If an evil hacker tries to take over web traffic for www.pigbattles.com on another computer, they will not be able to produce a valid TLS certificate, and end users will see the site labeled as “Not Secure”. So their users can be sure that they see genuine pig battles by going to https://www.pigbattles.com and making sure that the browser says “Secure”.

Later on, Pig Battles LLC wants more security, so they upgrade their certificate on https://www.pigbattles.com to an OV certificate. This costs more than a DV certificate (Let’s Encrypt issues DV certificates for free) and takes more effort, but now the CA requires them to submit documentation proving that they are, in fact, Pig Battles LLC, and the OV certificate includes Pig Battles LLC as the verified organization name. From the CAB forum:

Vetting of Certificate Applicants pursuant to the Baseline Requirements

The Baseline Requirements require CAs to verify all contents of a certificate, except information contained in the organizational unit field, to a minimum degree of diligence. For certificates issued to domain names only, the CA confirms that, as of the date the Certificate was issued, the applicant either is the registrant of the domain name or has control over the FQDN. This can be done through an automated, challenge-response email. A similar requirement applies for verifying the assignment or control of IP addresses. Certification Authorities issuing organizationally-vetted certificates (certificates with subject identity information) verify the name and address of the applicant using reliable information sources, such as a government agency in the jurisdiction of the Applicant’s legal creation, existence, or recognition or a reliable third party database. The CA also confirms the authenticity of the certificate request through some means of reliable communication with the organization (i.e. they verify that the certificate requester is an authorized employee/agent within the subscribing organization). For certificates issued to individuals, the CA verifies the individual’s identity using a government-issued photo ID that is inspected for indication of alteration or falsification.

When they’re a really big website and they want people to have extra trust in their identity, Pig Battles LLC splurges for an EV certificate, which theoreticaly means there are extra checks to ensure the identity of Pig Battles LLC as a real business with a physical presence. Maybe they have to put their CEO in front of their office headquarters, and have a videoconference of him holding up three fingers and standing on his left foot, just to show that he’s a real person in charge of a real company. I don’t know. The EV certificates get special treatment by browsers — the organization name shows up in the URL bar, like these ones from https://www.python.org, https://www.mozilla.org, and https://github.com:

Compare with https://letsencrypt.org and https://rust-lang.org:

All they say is “Secure”, so they’re not EV certificates. One is OV and one is DV; to figure out which, you have to look at the certificate details. This used to be possible by just double-clicking on the lock icon. Now, you have to open a Developer Tools window (Shift+Ctrl+I), click on the Security tab, and click View Certificate, at which point a window pops up:

There’s no organization listed here, so https://rust-lang.org has a DV certificate. It could be Fox News running that domain, for all we know. The Let’s Encrypt website, on the other hand, lists INTERNET SECURITY RESEARCH GROUP as the Organization:

In any case, it’s annoying to find the information now, and next-to-impossible to find it for novice users who aren’t familiar enough with Chrome to find it. This was using Chrome 62.0.3202.97 on my Acer C720 Chromebook. While writing this article, I checked on my Mac, and it was much easier, but my Mac was using Chrome 63; I updated to Chrome 63 on my C720, and lo and behold, it’s now easy again; you click on the lock icon, and you see this popup window:

If you click on the “Valid” text it sends you to the Certificate Viewer window.

On my Mac, Chrome has an even more helpful certificate viewer; you can see at a glance that the Python Software Foundation has a physical address in Wolfeboro, New Hampshire, and that it is incorporated in Delaware:

Why do I care? Well, if it’s just a casual website like Google or Stack Overflow, I probably don’t care. But if I get a strange-looking message from my bank to visit my account on their website, I would like some assertion of identity before I start messing around with authority to access my finances, and looking at the certificate is the website equivalent of asking the guy at your door who claims he’s from the power company to show some identification. So make it simple and clear, please!

• Software updates. Some people may want their software to automatically update. I don’t; there are times where I am in a critical rush to get things done, and if I’m in the middle of a business meeting and a dialog pops up saying “Updating Microsoft Office” then it can not only be a disruption, but if I’m in the middle of a screen-sharing session, then something like this can imply a lack of control, which is not an impression I want to convey to colleagues or business associates. One time I was scrambling to finish some work, and my laptop battery was getting low, and I had some autoupdate program chewing up my CPU; I had to run back to my desk to charge the battery.

I don’t understand why there can’t be some standard method for presenting software updates to end-users, so that I can set it to remind me at convenient times (for example, when I first log in, or at noon) that software packages X, Y, Z, and W have pending updates, and I can decide to update X and Z while leaving Y and W as is. But each software program has their own quirky way to handle autoupdates, and there’s no easy way to review the autoupdate settings for each of them.

The other important information that would be really nice to present is how long it takes to update software. I’ve had software programs that take 2 minutes and others that take an hour to update. Without this information, I have to assume the worst and put off software updates. With embedded devices, this sort of information is critical. A smart thermostat, or internet TV, or security system that needs a firmware update almost certainly has to be shut down for a short period of time, so it is vital to make it easy for end-users to perform the update at a reasonable time. If I’m heading out to work in a rush, and I need to check the weather on my computer, that is not the time to update my router firmware. If it’s -20°C outside at 3am on a Sunday morning, that’s probably not a good time to autoupdate a smart thermostat. Let the user wait until a time of their choosing, so that if something goes wrong, I can deal with it or call a repairman.

## My Wish List for 2018

Below are three of my major wish-list items for desktop UI features. Unfortunately I don’t think anyone produces software that does these things, but I’ll describe them anyway.

• Combined file browser and terminal — Modern desktop operating systems have this schizophrenic kind of approach to managing a file system.

On the one hand, you have the file explorer, a relatively easy-to-navigate graphical browser that can do a few limited tasks very well. Microsoft Windows tries to overload this through shell extensions; you right-click on a folder window, and it will give you a series of nested popup menus with 300 different actions to perform on selected files, depending on what programs you have installed. I can open files in GIMP or IrfanView or Microsoft Word or a bunch of other programs; I have TortoiseHg installed for Mercurial, and TortoiseSVN installed for Subversion, and each of them has about 15 different menu items. Basically it’s very easy to do certain things, like select one or two files or a series of files; but it’s very difficult to do others unless someone has gone to the trouble of making a shell extension feature.

On the other hand, you have the command shell (Command Prompt in Windows), that experts can use to run shell commands like chmod a+x pigbattles if you know what you are doing. And that’s great, I can use 10% of my brain cells to memorize all the git options if I want. (I don’t.) I do use a command shell, not as much as some Linux gurus I know, but more than many of my colleagues at work.

What I want is the best of both worlds; I want the Reese’s Peanut Butter Cup of file explorers and command shells merged into one utility. I would like to do things like

• select a few files manually by clicking them, then run some command like ls -l \$selection
• run select *.o to select files programmatically, and then hit the delete key — yes, I could just do rm *.o, but the select *.o approach lets me see them first. Maybe I want to de-select a few of them by hand first before hitting delete.
• Mylyn ALL THE THINGS! There are three major Java IDEs: NetBeans, Eclipse, and IntelliJ IDEA. They each have their quirks. I use NetBeans at work, but Eclipse at home from time to time, and the one feature of Eclipse that is completely awesome and yet absent from any other software is the funny-named tool called Mylyn. Mylyn is a “task-focused interface”, and rather than describe what it does, I’ll describe the use case that makes me crave it in software outside of Eclipse:

• Suppose I am working on some bug. I’m looking at a couple of files of source code, and maybe I’m debugging with some specific breakpoints set and I want to look at a few particular variables in a watch window
• Now I get an email from my manager: there’s an irate customer and we have to fix a different bug right now. So I close the first set of files, and look at different files and set up different breakpoints and watch window variables. I work for a few hours, then we manage to send some advice to the customer, either workaround information or a new version of software or whatever.
• Okay, it’s back to the first bug. Now where was I?

Most IDEs have what I call the Criminal Minds fallacy of task management. Criminal Minds, in case you haven’t seen it, is a long-running TV crime drama. There’s an elite team of FBI profilers, called the Behavioral Analysis Unit, whose job it is to get inside the heads of serial killers and psychopaths, and stop them before they can do more damage to society. Now, every episode is basically the same: the team gets some case, they solve the case, and they move on to the next case. They even have their own jet — they fly across the country, solve the case, and fly back home. All nice and neat, wrapped up in 42 minutes of running time.

Real life is not like that.

Real life is messy; it has interruptions and multitasking, and sometimes you think you’re done with a task but then you have to go back and revisit it. I don’t know how many cases an FBI agent works on at one time, but I would guess it’s more than one. (I found one source who stated on average an agent handled “nine to fifteen cases at any one time.”) At any rate, I have to deal with more than one task at a time in my engineering job. So when I use Eclipse, I can create “task contexts” with Mylyn, and in each of them, stash away what I’m working on, and quickly switch back and forth between application state. Mylyn lets you interface with issue trackers like Bugzilla or JIRA, and you can associate application state with particular issues. I would love to do the same kind of thing with NetBeans and MPLAB X and PyCharm and Notepad++, but alas, they don’t have Mylyn. The best NetBeans and MPLAB X can do is this thing called “Project Groups” which is a way of keeping different sets of projects available at one time, but it doesn’t have the nice fine-grained aspect that Mylyn gives you.

• Semantic diff tool — I use Beyond Compare all the time at work and at home for folder and file comparisons. It works pretty well. My typical use case is as follows:

• Start on a particular change to source code
• Get software working
• Use TortoiseHg or TortoiseSVN to commit changes, but first:
• Just before committing, look at the diff between the working copy and the last committed version, to review which changes have been made, and make sure I didn’t accidentally include some experimental change (like a print statement in Python for debugging) in the commits.

90% of the time this works very well. But sometimes it doesn’t, usually because I’ve done some refactoring step that is conceptually very simple but syntactically tedious. For example, let’s say I’ve renamed a method from searchPig to findPig, and there are 178 changes in my code that cover this name change. When I review my code changes, I have 178 occurrences where, yes, I did change searchPig to findPig. Fatigue sets in. My eyes glaze over and it all looks good… and if I’m not careful, I might miss the print statement that has slipped in on one of the lines below a findPig call site. So here’s what I’d like to do:

• Describe semantically what change I made, for example, change all whole-word matches of searchPig to findPig in files with the *.py pattern
• The diff tool parses my semantic description, and then generates a kind of virtual intermediate version
• Then it compares this virtual intermediate version with the actual changes, and shows the difference. So I can, in fact, verify that I changed what I wanted to change, and I can see a few specific manual edits rather than 178 occurrences of find-and-replace.

Anyway, those are the items on my wish list. Know any software already out there that does these things? Let me know!

In the meantime, thanks for reading, and have a great 2018!

Previous post by Jason Sachs:
Linear Feedback Shift Registers for the Uninitiated, Part XII: Spread-Spectrum Fundamentals

[ - ]
Comment by January 10, 2018

Jason

I have ranted several times on poor design of products. My blog "Monkeys everywhere" details some, and at the end I have links to 3 other of my blogs. There are even more links in the comments.

Oh for a perfect world!

To post reply to a comment, click on the 'reply' button attached to each comment. To post a new comment (not a reply to a comment) check out the 'Write a Comment' tab at the top of the comments.