Thursday, December 21, 2006

Bad Software Interfaces, Part 88

Post office vending machines need UI improvement.

It's Christmas Card season again, so I went to the post office to drop off a bunch of stamped cards, and pick up some more stamps for any stragglers. Of course there was a huge line, which was expected as people are shipping packages. So I hit the vending machine to grab stamps. I could tell the people in line in front of me were getting frustrated, but it wasn't until I got to use it myself that I saw the problem. Here was my plan: since stamps are currently 39 cents, a book of 20 is $7.80. I had a ten dollar bill, so since I didn't want to get crushed with metal change, I was going to get a book of 20 and then enough individual 39-cent stamps to eat up the balance. Well, the machine was out of change. First mistake is that it didn't show this right away. Vending machines have had a "use exact change" light for decades. I stuck in my $10, the machine gave me a credit for $10.00, and then I selected the book of 20-stamps. The machine said that it couldn't give me $2.80 of change, and it rejected my purchase, and spat back my $10. Fortunately I had a $5 and managed to scrounge up enough $1's to get to $8. This time when I made my purchase, it gave out my stamps. Then a note flashed very quickly on the screen–too quickly for me to be sure of the exact message–along the lines of: "unable to give 20ยข change, Post Office notified." The next thing that the screen showed was a balance of $0.00. Well, thanks. So here's the story of what's going on:
  • The software expects to be able to dispense change.
  • If it can't, then it sees if the amount of change left over is below some threshold:
    • If it is, print a "sorry about that" and eat the money.
    • If not, spit the money back out at the user.
I've dealt with these machines before, and had them spit change back out at me before I was done buying things. I've also had it eat an entire book of stamps, to which the website says "you'll need to contact the local post office." (Losing $7.80 is annoying, but not so annoying that I want to find time to stand in line to process a claim that the machine ate my money.) The entire "customer makes a single purchase" model might work for buying snacks, but stamps are often gotten in multiples. The designers of this machine were clearly aware of this, because certain purchases (1-cent stamps) let you select a quantity. Normally this model is just annoying. It saves a little bit of time for a few transactions (buy one thing and go), but makes many other transactions take a lot longer, as I have to put the money it spits out back into the machine to buy the other things I wanted. But when the software refuses to let you carry a balance across transactions, lack of change becomes a real liability. Even if I couldn't've gotten my 20 cents back out, at least I could've left it there for the next person in line. Spread the Christmas cheer and all that. I really don't blame the software engineers who built this. Having seen things like this before, what I'm guessing is that the requirements never stated anything about the ability to dispense change, and the solution of refusing to do some transactions while eating the change on others was stapled on at the last minute. Note 1: It's curious that the machine fed me back my ten-dollar bill. How many bills can it return like that? I doubt it can rewind its entire store. If I had paid with ten $1 bills, would it have spit them all back one at time? Or would I only have gotten back my last dollar? Note 2: The coin insert slot was busted, based on the grumbling of the people in line in front of me, so you couldn't help but lose the fractional part of a dollar in any purchase. What if I had bought a single 39-cent stamp?

Friday, December 15, 2006

Calyptix announces prices

Local UTM manufacturer Calyptix (with which I'm helping) has released a new version of their product, and announced prices as well: Prices are way below what you'd get for a similar product from Barracuda or SonicWall. And there are no per-user fees -- the "number of users" is just a performance benchmark.

This stuff writes itself
Computer hackers will open a new front in the multi-billion pound "cyberwar" in 2007, targeting mobile phones, instant messaging and community Web sites such as MySpace, security experts predict.
As we used to say in the 80's, like, duh. This really shouldn't count as news. Security experts will always say the sky is going to be falling, for two reasons:
  1. Things will indeed get worse.
  2. Cyber-crime will definitely increase, just like the use of computers in general will definitely increase.
  3. It gives us jobs.
  4. We work in an industry that, unfortunately, sells fear. I wish people could rationally understand the risks and take appropriate counter-measures. But humans being humans, it takes an emtional response ("don't want my name on the front page of the New York Times for being hacked") to move a lot of folks.
Anyone want to write a "computer security researcher predicts bad things" headline generator?

Wednesday, December 13, 2006

What Voting Is Not

I've seen a few misconceptions about voting that keep on getting repeated. I'm going to address the most common ones I see.
  1. Voting is not an ATM transaction.
  2. Every once in a while you'll hear someone ask "if the bank's ATM's can give me receipts, why can't voting machines?" Banking transactions are purposefully designed to be trackable, verifiable, and undo-able. Every party knows exactly what occurred, and can prove it (reasonably so) to a third party. You don't want these feature for voting. Secret ballots are not supposed to be trackable. (Some districts assign unique numbers to each paper ballot, so an individual's vote could be determined, but there are generally protections in place from revealing the person-to-number mapping.) Being able to prove to a third party how you voted is also bad for our voting culture. With third party verification, it becomes possible to literally buy votes. Imagine a goon for your least favorite candidate stopping by a homeless shelter, driving everyone there to a polling booth, and then giving them a $20 if they come back out with a receipt for that candidate. (One can also imagine coercion, where someone is threatened if they cannot prove who they voted for.) Now, one might make a case for doing away with the secret ballot, where everyone's vote is public. That's a whole different ball-of-wax, and might be worthy of consideration, but I don't think people who want ATM receipts are really urging us to get rid of the secret ballot.
  3. Voting is not a science project
  4. If you come out with indeterminate results from a science experiment, you declare the experiment as failed and run it again. You do not just take your best guess. However, an election -must- have a result. "No clear winner" cannot assume office, even if there really isn't a clear winner. You can't just rerun an election in the hope for a clearer result. (Why would your new election be any clearer? Because people finally understand that their votes might make a difference?) Now, you could certainly run it over again if you had a specific problem that you believed could be corrected, such as massive fraud (like in the Ukraine). But your clock is already ticking, and you can't be doing re-votes the day the new term begins. But for the most part you need to make sure your election is running smooth -before- the election. Lots of this responsibility falls on the candidates and their staff. That means that you check that the ballots list your candidate clearly, that there are sufficient resources in the districts to let votes be counted, that there aren't construction projects underway to block traffic to polling stations. The election committee needs to make sure that these materials are all available for review ahead of time, with a plan in case serious errors are found.
  5. Voting is not exact
  6. All forms of measurement involve error. Voting is no different. There are going to be mistakes involved in setting up voting lists, in registering voters, and in figuring out who gets to vote. Even the simplest voting forms are going to be misunderstood by some non-zero portion of voters. What's important is not getting any of these perfect. Because that will never happen. All these interests must be balanced, and some of them go against each other. You can stop fradulent voting, or you can allowing authorized voting, but the false positives that you allow for the one hurt the other. What is important is to defining the acceptable rates of error for each step, and have procedures for undoing errors. Unfortunately I cannot see any politician who wants to get votes talking about an "acceptable rate of error" in an election.
  • So can technology help?
  • Technology can help with some steps. For example, an IVR phone line could be set up that lets people verify their voter registration well before the deadline. Copies of the ballot can be made available on websites. Technology can be neutral in some cases. The problem of the 2000 Presidential election wasn't hanging chads; it was that the vote difference in Florida was less than 2 percent of 1 percent, well within the margin of error of any mass human endeavour.1 Better voting technology would've spared us all the nonsense about what kinds of chads should and should not count, but the election still would've been in the margin of error of the new voting method, and there still would've been the question of what voters were and were not allowed to vote. Technology can be harmful in some cases. Some electronic voting machines provide no mechanism for confirming their results besides their manufacturers swearing up and down that they are accurate. (Open source voting machines are not the answer, but that's the subject of another essay.)
There are steps that can be taken to make voting more accurate, trustworthy, and transparent. But it takes a serious look at what our relative priorities are for an election, and a careful analysis of the solutions available. 1Imagine that you asked 10,000 people to fill in a Scan-tron form with their initials. Do you think that only 2 would get it wrong in some way? Would any confuse a small-print O with a Q? Who would use a pen despite being given a #2 pencil? Would people without a middle name follow the format you told them? Did you even think of the problem of no middle name beforehand? None of these are common problems, but when you trying for 1% of 1% accuracy they become things you have to deal with.