Skip to content

Amazon’s Commingling of Questions

… (The hyperlinks at the top are nice, but I’ll bet the percentage of click-throughs is fairly low.)

Yet both features have a serious flaw on most all listings where different styles can be selected with a tile button or drop-down list, because each of these selections is a different product! When the selections differ only in color, that’s not much of a problem. But what happens when a pot & steamer set and a pot & double boiler set are commingled in one listing, and then one of them is removed later? (A: you see lots of questions about why the double boiler has holes in it.)

I’ve seen problem this a lot during my last few weeks of browsing, and it’s mightily frustrating. This listing for a Prepworks sugar storage container, where the first question is “How can you know if the one you want works, when this listing review is for all the different types?? it makes the rating useless?

There are seven different selections for six different products in that listing, each of which has features unique to the material it stores, and if you’ve ever read a Cook’s Illustrated product review, you know those differences can make the difference between getting the top spot or being publicly trashed.

Why would you, as a seller, want a negative review or Q&A  for a flower storage container to tarnish your awesome brown sugar container, with the ceramic disk to keep it from clumping?

Silly and clueless.

Posted in Delighting Customers, Design, Usability.

What the bleep‽ (Ludicrous Linotype Omission)

In reading about one of my favorite characters, I discovered that the very first font the interrobang had been added to was Americana.

So naturally, I went looking for a digital version of the font, and found it on MyFonts. I was all excited, and then I tried to get the site to display its most unique character.



I’m disappointed in you, Linotype! Can you please fix this?

Posted in Uncategorized.

Google Books Goofed

Anything worth doing is worth doing right. —Hunter S. Thompson

I’ve recently been researching Old English measures, and found that the ability of Google’s search engine to do a plain-text search on everything they’ve scanned into Google Books Library Project has been a phenomenal aid in ferreting out lost knowledge that shouldn’t be so obscure that until today, every Wikipedia entry on the pound Sterling said its weight had always been different from the Tower Pound.

Awesome that Google let me discover that!

However, when I wanted to read the rest of the story, so that I could accurately update Wikipedia, Google failed me completely. The low resolution at which they scanned A View of the Silver Coin and Coinage of England is so pitifully low that you cannot decipher many of the composed fractions. For this book, published in 1762, copyright hasn’t been an issue for many years. A few, such as ½ and ¼ vary from somewhat decipherable (though not in all instances, and usually because I already knew the value from another source, as on page 4), to not quite decipherable (several of those on page 13; is that 5 5⁄8 grains or 5 5⁄8 grains or 5 3⁄9 grains?), but once you get to the fractions on page 14 and 15, there’s no chance of deciphering those without access to the original document. And heaven help you if the composed fractions (which are by definition substantially smaller than the surrounding characters) are in a footnote, whose text size is already smaller than the standard text.

There are, of course, other problems resulting from low resolution. Where both the resolution and contrast are low, entire pages become difficult to read because many parts of typeset characters have an identity crisis that flits them between zero and one pixels. But the very next page is dark and bold and looks like it came off your LaserJet.

Google has publicly stated that one of their intents with Google Books is to  “organize the world’s information”, yet in scanning such a volume of books (Google has reportedly spent more than USD $200 million in the effort), some of which the libraries may discard in the future, Google may be forever shredding valuable information by allowing (however tacitly) librarians to think these old volumes can be thrown out or otherwise hidden without harm because they’re now in the cloud. In the case of this book, I can’t even go to the physical library it was borrowed from, because the digitized book, the copy is missing all indications of which library that was. Yes, there appear to be copies nearby at UC Berkeley and Stanford, but what if I needed to see margin notes that were in this particular book and absent in both of those copies?

I’m mad at Google for putting such a poor work product on the Web, and for squandering valuable time and money on low-resolution scans. Should they decide to correct the issues, they would have to borrow all the books again, retrain or hire new staff (clearly the staff that did the first set of scans were not historians or even of such a mindset), and a few other things. Given the controversy, would the libraries even offer access a second time?

This is doubly frustrating when you read how and why Google started. The boys should know better.

Posted in Delighting Customers, Web.

Who to Blame for Password Management Problems

Da_Da_Da_coverHave you had your passwords stolen recently (or in 2012)?

Have you tried password managers only to discover they don’t work reliably on all sites, leaving you with a mish-mash of secure and brain-dead-guessable passwords?

I feel your pain, because I spent all of yesterday going through my 201 online accounts stored in LastPass. I had reasonably secure passwords on all of the sites I care about, but not-so-secure passwords on most of the other sites (but no, not as bad as the one referencing that commercial, he writes ironically on a Sunday Afternoon). By early evening, it had gotten tedious enough I used a few glasses of Zin at my favorite happy hour to make it seem less dreadful.

Though even after 9+ hours toiling at this, I’m still not done (but I’m as good once as I ever was).

Why is this so hard?

Because few of the web developers coding the simple login and password change pages have Read The Fine Manual on HTML, and sometimes odd ideas about what order events should take place in.

For example, by the time I was five hours into the process, I was nonplussed to find a site that very easily let me change the password with LP’s auto-generate-fill-and-store password feature, only to be surprised by it asking for the old password after LastPass had already stored the new one to its database, thus happily auto-filling the new password in the old password field, screwing up the confirmation in an evil catch-22 loop.

Most of the other problems were confined to bad HTML element tagging resulting in LastPass filling passwords in username fields, many sites not supporting auto-fill, not supporting LastPass’ automatic password change, and so-on.

None of these problems should exist, because avoiding them simply takes a little bit of thought about the right order of fields, and carefully following the HTML specification.

Password Manager Guidelines

With only a moderate amount of Googling, I found that LastPass and 1Password have the best technical guidance :

Yet neither of these sites are complete, or completely accurate, especially when it comes to HTML5 definition for the form input element. And I could not find any similar guidance from the developers of DashLane, KeePass, or any of the other password manager developers.

That’s why I wrote this post!

Technical Guidelines

Here are the guidelines for correctly coding login and password reset forms.


  • Always create the form on page load
  • Ensure your HTML validates
  • Use the HTML <label> element to label every <input> element
  • Use the minlength and maxlength attributes on every <input> element
  • Use the pattern attribute to specify an ECMA-262 Regular Expression for all password creation fields

Do Not Use

  • AJAX
  • GET method
  • Flash
  • Silverlight
  • iFrames

Login HTML Sample

<form action="" method="post" name="Login">
 <p><label for="username">Username: </label><input type="text" name="username" id="username" value="" autofocus="autofocus" required="required" inputmode="email" /></p>
 <p><label for="password">Password: </label><input type="password" name="password" id="password" value="" required="required" inputmode="verbatim" /></p>
 <input type="submit" value="Log In"/>

In the above sample, note in particular, the following:

  • The <label> element is placed in front of the <input> element—this is the HTML 5 method—instead of surrounding it—the old HTML 4 method. The exact same for= attribute and value is then used in both elements together.
  • The autofocus=”autofocus” attribute in line 2 sets the focus to the username field.
  • The required=”required” attribute in lines 2 and 3 makes both fields required to submit the form.
  • The inputmode=”email” in line 3 tells the browser on devices with dynamic keyboards to display one capable of inputting a valid e-mail address. For some devices, particularly smartphones with narrow screen keyboards, there are slightly different keyboards for general writing and for entering web and e-mail addresses (the latter usually have the @ symbol available without shifting.
  • The inputmode=”verbatim” in line 3  tells the browser on devices with dynamic keyboards to display one capable of inputting a typical password. You could set this to “numeric” if you’re only requesting a PIN.

Password Change HTML Sample

<form action="" method="post" name="PasswordReset">
 <p><label for="oldpassword">Enter Old Password: </label><input type="password" name="oldpassword" id="oldpassword" value="" inputmode="verbatim" required="required" autofocus="autofocus" /></p>
 <p><label for="newpassword">Enter New Password: </label><input type="password" name="newpassword" id="newpassword" value="" inputmode="verbatim" required="required" minlength=8 maxlength=20 pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]) (?=.*[/[-!$%^&*()_+|~=`{}[]:/;<>?,.@#]/]).{8,}" /></p>
 <p><label for="newpasswordcheck">Repeat New Password: </label><input type="password" name="newpasswordcheck" id="newpasswordcheck" inputmode="verbatim" value="" required="required" minlength=8 maxlength=20 pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]) (?=.*[/[-!$%^&*()_+|~=`{}[]:/;<>?,.@#]/]).{8,20}" /></p>
 <input type="submit" value="Change Password"/>

In the above sample, note in particular, the following:

  • Lines 3 and 4 both request the new password, so use RegEx checking to ensure the new password conforms to the security rules. Edit this expression to suit your site’s rules. Note that Line 2 does not include the RegEx, because it would prevent people who have an old password that doesn’t conform with your current RegEx rules from chaing their password.
  • Lines 3 and for both have the minlength and maxlength attributes, which some browsers will use to indicate when an entered password is withn the allowed length range. As in the previous note, this restriction is absent in the old password field, for the same reason.

Call to Action

  1. Test all of your organization’s login and password change pages with LastPass, DashLane, 1Password, and KeePass.
  2. For any site you use that doesn’t work with the password manager you use, contact their customer support department.
  3. If you use LastPass, run the Security Challenge every 3 months. If you don’t use LastPass, ask your password manager developer to add a similar feature.
  4. Ask every site you log into to support FIDO U2F two-factor authentication.

LastPass Auto Change Password

Contact these major site developers and ask them to work with LastPass to add support for their Auto Change Password feature:

  • (and the rest of the sites)

Posted in Design.

GMT Hasn’t been International Time Since 1971—Stop Using It!

Universal Time Windows LiveI just updated my Windows Live profile, and was horrified to discover that Microsoft has reverted to using Greenwich Mean Time (GMT) instead of Coordinated Universal Time (UTC), in at least one location.

Ever since January 1, 1972, the official worldwide time reference has been UTC.

Since then, GMT has been defined as only the mean solar time at the Royal Observatory in Greenwich, London. It is not tied to international atomic time. The simplest explanation of the differences among the various time definitions is the United States NIST Time and Frequency Division’s FAQ.

The biggest problem is that since 1972, GMT has been not an international time zone, but the name of the winter time zone in the UK. In the summer (daylight saving time) months, the UK time zone is BST, for British Summer Time. Depending on the programmer’s interpretation of whether GMT is a time zone or just another name for UTC, calculations made involving GMT may be shifted by an hour (or not) in a way that makes the resulting time calculation incorrect by one whole hour.

This is bad, and the only way to avoid the confusion is to never use GMT for any time after January 1, 1972.

The GMT Era

GMT was the official worldwide time reference from October 22, 1884 to December 31, 1971. Any reference to international time within those dates must therefore use the label “GMT”, while any references to international time after January 1, 1972 must therefore use “UTC”.

GMT is coequally used as the international time reference by the BBC, and as a time zone in a handful of countries (but be careful trusting, as it does not cite any references).

The UTC Era

Ever since January 1, 1972, UTC has been the official worldwide time standard, and has always been the time standard of the Internet. UTC is defined by the International Telecommunication Union, an agency of the United Nations, in  ITU-R Recommendation TF.460-4.

Universal Time=Solar Time

Universal Time (UT) was defined in 1928, as the replacement for GMT’s use as solar time, and its modern incarnation is UT1. So if Microsoft is intending to allow you to set your time zone to the solar-based Universal Time, the label in the listbox above should be “Universal Time (UT1)”, but this would be the official time for only witches, warlocks, and vampires.

The Microsoft Problem

Since all Microsoft operating systems were developed after 1972, they all should have started off using UTC instead of GMT—but they didn’t. DOS started using GMT, and Windows kept with it through Windows XP, and it wasn’t until Windows 7 that Microsoft switched to UTC.

The reason was simple—the time calculations used by DOS and Windows up until Windows 7 did not conform to UTC rules, so labeling Windows XP’s international time as UTC would have been inaccurate. Because UTC’s primary purpose is well-defined accuracy, this would have been inappropriate.

However, Even Windows 7 is not perfect. See the thread Does Windows 7 Support UTC as BIOS time? for commentary on some of the remaining problems.

Yet some inside Microsoft are aware there is a difference between GMT and UTC. The .NET programming system has calls for both, as highlighted in the stackovervlow thread, Difference between UTC and GMT Standard Time in .NET. And the TechNet article Timezone even says “Greenwich Mean Time (GMT) is now known as Coordinated Universal Time (UTC).”

Despite this long-ago switch to UTC, Microsoft continues to use GMT in many different locations, but not all. For instance, the article Microsoft Time Zone Index Values references GMT, while a newer version, Time Zone IDs, references UTC. Interestingly, you will find in the second article, that there are four separate time zones that use or reference UTC:

1200 GMT Standard Time (UTC) Dublin, Edinburgh, Lisbon, London
1210 Greenwich Standard Time (UTC) Monrovia, Reykjavik
1220 Morocco Standard Time (UTC) Casablanca
1230 UTC (UTC) Coordinated Universal Time

Each of these will likely be identical during winter months, but only ID 1230, “UTC”, will result in the true UTC time all year, every year, regardless of what the UK, Monrovia, Iceland, and Casablanca governments do to the definition of when standard and daylight saving times start and end.

The BIOS Problem

The biggest problem resulting from DOS and Windows not handling UTC properly is caused by the early convention of the PC BIOS being set to local time.  The best, and most detailed explanation of the problem is by Markus Kuhn, IBM PC Clock should run in UT, although Kuhn mixes up UTC and UT, referencing both, thus confusing the reader which of the two the BIOS should be set to.

This causes big problems if you need to dual-boot Windows and Linux, or Windows and macOS on the same computer, because Windows needs the BIOS set to local time, while Linux and macOS need the BIOS set to UTC time.

Call To Action

  1. Just Read The Instructions, and stop using GMT everywhere you’re using it now!
  2. Ask Microsoft to fix any and all remaining problems with handling a BIOS set to UTC with Windows 7 and higher.
  3. Ask Microsoft to replace its proprietary timezone names with the official Internet TZ Database, managed by ICANN.

Unless you’re a historian or a computer programmer that needs to calculate dates prior to 1972; or you’re referring to the winter time in the United Kingdom, you should not be using GMT for anything. (You will find this rule adhered to in most Wikipedia entries, for example.)

Posted in Uncategorized.

Keeping Idiots Busy



Great advertising copy is rare, so I like to give credit when I see something that gets me to stop and think or ask questions.

I saw a gentleman crossing the street, wearing this one this morning, and it was good enough that I stopped him to ask the obvious question—where did you get that marvelous apparel?

Click on the picture if you’d like to walk around with this idiot detector on your back (and no, I’m not making any commission on this).

Posted in Uncategorized.

Normalization of Deviance Considered Harmful

While reading Bruce Schneier’s CRYPTO-GRAM, I read a section about normalization of deviance, which referenced a horrible example of how much death and destruction can happen when people who think they’re too smart to follow rules and procedures designed by domain experts are allowed to continue being in charge.

In 2014, a Gulfstream IV crashed while attempting to take off from the  7,000 foot runway (with another 1,000 feet of overrun) at Laurence G. Hanscom Field (BED), Bedford, Massachusetts, killing all 7 people aboard, because the two pilots were dangerous idiots.

The pilot in command had 11,250 hours in his flight log, while the second in command had over 18,000 hours in his log, and both thought this meant they didn’t actually have to do a walk-around or do even one thing on the pre-flight checklist (which has five mandatory checks). The only pre-flight work they did inside the FBO before taking off was to order a pizza, take it into the plane, eat it, and then take the empty box back into the FBO. Then they:

  1. Forgot to disengage the gust lock, which meant none of the flight controls could move.
  2. Strong-armed the throttles past the gust lock, probably breaking part of it, and were thus unable to advance the levers to takeoff power (but they started rolling anyway).
  3. When they first noticed a problem, they had 5,000 feet of runway left—plenty of space to safely abort.
  4. Then they disengaged the flight control’s hydraulic system.
  5. When they had only 1,500 feet of runway left, they tried to deploy the spoilers, which would have significantly improved breaking, but alas, the hydraulics needed to push them up into the airstream were still off.
  6. So the plane crashed through the runway lights, slammed into a ditch, broke in two, and burst into a fire that was not survivable.

All the follow-up interviews with other pilots that had worked with the pair confirmed that this failure to do the checklist wasn’t a one-time or occasional goof—they never performed a pre-flight checklist. The above article states that “Gulfstream pilot and Code7700 author James Albright calls the crash involuntary manslaughter.” Albright says “These pilots were experts at deceiving others…”.

This is a humongous problem (not just in aviation—everywhere), in our society, and we continue to ignore it at our peril. It doesn’t matter how long someone has been in a position they’re dangerously incompetent at (even if they have passed all of the existing qualification tests), they need to be fired and replaced with someone who isn’t afraid of good rules and learning.

Yet this is a very difficult thing to figure out, because among all of the good, sane rules that people should follow, there are littered bad, evil rules that competent people know they must break in order to do good things. How you determine the difference between the good and bad rule breakers is a topic for another day, but the first step in getting there is to immerse yourself in as many worst-case scenarios such as this one.

The reason for the immersion is simple—you need to be able to spot such frauds from their behavior and the language they use, and their attitudes.

Posted in Leadership.

Apple Store’s Doors’ Ignores

Be warned, he who designs glass houses.Billy_Joel_-_Glass_Houses

I happened to be in San Francisco the day Apple opened its new Union Square store, and braved the crowds to see what all the fuss was about.

I had also stopped by the day before, to watch the last bits of construction, and the last full-scale test of opening the doors. Once the doors were open most of the way, the wind picked up and guy supervising the process looked down at the ground, shaking his head (a bunch of leaves had just blown into the pristine lobby).

The rear 24-foot doors facing the infamous fountain were never opened, so as to avoid creating a wind tunnel…

Opening day came, the building was full, the line wrapped around a full 50% of the block, and then the telltale truck-backup-beep signaled the only true way to open that building—and stopped 6 inches later, where they remained stuck until the building geeks debugged the problem.

Here’s what happened

Apple was not content with just having friggin’ 42-foot tall glass doors; that wouldn’t be unique enough. These had to be high-tech. Yours truly might have suggested infrared laser beams with holographic or scanning fixtures as the safety measure, with a safe, well-tested hard-wired open/stop/close control panel.

Apple didn’t do that. They made the whole thing wireless, and embedded Wi-Fi antennas in the door panels. They tested the doors repeatedly before opening, and found no problems. The fail-safe program embedded in the doors controllers was armed, lying low so long as it confirmed the Wi-Fi connection every 500 milliseconds.

But opening day weather was gorgeous, and Union Square was full, even without the added crush around the block. Every single one of them with a smart phone (or two) looking for a signal, sprinkling packet upon packet on every one of the unlicensed, unregulated channels.

The doors never had a chance with that noise floor.

But out came the industrial wireless controller, and the doors started moving again.

But they should have been showing The Wizard of Oz on the big screen up on the second floor, because just down the hall was one of the door techs behind the curtain, with one thumb on the hard-wired maintenance control panel, and the other on his cell phone.

Posted in Design.

Maniacaly Perfect Phantom

I love music.

But there are three things that consistently spoil what should be an immersive experience:

  1. Distortion
  2. Minuscule sweet spots
  3. Volume controls that don’t go to 11

Number 1 is all about quality; number 2 is about the freedom to move; and number 3 is all about the bass (read: the emotional driver).

Number 3 is usually limited by the need to avoid number 1, while number 2 forces you to choose between headphones and a carefully placed chair. I had once thought that getting all three to be in balance was impossible.

A am a perfectionist, and have had the (un)fortunate experience of a few good audiophiles training me in how to spot even subtle distortion. As much as I’ve tried over the years to un-train my ears, such frequency flaws no longer stealthily slip past my senses. The warmth that a loud and undistorted reproduction creates in the soul is impossible to fake.

Yet when I was invited into the small Devialet Phantom demo room at GetGeeked a while back, I was immediately immersed in the magical fingers of Mark Knopfler, and began crawling around the room trying to figure out where he and his guitar were hiding.

Was there a false wall? Did they use Wonka’s ray to fit the whole band inside the speaker? WTF?

As I turned the volume up loud enough to bother the other exhibitors (and the bartender), I kept probing for flaws—any hint of raspy distortion that would mask the true sound of him bending them guitar strings, or muddle the complex sounds of the Zildjian—and heard none.

As the Wired review pointed out, this magic did not disappear when you wandered away from the midpoint between the speakers. The sound stage was nearly everywhere, with those curious silver domes pulsing out nearly the full range equally in all directions.

That’s the sort of experience that it takes to overcome a field of very good competitors and get noticed by the Influencers that outlast the next five fads.

And it was the first technology experience in 18 months that I gave a damn enough to blog about.

Posted in Audio, Delighting Customers, Innovation.

Tagged with .

Commentary on 7 Steps for Effective Brainstorming

In a LifeHacker post from yesterday, Thorin Klosowski proposes A Seven Step Plan for Effective Brainstorming:

  1. Define the problem and solutions space
  2. Break the problem down
  3. Make the problem personal
  4. Seek the perspectives of outsiders
  5. Diverge before you converge
  6. Create “idea resumes”
  7. Create a plan to learn

The substance, and rough order of this is very, very good. However, I believe “Make the problem personal” is too high on the list.

Many technically minded people grab onto the first reasonable problem and first reasonable solution they come across, and are also worse than non-technical types at putting themselves in the shoes of others. To overcome these vision-constraining traits, let’s re-order the list, and throw in one other change:

  1. Define the problem and solutions space
  2. Break the problem down
  3. Seek the perspectives of outsiders
  4. Diverge before you converge
  5. Create “idea resumes”
  6. Goto Step 2 and iterate until you have created a vision and a plan that gets the attention of the above outsiders and has at least one significant USP
  7. Make the problem personal
  8. Create a plan to learn

The two key changes here are adding the iteration at step 6, and postponing making it personal until you can empathize with and understand the outsiders’ problems. Once you truly understand their problems, then it’s the appropriate time to internalize it to the point you feel passionate about the subject.

Posted in Delighting Customers, Innovation, Leadership.