Amazon Kindle 3 review

After a couple of months of having an Amazon Kindle 3 (purchased mid-2011) and travelling with it, here is my list of good and bad things about it:

PROS

1. Decent battery life if NOT using wireless. With intensive reading it lasts upto a week.
2. The display is much easier on the eyes than a traditional computer screen.
3. You can carry a lot of books and personal documents with you in a single small device
4. Friends and family can send you books to read in digital form
5. Project Gutenberg opens thousands of books for immediate download and reading for free
6. You can buy any book off Amazon and it will be in your hands in minutes
7. Registering two kindles under the same Amazon account lets you duplicate all your paid content on both devices.
8. For 10 quid you get the Independent delivered to your device automatically as long as you have GSM coverage every morning for a month… even if you are wild camping in a forest.
9. You can browse the Internet and do emails from wherever at no additional cost.
10. You get an English dictionary for free and it is easy to lookup any word in any document while reading in a non distracting way.

Cons

1. Using the 3G wireless drains the battery in less than 24 hours.
2. The battery takes approximately 3 hours to fully charge from empty when connected to a wall plug. Upto twice as much when charging from a USB port.
3. The display is much easier on the eyes than traditional LCDs… but you still get more eye strain than reading on paper.
4. You end up buying books only from Amazon, killing any competitors or smaller bookshops.
5. You don´t own the kindle books you buy. Amazon does. They control your device at all times. Amazon can and has deleted books remotely from Kindles, a-la 1984.
6. Organising your content is very limited and labour intensive.
7. There is no reasonable expectation of privacy. Amazon can see everything you do with your Kindle.
8. The pricetag for the 3G keyboard model is quite hefty at more that 150 quid.
9. A Kindle purchased and registered in the UK is not allowed to buy from amazon.com US site. You are forced to purchase books only from amazon.co.uk which is more expensive.
10. The keyboard is ergonomically cumbersome and not suited for extensive use.
11. The web browser is of limited functionality. It doesn´t handle popups gracefully and has problems displaying pages that try to open in a new window.
12. The display is black and white only.
13. The refresh rate of the display is very slow. Eg. it´s impossible t scroll through text without it all becoming a blur. Turning pages is slow. Eg. it takes a full minute to turn 30 pages.
14. You can not do anything with the books you have bought like give them to friends or family or sell them or save them in a less restrictive file format.
15. To create customer lock in and make a good profit Amazon use their own DRM which imposes a lot of unneccessary restrictions on the content you buy. They make it easy to convert anything you want to their DRM locked down format but very hard to do the reverse and convert Kindle content to less restrictive formats.
16. There is no international support. Only English. The Kindle can display international non english characters, but thats about it. Impossible to change the interface language, impossible to type in anything other than Latin characters.

Overall, the Kindle 3 + 3G is a good ebook reader with a great global Internet connectivity package, that is almost worth the hassle if you need to travel light and can afford to buy books that will remain locked in to Amazon for good. Perhaps an easy way to unlock Kindle books will become available in the future. Perhaps you won´t mind re-purchasing books that you might want to read on another, better device in a few years´ time.

The choice is yours.

Windows Explorer: How NOT to resolve conflicts

Let’s say you have a “drafts” folder and a “final versions” folder, and every time you publish a new version of a document you drag’n'drop the latest draft into the “final versions” folder. This used to work fine with Windows XP, you’d get a prompt saying “are you sure you want to overwrite the file?”, you’d say “sure” and it was done.

 

With Windows 7 someone thought it was a great idea to confuse the users as much as possible by throwing this at them:

Could this be more confusing?

I think not. I spent a good 3 minutes staring at this. Reading and re-reading it. I had to completely switch my mental context from my primary task (what I was actually doing) to deal with this riddle. I got worried I might be trying to do the wrong thing. Was I at a risk of imminent data loss? Were my backups up to date? Was this a good day for moving files? One file is newer, the other is larger… what’s going on here? There is too much information and no “just do as you’re flippin’ TOLD!” button.

I shiver at the thought of users who are presented with this. Most of them will click the red “x” to close the window and make the problem go away.

I’d love to have a chat with the usability people who conducted the study that showed more information and more choices to be a good thing for end-user interfaces. Because from the perspective of the type of users I know, this would be an unsolvable, anxiety-inducing nightmare.

Don’t take control away from your users

From a technology usability perspective, you can’t do much worse than make your users feel they’ve lost control. It’s maddening (and a bit frightening, if we admit it) to feel that “the computer” is doing things without your consent. We’re tolerant to allowing actions we don’t understand (after all, not everyone should be a technologist or a computer scientist), but we always want to have the kill switch at hand.

End-user operating systems (Windows, MacOS, GNU/Linux desktop environments etc) always have such a kill switch – it’s usually something red and obvious on every window (like the big “X” in the red box at the top right corner in Windows XP/7). If you don’t like what it’s doing, you have the power to kill it. Why? Because it’s your computer, dammit, and you should have the final word!

I stumbled upon an example of breaking this rule the other day, when I was helping a family member reinstall a computer that had bombed:

Here is a screenshot of the “Windows Genuine Advantage Notifications” tool (a propaganda term if there ever was one) installer: All application controls (back, next, cancel) have been disabled, and so has the omnipresent “X” that is supposed to offer users the warm & fuzzy feeling of control in every single Windows application.

Installers have for years now had ways of trapping window/application interrupt requests and responding to them gracefully.

Taking away control from the end user in such an obvious manner is both unsettling and frustrating.

A practice best avoided.

How much Java do you need?

Sun Oracle has been giving us a few reasons to get rid of the Java Runtime Environment (JRE) from end-user machines for a while now.

I’ve been struggling with this decision, as I need Java for my favourite mind mapping software but I don’t want it to be used against me by Internet criminals.

My initial reaction was to remove Java completely and just keep the installation package around, for whenever I needed to do mind mapping. This soon got ridiculously cumbersome, so I’m now on to the next model:

Keep Java for local use, but disable Java for the browsers.

This still allows local applications to use Java, but stops Web-borne remote exploits from being delivered to my machines.

First of all: Get the latest Java

First things first. Always ensure you run the latest software. Visit http://java.com/en/download/installed.jsp?detect=jre&try=1 to verify that you have the latest version (currently 1.6.0_24)

If you haven’t got the latest version, download and install it from http://www.java.com/

Then verify that auto-update it turned on and frequent enough. For Windows users, go to Control Panel -> Java. Switch to the “Update” tab of the window that comes up and then click the “Advanced…” button. This should show you something like this:

The default is to check for updates once a month, which is a bit pathetic. Change this to weekly at the very least, or daily if you’re serious about your computer’s security:

Then click “OK” to save & close this dialog and “OK” again to save & close the Java settings window.

Now, onto the browsers:

Firefox 3.x

Go to Tools -> Add-ons and you see something similar to this:

Click on “Disable” for both Java extensions, to get this result:

Don’t restart Firefox just yet! Now, onto the “Plugins” tab of the same window:

Click on both Java entries and on the corresponding “Disable” button of each entry, until the window looks like this:

Now it’s time to hit that “Restart Firefox” button in the Add-ons window to restart your browser.

After you’ve restarted, visit http://java.com/en/download/installed.jsp?detect=jre&try=1 with Firefox to verify that Java is disabled.

You should get the following result:

Congratulations – Java has been disabled in Firefox!

Note: Some people may point out that using the NoScript plugin achieves the same goal in a more elegant way – i.e. it allows one to selectively allow the execution of Java code in Firefox. The problem here is that NoScript works on the premise that websites you trust will not deliver malicious code to your machine. Unfortunately there are reports that claim that up to 75% of websites serving malicious code are legitimate websites that have been compromised. Add to that the fact that malicious code can be delivered to your machine through ads served from trusted domains like google.com and yahoo.com.

The only way of protecting against this headache is really to keep all browser plugins updated and disable the ones you don’t absolutely need. Java is not the only culprit here, Adobe’s PDF reader and Flash plugin, as well as Microsoft’s DirectShow and Media Player are also repeat offenders.

Internet Explorer

If you’re forced to use Internet Explorer (e .g. because some luminary in your organisation had the brilliant idea that the “free” SharePoint server was a good developing platform for your corporate websites…), follow these steps:

First, make sure you have the latest version of the browser. Microsoft itself is begging people to stop using IE6, as it’s an open window for remote control of your machine by criminals. Download and install the latest version of IE.

Now, let’s disable Java in Internet Explorer:

Go to the menu “Tools” -> “Manage add-ons”.

(this example is from IE version 8 on Windows XP, your version might be slightly different)

In the “Manage add-ons” window, select “Show add-ons” on the left hand side pull-down menu:

Now you can see all Java add-ons listed. Select each of them with a single click and hit the “Disable” button:

The final result should look like this: (all Java add-ons disabled)

Now click the “Close” button on the bottom right and close your browser.

Annoyingly, I’ve found it necessary to also disable the Java plugin from the Java Control Center – as disabling it from IE only seems to not be enough…

Go to Control Panel -> Java and then to the “Advanced” tab. Make sure the options look like below:

Save & close with “OK” – you will get a popup similar to this:

Click OK and then fire up Internet Explorer to visit http://java.com/en/download/installed.jsp?detect=jre&try=1 to verify that Java cannot be executed in IE.

You should get one or more of the following popups:

(this means you disabled the add-on in IE but not in the Control Panel. Unfortunately this seems to result in Java code somehow getting executed regardless!)

(surreal web page, telling you both that Java *is* and *isn’t* working, but there you have it)

If you’ve disabled everything appropriately you should see the following:

Clicking “OK” will eventually land you in this page:

…which is lying to you. You don’t have an old version of Java. You just have a disabled installation.

If you need to use Java for local applications, that’s the best place to be.

Otherwise, if you’re tired with all this faffing about, just uninstall Java completely to get it over with and have one less thing to worry about.

I accept, please, no more!

Clearly, all passengers of trans-Atlantic flights do read the four lengthy legalese documents necessary to book a flight…

This is an interesting problem.

Companies can insert whatever terms they wish in those documents on the safe assumption that (statistically) nobody will read them. Why does that happen? Probably because these pesky things stand in the way of the customer’s primary task*, which is booking the flight and getting it over with.

Perhaps a more automated solution similar to P3P might be worth considering, to make contracts between vendors and customers more meaningful. As it is, we’re at the mercy of whatever Terms & Conditions the vendors decide to impose on us.

Remember, you’re voluntarily entering this contract. It will be very difficult to complain afterwards.

* See page 40 of Peter Gutmann’s security usability book chapters for a good (and funny!) example of how this problem-solving model works.

Free antivirus software for Windows

As of January February July 2011, there are at least three four perfectly legitimate free antivirus products for Windows. In my order of preference they are:

1. Microsoft Security Essentials
2. Avast Free Antivirus
3. AVG Free
4. Avira Free (why?) (fallen from grace due to user pestering)

These are the ones I have used. There are at least 6 more to choose from.

Please note that the following products are NOT free to use:

• Norton
• Symantec
• McAfee
• NOD32
• Sophos
• Kaspersky
• etc…

If you’re using one of them and not paying for it (unless of course your organisation has paid for it), you are at risk, as malware authors use warez and similar types of “freebies” and “cracked versions” and “key generators” to infect your computer with the very software you’re trying to defend against.

The only (temporary) exception to this is time-limited versions of antivirus software you usually get with brand new computers, but you must do something about those as soon as the gratis period expires: either buy the product or uninstall it and install one of the free ones.

Remember, an expired antivirus that is not updating its definitions is almost useless.

How to close your PayPal account

Predictably, PayPal make it hard to close your account with them. Friends have been asking me how to do that, in response to the Wikileaks affair, so here’s how:

1. Login to your PayPal account: https://www.paypal.com

2. Click on “My Account”

3. Click on “Profile”:

4. Click on “My Account Settings”

5. Click on “Close Account”

6. Click “Continue”:

7. If you feel like giving PayPal feedback as to why you’re closing your account, you can do so in this page. Scroll down to the bottom of the page to find the “Continue” button.

8. Click “Continue”:

9. Click “Close Account”

10. Finally, PayPal is kind enough to do what you asked it to do  7 clicks ago. Congratulations!

Note: If the above steps stop working (because PayPal reorganise their website or changes some buttons) you should be able to find instructions by clicking “Help” in the PayPal website and then searching for “close account”.

Blaming “computers” because they can’t talk back

I was unintentionally shoulder-surfing on the Tube the other day when I noticed this:

As usual, blaming it on a “software glitch” / “computer malfunction”.

Whatever.

If only those poor systems (or their developers) had a voice…

Today’s PINcode (sic)

The Personal Identification Number Code du jour for the wireless network of this Beirut restaurant is:

This is quite user-friendly, but is it good security?

It’s written with chalk, so presumably they change it every few days. That’s smart – it would require freeloaders to enter the restaurant, take a peek and then leave, every time the PIN changed – a pattern which would soon become obvious and get them caught.

There is no reason to hide the PIN from patrons, since they’re all on the same network anyway.

Sometimes simple solutions are perfectly adequate.

Why our way of handling SSL certificate errors is last nail in coffin of WWW security

It’s all supposed to be OK on the big bad Internet, because we have SSL. It’s really our only (first and last?) line of defence when it comes to having *some* degree of trust that we’re indeed talking to the website we think we are.

But:

• sloppy SSL certificate handling by websites and
• bad interface design by browser usability experts

kill any credibility the scheme ever had.

SSL has known issues we were prepared to live with, like:

• the dated crypto behind SSL (the whole MD5 thing)
• the assumptions of the trust model that are slightly too optimistic (Verisign as a malevolent root of Trust – puh-lease!)

But sloppy handling of certificates by multi-million dollar corporations that can’t be bothered to issue a proper certificate (Facebook?), and the poor handling of such situations by the main browsers in use today (IE8 & Firefox 3) put Internet users in impossible dilemmas.

Let’s say one wishes to securely connect to the regional website of Facebook in the United Kingdom.

Internet Explorer 8

Try visiting https://en-gb.facebook.com with IE8 and you get the following:

Do you see any information anywhere that helps you understand what’s going on? I don’t. And I call myself an IT professional.

So what is the poor user supposed to do?

• Clicking on “the green thing” closes the window. Hurray.
• You are strongly advised to NOT continue to this website, so that’s the “don’t click me” link.
• Clicking “More information” does not give you any information that helps you make a security decision.
• The result:
  • Frustrated users who feel stupid and intimidated by “all this techie stuff”.
  • Users who are trained to find having to make random decisions for incomprehensible dilemmas posed to them by a capricious computer completely normal.
  • Worse security for me, you, them. Everybody.

Firefox 3

Visiting https://en-gb.facebook.com with Firefox 3 is slightly better:

• You are told there is something wrong without being too scared and without using fancy words like “security certificate”
• By default you have one button available – the “Get me out of here!” button.
• For the enquiring minds, there is the “technical details” collapsible thingy that actually tells you what the problem is.
• Once you’ve seen what the problem is, you can choose to bypass the browser’s something’s-dodgy-here reaction

In this case Firefox is doing better than Internet Explorer because unlike IE8, Firefox allows the user to make an informed security decision.