My talk from The AJAX Experience

January 19, 2010

Back in September 2008 I had the privilege of speaking at The AJAX Experience in Boston.  I talked about designing great forms and covered a lot of my own pet-peeves with forms on the web and shared some of the things I’ve learned along the way.

Today I got an email from a guy who found the video online and said he’d gotten some great stuff out of it. I had no idea a video even existed.  600 views and many months later I finally found out about it.  And in the spirit of better late than never, I’m posting it now.  The talk is about an hour long and covers a lot of my thoughts around form design, usability and creating experiences on the web that are actually fun!

One of the coolest parts for me was the amount of discussion this talk generated, both during the show and afterwards.  I had a great audience with lots of participation but I apologize for the parts you can’t hear since we didn’t have an audience mic set up.

And here are the slides:

As always, if you’re interested in having me speak at your event, let me know.

Openness and security go hand in hand

January 19, 2010

I just saw the post on Mashable about Microsoft downplaying the IE security hole. The one quote that caught my attention was from Microsoft’s UK security chief Cliff Evans. He said:

“The net effect of switching [from IE] is that you will end up on less secure browser,” and that “the risk [over this specific] exploit is minimal compared to Firefox or other competing browsers… you will be opening yourself up to security issues.”

He’s got to be kidding, right?

A key difference between IE and the open source browsers is what happens when a problem is found. If it’s IE we sit around and wait for Microsoft to fix it. On the other hand, if someone finds a bug in Firefox, hundreds of developers jump on it and race each other to get it fixed. Of course there are vulnerabilities in Firefox and there are bugs in Chrome – that’s just the reality of developing software. The important thing is that security issues get found and resolved much faster in an open-source environment.

I’m a firm believer that openness leads to greater security. This is a big reason why Unix is more secure than Windows. I’m not suggesting that Microsoft doesn’t have smart developers, because they do. They just don’t have the benefit of having constructive code reviews from thousands of smart developers who care so much about what they’re building that they’re willing to do it for free. It’s tough to compete with a group of people who are working out of passion instead of for a paycheck.

Openness leads to security, which leads to trust. If we ever implement online voting in America, the only way to do it would be to open-source the whole thing. Unless it was open-sourced, no one would trust the results. I’m not saying that everything in the world needs to be open-sourced. That’s not realistic. But when it comes to security, openness is crucial. It’s no accident that the encryption algorithms we use to transfer credit card numbers over the web are all open-source. That openness gives us the confidence because we know these algorithms have been tested by hackers all around the world. They’ve gone through the fire and somehow still came out standing.

If you ever need to make sure something is 100% secure, the first-step is to open-source it.