December 4th, 2006


Protecting the user by annoying the snot out of him

So today was my first day playing with Vista, as I begin to understand how it interacts with our system. And having spent half an hour playing around with it and trying things, I come to the conclusion that it is (a) very pretty; (b) much more secure than previous versions of Windows; and (c) pretty damned irritating.

The frequency with which it gets in my face to ask permission to do things is high. I understand *why* it chooses to ask permission when it does (indeed, an admirable trait of the OS is that, unlike previous versions, there is some consistent philosophy to it), but it's still too much to be pleasant. Worse, the questions it asks are often cryptic if you don't know exactly what you're doing, and sometimes just plain dumb. (Okay, granted, I think the version I'm using is a late beta rather than the release. But when I ask to run IE as an administrator, it warns me that this is an unknown program, by an unknown publisher! Oops.)

There are things that I like about the new system -- in particular, I believe that CardSpace (Microsoft's implementation of the WS-Trust standard plus supporting technologies) is a really clever and elegant architecture that will gradually make web browsing less of a hassle. But I suspect it's going to lose a lot of people in the setup stage.

Oh, and while I'm ranting: may I just say how nervous I am about the weak link in Microsoft's security story? Their architecture is quite beautiful in many respects, protecting everything behind your Windows password. But if that password is compromised, you are *screwed*. It's all designed so that *everything* is hidden behind there: your encryption keys, your online credentials, even potentially your credit cards: the whole nine yards. This may well be realistic -- most people can't be bothered to have multiple passwords -- but the architect in me cringes at the single point of failure...

Confidence and Morale

This is *not* specific to the SCA, or really to anything. Suffice it to say that I observed a problem in a non-SCA context, and am generalizing from there. If you see yourself in this, that might be true (it has certainly applied to me from time to time), but it wasn't inspired by anyone reading this journal.

If you are a leader of a group, of almost any sort, one of your key responsibilities is morale. The effectiveness and longevity of the group (whatever its purpose) is hugely affected by the collective attitude. And whether you like it or not, your attitude affects that collective.

It is terribly, terribly easy for you to damage group morale, even with the best of intentions. For instance, you may well find yourself uncertain about whether you are leading the group in a good direction -- that sort of self-doubt is usually quite healthy. But for heaven's sake, don't *show* it. When you are telling the members of the group where it's all going, you have to *sell* that, just as much as if you were selling to a consumer. Don't stammer, don't hesitate, don't let that uncertainty bubble up -- go at it with vigor and overt self-confidence. Even when opening up the question of whether it's the right direction, do so with confidence: discuss the questions openly, make a decision, and then close the matter.

This doesn't mean lying to the group, but it *does* mean paying attention to your own style and how it affects others. Think about it from the group member's point of view. If you were following someone who seemed unsure whether this was the right thing to do or not, would you be likely to throw yourself into it 100%? Keep in mind that groups mostly succeed precisely because people are passionate about them and about what they are doing. So if you sap that passion, you're damaging the project.

Yes, it's hard work. It means putting on your "game face" when you are interacting with the group. It means throwing *yourself* at the project 120%, your doubts aside, to get everyone else to go 100%. No one ever said leadership was easy...