Why the command line is not usable

A command line interface is like a door with no handles.

A command line interface is like a door with no handles.

A number of FLOSS tools require users to do work at the command line in order to set them up or operate them. With Linux and its applications, this is often expected. Very few Windows, Apple, or even Android applications expect anyone to do this anymore.

Expecting this of end users is problematic (as I’ve explored to some extent before), and is likely to lead to very minimal spread and adoption of a piece of software.

Recently, I have been speaking with the Tahoe-LAFS project about improving the usability of their secure, decentralized file hosting system. They told me an OSX package was newly available. Oh, excellent, I thought. They can be a candidate for the expert UX review sweep we’re about to do. Under the guidance of a Nielsen Norman Group researcher, we would walk through the discovery, install, setup, and basic functions of a small suite of FLOSS security tools.

The Tahoe-LAFS team gave me a link to a recent functional build. I downloaded the package, ran the standard Mac installer, and clicked on the resulting app. It gave me the error message “You can’t open the application “tahoe” because it may be damaged or incomplete.”

I went back to their devs. It’s broken, I told them. Can I have a new package?

Oh, they said. You just have to run it at the command line.

At this point, it looked like the expert review for Tahoe-LAFS was off, and I was going to have to report that the app had showstopping failures. Mac users are at least marginally used to double-clicking packages to install them (and these days, the iTunes store means they often don’t even need to do that). Any user, no matter how advanced, is likely to take a system message saying an app is “damaged or incomplete” at face value. Even an expert user would be unlikely to try to work the app at the command line at that point; forget about asking your average nurse, retail clerk, or office manager to do so. All that aside, I didn’t have any interface to evaluate.

Then one of their developers sent me a video of the Tahoe-LAFS setup process, and I saw an opportunity to do a review comparing what I saw to standards for usability.

And as it turns out, this is may also be more generally helpful to explain to FLOSS developers why the command line isn’t just “not ‘shiny‘” or “not dumbed down like a GUI” — it actually cognitively disables users.

Here is my annotation of the Tahoe-LAFS setup video. NOTE: Have the YouTube “Annotations” feature active, or you won’t see the usability comments and none of this will make much sense.

Continue Reading »

CTF IconLocal: Rough sketches

Location 3 - HughIMG_20150306_165133At the Circumvention Tech Festival in Valencia in early March, we held an IconLocal — an event to develop graphics as a community, in the style of the Noun Project. Digital security trainers (and trainers of trainers) who have worked in Africa, the Middle East, Eastern Europe, Latin America, and Russia joined forces with software developers and graphic designers for a day of developing graphics to communicate vital security and privacy concepts to software users.





We began the day with a round of introductions, a review of previous proposals for privacy and security icons, and an exploration of the challenges of developing useful icons. Trainers then shared the concepts which they felt were most challenging to communicate to users, and the metaphors which they used to communicate them. Here are the lists of challenging concepts, accompanied by useful metaphors (see right).


Continue Reading »

Ebola: What you can do to help

I am an ardent participant in NYC’s West African dance classes. They have kept me healthy in both body and mind for over ten years now, seeing me through major transitions and hard times, bringing me and hundreds of others joy every week.

So an international news feed shouting about ebola spiraling out of control in Liberia, Guinea, and Sierra Leone is more than just a distant terror that makes me fret and argue for stopping flights between those countries and mine. These are people who are familiar to me, their bodies transcribing a beautiful arc in space and flight that has been mine, too, and I am heartbroken to think of them cut down:

Continue Reading »

Everyone Come to HOPE!

UPDATE: Looking for a HOPE conference schedule where you can see workshop times alongside talk times? You’re in luck, I made one: HOPE X Schedule Grid

Yep, it’s time once again for the Hackers On Planet Earth conference, Friday July 18–Sunday July 20 at the Hotel Pennsylvania in New York City. And it’s time for my biennial post urging you to attend, because HOPE is full of wonderful things.

Corset Lore performs again at HOPE's chiptune concert.

Corset Lore will perform again at HOPE’s chiptune concert. (Photo by Marjorie Becker.)

“But I’m not a hacker!” you may say. Shh shh shh shh shhhh. It’s ok. I have never been more confident in saying you very definitely want to be at HOPE. Even if you feel like your technical skills are so poor that the Supreme Court has more of a social-media life than you. HOPE is a place to learn more and play with technology. You definitely want to come to HOPE.


Reason #1: The NSA.

You’re still confused about how it is they know so much about you. You’re wondering what you need to be worried about, and what you can stop worrying about. Let me tell you: going to HOPE for the past ten years gave me advance warning about this whole mess, and a lot of understanding of how, when, and why tracking happens.

This year, because there’s pretty much nobody left who DOESN’T care about surveillance, we have a tremendous number of talks where you can learn about threats to journalism, alternatives to phones that spy on you, tools to avoid tracking by corporations, ways to avoid location tracking, and how we can learn more about government spying programs. If you’re really wondering whether you should be worrying about the government, Quinn Norton’s talk on real-world enemies like bosses and angry exes should be of particular interest.

Continue Reading »

Learning From Learners: Some questions asked at security trainings

As I’ve said in previous posts, it is critical to understand learners’ mental models of a system you are teaching them about, in order to help them build accurate understandings of the technologies they are using. Questions that attendees ask in security training sessions can be useful to understanding some of the misconceptions learners come in with.

Here are a few that were asked by people in two recent training sessions I attended: the Tor session OpenITP ran a few months back, and a journalist security training run by the Tow Center at Columbia University. (I should note: I’m attending as someone who’s still a learner myself, with a few pieces in place but mostly still puzzling out how anti-surveillance software works.)

“Can you get a virus from Tor?”

“If someone is using Skype on their machine and also serving as a Tor bridge, are they compromising our connections?”

“If I’m on Gmail would you also be able to hack from there?”

“Is it not a good idea to use multiple forms of protection?”

The first two questions suggest muddled conceptions of how a computer works — which are totally reasonable, given that most people never have to learn anything about where viruses come from, much less how ports, operating systems, or layers work; they rely on other people (the Geek Squad, the Genius Bar, the kid next door, the office IT staff) to know that for them. I’m convinced that by anticipating and proactively addressing more questions about computer systems, we can fend off some of these misunderstandings.

Continue Reading »