Locked out of Windows XP

padlockandchain2Today I decided to find out if it would be possible to bring back life in my dated Dell Latitude D820 I got back in 2006. I haven’t used it for years, and Windows XP was last reinstalled back in 2008. Originally the plan was to replace XP with Windows 7 to figure out if this old guy still has a few years left. Of cause, I couldn’t remember either the user or administrator passwords and was locked out of Windows XP… Now what to do?

Several websites describe two simple methods to rest the password of a user. Both assumes that it’s possible to get access to the system with an account having administrator rights. The most simple method is to have someone with administrator rights resting the password. The other method is a bit more complex. The essence is to reboot in “safe mode with command prompt” and log in with the ‘hidden’ administrator account. With some simple commands, it’s then possible to reset the password of a user account. It turned out that the administrator account was also password protected, and I was unable to log in at all… While preparing for the big operation to remove the hard drive and secure a backup of as much data as possible before whipping the disk, I found Ophcrack. Ophcrack is an open source password cracker that can be used to crack LM and NTLM hashes. Fortunately, this tool works well for recovering Windows XP account passwords.

One option is to download ophcrack liveCD, an image, and burn it to a CD/DVD or USB stick. This process was easy, I downloaded the ISO image, burned it to a DVD and booted the Latitude laptop (after changing the boot order in the BIOS). The application more or less starts automatically, and less than a minute later I had recovered the passwords of the user and administrator accounts.

While Windows XP is a dated operating system first released back in 2001 I was quite surprised that it was possible to recover passwords this fast. Anyway, this tool saved me a lot of time and will make it a lot easier to take a system backup before upgrading to Windows 7.

Automatic generated birthday wishes

Happy birthdayA few days ago I celebrated my birthday. During the day, I received several birthday wishes through different media. This included several e-mails from both friends and different companies. Getting greetings is something I appreciate, but what is the point of getting auto generated greetings? This comes down to what the meaning of sending a greeting to someone is. Essentially the sender is showing friendliness and respect. However, I always had trouble appreciating greetings from a machine and found these kinds of greetings to be an illusion. Clearly no one is actually greeting you, it’s simply a scheduled job fully automated and executed by a machine like any other automated task. Two of the auto-generated messages I received were even identically since both companies happen to use the same e-mail provider. This strengthens the feeling of ‘industrialized’ greetings. The only plus is that sometimes these auto-generated birthday greetings will contain a coupon code or link to some special offer or gift even though this was not the case this year.

“Help users recognize, diagnose, and recover from errors”

Outlook password changeAt my organization, Aalborg University, it is a requirement to change the campus account password once every 90 days, a security imitative implemented last year. This is a widespread security policy used in many organizations, but also a policy whose significance has been questioned for more than a decade. I have very mixed feelings about this security measurement. A major advantage is of cause that leaked passwords will be unusable at some point (not considering the option that backdoors etc. can have been installed.) However, this approach is also associated with several obstacles from a user perspective. These include: coming up with a new easy to remember secure password and the hassle of changing password on all associated services requiring authentication. At Aalborg University, this applies to basically all IT-services such as access to WiFi, e-mail, printers, databases, etc. The new password has to be changed manually in several of these services.

Perhaps it’s because I’m a Mac user, but no notice is given about the upcoming expiring password. When I suddenly no longer can access different services I know it’s time to create a new password (after some frustration about trying to figuring out what the problem is.) Our passwords are changed through the Outlook Web App. To make sure that the password meets a certain security standard some requirements are in place. If the new password does not match this standard, the following error message is displayed:

“The password you entered doesn’t meet the minimum security requirements.”

Unfortunately, this error message does not tell anything about what the requirements are or how to get this information leaving the user in the unknown. This is a textbook example of a usability problem directly linkable to one of Jakob Nielsens’s ten heuristics:

“Help users recognize, diagnose, and recover from errors”.

I’m surprised to find this classic usability problem in software such as Outlook managed by a large organization with thousands of users. This must make the support phones glowing (update: after talking to our IT support department it actually does increase support requests.)

Two reviews submitted to NordiCHI 2016

Submitted reviews for two papers submitted to NordiCHI 2016 (formally known as the 9th Nordic Conference on Human-Computer Interaction.) I have now been reviewing papers for several years and have (finally) found somewhat of a review routine. Both papers are interesting and concerned with timely and relevant topics. Despite that the papers are not exactly related to my current research focus, the overall research focus and approach of both papers are known to me, so all in all this was some interesting and pleasant reviews to do.

In the past, I have had the pleasure to attend NordiCHI 2012 and 2014. This conference is one of my favorite HCI conferences (probably my overall favorite conference) due to the size and the research presented. The latest NordiCHI conference had around 550 attendees from 34 countries. In comparison to the 3000+- attendees normally attending the (also very interesting) CHI conference, NordiCHI is less “hectic” and more manageable to navigate.

I have also myself submitted a paper to NordiCHI 2016 so crossing fingers and hoping to be able to be part of this conference again this year.

The theme of this year’s NordiCHI conference is “Game-Changing Design”, and is further explained as:

Firstly how design and designs can completely change how we perceive and act in the world, but secondly – and just as importantly – whether and how we can change our perception of what design really is, and how it should be done.

NordiCHI 2016 will be held in Gothenburg, Sweden, October 23-27, 2016 and hosted in unity by Chalmers University of Technology and University of Gothenburg.

Fighting spam with fake MX records

No junk mailSpam is a well known problem to all users of the Internet, especially technical administrators of Internet services. I own several domain names for different purposes. Some are used for websites, some are used for e-mail, some are used for both, some are used for infrastructure (e.g. mapping easy to remember hostnames to IP addresses), and some are just sitting for future use. Most of my domains are not used for receiving e-mail. However, spammers don’t care and will still send spam mails to these domains. Even without Mail eXchange (MX) records a domain is still not safe as many e-mail servers will instead tryout the A record of the domain. With several domains not used for e-mail, this can at times be annoying to manage and causes extra server load.

To minimize the problem, using fake MX records, known as ‘nolisting‘ has been proposed as a trick to reduce spam.

I’m currently using a free service offered by Junk Email Filter Inc. They are running the project Tarbaby, essentially a cluster of fake MX servers. The project has two goals: 1) to help reduce incoming spam, and 2) to support the ongoing work of maintaining the Junk Email Filter blacklist of known spam sources.

The service is very simple to setup and use. Simply add the following hostname as the only MX record of the given domain:

tarbaby.junkemailfilter.com

You can set any value as the priority, for example, 10.

Every time a mail is received the system will respond with the code 550, which means that the message was not deliverable. Genuine senders will receive a reply with an error message and know that a given address is not available, and spam bots will move on and get registered in the blacklist.

Another free service is Fake MX. Add the following hostname as the MX record of the given domain:

mx.fakemx.net

Set any value as the priority, for example, 10. If you use more than one MX record, set the Fake MX record with a higher priority than the primary MX record. Also remember to read their terms of use before adding their mail server.

Using fake MX records is no ultimate solution to avoid all spam from getting in touch with your severs, but anecdotical experiences reported from different forums indicate that fake MX records significantly reduces spam.

More information about using fake MX records can be found at “Nolisting: Poor Man’s Greylisting” and “Other Trick For Blocking Spam.

As it is the case with most tricks also the nolisting strategy has some drawbacks. Especially if using a fake MX setup on a domain intended for receiving e-mail. Some of the drawbacks can be found at the Wikipedia page ‘Nolisting‘.

Merrild coffee machine joins our research group

Merrild coffee machine

We recently got a new member of our research group, a Merrild coffee machine. The Department of Computer Science at Aalborg University consists of several different research units, and luckily one of the other units passed on their used coffee machine which still can be considered hyper-modern in comparison to our former one.

Easy access to coffee is an essential part of the infrastructure at any academic institution. Our department is no different. One of my most appreciated benefits as a Ph.D. Fellow is the included unmetered amount of coffee. This benefit has changed what was once as a college student a significant expense in my finances into a remarkable less significant cost.

The coffee machine and coffee drinking serve a number of purposes besides getting coffee. Firstly, it’s simply a part of the daily schedule, like turning on the computer. It’s a ritual that cannot easily (or should not?) be changed. Secondly, the environment around the coffee machine and the act of drinking coffee is a catalyst for socializing with colleges. Pitching some research ideas, discussing the stack of student reports, or simply a bit of small talk. Thirdly getting coffee is an easy activity for procrastinating other more complex tasks. Whether or not the “fact” that I will be more efficient and creative after picking up coffee is true it is not something I currently plan on challenging (but probably should).

Welcome to the newest member of the Information Systems research group, our new (used) Merrild coffee machine.

First encounter with a laser cutter

Laser cutting 1During a recent course in interaction design research at Aalborg University Department of Architecture Design and Media Technology, I had my first encounter with a laser cutter. Here I was introduced to some of the many possibilities offered by this relatively simple technology. In essence, a laser cutter is a high-power laser burning or melting the material like a saw. A strength of this technique is the variety of different types of materials that can be used such as wood, cardboard, plastic, acrylic, and fabric. Another strength is the precision of the cutting making it possible to get clean and sharp edges. Laser cutters are still not at a price level making it possible for most people to get one at home, but several universities and workshops make them available to students and the public.

In simple terms, a laser cutter almost works like an ordinary printer – model something in a modelling program and send it to the laser cutter.

Laser cutting 2During this introduction, I used the modelling program Skatechup Make by Sketchup. Sketchup Make is the light version of Sketchup Pro and is available as freeware for non-commercial use and a great way to learn and experimenting with modelling programs and creating sketches for laser cutting. It turned out to be relatively easy and fast to learn the basic concepts of Sketchup Make. After a couple of hours of introduction to both laser cutting and Sketchup, I was able to make different simple shapes and to prepare them for laser cutting.

Laser cutting 3While I was only able to make some simple shapes during my first trial, it’s easy to get hooked and see a potential. With a bit of creativity, it is possible to make 2D models into 3D models by creating 2D parts and afterwards assemble the parts into something 3D. While I didn’t get so far during my first encounter, it is to easy to see why laser cutting is a cheap, fast, and easy tool for rapid prototyping of physical devices. Laser cutting is a very compelling and attractive technique, so I hope to get the chance to play further with this technology and even use it for one of my projects.

Understanding usability problem lists is challenging

In an ongoing study about creating GUI redesigns based on the results of a usability evaluation I asked the participants if they had problems understanding the usability problem list. 44 participants, a mix of informatics and information technology students following a design course, participated. Their assignment was to create redesign suggestions for a web shop selling merchandise and tickets. The company developing the web shop had conducted a think-aloud usability evaluation resulting in a simple usability problem list listing 36 usability problems. Each problem was described with the location, a short description, and severity of the problem. The table below shows how the participants answered.

 Were there any usability problems you could not interpret? (n=44)
 Disagree strongly  18%  41%
 Disagree  16%
 Slightly disagree  7%
 Neutral  16%  16%
 Slightly agree  27%  43%
 Agree  7%
 Agree strongly  9%

As can be seen, 43% found that at least one usability problem was difficult to interpret. While this aspect is not the focus of the study, it is still an interesting finding that a relatively large amount of the participants had troubles understanding all the usability problems of a relatively short list of problems. I suspect that the 16% choosing ‘neutral’ probably believed they understood all problems with some uncertainty if this actually was the case. Unfortunately, I have no quantitative data about the number of problems difficult to interpret, but I do have some qualitative data. Especially one particular problem was mentioned among the participants. Not surprisingly this was a semi-complex problem and one of the more important ones to investigate further. I’m sure people receiving and using usability problem lists can recognize similar problems. Another challenge faced by the participants was recreating problems. Some problems are only happening under certain conditions, recreating the same conditions based on a problem description is not straightforward. Despite the missing of details, this non-scientific presentation, and the number of participants, these numbers adds to earlier findings and research in the communication of usability problems.

Here a few papers discussing usability problem reporting:

  • Hornbæk, K., & Frøkjær, E. (2005, April). Comparing usability problems and redesign proposals as input to practical systems development. In Proceedings of the SIGCHI conference on Human factors in computing systems (pp. 391-400). ACM. 10.1145/1054972.1055027
  • Høegh, R.T., Nielsen, C.M., Overgaard, M., Pedersen, M.B., and Stage, J. The Impact of Usability Reports and User Test Observations on Developers’ Understanding of Usability Data: An Exploratory Study. International Journal of Human-Computer Interaction 21, 2 (2006), 173–196. 10.1207/s15327590ijhc2102_4
  • Molich, R., Jeffries, R., and Dumas, J.S. Making usability recommendations useful and usable. Journal of Usability Studies 2, 4 (2007), 162–179. PDF
  • Nørgaard, M., & Hornbæk, K. (2008). Working together to improve usability: challenges and best practices. University of Copenhagen Dept. of Computer Science Technical Report no. 08/03. PDF
  • Nørgaard, M. and Hornbæk, K. Exploring the Value of Usability Feedback Formats. International Journal of Human-Computer Interaction 25, 1 (2009), 49–74. 10.1080/10447310802546708
  • Redish, J. G., Bias, R. G., Bailey, R., Molich, R., Dumas, J., & Spool, J. M. (2002, April). Usability in practice: formative usability evaluations-evolution and revolution. In CHI’02 extended abstracts on Human factors in computing systems (pp. 885-890). ACM. 10.1145/506443.506647

Norwegian 2015 review

Norwegian Logo

Since 2012 I have frequently been flying Norwegian (Norwegian Air Shuttle) (IATA: DY) in Scandinavia. This is my 2015 review. My trips with Norwegian went significantly down in 2015 as my travel patterns and destinations changed. Last year I only had seven flight with Norwegian.

Flights and service

Norwegian provides an absolute basic product (while not as basic as Ryanair) and often have very competitive prices. Norwegian’s fleet consists of new Boeing 787 Dreamliners and Boeing 737-800 planes. The Dreamliners are used for long haul routes and the Boeing 737-800’s for short haul routes. I have only been flying the Boeing 737-800 planes. Cabins and seats are clean, and the Boeing 737-800’s are generally pleasant. No onboard service is offered on short flights in Scandinavia (with a few exceptions) but is more normal on intra-European flights. The overheads are spacious and will fit most “standard” carry-on luggage (size: 55 x 40 x 23, weight: low fare: 10kg, and flex and premiumflex 15 kg). As good as everything besides the ticket itself is associated with a fee. Information about baggage and other fees are listed at Norwegian’s website “Travelling with us“. While Norwegian has quite strict policies, they are generally not being unreasonable when it comes to enforcement.

The staff, including ground, cabin and customer service, are generally offering a professional and friendly service, but I have occasionally been in contact with some less helpful ground staff. In 2015 my flights had no or less significant delay. Sometimes this was not well informed, for example, SMS’s with information about delays have at times been more delayed than the flights.

Wifi and in-flight entertainment

Norwegian offers free WiFi on most routes. The stability of the connection is unfortunately often questionable. The in-flight entertainment system is based on the WiFi and “bring your own device” such as a laptop, tablet or mobile phone, and offers video-on-demand, live TV news, and some magazines. I have yet to try out the entertainment system in full due to short flights (30 – 60 minutes) and prices.

Norwegian Reward

In 2015, Norwegian made some significant changes to their loyalty program called ‘Norwegian Reward’. I have in my earlier reviews critiqued Norwegian Reward as being close to completely useless, but the recent changes have made it more attractive for frequent flyers. The essence of Norwegian Reward is the option to earn ‘CashPoints’ (2% CashPoints on low fare tickets and 10% CashPoints on flex fare tickets). Changes have been made both to how CashPoints can be earned and used. Besides flying it’s now also possible to earn CashPoint through car rentals and hotel bookings. CashPoints can are useable for full or partial payment of flight tickets, and now also be used for extra baggage, seat reservation, cancellation, and insurance booking changes. On top, with enough flights (12-18 flights within a 12-month consecutive period), it’s possible to earn different benefits. After 12 flights it’s possible to pick between +2% CashPoint boost, free seat reservation, or free fast track (at selected airports). After 18 flights it’s possible to get free extra baggage (20 KG). Note that all rewards can be used unlimited and that it takes 12 or 18 flights for each reward. For example, after 12 flights you can chose free seat reservation. You then need additional 12 or 18 flights to select an extra reward. More details about the loyalty program are available at the Norwegian Reward website.

Conclusion

All in all, Norwegian continues to provide a stable product at a decent price. As I keep pointing out in my yearly Norwegian reviews, it’s absolutely essential to recognize and remember that Norwegian is a low fare airline. Knowing what to expect and set expectations accordingly will make things easier, for example, to remember that no perks are provided, and basically anything such as baggage, drinks, etc. is associated with a fee. Especially the customer service cannot match legacy airlines and service is generally not flexible. According to other reviews, a common complaint is how Norwegian deals with long delays and cancellations. It’s very positive that Norwegian has upgraded they loyalty program Norwegian Reward, and now provide different benefits besides the option to earn credit for future flights. While my travel patterns have changed, I’m also in 2016 expecting to book a few Norwegian flights.

Feel free to post your own experiences with Norwegian.

More Norwegian reviews can are available at Skytrax.

Review about Norwegians US-EU routes can be found at Yelp.