The medium is the message: that we are now past the work of art in the age of mechanical reproduction and into the question of authenticity in the age of perfect reconstruction.

Pages and ideas like this have circulated in joke books and humour magazines for years, the creation of a pastiche of an already iconic pages (such as TV Guides, newspapers, et al) but what’s really interesting about this piece is that it’s based on an electronic, web-based original.

On non-web based media, the source material and the output are inter-related; there is no output without access to the sources. If I want to make a newspaper page, I need newsprint, news inks, access to printing presses and whatever hardware is used these days to transfer the ink onto the page. I need the same tools and software that is used to mark the page up. Without these things, the page will always be an imitation of the original. A copy of the Guardian printed on an inkjet printer, or using comic sans, just isn’t the Guardian, even if it contains the same text as the original.

The web is a medium where content is decoupled from it’s physical rendering; we are used to accessing the same web page on a CRT, an LCD, your laptop, or your phone. The colour is slightly different, the resolution changes, but the same site seen on each device will be understood as equivalent. Beyond this, however, it also encapsulates it’s own production process; that is, the document is not a ‘baked’ final version, as a printed page is; the output document can be accessed or viewed as the elements of the mechanism that produced it. “View Source” grants access to this; it’s the only medium I’m aware of that is so self-documenting.

As a result, authenticity is defenestrated. Authenticity is not an aspect of the final document, nor can it ever be; authenticity is instead implied by source (the URL the page is accessed from, as every paypal scammer knows) or simply the look; unlike television, radio, or the press, there is no feel to the medium itself that separates an amateur from a professional, no cost barriers (such as owning a printing press or radio transmitter and studio) to divide the two.

This is what is so uncanny about this page; it is an exact reproduction of a page that doesn’t exist, but at the same time (apart from the URL) is sensorially perfect; if Google news generated this page, this is exactly how it would appear, down to the byte. I had never stopped to give pause as to how important domain names were as our only layer of verifiability. Anyone can perfectly imitate anyone else in this medium.

First, it’s written in Director. We had none of that flash back in those days! We were grateful that we could even altavista for imaging lingo snippets (people who remember this will be cringing, the kids these days will be thinking… imaging flash?). Director recently came back from the dead, and you can get the plugin here.

It’s a quick hack version of space invaders, which, for some reason, I implemented obscure MAME controls to start. You’ll be pressing 5, then 1, to start a game. I know, I know. And yes, there’s no defence blocks; this was to avoid clouding the high concept… (game after the jump)

High concept? Yes! Press the return key in game. Twice. The game is replaced with a stack of numbers. Each number directly relates to one aspect of the game – the position of an enemy, the player firing counter, the horizontal position of enemy bullets; each and every number has a purpose. See if you can still play the game using this reference data (known as variables by those who programme), rather than the visualisation of it. Can you beat the computer on it’s own turf – the world of numbers? (admittedly, the computer is at an advantage – it knows what each of those numbers refers to. There’s a reverse engineering challenge as well as a poor space invaders clone here, for your double amusement.)

Internally, the game code is tracking this amount of data, analysing, evaluating and following a set of procedures defined in the progamme fifty times a second. This is a very simplistic game; it was deliberately chosen so that a full set of variables could be displayed on-screen at once.

Take a step back. Think about how much more data is being thrown around by modern games (space invaders could be written in less than 4kb of data) but also by your operating system, or even phone. Think about the complexity under the hood there.

Space Invaders <RAW> hopefully makes you appreciate how fundamental the role of data visualisation is in the modern world, how it imbues meaning into every computer mediated action we make; how pervasive the discipline has become, evolving from a by-product of basic programming roles into interaction, usability and experiential design specialities. Working with electronic data involves breaking tasks and processes down into their most fundamental, atomic pieces; this generates vast volumes of data to work with. Generations of computer science heroes have layered abstractions and metaphors on top of these fundamental approaches to hide what’s going on under the hood, from both the user and the programmer behind it.

While we’re stuck with passwords, we should make them as painless as possible to use. My personal process is to have three passwords, at differing levels of privacy:

• A ‘public’ password, which I use for accounts I share with friends and do not care about compromising
• A private password, which I share across a number of services
• A high-security password, which is super-secret and only used for services which involve money, or present themselves as an authentic me

Anecdotal experience tells me a lot of people rely on similar schemes. This is a common approach, but did anyone tell security and sign-on developers? Seemingly not because this conflicts hugely with how many websites operate. While humans exist in a world where the aim is to minimise password redundancy (ie, memorising as few as possible), many online accounts aim to maximise password uniqueness: the password must be between 4, 6 or 8 and 8, 10 or 20 characters in length; it cannot or must contain special characters, which may include or preclude any, all, or some of dollar signs, pound signs, punctuation, underscores, accented characters and spaces You can or cannot start the password with a space, if that was a permissible character. They often seem designed to best suit the security or IT manager’s existing password schema, and I imagine there’s a fascinating study out there about this already.
It’s a wild-west of password requirements, basically, but human ingenuity always finds a way. We trim our passwords to suit the per-site rules, eliminating that now-illegal space, duplicating phrases to reach the minimum letter count. We do all in our power to preserve the spirit of the password, within the constraints of the rules.
Here’s some of those rules, pulled from a random website.It tells me the rules only after I propose my sign-in password (looks like the other davemee beat me to signing up here too). Ideally, it should have let me know in advance, but at least it tells me. Let’s review the constraints it’s imposing here:

1. Longer than 6 characters
2. Less than 12
3. Contain at least one letter
4. Contain at least one number
5. Contain only letters and numbers

This eliminates at least one of my passwords, the one I’d typically use for the level of security required here. I need to change it to conform.

On the same site, contrast with the login page (pictured below).
Without recording the site and credentials somewhere, my presumed login would fail here. I know which account I’m likely to have used, but without knowing the constraints imposed by the site, I would never be able to derive the correct password. When I enter my (illegal) credentials, it tells me my login details were wrong, but makes no mention (nor reminder) of the restrictions imposed on the password – I’d only find this out by creating a new account and having the password rejected a second time.

I’m not singling this site out, whoever they are – lots of sites do this. What disappoints me is this is such standardised, minimum-effort behaviour, which could be turned around with so little work to make the world a better place. We’d have less misleading sign-up figures from the bigger websites, more honest advertising figures, and better preservation of online identity. Sign-up, -in and -on interaction would stop being a hurdle and start being part of a sane, simple transaction.

Recommendations

I have a few ideas about what could be done here; I propose a SOS (sign-on sanity) group or marque that would guarantee predictability of registration. Minimum requirements would be to

• Spell out admissible characters for passwords, at both account creation and log-in time (this could be inline in the page, or as a popup display)
• Make explicit how case is treated, accented and non-latin characters are treated, and minimum/maximum size requirements
• Not impose back-end details on password choice; for example, banning leading spaces, banning dollar signs, backslashes and other ‘escapable’ characters

I also propose a full-compliance award, which would involve the above as well as

• A standardised set of acceptable characters, with a link to the SOS website where the characters would be made explicit
• Visible feedback (flashes, error highlights) when an inadmissable character is entered into a password field, without stating what that character is (‘the 5th character entered was bad’ rather than ‘% is not a permitted character’), for browsers supporting this functionality.

With this approach, the guesswork is eliminated from password recall, and the need to rely on external tools, whether paper or software, is greatly diminished. There would be fewer aborted registrations and less overhead from users having password-related issues at sign in, all the while requiring no major infrastructure changes, and only minimum additions to a few pages for site managers and administrators.

Last.fm started out with a similar concept; listening to the entirety of a song was also a ‘preference’ vote (or that you were away from your computer, how can you tell the difference?), and that skipping a song indicated you didn’t like it. These are quite harsh metrics; there could be other reasons for skipping a song (you’re not in the right mood, you have a twitchy mouse finger) so it’s not necessarily an analogue for voting.

However, I’m particularly enamoured of two things happening here; user-generated metrics and passive data gathering. User-generated metrics is the idea that users and their behaviour in an electronic space provide very tangible feedback about their relationship to those spaces. The classic example is Amazon’s recommendation engine – people who bought that also bought this – but there are many abstracts ways this information can be gathered, and what it can mean. Passive data gathering is the idea that, like the example above, the way people interact with devices (and interfaces) provide a great deal of extraneous objective information, which could not be gathered should the same information was expressed in explicit terms. ‘Skip this song’ says so much more than a form which assessed your liking of the current song, and whether you’d like to hear it again in a week, month or year. Just skip it; if I skip it again, I don’t want to hear it.

It’s only recently that the Wii has allowed physical movement and real post-digital controls into video games. You don’t just move left at this point in time in the game, you move leftish quite quickly. For years, promotional videos of gaming systems showed players swaying, weaving, moving their joysticks through space, all the while just pressing buttons on a block – yet nothing capitalised on this. The body was making subconscious hints that everyone in the room was picking up on – apart from the game itself, the mediator of the experience. I think this is one of the main reasons the Wii has cut through such a broad target demographic – it’s attempting to use this subconscious cueing, rather than impose an abstract (buttons and joystick) interface on the player. It’s working the way your lizard brain works, rather than the way someone who has spent years learning, studying and practicing button configurations, as well as their repeat rates, give, tension and other inherent variables affecting performance would work. The lizard knows how to spin your arm 100 different ways already.

I spent some time, unsuccessfully, trying to introduce the idea of insistence into interfaces. People press a key, or click a GUI button, and the software (as best it can) responds. People don’t work this way, though; they act like software is another person or intelligent agent with emotions and judgement of it’s own. We press that ‘call lift’ button ten times more often if we need the toilet, if there’s an axe murderer behind us, or we’re generally in a rush, even though we know the metal and current behind the lift couldn’t care less about what’s happening outside it’s immediate world; which is a a binary world, a world of lift, shaft, and electric.

When I post a tweet, or send an email, if there’s a pause between clicking a releasing the send button, why is the recipient not made aware of this? Could we introduce an x-apprehension-level: high header to our mail clients, or x-decisiveness-level:HELLYEAH to those people who whack the send button repeatedly until the window closes? We see capitals as shouting these days, but what subtle nuances of typing are lost when the action becomes captured; did we hold shift with one hand and aggressively peck each character, an insistent finger-jabbing shout? Or did we carefully engage caps lock, and type normally, the shouting emotionless and for emphasis?

There’s so many places we can hook these cues and gestures in; Apple’s Newton had a lovely ‘scrub out’ feature to erase items, engaging the same behaviour we use with paper and destructible surfaces to indicate deletion. Apple has started taking a leaf from their own work here, and are using flicks, squeezes and pinches to control their iPhones. But we’re still missing the adjective in our otherwise simple noun-verb HCI discourse; to a degree, who cares? People don’t really want to know how long I lingered over the ‘post’ button before you got to see this entry. At the same time, it’s an interesting metric of my relationship to this article, and taken over time, this posts’ relationship to other posts, and on a global scale, their relationship to everything else; you can suddenly start asking which content is the author most confident of? which authors are the least self-assured? Which day of the week does the world find the least confident when posting? That tiny little piece of extra data introduces magnitudes of extra meaning, raising the intelligence available from the standard metrics by an extra dimension. It may not be information I want to make public, but for my own reference, it could be very valuable; and anonymised, combined with other blind datasets, could provide a means by which I can asses my own progress and confidence with my writing.

Usability squads employ iris-trackers to understand where people focus the most attention on web sites; this feeds back into the design, nipping and tucking layouts to better serve expectations. Sites could do this automatically themselves though, by using the mouse cursor as a cheap iris tracker. Places my mouse hover a lot express interest, as do clicks. Those areas should become larger, more obvious. The iGoogle homepage and Facebook are examples of information-heavy sites that could benefit from this approach. This could be handled at the individual or community level. Games could benefit hugely from reading these extra cues and providing less binary experiences; Street Fighter, the original, features strength-sensitive buttons which would allow a direct correspondence between the player and their gaming character’s attack strengths. Even Vista’s start menu defaults to showing a list of programmes, from top to bottom detailing the most used over a long period, to the most recently used.

With his woolly ideas gathered and spell-checked, he clicks publish, decisively.