[Freedombox-discuss] Working Groups
jonathan d p ferguson
jdpf.plus at gmail.com
Wed Jul 20 17:37:29 UTC 2011
As a former usability/security researcher, I would like to call attention to the principle that security and usability are usually inversely proportional. This has been observed by many usability and security researchers over the years.
The working group for usability will need to collaborate, deeply, with all other groups. It bears repeating that usability is not a "task domain" that one can just box up and deliver at the end. The usability and security implications run through every decision, particularly for FreedomBox.
My suggestion is to arrive at a core set of user stories. All we need to do here, is tell stories about the *main things* that people will use the FreedomBox for. In this task I encourage people to please exercise restraint. This is first, to establish the common stories. Edge case stories are good for testing the common stories, once we know the common stories. The "use cases" part of the Wiki is a good start, I just added a User Stories page too, as use cases come from stories: http://wiki.debian.org/FreedomBox.
I have come to prefer user stories, because use-cases can make hidden assumptions that user stories expose. A good story will be Independent, Negotiable, Valuable, Estimateable, Sized Appropriately, and Testable (Cohn, 2004) See also: http://agileconsortium.pbworks.com/f/SDBP04_IntroToUserStories.pdf
For example: Alice needs to send a message to Bob but Alice lives in an oppressive, surveilled environment, and if the message is detected, she will go to jail merely on suspicion of seditious activity. (This story implies many features and possible cases).
Further, I encourage the list to please pay attention to the work of Peter Gutmann (2009, 2011a, 2011b). He has made some sometimes startling observations about computer and network security and usability. Strongly recommended.
have a day.yad
Gutmann, P. (2009, June 27). Things that make us stupid. Available from http://www.cs.auckland.ac.nz/~pgut001/pubs/stupid.pdf
Gutmann, P. (2011a). Engineering security. Unpublished: Book Draft. Available from http://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf
Gutmann, P. (2011b, May). Security usability fundamentals. In Engineering se- curity (pp. 17–193). Unpublished: Book Draft. Available from http://www.cs.auckland.ac.nz/~pgut001/pubs/usability.pdf
Cohn, M. (2004) User stories applied: for Agile software development. Addison-Wesley Professional, 2004
On Jul 14, 2011, at 8:43 AM, James Vasile wrote:
> The idea of working groups has been proposed a few times by a few
> different people. From my point of view, this seems like a good idea.
> It's time.
> There are two questions here. First, what working groups should we
> form. Second, how shall those groups operate? I think if we answer the
> first, each group can answer the second on its own. I'm happy to
> arrange hosted infrastructure to the extent debian.org or github don't
> We've had many suggestions for which working groups to form. Let's
> gather them in this thread, choose a minimal starting set and see if we
> can define and populate them.
> Best regards,
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
More information about the Freedombox-discuss