Comments on: Contingency design http://technology.amis.nl/blog/1147/contingency-design Weblog for the AMIS Technology corner Fri, 10 Feb 2012 16:47:37 +0000 http://wordpress.org/?v=2.9 hourly 1 By: Remko Mantel http://technology.amis.nl/blog/1147/contingency-design/comment-page-1#comment-52627 Remko Mantel Thu, 13 Apr 2006 09:15:09 +0000 http://technology.amis.nl/blog/?p=1147#comment-52627 By the way ... this weblog could use an upgrade from a contingency point of view: I tried to reply here and forgot to fill in my email (and many persons do not want to leave it behind anyway!) and I into an error page stating: Error: please fill the required fields (name, email). The error message in itself is ok and clear. Apparently we can still learn drom the My Yahoo example mentioned in the story :) By the way … this weblog could use an upgrade from a contingency point of view:

I tried to reply here and forgot to fill in my email (and many persons do not want to
leave it behind anyway!) and I into an error page stating:

Error: please fill the required fields (name, email).

The error message in itself is ok and clear. Apparently we can still learn drom the My
Yahoo example mentioned in the story :)

]]> By: Remko Mantel http://technology.amis.nl/blog/1147/contingency-design/comment-page-1#comment-52626 Remko Mantel Thu, 13 Apr 2006 09:10:49 +0000 http://technology.amis.nl/blog/?p=1147#comment-52626 I agree that you should not be giving away information that enables hackers to do their thing. And indeed usabillity and defensive designing are part of, or at least closely related to, contingency designing. Contingency designing just goes a bit further than just usability in my opinion. It is actually not a bad idea to have both users and hackers testing your application as a part of your testing period -> do users understand our design and are hackers able to get in because of the design? I agree that you should not be giving away information that enables hackers to do
their thing. And indeed usabillity and defensive designing are part of, or at least
closely related to, contingency designing. Contingency designing just goes a bit
further than just usability in my opinion.

It is actually not a bad idea to have both users and hackers testing your application as
a part of your testing period -> do users understand our design and are hackers able
to get in because of the design?

]]> By: Marco Gralike http://technology.amis.nl/blog/1147/contingency-design/comment-page-1#comment-52503 Marco Gralike Wed, 12 Apr 2006 18:21:33 +0000 http://technology.amis.nl/blog/?p=1147#comment-52503 but, IMHO, also think that you shouldn't give the user to much information on what went wrong (on the internet). The methods described here are also the tools of a hacker to find out how to cercumvent the system, for instance in re-writing URL's. My idea would be to spend a lot of time in the user interface so a user immediatly understands the system (ergonomics) and/or use defensive design (http://www.peachpit.com/content/images/073571410X/samplechapter/073571410xc.pdf). If an error can give to much information about the design or system behind the (web)interface but, IMHO, also think that you shouldn’t give the user to much information on what went wrong (on the internet). The methods described here are also the tools of a hacker to find out how to cercumvent the system, for instance in re-writing URL’s. My idea would be to spend a lot of time in the user interface so a user immediatly understands the system (ergonomics) and/or use defensive design (http://www.peachpit.com/content/images/073571410X/samplechapter/073571410xc.pdf).

If an error can give to much information about the design or system behind the (web)interface

]]>