Author Archives: mkhamis

What are Public Displays?

When I tell people that my PhD is about eye tracking and gaze-based interaction with public displays. I often get this question: what is a public display? Actually turns out that finding a definition is kind of challenging. If you google for the term, you often get results like this: Public display of affection – Wikipedia, the free encyclopedia

So what is a public display? I usually answer: It’s a display whose users are not necessarily its owners.

I just made this up, actually. But this really fits well what the research community refers to as “public displays”. Basically, an ATM is a public display, ticket machines are also public displays. However there is the vision of having a “Pervasive network of displays” i.e. a huge network of displays spread across the city, that are interconnected. In this vision, displays are everywhere. We are already starting to see them in the streets (like those in Oulu), shopping malls, universities, airports, etc.. These displays are moving from static advertising displays to interactive ones, that provide different benefits to the users (or we like to refer to them as “the passersby”). Interaction with these displays is mostly using touch nowadays, but there are already public display deployments that employ interaction via mid-air gestures (e.g., waving your arm), or via eye-gaze.

Sometimes researchers use other terms such as “Pervasive displays”, “Ubiquitous displays”, “situated display”, “digital signage” and “wall-sized display”. Most of the time they refer to the same thing. “Public” is also a flexible term; it refers to displays that are outdoors, as well as those indoors in public spaces such as libraries.

You can find papers about public displays at CHI (e.g., Looking Glass), UbiComp (e.g., TextPursuits), MobileHCI (e.g., MirrorTouch), UIST (e.g., GravitySpot) and more. There is even a dedicated conference for public displays called PerDis.

A nice introduction to public displays can be found in this book. Also this paper (which is available for download) can give you a nice jump start into the field.

PhD in Germany vs Marriage in Egypt

Warning: This is a sarcastic article, and should not be taken seriously

Here is the article. Please read it first, then replace the highlighted sentences by the corresponding ones in the list below:

The path to get a PhD(1) is a hard one. First you need a research(2) proposal, and it has to be agreed on by a professor(3). You will then get interviewed by the professor(3), and some members of his department(4). Recommendation letters from previous supervisors (5) could help you. You need a source of funding! it is very unlikely that your savings so far will cover the expenses you will need during the journey. Some rely on their family’s savings, especially if their parents are so freakin rich. Money through scholarships or PhD positions(6) would probably be sufficient. You go through a thesis-defense(7) once, probably a few months before getting the degree(8). Whether it makes sense to defend is questionable because once your supervisor decides that you should do it, then probably he thinks that you made it(9).

  1. married
  2. marriage
  3. her father
  4. family
  5. ex-girlfriends and mutual friends/relatives
  6. Robbing banks or salaries that some might earn at the age of 50+
  7. self-defense
  8. throughout the marriage process and after marriage
  9. because you lose the argument anyway.

What’s an h-index?

In academic research, the term h-index has been recently used a lot. So what does it mean?

Basically it is a way to evaluate the scientific impact of venues (e.g. conferences) and academics (e.g. researchers).

The h-index of A (where A is a venue or an academic) is the maximum X, where A has X papers cited at least X times.

I am not a mathematics guru but that’s frankly the best way to explain it. So a researcher with 100 publications, where the maximum number of citations per paper he got was 2, would have an h-index of 2, because he has 2 papers cited at least 2 times, but there’s no third paper cited 3 or more times. While another one who has 10 publications, each cited 10 or more times, would have an h-index of 10. A third researcher who has 7 publications cited 2 times each, a publication cited 20 times, and another 3 cited 10 times each, would have an h-index of 4, because only 4 of the publications are cited 4 or more times, but there is no fifth paper that was cited 5 or more times.

It’s a bit complicated I know, if you want to know your h-index, you can just create a Google scholar account and it will do it for you, after you specify which publications are yours.

So why is this a better way to evaluate the impact of an academic or a venue than simply counting the number of publications or the number of citations? Well, if it was based on the number of publications, you could just publish a lot of papers at venues that accept everything.. If it was based on the number of citations, you could have 1k citations because of a small contribution to someone else’s paper, that resulted in you being a co-author. In the latter situation, it could be that your impact is not strong after all, perhaps the rest of your publications have very few citations (or none). If that was your only publication, your h-index would be 1. Do you see the point now?

Bonus fact: The h5-index is basically the same as the h-index, but limited to the last 5 years.

Venues have h-indexes too, as you might have guessed, it’s also calculated the same way based on the publications published at that venue. Today the h5-index of CHI, the number one conference in Human Computer Interaction, is 78. You can also check that out on Google Scholar’s venue search. The h-index can give you insights about the strength of the conference, the exposure its papers get, etc..

5 Common pitfalls that greatly compromise your privacy

Yesterday, Apple announced that the recent leak of photos from celebrities’ accounts is not caused by any kind of breach into their systems. In other words, they are saying that the attack was done through “guessing” and “phishing”.

So what does that mean? guessing is self-explanatory. As for phishing attacks, they are the kind of attacks where the victim sees a fake interface (that looks similar to that of a famous website), once you enter your login credentials into that website, they are sent to whoever designed this trick.

You can find tons of articles online about protecting your accounts, but I am going to take it from a user’s perspective and focus on 5 common types of mistakes I see around me that people often miss.

Know that – If you are not careful enough, it won’t really require “hacking skills” for someone to hack into your account.

First thing you need to know, is that there are tons of people out there who know loads of information about you, enough to perform successful guessing attacks on your accounts. If you are not careful enough, it won’t really require any “hacking skills” for someone to hack into your account.

Know that – “But.. I have nothing to hide” does not apply on anyone!

“If you really think that you have nothing to hide. Please make sure that’s the first thing you tell me, because then I know that I should not trust you with any secrets, because obviously you can’t keep a secret.” Mikko Hyppönen, a computer security specialist.

There is a common concept in security, “the security of a network is as low as the least secured entity in that network.”. In our world, this would mean that if you compromise your privacy, then you are compromising the privacy of everyone who trusts you.

Take Facebook as an example. You might have nothing to hide, I doubt that, but even if you do, if you give away your Facebook password for example, then whoever was telling you about their personal secrets online, and those who decided to share things with you specifically (because they trust you), have all gotten their privacy compromised. So you’d better realize that you’ve got stuff to hide.

Pitfall 1 – Your “Secret” Question

A really stupid idea that seems to me that it is only there to allow hackers to get you, is the so-called secret question (maybe that was considered secure long time ago, because its inventors did not value the amount of stalking psychopaths who are going to be using the internet in the future).

This thing is very common with Yahoo and Hotmail/Live or whatever it is called now. And now since most of the online services are connected, you can recover your an account’s password from another account if you connect them. Recall the least-secure concept!

The thing is, 15 years ago when you created your email account, probably you thought a question like: “Where was your grandmother born?” to be secure enough.. But guess what, now your grandmother is on Facebook, where everyone can see that she is your grandmother and know where she was born! So someone can answer your secret question on some account, reset the passwords of every other connected account, and you’re wasted!

If you insist on using a secret question, use a real ‘secret’ question! or better yet, get rid of this primitive thing for good! We tend to set less complicated secret questions, and it is very easy to collect information about anyone online now, plus, there are tons of better alternatives out there (check 2-step verification for example).

Pitfall 2 – Lock your computer!

Whether it is at work, at home (especially if you have visitors) or basically anywhere, always lock your PC when you are not attending it, and set it to automatically lock when its idle!

You cannot imagine the amounts of problems you can get into if you forget that, I know someone who forgot his PC unlocked, his co-worker sent an invitation for dinner at the victim’s place! the poor victim started getting “Thank you for the invitation” messages and had no idea what was going on.

Another guy at a reputable company actually sent a resignation email to everyone in the team on behalf of some guy who forgot his PC unlocked!

Bonus info: These kinds of attacks are called: “workstation hijacking” btw.

Pitfall 3 – Your browser was so nice to save all your passwords in one place

Browsers save your passwords to make it easier to log-in next time. The problem is, now workstation hijackers know where to look!

Lock your computer, and as an extra precaution, set a password to this page as well. Google chrome uses your system’s password (the one you use for unlocking) before unveiling any saved password. Not sure about other browsers, but I am sure there is a way to set passwords in any decent browser, if your browser does not provide that feature, then you’re better off with a different one!

Pitfall 4 – Don’t use the same password everywhere!

Just don’t.. otherwise uncovering one password would mean uncovering all your accounts.

Pitfall 5 – Keep an eye for phishing attacks

I cannot really give advice on how to do that, but things like: “You won’t believe what happens in this video”, “hey you look so funny in this photo!”, “Hey I didn’t know you work in the porn industry!”.. these things should look fishy to you, take care of the way messages with links are written, you can usually tell that it is not your friend’s style (and thus it could be a program writing these messages). Think before downloading .exe files or installing apps, why would viewing a video require installing a facebook app? or simply just ask the friend before accessing suspicious links

Have any other tips? share them!

Is the ALS Ice Bucket Challenge worth it?

I am sure you’ve come across at least one video where someone dumps a bucket of ice on his/her head. The rule is that you dump an ice bucket, and challenge 3 people to do the same within 24 hours, otherwise they’d donate 100$ to the ALS Association.

The motivation is to raise awareness about ALS. Many celebrities took the challenge and donated as well to ALS research, which is usually not given a high concern because it is not a very common disease. So imagine, a cure could be out there already, but hasn’t been discovered due to a lack in resources in this research area.

I’ve seen criticism about the whole thing. You are dumping clean water on your head for “fun”, while larger numbers of people in the world suffer from drought and die because of lack of clean water.

But let’s take a moment to evaluate the whole thing now. How many more people in the world know about ALS now thanks to this initiative? The ALS Association received as much as 41.8 million dollars in less than a month, which is more than double the donations they got in a whole year!

So is it worth it? Yes indeed it is!

Sure there are always higher priority things, I would have loved to see a creative initiative like that to collect donations for Gaza, for the famines and other diseases as well. But there’s an important point here.. The fact that there are more serious or important causes that are worthy of concern, DOES NOT undermine the concerns about lower priority causes!

I’ve heard similar comments about animal care. Things like: “how could you care about animals while your own species are dying out of thirst or hunger”. Yes! You should care about all of that, but no! Caring about animals is also a noble thing, and eventually someone should be doing it!

Just imagine that you are making a career choice: you could be a medical doctor that can help save people’s lives, or you could be a software engineer that can make people’s lives more productive and entertaining. For sure it’s more important to have doctors, for sure we need to save people’s lives. Yet, it doesn’t mean that all of us have to be doctors! We still need other professions, and you should choose the things/professions/causes that interest you the most, to eventually be able to make big contributions through it.

Everyone should examine how to contribute to the world: find causes that they believe in, and are willing to contribute to. Once you find that, you’ll be able to give more than anyone else. Believe me, that’s better than to sit back and say: “these guys are ridiculous, why don’t they do anything for famine!”.. well.. I ask you, why don’t YOU do anything for famine?

Who viewed your email?

A few months ago, a company called Streak announced a plug-in for Google Chrome. The plug-in makes it possible for gmail users to be notified once someone reads the emails they sent.

Sounds scary, right? It even works when emailing non-gmail users! You basically get a notification telling you “Someone viewed your email”. You won’t be able to tell who viewed it in case there were multiple receivers, but it does also show you the location from which your email was accessed, so it’s up to your guesses and stalking-skills to know who exactly viewed it.

But how does it work?

The trick is simple, the plug-in attaches an invisible 1×1 pixels image to every email you send. Most of the email clients will display the images in an email once you open it. When the receiver’s client tries to display the small image, it finds that the image is actually a link, so it requests the image by accessing the link, which (guess what?) sends the request to Streak’s servers.

Streak’s servers learn that someone accessed this particular image, they can tell that this was the image they attached to your email. They collect information about the location from which they received the image request, and by knowing that someone accessed this image, they conclude that someone accessed your email, and hence notify you.

How can it be countered?

So now that you understand how it works, you probably guessed that the plug-in can’t do its job unless the client accesses the images. You are right, and that’s the simple solution!

Just make sure your client doesn’t automatically display images. This way if you receive an email from someone using that plug-in, it won’t work because the image is not displayed, which means that the request to Streak’s servers was not made, which means that they couldn’t collect information about you.

The reactions to such a plug-in are really interesting. It’s pretty annoying to know that a server can be collecting information about you without your consent, but on second thought, this basically happens whenever you access any email with pictures! the only difference is that Streak announces that they will give that information to the email’s sender, unlike advertising companies for example, who will also gather this information but keep it to themselves.

I wonder if this is perceived differently than SMS delivery reports, it’s not exactly the same of course because delivery reports tell you when the SMS reaches the other device and not when it is “accessed”.

But does it really annoy you? Share your thoughts!