Interestingly though, this experience is not consistent. Some of those users – who come to computers late in life – have little difficulty in picking up the basics and getting on with it. After a few informal lessons, they can be left to surf, email and even cut-and-paste, without anguished calls to their indentured technical support hotline.

It’s an interesting contrast. Some users need to be taught, often repeatedly, how to execute every action on their PC. They fear a disaster, or even the possibility of ‘breaking’ the computer if they get a step out of sequence or a click in the wrong place. They seem unable to apply the knowledge they acquired in one application in order to use it somewhere else. For example, after learning cut-and-paste in Microsoft Word, they have to relearn cut-and-paste in Internet Explorer or Outlook. For these users, everything about their PC is arbitrary. It must be learned by rote. If they can’t remember how to do a task, the task cannot be done.

There is a somewhat patronising view that these people are unable to pick up IT because they “didn’t grow up with computers”. Yet the experiences of older users who acquire their PC skills without a struggle puts pay to the notion that you can’t teach an old dog new tricks.

So why is there such a difference? Why do some users find it so easy, while others struggle with every step? It’s certainly not an intelligence issue. We all know smart people who exhibit the fearful behavior described above.

It all comes down to rules. The (usually unwritten) rules that govern how interfaces operate. The rules that are rarely taught explicitly. In particular, the rules which determine how we use a mouse.

On a Windows PC, the mouse is the most fundamental method of interaction with the operating system and its applications. It is surprising therefore that new users are rarely taught how to use the mouse. An instructor teaching a newbie might suggest “Left-click on that button. Right-click on that icon. Double-click on that application”. The instructor is telling the user what to do with the mouse, but is failing to impart how to use the mouse. Crucially, the rules are not being conveyed. The basic rules of mouse interaction are short and simple

• Left-click to make a selection (e.g. a link / button / tick-box / menu item)
• Right click to open a context-sensitive menu
• Double left-click to open an application or document from an explorer window

OK. Slightly different terminology might be used to explain these rules to a new user (for example avoiding jargon like ‘context-sensitive’). And of course there are plenty of variations and exceptions to the rules. But for the kind of things that most newbies are likely to attempt, these rules are fit-for-purpose.

The problem with the directive teaching style (”Left-click on this. Right click on that”) is that everything about human-computer interaction then appears arbitrary. The user is forced to devote excessive mental effort into ‘learning’ applications and ‘remembering’ the correct sequence of button-presses. As the instructor, you’ll know that things have gone wrong when you ask your newbie to “click on x” and are met with reply “right click or left click?”.

If the fundamentals of human-computer interaction are taught in a way that misleads new users into seeing them as arbitrary, we should not be surprised when those users surmise that everything else about their interaction with the PC is arbitrary. The absence of rules from the user’s understanding of computer interaction is the root cause of the paralysis which subsequently affects their attempts to learn new applications. It is the reason that we’re met with questions like “Do I right click or left click here?… If I press the wrong one will I delete something / break the pc?… I know you just explained this to me, but I’ve forgotten already”. A new user’s claim to have ‘forgotten’ how to do something is another indicator that things are being learned by rote rather than by rules.

Of course, as noted at the start of this article, not all new users are afflicted by these issues. Some have tutors who explain the rules from the start. Others figure out the rules for themselves, and quickly make the logical leap between remembering the correct sequence of button presses, and applying the rules of interaction.

This article has dealt mainly with the ‘rules’ for using a mouse. But computer user interfaces are filled with rules that we expect to be applied consistently. For example, when presented with a choice of radio-buttons, only one can be selected. But when presented with a choice of tick-boxes, several (or even all of them) can be ticked. In principle these rules are easier for new users to learn because they are composed of strictly visual elements: a tick-box is very obviously ticked or not ticked. The effect of the user’s interaction with the computer is visually immediate and logically deducible: “if I click on the tick-box again, it’ll become unticked”. However, if the user has failed to grasp the fundamental rules of mouse interaction, the consequence might be that they double-click on the tick-box, and then wonder why they can’t get the tick-box ‘ticked’.

A frequent example of this issue is the propensity of many people to unnecessarily double-click on links inside web browsers. They have failed to fully grasp the rules of mouse-based interaction. Fortunately, the penalty for this specific misunderstanding is pretty low: a link that has been double-clicked will open anyway.

Expert users may fail to appreciate the importance of the rules until they’re faced with learning a new application which provides an interface that breaks the rules or implements them in odd ways. Older versions of Photoshop and The Gimp (an opensource alternative to Photoshop) are good examples of this.

Students of usability might correctly recognise the ‘rules’ for mouse interaction as another expression of the concept of mental models. They might also see this as an example of the difference between implicit and explicit knowledge. Mental models are more commonly used to explain users’ understanding (or misunderstanding) of objects such as toasters, elevators and ovens. There isn’t space in this article for a full discussion of mental models. But what makes the mouse example so interesting is the pivotal role it plays in our IT skills, and the lack of attention it gets when attempting to impart those skills to other people. The ‘rules’ may indeed be hidden, but that shouldn’t and doesn’t detract from their significance.

But from time-to-time, the critics get it wrong. Whether they’re motivated by a zealous hatred of Microsoft and all its works or simply misinformed, some allegations just don’t stand up to scrutiny. And so it is with Microsoft Product Activation (MPA)

Microsoft has endured a lot of criticism since it first introduced MPA with some editions of Office 2000. MPA is now used on most Microsoft software, including its two cash-cows: Windows and Office. MPA requires the user to enter a unique code (usually printed on the CD packaging) during software installation. This code is then automatically compared against a list of codes on the Microsoft servers which then permit the use of the software (if it’s a legitimate code) or block use of the software (if Microsoft deems that the software has been pirated or installed too many times).

In order to mount a defence of such an unpopular copy-protection mechanism, it’s first necessary to examine the case against it. Criticisms of MPA can be broadly divided into three main arguments:

1. It is inconvenient.

• It requires the user to have their installation disc packaging handy when the software is first installed. If the hard disc is reformatted or replaced, the code needs to be entered again when the software is reinstalled.
• Online reactivation may be impossible if a PC is rebuilt with several new components (including a new motherboard), or if a user simply wants to migrate from an old PC to a new PC. In these circumstances, reactivation may only be possible via a phonecall to the MPA hotline. This issue can affect computer hardware enthusiasts who like to tinker with their PCs’ innards, or regular home users who have simply replaced an old machine with a new one.

2. It is an invasion of privacy.

• During product activation, information about the user’s PC is collected and sent back to Microsoft. The user cannot stipulate what information is collected, cannot see what information is collected, and cannot activate the product without allowing the information to be collected.

3. It doesn’t work. MPA does not prevent software piracy.

• None of the products supposedly protected by MPA – from Office 2000 through to Windows Vista – have survived determined attempts by technical experts to break the protection.
• There are a variety of methods for getting around MPA, from emulation tools to registry hacks, to downloadable key generators. Although the ease with which MPA can be circumvented varies from product to product, it is invariably possible assuming a determined and technically knowledgable user.

This article addresses each of these points. However, it is necessary to work from the premise that Microsoft’s desire to protect its software is legitimate in principle, even if its methods for doing so are disagreeable in practice. If one rejects that premise, then all other arguments regarding MPA are irrelevant.

Starting with the allegation that it is inconvenient. Most software packages from most software companies require the user to enter a security code when the program is first installed. As there are few complaints about entering codes for most non-Microsoft products, there must be something special about the way that Microsoft does it. And indeed there is. On most non-Microsoft programs, the software installer hashes the security code locally (i.e. on the user’s own PC) to ensure its validity. MPA works differently, in that it connects to Microsoft’s servers to check the validity of the code and ensure that the same code has not been used too many times.

Consequently, if the software is installed on a replacement PC or the motherboard is switched, the user might have to call the Microsoft hotline for a replacement code. This is the thing that critics complain about. Indeed an article on The Inquirer rages against the injustice of it…

“Mr and Mrs Hardworkingperson have an old PC with XP and Office 2003 installed. They’ve had it for five years. Junior Hardworkingperson wants to run a new game that only works under Vista, so Mr and Mrs H pop down to PCs R Us for a new machine. This comes with Vista pre-installed, but without Office… Any attempt to reinstall it will result in a message telling them they’ve exceed the maximum number of installs and force them to phone up for a new product code. They’re branded as criminals for buying a new machine.”

That kind of article – on one of most-read IT news sites – is typical of the hysterical attitude of many MPA critics. The family in the story are not being branded as criminals. They’re simply being asked to call a Microsoft hotline – which is available 24/7 – so that they can be given a new code. Indeed, even the article’s author then admits…

“To be fair, the MS product activation call centre appears to be staffed by halfway-decent, intelligent people, but that’s not the point.”

Actually, it is the point. Microsoft are protecting their software and doing it in a pretty painless way. One phonecall is a fairly trivial requirement compared to the rest of the onerous process of configuring a new PC. And crucially, the author conveniently omits the long grace period – during which the software can be used as normal – before it has to be reactivated. Reactivation does not have to be done immediately. In fact, the software can be used 50 times before activation.

Moreover, it is worth considering that this issue only affects the tiny proportion of consumers who upgrade their motherboard – an activity which is beyond the capacity of all but the most expert users; and those users who upgrade to a new PC and then want to reinstall the old software. Microsoft’s own research indicates that activation requests due to modified or new hardware account for just 2% of the total. And the chances of having to call the hotline are now even lower, as the new Office 2007 Home & Student edition permits installation on 3 different PCs.

Moving on to the allegation that MPA is an invasion of privacy. This criticism would be easier to take seriously if it wasn’t so patently untrue. MPA sends two pieces of data to Microsoft: the activation code, and a hardware ‘hash’ code.

• The activation code is simply the line of digits printed on the CD packaging.

• The ‘hash’ code is a non-unique number generated by the specific hardware configuration inside the user’s PC. It cannot be ‘reverse-engineered’ i.e. it is impossible for Microsoft to know the make or model of your PC – nor indeed anything about it at all – by looking at the hash code.

Neither the activation code, nor the hash code is linked to a specific person. No personal information is collected. No information about about any aspect of the PC is collected. Microsoft knows nothing at all about the user or the user’s PC. There is simply no invasion of privacy.

The final allegation is undoubtedly the most serious. If MPA fails to prevent piracy, then what’s the point of having it at all? As noted above, with sufficient determination and expertise there are a variety of ways to ‘crack’ MPA. In fact, Microsoft recently commented on a BIOS hack that breaks MPA on specific editions of Windows Vista.

However, it is misleading to conclude that MPA is a failure just because it’s vulnerable to sophisticated attacks. Indeed, criticising MPA because it can be broken with a BIOS hack, is analagous to criticising a door lock for failing to resist a master safecracker. MPA is not designed to prevent circumvention by individual users with sufficent expertise, motivation and time to spare. Rather, it is intended to hamper organised counterfeiters, and casual piracy amongst friends and relatives. In reference to the BIOS hack, a Microsoft Senior Product Manager commented…

“Our goal isn’t to stop every “mad scientist” that’s on a mission to hack Windows.”

On every form of digitial media, from DVDs to iTunes, all copy-protection mechanisms have eventually been broken. Does anyone really think that Microsoft engineers thought that MPA would be different? Does anyone suspect that it was a galloping shock when MPA turned out not to be impregnable? Of course not. MPA may not prevent the most knowledgable and determined users from pirating software, but it certainly prevents enough to make it worthwhile.

So, what can be concluded about MPA? It is of little or no inconvenience to at least 98% of users. It does not breach anyone’s privacy. And, rather like a door lock, while it’s not unbreakable, it does a good enough job in most circumstances to make it worth having. Who could argue with that?

For many technology companies, ‘innovation’ is just a throwaway buzzword to be inserted with requisite regularity into puff marketing brochures and website flash animations. But occasionally, new products tip up, fully deserving of the ‘innovative’ moniker, and it is these products whose genesis is worth considering.

For example, consider the questions Google engineers might have asked themselves when they started specifying the requirements for a Google email product.

• What do we like about current email implementations?

• What do we dislike?

• What would do we want to do but are prevented from doing? How do current systems limit us?

To an extent, Gmail redefined email by adding pseudo-limitless storage, and doing away with folders. Most other email providers were forced to increase their storage quotas, and introduce email ‘tagging’. But the Google engineers omitted a key ingredient: email’s best kept secret.

Gmail’s web interface is one of the best around, but for speed, efficiency and flexibility it doesn’t come close to matching Outlook, Thunderbird or any number of other desktop email clients. It’s here that most webmail providers hit a problem. If you use a webmail account with an email client, or want to access your email from multiple locations or multiple devices, it becomes very difficult to keep your folders synchronised. The reason for this problem is the Post Office Protocol (POP or POP3) which underpins most consumer and many business email infrastructures.

If you’ve ever been approached by a friend or relative in the middle of an email ‘disaster’ – then POP was almost certainly the culprit. Getting a new laptop and can’t work out to how to ‘move’ all the old mail on to the new machine? Blame POP. Been accessing email from several different places, and now ‘sent’ mails are missing from the ‘Sent’ folder? Blame POP. Your laptop has been stolen – and now years of archived emails are gone forever? Blame POP (and the thieves…) Emails that are available on one PC can’t be seen on another PC? Blame POP.

It’s astonishing how many email problems are caused by POP. When POP was originally specified, users were expected to access their emails via dial-up, from one place and one device. The concept of always-on internet and multiple login locations was never envisioned. Neither was the idea that we might be strolling around accessing our email from mobile devices.

POP works by storing all incoming emails on a server until the user logs in to read them with an email client. At that point, the emails are moved from the server on to the user’s PC. Outgoing emails are stored in a ‘Sent’ folder in the client on the user’s PC.

The problem comes when the user wants to access emails from a second PC (or any other device). All the old emails have been stored locally on the first PC – but not kept on the server, which means that they’re unavailable on the second device. Worse still, email received or sent on the second PC will be stored locally i.e. on the second PC (so it won’t be available on the first PC). Over time, all the PCs and devices become out-of-sync. Even if the user stick to using only one PC, everything will still be lost if the PC breaks or is stolen.

To get around these problems, a number of updates and ‘fixes’ (which would be better described as kludges) have been applied to POP. A ‘Leave on server’ option copies incoming emails onto the local drive rather than moving them. However, for reasons too lengthy to explain here, the ‘Leave on server’ kludge is not totally reliable, and forces the server and client to do a lot of unnecessary work in the background.

POP suffers a myriad of other inefficiencies and problems. For example…

• The email client is forced to download whole emails (including attachments) before the user can read them. It is not possible for the user to simply view the header, and then decide whether to download the rest of the message.

• It is not possible to reliably log into a single account from multiple devices simultaneously (rendering it impossible, for example, to retrieve email on a mobile handset while still logged in on a PC)

• It is difficult to manage folders (e.g. renaming, creating and deleting) on the server by using the client.

Fortunately, a solution to all these problems has been around for years. It’s an alternative to POP, called IMAP, and avoids all the issues which plague POP.

• Emails are never moved or copied on to the local PC. Instead, they stay on the server at all times. When an email is sent, a copy is stored in the ‘Sent’ folder on the server. When an email is received, it is viewed on the local device, but remains on the server.

• When the user logs in, only the email headers are downloaded. The body of each email (along with any attachments) is only opened when the user opens the email. No time is wasted while waiting for unwanted emails or spam to download.

• A single email account can be accessed from many locations and devices – even simultaneously – without any folders becoming out-of-sync.

• Folders can be managed directly from the client

• IMAP supports ‘push’ functionality so users are immediately notified when a new email arrives. There is no need for the client to constantly ‘poll’ the server.

This might seem too-good-to-be-true. Indeed, the most significant downside to IMAP is that it requires a degree of server speed and reliability (on the part of the email service provider) that wouldn’t be necessary for a POP account. Consequently, most consumer IMAP email providers are not free. I’ve used Fastmail for several years and am happy to pay $40 a year for their premium service. For alternatives, there’s a hugely detailed list of IMAP providers here.

A little Googling will reveal that IMAP has many devotees. Those who have discovered it, like to shout about it. It’s not surprising that IMAP access is the single most requested GMail feature. And there are plenty of articles (e.g. here, here and here) extolling its virtues. Even Microsoft Exchange Server supports it. Inexplicably, IMAP is still email’s best kept secret. Hopefully it won’t be for much longer.