Tuesday, 7 February 2017

"Lazy" vs "Greedy" Design

"Convention over Configuration" always intrigued and fascinated me although I knew, deep in my heart, I did not understand a word of the trilogy of words! So, when I chanced upon this opportunity to relate two examples of design that I happened to come across (one, due to my recently, of some years, acquired liking for simplicity and two, as a user with limited resources), I chose the middle path - not to coin any new set of fancy words but to rely on the existing set of terminology doing the rounds in technical forums - "lazy" and "greedy".

The process of authentication has become far more refined and varied than it used to be in the days when WSE sounded like some Chinese royalty among peasants so, rather than go into all the intricacies of "packaged" libraries or encryptions of the Da Vinci code type, I decided to check out the OTP (One Time Password) with Time and Space as the chief factors of ensuring the authentication cycle.

The "Time", as in the 'time' that the OTP gets sent to the 'time' that the user uses the OTP and the "Space", as in the 'space' between the email window and the application window. For this form to be called a "lazy" design is not exactly correct if not contrived, but when put in relief with the other forms of authentication doing the rounds, it does have a "lazy" tinge to it even though, put to some severe test, it may break due to the space factor but the 'laziness' becomes pronounced when seen in relief with the following description of a 'design' that I found on a gateway (and possibly, that which exists, across the world!) - that of a payment gateway authenticating the OTP sent to the user by automatically picking up the OTP sent by SMS to the user's mobile and then submitting it for processing to the gateway!

There is a huge flaw in such a design that is far too greedy in its functioning and the greediness can be better perceived with an elaboration using a Context and a Domain diagram but since there is no real need for me to prove a point or score one over the application (anyway, it is my blog so what I say is always right ! :)) designers, suffice it to say that it fails a test scenario, where the network or the network signal of the user's service provider gets broken and the session, too is lost, or quite simply, in a dual SIM mobile, the user simply switches on the SIM (which is the registered mobile for the payment gateway to send the SMS to) a few seconds or minute after touching the "Pay now" option (obviously, this is a dual sim mobile phone app test scenario).

There is a hilarious story that explains the parallel human behavior (I am a strong believer that software design evolves (not just out of tests as in TDD) out of the culture of the region) of such a scenario nutcase that goes, "I know, I know what he 'thinks'" to another nutcase that calls it up to ask for an 'update' (with no possibility of corroborating on a 'thought' of another person (leave aside the thought of the same person) but it gets best explained by actually knowing the nutcase and its group of  'girlfriends' (ie., because the nutcase 'thinks' (it is quite possible for roles to get switched here due to the language and interpretation ! :D) that the other person 'thinks' that it is talking to a girl, it uses words that one uses only with girlfriends while, on the other end of the phone, the man may simply be cursing the nutcase or quite simply, the mother (as in 'Psycho's mother)!

To get back to the bug, this means that while the app tries to desperately read the last (most recent) SMS received and does not find it and gives the user the option to use the "Regenerate OTP" option and one scenario is that the user touches it as a selection, by which time, the previously generated OTP gets sent and the app once again, goes into the automatically submit OTP option! This now results in the second scenario that of the "Enter OTP manually" option, which if the user uses results in the wrong OTP getting entered into the text area because the newly generated OTP is queued but has not yet been received by the user (for whatever reason, one being that the user's messaging space is full and the other being, the network) and if the user loses patience and presses the Regenerate option and deletes the earlier SMS then it results in another cycle of confusion!

Sometimes convention is not the best of reasons to use or follow in design (especially in software design) and neither should too much of user friendliness be the yardstick to judge a design as the right design because over-zealousness, in software design, actually translates to "greedy" and even though a "greedy" design may work but an "over zealous" design will (or must) fail as the human factor, that of using time and space, in contrast, will always succeed!

No comments: