[SystemSafety] Fwd: Re: power plant user interfaces

Thu Jul 16 10:03:13 CEST 2015

Remarkable things happen when strong opinions are subjected to peer review.

When I made the comment: "...metaphors are not often used unless they have become the norm as there are obvious risks involved in using novel solutions." You replied:

On 16 Jul 2015, at 10:02 am, Les Chambers <les at chambers.com.au> wrote:
> Disagree: try explaining any concept without using a metaphor. Human beings do this naturally. You can't avoid it just as you can't avoid the fact that HMI is a metaphor and seeking out better metaphors is the key to better design. The comment '... risks involved in using novel solutions' smacks of the old
kernel: 'what has not been done before should not be done'.

I didn't say don't use metaphors in HMI design. What I did say was that the use of *novel* metaphors in safety-related systems presents risks that I would have thought were obvious. I don't advocate a 'what has not been done before should not be done' approach. I do however support a cautious and evolutionary approach when using *novel* metaphors for safety-related systems.

For example, the next generation of Air Traffic Management workstations may be capable of showing 3D airspace models (DFS in Germany are testing them now) but I predict that their use for actually providing Air Traffic Control will be along way off until 3D airspace models are accepted by ATCOs and the training, procedures and ICAO rules etc. catch up. 

Of course, we may have different assumptions about metaphors in the context of HMI development. The silver-bullet of HMI designers is to develop metaphors that are universally understood by everyone intuitively but there is a lack of empirical evidence to show that is the case.

Anyway, time is money.....

Cheers
Carl
___________________________
Dr. Carl Sandom CErgHF CEng FIET
Director
iSys Integrity Limited
10 Gainsborough Drive
Sherborne
Dorset, DT9 6DR
United Kingdom
+44 (0) 7967 672560
Carl at iSys-Integrity.com
www.iSys-Integrity.com
___________________________

-----Original Message-----
From: systemsafety-bounces at lists.techfak.uni-bielefeld.de [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of Les Chambers
Sent: 16 July 2015 01:02
To: 'Smith, Brian E. (ARC-TH)'; 'Steve Tockey'; 'Peter Bernard Ladkin'; 'The System Safety List'
Subject: Re: [SystemSafety] Fwd: Re: power plant user interfaces

I find this conversation remarkable. I've always thought that this list is an ongoing psychology experiment. We have an interesting cross-section of opinion, all of which is understandably driven by the background of the authors. We are what we know, we all have our special brand of hammer and we all look for our familiar nails. 
Some of the responses below reveal a disagreement on what a metaphor is. I like the poet Robert Frost's definition (well summarised by Steve):
explaining this in terms of that where this is new and that is familiar.
Frost offered this in a speech he made circa 1934 and it has gained a substantial currency in the literature.

I would put it to the unbelievers that a user interface IS a metaphor. It is not a question of finding or not finding a metaphor for a particular system.
When you create a HMI you create a metaphor. The question then becomes: is it a good one or a bad one. If it's a bad one you're building an unsafe system. For example, the concept Steve described of having actual state and required state indicators for a control valve, is a thing we call I/O pairs in chemical processing. It is part of the DNA of the control systems designer. 

My comments on some of the responses:

>Very much agree, Steve, it's not possible to find a metaphor for every
system.
Disagree: if you can't find a good metaphor don't deploy the system, you could be creating a hazard.

>The whole point of a metaphor is to take something that the person is
already familiar with--
>like how a railroad switching yard works--and use that to help them
understand something they don't know about-
Agree: see above

>A good case can be made that formal logic is as metaphorical as it gets. 
Agree: as long as the output of the logic provides status information that is understandable by an operator. I note that in writing complex state transition logic we often purposely did not use logic simplification techniques. Instead we opted for something that could be read and understood by someone other than the author of the code. If this meant wordy code so be it.

>; metaphors are not often used unless they have become the norm as 
>there
are 
> obvious risks involved in using novel solutions. 
Disagree: try explaining any concept without using a metaphor. Human beings do this naturally. You can't avoid it just as you can't avoid the fact that HMI is a metaphor and seeking out better metaphors is the key to better design. 
The comment '... risks involved in using novel solutions' smacks of the old
kernel: 'what has not been done before should not be done'. 

>There is a fair amount of math and logic involved. No metaphors.
>Key to good HMI is rigorous formal analysis. There are other key processes.
Disagree: I have faith that, if the author of this comment spent substantial time working with operators in a control room, living with the system he designed and deployed, he would not have this opinion. 40 years ago when I walked out of university with a shiny new electrical engineering degree I would have totally agreed with him. It took plant operators all of six months to beat that opinion out of me.
Five years later I found myself in a control room on an island in the Hong Kong archipelago, in an engineering sense, very much alone and responsible for a critical system (the plant was very close, on the other side of a six inch thick concrete blast wall). English was the operators' second language.
Maths and logic were hygiene factors, necessary but not sufficient for safe operation. The operators were having a problem remembering the name of a particularly important control utility that ramped the reactor temperatures as the feed rate changed. I changed its name to SEX. They never forgot it.

Metaphors rule!

Cheers
Les