Saturday, March 29, 2008

Things I'd Put in Room 101

Room 101 was a BBC TV series named after George Orwell's torture chamber in the book 1984. In it a guest would explain to a regular presenter why s/he wanted to consign half a dozen pet hates into oblivion. Since the series has now ended I no longer have any hope of explaining to the British Public my pet hates, so I thought I'd do it here instead.

One and Two Pence Pieces ("Coppers")

When the UK switched to decimal currency from pounds, shillings and pence (12 old pennies to a shilling, 20 shillings to a pound) the smallest of the new coins was the half penny piece, which was finally withdrawn in 1984 as inflation had made it unnecessary (the UK saw inflation pass 20% during the 1970s). Since then inflation has been lower, but its still there. The copper-coloured 1p and 2p coins have lost about half their value since 1984. Today their only use is as change for something costing £1.99. Since many things cost a penny under a round amount to prevent staff theft and make prices look lower, my wallet fills up with these big, unwieldy, almost worthless bits of metal. Eventually you accumulate enough of them to give £2.09 to a shop assistant and get 10p change instead of 1p. You often get a grateful smile as well: shops keep running out of these coins for the same reason we keep accumulating them.

My wife is a teacher. She tells me that secondary school children use these coins as missiles. You can't ban children from carrying them, they are big enough to hurt if thrown hard, and only cost a penny or two each.

The time has come to abolish these coins. To be sure shops would sell stuff for £1.95 instead of £1.99, but this is an improvement in two ways: the 5p coin is smaller even than the 1p, and a half dozen 5p pieces can actually buy a bag of crisps.

I imagine that having the smallest unit of cash bigger than the smallest unit of accounting is going to cause some headaches: how do you close an account containing £561.34? But there must be ways around this. When I visited Italy in about 1988 the smallest coin was 10 lira, then worth about 0.5p. So they obviously coped with this question.

Having to Listen to the Guy in the Next Toilet Cubicle

Its not him I hate, its the experience of having to listen to all the little noises. I imagine he feels the same about me. In fact I'm sure that the vast majority of you are cringing as you read this, because you know exactly what I'm talking about and hate it just as much. So, if this is such an unpopular experience, why are toilets still being built with no audio privacy?

I suspect that current toilet architecture dates back to the days when masturbation and homosexuality were seen as terrible evils. You couldn't deny people privacy at home, but you could at least make sure they weren't doing anything unnatural in the public loo. Today we are a bit more enlightened, and the justifications for denying us a bit of privacy no longer make any sense. But somehow the architectural profession hasn't caught up. I suspect that amongst architects everyone knows how to build a public or workplace toilet, and everyone assumes there must be some good reason why its that way, even if they don't know what it is themselves. Or is there some British Standard specifying the minimum gap between floor and cubicle partition?

When I worked for Marconi I visited their swank HQ in London a few times. Their toilets had separate soundproofed cubicles. What luxury! Presumably the architects who designed the building back in the 1920s thought that the superior specimens of manhood who would inhabit it would be safe from unnatural vices, and only the lower classes needed to be monitored.

Blue Indicator LEDs

The invention of the blue LED was a technological triumph. It paved the way for higher densities of optical storage and also made efficient LED lighting a feasible proposition. So I don't want to get rid of the blue LED altogether. What I do want to get rid of is the use of blue LEDs as indicator lights in computer equipment because they are so much brighter than the older red and green ones. Red and green LEDs light up enough to show you that they are on, but blue ones are positively dazzling. Having one of these in your field of view is annoying; you have to avoid looking at it because the after image will make it difficult to look at anything else for several seconds. I bought a couple of USB disk drive enclosures a while ago, and not only had the designers included perspex sides with blue LEDs in them, but they had also slaved these LEDs to disk activity so that they flashed and flickered. They shipped these horrible things with leads that had even more flickering blue LEDs. Aaarghh!

The plague of blue LEDs seems to have abated somewhat, but its not gone. My new laptop has almost all green indicator lights, except the Bluetooth indicator is blue. It doesn't flicker with activity, but I've still stuck some masking tape over it. This looks ugly, but it does diffuse the blue enough to be tolerable.

Cellphones that play music through a tiny speaker

Why someone thought this was a good idea I don't know. Its probably not down to one person, more a combination of marketing-driven design and engineering compromise leading to something totally horrible, like deciding your house needs repainting before you sell it, but the only paint you can find is sickly pink. Yes, you've repainted the room as per the requirements from Marketing, but you'd have done better not to bother.

In the case of the cell phone, I imagine the conversation went something like this:

Marketing: We want our phone to be the next ghetto blaster.

Engineering: Ye canna break the laws of physics Jim. Phones are too small to reproduce low frequencies at high volume. Thats why nobody has done it.

Marketing: OK, so its not going to be the greatest sound reproduction. But you're a great engineering team. We have faith that you can rise to this challenge. Besides, we've already paid for the advertising, so its too late for you to back out.

Engineering: Well, I suppose if you shifted all the frequencies up an octave or two you could at least hear the music, but its going to sound...

Marketing: Great. Just great. "Make it so!" .

So last weekend one of my son's friends came over with his new cell phone playing what sounded like Bohemian Rhapsody sung by Pinky and Perky, except that it wasn't meant as a joke. It was probably the most nauseating musical experience of my life.

Distorted Muzak

Another musical one. I don't mind muzak most of the time: shopping is boring, and sometimes they play something I like. But every so often I find myself in a shop that gets its muzak from some kind of satellite radio muzak channel (I gather chain stores often do this because the supplier takes care of copyright licensing). But the signal is weak or the antenna has drifted or something, and the sound is heavily distorted. Muzak is supposed to put you in a relaxed mood in order to make parting with money less stressful, and good muzak does this. Badly distorted muzak just makes me want to get out as fast as possible. But its no good trying to complain. "Its company policy to have music" says the spotty youth at the customer service desk.

Candles on Restaurant Tables

This is another visual distraction, worse even than blue LEDs. Candles are brighter, and they flicker more. Restaurant owners don't even have the excuse that candles are the latest cool technology; they are thousands of years old. So why is it still considered a good idea to put one in between two people who want to look at each other?

Because it draws my eye, I feel compelled to fiddle with it. I wave my fingers through the flame and toy with the softening wax around the edge. Then I remind myself that this behaviour probably drives other people up the wall and put my hands away, for a couple of minutes until I find myself doing it again.

Wednesday, March 19, 2008

Why Voting Machines Can't Add Up

Ed Felten is continuing his excellent work exposing the broken state of electronic voting machines. Many people are wondering how such software can have been allowed out by its developers. The discrepancies don't (at the moment) seem to be a result of fraud, just very buggy software.

Voting machines are obviously important, so their development is regulated. I've never worked in the voting machine industry, but I have worked in another kind of federally regulated software: medical devices. So I know how regulated software projects work, and how they don't.

The fundamental problem underlying this is that nobody in the world actually knows how to write software that reliably does what you want. There are quite a lot of people who can write such software, but if you ask them how its done they basically waffle. Most of them agree on a list of steps to take, starting with writing down exactly what the software is supposed to do. Various attempts have been made to codify this list, and they all look pretty similar. The voting machine standards are just another variation on this theme.

However this is all cargo-cult engineering. We know that the people who can summon up the magic cargo planes do it by putting things over their ears and saying magic words, but it doesn't follow that if we put things on our ears and say the same magic words the cargo will appear. So it is with software engineering. You can write Requirements Documents and Class Diagrams and Test Scenario Documents and Test Execution Reports until you run out of paper, but it won't make any difference if you don't have the Quality Without a Name.

Imagine you are managing a development project to build a voting machine. Your mission is to get the thing on the market. You have been given a bunch of programmers, half a human factors person and a quarter of an industrial designer. The time available isn't long enough, but you know its no use complaining about that because its not your boss's fault, or even the CEO's fault. Its the fault of the people at Big Competitor who are planning to release their product just in time to tie up the whole market, so if you don't deliver the product at the same time then its not going to matter who's fault it was, the whole division is going to get laid off anyway. You could get some more people if really wanted, but you know that more people aren't actually going to speed things up.

The Quality Department have downloaded the voting machine regulations and someone has been going through them and writing down a list of the things they say you have to do and the order they have to be done in. This is very good. In fact you send the Head of QA a little note saying how helpful his minion has been to your project, because now you have something to aim at. Project Management is mostly a matter of getting your hoops lined up so that you and your minions can jump through them as quickly as possible, and the QA minion has done the regulatory hoops for you. The regulations boil down to a list of documents that have to be shown to the inspectors (who you are going to hire, but thats another story). Each document has a list of things it must contain, and some of those things have to be traceable to other things. All you need to do now is start allocating people to things on the list and getting them ticked off. The list is long, but you have one big advantage: there is nothing to say how good any of these documents have to be. They don't have to be good, they just have to exist.

One of these documents is called "source code". Of course that one does have some quality requirements on it: its got to pass a bunch of tests. But the tests themselves don't have any quality requirements; like everything else they just have to exist. And passing the tests is the only quality requirement on the code. Once the independent laboratory you hired has run the tests and said "pass" you are over the finishing line and you can start selling these things.

This means that you have a very strong motivation to keep the testing to the minimum you can get away with. The regulations say you have to have a test for each item in the original requirements document, and this test has to be run once. If your software fails a test then you get to fix it, and if the fix was small enough you can get away without repeating all the other tests as well. During this whole time your eyes are fixed on the finishing line: the objective is to get this thing over the line. What happens to it after that is someone else's problem.

When you look at these machines from a project manager's point of view you start to see how they got to be so unreliable. "Quality Assurance" is primarily a matter of making sure you get all the items in the regulations ticked off; it has nothing at all to do with the original meaning of the word "quality". Ironically the regulations may actually do more harm than good because they divert energy from real quality onto generating the required inches of documentation.

Over the years I've spent a lot of time trying to figure out how to fix this problem, and I still don't have an answer. Abolishing private companies is a cure worse than the disease, and it won't cure the disease anyway because it won't abolish projects and the need to manage them. Software Engineering has a bad case of Quality Without A Name, and there is no prospect of it getting better soon.

However in the limited domain of voting machines I believe the best cure is sunlight: we may not be able to define quality in software, but we know it when we see it. The source code for voting machines must be published. The manufacturers will scream and shout about their precious IPR and trade secrets. This is nonsense. Any voting machine must have a well defined version of someone's software running, so any illegal copying will generate a cast-iron audit trail back to the perpetrator. And there are no real trade secrets in voting machines: counting votes is not, when it comes down to it, a particularly complicated problem. The voting machine manufacturers will make just as much money as they do now. In fact they'd probably make more because if the machines were trustworthy then people would learn to trust them. However the first vendor to start publishing their source code will be at a disadvantage because everyone else can pinch bits of it with very little risk of detection (and if they get caught they can just blame a rogue programmer). So the regulations on voting machines should be changed to require the publication of the code (and other design documentation too, while we are about it). That will create a real requirement for quality source code. Until then we are stuck with the current mess.