Sunday, October 27, 2013

On Magical User Interfaces

I had the pleasure of meeting Josh Blake last week on the LEF Study Tour, those that know him, will know that my mind is now filled with the wonders of Natural User Interfaces or NUIs

Natural... Hmmm .... of Nature
So they must at least appear Natural... which would mean that they would appear to be unsupported by technology.

I reach to Clarke's Third Law:
    Any sufficiently advanced technology is indistinguishable from magic.

So actually we are really after building MUIs!

Over the week we started exploring the various dimensions of NUIs
On the plane home I extended our list and mapped some of the relationships. I so needed Josh's patient thinking support
(Josh: I really did appreciate your gentle patience as you lowered me into this new space.... but I still have problems with your definition of NUI :-) )

So here in no particular order ( he says lying through his teeth)  are my latest dimensions:
Agency (OK so you knew I'd put that one first! For it's surely the "raison d'être" of any interface!)
Affordability (ie Affordance - look it up it does't relate to monetary cost, it's more like learning cost)
Efficacy = Affordability / Effort ?
Efficiency = Utility / Effort ?
Manageability, describes the ease of adding new things that can be controlled
Utility, Outcome Value

Magic was added after the experience of sitting at the back of the room at Microsoft watching Josh drive his presentation by apparently effortlessly interacting with, who he later revealed as, "Preso", it certainly appeared to be Magic.

I have all the bits in my lounge (apart from the magic linking software) that would allow me to gain the attention of my imagined Home Agent "Auto" , point at a light switch and indicate what I want to do with it... Switch On, Dim, Swich Off, Wait why would I point at the switch? I would of course point at the light, that would be more natural right... ? But last night as I was practicing interacting with the imagined "Auto"... I pointed at the switch. I wonder why....  I suppose I am not yet conditioned to interact with MUIs

For those interested in developing the software, I have
an X Box and Kinect
my light switch is X10 enabled
A Mac Mini running Home automation software Indigo, 
Indigo Touch on my iphone and iPad

So the real magic will be to make it a mundane exercise to connect Kinect & Indigo
I tried explaining this to the folks who develop such standards and APIs and failed badly!
Such things should be able to, when I ask them to engage in the exercise, discover all the things that they can interact with and associate with them.

Until all the Things are that smart, I need an API Agent, who I have called Api , that helps me connect all my Things together...   now that would be Magic!
(Aside I hope the FIDO Alliance keeps focussed on Things!)

Josh I have developed My hand commands for Auto
Double Silent Finger Click = Attention Auto
Point  = Select Thing I want to interact with
Palm up and still = STOP!
( Attention followed by Stop = STOP ALL a sort of emergency Stop Command)
Palm Down drop hand  = Lower
Palm Up raise hand = Raise
Imaginary Knob Grip Twist Left = Turn Down
Imaginary Knob Grip Twist Right = Turn Up
Finger to my Lips = Go into Silent Mode Auto
Palm forwards and forward movement = Close
Palm face inwards an backwards movement = Open
On and Off are a lot harder to imagine as natural commands the closest I have come is
On start with finger and thumb open then touching the two
Off start with finger and thumb touching then opening the two
Though I can also imagine touching finger and thumb as the command for both
A set of Hidden Commands acts as Duress Commands which mean
don't do this or call for help, or emergency erase sensitive info
Actually all the commands should be able to be personalized 

I want Auto and Api now!

I do know that Smart Things will take a little longer

magic and Interfaces have been explored before.... darn again I wasn't original
Some other reading on the subject

Side note: The exclusionists in Wikipedia have gained ascendancy and they eradicate terms like Magical User Interfaces as they consider them proto-neologisms and refuse to use Wikipedia to be used to track the birth of knowledge. I find it hateful, but then I would as I am an inclusionist! So don't bother to look for the term in Wikipedia yet, as you will only find the Amiga software!

Sunday, October 13, 2013

Anti-Clockwise versus Clockwise

The aha! came as I was contemplating a question posed to me in the Gherkin where I was presenting the concept of Outside-In Security and the importance of "Clockwise" security, my off the cuff response created a tension in me that was like grain of sand in an oyster. I only wish I could remember the name of the person who posed the question and the question itself, in order to give them appropriate acknowledgement.

So to refresh..
"Outside-In" is an LEF (Leading Edge Forum) concept, recognised by the researchers at LEF headed up by David Moschella. It holds that the power of technology is starting to move the most effective location of value creation from Inside the "Enterprise silo" to Outside the enterprise silo. Simply put in the future, more value will be created Outside-In, than Inside-Out. It is basically a different view of an Information Security concept that I have been involved in the development of through the Jericho Forum; that of De-Perimeterisation, which describes the impact of technology on the perimeters of organisations.  I will come back to the "different view" later, but let's identify the common factor in these concepts. It is the "Internet"

There are a number of parallel changes created by the most positive impact that the internet brings, which is that of removing the friction in the sharing of knowledge. There may be many who at this point would start listing all the negative implications, including the impact on previously successful business models. But I want to focus on the positive aspects of free flowing information and knowledge, and the implications on the approaches used to ensure the maximal creation of value.

Companies that are aware of the value of connecting customers and producers in this new era have already moved to take a position of power in this new nexus of power. Those in control of the flow of data will be the ultimate winners, is it not best that we work to maintain the right balance of personal, corporate, or governmental control over the flow of data?

The mechanisms or approaches for doing this are embodied in these things called IT Systems.

They are developed by often well meaning systems to achieve the desired and specified requirements or outcomes. [[As an aside I had once a very confusing interaction by an academic teaching the next generation of our computer graduates their craft. He stated categorically that Information Asset Management more broadly, and Information Security specifically, were simply requirements that need to be specified in the original design of the system by the procurer of the system. Simply put he stated that computer programmers had no right or obligation to build compliant, safe or secure systems. If a component was not specified it should not be built. Simples!

I tried to remind him that early cowboy architects had designed buildings that did not stay up in the winds normally expected in the area in which the building would be built. If professional architects design buildings that will meet these unspecified expectations, why should IT Professionals not also take on these responsibilities, he was adamant if the customer did not specify it, it should not be added.

In the absence of Systems Development Regulations, similar to Building Regulations, I believe that we should be developing Computer Professionals who understand the importance of Information Asset Management, and who build Systems that meet the Users specified requirements as well as those that may have been unspecified but enable the IT System to run in a compliant, safe and secure fashion. In retrospect I perhaps was guilty of imposing a different view without integrating it with the normal perspective. I do hold to my belief however that the un-named academic IS guilty of churning out computer cowboys rather than IT professionals.]]

There are two types of activities involved in the development of safe and secure systems. The development activities aimed at meeting the base need(s),  and those that create a compliant, safe and secure system.
The first is the basic System Outcome Specification process.
It is normally done in a clockwise manner starting from the need, and not taking into account compliance, safety or security requirements, then returning to test and implement.
One might call this a Clockwise Systems Delivery Process.

The second is the specification of the Compliance, Safety, and Security aspects.
This is normally started at the point when the System is about to be implemented, and is by necessity completed in a rapid Anti-Clockwise manner. (Invariably not focussing on the initial need or required outcome, but the threats observable to the proposed system.)  I call this Anti-Clockwise Information Asset Management. Whereas the more effective approach below is called Clockwise Information Asset Management.

The aha! basically states that at the point when a new need or outcome is identified, that both these activities, should be initiated in a Clockwise manner starting from the Need and operated in parallel to define and implement a complete set of system requirements, including the required controls..

Once the system is implemented the loop is applied starting from Threat and operated in an Anti-Clockwise manner to operate the system. However whenever a change is required the Clockwise approach of the two parallel requirements systems should be re applied.

It can thus be noted that rather than thinking Anti-clockwise versus Clockwise Information Asset Management we should be thinking when should the two approaches be applied.

In short the Information Asset Management Lifecycle should be appropriately integrated with the Systems Development, Testing & Implementation and Operations.

Sometimes stating the obvious takes ages to occur! I wonder when we will see Compliance, Safety and Security processes effectively built into Systems Delivery Processes? I hesitate to ask my academic friend, as I already know what he will say...  "When the Customers ask for it!"

Hmmmm??? We might be waiting a while.

When it comes to different views, I am reminded of two blind men trying to identify an elephant, one holding it's trunk the other one of its legs. Having never seen an elephant neither were capable of describing the whole elephant, from their two different perspectives. Sometimes it is important let go of one perspective and gain another to "see" the big picture. Sadly I have spent much of my career holding onto one perspective.; Inside-Out. When Outside-In holds so much more learning and value creation opportunities. Neither of the Blind Men ever did ask each other for their perspective, nor the perpective of sighted observers.

MyPhone knows me, manages my soup, and acts as my Agent.

The device I really want has three key features over and above the standard Smart Phone stuff.

1st It knows MyIdentiy!
I'd go as far as saying it knows me a mile off, but I don't want to be without it that long! It uses multiple sensors to keep track of it's owners identity and status. It will know when I catching cold before I do.

2nd It stores and manages MySoup!
Which means it comes equipped with a fully extensible and semantically enabled Personal Data store that can readily have its content extended.

3rd It is MyAgent!
It acts on my behalf and not solely in the interest of those that built it!
It will advise me when I am in danger, it will encourage me to be healthier.

And best of all it can interact under my control with other MyPhones! for the betterment of humanity.

Hmm building the Rules that allow these devices to operate and achieve the above will not be trivai.

As a very bright person observed we should build the rules one asset at a time!

Which should we start with?

“Wie Lemminge” or It's the I in IT not the T that is key!

It all started in a taxi, with Simon Wardley, Alex Mayall and Warren Burns. The dialogue was brisque and for a change did not range into the weirder aspects of smelling bicycle seats, it was focussed on Why SAP?

The posit was "One of the primary drivers of SAP growth is the value of an SAP Implementation on the CV of CIOs". Cynical perhaps, but as we shared war stories we started to agree that it was a key element.

Alex recently emailed this paragraph:
It (the taxi dialogue)... triggered a recollection. Back in the mid-90s I met Dr Böndel, a German academic, who had written a controversial article in the German business magazine Wirtschaftswoche with the banner headline: “Wie Lemminge”. In the article he was despairing of the fact that firms in the German-speaking countries were opting for SAP solutions with all the due consideration of lemmings heading for the edge of the cliff. In terms of the storm this created, it was the German equivalent of Nick Carr’s notorious HRB piece “IT doesn’t matter”. Some local politicians in Baden-Württemberg, where SAP is based, even said that his article was tantamount to treason, as it undermined one of Germany’s recent industrial success stories. I found a reference to this in a short, well-researched and well-written history of SAP written in 2008 by Timo Leimbach: page 12). I can vouch for the accuracy of this history, as it chimes very closely with my own experience of SAP’s early days. Having said that, Leimbach is dismissive of Böndel’s arguments, but I’m not so sure. Unfortunately, I can’t locate the original Wirtschaftswoche article as that publication’s archive only goes back to 2000.

I am now hungry to read the "Why Lemmings" article… sadly the WayBackMachine could not help either, it stops in 1998, though I did track down the reference:

Böndel, B., SAP - Wie Lemminge, in: Wirtschaftswoche 49 (1995) 12, S. 108-118 but could get no further.
Aside: We are living at the end of the "black hole" in archival terms, Posit: Paper archival started to drop off in the Mid 80's as the amount of paper produced with these fangled things called computers
started to become un-manageable from an archival perspective, digital archival did not start seriously until the "Tenties" What the heck should I call this decade? Maybe an early signal of our blindness to the importance of Information as an asset?

When one takes a balloon flight high above the IT Historical Landscape, it is littered with examples of poor attempts at trying to make IT less costly and not more valuable.
This is basically because the folks that manage IT were focussed more on the T than the I, and ultimately driven by those that manage the asset class called "Dosh", "Wonga", "Mula", or "Dough".

Some examples:-
ERP = replacing as many systems as possible with one (Finance Driven)
Outsourcing = Reducing Capital Assets and Human Resource Assets (due to the cost of the pink things)
Don't get me wrong I love the profit motive, but I heard along time ago, from Michael Hammer, he of re-engineering fame, that there are two ways to affect profit, reduce cost or increase turnover, He argued very coherently that the top line strategy is the only approach with legs. Taking it out costs is the strategy of asset strippers, those whose goal is their own wealth not the creation of value.

Posit: We do not yet see Information Assets as the essential asset for creating value.

I believe the examples above stem from this observation. I heard that our antipodean friends are on the right track with this … in that there is an expectation to include Information Assets in company reports. Though I can't now find any evidence of this Australian shift.

Traditional Western view of asset classes:

In the future we will be looking back on this period where we were apparently blind to the importance and value creating properties of the information asset.
Google, Amazon and Facebook are three organisations that understand that having agency over the information assets of individuals has tangible value. 

Yet there have long been signs that bits can be consolidated to create data, data can be organised to give information, and the information can be analysed to extract knowledge.
The question is when will we get "wise" and see data, information and knowledge as the life-blood of future organisations, actually the ONLY Asset that really matters!

After all Wonga is simply an Information Asset Sub-Class that simply signals who owes whom!

One day we will get that Information Asset Management is way more important than we currently recognise, till that day should I keep quiet, or keep banging the gong?

I fear I may start looking and sounding like the weird guy with the bill-board in Guildford High Street telling us all that end of the world is nigh!! Hmmm! Maybe he's right and has access to the information that really matters! ;-)

There is however hope as the Marketing Department of many organisations are starting to get that IT can connect them directly to their customers, literally bringing the Client into their Organisation. Another example of Outside-In that Leading Edge Forum is so effectively signalling. Corporate IT Budgets are starting to look small in comparison with the Marketing IT Spend.
Should I be afraid or happy?

The danger or importance of putting the kin in things!

There are two ways of thinking about the kin in things.

The first the more dangerous of the two is only more dangerous if we do do it first!

If we put the kin in things, so that they become smart or thinking things, (OK so it was not a good pun!) before we put the kin in things so that they become "kith and kin" things, or things that know where their allegiances lie, then we should always be thinking: "On whose behalf is this thing thinking?"

In truth that is also true of a thing that can't think.

We should always be asking is this thing for me or against me? Is it a friend or foe?

As usual in this fast changing world of "Cyber Space" of which the internet is only a foundational part it comes down to Trust, what we might call e-Trust!

Trust, as we know, is founded on knowing a lot about the thing we want to trust, trusting the entity that commended the thing, and be very cognisant of the context in which we wish to use or operate the thing. This context can be embodied in the Rules of Entitlement a set of two way rules that helps us and the thing attain the correct degree of confidence in each other. [Why would a smart car start, without protest, if it knows that you are, over the legal limit,  not insured to drive, do not hold a valid driving license or road fund license, or do not have enough fuel to complete your intended journey.]

The sub components of all this are :

  • Identity Part 1; literally the ID of the Entity (or Thing)
  • Identity Part 2; attributes that support decisions about the Entity
  • Authentication (of Identity Part 1 & 2)
  • Rules of Entitlement  <<< Magic Lies here
  • Services relating to the provision and corroboration of the above
  • Finally controls that allow the management of 
    • effective degree of transparency and translucency of the thing
    • the availability of the thing
    • the integrity of the thing
    • and finally and perhaps most important given where we started exploring, is the Agency State of the Thing or  the capaciyt to "Know who controls it"
Me-thinks that putting the kin in things in the right order will be key to mankind "Attaining the right balance of Cyber Agency"(Future Blog), between the relevant five parties Persons, Things Governments, Enterprises, or Gaia

At present we are mass producing things that have no simple or standard capacity to identify themselves with others. Let's work quickly to first put the "kith and kin" in things.
We will need "Thing Kin Ecosystem"

I spoke of the problem to Michael Barrett of FIDO, he restated with the fervour of someone who fully understands the dangers of scope creep that FIDO is "JUST doing Authentication".  I truly commend him as without the Authentication component a Thing Kin Ecosystem will simply NOT be possible. But Authentication of what is still slightly unclear to me, happily I have another shot at finding out in two weeks.

I sat next to a VP of ARM the other day and posed this opportunity to him, I did a poor job hence this blog.

Wonder if this better gets the points across?  Comments?

Thursday, October 10, 2013

The Agency Balancing Act Part 2

Today Thursday 10th of October in a Times Leader column, David Arronovitch's spoke of an agency problem that may yet impact us all. he questioned whether the Guardian journalist Glenn Greenwald and his Brasilian boyfriend were indeed the best people to make decisions about who should be knowing what of the Edward Snowden leaked material. This after the Guardian Editor Alan Rusbridger had stated publically that there are some things that should, in the publics interest, not be known.

What rules should have been in place?  Who should have control?

I spent most of my life hearing about Double Agents and Triple Agents, so I recognize that developing rules that would manage this agency problem will be very difficult, if not intractable; for it is the ultimate agency problem "Right minded to whom?"

The obvious rule, to me, is that no single human agent ever needs the simultaneous right to transfer thousands or millions of files outside the control of a trust ecosystem.

Finally, I suspect that the most important rules of all are the transparency and oversight rules. In the past we have relied on journalists to instantiate these unwritten rules, and be our guardians, current discussions about newspaper oversight have shown the difficulty of appointing guardians.

After all, this is not a new problem...

Quis custodiet ipsos custodes? (Who will watch the watchers?)

With due deference to Plato it seems to me that we have allowed our political and educational systems to degenerate and we are creating more politicians and guardians of brass and iron, than of silver or gold. I reminded being taken to room in the centre of our government in which there sat a throne, the Queens robing room.  Merlin, the Earl of Errol pointed up towards the ceiling at a series of different frescoes that reminded him of his role in Parliament. According to the Houses of Parliament website the:
"... paintings by William Dyce in the room depict the chivalric virtues of hospitality, generosity, mercy, religion and courtesy, as represented through scenes from the legend of King Arthur and his court. Two other frescoes, illustrating fidelity and courage were originally intended but were never carried out."
We sorely need those other two uncompleted frescoes of Fidelity and Courage! Having politicians with the courage to be faithfull to the chivalric virtues of the frescoes would be of great benefit to our society. Many of our governments recent decisions seem devoid of any of them!

This at a time when our control over our lives can so readily and invisibly be taken from our grasp.

I think that we have first to recognize and name the problem of societal imbalance exacerbated by the internet, I call it the "Cyber Agency Problem"  Worse there are too many mechanisms for invisibly losing control to innumerate. (I am not worried, as much, about mechanisms that create loss of control which is immediately evident.)

At this time in our history, perhaps more than ever, we truly need our Politicians and Guardians to be fashioned from Gold. We need them to be right minded, in order to protect those amongst us who are right minded, from those driven purely by greed and self interest.

Perhaps for those who have read the short story "Farewell to the Guardian"( , there maybe a different element to better fashion guardians from....

This evening I am on a panel at the Science Museum exploring this very issue...

Agency a definition:

Given Agency is defined by sociologists as the 
"capacity of individuals to act independently and to make their own free choices."

Our innate desire for human agency is the driving force that differentiates us from animals, the desire to be in control of the facts, to be in control of our environments, to be in control of technology, to be in control of our lives and loves.

Cyber Agency is thus the capacity to be in control of our cyber or Internet selves.