Archive for May 2007

It’s not what the software does, it’s what the user does.

May 30, 2007

hugh macleod at Gaping Void does these great little cartoons, “drawn on the back of business cards.”   First, that’s a cool idea.  It’s a great size, and it lets you express just one idea in a little tiny format with which people are familiar.

This cartoon in particular says something very insightful, both about PowerPoint and about software in general.  I agree with the sentiment, though I have a quibble.

The problem Tufte and others point out is not that PowerPoint is abused, it is that the particular cognitive style of PowerPoint encourages lazy thinking, and poor communication.

When we’re building software, in my view, we should be concerned about the correctness of algorithms, using appropriate design patterns, and building designs that are sustainable and maintainable.  It is also essential that we build systems that users readily understand, and that encourage users to build correct results.

Because technology matters, but people matter most.



Single signon, but not what you wanted.

May 30, 2007

I previously discussed user-level security. This morning, I ran across this story about system administrators, and how they manage security.

It seems that system administrators are pretty careless with root-level security, and that the key to getting root may be finding the right Post-It notes. I keep the root passwords for all my systems (and a few passphrases for rarely-used encrypted volumes) on paper, but the paper is in my home safe. In fairness, I should add that they are in the safe not for security reasons, but to protect against fire.

I believe that the Institute uses a single password for all the Windows systems admin accounts. (Because I’ve seen sysadmin’s go looking for the password, which at least does get changed occasionally.) I’ll let you google methods for recovering passwords from a laptop you’ve managed to capture, and point out what this means: Once you have admin access to one Institute Windows system, you have them all. I don’t know for sure that the Macs use the same scheme, but I bet they do. I’ll be they have (one) different password, though.

Carl and I touched on this in a discussion yesterday: We rather doubt that the Institute has a current, accurate list of the computing assets we own, and that we permit to have access to our domain. In addition to being a problem from the standpoint of property management and effective use of resources, this is also a security problem.

Addressing this requires devoting time and attention, and people to work on it, all of which are in somewhat short supply right now. Hopefully it won’t take an actual catastrophe to up the priority.


500 Year of Women in Art

May 25, 2007

I stumbled across this little movie today.  I wish it had a timeline,  because I only recognize some of the work, but it is a lovely piece.


Notes from the All-Hands with SMD Director Stern.

May 16, 2007

So, here are my usual almost stream-of-consciousness notes from today’s All-Hands meeting. There was about ten minutes of introduction and presentation, followed by an extended Q&A.

The Director introduced Alan Stern. Dr. Alan Stern is the new Associate Administrator of the Science Mission Directorate. He has been in that new role for about six weeks. He and his staff know there are problems in SMD, but are not yet entirely sure what to do yet. They are here today, at the home of a major SMD mission, in data collection mode.

Dr. Stern made some opening remarks about SMD and his experience so far since he was asked by (NASA Administrator) Mike Griffin to take on this role. He knows there are problems, and he can’t get things fixed in six or sixteen weeks, but will get them fixed in 60 weeks. He introduced the head of Astrophysics Division, the senior advisor for Research and Analysis (R&A), and the deputy chief scientist for Space Science.

Dr. Stern said that he believes we need higher mission flight rates.   He thinks the current R&A process is broken. The first word in SMD is Science.  Rather than do 1.5 MIDEX missions two years from now, he wants to do three SMEX in January ’09.  His focus is on science, and getting a balance in science missions between the big observatories.


Ian Jordan: Regarding the NASA Institute for Advanced Concepts:  This year the funding was zeroed.  Can SMD reverse that?

NASA lives on the budget it has. Demands on programs got worse because we’re on a Continuing Resolution rather than the President’s budget request. If we restored NAIC it would come out of SMD funding.  But we will look at it.

Q: Who pays for developing infrastructure for future mission? SMD shouldn’t have to develop all the infrastructure.  (Not clear to me which infrastructure the questioner was asking about.)

A: SMD’s focus is on advancing the priorities of the four decadal surveys.  We doesn’t pay for rocket engines.  SMD does pay for instrumentation, but might share some of that cost with other Divisions.  SMD does pay for some optics R&D, and for prototypes, etc that might support missions.  SMD may want to put some funding interfaces between launchers and applications, for example. They are still trying to find the balance between future missions and stuff currently in the roadmap.

Followup: Can SMD apply influence on the design of launchers, etc, that would enable or reduce the cost of doing future missions?

A: The are having those discussions, including with Exploration directorate.  The discussions go beyond “hallway conversations.”  Stern noted that Aries 5 could launch JWST-sized mission as a monolithic mirror.

Andy Fruchter: The current SMEX call for proposals specified that PIs be previous PIs/deputies. Isn’t that a bad idea, both in terms of new ideas and new people?

A: The goal of that restriction is to control cost.   The main problem in SMD budgets is increasing costs as missions overrun their budget targets.  If you extrapolate his first six weeks of budget overruns, SMD missions are over by a billion dollars a year, which is not sustainable.   We have to get control of mission costs or there is no future for science missions.   Leading a half-billion dollar mission is not an entry level position.  People need to get some experience before they lead a space mission, but they can get that experience on balloons or sounding rockets.    We also need to apply the same discipline to center-led missions.

Q: What’s the highest priority for R&A?

A: Get the money out faster.  Triage notifications, looking for financial bottlenecks, trying to fix the funding process.  May increase the length of grants, do similar things to reduce grant-writing and let people focus on science. (The Triage discussion was interesting: After the first review about 85% of proposals are clearly going forward, or are clearly not going forward.  Only 15% need more evaluation or review.  So 85% of proposers can get the notification that they either are or are not getting funded, so they can make hiring decisions, move on other proposals, etc.)

Q: What are the chances of starting up a big mission in the next few years if there’s a good science case?

A: Low.  We have a flagship mission (JWST) and the next decadal survey priority is Con-X, and some technology development. We can ask “what comes after Con-X” but from a budget standpoint, there is no room to do anything before those two missions are flying.  SMD will focus on getting SMEX and MIDEX advanced so that there is balance between large and small missions.

Q: What about SM-4?

A: We’re going to fly SM-4. SM-4 has some special risks, but Griffin is willing to accept the risk.  Issues are still being worked: ACS repair puts a lot of load on the mission.  The main focus of the mission has to be restoring the observatory (gyros, batteries, NOBL) and install two new instruments.  If that means neither ACS or STIS can be repaired, that’s preferable to having both repaired, but not getting the best possible situation for the observatory.

Any slip in shuttle launches costs astrophysics division 11 million dollars a month.  SM-4 is a big load on the shuttle system, because it delays Kibo and ties up an extra shuttle for a possible rescue mission.  SMD has been thinking about ways to coordinate with or support the Shuttle program.   For example, one reason for using a Shuttle on its last flight is that it avoids having to do the processing to put the space station airlock back in after the flight.   But if the cost of doing that airlock changeout is $20 million and it gets SM-4 a launch two months earlier, why not pay for it with SMD money?  There were some other examples as well.  Stern is very concerned about delays that might cause problems with the observatory:  The longer we wait, the more chance there is of a battery or gyro or other observatory problem.

Massimo Roberto: Is SMD thinking about conserving their budget  by collaboration with international partners?

A: We’ll talk to any country or space agency that doesn’t shoot down satellites. We’ll try a lot of ideas. Rather than duplicate missions, share capabilities and share science teams.  If we can do an outer-solar-system mission the Europeans don’t have the capability to execute, could we let the Europeans lead on a mission they can execute, and share science teams?

Q: ITAR is a burden. Is there any hope?

A: ITAR is a problem. We can’t change it, we need to think around it. We might do things like coordinate mission queues.  Again, we might share science teams, rather than share boxes that cause import issues.

Q (Matt): What can we do to help?

A: You do a lot of things well. We like your GO program. (TAC, grants, etc). Get SM-4 done. Get JWST flying and doing good science. Encourage people to collaborate rather than compete for resources. MAST, and the work on VO.

Focus on continued good work, and continued science leadership.

If you attended, please do comment or drop me a line if I missed or misunderstood something.


Security’s weak link: Us.

May 15, 2007

This week in Wired there is an article on the real problem with security: People. Even if you tell people you’re going to infect their system, they’ll go download it. The original article goes into more detail about the process, and the results.

This is not a new problem. A substantial percentage of the clueless will give you their password in exchange for candy or a pen. Kevin Mitnick, in this month’s Playboy, describes getting passwords to secure phone company sites just by being nice.

I guess I’m amused.


YAPPiE* blog entry

May 4, 2007

That’s “Yet Another PowerPoint is Evil.” You’d think people would know better by now.

I don’t like PowerPoint.  I like Keynote slightly better, because it’s easier to drop in and manipulate pictures.  I use slideware for one of three reasons:

  1. I’m rushed.
  2. I’m tired, or just lazy.
  3. One of my many bosses wants a presentation.

Heidi Miller did a very good summary of the right way (or perhaps the least-wrong way) to use PowerPoint, if you must. She also pointed me to a posting by Chris Brogan that, if followed, would make me feel 80% better.

When I was getting my MS we did many team presentations. The best one we ever gave, for a Project Management class, and the one that got the highest score, had slides with very few words. In my section, the slides had no words. We had an org chart, we had pictures of what we were building, we had logos of all the partners, and we had video loop of three asteroids in a star field. We also had a very large (100x120cm, I think) foam-board-backed poster of the master project schedule Gantt chart set up on an easel. You couldn’t read anything, but you could clearly see the calendar, task bars and milestones, and we talked to that chart in every part of the presentation. The effort we put into preparing that one poster forced us to know our project cold, and be completely prepared for delivering the presentation.

Chris and Heidi focused on how mind-numbing PowerPoint can be, particularly when people read bullets. When I practiced with my classmates, I would start out softly saying “Don’t read the slide.” Sometimes that was enough, sometimes we would end a practice session with me making air-horn sounds from the back of the room and yelling “Don’t read the slide!”

That was in May of 2002. I had seen Edward Tufte’s course on visualizing information at least a year earlier, in which he talked for about five hours without a single slide. In fact, he spent 20 minutes or so railing against slideware, using the hand-drawn slides from the Challenger loss as the organizing event.  I carried Visual Explanations to class, trying to convince my classmates that we could and should do better.

Challenger, Tufte argued, was in part the result of a failure to organize and present crucial engineering information, information that cannot be distilled to slides.  The cognitive style of PowerPoint was going to get people killed.

Columbia’s loss eight months later was traced in part to an engineering culture that failed to communicate, in part because slideware does not preserve critical information required to make good engineering decisions. PowerPoint is fine for summaries, but the details behind the presentation also have to be complete and well-organized. We write requirements documents and IRCDs to make clear what we’re building, and summarize them in PowerPoint presentations. If we are ever reduced to doing just the PowerPoint, Rodger and Peter and Marc and Matt should make us start over.

Decision by Presentation is sales, not engineering. Everybody who says anything of any importance in presentations should first read The Cognitive Style of Powerpoint. (I’ll buy one for you, but you have to buy me a Mocha and a scone at Starbucks when you’ve read it, so we can discuss it. 🙂 )

Tufte also argued that PowerPoint is what you use when you want to hide information, or want to hide the fact that you don’t have information. Salescritters do this all the time: You put up an MTBF for a disk array, and because the chart is small you don’t have to unpack the numbers, explain how they are measured, describe the failure distribution curve, or talk about why the real numbers are so crappy. Asking questions about a bullet on a slide is likely to lead to lots of handwaving and prevaricating.

When I do talks for Teela’s class or other kids on Hubble, I use lots of pictures. I use quotes sometimes, and talk about what the quote means to me. I like talks that have diagrams, like the great talk that Mike Swam gave at NOAA on OPUS: Lots of diagrams of how OPUS components interact, very few bullets spent any time on the screen.

If you catch me doing PowerPoint, ask me for the writeup that goes with it. Unless I’m rushed or tired, I probably have copies with me, and I’ll email you the PDF if I don’t.  If I don’t have the writeup that goes with the PowerPoint, you should be suspicious.  It may be that I was busy, and simply haven’t organized it in a way that meets my self-imposed standards.  I’ll be happy to send the writeup when I’m done.

But it may be that I was tired, or lazy, and my conclusions should not be trusted. If you call me on it, I’ll tell you which, and let you judge for yourself.


Does JavaOne Connect work?

May 3, 2007

Here’s an experiment:

Join Me at the 2007 JavaOne Conference Event Connect Tool!

They need a category “Java One Noob” for people like me.