Re: [SystemSafety] Fwd: Re: power plant user interfaces

From: Les Chambers < >
Date: Thu, 16 Jul 2015 10:01:52 +1000

I find this conversation remarkable. I've always thought that this list is an ongoing psychology experiment. We have an interesting cross-section of opinion, all of which is understandably driven by the background of the authors. We are what we know, we all have our special brand of hammer and we all look for our familiar nails.
Some of the responses below reveal a disagreement on what a metaphor is. I like the poet Robert Frost's definition (well summarised by Steve): explaining this in terms of that where this is new and that is familiar. Frost offered this in a speech he made circa 1934 and it has gained a substantial currency in the literature.

I would put it to the unbelievers that a user interface IS a metaphor. It is not a question of finding or not finding a metaphor for a particular system. When you create a HMI you create a metaphor. The question then becomes: is it a good one or a bad one. If it's a bad one you're building an unsafe system. For example, the concept Steve described of having actual state and required state indicators for a control valve, is a thing we call I/O pairs in chemical processing. It is part of the DNA of the control systems designer.

My comments on some of the responses:

>Very much agree, Steve, it’s not possible to find a metaphor for every
Disagree: if you can't find a good metaphor don't deploy the system, you could be creating a hazard.

>The whole point of a metaphor is to take something that the person is
already familiar with--
>like how a railroad switching yard works--and use that to help them
understand something they don't know about-  see above

>A good case can be made that formal logic is as metaphorical as it gets.
Agree: as long as the output of the logic provides status information that is understandable by an operator. I note that in writing complex state transition logic we often purposely did not use logic simplification techniques. Instead we opted for something that could be read and understood by someone other than the author of the code. If this meant wordy code so be it.

>; metaphors are not often used unless they have become the norm as there
> obvious risks involved in using novel solutions.
Disagree: try explaining any concept without using a metaphor. Human beings do this naturally. You can't avoid it just as you can't avoid the fact that HMI is a metaphor and seeking out better metaphors is the key to better design.
The comment '... risks involved in using novel solutions' smacks of the old kernel: 'what has not been done before should not be done'.

>There is a fair amount of math and logic involved. No metaphors.
>Key to good HMI is rigorous formal analysis. There are other key processes.
Disagree: I have faith that, if the author of this comment spent substantial time working with operators in a control room, living with the system he designed and deployed, he would not have this opinion. 40 years ago when I walked out of university with a shiny new electrical engineering degree I would have totally agreed with him. It took plant operators all of six months to beat that opinion out of me.
Five years later I found myself in a control room on an island in the Hong Kong archipelago, in an engineering sense, very much alone and responsible for a critical system (the plant was very close, on the other side of a six inch thick concrete blast wall). English was the operators' second language. Maths and logic were hygiene factors, necessary but not sufficient for safe operation. The operators were having a problem remembering the name of a particularly important control utility that ramped the reactor temperatures as the feed rate changed. I changed its name to SEX. They never forgot it.

Metaphors rule!


-----Original Message-----
From: systemsafety-bounces_at_xxxxxx [mailto:systemsafety-bounces_at_xxxxxx Smith, Brian E. (ARC-TH)
Sent: Thursday, July 16, 2015 2:51 AM
To: Steve Tockey; Peter Bernard Ladkin; The System Safety List Subject: Re: [SystemSafety] Fwd: Re: power plant user interfaces

Very much agree, Steve, it’s not possible to find a metaphor for every system.

The point I was trying make is that in, say the flight deck of an airplane, certain things like how the horizon moves in an ADI and how the landing gear lever is designed (some with little wheels on the end to remind pilots what system the lever controls without having to look) and how it moves positionally - up or down - serve as an intuitive HMI metaphors for the real world outside or the associated airborne system.

See: Why the wheel on landing gear levers?

I would argue that arrows and altitude/airspeed speed tapes on cockpit PFDs are possibly at the same level as the landing-gear lever design.

Metaphors can exist at multiple levels. At each level, they should as you say, create a situation where people don't even realize a difference.

Clear as mud?


On 7/15/15, 9:23 AM, "Steve Tockey" <Steve.Tockey_at_xxxxxx

>The whole point of a metaphor is to take something that the person is
>already familiar with--like how a railroad switching yard works--and use
>that to help them understand something they don't know about--like how a
>network router works. In fact, network routers and railroad switching
>yards are entire different under the covers, but it's much easier for the
>person to understand routers in terms of switching yards.
>Effective HMI metaphors would be unlikely to be at the level of arrows,
>needles, etc. The metaphor should be at a much higher level.'s
>"shopping cart" metaphor is a perfect example of proper use of a metaphor
>in UI. There's no such thing as a shopping cart in the client-server code
>running when you shop at But you're already familiar with
>them, so it helps you deal with using the system: add to cart, remove from
>cart, proceed to check out, … It's such an effective metaphor that most
>people don't even realize a difference.
>Note, however, the shopping cart metaphor would be entirely useless for a
>user who was only familiar with the "bazaar" style of shopping: go to one
>vendor for this, another vendor for that, haggle over prices, …
>When there is an effective metaphor, it can be amazingly effective. It's
>just not always possible to find such a metaphor for every system.
>-- steve
>-----Original Message-----
>From: <systemsafety-bounces_at_xxxxxx >"Smith, Brian E. (ARC-TH)" <brian.e.smith_at_xxxxxx >Date: Wednesday, July 15, 2015 8:19 AM
>To: Peter Bernard Ladkin <ladkin_at_xxxxxx >List <systemsafety_at_xxxxxx >Subject: Re: [SystemSafety] Fwd: Re: power plant user interfaces
>It seems to me that HMI "metaphors" can take the form of arrows, needles,
>and/or moving tapes pointing in an intuitive directions (that one might
>expect in other real-world situations) and auditory cues that come from
>the right direction. Also the order in which information is provided to
>the operator can ³metaphorically² represent the operatorıs cognitive model
>of how pipes are arranged or valves are located in a processing plant for
>Brian Smith
>On 7/14/15, 10:20 PM, "Peter Bernard Ladkin" <ladkin_at_xxxxxx >wrote:
>>Hash: SHA256
>>On 2015-07-15 03:12 , Les Chambers wrote:
>>> So my point is: the key to a good HMI is excellent metaphor design.
>>That does not fit in any way what I and colleagues have done or have been
>>doing in HMI for the
>>last couple of decades (and for some of them longer). There is a fair
>>amount of math and logic
>>involved. No metaphors.
>>Key to good HMI is rigorous formal analysis. There are other key
>>Prof. Peter Bernard Ladkin, Faculty of Technology, University of
>>Bielefeld, 33594 Bielefeld, Germany
>>Je suis Charlie
>>Tel+msg +49 (0)521 880 7319
>>The System Safety Mailing List
>>systemsafety_at_xxxxxx >
>The System Safety Mailing List
>systemsafety_at_xxxxxx >

The System Safety Mailing List

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Thu Jul 16 2015 - 02:02:20 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:07 CEST