Thursday, 19 July 2012

Is 'autonomy' a helpful aim for 'unmanned' platforms?

Building 'autonomous' platforms sounds exciting as an engineering challenge. This post suggests that the concept may be sufficiently flawed that it takes well-intentioned technical effort down a blind alley, and that a somewhat less-exciting conceptual framework may end up supporting greater technical advance.

Chapter 3 of Vincenti's classic book "What Engineers Know and How They Know It" is on Flying-Quality Specifications. The concepts of stability and control had to be re-thought. Essentially stability had been seen as a property of the aircraft on its own. This concept had to change to provide the pilot with adequate control. Flying qualities emerged as a concept that related to the aircraft-pilot system. I would give a better description, but someone hasn't returned my copy of the book. Changing the underlying concepts took a good decade of experimentation and pilot-designer interaction. My concern is that 'autonomy' as currently defined will hold back progress in the way that 'stability' did in the 1920's.  The 2010 version of CAP722 (Unmanned Aircraft System Operations in UK Airspace – Guidance) is used as the reference on current thinking on 'autonomy'.

The advantage we have for 'autonomy' over stability in the 1920's is that there is a good body of work on human-automation interaction, supervisory control etc.going back sixty years that can be used. There is well-established work that can elaborate human-automation interaction beyond a simple 'autonomous' label, or a 'semi-autonomous' label (reminders of 'slightly pregnant' as a concept). For example,
  • Tom Sheridan defined five generic supervisory of functions planning, teaching (or programming the computer), monitoring, intervening and learning. These functions operate within three nested control loops.
  • The Bonner-Taylor PACT framework  for pilot authorisation  and control of tasks can be used to describe operation in various modes.
  • Work by John Reising , Terry Emerson and others developed design principles and approaches to Human-Electronic teamwork, using, inter alia, Asimov's Laws of Robotics.
  • Recent work by Anderson et al on a constraint-based approach to UGV semi-autonomous control.
CAP722 (3.6.1) requires an overseeing autonomous management system. This has echoes of the 'executive' function at the heart of the Pilot's Associate programme. It is my recollection that the name and function of the executive kept changing, and perhaps proved too difficult to implement. A more feasible solution would be a number of agents assisting the human operator. It is not obvious why CAA guidance precludes such an option.

CAP722 (3.5.1) states: 'The autonomy concept encompasses systems ranging in capability from those that can operate without human control or direct oversight (“fully autonomous”), through “semi-autonomous” systems that are subordinate to a certain level of human authority, to systems that simply provide timely advice and leave the human to make all the decisions and execute the appropriate actions'. 'Full Autonomy' is thus a self-defining no control zone (Grote). As a pre-requisite for such a zone, the transfer of responsibility from the operator at the sharp end to the relevant authority (e.g. the Design Authority, the Type Certificate Holder, the IPT Leader) needs to be clearly signalled to all concerned. The 2010 version of CAP 722 seems to leave responsibility at the sharp end, and the inevitable accusations of 'operator error' when things go wrong.

I  leave the last words to Adm. Rickover:
"Responsibility is a unique concept: It can only reside and inhere in a single individual.  You may share it with others but your portion is not diminished.  You may delegate it but it is still with you.  Even if you do not recognise it or admit its presence, you cannot escape it.  If responsibility is rightfully yours, no evasion, or ignorance, or passing the blame can shift the burden to someone else.  Unless you can point your finger at the man responsible when something goes wrong then you never had anyone really responsible."

Update: Project ORCHID seems to have the right approach, talking about degree of autonomy required for tasks, and providing digital assistants. Also, please note the agent based approach.

Update: It's nice to be ahead of Dangerroom. "The Pentagon doesn't trust its own robots". Problems of autonomy!

Cognitive anti-patterns - more inputs

Don Norman's book “Things that make us smart” has Grudin’s Law: When those who benefit are not those who do the work, then the technology is likely to fail, or at least be subverted.
Amalberti's human error self-fulfilling prophecy: by regarding the human as a risk factor and delegating all safety-critical functions to technology as  the presumed safety factor, the human is actually turned into  a risk factor.
Gary Klein, Dave Snowden and Chew Lock Pin have listed 'useless advice' regarding anticipatory thinking. 'Useless advice' is pretty spot-on for anti-patterns. The useless advice is :
  • Gather more data.
  • Use information technology to help analyze the data.
  • Reduce judgment biases.
  • Encourage people to keep an open mind.
  • Appoint “devil’s advocates” to challenge thinking.
  • Encourage vigilance.
The 'devil's advocate' refers to a specific challenging role, rather than an independent overview role.  'Encouraging vigilance' is about vigilance not being a substitute for expertise, as opposed to mindfulness training.

Robert Hoffman provides some laws about Complex and Cognitive Systems (CACS). The laws are not quite patterns/anti-patterns, but look capable of being worked into that framework. Woods and Hollnagel have developed them into patterns for Joint Cognitive Systems. A number of the laws relate to 'integration work'. The following seem relevant:
The Penny Foolish Law: Any focus on short-term cost considerations always comes with a hefty price down the road, that weighs much more heavily on the
shoulders of the users than on the shoulders of project managers.
The Cognitive Vacuum Law: When working as a part of a CACS, people will perceive patterns and derive understandings and explanations, and these are not
necessarily either veridical or faithful to the intentions of the designers.  [bsj i.e. design intent needs to be explicit.]
Mr. Weasley’s Law: Humans should be supported in rapidly achieving a veridical and useful understanding of the “intent” and “stance” of the machines. Mr. Weasley states in the Harry Potter series, “Never trust anything that can think for itself if you can’t see where it keeps its brain.”
The Law of Stretched Systems: CACSs are always stretched to their limits of performance and adaptability. Interventions will always increase the tempo
and intensity of activity.
Rasmussen’s Law: In cognitive work within a CACS, people do not conduct tasks, they engage in context-sensitive, knowledge-driven choice among action
sequence alternatives. [bsj This links to Amalberti's 'ecological risk management'.]
Dilbert's Law: A human will not cooperate, or will not cooperate well with another agent if it is assumed that the other agent is not competent. 
Law of Coordinative Entropy: Coordination costs, continuously. The success of new technology depends on how the design affects the ability to manage the costs of coordinating activity and maintaining or repairing common ground.
Law of Systems as Surrogates: Technology refl ects the stances, agendas, and goals of those who design and deploy the technology. Designs, in turn, refl ect the models and assumptions of distant parties about the actual diffi culties in real operations. For this reason, design intent is usually far removed from the actual conditions in which technology is used, leading to costly gaps between these models of work and the “real work.”
The Law of the Kludge: Work systems always require workarounds, with resultant kludges that attempt to bridge the gap between the original design objectives and current realities or to reconcile conflicting goals among workers.
The Law of Fluency: Well-adapted cognitive work occurs with a facility that belies the difficulty of resolving demands and balancing dilemmas. The adaptation process hides the factors and constraints that are being adapted to or around.   Uncovering the constraints that fluent performance solves, and therefore seeing the limits of or threats to fluency, requires a contrast across perspectives.

Ned Hickling has challenged the universality of 'strong, silent automation is bad' i.e.  Mr Weasley's Law does not apply all the time. Disagreeing with Ned is fine. Just one problem. It means you are wrong. A proper response will appear, but after some thoughts on 'autonomy'.
The answer is likely to make use of Grote's thinking on zones of no control, whereby it is recognized that there are areas of automation where the operator has no effective control (cf. Ironies of Automation). For these zones, the operator is not held accountable, and accountability is assigned to the design authority, the operating organization or other agencies as appropriate.

"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so." -- Mark Twain

Friday, 13 July 2012

Internet of Things - Use Cases (not)

Some use cases for consideration by the Internet of Things (IoT) community

Monday, 9 July 2012


Evolutionary managerialism - our current situation as a development of past bad habits

The wikipedia entry for managerialism is pretty good. It cites a definition by Robert R Locke.
"What occurs when a special group, called management, ensconces itself systemically in an organization and deprives owners and employees of their decision-making power (including the distribution of emolument), and justifies that takeover on the grounds of the managing group's education and exclusive possession of the codified bodies of knowledge and know-how necessary to the efficient running of the organization."
Locke's principal writing on the topic seems to be here, as 'Managerialism and the Demise of the Big Three' (pdf), and the book 'Confronting Managerialism'. The Big Three are the US automobile makers, and their demise is seen as being brought about by the Japanese management approach. Locke lays blame at the door of of neoclassical economics and  business school teaching.

This view of managerialism has strong precursors. Pfeffer and Sutton have pointed out the problems of US MBAs, what and how they teach. Mintzberg's  'Strategy Safari' has an account of the demise of the British motorcycle industry and Honda's success, including this quote from Hopwood:
"In the early 1960s the Chief Executive of a world famous group of management consultants tried hard to convince me that it is ideal that top level management executives should have as little knowledge as possible relative to the product. This great man really believed that this qualification enabled them to deal efficiently with all business matters in a detached and uninhibited way."
This ideal sounds like a job description of a UK generalist civil servant - still not dead 44 years after Fulton. Rory Stewart has written about managerialism in a number of public organizations e.g.  here and here.

A proper 21st Century dystopian view of managerialism as an entity in itself

Bruce Sterling has given a good description of a dystopian future as  'favela chic', a talk beautifully visualised here.  The connections between science fiction dystopia and collapsonomics are all too realistic for comfort.

The full horrors of managerialism as embodied in current global corporate capitalism have been captured in contemporary language by Rao, as 'The Gervais Principle', which starts with one of my favourite Hugh McLeod cartoons. The life cycle diagram seems to map well onto the more traditional life cycle at Adizes.

Rao's Guerilla Guide to Social Business is also available for download and is bang on the money. It includes a wonderful take on KM.

Managerialism and safety management

Managerialism appears to have penetrated safety management. One consequence is a concentration on hazards that are easily managed, at the expense of systemic hazards that require a resilient, learning, sensemaking approach. The sensemaking approach is set out in the 'The Learning School' in Mintzberg, or Weick and Sutcliffe (this link takes you to a great resource on High Reliability Organizations) and their book.

Managerialism in a safety context has been parodied all too accurately  by The Daily Mash here.

In a safety management context, managerialism looks deceptively innocent. The diagrams below look fine at first sight. Everything is organized. That is the problem. Being organized is vital, but it is not enough. Where, on these diagrams, can we find crew input, sensemaking, informal learning, trying things out? Not in 'the system'. This is the most difficult challenge facing the move to resilience.

Wednesday, 4 July 2012

Cognitive Anti-Patterns 1

Something went wrong with the previous post in Blogger so a slightly revised version published here.
Anti-patterns are discussed here and here. Jim Coplien states: "an anti-pattern is something that looks like a good idea, but which backfires badly when applied".  SEI has published a document (pdf) with system archetypes - using archetypes to beat the odds. These archetypes (which have origins in ITIL) are very similar to anti-patterns. They are also nicely set out here.

The early recognition and countering of anti-patterns is an extremely valuable skill that is rarely taught, and is probably not very hard to acquire. I suspect that it is not taught often is because it sees what might pretentiously be called knowledge work as a craft or skill. On the contrary, this sort of diagnostic skill is at the heart of expertise. It all appears very negative, unfortunately, but this is the case with all risk management. Are there opportunities to complement these risks? Possibly. Not the subject of this post though. The list looks like it has a real down on automation. This in no way puts it near Marcuse' 'One Dimensional Man' or the Unabomber Manifesto. It is just a reflection of the prevalence of technology-push in our current society.

This post does not (yet) have well formulated anti-patterns, just some starting points and first drafts.

Starting points

Gary Klein offered three great 'unintelligent system anti-patterns' in this document (pdf).
  • The Man behind the Curtain (from the Wizard of Oz). Information technology usually doesn’t let people see how it reasons; it’s not understandable. The alternative is to design a 'human window' (Donald Michie).
  • Hide-and-Seek. On the belief that decision-aids must transform data into information and information into knowledge, data are actually hidden from the decision maker. The negative consequence of this antipattern is that decision makers can’t use their expertise.
  • The Mind Is a Muscle. In the attempt to acknowledge human factors in the procurement process, some guidelines end up actually working against human-centering considerations: “Design efforts shall minimize or eliminate system characteristics that require excessive cognitive, physical, or sensory skills.”
Sue E. Berryman's Cognitive Apprenticeship Model  proposed Five Assumptions About Learning - All Wrong:
1. That people predictably transfer learning from one situation to another.
2. That learners are passive receivers of wisdom - vessels into which knowledge is poured.
3. That learning is the strengthening of bonds between stimuli and correct responses.
4. That learners are blank slates on which knowledge is inscribed.
5. That skills and knowledge, to be transferable to new situations, should be acquired independent of their contexts of use.

First drafts

People are just a source of error that needs to be minimised. The alternative is to recognize that people (also) 'make safety'.
Accidents are usually the result of human error. The alternative is to see human error as an outcome (rather than a 'cause'), a sign that something is wrong with the system (Sidney Dekker).
Safe systems are usually safe. The alternative is that safe systems usually run broken.
Cycle of error (Cook and Woods). After an incident, 'things need tightening up, lessons must be learned'. Organizational reactions to failure focus on human error. The reactions to failure are: blame & train, sanctions, new regulations, rules, and technology. These interventions increase complexity and introduce new forms of failure.
Providing feedback on operational performance can be bad for morale and is best not done.

Rationality/logic/MEU is the benchmark for human decision making. The alternative is "reasoning is not about truth but about convincing others when trust alone is not enough. Doing so may seem irrational, but it is in fact social intelligence at its best." Gerd Gigerenzer, or "Man is not a rational animal, he is a rationalizing animal".  Robert A Heinlein.
People are information processors, like computers. The alternative is to recognise the role of narrative, metaphore etc.
Cognitive biases are useful aids to people making decisions.
Human cognition is a higher mental function, and the lizard brain and emotions should not be involved.
People without emotional influence make better decisions.
Bull (Norman Dixon). Being clean and tidy is vital, whether it is polished brass, dress codes or tidy desks.

The important aspect of human decision making is the 'moment of choice' . Design and operational aspects should be focused on this. The alternatives include a narrative approach (Rao).

Automate what you can and leave the operator to do the rest (job design by left-overs). Supervisory control is a good model for job design. The human-centred automation alternative is to design a human-machine team to avoid cogminutia fragmentosa.
Automation reduces workload.
Automation improves performance.
Automation reduces staffing requirements.
Strong, silent automation is good (Dave Woods).
There are no UNK-UNK failure modes (Tom Sheridan), so we do not need to design or plan for them.

Regulations, rules and procedures will work as intended without reactive or cumulative effects. Technology improves safety. The alternative is to consider the reactive effects of their introduction, including risk compensation, and to remember that the people at the sharp end make continuing judgments balancing risk, profitability, workload (ETTO).

People will obey the rules in potentially high hazard systems just because they are there.

Procedures can be expected to cover all circumstances. Risk management can be comprehensive. Things will go according to the plan, so it is worth having a really detailed plan, and not investing in preparedness. The alternative is "In preparing for battle I have always found that plans are useless, but planning is indispensable" D D Eisenhower.

Providing unnecessary data 'just in case', whether it is a fourteen page checklist, a handful of alarm channels, or an overfilled tactical display. Planned information overload has adverse consequences (see operator error).
Chartjunk is a good basis for display design.  The flows through a system (the 'big picture') can be presented as disjointed bullet points (Tufte).

Work can be divided by procurement or organizational boundaries, leading to stovepipe sub-systems, and the crew doing the 'integration work'.

Training can fix design problems.

Tuesday, 3 July 2012

Standards and hard resilience

 Vinay Gupta has made the distinction between hard resilience (e.g. food, water, power, communications) and social resilience e.g. here.
The emphasis in writing about resilience is on flexibility and adaptability, whether it is about communities or resilience engineering, and standardisation does not seem to have much prominence.  Standardisation has always supported flexibility. Jim Ware has identified the importance of standardised touchdown zones for nomadic workers within an enterprise as an element in corporate agility. This type of work standardisation goes back to medieval monasteries, as documented by Jean Gimpel.

However, resilience goes beyond agility/flexibility. Having the right connectors for portable diesel generators may be a requirement that goes beyond day to day flexibility but which proves invaluable in an emergency.  Dealing with insurance claims after a fire on a big container ship might benefit from standards aimed at resilience. An inspiring story on these lines comes from post-earthquake Japan, entitled 'Beat the bureaucracy and overcome the disaster'. A large pdf on their experience can be downloaded from the site  (or here)

The company went to great lengths over four years to understand their real business, simplify processes, and remove silos. The benefits following the Great East Japan Earthquake included the ability to send 1,600 employees to Tohoku area as temporary staff, to deploy 800 new terminals in a week, and finally 1,800 terminals by May 13. They completed 87% of 160,000 claims by the end of May and completed 97.3% of 173,000 claims by the middle of September. They had an earthquake damage contact centre with 110 terminals set up by the day after the quake. These accomplishments could not have been made without a standard plug and play virtual desktop, no paperwork and cashless payment systems.

The contrast between resilience and control is made in one of their moonshots: Create a democracy of information
People at the front lines should be at least as well informed as those in the executive suite.”

"Most organizations control information in order to control people. Yet, increasingly, value is created where first-level employees meet customers — and the most value is created when those people have the information and the permission to do the right thing for customers at the right moment. Information transparency doesn’t just produce happy employees and happy customers, it’s a key ingredient in building resilience. Adaptability suffers when employees lack the freedom to act quickly and the data to act intelligently. The costs of information hoarding are quickly becoming untenable. Companies must build holographic information systems that give every employee a 3-D view of critical performance metrics and key priorities."

Providing assurance of safe and effective operation of unmanned platforms

The Association for Unmanned Vehicle Systems International (AUVSI)  has published an industry code of conduct for unmanned aircraft system operations. It is based on safety, professionalism, and respect. This is a significant document, given the wave of safety-related so-called unmanned systems coming our way. It is short (a good thing) with a reasonable set of principles.

A good many domains start with a set of principles as the basis for assurance or regulation. The hard bit comes with working out the detail. I am sure that the AUVSI does not propose to re-invent the safety management wheel, but a number of schemes that have been expensive to implement, do not seem to be getting too much of a good press these days, so it would pay them to consider the detailed working before committing too heavily to a form of implementation.

Links with other groups such as say the robotics community and its events might make sense.

From my own point of view, it would be a delight to see the unmanned platform community adopt process standards as a form of leadership (process ownership drives process improvement) and assurance. Relevant standards include ISO/IEC 15288, ISO TS 18152, ISO 15504 Part 10.

Monday, 2 July 2012

Internet of Things - Glass Half-Full

Temporal linkages between Internet of Things developments sparked some thoughts.

The European Data Protection Supervisor (EDPS) said (pdf) that, while smart meters were potentially useful for controlling energy use, they will also "enable massive collection of personal data which can track what members of a household do within the privacy of their own homes". Good to see, but  is it too little too late to prevent a) abuse or b) a backlash? Will the utilities become as popular as bankers? There isn't much of a gap now, I suspect.

A Pew report (pdf) on the future of smart homes includes this gem of realism:
"Most of the comments shared by survey participants were assertions that the Home of the Future will continue to be mostly a marketing mirage. The written responses were mostly negative and did not mirror the evenly split verdict when respondents made their scenario selection. Because the written elaborations are the meat of this research report and the vast majority of them poked holes in the ideal of smart systems being well-implemented by individuals in most connected homes by 2020, this report reflects the naysayers’ sense that there are difficult obstacles that are not likely to be overcome over the next few years."

You may have missed this website devoted to internet fridges. (Shame virtual fridge never took off - Alan Dix would have been much better than Mark Zuckerberg as the social media czar).

Samsung has launched a smartphone health app. Huge market for this sort of thing is developing. Next steps presumably include connecting to things (perhaps using the work at Glasgow University) and possibly some data-mining of healthcare providers ( or somesuch). Such a path would provide  market based 'empowered patient' model, with a user centred approach a business survival requirement. A user-led mashup tool such as is likely to figure large.

The People Centred Design Group has distilled its work into a set of recommendations for the Internet of Things SIG. Still quite thing-centred e.g. "As the thing passes through its lifecycle, define the end users’ experience... ", and still no mention of HCD standards.

The IoT showcase presentations illustrate the glass half-full situation. I guess that is where we are just now.

Sunday, 10 June 2012

Some Resilient Community links

  I had a great discussion about resilience on Thursday night at the GSA Degree Show preview. Rather than send links by email, I'm posting them here with a brief commentary. The links are not intended to be comprehensive or even representative. My major concern is that good intentions about Resilient Communities (RC) will do what good intentions always do. With severe consequences. The 1970's movements of alternative technology and appropriate technology had good intentions but (so far as I can see) little impact in practice; forty years on, people are still designing fuel-efficient stoves for Africa.

Scottish activity of interest

As regards 'mainstream' resilience activity, there is Transition Scotland. Permaculture Scotland is of course relevant, but not the whole answer. The aquaponics team at Stirling has the potential to be useful.

The Unreasonable Leaners Network is of considerable personal interest, and I'm hoping to give it the time it deserves.

IFF  seems to be up to the right sort of things. Their book has some clear thinking and practical approaches (plus some politically correct nonsense about climate).

UK activity

There is work on the difficult question of setting up appropriate organizational structures. This is vital for any sort of scaleability, and is a very long lead item. This post  at Res Publica  addresses the vital topic of  legislation for co-ops, mutuals etc. The B4RN lot seem to have done the tedious homework of setting up an organization for community broadband. John Popham seems tied in to this area somehow.

Wider activity of interest

Rob Paterson has a lot to offer. In the first place, he has a compelling personal narrative that is driving him to change. He is contributing to local RC development, and is curating a great health resource. In the background is a great deal of hard systems thinking.

The Resilience Thinking book provides a level of hard analytical thought that we need much more of. The resilience alliance is here. Useful video intro here at Mark Robinson's site. Mark Robinson has a publication (pdf) combining the arts and resilience.

John Robb seems to have moved from plotting the coming war to helping create the peace. Nonetheless, his book is axiomatic to thinking about the future (along with Globalistan), and Global Guerillas has lost none of its relevance, alas. He is building two great resources; the RC site, and Miiu. He seems to have links with Open Source Ecology. His two backgrounds come together for resources such as darknet.

The info activists of tactical tech have resources that could be put to widespread use.

Club Orlov is based on a clear model of societal collapse but tries to be absolutely positive. In terms of legal infrastructure, it is linked with Seasteading. It recognizes the need for some sort of spiritual dimension.
Michel Bauwens and the P2P foundation has the potential to be a very powerful resource.
Falkvinge and the pirates are relevant in a number of ways, including their thoughts on swarming.
Paradigms for Progress seems to be on the right lines as well.

Wendy Brown is apocalyptic in title, but less so in tone. The survivalist movement seems active in the USA but either non-existent or completely stealth in the UK.

John Thackara is fundamental, of course. Wider economic material of relevance  includes Gregor MacDonaldUmair Haque, Eric Beinhocker(pdf), Steve Keen etc..

My own posting on the topic includes posts on the  long lead item of encouraging, supporting, spreading competence development. The IFF book has a nice slogan; "Ready for Anything without planning for everything" (whilst also discussing synchronous failure). My take on various approaches to readiness is here. I am unconvinced of the difference between localism = good and protectionism = bad. I did risk making a forecast, as much to test my own reasoning, as to broadcast it.


The Simplicity Institute is worth a good look.

Monday, 28 May 2012

Normal service is being restored

If you had expected to hear from me, or had expected me to be doing something for you, this note is for you. It is a lessons learned note on some recent developments.
A year ago my parents were a resilient system contributing to the family and community. Now they are gone. My sister devoted the last year to their care - a year well-spent. I helped as best I could, with regular trips to Prescot. Work matters took a back seat. In addition, a good deal of work has been done on the house, with all the chaos that tradesmen bring with them.
There was a bit of a low point on my birthday, the last Sunday in April. My main task was to drive to Prescot for my mother's burial. As I started to pack up, my computer died. I decided to put off analyzing that till I came  back, and went to set off. The car wouldn't start. After my return late Monday night, I contacted someone to help with the computer; Tuesday and Wednesday were high-stress diagnostic days. In the middle of Wednesday night, we called an ambulance to take Wilma to A&E (trapped sciatic nerve), where we seemed to have arrived in the Social Engineering Dept. rather than anywhere with clinical capability. Somewhere beyond fatigue at that point.
 A good deal of the time since then has been devoted to getting my computer fixed, and data and applications in good order. No data loss, and things weren't too untidy given the events of the past year, but still time consuming. Wilma has responded to Bowen Therapy but is still on a slow and painful road to recovery (me, I'm just continuing with the sleep deprivation - not helped by the long Scottish summer days).
This note starts with simple technical lessons learned, and only briefly touches on more personal matters (more anon).

Co-creation with tradesmen

There are some tradesmen who can see the customer/home-owner situation, and some that can't. The difference is striking. The lack of awareness of someone who come in to ply his trade with no regard to interfacing with other trades, the impact of his activity on his customers and their neighbours is remarkable. Maybe they need to take their wives with them.

Resilience of home office computer networks

I minimize my use of the cloud; 'the user as the product' is not a model I subscribe to more than I have to (though Blogger does a good job for me here). Bits of the cloud that helped provide resilience were google calendar and Opera Link (for bookmarks). Plusnet webmail worked; I normally leave mail on the server because 3 mobile and Plusnet don't talk to each other so far as email is concerned. Wuala, skydrive, and greater use of Amazon 'cloud' storage all need investigating sometime.
Applications I use that help with resilience are Chaos Intellect (email) that allows sync'ing, including a fully functioning email on a USB memory stick, and Powerdesk, where sync'ing, multi-pane file viewers and a size management utility help with recovery.
It is wrong to waste a good incident; improvements made include changing the laptop set up from a basic awayday arrangement to a more fully functioning set of applications and resources.
As regards my main desktop PC, the main lesson is that spending money on a high-quality well-specc'ed machine was a mistake. RAID 1 on a PC makes dealing with other failures much harder; RAID is for NAS. So, policy now is to buy basic "cheap as chips" machines (Zoostorm from eBuyer or somesuch), and have all the fancy bits external to the box. As regards the laptop, the Crucial SSD upgrade looks appealing. The TeraStation is still graunching away but the newer La Cie RAID boxes are tempting. A DLink print server enables me to print with a dead computer.

Dependable road transport

I bought the Subaru because they are supposed to be bomb-proof. Reviewers consider their interior to be a bit old-fashioned, which appealed to me on the grounds that there would be less non-engine electronics to go wrong. These assumptions proved wrong, and were compounded by 'smart' charging (which means driving with your lights on to save energy, or somesuch). Two call-outs and two dockings later, I think my car will start. For the five years I had my Toyota, I knew my car would start. A big difference. The Subaru had real rust after three years (I mean Vauxhall Viva type rust, not a stone chip). Fixed now, but astonishingly, no analysis of the manufacturing defect. At a loss on the way ahead just now. Still too cross.

The Dutch saying "trust arrives on foot and departs on a horse" applies to all sources of technology.


Over the past year, we have had more to do with the NHS than is healthy. Individual staff range from the excellent (raging against the system) to the truly atrocious. There was a high point where the GP said "yes, we are a pretty good team" - a doctor admitting to being part of a team - wonderful!
The system dynamics (I use the term in its technical sense) are awful.
The financial uncertainty of care for the elderly in England is horrendous. The cash flow implications for care homes and nursing homes are massive, and doubtless add a big chunk to the bill.
The key issue seems to be managerialism, which has taken the NHS to the 'bureaucracy' stage of the Adizes life cycle. Hopefully this will be expanded into something less cryptic soon.

Family matters

With death, parents change from being someone you are connected to, and part of a mesh of relationships. You start to see them in a more isolated fashion, as they were themselves, gain new insights into them, your own similarities and differences, and a whole review of your own 'deep story' grinds away . Views of yourself that have been dormant for decades surface. The social obligations of the offspring to the deceased are considerable - particularly when the deceased was a significant figure in work or the local community.
I may try to plot their loss of resilience as a system.
Buddy networks, are, or course, what work. Robin, a friend from Sussex University days trod this road some years back and offered useful words of immense comfort (not for the first time). Ron Donaldson has had a similar time to myself, which helped with the 'no man is an island' perspective. His post on his own Cynefin was helpful. I came to realize that the Scouser/Wollyback border is where I have my sense of belonging, but have much less reason to visit now. Coylton is extremely friendly, but I have still to grow deep roots here. Maybe Everton would like to move North. The world of my childhood in North Wales is now a lost world alas.
In their demise, my parents helped to restore wider family links. It would be a tragedy if we let these lapse again. There is some cycle of creative destruction going on here that I don't understand yet.

Thursday, 29 March 2012

Watching Dixie Dean

When my father was twelve, he was taken to watch Everton. This would be 1933, a year they won the FA Cup. Dixie Dean was playing, and was getting some abuse from someone in the crowd. Dixie Dean went up to the man and punched him. A policeman came along and said "Well done, sir" to Dixie.

Tuesday, 21 February 2012

21st Century Human Centred Design

  It is clear that "things are going to be different" - hopefully with a move towards "betterness". How will ergonomics contribute to this change, and what will it look like?
Somewhere Steve Pheasant said that ergonomics usually begins with some sort of task analysis, and ends with some sort of a user trial. In 'Ergonomics- standards and guidelines for designers' he wrote:
The bulk of the substantive content of the discipline revolves around two key issues—human adaptability and human variability, both of which are measurable and both of which are amenable to standardization at least with respect to their limits."

The principles of Human-Centred Design are:
  • A clear and explicit understanding of users, tasks and environments.
  • The involvement of users throughout design and development.
  • Iteration.
  • Designing for the user experience.
  • User centred evaluation.
  • Multi- disciplinary skills and perspectives.
Let us take the above to be fixed i.e. that the core of the discipline doesn't change, but that its application changes in response to a changing world (i.e. ergonomics practitioners will face  a changing 'context of use'). If ergonomics can adapt to the changed context, the future is very promising.  The shift in emphasis looks like the following:

From:  Drug labelling, incident analysis, CHFG, MiniMe
To:   Empowered patients, individual differences with 'quantified self', application of functional medicine, community tool design, wellness support, recognition of 'healthcare' limitations


From: Classroom furniture
To: Personal Learning Environments

Hazardous industries

From: Safety management, alarms, control room design
To: Resilience, governance

Work design

From: Factory and workplace design
To:   Enabling home and community resources e.g. hackerspaces  (home office design, the dangers of sitting etc. will have been done by others)


From: Equipment design
To: Facilitating Open Source Warfare

Consumer goods, work equipment

From: Product design
To:   Tools for co-creation; design, assessment, certification, of products/services (where the distinction has become unimportant). Input to open source design.

Suggestions welcome in the comments.

Thursday, 16 February 2012

Skills and Manners for Resilient Communities

A post by John Robb on the skills gap used the famous quote by Robert Heinlein 
"A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects."
John Robb is right about the skills gap, and this post is my twopennorth on the topic. 

The resilient community movement might sympathise with Henlein's bold statement of individual self-sufficiency - the Competent Man. (Presumably women are supposed to be pregnant in winter and barefoot in summer). The list has sparked a great many similar attempts, including this. However, it is clearly not practical as a universal prescription, up to date, or appropriate for all situations.
As a contribution to bridging the digital divide, I have attempted to expand it, update it where necessary, and use headings that merge digital and traditional skills. Bridging the digital divide will be an important factor at both individual and community levels (the list is an expansion of one developed in response to David Pogue's post on 'the basics').

To quite an extent, the specifics of the list aren't all that important. The skill requirements for a resilient community are likely to be an emergent property - skill development will need a number of safe-fail experiments (cf. Cynefin). What is important just now is to make an estimate of the size of the undertaking and have an initial plan of how to bootstrap ourselves, in this Resilient Communities may be lean startups - including customer development; "self sufficiency" might breed a dangerous introversion. Rob Paterson took the view that the first priority was to get fit, so that the other requirements could come more easily. This seems very sensible, but it may not be your priority.
One suggestion is that your priorities are driven by "what you are least worst at". Every community will need its own approach and idea of end-point, but it would be reasonable to be well on the way to using " five per cent of the energy throughputs that we are accustomed to now" (a must-read piece by John Thackara) by ‘the 2017 drop-off’ discussed in the 2009 BITRE report.
So,  we need informed skill development at an individual level, driven by hard reality like Rob Paterson has done, rather than woolly idealism. Perhaps we need Personal Learning Environments. At a community level, there is the need to spot potential skill shortages (as John Robb has done in the post mentioned at the top of this piece). What obviously won't work are:
  • Central planning
  • Doing nothing
  • State-funded institutions attempting to carry the load
  • Individualised efforts.
Here's the list. Ones from the Heinlein list are *

Make a phone call,  VoIP call
Txt on a mobile phone, Send a picture on a mobile phone (taken on its camera)
Send an email, know 'netiquette'
Subscribe to an RSS feed
Buy  online
Give a short talk e.g. welcome or thanks
Give a presentation without visual aids
Use powerpoint or equivalent sensibly (cf. Guy Kawasaki's Rule xxx)
Draw mindmaps or some other type of diagram
Read/produce engineering drawings
* Take orders
* Give orders
* Act alone
Run a personal kanban
Eat healthily
* Plan an invasion
* Balance accounts
Plan a menu
Do a household budget
Get kids to school on time and with the right gear
Set up a website
Plan or evolve the layout and planting of a garden
Organise a sports event
Prioritize risks and opportunities
* Co-operate
Run a workshop
* Pitch manure
Improve digital photos e.g. red eye removal, cropping
Prune plants
Care for pets
Clean the inside of a computer, displays, keyboards, mouse
Vacuum clean a house
Clean windows
Sew on buttons
Replace zips
Take up a hem
Change the wheel on a car
Check under the bonnet of a car (fluid levels, belts, battery etc.)
Secure people and assets
* Fight efficiently
Use a fire extinguisher or fire blanket
Have an escape plan
Set up and use internet security (firewall, anti-phishing, virus checking)
Wear a seatbelt
Avoid drinking and driving
Use strong passwords and not have them accessible
Test for counterfeit banknotes
Use a spam filter
Check a suspect email that has come through the filter
Check suspect visitors to the house
Stop junk mail
Know your post code/zip code
Know your IP address
Remember what you went upstairs for
Use search engines, desktop search
Use bookmarks/favourites for web pages
Have contact details for family and friends
Have contact details for emergency situations
Find useful people (plumber at the weekend)
Use a map and compass
Use a GPS device
Keep personal records organised
Keep account details organised e.g. bank, utiliities
File work documents in a system
Have a computer filing system for documents, images, music
Have a consistent filename convention
Make jam, pickle, chutney
Back up to CD, hard drive, web-based resource
Preserve with salt or drying, canning, freezing
Transfer digital photographs from camera to local and cloud storage
Take video, post to web
Program the video recorder or PVR
Use a photo sharing service, P2P music or video sharing
Use a group, forum, chat room
Raise money for charity, project
Host a party, barbeque
Write, distribute a newsletter
* Change a diaper
* Set a bone
Do CPR, resuscitation
* Design a building
* Write a sonnet
* Program a computer
* Cook a tasty meal
* Butcher a hog
* Solve equations
* Analyze a new problem
Paint in watercolours
Build a website
Use computer graphics
Grow plants from seed
Raise children
* Build a wall
Use a lathe or milling machine
Use computer 3D to create something
Build a drone, robot
* Conn a ship
Drive a car, tractor &  trailer
* Ride a bicycle, horse

* Comfort the dying
* Die gallantly
Find inner peace
Survive hardship
Survive success

As an aside, the story of Heinlein and Lazarus Long is an interesting one.

Update: As regards digital literacy, the European Computer Driving Licence is obsolete. Resources that look potentially useful include the Digital Survival Guide and Digital Citizens Basics.

Wednesday, 25 January 2012

Eric Sherwood Jones RIP (26 March 1921 - 14 January 2012)

"Epitaph on my Ever Honoured Father" by Robert Burns

O YE whose cheek the tear of pity stains,
 Draw near with pious rev'rence, and attend!
 Here lie the loving husband's dear remains,
 The tender father, and the gen'rous friend;
 The pitying heart that felt for human woe,
 The dauntless heart that fear'd no human pride;
 The friend of man-to vice alone a foe;
 For 'ev'n his failings lean'd to virtue's side.

Tuesday, 10 January 2012

Building utilization; Efficiency vs. Effectiveness

A great piece by Workspace Design Magazine identified the coming interest in monitoring (and charging for) workspace utilization.
"I predict that the efficient utilization of real estate, resources, and energy will be a critical business focus during 2012. To arrive at astute, accurate financial decisions, management teams will focus on increasing data acquisition so they can analyze workspace utilization trends down to a finite level. They will also place greater emphasis on leveraging flexible space and videoconferencing solutions, all in an attempt to maximize productivity without increasing costs.
To gain a more detailed understanding of how space and energy is used, companies will extend occupancy detection beyond conference rooms and work areas down to individual workspaces, desks, and drop-in space. Monitoring space and energy at the granular level provides details needed to identify the necessary amount of real estate for efficient functions, while avoiding unnecessary expenditures on excess workspace. It also facilitates the reduction of energy consumption in underutilized areas."

Smart Buildings also has this in its predictions for 2012 (.pdf).
"Data and Metrics for Building Occupancy will Finally Move to the Top of the Agenda as Key Indicators  in Building Performance. Aside from the base environmental needs of a building, a  simple  energy management  approach for buildings is to have  energy consumption  aligned  with actual building occupancy. Yet few building owners  know how many people  occupy their building, where they go, when they’re there, etc.  Building owners are more likely to know how many cars entered their parking garage than how many people entered  their building. How can you possibly know when and how much heat or cooling or light should be provided without knowing the occupancy of  your building spaces? A variety of means for gathering occupancy data are now available; we  have lighting control systems with not only occupancy sensors but more sophisticated  occupancy systems  able to track the movement of the occupant. In addition, there is access control, video surveillance with people counting capability,  room and personal scheduling systems,  infrared people counters for doorways, as well as RFID technology able to provide some level of occupancy data. In 2012 occupancy data will drive energy management and  curtailment strategies for demand response and space planning. Expect new hardware and software tools generating or using occupancy data metrics to be adopted by facility management. "

 In a brief exchange of tweets, @workingdesign asked two really good questions.
  • How effective is efficient space?
  • What are the trade-offs between efficient operation and. flexibility and productivity?
 Answering the effectiveness vs. efficiency question will take some thought. This post doesn't attempt to give a proper answer, being more of a place-holder. 
In terms of dollar outlay over the 40-year life cycle of an office building, 2–3 percent is generally spent on the initial costs of the building and equipment; 6–8 percent on maintenance and replacement; and 90–92 percent is generally spent on personnel salaries and benefits. These data suggest that if an investment in physical planning and design could be made that would favorably influence organizational effectiveness and therefore reduce personnel costs, total life-cycle costs could be substantially reduced.”  -  Jean Wineman (Behavioral Issues in Office Design)
 The above quote makes a strong case for effectiveness. The problem, as ever, with people-system integration is that costs and benefits don't come from the same budget. The case for effectiveness needs to be made clearly and in advance of the utilization metrics because so much of office history is against it. The effectiveness ambitions of Robert Propst with his Action Office were undermined by efficiency-driven implementation in the form of the cubicle. People such as Frank Duffy and Stuart Brand have fought the efficiency-driven approach with some success, but, with the new driver of energy consumption, battle will need to be re-joined. The world of work has changed dramatically since Propst and indeed say 'How Buildings Learn'.  The default for office space is becoming "Square feet, how square!". 

In 'Work and the City', Duffy says:" An even bigger blind spot is that architects have little motivation to measure and hence no vocabulary to describe how efficiently office buildings are occupied over time. Because our heuristic seems to be 'Never look back', we are unable to predict the longer term consequences in use of what we design. Yet the handful of space planners (such as my practice DEGW, which pioneered the technique) who do measure building occupancy report that even over the normal, eight hours of the working day most office buildings are lightly occupied—well over half of conventional individual workplaces are empty, even at the busiest times of day. Meeting rooms, even when pre- booked, are also, notoriously, often empty. Total occupancy of all office workplaces, combined with meeting rooms and all other social and semi-social spaces, peaks at 60 per cent and then only for relatively short periods at the busiest times of the working day.To say that office buildings are occupied at only half their capacity is a gross understatement. The actual situation is much more wasteful. The occupancy figures quoted above relate only to eight of the 24 hours and to five out of the seven days that office buildings are theoretically available for use." Plenty for the efficiency folk to go at then.
This post looks at how the effectiveness/efficiency debate might play in different organizational cultures, using Ron Westrum's organisational climate scale.

  • "Tina, that is the third time you have been to the toilet this morning. It is coming out of your wages. Your behaviour is now on the scorecard in the lobby."
  • The cost of meeting rooms is now going to be taken from project budgets. No, we aren't reducing overheads in compensation. Since safety training does not currently have a budget, it will need to meet in Starbucks next door.
  • Communications briefings have been stopped to save costs. Management information is now on the intranet.
  • The steering group is now analysing building usage metrics on a monthly basis. A working group has been set up to produce guidelines on best practice for running meetings.
  • Booking the large conference room now requires a director's signature one month in advance.
  • Staff working late are reminded that prior approval is required. This is particularly important now because of the associated costs.
  • There was an item in the suggestion scheme to try "brainstorming". We have appointed a committee to investigate this exciting idea.
  • We have doubled our facilitator training budget. The money for that has come from savings by running Boosters instead of meetings.
  • Last week's open cafe meeting was a great success. To celebrate, next week's meeting will have extra pastries. Please bring a friend and network.
 One of the many aspects of work that has changed in recent years is the quality and scope of facilitated meetings (Creative Problem Solving, TRIZ, etc.). Really, traditional meetings should be the exception rather than the rule. It might be worth asking whether a facilitator-in-residence becomes part of building management services? She might do more to reduce energy consumption and occupancy than many other measures.

Update: Susan Cain has a good article in the NYT on the loss of effectiveness in pursuit of efficiency.

Monday, 9 January 2012

Challenges for the Internet of Things Part 2

This post follows on from Part 1.

3. Complexity and user needs

The complexity of IoT may not meet user needs. This is a bit of a grumpy old man rant, but not without validity. More specific objections can be seen starting with:
  • GreenSpec's Quick Take: "This "smart" thermostat should help users save energy and be easier to use - more like an iPhone - than the typical programmable thermostat. But studies show that programmable thermostats don't actually save energy because people don't use them, or use them incorrectly. Will this really be different?"
  • Ironies of automation (linked to planning and set-up tasks) with a 'genius new app'.

4. Complexity Spiral 

The Tainter theory of collapse proposes the following:
1. Human societies are problem solving organizations
2. Sociopolitical systems require energy for their maintenance
3. Increasing complexity carries with it increased cost per capita
4. Investment in sociopolitical complexity often reaches a point of declining marginal returns

The challenge here is not that IoT will bring about the collapse of society, but that it is part of a trend where the additional cost and complexity produces a net burden on society rather than a net benefit. So, for instance, Michal Migurski discusses the "flighty optimism underlying arguments for Smart Cities" in the context of 'Normal Accidents' by Charles Perrow. This article is about a cost argument but it highlights the additional complexity   "Look, nobody's going to buy an Intel Atom-based sensor, which all it's doing is trying to determine whether to switch the sprinkler system on, under the sod on a golf course." To return to the Nest thermostat; we are requiring a large quantity of infra-structure to work reliably to provide limited benefit over a very simple device and a friendly neighbour.

The 'compelling argument' will need to become compelling indeed. John Michael Greer discusses the lack of bankable projects here. On the  mundane topic of affordability, people are cutting cable. This may not bode well for IoT applications based on massive increases in Telco bills when moving from 3-play to n-play. Folk are likely to find/hack more affordable solutions.

5. The Panopticon question

The current Web 2.0 has massive shortfalls in privacy and security - to a large extent representing the end of anonymity and privacy. Is IoT proposing to make good this technical debt as well as provide the end-to-end information assurance necessary for IoT applications to work with privacy, security, safety, accuracy, timeliness etc.? The issue is not one of 'things' but the funding and control of the infra-structure. Certainly a corporatist panopticon is the default way ahead. If people are to own 'their' data and have openness and transparency on its usage, then major changes to system architecture and business models will be required. The new years's contest is a welcome sign of awareness in the IoT community. Otherwise #OccupyIoT is a likely development! Bruce Sterling has discussed 'favela chic', a talk beautifully visualised here.  The technical IoT community is not in a position to lead some popular uprising against the corporate interests, and to the extent that it is trying to take down such barriers as exist in the 'internet of silos' it will be seen as part of the problem. "A moral obligation to contemplate a bright scenario" sounds like wishful thinking at best. The Daniel Suarez books are quite optimistic, and are essential reading if future scenarios are to be developed.

In these early days of proto-IoT, some of the problems are already apparent. For example:
  • "In one instance, a thermostat at a town house the Chamber [of Commerce] owns on Capitol Hill was communicating with an Internet address in China." WSJ. (h/t ACM Risks Forum)
  • "Smart meter hacking can disclose which TV shows and movies you watch" Naked Security.
  • Naperville Smart Meter Awareness (NSMA) filed a complaint in federal court seeking to stop the installation of smart electricity meters at homes throughout the city".  Greenbang.

Browsing the IoT world, I have not seen much evidence of SIL assessments based on IEC 61508, or discussions of security accreditations. These architectural and infra-structure aspects have to be proven before getting into building 'things'. The technical debt for anything other than a panopticon is basically unaffordable. If global guerillas start using 'things' in the darknet, most of the IoT community is not going to know. There are some signs of some awareness of the need for information assurance e.g. here (.ps) and here. The first of the links gives some indication of the mountain to be climbed. As regards TIA-4940 Smart Device Communications Reference Architecture (the second link), I have not done my homework and bought the standard. My evidence-free position is that 'if it looks too good to be true, it probably is'. The claims are massive, and I cannot believe the work has been done to provide end-to-end information assurance.

6. User-centred footnote

Gary Klein identified ten key  features of team player automation. These  are:
1)  Fulfill  the requirements  of a Basic  Compact to engage  in  common grounding activities
2)  Able to adequately  model other participants' actions vis-a-vis the joint activity's  state  and  evolution
3)  Be mutually predictable
4)  Be directable
5)  Able  to  make  pertinent  aspects of  their  status and  intentions obvious  to their teammates
6)  Able to observe  and  interpret signals  of status  and  intentions
7)  Able to engage  in negotiation
8)  Enable  a  collaborative  approach
9)  Able to participate  in managing  attention
10) Help to control the costs  of coordinated  activity

What assurances do we have that the IoT will meet these requirements?

Monday, 2 January 2012

Challenges for the Internet of Things Part 1

This is a fairly philosophical post about the context of the 'Internet of Things' (IoT), rather than a post about the practical aspects of taking a human-centred approach to IoT. It is pointing out some risks that may not have been registered by the strictly technical folk that comprise the bulk of the IoT community. The aim is to be helpful rather than negative. A subsequent post will include my input to the 'panopticon' new year's contest.

1. Fix the name

Having the wrong name for something is a continuing burden. 'Internet of Things' (IoT) is the wrong name. From a business point of view, it is an 'Internet of Services Mediated by Things' (h/t Graham Hill). Not very catchy, but a lot more accurate. From reading the wikipedia entry, IoT does not seem to be without conceptual problems; the expression was coined in 1999, and we are far from an agreed definition. Perhaps a change might not be all that painful. The suggestion here, unsurprisingly, is to take a human-centred approach.

The internet could have 7 billion people. How about an internet of people? Nice name, taken from here (although that post addresses a slightly different topic). IoT could offer an 'Internet of People Enhanced by Things'. An excellent post on a 'strengths based society' has the quote "I’m becoming convinced that this is the purpose of the web: to use it as a tool to enhance both ourselves and the network."
[As an aside, simple arithmetic says that 7 billion people, 50 billion 'things'  is less than 8 things each. Is the 50 Bn 'thing' forecast massively low?]

The people using the IoT will have a number of roles that will need to be supported if IoT is to succeed. These roles include:
User as product. All this 'free' stuff on the internet? If you don't know what is being sold, it is probably you. The business model of patientslikeme is a typical example. The data gathered from the 'free' buddy network is sold to pharmaceutical companies.
User as consumer. M2M might be interesting, but if there are no P involved, who pays? This consumer role will continue, even though 'there is no more money', but it is likely to become much more discriminating in ways we don't understand yet. Innovation in business models and pricing could well be far more important than technical innovation (Irene Ng has written on this), but using innovation of this type as a design driver is very new.
User as co-creator. The role of the user as co-creator of services on a continuing basis is fundamental.
User as validator.  This piece discusses the role of the receptionist in repeat prescriptions, with a link to a BMJ article that concludes: "Receptionists and administrative staff make important “hidden” contributions to quality and safety in repeat prescribing in general practice, regarding themselves accountable to patients for these contributions. Studying technology-supported work routines that seem mundane, standardised, and automated, but which in reality require a high degree of local tailoring and judgment from frontline staff, opens up a new agenda for the study of patient safety." There are many circumstances where human validation of machine-generated data or information is required. From working on military systems, my experience is that technologists under-estimate the need for this during early design, and can find it very hard to retro-fit.
User as error-maker.The unfortunate truth is that people make mistakes. Usually when they are 'set up' to do so. Design needs to allow the IoT (or whatever) to reduce human error potential, and to support error recovery.
User as member of (multiple) social networks (not all online). I get the impression that 'things' are seen as elements of automation, rather than augmentation of social interaction. The two are very different.
User as decision maker. Where users are 'making decisions' it is important to understand the nature of the decisions being made, and to provide the cues needed to support them. Gary Klein's decision-centered design can be grafted on to Human Centred Design without too much difficulty by design teams that are aware of the importance of this.
Users need a 'human window' on complex automation. This can drive many aspects of system design. For example, needing to provide explanations can have a major impact.
Functional roles, where the user is sponsor, maintainer, auditor, regulator, forensic investigator etc. Missing whole roles is easy to do without a strong commitment to Human Centred Design, and usually has serious consequences.

2. The  Vision Thing

Extrapolating technology into the future is cute but frequently wrong. The Villemard 1910 postcards are charming, and the paleofuture blogs old and new are fascinating. Is IoT destined to provide the 2010's entries for retronaut? The bottom-up approach of IoT makes it vulnerable to missing trends in society or business. For example, 'smart' cities as conceived by IoT may be 'fighting the last war' i.e. based on a model of urbanism that is becoming invalid. IBM's predictions for smarter buildings are in line with IoT thinking but have no top-down view of the context for IoT. The various elements of the resilience movement seem to be moving in a different direction. For example here:
"In fact the resilience movement is growing, as is the dissatisfaction with the high tech green gizmo approach to sustainable design. You see it in houses with the Passivhaus movement, where one trades active systems for insulation and sunlight; you see it in the streets with the cycling phenomenon. It is a conscious choice to use simpler, repairable, resilient systems." The resilient movement has a wide range of approaches, ranging from the transition towns to this and beyond. They don't seem to be placing any dependence on IoT.

One may well disagree with James Howard Kunstler's road map for tomorrow's cities, but IoT does not offer an alternative. It needs to be part of a vision with clearly stated assumptions on energy cost and use, demographics, trade, education, the priority for walkable cities vs. other means of getting around, the scope for refurbishment vs. newbuild (and doubtless many other aspects of IoT context). A sample of  views of urbanism can be found here, here, here and at Ikea. No reliance on IoT in evidence so far as I can see. It will be interesting to see what the mainstream US TED view is with its competition.

 Similar concerns could be expressed over other applications of IoT.

More on IoT challenges anon.

Update: Archinect also seems short of links to IoT.

There is a good post on a sensor commons, that starts to get at some of the issues of accuracy and of system integration. Interestingly, it proposes sensors installed by some underground citizen's movement. As regards the challenge of system integration  between the 'things' and their setting, this article is interesting. If robots are to become an everyday presence, the usual thinking goes, they'll have to be able to function in a completely uncontrolled environment. However, I think the inverse is likely to be true: In the future, we will sculpt our environment to become more robot-centric to accommodate their needs.

For the health sector, a great user-centred objective would be to support epatients, with this article as a starting point.