Blayne Sucks

This year’s election has already set early voter turnout records in North Carolina by a 40% increase over the previous records. However, most of the interest in the election is a result of the Presidential race. North Carolina has voted Republican in 9 of the last 10 Presidential elections, but it may be leaning towards electing Democratic candidate Barack Obama this year. For voters in North Carolina, the down ticket races are at least as interesting if not more so than the Presidential race.

First, there’s an incredibly competitive race for the Senate. Incumbent Elizabeth Dole was once thought to be a invulnerable in her reelection campaign, but challenger Kay Hagan may actually win the seat. The race becomes even more important because the Democrats may be able to obtain a filibuster-proof majority of 60 senate seats if Hagan wins.

Second, there’s another incredibly close race for governor, which is truly amazing considering that 27 of the last 30 governors of North Carolina have been Democrats. (Yes, North Carolina historically favors Democrats as Governors and Republicans as Presidents.) The string of Democrat governors dates all the way back to reconstruction after the civil war. Popular Charlotte Mayor Pat McCroy is the Republican nominee trying to overcome this history, while current Lieutenant Governor Beverly Perdue is trying to become the first female governor of North Carolina. There’s also a Libertarian candidate for Governor that is doing well for a third party candidate: Michael Munger, who is currently the head of the political science, economics, and public policy departments at Duke University.

If you live in North Carolina and are at all interested in the Governor’s race, then I would urge you to watch the hour-long debate on YouTube by all three candidates. (There are six parts to the debate: Part 1, Part 2, Part 3, Part 4, Part 5, and Part 6.) At the very least, you should check out this summary of the debate.

There are many other important down ticket races. Usually, these down ticket races don’t even register in the minds of voters, but if all politics is local, then why are so many of these important races unkown? I urge you, wherever you live, to go online and at least find the names of all the people who will appear on your ballot in November. Take the time to Google them. You might find it more interesting than you thought, and either way some of these people will have the power to control a part of your life.

[Update: The New York Times has a brief editorial on a strange quirk in the North Carolina ballot. Even though North Carolina voters can vote using a single straight-ticket option, they still have to separately vote for President. This has resulted in unusually high numbers of North Carolina voters who simply do not have a recorded vote for President.  If you are curious what a North Carolina ballot looks like, you can find one on the State Board of Elections website. For more information on North Carolina voting, take a look at the 2008 Voter's Guide.]

[Update 2: Zach has an excellent post about the lack of attention paid to down ticket races over at In the Agora.]

Martin Fowler recently wrote something with which I found myself jarringly disagreeing. The post is about a concept called observed requirements.

Although I strongly disagree parts of his recent post, I did want to say upfront that I really like Martin Fowler’s work. Ever since I read Martin‘s book UML Distilled, I have been a fan. For something that is meant to simplify understanding, UML always appeared overly complicated to me and his book does a nice job of focusing on making it useful. Martin is also a big proponent of Agile Methods and Extreme Programming, both of which have improved software development practices by turning software development on its head.

Martin’s post starts with this quote from the book “Mastering the Requirements Process,” which I read last spring. (Note: I read the first edition of this book, which contains the quote Martin uses. I have not seen the second edition. Then again, I only have the second edition of UML Distilled. Such is the life of a grad student.) Here’s the questionable quote:

Requirements are the things that you should discover before starting to build your product. Discovering the requirements during construction, or worse, when you client starts using your product, is so expensive and so inefficient, that we will assume that no right-thinking person would do it, and will not mention it again.

Suzanne and James Robertson

When I first read this quote, I had pretty much the same initial, gut reaction that Martin had. It advocates an extreme position in a field where many different development methodologies have been successful. However, Martin’s post takes a position at the other extreme and is equally questionable.

Martin seems to think that the word “requirement” itself is a bad word, and that requirements are incompatible with agile methods. He claims that web sites developed using agile techniques violate the “waterfallish” requirements process and suggests four specific ways that such web sites can observe requirements throughout development:

• Look at what people are trying to do with the site and provide easier ways for them to do it.
• Look at where people are abandoning doing something, and look for ways to fix whatever was frustrating them.
• Build a new feature and see if people use it.
• Build an experimental feature and make it available to a subset of the user base. Not just can you see if they like it, you can also assess how much load it puts on your servers.

He goes on to say that web sites should monitor how their users actually use their site because what a user really does is much more accurate than what a user says they do. First, let’s get this out of the way. Suzanne and James Robertson dedicate a significant portion of their book (about half a chapter) to requirements elicitation through observing users! Let’s look at two more quotes from the first edition of their book.

First quote:

It is unlikely that many users can explain what they do in enough detail for the developer to completely understand the work, and thus capture all the requirements.

Second quote:

For example, one of our clients, [...], had 20 different products. [...] The way the users handled each of these products at first looked to be different. However, a common pattern emerged as we studied the structure of the work – we were looking for similarities, not differences. We observed that each product was in fact a different way of [...]. The end result was that we found a common set of requirements, and were able to make a single core implementation, and then dress it differently for each of the products.

I have edited the second quote to remove project-level details and focus on the “observed requirements” concept. Quite simply, I don’t understand how these quotes are irreconcilable with Martin’s four suggested approaches to observing requirements. In fact, they seem to be quite compatible. The jarringly disagreeable part of his post is that Martin paints requirements as a software artifact that can only be used in Waterfall development, which is completely untrue.

Second, let’s talk about requirements. Requirements can, and should, be a part of any agile method of development. They answer a critical question: “why?” In the case of an observed requirement, the answer is obvious: “Because that is, by definition, exactly what the user wants or needs!” In fact, requirements are even easier to integrate into the agile process than other software development processes. The regular meetings with customers provide a great opportunity for requirements-based techniques, but agile proponents typically eschew actually documenting any of the contextual information involved in these meetings in favor of self-documenting code and UML.

Self-documenting code has always seemed a bit silly to me. Just as an author can’t write to two audiences at once, a programmer can’t satisfy the compiler and provide complete documentation at the same time. Martin Fowler writes in UML Distilled (2nd Edition):

The fundamental reason to use the UML involves communication. I use the UML because it allows me to communicate certain concepts more clearly than the alternatives. Natural language is too imprecise and gets tangled when it comes to more complex concepts. Code is precise but too detailed. So I use the UML when I want a certain amount of precision but I don’t want to get lost in the details.

Many agile proponents like UML and in particular, use cases. Unfortunately, use cases, and other UML artifacts, typically don’t offer enough contextual information to answer “why” questions. (Though, they are excellent for answering “how” questions.) It is possible to augment use cases with contextual information. Later in UML Distilled, Martin says that developers should feel free to modify UML to meet their needs. Of course, once you have added the needed contextual information, you’re effectively just writing requirements.

Any agile proponent would find a lot of Suzanne and James Robertson’s book useful if they went into it with an open mind. Many of the techniques for discovering customer requirements could improve the efficiency of regular customer meetings in an agile development process. Conversely, many proponents of detailed requirements specs would find a lot of useful information in agile-based books like Martin Fowler’s Refactoring book and Kent Beck’s Extreme Programming Explained book.

Third, and finally, let’s talk about the current use of user interaction data as an “observed requirement.” The one thing in Martin’s post with which I completely agree is that observed requirements are extremely useful and haven’t been fully explored. As a privacy researcher, I think there are some unresolved issues for user data protection, but as a developer it is clear that this data can improve the product. The often cited example in this is Amazon.com’s book recommendation service, which I enjoy. For the moment, let’s set aside the privacy concerns because that could be a whole post in and of itself.

Martin mentioned at the end of his post that he hasn’t found much advice on leveraging customer website use for the express purpose of improving their systems. I don’t think the idea is being used as well as it could be, but it is out there. John Musa has been talking about Operational Profiles, which are effectively a set of observed requirements, for years as a way to improve software development. He’s even got his own book out there on the subject.

That’s the only work that I know that gives extensive, useful guidance on how to take user interactions with a software product and directly tie it back into the development process. I certainly don’t have all the answers here. If anyone knows another place where this concept has been studied, I would love to hear from you.

ABC News has an article on the eavesdropping of Americans that answers any remaining questions regarding the FISA Amendments passed this past summer. Essentially, the article details the use of surveillance systems to spy on ordinary Americans. Here’s a quote from the article:

“These were just really everyday, average, ordinary Americans who happened to be in the Middle East, in our area of intercept and happened to be making these phone calls on satellite phones,” said Adrienne Kinne, a 31-year old US Army Reserves Arab linguist assigned to a special military program at the NSA’s Back Hall at Fort Gordon from November 2001 to 2003.

Kinne described the contents of the calls as “personal, private things with Americans who are not in any way, shape or form associated with anything to do with terrorism.”

The article goes on to describe the nature of some of the phone call as pillow talk or phone sex. Some of the individuals involved were from the US Military, the International Red Cross, and Doctors Without Borders. Naturally, the Senate is investigating. The article further states that some especially juicy clips were saved by employees of the NSA.

Unfortunately, abuse of surveillance systems by insiders is nothing new. Bruce Schneier has shown us that surveillance cameras are abused and ineffective. Six well-known security and privacy researchers have warned about this sort of abuse with telephone surveillance as well (pdf).

The only thing that is remotely surprising about this is that we have specific details from whistleblowers, who are risking their careers and livelihood to tell us about this abuse. In this case, it is even more surprising that not one, but two independent whistleblowers came forward simply because the agency involved was the notoriously secretive NSA.

The GCHQ, which is the British equivalent of the NSA, recently dealt with its own whistleblower: Katherine Gun. In this case, Gun was a translator asked to favorably translate documents as evidence to garner support for the Iraq war. Her case was dropped at trial almost immediately. Speculatively, the decision to drop the case was due to the calculated decision that producing the evidence required to prosecute her would have been more embarrassing for the GCHQ than simply letting her go.

Many whistleblowers find the ethics of betraying their employer for the greater good an excruciating ethical dilemma. Check out this BBC News interview of Katherine Gun if you are interested in how she weighed the decision. (There’s a book about her if you are more ambitious.) For these reasons and many more, whistleblowers like Mark Klein in the AT&T case that prompted the FISA Amendments and now David Murfee Faulk and Adrienne Kinne in this more recent case with the NSA shouldn’t be our last line of defense.

Essentially, lesson from this ABC News article is simple: surveillance tools will be abused. It is human nature for power to corrupt. The Founding Fathers of the United States recognized this and tried to limit the power of the government explictly for this reason. They built checks and balances into our government because they knew that hoping for whistleblowers to highlight problems was not reliable. Why does the current US government not seem to comprehend this?  How many more whistleblowers and ABC News stories will it take for our government to catch on?

I recently was without my computer for some time and stumbled upon al3x’s Rules for Computing Happiness shortly after getting back online.  My time away from my computer gave me the opportunity to think about my own computer usage.  I thought I would go ahead and post my own short lists of rules.  For the sake of brevity, I will limit myself to five tips per category.

Obviously, the goal of using a computer is to improve your “happiness” through making work easier or making play more fun.  Although measuring happiness is hard, there is a clear divide between how computer power users (geeks) and the average person (non-geeks) uses a computer.

The first group has different objectives when they use their computer.  People in this group are more interested in hardware and software that gives them choice and control.  They are willing to put in the time to weigh their options and make the decision they feel is appropriate.

Geek Software:

1. When looking for a piece of software, always consider using an open source alternative.
2. Use software that stores data in open file formats.
3. Learn how to use a Unix-based operating system.  Good options include Mac OS X, Linux, or OpenSolaris.
4. If you travel, be sure to encrypt your data.  I almost put this into the Non-Geek category, but I think full disk encryption may still be a little bit out of the range of things that Non-Geeks are willing to learn how to use.  Either way, this is incredibly important if you travel and have any personal information on your laptop.
5. Don’t be afraid to use proprietary software when it is simply the best tool for the job.  I think potential examples of this are Photoshop and TextMate.  Both of these programs have good open source alternatives (Gimp and vim or Emacs respectively), but the bottom line is that you should use whatever makes you most productive.  Just don’t forget point #2 in this list.

Geek Hardware:

1. Buy hardware with open source software support. This hardware will almost invariably have good closed source support as well, but open source support will give you more options and more control if you want it.
2. Do not skimp on your monitor, keyboard, or mouse.  If you are going to be using your computer heavily, the quality of the interfaces you use is very important to your health.
3. If you use more than one computer, get a KVM.  It will save you a ton of space on your desk.
4. If you use a router, get a dd-wrt compatible router.  The feature set will blow you away.
5. Conduct extensive research on every piece of hardware you are considering buying.  Good places to start are the Ars Technica Buyer’s Guide or Tom’s Hardware.

The second group consists of a wide variety of people in all kinds of professions that want nothing more than to use it to complete some task or to have fun.  They explicitly do not care about learning how computers work.  My mother falls into this category.  Here are the rules that I would give anyone in this group to help them achieve computer happiness:

Non-Geek Software:

1. Think twice before installing any piece of software.  Could an already-installed application do what you need?
2. Find and use software that will help you back up your data.  Apple’s Time Machine is a good way to do this.  (See Non-Geek Hardware #4.)
3. Keep a written record of all the software you install/remove and the time you install/remove it.
4. Use a password manager that allows you to select stronger passwords.
5. Do not use web applications unless the things you use them for aren’t sensitive.

Non-Geek Hardware:

1. Do not buy top of the line hardware.
2. Do not buy ultra cheap hardware.
3. Hardware features are less important than the software support.
4. Buy an external hard drive and use it to back up your important data.
5. Avoid expensive hardware service plans.