[SystemSafety] Autopilot interface?

Olwen Morgan olwen at phaedsys.com
Thu Nov 8 20:54:54 CET 2018


A simple case-in-point of poor cognitive design:

A few months ago, I missed the Wrexham exit off the Chester bypass. 
Turns out that there was a good reason for that. Until the Wrexham exit, 
"Wrexham" is written in big white letters on the green background. At 
the Wrexham exit, it changes to smaller black letters on a white 
background, having been apparently demoted to a local destination rather 
than a key route point. This is a classic case of lousy cognitive 
design. The change of gestaltung makes your "thinking-fast" cognitive 
pathway miss the direction to Wrexham.

Presenting information on a display is not the same as making a clear 
gestalt of it. If poor or inconsistent gestaltung affects inanimate road 
signs, how much more is it likely to affect critical system HMIs? I've 
only ever seen one book on this that I'd recommend to the average 
working software engineer:

Johnson, J., /Designing with the Mind in Mind: Simple Guide to 
Understanding User Interface Design Guidelines/, Morgan Kaufmann, 2ed. 
Feb 2014, ISBN-13: 978-0124079144, ASIN: 0124079148

Johnson writes very well IMO. I read the book through at a single 
sitting. (From it you could quite easily abstract an anti-blunder 
checklist for HMI design - checklists again!) I'd also recommend a nice 
little monograph on using model-based and task-based design for 
interactive applications:

Paterno, F., /Model-based Design and Evaluation of Interactive 
Applications/, Springer-Verlag, 2013 (softcover reprint of 2000 
edition), ISBN-10: 1852331550.

In this one, the author formalises the sequential parts of HMI design in 
a formal notation based on LOTOS.


Olwen

PS: For some surreal reason, your post made me think of a bloke going to 
his GP complaining that he had an non-annunciated dependency ... the 
mind boggles ... :-)



On 08/11/2018 18:34, Peter Bernard Ladkin wrote:
>
> On 2018-11-08 17:53 , Olwen Morgan wrote:
>> One should not, IMO, rely on training to compensate for a suboptimal HMI. I don't know enough about
>> these systems to be able to say whether that has happened here but I tend to have a high index of
>> suspicion in the matter.
> I do know about these systems. I think your intuition is spot on.
>
> There is an non-annunciated order dependency in the configuration. The flight crew configured the
> system, but got something in the wrong order.
>
> Had they paid attention to a small annunciation on the top right of the PFD, and asked themselves
> why it was showing what it was showing, they would have discovered and corrected the AP state.
>
> A similar situation occurred during an Air Inter flight into Strasbourg on 20 January 1992. Then,
> with fatal consequences.
> https://rvs-bi.de/publications/compendium/incidents_and_accidents/strasbourg_air_inter_a320.html
>
> Plus ca change ............
>
> PBL
>
> Prof. Peter Bernard Ladkin, Bielefeld, Germany
> MoreInCommon
> Je suis Charlie
> Tel+msg +49 (0)521 880 7319  www.rvs-bi.de
>
>
>
>
>
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
> Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20181108/7f784004/attachment.html>


More information about the systemsafety mailing list