The Human Factor in Software Engineering

In seinem sehr gut besuchten Vortrag (33 Teilnehmer) gab uns Dr. Merath nicht nur eine umfangreiche Einführung in die IT-Sicherheit, Datenschutz und IT-Recht, sondern diskutierte auch, dass diese Themen einerseits zwar komplex sind, andererseits aber auch wirksam, effizient und nutzbringend umgesetzt werden können.

Komplexität entsteht durch eine Vielzahl an Gesetzen, die gleichzeitig gelten, durch die Realitätsferne von Gesetzen und Auditoren, durch Nachweispflichten, dem Widerspruch zwischen Vertraulichkeit und Verfügbarkeit, Schlampigkeit von Mitarbeitern und der gesamten Organisation im Arbeitsalltag, Blindheit durch Erfahrung. Als Folge dieser Komplexität werden ständig Gesetze gebrochen.

Wichtig ist für die Praxis:
1.) frühzeitig beginnen: Vorbeugen, statt abwarten, bis etwas passiert!
2.) An alles denken, gründlich arbeiten. Entspannt das Richtige tun, das Unwichtige bleiben lassen.
3.) Sicherheit ist ein ständiger Prozess, keine einmalige Aktivität. Wenn man konsequent vorgeht, bekommt man die Komplexität allmählich in den Griff. Hier ist jeder Mitarbeiter gefragt. Alle müssen täglich an IT-Sicherheit und Datenschutz denken.

Die Vorteile, die man davon hat, liegen nicht nur in der erhöhten Sicherheit und der Einhaltung von Gesetzen. Man baut damit auch Vertrauen auf, auch und gerade bei den eigenen Mitarbeitern. Ein Drittel aller Meldungen von Gesetzesbrüchen stammen von Administratoren, also von Whistleblowern, die die Verantwortung für die organisationelle Schlampigkeit ihres Arbeitgebers nicht mehr tragen wollten. Die Gesetze sind nicht nur eine Pflicht, sondern helfen einer Firma dabei, moralische Werte umzusetzen.

Do Science Fiction books predict future technical developments or does technical development imitate novels? Anyway, the TV set which observes people is now true: read here (in German). I think that this was an unnecessary development as we are already sufficiently observed by our computers and by the Internet. But, of course, if you want to observe older people, you must get into their living rooms and watch them on TV. Well, I have no TV anyway. Having no TV is an important measure of my efficient time management.

OK, here I am, back from a sleepless night. It took me 8 hours for data recovery. The problem was not to recover the 10 files worth 20 work hours, that was done in half an hour. The problem is rather that while the laptop is in repair (or while I buy a new one) I must work on the other computer. So, I needed the backup from last december copied to it. And that took 7.5 hours!

My trouble was a mixture of partly unreadable CDs which hang up during copying and Windows Explorer moodiness. Finally I had to copy many folders file by file because the folder could not be copied as such. Some files made trouble and therefore, I combined backups from different sources. I hope that my tired eyes did not miss any important file.

As I had completely restructured my folder structure and deleted unnecessary files before the backup last december, the CD showed me the new structure, new folder name and how many files were left after cleanup. When a folder could not be copied, then I took an older backup, searched for the old folder name in the old structure to copy it. Uarg! This MUST happen exactly after such a cleanup. Otherwise, it would have been easy to do the recovery! Of course, the files which I deleted last year, are now back into the folders, hours of work are lost.

At least, I became much faster when I understood the pattern: sub-folders are not copied from the CD with a 95% probability. So, copying sub-folders one by one I could save a lot of time. The main time sink was not the manual effort, but the waiting times when I had to tear out the CD and re-insert it and waiting until the computer understood that there is a CD in the drive. Or the waiting times when restarting Windows Explorer. :-(

I could not even listen to an audio book in parallel. I did not want to heat up the old laptop too much, but the CD drive of the new one was busy...

Best of all: CD no. 3 made me really sweat! Its second copy was unreadable all together. It was not even recognized as a CD. And copy no. 1 degraded by and by, due to the excessive data copying. Finally, I spent 20 minutes putting it in the drive again and again, to have it finally read. However, one newer folder was lost. I had to get it from the broken laptop. :-((

The worst thing is that I must consider my backup from last december as practically non-existent. The files were partly not readable and it was impossible to copy sub-folders. I lost both copies of CD no. 3. I must repeat the backup with another storage medium.

OK, and now I go and see my friendly hardware guys from the shop around the corner... When I researched their opening times last night, my main sorrow was that they open so late. Now, it rather is that they close so early!

I am really security-aware because in my life I lost many files and had to write documents a second time. And it is no fun to repeat oneselve´s work. The second time, your are faster, but also work with less love. Anyway, usually I saveguard my work regularly, at least once a week. But before Christmas, I reorganized all my files in a new structure and ... somehow, this seemed to be a good reason for me to do no backup since. Don´t ask me! This makes two and a half weeks without backup. I thought of it Wednesday, on my home office day, but then decided to delay it until the week-end. I went on a trip. Trips are dangerous for laptops...

You guess it: The laptop did not boot when I tried to work in the train on my way back. I had several hours in the train to think about what work would be lost and how much time it would need me to do the same again. Well, 20 hours. Not because I worked only 20 hours since Christmas. But most of my work results I share with others by email, by uploading in my blog or in an e-learning system. Hey, what an advantage of team work! A team serves as a file backup! Nevertheless, 20 hours is much. I wondered how much I would pay to the computer guys to recover it. The laptop´s value is practically zero.

At home, I already have a newer laptop. I went online and searched the net for a hint. Ok... There is a way to boot the laptop again. The fan does not work, but it gave me time to copy the files worth 20 hours of work.

Of course, the backup recovery did not work on first try. You know, you first check whether the folder is on your CD, then delete it on another data carrier and afterwards you find out that the computer does not want to copy the CD. Fortunately, I have a second copy of the CD. The trick worked. I showed the other CD to my computer and the computer suddenly remembered that it can read the fist CD, too. Often, computers are like humans.

Well, I am still struggling with copying data. It will take another hour or so. This is why I have time for writing.

Currently, I am inspecting requirements specifications, UML and ARIS models created by my students. And I ask: Why these inconsistencies?? I have told them several times that requirements must be consistent between documents. We even had a session which was dedicated to creating consistency between these models. At least, I told them to use this session for this purpose.

What happened? In one review, I had to them: "You invested double effort for creating confusion!! This is a mistake also made in practice. Nevertheless, it is a grave fault."

Honestly, I do not understand why people do this at all. It could be so simple: You just sit down and write the use cases or the data model once. Seriously. Then, you can reuse this model for all documents you create.

What good reason do people have for re-creating another data model instead of using the one they created last week? Why do people prefer creating two bad, incomplete, sluggish models instead of one good one? Don´t they trust in their own result from last week? Do they simply forget that there is already a data model? Don´t they believe that life can be simple? Do competing subgroups/ persons within the "team" create competing models because they can not agree on one model or do not talk to each other at all? Do they want to punish the person who made the document template and specification guidelines by filling redundant chapters with rubbish pseudo content?

Bad news for you: Your studies are over. It is not because correcting your assignment took me as long as it took you to copy and paste it together. It is not because you did not treat the topic I have assigned to you but instead the topics that your sources treat. It is not because your definitions do not fit to each other and you do not explain the technical terms you use. It is because it is not good scientific work to copy and paste other people´s text together, even when you steal from Chris Rupp or from a university professor. Yes, they do write a better style than you would. But you could honor their writing skills by citing them. You instead have stolen their intellectual work.

No, making you fail is not unjust. No, it is not OK that other students get good marks for their plagiarism. And it just by error or fear that other professors do not remark plagiarism. Yes, fear. Free lecturers like me and even professors must fear students. Bad course evaluations can cause real damage. And I still do not believe that my bike fell apart without someone helping it. It is possible that one security-relevant screw loosens by itself, but not two of them at the same time.

Yes, I understand that you wish me the same damage that you experience by my "fail" given to you. But me sense of justice tells me that you simply earn the mark you merit. Lots of students have gotten really good marks from me because they did hard work. I do not expect you to do perfect work, but honest work!

I still prefer clumsily worded assignments written in own words, flavoured with queer, individual opinions to a work of plagiarism. A student is still a learner and has the right to write text that is still not perfect. But it must be his / her own work. The result of interested reading and genuine thinking. It must reflect the individual´s discovery of a topic. When you are intested in the topic you study, writing assignments can be fun.

Best wishes for your future. Maybe, you study something that really inspires you?

Incorruptible Dr. habil. Andrea, fighting for law and order in scientific assignments...

Preparing a lecture is like cooking: It takes more time to prepare the dish than to eat it...

Die Folien meines Vortrags "Lernen durch Feedback aus Inspektionen" sind jetzt online. Der zugehörige Artikel erscheint dann im Frühjahr 2014 in den Softwaretechnik-Trends.