IKEA’s Billy the bookcase and modularity in IT security – Design Monday

Archive for the ‘Architecture’ Category

IKEA’s Billy the bookcase and modularity in IT security – Design Monday

Posted by

“Billy the bookcase says hello.”

“So does a table whose name is Ingo,” sang Jonathan Coulton in his IKEA song, “and the chair is a ladder-back birch but his friends call him Karl.”

I can’t speak for Karl. But Billy, well, Billy has an interesting backstory.

In the late 1970s, an IKEA advertising man named Billy Liljedahl complained about the state of bookshelves. They were heavy, expensive, and often missed the point by not actually being sized for books.

Gillis Lundgren, head of design at the time, began to sketch. “I drew the first sketches on a napkin,” Lundgren would later recall. “That was often the way we worked. Ideas are perishable and you have to capture the moment as soon as it arrives.”

Billy the bookcase would debut in the IKEA catalog in 1979. By 2009, IKEA had produced and sold more than 41 million bookcases. It remains one of the most popular products to this day.

Why? Regardless of Billy Liljedahl’s complaint, there were other shelves. IKEA had previously produced the Tiga. An early competitor inspired the Tiga: the Lundkvist shelf or Lundkvisthyllan. Not to mention the countless options we have today for shelving, storage, and more.

The reason is modularity, scalability, and extensibility. If there’s a room, if there’s a style, if there’s a need, there is a Billy configuration. The result has been pages on pages of Billy hacks. (Here are 45 ideas to get you started. Ironically, many without books. Sorry, Billy Liljedahl.) We’re seeing the power of architectural patterns playing out over 41 million use cases.   

When IT security leaders envision future security capabilities, we must ground them in repeatable patterns. A thousand apps individually implementing controls can quickly lead to sprawl, gaps, and waste. Equip these same teams with a pattern, say for authentication or fraud detection, and we can standardize the building blocks. Even if each app is different. Even if it looks as different as a standalone bookcase in a young person’s first apartment, or a built-in bookcase in an adult’s work-from-home study.

“Books should talk but the bookshelf should be silent.” This is the motto of the Lundkvist shelf. They never said hello. Perhaps that’s why Billy won the market.

And there’s a lesson for IT security. Products should talk but security shouldn’t be silent. Architectural patterns speak softly long after security has left the room.

IKEA Billy bookcase hack, via Willow Style Co.

This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.

Premature simplification is the root of bad security – Design Monday

Posted by

The device changed our homes. It changed our perspective of time. In a way, it’s a story of miniaturization. They used to take up entire rooms, and suddenly could fit on a desk. It’s also the story of economics. They once were so costly only corporations could own them. With falling prices and shrinking sizes, it wasn’t long before every house had one.

The personal computer revolution? No. The sewing machine.

Our story begins a hundred years into the revolution. For most of those years, Singer dominated with black cast iron machines. Our design hero is Marcello Nizzoli, an Italian who refused to commit to any one discipline. He worked as a draughtsman, designed clothing and accessories, made advertisement posters, started magazines. Nizzoli’s collaboration with Olivetti was so successful, it set the standard for how Olivetti created teams of artists and engineers, paving the way for Ettore Sottsass to create the Valentine typewriter. When Necchi approached Marcello Nizzoli in the 1950s, Nizzoli had deep skills in precision machines and an instinctive understanding of those who stitch and sew.

The resulting Necchi Mirella Sewing Machine arrived in 1956. Nizzoli’s machine was light and beautiful. It features brightly colored enameled aluminum with a finely crafted metal drive mechanism. The Mirella won a number of awards and, today, is on permanent display at the New York Museum of Modern Art (MoMA). From contemporary accounts to modern documentaries, the consistent theme about the Necchi Mirella is this: user-friendly, ergonomic, and simplicity.

It was simple. We see this theme frequently when reading about good design. I return to the theme regularly in this series. Make it appealing, and keep it simple.

But simple is hard. That’s the problem.

Agreeing to Protect the Organization

Many CIOs and CISOs bicker like an old couple in a bad marriage. We make points, not progress. I wish we could watch pairs of executives argue it out and find what works. It’s too bad there isn’t an IT equivalent of what John Gottman and Julie Gottman have done with couples in the Love Lab. How can leaders have the tough conversations which lead to agreement?

Peter Coleman, inspired by Gottman, founded Difficult Conversations Lab to explore this question. What Coleman found is shocking: the root of the problem is our desire to simplify.

Our goal gets in the way of reaching our goal.

Coleman’s advice: get complicated. In conversation after conversation studied, complexity provided the space to reach agreement. When researchers framed the issue in black-and-white and primed the people with a similar simplified issue, the conversation became intractable. Often times, it was a short jump from intractable to “destructive spirals of enmity.”

The more we oversimplify requirements before speaking with peers and stakeholders, the less likely we are to come to an agreement. When we oversimplify early on, we fail to get buy-in. The resulting security controls won’t fit what the workforce needs.

Take the example of an identity. Let’s suppose we have people who change roles, going from contractor to employee. Suppose some people have multiple roles, say customer and employee. Start the conversation with the black-and-white control of all access and data being removed when a person is terminated. Watch how fast we get shutdown. An oversimplified approach leaves no middle ground for negotiating how identity gets defined and protected.

A Word of Caution

The lesson from Coleman, Gottman, and Nizzoli: Explore the complexity of the problem with the stakeholder, from their perspective.

Don’t explore the complexity with them from our perspective. If we want to enforce multi-factor authentication, we shouldn’t start by explaining complicated protocols and standards which enable MFA. But we should listen to the complex ways people work. Marcello Nizzoli’s success came from understanding how people sewed, not from explaining machinery to customers.

As we move from exploring the problem towards exploring possible solutions, we move from complexity towards simplicity. When defining the security capability, starting simple with an ugly prototype and iterating from there. When determining security controls, selecting the minimum requirements. Complexity as a starting point mustn’t be prolonged.

A Design Principle

“Premature optimization is the root of all evil in programming,” Donald Knuth once famously said. If you spent effort optimizing things before they are fully developed, you end up creating unnecessary work.

While the Necchi Mirella is praised for simplicity, Marcello Nizzoli arrived at the machine’s design only after spending years absorbing the complexity directly from those working in the clothing industry. Complexity, next empathy, then understanding, and finally simplicity. That’s good design, good programming, and that’s good security work.

Premature simplification is the root of bad security.

The Necchi Mirella Sewing Machine, designed by Marcello Nizzoli, 1956.

This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.

Minimum Viable Security – Design Monday

Posted by

My focus on IT security began in 1997 with a malware outbreak. To get a sense of how much has changed, I checked out the (ISC)² website as it existed back then. Whoa. It’s ugly. The website and the views on cyber security have drastically improved since the nineties.

These days I regularly get asked, “where do we begin?” Privileged Access Management is supposed to look like this. Zero Trust Architecture is supposed to look like that. We only have a these two things, a paperclip, some duct tape, an overworked staff, and an intern. Where do we even start?

Borrowing from the product design world, take a Minimum Viable Product (MVP) strategy. Take a limited number of security controls. Take a limited scope of people and systems. Design a security capability, implement it, and get feedback on what works and where improvements are needed. Then, rinse and repeat with refined controls and in a new area of the organization.

A concern is that this process may lead to a patchwork of controls assembled from a tangle of point solutions. Valid concern. We’ve all seen such environments. A few of us have been lucky enough to build such mistakes, and learn from them. The way to avoid this is to use a consistent set of architecture patterns and project templates. Each sprint begins with these patterns and plans. Each one ends with updating the architecture and PMO libraries. It’ll be ugly, but with a controlled process, it’ll improve rapidly.

Criminals don’t care that we got the capability perfect. Adversaries aren’t impressed with the beauty of our control framework. So toss out the textbook.

Start where you are. Dare to be ugly. Iterate and improve.

The (ISC)² CISSP webpage from 1997, courtesy of The Internet Archive.

This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.

Change Creates Adventure – Design Monday

Posted by

It has been said San Francisco is forty-nine square miles surrounded by reality. Fleeing Michigan snows for a week in San Francisco leads to feeling the otherworldliness. One flight and everything changes.

In San Francisco, underneath a series of hills reminiscent of Hobbit holes, is the California Academy of Sciences. The hills reflect the structures below, such as the planetarium. The overall field forms a living roof which keeps “interior temperatures about 10 degrees cooler than a standard roof and reducing low frequency noise by 40 decibels. It also decreases the urban heat island effect, staying about 40 degrees cooler than a standard roof.” This according to the California Academy of Sciences press release from 2007.

Renzo Piano designed building. His starting point was a question that’s delightful in his lateral thinking: “what if we were to lift up a piece of the park and put a building underneath?” In the California Academy of Sciences building and throughout Piano’s work, he returns again and again to themes of culture and change.

“The world keeps changing,” Renzo Piano said on the TED stage. “Changes are difficult to swallow by people. And architecture is a mirror of those changes. Architecture is the built expression of those changes. Those changes create adventure. They create adventure, and architecture is adventure.”

There’s a tension when designing a security architecture. The architecture must meet and mirror culture of the organization. The design can’t run contrary to how the organization works. But at the same time, the new controls must facilitate a cultural change towards a more secure way of being. The architecture mirrors while it modifies.

There’s another tension when designing a security architecture. Ongoing change will impact how people perceive and experience security. But at the same time, the security principles and posture must remain unchanged in the face of far ranging organizational change. “Architects give a shape to the change,” Piano once said. The architecture is flexible but stable.

My last trip in the US, before the pandemic, was to San Francisco. Within a month, everything had changed. We are experiencing the greatest migration in human history. A migration from the office to the home, certainly. More significantly, a migration from the physical to the digital. We now live in 1440 square pixels surrounded by reality.  

Security architects must meet the wave of this change while holding steadfast to our security principles.

California Academy of Sciences living roof. Photography Columbia Daily Tribune.

This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.

Prototype and Demonstrate Your Vision of Security – Design Monday

Posted by

“Here are the materials, ideas, and forces at work in our world. These are the tools with which the World of Tomorrow must be made.” With that, the pamphlet announced the 1939 New York World’s Fair.

Alfonso Iannelli was right at home in the World of Tomorrow. Having gotten his start designing posters for vaudeville, Iannelli was also right at home with hype. Sunbeam Products was showcasing two of Iannelli’s designs: a toaster and a coffee pot, or the T-9 Toastmaster and C-20 Coffeemaster. These hardly seem innovative to today’s audience. But toasters were still an emerging tech in the 1930s. And the C-20 pioneered the vacuum coffee process which even today connoisseurs consider the superior way to make coffee.

Most importantly, the C-20 and T-9 brought the Streamline Moderne style to life. The push towards modernism was a recurring theme in Iannelli’s work. And there it was, at the World’s Fair, courtesy of Sunbeam.

Unified in style and updated in technology, these appliances have parallels in security capabilities. We’re often updating existing capabilities along with designing and implementing new ones. For example, suppose we have an existing workforce identity and access management program. Suppose we also have customer identities within the ecommerce website. A common challenge is to bring these two programs up-to-date and centralize the way identity is secured.

When developing a vision for the future, we naturally look for ways to implement the latest technology. It is equally important that we look for ways to standardize and unify the design for the experience.

Find the Streamline Moderne of identity and access management. First, find your vision.

After acclaim at the New York World’s Fair, Sunbeam put the coffee maker and toaster into production. The Coffeemaster would stay on the market nearly thirty years, wrapping up its run in 1964. Meanwhile? The Toastmaster was immortalized in a slice of Americana. On the cover of the Saturday Evening Post in 1948, central to the Norman Rockwell painting, there sat Alfonso Iannelli’s toaster. Moderne had arrived.

The starting point was the World of Tomorrow. Likewise, with your vision, the starting point is showcasing a pilot. Develop a proof-of-concept. Tie it to something larger. Hype it with all the gusto of a vaudeville poster.

Showcase your vision. Take this moment to gain early support and feedback.

Sunbeam T-9 Toastmaster, design by Alfonso Iannelli

This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.

Follow Signs of Friction to Find Security Champions – Design Monday

Posted by

On a winter evening in 2014, Nikki Sylianteng got a parking ticket. It wasn’t a surprise. This was in LA where the city collects around $140 million from tickets annually. Sylianteng’s $95 parking ticket wasn’t significant and it wasn’t a surprise. But what happened next was.

When designing security capabilities, we have two aspects to consider:

• The paths people take to complete work – number of steps, familiarity, and friction of each step
• The choices people make during work – number of choices, predictability, and cognitive load

I argue that security can improve people’s work. Make it easier. Make it faster. I often get pushback on this argument, and for good reason. A very real problem is that security teams don’t have good visibility into the path and the choices. Even more worrisome, we don’t get good feedback when things are difficult or when security controls are making them worse.

Millions live in LA. Hundreds of thousands get tickets in LA. One person gave feedback with a solution.

Why? It is the same reason the workforce tolerates bad security controls: habituation. People get used it. They become blind to the annoyances along the path they have to take to complete their workflow. Listen for these tell-tale phrases:

• That’s just the way the world works
• We’ve always done it this way
• Things could be worse

That’s an indication of a workflow security may be to improve while increasing security. There lies habituation. There lies unnecessary steps or choices. There lies an opportunity to improve the path. But we need a partner on the inside, someone who can see beyond the habituation, someone who has what’s called beginner’s mind.

This is what drew me to the story of Sylianteng and her parking ticket. (Listen to Nikki Sylianteng tell her story herself here.) She didn’t accept the ticket. She couldn’t accept the way the parking signs were. She launched To Park or Not to Park and radically redesigned the parking signs. She has since created tools that anyone can use to create their own simplified parking signs.

Imagine our security goal is parking enforcement. Our control, the parking sign. Four million people in LA see the signs. Some follow them. Others don’t. Only one person actually says this is a problem, and takes it on themself to correct the problem. Do we embrace this person? Well. We should. According to Nikki Sylianteng, her new approach “has shown a 60% improvement in compliance and has pilots in 9 cities worldwide.”

Find those with a unique combination of beginner’s mind and desire to make a change. Embrace them. They are your security champions, and by working together, leaps in adoption and compliance are possible.

Before and after Nikki Sylianteng‘s parking sign redesign.

This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.

Security is not the control, it is the context – Design Monday

Posted by

Seeing is Forgetting the Name of the Thing One Sees. A fantastic title, right? I was having a coffee meeting with a new product designer a few months back. As can happen, I was pretty wound up, going on about the need for usability and human-centric design in cybersecurity. She told me, “you need to read Seeing is Forgetting the Name of the Thing One Sees.”

The book covers conversations Lawrence Weschler, the author, had over three time periods with Robert Irwin. It gets to the heard of Irwin’s philosophy and approach. Irwin began abstract in the 1960s. He painted lines. He painted dots. But when displaying his work, Irwin noticed the way the art was experienced was influenced by factors outside of his paintings. Any of us who have seen optical illusions with colors and lines understand this instinctively and likely think nothing of it. But to Irwin, who was obsessed with the experience to the point of banning photography, this simply wouldn’t do. Irwin took to replastering and repainting walls, sometimes whole studios, where his art was displayed.

Robert Irwin insisted on controlling the entire experience and this led to the realization that the surroundings were just as important as the artwork itself.

We’ve been slow at coming to a similar realization in cybersecurity. Consider the Web application. A thousand things have to go right for it to work, and a thousand things can go wrong from a security perspective. OWASP framed these issues up into a top 10 list. This simplified the work of developing a secure Web app. However, OWASP initially focused solely on the app itself.  Of the six releases since 2003, only the last two releases included the walls and studios, the vulnerable server components, on the OWASP top 10. We’re slow to recognize the importance of the surroundings.

Robert Irwin’s obsession with the surroundings transformed the artist from painter to landscaper. He has gone on to produce more than fifty large scale projects since 1975.

From the perspective of a designer, we must consider how the new capability fits into the existing cybersecurity portfolio and, more broadly, into the organization. We have to replaster the walls. We must make sure it fits in the studio. From the defensive perspective, this makes a lot of sense. A criminal faced with a strong control will look at the environment for other weaknesses and take advantage of gaps. From the usability perspective, Robert Irwin reminds us that how something is seen is as much about the thing as it is about the overall experience.

Security is not the control itself. Security is the surroundings.

Robert Irwin’s Double Blind exhibit at the Vienna Secession, Austria.
Photography: Philipp Scholz Ritterman

This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.

Mies and IBM Plaza: Knowing When More is More – Design Monday

Posted by

The building came into view. My vantage point was on the Chicago River. It was Valentine’s Day. Now Chicago natives had warned us about the cold February winds. But there my wife and I were, on a river tour of Chicago’s architecture. Frozen to the ship’s deck, we looked up as the IBM Plaza came into view.

Ludwig Mies van der Rohe designed the building in the 1960s. Mies came from the famed Bauhaus school, another of my favorite sources of inspiration. In fact, Mies was the last director of Bauhaus. He moved from Berlin to Chicago in 1937 to head the architecture department of Illinois Institute of Technology. There’s a direct line from Bauhaus to Second Chicago School of architecture. Specifically, in minimizing ornamentation in favor of emphasizing building materials themselves.

It was this modernism which drew IBM to Mies van der Rohe. But there was a problem. Many, in fact, with the building IBM wanted. Computing technology of that age was notoriously hot and power-hungry. Moreover, computer engineers were at a premium, which meant a large workforce with little patience for waiting on elevators. Every minute counted. Moving to the ground, the lot was an oddly shaped. Triangular. It sat partially atop of a train line which restricts the foundation needed for a skyscraper. And to top it off, the site had an agreement to provide storage for the Sun-Times. That’s a lot.

“Less is more” was popularized by Mies van der Rohe. Boil down architectural requirements to the essentials. In cybersecurity, we’ve embraced less is more. You see it in concepts like least privilege, least trust (aka Zero Trust), economy of mechanism, and limited security blast radius. You see it in my security principles; like when I discuss building Roombas not Rosies. Less is more is a reminder to take a minimalist approach.

Even from the Chicago River, you can feel the minimalism of the IBM Plaza. The exposed vertical beams, the glass and steel materials on full display. Less is more. But it’s more than it seems. The building has more than double the elevators of a comparable building. The cooling system is similarly over-powered. Designed by C.F. Murphy, the HVAC is tuned for 1970s era computing. Mies also made several floors to be taller to support raised flooring, and reinforced to support the weight. The building is subtly shifted back to make use of the lot, with weight shifted back onto a strong foundation. This feature explains the open pillars in front and allowed Meis to neatly avoid the question of the railway. Less is more? If anything, much of the IBM building is overdone.

Less is more is not a call for doing less. It is a reminder to save our energies to do more where it counts. It is a reminder to pour the savings into solutions for the problem at hand. When we save resources for priorities, less isn’t loss.

IBM moved into IBM Plaza in 1971. For more than three decades, the building was the Chicago office of the tech giant. “The building was declared a Chicago Landmark on February 6, 2008 and added to the National Register of Historic Places on March 26, 2010.” Today, the building at 330 North Wabash is known as the AMA Plaza. It stands as a testament to Ludwig Mies van der Rohe’s ability to balance less and more.

The design lesson: More of what matters is more.

The floating foundation of 330 North Wabash, Chicago. Photography by Ryan Cramer.

This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.

Build Roombas not Rosies – Design Mondays

Posted by

The Jetsons debuted this month in 1962. The cartoon depicted a family living a hundred years in the future, 2062. The swooping architectural style, with the quite fun name Googie, serves as the visual language of the future in shows from The Incredibles to Futurama. The everyday gadgetry in the Jetsons foreshadows today’s drones, holograms, moving walkways and stationary treadmills, flat screen televisions, tablet computers, and smart watches.

Remember color television was on the very cutting edge of technology when The Jetsons debuted. This list is impressive. But that smart watch? That last one wasn’t by accident.

The dominant smart watch in 2020 is the Apple Watch, designed by Marc Newson and Jony Ive. In an interview with the New York Times, Marc Newson explained his fascination with the Jetsons lead him into the world of design. “Modernism and the idea of the future were synonymous with the romance of space travel and the exotic materials and processes of space technology. Newson’s streamlined aesthetic was influenced by his Jetsonian vision of the future.” I imagine the first time Newson FaceTimed Jony Ive on an Apple Watch, they felt the future had finally arrived.

Designing the future has constraints that imagining the future lacks.

For starters, people and culture constrain innovation. Consider George and his flying car, Elroy and his jetpack, and space tourism. All these are technically feasible in 2020. But I wouldn’t trust a young boy with a jetpack, nor would most of us have money for a trip to the moon. Another constraint is technical complexity. Sure, we have talking dogs. But the reality is much different from the Jetson’s Astro. And yes, we have AI and robotics. But Siri is no R.U.D.I.

When designing future security capabilities and controls, we need to identify and quantify the constrains. One technique for this is the Business Transformation Readiness Assessment. Evaluate factors such as:

  • Desire, willingness, and resolve 
  • IT capacity to execute
  • IT ability to implement and operate
  • Organizational capacity to execute
  • Organizational ability to implement and operate
  • More factors here: https://pubs.opengroup.org/…/chap26.html

With this evaluation, we can rank what’s feasible against what’s needed. We can act on areas with momentum (desire, willingness, resolve) and build capabilities that can be maintained. But! There’s one additional step.

We don’t need a robot to push around a vacuum when we have a robot vacuum. We don’t need a full AI/ML deep learning platform when we can have a well-tuned SIEM. Implement security in a minimum viable way.

Identify the constraints. Select the security capability the organization is most ready for. Then build Roombas, not Rosies.

Rosie the Robot, The Jetsons, Photography by Brilux.

This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.

Philosophy and Methodology, the Meta-Design Approach of George Nelson – Design Monday

Posted by

Artists create unique piece for a limited audience. Designers create for scale. The tension exists between creating something that works and building something that’s repeatable.

This tension came up in conversation around the article I wrote about Kenji Kawakami and the art of Chindōgu. The principle is employing playful anarchy to bring security controls from useless to un-useless to useful. People were quick to point out that quantifiable, repeatable, scalable security is jeopardized by the ad hoc chaos of creation.

For guidance, look to George Nelson who was the Director of Design for Herman Miller from 1947 to 1972. One of the first designs George Nelson brought forward was a “sculpture-for-use” table by Isamu Noguchi. Sculpture remade as a repeatable product. Nelson also managed designers such as Charles and Ray Eames, Alexander Girard, and Robert Propst. It’s a simple comparison to draw from furniture to technology, from the difficulty of managing people like the Eames to the difficulty of managing today’s cybersecurity talent.

Here is how Nelson did it for twenty-five years:

Philosophy. Reading George Nelson’s introduction to the Herman Miller catalog in light of the intrinsic motivation framework laid out in the book Drive. Autonomy, mastery, purpose. Nelson’s philosophy is finely tuned for getting the best out of innovative people. An unstated undercurrent is that designs must be producible. After all, Herman Miller is a business. The trick was to protect the playful anarchy while harnessing the results for manufacturing at scale. “There is a hint of the craftsman as opposed to the industrialist.”

Methodology. In modern times, George Nelson has been described as a meta-designer. That is, he spent more time designing the furniture design process than he spent designing the actual furniture. While he retired some twenty years before the founding of IDEO, Nelson would have been right at home in the world of design thinking. He pioneered a formal way to go from a series of conversations, to a series of prototypes, to a finished product. Along the way, capturing information and providing feedback to refine not only the design but also the lifecycle itself. Nelson’s approach was showcased in the “The Design Process at Herman Miller” exhibit in 1975.

The challenge in cyber security design is taking a successful proof-of-concept and scaling from prototype to securing the overall organization. How to balance the artist with the designer? The craftsman with the industrialist? Playful anarchy to well-defined operations? Nelson held a philosophy geared to foster those intrinsic motivations of the creative mind. He created a methodology for taking ideas to market. George Nelson combined both into his meta-design approach.

For security leadership to get meta, develop a philosophy and methodology, design a way to design, and improve based on feedback.

Philosophy drives the satisfaction of our people. Methodology drives the success of our initiatives. We need both, and both need continuous improvement.

Sculpture-for-use, Noguchi table, photography by the Isamu Noguchi collection.

This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.