Thursday Apr 16, 2009

Why security bugs are different to other bugs

Red Light Way back in 2000 I had the following insight on security bugs and had this weird urge nine years later to share it. I can't believe it's original...

Security fixes are different from every other kind of fix. As every good troubleshooter knows, when problems occur something almost invariably has changed. For most bugs it is something like load, configuration and so on which can be undone.

With security bugs it is knowledge that has changed and a security weakness can't be unlearned by the world at large.

I don't have insights like that very often :-)

Tuesday Sep 30, 2008

Teaching critical thinking in schools?

Given my training in SGRT I'm interested in how critical thinking, call it rational management if you will, could be encouraged. In particular, now that I have children of my own, I'm wondering why problem solving, decision making and critical thinking in general is not taught in schools.

Lots of "joining the dots" here, I found a letter in New Scientist that suggests we should. Lynn Stoppelman, Reston, Virginia, US wrote:

... Improving risk literacy is more complicated than switching off the TV. To encourage more people to use rational, less emotional decision-making we must train youngsters in critical thinking skills before fearfulness born of insecurity becomes habitual - not wait until the last year of high school or the first year of college. Conscious parenting focused on raising secure infants who have benefited from a healthy attachment to a parental figure remains the fundamental way to ensure a clear-thinking society.

The original article requires a New Scientist subscription and is well worth a read.

There was a related article in the Guardian's "This column will change your life" by Oliver Burkeman which covered similar ground and is a shorter read - it gets to the point though:

... The researchers' basic point is this: when we lack definite information, we make very poor judgments, and we do so in predictable ways. ... The findings of Kahneman et al suggest a different approach: rather than trying to change that feeling in your gut from negative to positive, learn to be sceptical of your gut feeling, whether it's negative or positive - because there's good reason to believe your focus is completely wrong. (There are sound evolutionary explanations for why we ended up this way, but our brains were designed for an environment in which we no longer live.)

Fascinating stuff.

Update: Turns out there's a non-profit organization that supports the teaching of the basic KT principles in schools, check out Looks like it's aimed at teenagers - pass it on.

Wednesday Jun 27, 2007

OpenSolaris Troubleshooting - The Unofficial Tourist Guide

I had the pleasure of presenting to the London OpenSolaris User Group (LOSUG) in June. The topic was OpenSolaris Troubleshooting - The Unofficial Tourist Guide.

My experience of debugging problems on non-Solaris systems was one of 'I know what I want to do, but I don't know how they do it', which led me to paraphrase the famous LP Hartly quote, "Diagnosing problems on unfamiliar operating systems is a foreign country: they do things differently there".

It also wanted to link the essence of good troubleshooting to the practical details of getting the data. I'm an Sun Global Resolution Troubleshooting (SGRT) programme leader - which is Sun's implementation of the Kepner-Tregoe processes. Linking the abstract troubleshooting process to gathering actual useful data is one of the trickier aspects when it comes to teaching SGRT.

Suffice to say, OpenSolaris has a rich set of diagnostic tools - not just DTrace - and this talk covers the ones I use regularly.

The PDF of the presentation, which includes an update to the slides on how dbx and mdb deal with core files from other systems, is available on the LOSUG OpenSolaris pages.

It's a presentation I plan to keep updated so if you have any comments please let me know.

Wednesday May 09, 2007

Top 10 ways to make better decisions (New Scientist)

New Scientist this week has an excellent article on decision making. As I'm a Kepner-Tregoe program leader I'm interested in tools for decision making as Decision Analysis is one of the things we teach.

The text of the article is copyright but I hope it is acceptable to list the ten points:

1 Don't fear the consequences
2 Go with your gut instincts
3 Consider your emotions
4 Play the devil's advocate
5 Keep your eye on the ball
6 Don't cry over split milk
7 Look at it another way
8 Beware social pressures
9 Limit your options
10 Have someone else choose

As it covers lots of research into the psychology of decision making it doesn't go into any great depth but there are some illuminating findings in there.

Much of the research is about how satisfied we are with our decisions rather than whether we picked the best option. The two are related but not directly. This may be more important for individual decision making versus group decision making.

Some of the key points for me were:

  • Don't avoid making decisions, things rarely turn out as good or as bad as you expect.
  • Simple decisions can be analysed, complex decisions often work better with gut feeling. Not recommended for highly emotive issues.
  • Context, social pressures, emotions and how we frame the decision are all significant factors.
  • Too many choices leaves us less satisfied with our final choice.

In the context of Kepner-Tregoe Decision Analysis the use of rational process should avoid much of the FUD around decision making, at least that's what I find. That deals with items 1, 2, 3, 4, 5, 6, and 10. As for the others ...

7 Look at it another way: One of the most important things to get right in the KT processes is the initial statement, the pithy synopsis of what it is you are doing. The wording of a decision statement is pivotal in the process. It's all too easy to colour your decision by inappropriate framing.

8 Beware social pressures: Either as an individual or as a group it's hard to avoid being swayed by everyone else. Good facilitation of the decision analysis process is vital and can avoid things like groupthink.

9 Limit your options: Faced with too many alternatives we usually screen them against our MUSTS and our highest weighted WANTS. For me, too many alternatives gives me analysis-fatigue :-)

Point 2 is also interesting as it illustrates that human beings are surprisingly good decision makers, analysis is not always necessary or productive. However, for business decisions satisfaction with the final choice may be less important than the financial implications. Having said that, I often wonder if the mark of true and good leadership (political, business, etc) is productive and effective decision making based on instinct.

Perhaps truly good leaders make any reasonable choice in a complex decision successful?




« October 2016