The Heartbleed ‘bug’, elegantly explained in pictures.
Mindfulness and paying attention to the wrong things
As I talked about in a previous post on the Deepwater Horizon disaster, I believe one of the underlying reasons, perhaps the reason, for Deepwater’s problems escalating to into a catastrophe was the attentional blindness of management to the indicators of problems on the rig, and that this blindness was due in large part to a corporate focus on individual worker injury rates at the expense of thinking about those rare but catastrophic risks that James Reason calls organisational accidents. And, in a coincidence to end all coincidences there was actually a high level management team visiting just prior to the disaster to congratulate the crew as to their seven years of injury free operations.
So it was kind of interesting to read in James Reason’s latest work ‘A Life in Error‘ his conclusion that the road to epic organisational accidents, is paved with declining or low Lost Time Injury Frequency Rates (LTIFR). He goes on to give the following examples in support:
- Westray mining disaster (1992), Canada. 26 miners died, but the company had received an award for reducing the LTIFR,
- Moura mining disaster (1994), Queensland. 11 miners died. The company had halved its LTIFR in the four years preceding the accident.
- Longford gas plant explosion (1998), Victoria. Two died, eight injured. Safety was directed to reducing LTIFR rather than identifying and fixing the major hazards of un-repaired equipment.
- Texas City explosion (2005), Texas. The Independent Safety Review panel identified that BP relied on injury rates to evaluate safety performance.
As Reason concludes, the causes of accidents that result in a direct (and individual injury) are very different to those that result in what he calls an organisational accident, that is one that is both rare and truly catastrophic. Therefore data gathered on LTIFR tells you nothing about the likelihood of such a catastrophic event, and as it turns out can be quite misleading. My belief is that not only is such data misleading, it’s salience actively channelises management attention, thereby ensuring the organisation is effectively unable to see the indications of impending disaster.
So if you see an organisation whose operations can go catastrophically wrong, but all you hear from management is proud pronouncements as to how they’re reducing their loss time injury rate then you might want to consider maintaining a safe, perhaps very safe, distance.
Reason’s A Life in Error is an excellent read by the way, I give if four omitted critical procedural steps out of five. :)
For those interested, here’s a draft of the ‘Fundamentals of system safety‘ module from a course that I teach on system safety. Of course if you want the full effect, you’ll just have to come along. :)
Hopefully the sub-search will have more luck, but with the search box as big as it is, and the undersea terrain as mountainous as it is, it’s a bit like searching from the air for the glint of a needle that’s been thrown out of plane somewhere over the Rockies…when you don’t even have a good map of the Rockies.
MH370 and the problem of privileging hypotheses
The further away we’ve moved from whatever event that initiated the disappearance of MH370, the less entanglement there is between circumstances and the event, and thus the more difficult it is to make legitimate inferences about what happened. In essence the signal-to-noise ratio decreases exponentially as the causal distance from the event increases, thus the best evidence is that which is intimately entwined with what was going on onboard MH370, of less importance is evidence obtained at a distance in time or space.
While once again the media has whipped itself into a frenzy of anticipation over the objects sighted in the southern Indian ocean we should all be realistic about the likelihood of finding wreckage from MH370.
For his outstanding contributions to computer science, Leslie Lamport, father of the Byzantine Generals problem, has been awarded the 2013 ACM Turing Award.
“Data! Data! Data!” he cried impatiently. “I can’t make bricks without clay.”
If anything teaches us that the modern media is for the most part bat-shit crazy the continuing whirlwind of speculation does so. Even the usually staid Wall Street Journal has got into the act with speculative reports that MH370 may have flown on for hours under the control of persons or persons unknown… sigh.
After the disappearance of MH370 without trace, I’d point out, again, that just as in the case of the AF447, disaster had either floating black boxes or even just a cheap and cheerful locator buoy been fitted we would at least have something to work with (1). But apparently this is simply not a priority with the FAA or JAA. I’d note that ships have been traditionally fitted with barometrically released beacon transmitters, thereby ensuring that their release from a sinking ship.
Undoubtedly we’ll go through the same regulatory minuet of looking at design concepts provided by one or more of the major equipment suppliers whose designs will, no surprise, also be complex, expensive and painful to retrofit thereby giving the regulator the perfect out to shelve the issue. At least until the next aircraft disappears. Let’s chalk it up as another great example of regulatory blindness, which I’m afraid is cold comfort to the relatives of those onboard MH370.
1. Depending on the jurisdiction, modern airliners do carry different types and numbers of Emergency Locator Transmitter (ELT) beacons.These are either fixed to the airframe or need to be deployed by the crew, meaning that in anything other than a perfect crash landing at sea they end up on the bottom with the aircraft. Sonar pingers attached to the ‘black box’ flight data and cockpit voice recorders can provide an underwater signal, but their distance is limited, about a thousand metres slant range or so.