Never confuse volume with authority.
A clank of botnets
More bad news for the Internet this week as a plague of BotNets launched a successful wave of denial of service attacks on Dyn, a dynamic domain name service provider. The attacks on Dyn propagated through to services such as Twitter (OK no great loss), Github, The Verge, Playstation Network, Box and Wix. Continue Reading…
Well hello there, it’s been a while hasn’t it?
In the absence of our good host I thought I’d just pop in and offer some advice on how to use statistics for requirements compliance. Now of course what I mean by requirements compliance is that ticklish situation where the customer has you over the proverbial barrel with an eye-gouger of a requirement. What to do, what to do. Well dear reader all is not lost, what one can do is subtly rework the requirement right in front of the customer without them even recognising it…
No! I hear you say, ‘how can this wonder be achieved Screwtape?’
Well it’s really quite simple, when one understands that requirements are to a grater or lesser extent ‘operationally’ defined by their method of verification. That means that just as requirements belong to the customer so too should the method one uses to demonstrate that you’ve met them. Now if you’re in luck the customer doesn’t realise this, so you propose adopting a statistical proof of compliance, throw in some weaselling about process variability, based on the median of a sample of tests. Using the median is important as it’s more resistant to outlier values, which is what we want to obfuscate (obviously). As the method of verification defines the requirement all of a sudden you’ve taken the customer’s deterministic requirement and turned it into a weaker probabilistic one. Even better you now have psychological control over half of the requirement, ah the beauty of psychological framing effects.
Now if you’ll excuse me all this talk of statistics has reminded me that I have some souls to reap over at the Australian Bureau of Statistics*.Mmm, those statisticians, their souls are so dry and filled with tannin, just like a fine pinot noir.
Till the next time. Yours infernally,
*Downstairs senior management were not amused by having to fill out their name and then having a census checker turn up on their doorstep asking whether they were having a lend of the ABS.
A reader of this blog might be aware of both the difference between ergodic and non-ergodic risks, and how the presence of non-ergodicity (i.e. the possibility of irreversible catastrophic outcomes) undermines a key assumption on which Pascalian risk assessment is based. But what to do about it? Well one thing we can practically do is to ensure that when we assess risk we take into account the non-ergodic nature of such catastrophes. Continue Reading…
One of the great mistakes is to judge policies and programs by their intentions rather than their results
Earlier this year the US Government declassified a WWII OSS field manual on sabotage. Now the Simple Sabotage Field Manual is not what you might think. No it’s not a 101 on blowing up bridges, nor is it a cookbook for how to conduct Operation Kutschera, but rather it’s aimed at a lower key sabotage of ordinary working practices inside the organisation. For example using conferences and meetings to strategically delay decision making. Nobody get kills but that new Panzer design with the Porsche turret? Well sorry Reichs Marshall it’ll be buried in design committee until about 1948. Charlie Stross went on to twitter asking for modern updates to the OSS manual, I’m not sure whether that exercise increased or decreased the net sum of human happiness, but hey, it was amusing.
Which got me to thinking, if you read the OSS manual and find that every working day seems like a text book play courtesy of the boys from Prince William Park, then shouldn’t you logically conclude that you are sitting in the middle of a war? If you see folk in your organisation regularly using moves out of the OSS play book they may not be just haplessly incompetent. If nothing else this should make you look at your daily fare of corporate hooey in a new light. So stay frosty people, and remember three times is enemy action.