Bad Science 15 minute overview

Following from my book review of ‘Bad Science’ by Ben Goldacre, his 15 minute overview was posted on Ted;

http://www.ted.com/talks/ben_goldacre_battling_bad_science.html

If you are curious about the content of the book, or just what he means by Bad Science then I highly recommend checking this speak out.

K

Choosing the right project(s)

Choosing the right projects to focus limited resources on is clearly key to the success of any business.

When projects / programs are prioritised in in your (most) businesses is this always done using the best and most objective methods available?  How are they chosen in your organisation?  How are the chosen projects and programs then prioritised against each other?

Most organisations will no doubt claim to have a very organised and agreed approach to this process based around business priorities and the clear business benefits from each project being considered.  If you look more closely though the reality is often very different with processes like these;

–          Which project is sponsored by the most senior individual in the organisation?

–          Which project is being pushed by the most aggressive sponsors/ individuals?

–          Which project has the best sales pitch (e.g. best presentation)?

–          Which project is being pujshed by the sponsors / individuals with the best political connections in the organisation?

–          Whish project will provide the greatest return on investment (ROI)?

While I am sure you are thinking that ROI sounds like a reasonable choice for choosing projects, and indeed used 100% impartially it can be, however it easy to manipulate ROI figures and most ROI statements such as “will save xx millions” have little supporting, reproducible, evidence.  Also, in reality how many projects thoroughly calculate the ROI on a project after it is completed and hold those who made the statements accountable for their accuracy?

In addition to the above thoughts on how projects are chosen, it is also clear that the more projects an organisation has to choose from the less time they are likely to be able to put into correctly choosing the best projects for that organisation.

One logical approach to the process of choosing and prioritising the best projects for your organisation is that of value graph analysis.  Interestingly this process has come up twice recently, in the book ‘Simple Architectures for Complex Enterprises’ and on the recent ISEB Enterprise and Solution Architecture course I attended.

The idea of Value Graph Analysis is that it allow you to impartially take into account factors such as the risks of doing or not doing the project, the cost of doing the project, the potential returns of doing the project, the time and resource requirements to complete the project.

While the included factors in a graph can be tailored, both sources that highlighted this approach suggested the same set of default / typical factors;

–          Market Drivers – what market reasons support the project?

–          Cost – what is the project cost?

–          Organisational Risk – what are the risk factors the project addresses?

–          Financial Value – what are the financial benefits of doing the project?

–          Organisational Preparedness – how ready is the organisation to complete the project?

–          Team Readiness – how ready is the proposed project team to complete the project?

–          Status Quo – what are the outcomes / impacts of not doing the project?

The output of assessing all the above factors is the Value Graph, an example of which is shown below as a spider graph;

Spider diagram value graph
value graph example

Values closer to the edge of the graph are considered positive.  Aside from ensuring a wide range of key inputs are included in the prioritisation process, a key advantage is that Value Graphs, especially when using the spider graph representation, enable easy comparison of projects to define priorities by comparing the relevant graphs for those projects.

I recommend checking these out; creating Value Graphs for your projects will enable clear and logical prioritisation and will definitely benefit your organisation in the long term!

K

Ten Technology Trends That Will Change the World in Ten Years

 

 

 

 

Not one I can claim any credit for, but I thought this was interesting enough to share. Cisco’s chief futurist and chief technologist Dave Evans’ ideas for 10 key tech trends that will change the world over the next 10 years;

http://www.slideshare.net/CiscoIBSG/ten-technology-trends-that-will-change-the-world-in-ten-years

 

As an aside, how cool is that job title?  I’d definitely like like to have that role..

He covers a wide range of ideas from huge data volumes to IPv6 to solar power to 3-D printing.  Definitely interesting and thought provoking reading.

K

 

 

NSA releases home network security best practices guide

The NSA has released an excellent guide titled ‘Best practices for keeping your home network secure’.  This covers the obvious things like

– securing your O/S (windows and Mac are covered) via patching and using current software etc.

– home network security via wireless encryption, strong passwords and DNS settings.

The guidance then goes further to cover areas including;

– Email best practices

– Social network site use

– Password management

– Travelling with mobile devices.

Overall while this is unlikely new information for those familiar with IT security, this is great guidance for those not working in this area.  I’d highly recommend you share this with your friends and family and help them understand the advice as it will improve their home and general on-line IT security / safety.

K

Cheap IOPS, Expensive Gigabytes…

Recently we implemented a fast storage solution to meet the needs of a growing (and horribly non-relational and un-normalised) database.  While actually a very simple solution from an architectural standpoint it was one of those products that performs exactly as advertised and has impressed us immensely with it’s performance, so I wanted to briefly write about it should anyone reading this need a fast server based storage solution.

The products in question are from a company called Fusion-IO, and are called ioDrives, the same drives are also available through HP who re-brand them as Accelerator IO cards.

The title of this post was actually taken from a conversation with one of the guys from Fusion-IO when we were evaluating the performance of their cards.  He highlighted that what they effectively do is ‘make IOPS cheap and Gigabytes expensive’.

IOPS = Input Output operations Per Second – basically how many times the device (hard disk / SSD / Array) can read or write to itself per second.

Reading the performance statistics for the cards provided some very impressive statistics, but obviously we wanted to prove these for ourselves, in our environment with our hardware and simulation of our typical workload (the mix of reads and writes we typically see from the application).

The cards used in our testing and subsequently our production environment are the 640GB MLC cards, details of which can be found here;

http://www.fusionio.com/products/iodriveduo/

We tested the performance in an HO DL580 G7 with 4 * 8 core Xeon CPUs @ 2.26GHz and 128GB RAM, using the SQLIO Disk Subsystem Benchmark Tool from Microsoft.

The results certainly met our expectations, we saw >90,000 IOPs from a mixed read / write configuration via the SQLIO tool in our real world scenario.  This is particularly impressive given the use of very ‘normal’ off the shelf hardware components.

We were comfortable enough with the results that we recommended the use of these cards for a critical production system in a mirrored (RAID 1 across 2 cards) configuration, and as mentioned have since implemented this solution with great success.

It is worth noting that the cards do have a considerable amount of built in resilience and redundancy so not all implementations would require mirrored cards, in fact according to the vendor most implementations are not RAID 1 and they rarely if ever see any issues.

Before signing off this post I should mention my college Ben Cox who is our local DBA extraordinaire as he actually ran the tests and documented the outputs.

K

Movie Star

Well this week saw my, and my car’s, first foray into the world of acting.  A great friend of mine, Andre Renner and his partner in Recoil Films Sean J Vincent, are making a trailer for their next movie – ‘Their Law’.  Check out the full details at http://www.theirlaw.com/ it’s going to be an awesome film.

What I discovered;

–          Filming is long winded and it takes a lot of time and effort to get just a few seconds of quality footage.

–          It was very cold waiting around between shots in a car park, and spending a couple of hours being shoved into a van and shot (repeatedly!) until about midnight in mid-January!

–          A lot of thought goes into shots / scenes to make sure everything from the layout and backgrounds to the lighting is spot on.

–          I had a great time, and am hoping to be involved in their future projects!

Overall, I had a great couple of evenings helping out, and met some great guys.

The only downside seems to have been that repeatedly locking and unlocking the car for a scene appears to have broken the central locking on the Exige, so it is currently stranded on the drive until I can get it fixed and unlock the doors!

When it is released please support this movie, it’s looking great and the guys are putting a lot of work into it.

K

Real security – Safety vs. Liberty

Reading Bruce Schneier’s Crypto-gram from December 2010, this echoes conversations I have had many times.  How much of the extra checks and surveillance we go though at airports etc. actually improves our safety, and how much is for appearance to make us feel like governments are taking action.

Read the article here:

http://www.schneier.com/crypto-gram-1012.html

These same sentiments can and should (must) be applied to IT security in the workplace as well.  To often it is easy to be swayed by the hype of the latest products and fear of risks that are in reality extremely unlikely to actually occur.  Rational security and a clear understanding of the actual risk should be the drivers for any security requirements.

In a given scenario the cost of implementing the security measure (technology and process costs) should not be greater than the likely hood of issue X occurring (e.g. once in 10 years) * the total cost if the issue occurs (lost business, reputational damage etc.).

This situation is not helped by the security industry itself, it must be remembered that they companies selling IT security products and services are in the business of selling these products and services!  In order to do this it is in their interests to hype the risks and generate a culture of fear.

Of course I am in no way suggesting that there are not a myriad of threats from viruses / worms / trojans etc. to organised crime, botnets and of course the insider threat.  But these should be assessed in a balanced and rational manner that seeks to understand the risk to the actual system and data that is being protected.

This brings me back around to my favourite topic (read soapbox); requirements and architecture / design.  I firmly believe that making the right design choices early on in a systems life-cycle will minimise any security risks and also minimise the challenges associated with securing a system further down the line.  This is one of the main reasons moved into working in Architecture from working in the purely IT security field, as so many of the issues we solve in security every day can be resolved / designed out with the proper consideration at the design face of implementing a system / solution.

K