{"@attributes":{"version":"2.0"},"channel":{"title":"Thomas H\u00fchn on Discoveries","link":"https:\/\/www.thomas-huehn.com\/","description":"Recent content in Thomas H\u00fchn on Discoveries","language":"en","managingEditor":"mail@thomas-huehn.com (Thomas H\u00fchn)","webMaster":"mail@thomas-huehn.com (Thomas H\u00fchn)","lastBuildDate":"Tue, 14 Apr 2026 12:42:36 +0200","item":[{"title":"Answers to questions about upstreaming patches","link":"https:\/\/www.thomas-huehn.com\/answers-upstreaming\/","pubDate":"Tue, 14 Apr 2026 12:42:36 +0200","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/answers-upstreaming\/","description":"<p>Recently I wrote about discussions I&rsquo;ve experienced about a year ago, where lawyers and open source practitioners wondered what the reporting obligations of the Cyber Resilience Act <a href=\"https:\/\/www.thomas-huehn.com\/upstreaming-patches-and-cra\/\">meant in edge cases.<\/a><\/p>\n<p>In the meantime the EU has published <a href=\"https:\/\/ec.europa.eu\/info\/law\/better-regulation\/have-your-say\/initiatives\/16959-Draft-Commission-guidance-on-the-Cyber-Resilience-Act_en\">a draft of a guidance document<\/a> for manufacturers. I had already read it, but did not connect it with the article I wrote in my mind. And it turns out, the EU answers those questions! Let&rsquo;s see what it says:<\/p>\n<p><strong>It is not entirely clear whether this means that the security fix itself must be upstreamed, but considering the purpose of the CRA I tend to see it that way.<\/strong><\/p>\n<blockquote>\n<p>Furthermore, under Article 13(6) manufacturers that have developed a software\nmodification to address a vulnerability in an integrated component are required to share\nthat software modification (\u2018security fix\u2019) with the person or entity manufacturing or\nmaintaining the component (\u2018sharing upstream\u2019).<\/p>\n<\/blockquote>\n<p><strong>If you contribute your security fix, do you need to license it? Under the project\u2019s main license? Under a compatible license? At all?<\/strong><\/p>\n<blockquote>\n<p>Where the component is a free and open-source component, the security fix should be shared in\na manner compatible with that component\u2019s licence, for example by sharing it under the\nsame licence or under a licence that allows the maintainer to distribute the fix under its\nown licence.<\/p>\n<\/blockquote>\n<p><strong>If the original project (say, the GitHub project) is gone, what do you do?<\/strong><\/p>\n<blockquote>\n<p>\u201cFinally, manufacturers are also not required to report the vulnerability upstream where\nthe component no longer has a maintainer, or when the manufacturer has itself\nduplicated (\u2018forked\u2019) the free and open-source component and no longer relies on the\noriginal maintainer for new versions or security fixes.\u201d<\/p>\n<\/blockquote>\n<p><strong>If the original project is still there, but looks like it has been inactive for years, is sending a pull request or creating a bugtracker issue enough for CRA compliance?<\/strong><\/p>\n<p>I&rsquo;d consider that to fall under the provisions of the previous passage, as well.<\/p>\n<p><strong>f the project is still there, has been active fairly recently, but never replies or acknowledges your security fix, do you have an obligation to enquire further?<\/strong><\/p>\n<blockquote>\n<p>However, manufacturers are not required by the CRA to ensure that their security fixes\nare necessarily accepted by the person or entity manufacturing or maintaining the\ncomponent. Nor are they required to ensure that those fixes are necessarily integrated\ninto the component\u2019s code repository, for instance where the maintainer may prefer a\ndifferent option to fix the issue.<\/p>\n<\/blockquote>\n<p><strong>Does that make you an Open Source Steward in the sense of the Cyber Resilience Act, with its sundry obligations?<\/strong><\/p>\n<p>Nothing to find in the guidance, but probably not.<\/p>"},{"title":"Knuth reward check","link":"https:\/\/www.thomas-huehn.com\/knuth-reward-check\/","pubDate":"Sun, 12 Apr 2026 13:09:48 +0200","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/knuth-reward-check\/","description":"<p>It&rsquo;s been twenty years now that I&rsquo;ve gotten one of the best letters ever. Donald Knuth confirmed the error I had found in one of his books and sent me <a href=\"https:\/\/en.wikipedia.org\/wiki\/Knuth_reward_check\">the coveted check!<\/a><\/p>\n<p>Donald Knuth and his reward for any error in one of his books (even typographical ones) are computer science folklore. Preposterous to think that I could possibly earn one! His books have been combed through by thousands and thousands of people. Smarter people than I am. More patient people.<\/p>\n<p>And then it happened. I thought I had found an error. But I did not report it right away, I waited and re-checked it for months, lest I make a fool of myself. I even told our local genius at university who did not care much and dismissed my excitement.<\/p>\n<p>See, the error I found is in a very special place. The book is \u201cComputer Modern Typefaces\u201d, so it&rsquo;s a less read book (not the TeXbook or The Art of Computer Programmming), but still, practically everybody who has given that book a shot will have read over that error.<\/p>\n<p>Because it&rsquo;s on page Arabic one. In the first paragraph. The very first word.<\/p>\n<figure>\n<img src=\"bug-report-knuth-2006.jpg\"\nalt=\"bug-report-knuth-2006.jpeg\"\nwidth=\"600\"\nheight=\"800\"\n\/><\/figure>\n<p>That&rsquo;s why the Memo field says \u201cE1\u201d: Computer Modern Typefaces is Volume E in the Computers &amp; Typesetting series. Page 1.<\/p>\n<figure>\n<img src=\"knuth-scheck-256.jpg\"\nalt=\"knuth-scheck-256.jpg\"\nwidth=\"640\"\nheight=\"480\"\n\/><\/figure>\n<p>I have censored the check slightly, because Knuth is afraid someone might do bad things with those numbers, and he hasn&rsquo;t been handing out real checks for many years now. Today you get a fantasy certificate of a fantasy bank, the <a href=\"https:\/\/www-cs-faculty.stanford.edu\/~knuth\/boss.html\">Bank of San Serriffe<\/a>.<\/p>\n<p>But why will you find me there with the entry \u201c0x$1.20\u201d, i.e. decimal $2.88? A few years later I sent in another proposed error, but I was wrong. Knuth actually wrote a few paragraphs why exactly I&rsquo;m wrong, but because he counted some throwaway sentence in my bug report as a good suggestion, I got another check for $0.32.<\/p>"},{"title":"Upstreaming patches and the Cyber Resilience Act","link":"https:\/\/www.thomas-huehn.com\/upstreaming-patches-and-cra\/","pubDate":"Sat, 11 Apr 2026 13:20:08 +0200","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/upstreaming-patches-and-cra\/","description":"<p>Article 13 (6) in the Cyber Resilience Act requires manufacturers to report security vulnerabilities they find in an Open Source component they use to the upstream project. It also requires them to share \u201crelevant code or documentation\u201d. It is not entirely clear whether this means that the security fix itself must be upstreamed, but considering the purpose of the CRA I tend to see it that way.<\/p>\n<p>Now that&rsquo;s all fine when there is a clear \u201cupstream project\u201d and it is still active. Send a patch or a pull request, reply to further questions, done.<\/p>\n<p>But we can imagine many complications, and nobody really knows what they entail. I&rsquo;ve seen a room full of lawyers discuss the implications lively.<\/p>\n<p>If you contribute your security fix, do you need to license it? Under the project&rsquo;s main license? Under a compatible license? At all?<\/p>\n<p>And some questions about the project&rsquo;s state:<\/p>\n<ul>\n<li>If the original project (say, the GitHub project) is gone, what do you do?<\/li>\n<li>If the original project is still there, but looks like it has been inactive for years, is sending a pull request or creating a bugtracker issue enough for CRA compliance?<\/li>\n<li>If the project is still there, has been active fairly recently, but never replies or acknowledges your security fix, do you have an obligation to enquire further?<\/li>\n<\/ul>\n<p>If the project is gone or inactive, a popular notion among the lawyers seemed to be that you should probably just fork the repo or create a new repo, put your fixed component there, and be done with it.<\/p>\n<p>This leads to a followup question: Does that make you an Open Source Steward in the sense of the Cyber Resilience Act, with its sundry obligations?<\/p>\n<p>I tend to \u201cno\u201d, because I see it at a one-time code drop, I wouldn&rsquo;t have the intention to hold myself out as the new project for that component.<\/p>\n<p>But the issue of \u201ccommercial activities\u201d on a \u201csustained basis\u201d makes companies generally nervous. It is indeed not clear at all if you can just put out a code drop and forget about it if you intend to use that component on an ongoing basis.<\/p>\n<p>Starting December 2027 we are going to see how companies decide to handle it in practice.<\/p>\n<p><strong>Answers<\/strong> I found later: <a href=\"https:\/\/www.thomas-huehn.com\/upstreaming-patches-and-cra\/\">https:\/\/www.thomas-huehn.com\/upstreaming-patches-and-cra\/<\/a><\/p>"},{"title":"Terminology in IEC 62443","link":"https:\/\/www.thomas-huehn.com\/terminology-in-iec-62443\/","pubDate":"Thu, 09 Apr 2026 18:10:43 +0200","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/terminology-in-iec-62443\/","description":"<p>In general, IEC 62443 is quite well-written, especially if you compare it to (older) safety standards. But I&rsquo;ve been wrestling with some of the terminology for months now.<\/p>\n<p>Most of these questions might have been answered quickly if I had access to a TC 65X member telling me about the committee&rsquo;s intentions and current plans, but I don&rsquo;t, so I&rsquo;m doing textual exegesis.<\/p>\n<p>Let me sketch out my questions about four different terms in the published version from 2019, and how the current drafts for the next version of IEC 62443 mostly resolve those.<\/p>\n<h1 id=\"compensating-countermeasures\">Compensating countermeasures<\/h1>\n<p>This was my main hang-up. Compensating countermeasures basically bridge the gap between the target security level SL-T of a zone and the capability security level SL-C of a component.<\/p>\n<p>If you don&rsquo;t satisfy a requirement in the component itself, but offer an external compensating countermeasure for it you potentially lose an SL-C level. But the component can still be used in a zone that calls for a higher SL-T, because the compensating countermeasure absorbs the risk differential between the lower SL-C and the higher SL-T.<\/p>\n<p>Throughout several parts it is made clear that SL-C measures risk reduction without compensating countermeasures. -2-2 6.7.2 says \u201ccan meet without compensating security measures\u201d. -3-2 Annex A says \u201ccapable of meeting the SL-Ts natively without additional compensating countermeasures\u201d, -3-3 A.2 says \u201ccapable of meeting the target SLs natively without additional compensating countermeasures\u201d.<\/p>\n<p>But that was all parts 2 and 3. And in part 4 the situation changes somewhat:<\/p>\n<p>-4-2 3.1.9 says \u201cin addition to inherent security capabilities to satisfy one or more security requirements\u201d and -4-2 4.3 says \u201crequirements specified in this document cannot be met without the assistance of a compensating countermeasure that is external to the component\u201d.<\/p>\n<p>Here the intention seems to be that your component requirement can actually be met with the help of compensating countermeasures, and your higher SL-C is saved.<\/p>\n<p>And then -6-2 hits the core of my confusion: 3.1.15 defines \u201cmet by system integration\u201d and speaks of REs and CRs delegated to a higher-level system the component integrates into. It specifically says \u201care met by the system\u201d and \u201cwith the assistance of compensating countermeasure\u201d. Also, 5.7.2.4 says \u201ccomponent requirements are met by component or met by system integration\u201d. So compensating countermeasures really count, at least insofar as they are about delegation to\/integration into a system.<\/p>\n<p>I&rsquo;ve long considered that a contradiction and tried to find a way around it that isn&rsquo;t simply that part 4 terminology is totally independent of parts 2 and 3 terminology. There isn&rsquo;t one. The gap between \u201cnatively with additional compensating countermeasures\u201d and \u201cmet [\u2026] with the assistance of compensating countermeasures\u201d cannot be bridged linguistically.<\/p>\n<p>The current draft of -4-2 (and only this part) thankfully renames \u201ccompensating countermeasures\u201d to \u201csupporting measures\u201d, breaking the direct correspondence and making it clear that the concepts are similar in spirit, but different in their practical implications.<\/p>\n<h1 id=\"met-by-system-integration\">Met by system integration<\/h1>\n<p>This term already came up in the compensating countermeasures part, but the weird thing about this phrase itself is how it is only introduced in -6-2, the evaluators&rsquo; part. There is not a single mention in -4-2, although -4-2 obviously talks in various wordings about \u201cintegrate into a system\u201d and \u201crely on a system\u201d. I would have expected -4-2 and -6-2 to be more congruent in terminology.<\/p>\n<p>I haven&rsquo;t seen a draft for -6-2, but I&rsquo;d expect it to switch from \u201cmet by system integration\u201d to the new \u201csupporting measures\u201d wording, as well.<\/p>\n<h1 id=\"trust-boundary\">Trust boundary<\/h1>\n<p>Trust boundary is a term that has been in use by the threat modeling community for years as an element in a data flow diagram (alongside processes, external entities, data stores and flows). Flows crossing a trust boundary especially need to be scrutinized for security implications. This is also what prEN 50742 C.7.1 understands as trust boundaries.<\/p>\n<p>But IEC 62443 also uses both this term and another closely related term, in two senses: it mentions trust boundaries in -4-1 in the threat modeling chapter (-4-1 6.3), but also talks in -1-1 about boundaries of zones (-1-1 5.9.1) and their crossing by trusted conduits (-1-1 5.10). Trust and boundary equals trust boundary\u2026 in practice this often seems to be called \u201ctrust zone\u201d by security consultants indeed. This is also given some license by -1-1 5.9.1: \u201cZones may be considered to be trusted or untrusted.\u201d<\/p>\n<p>It&rsquo;s not quite a usurpation of the term, because it is still two different terms, and you obviously can threat model on a system&rsquo;s high-level architectural view. But the danger of conflating the boundary of a (security) zone derived from the zone and conduit requirements in -3-2 with a trust boundary within a component&rsquo;s firmware, for example, is real, and I have seen it happen too often. It simply invites people to claim that the whole electric cabinet is a \u201ctrust zone\u201d and therefore we can simply trust every component in there and don&rsquo;t need any controls (false!). And so threat modeling only needs to concern itself with that high-level view of -3-2 zones (also false!).<\/p>\n<p>By the way, \u201ctrust zone\u201d is a security mechanism in ARM processors. Why is everyone around me using that term as kind of dual to trust boundaries (everything surrounded by trust boundaries is a trust zone)? Is that really common or just my environment?<\/p>\n<p>The draft of -1-1 renames trust boundary to security zone boundary. Trust boundary remains in the -4-1 for the threat modeling use. Thus, both concepts are linguistically clearly separated.<\/p>\n<h1 id=\"essential-function\">Essential function<\/h1>\n<p>This is the one I&rsquo;m struggling most with today. And it doesn&rsquo;t help that discussions invariably confuse essential function with \u201cthe basic function of our product\u201d (what the customer is buying the product for). In my experience it is difficult to get the point across that \u201cessential function\u201d is jargon, a normative term of art with a definition and several requirements around it, not just a colloquial phrase to be filled what&rsquo;s coming to mind first.<\/p>\n<p>My big question: are all or most components expected to have essential functions? Or are essential functions a rare species? Since I&rsquo;m mostly developing safety-related products, that question is moot (-4-2 3.1.20), but for automation products without safety functions or special needs of high availability?<\/p>\n<p>If we put safety and environmental protection aside, the remaining application of essential function is \u201cavailability for the equipment under control\u201d (-4-2 3.1.20). We want our product to be available, of course. But is the product&rsquo;s basic function in need of high availability?<\/p>\n<p>The draft of -1-1 calls out essential functions as \u201chigh value equipment\u201d (giving steam turbines as an example) and products with a special need for integrity (e.g. pharmaceuticals). Although we now get an entire chapter about essential functions (8.7), it does not clear up much.<\/p>\n<p>On the other hand, designing for essential functions needn&rsquo;t be burdensome for many components. The requirements around essential functions are basically that those unctions may not be impeded by security: the emergency stop really must work without the panicked human having to type in a password (-4-2 5.4.2, 11.2) and a few other things (-4-2 11.3.1, 11.3.2, 13.5.2). So it may not matter much in practice.<\/p>\n<p>My current thinking is that essential funktions are rarer than many people believe, and many components won&rsquo;t have any. But I&rsquo;m very uncertain about that.<\/p>"},{"title":"Protecting copyright with AI","link":"https:\/\/www.thomas-huehn.com\/protecting-copyright-with-ai\/","pubDate":"Tue, 07 Apr 2026 16:00:00 +0200","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/protecting-copyright-with-ai\/","description":"<p>I&rsquo;m still thinking about something I touched on in <a href=\"https:\/\/www.thomas-huehn.com\/what-i-heard-at-openchain-friends-2026\/#ai\">the OpenChain &amp; Friends post<\/a>:<\/p>\n<p>AI generated code isn&rsquo;t copyrightable, because only human creations are eligible for copyright. In the past that used to be easy. Who if not a human programmer could have written the code? Today LLMs generate large parts of many code bases.<\/p>\n<p>And saying that I as a human reviewed every single line doesn&rsquo;t count. The generative work, the concrete expression of the output is protected, not the after-the-fact approval.<\/p>\n<p>So how do large companies expect to ever do copyright litigation again? Because in pretty much all jurisdictions you will have to at least make your claim plausible before the defendant even has to reply. Imagine you copy some Microsoft mobile app. No AI rewriting, just a plain copy. Microsoft sues you.<\/p>\n<p>You will certainly break out all those press interviews with Microsoft&rsquo;s managers, all those news postings how they are ahead of the AI curve and use LLMs all the time for all of their code bases. And the incentive has been strong to exaggerate wildly, just to look future-proof. It doesn&rsquo;t have to be Microsoft. Most even vaguely tech-related companies have probably made claims like these, if only in the local press. Microsoft will have to show that their app is even copyright protected.<\/p>\n<p>And now what? Of course, just having some human-written code is enough for some protection. But how do they plan to do even that little bit?<\/p>\n<p>Sure, if you did not switch off the \u201cCo-Authored-By: Claude Code\u201d line in commit messages, you have a way to at least find out which commits were AI generated. But OpenAI Codex does not mark its commits like that, and many developers simply use CoPilot in their IDE and commit under their own name. So having a human&rsquo;s name as the commit&rsquo;s author isn&rsquo;t terribly conclusive, either. And if you intend to sue, you&rsquo;ll have the burden of proof.<\/p>\n<p>Marking LLM generated parts of the source code seems prudent. But current tooling does not do it by default. Anecdotally I&rsquo;ve heard that a large German Company enforced such automatic \u201cAI generated\u201c comments when introducing CoPilot, but they have since given up on that.<\/p>\n<p>Is it simply of no concern to the big tech companies, because code is cheap now and all that matters is velocity? So that copying something wholesale isn&rsquo;t even that big an advantage compared to generating new code that does something similar? Doesn&rsquo;t seem satisfactory, though.<\/p>"},{"title":"Open Source Lawyers and AI","link":"https:\/\/www.thomas-huehn.com\/open-source-lawyers-and-ai\/","pubDate":"Mon, 06 Apr 2026 14:55:00 +0200","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/open-source-lawyers-and-ai\/","description":"<p>Legal &amp; Licensing Workshop 2026 is coming up, and it made me remember something that a participant said in passing: many of the leading lawyers publishing about AI and the law have formerly been publishing about Open Source and the law.<\/p>\n<p>And I noticed something else: even presentations that fell squarely into Open Source territory morphed into AI discussions in Q&amp;A. And of course there were quite a few AI presentations anyway.<\/p>\n<p>But why is that? I mean, on the one hand the answer is obvious. There is a definite pull factor at work here. AI is the current hype, companies are hiring for AI adjacent roles, it&rsquo;s new (unsettled legal questions!), it&rsquo;s cool. If you want to publish successfully, you had better pick a fashionable field.<\/p>\n<p>On the other hand, I can also see a push factor, driving lawyers away from Open Source work. The legal questions have mostly been settled. There are a few fraying edges like the newer source-available licenses (that are not properly Open Source!) or the third party doctrine stuff that Software Freedom Conservancy has been pushing in America (and similarly the Rechtsmangel argument in the German MG case). But mostly Open Source law seems done. Nobody is seriously doubting the ability to enforce common Open Source licenses in court, even if most people prefer not to go that route.<\/p>\n<p>But, by and large, Open Source seems boring from a legal standpoint. Most questions have been conclusively answered, both in academia and in the courts, some questions are unanswerable. When I asked an Open Source lawyer at <a href=\"https:\/\/www.thomas-huehn.com\/what-i-heard-at-openchain-friends-2026\">OpenChain &amp; Friends<\/a> recently about new developments or cases she didn&rsquo;t really have news to share.<\/p>\n<p>And also in license compliance tooling we&rsquo;re seeing this shift: license compliance is table stakes (even though one of the big players doesn&rsquo;t even handle dual-licensing correctly and wontfix). The commercial tools nowadays de-emphasize license compliance on the web sites and product pages. It&rsquo;s still there, but you&rsquo;ll have to dig into the product pages until you find those features. It&rsquo;s all about AI risks (including snippet detection) and cybersecurity (SBOMs) now.<\/p>"},{"title":"What I heard at OpenChain & Friends 2026","link":"https:\/\/www.thomas-huehn.com\/what-i-heard-at-openchain-friends-2026\/","pubDate":"Mon, 30 Mar 2026 19:46:55 +0200","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/what-i-heard-at-openchain-friends-2026\/","description":"<p>These are some things I heard (and some things I said) at last week\u2018s OpenChain &amp; Friends Event in Stuttgart. The quotes are approximately correct, but not necessarily absolutely literal. Since the event operated under Chatham House Rules, even speakers I know the name of are not credited.<\/p>\n<h1 id=\"open-source\">Open Source<\/h1>\n<p><strong>What I heard:<\/strong> the claim in the MG lawsuit (missing license text and copyright notices in an electric car) is wholly based on the Rechtsmangel of \u00a7 435 BGB (German civil law; defect of title in US law). It is especially not based on the third-party beneficiary doctrine advanced by Software Freedom Conservancy against Vizio (and its German analog advanced in the AVM case). That is because a Rechtsmangel is a very strong lever, since reimbursement of the buying price can follow. For expensive items like a car this will make manufacturers pay attention.<br>\n<strong>What I heard:<\/strong> what we\u2019re trying: every customer can get his money back, if he finds only one flaw in license compliance<\/p>\n<p><strong>What I heard regarding the chardet issue:<\/strong> we believe courts will look at the process, not just the results<br>\nThis is speculative.<\/p>\n<p><strong>What I heard:<\/strong> Samsung is very good with Open Source license compliance for their phones. You write them asking for source code, and get a 3 GB source code archive, no questions asked.<br>\n<strong>What I heard:<\/strong> Another participant confirming that experience<br>\n<strong>What I heard:<\/strong> Huawei is also very good in that regard.<\/p>\n<p><strong>What I heard:<\/strong> If you only distribute a Dockerfile, not the software itself, do you need to distribute compliance artefacts for the software?<br>\nThe whole questions revolves around who is in control of the software download (=distribution). It happens on the user\u2018s PC, after the user issues a \u201cdocker build\u201d, but if you assign control over downloading to the Dockerfile\u2018s author (and there\u2018s a good argument to be made), the Dockerfile must be accompanied by compliance documents like copyright notices and license texts.<\/p>\n<p><strong>What I heard:<\/strong> Mercedes-Benz has open sourced their compliance tooling. Internally it is called disko, but that is bad branding clashing with other things, so they called their external project disuko (Japanese for disco). The u is silent, so it\u2018s disco again.<\/p>\n<h1 id=\"ai\">AI<\/h1>\n<p><strong>What I said:<\/strong> how can tech companies ever sue for copyright infringement again? The defendent will immediately point to press interviews of tech companies\u2018 management saying that substantive portions if their code is AI generated. And AI generated code enjoys no copyright protection.<br>\n<strong>What I heard:<\/strong> if you want code that\u2018s copyrighted, document every step..<br>\n<strong>What I heard:<\/strong> \u201cIf you cannot solve the problem, make it someone else\u2018s problem\u201d (contractually).<br>\n<strong>What I said:<\/strong> Do companies track what code portions were human-written?.<br>\n<strong>What I heard:<\/strong> When our company introduced CoPilot all generated code blocks were (automatically?) marked with comment blocks. That policy was rescinded later.<\/p>\n<h1 id=\"cybersecurity\">Cybersecurity<\/h1>\n<p><strong>What I heard:<\/strong> It is important to integrate your supply chain into your supply chain security.<br>\nThat means you should talk to your suppliers. But what I thought is, yeah, if you\u2018re top of the food chain that\u2018s cool. Otherwise you get integrated in someone else\u2018s supply chain. Or to be more precise: into multiple someones elses\u2018 supply chains.<\/p>\n<p><strong>What I heard:<\/strong> fast-fashion software.<br>\nThis term does not refer to vibe-coding, but to the practice of dropping code and not caring about further maintenance.<br>\n<strong>What I heard:<\/strong> You create it and you dump it after release.<br>\nThis was in the context of the Software Defined Vehicle, and it made me gulp.<\/p>\n<p><strong>What I heard:<\/strong> I\u2019m not a fan of responding to complexity with complexity.<br>\n<strong>What I heard:<\/strong> But we must fight AI (offensive) with AI (defensive). There is no other way.<br>\nIt&rsquo;s all about speed now, not about accuracy.<\/p>\n<p><strong>What I heard:<\/strong> Use the OSPO route for security contact, because it\u2018s close to engineering.<\/p>\n<h1 id=\"sbom\">SBOM<\/h1>\n<p><strong>What I said:<\/strong> a JSON file is a bad source of truth<br>\n<strong>What I heard:<\/strong> JSON in git is nice for business continuity<br>\n<strong>What we agreed on:<\/strong> as an archival\/backup option, it is a good last resort<\/p>\n<p><strong>What I said:<\/strong> Every tool wants to create an SBOM, no tool wants to read an SBOM. Tools that take an SBOM as input just use it as a flat package list and throw away all other information.<br>\n<strong>What I heard:<\/strong> Yes. But one reason is that there is so much variation in parsing SBOMs. There are at least 7 ways to map a very simple Maven app with only one dependency to an SBOM.<\/p>\n<p><strong>What I heard about SPDX 3:<\/strong> This is a graph database. Is that what we need?<br>\n<strong>What I heard:<\/strong> It\u2018s too heavy and Google-scale.<br>\n<strong>What I heard:<\/strong> People have lower goals, they are happy they made an SBOM.<\/p>\n<p><strong>What I said:<\/strong> It\u2019s too bad that SBOM people start their explanations usually with taxonomy. Is anybody even using design SBOMs?<\/p>\n<p><strong>What I heard:<\/strong> OpenChain has a project called SBOM-sg-SEPIA. It can be used to validate SBOMs (probably against the telco quality guide and NTIA Minimum Elements), converting between formats, and merging SBOMs.<\/p>\n<h1 id=\"stuff\">Stuff<\/h1>\n<p><strong>What I thought:<\/strong> It used to be cool to say \u201ctalk to my agent\u201d\u2026<\/p>"},{"title":"Das Flugsimulator 5 Buch","link":"https:\/\/www.thomas-huehn.com\/das-flugsimulator-5-buch\/","pubDate":"Sun, 21 Dec 2025 07:47:58 +0100","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/das-flugsimulator-5-buch\/","description":"<p><a href=\"https:\/\/rubenerd.com\/flight-simulator-98-inside-out\/\">Ruben Schade recently wrote<\/a> about a Flight Simulator 98 book. It seems he values it, but not nearly as much as the simulation game itself.<\/p>\n<p>That got me thinking: there is an old book about Microsoft Flight Simulator (but the earlier version 5) on my shelf that I won&rsquo;t ever get rid of. It made a huge impression on teenage me, because it offered a glimpse into a world that I had no access to otherwise: professional aviation. I played Flight Simulator quite a bit; I&rsquo;ve never been good, but flying under the Golden Gate or landing on USS Nimitz were highlights I had always enjoyed. Reading about the game and its simulated real-life counterparts were probably much more formative for me, though. Let&rsquo;s take a look!<\/p>\n<figure>\n<img src=\"IMG_6007.jpeg\"\nalt=\"\"\nwidth=\"768\"\nheight=\"1024\"\n\/><\/figure>\n<p>We start with some physics. Proper fundamentals and all that. The chapter isn&rsquo;t math heavy, but it does show some simple formulas:<\/p>\n<figure>\n<img src=\"IMG_6008.jpeg\"\nalt=\"\"\nwidth=\"1024\"\nheight=\"768\"\n\/><\/figure>\n<p>There are all kinds of diagrams showing airplane parts and the proper nomenclature. Aren&rsquo;t those labels cute? Is that hand-lettering?<\/p>\n<figure>\n<img src=\"IMG_6009.jpeg\"\nalt=\"\"\nwidth=\"1024\"\nheight=\"768\"\n\/><\/figure>\n<p>Obviously, we can&rsquo;t start playing the sim, yet! First a look around the cockpit, with descriptions of all the instruments.<\/p>\n<figure>\n<img src=\"IMG_6010.jpeg\"\nalt=\"\"\nwidth=\"1024\"\nheight=\"768\"\n\/><\/figure>\n<p>The Learjet has different kinds of instruments from the Cessna, so let&rsquo;s see those, as well.<\/p>\n<figure>\n<img src=\"IMG_6011.jpeg\"\nalt=\"\"\nwidth=\"1024\"\nheight=\"768\"\n\/><\/figure>\n<p>Let&rsquo;s fly! No. First we need to know about meteorology and cloud formations.<\/p>\n<figure>\n<img src=\"IMG_6012.jpeg\"\nalt=\"\"\nwidth=\"768\"\nheight=\"1024\"\n\/><\/figure>\n<p>You did notice that we have crossed the 100 page mark and still no play in sight?<\/p>\n<p>Because now we need to learn about navigation. With pencil and ruler on paper.<\/p>\n<figure>\n<img src=\"IMG_6013.jpeg\"\nalt=\"\"\nwidth=\"768\"\nheight=\"1024\"\n\/><\/figure>\n<p>You may have already seen it on the cover, but the book carries two Jeppesen flight charts in its back sleeve. They were out-of-date and not flightworthy even when the book came out, but that&rsquo;s what I like about this book: it takes you seriously. They got the real deal, not some simplified \u201cin general it looks a bit like\u201d map.<\/p>\n<figure>\n<img src=\"IMG_6023.jpeg\"\nalt=\"\"\nwidth=\"768\"\nheight=\"1024\"\n\/><\/figure>\n<p>This is a German book. So now we get a short overview of aviation laws and regulations. Because of course we do.<\/p>\n<figure>\n<img src=\"IMG_6014.jpeg\"\nalt=\"\"\nwidth=\"768\"\nheight=\"1024\"\n\/><\/figure>\n<p>Including the structure of airspace over American airports. I remember that I was absolutely fascinated by this diagram.<\/p>\n<figure>\n<img src=\"IMG_6015.jpeg\"\nalt=\"\"\nwidth=\"768\"\nheight=\"1024\"\n\/><\/figure>\n<p>Almost there! We&rsquo;re going to fly now. But first, the outside check. I think\nthe most we could do in the game was looking at the airplane from different directions and checking that the lights were on.<\/p>\n<figure>\n<img src=\"IMG_6016.jpeg\"\nalt=\"\"\nwidth=\"768\"\nheight=\"1024\"\n\/><\/figure>\n<p>So around page 170 we finally get to fly our airplane. And, of course, we get several variations, including a short takeoff in case a fuel truck cuts right before us. The book gives concrete directions how to configure all relevant parts of the airplane, so you will succeed in all manoeuvres it teaches you throughout the book.<\/p>\n<figure>\n<img src=\"IMG_6017.jpeg\"\nalt=\"\"\nwidth=\"768\"\nheight=\"1024\"\n\/><\/figure>\n<p>We do all kinds of flying (climbing, level flight, approach, landing with or without crosswinds, holding patterns), and around page 280 we&rsquo;re finally done with the Cessna.<\/p>\n<p>A short chapter about emergencies follows.<\/p>\n<figure>\n<img src=\"IMG_6019.jpeg\"\nalt=\"\"\nwidth=\"768\"\nheight=\"1024\"\n\/><\/figure>\n<p>The Learjet chapters are shorter, building on what we have learned in the Cessna chapters, and mostly introducing new concepts like instrument flight rules and radio navigation.<\/p>\n<figure>\n<img src=\"IMG_6022.jpeg\"\nalt=\"\"\nwidth=\"768\"\nheight=\"1024\"\n\/><\/figure>\n<p>I may have been a bit sarcastic here and there, but I must re-emphasize: this book is fantastic! The best Flight Simulator book I could have hoped for. I am perfectly frank when I&rsquo;m saying I won&rsquo;t chuck it. Ever.<\/p>"},{"title":"Rock Star","link":"https:\/\/www.thomas-huehn.com\/rock-star\/","pubDate":"Sat, 19 Jul 2025 15:06:00 +0200","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/rock-star\/","description":"<p>Hyper-masculine attributions to a certain class of employees like \u201crock star\u201d or \u201cninja developer\u201d are commonplace.\nBut the rock star phrase has taken a life on its own. Originally it meant something else, which is a facet worth preserving. Think geology, not music business.<\/p>\n<p>Kim Scott claims in \u201cRadical Candor\u201d that the phrase \u201crock star\u201d in reference to developers was coined at Apple, and not with the current meaning of some extremely productive developer, but as a contrast to \u201csuper star\u201d.<\/p>\n<p>Where the super star is on an explosive career trajectory, always changing jobs, the rock star gets this name from the proverbial rock. The rock star is extremely good, as well, but doesn&rsquo;t aim for his boss&rsquo;s position and is content with his rank.<\/p>\n<p>She does not devalue super stars per se, but a healthy team arguably needs the rock star more than the super star. Because the rock star is very important source of stability when it comes to team dynamics. Super stars leave after a short time, but rock stars can shape a workplace culture over a long time.<\/p>"},{"title":"Agentic LLMs","link":"https:\/\/www.thomas-huehn.com\/agentic-llms\/","pubDate":"Thu, 19 Jun 2025 18:24:52 +0000","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/agentic-llms\/","description":"<p>I feel a bit late to the party, but after some time with Claude Code, I like agentic LLM systems. It\u2019s really no comparison to CoPilot or a web chat interface.<\/p>\n<p>Of course, you save copying and pasting error messages and the like, because the agentic systems just reads them and fixes the code. But that\u2019s not even it. It\u2019s much more ergonomic for complete workflows. A chat interface could give you instructions, but then only the happy path (probably), and you\u2019re back to typing what you\u2019re seeing. An agent sees the result itself.<\/p>\n<p>And it can use tools! I don&rsquo;t mean fancy MCP servers and stuff, I mean grep. Or sed. Or ls. I\u2019ve seen multiple times now that Claude Code got confused about the project&rsquo;s structure, but I didn\u2019t have to do anything. It just did a few ls or git rev-parse HEAD, and off it went again.<\/p>\n<p>Apropos tools: I told it in the CLAUDE.md file about a few tools I have installed (ripgrep), and it uses them. It may have tried it anyway, at least some other time I saw an amusing sequence \u201cusing Imagemagick\u201d\u2014\u201cnot installed\u201d\u2014\u201cusing $othertool\u201d\u2014\u201cnot installed\u201d\u2014\u201clet\u2019s write a Python script\u201d. And that\u2019s the best part. It writes one-off scripts, mostly in Python, sometimes in bash. Usually it deletes them afterwards, but I told Claude Code to put them in a special directory and keep them. You never know when you might use them yourself.<\/p>\n<p>Today I used it for something conceptually simple, but I really wasn\u2019t looking forward to it: I have two statically generated weblogs with almost-but-not-quite the same templating, and wanted to extract those two nearly identical templates into its own theme. Claude didn\u2019t get through it completely on its own, in the end I had to remind it that soft-linking the theme\u2019s repo on my disk isn\u2019t so clever, but it obligingly made a git submodule out of it.<\/p>\n<p>git submodule. How I dread that phrase! But now git is easy, no matter how inconsistent its commands and arguments are. I just tell Claude Code precisely (with all the \u201cprofessional git terminology\u201d) what I want. And it shows me the proper command. For anything more complicated than what I know by heart or what lazygit surfaces, Claude Code will be my git porcelain in the future. Also for ffmpeg, I think.<\/p>\n<p>I haven\u2019t really used it for programming so far, for want of a personal side project that involves a lot of programming, but right now I\u2019m not so much interested in vibe-coding (although it might help <em>tons<\/em> at work \u2014 think about weird Artifactory or proxy errors that it might just solve itself). I\u2019m more interested in having the LLM be more of a low-key data wrangling and shell driving agent.<\/p>"},{"title":"Four sources of Open Source compliance risk","link":"https:\/\/www.thomas-huehn.com\/four-sources-of-open-source-compliance-risk\/","pubDate":"Sat, 07 Jun 2025 18:58:00 +0000","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/four-sources-of-open-source-compliance-risk\/","description":"<p>There are four directions from which you may get in legal trouble when you\u2019re not fulfilling Open Source license obligations:<\/p>\n<ol>\n<li>\n<p>The obvious source are <strong>authors,<\/strong> i.e. copyright holders. In practice, that case isn\u2019t very prominent, apart from the occasional copyright troll, because software developers like to talk about licenses on web forums, but aren\u2019t terribly interested in actually engaging with the legal system.<\/p>\n<\/li>\n<li>\n<p>The big source in practice is <strong>customers.<\/strong> While it used to be that most customers were pretty laissez-faire in their contractual work regarding Open Source software contained in the products they buy, and even less interested in actually auditing that, at least the big companies have professionalized Open Source license compliance tremendously, building half-automated workflows, defining strict (and sometimes burdensome) requirements in contracts, and dragging their whole supply chain with them. The current SBOM implementation phase is also contributing to that.<\/p>\n<\/li>\n<li>\n<p>Surprising to me, <strong>competitors<\/strong> are out of the picture in practice. While accusations of unfair business practices are at least a colorable argument, when your competitor expends time, energy and money into compliance work, but you don\u2019t, there don\u2019t seem to be any lawsuits about it, at least in Germany.<\/p>\n<p>I think the common argument in the form \u201cI don\u2019t hurt you, so you don\u2019t hurt me\u201d isn\u2019t really an explanation, because it would also cover patent litigation. And that happens all the time.<\/p>\n<\/li>\n<li>\n<p>The really interesting, but still speculative, source is <strong>users.<\/strong> The Software Freedom Conservancy has now advanced the Third Party Beneficiary doctrine both in America (the Vizio case) and in Germany (the AVM case, although only incidentally), claiming that the <em>telos<\/em> of the GNU General Public License is to empower users and to give rights to them, not only the software developers. Traditionally, that view was ruled out, because users generally aren\u2019t considered to get rights from Open Source licenses. That\u2019s a bit weird, though, given the <a href=\"https:\/\/www.gnu.org\/gnu\/manifesto.html.en\">founding philosophy<\/a> of the Free Software movement that puts users first.<\/p>\n<p>If that goes through, and it looks like it might in America, the German case was settled without addressing that doctrinal issue, the consequences would be momentous. Since it\u2019s usually pretty simple to contrive yourself into a contractual (license) relationship, you just buy the product, suddenly users become <strong>everybody.<\/strong><\/p>\n<p>That means that the activist who despises proprietary software suddenly has standing to sue you, as does the ex-customer that feels wronged, or anyone upset about your recent viral social media posting.<\/p>\n<\/li>\n<\/ol>"},{"title":"Myths about \/dev\/urandom, revisited","link":"https:\/\/www.thomas-huehn.com\/myths-about-urandom-revisited\/","pubDate":"Sun, 13 Apr 2025 05:06:00 +0000","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/myths-about-urandom-revisited\/","description":"<p><a href=\"https:\/\/www.thomas-huehn.com\/myths-about-urandom\/\">Myths about \/dev\/urandom<\/a> is my only post that ever got somewhat popular. It has been over ten years ago by now.<\/p>\n<p>And it&rsquo;s incredible how much and fast the Linux kernel improves, even when things look static and resistance to change seems high. First the man pages finally, thankfully got better [1], and then Jason Donenfeld came and restructured the random number handling.<\/p>\n<p>For years I had tried to keep up with the changes and update the essay. But what used to be a structured essay turned into a mess of notes, info boxes, \u201cif kernel version &gt; 4.8 then&hellip; else\u201d, and \u201cwell actually\u201ds.<\/p>\n<p>It felt impossible to keep up with not only the pace, but also the scope of changes. So I reverted everything to its original 2014 version. You can still find the \u201cnewer\u201d versions of the essay on the Wayback Machine.<\/p>\n<p>[1] the German-language Wikipedia article still claims something about \/dev\/urandom&rsquo;s \u201cpseudo\u201d random numbers being possibly computable, but that&rsquo;s the usual problem of a clique of editors that consider the lemma \u201ctheirs\u201d and all outside contributions as \u201cvandalism\u201d.<\/p>"},{"title":"GPLv2 is not impressed by git","link":"https:\/\/www.thomas-huehn.com\/gplv2-is-not-impressed-by-git\/","pubDate":"Fri, 28 Mar 2025 16:38:08 +0000","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/gplv2-is-not-impressed-by-git\/","description":"<p>There is this strange little clause in the GNU General Public License, version 2 \u2013 but not version 3 \u2013 that pretty much everybody ignores. When distributing a modified program in source form,<\/p>\n<blockquote>\n<p>You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.<\/p>\n<\/blockquote>\n<p>That means you must effectively maintain a changelog in the file header. Almost nobody does that. We have git and other revision control systems going back to\u2026 well, the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Revision_Control_System\">Revision Control System<\/a> and even earlier. Those make it much easier and convenient to drill down into who changed what how.<\/p>\n<p>But still, the clause is there. And legal commentaries do something like this about it:<\/p>\n<ol>\n<li>The GPLv2 says there must be a modification notice in the modified file itself.<\/li>\n<li>As far as we can see, our developers don\u2019t do that, and they even laugh such a suggestion off as antiquated.<\/li>\n<li>The use of a version control system instead does not comply with the GPLv2.<\/li>\n<li><em>shrug<\/em><\/li>\n<\/ol>\n<p>That&rsquo;s a rather informal summary of O\u2019Reilly\u2019s <a href=\"https:\/\/www.ifross.org\/Druckfassung\/Die_GPL_kommentiert_und_erklaert.pdf\">\u201cDie GPL erkl\u00e4rt und kommentiert\u201d<\/a>, pages 61\u201363, and <a href=\"https:\/\/www.beck-shop.de\/jaeger-metzger-open-source-software\/product\/26549144\">\u201cOpen Source Software\u201d<\/a>, marginal 50.<\/p>"},{"title":"SBOM-centric workflows","link":"https:\/\/www.thomas-huehn.com\/sbom-centric-workflows\/","pubDate":"Sun, 23 Feb 2025 16:19:00 +0000","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/sbom-centric-workflows\/","description":"<p>I\u2018m a bit surprised that in the world of SBOM tooling many tools seem to insist on creating a whole SBOM and thus giving me yet another, but incomplete view of my software. Something like Yocto I understand, it really has the structural information and complete view needed to create an SBOM and is the starting point. But then fossology scans for licensing information and\u2026 I have another SBOM. ScanCode\u2026 yet another SBOM.<\/p>\n<p>Why don\u2018t they by default (fossology can import SBOMs, but it seems to be not a core workflow) accept an SBOM as input and <strong>enrich<\/strong> that SBOM with their additional information?<\/p>\n<p>Sure, identifying components with one another is hard (the naming problem) and not completely solved with PURLs or CPEs, but I\u2018d be willing to click the mapping manually in some tool, if every tool played together in one SBOM file.<\/p>\n<p>There is <a href=\"https:\/\/github.com\/snyk\/parlay\">Parlay<\/a>, but it can mostly enrich with its commercial backer\u2019s service, and precious little else.<\/p>\n<p>Do people have SBOM-only workflows that are pipelines adding successively more information to a single SBOM, and where the SBOM is the single source of truth, not some external tool\u2019s database? And does it somehow work without magic <a href=\"https:\/\/jqlang.org\/\">jq<\/a> invocations, but some reliable enrichment or augmentation framework?<\/p>"},{"title":"Open Source projects could sell SBOM fragments","link":"https:\/\/www.thomas-huehn.com\/open-source-projects-could-sell-sbom-fragments\/","pubDate":"Mon, 17 Feb 2025 16:08:24 +0000","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/open-source-projects-could-sell-sbom-fragments\/","description":"<p>Scanning source files for licensing information (because the package managers\u2018 metadata is insufficient) is a lot of work, and a lot of wasted effort, because only rarely do companies pool their resources. One example is <a href=\"https:\/\/www.osselot.org\/\">OSSelot<\/a>, another is <a href=\"https:\/\/clearlydefined.io\/\">ClearlyDefined<\/a>.<\/p>\n<p>But maybe Open Source projects could sell SBOM fragments, basically <a href=\"https:\/\/cyclonedx.org\/docs\/1.6\/json\/#components\">a member of Components in CycloneDX<\/a> or <a href=\"https:\/\/spdx.github.io\/spdx-spec\/v2.3\/package-information\/\">a Package in SPDX<\/a> with correct licensing information:<\/p>\n<p>&ldquo;Instead of scanning for copyright notices and license texts yourself, just sponsor us on GitHub and get access to always up-to-date SBOM information by the people who really know what\u2018s inside&rdquo;.<\/p>"},{"title":"Community of Practice","link":"https:\/\/www.thomas-huehn.com\/community-of-practice\/","pubDate":"Tue, 28 Jan 2025 16:42:00 +0000","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/community-of-practice\/","description":"<p>In the late eighties, an anthropology professor and her doctoral student investigated traditional master\u2013apprentice relationships in the training of several vocations: native Mexican midwives, west-African tailors, British quartermasters, and \u2013 to shake things up \u2013 a group of Alcoholics Anonymous as a kind of non-vocational training control group.<\/p>\n<p>Published in 1991 as <em>Situated Learning: Legitimate Peripheral Participation<\/em> with a charming 80s psychedelic cover, they coined the term \u201cCommunity of Practice\u201d that has taken the corporate world by storm. But the phrase occurs only a handful of times in the book, while it is about practices of communities, the fleshing out of this concept still had to wait for a few years.<\/p>\n<p>Lave and Wenger did not set out to improve corporate training, and they did not formulate a learning theory or a learning concept that could be implemented in a learning setting. They envisioned an analytic category, namely Situated Learning and its most important cornerstone, Legitimate Peripheral Participation.<\/p>\n<p>Situated Learning is not a posh word for \u201clearning on the job\u201d. It concerns itself less with a physical place, instead situating the learning process in social interactions and contexts. And the big social interaction is the apprentices\u2019 participation that is both legitimate and peripheral. Where \u201clegitimate\u201d points at a common goal, the completion of vocational training, and both sides\u2019 intent to see it through and to do what they can to see it succeed, \u201cperipheral\u201d hints at a gradual involvement. The apprentice maybe only watches at first, until the master is satisfied that first small ancillary activities can be carried out. The apprentice starts at watching, ends up at doing everything the master does, if only a bit clumsy maybe, but this gradual trajectory in levels of competence is common to all those professions, and contributes to the construction of a professional identity. As does professional language, jargon, ways to express things that are particular to a community of professional practitioners. Lave and Wenger are very clear on the point that learning the profession also means \u201cspeaking like a midwife\/tailor\u201d.<\/p>\n<p>Now, Situated Learning has been seminal in educational psychology, but few companies care about theories devised by anthropologists. And it\u2019s hard to see how the Community of Practice in this stage of description and development could have ended up at the average workplace.<\/p>\n<p>Fortunately, Wenger took his doctorate and decided not to stay in academia forever. First he devised his own learning theory, and now it is a proper leaning theory, and he did so by another field study: in a proper company. An insurance company and its clerks and secretaries, that is. He looked at how claims processors and people working in adjacent jobs formed a community with a respective identity: \u201cWe, the claims processors\u201d. He found ways to handle things that were contingent, these processes could have been established differently, they just happened to be like this in that department. \u201cThat\u2019s how we process claims\u201d. All of that he published in another colors-gone-wild-covered book, the 1998 <em>Communities of practice: Learning, meaning, and identity.<\/em><\/p>\n<p>Now, Social Learning is quite a bit more practical and applicable than Situated Learning, but it is still a lot about constructing one\u2019s identity, which in turn contributes to one\u2019s life\u2019s meaning and its relation to the work place. Let\u2019s skip all that and go straight to his 2002 book, now with a proper, grown-up, abstract art cover, <em>Cultivating Communities of Practice: A Guide to Managing Knowledge<\/em>. That is where Wenger actually goes all-in with commercializing the concept. Lave has been long out of way, returning to anthropologist\/ethnologist research. Wenger sees the potential applicability in the corporate world, if he can only twist it a bit towards the new big thing: knowledge management in companies. That\u2019s what this book is finally all about: how does the Community of Practice help companies become one of those fabled \u201clearning organization\u201d that Senge preached \u2013\u00a0spoiler alert: Communities of Practice transcend hierarchies and are supposed to enable tacit learning \u2013 and how do managers encourage and nurture those magical groups? Wenger and his wife pushed hard on that angle, and today they sell consulting services worldwide and certify trainers in a franchise model not unlike David Allen\u2018s Getting Things Done methodology. Here he really does away with all the education science and anthropology baggage and writes a straight business advice book.<\/p>\n<p>What is a Community of Practice, according to its prophet? A group of people who are (1) interested to further a domain, (2) form a community, and (3) share a common repertoire or practice.<\/p>\n<p>The domain is the subject, a common focus of interest that is also relevant for the business. The community is the people acting upon this domain, who also take responsibility for its furtherance in the company. This also implies an indeterminate duration, Communities of Practice are not projects with defined deadlines, they are an ongoing concern. But the most important is the shared repertoire and practice: participants develop common attitudes, ways of thinking about the domain, and ways of acting particular to that group. Another Community of Practice could develop totally different practices, even with similar people and the same domain. The ongoing engagement with one another leads to concrete social relationships. Communities of Practice are insofar more than loose networks of people, as the participants don\u2019t act uncoupled from each other.<\/p>\n<p>An important part of social practices are narratives, shared experiences and stories about what had happened before. But commonly used tools, computer programs and methods also count as shared repertoire, strengthening the group\u2019s experience of identity.<\/p>\n<p>As amorphous as Communities of Practice can seem, they definitely end at the point where a group of people does not share common bodies of knowledge, and where the people don\u2019t feel especially like being part of a concrete group.<\/p>\n<p>Communities of Practice may be totally informal, they can easily develop without anyone intending to form a Community of Practice, and even without anyone noticing that they are part of something \u201cwith a name\u201d.<\/p>\n<p>But what does that mean in practice, what properties do Communities of Practice commonly exhibit?<\/p>\n<p>First of all, the participants are co-equal, Obviously, corporate hierarchies still exist. But the weight of one\u2019s voice is not displayed by the org chart, it is attributed by others according to one\u2019s contribution. This friction with traditional hierarchies is a sore point that needs to be navigated carefully.<\/p>\n<p>The participants are self-selected, not sent to the group by their boss. Communities of Practice offer a low-threshold entry, anyone can \u201cperipherally participate\u201d and start lurking. Ideally they progress with time as they are socialized in the group (\u201cencultured\u201d) towards a more meaningful contribution and a more central participation.<\/p>\n<p>In this way Communities of Practice can function both as a mechanism to signal one\u2019s coworkers that one is interested in some domain, but also as an internal register of competences, where the Community of Practice now works as an obvious contact point to find domain experts.<\/p>\n<p>The development of a shared practice is supposed to help in externalizing and disseminating implicit knowledge within the company, but across organizational boundaries.<\/p>\n<p>Companies love Communities of Practice, because they offer a form of training that speaks to employees\u2019 self-motivation and need for autonomy, but also does not tie up training staff, like courses or workshops would do. It does not directly cost money, although this ambiguous position towards resources, especially working time, has potential to make employees feel unsure about how much time might be too much time spent. This resource conflict needs to be settled up front, with management clearly delineating guidelines.<\/p>\n<p>In the end, successful Communities of Practice are tricky for management to handle, because they cannot really be \u201cfounded\u201d by management or ordered to work on some concrete deliverable. Both are clear signs that a project team is intended, maybe cross-functionally staffed, but not the informal, sometimes even unconsciously formed structure of a Community of Practice. But where such structures form, management would be well-advised to nurture and support them, applying a mostly hands-off approach.<\/p>"},{"title":"Calibrated Estimates","link":"https:\/\/www.thomas-huehn.com\/calibrated-estimates\/","pubDate":"Fri, 04 Oct 2024 08:48:00 +0000","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/calibrated-estimates\/","description":"<h2 id=\"why\">Why?<\/h2>\n<p>We are often required to supply estimates. Project managers would like us to say how long a task will take. That number should be on firm grounding. Sometimes we need to say a single number, sometimes a range like \u201cbest case \u2013 average case \u2013 worst case\u201d.<\/p>\n<p>Most of the time our focus is on one of the range&rsquo;s numbers, and the other numbers are derived from that. A naive estimation like \u201cplus\/minus 30%\u201d is common. We mostly try to set the anchor value reliably.<\/p>\n<p>This estimation is difficult in its own right, but another side is often neglected: what confidence do we have in the estimate?<\/p>\n<p>Demanding 100% confidence is not very sensible, because the ranges get immense. And since the estimate isn&rsquo;t an end in itself, but is supposed to be used, for example in project plans, it is important to assign a sensible confidence level to the estimate. That confidence level should be quantifiable, consistent and reproducible.<\/p>\n<p>There is no \u201cright\u201d value for the confidence level we aim at, but a good rule of thumb is 90%. Most estimates are correct then, but the estimated ranges do not have to become extreme, in order to include rare outliers.<\/p>\n<p>Now we have an obvious problem: we are bad at estimating a single value. But at least we know deep in our hearts that we&rsquo;re bad at it. But who can claim to choose their estimates such that on many repetitions a given confidence level is reached?<\/p>\n<p><strong>That is why we need to calibrate our estimates.<\/strong><\/p>\n<p>This is not about improving the estimated value itself, making it more accurate. It&rsquo;s about aligning an estimate to a given confidence level.<\/p>\n<p>If I usually give estimates that are aligned to this given confidence level, we say that I&rsquo;m a <strong>calibrated estimator.<\/strong><\/p>\n<p>And that is what this article is about. How do I find out my current calibration performance and how can I improve my calibrations?<\/p>\n<h2 id=\"exercises\">Exercises<\/h2>\n<h3 id=\"preliminaries\">Preliminaries<\/h3>\n<p>If you do these exercises in a group setting, some ground rules are important:<\/p>\n<ul>\n<li>Every participant answers the questions on a piece of paper all by themselves.<\/li>\n<li>Every participant evaluates their answers by themselves (guidance to follow).<\/li>\n<li>The moderator does not ask for their results.<\/li>\n<li>Every participant takes their piece of paper with their answers with them when they leave the room.<\/li>\n<li>Afterwards, every participant can shredder the piece of paper, throw it into the garbage bin, or post it in the office kitchenette, according to their personal level of extraversion.<\/li>\n<\/ul>\n<h3 id=\"part-one-intervals\">Part One: Intervals<\/h3>\n<p>Ten questions. The solution to every question is a single number, like a year or a speed.<\/p>\n<p>The task is to estimate an interval \u201cmin \u2013 max\u201d or \u201cearliest \u2013\u00a0latest\u201d. Two numbers.<\/p>\n<p>Such that this interval has a confidence level of 90%.<\/p>\n<p>That means that the interval should be wide enough to be almost sure. It should not be so wide that you&rsquo;re totally sure. For example, when the question is about a year of birth, the answer \u201cfrom the Big Bang until now\u201d is a very good estimate, as it is certainly correct, but this estimate is also useless and without any value.<\/p>\n<p>If you repeat these question\u2013estimate games many times, ninety percent of the correct solution should lie inside your estimated interval and <strong>ten percent should be outside of it.<\/strong><\/p>\n<p>It does not matter how far inside or outside of the interval the solution lies. Inside is inside, Outside is outside. There is no \u201calmost correct\u201d.<\/p>\n<p>Now the question. I&rsquo;m sorry, they are kind of German-centric. But it does not matter for the exercise. If you&rsquo;re from somewhere else, you can still do it.<\/p>\n<ul>\n<li>How much does a Learjet 75 weigh (kg)?<\/li>\n<li>What radius (middle of earth to satellite) has the geostationary orbit (m)?<\/li>\n<li>How deep under water lay the wrecked Russian submarine Kursk (m)?<\/li>\n<li>How long is a 10 Euro bill (mm)?<\/li>\n<li>In which year did the German stock index DAX exceed 5000 for the first time?<\/li>\n<li>At which temperature does Helium vaporize (\u00b0C)?<\/li>\n<li>In which year was the German-Language Sesame Street first broadcast?<\/li>\n<li>How many Pok\u00e9mons are there?<\/li>\n<li>Which year was Macbeth&rsquo;s premiere?<\/li>\n<li>How much did the Volkswagen Golf 1 cost (Deutsche Mark)?<\/li>\n<\/ul>\n<h3 id=\"part-two-confidence\">Part Two: Confidence<\/h3>\n<p>This exercise consists of ten statements of fact. Each one is wither correct or wrong.<\/p>\n<p>This time you&rsquo;re not answering with an interval, but simply with \u201ctrue\u201d or \u201cfalse\u201d,<\/p>\n<p>And additionally with your personal confidence: how sure are you about your answer?<\/p>\n<p>You can choose 50%, 60%, 70%, 80%, 90% and 100% as confidence levels. Please don&rsquo;t answer 82,7%. And not less than 50%. If you tend to 40%, flip the answer and give 60% as your confidence level.<\/p>\n<p>The statements:<\/p>\n<ul>\n<li>A 1 Euro coin is heavier than a Compact Disc.<\/li>\n<li>Buzz Aldrin was the second man on the moon.<\/li>\n<li>World War II is closer to today than to the American Civil War.<\/li>\n<li>Some tortoises live to 200 years.<\/li>\n<li>There are more than 20000 kilometers of Autobahn in Germany.<\/li>\n<li>There were more than 20 German recipients of the Nobel Prize in Physics.<\/li>\n<li>California&rsquo;s gross domestic product exceeds that of Italy<\/li>\n<li>The distance (as the crow flies) between Vladivostok and Mumbai is larger than the distance between Wuppertal and Moscow.<\/li>\n<li>Hanover (Germany) has more town precincts than Stuttgart.<\/li>\n<li>An ice hockey puck fits into a golf hole.<\/li>\n<\/ul>\n<h2 id=\"evaluation\">Evaluation<\/h2>\n<p>Let&rsquo;s evaluate your estimates. First for Part One:<\/p>\n<table>\n<thead>\n<tr>\n<th>Question<\/th>\n<th style=\"text-align: right\">Solution<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>How much does a Learjet 75 weigh (kg)?<\/td>\n<td style=\"text-align: right\">6168<\/td>\n<\/tr>\n<tr>\n<td>What radius (middle of earth to satellite) has the geostationary orbit (m)?<\/td>\n<td style=\"text-align: right\">42157<\/td>\n<\/tr>\n<tr>\n<td>How deep under water lay the wrecked Russian submarine Kursk (m)?<\/td>\n<td style=\"text-align: right\">108<\/td>\n<\/tr>\n<tr>\n<td>How long is a 10 Euro bill (mm)?<\/td>\n<td style=\"text-align: right\">127<\/td>\n<\/tr>\n<tr>\n<td>In which year did the German stock index DAX exceed 5000 for the first time?<\/td>\n<td style=\"text-align: right\">1998<\/td>\n<\/tr>\n<tr>\n<td>At which temperature does Helium vaporize (\u00b0C)?<\/td>\n<td style=\"text-align: right\">-269<\/td>\n<\/tr>\n<tr>\n<td>In which year was the German-Language Sesame Street first broadcast?<\/td>\n<td style=\"text-align: right\">1973<\/td>\n<\/tr>\n<tr>\n<td>How many Pok\u00e9mons are there?<\/td>\n<td style=\"text-align: right\">890<\/td>\n<\/tr>\n<tr>\n<td>Which year was Macbeth&rsquo;s premiere?<\/td>\n<td style=\"text-align: right\">1606<\/td>\n<\/tr>\n<tr>\n<td>How much did the Volkswagen Golf 1 cost (Deutsche Mark)?<\/td>\n<td style=\"text-align: right\">7995<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Mark the solutions that lie inside your estimated intervals. If you&rsquo;re already a well-calibrated estimator there should be about nine of the ten. Of course there is a natural statistic variation, <a href=\"#statistical-significance\">later more about that<\/a>.<\/p>\n<p>Now Part Two:<\/p>\n<table>\n<thead>\n<tr>\n<th>Question<\/th>\n<th>Solution<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>A 1 Euro coin is heavier than a Compact Disc.<\/td>\n<td>wrong(7,5g vs. 15g)<\/td>\n<\/tr>\n<tr>\n<td>Buzz Aldrin was the second man on the moon.<\/td>\n<td>true<\/td>\n<\/tr>\n<tr>\n<td>World War II is closer to today than to the American Civil War.<\/td>\n<td>wrong (79 years vs. 74 years)<\/td>\n<\/tr>\n<tr>\n<td>Some tortoises live to 200 years.<\/td>\n<td>wrong (more than 176 is the highest estimate)<\/td>\n<\/tr>\n<tr>\n<td>There are more than 20000 kilometers of Autobahn in Germany.<\/td>\n<td>wrong (&gt;13000 Kilometer)<\/td>\n<\/tr>\n<tr>\n<td>There were more than 20 German recipients of the Nobel Prize in Physics.<\/td>\n<td>true (23,5 \u2013 double citizenship was counted as half<\/td>\n<\/tr>\n<tr>\n<td>California&rsquo;s gross domestic product exceeds that of Italy.<\/td>\n<td>true (3.2 trillion USD vs. 2.3 trillion USD)<\/td>\n<\/tr>\n<tr>\n<td>The distance (as the bird flies) between Vladivostok and Mumbai is larger than the distance between Wuppertal and Moscow.<\/td>\n<td>true (6078 kilometers vs. 2056 kilometers)<\/td>\n<\/tr>\n<tr>\n<td>Hanover (Germany) has more town precincts than Stuttgart.<\/td>\n<td>wrong (51 vs. 152)<\/td>\n<\/tr>\n<tr>\n<td>An ice hockey puck fits into a golf hole.<\/td>\n<td>true (3 inches vs. 4.25 inches)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Mark the statements that you correctly answered.<\/p>\n<p>Now convert the confidence levels from percent to number values (70% to 0.7) and add all ten up. So many correct answers do you expect.<\/p>\n<p>An example:<\/p>\n<table>\n<thead>\n<tr>\n<th>statement<\/th>\n<th>your answer<\/th>\n<th style=\"text-align: center\">answer correct?<\/th>\n<th style=\"text-align: right\">confidence in %<\/th>\n<th style=\"text-align: right\">confidence (number)<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>wrong<\/td>\n<td>true<\/td>\n<td style=\"text-align: center\">yes<\/td>\n<td style=\"text-align: right\">50%<\/td>\n<td style=\"text-align: right\">0,5<\/td>\n<\/tr>\n<tr>\n<td>true<\/td>\n<td>true<\/td>\n<td style=\"text-align: center\">yes<\/td>\n<td style=\"text-align: right\">70%<\/td>\n<td style=\"text-align: right\">0,7<\/td>\n<\/tr>\n<tr>\n<td>wrong<\/td>\n<td>true<\/td>\n<td style=\"text-align: center\">no<\/td>\n<td style=\"text-align: right\">100%<\/td>\n<td style=\"text-align: right\">1,0<\/td>\n<\/tr>\n<tr>\n<td>wrong<\/td>\n<td>wrong<\/td>\n<td style=\"text-align: center\">yes<\/td>\n<td style=\"text-align: right\">90%<\/td>\n<td style=\"text-align: right\">0,9<\/td>\n<\/tr>\n<tr>\n<td>wrong<\/td>\n<td>wrong<\/td>\n<td style=\"text-align: center\">yes<\/td>\n<td style=\"text-align: right\">90%<\/td>\n<td style=\"text-align: right\">0,9<\/td>\n<\/tr>\n<tr>\n<td>true<\/td>\n<td>wrong<\/td>\n<td style=\"text-align: center\">no<\/td>\n<td style=\"text-align: right\">50%<\/td>\n<td style=\"text-align: right\">0,5<\/td>\n<\/tr>\n<tr>\n<td>true<\/td>\n<td>wrong<\/td>\n<td style=\"text-align: center\">no<\/td>\n<td style=\"text-align: right\">80%<\/td>\n<td style=\"text-align: right\">0,8<\/td>\n<\/tr>\n<tr>\n<td>true<\/td>\n<td>wrong<\/td>\n<td style=\"text-align: center\">no<\/td>\n<td style=\"text-align: right\">80%<\/td>\n<td style=\"text-align: right\">0,8<\/td>\n<\/tr>\n<tr>\n<td>wrong<\/td>\n<td>wrong<\/td>\n<td style=\"text-align: center\">yes<\/td>\n<td style=\"text-align: right\">100%<\/td>\n<td style=\"text-align: right\">1,0<\/td>\n<\/tr>\n<tr>\n<td>true<\/td>\n<td>wrong<\/td>\n<td style=\"text-align: center\">no<\/td>\n<td style=\"text-align: right\">60%<\/td>\n<td style=\"text-align: right\">0,6<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>That is 5 correct answers and a sum of confidence values of 7.7.<\/p>\n<p>In this example you should have answered 8 correctly, but you only had 5 correct answers.<\/p>\n<p>Don&rsquo;t worry, results like these (and worse) are normal.<\/p>\n<h2 id=\"limitations-and-objections\">Limitations and objections<\/h2>\n<h3 id=\"statistical-significance\">Statistical significance<\/h3>\n<p>Of course, this was only a single exercise with ten questions, a very small sample size. \u201cI had seven answers inside the interval, that&rsquo;s within statistical variation\u201d you might be tempted to say. But is that so?<\/p>\n<p>For Part One there is an easy plausibility check. If we assume a Bernoulli distribution (and that is sensible) we can ask:<\/p>\n<p>Assume I&rsquo;m a calibrated estimator. How probable is my result?<\/p>\n<p>And the answer is this table:<\/p>\n<table>\n<thead>\n<tr>\n<th style=\"text-align: right\">Number correct<\/th>\n<th style=\"text-align: right\">Probability<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"text-align: right\">0<\/td>\n<td style=\"text-align: right\">1,00E-10<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: right\">1<\/td>\n<td style=\"text-align: right\">9,00E-09<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: right\">2<\/td>\n<td style=\"text-align: right\">3,64E-07<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: right\">3<\/td>\n<td style=\"text-align: right\">8,75E-06<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: right\">4<\/td>\n<td style=\"text-align: right\">1,38E-04<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: right\">5<\/td>\n<td style=\"text-align: right\">1,49E-03<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: right\">6<\/td>\n<td style=\"text-align: right\">1,12E-02<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: right\">7<\/td>\n<td style=\"text-align: right\">5,74E-02<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: right\">8<\/td>\n<td style=\"text-align: right\">1,94E-01<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: right\">9<\/td>\n<td style=\"text-align: right\">3,87E-01<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: right\">10<\/td>\n<td style=\"text-align: right\">3,49E-01<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Let&rsquo;s check it:<\/p>\n<ol>\n<li>\n<p>The probability of zero correct answers is exactly ten to the power of minus ten. Because as calibrated estimator you&rsquo;re right in 90% of cases, that is, you&rsquo;re wrong in ten percent. The probability to answer all ten questions incorrectly is 0,1 \u00d7 0,1 \u00d7 \u2026 \u00d7 0,1, that is ten to the power of minus ten.<\/p>\n<\/li>\n<li>\n<p>The highest probability is at nine correct answers, as expected. But ten correct answers are much more likely than eight correct answers. Why? Because you&rsquo;re 90% right, so you err quicker towards \u201ctoo many correct answers\u201d.<\/p>\n<\/li>\n<\/ol>\n<p>Again as a diagram:<\/p>\n<figure>\n<img src=\"kalibriertesschaetzen.png\"\nalt=\"Evaluating Part One of Calibrated Estimates\"\nwidth=\"771\"\nheight=\"462\"\n\/><\/figure>\n<p>Evaluating Part One of Calibrated Estimates<\/p>\n<p>It&rsquo;s obvious that seven correct answers are already very improbable, and everything below that practically vanishes.<\/p>\n<p>If you have seven correct answers or fewer it is implausible that you are already a calibrated estimator, despite the small set of questions.<\/p>\n<h3 id=\"questions\">Questions<\/h3>\n<p>The next objection that is usually offered is \u201cthose weren&rsquo;t questions in my field of expertise, but trivia\u201d or \u201cthe questions were silly\u201d.<\/p>\n<p>That&rsquo;s right. And on purpose because this set of questions can be used quite independent of the participants, at least in Germany. So I don&rsquo;t have to prepare new questions for every type of audience. Furthermore, trivia questions make the exercises loosen up. Nobody fears to lose face because they answered a question in their field of expertise incorrectly.<\/p>\n<p>\u201cIf you had asked something about electrical engineering my estimates would have been better\u201d.<\/p>\n<p>This objection is similar, but originates in a misunderstanding.<\/p>\n<p>Of course, a typical layouter could more accurately estimate the necessary dimensioning of a capacitor.<\/p>\n<p>I would certainly expect a narrower interval here than with a trivia question.<\/p>\n<p>But we didn&rsquo;t evaluate the width of the interval at all! At this point many participants pause and flip back to the evaluation. But it&rsquo;s true. The evaluation was binary: either the estimate was inside the interval, or not. There were no bonus points for choosing a narrow intervall.<\/p>\n<p>The interval&rsquo;s width did play a role, of course, but not for the question \u201ctrue\u201d or \u201cwrong\u201d, but for the calibration: do you estimate too conservatively or too brazenly?<\/p>\n<p>These were no trick questions. But they were chosen so that participants have to really think about how sure they are.<\/p>\n<h2 id=\"improving\">Improving<\/h2>\n<p>Very few people are natural calibrated estimators. The good news is: almost everybody can improve through exercise (studies say that about 5% don&rsquo;t improve).<\/p>\n<p>It&rsquo;s fruitful to repeat this exercise every now and then, with different questions, of course.<\/p>\n<p>A psychological trick is to act as if you&rsquo;re betting money on your answer. To bet in reality works even better, but acting as if already helps.<\/p>\n<p>The \u201cequivalent bet test\u201d asks \u201cwould you bet money on your answer or rather on this wheel of fortune with a probablity of winning of 90%?\u201d. Every participant should be indifferent about this question, of course, but often an instinctive reaction pro or con wheel of fortune indicates a problem with their estimate.<\/p>\n<p>It can help to just assume that the estimate is incorrect, and to question it by an explicit effort.<\/p>\n<p>It is fine to use absurdly wide intervals as a starting point, they are but stepping stones on the way towards a better interval.<\/p>\n<p>With most questions the interval bounds should be symmetric. That means that if you estimate an interval between 100 and 200 with confidence 90%, you should assign both intervals \u201cminus infinity to 200\u201d and \u201c100 to infinity\u201d a confidence level of 95%, because the remaining 10% should split evenly above and below.<\/p>\n<h2 id=\"in-closing\">In closing<\/h2>\n<p>I find it important to align my estimates to a given confidence level. At work I have never encountered anyone to request that, though.<\/p>\n<p>My personal results with these two exercises were catastrophic. I was much too confident (i.e. my intervals were markedly too narrow), and if you believe the studies that is the common case.<\/p>\n<p>So I have resolved to do exercises like these regularly.<\/p>"},{"title":"Triumph of the City","link":"https:\/\/www.thomas-huehn.com\/triumph-of-the-city\/","pubDate":"Wed, 27 Mar 2024 19:55:00 +0100","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/triumph-of-the-city\/","description":"<p><strong>Triumph of the City<\/strong> is an unabashed apologia of cities and metropolises. <strong>Edward Glaeser<\/strong> finds the good in even the most squalid, stinking slum. Because he claims that it is still better than the alternative. Urban poverty is abhorrent to watch, but rural poverty is brutal. And people living in the slums in a developing country don&rsquo;t have a plane ticket to a European country with social security as an alternative. Their alternative is suffering and dying in the countryside. Where we don&rsquo;t have to see it. Why is there so much poverty in these metropolises? Because it still draws people who want to improve their lives. The abject poverty isn&rsquo;t a sign that cities are failing, it&rsquo;s a sign that cities are working.<\/p>\n<p>Cities provide proximity and density. People work together, they invent together, they build knowledge together. All of that happens more when other people are around. Many people.<\/p>\n<p>Density brings its own problems. Crime and pollution grow when cities get denser (see also <a href=\"https:\/\/www.thomas-huehn.com\/simcity\/\">The SimCity Planning Commission Handbook<\/a>. Fix that! Do not fight density itself. Dense cities are generally better for the environment, as well. People need less infrastructure, less energy, waste disposal is more efficient, as is public transport, when many people live in a relatively small area.<\/p>\n<p>Glaeser is very clear on one thing: cities aren&rsquo;t necessarily better when they are larger. More housing, more infrastructure than the citizenry needs or is able to support is worth nothing. He is contemptuous about politician&rsquo;s attempts to build their cities out of decline. The sports stadium won&rsquo;t turn things around. The skyscraper won&rsquo;t turn things around.<\/p>\n<p>He isn&rsquo;t heartless, though, and he attempts to soften the edge of what he&rsquo;s writing. Help poor people, not poor places. Spend money on people, not on senseless building. When a city declines and people move elsewhere it may be sad for the city itself, but it&rsquo;s almost always better for the people moving.<\/p>\n<p>Glaeser has a few choice words for environmentalists who dream about the buconic idyll. \u201cWhen environmentalists stop development in green places, it will occur in brown places.\u201d \u201cIf people really could be counted upon to act like fifteenth-century rural peasants, then rural ecotowns could be extremely green.\u201d \u201cIf you love nature, stay away from it.\u201d<\/p>\n<p>His analyses are economy-driven, so the book may not be the final word on the matter. But economy does have interesting contributions to offer: how do we know that density helps with innovation? Because patents cite other patents from the same city more often than patents from other cities, even when you&rsquo;re controlling for citing the same company. Why is the American population concentrated on both seaboards? Because at the beginning of the 19th century it cost just as much to move goods across the Atlantic ocean as moving it 30 miles inland from there.<\/p>\n<p>His big question is: What will India do? What will China do? Because if the developed, industrial countries cannot offer a plausible path out of our unsustainable way of living, India and China with its billions of people will not choose more wisely.<\/p>"},{"title":"The Inner Game of Tennis","link":"https:\/\/www.thomas-huehn.com\/inner-game-of-tennis\/","pubDate":"Fri, 08 Mar 2024 14:00:00 +0100","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/inner-game-of-tennis\/","description":"<p><strong>W. Timothy Gallwey<\/strong> ostensibly explains in <strong>The Inner Game of Tennis<\/strong> how to get better at playing Tennis,\nand he did work as a tennis instructor after his career as a varsity player. But tennis is just a vehicle for explaining his principles which are applicable to all psychomotor skills and beyond. Consequently he cashed in on variations of this book in \u201cThe Inner Game of Golf\u201d, \u201cThe Inner Game of Skiing\u201d and even \u201cThe Inner Game of Music\u201d.<\/p>\n<p>His thesis is that we all know how to learn to crawl, to walk, and yes, to play tennis. Unconsciously. But we don&rsquo;t let our brain learn in a natural way, because our seemingly superior ability to reflect and correct ourselves interferes with the learning process. The secret in learning is not trying too hard.<\/p>\n<p>Not trying too hard doesn&rsquo;t mean that we do not need to put in the effort and the hours. Or that we do not care about results. It&rsquo;s about dispassionately observing results of our attempts. \u201cThe ball went about five centimeters too wide\u201d. It&rsquo;s a simple fact without judgment. Assigning value judgments like \u201cI can&rsquo;t do this shot\u201d or \u201cI&rsquo;m a bad player\u201d don&rsquo;t help in the slightest. But where most people would readily agree with that, Gallwey also admonishes the reader not even to think of it as \u201cI&rsquo;ve lost a point\u201d.<\/p>\n<p>Gallwey uses a model where our brain is composed of \u201cself 1\u201d and \u201cself 2\u201d. They are not identical to Kahnemann&rsquo;s System 1 and System 2. While the Inner Game of Tennis of Tennis was first published in 1974, and Kahnemann had already worked on his model in the seventies, his book only came out in 2011, and it&rsquo;s probably pure chance that both came up with superficially similar looking models.<\/p>\n<p>In Gallwey&rsquo;s view, the brain&rsquo;s self 1 is a \u201cteller\u201d. It constantly observes, evaluates, judges and tries to issue corrective orders.<\/p>\n<p>Self 2 is the \u201cdoer\u201d. And unfortunately, self 1&rsquo;s constant nagging and bickering doesn&rsquo;t help self 2 one bit. Self 1 would be well-advised to simply observe and give pure observations as feedback to self 2, so that self 2 can unconsciously self-correct any erroneous (motor) action.<\/p>\n<p>Whole parts of the book seem trite, a mere re-wording of popular psychology explanations and models: the system of two minds (reminding of Kahnemann, although much different), the \u201cquiet mind\u201d, \u201cflow\u201d, Yoga and meditation.<\/p>\n<p>It really put me off the first time I read the book. All of those concepts are merely mentioned in a few words. Why would I want to read about them here instead of a proper and much better treatment in other books?<\/p>\n<p>The second time, many years later, I realized that all those things weren&rsquo;t common knowledge in the seventies. While some parts had already been developed (and meditation had been around for a long time!), their boom phase and broad popularity came long after this book.<\/p>\n<p>It&rsquo;s a short read, and it offers an interesting model of the mind in psychomotor learning, but ultimately it failed in giving me actionable advice beyond \u201cdon&rsquo;t try too hard, don&rsquo;t judge\u201d.<\/p>"},{"title":"Venice's Secret Service","link":"https:\/\/www.thomas-huehn.com\/venices-secret-service\/","pubDate":"Sun, 14 Jan 2024 16:51:31 +0100","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/venices-secret-service\/","description":"<p><strong>Venice&rsquo;s Secret Service<\/strong> by <strong>Ioanna Iordanou<\/strong> undertakes to show that organized intelligence is not \u2013 as commonly thought \u2013 an invention of the modern industrial state, but already existed in Renaissance Venice of the 1500s and early 1600s.<\/p>\n<p>Venice was a Great Power, with colonies and occupations all over the Mediterranean, vying with states like France and England for supremacy.<\/p>\n<p>The major ruling body described in the book is the Council of Ten. Actually seventeen men, the Council of Ten was the state security body under the Doge. Serving in the Council of Ten was both an honour and a source of immense power, but it also brought restrictions and inconveniences. The heads of the ten were not allowed to frequent certain public places, and members who leaked secrets could face executions.<\/p>\n<p>Iordanou argues that Venice&rsquo;s secret service was special in the concert of European powers. Philip II of Spain was very well informed, because he was a micro-manager. He directed every detail of his secret service and cryptology department personally. Spanish secretaries, for example, worked at their homes, which was highly inefficient and led to misplaced documents and leaked secrets.<\/p>\n<p>In contrast, Venice used managerial practices like delegating tasks to inferior officers and managing whole information flows between several officials, as well as formal reports from its officials and the development of a professional identity, although the words \u201cmanagement\u201d and \u201cprofessionalization\u201d are problematic when used to describe pre-modern practices.<\/p>\n<p>Secrecy is commonly thought as limiting exchange of information. But it is also instrumental in enabling this sharing, because only by clearly demarcating people \u201cin the know\u201d from outsiders, those in possession of the information can know who is allowed to receive information about secret affairs. People on the inside can freely discuss secret issues, without fear of improperly disclosing them.<\/p>\n<p>Secrecy was also a tool of governing the city. The Ten used secret information to shape internal Venetian politics, even keeping important information from city bodies they notionally reported to, like the Senate. Venice also used anonymous tip boxes distributed like post boxes, where citizens could report on and denuciate wach other, offer information \u2013 sometimes directly attaching their price. They did so with some fervor, reporting on other people was very common. Some citizens even paid scribes to pen those denunciations beautifully. Those tips and offers were then scrupulously read, evaluated and, if deemed important and true, acted upon.<\/p>\n<p>Including the class of commoner citizens into handling secret information was a way to give them status, pride and a limited sense of power, even though the higher echelons of state service were closed to them. Venice used such limited inclusion deftly and systematically as an administrative elite.<\/p>\n<p>The most ordinary use of secrecy was keeping communication channels with Venice&rsquo;s diplomats open and secure. Different ciphers were used for communications of different criticality, which is why Venice and the other powers continuously developed new ciphers. Diplomats and military leaders in a region shared keys, which were exchanged by courier, and officials were often directed to distribute keys for other officials. This had lots of potential for mess-ups, and the archives hold many letters of officials complaining that some other official has been writing to them in undecipherable code. In those cases, the central department of cryptology had to dispatch new keys and ciphers to both, or direct yet another official to share his key with the \u201cout-of-sync\u201d official.<\/p>\n<p>Officials were expected to have practical abilities to encrypt and decrypt messages, but they were also assigned clerks to take off the load in day-to-day operations.<\/p>\n<p>Venice also had an excellent official postal service, but exclusively for official use. Other states also used Venice&rsquo;s messaging channels, especially toward the Ottomans in the East. Of course, Venice had no scruples opening those communications, deciphering them, and re-sealing the envelopes. Unless the other state was powerful and Venice feared military attacks. In such cases there were official orders from Venice to its diplomats and couriers not to mess with those communications. There are also humourous stories where a papal nuncio wrote unencrypted messages, so that they were not being delayed by the Venetians.<\/p>\n<p>Venice&rsquo;s cryptology department was usually centered upon a foremost cryptologer, who was also responsible for educating new recruits. He got special affordances, like being allowed to choose new recruits himself. This contributed to the department of cryptology being a nepotic affair. Younger family members were often selected and preferred. Iordanou sees this as much less nefarious than it looks to the modern reader. Venice&rsquo;s leaders assumed cryptologic talent to run in the family, they assumed that familial exposure to cryptology would have fostered that talent even more, and it was also a form of payment, especially since remuneration for long and well executed services could be lavish, but often weren&rsquo;t. In general, Venice&rsquo;s leadership cared for family members of officials having suffered in service, especially to the bereaved of Venetian amateur spys and agents on dangerous missions. Recruits learned either by oral lectures or reading written accounts of earlier cryptologists. After a few years of instruction they had to pass a harsh written examination before being fully appointed, although as favor to the head cryptologer even that could be waived when it came to his family members.<\/p>\n<p>Venice&rsquo;s Council of Ten deemed cryptology important and fostered cryptology research, they set up training programs for new cryptologers, and they set up a whole department of cryptology that handled both defensive development of new ciphers and offensive breaking of adversaries (and friends&rsquo;) ciphers. They also handled cryptology as a secret secret, with the death penalty thereatened for cipher or key misuse.<\/p>\n<p>Merchants were expected to collect information and pass it on to Venetian authorities, but they were sometimes also used by the Council of Ten in preference to its own diplomats, when repudiability, convenience or inconspicuousness called for it. Curiously, Venice never developed a professional spy force, like the professional cryptologers. Instead it relied mostly on amateurs, criminals and other people paid for with sometimes huge, sometimes only meagre amounts of money, and sometimes with favors, especially the release or un-banishment of criminals.<\/p>\n<p>The book is academic and mostly dry in style, and Iordanou is much too fond of the word \u201credolent\u201d, but is is a fascinating window into early professional cryptology.<\/p>"},{"title":"The SimCity Planning Commission Handbook","link":"https:\/\/www.thomas-huehn.com\/simcity\/","pubDate":"Sun, 14 Jan 2024 16:50:40 +0100","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/simcity\/","description":"<p><strong>The SimCity Planning Commission Handbook<\/strong> by <strong>Johnny L. Wilson<\/strong> is a slim little book that tries a little subterfuge. It acts as a game manual and tips &amp; tricks book, but the author is really interested in the art and engineering of town planning and sneaks that in.<\/p>\n<p>It&rsquo;s also a time capsule of architectural heterogeny of times past. The first chapter of the (still quite slim) book handles installation and usage of the game including the terrain editor, and it discusses a few differences between platforms. Because, see, SimCity was sold for Amiga\/Commodore, Atari, Mac and PC, all with subtle differences. For example, there is no stadium on C64. We even get short installation commands, albeit only the happy path.<\/p>\n<p>Strewn throughout the book are helpful tips and ideas about gameplay. You can bulldoze one corner of a residential zone and plant a park there. Doing this you stop the zone from growing further.<\/p>\n<p>SimCity is a \u201creal\u201d city simulator, not a mere toy. It is extremely simple by today&rsquo;s standards, but still. There are many things it cannot simulate at all, or not simulate adequately, and the author has taken it upon him to invent little workarounds or sometimes even \u201chouse rules\u201d \u2013 voluntary restrictions on the part of the player or some creative reinterpretation of certain aspects of the game&rsquo;s simulation. This is the most impressive and valuable thing that the book has to offer. I have never seen anything like that before.<\/p>\n<p>For example, the author tries to simulate his home-town, a Californian town near San Diego. He disables auto-bulldoze, because his home has lots of sensitive native American and paleontological areas where you need to be careful when digging and you may need special permissions. Bulldozing every plot manually in the game is supposed to simulate that additional burden.<\/p>\n<p>Land-use restrictions do not allow hospitals in industrial zones. You cannot steer where the game pops up hospital buildings. Wilson bulldozes every \u201cwrong hospital\u201d, zoning new residential areas until a hospital pops up there. Also, there is an official goal for the hospital-to-person ratio. SimCity does not have anything like it, so he keeps a close eye on the statistics screen and zones new residential areas if too few hospitals exist. Similar for schools, although it seems you can build them directly, at least. Similar with parks, although you need to check at every end of year the ratio between people and number of park tiles, and then adjust by building or bulldozing.<\/p>\n<p>Waste management? Oh yes, also not in the game itself. But you can place a power plant and not connect it anywhere. It costs money and it takes up space. Like a landfill.<\/p>\n<p>Yes, all that is incredibly tedious, but to Wilson, it&rsquo;s the fun part! Remember, he&rsquo;s not in it for Godzilla, he wants to play with city planning. And he wants you to think about your own town.<\/p>\n<p>Undoubtedly, the author landed on his house rules by extensive and controlled experimentation. And that is what he is constantly nudging the reader to do for himself: Build an industrial zone here, a residential zone here, lay down streets like this. Do the same on the other side of the map, but change something specific. The length of the street. The number of zones. Observe what happens. Drill down into the statistics screens. Find out, what the game does. Think about what that means.<\/p>\n<p>The author is hand-holding a lot with these experiments, though. You don&rsquo;t have to fear failure, the experiments are mostly quite simple. Still, it shows and encourages a certain playful approach that emphasizes understanding both the game and, hopefully, the real world.<\/p>\n<p>As mentioned, the game manual is mostly a set-up, a hook for the author to tell us some things about city planning. We see maps of Karlsruhe&rsquo;s planned radial layout, of Aosta in the first century B.C., of London before the Great Fire. Wilson shows a few \u2013 very limited \u2013 options in the game to do similar planning. But SimCity can simulate growth pains in regards to ecology and traffic surprisingly well. Also, population density problems in the game cannot be solved simply, by bulldozing and redesigning willy-nilly, the player needs to have a plan that includes handling crime, pollution and economic growth. All these intertwined aspects are explained and shown in the book all the time, because whenever one problem is tackled, the others tend to follow close after.<\/p>\n<p>One aspect that is easily misunderstood is that building decay is not a consequence of some property of the building. Bulldozing the building will not let the zone recover with new buildings. Some players seem to have thought that churches, occurring randomly in residential zones, should be bulldozed when low-valued. Wilson warns us that this has cause and effect exactly backwards: low-value churches aren&rsquo;t bad, bad land value leads to low church value, and land value must be improved holistically, tackling crime, pollution, etc., as always.<\/p>\n<p>Regarding the economy: SimCity has both an export multiplier and an import replacement multiplier, where seaports (which are much more important than airports in the game) have large effects on the city. But at a certain size of the city, the city-internal economy starts to trump the external (export) economy, and the book draws back the curtain behind the game&rsquo;s internal calculations, as it does in several places.<\/p>\n<p>Traffic is the most fleshed-out part of the simulation, but it is very much centered on cars and light rail, not offering any further traffic options. More streets equals more traffic is a valid theorem in SimCity, as it is in real life, and curves slow down traffic, so your \u201cscenic route\u201d might bring your city to a standstill.<\/p>\n<p>Ecology is mostly simulated by the problems of pollution and flooding, but it is quite crudely simulated. Forest or parks do not actually improve pollution levels, they merely increase land value. This is one of the things that one might wish better simulation mechanics for.<\/p>\n<p>The book also explains how to win the scenarios that the game brings with it, always showing clearly what the most pressing problems are and how to tackle them. Most important is the decision process, and Wilson is thinking out loud here. For example, the Bern scenario features a traffic collapse, but if the player tries to bulldoze and redesign the road system, the city will be bankrupt almost immediately. Incremental changes are the winning move here.<\/p>\n<p>Additionally, the author critiques both additional cities that come with the terrain editor, and a few winning player entries from a SimCity design competition. This part could have benefitted from a few more pages, it is extremely interesting, but also quite\u2026 dare I say curt? The cities are quite non-conventional and unlike anything most players will try themselves. Why not have a city with a gazillion sports stadiums? Deadwood City (page 158) has you covered!<\/p>\n<p>Disasters like airplane crashes, flooding, but mostly, of course, Godzilla (officially, the \u201cmonster\u201d) are spicing the dry simulation up, and make it more acceptable to gamers. Player&rsquo;s agency is quite limited, though. Mostly you can only wait it out and clean up.<\/p>\n<p>The meat of the book is fewer than 200 pages, discounting the installation information, explanation of icons and the terrain editor. It feels longer. Not that it&rsquo;s boring, but you get so much out of it. Many other authors could do worse than take inspiration.<\/p>\n<p>The only flaw with the book I can find is that maps are reproduced quite well for the standards of 1990, I suppose, but I find them small and the pixel look of SimCity not really easy to decipher. Additionally two images of maps on pages 98 and 99 are supposed to show dramatic differences in flooding levels. To me they are identical, and I\u2019m almost certain they are indeed identical, on account of a clerical error when preparing the manuscript.<\/p>"},{"title":"London Review of Books","link":"https:\/\/www.thomas-huehn.com\/london-review-of-books\/","pubDate":"Fri, 14 Oct 2022 22:00:00 +0000","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/london-review-of-books\/","description":"<p>The name may mislead you. Ostensibly, the articles are book reviews, but barely. The books reviewed are more starting points into long-form articles on their subject matter.\nThe articles are uniformly fantastic, though obviously not uniformly interesting to everyone. I find that every issue carries about three to five articles I find <em>really<\/em> interesting.<\/p>"},{"title":"Repairing the Logitech MX Master 3 wheel mode switch","link":"https:\/\/www.thomas-huehn.com\/repairing-the-logitech-mx-master-3-wheel-mode-switch\/","pubDate":"Sun, 26 Dec 2021 23:00:00 +0000","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/repairing-the-logitech-mx-master-3-wheel-mode-switch\/","description":"<p>I&rsquo;ve been using a Logitech MX Master 3 mouse for about two years now.<\/p>\n<p>Recently I noticed that the wheel mode switch button just below the primary wheel doesn&rsquo;t work anymore.<\/p>\n<p>It should switch the mouse wheel from ratched mode to freespinning mode and back again.\nUnfortunately, my mouse seemed to be stuck in ratched mode.<\/p>\n<p>The \u201csolution\u201d was to take the mouse and thump it against my thigh.<\/p>\n<p>There is a mechanism controlling the wheel mode that can mechanically get into a position where the magnetic control doesn&rsquo;t do anything.\nWhen you thump the mouse hard (but against your flesh so it doesn&rsquo;t take damage), it gets unstuck and the magnetic control works again.<\/p>\n<p>That&rsquo;s rather disappointing for such an expensive mouse that seems high quality, but it&rsquo;s a common problem that users all over the Internet are reporting.<\/p>"},{"title":"Back pain","link":"https:\/\/www.thomas-huehn.com\/back-pain\/","pubDate":"Fri, 26 Nov 2021 23:00:00 +0000","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/back-pain\/","description":"<p>Between Christmas and New Year&rsquo;s it struck again: after months of peace the severe back pain was back. This time it stretched out to about a week, in the cases before I had managed to get better with pain killers after a few days.<\/p>\n<p><strong>But this time I had a secret weapon at my disposal:<\/strong> <a href=\"https:\/\/portal.dnb.de\/opac.htm?method=enhancedSearch&amp;index=num&amp;term=9783442217632&amp;operator=and\">a book<\/a>. I had already bought it, in case I needed it.<\/p>\n<p>I had heard about this book on the Internet.. A lot of people were talking about how the book had helped them <a href=\"https:\/\/news.ycombinator.com\/item?id=14699034\">to combat their back pain<\/a> (<a href=\"https:\/\/news.ycombinator.com\/item?id=14701913\">and other kinds of pain<\/a> <a href=\"https:\/\/news.ycombinator.com\/item?id=22069525\">like RSI<\/a> <a href=\"https:\/\/news.ycombinator.com\/item?id=24948611\">or in the knee<\/a>) <a href=\"https:\/\/news.ycombinator.com\/item?id=21662116\">for good<\/a>. <a href=\"https:\/\/news.ycombinator.com\/item?id=22073508\">Some claimed<\/a> <a href=\"https:\/\/news.ycombinator.com\/item?id=18319305\">just by reading it their pain had vanished<\/a>.<\/p>\n<p>A clear case of esotericism. It can&rsquo;t be. I&rsquo;m the sciency type, homeopathy or osteopathy are not my thing. But I was ready to give it a try. Pain is nasty, and the one who heals is right.<\/p>\n<p>How did it go? Right after reading the book my pain had subsided a bit. I went to bed and rose the next morning without pain (albeit with quite some tension in the back).<\/p>\n<p><strong>Does that prove<\/strong> that the method promoted in the book is working? <strong>Of course not.<\/strong> My back pain has always gone away again in the past, and I did take painkillers for a week. So it may be random luck. And in the medical point of view, it is. <strong>But just maybe there is some truth to it, and it has certainly not done any harm.<\/strong><\/p>\n<p>Dr. Sarno promotes the thesis that most types of back pain (and many other kinds of pain) <strong>have a psychological cause.<\/strong><\/p>\n<p>Now every victim is about to cry out: \u201cMy pain is real, not just imagined\u201d. Unfortunately, society tends to dismiss psychological maladies as \u201cnot real\u201d.<\/p>\n<p>But they can rest assured, Dr. Sarno does not claim that the pain is imagined. No, it is real physical pain, caused by real oxygen deprivation of the muscles and other tissue.<\/p>\n<p>The postulated mechanism goes like this:<\/p>\n<ol>\n<li>We have repressed emotions and tensions inside us.<\/li>\n<li>The brain tries to shield us from those, and to distract us from them.<\/li>\n<li>It&rsquo;s using the autonomic nervous system to do that (it controls blood pressure, blood vessel dilation and much more), in order to cause oxygen under-supply to a region of the body on purpose.<\/li>\n<li>Those regions then signal back to the brain their pain, and we are distracted by that pain. To quell any misunderstanding: this is about a slight oxygen deprivation. No tissue is dying. Think about a runner who makes it across the finish line with pain in his thighs.<\/li>\n<\/ol>\n<p>Pretty wild theory, isn&rsquo;t it? It presupposes that \u201cI\u201d and \u201cmy brain\u201d are two distinct actors that can have secrets from each other (the brain knows about those repressed emotions, but I am being misled by the brain).<\/p>\n<p>And even if this exact mechanism is not the truth, <strong>Dr. Sarno&rsquo;s treatment rests on two necessary conditions:<\/strong><\/p>\n<p>First, the pain has no actual physical cause, it is being created by a psychological process. Whether it gets caused because repressed emotions are playing a role, as Dr. Sarno proposes, or for whatever other reason doesn&rsquo;t really matter. At a time, where psychological effects increasingly get into the focus of classical medicine, it is at least a defensible premise. Whether you choose to follow Dr. Sarno&rsquo;s further theses, or not.<\/p>\n<p>And second, this physiological cause must rest upon a psychological deception. Our brain is playing us, and we don&rsquo;t notice. That&rsquo;s the thesis that&rsquo;s much harder to swallow.<\/p>\n<p>But if you accept the possibility of both premises, the treatment method is plausible.<\/p>\n<p>Let&rsquo;s put those questions aside and see <strong>what Dr. Sarno&rsquo;s recommended treatment looks like.<\/strong><\/p>\n<ol>\n<li>The first point is the most important one, and Dr. Sarno is elaborating that point multiple times: <strong>The first steps are the steps into your doctor&rsquo;s office!<\/strong> No exceptions. Even if Dr. Sarno thinks most back pain is psychologically caused, he does not deny the existence of severe physical problems. <strong>If you have a tumor right next to your spine, no psychological mind games will help! The tumor won&rsquo;t go away, just because you have read a book.<\/strong><\/li>\n<li>Move actively and normally. Physically everything is fine with you.<\/li>\n<li>Be aware that your brain is lying to you. Tell your brain <strong>that you&rsquo;ve seen through it<\/strong>, and that it can stop with this charade now.<\/li>\n<\/ol>\n<p>Mostly, that&rsquo;s it. The brain realizes you won&rsquo;t be deceived anymore, and gives up on those pain tricks.<\/p>\n<p>That&rsquo;s where the experiences of sudden, spontaneous reconvalescence from reading the book come from: you see through the brain&rsquo;s tricks and they lose their effectiveness.<\/p>\n<p>And now we&rsquo;re at the point where a single question looms large, where you either dismiss it all as quackery, or where you try it.<\/p>\n<p><strong>Was Dr. Sarno a quack?<\/strong><\/p>\n<p>On the one hand, no: he was a professor at NYU&rsquo;s medical center. A classically trained, practising doctor with success in the treatment of patients.<\/p>\n<p>On the other hand, yes: nobody else shared or shares his theories and theses. He is complaining in the book that his papers weren&rsquo;t accepted by medical journals. That is usually a sign of charlatanerie. Nobody, really nobody in medicine seems to accept his theories fully or at least substantially.<\/p>\n<p>And on the last hand, no: He would be a strange quack. Usually quacks are selling expensive pills or even more expensive seminars.<\/p>\n<p>As far as I can tell, <strong>Dr. Sarno sold nothing.<\/strong> Except his book. Which you can buy for <strong>less than 10 dollars<\/strong> new. That&rsquo;s atypical. He may have been misguided, I&rsquo;m not able to judge that, but he didn&rsquo;t seem to be a fraud.<\/p>\n<p>In the end my opinion comes down to this:<\/p>\n<p>Listen to your doctor! It&rsquo;s not a good idea to chase miracle cures. But trying <a href=\"https:\/\/portal.dnb.de\/opac.htm?method=enhancedSearch&amp;index=num&amp;term=9783442217632&amp;operator=and\">this book<\/a> on top of what your doctor tells you? I can&rsquo;t see anything wrong with that. You&rsquo;re not harming anything. You&rsquo;re not refusing conventional medicine. If it works for you, great. If not, you have lost ten bucks and two hours of your time.<\/p>\n<p>All being said, whether Dr. Sarno was right in his ideas doesn&rsquo;t really matter to you or me.<\/p>\n<p><strong>The one who heals is right.<\/strong><\/p>"},{"title":"Setting up a free server in Oracle Cloud","link":"https:\/\/www.thomas-huehn.com\/setting-up-a-free-server-in-oracle-cloud\/","pubDate":"Fri, 12 Nov 2021 23:00:00 +0000","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/setting-up-a-free-server-in-oracle-cloud\/","description":"<p>Oracle Cloud offers a free tier that includes a beefy ARM64 virtual server. with lots of RAM.\nIf you forgo the two \u201cmicro instances\u201d you can have an Ampere (ARM64) virtual server with 4 cores and 24 GB of RAM for free.<\/p>\n<h2 id=\"creating-the-instance\">Creating the instance<\/h2>\n<p>After you&rsquo;ve signed up for Oracle Cloud you need to create your server instance. The dashboard is huge, confusing and full of enterprise features.<\/p>\n<p>Start at the \u201cCompute\u201d section and choose \u201cInstances\u201d.<\/p>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-menu-compute.png\"\nalt=\"Compute section\"\nwidth=\"1242\"\nheight=\"748\"\n\/><\/figure>\n<p>Then click \u201cCreate instance\u201d.<\/p>\n<h3 id=\"name\">Name<\/h3>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-create-instance-1.png\"\nalt=\"Create instance\"\nwidth=\"1311\"\nheight=\"1781\"\n\/><\/figure>\n<p>Give a name to the instance and leave the availability domain at whatever it is. You&rsquo;ll need to use the same availability domain for the block storage later, so remember it.<\/p>\n<h3 id=\"shape-and-image\">Shape and image<\/h3>\n<p>Edit \u201cImage and shape\u201d. You want an Ampere instance, so set the check box next to \u201cVM.Standard.A1.Flex\u201d. Then enter 4 OCPUs and 24 GB of RAM.<\/p>\n<p>You could probably go higher, but then you&rsquo;ll pay after the trial period. So keep it to the 4 OCPUs and 24 GB of RAM setting, which is within the free tier.<\/p>\n<p>The image doesn&rsquo;t matter much, since you can replace it later; Ubuntu or Oracle Linux are both fine.<\/p>\n<h3 id=\"networking\">Networking<\/h3>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-create-instance-2.png\"\nalt=\"Create instance\"\nwidth=\"1903\"\nheight=\"1791\"\n\/><\/figure>\n<p>Under \u201cNetworking\u201d you can leave everything as-is, but I like to set \u201cDo not assign a private DNS record\u201d.<\/p>\n<h3 id=\"ssh\">SSH<\/h3>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-create-instance-3.png\"\nalt=\"Create instance\"\nwidth=\"1261\"\nheight=\"1609\"\n\/><\/figure>\n<p>Now paste a prepared SSH <strong>public key<\/strong> into the text field.<\/p>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-create-instance-4.png\"\nalt=\"Create instance\"\nwidth=\"1242\"\nheight=\"521\"\n\/><\/figure>\n<h4 id=\"creating-a-ssh-key\">Creating a SSH key<\/h4>\n<p>If you don&rsquo;t already have one ready, install PuTTY and start PuTTYgen.<\/p>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-puttygen-1.png\"\nalt=\"PuTTYgen\"\nwidth=\"718\"\nheight=\"721\"\n\/><\/figure>\n<p>Click \u201cGenerate\u201d, move the mouse a bit, and then use the highlighted text as your SSH key in the Oracle Cloud dashboard.\nYou should also save it in a text file somewhere.<\/p>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-puttygen-2.png\"\nalt=\"PuTTYgen\"\nwidth=\"718\"\nheight=\"721\"\n\/><\/figure>\n<p>PuTTY saves the private key in its own format, that other tools won&rsquo;t be able to handle.\nSo select \u201cConversions\u201d \u2013 \u201cExport OpenSSH key\u201d and save the private key in OpenSSH format.<\/p>\n<p><strong>Don&rsquo;t lose that private key!<\/strong><\/p>\n<p>If you later need the public key again, but didn&rsquo;t save it, you can always load the private key (from PuTTY&rsquo;s own file format)\nand see the public key again in the top field.<\/p>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-puttygen-3.png\"\nalt=\"PuTTYgen\"\nwidth=\"718\"\nheight=\"721\"\n\/><\/figure>\n<h3 id=\"finish\">Finish<\/h3>\n<p>Click \u201cCreate\u201d and after a short waiting time your instance is provisioned and ready.<\/p>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-create-instance-5.png\"\nalt=\"Create instance\"\nwidth=\"1733\"\nheight=\"1617\"\n\/><\/figure>\n<h2 id=\"creating-block-storage\">Creating block storage<\/h2>\n<p>Your instance has got a boot volume (think: virtual hard disk) of 50 GB. You can change that value, but I keep it at the default value.<\/p>\n<p>The free tier allows you 200 GB, so let&rsquo;s use the missing 150GB!<\/p>\n<p>Go to the \u201cStorage\u201d section and select \u201cBlock Volumes\u201d.<\/p>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-menu-block-volume.png\"\nalt=\"Storage\"\nwidth=\"1325\"\nheight=\"1007\"\n\/><\/figure>\n<p>Give the new block volume a name. Make sure the availability domain is the same as when you created your instance.<\/p>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-create-block-volume-1.png\"\nalt=\"Create a block volume\"\nwidth=\"1247\"\nheight=\"1796\"\n\/><\/figure>\n<p>Select \u201cCustom\u201d and change the size from the default value 50 to 150. Everything else is fine.<\/p>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-create-block-volume-2.png\"\nalt=\"Create a block volume\"\nwidth=\"1232\"\nheight=\"1791\"\n\/><\/figure>\n<p>Now go back to your instance. In the lower left menu click \u201cAttached block volumes\u201d and then \u201cAttach block volume\u201d.<\/p>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-attach-block-volume-1.png\"\nalt=\"Attach a block volume\"\nwidth=\"1837\"\nheight=\"1083\"\n\/><\/figure>\n<p>Select your newly created block volume and click \u201cAttach\u201d.<\/p>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-attach-block-volume-2.png\"\nalt=\"Attach a block volume\"\nwidth=\"1244\"\nheight=\"1784\"\n\/><\/figure>\n<h2 id=\"configure-networking\">Configure networking<\/h2>\n<p>On to \u201cNetworking\u201d! Oracle has a default access list that blocks some traffic that you want to get rid of.<\/p>\n<p>If you&rsquo;ve chosen Ubuntu as your image, you&rsquo;ll need to follow the instructions in <a href=\"firewall-in-oracle-cloud.md\">Firewall in Oracle Cloud<\/a> later.<\/p>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-menu-networking.png\"\nalt=\"Networking\"\nwidth=\"1250\"\nheight=\"818\"\n\/><\/figure>\n<p>Select the vcn (that was created automatically).<\/p>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-networking-1.png\"\nalt=\"Networking\"\nwidth=\"1472\"\nheight=\"624\"\n\/><\/figure>\n<p>And the subnet within.<\/p>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-networking-2.png\"\nalt=\"Networking\"\nwidth=\"1551\"\nheight=\"1165\"\n\/><\/figure>\n<p>Within the subnet is a \u201cDefault Security List\u201d. Click on it and \u201cAdd Ingree Rule\u201d<\/p>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-networking-3.png\"\nalt=\"Networking\"\nwidth=\"1362\"\nheight=\"1214\"\n\/><\/figure>\n<p>Add an ingress rule that allows everything: Source CIDR is 0.0.0.0\/0, protocol is \u201cTCP\u201d leave port range free.<\/p>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-networking-4.png\"\nalt=\"Networking\"\nwidth=\"955\"\nheight=\"923\"\n\/><\/figure>\n<p>The rules should now look like this:<\/p>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-networking-5.png\"\nalt=\"Networking\"\nwidth=\"1455\"\nheight=\"956\"\n\/><\/figure>\n<h2 id=\"done-for-now\">Done (for now)<\/h2>\n<p>You now have a working instance with 150GB of block storage, but it needs to be connected in Linux, as well, and then mounted.<\/p>\n<h2 id=\"login\">Login<\/h2>\n<p>You can log in to your instance using your SSH key now. For Ubuntu you log in as root, for Oracle Linux you&rsquo;ll use the user name opc.<\/p>\n<p>Take the public IP address from your instance<\/p>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-login-1.png\"\nalt=\"Login\"\nwidth=\"1834\"\nheight=\"670\"\n\/><\/figure>\n<p>and put it into the \u201cHost Name\u201d field in PuTTY:<\/p>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-login-2.png\"\nalt=\"Login\"\nwidth=\"672\"\nheight=\"673\"\n\/><\/figure>\n<p>Under \u201cConnection\u201d, \u201cData\u201d, \u201cAuto-login username\u201d enter \u201copc\u201d for Oracle Linux or \u201cubuntu\u201d for Ubuntu Linux.<\/p>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-login-3.png\"\nalt=\"Login\"\nwidth=\"674\"\nheight=\"678\"\n\/><\/figure>\n<p>Under \u201cAuth\u201d, \u201cPrivate key-file\u201d browse and enter your SSH key, that you created under <a href=\"#creating-a-ssh-key\">Creating a SSH key<\/a> in OpenSSH format.<\/p>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-login-4.png\"\nalt=\"Login\"\nwidth=\"676\"\nheight=\"677\"\n\/><\/figure>\n<p>Now back to the \u201cSession\u201d section, enter a name and click \u201cSave\u201d to the right.<\/p>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-login-5.png\"\nalt=\"Login\"\nwidth=\"674\"\nheight=\"673\"\n\/><\/figure>\n<p>Now you can \u201cOpen\u201d the connection to your server.<\/p>\n<h2 id=\"mounting-block-storage\">Mounting block storage<\/h2>\n<p>The 150 GB block volume you&rsquo;ve created needs to be activated and mounted in Linux.<\/p>\n<p>Go back to your instance in the Oracle Cloud dashboard, and in the lower left select \u201cAttached block volumes\u201d.<\/p>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-mount-block-volume-1.png\"\nalt=\"Mounting block storage\"\nwidth=\"754\"\nheight=\"730\"\n\/><\/figure>\n<p>You will find your \u201cbv150\u201d volume there. Click ob the three dots to the right of the entry.<\/p>\n<figure>\n<img src=\"setting-up-a-free-server-in-oracle-cloud-mount-block-volume-2.png\"\nalt=\"Mounting block storage\"\nwidth=\"1435\"\nheight=\"628\"\n\/><\/figure>\n<p>Select \u201ciSCSI commands &amp; information\u201d, expand the \u201cLinux\u201d part and copy the commands under \u201cConnect\u201d.<\/p>\n<p>Back to your PuTTY connection to your server. Log in and enter those commands.<\/p>\n<h2 id=\"going-further\">Going further<\/h2>\n<p>There are several steps I usually do, but those won&rsquo;t be documented here anytime soon:<\/p>\n<p>fdisk (probably \/dev\/sdb), create partition, format (mkfs.ext4), look up UUID with blkid, then enter into fstab with \u201cdefaults,_netdev,nofail 0 2\u201d.<\/p>"},{"title":"Firewall in Oracle Cloud","link":"https:\/\/www.thomas-huehn.com\/firewall-in-oracle-cloud\/","pubDate":"Tue, 02 Nov 2021 23:00:00 +0000","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/firewall-in-oracle-cloud\/","description":"<p>It took me some time to find out why outside services like Letsencrypt could not connect to my free Oracle Cloud instance.<\/p>\n<p>Sure, I had created an \u201callow all traffic from everywhere\u201d rule in Oracle&rsquo;s Virtual Cloud Network admin. And I had checked that Ubuntu&rsquo;s ufw firewall was inactive.<\/p>\n<p>But as it turns out, Oracle&rsquo;s Ubuntu image doesn&rsquo;t use ufw, like every Ubuntu, but the older iptables firewall.<\/p>\n<p>So you need to do this to get rid of those rules:<\/p>\n<div class=\"highlight\"><pre tabindex=\"0\" class=\"chroma\"><code class=\"language-bash\" data-lang=\"bash\"><span class=\"line\"><span class=\"cl\">sudo iptables -F\n<\/span><\/span><span class=\"line\"><span class=\"cl\">sudo netfilter-persistent save\n<\/span><\/span><\/code><\/pre><\/div>"},{"title":"New WordPress installation","link":"https:\/\/www.thomas-huehn.com\/new-wordpress-installation\/","pubDate":"Sun, 31 Oct 2021 23:00:00 +0000","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/new-wordpress-installation\/","description":"<h2 id=\"create-a-new-mysql-database\">Create a new MySQL database<\/h2>\n<div class=\"highlight\"><pre tabindex=\"0\" class=\"chroma\"><code class=\"language-sql\" data-lang=\"sql\"><span class=\"line\"><span class=\"cl\"><span class=\"k\">CREATE<\/span><span class=\"w\"> <\/span><span class=\"k\">DATABASE<\/span><span class=\"w\"> <\/span><span class=\"n\">wp_lindyhoppeln<\/span><span class=\"w\"> <\/span><span class=\"nb\">CHARACTER<\/span><span class=\"w\"> <\/span><span class=\"k\">SET<\/span><span class=\"w\"> <\/span><span class=\"n\">utf8mb4<\/span><span class=\"w\"> <\/span><span class=\"k\">COLLATE<\/span><span class=\"w\"> <\/span><span class=\"n\">utf8mb4_unicode_ci<\/span><span class=\"p\">;<\/span><span class=\"w\">\n<\/span><\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">CREATE<\/span><span class=\"w\"> <\/span><span class=\"k\">USER<\/span><span class=\"w\"> <\/span><span class=\"s1\">&#39;lindyhoppeln&#39;<\/span><span class=\"o\">@<\/span><span class=\"s1\">&#39;localhost&#39;<\/span><span class=\"p\">;<\/span><span class=\"w\">\n<\/span><\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">GRANT<\/span><span class=\"w\"> <\/span><span class=\"k\">ALL<\/span><span class=\"w\"> <\/span><span class=\"k\">PRIVILEGES<\/span><span class=\"w\"> <\/span><span class=\"k\">ON<\/span><span class=\"w\"> <\/span><span class=\"n\">wp_lindyhoppeln<\/span><span class=\"p\">.<\/span><span class=\"o\">*<\/span><span class=\"w\"> <\/span><span class=\"k\">To<\/span><span class=\"w\"> <\/span><span class=\"s1\">&#39;lindyhoppeln&#39;<\/span><span class=\"o\">@<\/span><span class=\"s1\">&#39;localhost&#39;<\/span><span class=\"w\"> <\/span><span class=\"n\">IDENTIFIED<\/span><span class=\"w\"> <\/span><span class=\"k\">BY<\/span><span class=\"w\"> <\/span><span class=\"s1\">&#39;passphrase&#39;<\/span><span class=\"p\">;<\/span><span class=\"w\">\n<\/span><\/span><\/span><\/code><\/pre><\/div><p>utf8mb4 is the \u201creal\u201d Unicode. By default, MySQL is using an old, buggy own variant.<\/p>\n<p>The database name must not contain dashes (or those must be quoted).<\/p>\n<h2 id=\"wordpress\">Wordpress<\/h2>\n<p>For Wordpress the following is my default choice:<\/p>\n<ul>\n<li>Theme: Twenty Sixteen<\/li>\n<li>Plugins:\n<ul>\n<li>Autoptimize: compress, use system fonts instead of Google fonts<\/li>\n<li>Prosodia VGW OS: counting pixels for VG Wort (only relevant to German-language weblogs)<\/li>\n<li>Site Kit by Google: sitemap<\/li>\n<li>WP Super Cache: generating static web pages for caching<\/li>\n<li>Yoast SEO: search-engine optimization (e.g. meta tags)<\/li>\n<li>Antispam Bee: free anti-spam plugin<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2 id=\"configure-a-new-domain\">Configure a new domain<\/h2>\n<p>First nginx, in sites-available:<\/p>\n<div class=\"highlight\"><pre tabindex=\"0\" class=\"chroma\"><code class=\"language-nginx\" data-lang=\"nginx\"><span class=\"line\"><span class=\"cl\"><span class=\"k\">server<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">listen<\/span> <span class=\"mi\">80<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">listen<\/span> <span class=\"s\">[::]:80<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">server_name<\/span> <span class=\"s\">www.thomas-huehn.de<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">location<\/span> <span class=\"s\">\/.well-known\/acme-challenge<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">root<\/span> <span class=\"s\">\/var\/www\/thomas-huehn\/html<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"p\">}<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"p\">}<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">server<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">listen<\/span> <span class=\"mi\">80<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">listen<\/span> <span class=\"s\">[::]:80<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">server_name<\/span> <span class=\"s\">thomas-huehn.de<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">root<\/span> <span class=\"s\">\/var\/www\/thomas-huehn\/html<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">index<\/span> <span class=\"s\">index.php<\/span> <span class=\"s\">index.html<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">location<\/span> <span class=\"s\">\/.well-known\/acme-challenge<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">root<\/span> <span class=\"s\">\/var\/www\/thomas-huehn\/html<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"p\">}<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"p\">}<\/span>\n<\/span><\/span><\/code><\/pre><\/div><p>Then acme.sh:<\/p>\n<div class=\"highlight\"><pre tabindex=\"0\" class=\"chroma\"><code class=\"language-bash\" data-lang=\"bash\"><span class=\"line\"><span class=\"cl\">acme.sh --issue --nginx -d www.thomas-huehn.de -d thomas-huehn.de\n<\/span><\/span><span class=\"line\"><span class=\"cl\">acme.sh --install-cert -d www.thomas-huehn.de --key-file \/etc\/cert-files\/key-www.thomas-huehn.de.pem --fullchain-file \/etc\/cert-files\/cert-www.thomas-huehn.de.pem --reloadcmd <span class=\"s2\">&#34;service nginx force-reload&#34;<\/span>\n<\/span><\/span><\/code><\/pre><\/div><p>Check whether nginx has access to \/etc\/cert-files\/ and reload:<\/p>\n<div class=\"highlight\"><pre tabindex=\"0\" class=\"chroma\"><code class=\"language-bash\" data-lang=\"bash\"><span class=\"line\"><span class=\"cl\">systemctl reload nginx\n<\/span><\/span><\/code><\/pre><\/div><p>Then fill in actual root section, in case of Wordpress:<\/p>\n<div class=\"highlight\"><pre tabindex=\"0\" class=\"chroma\"><code class=\"language-nginx\" data-lang=\"nginx\"><span class=\"line\"><span class=\"cl\"><span class=\"k\">root<\/span> <span class=\"s\">\/var\/www\/thomas-huehn\/html<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">index<\/span> <span class=\"s\">index.php<\/span> <span class=\"s\">index.html<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">location<\/span> <span class=\"s\">\/<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">try_files<\/span> <span class=\"nv\">$uri<\/span> <span class=\"nv\">$uri\/<\/span> <span class=\"s\">\/index.php?<\/span><span class=\"nv\">$args<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"p\">}<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">location<\/span> <span class=\"p\">~<\/span> <span class=\"sr\">\\.php$<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">include<\/span> <span class=\"s\">snippets\/fastcgi-php.conf<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">if<\/span> <span class=\"s\">(<\/span><span class=\"nv\">$uri<\/span> <span class=\"s\">!~<\/span> <span class=\"s\">&#34;^\/uploads\/&#34;)<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">fastcgi_pass<\/span> <span class=\"s\">unix:\/var\/run\/php\/php7.3-fpm.sock<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"p\">}<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"p\">}<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">location<\/span> <span class=\"p\">~<\/span> <span class=\"sr\">^\/wp-json\/<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"c1\"># if permalinks not enabled\n<\/span><\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">rewrite<\/span> <span class=\"s\">^\/wp-json\/(.*?)<\/span>$ <span class=\"s\">\/?rest_route=\/<\/span><span class=\"nv\">$1<\/span> <span class=\"s\">last<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"p\">}<\/span>\n<\/span><\/span><\/code><\/pre><\/div><p>And a redirect:<\/p>\n<div class=\"highlight\"><pre tabindex=\"0\" class=\"chroma\"><code class=\"language-nginx\" data-lang=\"nginx\"><span class=\"line\"><span class=\"cl\"> <span class=\"k\">location<\/span> <span class=\"s\">\/<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">return<\/span> <span class=\"mi\">301<\/span> <span class=\"s\">https:\/\/www.thomas-huehn.de<\/span><span class=\"nv\">$request_uri<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"p\">}<\/span>\n<\/span><\/span><\/code><\/pre><\/div><p>Then correct nginx configuration with redirect no-www to www and TLS:<\/p>\n<div class=\"highlight\"><pre tabindex=\"0\" class=\"chroma\"><code class=\"language-nginx\" data-lang=\"nginx\"><span class=\"line\"><span class=\"cl\"> <span class=\"k\">server<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">listen<\/span> <span class=\"mi\">443<\/span> <span class=\"s\">ssl<\/span> <span class=\"s\">http2<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">listen<\/span> <span class=\"s\">[::]:443<\/span> <span class=\"s\">ssl<\/span> <span class=\"s\">http2<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">server_name<\/span> <span class=\"s\">www.thomas-huehn.de<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">ssl_certificate<\/span> <span class=\"s\">\/etc\/cert-files\/cert-www.thomas-huehn.de.pem<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">ssl_certificate_key<\/span> <span class=\"s\">\/etc\/cert-files\/key-www.thomas-huehn.de.pem<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">ssl_protocols<\/span> <span class=\"s\">TLSv1<\/span> <span class=\"s\">TLSv1.1<\/span> <span class=\"s\">TLSv1.2<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">ssl_ciphers<\/span> <span class=\"s\">&#34;ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDH<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"s\">root<\/span> <span class=\"s\">\/var\/www\/thomas-huehn\/html<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">index<\/span> <span class=\"s\">index.php<\/span> <span class=\"s\">index.html<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">location<\/span> <span class=\"s\">\/<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">try_files<\/span> <span class=\"nv\">$uri<\/span> <span class=\"nv\">$uri\/<\/span> <span class=\"s\">\/index.php?<\/span><span class=\"nv\">$args<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"p\">}<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">location<\/span> <span class=\"p\">~<\/span> <span class=\"sr\">\\.php$<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">include<\/span> <span class=\"s\">snippets\/fastcgi-php.conf<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">if<\/span> <span class=\"s\">(<\/span><span class=\"nv\">$uri<\/span> <span class=\"s\">!~<\/span> <span class=\"s\">&#34;^\/uploads\/&#34;)<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">fastcgi_pass<\/span> <span class=\"s\">unix:\/var\/run\/php\/php7.3-fpm.sock<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"p\">}<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"p\">}<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">location<\/span> <span class=\"p\">~<\/span> <span class=\"sr\">^\/wp-json\/<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"c1\"># if permalinks not enabled\n<\/span><\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">rewrite<\/span> <span class=\"s\">^\/wp-json\/(.*?)<\/span>$ <span class=\"s\">\/?rest_route=\/<\/span><span class=\"nv\">$1<\/span> <span class=\"s\">last<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"p\">}<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"p\">}<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">server<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">listen<\/span> <span class=\"mi\">80<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">listen<\/span> <span class=\"s\">[::]:80<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">server_name<\/span> <span class=\"s\">www.thomas-huehn.de<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">location<\/span> <span class=\"s\">\/.well-known\/acme-challenge<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">root<\/span> <span class=\"s\">\/var\/www\/thomas-huehn\/html<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"p\">}<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">location<\/span> <span class=\"s\">\/<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">return<\/span> <span class=\"mi\">301<\/span> <span class=\"s\">https:\/\/www.thomas-huehn.de<\/span><span class=\"nv\">$request_uri<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"p\">}<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"p\">}<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">server<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">listen<\/span> <span class=\"mi\">80<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">listen<\/span> <span class=\"s\">[::]:80<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">server_name<\/span> <span class=\"s\">thomas-huehn.de<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">location<\/span> <span class=\"s\">\/.well-known\/acme-challenge<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">root<\/span> <span class=\"s\">\/var\/www\/thomas-huehn\/html<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"p\">}<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">location<\/span> <span class=\"s\">\/<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"kn\">return<\/span> <span class=\"mi\">301<\/span> <span class=\"s\">https:\/\/www.thomas-huehn.de<\/span><span class=\"nv\">$request_uri<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"p\">}<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"p\">}<\/span>\n<\/span><\/span><\/code><\/pre><\/div><p>Calling acme.sh with &ndash;test targets Letsencrypt&rsquo;s staging server.<\/p>\n<h2 id=\"real-cron-for-wordpress\">Real cron for Wordpress<\/h2>\n<div class=\"highlight\"><pre tabindex=\"0\" class=\"chroma\"><code class=\"language-bash\" data-lang=\"bash\"><span class=\"line\"><span class=\"cl\">crontab -u www-data -e\n<\/span><\/span><\/code><\/pre><\/div><pre tabindex=\"0\"><code>* * * * * \/usr\/bin\/php \/var\/www\/thomas-huehn\/html\/wp-cron.php\n* * * * * \/usr\/bin\/php \/var\/www\/lindyhoppeln\/html\/wp-cron.php\n<\/code><\/pre><p>In wp-config-php. pretty much at the top:<\/p>\n<div class=\"highlight\"><pre tabindex=\"0\" class=\"chroma\"><code class=\"language-php\" data-lang=\"php\"><span class=\"line\"><span class=\"cl\"><span class=\"sd\">\/** Disable virtual cron *\/<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"nx\">define<\/span><span class=\"p\">(<\/span><span class=\"s1\">&#39;DISABLE_WP_CRON&#39;<\/span><span class=\"p\">,<\/span> <span class=\"k\">true<\/span><span class=\"p\">);<\/span>\n<\/span><\/span><\/code><\/pre><\/div><h2 id=\"repair-pingback\">Repair pingback<\/h2>\n<p>In wp-includes\/cron.php: timeout 1 instead of 0.01:<\/p>\n<div class=\"highlight\"><pre tabindex=\"0\" class=\"chroma\"><code class=\"language-php\" data-lang=\"php\"><span class=\"line\"><span class=\"cl\"><span class=\"nv\">$cron_request<\/span> <span class=\"o\">=<\/span> <span class=\"nx\">apply_filters<\/span><span class=\"p\">(<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"s1\">&#39;cron_request&#39;<\/span><span class=\"p\">,<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"k\">array<\/span><span class=\"p\">(<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"s1\">&#39;url&#39;<\/span> <span class=\"o\">=&gt;<\/span> <span class=\"nx\">add_query_arg<\/span><span class=\"p\">(<\/span> <span class=\"s1\">&#39;doing_wp_cron&#39;<\/span><span class=\"p\">,<\/span> <span class=\"nv\">$doing_wp_cron<\/span><span class=\"p\">,<\/span> <span class=\"nx\">site_url<\/span><span class=\"p\">(<\/span> <span class=\"s1\">&#39;wp-cron.php&#39;<\/span> <span class=\"p\">)<\/span> <span class=\"p\">),<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"s1\">&#39;key&#39;<\/span> <span class=\"o\">=&gt;<\/span> <span class=\"nv\">$doing_wp_cron<\/span><span class=\"p\">,<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"s1\">&#39;args&#39;<\/span> <span class=\"o\">=&gt;<\/span> <span class=\"k\">array<\/span><span class=\"p\">(<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"> <span class=\"s1\">&#39;timeout&#39;<\/span> <span class=\"o\">=&gt;<\/span> <span class=\"mi\">1<\/span><span class=\"p\">,<\/span>\n<\/span><\/span><\/code><\/pre><\/div>"},{"title":"Statistical Process Control according to W. Edwards Deming","link":"https:\/\/www.thomas-huehn.com\/deming\/","pubDate":"Wed, 05 Aug 2020 22:00:00 +0000","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/deming\/","description":"<h1 id=\"introduction\">Introduction<\/h1>\n<p>Sometimes called \u201cThe Father of Quality Management\u201d, William Edwards Deming shaped the field during the twentieth century.<\/p>\n<p>His work is strongly focussed on production processes, shop floors in automobile or other traditional industries, but I believe that a lot of it carries over to other fields, even software development. Fields like medicine have taken notice of Deming\u2019s work, after all.<\/p>\n<p>But even if you do not see an immediate application to your daily work, I think that knowing a little bit about Deming and his work contributes to your cultural enrichment. Deming had large influence on the world\u2019s economy, albeit indirect in some instances.<\/p>\n<p>A statistics professor at business school and a freelancing consultant, he advocated for statistical quality management in the industry, and in educating the managerial class in those statistical methods, as opposed to ad-hoc ones.<\/p>\n<p>Deming wrote several books, the best known ones may be \u201cThe New Economics of Industry, Government, and Education\u201d and \u201cOut of the Crisis\u201d. You can see from the titles that they are wide-ranged in topic, not textbooks on statistical methods.<\/p>\n<p>A lot in the books is political. He writes about America in the world. Topics are all sorts of things: Ethics of managers, the postal service, many other things. Some of it hasn\u2019t aged well, like his incredulity why the Government broke up a beautiful monopoly like Bell Telephone. Other things seem random, like his discussion of the phenomenon of hitting your children when they bring home bad grades. The first chapters in \u201cNew Economics\u201d, at least, read like \u201cOld Man Yells at Cloud\u201d. Fortunately, after you slog through that all, you get to the real meat of the book.<\/p>\n<h1 id=\"deming-and-systems\">Deming and Systems<\/h1>\n<p>A central pillar of his managerial philosophy is that the problem is not the people themselves.<\/p>\n<blockquote>\n<p>Ranking is a farce. Apparent performance is actually attributable mostly to the system that the individual works in, not to the individual himself.<\/p>\n<\/blockquote>\n<blockquote>\n<p>Abolish ranking [\u2026] Manage the whole company as a system.<\/p>\n<\/blockquote>\n<p>Doesn\u2019t the last quotation ring a bell? Jack Welsh at GE? Microsoft until fairly recently? Those companies (and their managers) believed that workers were their antagonists. Any substandard performance must be because the workers are incompetent or lazy, so you should replace them with \u201crock stars\u201d.<\/p>\n<p>Deming was always thinking in systems, not individuals. He has often performed two experiments in his workshops for managers: the red beads experiment and the funnel experiment. We\u2019ll come to the latter a few chapters down, but the red beads experiment is pertinent here. Unfortunately it is rather unspectacular, even mundane.<\/p>\n<p>I\u2019ll spare you a move-by-move re-enactment and just summarize it. If you\u2019re interested in more details, there are several videos on YouTube showing Deming himself performing this experiment with participants from an audience.<\/p>\n<p>The red bead experiment has several people (\u201cworkers\u201d) shovel beads from a box. There are red beads and white beads, and their shovels are paddles with little depressions, so the beads can settle in them and you can fish them out of the box. The workers are directed to get as many white beads (and as little red beads which signify defects) as possible. The experiment goes over several rounds, with lots of procedure (\u201cyou must hold the paddle like this\u201d) and the workers\u2019 performance is tallied and tabulated.<\/p>\n<p>The experiment is set up so that an individual worker\u2019s performance is largely random. You cannot use skill to reliably fish out one sort of beads. And that\u2019s the whole point. The system makes the outcome random, the individual is helpless. So it doesn\u2019t make a whole lot of sense to reward a good performance or punish a bad performance. Boring, I know. Try watching the experiment for 15 minutes.<\/p>\n<p>That does not mean that people are not important, in fact Deming believes exactly the opposite:<\/p>\n<blockquote>\n<p>The most important application of the principles of statistical control of quality [\u2026] is in the management of people.<\/p>\n<\/blockquote>\n<p>But the most important thing to take away from this part is: <strong>Systems are important.<\/strong><\/p>\n<h1 id=\"demings-significance\">Deming\u2019s significance<\/h1>\n<p>Deming tried to get his ideas adopted in America, but he fell largely on deaf ears with American industrialists. That isn\u2019t terribly surprising, you need to understand the times, especially shortly after World War II: Americans were the rulers of the world. Europe was in ruins, sometimes even still smoking. China wasn\u2019t the high-tech supplier it is today, but a poor agrarian country. BRIC wasn\u2019t even invented as an acronym, and nobody talked about the \u201ctiger states\u201d.<\/p>\n<p>Why indeed should America change its ways? The future looked bright.<\/p>\n<p>Not only lay Europe in ruins, Japan did, too, maybe even more so. America was occupying Japan, and the story goes that General MacArthur exploded with frustration when his phone call to another island of Japan repeatedly broke off. So he wanted to re-build Japan, at least some infrastructure.<\/p>\n<p>Well, that\u2019s probably not exactly what happened, the story is apocryphal after all, and many other people were in favor of helping rebuild Japan. But the important thing is: America decided to help rebuild Japan. And so many experts from all kinds of fields embarked and came to Japan.<\/p>\n<p>Deming was one of them. And suddenly he was respected, nay, even sought after.<\/p>\n<p>The Japanese were naturally even more interested in rebuilding Japan than the Americans were. They worked hard on their economic miracle. And we know how that went.<\/p>\n<p>There are fascinating video clips on YouTube showing Americans demolishing Japanese cars. With baseball bats. Even politicians in their campaign videos doing violence to Japanese products.<\/p>\n<p>I can only assume that the Japanese weren\u2019t terribly impressed with Americans destroying their own property, that they had already paid for.<\/p>\n<p>Okay, but back when Deming went to Japan, they didn\u2019t know yet how Japan would rise from the ashes. MacArthur certainly did not have the intention to have Detroit become a wasteland of once-mighty factories, but well, the man wanted to make a phone call.<\/p>\n<p>As I said, the Japanese were very interested in what Deming had to teach them. He was known in quality management circles, after all, it was only the big practical implementation that he wasn\u2019t able to do in America. It started with the engineers\u2019 association, he got contacts to middle management, later to top management, and he taught them what he believed in. The top brass (think CEOs) of big Japanese companies attended his seminars. He was a star, and he got numerous awards and honors in Japan.<\/p>\n<p>Deming did not invent the newfangled things that the Japanese used to effect their economic miracle. He did not invent the Toyota Production System, he did not invent Kanban, or Total Quality Management.<\/p>\n<p>But his disciples did.<\/p>\n<p>All of that was mostly taking place from the fifties to the eighties. For broad recognition in America, Deming had to wait until much later.<\/p>\n<h1 id=\"the-deming-cycle\">The Deming cycle<\/h1>\n<p>Those Japanese came after him, but whose shoulders was Deming standing on?<\/p>\n<p>Walter Shewhart.<\/p>\n<p>Much of what Deming is known for already existed in some form or another with Shewhart. Which is no accident, Deming studied under Shewhart, and later worked with him. And the best-known thing from Shewhart is the Shewhart cycle:<\/p>\n<p>Plan \u2013 Do \u2013 Check \u2013 Act. A staple of project management. Also called the PDCA cycle, the Scrum sprint or \u2013 wait for it \u2013 the Deming cycle.<\/p>\n<figure>\n<img src=\"deming-cycle-squoosh.png\"\nalt=\"Plan \u2013 Do \u2013 Check \u2013 Act\"\nwidth=\"1587\"\nheight=\"1587\"\n\/><\/figure>\n<p>Deming himself always called that concept the Shewhart cycle.<\/p>\n<p>But Deming also changed the Shewhart cycle in one small respect. He struck out \u201cCheck\u201d and wrote \u201cStudy\u201d. It seems inconsequential, but Deming insisted on that. To him, \u201ccheck\u201d sounded like \u201cinspect\u201d.<\/p>\n<p><strong>Deming hates inspection.<\/strong> With a passion. Read his books, he goes on and on about the evils of inspection.<\/p>\n<blockquote>\n<p>You can not inspect quality into a product.<\/p>\n<\/blockquote>\n<p>But what is inspection? Inspection is when you take a produced widget (or printed circuit board, or car), measure its properties, and compare to some specification. On the basis of that check you decide whether to ship the product, or throw it away (or re-melt it), or fix it.<\/p>\n<p>The idea is to throw away what\u2019s outside the specification. You start with the specification and produce \u201cto spec\u201d.<\/p>\n<blockquote>\n<p>Eliminate the need for inspection on a mass basis by building quality into the product in the first place.<\/p>\n<\/blockquote>\n<p>This last quotation is easy to misunderstand. Deming did not say \u201cjust produce widgets and never look at them, then wait for customer complaints\u201d. When setting up your production, you will need many trials and you will want to check every time how it went. When you have a running production you still want to sample your output and see whether it\u2019s good. But you shouldn\u2019t measure every one the widgets you produce and decide for each one whether to sell it or to dump it.<\/p>\n<p>But what else are you supposed to do?<\/p>\n<h2 id=\"statistical-process-control\">Statistical process control<\/h2>\n<p>The production process can be modelled using a production function P(\u03bc,\u03c3), which is distributed approximately normally, with \u03bc as the mean and \u03c3 as the standard deviation of the distribution.<\/p>\n<figure>\n<img src=\"non-centered.jpg\"\nalt=\"Production function and Loss function\"\nwidth=\"640\"\nheight=\"480\"\n\/><\/figure>\n<p>Production function and Loss function<\/p>\n<p>Why a normal distribution? Because in practice it seems to work well (the Central Limit Theorem tells us that under rather lax conditions, you see approximately a normal distribution). And because there are \u201cnice\u201d theorems about it, so you can calculate practical things with it.<\/p>\n<p>The x axis shows a (continuous) measurement, maybe the widget\u2019s length or its weight. At x equals zero is what the production process \u201cis supposed to do\u201d, with deviations being random errors.<\/p>\n<p>The y axis gives us the amount of widgets made for any measurement on the x axis.<\/p>\n<p>This is a simplification, of course. Your production process may not be normally distributed, its graph may be asymmetric, askew, with steps in it, and so on. It doesn\u2019t matter for the explanation of the general method.<\/p>\n<p>In addition to the production function, there is a loss function L(x). It matters how long or heavy the widget is. If it\u2019s close to what you want it to be, but not quite, that\u2019s probably still okay. If it\u2019s far away, that\u2019s bad. So the loss function may look like a parabola.<\/p>\n<p>Again, it doesn\u2019t have to. If you think about catching a bus, and you\u2019re half an hour early, that\u2019s bad. If you\u2019re five minutes early, that\u2019s good. If you\u2019re one minute early, that\u2019s better, but not much better. Waiting five minutes isn\u2019t so bad. But if you\u2019re one minute late, you\u2019ve missed the bus and you\u2019ll wait another hour. In this example your loss function would be something like a parabola left of \u03bc, but a step towards its maximum at \u03bc.<\/p>\n<p>In general, the loss function\u2019s parabola may not be centered at the production function\u2019s \u03bc.<\/p>\n<p>A new function f(\u03bc,\u03c3) now combines the production and loss function, by multiplying both and integrating over the whole domain. It weighs the number of widgets produced at a certain x one the one hand, and the loss incurred at that x on the other hand, to give a total loss. And now there is an optimization problem: when does f take on its minimum?<\/p>\n<aside>\nI would think you need a bit more machinery, like a real convolution, wouldn\u2019t you? But Deming shows a multiplication, unless I have misunderstood the notation.\n<\/aside>\n<figure>\n<img src=\"centered-1.jpg\"\nalt=\"centered\"\nwidth=\"640\"\nheight=\"358\"\n\/><\/figure>\n<p>Production function and Loss function<\/p>\n<p>For usual functions P and L (and especially in this example) it\u2019s obvious: \u03bc should be where the loss function has its minimum. If that is the case, most of the widgets will not incur much loss, and those widgets that incur loss are few.<\/p>\n<p>Another possibility is to improve the production process, so that the production function\u2019s graph is narrower, or in other words, the standard deviation (and therefore the variance) gets smaller. Widgets far outside \u03bc are still costly, but there are even fewer than before.<\/p>\n<p>It helps, but centering the process on where the widget\u2019s length, height, etc. is supposed to be usually gets better results than narrowing the process around the wrong \u03bc. So Deming tells us to center our process, putting our expected value \u03bc where we want it to be, and only then work on reducing the variance.<\/p>\n<p>What does centering the process mean? First of all it means to set up your production correctly. When your machine is set up to produce widgets that are 5 centimeters long, you may still get a few that are 4 centimeters long. But if that is what you really need, don\u2019t rely on variance, but make sure the machine is set up for 4 centimeters. Also the general handling of the machine is in this category. When the operator has not understood how to operate the machine correctly, the result may be systematically off.<\/p>\n<p>Reducing the variance is more concerned with maintenance. Does the machine need to be oiled? Are parts defective that need to be replaced? But handling still plays a role. One operator may do it differently than the other. Having a single way to do things in place, and training people properly are a part of reducing the variance.<\/p>\n<h2 id=\"types-of-errors\">Types of errors<\/h2>\n<p>Let\u2019s talk about errors. There are two fundamentally different categories of errors, and Deming is adamant about investigating what category an observed error belongs to: there are special causes of variation and common causes of variation.<\/p>\n<aside>\nIf you\u2019re working with safety-related systems this nomenclature may throw you off for a moment. \u201cCommon causes\u201d in this sense are not about errors with a common cause, like a single electromagnetic pulse coupling into two different wires. Here, \u201ccommon\u201d simply means \u201cregular\u201d or \u201cnot special\u201d.\n<\/aside>\n<p>Why is it important what category an error belongs to? Because they must be treated differently!<\/p>\n<p>Common causes, which Shewhart called \u201cchance causes\u201d, happen randomly. They are the normal process variance. They happen all the time, and there isn\u2019t a single specific action to eliminate them.<\/p>\n<p>Special causes or, as Shewhart called them, assignable causes are often caused by a low-level worker. The term \u201cassignable cause\u201d is quite good, because the intuition is \u201cthere is something or someone we can point the finger at\u201d.<\/p>\n<p>For example, a backhoe dug at the wrong place and now your factory has no electricity anymore. That would be a classic special cause. You can identify what was responsible: \u201cthe backhoe\u201d, \u201cthe driver\u201d, \u201cthe planner\u201d or maybe \u201cthe one who didn\u2019t think of redundant and fail-safe power supply\u201d. It doesn\u2019t happen regularly, and you certainly wouldn\u2019t call it a normal part of your production process.<\/p>\n<p>But if you\u2019re a big, nationwide telecommunications company, some backhoe cutting one of your cables is probably not a special cause, but more like \u201cTuesday\u201d. It happens often enough that you shouldn\u2019t see it as a singular act of god, but something that can be statistically modelled, and where the avoidance of that source of error should be part of your normal business and its processes and procedures.<\/p>\n<p>These special causes can be viewed as a non-predictable and statistically unmanageable source of errors, that overlays your common cause errors, making the common cause errors harder to model and treat.<\/p>\n<p>How do you treat and remedy all those errors then?<\/p>\n<p>For special causes that\u2019s easy: you eliminate them one by one, because otherwise your process is unpredictable and therefore not in control. They cannot be remedied by decree from above, they need to be remedied on the low level, where they usually pop up. Since they are random singular events you cannot eliminate them all for good, but you must try.<\/p>\n<p>Common causes are treated entirely differently: you control them by getting your process under control. That means centering your process and narrowing the variance. And then comes the most important part of all.<\/p>\n<p><strong>Keep your hands off!<\/strong><\/p>\n<p>Really. You treat them all at once, by getting the process under control. You never try to treat one of those individually.<\/p>\n<p>But what happens if you treat a common cause error by itself? Glad you asked, because now I can tell you about Deming\u2019s second famous experiment, the funnel experiment.<\/p>\n<h2 id=\"the-funnel-experiment\">The funnel experiment<\/h2>\n<p>In the funnel experiment Deming put a sheet of paper on a table, marked a point in the middle as the target point (let\u2019s call it T) and held a funnel with some distance right over the target point. He then put a ball down the funnel and marked where that ball hit the paper. Usually it hit a bit besides the target point T, let\u2019s call the point H.<\/p>\n<p>And now there are four different strategies how to proceed. Each of those strategies tells you how to move the funnel (and thus define a new target point T\u2019) after each ball. He repeatedly threw balls down the funnel, which was placed according to the strategy chosen, marked the new hit points H\u2019, H\u2019\u2019 and so on, and after a few dozen balls or so you see a distribution pattern.<\/p>\n<p>The first strategy was precisely what he recommends for common cause errors: \u201cHands off!\u201d. The funnel stays where it is, so T\u2019\u2019 = T\u2019 = T.<\/p>\n<p>The resulting pattern looks circular, and fairly small:<\/p>\n<figure>\n<img src=\"strategy1.jpg\"\nalt=\"The resulting pattern looks circular, and fairly small.\"\nwidth=\"465\"\nheight=\"465\"\n\/><\/figure>\n<p>The second strategy was what many people do: correct the funnel for a perceived bias. If a ball hit at point H, and that point H was three millimeters left of the target point T, move the funnel three millimeters to the right. The new target point T\u2019 is therefore three millimeters to the right of the old target point T.<\/p>\n<p>This is like shooting artillery. You overshot the enemy? Aim shorter the next time. It\u2019s also what happens when you treat common causes as if they were special causes.<\/p>\n<p>The resulting pattern is still circular, but around 30% larger in area:<\/p>\n<figure>\n<img src=\"strategy2.jpg\"\nalt=\"The resulting pattern is still circular, but around 30% larger in area.\"\nwidth=\"504\"\nheight=\"503\"\n\/><\/figure>\n<p>The third strategy is similar to the second, except you don\u2019t compare the hit point H to the last target point T, but always to the original target point in the middle of the paper.<\/p>\n<p>The resulting pattern looks a bit like a propeller, the target point oscillates between two sectors, and the whole experiment diverges, that is, the error gets larger and larger:<\/p>\n<figure>\n<img src=\"strategy3.jpg\"\nalt=\"The resulting pattern looks a bit like a propeller, the target point oscillates between two sectors, and the whole experiment diverges, that is, the error gets larger and larger.\"\nwidth=\"506\"\nheight=\"505\"\n\/><\/figure>\n<p>The fourth strategy looks equally wild. You just target the last hit point, so T\u2019 = H. Why would you do that? You wouldn\u2019t, of course, in this experiment. But it is pretty much the game of telephone. You aim for what the last person told you. Or, in other words, this is teaching someone, without a common and stable textbook. When one machine operator teaches his successor, the successor gets most of it, but not quite all. When this operator now teaches his successor, and the original operator is no longer around, your training diverges, just as those balls do here.<\/p>\n<p>And the resulting pattern looks just like it: it diverges fast, and generally in one direction, there isn\u2019t much zig-zagging around:<\/p>\n<figure>\n<img src=\"strategy4.jpg\"\nalt=\"And the resulting pattern looks just like it: it diverges fast, and generally in one direction, there isn\u2019t much zig-zagging around.\"\nwidth=\"485\"\nheight=\"485\"\n\/><\/figure>\n<p>So it is crucial to treat common errors with process improvement, and special errors with, well, special action. But how do you distinguish between those two kinds? It wouldn\u2019t help to know it only in hindsight, from the success or failure of the treatment.<\/p>\n<h2 id=\"distinguishing-between-the-types-of-errors\">Distinguishing between the types of errors<\/h2>\n<p>Common causes and special causes can be distinguished mathematically. The basis for that distinction is the Control chart (also called Shewhart chart or process-behaviour chart).<\/p>\n<p>The y axis depicts a continuous measurement, the target line corresponds to the ideal. There is an upper control limit UCL and a lower control limit LCL. Both sit at +3\u03c3 and -3\u03c3, respectively.<\/p>\n<figure>\n<img src=\"controlchart.jpg\"\nalt=\"Control chart\"\nwidth=\"640\"\nheight=\"348\"\n\/><\/figure>\n<p>Control chart<\/p>\n<p><strong>UCL and LCL are calculated from real data! Those are no specification limits.<\/strong><\/p>\n<blockquote>\n<p>Using the manufacturer\u2019s claim as the lower control limit (action limit) is confusing special causes with common causes, making matters worse, guaranteeing trouble forever.<\/p>\n<\/blockquote>\n<blockquote>\n<p>A wiser procedure would be to get statistical control of the machine, under the circumstances in place. Its performance might turn out to be 90 per cent of the maximum speed as specified by the manufacturer, or 100 per cent, or 110 per cent. The next step would be the continual improvement of the machine and use thereof.<\/p>\n<\/blockquote>\n<aside>\nAs far as I understand it, there isn\u2019t a hard theorem why they should sit at +\/-3\u03c3, but there is both empirical evidence for it and statistical arguments that suggest values in that ballpark.\n<\/aside>\n<p>You plot your measurements on the control chart. This is not an inspection in the sense that Deming despises. You do not check the widgets against defines tolerances and decide whether to keep them. You plot the behaviour of your process. Now it\u2019s real simple: everything within that +\/-3\u03c3 band is a common cause, everything outside of that band is a special cause.<\/p>\n<p>Only that would be too simple and not depicting reality accurately enough. So several rule sets were developed, two of the best-known are the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Western_Electric_rules\">Western Electric Rules<\/a> and the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Nelson_rules\">Nelson Rules<\/a>. Both are a bit more involved than just \u201cinside or outside?\u201d, they look at certain runs of measurements. For example, when the measurement continually alternates between the positive and the negative side of the y axis, it doesn\u2019t look like a common cause, but like a special cause inducing oscillation.<\/p>\n<p>A process is said to be \u201cin control\u201d when only common cause errors are left. It may not be good process, it may not be centered or it may have a wide variance, but it is under control. That\u2019s a big plus, and you can work on improving your process.<\/p>\n<p>But when the control chart signifies that most of your problems are special causes, you\u2019re in trouble: your process is strained and decidedly not in control. It may be an old, worn-out machine, it may be insufficiently trained or overstressed workers, but you need to get it back in control by treating the special cause errors first.\nSummary<\/p>\n<ul>\n<li>Systems are important<\/li>\n<li>From absolute specification limits and tolerances towards statistical process control<\/li>\n<li>Common causes: improve the process, nothing else<\/li>\n<li>Special causes: Individual corrections<\/li>\n<li>Distinguish by control chart<\/li>\n<\/ul>"},{"title":"Beautifully illustrated children's books","link":"https:\/\/www.thomas-huehn.com\/beautifully-illustrated-books\/","pubDate":"Sun, 11 Aug 2019 22:00:00 +0000","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/beautifully-illustrated-books\/","description":"<p>Back in 2015 <a href=\"https:\/\/news.ycombinator.com\/user?id=DanBC\">DanBC<\/a> <a href=\"https:\/\/news.ycombinator.com\/item?id=9848031\">wrote on Hackernews:<\/a><\/p>\n<blockquote>\n<p>2) I buy many books for my child. Amazon is pretty hopeless at recommending books to me, even though I&rsquo;ve seeded it with knowledge of the books I&rsquo;ve bought. So I turn to human curation: the Kate Greenaway medal focuses on excellent illustration in books for children. That list is an excellent source for books. Then one or two degrees of separation (eg, other books the illustrator has worked on, or other books the author of the winning book has written) get you hundreds of excellent books. Someone scraping this list and using affiliate links could probably make a bit of passive income.<\/p>\n<\/blockquote>\n<p>I finally got around <a href=\"https:\/\/www.thomas-huehn.de\/schoene-kinderbuecher\/\">to doing something like that<\/a> (although it&rsquo;s in German and won&rsquo;t help him much).<\/p>\n<p>I started, as he recommended, with the Kate Greenaway Medal, and the Caldecott Medal as the American counterpart. Unfortunately, many or even most of these books were never translated into German.<\/p>\n<p>I perused the laureate lists of some German awards, as well. The protestant church has one or two awards in that general space, the state of Northrhine-Westphalia has another.<\/p>\n<p>Everything was done manually (and took much longer than I expected): Browsing award lists, collecting the information, writing HTML and CSS, finding out what the books are about. No neural networks involved\u2026<\/p>\n<p>What I found out doing this:<\/p>\n<ol>\n<li>\n<p>People block ads. <em>I<\/em> block ads. And I was wondering why those Amazon image links didn&rsquo;t work. Until I remembered uBlock Origin. And then remembered Privacy Badger. And then remembered my Pi-Hole.<\/p>\n<p>So my solution was to download the cover images and host them myself. Under Amazon&rsquo;s affiliate terms I&rsquo;m allowed to download no more than 100 images. I have 66. So there goes &ldquo;hundreds of excellent books&rdquo;.<\/p>\n<p>(At first I wanted to stay ad-free, because I don&rsquo;t see a lot of ad income here, but writing to all the publishers asking for permission to use their cover images? No, thank you, Amazon Partnernet is giving me blanket permission \u2013\u00a0with harsh restrictions, of course).<\/p>\n<\/li>\n<li>\n<p>Web design is a catastrophe. I took it as an excuse to learn a little bit of CSS Grid or Flexbox, failed with both for a long time, then combined both. And in the end I had to give special treatment to IE11, because it should work with prefixes, but everything was on top of everything else and I did not feel like spending another evening on that problem.<\/p>\n<\/li>\n<li>\n<p>Even if it weren&rsquo;t a catastrophe, I&rsquo;m no designer. I tried to make the web page a bit less clich\u00e9 &ldquo;Hacker News minimalist&rdquo;. It&rsquo;s astonishing how much of a difference a simple box shadow with rounded corners makes!<\/p>\n<\/li>\n<li>\n<p>Regarding &ldquo;affiliate links could probably make a bit of passive income&rdquo;, I doubt it will be even in the &ldquo;a coffee a day&rdquo; range. There are many blogs and sites reviewing children&rsquo;s books, I have absolutely no talent for marketing, and I&rsquo;m not well-known.<\/p>\n<p>I may throw twenty Euros at Google or Facebook ads, more because I&rsquo;m interested how the advertiser point of view is than because I think it&rsquo;ll help much.<\/p>\n<\/li>\n<li>\n<p>Book descriptions are <em>hard.<\/em> Especially when you don&rsquo;t have the book physically present. My descriptions are short and pretty anodyne. You&rsquo;d think I had just looked at the covers. But I did read lots of reviews, trying to get the gist. Sometimes it was impossible.<\/p>\n<\/li>\n<li>\n<p>My privacy statement is probably still not good enough, though at least understandable by a layperson. When you start putting affiliate links to web pages you feel some urgency to get that right. And I like the &lt;details&gt; tag, it gives you a nice click-open arrow without any Javascript.<\/p>\n<\/li>\n<\/ol>\n<p>When I told him about my site, DanBC graciously commended me on it and suggested I submit it as an Show HN.<\/p>\n<p>Unfortunately, that&rsquo;s out of the question, since only things that can be &ldquo;tried out&rdquo; are allowed there, not just any web page that happens to be written by a regular. A normal submission is also futile, I guess, because foreign language submissions are kind of pointless.<\/p>"},{"title":"The Pyramid Principle","link":"https:\/\/www.thomas-huehn.com\/the-pyramid-principle\/","pubDate":"Sun, 14 Jul 2019 22:00:00 +0000","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/the-pyramid-principle\/","description":"<p>These are only notes I scribbled down while reading the book. They need to be consolidated into a real article later.<\/p>\n<p>The basic idea is to separate the thinking process from the writing process. First think, then write.<\/p>\n<p>The document should be presented in proper form, so that the reader can easily understand it: pyramidal structure, flow of major ideas, supported by minor ideas.<\/p>\n<p>Simpler sentences are good, and usually the focus when it comes to &ldquo;good writing&rdquo;, but it&rsquo;s only style, and hard to change. A more pervasive problem that can be fixed more easily (but not without effort) is the structure.<\/p>\n<p>The ordering of ideas must not conflict with the capabilities of the reader&rsquo;s mind to process them. These capabilities are the same for everyone, Minto posits.<\/p>\n<p>The clearest sequence is to present summarizing ideas before individual ideas that are fleshing out the summarizing ideas.<\/p>\n<p>Information should be presented top-down, but the thinking process before writing the document should be bottom-up.<\/p>\n<p>The document supports one major thought. That thought sits at the very top.<\/p>\n<p>Rules:<\/p>\n<ul>\n<li>Ideas must be summaries of ideas grouped below<\/li>\n<li>Ideas grouped together must be of &ldquo;same kind&rdquo;<\/li>\n<li>Ideas grouped together must be logically ordered<\/li>\n<\/ul>\n<p>Definition: An idea is a statement that raises a question in the reader&rsquo;s mind.<\/p>\n<p>Refrain from raising questions in the reader&rsquo;s mind before you are ready to answer them. Also refrain from answering questions you haven&rsquo;t already raised.<\/p>\n<p>Horizontally, ideas can be grouped inductively or deductively.<\/p>\n<p>The document&rsquo;s introduction should be of the form &ldquo;situation, complication, question, answer&rdquo;.<\/p>\n<p>Don&rsquo;t use headings like &ldquo;Findings&rdquo; or &ldquo;Conclusions&rdquo;, they have no scanning value.<\/p>\n<p>The introduction contains things the reader already knows or agrees with.<\/p>\n<p>The complication is not necessarily a problem, but an alteration to a stable situtation and the impetus for writing the document.<\/p>\n<p>The key line is the answer to a new question (the main question at the top) and indicates a plan for the document, expressed in ideas.<\/p>\n<p>Think about a smooth transition between groupings.<\/p>\n<p>Clear writing results from a clear exposition of the exact relationsships between a group of ideas on the same subject.<\/p>\n<p>Ideas (with sub-groupings of ideas) should appear horizontally in logical order, either found deductively or inductively.<\/p>\n<p>Deductive points derive from each other, inductive points don&rsquo;t.<\/p>\n<p>Deductive: ponderous way to write, boring, syllogism, avoid on key line level<\/p>\n<p>Inductive: action before argument, except<\/p>\n<ul>\n<li>reader will disagree with conclusion, must be prepared<\/li>\n<li>reader cannot understand without reasoning<\/li>\n<\/ul>\n<p>Deductive reasoning is good in lower levels of the pyramid, there is little intervening information.<\/p>\n<p>Inductive reasoning is more difficult and creative. You need the skills to define ideas in the grouping and identify misfits among them. The higher-level idea should be a plural noun (ensures that ideas are &ldquo;of the same kind&rdquo;).<\/p>\n<p>If only one piece of evidence is available, it must be treated deductively.<\/p>\n<p>Parallel ideas in parallel form (to eat, to sleep or eating, sleeping).<\/p>\n<p>Inductive groupings can be time order, structural order or ranking order.<\/p>\n<p>In structure, parts must be<\/p>\n<ul>\n<li>mutually exclusive<\/li>\n<li>collectively exhaustive<\/li>\n<\/ul>\n<p>This is the MECE principle.<\/p>\n<p>Key issues: yes-or-no-answers asked.<\/p>\n<p>Inductive grouping: ideas above must state what the relationship below implies.<\/p>\n<p>&ldquo;There are two problems&rdquo; doesn&rsquo;t summarize the ideas below, it merely states their kind (problem, objective, challenge).<\/p>\n<p>Action statements:<\/p>\n<ul>\n<li>grouped in causal structure<\/li>\n<li>clear wording what things\/actions achieve what effect, MECE<\/li>\n<li>specific effect, not &ldquo;improve profits&rdquo;, but &ldquo;10% higher profits&rdquo;, not necessarily numerical goal, but it must be possible to judge success\/completion<\/li>\n<\/ul>\n<p>Causal hierarchy:<\/p>\n<ul>\n<li>left to right: effects, left before right, temporal<\/li>\n<li>up to below: cause, create end product (effect), causal<\/li>\n<\/ul>\n<p>Action ideas cannot be grouped by similarity, only by effect.<\/p>\n<p>Conceptual thinking in images helps to write clearly, it is also efficient: synthesizes many facts into an abstraction, which leads to compression.<\/p>"},{"title":"How to Win Friends & Influence People","link":"https:\/\/www.thomas-huehn.com\/how-to-win-friends-and-influence-people\/","pubDate":"Mon, 06 Apr 2015 00:00:00 +0100","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/how-to-win-friends-and-influence-people\/","description":"<p><strong>How to Win Friends &amp; Influence People<\/strong> by <strong>Dale Carnegie<\/strong> is a classic self-help book about social skills.<\/p>\n<p>Dale Carnegie was actually born Dale Carnagey, but exploited steel magnate Andrew Carnegie&rsquo;s fame by adjusting his own name. He built his own flourishing business selling seminars and books about dealing with people. This book is the centerpiece of his work. It&rsquo;s a collection of anecdotes and the more-than-occasional bragging about the efficacy of his methods.<\/p>\n<p>The book may seem dated sometimes (giving a prospective customer a list of existing customers and telling him to call them would be extremely frowned upon nowadays), but people haven&rsquo;t changed. They haven&rsquo;t really changed since antiquity, that&rsquo;s why we still gainfully read the great philosophers!<\/p>\n<p>What follows are a few hints from the book I consider central and important:<\/p>\n<p><em>Don&rsquo;t criticize or attack people.<\/em><\/p>\n<p>People are not logical beings, like Vulcans. People are emotional. As soon as you criticize or attack in any way they will act in an antagonistic manner. Nothing good will come out of it.<\/p>\n<p>There is only one way to make people do something: they must want to do it. Not necessarily out of rational thought, weighing all the pros and cons. Maybe they want to do you a favor because they like you. Maybe they want to give you their wallet because your gun looks pretty real. But in the end they must want to, even if only reluctantly.<\/p>\n<p>What do people want? All the usual basic needs of life (food, clothing, shelter), some material things (money), most if not all of them usually satisfied to an acceptable degree. But one desire is usually not fulfilled: the wish to be important. Everybody wants to feel important.<\/p>\n<p><em>Show your sincere appreciation, but don&rsquo;t flatter.<\/em><\/p>\n<p>It&rsquo;s important to note the word \u201csincere\u201d. Blunt flattery will not do. It&rsquo;s dishonest and that won&rsquo;t be lost on the other person. Find something you actually appreciate or admire in the other person. Usually there is something to be found, and honest appreciation does not result in the awkwardness of sheer flattery. Much too seldom do we praise others. There doesn&rsquo;t need to be a big occasion. Tell the waiter that the steak is really good. Tell your kids you&rsquo;re proud of their little league performance. Thank your children&rsquo;s teacher for how she handled the situation last Friday. But be sincere!<\/p>\n<p>Don&rsquo;t just praise abstractly. Find concrete examples what someone did right and well and praise them for that.<\/p>\n<p>Don&rsquo;t always talk about what you want. Try and see the world through the eyes of the other person and find out what he wants. Then show them how you can help them achieve their goals while simultaneously achieving yours.<\/p>\n<p>Trying to get others interested in yourself is difficult at best. Be interested in them and what they have to say! Again, don&rsquo;t fake your interest, open your mind and be interested in them.<\/p>\n<p>The first impression when meeting someone is important. Smile. You can condition yourself to happiness by smiling even when noone&rsquo;s around. Or hum a song. Act as if you were already happy. The act of smiling seems to follow the feeling of happiness. In truth, they are more in lockstep. It&rsquo;s easier to control the act than the feeling.<\/p>\n<p>People love to hear their name. It&rsquo;s a very powerful word to them, and using it is a form of compliment.<\/p>\n<p><em>Make an effort to remember people&rsquo;s names and use the names in conversation.<\/em><\/p>\n<p>Especially if the name is uncommon or difficult to pronounce, many people will disregard that name or mispronounce it. You stand out by paying attention to the name and making the effort of learning it.<\/p>\n<p>Let people talk. Listen. Don&rsquo;t just wait for your turn.<\/p>\n<p>You&rsquo;re making people uncomfortable being a know-it-all who is contradicting others liberally. You don&rsquo;t have to correct every mistake, let people save face. Most of the time the mistake is inconsequential, anyway.<\/p>\n<p>If you try to change someone&rsquo;s mind, don&rsquo;t tell outright that you&rsquo;re going to prove a point. Be subtle. Instead of judging an opinion, try to understand what the opinion means to the other person. That means especially that \u201cnitpicking\u201d is never productive, only antagonistic. Show respect for their opinion.<\/p>\n<p><em>Saying \u201cyou&rsquo;re wrong\u201d does not show respect for the other person and his opinion.<\/em><\/p>\n<p>Admit your own mistakes quickly and liberally.<\/p>\n<p>When you need to complain about something start off very friendly and courteously.<\/p>\n<p>In conversations don&rsquo;t begin with differences, emphasize what you have in common. As soon as you drop a \u201cno\u201d or other direct refutation of the other&rsquo;s opinion he will feel that he has to defend it. Ask question where you know the answer will be \u201cyes\u201d.<\/p>\n<p>Let the other person talk more than you&rsquo;re talking. Don&rsquo;t brag with your achievements, ask for his successes.<\/p>\n<p>Include the other person in drafting an agreement, a contract or a document. Give him the feeling that an idea originated with him.<\/p>\n<p><em>There are usually two reasons for doing something: a respectable one that sounds good, and the real one. Appeal to the good-sounding one.<\/em><\/p>\n<p>When you need to criticize someone, find something to praise them for and start with that. Add your criticism to that using \u201cand\u201d, not \u201cbut\u201d.<\/p>\n<p>When possible, don&rsquo;t call people out on their mistakes. Find a way to make them see their mistake and save face.<\/p>\n<p>Before you talk about other people&rsquo;s mistakes, admit your own.<\/p>\n<p><em>Ascribe an unblemished reputation to others, they will feel the need to live up to it.<\/em><\/p>"},{"title":"The Now Habit","link":"https:\/\/www.thomas-huehn.com\/the-now-habit\/","pubDate":"Sun, 05 Apr 2015 00:00:00 +0100","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/the-now-habit\/","description":"<p><strong>The Now Habit<\/strong> by <strong>Neil Fiore<\/strong> is a self-help book about understanding and overcoming procrastination.<\/p>\n<p>Procrastination is a mechanism to cope with the fear that is linked to the beginning or the end of a task. Nobody is \u201clazy\u201d on all fields of endeavor. You might not be able to start the next chapter of your novel, but still do the required reading for your college course.<\/p>\n<p>A good way to start on managing procrastination is having a procrastination log where you jot down the time, the activity, your thoughts and feelings, your excuse, your attempt of a solution and your resulting thoughts and feelings.<\/p>\n<p>The usual cycle of procrastination looks like this:<\/p>\n<ul>\n<li>You let the task at hand influence your happiness and self-worth.<\/li>\n<li>You want to execute the task very well, so that your perfectionism is satisfied. Thereby you increase your chance of failure by setting the bar very high.<\/li>\n<li>You fear that you cannot meet the expectations you have imposed on yourself. You cannot act.<\/li>\n<li>You avoid the problem by procrastinating.<\/li>\n<li>Shortly before the deadline you have to do something. You do it, but not as well as you could have, given the time allotted.<\/li>\n<\/ul>\n<p>The first step towards keeping procrastination at bay is to create safety. Failure must not be the end of the world. You need to remember that many very successful people had big failures. Your value as a person does not depend on the task.<\/p>\n<p>A way to reduce the pressure you feel is to be mindful of language. Avoid \u201cI must\u201d and \u201cI should\u201d. Try to think in terms of \u201cI want to\u201d, \u201cI choose\u201d and \u201cI decide\u201d.<\/p>\n<p>A \u201cshould\u201d means not being happy with a situation and deciding to do something about it. It does not mean \u201cI dislike the way it is and I&rsquo;m going to complain\u201d.<\/p>\n<p>\u201cI must finish\u201d is not a helpful way of thinking. The better way is \u201cWhen can I start?\u201d. Try to get things done at least partially, long before a deadline looms.<\/p>\n<p>Partial work is an important aspect: you don&rsquo;t have to complete a big project in one sitting. Bite a small, manageable chunk off and get that done. The project may be big, but it can be tackled in smaller parts. Do a first draft. Or one test chapter. Maybe it even helps to do a first draft sloppily on purpose and edit it afterwards.<\/p>\n<p>\u201cI must be perfect\u201d is inhumane. You are allowed to be human. Learn from mistakes, respect boundaries. Don&rsquo;t criticise yourself harshly. Have some compassion for yourself.<\/p>\n<p>Take time off. Friends, Leisure time, your partner. They are important and healthy for you. Incorporate leisure time and sports in your schedule. Don&rsquo;t let it be a secondary concern for \u201cwhen you find the time\u201d.<\/p>\n<p>Imagine the concrete goal and the rewards. Let it pull you towards it. Don&rsquo;t think about the long way till the goal, think about the way you&rsquo;ve already behind yourself.<\/p>\n<p>Don&rsquo;t get overwhelmed. You don&rsquo;t have to know the perfect starting point. You may take time to learn and feel secure in your task. Don&rsquo;t bad-mouth your achievements and progress.<\/p>\n<p>Plan in reverse and invent lots of smaller deadlines. Start with the externally imposed deadline. Plan backwards what needs to be done to complete the task by that time. Plan intermediate steps with their own, much shorter deadlines.<\/p>\n<p>Channel your energy into actions to remove the threats that you fear.<\/p>\n<p>Play through the worst case. What&rsquo;s the worst thing that can happen to you? Imagine what you could do in such a situation. Are their alternatives? Are there maybe even upsides? How can you reduce the probability of that worst case happening?<\/p>\n<p>Sometimes people work on tasks pretty well and productively, but they never seem to finish a task. Prolonging the almost-finished task takes up energy, as well. Just put that energy into finishing and reap the rewards.<\/p>\n<p>Excessive preparation before beginning a task is also just procrastination. Limit it and then just start. If you really need research or other preparation, you will find out later.<\/p>\n<p>Don&rsquo;t be discouraged by the seeming lack of progress after starting. It&rsquo;s often the case that the beginning is the hardest and slowest part. The time spent in the first phase isn&rsquo;t lost, you&rsquo;ve got a better understanding of the problem and your task.<\/p>\n<p>The fear that the demands of you will rise after successfully finishing the current job is irrational. You will still have some autonomy to make an informed decision later. Don&rsquo;t fret about it now.<\/p>\n<p>If you feel that you need more time: are you sure that it isn&rsquo;t just perfectionism? Not everything needs to be polished. Weigh the cost and benefit of working on it some more versus finishing it.<\/p>\n<p>Use the \u201cUnschedule\u201d. The Unschedule is like a schedule, but it starts with you entering blocks of recreational activities and leisure time. Only then do you enter your tasks, after you&rsquo;ve worked at least half an hour without interruption on them. This gives you a realistic overview of how much work you can possibly tackle. Tasks are never scheduled, only recorded after the fact.<\/p>\n<p>Aim for thirty minutes of uninterrupted, quality work. Take a break after that block.<\/p>\n<p>Setbacks are inevitable. Look out for them. Observe yourself. What were your thoughts and feelings? Why did you revert to your old ways? Make plans how to counter that in the future.<\/p>\n<p>Drop goals that can neither be achieved nor started upon in the near future. Change your plans and re-schedule it for a later time. Don&rsquo;t let that goal linger without any action towards completion.<\/p>"},{"title":"Influence \u2013 The Psychology of Persuasion","link":"https:\/\/www.thomas-huehn.com\/influence-the-psychology-of-persuasion\/","pubDate":"Sat, 04 Apr 2015 22:00:00 +0000","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/influence-the-psychology-of-persuasion\/","description":"<p><strong>Influence<\/strong> by <strong>Robert B. Cialdini<\/strong> is an acclaimed book about human tendencies to get persuaded. It shows how marketers use (and sometimes abuse) those psychological traits to get what they want. The reader, on the other hand, can try and armor himself against these methods if he knows about them.<\/p>\n<p>The book is organized around the six guiding principles that Cialdini identifies:<\/p>\n<ul>\n<li><em>Reciprocation<\/em>, making people want to do a favor to others who have already done a favor to them (even only seemingly so).<\/li>\n<li><em>Consistency<\/em>, making people \u201clock onto\u201d one behavior and not abandoning it, even if this behavior turns out to be disadvantageous.<\/li>\n<li><em>Social proof<\/em>, having people orient themselves to the behavior of others.<\/li>\n<li><em>Authority<\/em>, where people gladly accept \u201corders\u201d (or mere \u201chints\u201d) by supposed experts or figures of authority.<\/li>\n<li><em>Liking<\/em>, making people tend to comply with others who they like.<\/li>\n<li>And finally: <em>Scarcity<\/em>, making people crave that which they cannot (easily) have.<\/li>\n<\/ul>\n<p>The book is written in a very entertaining style with lots of anecdotes. Cialdini usually annotates his anecdotes with scientific studies exploring the phenomenon at hand, but this book is not really rigorous. Motives are mostly ascribed, not really proven. If you&rsquo;re interested in a more comprehensive and rigorous treatment of psychological processes, I would strongly recommend Daniel Kahnemann&rsquo;s \u201cThinking, Fast and Slow\u201d.<\/p>\n<p>And counterintuitive experimental results abound: For example, Cialdini cites studies where people let others cut the line to a photocopier more often if those people qualify their request with the zero-information, almost nonsensical clause \u201cbecause I need to make copies\u201d. The use of the keyword \u201cbecause\u201d itself signifies to the recipient a reason, even if no such reason is really given.<\/p>\n<p>A nice way to trick customers into buying is by creating a false sense of urgency, with the salesman acting as if he made a mistake with the price that only the customer notices. Buy quickly before he sees his mistake!<\/p>\n<p>This is dishonest, of course, but as opposed to other dishonest tactics there is no gullible victim here, just another malicious person. So it&rsquo;s hard to feel too bad for the customer.<\/p>\n<p>The first important principle shown in the book is the contrast principle: Differences seem exaggerated when the different things are presented one after another. For example, putting your hand into warm water and in cool water after that, makes the cool water seem very cold.<\/p>\n<p>Salesmen can use this principle to their advantage: they will usually try to sell the more expensive item first (a suit), and cheaper accessories afterwards (a belt), because in this order the belt seems to be not a lot of money.<\/p>\n<h2 id=\"reciprocation\">Reciprocation<\/h2>\n<p>We feel obligated to reciprocate acts of kindness. An example from the book is the practice of the sect of Hare Krishna to \u201cgive a gift\u201d to a passerby before asking for a donation. This gift \u2013 usually a flower \u2013 can be very cheap, even retrieved from the garbage bin and gifted again to the next person, it still greatly increases donations.<\/p>\n<p>The psychological reason is that being indebted feels burdensome. We want to get rid of this obligation. Evolutionary speaking this is a sensible reaction: it fosters cooperation between people.<\/p>\n<p>The interesting part is that this psychological rule works also for uninvited gifts (as the flower), even ones imposed on us after courteously declining. So another person can create a feeling of being obligated towards him. This isn&rsquo;t foolproof and certain, of course, if the mark knows about this effect he can dismiss it. But it&rsquo;s not easy and frictionless, the feeling is still there.<\/p>\n<p>Additionally, we feel obligated to reciprocate, even when the requested favor-in-return is disproportionate. So this can be used to extract value from others, unless they are acutely aware of this, or the requested favor is wildly out of the ballpark.<\/p>\n<p>There is still another way to use this psychological effect to one&rsquo;s advantage: reciprocal concessions. You request something, have this request rejected, and then request something smaller, as if you actually conceded something there.<\/p>\n<p>This second request looks like a real concession, even if it was what you intended to get all along. But now the other person may feel obligated to accept, or at the very least move their counteroffer in your direction.<\/p>\n<p>Again, it&rsquo;s the contrast principle at work: compared to your outlandish first request, the second one seems much more reasonable than it would on its own.<\/p>\n<p>The most beautiful part of this rejection-then-retreat strategy is that sometimes your extreme first request may even be accepted! The potential winnings are enormous. The main disadvantage is that extreme requests may infuriate the other person and make the whole negotiation go sour.<\/p>\n<p>The strategy in selling of starting with the more expensive item mentioned above is also an example of rejection-then-retreat: You start with the top of the line and retreat to some middle-priced item, instead of offering the lowest-priced items immediately. In this way you can extract more value from the buyer on average. \u201cUpselling\u201d is exactly the wrong approach!<\/p>\n<p>The \u201cvictims\u201d of this strategy don&rsquo;t even hold resentment (unless you really went too far); studies show that they not only carry out their part of the deal more often than without this strategy, they are even more likely to deal with you in the future!<\/p>\n<p>On the other hand, starting with a small deal is also advantageous, in that it may reel in a much larger deal in the future. This is not contradiction to the \u201cno upselling\u201d part above: \u201cNo upselling\u201d applies in a situation where a present customer wants to buy several items. The foot-in-the-door technique applies when the other person is not yet a customer, but you&rsquo;d like to change that. You relinquish a meaningful profit on your first transaction in order to ensure subsequent transactions with real profits.<\/p>\n<p>The other person being a customer may be important in other regards, as well: for example, in many jurisdictions it is illegal to cold call or write strangers in order to advertise to them. When they are existing customers and a business relationship is in place, it may be legal to advertise to them.<\/p>\n<h2 id=\"commitment-and-consistency\">Commitment and Consistency<\/h2>\n<p>People are more likely to comply with a larger request after they have already complied with a trivial request. That&rsquo;s even the case when the two requests are only remotely connected. So if you want someone to do something and you feel that there will be resistance, it&rsquo;s best to start with a small request that&rsquo;s unlikely to be declined.<\/p>\n<p>A very interesting anecdote is the one about US prisoners of war in a Chinese prison camp in Korea. The Chinese were regularly running essay-writing contests for the US prisoners. And they were smart enough to let pro-US essays win the contest sometimes, because in that way, prisoners felt they didn&rsquo;t have to betray their country, writing positive things about the US, but still had incentive to slip in a few nods towards the Chinese system, in order to enlarge their chance of winning. So the Chinese got the prisoners on the path to more substantial concessions in their writings.<\/p>\n<p>Another aspect was that the prizes for winning the contest were low, a fruit here, a few cigarettes there. The writers had to \u201cown\u201d what they were writing, there couldn&rsquo;t be any doubt it might only have been written just for a big prize.<\/p>\n<p>When people own what they have written themselves, they identify with it and it&rsquo;s hard to change their stance later. This can be handy in more benign circumstances: a salesman that lets the buyer fill out the sales agreement will find that there will be fewer cancellations. People feel more bound by a contract when they have physically written part of it.<\/p>\n<p>The same applies to testimonial contests that many companies run. At first glance it seems strange that pretty substantial prizes are offered for a postitive line or two about their product, but those testimonials (by real, common people) can not only be used in advertising, they change the writer&rsquo;s perception about the product and cement this opinion.<\/p>\n<p>Cialdini suggests that jury forepersons stick to secret balloting in the jury room, because when done this way no juror feels constrained by their need for consistency. Changing your opinion is easier when you haven&rsquo;t visibly committed to it. This should result in fewer hung juries.<\/p>\n<p>Is there a way to resist this psychological need for consistency? Of course, it is easier when you&rsquo;re aware of the effect. But the effect is only lessened and must actively be overcome by the rational mind, there&rsquo;s no way to really switch it off.<\/p>\n<p>Should this need for consistency be overridden? Most of the time: no. It is a good trait to stick to your convictions most of the time. There are two broad categories of situations where it&rsquo;s probably better not to be consistent. First, when your gut is telling you that you&rsquo;ve been trapped. You don&rsquo;t really want to do something, but feel an obligation. And second when knowing what you know now your first reaction tells you that you wouldn&rsquo;t do it again. In those cases it&rsquo;s probably best to break consistency.<\/p>\n<h2 id=\"social-proof\">Social proof<\/h2>\n<p>A good example for social proof (albeit a sad one) is so-called witness apathy. Quite often when something bad happens and a person needs immediate help, there are many bystanders, but nobody is helping.<\/p>\n<p>The reason is that few emergencies are totally obvious to the onlooker. And while he ponders if it is indeed an emergency and he should get involved (it would be embarassing if he acted without any need for it), he sees all those other people standing around him. None of them helping. So it seems to be consensus opinion that no help is needed. Unfortunately help is needed, very much so, but everyone standing around is going through the exact same thought process. So it&rsquo;s actually more probable for people to render assistance when fewer people are around. Or even only one. That one cannot possibly convince himself that others would help if there was the need. But as soon as one person helps, others participate. Helping is infectious. It is now \u201csocially safe\u201d to do so.<\/p>\n<h2 id=\"authority\">Authority<\/h2>\n<p>Not surprisingly, people tend to obey (perceived) figures of authority. In the Milgram experiment the participants continued to give (ostensible) electric shocks despite very strong signs that the experiment has gone too far, just because the supervisor in the lab coat told them so.<\/p>\n<h2 id=\"liking\">Liking<\/h2>\n<p>Again, it&rsquo;s common sense that you try to help people more when you like them. But how is liking influenced?<\/p>\n<p>First, physical attractiveness helps. You may not be looking for a life partner, but the attractive person (even of the same gender) has an advantage when it comes to you liking them.<\/p>\n<p>Also, similarity is a big factor. You&rsquo;re both playing golf? You&rsquo;re both in academia? You both like to travel to the Canary Islands? You&rsquo;re positively predisposed towards one another.<\/p>\n<p>We like things that are familiar to us. An interesting experiment is taking a photo of your face and producing two versions of it: the original and one, where left and right have been swapped. Your friends will probably like the original more, while you prefer the swapped one. The reason is simple: you know your face mostly from looking into a mirror.<\/p>\n<p>Some situations make us more receptible to ideas, we are more favorable towards ab issue when it is presented while we eat.<\/p>\n<p>It&rsquo;s very hard to avoid this liking effect, we can only recognize it and then force ourselves to separate the issue from the person.<\/p>\n<h2 id=\"scarcity\">Scarcity<\/h2>\n<p>Why do people usually interrupt a conversation when their phone rings, even if they don&rsquo;t expect an important call? The other person in the conversation is still going to be there a minute later. The caller might be unreachable later.<\/p>\n<p>We feel a lot of pressure when we&rsquo;re made to believe that an opportunity would be lost a short time later. Therefore all those sales with time limits and offers only valid today. We feel we might miss out on some great deal.<\/p>\n<p>Marketers use this all the time. They also like to feign small inventory, so you should really get this item now.<\/p>\n<p>But it gets really devastating when (perceived) scarcity meets rivalry. Only one car on sale, but there are two other people interested in it, and willing to buy immediately. Salesmen like to have several prospective buyers show up at the same time. So they schedule them at the same time.<\/p>\n<p>Usually in those situations we go astray. We don&rsquo;t really want to enjoy, or use the scarce item. We want to possess it. Buyer beware!<\/p>\n<h2 id=\"conclusion\">Conclusion<\/h2>\n<p>It&rsquo;s not just the flesh that is weak. The mind is just as weak, or at least malleable. We cannot switch off our evolutionary baggage and programming, but we can be aware of it and keep it at bay. In Daniel Kahnemann&rsquo;s parlance: we can activate System 2 to override System 1.<\/p>\n<p>Influence is eye-opening, entertaining and gracefully short. It doesn&rsquo;t climb to such intellectual heights as Kahnemann&rsquo;s book, but it&rsquo;s a very good read.<\/p>"},{"title":"Wool","link":"https:\/\/www.thomas-huehn.com\/wool\/","pubDate":"Mon, 29 Dec 2014 00:00:00 +0100","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/wool\/","description":"<p><strong>Wool<\/strong> by <strong>Hugh Howey<\/strong> is a dystopian science fiction novella, originally self-published for Amazon Kindle. It started as a short story, but expanded into more parts, finally got published as an Omnibus edition, and gained a prequel (Shift).<\/p>\n<p>The book&rsquo;s setting is the eponymous \u201cSilo\u201d, a metal tube mostly underground where the remnants of mankind live, locked away from the barren and toxic outside.<\/p>\n<p>The reader is immediately thrust into the action and needs to orient himself, and quick: Sheriff Holston, the top law enforcement officer of the Silo, enters his office, wishes his deputy a good morning and casually says that he would like to go outside.<\/p>\n<p>Which is not only anathema in this society, but results in an automatic death sentence, without any need for an investigation. The execution is called \u201ccleaning\u201d; the condemned is put into a life suit (that&rsquo;s not really working), gets some woolen cleaning pads and is shoved out of the Silo where he cleans the cameras&rsquo; lenses showing the inhabitants the world outside.<\/p>\n<p>One of the big mysteries is why all those delinquents actually clean the cameras, before walking off to die. It&rsquo;s the main riddle of the first chapter, and it&rsquo;s deftly handled with a nice turn of events.<\/p>\n<p>The second chapter deals with the Silo&rsquo;s mayor, trying to find out why Sheriff Holston acted like he did, and unraveling the hidden power structure of the Silo that she herself hadn&rsquo;t understood fully.<\/p>\n<p>Those were the two chapters that I enjoyed tremendously. Short, sweet, to the point. The last three chapters have a common protagonist, a young female mechanic: Juliette.<\/p>\n<p>And inexplicably, the author drops the ball right at this point. Juliette is a strong woman, but I just can&rsquo;t relate to her or root for her. Other characters introduced are laughingly flat and illogical. The last three chapters are much, much longer than the first two chapters. There is an awful lot of wandering, diving and doing lots of \u2013 ultimately inconsequential \u2013 stuff, when there were actually more interesting things for the reader to explore. Do you remember when Harry Potter was camping in the woods in the Deathly Hallows? It&rsquo;s worse than that. Too much \u201cgetting to point X\u201d when the action at point X is what the reader is looking forward to.<\/p>\n<p>The original Silo novella (chapter one) is a great read and chapter two is its equal. Unfortunately I cannot say many good things about the rest. Since the first two chapters are pretty short, you can&rsquo;t make a mistake reading those. After that\u2026 well, I&rsquo;m not telling you to stop reading, but go on at least until you&rsquo;ve reached the big revelation about the Silo world somewhere in chapter three, and then stop when you yourself feel that you&rsquo;re not enjoying yourself too much anymore. You&rsquo;re not obligated to read till the end. No big revelations there.<\/p>"},{"title":"The Deadline","link":"https:\/\/www.thomas-huehn.com\/the-deadline\/","pubDate":"Sun, 07 Dec 2014 00:00:00 +0100","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/the-deadline\/","description":"<p><strong>The Deadline<\/strong> by <strong>Tom DeMarco<\/strong> is a real project management classic. I had bought it quite some time ago, but it collected dust on the shelf, despite the fact that I had enjoyed his book \u201cPeopleware\u201d. Turns out, it was a mistake. The collecting dust, not the reading, mind you.<\/p>\n<p>It&rsquo;s a software project management book disguised as a novel. And, while it is pleasant to read, even funny at times, as a novel it&rsquo;s not worth a lot. But this clever packaging makes it so much easier to plow through.<\/p>\n<p>Our protagonist, a project manager that recently lost his job because he spoke his mind, is drugged and kidnapped by a charming young woman who is \u201cacquiring\u201d talent for the up-and-coming software industry of Monrovia, a fictional country of the former Eastern Bloc.<\/p>\n<p>They&rsquo;ve got lots and lots of software developers, some managers, and the desire to become the biggest software supplier of the world. Six software products have already been planned (all rip-offs of well-selling programs like Photoshop), and now it&rsquo;s time to execute on that vision.<\/p>\n<p>Additionally, our protagonist and his trusted senior staff intend to conduct some real-world experiments: having three different teams each for those six products, so that different approaches can be compared and quantified.<\/p>\n<p>The novel introduces a problem (like personal conflicts between developers or tight deadlines) in each chapter, usually with a new character who is relevant to the issue at hand. This new character is often a world-renowned expert on this field, is flown in (or visited) and gives key insight in an afternoon. Obviously, this repeating theme is one of the reasons why the book falls short as a novel per se.<\/p>\n<p>The reader needs to be acutely aware that those experts are no real-world experts, but are channelling Tom DeMarco&rsquo;s convictions. That&rsquo;s perfectly okay, since it&rsquo;s Tom DeMarco&rsquo;s presentation, but the reader must not get confused, for the characters in the book take every word of those experts as gospel, never questioning it, never finding tensions or direct contradictions to other experts&rsquo; views. The reader must not get complacent and do the same.<\/p>\n<p>Every chapter ends with a few short notes on what our protagonist has learned. And there are quite a few real nuggets in there. They are never too detailed, more food-for-thought. I like that because it saves the book from becoming the chore most project management books are. Remember, no proofs for the validity are given, this is straight advice by the author. Take it or leave it.<\/p>\n<p>While most of those points were pretty obvious, sometimes even trivial, I&rsquo;d like to repeat some others here. Some of them are important and had at least some quality of being new to me. Some were nothing new, but spoke to me because I have personal recollections pertinent to them. Others just elicited some thoughts of my own that I don&rsquo;t want to lose. So instead of re-reading the book later, I hope those notes can serve as a reminder of the meat of it, as I saw it.<\/p>\n<h2 id=\"anonymous-confessions\">Anonymous confessions<\/h2>\n<p>One of the early lessons is that there should be an anonymous way to report problems up the hierarchy. In the novel it is presented as a real confessional box, complete with the ceremony based on the catholic shrift.<\/p>\n<p>Of course, this mechanism is not limited to reporting own failures and problems. Actually, it&rsquo;s more likely that it will lead to reports about problems in areas the reporter doesn&rsquo;t have under his control, I think.<\/p>\n<p>One interesting twist is that the confessor in the novel always knows very well the identity of the penitent (realistically, I think, there are only so many people with both the knowledge of some subject and no better way to report it), but never lets it show. That is probably important, because as soon as the higher-up breaks this illusion of anonymity reports will dry up.<\/p>\n<h2 id=\"risk-officer\">Risk officer<\/h2>\n<p>Risk management in the project is extremely important. While everyone is tasked with managing risks, there should be a designated risk officer. Furthermore, this risk officer (aided by the team, of course) must identify early indicators of important risks well before they can materialize, and then be on a constant lookout for those indicators.<\/p>\n<h2 id=\"dangers-of-can-do\">Dangers of Can-Do<\/h2>\n<p>While many managers see a can-do attitude as a positive trait, it poses the danger of priming the team for averting to report risks and problems up the chain of command.<\/p>\n<h2 id=\"improving-productivity\">Improving productivity<\/h2>\n<p>There are no opportunities for short-term improvements of productivity, because every sane team member handles those low-hanging fruit on his own, in order to eliminate sources of frustration.<\/p>\n<p>This may be an exaggeration, I think, because sometimes management can help making it okay to eliminate those time-killers. For example, a boss once instituted the policy that team members were explicitly allowed to declare times of the day where they don&rsquo;t respond to the telephone (and announce those times), as well as put up a do-not-disturb sign at their desk in the open-plan office. The effects weren&rsquo;t too big, in my recollection, mostly because those were inadequate means of addressing the root cause.<\/p>\n<h2 id=\"modelling-hunches\">Modelling Hunches<\/h2>\n<p>In a very interesting early chapter the senior management of Monrovia&rsquo;s budding new software industry explicitly model their \u201chunches\u201d or gut feelings about how much of an effect training and personnel fluctuations have on the work being completed. This means not just drawing diagrams, but actually using a modelling tool on the computer and quantifying the internal state transitions.<\/p>\n<p>This serves not only as a tool to communicate one&rsquo;s hunches to other members of the management team, and consequently to compare and refine those hunches. It also allows to plug in real-life measurements, thus improving one&rsquo;s understanding of the effects at work.<\/p>\n<p>That was probably the single most surprising lesson in the book for me. I have lingering doubts as to its practicality, not only the quantitative part, but also the ability to conjure up a semi-realistic model in the first place, but it looks like there are actually tools for that purpose being sold and used.<\/p>\n<h2 id=\"liking-people\">Liking people<\/h2>\n<p>Actually liking people you&rsquo;re working with (or especially \u201cagainst\u201d), not only faking it, makes it easier to find common ground and convince them of whatever you dearly need.<\/p>\n<h2 id=\"pressure\">Pressure<\/h2>\n<p>Pressure is often used as a way to elicit more work results and even more productivity. It is not a viable means to do that. But pressure, applied judiciously and for not too long, can signal heightened importance of some piece of work to the team. It is therefore not bad by itself, but it is usually applied in a destructive way (non-focussed: too much for too long).<\/p>\n<p>Additionally, people use pressure towards their subordinates in order to demonstrate to their higher-ups that they have done everything in their power to achieve the (probably missed) goal.<\/p>\n<h2 id=\"inner-doubts\">Inner doubts<\/h2>\n<p>Most people have some inner doubts about their abilities or intelligence. That is why they don&rsquo;t dare to speak up when some document is incomprehensible, because everyone else seems to understand it perfectly well. In reality, everyone is likely to have similar thoughts, but this effect is self-feeding, and so the problem is concealed.<\/p>\n<h2 id=\"specification\">Specification<\/h2>\n<p>The minimum requirement for a document to be considered a specification is having both of these:<\/p>\n<ul>\n<li>Policy: How does the system react to events? This part is complex.<\/li>\n<li>Inputs and outputs. These can be defined succinctly and precisely.<\/li>\n<\/ul>\n<p>Personally I would add at least a third part: Data and (inner) state. Starting with data structures and only then defining the operations on them is usually advantageous.<\/p>\n<h2 id=\"ambiguities-conceal-conflicts\">Ambiguities conceal conflicts<\/h2>\n<p>Ambiguous wording in specifications is usually there because some unresolved conflict between stakeholders is brewing and the author cannot be clear and precise, because that would decide the ongoing conflict.<\/p>\n<p>That&rsquo;s an insight that was new to me. Still, I think that lots of ambiguities in specifications are not because of conflicts without a resolution, but because of missing information. Why can&rsquo;t the author just ask around until he knows the answer? Often because decisions pertinent to the issue haven&rsquo;t been made, yet, and are some other group&rsquo;s responsibility. In a way you can call it a scheduling conflict, I suppose, but I wouldn&rsquo;t really sort it under the heading \u201cconflict\u201d.<\/p>\n<h2 id=\"staffing\">Staffing<\/h2>\n<p>Start the project with few people and do a proper design. No more than a handful of team members can contribute in a meaningful way because in that phase everyone needs to have a view of the big picture, no specialization is possible.<\/p>\n<p>When the project enters phases where well-defined work packages can be worked on individually (e.g. coding), massively expand the team.<\/p>\n<p>As a latecomer in a former project of mine, colleagues told me how it was in the beginning. The small design team was furiously cranking out specifications for the (dozen or so) fully staffed teams to work on, but they were hopelessly swamped, of course. So the teams mostly sat on their hands.<\/p>\n<p>On the other hand, I really lamented that I wasn&rsquo;t around in the beginning. So many decisions were not only ingrained into the design (and the source code!), but also a kind of folklore. The original design team had moved on, and on some subjects nobody in the company knew anymore why certain directions were taken. No one left to ask.<\/p>\n<h2 id=\"anger--fear\">Anger = fear<\/h2>\n<p>In a business context noone shows fear because he would lose face. Anger is a semi-accepted substitute emotion, so people lash out when afraid.<\/p>\n<p>But when everyone knows about this substitution, this same tendency to prevent loss of face will stifle angry outbursts.<\/p>"},{"title":"Myths about \/dev\/urandom","link":"https:\/\/www.thomas-huehn.com\/myths-about-urandom\/","pubDate":"Sat, 15 Mar 2014 23:00:00 +0000","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/myths-about-urandom\/","description":"<aside>\n<strong>Note from 2024:<\/strong> This article was published in 2014. It is still correct in its discussion of entropy and randomness, but the Linux kernel random number generator has been reworked several times since then and does not look like this anymore. Good news: the separation between \/dev\/urandom and \/dev\/random is practically gone.\n<\/aside>\n<p>There are a few things about \/dev\/urandom and \/dev\/random that are repeated again and again. Still they are false.<\/p>\n<aside>\nI\u2019m mostly talking about reasonably recent Linux systems, not other UNIX-like systems.\n<\/aside>\n<p>\/dev\/urandom is insecure. Always use \/dev\/random for cryptographic purposes.<\/p>\n<p>Fact: \/dev\/urandom is the preferred source of cryptographic randomness on UNIX-like systems.<\/p>\n<p>\/dev\/urandom is a pseudo random number generator, a PRNG, while \/dev\/random is a \u201ctrue\u201d random number generator.<\/p>\n<p><a href=\"#structure-of-linuxs-random-number-generator\">Fact:<\/a> Both \/dev\/urandom and \/dev\/random are using the exact same CSPRNG (a cryptographically secure pseudorandom number generator). They only differ in very few ways that have nothing to do with \u201ctrue\u201d randomness.<\/p>\n<p>\/dev\/random is unambiguously the better choice for cryptography. Even if \/dev\/urandom were comparably secure, there\u2019s no reason to choose the latter.<\/p>\n<p><a href=\"#whats-wrong-with-blocking\">Fact:<\/a> \/dev\/random has a very nasty problem: it blocks.<\/p>\n<p>But that\u2019s good! \/dev\/random gives out exactly as much randomness as it has entropy in its pool. \/dev\/urandom will give you insecure random numbers, even though it has long run out of entropy.<\/p>\n<p><a href=\"#what-about-entropy-running-low\">Fact:<\/a> No. Even disregarding issues like availability and subsequent manipulation by users, the issue of entropy \u201crunning low\u201d is a straw man. About 256 bits of entropy are enough to get computationally secure numbers for a long, long time.<\/p>\n<p>And the fun only starts here: how does \/dev\/random know how much entropy there is available to give out? Stay tuned!<\/p>\n<p>But cryptographers always talk about constant re-seeding. Doesn\u2019t that contradict your last point?<\/p>\n<p><a href=\"#re-seeding\">Fact:<\/a> You got me! Kind of. It is true, the random number generator is constantly re-seeded using whatever entropy the system can lay its hands on. But that has (partly) other reasons.<\/p>\n<p>Look, I don\u2019t claim that injecting entropy is bad. It\u2019s good. I just claim that it\u2019s bad to block when the entropy estimate is low.<\/p>\n<p>That\u2019s all good and nice, but even the man page for \/dev\/(u)random contradicts you! Does anyone who knows about this stuff actually agree with you?<\/p>\n<p><a href=\"#the-random-and-urandom-man-page\">Fact:<\/a> No, it really doesn\u2019t. It seems to imply that \/dev\/urandom is insecure for cryptographic use, unless you really understand all that cryptographic jargon.<\/p>\n<p>The man page does recommend the use of \/dev\/random in some cases (it doesn\u2019t hurt, in my opinion, but is not strictly necessary), but it also recommends \/dev\/urandom as the device to use for \u201cnormal\u201d cryptographic use.<\/p>\n<p>And while appeal to authority is usually nothing to be proud of, in cryptographic issues you\u2019re generally right to be careful and try to get the opinion of a domain expert.<\/p>\n<p>And yes, quite a few <a href=\"#orthodoxy\">experts<\/a> share my view that \/dev\/urandom is the go-to solution for your random number needs in a cryptography context on UNIX-like systems. Obviously, their opinions influenced mine, not the other way around.<\/p>\n<p>Hard to believe, right? I must certainly be wrong! Well, read on and let me try to convince you.<\/p>\n<p>I tried to keep it out, but I fear there are two preliminaries to be taken care of, before we can really tackle all those points.<\/p>\n<p>Namely, <a href=\"#true-randomness\">what is randomness<\/a>, or better: what kind of randomness am I talking about here?<\/p>\n<p>And, even more important, I\u2019m really <a href=\"#youre-saying-im-stupid\">not being condescending<\/a>. I have written this document to have a thing to point to, when this discussion comes up again. More than 140 characters. Without repeating myself again and again. Being able to hone the writing and the arguments itself, benefitting many discussions in many venues.<\/p>\n<p>And I\u2019m certainly willing to hear differing opinions. I\u2019m just saying that it won\u2019t be enough to state that \/dev\/urandom is bad. You need to identify the points you\u2019re disagreeing with and engage them.<\/p>\n<h2 id=\"youre-saying-im-stupid\">You\u2019re saying I\u2019m stupid!<\/h2>\n<p>Emphatically <em>no!<\/em><\/p>\n<p>Actually, I used to believe that \/dev\/urandom was insecure myself, a few years ago. And it\u2019s something you and I almost had to believe, because all those highly respected people on Usenet, in web forums and today on Twitter told us. Even the man page seems to say so. Who were we to dismiss their convincing argument about \u201centropy running low\u201d?<\/p>\n<p>This misconception isn\u2019t so rampant because people are stupid, it is because with a little knowledge about cryptography (namely some vague idea what entropy is) it\u2019s very easy to be convinced of it. Intuition almost forces us there. Unfortunately, intuition is often wrong in cryptography. So it is here.<\/p>\n<h2 id=\"true-randomness\">True randomness<\/h2>\n<p>What does it mean for random numbers to be \u201ctruly random\u201d?<\/p>\n<p>I don\u2019t want to dive into that issue too deep, because it quickly gets philosophical. Discussions have been known to unravel quickly, because everyone can wax about their favorite model of randomness, without paying attention to anyone else. Or even making himself understood.<\/p>\n<p>I believe that the \u201cgold standard\u201d for \u201ctrue randomness\u201d are quantum effects. Observe a photon pass through a semi-transparent mirror. Or not. Observe some radioactive material emit alpha particles. It\u2019s the best idea we have when it comes to randomness in the world. Other people might reasonably believe that those effects aren\u2019t truly random. Or even that there is no randomness in the world at all. Let a million flowers bloom.<\/p>\n<p>Cryptographers often circumvent this philosophical debate by disregarding what it means for randomness to be \u201ctrue\u201d. They care about unpredictability. As long as nobody can get any information about the next random number, we\u2019re fine. And when you\u2019re talking about random numbers as a prerequisite in using cryptography, that\u2019s what you should aim for, in my opinion.<\/p>\n<p>Anyway, I don\u2019t care much about those \u201cphilosophically secure\u201d random numbers, as I like to think of your \u201ctrue\u201d random numbers.<\/p>\n<h2 id=\"two-kinds-of-security-one-that-matters\">Two kinds of security, one that matters<\/h2>\n<p>But let\u2019s assume you\u2019ve obtained those \u201ctrue\u201d random numbers. What are you going to do with them?<\/p>\n<p>You print them out, frame them and hang them on your living-room wall, to revel in the beauty of a quantum universe? That\u2019s great, and I certainly understand.<\/p>\n<p>Wait, what? You\u2019re using them? For cryptographic purposes? Well, that spoils everything, because now things get a bit ugly.<\/p>\n<p>You see, your truly-random, quantum effect blessed random numbers are put into some less respectable, real-world tarnished algorithms.<\/p>\n<p>Because almost all of the cryptographic algorithms we use do not hold up to <em>information-theoretic security.<\/em> They can \u201conly\u201d offer <em>computational security.<\/em> The two exceptions that come to my mind are Shamir\u2019s Secret Sharing and the One-time pad. And while the first one may be a valid counterpoint (if you actually intend to use it), the latter is utterly impractical.<\/p>\n<p>But all those algorithms you know about, AES, RSA, Diffie-Hellman, Elliptic curves, and all those crypto packages you\u2019re using, OpenSSL, GnuTLS, Keyczar, your operating system\u2019s crypto API, these are only computationally secure.<\/p>\n<p>What\u2019s the difference? While information-theoretically secure algorithms are secure, period, those other algorithms cannot guarantee security against an adversary with unlimited computational power who\u2019s trying all possibilities for keys. We still use them because it would take all the computers in the world taken together longer than the universe has existed, so far. That\u2019s the level of \u201cinsecurity\u201d we\u2019re talking about here.<\/p>\n<p>Unless some clever guy breaks the algorithm itself, using much less computational power. Even computational power achievable today. That\u2019s the big prize every cryptanalyst dreams about: breaking AES itself, breaking RSA itself and so on.<\/p>\n<p>So now we\u2019re at the point where you don\u2019t trust the inner building blocks of the random number generator, insisting on \u201ctrue randomness\u201d instead of \u201cpseudo randomness\u201d. But then you\u2019re using those \u201ctrue\u201d random numbers in algorithms that you so despise that you didn\u2019t want them near your random number generator in the first place!<\/p>\n<p>Truth is, when state-of-the-art hash algorithms are broken, or when state-of-the-art block ciphers are broken, it doesn\u2019t matter that you get \u201cphilosophically insecure\u201d random numbers because of them. You\u2019ve got nothing left to securely use them for anyway.<\/p>\n<p>So just use those computationally-secure random numbers for your computationally-secure algorithms. In other words: use \/dev\/urandom.<\/p>\n<h2 id=\"structure-of-linuxs-random-number-generator\">Structure of Linux\u2019s random number generator<\/h2>\n<h3 id=\"an-incorrect-view\">An incorrect view<\/h3>\n<p>Chances are, your idea of the kernel\u2019s random number generator is something similar to this:<\/p>\n<figure>\n<img src=\".\/structure-no.png\"\nalt=\"Mythical structure of the kernel\u2019s random number generator\"\nwidth=\"720\"\nheight=\"960\"\n\/><\/figure>\n<p>Mythical structure of the kernel\u2019s random number generator<\/p>\n<p>\u201cTrue randomness\u201d, albeit possibly skewed and biased, enters the system and its entropy is precisely counted and immediately added to an internal entropy counter. After de-biasing and whitening it\u2019s entering the kernel\u2019s entropy pool, where both \/dev\/random and \/dev\/urandom get their random numbers from.<\/p>\n<p>The \u201ctrue\u201d random number generator, \/dev\/random, takes those random numbers straight out of the pool, if the entropy count is sufficient for the number of requested numbers, decreasing the entropy counter, of course. If not, it blocks until new entropy has entered the system.<\/p>\n<p>The important thing in this narrative is that \/dev\/random basically yields the numbers that have been input by those randomness sources outside, after only the necessary whitening. Nothing more, just pure randomness.<\/p>\n<p>\/dev\/urandom, so the story goes, is doing the same thing. Except when there isn\u2019t sufficient entropy in the system. In contrast to \/dev\/random, it does not block, but gets \u201clow quality random\u201d numbers from a pseudorandom number generator (conceded, a cryptographically secure one) that is running alongside the rest of the random number machinery. This CSPRNG is just seeded once (or maybe every now and then, it doesn\u2019t matter) with \u201ctrue randomness\u201d from the randomness pool, but you can\u2019t really trust it.<\/p>\n<p>In this view, that seems to be in a lot of people\u2019s minds when they\u2019re talking about random numbers on Linux, avoiding \/dev\/urandom is plausible.<\/p>\n<p>Because either there is enough entropy left, then you get the same you\u2019d have gotten from \/dev\/random. Or there isn\u2019t, then you get those low-quality random numbers from a CSPRNG that almost never saw high-entropy input.<\/p>\n<p>Devilish, right? Unfortunately, also utterly wrong. In reality, the internal structure of the random number generator looks like this.<\/p>\n<h3 id=\"a-better-simplification\">A better simplification<\/h3>\n<h4 id=\"before-linux-48\">Before Linux 4.8<\/h4>\n<figure>\n<img src=\".\/structure-yes.png\"\nalt=\"Actual structure of the kernel\u2019s random number generator before Linux 4.8\"\nwidth=\"720\"\nheight=\"960\"\n\/><\/figure>\n<p>Actual structure of the kernel\u2019s random number generator before Linux 4.8<\/p>\n<p>See the big difference? The CSPRNG is not running alongside the random number generator, filling in for those times when \/dev\/urandom wants to output something, but has nothing good to output. The CSPRNG is an integral part of the random number generation process. There is no \/dev\/random handing out \u201cgood and pure\u201d random numbers straight from the whitener. Every randomness source\u2019s input is thoroughly mixed and hashed inside the CSPRNG, before it emerges as random numbers, either via \/dev\/urandom or \/dev\/random.<\/p>\n<aside>\nThis is a pretty rough simplification. In fact, there isn\u2019t just one, but three pools filled with entropy. One primary pool, and one for \/dev\/random and \/dev\/urandom each, feeding off the primary pool. Those three pools all have their own entropy counts, but the counts of the secondary pools (for \/dev\/random and \/dev\/urandom) are mostly close to zero, and \u201cfresh\u201d entropy flows from the primary pool when needed, decreasing its entropy count. Also there is a lot of mixing and re-injecting outputs back into the system going on. All of this is far more detail than is necessary for this document.\n<\/aside>\n<p>Another important difference is that there is no entropy counting going on here, but estimation. The amount of entropy some source is giving you isn\u2019t something obvious that you just get, along with the data. It has to be estimated. Please note that when your estimate is too optimistic, the dearly held property of \/dev\/random, that it\u2019s only giving out as many random numbers as available entropy allows, is gone. Unfortunately, it\u2019s hard to estimate the amount of entropy.<\/p>\n<p>The Linux kernel uses only the arrival times of events to estimate their entropy. It does that by interpolating polynomials of those arrival times, to calculate \u201chow surprising\u201d the actual arrival time was, according to the model. Whether this polynomial interpolation model is the best way to estimate entropy is an interesting question. There is also the problem that internal hardware restrictions might influence those arrival times. The sampling rates of all kinds of hardware components may also play a role, because they directly influence the values and the granularity of those event arrival times.<\/p>\n<p>In the end, to the best of our knowledge, the kernel\u2019s entropy estimate is pretty good. Which means it\u2019s conservative. People argue about how good it really is, but that issue is far above my head. Still, if you insist on never handing out random numbers that are not \u201cbacked\u201d by sufficient entropy, you might be nervous here. I\u2019m sleeping sound because I don\u2019t care about the entropy estimate.<\/p>\n<p>So to make one thing crystal clear: both \/dev\/random and \/dev\/urandom are fed by the same CSPRNG. Only the behavior when their respective pool runs out of entropy, according to some estimate, differs: \/dev\/random blocks, while \/dev\/urandom does not.<\/p>\n<h4 id=\"from-linux-48-onward\">From Linux 4.8 onward<\/h4>\n<p>In Linux 4.8 the equivalency between \/dev\/urandom and \/dev\/random was given up. Now \/dev\/urandom output does not come from an entropy pool, but directly from a CSPRNG.<\/p>\n<figure>\n<img src=\".\/structure-new.png\"\nalt=\"Actual structure of the kernel\u2019s random number generator from Linux 4.8 onward\"\nwidth=\"720\"\nheight=\"960\"\n\/><\/figure>\n<p>Actual structure of the kernel\u2019s random number generator from Linux 4.8 onward<\/p>\n<p><a href=\"#the-csprngs-are-alright\">We will see shortly<\/a> why that is not a security problem.<\/p>\n<h2 id=\"whats-wrong-with-blocking\">What\u2019s wrong with blocking?<\/h2>\n<p>Have you ever waited for \/dev\/random to give you more random numbers? Generating a PGP key inside a virtual machine maybe? Connecting to a web server that\u2019s waiting for more random numbers to create an ephemeral session key?<\/p>\n<p>That\u2019s the problem. It inherently runs counter to availability. So your system is not working. It\u2019s not doing what you built it to do. Obviously, that\u2019s bad. You wouldn\u2019t have built it if you didn\u2019t need it.<\/p>\n<p>But the problem runs even deeper: people don\u2019t like to be stopped in their ways. They will devise workarounds, concoct bizarre machinations to just get it running. People who don\u2019t know anything about cryptography. Normal people.<\/p>\n<aside>\nI\u2019m working on safety-related systems in factory automation. Can you guess what the main reason for failures of safety systems is? Manipulation. Simple as that. Something about the safety measure bugged the worker. It took too much time, was too inconvenient, whatever. People are very resourceful when it comes to finding \u201cinofficial solutions\u201d.\n<\/aside>\n<p>Why not patching out the call to random()? Why not having some guy in a web forum tell you how to use some strange ioctl to increase the entropy counter? Why not switch off SSL altogether?<\/p>\n<p>In the end you just educate your users to do foolish things that compromise your system\u2019s security without you ever knowing about it.<\/p>\n<p>It\u2019s easy to disregard availability, usability or other nice properties. Security trumps everything, right? So better be inconvenient, unavailable or unusable than feign security.<\/p>\n<p>But that\u2019s a false dichotomy. Blocking is not necessary for security. As we saw, \/dev\/urandom gives you the same kind of random numbers as \/dev\/random, straight out of a CSPRNG. Use it!<\/p>\n<h2 id=\"the-csprngs-are-alright\">The CSPRNGs are alright<\/h2>\n<p>But now everything sounds really bleak. If even the high-quality random numbers from \/dev\/random are coming out of a CSPRNG, how can we use them for high-security purposes?<\/p>\n<p>It turns out, that \u201clooking random\u201d is the basic requirement for a lot of our cryptographic building blocks. If you take the output of a cryptographic hash, it has to be indistinguishable from a random string so that cryptographers will accept it. If you take a block cipher, its output (without knowing the key) must also be indistinguishable from random data.<\/p>\n<p>If anyone could gain an advantage over brute force breaking of cryptographic building blocks, using some perceived weakness of those CSPRNGs over \u201ctrue\u201d randomness, then it\u2019s the same old story: you don\u2019t have anything left. Block ciphers, hashes, everything is based on the same mathematical fundament as CSPRNGs. So don\u2019t be afraid.<\/p>\n<h2 id=\"what-about-entropy-running-low\">What about entropy running low?<\/h2>\n<p>It doesn\u2019t matter.<\/p>\n<p>The underlying cryptographic building blocks are designed such that an attacker cannot predict the outcome, as long as there was enough randomness (a.k.a. entropy) in the beginning. A usual lower limit for \u201cenough\u201d may be 256 bits. No more.<\/p>\n<p>Considering that we were pretty hand-wavey about the term \u201centropy\u201d in the first place, it feels right. As we saw, the kernel\u2019s random number generator cannot even precisely know the amount of entropy entering the system. Only an estimate. And whether the model that\u2019s the basis for the estimate is good enough is pretty unclear, too.<\/p>\n<h2 id=\"re-seeding\">Re-seeding<\/h2>\n<p>But if entropy is so unimportant, why is fresh entropy constantly being injected into the random number generator?<\/p>\n<p>First, it cannot hurt. If you\u2019ve got more randomness just lying around, by all means use it!<\/p>\n<aside>\n<a href=\"http:\/\/blog.cr.yp.to\/20140205-entropy.html\">djb remarked<\/a> that more entropy actually can hurt.\n<\/aside>\n<p>There is another reason why re-seeding the random number generator every now and then is important:<\/p>\n<p>Imagine an attacker knows everything about your random number generator\u2019s internal state. That\u2019s the most severe security compromise you can imagine, the attacker has full access to the system.<\/p>\n<p>You\u2019ve totally lost now, because the attacker can compute all future outputs from this point on.<\/p>\n<p>But over time, with more and more fresh entropy being mixed into it, the internal state gets more and more random again. So that such a random number generator\u2019s design is kind of self-healing.<\/p>\n<p>But this is injecting entropy into the generator\u2019s internal state, it has nothing to do with blocking its output.<\/p>\n<h2 id=\"the-random-and-urandom-man-page\">The random and urandom man page<\/h2>\n<aside>\n<strong>Update!<\/strong> There has actually been an updated version of the Linux kernel man page for \/dev\/random and \/dev\/urandom. Unfortunately, a simple web search still turns up the old, deficient version I\u2019m describing here in the top results. Furthermore, many Linux distributions still ship the old man pages. So unfortunately this section needs to stay a bit longer in the essay. I\u2019m so looking forward to deleting it!\n<\/aside>\n<p>The man page for \/dev\/random and \/dev\/urandom is pretty effective when it comes to instilling fear into the gullible programmer\u2019s mind:<\/p>\n<blockquote>\n<p>A read from the \/dev\/urandom device will not block waiting for more entropy. As a result, if there is not sufficient entropy in the entropy pool, the returned values are theoretically vulnerable to a cryptographic attack on the algorithms used by the driver. Knowledge of how to do this is not available in the current unclassified literature, but it is theoretically possible that such an attack may exist. If this is a concern in your application, use \/dev\/random instead.<\/p>\n<\/blockquote>\n<p>Such an attack is not known in \u201cunclassified literature\u201d, but the NSA certainly has one in store, right? And if you\u2019re really concerned about this (you should!), please use \/dev\/random, and all your problems are solved.<\/p>\n<p>The truth is, while there may be such an attack available to secret services, evil hackers or the Bogeyman, it\u2019s just not rational to just take it as a given.<\/p>\n<p>And even if you need that peace of mind, let me tell you a secret: no practical attacks on AES, SHA-3 or other solid ciphers and hashes are known in the \u201cunclassified\u201d literature, either. Are you going to stop using those, as well? Of course not!<\/p>\n<p>Now the fun part: \u201cuse \/dev\/random instead\u201d. While \/dev\/urandom does not block, its random number output comes from the very same CSPRNG as \/dev\/random\u2019s.<\/p>\n<p>If you really need information-theoretically secure random numbers (you don\u2019t!), and that\u2019s about the only reason why the entropy of the CSPRNG\u2019s input matters, you can\u2019t use \/dev\/random, either!<\/p>\n<p>The man page is silly, that\u2019s all. At least it tries to redeem itself with this:<\/p>\n<blockquote>\n<p>If you are unsure about whether you should use \/dev\/random or \/dev\/urandom, then probably you want to use the latter. As a general rule, \/dev\/urandom should be used for everything except long-lived GPG\/SSL\/SSH keys.<\/p>\n<\/blockquote>\n<aside>\nThe <a href=\"https:\/\/man7.org\/linux\/man-pages\/man4\/random.4.html\">current, updated version<\/a> of the man page says in no uncertain terms: The \/dev\/random interface is considered a legacy interface, and \/dev\/urandom is preferred and sufficient in all use cases, with the exception of applications which require randomness during early boot time; for these applications, getrandom(2) must be used instead, because it will block until the entropy pool is initialized.\n<\/aside>\n<p>Fine. I think it\u2019s unnecessary, but if you want to use \/dev\/random for your \u201clong-lived keys\u201d, by all means, do so! You\u2019ll be waiting a few seconds typing stuff on your keyboard, that\u2019s no problem.<\/p>\n<p>But please don\u2019t make connections to a mail server hang forever, just because you \u201cwanted to be safe\u201d.<\/p>\n<h2 id=\"orthodoxy\">Orthodoxy<\/h2>\n<p>The view espoused here is certainly a tiny minority\u2019s opinions on the Internet. But ask a real cryptographer, you\u2019ll be hard pressed to find someone who sympathizes much with that blocking \/dev\/random.<\/p>\n<p>Let\u2019s take <a href=\"http:\/\/www.mail-archive.com\/cryptography@randombit.net\/msg04763.html\">Daniel Bernstein<\/a>, better known as djb:<\/p>\n<blockquote>\n<p>Cryptographers are certainly not responsible for this superstitious nonsense. Think about this for a moment: whoever wrote the \/dev\/random manual page seems to simultaneously believe that<\/p>\n<ol>\n<li>we can\u2019t figure out how to deterministically expand one 256-bit \/dev\/random output into an endless stream of unpredictable keys (this is what we need from urandom), but<\/li>\n<li>we can figure out how to use a single key to safely encrypt many messages (this is what we need from SSL, PGP, etc.).<\/li>\n<\/ol>\n<\/blockquote>\n<blockquote>\n<p>For a cryptographer this doesn\u2019t even pass the laugh test.<\/p>\n<\/blockquote>\n<p>Or <a href=\"http:\/\/security.stackexchange.com\/questions\/3936\/is-a-rand-from-dev-urandom-secure-for-a-login-key\/3939#3939\">Thomas Pornin<\/a>, who is probably one of the most helpful persons I\u2019ve ever encountered on the Stackexchange sites:<\/p>\n<blockquote>\n<p>The short answer is yes. The long answer is also yes. \/dev\/urandom yields data which is indistinguishable from true randomness, given existing technology. Getting \u201cbetter\u201d randomness than what \/dev\/urandom provides is meaningless, unless you are using one of the few \u201cinformation theoretic\u201d cryptographic algorithm, which is not your case (you would know it).\nThe man page for urandom is somewhat misleading, arguably downright wrong, when it suggests that \/dev\/urandom may \u201crun out of entropy\u201d and \/dev\/random should be preferred;<\/p>\n<\/blockquote>\n<p>Or maybe <a href=\"http:\/\/sockpuppet.org\/blog\/2014\/02\/25\/safely-generate-random-numbers\/\">Thomas Ptacek<\/a>, who is not a real cryptographer in the sense of designing cryptographic algorithms or building cryptographic systems, but still the founder of a well-reputed security consultancy that\u2019s doing a lot of penetration testing and breaking bad cryptography:<\/p>\n<blockquote>\n<p>Use urandom. Use urandom. Use urandom. Use urandom. Use urandom. Use urandom.<\/p>\n<\/blockquote>\n<h2 id=\"not-everything-is-perfect\">Not everything is perfect<\/h2>\n<p>\/dev\/urandom isn\u2019t perfect. The problems are twofold:<\/p>\n<p>On Linux, unlike FreeBSD, \/dev\/urandom never blocks. Remember that the whole security rested on some starting randomness, a seed?<\/p>\n<p>Linux\u2019s \/dev\/urandom happily gives you not-so-random numbers before the kernel even had the chance to gather entropy. When is that? At system start, booting the computer.<\/p>\n<p>FreeBSD does the right thing: they don\u2019t have the distinction between \/dev\/random and \/dev\/urandom, both are the same device. At startup \/dev\/random blocks once until enough starting entropy has been gathered. Then it won\u2019t block ever again.<\/p>\n<p>On Linux it isn\u2019t too bad, because Linux distributions save some random numbers when booting up the system (but after they have gathered some entropy, since the startup script doesn\u2019t run immediately after switching on the machine) into a seed file that is read next time the machine is booting. So you carry over the randomness from the last running of the machine.<\/p>\n<p>Obviously that isn\u2019t as good as if you let the shutdown scripts write out the seed, because in that case there would have been much more time to gather entropy. The advantage is obviously that this does not depend on a proper shutdown with execution of the shutdown scripts (in case the computer crashes, for example).<\/p>\n<p>And it doesn\u2019t help you the very first time a machine is running, but the Linux distributions usually do the same saving into a seed file when running the installer. So that\u2019s mostly okay.<\/p>\n<p>Virtual machines are the other problem. Because people like to clone them, or rewind them to a previously saved check point, this seed file doesn\u2019t help you.<\/p>\n<p>But the solution still isn\u2019t using \/dev\/random everywhere, but properly seeding each and every virtual machine after cloning, restoring a checkpoint, whatever.<\/p>\n<aside>\n<strong>Update!<\/strong>\nIn the meantime, Linux has implemented a new syscall, originally introduced by OpenBSD as getentropy(2): getrandom(2). This syscall does the right thing: blocking until it has gathered enough initial entropy, and never blocking after that point. Of course, it is a syscall, not a character device, so it isn\u2019t as easily accessible from shell or script languages. It is available from Linux 3.17 onward.\n<\/aside>\n<h2 id=\"tldr\">tldr;<\/h2>\n<p><strong>Just use \/dev\/urandom!<\/strong><\/p>"},{"title":"Harmonized standards and EU directives","link":"https:\/\/www.thomas-huehn.com\/harmonized-standards-and-eu-directives\/","pubDate":"Sat, 01 Mar 2014 23:00:00 +0000","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/harmonized-standards-and-eu-directives\/","description":"<p>In product development in the EU today, the requirement to conform with EU directives and other legal statutes is pervasive.<\/p>\n<p>And while engineers usually manage to fulfil these requirements on the technical level quite well, it can be disillusioning to hear them talk about the perceived legal mechanisms.<\/p>\n<p>The notion that standards (by IEC or ISO) themselves carry legal force is surprisingly common. Also, many engineers actually believe that EU directives are directly binding law.<\/p>\n<p>But that&rsquo;s just false. So I&rsquo;d like to broadly paint the picture of the interplay of EU directives, national laws and international standards.<\/p>\n<p>As an example I choose the <a href=\"http:\/\/eur-lex.europa.eu\/LexUriServ\/LexUriServ.do?uri=OJ:L:2006:157:0024:0086:EN:PDF\">Directive 2006\/42\/EG<\/a>, concerning machinery.<\/p>\n<p>This is just one example, but it&rsquo;s a blueprint for other directives, as well. The relevant law may be a different one, but it works just the same.<\/p>\n<p>So, legally it works like this:<\/p>\n<ol>\n<li>\n<p>The EU issues a directive. Directives are not directly binding (some gray areas have developed over the years) and must be implemented by national legislatures into national law. The directive is the base line, national legislators may go above and beyond what the directive calls for.<\/p>\n<\/li>\n<li>\n<p>In Germany we have implemented this directive in the \u201cProduktsicherheitsgesetz\u201d (Product Safety Act). You can find a translation <a href=\"http:\/\/www.bmas.de\/SharedDocs\/Downloads\/DE\/PDF-Meldungen\/produktsicherheitsgesetz-prdsg-englisch.pdf?__blob=publicationFile\">here<\/a>.<\/p>\n<\/li>\n<li>\n<p>The law authorizes quite a few ministers to issue regulations that deal with specific things (in this example: the Ninth Regulation deals with machinery safety).<\/p>\n<p>Those regulations usually refer back to the EU Directive, incorporating it partly.<\/p>\n<p>For example, in the Ninth you can <a href=\"http:\/\/www.gesetze-im-internet.de\/gsgv_9\/__3.html\">see<\/a> that some requirements are basically just worded as \u201cmust meet requirements A, B and C from 2006\/42\/EG\u201d or \u201cmust provide documentation as per Annex I of 2006\/42\/EG\u201d.<\/p>\n<\/li>\n<li>\n<p>Law and Regulations must be obeyed. Not some \u201cEU law\u201d. This law. And only this law.<\/p>\n<\/li>\n<li>\n<p>The key insight is: how you meet the requirements is up to you. Also, the burden of proof that you&rsquo;ve met those requirements is yours.<\/p>\n<p>Because those requirements are rather vague and abstract, and this burden of proof is not easily met, the law provides for some \u201cconvenience route\u201d (well, and because that&rsquo;s the idea behind the EU&rsquo;s \u201cNew Approach\u201d):<\/p>\n<p>You may demonstrate that you meet the requirements of certain applicable standards. If you do this (and you still have the burden of proof here!), you are automatically assumed to be in compliance with the law and the regulations.<\/p>\n<p>That&rsquo;s the so-called <em>assumption of conformity.<\/em><\/p>\n<\/li>\n<li>\n<p>And that&rsquo;s where <a href=\"http:\/\/eur-lex.europa.eu\/LexUriServ\/LexUriServ.do?uri=OJ:C:2013:348:0005:0062:EN:PDF\">this linked table<\/a> comes in: those are standards that are \u201charmonized under the Directive\u201d.<\/p>\n<p>If you find a standard that&rsquo;s (partly) applicable (you may not use a nuclear reactor standard to claim conformance of your children&rsquo;s toys\u2026) on that list, you may shift your burden of proof from the law and the regulations to the standard (as far as it&rsquo;s applicable).<\/p>\n<\/li>\n<li>\n<p>So far it doesn&rsquo;t sound very exciting. You just swapped one set of requirements where you bear the burden of proof with another set of requirements where you also bear the burden of proof.<\/p>\n<p>The point is, those standards are tailored to your field, so they are much more practical and manageable.<\/p>\n<p>And the real kicker is this: you can get certification by T\u00dcV, BG and other \u201cnotified bodies\u201d provided for by EU law, that you&rsquo;ve met the requirements of the standard. You probably won&rsquo;t get T\u00dcV or BG to certify that you&rsquo;ve met the requirements of the law itself.<\/p>\n<\/li>\n<li>\n<p>But you&rsquo;re always free to disregard any and all harmonized standards. If you feel good about meeting the requirements of the national law and regulations without the help of harmonized standards (and in some fields you mostly have to do that anyway, because no really applicable harmonized standards exist), you&rsquo;re free to do so.<\/p>\n<\/li>\n<\/ol>"},{"title":"3:16 Bible Texts Illuminated","link":"https:\/\/www.thomas-huehn.com\/3-16-bible-texts-illuminated\/","pubDate":"Tue, 23 Feb 2010 20:55:36 +0100","author":"mail@thomas-huehn.com (Thomas H\u00fchn)","guid":"https:\/\/www.thomas-huehn.com\/3-16-bible-texts-illuminated\/","description":"<p>The Bible, book of books. But few people who aren&rsquo;t already deeply believing have really read large parts of it. Some phrases from it have entered our culture and common vocabulary, but because of its length the Bible can intimidate. Even those who would acknowledge that they should have read it already, if only for its significance for the western world.<\/p>\n<p>If a complete reading is out of the question (and I don&rsquo;t want to deter anyone, but practice shows that this is only interesting to a small part of the population), the question is: how to approach it.<\/p>\n<p>A quite incomplete, but even more fascinating possibility is this book, <strong>\u201c3:16 Bible Texts Illuminated\u201d<\/strong> by <strong>Donald E. Knuth.<\/strong><\/p>\n<p>Professor Knuth may be the most famous computer scientist, with innumerable profound contributions to his field, as to neighbouring fields. And he is a devout Christian.<\/p>\n<p>This book follows the method he used in structuring a Bible course he first led many years ago.<\/p>\n<p>Instead of reading the Bible cover to cover he selected single verses to talk about those more deeply.<\/p>\n<p>So far nothing unusual, the time constraints of a Bible course already forces this.<\/p>\n<p>But he didn&rsquo;t just select his favourite verses. or the best known verses, or the central verses of the big books (the Evangelists, for example). No, he let chance govern the selection. He took random samples, respecting the higher-level groupings (the books).<\/p>\n<p>The Bible contains about thirty thousand verses. A selection of sixty of them should give interesting and more or less representative insight into the whole. Sixty totally random verses would have been fine, but sixty verses, one of (almost) each book, should be even better, because in this way every book (and thus every author) should be represented.<\/p>\n<p>And as the title says, his selection fell on chapter three, verse sixteen of every book (with the well-known verse from John as the basis), modulo some obvious modifications of that rule, for books with third chapters that are too short or don&rsquo;t have three chapters at all. All in all ninety-five books remain.<\/p>\n<p>The presentation of all these books and their verses 3:16 is always the same on four consecutive pages:<\/p>\n<p>First the book of the Bible is described. What is it about? What story is being told, if one is told? In which time does it sit? What were the circumstances in which the people of Israel found themselves?<\/p>\n<p>Followed by a page that is central: The verse 3:16 from this book, interpreted in calligraphy, by varied artist. Those calligraphies are beautiful and are being sold separately on a poster.<\/p>\n<p>The third and fourth page repeat the verse in the margin and contain Knuth&rsquo;s thought about the verse. This is the interpretative part.<\/p>\n<p>My conclusion: Worth a read. But especially worth a look.<\/p>\n<p>Knuth is an amateur theologian, at best, even spending lots of time in libraries. You cannot expect special discoveries of theological nature. But he succeeds in establishing some understanding for those times and in placing biblical stories in historical context.<\/p>\n<p>The calligraphies are the book&rsquo;s real climax. And this unorthodox approach to the Bible focusses the eye on verses that wouldn&rsquo;t find much attention otherwise.<\/p>"}]}}