Skip to main content

Being out of the box

Often being in a box is a matter of point of view. Oftentimes when I'm trying to think of ideas and solutions, and I feel stuck, I remember ask myself the "who, what, where, why, when, and how" types of questions . But when I don't remember that tool for thought, I'm  lucky enough to be working with a group of people who regularly show me other ways to think "out-of-the-box" as it were.

Today I was asked a question that I tried to answer for a co-worker. They were using R studio and editing an HTML table, and they needed to get some space between some columns. It was a technical issue, and my first idea, adding a non-breaking space to a collapsed column in-between the columns, didn't work. I didn't understand why it didn't work, because in other circumstances it would have worked fine. In fact, the behavior I got seemed entirely wrong and I didn't know why. I knew at worst my solution should have no effect, but that fact that it simply inserted the exact "&nbsp" text mystified me. So, my reaction was to dig in deeper and figure out why my solution wasn't working, before long my co-worker was trying to wrest control of his computer back from me as I got completely absorbed in trying to help him. 

I ran out of time and thus I mentioned the problem to another colleague, who is one of these "out of the box" people. As she so often does, she came up with an entirely different approach which easily solved the problem. Her answer was to simply set the column widths - and get the white-space that way. She was thinking about the original problem, which was great, but I had asked about why am I seeing thing "&nbsp" string? She probed a little, to get the original question and then had a better solution for it. 

Thinking about the solution she did come up with, I realized I was focusing on the question of "why doesn't this work" while she looked at the larger problem of "how can you solve the original problem". These are obviously two different frames of reference. "Why" doesn't x or y work versus, "what" is the problem that needs to be solved and how can we look at it differently. It's often a matter of having too narrow of a focus. "I have a hammer, how can I use that to put these two boards together?" against "Instead of using two pieces of wood together, what if I simply cut the piece I need out of that other piece of wood over there?"

I try to shake my frame of reference up when I ask myself "who, what, where, why, when, and how" and it just seemed to me that this was a good example of how I should be ever watchful for those sorts of moments.

Comments

Post a Comment

Popular posts from this blog

You don't really know who you're talking to online...

The following is a story that I think highlights the assumptions that get you into trouble online... https://www.proofpoint.com/us/blog/threat-insight/i-knew-you-were-trouble-ta456-targets-defense-contractor-alluring-social-media This is particularly scary since we found so much utility in online connections during the pandemic and out of necessity, started trusting more online. Please note the timeline for this breach - it was a long, slow process, a key factor in many 'cons'. "Build trust" is a key first step, once someone has identified you as a party. You think...you're convinced you know who your talking to, but if you don't triangulate the identity with some non-online, ideally in-person information, you shouldn't trust. And even if you do get what seems like real-life confirmations of identity, you must look at questioning motives, needs, and keeping danger at arms-length. Online includes email, texting (sms), application chatbots, voice communicati...
Post a Comment
Read more

Threat Modeling Manifesto

Secure Your Code with Threat Modeling As a software developer, security should be a top priority. By proactively identifying and addressing potential vulnerabilities, you can significantly reduce the risk of breaches and data loss. What is Threat Modeling?   Threat modeling is a systematic approach to identifying, assessing, and mitigating security threats. It involves looking at your system from a hacker's perspective to uncover weaknesses and devise strategies to protect against attacks. See the  OWASP Cheat Sheet   Why is Threat Modeling Important? Proactive Security: By anticipating potential threats, you can take steps to prevent them. Risk Mitigation: Identify and address vulnerabilities before they can be exploited. Regulatory Compliance: Adhere to industry standards and regulations. Enhanced Security Posture: Strengthen your overall security posture. How to Get Started with Threat Modeling   The Threat Modeling Manifesto provides a valuable framewor...
Post a Comment
Read more

Where threat modeling can shine - an example from the EU MDCG-2019

From the  EU  MDCG 2019-16 Guidance on Cybersecurity for medical devices, December 2019 , this is the guidance on foreseeable risks.  Medical device manufacturers should ensure that a medical device is designed and manufactured in a way that ensures that the risks associated with reasonably foreseeable environmental conditions are removed or minimised. This may include the infield monitoring of the software’s vulnerabilities and the possibility to perform a device update (outside the context of a field safety corrective action) through, for example delivering patches to ensure the continued security of the device. During the risk management process, the manufacturer should foresee or evaluate the potential exploitation of those vulnerabilities that may be a result of reasonably foreseeable misuse. This, however, may depend on the specific situation. For example, using an unsecured memory-stick to enter data into a medical IT system can be considered “reasonably foreseeabl...
Post a Comment
Read more