Wednesday, 12 November 2008 11:58 PM

No, you can't teach someone how to solve problems

M' very good friend Nathan Gropman (with whom I work ... wait, no, with whom I am co-employed - he works while I skive off) has postulated that you can teach a person to solve problems, with the benefit of experience and desire. I always considered this to be a question of, "Can this person think for themselves?" but perhaps Nathan is closer to the crux of the matter.

So Nathan says,

I believe that problem solving skills can indeed be learned. It comes with experience. Every problem is different, and every solution brings with it a new set of learning's that assists with the next problem to solve. But, it is a 2-way street and you must want to learn from your experiences in order for your skills to be enhanced.

I think the question of whether you can learn these skills is not experience or desire, it's whether your brain can physically make the connections required to achieve the learning.

I too have worked with a number of people whose problem solving skills are sorely tested just trying to work out which part of the body goes into their trousers in the morning. Some of them need written instructions. I've also worked with people who can, and will, attack a problem like a terrier at a pork chop.

Nathan is definitely one of those people. He's intelligent and articulate, and passionate about his work. If the problem can be solved, he will solve it.

But I still think he's wrong this time.

I think there are actually four categories of people, with respect to problem solving. It seems to be roughly the same demographic sets as we encounter when considering whether people can think. I don't know what to call them, so I'm going to number them 1 to 4 (note that type 4 will not get the status of their own section).

Type 1 People - People who can problem solve already

For the purposes of our discussion here, these people are pretty uninteresting. We cannot determine with these people whether problem solving ability is inbuilt or taught.

Type 2 People - People who can be taught how to solve problems

These are the people who are great to work with as they learn and mature. They are passionate about what they do, have a genuine interest in what they are trying to achieve, and actively work to understand the "bigger picture".

As a result, these people can be taught a problem solving technique, and they will take that technique and apply it to multiple problems, even if the problem is different. The first time it will be applied just the same way it was taught. Maybe the second and third times. But sooner or later that desire for the "big picture" will take over and the person will extend the technique. First by a little, then by a lot. And once that has happened, the person has learned a raft of techniques, and has started down the path of "learning to solve problems".

Sometimes this initial teaching is done by parents with their child, and other times it's done by a more experienced colleague who thinks he or she sees the fire burning in the eyes of the pupil.

These are the people who can be taught to think.

Type 3 People - People who will never be able to solve problems

Type 3 people seem to make up a large portion of the "junior IT" space. They might make up a large portion of many industries, but I've no experience outside the IT industry so I'll not cast aspersions.

Type 3 people are not the group of people who seem not to care. There are plenty of THOSE people out there, but they are part of our fourth group of people, which I shall conveniently name "Wastes of Time".

No, Type 3 people genuinely do care, but they are more passive about their caring. Where Type 2 people seek out ways to improve their knowledge, Type 3 people wait for it to come to them. They have no mental framework in which they can place a new skill to improve their other skills.

As a result, these seem to be the people who need to be told every single time they see an error to take the error message apart and put the key words and error codes into Google searches. The same people who, despite solving the same Outlook problem day in, day out for 3 years STILL refer it to the level 3 support team before they go and follow the procedure written in 40 point type on the first page of the "Idiot's Guide to Solving Outlook Problems in Company X" manual.

The absolute BEST of these people will possibly learn one technique in 5 or 10 years. But having done so, they have exhausted their ability to learn. They will never be a problem solver, for they do not take the approach by the scruff of the neck, shake it to learn its secrets then tear it apart and mould it with their previous ideas and techniques to create new methods to solve problems. In short, they do not THINK.

This, I think, is nature not nurture, for no matter how much nurture is given or how much experience and desire there is, nature steps in and the could-be problem solver is no more.

And that is why you can't necessarily teach someone to solve problems, only a single problem.

You can lead a horse to water, stick its head under the surface, twist its ear and kick it in the sides. It still doesn't have to drink.

Posted by davidr with no comments
Filed under:
Wednesday, 5 November 2008 7:00 PM

ActiveSync: Consumer Email means Windows Live

This is a bit of a WTF, because the MS documentation doesn't seem to match up with the implementation.

There are two policy settings that seem to prevent users from establishing their own personal accounts if they are using your Exchange 2007 ActiveSync service. The first is:

AllowPOPIMAPEmail
This setting specifies whether the user can configure a POP3 or an IMAP4 e-mail account on the device.

The other setting is:

AllowConsumerEmail
This setting specifies whether the mobile device user can configure a personal e-mail account (either POP3 or IMAP4) on the device.

Actually, this second setting is not for controlling POP3 and IMAP4. Configuring this setting to True tells the Windows Mobile 6.1 device to block "WLMService.DLL", which is responsible for connecting to Windows Live services.

So if you configure AllowConsumerEmail = False in your policy, you'll block the use of Hotmail, Live Messenger and all other Live services. If you really wanted to block POP3 and IMAP4 services, use the AllowPOPIMAPEmail = False setting instead.

Addendum: AllowConsumerEmail also looks like it blocks Windows Updates for your Mobile device. It wasn't working, then I set AllowConsumerEmail to True, and lo and behold it started working.

Posted by davidr with no comments
Filed under: , , , ,
Wednesday, 22 October 2008 5:43 PM

The Great Firewall of Australia

Note: Blunt opinion follows. These are not necessarily the views of my employers, past, present or future.

In recent times Australia has been blessed cursed with a series of clueless, idiotic communications ministers each seemingly more ill-informed than the last.

The most recent addition to this list of incompetents is one Hon Stephen Conroy, our Minister for Communications, Broadband and the Digital Economy. One would think that the view on Ministerial function espoused by Yes, Minister would be over the top and exaggerated, yet it appears that this particular Minister is truly hell bent on destroying Communications, Broadband and the Digital Economy in Australia.

His most recent attack of anti-Broadband sentiment brings us the Great Firewall of Australia. Ostensibly a list of "bad sites" that is available for Australians to use to protect themselves and their children from viewing illegal content (think of the children!) it turns out to be a pair of black lists (think of the children!). The first (think of the children!) is a listing of sites not suitable for, you guessed it, children (think of the children!), while the second is apparently "Illegal stuff" (oh PLEASE won't you think of the children!). I say apparently because there is currently no discussion about:

  • What is on the list - will web-based mail services be blocked because you might receive adult spam?;
  • How to get things on the list;
  • How to get things off the list;
  • How granular the list is - will http://www.example.com/, a web hosting site, be entirely blocked because http://www.example.com/sites/usera/site1/subsiteA/ contains instructions on making explosives?;
  • How long until the lists are exploited for political gain (I estimate about 1.2 seconds before the sites of any anti-clean-feed campaigners are blocked as "illegal")

The press release summarises the report but there is of course no detail about what will actually be tested in the ISP trials.

If you're an Australian citizen, and you want to register a dissenting opinion on this, I'd suggest following the lead of the people at No Clean Feed. Here's the letter I wrote, if you're looking for some inspiration.

Letter to Stephen Conroy, Minister for Broadband, Communications and the Digital Economy

If you're for the mandatory clean feed (think of the children!) there's little hope for you.

Posted by davidr with no comments
Filed under: , ,
Friday, 22 August 2008 10:56 AM

Building a CA Hierarchy: Part Oops. How I Screwed Up

This is part Oops of the Building a CA Hierarchy series. If you're just starting, you might want to read the other parts:

Part 1. Building the Root CA
Part 2. Configuring the Root CA
Part 3. Building the Enterprise CA
Part 4. Configuring the Enterprise CA
Part Oops. How I Screwed Up

In the first four parts of my series on configuring Windows 2003 Certificate Authorities I configured the AIA and the CDP as shown here:

 

Turns out there's one major problem with this. When you renew the CA certificate, the AIA and CDP break.

The fix is to change the configuration so that for the AIA, we include the CertificateName variable in each path (in the same place in each file name); for the CDP, we include the CRLNameSuffix variable. Each of these adds the certificate number to the path.

My new AIA paths for Certificate #1 will therefore be:

  • http://pki.pdconsec.net/PDConSec-RootCA(1).CRT for the root CA
  • http://pki.pdconsec.net/PDConSec-CA1(1).CRT for the first CA
  • http://pki.pdconsec.net/PDConSec-CA2(1).CRT for the second CA
The CRL paths will have the same formats:
  • http://pki.pdconsec.net/PDConSec-RootCA(1).CRL for the root CA
  • http://pki.pdconsec.net/PDConSec-PolicyCA1(1).CRL for the first CA
  • http://pki.pdconsec.net/PDConSec-PolicyCA2(1).CRL for the second CA

To get around the need to update old certificates, I continue to publish the old CRL to the old path name (it's just a file copy).
Posted by davidr with no comments
Filed under: , ,
Sunday, 17 August 2008 12:15 AM

Can't install ISA Server if your username contains a hash (#)

This is one of the stranger issues I've had to troubleshoot. Customer decided they were going to identify their administrative users with a # symbol (which I shall call a hash, rather than repeatedly trying to type octothorpe without laughing out loud).

Here's what happens if your administrative user happens to be called "#djr".

  1. Run Setup.
  2. Install your desired selection of components, include Enhanced Logging (this is where the issue lies).
  3. Core Components installs successfully



  4. Error:



  5. Try again. Same error.
  6. Reboot, try again. Same error.
  7. Search Google for the error. Nothing.
  8. Scratch head
  9. Notice that the hash in the username has been replaced with the folder path to which SQL binaries will be installed.

So it seems that the ISA installer uses the hash internally as a placeholder for something, and the use in the username causes it some confusion.

Renamed the account, installed without error straight away.

Posted by davidr with no comments
Filed under: ,
More Posts Next page »