This is the first in a series of blog post responses I’m writing about the current book I’m reading as part of book club. This one got me thinking a lot, and I often forget what I come up with, especially when I read through a book too fast. This is my response, not a review, so it’s best to read the book yourself first.

Chapter 1: Optimal stopping

It’s very interesting that there is a mathematical solution to this problem. I would have just gone by intuition and feel on this one, but I like the logic, and I like the explanation of the math, and the charts.

The secretary problem feels unfair to me. If the best candidate comes first, you have to turn her down because you don’t know that she’s the best. It just seems like a very inefficient way to do a hiring process. I think that’s why I often overlooked game theory in general. “Battle of the Sexes”, for example. The premise is kind of silly. Each player wants to do one thing more, but each doing their own thing is the least desireable outcome. So, they each guess what thing to go to (opera or sports game), hoping that the other player will choose the same thing. The obvious solution seems to be to communicate, plan, and compromise ahead of time, so the description of the game didn’t make sense. But the book explains the secretary problem very well, and many of its modern real-world uses.

Using math and logic to counter fear and irrational thinking? priceless. Fear of losing, fear of missed opportunities, etc.

Now, how can I apply this to my decision-making? The first thing that came to mind while I was reading this was the recent OAuth work I did. I had to do a certain amount of research about the proper methods to use, and the potential attack vectors and security holes. How much research needed to be done before I know enough to do the spec and implementation? Well…. I don’t have any numbers to plug in. If I had a tight deadline, maybe 37% would be a fair amount of time to spend on research. But… we don’t know what we don’t know, and lack of knowledge means lack of ability to accurately estimate the time needed to design and code a solution. So, it’s an open-ended problem, then. I just went with my intuition. At some point, I felt like I was 95% of the way there. I knew there were edge-cases that I didn’t understand, and I knew that I didn’t know all the factors, but after reading the OAuth2 RFCs on best practices and the OpenID Connect core documentation, I felt like I had done enough research.

Is it perfect? Probably not. Do I understand everything? No, but, we plan to hire a security auditor to go over it. Someone who’s spent much more time than I have on learning the problem domain, and could evaluate what we have more efficiently.

So I guess Optimal stopping doesn’t apply to OAuth.

Now, the big example in this chapter is the search for a spouse. The altered versions of the optimal stopping algorithm seem usable. What did I do, personally? I used different parameters in the search. I searched for the optimal close friend who was romantically compatible. I didn’t think about it like a math or logic problem, though. I relied on prayer, inner voice, and experience. We all have a lot more life experience in choosing good friends by the time we’re ready to marry, and having a good, trusted friend is more valuable in the long run… and I’ll stop before it gets too personal. My recommendation is simple: learn to choose good friends, and choose your best compatible friend to be your spouse.