Adrian and I are hard at work on our Building a Web Application Program series, and it led to an interesting discussion this morning on writing and writing styles. I’m fortunate that I’ve always been a pretty good writer; likely because I was a total bookworm as a kid. As with many things in life, if you are good at writing you often gain the opportunity to write more frequently. And the more you write, the better you write, and the more likely you are to develop and understand writing styles.

Today we talked about passive voice, passive language, and brevity. Brevity is something I always struggle with. Most professional writers I talk with agree that it is more difficult to write a shorter piece than a longer one. As a college student in history, I didn’t worry too much about that since professors usually set minimum page counts and I wrote to fill that space as much as to cover the topic. At Gartner, we targeted 3-5 pages with a max of 14,000 words for a normal research note. When I write my online articles and columns for people like Macworld and Dark Reading, they typically ask for 500-800 words. It often takes me more time to write shorter than longer since I’m forced to focus more on the meat.

I’ve become fascinated with the use of language now that I get paid to put my words on the page. How word and grammar choices affect the interpretation of my work, and audience receptiveness, as much or more than the content. For example, I find that passive voice makes you sound indecisive, confusing, and less authoritative. Passive voice is also closely tied to passive language in general- which although grammatically correct, is inefficient for communicating. For example, the first time I wrote this post I started with, “Adrian and I have been hard at work”. Now it reads, “Adrian and I are hard at work”. The language acts, it’s not acted upon. An example of passive voice is, “the risk of data loss is reduced by DLP”, as opposed to the active variant, “DLP reduces the risk of data loss”. One just sounds stronger and clearer.

I could spend all day talking about writing and writing styles. My personal goals in writing are to keep a conversational style, use active language, be direct, avoid bullshit, and focus on clarity and simplicity. Sometimes that means breaking traditional grammar rules which can be too constraining and force sacrifices of effective style choices. I’m not perfect (just ask our editor Chris), but it seems to work well, Even in my “pontification” posts I try and focus on the main points and reduce extraneous language. Although Gartner left me free (in terms of style) to write how I wanted, I’m a bit more of a taskmaster here at Securosis and require contributors to follow those guiding principles. You pay us (not that most of you pay us) to save you time and money by providing insight and advice to help you do your job, not to write crap that’s hard to understand.

And for those of you who write, and want to be successful, learn to say more with less, write to the correct audience, write with structure (don’t wander around), and always have a goal with each piece- be it an email, blog post, article, or novel. Develop your own writing style, rather than trying to channel someone else’s, and constantly critique your own work.

Now that I’ve wasted four paragraphs on writing with brevity, here is the week’s security summary:

Webcasts, Podcasts, Outside Writing, and Conferences:

Favorite Securosis Posts:

Favorite Outside Posts:

  • Adrian: This Rational Survivability post on ZoHo’s CloudSQL may not have been all that interesting to most, but after I read it, I must have spent half the day looking over the documentation, getting my API key and testing it out. This has a lot of ramifications for not only how we might provide data, how we implement SOA, and as Chris points out, security as well. More to come on this topic.
  • Rich: The EFF guide for security researchers. Anyone who engages in any primary research absolutely must read this article. Although I do very little research of this type, I do follow some very strict personal guidelines to keep myself out of trouble (especially since I do a lot of wireless).

Top News and Posts:

Blog Comment of the Week:

LonerVamp on The Asset Recovery/Phone Home Software Algorythm:
A phone home feature may be cute and make for a good story, but I wouldn’t put much value or dependence on it. Unless it is just a feature to turn on, I’d rather put my money elsewhere with better assurances like disk encryption. Something where I can even go so far as to write off the loss of the hardware but be reasonably assured the data is unrecoverable.
A question I would have: How does the software know the device is missing or not? Does it just always phone home? How does it connect back to the mothership? As an employee, I’d be a little annoyed that my laptop is basically ‘monitored’ even when in my rightful possession, but that’s me and I’m paranoid/tipsy/interested about this stuff. 🙂
Of course, if such a laptop fell into my hands, the first thing I’d do is format the drive, or even outright replace it. shrug

I feel bad I had to pick one; we got a ton of good comments on various posts this week.

Share: