Comment by 0xbadcafebee

Numbers 1, 4-8, and 11-18, are all Truisms. The rest are not:

"2. Complex systems are heavily and successfully defended against failure"

Many complex systems are weakly defended, sometimes not at all. Sometimes the defense is accidental or incidental. Sometimes they are heavily yet unsuccessfully defended. Never attribute to defense that which can be attributed to purely random chance, ignorance, convenience, and avoidance of responsibility.

"3. Catastrophe requires multiple failures – single point failures are not enough."

Catastrophe definitely can and does happen from single points of failure. It's just that in highly defended systems, multiple failures are common.

"9. Human operators have dual roles: as producers & as defenders against failure."

These can be distinct roles, but in practice that requires extra money, staffing, etc which makes it rare. However, there are systems in which defense becomes its own role, often because the producers suck at it or don't want to do it, or are just really busy.

"10. All practitioner actions are gambles."

On the fence about this one. I would say all practitioner changes are gambles. A practitioner looking at a pressure gauge dial is an action, but it isn't a gamble. Unless the gauge needle sticks, and reading it was a critical action... I suppose you could say all actions are gambles, and changes are much more risky gambles, and non-change actions are likely to be seen as non-risky.