Comment by NovemberWhiskey
2 years ago
Another variation on the problem is the over-allocation of resources to preventing problems which actually happened once, versus those that are more severe but haven't happened yet.
This is a management problem, because no-one wants to be accountable for a repeat incident even if it was rational to be working on something else more important.
> Another variation on the problem is the over-allocation of resources to preventing problems which actually happened once, versus those that are more severe but haven't happened yet.
I've heard this called "institutional scarring" in a blog post somewhere. The idea is a small wound can be replaced with tough inflexible tissue. The jist of the blog post was that just because something happened, doesn't mean you have to change things to ensure it never happens again because that can be an over-reaction that really burdens your future. Accept that loss and that it just might happen again, but that may be better than onerously preventing it with certainty.
I called the dev form of this “tech trauma.”
e.g., You were tasked with working on a ball of mud and it was miserable, so the next system you get the chance to build has to be the most scalable, modular, and cutting-edge thing ever, just to be safe.
I remember this blog post, it was also a chapter in their book Rework https://signalvnoise.com/archives2/dont_scar_on_the_first_cu...
For posterity: the term is actually "organizational scar tissue" not "institutional scarring".
Surprised you found it despite my butchery!
Same thing constantly happens in governments, too. "Oh no, something that's been done for 200 years now caused issues once! We have to restrict/regulate/bureaucratize/outlaw it immadiately!"
There's a ton of reactionary legislation on the books that exists pretty much entirely because politicians wanted to be seen doing something. It's mostly crap.
A lot of gun legislation is like this. Whatever your view of guns is, there is no rationale for a "safe hand gun roster" like California's where the Glock 17 Gen 3 is on it, but the Gen 5 -- which introduces a basic safety improvement for left-handed people -- is not.
This is probably a bit too cynical; it's not just "politicians who want to be seen doing something"; the public often wants something done as well. And "we didn't do anything after that incident from ten years ago and now it happened again" is not a good look. Complex stories about trade-offs and the cure being worse than the disease often don't "play well" in the media, especially not with the opposition demanding that "something could have been done!" And corporations tend to be pathologically risk-averse.
Politicians, the media, corporations, and the public all have a part in this.
>the public often wants something done as well.
Sure, that's why the politicians want to be seen doing it. But the legislative focus is often on getting something passed now while it's a hot issue rather than on eventually getting a good bill passed (let alone deciding that we actually already have the correct amount of legislation on the topic).
> the public often wants something done as well
Like many other problems in politics, the root of the problem is the other voters.
Yeah, the legendary politician's fallacy:
1) We must do something.
2) This is something.
3) Therefore, we must do this.
https://www.youtube.com/watch?v=vidzkYnaf6Y
I thought that was the voter's fallacy.
1 reply →
This is basically how all bureaucracy comes about. In startups everything is so new that problems haven't had time to happen. In big tech, because they have a tremendous knowledge base of previous incidents and the resulting safeguards, every single step seems mired in bureaucracy.
This is why death is a feature and not a bug.
The thing is: it's very easy to play up the likelihood and severity of problems that are entirely imaginary. This can be just a bad habit, but also a deliberate tactic. In either case, a lot of effort, time, money, etc. is wasted.
Waiting for something to actually happen before allocating resources to preventing it is (to some degree) a rational policy.
yeah that to the Ai doomers who are making six figures off of it
The argument there is that waiting for "it" to happen would be way too late. Especially if "it" is a billion people are dead and the rest of the people don't have much time.
1 reply →
I have worked in finance tech all my career, so I'm not sure how other orgs work, but this is extremely pertinent. Large investment banks react exactly like this.
I spent a miserable year trying to convince people that they were over-reacting to an outage and there was a very simple solution to the exact problem that occurred. But when senior managers see their jobs at risk because of a repeat, they'll mandate that the entire department review their code for similar issues and remediate. They'll also listen to the loudest voices who somehow come up with massively over-engineered solutions.
Another example, we had a password expire which caused an outage on our trading stack. The amount of effort that went into stupidly convoluted hand-crafted solutions ensuring this "didn't happen again" was laughable. And in the end, after more than a year of work, the whole thing was abandoned in favour of a much simpler centralised solution that should have been done from the start.