The conclusion of Davies' second extract — about e.g. being bumped off a flight — is recognisable but the conclusions are actually wrong. The situation in these cases is actually more subtle. The person you're speaking to does normally have some capacity to escalate in exceptional cases. But they can't do it as a matter of course, and have to maintain publicly that it's actually impossible.
The people who get what they want in these situations are the ones who are prepared to behave sufficiently unreasonably. This is a second order consequence of 'unaccountability' that Davies misses. For the customer, or object of the system, it incentivises people to behave as unpleasantly as possible — because it's often the only way to trigger the exception / escalation / special case, and get what you want.
macNchz · 7h ago
Having been on both sides of this—working behind a counter and answering phones at various jobs long ago, and being someone who often surprises family and friends with my ability to extract good outcomes from customer service—I think it’s somewhat of a misconception that being as unpleasant as possible is actually effective at getting results.
I fully understand that the godawful CS mazes many companies set up wind up pushing people in that direction, and that it feels like the only option, but I believe quite strongly that being patient and polite but persistent winds up being much more effective than being unpleasant.
As a small case in point: I worked summers in a tiny ice cream shop, most of the time solo. The shop had a small bathroom for employees only—it was through a food prep area where customers were not allowed by health code. I had some leeway to let people back there as it was pretty low-risk, and I would in the evenings when no other businesses were open, or if a little kid was having an emergency. People who were unpleasant from the get-go when placing their order, however, were simply told we had no bathroom at all. People who started shouting when I told them I wasn’t supposed to let people back there (not uncommon!) and suggested a nearby business were never granted exceptions.
amluto · 5h ago
As an exception to the exception, a lot of automated telephone systems have a tree of options, and they try really hard to avoid giving you a real person, and none of the options are helpful. But some of them are programmed to detect swearing and direct users to a representative.
So a valid strategy is to swear at the automated system and then be polite to the real human that you get.
citizenpaul · 3h ago
>none of the options are helpful
Yeah. I got locked out of my capital one account for a "fraud alert" last week. When I tried to login a message said "Call Number XXX" When I called that number I had to go through an endless phone tree and not single option was about fraud alerts or being locked out of accounts. I had to keep going through a forced chute of errors before after about 30 min I finally was able to speak to someone.
Even when I finally got a human they seemed confused about what happened and I had to be transferred several times.
Why would you put a phone number that does not even as a sub option address the issue?
SpaceNoodled · 3h ago
Because they don't give a shit about you, they just want to hold on to your money.
vlovich123 · 2h ago
Well also phone numbers cost money & that kind of "customer excellence" is not incentivized by anyone at the company.
TeMPOraL · 1h ago
Most importantly though, because it's theoretically possible to address the fraud issue through the number they given, eventually, this ticks some regulatory compliance box about giving your customers recourse, and compliance is all that matters to the company - as lack of it would cost them actual money. Individual customers? On the margin, they're less than pocket change.
palmotea · 1h ago
> As an exception to the exception, a lot of automated telephone systems have a tree of options, and they try really hard to avoid giving you a real person, and none of the options are helpful. But some of them are programmed to detect swearing and direct users to a representative.
It usually just works to hit 0 (maybe more than once) or say "talk to an agent," even if those aren't options you're explicitly given.
Detecting swears just seems over-compliated.
TeMPOraL · 1h ago
> It usually just works to hit 0 (maybe more than once) or say "talk to an agent," even if those aren't options you're explicitly given.
Depends on the system and country.
Over here in Poland, I've had or witness several encounters with "artificial intelligence assistants" over the past ~5 years[0], that would ignore you hitting 0, and respond to "talk to an agent" with some variant of "I understand you want to talk to an agent, but before I connect you, perhaps there is something I could help you with?", repeatedly. Swearing, or at least getting recognizably annoyed, tends to eventually cut through that.
--
[0] - Also, annoyingly, for the past 2 years we had cheap LLMs that would be better to handle this than whatever shit they still deploy. Even today, hooking up ChatGPT to the phone line would yield infinitely more helpful bot than whatever garbage they're still deploying. Alas, the bots aren't meant to be helpful.
setr · 4h ago
There’s generally no repercussions to bullying robots — or being nice to one. Aggressively direct, if not outright unsympathetically cruel, is probably the best approach in all scenarios
pixl97 · 3h ago
5 years from now
"ChatGPT has detected you are being hostile to bots. A drone has been dispatched to your location"
Ocha · 6h ago
I was patient and calm for 30 minutes trying to get same day flight after Turkish Airlines bumped me off my connecting flight and told me to wait 24h in airport for next one. They kept giving me different excuses why they cannot put me in airport hotel, why they can’t put me on a different airline that had flights and only gave me $12 food voucher. After yelling at them for 5 min I was booked on KLM flight departing in 2 hours.
You can have assholes on both sides and set up is already adversarial from the get-go
whstl · 2h ago
I once lost a flight home (I was overseas) because the website of a company said there was a connecting bus between the airports I should take. The bus wasn’t there. I naturally lost the flight and had a very heated discussion with the clerk who was insisting that the website I was showing wasn’t theirs because I found it via Google (it had the same domain).
It was solved when I found the same information in the email sent by them.
Suddenly the clerk was apologetic and pretended she misunderstood the situation.
There are definitely capital-A assholes in both sides, with people willing to lie through the teeth to someone stranded in a foreign country just to avoid some minor inconvenience.
t_luke · 5h ago
I’ve had the same experience on a flight. They said the plane was overweight and we couldnt travel. The person I was travelling with became extremely difficult. Then magically, it wasn’t overweight any more.
netsharc · 5h ago
Sounds like AirBnB support, hired to be as big as delaying fuckwits as possible so the company has to pay out as little compensation as possible.
sokoloff · 2h ago
I’ve had overwhelmingly good experiences with AirBnB, but I did have one place that I checked into in Vegas in July with the water shutoff. Support initially suggested that I stay there anyway, since it was only one night. I laughed and politely declined that “resolution” to my case and they eventually relented to refund my money.
ornornor · 5h ago
TK is so heinous I will never ever fly them or go through IST ever again. I’ve been stranded 36 hours in IST, put in the shittiest hotel after queuing 3h for said hôtel and 3h again for a meal voucher that no restaurant accepts.
And they just plainly ignored me when I demanded later they compensate us for the cancelations as per the aviation rules. They did the same when our lawyer got involved.
I’ll never fly TK again and tell anyone whenever this came up. Look reviews up for yourself online, hundreds of people report being stranded, abused, and disrespected in IST by TK the way we were.
TeMPOraL · 1h ago
Problem is, if you start looking up reviews online, it might turn out that every single airline is about as garbage as everyone else.
It's the case with telcos. My pet theory is that there's a kind of stable equilibrium there, with competing telcos all doing the same dirty tricks and being bad to customers in the same ways, and they don't care about losing business, because people don't suddenly stop needing mobile phones or Internet, and thus, on average, for every lost customer that switches to a competitor, they gain one that switched from a competitor.
steveBK123 · 7h ago
Yes unfortunately I've observed this in some support systems.
The best way is to thread the needle between being extremely personally polite to the other human on the line, but going through the required machinations on their runbook to trigger an escalation.
That is - you don't really have to behave unpleasant (raise voice, swear, be impolite, threaten) but you should just refuse to get off the line, demand escalation, and importantly emphasize with their predicament in needing to escalate you. Possibly including phrasing like "what do we need to do to resolve this issue".
I had a cellphone provider send me a $3000 bill because someone apparently was able to open 5 lines & new devices in my name/address. I went through the first few steps of their runbook including going to police department, getting report filed, and providing them the report number. They then tried to demand further work from me and I escalated.
At that point I turned it around - what evidence do you have that I opened this line. Show me the store security footage of me buying the phones, show me the scan of my drivers license, show me my social security number? Tim, are you saying I can just go to the store with your name & address and open 5 lines in your name? Being able to point out the asymmetry of evidence, unreasonableness of their demands, and putting the support staff in my shoes.. they relented and cleared the case.
ethbr1 · 5h ago
> Possibly including phrasing like "what do we need to do to resolve this issue".
"We" phrasing is an empathy hack for CS, because it lets you continue to be nice to the person you're talking to AND be persistent about "our" issue being solved.
It's kind of like judo, especially when faced with an apathetic, resistant, or adversarial rep: "This isn't just my problem. This is our problem. So how can we fix it?"
PS: In the same way that my favorite cancellation reason turns the situation on its head. Don't play the game they've rigged up for you to lose. "Why are you cancelling?" -> "Personal reasons." There's literally no counter-response.
lelandbatey · 3h ago
Alternatively, just lie about the cancellation reason. *"Why are you cancelling your Comcast internet service?" Answer: "I am moving to the Solomon islands, where there is no Comcast service or business for 1000 miles in any direction (at least)."
cruffle_duffle · 11m ago
“I’m going to prison and getting my affairs in order” is a good one too.
throwaway7783 · 4h ago
Doordash tier 1 is so extreme that they terminate conversations unilaterally. One of the worst trashy customer services I've ever seen. Then you yell in the email and you get the right response from a "manager". Waste of everyone's time
selfselfgo · 7h ago
I ask for something, when they say they can’t do that. I say the magic words “Maybe your manager can do it?” You just don’t accept the possibility of your request not being fulfilled, say they are contractually obliged to do, even if you’re not sure, if all else fails reverse the charges on your card. Threatening small claims court works well. I now do that on the on the second email, do I look like a fool? Yes. Do I have a lot of time to investigate your platform's org structure and capabilities when I have dozens of companies like this I deal with daily? No.
teachrdan · 3h ago
Before threatening small claims court (known to be a PITA for the plaintiff), I'll tell them that if they can't resolve it, then they should send me an email telling me so, which I'll forward to my credit card company so they can reverse the charges. Then I'll remind them that that's bad for the business because it increases their transaction fees and ask (again) if there's any way to just refund me. This works for me like 90% of the time.
staticautomatic · 2h ago
Small claims is unbelievably easy! You file a one-page form, pay $50, and then show up on your hearing date.
brett-jackson · 1h ago
Look at the ToS. Frequently there are clauses that force binding arbitration and require the company you are dealing with to pay the arbitration fees.
rfrey · 7h ago
I was once on the phone with a cell phone company customer support rep who was clearly as dis-empowered as it's possible for a worker to be. He was obviously forbidden to hang up on me, so I used my normal tactic of just refusing to give up - I was friendly enough but refused to end the call. He was refusing to escalate my call, but couldn't help me himself.
20 or 25 minutes in I realized that wasn't going to work, so I asked if they had a protocol to escalate in an abusive situation. He said "ummm....". I said, "hey, you're doing a great job, and I hope the rest of your day goes better, and I hope you know you're not a motherfucker, you motherfucker."
I think (hope?) he stifled a laugh and said "I'm afraid I'll have to escalate this call to my manager, sir."
buran77 · 7h ago
> He was obviously forbidden to hang up on me
Plenty of big companies found a workaround. The "forever on hold" routine where they don't hang up, you will eventually. This works perfectly for toll free numbers (so you can't claim you had to pay for the call) and provides just the right amount of plausible deniability (took longer than expected to find an answer, it was an accident, etc.).
I have my suspicions that in some cases this also prevents the survey going out to the customer. All the more reason to abuse it.
TeMPOraL · 6h ago
Is it even possible to keep someone "on hold" forever? My experience (in Poland) was that it'll take at most 20-30 minutes before something somewhere timeouts and the call gets disconnected.
AlotOfReading · 5h ago
I've been on hold for 4+ hours when dealing with the California government. The only timeout there is at the end of the business day, when it will automatically hang up.
ornornor · 3h ago
Try calling the assurance maladie in France :) I gave up after about 80 minutes of their little silly jingle while the agent was allegedly looking for the answer to my problem.
willcipriano · 6h ago
Call in on a second line and ask when you will be taken off hold.
pixl97 · 2h ago
Back before the days that you could do almost everything over internet but cell phones still existed I had to go to a business to do some transactions on a pretty regular basis. Unfortunately they also were required to answer calls during all that and it was very interruptive. Eventually I realized they had only two lines so I'd call in and ask to be put on hold, then ask the guy behind the counter for his cell and call in and ask to be put on hold again.
dividuum · 3h ago
> [..] it incentivises people to behave as unpleasantly as possible — because it's often the only way to trigger the exception [..]
>An asshole filter happens when you publicly promulgate a straitened contact boundary and then don't enforce it; or worse, reward the people who transgress it.
A lot of people do this unwittingly, so it's a good article to read.
The converse is to this is many companies demand it. If you're not an asshole, you're simply going to get ignored.
atoav · 4h ago
As someone who worked in support as a youngling:
If you behave unpleasant enough I'll go out of my way to make sure your behavior does not pay off. I will note your abrasive behavior in the ticket or might even mark your mail as spam. On telephone our line will suddenly experience technical difficulties. And throughout I will remain as friendly and patient as ever.
I will warn superiors about you, so once you escalate they already have a colorful 3D image of your wonderful personality in mind. Whether that 100% is in your favor, you can guess.
Play asshole games? Win asshole prices.
Behave like a decent person with empathy instead, press the right buttons and I might even skip some of the company rules for you. Many people in support do not give a single damn if they lose their job over you and you might just be worth it.
These are not sfter-the-fact shower thoughts, these are actually lived experiences from the trenches and I know how other people in those roles think.
Persistence pays off, being an asshole not so much
hkon · 3h ago
If you are helping, why would they be assholes?
lolinder · 3h ago
You've clearly never worked customer support. A very disproportionate number of people who call in to customer support are totally and utterly unreasonable. That's why it's such a pain to interact with customer support as a reasonable human: The systems aren't designed for you, they're designed for the abusers who represent something like 20% of the phone calls and 80% of the work.
whstl · 54m ago
From my side it feels like customer support systems are designed purely to trap customers in the system so they are unable to cancel.
In my last day in South America I spent about two hours cancelling my cable and even though I was very soft spoken and super patient (I was playing Mario Kart on mute so not really uncomfortable), but the customer support person actually CRIED to me because she would “miss her quota” if I cancelled.
I had no means of paying anymore (I cancelled my bank account the day before and was about to move to another country) so there was nothing I couldn’t really help her, so I fail to see how I deserve the treatment from the company.
hkon · 3h ago
Having lived it seems to me that nice people never get anything.
ryoshu · 1h ago
Depends. Started in CS and I would go out of my way to help nice people. Assholes were dealt with nicely but I’d follow the rules to the T. That was before CS was hamstrung.
TeMPOraL · 11h ago
My go-to example of a whole mesh of "accountability sinks" is... cybersecurity. In the real world, this field is really not about the tech and math and crypto - almost all of it is about distributing and dispersing liability through contractual means.
That's why you install endpoint security tools. That's why you're forced to fulfill all kinds of requirements, some of them nonsensical or counterproductive, but necessary to check boxes on a compliance checklist. That's why you have external auditors come to check whether you really check those boxes. It's all that so, when something happens - because something will eventually happen - you can point back to all these measures, and say: "we've implemented all best practices, contracted out the hard parts to world-renowned experts, and had third party audits to verify that - there was nothing more we could do, therefore it's not our fault".
With that in mind, look at the world from the perspective of some corporations, B2B companies selling to those corporations, other suppliers, etc.; notice how e.g. smaller companies are forced to adhere to certain standards of practice to even be considered by the larger ones, etc. It all creates a mesh, through which liability for anything is dispersed, so that ultimately no one is to blame, everyone provably did their best, and the only thing that happens is that some corporate insurance policies get liquidated, and affected customers get a complimentary free credit check or some other nonsense.
I'm not even saying this is bad, per se - there are plenty of situations where discharging all liability through insurance is the best thing to do; see e.g. how maritime shipping handles accidents at sea. It's just that understanding this explains a lot of paradoxes of cybersecurity as a field. It all makes much more sense when you realize it's primarily about liability management, not about hat-wearing hackers fighting other hackers with differently colored hats.
diognesofsinope · 9h ago
> "we've implemented all best practices, contracted out the hard parts to world-renowned experts, and had third party audits to verify that - there was nothing more we could do, therefore it's not our fault"
The amount of (useless) processes/systems at banks I've seen in my career that boil down to this is incredible, e.g. hundreds of millions spent on call center tech for authentication that might do nothing, but the vendor is "industry-leading" and "best in-class".
> It's just that understanding this explains a lot of paradoxes of cybersecurity as a field. It all makes much more sense when you realize it's primarily about liability management, not about hat-wearing hackers fighting other hackers with differently colored hats.
Bingo. The same situation for most risk departments at banks or healthcare fraud and insurance companies.
I thought risk at a bank was going to be savvy quants, but it's literally lawyers/compliance/box-checking marketing themselves as more sophisticated than they are. Like the KYC review for products never actually follow up and check if the KYC process in the new products works. There's no analytics, tracking, etc. until audit/regulators come in an ask, "our best-in-class vendor handles this". All the systems are implemented incorrectly, but it doesn't matter because the system is built by a vendor and implemented by consultants, and they hold the liability (they don't, but it will take ~5 years in court to get to that point).
Beginning to understand what "bureaucracy" mechanically is.
steveBK123 · 7h ago
The fun part of bank bureaucracy is you get to experience it 10x worse if you actually work at one.
I once worked on a global, cross-asset application. The change management process was not designed for this and essentially required like 9 Managing Directors to click "approve release" in a 48 hour window for us to do a release.
We got one shot at this per week, and failing any clicks we would have to try again the next week. The electronic form itself to trigger the process took 1-2 hours to fill out and we had 3 guys on the team who were really good at it (it took everyone else 2x as long).
Inevitably this had at least 3 very stupid outcomes -
First we had tons of delayed releases. Second the majority of releases became "emergency releases" in which we were able to forego the majority of process and just.. file the paperwork in retrospect.
Finally, we instructed staff in each region to literally go stand in the required MD delegates office (of course the MD wouldn't actually click) until they clicked. The conversations usually went something like this "I don't know what this is / fine fine you aren't gonna leave, I'll approve it if you say it won't break anything / ok don't screw up"
finnh · 8h ago
What's funny is that checklists in hospitals have been shown, empirically, to be massive life-saving devices.
cyber perhaps not so much...
Wobbles42 · 4h ago
Checklists solve the problem of forgetting specific details. They work very well in situations where all possible problems have been enumerated and the only failure mode is forgetting to check for one.
They do not solve the problem of getting people to think things through and recognize novel issues.
There are some jobs you can't do well. You can do them adequately or screw them up. Checklists are helpful in those jobs.
rcxdude · 1h ago
Checklists are a good tool for making sure you don't forget something. They're a terrible replacement for actually thinking.
__float · 7h ago
Checklists work well in high stress situations where you cannot forget a step (medicine, aviation).
A checklist in a security incident? Probably helpful.
A security checklist to satisfy auditors and ancient regulations? This is an entirely different kind.
pixl97 · 2h ago
Yea, the problem most often in computer security checklists is misapplication of the checklist.
I do cyber security related stuff for the finance and they have some of the dumbest checklists ever.
A more recent one I got was
"We only allow the HTTP verbs 'GET' and 'POST', your application can only use that and the verbs PUT, PATCH, and DELETE cannot be used.
After not replying 'are you fucking stupid' I said
"You do realize that you are using a RestAPI application and that these verbs can go to the same interface to modify the call in different way? Not only would we have to rewrite our application which would probably take months to years, you would have to rewrite tons of applications on your side to make this actually work."
You get these dipshit auditors from other firms that pick up some 'best practice' from 2003 and put it in a list then get a god complex about it needing to be implemented when they have absolutely zero clue why the original thing was called out in the first place.
For those who wonder, typically these verbs are disabled to prevent the accidental enablement of WebDAV on some platforms, especially Windows/IIS that had some issues with security around it. It makes zero sense for such a rule in a modern API application.
TeMPOraL · 1h ago
> For those who wonder, typically these verbs are disabled to prevent the accidental enablement of WebDAV on some platforms, especially Windows/IIS that had some issues with security around it. It makes zero sense for such a rule in a modern API application.
Thanks. One thing that's more interesting than the revealed stupidity of such rules is the actual (and often sensible) reason they were first created long ago.
"Temporary" hacks outliving both the problem they solved and the system they were built for seems to be a regular occurrence in bureaucracy as much as it is in software and hardware.
Meleagris · 7h ago
We should really define a new term for such work.
Perhaps "Risk Compliance Security" or "Security Compliance Engineering"
Where "Security Compliance Engineering" is the practice of designing, implementing, and maintaining security controls that satisfy regulatory frameworks, contractual obligations, and insurance requirements. Its primary objective is not to prevent cyberattacks, but to ensure that organizations can demonstrate due diligence, minimize liability, and maintain audit readiness in the event of a security incident.
Key goals:
- Pass external audits and internal reviews
- Align with standards like ISO 27001, SOC 2, or NIST
- Mitigate organizational risk through documentation and attestation
- Enable business continuity via legal defensibility and insurability
In contrast…
Cybersecurity is focused on actively detecting, preventing, and responding to cyber threats.
It’s concerned with protecting systems and data, not accountability sinks.
bostik · 7h ago
That is also why so much of the security[tm] software is so bad. Usability and fitness for purpose are not box-tickers. The industry term in play is "risk transfer".
Most security software does not do what it advertises, because it doesn't have to. Its primary function is for the those who bought the product, to be able to blame the vendor. "We paid vendor X a lot of money and transferred the risk to them, this cannot be our fault." Well, guess what? You may not be legally the one holding the bag, but as a business on the other end of the transaction you are still at fault. Those are your customers. You messed up.
As for vendor X? If the incident was big enough, they got free press coverage. The incentives in the industry truly are corrupt.
Disclosure: in the infosec sphere since the early 90's. And as it happens, I did a talk about this state of affairs earlier this week.
neilv · 9h ago
The most unfortunate thing about much of corporate 'cybersecurity' is that it combines expensive and encumbering theatre around compliance and deniability... with ridiculously insecure practices.
Imagine, for example, if more companies would hire for software developers and production infrastructure experts who build secure systems.
But most don't much care about security: they want their compliances, they may or may not detect and report the inevitable breaches, and the CISO is paid to be the fall-person, because the CEO totally doesn't care.
Now we're getting cottage industries and consortia theatre around things like why something that should be a static HTML Web page is pulling in 200 packages from NPM, and now you need bold third-party solutions to combat all the bad actors and defective code that invites.
stavros · 1h ago
> Imagine, for example, if more companies would hire for software developers and production infrastructure experts who build secure systems.
I do imagine that, and they get hacked (because you have to get lucky every time, but the hackers only need to get lucky once), and then the press says "were you doing all the things the whole industry says to do?" and they say "no, but we were actually secure!" and the press goes "well no you weren't, you got hacked, and you weren't even doing the bare minimum!" and then the company is never heard of again.
lucianbr · 8h ago
I wonder what the difference is between cybersecurity and civil aviation safety. At a glance they both have a lot of processes and requirements. Somehow on one side they are as you said, a way to deal with liability without necessarily increasing security, while on the other safety is actually significantly increased.
TeMPOraL · 7h ago
I think a big part of it is that failures in aviation safety cost lives, often dozens or hundreds per incident, in quite immediate, public and visceral fashion. There also isn't much gradation - an issues either causes massive loss of life, or could cause it if not caught early, or... it's not relevant to safety. On top of that, any incident is hugely impactful on the entire industry - most people are fully aware how likely they'd be to survive a drop from airliner altitude, so it doesn't take many accidents to scare people away of flying in general.
Contrast that to cybersecurity, where vast majority of failures have zero impact on life or health of people, directly or otherwise. Even data breaches - millions of passwords leak every other week, yet the impact of this on anyone affected is... nil. Yes, theoretically cyberattacks could collapse countries and cause millions to die if they affected critical infrastructure, but so far this never happened, and it's not what your regular cybersecurity specialist deals with. In reality, approximately all impact of all cyberattacks is purely monetary - as long as isn't loss of life or limb, it can be papered over with enough dollars, which makes everyone focus primarily on ensuring they're not the ones paying for it.
I think it's also interesting to compare both to road safety - it sits kind of in between on the "safety vs. theater" spectrum, and has the blend of both approaches, and both outcomes.
Wobbles42 · 4h ago
> I think a big part of it is that failures in aviation safety cost lives
This is an interesting point, and it certainly affects the incentives involved and the amount of resources allocated to mitigating the problems.
I do think cyber security incidents with real consequences are likely to become more common going forward (infrastructure etc). We haven't experienced large state actors being malicious in a war time footing (yet).
Will we able to better mitigate attacks given better incentives? I think that is an open question. We will certainly throw more resources at the problem, and we will weight outcomes more heavily when designing processes, but whether we know how to prevent cybersecurity incidents even if we really want to... that I wonder about.
Wobbles42 · 4h ago
Aviation safety is mostly about learning from past experience. You mitigate known hazards that, once mitigated, stay mitigated.
Cybersecurity is about adversarial hazards. When you mitigate them they actively try to unmitigated themselves.
It is more analogous to TSA security checks than to FAA equipment checklists. The checklist approach can prevent copycats from repeating past exploits but is largely useless for preventing new and creative problems.
steveBK123 · 7h ago
Rhyming with this observation - the only time I've ever heard someone getting fired over a phishing incident anywhere I've worked.. was a guy on the cybersecurity team who clicked through and got phished.
Rhapso · 8h ago
Honestly is is just like Insurance. You understand the value of things you are protecting (and simple compliance has a value to you in penalties and liabilities avoided) and make sure it costs more than that to break into your system.
At a corporate level, it is contractually almost identical to insurance, with the product being sold liability for that security, not the security itself.
TeMPOraL · 7h ago
Right. I sometimes call it meta-level insurance, because it's structurally what it is. Funnily, actual insurance is a critical part of it - it's the ultimate liability sink, discharging whatever liability that didn't get diluted and diffused among all relevant parties.
And, I guess it's fine - it's the general way of dealing with impact that can be fully converted into dollars (i.e. that doesn't cause loss of life or health).
photonthug · 5h ago
It’s really not fine. Expensive and useless security theater isn’t just inefficient and corrupt, it’s way more actively harmful than that because there’s a huge opportunity cost associated with all the wasted time and money AND the incentivized deliberate refusal to make obviously good/easy/cheap improvements. Even in matters pertaining purely to dollars.. Spreading out liability can’t erase injury completely. it just pushes it onto the tax payer because someone is paying the judge to sit in the chair and listen to the insurance people and the lawyers.
motohagiography · 8h ago
Security is closer to product management and marketing than engineering. It's a narrative and the mirror image of product and marketing, where instead of creating something people want based on desire, it's managing the things people explicitly don't want. When organizations don't have product management, they have anti-product management, which is security. We could say, "There is no Anti-Product Division."
Specifically on accountability, I bootstrapped a security product that replaced 6-week+ risk assessment consultant spreadsheets with 20mins of product manager/eng conversation. It shifted the accountability "left" as it were.
When I pitched it to some banks, one of the lead security guys took me aside and said something to the effect of, "You don't get it. we don't want to find risk ourselves, we pay the people to tell us what the risks and solutions are because they are someone else. It doesn't matter what they say we should do, the real risk is transferred to their E&O insurance as soon as they tell us anything. By showing us the risks, your product doesn't help us manage risk, it obligates us to do build features to mitigate and get rid of it."
I was enlightened. Manage means to get value from. The decade I had spent doing security and privacy risk assessments and advocating for accountability for risk was as a dancing monkey.
TeMPOraL · 7h ago
I worked in GRC space for a while, which is where I finally realized the things I wrote above. Our product intended to give CISOs greater visibility into threats and their impacts, making it easy to engage in probabilistic forecasting to prioritize mitigations. Working on designing and building it made me see the field from the perspective of our customers, and from their POV, cyber-threats are all denominated in dollars, mitigating threats boils down to not having to pay corresponding dollars, and that it's often more effective to ensure someone else pays than to address the underlying technological or social vulnerability.
chrisweekly · 9h ago
+1 Insightful
Thank you for sharing this really illuminating take. I spend an unreasonable amount of time dealing with software security, and you've put things in a light where it makes a bit more sense.
werrett · 7h ago
This is the ultimate nihilistic take on security.
Yes, 'cyber' security has devolved to box checking and cargo culting in many orgs. But what's your counter on trying to fix the problems that every tech stack or new SaaS product comes without of the box?
For most people when their Netflix (or HN) password gets leaked that means every email they've sent since 2004 is also exposed. It might also mean their 401k is siphoned off. So welcome the annoying and checkbox-y MFA requirements.
If you're an engineer cutting code for a YC startup -- Who owns the dependancy you just pulled in? Are you or your team going to track changes (and security bugs) for it in 6 months? What about in 2 or 3 years?
Yes, 'cyber' security brings a lot of annoying checkboxes. But almost all of them are due to externalities that you'd happily blow past otherwise. So -- how do we get rid annoying checkboxes and ensure people do the right thing as a matter of course?
stackskipton · 6h ago
Actual accountability. Do not let companies be like "Well, we were SOC2 compliant, this breach is not our fault despite not updating Apache Struts! Tee Hee" When Equifax got away with what was InfoSec murder by 6 months of jail time suspended, Executives stopped caring. This is political problem, not technology one.
>So -- how do we get rid annoying checkboxes and ensure people do the right thing as a matter of course?
By actually having the power to enforce this, if you pull our SBOM, realize we have a vulnerability and get our Product Owner to prioritize fixing it even if takes 6 weeks because we did dumb thing 2 years ago and tech debt bill has come due. Otherwise, stop wasting my time with these exercises, I have work to do.
Not trying to be mean but that's my take with my infosec team right now. You are powerless outside your ability to get SOC2 and we all know this is theater, tell us what piece of set you want from me, take it and go away.
hakfoo · 3h ago
It's a two-sided coin though.
We should be stopping leaks, but we also need to reduce the value of leaked data.
Identity theft doesn't get meaningfully prosecuted. Occasionally they'll go after some guy who runs a carding forum or someone who did a really splashy compromise, but the overall risk is low for most fraudulent players.
I always wanted a regulation that if you want to apply for credit, you have to show up in person and get photographed and fingerprinted. That way, the moment someone notices their SSN was misused, they have all the information on file to make a slam-dunk case against the culprit. It could be an easier deal for lazy cops than going after minor traffic infractions.
TeMPOraL · 1h ago
The problem with "identity theft" specifically is that, in itself, it's just a legal term for allowing banks to save on KYC by letting them transfer liability to society at large.
If someone uses your SSN to take a loan in your name, it shouldn't be your problem - in the same way that someone speeding in the same make&model of the car as yours shouldn't be your problem, just because they glued a piece of cardboard over their license plate and crayoned your numbers on it.
TeMPOraL · 6h ago
> For most people when their Netflix (or HN) password gets leaked that means every email they've sent since 2004 is also exposed. It might also mean their 401k is siphoned off. So welcome the annoying and checkbox-y MFA requirements.
Not true. For most people, when their Netflix or HN password gets leaked, that means fuck all. Most people don't even realize their password was leaked 20 times over the last 5 years. Yes, here and there someone might get deprived of their savings (or marriage) this way, but at scale, approximately nothing ever happens to anyone because of password or SSN leaks. In scope of cybersec threats, people are much more likely to become victims of ransomware and tech support call scams.
I'm not saying that cybersec is entirely meaningless and that you shouldn't care about security of your products. I'm saying that, as a field, it's focused on liability management, because that's what most customers care about, pay for, and it's where the most damage actually manifests. As such, to create secure information systems, you often need to work against the zeitgeist and recommendations of the field.
EDIT:
> This is the ultimate nihilistic take on security.
I don't believe it is. In fact, I've been putting efforts to become less cynical over last few months, as I realized it's not a helpful outlook.
It's more like, techies in cybersecurity seem to have overinflated sense of uniqueness and importance of their work. The reality is, it's almost all about liability management - and is such precisely because most cybersec problems are nothingburgers that can be passed around like a hot potato and ultimately discharged through insurance. It's not the worst state of things - it would be much worse if typical cyber attack would actually hurt or kill people.
dasil003 · 57m ago
This really resonated with me because I'm also working to avoid becoming more cynical as I gain experience and perspective on what problems "matter" and what solutions can gain traction.
I think in this case the cognitive dissonance comes from security-minded software engineers (especially the vocal ones that would chime in on such a topic) misunderstanding how rare their expertise is as well as the raw scope of risks that large corporations are exposed to and what mitigations are sensible. If you are an expert it's easy to point at security compliance implementation at almost any company and poke all kinds of holes in specific details, but that's useless if you can't handle the larger problem of cybersecurity management and the fallout from a mistake.
And if you zoom out you realize the scope of risk introduced by the internet, smart phones and everything doing everything online all the time is unfathomably huge. It's not something that an engineering mentality of understanding intricate details and mechanics can really get ones head around. From this perspective, liability and insurance is a very rational way to handle it.
As far as the checklists go, if you are an expert you can peel back the layers and realize the rationales for these things and adjust accordingly. If you have competent and reasonable management and decision makers then things tend to go smoothly, and ultimately auditors are paid by the company, so there is typically a path to doing the right thing. If you don't have competent and reasonable management then you're probably fucked in unnumerable ways, such that security theater is the least of your worries.
xg15 · 12h ago
One example that's missing from the list is the TV series 24. A recurring plot point was that, yes, of course torture is bad and it's against the rules and we don't do it, etc etc, but it just so happens that here is such an exceptional, unprecedented, deeply urgent emergency situation where we need to have the information now or horrible things will happen, we need the hero who breaks the rules and goes on torturing anyway. [1]
Fast-forward a few years and you find there were in fact many such "heroes" in reality - in Abu Ghraib and in the Black Sites - and the situation weren't exceptional at all.
So accountability sinks can also be used as calculated ways to undermine your own ostensible ethical guardrails.
Star Trek: Deep Space Nine introduced Section 31, an organisation which regularly acted in the way you describe the characters from 24. They operated outside official channels and used questionable methods to do whatever was necessary “for the good of the Federation”. The character of Odo criticised it well:
> Interesting, isn’t it? The Federation claims to abhor Section 31’s tactics, but when they need the dirty work done they look the other way. It’s a tidy little arrangement, wouldn’t you say?
DS9 had an actual instance of torture too, but it was a hero being tortured by... half-hero, half anti-hero[0]? Not sure that one led anywhere, beyond being a very disturbing way to do character development.
Section 31 angle is tricky, because the writers unintentionally[1] made them literally save the entire alpha and beta quadrants, and possibly the entire galaxy, from slow-burn genocide. The Dominion was known to systematically subjugate and ultimately eradicate solid life, and other than the Federation Alliance bloc (that prevailed only because of Section 31's bioweapon short-circuiting the war[2]), the only power left in the known galaxy strong enough to resist the Dominion would be... the Borg Collective, which wasn't really that much better[3].
So, as much as I love DS9, I feel the show (and the larger franchise) has so much unintentional depth, that most obvious takes don't work with fans, because they don't survive scrutiny :).
--
[0] - The simple tailor was anything but.
[1] - At least as far as I recall, Section 31 were written to be the rotten apples that got revealed and removed by the heroes, in a pretty straightforward way - but IMO, they failed at this, and instead created something more of Deus Ex Realpolitik.
[2] - And a little bit of actual fleet-eating Deus Ex Machina, on the account of having a demi-god in their midst.
[3] - And nobody in or out of universe really wants to talk about what happened to the latter, except the last season of PIC that tacitly acknowledged it in a "blink and you'll miss it" way.
xg15 · 5m ago
> Section 31 angle is tricky, because the writers unintentionally[1] made them literally save the entire alpha and beta quadrants, and possibly the entire galaxy, from slow-burn genocide.
I mean, Jack Bauer, too, saved America from all kinds of unspeakable evil by his clever use of torture. I'd say it's not tricky at all. The morally gray "it's bad but we'd be even worse off without it" justification is kind of the point of those narratives.
ChrisMarshallNY · 9h ago
I watched a season of Chicago PD, and noticed that they had a convenient "plot accelerator."
Whenever they got to a point, where the detectives and CSI would be painstakingly going through the evidence, sifting out clues, they'd throw the suspect into "the cage," and beat a confession out of them.
smallmancontrov · 8h ago
Every police show aggressively pushes the "civil rights bad" angle. Maybe once a season they will graciously consider "maybe civil rights good?" for part of an episode before concluding "no, civil rights bad."
ChrisMarshallNY · 8h ago
It seems to be a hallmark of Dick Wolf's shows.
His son is getting into the act, but seems to be more interested in depicting "the right way."
I noticed the difference in this show as well, and I hope it continues.
Besides any conscious philosophy of the producers & writers, perhaps making the show more character driven as opposed to procedural has an impact on the stories. Maybe it's easier to understand when a suspect's rights are being violated (and to not be banal about it) when you're writing a deeper portrayal of the person who wields the power.
hakfoo · 3h ago
I always wanted to see a "pop up video" take on a cop show, where they have expository information and trivia from actual legal experts.
"Officer Jones just blew the entire chain of custody around the bloody knife"
"Flabbodell vs Borkweather says they have to give you access to counsel within X hours and they just ran out the clock"
"This type of traffic stop is explicitly forbidden in 17 states, including the one this show is nominally set in"
finnh · 8h ago
s/show/department/
jetrink · 8h ago
It is an accurate depiction of how Chicago police operated, unfortunately. In fact, one Chicago detective who tortured suspects went on to work as an interrogator at Guantanamo Bay[2]. It's terrible that the series would glamorize that behavior.
Goes off on wild goose chase based on that confession
Bad guys get away with their plot as a result
“Yes, you were torturing me, I’d obviously have said anything to get you to stop.”
I feel like I’ve seen this sequence once or twice, but I can’t remember what it was in. It actually seems like something that is more likely to be put in a comedy, where the protagonist can be shown to be stupid occasionally. Maybe Brooklyn 99, or Barry, or something like that?
dsego · 9h ago
Well, it's the motive behind any atrocity committed during war, what's a few cracked eggs if there is a grand goal in mind. There are always people in places who feel like it's a historical duty to carry out those plans. And the war crimes stay in the past and get forgotten but nobody can deny the new reality on the ground. You can ethnically cleanse an area and in a 100 years that becomes barely a historical footnote and a new reality emerges and nobody can dispute that the area is occupied by a nation that claims rights based on self determination. Same for settler colonialism, they're not invading, just changing the actual conditions as a precursor to claiming political legitimacy.
vishnugupta · 9h ago
What’s also interesting is that the tortured always turn out to be the bad guys. It never happens that he mistakenly tortured a good guy.
patrakov · 8h ago
But dear sir, we have an autocracy <cough cough> a known corruption-free society with infallible and omniscient leaders, so you are not even allowed <cough cough> only reptilian slanderers would question the authorities.
maest · 3h ago
If they were good guys, we wouldn't be torturing them in the first place, obviously.
godelski · 10h ago
Convictions aren't convictions if you abandon them when it's hard. It's just cosplay
Viliam1234 · 9h ago
Also, if you do something every day, it is not an exception.
Spivak · 9h ago
This is simplifying the definition to the point of defining the term out of existence. No one actually has any convictions in this world. This is actually kinda bad if your goal is for people to really think about ethical issues and try to maintain a degree of rational consistency.
Plus being so black and white in the manner you're describing would.. well actually be really stupid a lot of the times. The fact that Batman doesn't kill the Joker is a storytelling device, in the real world it would be monumentally stupid to do anything other than blow his brains out. Literally millions of lives saved. But it also makes sense, and his good, that Batman still maintain is strong conviction to not kill despite choosing to do it sometimes.
Rules necessarily have exceptions and it's healthy to do so, black and white thinking should be for the jedi/sith, not real life humans.
vishnugupta · 9h ago
It’s interesting that you picked up The Dark Knight. The Joker says that he’s only holding a mirror to the society which I tend to agree with somewhat. He used the people from inside the system to take on Batman and in fact succeeds. Killing him would achieve absolutely nothing when the system is so insidiously corrupt.
HPsquared · 11h ago
Chomsky's "Manufacturing Consent" comes to mind here.
im3w1l · 9h ago
Another perspective is that it's a clever way of asking for consent. Like a trial balloon, except not even carried out for real. You get to see if the public approves of the character or not, and then you decide how to proceed with that information.
euroderf · 11h ago
Wasn't 24 cited by Cheney when he was defending USA-as-torturer ?
dghlsakjg · 7h ago
Antonio Scalia name dropped Jack Bauer.
euroderf · 4h ago
That shows you the true depth of his legal thinking. Good riddance.
keyringlight · 9h ago
One of the things that strikes me about 24 is that it started running about 2 months after the 9/11 attacks. I wouldn't be surprised if there was a debate about running it or edits, but in retrospect it does seem like the timing worked and fit with the public mood of the time. What would be interesting is how 9/11 and following real life events influenced the show's writing in later series.
EasyMark · 7h ago
You don't put together and film a show in 2 months if that's what you're implying here. it was planned for a long time before that
margalabargala · 5h ago
They are suggesting that the events of 9/11 would have made the showrunners debate whether they should delay the release of 24, or edit it to change the content somewhat.
antennafirepla · 6h ago
You're right, you plan them both together before the fact.
amos-burton · 10h ago
i see similarity too, but you dont explain why those people feels the urge to act like they did. why both protagonists, be it terrorist or counter, has some truth in their words; yet here they are, acting out of their minds, yet the world never was at stake to justify to let go like they did... to say that this due to an "accountability sink" is an euphemism, a theoretical concept that does not engage the internal structures.
EasyMark · 7h ago
There is no connection between Ab Ghraib and 24, a fictional TV series. If you think this stuff didn't happen before 24 then I'd like some proof. TV reflects reality (or a very stretched version of it), not the other way around, and 24 also wasn't the first version of such a thing. It's just that Abu G they used people who were young and not professionals so it leaked. It has probably been happening as long as the USA has had police forces like the CIA, military intelligence, and even cops.
UncleMeat · 7h ago
There is a direct connection.
Antonin Scalia was one of the architects of substantial limitations on the 8th amendment and was a key figure in a number of cases specifically about extraordinary rendition and "enhanced interrogation."
Scalia has multiple times in public referenced Jack Bauer as an argument for why prohibitions on torture are unworkable. At a panel on the very topic, Scalia responded to "Thankfully, security agencies in all our countries do not subscribe to the mantra 'What would Jack Bauer do?'" with "Jack Bauer saved Los Angeles" and "are you going to convict Jack Bauer?"
GeneralMayhem · 4h ago
Christ, what a ghoul.
"The ends justify the means" is a horrific way to run a society in any case, but of course it skips over the question of whether the means actually caused the ends, let alone were the only way to do so. Even if torture did save lives, it isn't a great justification - but then pile on top that your only evidence that it actually does work is fiction and it starts to look like the means were what you really wanted in the first place.
watwut · 7h ago
In real world, that stuff happens to innocent people, to people guilty of completely different or lesser crimes and cops get out a lot of false claiks they use against whoever they dislike.In real world, it happens as a power trip with no saving factor.
In real world, it happens to cover up crimes cop did themselves or to facilitate them.
That is where the lie is.
franze · 12h ago
I'm now in a stage of my consulting career where I sometimes really get called into big organisation just to find out, that whatever they need to do is already panned out and they all want to do it! Still they call me cause ... it's a big decision and the "higher ups" (which quite often are not even part of the workshop/session then) want an external expert voice. cause the responsibility for this decision lies with them and they can not share it up or sideways, so they share the responsibility partly external.
As the plan quote often (not always) is already very good I mostly end up making sure the goal is measurable in a quantitative and qualitative way, trends towards to and away from the goal are visually available and distributed , and its clear who is responsible to look and report them.
apercu · 10h ago
>I mostly end up making sure the goal is measurable in a quantitative and qualitative way, trends towards to and away from the goal are visually available and distributed , and its clear who is responsible to look and report them.
Unrelated to the post, but it sounds like you and I do similar work and have arrived at similar conclusions but I often fail to get organizations to actually spend the correct amount of time identifying these success indicators - which I think are critical to focus and scope stability. I’d love to chat sometime.
cbsmith · 4h ago
So basically, you're adding formal processes to ensure accountability. ;-)
The difference is that while the decision has been made, it isn't necessarily very good.
lazide · 10h ago
Often, getting a decision (ANY decision) made is both absolutely critical, and with all the ass covering and office politics involved, nearly impossible. Even if (or sometimes especially) it’s patently obvious to everyone what the decision should be.
praptak · 6h ago
Yeah I guess there's a continuum between a) hiring someone impartial and not entangled politically to advise on an important decision and break the deadlock and b) paying someone to justify an obviously crappy decision while providing ass cover.
lazide · 5h ago
In any sufficiently large organization, these are the same thing.
belter · 9h ago
> I'm now in a stage of my consulting career where I sometimes really get called into big organisation just to find out, that whatever they need to do is already panned out and they all want to do it! Still they call me cause ... it's a big decision and the "higher ups" (which quite often are not even part of the workshop/session then) want an external expert voice.
"Clients always know how to solve their problems, and always tell the solution in the first five minutes."
- Gerald Marvin Weinberg
The Secrets of Consulting
I always thought that was a big reason for buying external consulting. Reminds me of that George Clooney Movie
nkrisc · 9h ago
Michael Clayton?
belter · 9h ago
Probably more Up in the Air
nkrisc · 8h ago
Yeah that probably makes more sense.
cheschire · 12h ago
I always remind myself when I have to go to the DMV[0] that I should plan on leaving with nothing more than another action or set of actions to take. I never enter the DMV expecting to complete a process, and the workers behind the counter always have this visible, visceral response when I DONT lose my fucking mind at their response to something. When I continue to be pleasant and understanding it’s like they suddenly come alive. It’s a depressing state of affairs because I understand exactly what they expect and why.
0: for non-Americans and for Americans from other states that may use different terms, the DMV is the department of motor vehicles in many US states and is the central place to get your drivers license, take the drivers test, register your car, get vehicle license plates, etc. Many processes that have many requirements that often are unfulfilled when people show up asking for things.
dendodge · 9h ago
Off-topic, but since you mention it, I've always been confused about what Americans always seem to be doing at the DMV. It seems to be a staple of pop culture that people are always there and the queue is always very long, but I've never known what anyone is actually trying to achieve.
The DVLA in the UK doesn't have a high-street presence. I took my driving test once, then received my driving licence in the post. When it needs renewing, I can do it online. I tax my car online. MOTs (annual vehicle safety tests) happen at any local garage. I've never needed a new numberplate, but I think you can buy those online too.
So what is it you all have to go to the DMV for? Because it sounds horrible.
op00to · 9h ago
Because of the importance of driving in the US (right or wrong), drivers licenses are used as the primary identification document. It looks like there’s a similar use of the DL in the UK for buying tobacco.
In the US, you need to prove both residency and identity. To prove your identity in the US, many people don’t have passports, so they bring a tranche of documents to the DMV office. To prove residency, we typically bring utility bills, leases, etc. Usually people prefer to go in person so they don’t lose these documents and get feedback if they don’t have the right stuff.
It looks like in the UK, since driving licenses are administered nationally, you don’t have the same patchwork of 50 different organizations with different requirements and rules, and the process is much simpler.
I haven’t been to a DMV for 10 years. I can renew vehicle registration, renew my license, and so on online. When I bought a new car, the dealer handled all DMV stuff like getting plates.
I’m supposed to be due to get a new “enhanced” license that is good for air travel within the US, but I have a number of other documents (passport, global entry) that serve the same purpose so I avoid the DMV as much as possible.
In my state the DMV is probably worse than a checkup at the dentist, but not as bad as a weekend with the in-laws.
rocqua · 5h ago
You hit uppon an important difference between the US and most of Europe/the UK.
An system for tracking who your citizens are. In the Netherlands, where I live, the municipalities cooperate to keep track of all citizens, and their address (or lack thereof). This means that you never need to convince any beaurocrat that your identity exists. You might need to authenticate that you are indeed who you claim to be, but that is normally trivial (Show government photo id).
This simplifies the process massively.
Nebasuke · 4h ago
The UK should not be included in here. There is no official national system for keeping track of citizens and municipalities barely cooperate. This means you have to keep proving your address for things like an opening a bank account.
If a person does not (and does not want to) drive, how do they identify themselves? Where I live, everyone gets a government issue ID card, and the ID number is the citizen's primary key. Our government is still largely paper-driven, but there's little you can't get done if you show up in person with your national ID.
artimaeis · 8h ago
Every state in the US has some form of non-driver ID. They call them different things - but they're still usually administered by the state's DMV, since that's the office that is equipped to deal with identification procedures anyways.
In the US we don't have a standard form of national ID.
dendodge · 6h ago
Driving licences are also the primary form of ID in the UK (alongside passports, which are more expensive). People who can't (or don't) drive can still get a provisional licence, which only allows driving under the supervision of an appropriate adult but works exactly the same for ID purposes.
toast0 · 7h ago
In my experience, the DMV (or whatever its called) likes to see you in person for license renewals every so often. Get a new photo, make sure you can see the eye chart.
I've always gone into the DMV when I purchased a vehicle from a private party. In California, it has taken me a couple visits; the first visit with the title and sale documentation, the second with the emissions test documentation that the seller was legally suppossed to provide at the time of the sale but practically, the buyer must provide to register the vehicle. Maybe you can do this by mail, but if you do it in person, you walk out with documents so you can legally drive the car. If you buy a car from a dealer, they take care of this paperwork for you, which used to mean having someone stand in line at the DMV and process a bunch of transactions, but now they can typically do it electronically.
If you move to another state, you need to get a new license and retitle and reregister your car; this usually happens in person, and most states have a requirement to do it in under a month. If your car has a loan, expect multiple trips to get it registered... the first trip will let you know what you need from the finance company; the second will bring that back and get registration; then when you eventually pay off the loan and get the title, you'll need to bring that in so you can get the title issued in your current state.
steveBK123 · 7h ago
Remember US has no National ID card. America has 50 states, each state has its own ID and DMV.
Plenty of Americans move states, remember some of our states are reasonably small enough that you might commute to the same NYC job from any of 4 different states. I have a friend who sequentially moved NY->NJ->CT->NY in something like 6 years.
Also I forget why but when I moved WITHIN a state 10 years ago, it required a DMV trip. edit: apparently within NY moving COUNTIES at the time required DMV trip (insane)
Oh and the recent push for "Real ID" enhanced IDs requires a trip to DMV. I've avoided this and just been prepared to fly domestically with my passport.
acheron · 1h ago
Real ID requirements started 20 years ago, which I suppose is “recent” in government terms, but not really. In some states everyone has already had a Real ID compliant license for years. In others, notably California, they’ve been kicking the can down the road the entire time.
bluedino · 9h ago
We have kiosks at grocery stores etc where we can get renew documents and print new license tabs etc, you can also do most things online and receive your new documents in the mail.
You really only need to go there for driving tests (for teenagers or immigrants), completing private vehicle sales, and other odds and ends
What I always found interesting is going there and people arguing with the workers about not having proof of insurance or a clear title etc.
dpb001 · 9h ago
In the US we don’t have a single DMV, but rather 50 separate DMV’s with varying degrees of efficiency and online capabilities. But in my state most routine things no longer require a physical visit. Licensing is pretty tightly controlled because in the US the card serves as a primary source of identification in the absence of a national ID card.
lantry · 9h ago
It's different in every state, but mostly it's an outdated stereotype that still sticks around even though it's not really indicative of reality. Most states let you do almost everything online, and when you do have to go in you can usually schedule an appointment and not wait in line at all.
goldfishgold · 7h ago
Lol. I went the NY DMV a month ago to exchange my out of state license. Even with an appointment, a preapproved application completed online, and all the correct paperwork I had to wait 2 hours.
My experiences with the CA DMV were similar. Only in IL have I had quick, easy visits to the DMV
deltaburnt · 6h ago
Usually dependent on the area and their population density. I know people who would drive out to more rural areas just to get a quicker DMV experience.
The whole taking appointments but still making you wait kills me a little inside though. There's a world where these processes could be so seamless.
bee_rider · 5h ago
I had an ok time with the NY DMV. I think it just depends on when you go. If less people would go when it was busy, I guess the reputation would be better, haha!
dsego · 8h ago
> MOTs (annual vehicle safety tests) happen at any local garage.
Oh, I think we should have that in Croatia, since I'm doing yearly car service at my dealership and than still need to take my car to our national inspection station to get the car certificate renewed. Not sure why can't they organize a system were certified car garages can also inspect the vehicle and notify the Center for Vehicles. Maybe that would allow for more cheating but it's not like inspection stations employees are currently immune to taking a small bribe to overlook minor issues during the inspection.
lmz · 7h ago
The incentives are very different - private garages would be very incentivized to find nothing wrong with your car and business would gravitate to those with the least checks. The government stations would not have that incentive (actually maybe incentivized the other way - to make up problems that can be waved away with money, depending on how corrupt things are there)
dendodge · 6h ago
I'd have thought the private garages would also be incentivised to find problems - that they can then offer to fix for an additional fee.
As it is, I think most garages that offer MOTs in the UK are fair and honest, as the test is relatively strictly regulated, but I'm sure people do get ripped off.
rocqua · 5h ago
The Netherlands has private garages do the yearly recertification inspection (APK here).
There was a recent rise in 'remote inspections' where the garages had figured out tricks to avoid spot checks. This involved tricks like 'file the inspection very close before 17:00' or 'file the inspection result right before an actual true inspection' because apparently spot checks look at the last inspection.
They noticed the tricks as patterns, and are handling it. My point is, there is an incentive for private garages to do fraud here.
scarface_74 · 3h ago
You usually don’t. Licenses can be renewed online until you reach a certain age in some states where you have to go in to take an eye test. Car dealers will handle registration. If you buy from a private party you have to go in.
In metropolitan areas that have make you get car inspections like Atlanta, you go to a third party where the price is regulated and they send the results in. You still can do everything on line
sneak · 9h ago
Until recently you couldn’t do much online with the government in the US. In Nevada, you can do most of the routine stuff online now, too.
dsego · 8h ago
Kafkaesque bureaucracy, it's common to a lot of government institutions, they send you from one window to the next, there is always paperwork missing or something needs to be stamped. It seems like the whole process is not to serve the people but just there to perpetuate itself.
sails · 10h ago
Interesting distinction is deliberate vs unintentional accountability sinks.
DMV sounds more like incompetence than design. Compare with airline where the system is “better” when you have no recourse.
mannykannot · 8h ago
Starting in four days, you will need, to board a commercial flight in the US or enter a federal government facility, either a passport, an 'enhanced' or 'real ID' driver's license, or one of a small class of alternatives. This has increased the burden on state DMVs, and any resulting deepening of the accountability sink is at least partly due to not doing anything to mitigate a predictable situation.
dghlsakjg · 6h ago
The DMV is frequently just a case of under resourcing. For the most part, once you get to the counter your business can be handled in a few minutes. It’s the fact that it takes a while to get to the counter that’s the issue.
tgsovlerkhgsel · 8h ago
When dealing with companies, small claims court can be an amazing tool to fix the "nobody is responsible so you hit a wall" issue. The court sends a letter to the company, and either the company figures out who is responsible for dealing with it, or whatever process for collecting unpaid judgements eventually deals with the company (e.g. the famous "sheriff comes to repo the bank's furniture" example).
For companies, this is also fine, because in most cases the built-in processes work well enough, and in others people just give up, that handling the escalations through their legal department is manageable.
Unfortunately, this approach only helps for the subset of cases where the issue is monetary and/or can wait (and only if it happened in a country with a working small claims system).
yusina · 6h ago
The squirrel example sounds terrible, but people don't realize the danger that moving pathogen-carrying specimen across ecosystems poses. Introducing a disease into your local environment can have devastating consquences for wildlife or farming or both.
Example: Dairy farms have strict rules about not letting anybody in who was abroad within the last 48 hours because of possible spread of foot-and-mouth disease. There are many such examples and similar examples exist for wild ecosystems.
So, while it may seem cruel to kill a few hundred squirrels, the precaution is justified. The "guilt", if there is any, is with whoever didn't ensure all the paperwork is in order.
ethbr1 · 6h ago
The acute guilt levied wasn't about following orders and exterminating the ground squirrels...
... but using an industrial shredder to do it. (on 440 of them)
Anyone who did that to a live animal deserves to be in prison, orders or no. There are innumerable compassionate, humane ways to kill animals, if it's necessary.
yusina · 5h ago
I suppose you are vegetarian? Cause the amount of suffering that the majority of animals have endure which are killed for meat is on a similar level. (Transport to slaughterhouse and subsequent death by suffocation or boiling, depending on species.)
Or rather, vegan? Since average dairy cow or hen endures quite some suffering over their whole life too. In addition to then experiencing a similar death to what animals mainly used for meat production endure.
This is meant to point out that the shredder is a terrible machine, buy not categorically worse than how the typical production animal is treated at some point of their conscious life.
(To clarify, I'm personally neither vegan nor vegetarian so am not trying to elevate myself morally above you.)
I once booked a plane ticket from my home town airport to another country. The purchase notification said something like "PVA" instead of "POV". I looked it up and turned out, the newly built airport that had this exact code was about to open. In a week or so, so I assumed that I'm indeed flying from the new one and forgot about it. The purchase was made through a booking aggregator similar to Expedia.
On the day of travel I took a taxi to the new airport, which is 40 km outside the city. The taxi driver couldn't care less about where I was going. Upon arrival, there was much fewer people than I expected but I shrugged it off. At the entrance though I was asked where I was going and if I was an employee. Apparently the new airport was still closed and my fight was from the old, still functioning one. The one with the code not shown in the ticket purchase receipts.
Panicking since it was only about an hour until departure, I took a taxi back to the old airport, which was a desperate 40-50 minute drive to only realize the plane had already left.
I was flying abroad, with a connection the next morning, about 10 hours later. So I thought that the problem could be solved by just arriving there by any other flight, which I booked almost immediately. However, the airline representative (yes, there was a human to speak to that I could reach easily by phone) told me that a no-show for any segment of the flight invalidates all subsequent ones. There was no way I could convince her that it wasn't my fault. Perhaps there was a rigid process in place that disallowed her from helping, even though I'd make it to the second flight on time.
I ended up buying 2 new tickets, of course more expensive and less convenient ones. This taught me an important and rather expensive lesson on why connected flights with a single airline are sometimes the worst.
Funnily enough, I was bitten by this rule one more time when I didn't show to a flight in to the country due to visa issues (it was covid time) and wasn't allowed on the flight out of it because I didn't show up to the 1st flight, the flights being 1 week apart - but booked in one go.
As to the previous situation, I managed to get compensated by the airline (not even the intermediary!) about a year later after posting a huge rant on Facebook and getting their attention to the situation.
vishnugupta · 9h ago
OMG this stirred my memories. I was interviewing with companies in Amsterdam and Berlin. The Berlin recruiter made onward and return flight bookings for me from India. I though went to Amsterdam first on a separate flight because I was juggling the schedule. I thought it’s no big deal didn’t bother informing the recruiter of my side arrangement.
I then took a train to Berlin from Amsterdam, finished the interview and went to the airport for my return flight that was booked by the recruiter. To my absolute horror I was told that since my onward journey was a no show the whole PNR was cancelled. I felt like an idiot. Since then I double and triple check whenever I’m booking flight tickets.
oleggromov · 7h ago
Sorry to hear that. Sounds like not a lot of fun!
crazygringo · 6h ago
> So I thought that the problem could be solved by just arriving there by any other flight, which I booked almost immediately.
Why did you do that? Especially when that cost you extra money?
You should have talked to the airline directly, explained you'd missed your flight because they gave you the wrong airport, and the airline would have rebooked you and everything would have been fine. People miss flights all the time and this is an entirely normal process.
It's been standard practice for a long time if you miss a first leg, that you forfeit the rest. They're going to reuse those seats for e.g. other people who missed their original flights. It's a type of flexibility built into the whole system.
Connecting flights are super useful because you can work with the airline to reschedule the whole thing, and the airline is responsible if you can't make a connection because an earlier leg is delayed.
I truly don't understand why you would have taken it into your own hands to buy a separate replacement ticket on your own, instead of talking to the airline. Even in your second example, why didn't you work with the airline to reschedule your missed flight? Even if they for some reason can't reschedule, they will often keep your return flight valid if you have an obviously good reason (e.g. a visa issue during COVID). But you do have to contact them immediately.
I'm sorry you didn't know how all this worked, but when in doubt, contact customer service ASAP to see if they can help. Don't just go buy separate tickets on your own, and then assume later legs will still be valid. That's not how it works.
switch007 · 12h ago
> There was no way I could convince her that it wasn't my fault. Perhaps there was a rigid process in place that disallowed her from helping, even though I'd make it to the second flight on time.
Yeah they generally have the capability to prevent that auto cancellation of your segments (within a certain time frame) but in this case unfortunately they were unwilling or it was too late to catch it.
It's generally to protect revenue because buying A-B-C instead of B-C can be cheaper, and hoards of people used to just segments to save money. So they just assume everyone is trying to cheat them.
oleggromov · 11h ago
> It's generally to protect revenue because buying A-B-C instead of B-C can be cheaper, and hoards of people used to just segments to save money. So they just assume everyone is trying to cheat them.
Isn't it ridiculous in the first place that flying A-B-C is less expensive than B-C? These are the pricing games airlines deliberately play to make more money out of nothing.
Pamar · 11h ago
This is just an oversimplification though. If you had any experience about travel industry (or logistics) you would understand things much better.
Here is an example for you (from logistics): Sending a truck from Berlin to - say - Györ may cost 3 times less than sending the same truck from Györ to Berlin - even on the same exact date.
Is this because shipping companies try to make money out of nothing, for you?
nothrabannosir · 11h ago
A fair comparison would not be the return, but Berlin-Györ being more expensive than Vilnius-Berlin-Györ. Is that common in logistics, in your experience?
Pamar · 3h ago
This was a fabricated example, actually: I work in tourism not in logistic (but I have friends in that field).
My point was that to the layman this does not make any sense while if you are managing a shipping company you soon realize that some destination are more profitable because your truck that was maybe taking specialized replacements parts from A to B can easily pick up some other stuff to send back to A, while travelling in the opposite direction your truck has a high chance to travel empty on retutning to base... but you still have to pay the drivers, the fuel, the maintenance and possibly tolls.
nothrabannosir · 3h ago
The point some of us are making in the replies is that, while true, this is not an appropriate comparison to airline travel rules.
Do you agree there is a difference between charging more for a return, vs charging more for a leg of a compound trip?
freehorse · 8h ago
And what is the actual explanation that actually makes sense (apart from profit increase)?
I have booked flights A->B->C and got down at B because that was cheaper than booking A->B only. Not sure where this all makes sense at all.
oleggromov · 7h ago
It seems to me that since airlines can't force you on a plane except for taking your luggage hostage, you're free to drop as long of a 'tail' as you wish. I'm wondering whether they'd put you on a black list or something for doing this consistently.
scarface_74 · 2h ago
It’s called “skip lagging”. The airline can possibly try to collect money and if you do it often, ban you from flying with them.
The reason is happens is that take for instance ATL (former home). ATL is a Delta hub and has direct flights to a lot of places that other airlines don’t. Between people preferring direct flights and the lack of competition, they can charge more.
But flying out of MCO with a layover in ATl, they lose the non stop flight advantage and they have to compete with other airlines.
Also ATL sees a lot more price insensitive business travelers than MCO. Businesses aren’t going to force their salespeople and consultants on one of the low cost carriers.
Pamar · 8h ago
The full explanation would take a wall of text (and still let you unconvinced because you feel entitled to do as you please, probably).
Super-condensed version: civilian flight are a pretty difficult "product" to handle efficiently. Price increases until 1 minute before closing the airplane doors, then falls to zero.
On top of that, the product "provider" also needs its own product in order to move personnel and technicians all over the globe, but of course they cannot just cannibalize their own products beyond the point of profitability.
Plus they have to handle rebookings and passenger protection in cases like delays, sudden airport close-down and so on. (Have you ever been on a waiting list, btw?).
All this is pretty complicated to manage already, so they need to exert as much control as possible on yield and occupancy.
TL;DR: a flight is not a bus ride. So if you just decide to cut it short the airline will try to reuse your vacant space for whatever reason.
oleggromov · 10h ago
Of course I can understand it from their point of view. But this doesn't make it any more sensible to me as a consumer of their services.
In the aforementioned situation I wasn't trying to exploit the airline, it was a simple mistake that happened and could be easily alleviated. But the rigid processes, precisely the ones where accountability sinks, made it impossible for the humans involved to correct the mistake.
I still stand by the ridiculousness of that. If not the logistics quirks per se, then the fact that this completely unrelated matter dictated the resolution of the situation against common sense and my interest.
What makes this even worse is that presumably the PR department of that very company had to be involved later and they still spent their employees' time and money to compensate me for the mistake that could be corrected for free.
xingped · 11h ago
I think that's a misrepresentation though because A to B is not a subset of B to A. Whereas B to C is a subset of A to B to C.
Pamar · 3h ago
If you are answering to my Berlin->Györ example:
Yes, it is not exactly the same thing but the point is: by getting off at B you are making the B->C flight travel with a wasted (empty) seat.
Which they would have preferred to either sell to someone else or use for moving a pilot or technician to C.
(Note also that this trick of getting out mid-itinerary only works if you do not have checked baggage, because that will arrive in C, and neither the airline nor the airport will be happy to reroute it to wherever you thing you want to go next.
Flying is expensive and logistically complex. Just making sure you end up where your ticket say is complicated. If you (as a customer) decide to change your plans you are making everything more complicated (and possibly preventing other customers to pay for the whole itinerary).
charcircuit · 10h ago
>Isn't it ridiculous in the first place that flying A-B-C is less expensive than B-C?
It's no more ridiculous than something being cheaper at a liquidation store than a retail store.
Pamar · 12h ago
Yes, sorry for your problem but no-shows automatically invalidate everything else. If you decide to cancel part of a trip due to unexpected events, train strikes or whatever that is not directly under control of the airline itself you must contact them and make sure they will not cancel the rest (including the return flight).
oleggromov · 12h ago
Leaving aside the no-show rule, which doesn't make much sense to me, this situation is a good example of an accountability sink.
The intermediary I booked the tickets with made an obvious mistake and showed the wrong airport code. Maybe the airport opening was meant to happen earlier, and the intermediary had already updated their emails or something like that. They refused to do anything meaningful and did not even acknowledge their mistake.
The fact that I was compensated by the airline that had nothing to do with this mistake is even more astonishing to me, although they were obviously protecting their brand reputation.
Pamar · 11h ago
I was not trying to dispute the accountability part. Btw my company was hit by the delayed opening of BER airport. Colleagues had to rebook thousands of tickets because the BER iata code had to be "retconned" to use TXL again... so I am more than happy to sympathetic with your problem, trust me.
charcircuit · 10h ago
>Leaving aside the no-show rule, which doesn't make much sense to me
A->B->C can be cheaper than B->C. If people could skip flight A, then people already in B would buy the cheaper A->B->C.
vishnugupta · 6h ago
I could probably be convinced of this reason.
But why would they cancel B-A when there’s a no show for A-B? More so when there’s a few days gap between A-B and B-A? The only issue being they were booked as a single itinerary/PNR. I don’t see what cost has got anything to do with it.
Pamar · 3h ago
Because they could use the now "vacated" seats for:
- Last minute travellers (who pay significantly higher for this)
- move their own personnel from B to A
- alleviating problems caused by overbooking, canceled flights, delayed flights or any other disruption.
hliyan · 9h ago
A few things came to mind as I read this.
1) About 8 years ago I was gifted a copy of Ray Dalio's Principles. Being a process aficionado who thought the way to prevent bureaucracy was to ground process in principles, I was very excited. But halfway through I gave up. All the experience, the observations, the case studies that had led Dalio to each insight, had been lost in the distillation process. The reader was only getting a Plato's Cave version. I used to love writing spec-like process docs with lots of "shoulds" and "mays" for my teams, but now I largely write examples.
2) I live in a Commonwealth country, and as I understand (IANAL), common law, or judge made law, plays a larger role in the justice system here than in the US, where the letter of the law seem to matter more. I used to think the US system superior (less arbitrary), but now I'm not sure. Case law seems to provide a great deal of context that no statute could ever hope to codify in writing. It also carries the weight of history, and therefore is harder to abruptly change (for better or for worse).
3) Are human beings actually accountability sinks? This is only possible if they are causal originators, or in Aristotlean terms, "prime movers", or have pure agency, or are causa sui. But the question is, once we subtract environment (e.g. good parenting / bad parenting) and genetics (e.g. empathy, propensity toward anger), how much agency is actually left? Is it correct for our legal and ethical systems to terminate the chain of causality at the nearest human being?
FabHK · 7h ago
2) The US is considered a common law jurisdiction.
ChrisMarshallNY · 9h ago
I have a feeling that AI will be used to replace the folks that might get squeamish.
If I understand it correctly, that's what United Healthcare was doing, that got people so mad at the guy that was shot. He brought in "AI Denial Bots," so the company could knowingly cause the death of their customers, without having any "soft" humans in the process.
Greaber, if I remember right, argues that modern bureaucracy started with efficient means of communication. He squares the Deutsche Post as the milestone, as they made the whole population available to be controlled. Now the state could send them letters, count them, enlist them in the military etc.. It's a brilliant observation: communication technology is the main tool of the bureaucracy. The tangent he takes fron there is even more brilliant: we have been heavily focusing and improving the communication tech (telephone, fax, tv, radio, internet, social media) but not necessarily the tech to reduce thr burden of work for the masses (robots!). If you would ask someone 100 years ago how the future would look like, people would almost invariably say they would need to work less in the future, abd at some point they invariably expected to have robots do all the work. Yet, all we got is smartphones that watch every movement of us, makes us available to the employer anywhere and anytime, hence more means to control us by state or, exceedingly, private bureaucracies. There's a reason why AI boom is happening, as this is the next tech on the bureaucracy tree.
This being said, none of these tech are bad by themselves. It is the shape they took and the way they are used in contemporary society. To tie with the OP: we have communication tools available to us that is billions of times more efficient and effective yet the customer service, or any interaction with any big corporation (as a customer or employee) or state got so much worse and impersonal. Impersonal as in, individual cases do not exist anymore, only policies. One could have expected to escalate a claim back in late 19th century by just writing letters and eventually get to someone, or even just show up at the offices of a company and get their problem resolved (this is still the case in developing countries). Can we expect this now?
gavmor · 3h ago
More reachable, more accountable, and more surveilled by whom?
And can we flip the relationship, creating dashboards or whatever from which agentic systems reach, hold to account, and surveille right back?
I'm thinking pro-active agents that escalate for you, sinking their teeth into interactions with large organizations like a dog with a bone.
bgnn · 1h ago
It's the upper layer in the hierarchy that creates the impersonal "I'm just following the rules" behavior, aka accountability sinks. Surveillance is basically strengthening this, as every step of an employee can be traced. And you are 100% right, these technologies, as I wrote above aren't malicious or something and can be used on the opposite, and should. Ease of access to someone with decision making capability should make desicion makjng easier, not harder. We should be able to hold higher ups responsible.
1dom · 8h ago
I read most of this agreeing with everything the author was saying, sometimes in a "I already thought that" but often in a "huh, that's a really cool insight." I quite like the style too.
As a Brit though, I was completely blindsided by the inclusion of Dom Cummings. I'd forgotten he existed. Seeing his and Boris' attitude to PPE provision discussed in a positive light without any mention of the associated scandal[1] made me a bit uncomfortable. Without getting too political, they claimed to have solved a problem, but whether or not it was a justifiable, sensible or legitimate solution is probably going to be debated for decades.
>> We did that. But only the Prime Minister could actually cut through all the bureaucracy and say, Ignore these EU rules on Blah. Ignore treasury guidance on Blah. Ignore this. Ignore that. “I am personally saying do this and I will accept full legal responsibility for everything.”
> By taking over responsibility, Johnson loosened the accountability of the civil servants and allowed them to actually solve the problem instead of being stuck following the rigid formal process.
Of course this also can have pretty severe negative consequences. In the U.S., thanks to a recent Supreme Court ruling, the president has immunity from criminal prosecution under certain (yet to be fully determined) circumstances. If the president then "takes over the responsibility" for obviously illegal actions, and is immune from prosecution for those actions, you now have a civil service unburdened by any responsibility to follow the law. And there are some 3 million odd workers in the U.S. federal government.
That the conservatives on the Supreme Court did not consider this danger, especially in light of who occupies the office, is still astounding to me.
melvinmelih · 9h ago
According to Dutch law, you lose your Dutch citizenship if you accept another nationality. The Dutch embassies (who are responsible for renewing Dutch passports abroad) are well aware of this law and have processes in place to refuse a passport renewal if you can’t provide proof of temporary residence in the country you reside in. The local institutions however, don’t have these processes in place and are generally not aware of this law because it only happens to a tiny little percentage of the population. And nobody updates the national registry with your new nationality because that’s the responsibility of local municipalities, not the Department of Foreign Affairs. So if you decide to simply renew your passport in the Netherlands instead of abroad, they’ll just give you a new passport because you’re still registered as a Dutch citizen at the local level and they don’t have a process in place to check your foreign nationality.
Don’t ask me how I know :) It is one of the few accountability sinks that doesn’t affect me negatively.
apexalpha · 9h ago
There is also a fun - legal - bypass to this.
The Dutch law doesn't say you 'can't have a second passport'. It only says: 'you can't have a second passport at the time you get your Dutch one'.
So countries like the UK allow their citizens to 'renounce' their UK citizenship, get a Dutch one, then get their UK one 'back'.
ungreased0675 · 1h ago
Generalizing here, but it’s a sign of a bad process when it’s thrown out in an emergency.
Crisis is when well-thought out, tested procedures should be used, at least as a starting point.
roenxi · 13h ago
Another fun one is asking for a higher salary - for obvious reasons moderately sized companies have formal systems that make it logically impossible to do on an employees initiative (the boss doesn't control salaries, payroll doesn't control salaries and all the formal systems point to the boss and payroll). The real approach is that a worker has to somehow convince one of the people with serious power to overrule the default systems.
But the important thing to recognise is there are always people who can overrule a given formal process and they are being held accountable to something. The issue becomes what their incentives are. In the success stories in this article (like the one where the doctor saves a bunch of people) the incentives lead to a good outcome when the formal system is discarded. In the leading ground squirrel example someone without doubt had the power to prevent the madness and didn't because their incentives led them to sit quietly in the background hidden from history's eye. Ditto the Nazi example - obviously there was someone (probably quite a few someones) who could have stopped the killing. They didn't override the system because they through it was performing to spec, and it is probably difficult to prove they were in hindsight because informal systems don't get recorded.
amos-burton · 12h ago
If the incentive is the culprit, then the airport employee acted out of her mind because her own survival was more important than to act human... therefore, she is biologically similar, but spiritually guided differently. she would never tell you she gave herself or sacrificed (big word) to it (big word), she never knew anything else really, she saw things through the window all along her life, but never got to really experience it, it is so inconvenient to her, she whispered.
she feels more than a children of the cities, she has embodied them.
lotsofpulp · 10h ago
> the boss doesn't control salaries
I would call them a supervisor then.
It’s not logically impossible for any buyer to decide to pay or not pay more to a seller, it just depends how replaceable the buyer thinks the seller is, and how much they care (the buyer could be retiring with golden parachutes before shit hits the fan).
EZ-E · 7h ago
> The card design only allowed for 24 characters, but some applicants had names longer than that. They raised the issue with the business team.
> The answer they've got was that since only a tiny percentage of people have names that long, rather than redesigning the card, those applications would simply be rejected.
Long names are a pain. This happened to me when I tried to open a bank account in Vietnam. Similarly bank tellers in China were always puzzled and needed to call supervisors when having to enter the information. Also airport auto gates frequently fail for me, and systems that want me to enter your full name in a form will reject my input more often than not. When I'm asked to sign my full name with my signature, it hardly fits and I need to write in tiny letters.
If I ever have children I'll name then with something short, with no special characters. Something like Tim, Kim, Leo... Otherwise they will always end up the edge case.
Tepix · 13h ago
I think this is one of the most fascinating aspects of solo non-stop around the world sailing: You have no one to blame other than yourself. It puts you into a mindset that is unique in this day and age. The sailors, when interviewed after their ordeal, also mention it a lot.
nicbou · 13h ago
Same with overland travel. You either caused the problem or allowed it to happen. Either way it's your job to fix it and it's the only way to keep going. It requires preparedness, flexibility and resilience.
I remember many messes where I just stood there thinking to myself "alright nicbou, what did we learn today?"
rollcat · 12h ago
In 2012 I've spent almost the entire year hitchhiking around Europe. Mostly alone, sometimes in a small ad-hoc group that would part whenever we had to take different turns. Sometimes there is someone else to blame: a driver who dropped me off in a far worse place (like in the middle of a busy highway); a mate who almost blew all of us up when mishandling a gas cylinder; unsolicited exhibitionism; etc.
Well, shit happens. Pick your stuff up and carry on.
vemom · 10h ago
There is no blame on holiday. Something will go wrong (how can it not?)
DangerousPie · 12h ago
Interesting article, but picking Johnson and Cummings's handling of Covid as a positive example is a very odd choice, given their falling out and the numerous corruption allegations and parliamentary inquiries into their actions since then.
ninalanyon · 8h ago
Surely it is that specific example that counts. It seems perverse to dismiss one sensible decision on the grounds that the persons concerned made many other bad decisions. It's the decision that is the focus not the persons making it.
MzxgckZtNqX5i · 10h ago
I 100% agree with you, but it looks like that specific, single instance is a clear example of the famous broken clock being right twice a day.
ninalanyon · 12h ago
> Bad people react to this by getting angry at the gate attendant; good people walk away stewing with thwarted rage.
I disagree, slightly. We have to expect some degree of ethical behaviour from everyone, even those who nominally have no room to manoeuvre. If everyone in such positions were to disobey unjust orders the orders would eventually have to change.
Walking away stewing in rage does nothing except fill you with damaging hormones.
red_admiral · 10h ago
If I ever feel like writing my own "12 Rules for Life", one of them is going to be called "Don't yell at the Barista" or some version of that. You can get angry, but not at the person who would probably get fired for showing initiative. Find the people actually responsible and yell at them.
ninalanyon · 7h ago
Being angry is not synonymous with being abusive. Your assumption that they would be fired for showing initiative says a lot about the society that you live in. I'm glad that generally where I live we expect people to take responsibility and their managers to support them. It doesn't always work of course.
lazide · 10h ago
and enables the situation at the expense of your own health.
CamouflagedKiwi · 4h ago
In my experience, the credit card example is _usually_ solved in a practical way which is still somewhat bad, but allows the person to at least get a card: They abbreviate one or both names in some way for the card.
As crappy as the system with its max length for people's names, it's common to allow first initial + surname. It also works very badly for non ASCII names - to my understanding, I _think_ people in East Asia just have to use romanisations if they want to have a Mastercard. This all sucks, but it's a bit more than "the card design" - it's quite fundamentally baked in to how the whole system works. There aren't a lot of systems out there which are based on more aged and legacy technology than card networks.
CalRobert · 13h ago
As sad as things turned out for the squirrels it’s bizarre to worry too much about 440 squirrels dying in a country with lots of meat farming…
scotty79 · 13h ago
They even mention that the shredder was designed for newborn chicks. So something we routinely do to thousands and thousands of chickens is somehow suddenly horrible if they did it to random 440 squirrels that couldn't be accounted for.
vemom · 10h ago
You somehow can't apply logical statements to what we choose to kill and eat. Cultures differ on their opinions here. But at some extreme we should all be vegan.
scotty79 · 10h ago
The logic is simple, we eat what's convenient to produce and we construct our morals around that.
Thorrez · 10h ago
Meat costs a lot to produce. We eat it because it tastes good, not because it's convenient.
aziaziazi · 9h ago
True. Habits also play an unconscious role and tradition a conscious one. To demonstrate the former: bellow two studies on cats exposed pre, peri and post natal with a specific aroma. From the first abstract:
> We conclude that long-term chemosensory and dietary preferences of cats are influenced by prenatal and early (nursing) postnatal experience, supporting a natural and biologically relevant mechanism for the safe transmission of diet from mother to young.
I'll add that habits and taste can change later in the life voluntary or involuntary: There's plenty of people that "learn" to like something they didn't in their youth for many reason: new cultural environment, health, curiosity...
scotty79 · 9h ago
No. Dogs also taste good but they are way less convenient to raise per kilogram of meat then cows. That's one of the main reasons we rather eat cows, pigs and poultry than dogs, dolphins, squirrels or guinea pigs.
People do a lot of expensive and wasteful things just because they are convenient in many domains of life.
Meat isn't tasty. If it was you wouldn't always eat it fried almost to a char with salt and spices. Tasty things you can just eat straight up. Meat is easy. It's easier to keep some cows on grassy hill then kill them, than to create and maintain a field there.
Meat is also easy to cook and eat. It digests nicely. It can be used in mono diet with no immediate ill effects. It's a no-brainer food even an idiot can use to sustain themselves. It's hard to poison yourself with it because if it's not fresh it stinks like hell.
barrucadu · 3h ago
> Meat isn't tasty. If it was you wouldn't always eat it fried almost to a char with salt and spices.
Allow me to introduce you to the concept of "steak".
the_af · 7h ago
> If it was you wouldn't always eat it fried almost to a char with salt and spices.
I agree with the rest of your comment, except this.
You eat your meat "always fried to a char"? What? Also, I barely add some salt to it. Many people add way too much salt though.
CalRobert · 13h ago
Interestingly if you’re denied a credit card in Europe a subject access request can be very helpful for understanding why
ffsm8 · 12h ago
It's only related to what he wrote but it reminded me of something that low-key annoys me whenever I hear Americans talk about the Holocaust.
I know he only touches on it very slightly and indirectly raises a related point to what annoys me about most coverage about it.
It's pretty simply that the people that were systematically slaughtered during that time period were classified to be Jews, Gypsies and other "undesirables", but they were first and foremost German and identified as such.
Nazi Germany didn't kill "other" people, it systematically alienated groups of the population to then eradicate them, by first walling them off to make communication impossible, then spreading enough propaganda to make the average Joe no longer consider them his neighbor.
Seeing the social climate all over the world change, chief among them Americas, does make me think this lesson hasn't been taken in whatsoever.
The first step to atrocities is always to cut of communication between the groups, and people nowadays are actively doing that themselves now - not artificially enforced like it was back then.
lazide · 10h ago
At first yes, because they had control over the German Jews. It expanded of course as their control spread through conquering.
ffsm8 · 9h ago
Absolutely, the atrocities didn't stop there. That was only the beginning. I didn't mean to insinuate that only Germans were mistreated. The sociopaths running the government in Nazi Germany were very methodical about it and forced everyone into becoming either a collaborator or victim themselves, facilitating even more atrocities as WW2 progressed
vishnugupta · 9h ago
David Graeber has written a really good book about this exact topic and one that I highly recommend. He explores why and how bureaucracy crept up on us.
“ The Utopia of Rules: On Technology, Stupidity, and the Secret Joys of Bureaucracy”
The conclusion of Davies' second extract — about e.g. being bumped off a flight — is recognisable but the conclusions are actually wrong. The situation in these cases is actually more subtle. The person you're speaking to does normally have some capacity to escalate in exceptional cases. But they can't do it as a matter of course, and have to maintain publicly that it's actually impossible.
The people who get what they want in these situations are the ones who are prepared to behave sufficiently unreasonably. This is a second order consequence of 'unaccountability' that Davies misses. For the customer, or object of the system, it incentivises people to behave *as unpleasantly as possible* — because it's often the only way to trigger the exception / escalation / special case, and get what you want.
Tabular-Iceberg · 9h ago
The KLM squirrel problem is arguably the opposite problem as all the other examples. It would have been a simple matter to call up KLM's corporate counsel and have them figure out how to both comply with the government's order and the country's animal welfare laws.
So really a case of not enough bureaucracy rather than too much.
jll29 · 1h ago
You can't get a credit card because your name is too long?
You can't pass immigrations because you don't have a last name?
The future is not made for you, because progammers and designers didn't get requirements that match the diversity of this beautiful world.
It remindes me how someone I know often makes complicated food orders
in restaurants (modfying or replacing items on the menu), and then they
get disappointed or complain because their wishes are forgotten or screwed
up. I never make changes to a menu item, because I assume they are unable
to accommodate me (either due to stress, lack of intelligence/memory, bad
process e.g. not writing down customers' orders etc.). As a result, I get
disappointed less often on average - make your oder "compatible" with the
realities of this world to avoid disappointment and stress.
There is actually an official procedure for U.S. Immigrations dealing with people who have names that cannot be split meaningfully into first/last names, e.g. some people from India. Assume your name is "Maussam", then you are permitted and expected to fill in that string in BOTH fields, first name and last/family name, when booking a flight or applying for visa. (A similar hack
could be devised for names that are "too long".)
Overall, these examples are reminiscent of the movie Brazil (1985), which is about a dystopian future in which a plumber that helps people fix their toilets gets hunted as a terrorist because he didn't fill in the right form.
My theory is the world has been gradually converging towards the absurd state parodied in that movie.
Airlines are not the only ones that get less and less
accountable. We should stop spending our money with companies that communicate with us using email spam services the address of which begins with noreply@fubar.com.
Both that item and this item add the unique perspectives of the authors, but both are about issues raised by Dan Davies' Unaccountability Machine. So if you like this thread, you might like that thread.
aaviator42 · 5h ago
The link you shared is to this thread
markus_zhang · 9h ago
The TV series Yes Minster and Yes Prime Minister have a lot to say about accountability in the governments.
cckolon · 5h ago
Reminds me of a Rickover quote:
"If responsibility is rightfully yours, no evasion, or ignorance or passing the blame can shift the burden to someone else. Unless you can point your finger at the man who is responsible when something goes wrong, then you have never had anyone really responsible."
srameshc · 9h ago
The moment I saw 250bpm, my mind took me to ZeroMQ and indeed it was Martin. Then ofcourse Pieter Hintjens came to my thoughts next. I just loved ZeroMQ but I don't use it anymore. Good to find Martin's blog and a great writeup.
sillysaurusx · 5h ago
I don’t see anyone mentioning it, so: I was disappointed that an otherwise interesting post was turned political.
> This is why even the well-off feel anxious and restless. We may have democracy by name, but if the systems we interact with, be it the state or private companies, surrender accountability to the desiccated, inhuman processes and give us no recourse, then the democracy is just a hollow concept with no inner meaning.
> You can't steer your own life anymore. The pursuit of happiness is dead. Even your past achievements can be taken away from you by some faceless process. And when that happens, there’s no recourse. The future, in this light, begins to feel less hopeful and more ominous.
> It’s eerie how much of today’s political unrest begins to make sense through this lens.
No, your past achievements aren’t taken away from you. When you’re wronged, you almost always have recourse, up to and including making a big stink on social media. Private companies aren’t meant to be political democracies. They’re in fact almost explicitly designed to be authoritarian, because it works well. You don’t suddenly live in a not-democracy just because the companies have a CEO and middle managers that set up processes.
I wish the rest of the post wasn’t called into question by this hyperbole, but it is. It makes some interesting points, but ultimately it feeds into a natural desire to be pessimistic. Which means it’s entertainment rather than an analysis.
cbsmith · 4h ago
There's also the nice sidestepping of the whole issue of human judgement comes with the baggage of ignorance and prejudice. Yes, the article acknowledges that processes can be largely beneficial, but it focuses on the horrors of the processes, while glossing over the horrors of NOT having the processes.
rwmj · 12h ago
> Eventually, employees noticed a problem: The card design only allowed for 24 characters, but some applicants had names longer than that. They raised the issue with the business team.
I'm looking at you, ANA Mileage Club card! 24 characters should be enough for anyone according to their database. They even have a whole page dedicated to how you should work around it (I tried, this procedure & indeed it lets you truncate your name, but then you won't be able to associate any tickets you purchase in your real name with the card). https://www.ana.co.jp/en/jp/amc/reference/merit/procedure/in...
nottorp · 9h ago
That's a .jp site. Is it 24 kanji? That should be plenty of space :)
rwmj · 6h ago
Yup, 24 moji :-)
Thorrez · 10h ago
> And it turns out that the German soldiers faced surprisingly mild consequences for disobeying unlawful orders.
Huh. Franz Jägerstätter was executed for refusing to fight in the war.
hamandcheese · 8h ago
Franz Jägerstätter was not a soldier.
the_af · 7h ago
There are many documented and studied cases where orders to carry out massacres which were disobeyed carried no harm to the German who refused.
Mostly demotion or transfer to a different area, but no execution or jail time. Sometimes not even that.
I'm talking about not taking part in massacres (e.g. shooting unarmed women and children, locking people in a barn and setting it on fire, etc), not about refusing to fight, cowardice, aiding the enemy or actual treason.
zbentley · 5h ago
Another terrific write up on this subject is Jen Pahlka (cited in the article)’s essay on the “cascade of rigidity”.
majke · 13h ago
I didn’t realize Martin is blogging again! Hurray!
CommenterPerson · 6h ago
All the Republican Senators and Congressmen/Women .. I am looking at you.
bdangubic · 6h ago
Democrats too :)
mykowebhn · 9h ago
Does Kafka, the writer[1], come to mind for anyone?
[1] I dislike that I have to specify. I wish there were still only one common reference for this name.
mtndew4brkfst · 9h ago
So why not elaborate as "Franz Kafka" when you mean the author? It can only clarify and it just takes 6 more characters. People who know both won't be bothered, and people who know neither will have a better time looking up the context.
layer8 · 8h ago
GP would just have put the footnote on "Franz" rather than on "the writer" then (and may have had to look up Kafka's first name). I don’t think 6 vs. 12 characters makes that much of a difference.
red_admiral · 10h ago
> Bad people react to this by getting angry at the gate attendant; good people walk away stewing with thwarted rage.
> You ask to speak to someone who can do something about it, but you're told that's not company policy.
People somewhere in between realise that the point of the gate attendant (or Level 1 tech support person) is to shield management from customers, so you have to outflank the shield.
Being yelled at by a customer is bad for the Level 1 support person, although there's usually a policy in place for phone support that you can hang up if the customer is getting aggressive. What's much worse is saying to management "hey here's something you might want to look at" and being super yelled at by their boss for not doing their duty of keeping the customer away from the higher-ups. That kind of thing can get you fired.
But you can hack the system in many ways. The point is to find someone higher up without going through the person who's not allowed to help you, and without blaming them for doing their job.
Some possibilities: find the higher-ups on linkedin, speak to a company rep or executive personally at an event if your professional circles overlap, send a printed physical letter to someone in control, and so on.
Something I've seen work many times: if you're a student, find out about the university's management structure and ask for a personal meeting with the Dean of X of whoever sits above the department admin person who's assignment is "we've taken this decision, now make the students happy with it". A dozen students asking to personally speak with the Dean or President lets them know something's up and the shield was ineffective. Since there's usally some kind of statement of values about how the "student experience" is central to everything they do (read: "students are paying customers"), they can't just turn you away.
thomastjeffery · 1h ago
This is the same reason that computers suck.
Every program you ever run will precisely follow the same set of rules, because it is those rules.
There's a missing piece that no one has really managed to implement on computers: backstory. The reason why a program's rules are written is much more important than the rules themselves, yet we haven't found any way to write the reason why.
The most important feature of backstory is that it's dynamic. The meaning of a story can be completely changed by simply replacing its backstory. Whether it's a computer program or a societal organization, a decided system must be ignorant to its backstory. There is no place in a decided system to implement context. It turns out that this is a core feature of computable systems: they are context-free.
---
I've been working on a way to change this, but it's such an abstract idea, it's been hard to actually find (and choose) where to get started.
hbsbsbsndk · 7h ago
I find some startup leaders really struggle with this if they come from a Big Corp environment. If you're a CTO or VP or Director of Engineering for like 20 people, you're actually going to have to decide things. Yes at your previous roles you could follow a flow chart or whatever but here you have to actually take accountability. Watch them tap dance trying to avoid committing to anything.
GenshoTikamura · 7h ago
The pyramid on the dollar bill is built of human bricks which believe that they are free from repercussions of their actions under orders from above. But real karma is much more of a bitch than even HN moderation
einpoklum · 13h ago
> Bad people react to this by getting angry at the gate attendant; good people walk away stewing with thwarted rage.
Notwithstanding the rest of the column, this particular example brings the following thought to mind:
It could actually be argued that getting angry at the gate attendant is not a "bad people" response. Suppose that under those circumstances, the typical individual passenger would demand the gate attendant to either let them onto the flight, or compensate them reasonably on the spot, and if denied - even with a "it's not within my authority" - inform their fellow passengers, which would support the demand physically to the extent of blocking boarding, and essentially encircling the gate attendant until they yield (probably by letting the original passenger onto the plane), and if security gets involved - there would be a brawl, and people on all sides would get beaten. Now, the individual(s) would would do such a thing may well suffer for it, but in terms of the overall public - gate attendants will know that if they try to do something unacceptable, it will fail, and they will personally face great discomfort and perhaps even violence. And airports would know that such bumps result in mini-riots. So, to the gate attendant, such an order would be the equivalent of being told by the company to punch a passenger in the face; they would just not do it. And the airport would warn airlines to not do something like that, otherwise they would face higher airport fees or some other penalty. And once the company realizes, that it can't get gate attendants to bump passengers this way, it will simply not do it, or authorize decent compensation on the spot etc.
Bottom line - willingness to resist, minor ability to organize, and some willingness to sacrifice for the public benefit - can dismantle some of these accountability sinks.
a good "collective response" would be to deny the non-agency of the gate attendant. That is,
nathan_compton · 5h ago
You can deny the non-agency of the gate attendant without getting angry. My personal feeling is that no mature adult should ever get angry really under any circumstances, though I don't expect this or really blame people for being angry.
MaxikCZ · 12h ago
Still wouldn't change a thing. The gate keeper has no say into who gets let on the plane and who doesn't, they are there just to enforce the decision.
The only way to get this solved is if in the executive meetings one person goes "Our processes that bumps people resulted in xxxxxx cost, that's too much".
The way those costs are incurred doesn't matter, if its direct compensation or fines, but unless you can attach a price tag to it, nothing will change.
einpoklum · 10h ago
> The gate keeper has no say into who gets let on the plane and who doesn't, they are there just to enforce the decision.
No, that's not true. He is literally, physically, the gate keeper: To pass the gate, he has to let you pass. Now, you could insert another gate keeper into the scenario at the entrance to the airplane, or some turn-style with a scanner etc. but that wouldn't change the basic argument, just make the scenario a little more complex.
immibis · 7h ago
You misunderstood the point they tried to make. If a gate attendant was told to punch someone in the face, they still wouldn't. They'd probably get fired for not punching someone in the face, then win some civil suit for their lost income.
If rejecting people from flights without explanation was socially considered the same way as punching in them the face, they wouldn't do that, either.
(A very short overview of Dan Davies' book, quoted in TFA, that came up with the term)
EDIT: complementing book mentioned in that thread
Cathy O'Neil's "Weapons of Math Destruction" (2016, Penguin Random House) is a good companion to this concept, covering the "accountability sink" from the other side of those constructing or overseeing systems.
Cathy argues that the use of algorithm in some contexts permits a new scale of harmful and unaccountable systems that ought to be reigned in.
Great post and discussion as well! I learned from that about two just cultures and their different views of what "accountability" even is.
gsf_emergency · 12h ago
>If you combine those two frameworks, you could conclude that to be accountable for something you must have the power to change it and understand what you are trying to accomplish when you do. You need both the power and the story of how that power gets used.
divan · 11h ago
This, and I think it gets deeper. I started reading more about history of "just culture" and it seems like historically it was the dominant culture of justice in the tribes and smaller communities.
It's the _just culture_ focused on repairing the damage – for the victim and for the community – and trying to fix the reasons and integrate the offender back into life (otherwise community would end up being a bloodbath of revenge and dies out).
What wasn't obvious to me is that switch from restorative justice culture to retribution justice culture happened for economic reasons. At some point of nation states formation, crime became an act of offence against the king, not the community. You didn't do wrong to the community, you "disobeyed the rule of king" and thus has to be punished. The whole "justice transaction" became a deal between an offender and the state/king, instead of community and victim and offender. Paying retribution fee became a source of income for the kingdom, incentivising this type of justice culture. Victim and community was largely left untouched by this new type of "fixing justice". Pretty dramatic change.
gsf_emergency · 7h ago
My eyes opened a little bit!
"Sidney Dekker" & "lese majeste" or even "Wilhoit" returned nothing interesting, so that's a new open secret (if I didn't totally misunderstand, that is)
Aside: does that make "The United States " a careless sovereign (monarch) in your book? -- most criminal cases are "The U.S. vs ____": not only are community/rehabilitation afterthoughts, nobody looks forward to any pleasure of a Majesty. The Judge+Jury as Middle Finger & Thumb of the Invisible Hand?
immibis · 13h ago
Heh. 6 months ago someone mentioned Deutsche Bahn and Switzerland. Deutsche Bahn is now banned from operating trains into Switzerland, by Switzerland, because they are never on time.
gsf_emergency · 12h ago
There's a HN discussion for that too (2 days ago), maybe you're referring to that :)?
>The SREs were accountable to the higher ups for the service being up. But other than that they are not expected to follow any prescribed process while dealing with the outages.
That's because hard work and being serious about your tasks do not get you promoted.
canterburry · 9h ago
The reasons we suffer these accountability challenges are often rooted in that anyone holding someone else accountable, may experience negative consequences to self...and those are often estimated as too high to do "the right thing".
If the governing part at the time of the Nazi trials actually held each and every person involved accountable, would they win the next election?
If a company holds their employees to the actual standards laid out by their policies or guidelines, what would attrition look like? Would they immediately be short staffed critial roles? Would they loose a key employee at a very inconventient time?
These are the real reasons preventing us from holding people accountable.
scotty79 · 13h ago
Another major accountability sink is employment. Employee is shielded from financial responsibility for the damage he incurs while working. While he may be punished for disobeying orders or acting criminally, he's not financially responsible for the fallout (especially if he was only doing the things he was ordered to do and/or reasonable things). Doing a job is inherently risky behavior. If you are doing it in a context of financial amplifier (a company) in a regulated society that can quickly hunt you down and destroy your life if you misstep then in the absence of accountability sink protections barely anyone would be brave enough to get employed. That's also why LLC exist. To enable risk taking by promising to not hunt you to the bottom if you fail.
hliyan · 8h ago
I would say that corporate personhood is a better example. It seems very natural to us, but I'm not sure if it's an idea other intelligent species would also independently arrive at.
TeMPOraL · 6h ago
I think GP's example is better, definitely more familiar. That's the fundamental difference between employment and running your own business: you're trading away both the downsides and upsides of business risk, in exchange for a stable, predictable salary.
scotty79 · 8h ago
I don't see it natural at all. I think it's quite insane concept. A corporation is obviously not a person and even if you pretend it to be a person why only good things come from it for a corporation? Why isn't it sentenced to death and executed when it kills 11 people?
Why corporations are allowed to own other corporations? Isn't it a slavery?
Muromec · 11h ago
>If you are doing it in a context of financial amplifier (a company) in a regulated society that can quickly hunt you down and destroy your life if you misstep
Sir, it's the year 2025 of our Lord. Nobody is out there to destroy your life most of the time.
scotty79 · 10h ago
The fact that they don't doesn't mean they can't or they wouldn't. Just reading news from USA from last 3 months should make it obviously clear.
dkbrk · 3h ago
The discussion near the end about how leadership taking responsibility can beneficially relieve accountability reminded me of the story of the Naval Tactical Data System (NTDS) [0].
[1]:
> When NTDS was eventually acclaimed not only a success, but also one of the most successful projects in the Navy; it amazed people. Especially because it had stayed within budget and schedule. A number of studies were commissioned to analyze the NTDS project to find why it had been so successful in spite of the odds against it. Sometimes it seems there was as much money spent on studying NTDS than was spent on NTDS development.
[2]:
> ...the Office of the Chief of Naval Operations authorized development of the Naval tactical Data System in April 1956, and assigned the Bureau of Ships as lead developing agency. The Bureau, in turn, assigned Commander Irvin McNally as NTDS project “coordinator” with Cdr. Edward Svendsen as his assistant. Over a period of two years the coordinating office would evolve to one of the Navy’s first true project offices having complete technical, management, and funds control over all life cycle aspects of the Naval Tactical Data System including research and development, production procurement, shipboard installation, lifetime maintenance and system improvement.
[1]:
The Freedom to Fail: McNally and Svendsen had an agreement with their seniors in the Bureau of Ships and in OPNAV that, if they wanted them to do in five years what normally took 14, they would have to forego the time consuming rounds of formal project reviews and just let them keep on working. This was reasonable because the two commanders were the ones who had defined the the new system and they knew better than any senior reviewing official whether they were on the right track or not. It was agreed, when the project officers needed help, they would ask for it, otherwise the seniors would stand clear and settle for informal progress briefings.
The key take-away is that the NTDS was set up as a siloed project office with Commanders McNally and Svendsen having responsibility for the ultimate success of the project, but other than that being completely unaccountable. There were many other things the NTDS project did well, but I believe that fundamental aspect of its organization was the critical necessary condition for its success. Lack of accountability can be bad, in other circumstances it can be useful, but diffusion of responsibility is always the enemy.
How many trillions of dollars are wasted on projects that go overbudget, get delayed and/or ultimately fail, and to what extent could that pernicious trend be remedied if such projects were led from inception to completion by one or two people with responsibility for its ultimate success who shield the project from accountability?
> The unsettling thing about this conversation is that you progressively realise that the human being you are speaking to is only allowed to follow a set of processes and rules that pass on decisions made at a higher level of the corporate hierarchy. It’s often a frustrating experience; you want to get angry, but you can’t really blame the person you’re talking to. Somehow, the airline has constructed a state of affairs where it can speak to you with the anonymous voice of an amorphous corporation, but you have to talk back to it as if it were a person like yourself.
Welcome to modern day customer support. Phone or email agents have zero agency and their jobs are more often than not outsourced to some ultra low wage country... the only ones with actual authority tend to be C-level executive assistants and social media teams because a bad experience gone viral can actually threaten a massive financial impact.
immibis · 13h ago
It's interesting we always talked about the Holocaust and the Nuremberg trials when talking about accountability, as if similar atrocities aren't currently happening. It's because breaking an accountability sink of people who are long dead doesn't have any impact other than the explanation itself. Breaking an accountability sink of currently living people and currently active wars is much more dangerous.
osener · 13h ago
It’s often debated whether the public at the time was aware of the scale of the atrocities committed, whether they were accountable, and whether they could—or should—have done something. But only now am I realizing how much a certain part of the population actually does the propagandists’ dirty work by defending and whitewashing such atrocities.
bflesch · 12h ago
The public was well-aware. They had stickers on shops. Your Jewish neighbors were paraded through the streets for deportation. Once they were gone, people took the furniture, the businesses, or simply moved into their apartments. On the country side, there were various land reforms where people who joined the NSDAP party were given fields from famers who were either simply deported as being Jewish or political opposition.
Of course people always had the feel-good lie "oh they're just being relocated to XYZ" but in those times you'd never leave your furniture and other valuables behind when moving if you were not forced to. For German people it was a win-win situation: More work for everyone (either as a party soldier or in the construction), steal some valuables from your neighbors who just got taken away, and feel good about your noble aryan genes.
Sorry for rambling on this topic but there are books for every mid-size Germany city which detail the unfathomable amount of looting, stealing and "M&A business" that was done by everyday "normal" German citizens during these times.
And most of these crimes were not prosecuted because of political decisions after the war.
rini17 · 12h ago
Debated by whom? I'm from Slovakia which had voluntarily copied laws and process for deporting Jews verbatim from Nazi Germany and here is overwhelming amount of evidence that everyone knew something very bad is going to happen to them. Also the "arizácia/aryanization" dispossessing of Jew property made it doubly clear they weren't going to return.
blueflow · 13h ago
Did you imply that there is another Holocaust currently ongoing?
Etheryte · 13h ago
There are numerous conflicts worldwide where one side is trying to systematically destroy the other population, civilians and all. Whether they are exactly the same or how you define that is pretty secondary to that fact.
blueflow · 12h ago
Whatever. Since my last Wikipedia spree on that topic i feel such comparisons are highly inappropriate.
pyrale · 12h ago
That way of saying that the holocaust is a thing of its own, that can be compared to nothing else is simply a way of separating genocide victims into first-class and second-class victims. The only outcome would be to weaken the collective "Never again" outcry against barbary.
blueflow · 10h ago
From the perspective of the victims, it was not special, indeed. My "research" focused on the other perspective to learn social patterns.
immibis · 7h ago
That's what they do in Germany. They teach it as a unique thing that can never happen again... which leads people to never question whether it could happen again... which may lead to it happening again, because any sign that it was happening again would be dismissed, because "it can't happen again" is drilled into people.
The default attitude of any human is to support the status quo, but you'd think Germany in particular would do a better job of changing that default with education. It seems like it doesn't.
Obviously, if someone was doing another holocaust, it would be in their best interests to make you think the very notion of more holocausts was prima facie completely absurd.
rollcat · 12h ago
Look at what's happening in the US right now. People getting snatched off the streets. This is how it starts.
20after4 · 10h ago
And a large part of the population are cheering it on.
Muromec · 11h ago
There are proceeding at the ICC against at least two countries on the accusations of genocide right now.
Whether it's worse or better than Holocaust is debatable and you can bring up a metric. Did Gaza reach 10% of the Holocaust? At what rate we count abducted children against murdered adults? Do we count deaths or suffering too? Do the circumstances of death with genocidal intent contribute to the metric?
What can we learn from the quantitative comparison of one with another?
belter · 8h ago
Some of the seminal works on accountability as applied to systems and particularly the business world, are the works from Gerald M. Weinberg.
> Somehow, the airline has constructed a state of affairs where it can speak to you with the anonymous voice of an amorphous corporation, but you have to talk back to it as if it were a person like yourself.
Welcome to scale. Every business that wants to grow faces this, and those that grow exponentially face this way before they could ever have established a company culture of treating people like humans, which only comes with years of face-to-face interactions, sometimes that don't go so well. Customers sometimes disappointed and you have to make it up to them; when they do, they feel valued. But in today's economy means you can endlessly screw customers, and as long as your business/your userbase/the sector keeps appearing to grow before your exit, giving a shit is an active impediment to that sweet sweet millionaire payoff in the end.
jccodez · 8h ago
i came to search for a word: advocate. void.
satisfice · 12h ago
I am deeply suspicious of "blameless" post mortems. I agree that we should work in ways that minimize fear. We should, to some degree, celebrate the learning we glean from our failures.
But I keep seeing "blameless" being construed as lying about why something happened. It's construed in such as way that anyone can hide from their misdeeds. People screw up, and we need to hold them accountable, and THEY need to hold THEMSELVES accountable. Not necessarily with "punishment" (what does that even mean in a professional context) but perhaps atonement and retraining.
rollcat · 12h ago
Sometimes failure comes from inherent risks. Sometimes we don't know what we don't know. You can't account for every possible factor, you'll be stuck in analysis paralysis while the world moves on.
If we're speaking of a justice system in more general terms, I agree with your line of thinking. I believe that repairing the damage and reintegrating with society would be far more effective than incarceration or other forms of punishment. Fear is a seed, you reap what you sow.
(Yes there are extreme cases. Still the long-term goal should be to minimise harm, not bring punishment.)
jldugger · 4h ago
I'm nearly wrapping up Sydney Dekker's book _Just Culture_, and Allspaw has a few pages in it. And preceding that is a section titled "blame-free is not accountability-free."
Accountability under Dekker's restorative justice model means providing a complete record of what happened, so the justice system can focus on who was harmed and who needs to repair that harm. In some ways I think they can end up mirroring the typical punitive justice system, when the person who needs to repair harm matches what we would call a guilty party in other circumstances. But the idea is not to lie about what happened! It's to expand the network of causality beyond a simple thought terminating "Bob did it" so we can address the systemic problems that led to Bob doing the wrong thing.
> Not necessarily with "punishment" (what does that even mean in a professional context)
A few options depending on profession:
1. Demotion
2. Pay cuts or fines
3. Firing
4. Loss of certification, thus preventing this person from ever working in the field again
5. Jail time, preventing this person from even being in society for some time, perhaps forever.
Dekker's book is full of examples of professionals facing all of the above consequences. If you don't think these punishments are applied to the SRE community Allspaw addressed when originally describing "blameless postmortems" then you probably want to read the all time highest upvoted post to /r/cscareerquestions, "Accidentally destroyed production database on first day of a job, and was told to leave, on top of this i was told by the CTO that they need to get legal involved, how screwed am i?"[1]
For sure we don't do that sociopathic thing here in Romania. Ok, I get it, the regulations were set in stone, but after shredding (again, what the flying fuck?!?!) the first animal hasn't any of those Dutch employees just stopped and ask themselves: "What the hell are we doing here?". It certainly explains Anne Frank, after all she was violating the regulations that were in place back then in that desolate and sad country.
> 2. These are also human traits! Maybe not so much humane traits.
We're talking about mammals here. Not that what happens with chicks is the correct way to do it, and God knows we deserve everything that comes our way as a species for doing that, but there are degrees in all this madness.
spoonsort · 10h ago
Ah, I love when I'm a software engineer sitting for coffee in the morning, and I open up my tech newspaper to read some extremely overly verbose way of explaining to me like I was just born that yelling at floor staff doesn't change anything (this is actually not a product of modern society, you could yell at a soldier fighting against you and that also won't change anything). Had to stop after that second massive quote. Seriously, what? I thought this was going to be about managing the 1000 compliance settings in Azure and how that sucks.
throwanem · 12h ago
I'd say he loves the sound of his own voice, but everything worthwhile here is in a blockquote. Oh well, even a poor collator has value as such.
dijit · 12h ago
And what value did this comment create?
While we’re being unnecessarily rude, and discussing people who enjoy the sounds of their own voice and lacking substance.
throwanem · 11h ago
"Unnecessarily?"
And hon, unlike most in this dawning age of LLM slop replacing human speech, I deserve to enjoy the sound of my own voice. People tell me as much almost every day! Think of me as Wittgenstein's lion. Don't expect to be able to make sense of me.
bflesch · 12h ago
The reader can feel a glimpse of the author's ego the moment he explains his skills as a Google Site Reliabiliy Engineer and his glorious work on improving gmail post-mortems right after the section where a hospital team saves various people in a mass casuality situation by empowering nurses to perform formally doctor-only tasks.
Only with a healthy dose of cynicism I can understand where he's going. While the topic of accountability sinks is quite interesting, I'm searching for the author's reflection of their own accountability.
They worked at google, made a boatload of money for the advertising company and himself, and now philosophically lectures others how to detect and/or design accountability sinks.
queuep · 12h ago
So the author gives what, 10 examples, and one of them is about himself and his own experiences, and one of them is from a hospital.
And from that you convey that the author must have some kind of ego? I don't think that's justified critique.
bflesch · 12h ago
The word "hero" is mentioned twice in the whole article. Once in the section before he talks about his own work, and once in the section directly following it.
> As one of the commenters noted: "Amazing! The guy broke every possible rule. If he wasn't a fucking hero, he would be fired on the spot."
> **
> Once, I used to work as an SRE for Gmail. SREs are people responsible for the site being up and running. If there's a problem, you get alerted and it's up to you to fix it, whatever it takes.
I only know Mr. Sustrik from this one article but had to mention this because it was just a too low hanging fruit in terms of criticism.
pcthrowaway · 12h ago
Not to mention, he has awareness of the ways people absolved themselves of responsibility during the holocaust, but fails to take accountability for his work at a company supporting an ongoing genocide (whether or not he had any involvement with Project Lavender)
throwanem · 12h ago
Frankly, if the author has Google-style FU money and can find no better way than this to spend that and his time alike, ego isn't the first of his faculties I see cause to question.
Doesn't surprise me to learn he's big on LW, though. A bloodless, passionless dork who mistakes dollars for IQ points and of whom
it's not obvious he ever had an original thought? He might have been made in a lab for those sad nerd wannabes to identify with.
cubefox · 11h ago
> The reader can feel a glimpse of the author's ego the moment he explains his skills as a Google Site Reliabiliy Engineer and his glorious work on improving gmail post-mortems
That's a horrible take. He did nothing of that sort. He didn't say anything about his skills, nor did he say anything about improving Gmail postmortems. You made everything up. He was just mentioning the fact that in this case, limited accountability when handling emergencies has strong benefits.
n_ary · 11h ago
> he explains his skills as a Google Site Reliabiliy Engineer and his glorious work on improving gmail post-mortems right after the section where a hospital team saves various people in a mass casuality situation by empowering nurses to perform formally doctor-only tasks.
Isn’t this the practice we do to sell ourselves during interview about quantifying our work and value?
I firmly believe that the author is the perfect interview candidate who will pass an engineering interview with flying colors. For rest of us, “so erm… I fixed a bug which allowed my employer to scale quicker globally during natural disasters and erm… allow emergency response teams to coordinate. My manager tells me it saves billions of life but I do not have access to actual numbers but the number of promotion each of my managers get when I fix a bug tells me, my contribution has good values”.
P.S. Off-topic.
closewith · 9h ago
I think it's firmly on-topic as the author clearly suffers from delusions of grandeur which causes them to greatly overestimate the impact of their actions, leading them to flawed conclusions about accountability.
gsf_emergency · 12h ago
Maybe he thinks it's too early to get sued over a blog-- he's only just got to the HN frontpage for the first time this year?
EDIT: another post of his that got traction ~5 yrs ago was about the Swiss political system (Swiss are a pragmatic culture though afaik he's Slovak so we might have to account for some Iron Curtain baggage)
Maybe he quit google after 6 months, I don't know. It's easy to talk about greedy capitalism once you've made it. It's a bit harder to live by these kind of ideals for the whole duration of your career.
The people who get what they want in these situations are the ones who are prepared to behave sufficiently unreasonably. This is a second order consequence of 'unaccountability' that Davies misses. For the customer, or object of the system, it incentivises people to behave as unpleasantly as possible — because it's often the only way to trigger the exception / escalation / special case, and get what you want.
I fully understand that the godawful CS mazes many companies set up wind up pushing people in that direction, and that it feels like the only option, but I believe quite strongly that being patient and polite but persistent winds up being much more effective than being unpleasant.
As a small case in point: I worked summers in a tiny ice cream shop, most of the time solo. The shop had a small bathroom for employees only—it was through a food prep area where customers were not allowed by health code. I had some leeway to let people back there as it was pretty low-risk, and I would in the evenings when no other businesses were open, or if a little kid was having an emergency. People who were unpleasant from the get-go when placing their order, however, were simply told we had no bathroom at all. People who started shouting when I told them I wasn’t supposed to let people back there (not uncommon!) and suggested a nearby business were never granted exceptions.
So a valid strategy is to swear at the automated system and then be polite to the real human that you get.
Yeah. I got locked out of my capital one account for a "fraud alert" last week. When I tried to login a message said "Call Number XXX" When I called that number I had to go through an endless phone tree and not single option was about fraud alerts or being locked out of accounts. I had to keep going through a forced chute of errors before after about 30 min I finally was able to speak to someone.
Even when I finally got a human they seemed confused about what happened and I had to be transferred several times.
Why would you put a phone number that does not even as a sub option address the issue?
It usually just works to hit 0 (maybe more than once) or say "talk to an agent," even if those aren't options you're explicitly given.
Detecting swears just seems over-compliated.
Depends on the system and country.
Over here in Poland, I've had or witness several encounters with "artificial intelligence assistants" over the past ~5 years[0], that would ignore you hitting 0, and respond to "talk to an agent" with some variant of "I understand you want to talk to an agent, but before I connect you, perhaps there is something I could help you with?", repeatedly. Swearing, or at least getting recognizably annoyed, tends to eventually cut through that.
--
[0] - Also, annoyingly, for the past 2 years we had cheap LLMs that would be better to handle this than whatever shit they still deploy. Even today, hooking up ChatGPT to the phone line would yield infinitely more helpful bot than whatever garbage they're still deploying. Alas, the bots aren't meant to be helpful.
"ChatGPT has detected you are being hostile to bots. A drone has been dispatched to your location"
You can have assholes on both sides and set up is already adversarial from the get-go
It was solved when I found the same information in the email sent by them.
Suddenly the clerk was apologetic and pretended she misunderstood the situation.
There are definitely capital-A assholes in both sides, with people willing to lie through the teeth to someone stranded in a foreign country just to avoid some minor inconvenience.
And they just plainly ignored me when I demanded later they compensate us for the cancelations as per the aviation rules. They did the same when our lawyer got involved.
I’ll never fly TK again and tell anyone whenever this came up. Look reviews up for yourself online, hundreds of people report being stranded, abused, and disrespected in IST by TK the way we were.
It's the case with telcos. My pet theory is that there's a kind of stable equilibrium there, with competing telcos all doing the same dirty tricks and being bad to customers in the same ways, and they don't care about losing business, because people don't suddenly stop needing mobile phones or Internet, and thus, on average, for every lost customer that switches to a competitor, they gain one that switched from a competitor.
That is - you don't really have to behave unpleasant (raise voice, swear, be impolite, threaten) but you should just refuse to get off the line, demand escalation, and importantly emphasize with their predicament in needing to escalate you. Possibly including phrasing like "what do we need to do to resolve this issue".
I had a cellphone provider send me a $3000 bill because someone apparently was able to open 5 lines & new devices in my name/address. I went through the first few steps of their runbook including going to police department, getting report filed, and providing them the report number. They then tried to demand further work from me and I escalated.
At that point I turned it around - what evidence do you have that I opened this line. Show me the store security footage of me buying the phones, show me the scan of my drivers license, show me my social security number? Tim, are you saying I can just go to the store with your name & address and open 5 lines in your name? Being able to point out the asymmetry of evidence, unreasonableness of their demands, and putting the support staff in my shoes.. they relented and cleared the case.
"We" phrasing is an empathy hack for CS, because it lets you continue to be nice to the person you're talking to AND be persistent about "our" issue being solved.
It's kind of like judo, especially when faced with an apathetic, resistant, or adversarial rep: "This isn't just my problem. This is our problem. So how can we fix it?"
PS: In the same way that my favorite cancellation reason turns the situation on its head. Don't play the game they've rigged up for you to lose. "Why are you cancelling?" -> "Personal reasons." There's literally no counter-response.
20 or 25 minutes in I realized that wasn't going to work, so I asked if they had a protocol to escalate in an abusive situation. He said "ummm....". I said, "hey, you're doing a great job, and I hope the rest of your day goes better, and I hope you know you're not a motherfucker, you motherfucker."
I think (hope?) he stifled a laugh and said "I'm afraid I'll have to escalate this call to my manager, sir."
Plenty of big companies found a workaround. The "forever on hold" routine where they don't hang up, you will eventually. This works perfectly for toll free numbers (so you can't claim you had to pay for the call) and provides just the right amount of plausible deniability (took longer than expected to find an answer, it was an accident, etc.).
I have my suspicions that in some cases this also prevents the survey going out to the customer. All the more reason to abuse it.
Thus creating an asshole filter: https://siderea.dreamwidth.org/1209794.html
>An asshole filter happens when you publicly promulgate a straitened contact boundary and then don't enforce it; or worse, reward the people who transgress it.
A lot of people do this unwittingly, so it's a good article to read.
The converse is to this is many companies demand it. If you're not an asshole, you're simply going to get ignored.
If you behave unpleasant enough I'll go out of my way to make sure your behavior does not pay off. I will note your abrasive behavior in the ticket or might even mark your mail as spam. On telephone our line will suddenly experience technical difficulties. And throughout I will remain as friendly and patient as ever.
I will warn superiors about you, so once you escalate they already have a colorful 3D image of your wonderful personality in mind. Whether that 100% is in your favor, you can guess.
Play asshole games? Win asshole prices.
Behave like a decent person with empathy instead, press the right buttons and I might even skip some of the company rules for you. Many people in support do not give a single damn if they lose their job over you and you might just be worth it.
These are not sfter-the-fact shower thoughts, these are actually lived experiences from the trenches and I know how other people in those roles think.
Persistence pays off, being an asshole not so much
In my last day in South America I spent about two hours cancelling my cable and even though I was very soft spoken and super patient (I was playing Mario Kart on mute so not really uncomfortable), but the customer support person actually CRIED to me because she would “miss her quota” if I cancelled.
I had no means of paying anymore (I cancelled my bank account the day before and was about to move to another country) so there was nothing I couldn’t really help her, so I fail to see how I deserve the treatment from the company.
That's why you install endpoint security tools. That's why you're forced to fulfill all kinds of requirements, some of them nonsensical or counterproductive, but necessary to check boxes on a compliance checklist. That's why you have external auditors come to check whether you really check those boxes. It's all that so, when something happens - because something will eventually happen - you can point back to all these measures, and say: "we've implemented all best practices, contracted out the hard parts to world-renowned experts, and had third party audits to verify that - there was nothing more we could do, therefore it's not our fault".
With that in mind, look at the world from the perspective of some corporations, B2B companies selling to those corporations, other suppliers, etc.; notice how e.g. smaller companies are forced to adhere to certain standards of practice to even be considered by the larger ones, etc. It all creates a mesh, through which liability for anything is dispersed, so that ultimately no one is to blame, everyone provably did their best, and the only thing that happens is that some corporate insurance policies get liquidated, and affected customers get a complimentary free credit check or some other nonsense.
I'm not even saying this is bad, per se - there are plenty of situations where discharging all liability through insurance is the best thing to do; see e.g. how maritime shipping handles accidents at sea. It's just that understanding this explains a lot of paradoxes of cybersecurity as a field. It all makes much more sense when you realize it's primarily about liability management, not about hat-wearing hackers fighting other hackers with differently colored hats.
The amount of (useless) processes/systems at banks I've seen in my career that boil down to this is incredible, e.g. hundreds of millions spent on call center tech for authentication that might do nothing, but the vendor is "industry-leading" and "best in-class".
> It's just that understanding this explains a lot of paradoxes of cybersecurity as a field. It all makes much more sense when you realize it's primarily about liability management, not about hat-wearing hackers fighting other hackers with differently colored hats.
Bingo. The same situation for most risk departments at banks or healthcare fraud and insurance companies.
I thought risk at a bank was going to be savvy quants, but it's literally lawyers/compliance/box-checking marketing themselves as more sophisticated than they are. Like the KYC review for products never actually follow up and check if the KYC process in the new products works. There's no analytics, tracking, etc. until audit/regulators come in an ask, "our best-in-class vendor handles this". All the systems are implemented incorrectly, but it doesn't matter because the system is built by a vendor and implemented by consultants, and they hold the liability (they don't, but it will take ~5 years in court to get to that point).
Beginning to understand what "bureaucracy" mechanically is.
I once worked on a global, cross-asset application. The change management process was not designed for this and essentially required like 9 Managing Directors to click "approve release" in a 48 hour window for us to do a release.
We got one shot at this per week, and failing any clicks we would have to try again the next week. The electronic form itself to trigger the process took 1-2 hours to fill out and we had 3 guys on the team who were really good at it (it took everyone else 2x as long).
Inevitably this had at least 3 very stupid outcomes -
First we had tons of delayed releases. Second the majority of releases became "emergency releases" in which we were able to forego the majority of process and just.. file the paperwork in retrospect.
Finally, we instructed staff in each region to literally go stand in the required MD delegates office (of course the MD wouldn't actually click) until they clicked. The conversations usually went something like this "I don't know what this is / fine fine you aren't gonna leave, I'll approve it if you say it won't break anything / ok don't screw up"
cyber perhaps not so much...
They do not solve the problem of getting people to think things through and recognize novel issues.
There are some jobs you can't do well. You can do them adequately or screw them up. Checklists are helpful in those jobs.
A checklist in a security incident? Probably helpful.
A security checklist to satisfy auditors and ancient regulations? This is an entirely different kind.
I do cyber security related stuff for the finance and they have some of the dumbest checklists ever.
A more recent one I got was
"We only allow the HTTP verbs 'GET' and 'POST', your application can only use that and the verbs PUT, PATCH, and DELETE cannot be used.
After not replying 'are you fucking stupid' I said
"You do realize that you are using a RestAPI application and that these verbs can go to the same interface to modify the call in different way? Not only would we have to rewrite our application which would probably take months to years, you would have to rewrite tons of applications on your side to make this actually work."
You get these dipshit auditors from other firms that pick up some 'best practice' from 2003 and put it in a list then get a god complex about it needing to be implemented when they have absolutely zero clue why the original thing was called out in the first place.
For those who wonder, typically these verbs are disabled to prevent the accidental enablement of WebDAV on some platforms, especially Windows/IIS that had some issues with security around it. It makes zero sense for such a rule in a modern API application.
Thanks. One thing that's more interesting than the revealed stupidity of such rules is the actual (and often sensible) reason they were first created long ago.
"Temporary" hacks outliving both the problem they solved and the system they were built for seems to be a regular occurrence in bureaucracy as much as it is in software and hardware.
Perhaps "Risk Compliance Security" or "Security Compliance Engineering"
Where "Security Compliance Engineering" is the practice of designing, implementing, and maintaining security controls that satisfy regulatory frameworks, contractual obligations, and insurance requirements. Its primary objective is not to prevent cyberattacks, but to ensure that organizations can demonstrate due diligence, minimize liability, and maintain audit readiness in the event of a security incident.
Key goals:
- Pass external audits and internal reviews - Align with standards like ISO 27001, SOC 2, or NIST
- Mitigate organizational risk through documentation and attestation
- Enable business continuity via legal defensibility and insurability
In contrast…
Cybersecurity is focused on actively detecting, preventing, and responding to cyber threats. It’s concerned with protecting systems and data, not accountability sinks.
Most security software does not do what it advertises, because it doesn't have to. Its primary function is for the those who bought the product, to be able to blame the vendor. "We paid vendor X a lot of money and transferred the risk to them, this cannot be our fault." Well, guess what? You may not be legally the one holding the bag, but as a business on the other end of the transaction you are still at fault. Those are your customers. You messed up.
As for vendor X? If the incident was big enough, they got free press coverage. The incentives in the industry truly are corrupt.
Disclosure: in the infosec sphere since the early 90's. And as it happens, I did a talk about this state of affairs earlier this week.
Imagine, for example, if more companies would hire for software developers and production infrastructure experts who build secure systems.
But most don't much care about security: they want their compliances, they may or may not detect and report the inevitable breaches, and the CISO is paid to be the fall-person, because the CEO totally doesn't care.
Now we're getting cottage industries and consortia theatre around things like why something that should be a static HTML Web page is pulling in 200 packages from NPM, and now you need bold third-party solutions to combat all the bad actors and defective code that invites.
I do imagine that, and they get hacked (because you have to get lucky every time, but the hackers only need to get lucky once), and then the press says "were you doing all the things the whole industry says to do?" and they say "no, but we were actually secure!" and the press goes "well no you weren't, you got hacked, and you weren't even doing the bare minimum!" and then the company is never heard of again.
Contrast that to cybersecurity, where vast majority of failures have zero impact on life or health of people, directly or otherwise. Even data breaches - millions of passwords leak every other week, yet the impact of this on anyone affected is... nil. Yes, theoretically cyberattacks could collapse countries and cause millions to die if they affected critical infrastructure, but so far this never happened, and it's not what your regular cybersecurity specialist deals with. In reality, approximately all impact of all cyberattacks is purely monetary - as long as isn't loss of life or limb, it can be papered over with enough dollars, which makes everyone focus primarily on ensuring they're not the ones paying for it.
I think it's also interesting to compare both to road safety - it sits kind of in between on the "safety vs. theater" spectrum, and has the blend of both approaches, and both outcomes.
This is an interesting point, and it certainly affects the incentives involved and the amount of resources allocated to mitigating the problems.
I do think cyber security incidents with real consequences are likely to become more common going forward (infrastructure etc). We haven't experienced large state actors being malicious in a war time footing (yet).
Will we able to better mitigate attacks given better incentives? I think that is an open question. We will certainly throw more resources at the problem, and we will weight outcomes more heavily when designing processes, but whether we know how to prevent cybersecurity incidents even if we really want to... that I wonder about.
Cybersecurity is about adversarial hazards. When you mitigate them they actively try to unmitigated themselves.
It is more analogous to TSA security checks than to FAA equipment checklists. The checklist approach can prevent copycats from repeating past exploits but is largely useless for preventing new and creative problems.
At a corporate level, it is contractually almost identical to insurance, with the product being sold liability for that security, not the security itself.
And, I guess it's fine - it's the general way of dealing with impact that can be fully converted into dollars (i.e. that doesn't cause loss of life or health).
Specifically on accountability, I bootstrapped a security product that replaced 6-week+ risk assessment consultant spreadsheets with 20mins of product manager/eng conversation. It shifted the accountability "left" as it were.
When I pitched it to some banks, one of the lead security guys took me aside and said something to the effect of, "You don't get it. we don't want to find risk ourselves, we pay the people to tell us what the risks and solutions are because they are someone else. It doesn't matter what they say we should do, the real risk is transferred to their E&O insurance as soon as they tell us anything. By showing us the risks, your product doesn't help us manage risk, it obligates us to do build features to mitigate and get rid of it."
I was enlightened. Manage means to get value from. The decade I had spent doing security and privacy risk assessments and advocating for accountability for risk was as a dancing monkey.
Thank you for sharing this really illuminating take. I spend an unreasonable amount of time dealing with software security, and you've put things in a light where it makes a bit more sense.
Yes, 'cyber' security has devolved to box checking and cargo culting in many orgs. But what's your counter on trying to fix the problems that every tech stack or new SaaS product comes without of the box?
For most people when their Netflix (or HN) password gets leaked that means every email they've sent since 2004 is also exposed. It might also mean their 401k is siphoned off. So welcome the annoying and checkbox-y MFA requirements.
If you're an engineer cutting code for a YC startup -- Who owns the dependancy you just pulled in? Are you or your team going to track changes (and security bugs) for it in 6 months? What about in 2 or 3 years?
Yes, 'cyber' security brings a lot of annoying checkboxes. But almost all of them are due to externalities that you'd happily blow past otherwise. So -- how do we get rid annoying checkboxes and ensure people do the right thing as a matter of course?
>So -- how do we get rid annoying checkboxes and ensure people do the right thing as a matter of course?
By actually having the power to enforce this, if you pull our SBOM, realize we have a vulnerability and get our Product Owner to prioritize fixing it even if takes 6 weeks because we did dumb thing 2 years ago and tech debt bill has come due. Otherwise, stop wasting my time with these exercises, I have work to do.
Not trying to be mean but that's my take with my infosec team right now. You are powerless outside your ability to get SOC2 and we all know this is theater, tell us what piece of set you want from me, take it and go away.
We should be stopping leaks, but we also need to reduce the value of leaked data.
Identity theft doesn't get meaningfully prosecuted. Occasionally they'll go after some guy who runs a carding forum or someone who did a really splashy compromise, but the overall risk is low for most fraudulent players.
I always wanted a regulation that if you want to apply for credit, you have to show up in person and get photographed and fingerprinted. That way, the moment someone notices their SSN was misused, they have all the information on file to make a slam-dunk case against the culprit. It could be an easier deal for lazy cops than going after minor traffic infractions.
If someone uses your SSN to take a loan in your name, it shouldn't be your problem - in the same way that someone speeding in the same make&model of the car as yours shouldn't be your problem, just because they glued a piece of cardboard over their license plate and crayoned your numbers on it.
Not true. For most people, when their Netflix or HN password gets leaked, that means fuck all. Most people don't even realize their password was leaked 20 times over the last 5 years. Yes, here and there someone might get deprived of their savings (or marriage) this way, but at scale, approximately nothing ever happens to anyone because of password or SSN leaks. In scope of cybersec threats, people are much more likely to become victims of ransomware and tech support call scams.
I'm not saying that cybersec is entirely meaningless and that you shouldn't care about security of your products. I'm saying that, as a field, it's focused on liability management, because that's what most customers care about, pay for, and it's where the most damage actually manifests. As such, to create secure information systems, you often need to work against the zeitgeist and recommendations of the field.
EDIT:
> This is the ultimate nihilistic take on security.
I don't believe it is. In fact, I've been putting efforts to become less cynical over last few months, as I realized it's not a helpful outlook.
It's more like, techies in cybersecurity seem to have overinflated sense of uniqueness and importance of their work. The reality is, it's almost all about liability management - and is such precisely because most cybersec problems are nothingburgers that can be passed around like a hot potato and ultimately discharged through insurance. It's not the worst state of things - it would be much worse if typical cyber attack would actually hurt or kill people.
I think in this case the cognitive dissonance comes from security-minded software engineers (especially the vocal ones that would chime in on such a topic) misunderstanding how rare their expertise is as well as the raw scope of risks that large corporations are exposed to and what mitigations are sensible. If you are an expert it's easy to point at security compliance implementation at almost any company and poke all kinds of holes in specific details, but that's useless if you can't handle the larger problem of cybersecurity management and the fallout from a mistake.
And if you zoom out you realize the scope of risk introduced by the internet, smart phones and everything doing everything online all the time is unfathomably huge. It's not something that an engineering mentality of understanding intricate details and mechanics can really get ones head around. From this perspective, liability and insurance is a very rational way to handle it.
As far as the checklists go, if you are an expert you can peel back the layers and realize the rationales for these things and adjust accordingly. If you have competent and reasonable management and decision makers then things tend to go smoothly, and ultimately auditors are paid by the company, so there is typically a path to doing the right thing. If you don't have competent and reasonable management then you're probably fucked in unnumerable ways, such that security theater is the least of your worries.
Fast-forward a few years and you find there were in fact many such "heroes" in reality - in Abu Ghraib and in the Black Sites - and the situation weren't exceptional at all.
So accountability sinks can also be used as calculated ways to undermine your own ostensible ethical guardrails.
[1] https://www.theguardian.com/tv-and-radio/2017/jan/30/24-jack...
> Interesting, isn’t it? The Federation claims to abhor Section 31’s tactics, but when they need the dirty work done they look the other way. It’s a tidy little arrangement, wouldn’t you say?
https://memory-alpha.fandom.com/wiki/Section_31
Section 31 angle is tricky, because the writers unintentionally[1] made them literally save the entire alpha and beta quadrants, and possibly the entire galaxy, from slow-burn genocide. The Dominion was known to systematically subjugate and ultimately eradicate solid life, and other than the Federation Alliance bloc (that prevailed only because of Section 31's bioweapon short-circuiting the war[2]), the only power left in the known galaxy strong enough to resist the Dominion would be... the Borg Collective, which wasn't really that much better[3].
So, as much as I love DS9, I feel the show (and the larger franchise) has so much unintentional depth, that most obvious takes don't work with fans, because they don't survive scrutiny :).
--
[0] - The simple tailor was anything but.
[1] - At least as far as I recall, Section 31 were written to be the rotten apples that got revealed and removed by the heroes, in a pretty straightforward way - but IMO, they failed at this, and instead created something more of Deus Ex Realpolitik.
[2] - And a little bit of actual fleet-eating Deus Ex Machina, on the account of having a demi-god in their midst.
[3] - And nobody in or out of universe really wants to talk about what happened to the latter, except the last season of PIC that tacitly acknowledged it in a "blink and you'll miss it" way.
I mean, Jack Bauer, too, saved America from all kinds of unspeakable evil by his clever use of torture. I'd say it's not tricky at all. The morally gray "it's bad but we'd be even worse off without it" justification is kind of the point of those narratives.
Whenever they got to a point, where the detectives and CSI would be painstakingly going through the evidence, sifting out clues, they'd throw the suspect into "the cage," and beat a confession out of them.
His son is getting into the act, but seems to be more interested in depicting "the right way."
His show is an Amazon show, named On Call: https://www.imdb.com/title/tt14582876/
I enjoyed it.
Besides any conscious philosophy of the producers & writers, perhaps making the show more character driven as opposed to procedural has an impact on the stories. Maybe it's easier to understand when a suspect's rights are being violated (and to not be banal about it) when you're writing a deeper portrayal of the person who wields the power.
"Officer Jones just blew the entire chain of custody around the bloody knife"
"Flabbodell vs Borkweather says they have to give you access to counsel within X hours and they just ran out the clock"
"This type of traffic stop is explicitly forbidden in 17 states, including the one this show is nominally set in"
1. https://chicagoreader.com/news/the-police-torture-scandals-a...
2. https://en.wikipedia.org/wiki/Richard_Zuley
Main character tortures a low-level grunt
Gets false confession
Goes off on wild goose chase based on that confession
Bad guys get away with their plot as a result
“Yes, you were torturing me, I’d obviously have said anything to get you to stop.”
I feel like I’ve seen this sequence once or twice, but I can’t remember what it was in. It actually seems like something that is more likely to be put in a comedy, where the protagonist can be shown to be stupid occasionally. Maybe Brooklyn 99, or Barry, or something like that?
Plus being so black and white in the manner you're describing would.. well actually be really stupid a lot of the times. The fact that Batman doesn't kill the Joker is a storytelling device, in the real world it would be monumentally stupid to do anything other than blow his brains out. Literally millions of lives saved. But it also makes sense, and his good, that Batman still maintain is strong conviction to not kill despite choosing to do it sometimes.
Rules necessarily have exceptions and it's healthy to do so, black and white thinking should be for the jedi/sith, not real life humans.
Antonin Scalia was one of the architects of substantial limitations on the 8th amendment and was a key figure in a number of cases specifically about extraordinary rendition and "enhanced interrogation."
Scalia has multiple times in public referenced Jack Bauer as an argument for why prohibitions on torture are unworkable. At a panel on the very topic, Scalia responded to "Thankfully, security agencies in all our countries do not subscribe to the mantra 'What would Jack Bauer do?'" with "Jack Bauer saved Los Angeles" and "are you going to convict Jack Bauer?"
"The ends justify the means" is a horrific way to run a society in any case, but of course it skips over the question of whether the means actually caused the ends, let alone were the only way to do so. Even if torture did save lives, it isn't a great justification - but then pile on top that your only evidence that it actually does work is fiction and it starts to look like the means were what you really wanted in the first place.
In real world, it happens to cover up crimes cop did themselves or to facilitate them.
That is where the lie is.
As the plan quote often (not always) is already very good I mostly end up making sure the goal is measurable in a quantitative and qualitative way, trends towards to and away from the goal are visually available and distributed , and its clear who is responsible to look and report them.
Unrelated to the post, but it sounds like you and I do similar work and have arrived at similar conclusions but I often fail to get organizations to actually spend the correct amount of time identifying these success indicators - which I think are critical to focus and scope stability. I’d love to chat sometime.
There's a classic article (2010) about it: https://thetech.com/2010/04/09/dubai-v130-n18 (HN: https://news.ycombinator.com/item?id=1257644)
The difference is that while the decision has been made, it isn't necessarily very good.
"Clients always know how to solve their problems, and always tell the solution in the first five minutes."
https://www.goodreads.com/book/show/566213.The_Secrets_of_Co...0: for non-Americans and for Americans from other states that may use different terms, the DMV is the department of motor vehicles in many US states and is the central place to get your drivers license, take the drivers test, register your car, get vehicle license plates, etc. Many processes that have many requirements that often are unfulfilled when people show up asking for things.
The DVLA in the UK doesn't have a high-street presence. I took my driving test once, then received my driving licence in the post. When it needs renewing, I can do it online. I tax my car online. MOTs (annual vehicle safety tests) happen at any local garage. I've never needed a new numberplate, but I think you can buy those online too.
So what is it you all have to go to the DMV for? Because it sounds horrible.
In the US, you need to prove both residency and identity. To prove your identity in the US, many people don’t have passports, so they bring a tranche of documents to the DMV office. To prove residency, we typically bring utility bills, leases, etc. Usually people prefer to go in person so they don’t lose these documents and get feedback if they don’t have the right stuff.
It looks like in the UK, since driving licenses are administered nationally, you don’t have the same patchwork of 50 different organizations with different requirements and rules, and the process is much simpler.
I haven’t been to a DMV for 10 years. I can renew vehicle registration, renew my license, and so on online. When I bought a new car, the dealer handled all DMV stuff like getting plates.
I’m supposed to be due to get a new “enhanced” license that is good for air travel within the US, but I have a number of other documents (passport, global entry) that serve the same purpose so I avoid the DMV as much as possible.
In my state the DMV is probably worse than a checkup at the dentist, but not as bad as a weekend with the in-laws.
This simplifies the process massively.
This is due to a historical political issue and repeal of a national identification system, see also https://en.wikipedia.org/wiki/Identity_Cards_Act_2006.
In the US we don't have a standard form of national ID.
I've always gone into the DMV when I purchased a vehicle from a private party. In California, it has taken me a couple visits; the first visit with the title and sale documentation, the second with the emissions test documentation that the seller was legally suppossed to provide at the time of the sale but practically, the buyer must provide to register the vehicle. Maybe you can do this by mail, but if you do it in person, you walk out with documents so you can legally drive the car. If you buy a car from a dealer, they take care of this paperwork for you, which used to mean having someone stand in line at the DMV and process a bunch of transactions, but now they can typically do it electronically.
If you move to another state, you need to get a new license and retitle and reregister your car; this usually happens in person, and most states have a requirement to do it in under a month. If your car has a loan, expect multiple trips to get it registered... the first trip will let you know what you need from the finance company; the second will bring that back and get registration; then when you eventually pay off the loan and get the title, you'll need to bring that in so you can get the title issued in your current state.
Plenty of Americans move states, remember some of our states are reasonably small enough that you might commute to the same NYC job from any of 4 different states. I have a friend who sequentially moved NY->NJ->CT->NY in something like 6 years.
Also I forget why but when I moved WITHIN a state 10 years ago, it required a DMV trip. edit: apparently within NY moving COUNTIES at the time required DMV trip (insane)
Oh and the recent push for "Real ID" enhanced IDs requires a trip to DMV. I've avoided this and just been prepared to fly domestically with my passport.
You really only need to go there for driving tests (for teenagers or immigrants), completing private vehicle sales, and other odds and ends
What I always found interesting is going there and people arguing with the workers about not having proof of insurance or a clear title etc.
My experiences with the CA DMV were similar. Only in IL have I had quick, easy visits to the DMV
The whole taking appointments but still making you wait kills me a little inside though. There's a world where these processes could be so seamless.
Oh, I think we should have that in Croatia, since I'm doing yearly car service at my dealership and than still need to take my car to our national inspection station to get the car certificate renewed. Not sure why can't they organize a system were certified car garages can also inspect the vehicle and notify the Center for Vehicles. Maybe that would allow for more cheating but it's not like inspection stations employees are currently immune to taking a small bribe to overlook minor issues during the inspection.
As it is, I think most garages that offer MOTs in the UK are fair and honest, as the test is relatively strictly regulated, but I'm sure people do get ripped off.
They noticed the tricks as patterns, and are handling it. My point is, there is an incentive for private garages to do fraud here.
In metropolitan areas that have make you get car inspections like Atlanta, you go to a third party where the price is regulated and they send the results in. You still can do everything on line
DMV sounds more like incompetence than design. Compare with airline where the system is “better” when you have no recourse.
For companies, this is also fine, because in most cases the built-in processes work well enough, and in others people just give up, that handling the escalations through their legal department is manageable.
Unfortunately, this approach only helps for the subset of cases where the issue is monetary and/or can wait (and only if it happened in a country with a working small claims system).
Example: Dairy farms have strict rules about not letting anybody in who was abroad within the last 48 hours because of possible spread of foot-and-mouth disease. There are many such examples and similar examples exist for wild ecosystems.
So, while it may seem cruel to kill a few hundred squirrels, the precaution is justified. The "guilt", if there is any, is with whoever didn't ensure all the paperwork is in order.
... but using an industrial shredder to do it. (on 440 of them)
For reference, this is an industrial shredder: https://m.youtube.com/shorts/I15kCJyl6po
Anyone who did that to a live animal deserves to be in prison, orders or no. There are innumerable compassionate, humane ways to kill animals, if it's necessary.
Or rather, vegan? Since average dairy cow or hen endures quite some suffering over their whole life too. In addition to then experiencing a similar death to what animals mainly used for meat production endure.
This is meant to point out that the shredder is a terrible machine, buy not categorically worse than how the typical production animal is treated at some point of their conscious life.
(To clarify, I'm personally neither vegan nor vegetarian so am not trying to elevate myself morally above you.)
Anti-social Punishment: https://250bpm.com/blog:132/
Technocratic Plimsoll Line: https://250bpm.com/blog:176/
seems lesswrong has all of them, older and newer: https://www.lesswrong.com/users/sustrik?from=post_header
On the day of travel I took a taxi to the new airport, which is 40 km outside the city. The taxi driver couldn't care less about where I was going. Upon arrival, there was much fewer people than I expected but I shrugged it off. At the entrance though I was asked where I was going and if I was an employee. Apparently the new airport was still closed and my fight was from the old, still functioning one. The one with the code not shown in the ticket purchase receipts.
Panicking since it was only about an hour until departure, I took a taxi back to the old airport, which was a desperate 40-50 minute drive to only realize the plane had already left.
I was flying abroad, with a connection the next morning, about 10 hours later. So I thought that the problem could be solved by just arriving there by any other flight, which I booked almost immediately. However, the airline representative (yes, there was a human to speak to that I could reach easily by phone) told me that a no-show for any segment of the flight invalidates all subsequent ones. There was no way I could convince her that it wasn't my fault. Perhaps there was a rigid process in place that disallowed her from helping, even though I'd make it to the second flight on time.
I ended up buying 2 new tickets, of course more expensive and less convenient ones. This taught me an important and rather expensive lesson on why connected flights with a single airline are sometimes the worst.
Funnily enough, I was bitten by this rule one more time when I didn't show to a flight in to the country due to visa issues (it was covid time) and wasn't allowed on the flight out of it because I didn't show up to the 1st flight, the flights being 1 week apart - but booked in one go.
As to the previous situation, I managed to get compensated by the airline (not even the intermediary!) about a year later after posting a huge rant on Facebook and getting their attention to the situation.
I then took a train to Berlin from Amsterdam, finished the interview and went to the airport for my return flight that was booked by the recruiter. To my absolute horror I was told that since my onward journey was a no show the whole PNR was cancelled. I felt like an idiot. Since then I double and triple check whenever I’m booking flight tickets.
Why did you do that? Especially when that cost you extra money?
You should have talked to the airline directly, explained you'd missed your flight because they gave you the wrong airport, and the airline would have rebooked you and everything would have been fine. People miss flights all the time and this is an entirely normal process.
It's been standard practice for a long time if you miss a first leg, that you forfeit the rest. They're going to reuse those seats for e.g. other people who missed their original flights. It's a type of flexibility built into the whole system.
Connecting flights are super useful because you can work with the airline to reschedule the whole thing, and the airline is responsible if you can't make a connection because an earlier leg is delayed.
I truly don't understand why you would have taken it into your own hands to buy a separate replacement ticket on your own, instead of talking to the airline. Even in your second example, why didn't you work with the airline to reschedule your missed flight? Even if they for some reason can't reschedule, they will often keep your return flight valid if you have an obviously good reason (e.g. a visa issue during COVID). But you do have to contact them immediately.
I'm sorry you didn't know how all this worked, but when in doubt, contact customer service ASAP to see if they can help. Don't just go buy separate tickets on your own, and then assume later legs will still be valid. That's not how it works.
Yeah they generally have the capability to prevent that auto cancellation of your segments (within a certain time frame) but in this case unfortunately they were unwilling or it was too late to catch it.
It's generally to protect revenue because buying A-B-C instead of B-C can be cheaper, and hoards of people used to just segments to save money. So they just assume everyone is trying to cheat them.
Isn't it ridiculous in the first place that flying A-B-C is less expensive than B-C? These are the pricing games airlines deliberately play to make more money out of nothing.
Here is an example for you (from logistics): Sending a truck from Berlin to - say - Györ may cost 3 times less than sending the same truck from Györ to Berlin - even on the same exact date.
Is this because shipping companies try to make money out of nothing, for you?
My point was that to the layman this does not make any sense while if you are managing a shipping company you soon realize that some destination are more profitable because your truck that was maybe taking specialized replacements parts from A to B can easily pick up some other stuff to send back to A, while travelling in the opposite direction your truck has a high chance to travel empty on retutning to base... but you still have to pay the drivers, the fuel, the maintenance and possibly tolls.
Do you agree there is a difference between charging more for a return, vs charging more for a leg of a compound trip?
I have booked flights A->B->C and got down at B because that was cheaper than booking A->B only. Not sure where this all makes sense at all.
https://www.npr.org/2023/08/23/1194998452/skiplagging-airfar...
The reason is happens is that take for instance ATL (former home). ATL is a Delta hub and has direct flights to a lot of places that other airlines don’t. Between people preferring direct flights and the lack of competition, they can charge more.
But flying out of MCO with a layover in ATl, they lose the non stop flight advantage and they have to compete with other airlines.
Also ATL sees a lot more price insensitive business travelers than MCO. Businesses aren’t going to force their salespeople and consultants on one of the low cost carriers.
Super-condensed version: civilian flight are a pretty difficult "product" to handle efficiently. Price increases until 1 minute before closing the airplane doors, then falls to zero. On top of that, the product "provider" also needs its own product in order to move personnel and technicians all over the globe, but of course they cannot just cannibalize their own products beyond the point of profitability.
Plus they have to handle rebookings and passenger protection in cases like delays, sudden airport close-down and so on. (Have you ever been on a waiting list, btw?).
All this is pretty complicated to manage already, so they need to exert as much control as possible on yield and occupancy.
TL;DR: a flight is not a bus ride. So if you just decide to cut it short the airline will try to reuse your vacant space for whatever reason.
In the aforementioned situation I wasn't trying to exploit the airline, it was a simple mistake that happened and could be easily alleviated. But the rigid processes, precisely the ones where accountability sinks, made it impossible for the humans involved to correct the mistake.
I still stand by the ridiculousness of that. If not the logistics quirks per se, then the fact that this completely unrelated matter dictated the resolution of the situation against common sense and my interest.
What makes this even worse is that presumably the PR department of that very company had to be involved later and they still spent their employees' time and money to compensate me for the mistake that could be corrected for free.
Yes, it is not exactly the same thing but the point is: by getting off at B you are making the B->C flight travel with a wasted (empty) seat. Which they would have preferred to either sell to someone else or use for moving a pilot or technician to C.
(Note also that this trick of getting out mid-itinerary only works if you do not have checked baggage, because that will arrive in C, and neither the airline nor the airport will be happy to reroute it to wherever you thing you want to go next.
Flying is expensive and logistically complex. Just making sure you end up where your ticket say is complicated. If you (as a customer) decide to change your plans you are making everything more complicated (and possibly preventing other customers to pay for the whole itinerary).
It's no more ridiculous than something being cheaper at a liquidation store than a retail store.
The intermediary I booked the tickets with made an obvious mistake and showed the wrong airport code. Maybe the airport opening was meant to happen earlier, and the intermediary had already updated their emails or something like that. They refused to do anything meaningful and did not even acknowledge their mistake.
The fact that I was compensated by the airline that had nothing to do with this mistake is even more astonishing to me, although they were obviously protecting their brand reputation.
A->B->C can be cheaper than B->C. If people could skip flight A, then people already in B would buy the cheaper A->B->C.
But why would they cancel B-A when there’s a no show for A-B? More so when there’s a few days gap between A-B and B-A? The only issue being they were booked as a single itinerary/PNR. I don’t see what cost has got anything to do with it.
- Last minute travellers (who pay significantly higher for this)
- move their own personnel from B to A
- alleviating problems caused by overbooking, canceled flights, delayed flights or any other disruption.
1) About 8 years ago I was gifted a copy of Ray Dalio's Principles. Being a process aficionado who thought the way to prevent bureaucracy was to ground process in principles, I was very excited. But halfway through I gave up. All the experience, the observations, the case studies that had led Dalio to each insight, had been lost in the distillation process. The reader was only getting a Plato's Cave version. I used to love writing spec-like process docs with lots of "shoulds" and "mays" for my teams, but now I largely write examples.
2) I live in a Commonwealth country, and as I understand (IANAL), common law, or judge made law, plays a larger role in the justice system here than in the US, where the letter of the law seem to matter more. I used to think the US system superior (less arbitrary), but now I'm not sure. Case law seems to provide a great deal of context that no statute could ever hope to codify in writing. It also carries the weight of history, and therefore is harder to abruptly change (for better or for worse).
3) Are human beings actually accountability sinks? This is only possible if they are causal originators, or in Aristotlean terms, "prime movers", or have pure agency, or are causa sui. But the question is, once we subtract environment (e.g. good parenting / bad parenting) and genetics (e.g. empathy, propensity toward anger), how much agency is actually left? Is it correct for our legal and ethical systems to terminate the chain of causality at the nearest human being?
If I understand it correctly, that's what United Healthcare was doing, that got people so mad at the guy that was shot. He brought in "AI Denial Bots," so the company could knowingly cause the death of their customers, without having any "soft" humans in the process.
Greaber, if I remember right, argues that modern bureaucracy started with efficient means of communication. He squares the Deutsche Post as the milestone, as they made the whole population available to be controlled. Now the state could send them letters, count them, enlist them in the military etc.. It's a brilliant observation: communication technology is the main tool of the bureaucracy. The tangent he takes fron there is even more brilliant: we have been heavily focusing and improving the communication tech (telephone, fax, tv, radio, internet, social media) but not necessarily the tech to reduce thr burden of work for the masses (robots!). If you would ask someone 100 years ago how the future would look like, people would almost invariably say they would need to work less in the future, abd at some point they invariably expected to have robots do all the work. Yet, all we got is smartphones that watch every movement of us, makes us available to the employer anywhere and anytime, hence more means to control us by state or, exceedingly, private bureaucracies. There's a reason why AI boom is happening, as this is the next tech on the bureaucracy tree.
This being said, none of these tech are bad by themselves. It is the shape they took and the way they are used in contemporary society. To tie with the OP: we have communication tools available to us that is billions of times more efficient and effective yet the customer service, or any interaction with any big corporation (as a customer or employee) or state got so much worse and impersonal. Impersonal as in, individual cases do not exist anymore, only policies. One could have expected to escalate a claim back in late 19th century by just writing letters and eventually get to someone, or even just show up at the offices of a company and get their problem resolved (this is still the case in developing countries). Can we expect this now?
And can we flip the relationship, creating dashboards or whatever from which agentic systems reach, hold to account, and surveille right back?
I'm thinking pro-active agents that escalate for you, sinking their teeth into interactions with large organizations like a dog with a bone.
As a Brit though, I was completely blindsided by the inclusion of Dom Cummings. I'd forgotten he existed. Seeing his and Boris' attitude to PPE provision discussed in a positive light without any mention of the associated scandal[1] made me a bit uncomfortable. Without getting too political, they claimed to have solved a problem, but whether or not it was a justifiable, sensible or legitimate solution is probably going to be debated for decades.
[1] https://en.wikipedia.org/wiki/Controversies_regarding_COVID-...
>> We did that. But only the Prime Minister could actually cut through all the bureaucracy and say, Ignore these EU rules on Blah. Ignore treasury guidance on Blah. Ignore this. Ignore that. “I am personally saying do this and I will accept full legal responsibility for everything.”
> By taking over responsibility, Johnson loosened the accountability of the civil servants and allowed them to actually solve the problem instead of being stuck following the rigid formal process.
Of course this also can have pretty severe negative consequences. In the U.S., thanks to a recent Supreme Court ruling, the president has immunity from criminal prosecution under certain (yet to be fully determined) circumstances. If the president then "takes over the responsibility" for obviously illegal actions, and is immune from prosecution for those actions, you now have a civil service unburdened by any responsibility to follow the law. And there are some 3 million odd workers in the U.S. federal government.
That the conservatives on the Supreme Court did not consider this danger, especially in light of who occupies the office, is still astounding to me.
Don’t ask me how I know :) It is one of the few accountability sinks that doesn’t affect me negatively.
The Dutch law doesn't say you 'can't have a second passport'. It only says: 'you can't have a second passport at the time you get your Dutch one'.
So countries like the UK allow their citizens to 'renounce' their UK citizenship, get a Dutch one, then get their UK one 'back'.
Crisis is when well-thought out, tested procedures should be used, at least as a starting point.
But the important thing to recognise is there are always people who can overrule a given formal process and they are being held accountable to something. The issue becomes what their incentives are. In the success stories in this article (like the one where the doctor saves a bunch of people) the incentives lead to a good outcome when the formal system is discarded. In the leading ground squirrel example someone without doubt had the power to prevent the madness and didn't because their incentives led them to sit quietly in the background hidden from history's eye. Ditto the Nazi example - obviously there was someone (probably quite a few someones) who could have stopped the killing. They didn't override the system because they through it was performing to spec, and it is probably difficult to prove they were in hindsight because informal systems don't get recorded.
she feels more than a children of the cities, she has embodied them.
I would call them a supervisor then.
It’s not logically impossible for any buyer to decide to pay or not pay more to a seller, it just depends how replaceable the buyer thinks the seller is, and how much they care (the buyer could be retiring with golden parachutes before shit hits the fan).
> The answer they've got was that since only a tiny percentage of people have names that long, rather than redesigning the card, those applications would simply be rejected.
Long names are a pain. This happened to me when I tried to open a bank account in Vietnam. Similarly bank tellers in China were always puzzled and needed to call supervisors when having to enter the information. Also airport auto gates frequently fail for me, and systems that want me to enter your full name in a form will reject my input more often than not. When I'm asked to sign my full name with my signature, it hardly fits and I need to write in tiny letters.
If I ever have children I'll name then with something short, with no special characters. Something like Tim, Kim, Leo... Otherwise they will always end up the edge case.
I remember many messes where I just stood there thinking to myself "alright nicbou, what did we learn today?"
Well, shit happens. Pick your stuff up and carry on.
I disagree, slightly. We have to expect some degree of ethical behaviour from everyone, even those who nominally have no room to manoeuvre. If everyone in such positions were to disobey unjust orders the orders would eventually have to change.
Walking away stewing in rage does nothing except fill you with damaging hormones.
As crappy as the system with its max length for people's names, it's common to allow first initial + surname. It also works very badly for non ASCII names - to my understanding, I _think_ people in East Asia just have to use romanisations if they want to have a Mastercard. This all sucks, but it's a bit more than "the card design" - it's quite fundamentally baked in to how the whole system works. There aren't a lot of systems out there which are based on more aged and legacy technology than card networks.
> We conclude that long-term chemosensory and dietary preferences of cats are influenced by prenatal and early (nursing) postnatal experience, supporting a natural and biologically relevant mechanism for the safe transmission of diet from mother to young.
https://www.researchgate.net/publication/232700921_Prenatal_...
https://www.researchgate.net/publication/40452868_Effects_of...
I'll add that habits and taste can change later in the life voluntary or involuntary: There's plenty of people that "learn" to like something they didn't in their youth for many reason: new cultural environment, health, curiosity...
People do a lot of expensive and wasteful things just because they are convenient in many domains of life.
Meat isn't tasty. If it was you wouldn't always eat it fried almost to a char with salt and spices. Tasty things you can just eat straight up. Meat is easy. It's easier to keep some cows on grassy hill then kill them, than to create and maintain a field there.
Meat is also easy to cook and eat. It digests nicely. It can be used in mono diet with no immediate ill effects. It's a no-brainer food even an idiot can use to sustain themselves. It's hard to poison yourself with it because if it's not fresh it stinks like hell.
Allow me to introduce you to the concept of "steak".
I agree with the rest of your comment, except this.
You eat your meat "always fried to a char"? What? Also, I barely add some salt to it. Many people add way too much salt though.
I know he only touches on it very slightly and indirectly raises a related point to what annoys me about most coverage about it.
It's pretty simply that the people that were systematically slaughtered during that time period were classified to be Jews, Gypsies and other "undesirables", but they were first and foremost German and identified as such. Nazi Germany didn't kill "other" people, it systematically alienated groups of the population to then eradicate them, by first walling them off to make communication impossible, then spreading enough propaganda to make the average Joe no longer consider them his neighbor.
Seeing the social climate all over the world change, chief among them Americas, does make me think this lesson hasn't been taken in whatsoever.
The first step to atrocities is always to cut of communication between the groups, and people nowadays are actively doing that themselves now - not artificially enforced like it was back then.
“ The Utopia of Rules: On Technology, Stupidity, and the Secret Joys of Bureaucracy”
https://en.wikipedia.org/wiki/The_Utopia_of_Rules
The people who get what they want in these situations are the ones who are prepared to behave sufficiently unreasonably. This is a second order consequence of 'unaccountability' that Davies misses. For the customer, or object of the system, it incentivises people to behave *as unpleasantly as possible* — because it's often the only way to trigger the exception / escalation / special case, and get what you want.
So really a case of not enough bureaucracy rather than too much.
You can't pass immigrations because you don't have a last name?
The future is not made for you, because progammers and designers didn't get requirements that match the diversity of this beautiful world.
It remindes me how someone I know often makes complicated food orders in restaurants (modfying or replacing items on the menu), and then they get disappointed or complain because their wishes are forgotten or screwed up. I never make changes to a menu item, because I assume they are unable to accommodate me (either due to stress, lack of intelligence/memory, bad process e.g. not writing down customers' orders etc.). As a result, I get disappointed less often on average - make your oder "compatible" with the realities of this world to avoid disappointment and stress.
There is actually an official procedure for U.S. Immigrations dealing with people who have names that cannot be split meaningfully into first/last names, e.g. some people from India. Assume your name is "Maussam", then you are permitted and expected to fill in that string in BOTH fields, first name and last/family name, when booking a flight or applying for visa. (A similar hack could be devised for names that are "too long".)
Overall, these examples are reminiscent of the movie Brazil (1985), which is about a dystopian future in which a plumber that helps people fix their toilets gets hunted as a terrorist because he didn't fill in the right form.
My theory is the world has been gradually converging towards the absurd state parodied in that movie.
Airlines are not the only ones that get less and less accountable. We should stop spending our money with companies that communicate with us using email spam services the address of which begins with noreply@fubar.com.
https://de.wikipedia.org/wiki/Brazil_(1985)
Both that item and this item add the unique perspectives of the authors, but both are about issues raised by Dan Davies' Unaccountability Machine. So if you like this thread, you might like that thread.
"If responsibility is rightfully yours, no evasion, or ignorance or passing the blame can shift the burden to someone else. Unless you can point your finger at the man who is responsible when something goes wrong, then you have never had anyone really responsible."
> This is why even the well-off feel anxious and restless. We may have democracy by name, but if the systems we interact with, be it the state or private companies, surrender accountability to the desiccated, inhuman processes and give us no recourse, then the democracy is just a hollow concept with no inner meaning.
> You can't steer your own life anymore. The pursuit of happiness is dead. Even your past achievements can be taken away from you by some faceless process. And when that happens, there’s no recourse. The future, in this light, begins to feel less hopeful and more ominous.
> It’s eerie how much of today’s political unrest begins to make sense through this lens.
No, your past achievements aren’t taken away from you. When you’re wronged, you almost always have recourse, up to and including making a big stink on social media. Private companies aren’t meant to be political democracies. They’re in fact almost explicitly designed to be authoritarian, because it works well. You don’t suddenly live in a not-democracy just because the companies have a CEO and middle managers that set up processes.
I wish the rest of the post wasn’t called into question by this hyperbole, but it is. It makes some interesting points, but ultimately it feeds into a natural desire to be pessimistic. Which means it’s entertainment rather than an analysis.
I'm looking at you, ANA Mileage Club card! 24 characters should be enough for anyone according to their database. They even have a whole page dedicated to how you should work around it (I tried, this procedure & indeed it lets you truncate your name, but then you won't be able to associate any tickets you purchase in your real name with the card). https://www.ana.co.jp/en/jp/amc/reference/merit/procedure/in...
Huh. Franz Jägerstätter was executed for refusing to fight in the war.
Mostly demotion or transfer to a different area, but no execution or jail time. Sometimes not even that.
I'm talking about not taking part in massacres (e.g. shooting unarmed women and children, locking people in a barn and setting it on fire, etc), not about refusing to fight, cowardice, aiding the enemy or actual treason.
[1] I dislike that I have to specify. I wish there were still only one common reference for this name.
> You ask to speak to someone who can do something about it, but you're told that's not company policy.
People somewhere in between realise that the point of the gate attendant (or Level 1 tech support person) is to shield management from customers, so you have to outflank the shield.
Being yelled at by a customer is bad for the Level 1 support person, although there's usually a policy in place for phone support that you can hang up if the customer is getting aggressive. What's much worse is saying to management "hey here's something you might want to look at" and being super yelled at by their boss for not doing their duty of keeping the customer away from the higher-ups. That kind of thing can get you fired.
But you can hack the system in many ways. The point is to find someone higher up without going through the person who's not allowed to help you, and without blaming them for doing their job.
Some possibilities: find the higher-ups on linkedin, speak to a company rep or executive personally at an event if your professional circles overlap, send a printed physical letter to someone in control, and so on.
Something I've seen work many times: if you're a student, find out about the university's management structure and ask for a personal meeting with the Dean of X of whoever sits above the department admin person who's assignment is "we've taken this decision, now make the students happy with it". A dozen students asking to personally speak with the Dean or President lets them know something's up and the shield was ineffective. Since there's usally some kind of statement of values about how the "student experience" is central to everything they do (read: "students are paying customers"), they can't just turn you away.
Every program you ever run will precisely follow the same set of rules, because it is those rules.
There's a missing piece that no one has really managed to implement on computers: backstory. The reason why a program's rules are written is much more important than the rules themselves, yet we haven't found any way to write the reason why.
The most important feature of backstory is that it's dynamic. The meaning of a story can be completely changed by simply replacing its backstory. Whether it's a computer program or a societal organization, a decided system must be ignorant to its backstory. There is no place in a decided system to implement context. It turns out that this is a core feature of computable systems: they are context-free.
---
I've been working on a way to change this, but it's such an abstract idea, it's been hard to actually find (and choose) where to get started.
Notwithstanding the rest of the column, this particular example brings the following thought to mind:
It could actually be argued that getting angry at the gate attendant is not a "bad people" response. Suppose that under those circumstances, the typical individual passenger would demand the gate attendant to either let them onto the flight, or compensate them reasonably on the spot, and if denied - even with a "it's not within my authority" - inform their fellow passengers, which would support the demand physically to the extent of blocking boarding, and essentially encircling the gate attendant until they yield (probably by letting the original passenger onto the plane), and if security gets involved - there would be a brawl, and people on all sides would get beaten. Now, the individual(s) would would do such a thing may well suffer for it, but in terms of the overall public - gate attendants will know that if they try to do something unacceptable, it will fail, and they will personally face great discomfort and perhaps even violence. And airports would know that such bumps result in mini-riots. So, to the gate attendant, such an order would be the equivalent of being told by the company to punch a passenger in the face; they would just not do it. And the airport would warn airlines to not do something like that, otherwise they would face higher airport fees or some other penalty. And once the company realizes, that it can't get gate attendants to bump passengers this way, it will simply not do it, or authorize decent compensation on the spot etc.
Bottom line - willingness to resist, minor ability to organize, and some willingness to sacrifice for the public benefit - can dismantle some of these accountability sinks.
a good "collective response" would be to deny the non-agency of the gate attendant. That is,
The only way to get this solved is if in the executive meetings one person goes "Our processes that bumps people resulted in xxxxxx cost, that's too much".
The way those costs are incurred doesn't matter, if its direct compensation or fines, but unless you can attach a price tag to it, nothing will change.
No, that's not true. He is literally, physically, the gate keeper: To pass the gate, he has to let you pass. Now, you could insert another gate keeper into the scenario at the entrance to the airplane, or some turn-style with a scanner etc. but that wouldn't change the basic argument, just make the scenario a little more complex.
If rejecting people from flights without explanation was socially considered the same way as punching in them the face, they wouldn't do that, either.
https://news.ycombinator.com/item?id=41891694
https://aworkinglibrary.com/reading/unaccountability-machine
(A very short overview of Dan Davies' book, quoted in TFA, that came up with the term)
EDIT: complementing book mentioned in that thread
Cathy O'Neil's "Weapons of Math Destruction" (2016, Penguin Random House) is a good companion to this concept, covering the "accountability sink" from the other side of those constructing or overseeing systems.
Cathy argues that the use of algorithm in some contexts permits a new scale of harmful and unaccountable systems that ought to be reigned in.
https://news.ycombinator.com/item?id=41892299
It's the _just culture_ focused on repairing the damage – for the victim and for the community – and trying to fix the reasons and integrate the offender back into life (otherwise community would end up being a bloodbath of revenge and dies out).
What wasn't obvious to me is that switch from restorative justice culture to retribution justice culture happened for economic reasons. At some point of nation states formation, crime became an act of offence against the king, not the community. You didn't do wrong to the community, you "disobeyed the rule of king" and thus has to be punished. The whole "justice transaction" became a deal between an offender and the state/king, instead of community and victim and offender. Paying retribution fee became a source of income for the kingdom, incentivising this type of justice culture. Victim and community was largely left untouched by this new type of "fixing justice". Pretty dramatic change.
"Sidney Dekker" & "lese majeste" or even "Wilhoit" returned nothing interesting, so that's a new open secret (if I didn't totally misunderstand, that is)
Aside: does that make "The United States " a careless sovereign (monarch) in your book? -- most criminal cases are "The U.S. vs ____": not only are community/rehabilitation afterthoughts, nobody looks forward to any pleasure of a Majesty. The Judge+Jury as Middle Finger & Thumb of the Invisible Hand?
https://news.ycombinator.com/item?id=43853663
That's because hard work and being serious about your tasks do not get you promoted.
If the governing part at the time of the Nazi trials actually held each and every person involved accountable, would they win the next election?
If a company holds their employees to the actual standards laid out by their policies or guidelines, what would attrition look like? Would they immediately be short staffed critial roles? Would they loose a key employee at a very inconventient time?
These are the real reasons preventing us from holding people accountable.
Why corporations are allowed to own other corporations? Isn't it a slavery?
Sir, it's the year 2025 of our Lord. Nobody is out there to destroy your life most of the time.
[1]:
> When NTDS was eventually acclaimed not only a success, but also one of the most successful projects in the Navy; it amazed people. Especially because it had stayed within budget and schedule. A number of studies were commissioned to analyze the NTDS project to find why it had been so successful in spite of the odds against it. Sometimes it seems there was as much money spent on studying NTDS than was spent on NTDS development.
[2]:
> ...the Office of the Chief of Naval Operations authorized development of the Naval tactical Data System in April 1956, and assigned the Bureau of Ships as lead developing agency. The Bureau, in turn, assigned Commander Irvin McNally as NTDS project “coordinator” with Cdr. Edward Svendsen as his assistant. Over a period of two years the coordinating office would evolve to one of the Navy’s first true project offices having complete technical, management, and funds control over all life cycle aspects of the Naval Tactical Data System including research and development, production procurement, shipboard installation, lifetime maintenance and system improvement.
[1]:
The Freedom to Fail: McNally and Svendsen had an agreement with their seniors in the Bureau of Ships and in OPNAV that, if they wanted them to do in five years what normally took 14, they would have to forego the time consuming rounds of formal project reviews and just let them keep on working. This was reasonable because the two commanders were the ones who had defined the the new system and they knew better than any senior reviewing official whether they were on the right track or not. It was agreed, when the project officers needed help, they would ask for it, otherwise the seniors would stand clear and settle for informal progress briefings.
The key take-away is that the NTDS was set up as a siloed project office with Commanders McNally and Svendsen having responsibility for the ultimate success of the project, but other than that being completely unaccountable. There were many other things the NTDS project did well, but I believe that fundamental aspect of its organization was the critical necessary condition for its success. Lack of accountability can be bad, in other circumstances it can be useful, but diffusion of responsibility is always the enemy.
How many trillions of dollars are wasted on projects that go overbudget, get delayed and/or ultimately fail, and to what extent could that pernicious trend be remedied if such projects were led from inception to completion by one or two people with responsibility for its ultimate success who shield the project from accountability?
[0]: https://ethw.org/First-Hand:No_Damned_Computer_is_Going_to_T...
[1]: https://ethw.org/First-Hand:Legacy_of_NTDS_-_Chapter_9_of_th...
[2]: https://ethw.org/First-Hand:Building_the_U.S._Navy%27s_First...
Welcome to modern day customer support. Phone or email agents have zero agency and their jobs are more often than not outsourced to some ultra low wage country... the only ones with actual authority tend to be C-level executive assistants and social media teams because a bad experience gone viral can actually threaten a massive financial impact.
Of course people always had the feel-good lie "oh they're just being relocated to XYZ" but in those times you'd never leave your furniture and other valuables behind when moving if you were not forced to. For German people it was a win-win situation: More work for everyone (either as a party soldier or in the construction), steal some valuables from your neighbors who just got taken away, and feel good about your noble aryan genes.
Sorry for rambling on this topic but there are books for every mid-size Germany city which detail the unfathomable amount of looting, stealing and "M&A business" that was done by everyday "normal" German citizens during these times.
And most of these crimes were not prosecuted because of political decisions after the war.
The default attitude of any human is to support the status quo, but you'd think Germany in particular would do a better job of changing that default with education. It seems like it doesn't.
Obviously, if someone was doing another holocaust, it would be in their best interests to make you think the very notion of more holocausts was prima facie completely absurd.
Whether it's worse or better than Holocaust is debatable and you can bring up a metric. Did Gaza reach 10% of the Holocaust? At what rate we count abducted children against murdered adults? Do we count deaths or suffering too? Do the circumstances of death with genocidal intent contribute to the metric?
What can we learn from the quantitative comparison of one with another?
"Are Your Lights On?" - https://www.goodreads.com/book/show/1044831.Are_Your_Lights_...
"The Secrets of Consulting" - https://www.goodreads.com/book/show/566213.The_Secrets_of_Co...
"More Secrets of Consulting" - https://www.goodreads.com/book/show/714345.More_Secrets_of_C...
Welcome to scale. Every business that wants to grow faces this, and those that grow exponentially face this way before they could ever have established a company culture of treating people like humans, which only comes with years of face-to-face interactions, sometimes that don't go so well. Customers sometimes disappointed and you have to make it up to them; when they do, they feel valued. But in today's economy means you can endlessly screw customers, and as long as your business/your userbase/the sector keeps appearing to grow before your exit, giving a shit is an active impediment to that sweet sweet millionaire payoff in the end.
But I keep seeing "blameless" being construed as lying about why something happened. It's construed in such as way that anyone can hide from their misdeeds. People screw up, and we need to hold them accountable, and THEY need to hold THEMSELVES accountable. Not necessarily with "punishment" (what does that even mean in a professional context) but perhaps atonement and retraining.
If we're speaking of a justice system in more general terms, I agree with your line of thinking. I believe that repairing the damage and reintegrating with society would be far more effective than incarceration or other forms of punishment. Fear is a seed, you reap what you sow.
(Yes there are extreme cases. Still the long-term goal should be to minimise harm, not bring punishment.)
Accountability under Dekker's restorative justice model means providing a complete record of what happened, so the justice system can focus on who was harmed and who needs to repair that harm. In some ways I think they can end up mirroring the typical punitive justice system, when the person who needs to repair harm matches what we would call a guilty party in other circumstances. But the idea is not to lie about what happened! It's to expand the network of causality beyond a simple thought terminating "Bob did it" so we can address the systemic problems that led to Bob doing the wrong thing.
> Not necessarily with "punishment" (what does that even mean in a professional context)
A few options depending on profession:
1. Demotion 2. Pay cuts or fines 3. Firing 4. Loss of certification, thus preventing this person from ever working in the field again 5. Jail time, preventing this person from even being in society for some time, perhaps forever.
Dekker's book is full of examples of professionals facing all of the above consequences. If you don't think these punishments are applied to the SRE community Allspaw addressed when originally describing "blameless postmortems" then you probably want to read the all time highest upvoted post to /r/cscareerquestions, "Accidentally destroyed production database on first day of a job, and was told to leave, on top of this i was told by the CTO that they need to get legal involved, how screwed am i?"[1]
[1]: https://www.reddit.com/r/cscareerquestions/comments/6ez8ag/a...
Damn, that explains a lot about the Dutch and about that part of the world, to be honest. Why can't have they more human traits? What's wrong of them?
2. These are also human traits! Maybe not so much humane traits.
https://en.wikipedia.org/wiki/Chick_culling
For sure we don't do that sociopathic thing here in Romania. Ok, I get it, the regulations were set in stone, but after shredding (again, what the flying fuck?!?!) the first animal hasn't any of those Dutch employees just stopped and ask themselves: "What the hell are we doing here?". It certainly explains Anne Frank, after all she was violating the regulations that were in place back then in that desolate and sad country.
> 2. These are also human traits! Maybe not so much humane traits.
We're talking about mammals here. Not that what happens with chicks is the correct way to do it, and God knows we deserve everything that comes our way as a species for doing that, but there are degrees in all this madness.
While we’re being unnecessarily rude, and discussing people who enjoy the sounds of their own voice and lacking substance.
And hon, unlike most in this dawning age of LLM slop replacing human speech, I deserve to enjoy the sound of my own voice. People tell me as much almost every day! Think of me as Wittgenstein's lion. Don't expect to be able to make sense of me.
Only with a healthy dose of cynicism I can understand where he's going. While the topic of accountability sinks is quite interesting, I'm searching for the author's reflection of their own accountability.
They worked at google, made a boatload of money for the advertising company and himself, and now philosophically lectures others how to detect and/or design accountability sinks.
And from that you convey that the author must have some kind of ego? I don't think that's justified critique.
> As one of the commenters noted: "Amazing! The guy broke every possible rule. If he wasn't a fucking hero, he would be fired on the spot."
> **
> Once, I used to work as an SRE for Gmail. SREs are people responsible for the site being up and running. If there's a problem, you get alerted and it's up to you to fix it, whatever it takes.
I only know Mr. Sustrik from this one article but had to mention this because it was just a too low hanging fruit in terms of criticism.
Doesn't surprise me to learn he's big on LW, though. A bloodless, passionless dork who mistakes dollars for IQ points and of whom it's not obvious he ever had an original thought? He might have been made in a lab for those sad nerd wannabes to identify with.
That's a horrible take. He did nothing of that sort. He didn't say anything about his skills, nor did he say anything about improving Gmail postmortems. You made everything up. He was just mentioning the fact that in this case, limited accountability when handling emergencies has strong benefits.
Isn’t this the practice we do to sell ourselves during interview about quantifying our work and value?
I firmly believe that the author is the perfect interview candidate who will pass an engineering interview with flying colors. For rest of us, “so erm… I fixed a bug which allowed my employer to scale quicker globally during natural disasters and erm… allow emergency response teams to coordinate. My manager tells me it saves billions of life but I do not have access to actual numbers but the number of promotion each of my managers get when I fix a bug tells me, my contribution has good values”.
P.S. Off-topic.
Subtext of his previous blogpost:
Capitalism is powered by greed.
https://250bpm.substack.com/p/per-tribalismum-ad-astra
EDIT: another post of his that got traction ~5 yrs ago was about the Swiss political system (Swiss are a pragmatic culture though afaik he's Slovak so we might have to account for some Iron Curtain baggage)
https://news.ycombinator.com/item?id=23881309