undefined | Better HN

0 pointstootie5y ago0 comments

When I'm in charge of some software platform that I know has reliability or security problems that no one is willing to prioritize, I have a foolproof strategy. One, write down the list of biggest problems to solve. Two, wait for an inevitable disaster. Three, when leadership is in a panic I present my list and ask for top priority.

0 comments

10 comments · 3 top-level

yaml-ops-guy5y ago· 6 in thread

How do the conversations typically go when asked "did you know this could happen"/"did we see this coming" or has no one bothered to ask that question yet during the RCA process?

jcims5y ago

Generally not well.

If you haven’t been shot down by an expendable in the past, the best course of action is to find the most complementary position historically taken by leadership, twist to your objective and then credit them publicly with the vision.

The gap can be reconciled privately later.

lostcolony5y ago

"that no one is willing to prioritize"

You missed that part. "Here is the email chain it was discussed in, including the bit where I raised the concern of what could happen" is generally pretty solid CYA.

yaml-ops-guy5y ago

I actually did not miss that part, but thanks for calling it out regardless. The question was instead borne out of curiosity as to know how the follow up and subsequent discussions fare even with CYA in pocket.

What has your experience been? Have you had success reprioritizing necessary and critical fixes that were previously not in scope postmortem?

1 more reply

8note5y ago

Sounds like that's solved by having the list as an action item.

Yes, we knew about it. Also, here's all these other things we know about that will result in similar catastrophes

kaetemi5y ago

That's when you show the other hundred lists of solutions to things that could go wrong.

yaml-ops-guy5y ago

I see.

Maybe I'm overthinking it (this happens sometimes, I'm working on it), but waiting around for a security crisis to happen when a solution is in sight, even when facing difficulty prioritizing the work seems dangerous to one's career.

But I admit not knowing a lot of things most engineers just assume are a given, lately.

2 more replies

toyg5y ago· 1 in thread

That’s a sort of reverse-Disaster-Capitalism.

wombatpm5y ago

The Shock Doctrine applied to product management

eyelidlessness5y ago

This was my approach until it failed. The people in a position to decide were so preoccupied by (understandable) emergent secondary effect issues that communicating the underlying issue was basically a waste of time.

The only way I could get to solving the problem was by drawing a line in the sand and refusing to work on symptoms anymore. And the only reason that was effective was because my team was so understaffed that my refusal effectively brought all feature work to a halt.

Even then, “solve the problem” buy in was shaky and constantly dismissed/side-stepped. It took a full end to end proof of concept exploit against a production system, being incredibly careful not to actually cause harm, to get support from the top (which I conjured in less than an hour and regret holding those cards as long as I did, but I was seriously worried about how I could demonstrate the vulnerability without exploiting it harmfully).

j / k navigate · click thread line to collapse

0 comments

10 comments · 3 top-level

yaml-ops-guy5y ago· 6 in thread

How do the conversations typically go when asked "did you know this could happen"/"did we see this coming" or has no one bothered to ask that question yet during the RCA process?

jcims5y ago

Generally not well.

The gap can be reconciled privately later.

lostcolony5y ago

"that no one is willing to prioritize"

You missed that part. "Here is the email chain it was discussed in, including the bit where I raised the concern of what could happen" is generally pretty solid CYA.

yaml-ops-guy5y ago

What has your experience been? Have you had success reprioritizing necessary and critical fixes that were previously not in scope postmortem?

1 more reply

8note5y ago

Sounds like that's solved by having the list as an action item.

Yes, we knew about it. Also, here's all these other things we know about that will result in similar catastrophes

kaetemi5y ago

That's when you show the other hundred lists of solutions to things that could go wrong.

yaml-ops-guy5y ago

I see.

But I admit not knowing a lot of things most engineers just assume are a given, lately.

2 more replies

toyg5y ago· 1 in thread

That’s a sort of reverse-Disaster-Capitalism.

wombatpm5y ago

The Shock Doctrine applied to product management

eyelidlessness5y ago

j / k navigate · click thread line to collapse