The default attitude of any human is to support the status quo, but you'd think Germany in particular would do a better job of changing that default with education. It seems like it doesn't.
Obviously, if someone was doing another holocaust, it would be in their best interests to make you think the very notion of more holocausts was prima facie completely absurd.
Whether it's worse or better than Holocaust is debatable and you can bring up a metric. Did Gaza reach 10% of the Holocaust? At what rate we count abducted children against murdered adults? Do we count deaths or suffering too? Do the circumstances of death with genocidal intent contribute to the metric?
What can we learn from the quantitative comparison of one with another?
Of course people always had the feel-good lie "oh they're just being relocated to XYZ" but in those times you'd never leave your furniture and other valuables behind when moving if you were not forced to. For German people it was a win-win situation: More work for everyone (either as a party soldier or in the construction), steal some valuables from your neighbors who just got taken away, and feel good about your noble aryan genes.
Sorry for rambling on this topic but there are books for every mid-size Germany city which detail the unfathomable amount of looting, stealing and "M&A business" that was done by everyday "normal" German citizens during these times.
And most of these crimes were not prosecuted because of political decisions after the war.
> We conclude that long-term chemosensory and dietary preferences of cats are influenced by prenatal and early (nursing) postnatal experience, supporting a natural and biologically relevant mechanism for the safe transmission of diet from mother to young.
https://www.researchgate.net/publication/232700921_Prenatal_...
https://www.researchgate.net/publication/40452868_Effects_of...
I'll add that habits and taste can change later in the life voluntary or involuntary: There's plenty of people that "learn" to like something they didn't in their youth for many reason: new cultural environment, health, curiosity...
People do a lot of expensive and wasteful things just because they are convenient in many domains of life.
Meat isn't tasty. If it was you wouldn't always eat it fried almost to a char with salt and spices. Tasty things you can just eat straight up. Meat is easy. It's easier to keep some cows on grassy hill then kill them, than to create and maintain a field there.
Meat is also easy to cook and eat. It digests nicely. It can be used in mono diet with no immediate ill effects. It's a no-brainer food even an idiot can use to sustain themselves. It's hard to poison yourself with it because if it's not fresh it stinks like hell.
I agree with the rest of your comment, except this.
You eat your meat "always fried to a char"? What? Also, I barely add some salt to it. Many people add way too much salt though.
Allow me to introduce you to the concept of "steak".
I remember many messes where I just stood there thinking to myself "alright nicbou, what did we learn today?"
Well, shit happens. Pick your stuff up and carry on.
But the important thing to recognise is there are always people who can overrule a given formal process and they are being held accountable to something. The issue becomes what their incentives are. In the success stories in this article (like the one where the doctor saves a bunch of people) the incentives lead to a good outcome when the formal system is discarded. In the leading ground squirrel example someone without doubt had the power to prevent the madness and didn't because their incentives led them to sit quietly in the background hidden from history's eye. Ditto the Nazi example - obviously there was someone (probably quite a few someones) who could have stopped the killing. They didn't override the system because they through it was performing to spec, and it is probably difficult to prove they were in hindsight because informal systems don't get recorded.
she feels more than a children of the cities, she has embodied them.
I would call them a supervisor then.
It’s not logically impossible for any buyer to decide to pay or not pay more to a seller, it just depends how replaceable the buyer thinks the seller is, and how much they care (the buyer could be retiring with golden parachutes before shit hits the fan).
Sir, it's the year 2025 of our Lord. Nobody is out there to destroy your life most of the time.
Why corporations are allowed to own other corporations? Isn't it a slavery?
Notwithstanding the rest of the column, this particular example brings the following thought to mind:
It could actually be argued that getting angry at the gate attendant is not a "bad people" response. Suppose that under those circumstances, the typical individual passenger would demand the gate attendant to either let them onto the flight, or compensate them reasonably on the spot, and if denied - even with a "it's not within my authority" - inform their fellow passengers, which would support the demand physically to the extent of blocking boarding, and essentially encircling the gate attendant until they yield (probably by letting the original passenger onto the plane), and if security gets involved - there would be a brawl, and people on all sides would get beaten. Now, the individual(s) would would do such a thing may well suffer for it, but in terms of the overall public - gate attendants will know that if they try to do something unacceptable, it will fail, and they will personally face great discomfort and perhaps even violence. And airports would know that such bumps result in mini-riots. So, to the gate attendant, such an order would be the equivalent of being told by the company to punch a passenger in the face; they would just not do it. And the airport would warn airlines to not do something like that, otherwise they would face higher airport fees or some other penalty. And once the company realizes, that it can't get gate attendants to bump passengers this way, it will simply not do it, or authorize decent compensation on the spot etc.
Bottom line - willingness to resist, minor ability to organize, and some willingness to sacrifice for the public benefit - can dismantle some of these accountability sinks.
a good "collective response" would be to deny the non-agency of the gate attendant. That is,
The only way to get this solved is if in the executive meetings one person goes "Our processes that bumps people resulted in xxxxxx cost, that's too much".
The way those costs are incurred doesn't matter, if its direct compensation or fines, but unless you can attach a price tag to it, nothing will change.
No, that's not true. He is literally, physically, the gate keeper: To pass the gate, he has to let you pass. Now, you could insert another gate keeper into the scenario at the entrance to the airplane, or some turn-style with a scanner etc. but that wouldn't change the basic argument, just make the scenario a little more complex.
If rejecting people from flights without explanation was socially considered the same way as punching in them the face, they wouldn't do that, either.
Only with a healthy dose of cynicism I can understand where he's going. While the topic of accountability sinks is quite interesting, I'm searching for the author's reflection of their own accountability.
They worked at google, made a boatload of money for the advertising company and himself, and now philosophically lectures others how to detect and/or design accountability sinks.
And from that you convey that the author must have some kind of ego? I don't think that's justified critique.
> As one of the commenters noted: "Amazing! The guy broke every possible rule. If he wasn't a fucking hero, he would be fired on the spot."
> **
> Once, I used to work as an SRE for Gmail. SREs are people responsible for the site being up and running. If there's a problem, you get alerted and it's up to you to fix it, whatever it takes.
I only know Mr. Sustrik from this one article but had to mention this because it was just a too low hanging fruit in terms of criticism.
Doesn't surprise me to learn he's big on LW, though. A bloodless, passionless dork who mistakes dollars for IQ points and of whom it's not obvious he ever had an original thought? He might have been made in a lab for those sad nerd wannabes to identify with.
Subtext of his previous blogpost:
Capitalism is powered by greed.
https://250bpm.substack.com/p/per-tribalismum-ad-astra
EDIT: another post of his that got traction ~5 yrs ago was about the Swiss political system (Swiss are a pragmatic culture though afaik he's Slovak so we might have to account for some Iron Curtain baggage)
Isn’t this the practice we do to sell ourselves during interview about quantifying our work and value?
I firmly believe that the author is the perfect interview candidate who will pass an engineering interview with flying colors. For rest of us, “so erm… I fixed a bug which allowed my employer to scale quicker globally during natural disasters and erm… allow emergency response teams to coordinate. My manager tells me it saves billions of life but I do not have access to actual numbers but the number of promotion each of my managers get when I fix a bug tells me, my contribution has good values”.
P.S. Off-topic.
That's a horrible take. He did nothing of that sort. He didn't say anything about his skills, nor did he say anything about improving Gmail postmortems. You made everything up. He was just mentioning the fact that in this case, limited accountability when handling emergencies has strong benefits.
I'm looking at you, ANA Mileage Club card! 24 characters should be enough for anyone according to their database. They even have a whole page dedicated to how you should work around it (I tried, this procedure & indeed it lets you truncate your name, but then you won't be able to associate any tickets you purchase in your real name with the card). https://www.ana.co.jp/en/jp/amc/reference/merit/procedure/in...
But I keep seeing "blameless" being construed as lying about why something happened. It's construed in such as way that anyone can hide from their misdeeds. People screw up, and we need to hold them accountable, and THEY need to hold THEMSELVES accountable. Not necessarily with "punishment" (what does that even mean in a professional context) but perhaps atonement and retraining.
If we're speaking of a justice system in more general terms, I agree with your line of thinking. I believe that repairing the damage and reintegrating with society would be far more effective than incarceration or other forms of punishment. Fear is a seed, you reap what you sow.
(Yes there are extreme cases. Still the long-term goal should be to minimise harm, not bring punishment.)
Accountability under Dekker's restorative justice model means providing a complete record of what happened, so the justice system can focus on who was harmed and who needs to repair that harm. In some ways I think they can end up mirroring the typical punitive justice system, when the person who needs to repair harm matches what we would call a guilty party in other circumstances. But the idea is not to lie about what happened! It's to expand the network of causality beyond a simple thought terminating "Bob did it" so we can address the systemic problems that led to Bob doing the wrong thing.
> Not necessarily with "punishment" (what does that even mean in a professional context)
A few options depending on profession:
1. Demotion 2. Pay cuts or fines 3. Firing 4. Loss of certification, thus preventing this person from ever working in the field again 5. Jail time, preventing this person from even being in society for some time, perhaps forever.
Dekker's book is full of examples of professionals facing all of the above consequences. If you don't think these punishments are applied to the SRE community Allspaw addressed when originally describing "blameless postmortems" then you probably want to read the all time highest upvoted post to /r/cscareerquestions, "Accidentally destroyed production database on first day of a job, and was told to leave, on top of this i was told by the CTO that they need to get legal involved, how screwed am i?"[1]
[1]: https://www.reddit.com/r/cscareerquestions/comments/6ez8ag/a...
Anti-social Punishment: https://250bpm.com/blog:132/
Technocratic Plimsoll Line: https://250bpm.com/blog:176/
seems lesswrong has all of them, older and newer: https://www.lesswrong.com/users/sustrik?from=post_header
While we’re being unnecessarily rude, and discussing people who enjoy the sounds of their own voice and lacking substance.
And hon, unlike most in this dawning age of LLM slop replacing human speech, I deserve to enjoy the sound of my own voice. People tell me as much almost every day! Think of me as Wittgenstein's lion. Don't expect to be able to make sense of me.
0: for non-Americans and for Americans from other states that may use different terms, the DMV is the department of motor vehicles in many US states and is the central place to get your drivers license, take the drivers test, register your car, get vehicle license plates, etc. Many processes that have many requirements that often are unfulfilled when people show up asking for things.
DMV sounds more like incompetence than design. Compare with airline where the system is “better” when you have no recourse.
The DVLA in the UK doesn't have a high-street presence. I took my driving test once, then received my driving licence in the post. When it needs renewing, I can do it online. I tax my car online. MOTs (annual vehicle safety tests) happen at any local garage. I've never needed a new numberplate, but I think you can buy those online too.
So what is it you all have to go to the DMV for? Because it sounds horrible.
You really only need to go there for driving tests (for teenagers or immigrants), completing private vehicle sales, and other odds and ends
What I always found interesting is going there and people arguing with the workers about not having proof of insurance or a clear title etc.
My experiences with the CA DMV were similar. Only in IL have I had quick, easy visits to the DMV
The whole taking appointments but still making you wait kills me a little inside though. There's a world where these processes could be so seamless.
In the US, you need to prove both residency and identity. To prove your identity in the US, many people don’t have passports, so they bring a tranche of documents to the DMV office. To prove residency, we typically bring utility bills, leases, etc. Usually people prefer to go in person so they don’t lose these documents and get feedback if they don’t have the right stuff.
It looks like in the UK, since driving licenses are administered nationally, you don’t have the same patchwork of 50 different organizations with different requirements and rules, and the process is much simpler.
I haven’t been to a DMV for 10 years. I can renew vehicle registration, renew my license, and so on online. When I bought a new car, the dealer handled all DMV stuff like getting plates.
I’m supposed to be due to get a new “enhanced” license that is good for air travel within the US, but I have a number of other documents (passport, global entry) that serve the same purpose so I avoid the DMV as much as possible.
In my state the DMV is probably worse than a checkup at the dentist, but not as bad as a weekend with the in-laws.
In the US we don't have a standard form of national ID.
This simplifies the process massively.
This is due to a historical political issue and repeal of a national identification system, see also https://en.wikipedia.org/wiki/Identity_Cards_Act_2006.
Oh, I think we should have that in Croatia, since I'm doing yearly car service at my dealership and than still need to take my car to our national inspection station to get the car certificate renewed. Not sure why can't they organize a system were certified car garages can also inspect the vehicle and notify the Center for Vehicles. Maybe that would allow for more cheating but it's not like inspection stations employees are currently immune to taking a small bribe to overlook minor issues during the inspection.
As it is, I think most garages that offer MOTs in the UK are fair and honest, as the test is relatively strictly regulated, but I'm sure people do get ripped off.
They noticed the tricks as patterns, and are handling it. My point is, there is an incentive for private garages to do fraud here.
Plenty of Americans move states, remember some of our states are reasonably small enough that you might commute to the same NYC job from any of 4 different states. I have a friend who sequentially moved NY->NJ->CT->NY in something like 6 years.
Also I forget why but when I moved WITHIN a state 10 years ago, it required a DMV trip. edit: apparently within NY moving COUNTIES at the time required DMV trip (insane)
Oh and the recent push for "Real ID" enhanced IDs requires a trip to DMV. I've avoided this and just been prepared to fly domestically with my passport.
I've always gone into the DMV when I purchased a vehicle from a private party. In California, it has taken me a couple visits; the first visit with the title and sale documentation, the second with the emissions test documentation that the seller was legally suppossed to provide at the time of the sale but practically, the buyer must provide to register the vehicle. Maybe you can do this by mail, but if you do it in person, you walk out with documents so you can legally drive the car. If you buy a car from a dealer, they take care of this paperwork for you, which used to mean having someone stand in line at the DMV and process a bunch of transactions, but now they can typically do it electronically.
If you move to another state, you need to get a new license and retitle and reregister your car; this usually happens in person, and most states have a requirement to do it in under a month. If your car has a loan, expect multiple trips to get it registered... the first trip will let you know what you need from the finance company; the second will bring that back and get registration; then when you eventually pay off the loan and get the title, you'll need to bring that in so you can get the title issued in your current state.
In metropolitan areas that have make you get car inspections like Atlanta, you go to a third party where the price is regulated and they send the results in. You still can do everything on line
On the day of travel I took a taxi to the new airport, which is 40 km outside the city. The taxi driver couldn't care less about where I was going. Upon arrival, there was much fewer people than I expected but I shrugged it off. At the entrance though I was asked where I was going and if I was an employee. Apparently the new airport was still closed and my fight was from the old, still functioning one. The one with the code not shown in the ticket purchase receipts.
Panicking since it was only about an hour until departure, I took a taxi back to the old airport, which was a desperate 40-50 minute drive to only realize the plane had already left.
I was flying abroad, with a connection the next morning, about 10 hours later. So I thought that the problem could be solved by just arriving there by any other flight, which I booked almost immediately. However, the airline representative (yes, there was a human to speak to that I could reach easily by phone) told me that a no-show for any segment of the flight invalidates all subsequent ones. There was no way I could convince her that it wasn't my fault. Perhaps there was a rigid process in place that disallowed her from helping, even though I'd make it to the second flight on time.
I ended up buying 2 new tickets, of course more expensive and less convenient ones. This taught me an important and rather expensive lesson on why connected flights with a single airline are sometimes the worst.
Funnily enough, I was bitten by this rule one more time when I didn't show to a flight in to the country due to visa issues (it was covid time) and wasn't allowed on the flight out of it because I didn't show up to the 1st flight, the flights being 1 week apart - but booked in one go.
As to the previous situation, I managed to get compensated by the airline (not even the intermediary!) about a year later after posting a huge rant on Facebook and getting their attention to the situation.
The intermediary I booked the tickets with made an obvious mistake and showed the wrong airport code. Maybe the airport opening was meant to happen earlier, and the intermediary had already updated their emails or something like that. They refused to do anything meaningful and did not even acknowledge their mistake.
The fact that I was compensated by the airline that had nothing to do with this mistake is even more astonishing to me, although they were obviously protecting their brand reputation.
A->B->C can be cheaper than B->C. If people could skip flight A, then people already in B would buy the cheaper A->B->C.
But why would they cancel B-A when there’s a no show for A-B? More so when there’s a few days gap between A-B and B-A? The only issue being they were booked as a single itinerary/PNR. I don’t see what cost has got anything to do with it.
- Last minute travellers (who pay significantly higher for this)
- move their own personnel from B to A
- alleviating problems caused by overbooking, canceled flights, delayed flights or any other disruption.
Yeah they generally have the capability to prevent that auto cancellation of your segments (within a certain time frame) but in this case unfortunately they were unwilling or it was too late to catch it.
It's generally to protect revenue because buying A-B-C instead of B-C can be cheaper, and hoards of people used to just segments to save money. So they just assume everyone is trying to cheat them.
Isn't it ridiculous in the first place that flying A-B-C is less expensive than B-C? These are the pricing games airlines deliberately play to make more money out of nothing.
Here is an example for you (from logistics): Sending a truck from Berlin to - say - Györ may cost 3 times less than sending the same truck from Györ to Berlin - even on the same exact date.
Is this because shipping companies try to make money out of nothing, for you?
Yes, it is not exactly the same thing but the point is: by getting off at B you are making the B->C flight travel with a wasted (empty) seat. Which they would have preferred to either sell to someone else or use for moving a pilot or technician to C.
(Note also that this trick of getting out mid-itinerary only works if you do not have checked baggage, because that will arrive in C, and neither the airline nor the airport will be happy to reroute it to wherever you thing you want to go next.
Flying is expensive and logistically complex. Just making sure you end up where your ticket say is complicated. If you (as a customer) decide to change your plans you are making everything more complicated (and possibly preventing other customers to pay for the whole itinerary).
My point was that to the layman this does not make any sense while if you are managing a shipping company you soon realize that some destination are more profitable because your truck that was maybe taking specialized replacements parts from A to B can easily pick up some other stuff to send back to A, while travelling in the opposite direction your truck has a high chance to travel empty on retutning to base... but you still have to pay the drivers, the fuel, the maintenance and possibly tolls.
Do you agree there is a difference between charging more for a return, vs charging more for a leg of a compound trip?
In the aforementioned situation I wasn't trying to exploit the airline, it was a simple mistake that happened and could be easily alleviated. But the rigid processes, precisely the ones where accountability sinks, made it impossible for the humans involved to correct the mistake.
I still stand by the ridiculousness of that. If not the logistics quirks per se, then the fact that this completely unrelated matter dictated the resolution of the situation against common sense and my interest.
What makes this even worse is that presumably the PR department of that very company had to be involved later and they still spent their employees' time and money to compensate me for the mistake that could be corrected for free.
I have booked flights A->B->C and got down at B because that was cheaper than booking A->B only. Not sure where this all makes sense at all.
Super-condensed version: civilian flight are a pretty difficult "product" to handle efficiently. Price increases until 1 minute before closing the airplane doors, then falls to zero. On top of that, the product "provider" also needs its own product in order to move personnel and technicians all over the globe, but of course they cannot just cannibalize their own products beyond the point of profitability.
Plus they have to handle rebookings and passenger protection in cases like delays, sudden airport close-down and so on. (Have you ever been on a waiting list, btw?).
All this is pretty complicated to manage already, so they need to exert as much control as possible on yield and occupancy.
TL;DR: a flight is not a bus ride. So if you just decide to cut it short the airline will try to reuse your vacant space for whatever reason.
https://www.npr.org/2023/08/23/1194998452/skiplagging-airfar...
The reason is happens is that take for instance ATL (former home). ATL is a Delta hub and has direct flights to a lot of places that other airlines don’t. Between people preferring direct flights and the lack of competition, they can charge more.
But flying out of MCO with a layover in ATl, they lose the non stop flight advantage and they have to compete with other airlines.
Also ATL sees a lot more price insensitive business travelers than MCO. Businesses aren’t going to force their salespeople and consultants on one of the low cost carriers.
It's no more ridiculous than something being cheaper at a liquidation store than a retail store.
I then took a train to Berlin from Amsterdam, finished the interview and went to the airport for my return flight that was booked by the recruiter. To my absolute horror I was told that since my onward journey was a no show the whole PNR was cancelled. I felt like an idiot. Since then I double and triple check whenever I’m booking flight tickets.
Why did you do that? Especially when that cost you extra money?
You should have talked to the airline directly, explained you'd missed your flight because they gave you the wrong airport, and the airline would have rebooked you and everything would have been fine. People miss flights all the time and this is an entirely normal process.
It's been standard practice for a long time if you miss a first leg, that you forfeit the rest. They're going to reuse those seats for e.g. other people who missed their original flights. It's a type of flexibility built into the whole system.
Connecting flights are super useful because you can work with the airline to reschedule the whole thing, and the airline is responsible if you can't make a connection because an earlier leg is delayed.
I truly don't understand why you would have taken it into your own hands to buy a separate replacement ticket on your own, instead of talking to the airline. Even in your second example, why didn't you work with the airline to reschedule your missed flight? Even if they for some reason can't reschedule, they will often keep your return flight valid if you have an obviously good reason (e.g. a visa issue during COVID). But you do have to contact them immediately.
I'm sorry you didn't know how all this worked, but when in doubt, contact customer service ASAP to see if they can help. Don't just go buy separate tickets on your own, and then assume later legs will still be valid. That's not how it works.
I disagree, slightly. We have to expect some degree of ethical behaviour from everyone, even those who nominally have no room to manoeuvre. If everyone in such positions were to disobey unjust orders the orders would eventually have to change.
Walking away stewing in rage does nothing except fill you with damaging hormones.
I know he only touches on it very slightly and indirectly raises a related point to what annoys me about most coverage about it.
It's pretty simply that the people that were systematically slaughtered during that time period were classified to be Jews, Gypsies and other "undesirables", but they were first and foremost German and identified as such. Nazi Germany didn't kill "other" people, it systematically alienated groups of the population to then eradicate them, by first walling them off to make communication impossible, then spreading enough propaganda to make the average Joe no longer consider them his neighbor.
Seeing the social climate all over the world change, chief among them Americas, does make me think this lesson hasn't been taken in whatsoever.
The first step to atrocities is always to cut of communication between the groups, and people nowadays are actively doing that themselves now - not artificially enforced like it was back then.
As the plan quote often (not always) is already very good I mostly end up making sure the goal is measurable in a quantitative and qualitative way, trends towards to and away from the goal are visually available and distributed , and its clear who is responsible to look and report them.
There's a classic article (2010) about it: https://thetech.com/2010/04/09/dubai-v130-n18 (HN: https://news.ycombinator.com/item?id=1257644)
The difference is that while the decision has been made, it isn't necessarily very good.
Unrelated to the post, but it sounds like you and I do similar work and have arrived at similar conclusions but I often fail to get organizations to actually spend the correct amount of time identifying these success indicators - which I think are critical to focus and scope stability. I’d love to chat sometime.
"Clients always know how to solve their problems, and always tell the solution in the first five minutes."
- Gerald Marvin Weinberg
The Secrets of Consulting
Fast-forward a few years and you find there were in fact many such "heroes" in reality - in Abu Ghraib and in the Black Sites - and the situation weren't exceptional at all.
So accountability sinks can also be used as calculated ways to undermine your own ostensible ethical guardrails.
[1] https://www.theguardian.com/tv-and-radio/2017/jan/30/24-jack...
Plus being so black and white in the manner you're describing would.. well actually be really stupid a lot of the times. The fact that Batman doesn't kill the Joker is a storytelling device, in the real world it would be monumentally stupid to do anything other than blow his brains out. Literally millions of lives saved. But it also makes sense, and his good, that Batman still maintain is strong conviction to not kill despite choosing to do it sometimes.
Rules necessarily have exceptions and it's healthy to do so, black and white thinking should be for the jedi/sith, not real life humans.
Whenever they got to a point, where the detectives and CSI would be painstakingly going through the evidence, sifting out clues, they'd throw the suspect into "the cage," and beat a confession out of them.
1. https://chicagoreader.com/news/the-police-torture-scandals-a...
His son is getting into the act, but seems to be more interested in depicting "the right way."
His show is an Amazon show, named On Call: https://www.imdb.com/title/tt14582876/
I enjoyed it.
Besides any conscious philosophy of the producers & writers, perhaps making the show more character driven as opposed to procedural has an impact on the stories. Maybe it's easier to understand when a suspect's rights are being violated (and to not be banal about it) when you're writing a deeper portrayal of the person who wields the power.
"Officer Jones just blew the entire chain of custody around the bloody knife"
"Flabbodell vs Borkweather says they have to give you access to counsel within X hours and they just ran out the clock"
"This type of traffic stop is explicitly forbidden in 17 states, including the one this show is nominally set in"
Main character tortures a low-level grunt
Gets false confession
Goes off on wild goose chase based on that confession
Bad guys get away with their plot as a result
“Yes, you were torturing me, I’d obviously have said anything to get you to stop.”
I feel like I’ve seen this sequence once or twice, but I can’t remember what it was in. It actually seems like something that is more likely to be put in a comedy, where the protagonist can be shown to be stupid occasionally. Maybe Brooklyn 99, or Barry, or something like that?
In real world, it happens to cover up crimes cop did themselves or to facilitate them.
That is where the lie is.
Antonin Scalia was one of the architects of substantial limitations on the 8th amendment and was a key figure in a number of cases specifically about extraordinary rendition and "enhanced interrogation."
Scalia has multiple times in public referenced Jack Bauer as an argument for why prohibitions on torture are unworkable. At a panel on the very topic, Scalia responded to "Thankfully, security agencies in all our countries do not subscribe to the mantra 'What would Jack Bauer do?'" with "Jack Bauer saved Los Angeles" and "are you going to convict Jack Bauer?"
"The ends justify the means" is a horrific way to run a society in any case, but of course it skips over the question of whether the means actually caused the ends, let alone were the only way to do so. Even if torture did save lives, it isn't a great justification - but then pile on top that your only evidence that it actually does work is fiction and it starts to look like the means were what you really wanted in the first place.
> Interesting, isn’t it? The Federation claims to abhor Section 31’s tactics, but when they need the dirty work done they look the other way. It’s a tidy little arrangement, wouldn’t you say?
Damn, that explains a lot about the Dutch and about that part of the world, to be honest. Why can't have they more human traits? What's wrong of them?
2. These are also human traits! Maybe not so much humane traits.
For sure we don't do that sociopathic thing here in Romania. Ok, I get it, the regulations were set in stone, but after shredding (again, what the flying fuck?!?!) the first animal hasn't any of those Dutch employees just stopped and ask themselves: "What the hell are we doing here?". It certainly explains Anne Frank, after all she was violating the regulations that were in place back then in that desolate and sad country.
> 2. These are also human traits! Maybe not so much humane traits.
We're talking about mammals here. Not that what happens with chicks is the correct way to do it, and God knows we deserve everything that comes our way as a species for doing that, but there are degrees in all this madness.
That's why you install endpoint security tools. That's why you're forced to fulfill all kinds of requirements, some of them nonsensical or counterproductive, but necessary to check boxes on a compliance checklist. That's why you have external auditors come to check whether you really check those boxes. It's all that so, when something happens - because something will eventually happen - you can point back to all these measures, and say: "we've implemented all best practices, contracted out the hard parts to world-renowned experts, and had third party audits to verify that - there was nothing more we could do, therefore it's not our fault".
With that in mind, look at the world from the perspective of some corporations, B2B companies selling to those corporations, other suppliers, etc.; notice how e.g. smaller companies are forced to adhere to certain standards of practice to even be considered by the larger ones, etc. It all creates a mesh, through which liability for anything is dispersed, so that ultimately no one is to blame, everyone provably did their best, and the only thing that happens is that some corporate insurance policies get liquidated, and affected customers get a complimentary free credit check or some other nonsense.
I'm not even saying this is bad, per se - there are plenty of situations where discharging all liability through insurance is the best thing to do; see e.g. how maritime shipping handles accidents at sea. It's just that understanding this explains a lot of paradoxes of cybersecurity as a field. It all makes much more sense when you realize it's primarily about liability management, not about hat-wearing hackers fighting other hackers with differently colored hats.
Thank you for sharing this really illuminating take. I spend an unreasonable amount of time dealing with software security, and you've put things in a light where it makes a bit more sense.
The amount of (useless) processes/systems at banks I've seen in my career that boil down to this is incredible, e.g. hundreds of millions spent on call center tech for authentication that might do nothing, but the vendor is "industry-leading" and "best in-class".
> It's just that understanding this explains a lot of paradoxes of cybersecurity as a field. It all makes much more sense when you realize it's primarily about liability management, not about hat-wearing hackers fighting other hackers with differently colored hats.
Bingo. The same situation for most risk departments at banks or healthcare fraud and insurance companies.
I thought risk at a bank was going to be savvy quants, but it's literally lawyers/compliance/box-checking marketing themselves as more sophisticated than they are. Like the KYC review for products never actually follow up and check if the KYC process in the new products works. There's no analytics, tracking, etc. until audit/regulators come in an ask, "our best-in-class vendor handles this". All the systems are implemented incorrectly, but it doesn't matter because the system is built by a vendor and implemented by consultants, and they hold the liability (they don't, but it will take ~5 years in court to get to that point).
Beginning to understand what "bureaucracy" mechanically is.
cyber perhaps not so much...
A checklist in a security incident? Probably helpful.
A security checklist to satisfy auditors and ancient regulations? This is an entirely different kind.
I do cyber security related stuff for the finance and they have some of the dumbest checklists ever.
A more recent one I got was
"We only allow the HTTP verbs 'GET' and 'POST', your application can only use that and the verbs PUT, PATCH, and DELETE cannot be used.
After not replying 'are you fucking stupid' I said
"You do realize that you are using a RestAPI application and that these verbs can go to the same interface to modify the call in different way? Not only would we have to rewrite our application which would probably take months to years, you would have to rewrite tons of applications on your side to make this actually work."
You get these dipshit auditors from other firms that pick up some 'best practice' from 2003 and put it in a list then get a god complex about it needing to be implemented when they have absolutely zero clue why the original thing was called out in the first place.
For those who wonder, typically these verbs are disabled to prevent the accidental enablement of WebDAV on some platforms, especially Windows/IIS that had some issues with security around it. It makes zero sense for such a rule in a modern API application.
Thanks. One thing that's more interesting than the revealed stupidity of such rules is the actual (and often sensible) reason they were first created long ago.
"Temporary" hacks outliving both the problem they solved and the system they were built for seems to be a regular occurrence in bureaucracy as much as it is in software and hardware.
They do not solve the problem of getting people to think things through and recognize novel issues.
There are some jobs you can't do well. You can do them adequately or screw them up. Checklists are helpful in those jobs.
I once worked on a global, cross-asset application. The change management process was not designed for this and essentially required like 9 Managing Directors to click "approve release" in a 48 hour window for us to do a release.
We got one shot at this per week, and failing any clicks we would have to try again the next week. The electronic form itself to trigger the process took 1-2 hours to fill out and we had 3 guys on the team who were really good at it (it took everyone else 2x as long).
Inevitably this had at least 3 very stupid outcomes -
First we had tons of delayed releases. Second the majority of releases became "emergency releases" in which we were able to forego the majority of process and just.. file the paperwork in retrospect.
Finally, we instructed staff in each region to literally go stand in the required MD delegates office (of course the MD wouldn't actually click) until they clicked. The conversations usually went something like this "I don't know what this is / fine fine you aren't gonna leave, I'll approve it if you say it won't break anything / ok don't screw up"
Imagine, for example, if more companies would hire for software developers and production infrastructure experts who build secure systems.
But most don't much care about security: they want their compliances, they may or may not detect and report the inevitable breaches, and the CISO is paid to be the fall-person, because the CEO totally doesn't care.
Now we're getting cottage industries and consortia theatre around things like why something that should be a static HTML Web page is pulling in 200 packages from NPM, and now you need bold third-party solutions to combat all the bad actors and defective code that invites.
At a corporate level, it is contractually almost identical to insurance, with the product being sold liability for that security, not the security itself.
And, I guess it's fine - it's the general way of dealing with impact that can be fully converted into dollars (i.e. that doesn't cause loss of life or health).
Contrast that to cybersecurity, where vast majority of failures have zero impact on life or health of people, directly or otherwise. Even data breaches - millions of passwords leak every other week, yet the impact of this on anyone affected is... nil. Yes, theoretically cyberattacks could collapse countries and cause millions to die if they affected critical infrastructure, but so far this never happened, and it's not what your regular cybersecurity specialist deals with. In reality, approximately all impact of all cyberattacks is purely monetary - as long as isn't loss of life or limb, it can be papered over with enough dollars, which makes everyone focus primarily on ensuring they're not the ones paying for it.
I think it's also interesting to compare both to road safety - it sits kind of in between on the "safety vs. theater" spectrum, and has the blend of both approaches, and both outcomes.
This is an interesting point, and it certainly affects the incentives involved and the amount of resources allocated to mitigating the problems.
I do think cyber security incidents with real consequences are likely to become more common going forward (infrastructure etc). We haven't experienced large state actors being malicious in a war time footing (yet).
Will we able to better mitigate attacks given better incentives? I think that is an open question. We will certainly throw more resources at the problem, and we will weight outcomes more heavily when designing processes, but whether we know how to prevent cybersecurity incidents even if we really want to... that I wonder about.
Cybersecurity is about adversarial hazards. When you mitigate them they actively try to unmitigated themselves.
It is more analogous to TSA security checks than to FAA equipment checklists. The checklist approach can prevent copycats from repeating past exploits but is largely useless for preventing new and creative problems.
Specifically on accountability, I bootstrapped a security product that replaced 6-week+ risk assessment consultant spreadsheets with 20mins of product manager/eng conversation. It shifted the accountability "left" as it were.
When I pitched it to some banks, one of the lead security guys took me aside and said something to the effect of, "You don't get it. we don't want to find risk ourselves, we pay the people to tell us what the risks and solutions are because they are someone else. It doesn't matter what they say we should do, the real risk is transferred to their E&O insurance as soon as they tell us anything. By showing us the risks, your product doesn't help us manage risk, it obligates us to do build features to mitigate and get rid of it."
I was enlightened. Manage means to get value from. The decade I had spent doing security and privacy risk assessments and advocating for accountability for risk was as a dancing monkey.
Yes, 'cyber' security has devolved to box checking and cargo culting in many orgs. But what's your counter on trying to fix the problems that every tech stack or new SaaS product comes without of the box?
For most people when their Netflix (or HN) password gets leaked that means every email they've sent since 2004 is also exposed. It might also mean their 401k is siphoned off. So welcome the annoying and checkbox-y MFA requirements.
If you're an engineer cutting code for a YC startup -- Who owns the dependancy you just pulled in? Are you or your team going to track changes (and security bugs) for it in 6 months? What about in 2 or 3 years?
Yes, 'cyber' security brings a lot of annoying checkboxes. But almost all of them are due to externalities that you'd happily blow past otherwise. So -- how do we get rid annoying checkboxes and ensure people do the right thing as a matter of course?
Not true. For most people, when their Netflix or HN password gets leaked, that means fuck all. Most people don't even realize their password was leaked 20 times over the last 5 years. Yes, here and there someone might get deprived of their savings (or marriage) this way, but at scale, approximately nothing ever happens to anyone because of password or SSN leaks. In scope of cybersec threats, people are much more likely to become victims of ransomware and tech support call scams.
I'm not saying that cybersec is entirely meaningless and that you shouldn't care about security of your products. I'm saying that, as a field, it's focused on liability management, because that's what most customers care about, pay for, and it's where the most damage actually manifests. As such, to create secure information systems, you often need to work against the zeitgeist and recommendations of the field.
EDIT:
> This is the ultimate nihilistic take on security.
I don't believe it is. In fact, I've been putting efforts to become less cynical over last few months, as I realized it's not a helpful outlook.
It's more like, techies in cybersecurity seem to have overinflated sense of uniqueness and importance of their work. The reality is, it's almost all about liability management - and is such precisely because most cybersec problems are nothingburgers that can be passed around like a hot potato and ultimately discharged through insurance. It's not the worst state of things - it would be much worse if typical cyber attack would actually hurt or kill people.
>So -- how do we get rid annoying checkboxes and ensure people do the right thing as a matter of course?
By actually having the power to enforce this, if you pull our SBOM, realize we have a vulnerability and get our Product Owner to prioritize fixing it even if takes 6 weeks because we did dumb thing 2 years ago and tech debt bill has come due. Otherwise, stop wasting my time with these exercises, I have work to do.
Not trying to be mean but that's my take with my infosec team right now. You are powerless outside your ability to get SOC2 and we all know this is theater, tell us what piece of set you want from me, take it and go away.
We should be stopping leaks, but we also need to reduce the value of leaked data.
Identity theft doesn't get meaningfully prosecuted. Occasionally they'll go after some guy who runs a carding forum or someone who did a really splashy compromise, but the overall risk is low for most fraudulent players.
I always wanted a regulation that if you want to apply for credit, you have to show up in person and get photographed and fingerprinted. That way, the moment someone notices their SSN was misused, they have all the information on file to make a slam-dunk case against the culprit. It could be an easier deal for lazy cops than going after minor traffic infractions.
If someone uses your SSN to take a loan in your name, it shouldn't be your problem - in the same way that someone speeding in the same make&model of the car as yours shouldn't be your problem, just because they glued a piece of cardboard over their license plate and crayoned your numbers on it.
Most security software does not do what it advertises, because it doesn't have to. Its primary function is for the those who bought the product, to be able to blame the vendor. "We paid vendor X a lot of money and transferred the risk to them, this cannot be our fault." Well, guess what? You may not be legally the one holding the bag, but as a business on the other end of the transaction you are still at fault. Those are your customers. You messed up.
As for vendor X? If the incident was big enough, they got free press coverage. The incentives in the industry truly are corrupt.
Disclosure: in the infosec sphere since the early 90's. And as it happens, I did a talk about this state of affairs earlier this week.
Perhaps "Risk Compliance Security" or "Security Compliance Engineering"
Where "Security Compliance Engineering" is the practice of designing, implementing, and maintaining security controls that satisfy regulatory frameworks, contractual obligations, and insurance requirements. Its primary objective is not to prevent cyberattacks, but to ensure that organizations can demonstrate due diligence, minimize liability, and maintain audit readiness in the event of a security incident.
Key goals:
- Pass external audits and internal reviews - Align with standards like ISO 27001, SOC 2, or NIST
- Mitigate organizational risk through documentation and attestation
- Enable business continuity via legal defensibility and insurability
In contrast…
Cybersecurity is focused on actively detecting, preventing, and responding to cyber threats. It’s concerned with protecting systems and data, not accountability sinks.
> You ask to speak to someone who can do something about it, but you're told that's not company policy.
People somewhere in between realise that the point of the gate attendant (or Level 1 tech support person) is to shield management from customers, so you have to outflank the shield.
Being yelled at by a customer is bad for the Level 1 support person, although there's usually a policy in place for phone support that you can hang up if the customer is getting aggressive. What's much worse is saying to management "hey here's something you might want to look at" and being super yelled at by their boss for not doing their duty of keeping the customer away from the higher-ups. That kind of thing can get you fired.
But you can hack the system in many ways. The point is to find someone higher up without going through the person who's not allowed to help you, and without blaming them for doing their job.
Some possibilities: find the higher-ups on linkedin, speak to a company rep or executive personally at an event if your professional circles overlap, send a printed physical letter to someone in control, and so on.
Something I've seen work many times: if you're a student, find out about the university's management structure and ask for a personal meeting with the Dean of X of whoever sits above the department admin person who's assignment is "we've taken this decision, now make the students happy with it". A dozen students asking to personally speak with the Dean or President lets them know something's up and the shield was ineffective. Since there's usally some kind of statement of values about how the "student experience" is central to everything they do (read: "students are paying customers"), they can't just turn you away.
Huh. Franz Jägerstätter was executed for refusing to fight in the war.
Mostly demotion or transfer to a different area, but no execution or jail time. Sometimes not even that.
I'm talking about not taking part in massacres (e.g. shooting unarmed women and children, locking people in a barn and setting it on fire, etc), not about refusing to fight, cowardice, aiding the enemy or actual treason.
[1] I dislike that I have to specify. I wish there were still only one common reference for this name.
If the governing part at the time of the Nazi trials actually held each and every person involved accountable, would they win the next election?
If a company holds their employees to the actual standards laid out by their policies or guidelines, what would attrition look like? Would they immediately be short staffed critial roles? Would they loose a key employee at a very inconventient time?
These are the real reasons preventing us from holding people accountable.
Don’t ask me how I know :) It is one of the few accountability sinks that doesn’t affect me negatively.
The Dutch law doesn't say you 'can't have a second passport'. It only says: 'you can't have a second passport at the time you get your Dutch one'.
So countries like the UK allow their citizens to 'renounce' their UK citizenship, get a Dutch one, then get their UK one 'back'.
That's because hard work and being serious about your tasks do not get you promoted.
“ The Utopia of Rules: On Technology, Stupidity, and the Secret Joys of Bureaucracy”
So really a case of not enough bureaucracy rather than too much.
If I understand it correctly, that's what United Healthcare was doing, that got people so mad at the guy that was shot. He brought in "AI Denial Bots," so the company could knowingly cause the death of their customers, without having any "soft" humans in the process.
1) About 8 years ago I was gifted a copy of Ray Dalio's Principles. Being a process aficionado who thought the way to prevent bureaucracy was to ground process in principles, I was very excited. But halfway through I gave up. All the experience, the observations, the case studies that had led Dalio to each insight, had been lost in the distillation process. The reader was only getting a Plato's Cave version. I used to love writing spec-like process docs with lots of "shoulds" and "mays" for my teams, but now I largely write examples.
2) I live in a Commonwealth country, and as I understand (IANAL), common law, or judge made law, plays a larger role in the justice system here than in the US, where the letter of the law seem to matter more. I used to think the US system superior (less arbitrary), but now I'm not sure. Case law seems to provide a great deal of context that no statute could ever hope to codify in writing. It also carries the weight of history, and therefore is harder to abruptly change (for better or for worse).
3) Are human beings actually accountability sinks? This is only possible if they are causal originators, or in Aristotlean terms, "prime movers", or have pure agency, or are causa sui. But the question is, once we subtract environment (e.g. good parenting / bad parenting) and genetics (e.g. empathy, propensity toward anger), how much agency is actually left? Is it correct for our legal and ethical systems to terminate the chain of causality at the nearest human being?
"Are Your Lights On?" - https://www.goodreads.com/book/show/1044831.Are_Your_Lights_...
"The Secrets of Consulting" - https://www.goodreads.com/book/show/566213.The_Secrets_of_Co...
"More Secrets of Consulting" - https://www.goodreads.com/book/show/714345.More_Secrets_of_C...
The people who get what they want in these situations are the ones who are prepared to behave sufficiently unreasonably. This is a second order consequence of 'unaccountability' that Davies misses. For the customer, or object of the system, it incentivises people to behave as unpleasantly as possible — because it's often the only way to trigger the exception / escalation / special case, and get what you want.
That is - you don't really have to behave unpleasant (raise voice, swear, be impolite, threaten) but you should just refuse to get off the line, demand escalation, and importantly emphasize with their predicament in needing to escalate you. Possibly including phrasing like "what do we need to do to resolve this issue".
I had a cellphone provider send me a $3000 bill because someone apparently was able to open 5 lines & new devices in my name/address. I went through the first few steps of their runbook including going to police department, getting report filed, and providing them the report number. They then tried to demand further work from me and I escalated.
At that point I turned it around - what evidence do you have that I opened this line. Show me the store security footage of me buying the phones, show me the scan of my drivers license, show me my social security number? Tim, are you saying I can just go to the store with your name & address and open 5 lines in your name? Being able to point out the asymmetry of evidence, unreasonableness of their demands, and putting the support staff in my shoes.. they relented and cleared the case.
"We" phrasing is an empathy hack for CS, because it lets you continue to be nice to the person you're talking to AND be persistent about "our" issue being solved.
It's kind of like judo, especially when faced with an apathetic, resistant, or adversarial rep: "This isn't just my problem. This is our problem. So how can we fix it?"
PS: In the same way that my favorite cancellation reason turns the situation on its head. Don't play the game they've rigged up for you to lose. "Why are you cancelling?" -> "Personal reasons." There's literally no counter-response.
20 or 25 minutes in I realized that wasn't going to work, so I asked if they had a protocol to escalate in an abusive situation. He said "ummm....". I said, "hey, you're doing a great job, and I hope the rest of your day goes better, and I hope you know you're not a motherfucker, you motherfucker."
I think (hope?) he stifled a laugh and said "I'm afraid I'll have to escalate this call to my manager, sir."
Plenty of big companies found a workaround. The "forever on hold" routine where they don't hang up, you will eventually. This works perfectly for toll free numbers (so you can't claim you had to pay for the call) and provides just the right amount of plausible deniability (took longer than expected to find an answer, it was an accident, etc.).
I have my suspicions that in some cases this also prevents the survey going out to the customer. All the more reason to abuse it.
I fully understand that the godawful CS mazes many companies set up wind up pushing people in that direction, and that it feels like the only option, but I believe quite strongly that being patient and polite but persistent winds up being much more effective than being unpleasant.
As a small case in point: I worked summers in a tiny ice cream shop, most of the time solo. The shop had a small bathroom for employees only—it was through a food prep area where customers were not allowed by health code. I had some leeway to let people back there as it was pretty low-risk, and I would in the evenings when no other businesses were open, or if a little kid was having an emergency. People who were unpleasant from the get-go when placing their order, however, were simply told we had no bathroom at all. People who started shouting when I told them I wasn’t supposed to let people back there (not uncommon!) and suggested a nearby business were never granted exceptions.
You can have assholes on both sides and set up is already adversarial from the get-go
And they just plainly ignored me when I demanded later they compensate us for the cancelations as per the aviation rules. They did the same when our lawyer got involved.
I’ll never fly TK again and tell anyone whenever this came up. Look reviews up for yourself online, hundreds of people report being stranded, abused, and disrespected in IST by TK the way we were.
It was solved when I found the same information in the email sent by them.
Suddenly the clerk was apologetic and pretended she misunderstood the situation.
There are definitely capital-A assholes in both sides, with people willing to lie through the teeth to someone stranded in a foreign country just to avoid some minor inconvenience.
So a valid strategy is to swear at the automated system and then be polite to the real human that you get.
"ChatGPT has detected you are being hostile to bots. A drone has been dispatched to your location"
Yeah. I got locked out of my capital one account for a "fraud alert" last week. When I tried to login a message said "Call Number XXX" When I called that number I had to go through an endless phone tree and not single option was about fraud alerts or being locked out of accounts. I had to keep going through a forced chute of errors before after about 30 min I finally was able to speak to someone.
Even when I finally got a human they seemed confused about what happened and I had to be transferred several times.
Why would you put a phone number that does not even as a sub option address the issue?
It usually just works to hit 0 (maybe more than once) or say "talk to an agent," even if those aren't options you're explicitly given.
Detecting swears just seems over-compliated.
If you behave unpleasant enough I'll go out of my way to make sure your behavior does not pay off. I will note your abrasive behavior in the ticket or might even mark your mail as spam. On telephone our line will suddenly experience technical difficulties. And throughout I will remain as friendly and patient as ever.
I will warn superiors about you, so once you escalate they already have a colorful 3D image of your wonderful personality in mind. Whether that 100% is in your favor, you can guess.
Play asshole games? Win asshole prices.
Behave like a decent person with empathy instead, press the right buttons and I might even skip some of the company rules for you. Many people in support do not give a single damn if they lose their job over you and you might just be worth it.
These are not sfter-the-fact shower thoughts, these are actually lived experiences from the trenches and I know how other people in those roles think.
Persistence pays off, being an asshole not so much
Thus creating an asshole filter: https://siderea.dreamwidth.org/1209794.html
>An asshole filter happens when you publicly promulgate a straitened contact boundary and then don't enforce it; or worse, reward the people who transgress it.
A lot of people do this unwittingly, so it's a good article to read.
The converse is to this is many companies demand it. If you're not an asshole, you're simply going to get ignored.
The people who get what they want in these situations are the ones who are prepared to behave sufficiently unreasonably. This is a second order consequence of 'unaccountability' that Davies misses. For the customer, or object of the system, it incentivises people to behave *as unpleasantly as possible* — because it's often the only way to trigger the exception / escalation / special case, and get what you want.
As a Brit though, I was completely blindsided by the inclusion of Dom Cummings. I'd forgotten he existed. Seeing his and Boris' attitude to PPE provision discussed in a positive light without any mention of the associated scandal[1] made me a bit uncomfortable. Without getting too political, they claimed to have solved a problem, but whether or not it was a justifiable, sensible or legitimate solution is probably going to be debated for decades.
[1] https://en.wikipedia.org/wiki/Controversies_regarding_COVID-...
>> We did that. But only the Prime Minister could actually cut through all the bureaucracy and say, Ignore these EU rules on Blah. Ignore treasury guidance on Blah. Ignore this. Ignore that. “I am personally saying do this and I will accept full legal responsibility for everything.”
> By taking over responsibility, Johnson loosened the accountability of the civil servants and allowed them to actually solve the problem instead of being stuck following the rigid formal process.
Of course this also can have pretty severe negative consequences. In the U.S., thanks to a recent Supreme Court ruling, the president has immunity from criminal prosecution under certain (yet to be fully determined) circumstances. If the president then "takes over the responsibility" for obviously illegal actions, and is immune from prosecution for those actions, you now have a civil service unburdened by any responsibility to follow the law. And there are some 3 million odd workers in the U.S. federal government.
That the conservatives on the Supreme Court did not consider this danger, especially in light of who occupies the office, is still astounding to me.
For companies, this is also fine, because in most cases the built-in processes work well enough, and in others people just give up, that handling the escalations through their legal department is manageable.
Unfortunately, this approach only helps for the subset of cases where the issue is monetary and/or can wait (and only if it happened in a country with a working small claims system).
> The answer they've got was that since only a tiny percentage of people have names that long, rather than redesigning the card, those applications would simply be rejected.
Long names are a pain. This happened to me when I tried to open a bank account in Vietnam. Similarly bank tellers in China were always puzzled and needed to call supervisors when having to enter the information. Also airport auto gates frequently fail for me, and systems that want me to enter your full name in a form will reject my input more often than not. When I'm asked to sign my full name with my signature, it hardly fits and I need to write in tiny letters.
If I ever have children I'll name then with something short, with no special characters. Something like Tim, Kim, Leo... Otherwise they will always end up the edge case.
Welcome to scale. Every business that wants to grow faces this, and those that grow exponentially face this way before they could ever have established a company culture of treating people like humans, which only comes with years of face-to-face interactions, sometimes that don't go so well. Customers sometimes disappointed and you have to make it up to them; when they do, they feel valued. But in today's economy means you can endlessly screw customers, and as long as your business/your userbase/the sector keeps appearing to grow before your exit, giving a shit is an active impediment to that sweet sweet millionaire payoff in the end.
Example: Dairy farms have strict rules about not letting anybody in who was abroad within the last 48 hours because of possible spread of foot-and-mouth disease. There are many such examples and similar examples exist for wild ecosystems.
So, while it may seem cruel to kill a few hundred squirrels, the precaution is justified. The "guilt", if there is any, is with whoever didn't ensure all the paperwork is in order.
... but using an industrial shredder to do it. (on 440 of them)
For reference, this is an industrial shredder: https://m.youtube.com/shorts/I15kCJyl6po
Anyone who did that to a live animal deserves to be in prison, orders or no. There are innumerable compassionate, humane ways to kill animals, if it's necessary.
Or rather, vegan? Since average dairy cow or hen endures quite some suffering over their whole life too. In addition to then experiencing a similar death to what animals mainly used for meat production endure.
This is meant to point out that the shredder is a terrible machine, buy not categorically worse than how the typical production animal is treated at some point of their conscious life.
(To clarify, I'm personally neither vegan nor vegetarian so am not trying to elevate myself morally above you.)
Both that item and this item add the unique perspectives of the authors, but both are about issues raised by Dan Davies' Unaccountability Machine. So if you like this thread, you might like that thread.
"If responsibility is rightfully yours, no evasion, or ignorance or passing the blame can shift the burden to someone else. Unless you can point your finger at the man who is responsible when something goes wrong, then you have never had anyone really responsible."
> This is why even the well-off feel anxious and restless. We may have democracy by name, but if the systems we interact with, be it the state or private companies, surrender accountability to the desiccated, inhuman processes and give us no recourse, then the democracy is just a hollow concept with no inner meaning.
> You can't steer your own life anymore. The pursuit of happiness is dead. Even your past achievements can be taken away from you by some faceless process. And when that happens, there’s no recourse. The future, in this light, begins to feel less hopeful and more ominous.
> It’s eerie how much of today’s political unrest begins to make sense through this lens.
No, your past achievements aren’t taken away from you. When you’re wronged, you almost always have recourse, up to and including making a big stink on social media. Private companies aren’t meant to be political democracies. They’re in fact almost explicitly designed to be authoritarian, because it works well. You don’t suddenly live in a not-democracy just because the companies have a CEO and middle managers that set up processes.
I wish the rest of the post wasn’t called into question by this hyperbole, but it is. It makes some interesting points, but ultimately it feeds into a natural desire to be pessimistic. Which means it’s entertainment rather than an analysis.
As crappy as the system with its max length for people's names, it's common to allow first initial + surname. It also works very badly for non ASCII names - to my understanding, I _think_ people in East Asia just have to use romanisations if they want to have a Mastercard. This all sucks, but it's a bit more than "the card design" - it's quite fundamentally baked in to how the whole system works. There aren't a lot of systems out there which are based on more aged and legacy technology than card networks.
[1]:
> When NTDS was eventually acclaimed not only a success, but also one of the most successful projects in the Navy; it amazed people. Especially because it had stayed within budget and schedule. A number of studies were commissioned to analyze the NTDS project to find why it had been so successful in spite of the odds against it. Sometimes it seems there was as much money spent on studying NTDS than was spent on NTDS development.
[2]:
> ...the Office of the Chief of Naval Operations authorized development of the Naval tactical Data System in April 1956, and assigned the Bureau of Ships as lead developing agency. The Bureau, in turn, assigned Commander Irvin McNally as NTDS project “coordinator” with Cdr. Edward Svendsen as his assistant. Over a period of two years the coordinating office would evolve to one of the Navy’s first true project offices having complete technical, management, and funds control over all life cycle aspects of the Naval Tactical Data System including research and development, production procurement, shipboard installation, lifetime maintenance and system improvement.
[1]:
The Freedom to Fail: McNally and Svendsen had an agreement with their seniors in the Bureau of Ships and in OPNAV that, if they wanted them to do in five years what normally took 14, they would have to forego the time consuming rounds of formal project reviews and just let them keep on working. This was reasonable because the two commanders were the ones who had defined the the new system and they knew better than any senior reviewing official whether they were on the right track or not. It was agreed, when the project officers needed help, they would ask for it, otherwise the seniors would stand clear and settle for informal progress briefings.
The key take-away is that the NTDS was set up as a siloed project office with Commanders McNally and Svendsen having responsibility for the ultimate success of the project, but other than that being completely unaccountable. There were many other things the NTDS project did well, but I believe that fundamental aspect of its organization was the critical necessary condition for its success. Lack of accountability can be bad, in other circumstances it can be useful, but diffusion of responsibility is always the enemy.
How many trillions of dollars are wasted on projects that go overbudget, get delayed and/or ultimately fail, and to what extent could that pernicious trend be remedied if such projects were led from inception to completion by one or two people with responsibility for its ultimate success who shield the project from accountability?
[0]: https://ethw.org/First-Hand:No_Damned_Computer_is_Going_to_T...
[1]: https://ethw.org/First-Hand:Legacy_of_NTDS_-_Chapter_9_of_th...
[2]: https://ethw.org/First-Hand:Building_the_U.S._Navy%27s_First...
Greaber, if I remember right, argues that modern bureaucracy started with efficient means of communication. He squares the Deutsche Post as the milestone, as they made the whole population available to be controlled. Now the state could send them letters, count them, enlist them in the military etc.. It's a brilliant observation: communication technology is the main tool of the bureaucracy. The tangent he takes fron there is even more brilliant: we have been heavily focusing and improving the communication tech (telephone, fax, tv, radio, internet, social media) but not necessarily the tech to reduce thr burden of work for the masses (robots!). If you would ask someone 100 years ago how the future would look like, people would almost invariably say they would need to work less in the future, abd at some point they invariably expected to have robots do all the work. Yet, all we got is smartphones that watch every movement of us, makes us available to the employer anywhere and anytime, hence more means to control us by state or, exceedingly, private bureaucracies. There's a reason why AI boom is happening, as this is the next tech on the bureaucracy tree.
This being said, none of these tech are bad by themselves. It is the shape they took and the way they are used in contemporary society. To tie with the OP: we have communication tools available to us that is billions of times more efficient and effective yet the customer service, or any interaction with any big corporation (as a customer or employee) or state got so much worse and impersonal. Impersonal as in, individual cases do not exist anymore, only policies. One could have expected to escalate a claim back in late 19th century by just writing letters and eventually get to someone, or even just show up at the offices of a company and get their problem resolved (this is still the case in developing countries). Can we expect this now?
And can we flip the relationship, creating dashboards or whatever from which agentic systems reach, hold to account, and surveille right back?
I'm thinking pro-active agents that escalate for you, sinking their teeth into interactions with large organizations like a dog with a bone.
Every program you ever run will precisely follow the same set of rules, because it is those rules.
There's a missing piece that no one has really managed to implement on computers: backstory. The reason why a program's rules are written is much more important than the rules themselves, yet we haven't found any way to write the reason why.
The most important feature of backstory is that it's dynamic. The meaning of a story can be completely changed by simply replacing its backstory. Whether it's a computer program or a societal organization, a decided system must be ignorant to its backstory. There is no place in a decided system to implement context. It turns out that this is a core feature of computable systems: they are context-free.
---
I've been working on a way to change this, but it's such an abstract idea, it's been hard to actually find (and choose) where to get started.
Crisis is when well-thought out, tested procedures should be used, at least as a starting point.
You can't pass immigrations because you don't have a last name?
The future is not made for you, because progammers and designers didn't get requirements that match the diversity of this beautiful world.
It remindes me how someone I know often makes complicated food orders in restaurants (modfying or replacing items on the menu), and then they get disappointed or complain because their wishes are forgotten or screwed up. I never make changes to a menu item, because I assume they are unable to accommodate me (either due to stress, lack of intelligence/memory, bad process e.g. not writing down customers' orders etc.). As a result, I get disappointed less often on average - make your oder "compatible" with the realities of this world to avoid disappointment and stress.
There is actually an official procedure for U.S. Immigrations dealing with people who have names that cannot be split meaningfully into first/last names, e.g. some people from India. Assume your name is "Maussam", then you are permitted and expected to fill in that string in BOTH fields, first name and last/family name, when booking a flight or applying for visa. (A similar hack could be devised for names that are "too long".)
Overall, these examples are reminiscent of the movie Brazil (1985), which is about a dystopian future in which a plumber that helps people fix their toilets gets hunted as a terrorist because he didn't fill in the right form.
My theory is the world has been gradually converging towards the absurd state parodied in that movie.
Airlines are not the only ones that get less and less accountable. We should stop spending our money with companies that communicate with us using email spam services the address of which begins with noreply@fubar.com.
gsf_emergency•12h ago
https://news.ycombinator.com/item?id=41891694
https://aworkinglibrary.com/reading/unaccountability-machine
(A very short overview of Dan Davies' book, quoted in TFA, that came up with the term)
EDIT: complementing book mentioned in that thread
Cathy O'Neil's "Weapons of Math Destruction" (2016, Penguin Random House) is a good companion to this concept, covering the "accountability sink" from the other side of those constructing or overseeing systems.
Cathy argues that the use of algorithm in some contexts permits a new scale of harmful and unaccountable systems that ought to be reigned in.
https://news.ycombinator.com/item?id=41892299
immibis•12h ago
gsf_emergency•11h ago
https://news.ycombinator.com/item?id=43853663
divan•12h ago
gsf_emergency•11h ago
divan•9h ago
It's the _just culture_ focused on repairing the damage – for the victim and for the community – and trying to fix the reasons and integrate the offender back into life (otherwise community would end up being a bloodbath of revenge and dies out).
What wasn't obvious to me is that switch from restorative justice culture to retribution justice culture happened for economic reasons. At some point of nation states formation, crime became an act of offence against the king, not the community. You didn't do wrong to the community, you "disobeyed the rule of king" and thus has to be punished. The whole "justice transaction" became a deal between an offender and the state/king, instead of community and victim and offender. Paying retribution fee became a source of income for the kingdom, incentivising this type of justice culture. Victim and community was largely left untouched by this new type of "fixing justice". Pretty dramatic change.
gsf_emergency•6h ago
"Sidney Dekker" & "lese majeste" or even "Wilhoit" returned nothing interesting, so that's a new open secret (if I didn't totally misunderstand, that is)
Aside: does that make "The United States " a careless sovereign (monarch) in your book? -- most criminal cases are "The U.S. vs ____": not only are community/rehabilitation afterthoughts, nobody looks forward to any pleasure of a Majesty. The Judge+Jury as Middle Finger & Thumb of the Invisible Hand?