Make money doing the work you believe in

Dr Milan Milanoviฤ‡'s avatar
Dr Milan Milanoviฤ‡ 2d
Tech World With Milan Newsletter

๐—ง๐—ต๐—ฒ ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐—ฃ๐—ผ๐—น๐—ถ๐—ฐ๐˜† ๐—ง๐—ต๐—ฎ๐˜ ๐— ๐—ฎ๐—ฑ๐—ฒ ๐—ฃ๐—ฎ๐˜€๐˜€๐˜„๐—ผ๐—ฟ๐—ฑ๐˜€ ๐—Ÿ๐—ฒ๐˜€๐˜€ ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ฒ

In the 2000s, every IT department had the same rule. Change your password every 30 to 90 days, and mix letters, numbers, and symbols.

The goal was stronger passwords, but what we got was the opposite.

Users did what users always do under pressure. They picked Password1, then Password2, then Password3. They wrote them on sticky notes. They reused the same one across systems. Human memory has a limit. The policy didn't care.

In 2017, NIST dropped the recommendation. Forced rotation had made things worse.

This is the Law of Unintended Consequences:

"Whenever you change a complex system, expect surprise."

Robert Merton popularized the term in sociology. Engineers run into it weekly. Every change to a complex system can produce three kinds of result:

๐Ÿญ. ๐—จ๐—ป๐—ฒ๐˜…๐—ฝ๐—ฒ๐—ฐ๐˜๐—ฒ๐—ฑ ๐—ฏ๐—ฒ๐—ป๐—ฒ๐—ณ๐—ถ๐˜๐˜€. The fix accidentally improves something else.

๐Ÿฎ. ๐—จ๐—ป๐—ฒ๐˜…๐—ฝ๐—ฒ๐—ฐ๐˜๐—ฒ๐—ฑ ๐—ฑ๐—ฟ๐—ฎ๐˜„๐—ฏ๐—ฎ๐—ฐ๐—ธ๐˜€. The fix introduces a problem somewhere unrelated.

๐Ÿฏ. ๐—ฃ๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฟ๐˜€๐—ฒ ๐—ฟ๐—ฒ๐˜€๐˜‚๐—น๐˜๐˜€. The fix makes the original problem worse. That's the password story. The most dangerous of the three.

A few engineering versions:

You enable verbose logging to debug a production issue. The logs fill the disk and the service crashes. The fix made the system less stable than before.

You finally fix a bug that's been in production for two years. A downstream service was quietly depending on that behavior. Now it breaks. Hyrum's Law has merged with this one.

You want to increase code quality, so you start to require two approvals on every PR. Engineers respond by shrinking PRs until reviewers rubber-stamp them. Reviews go shallower, not deeper. Quality drops.

You add an alert for every error in production. Within a month, there are too many alerts and the team stops looking. The next real outage runs for an hour before anyone notices.

Same pattern every time. Your change interacts with parts of the system you didn't model: the humans, the dependent services, the operational reality. Your fix lands in a system more complex than your mental model of it.

The discipline isn't predicting every consequence. That's impossible. It's expecting some, shipping in a way that lets you see them fast, and treating second-order effects as part of the design.

May 7
at
7:02 AM
Relevant people

Log in or sign up

Join the most interesting and insightful discussions.