Monday, April 13, 2009

Ad-hoc solutions to systemic problems do not scale (or: "stop bitching and get back to work")

Today at work, for the hundredth time since I've been there, somebody complained about how they have to log in over and over again to various internal services, and asked if there was any known solution. And for the hundredth time since I've worked there, people suggested various workarounds, including Greasemonkey scripts, bookmarklets, and third-party software.

For the hundredth time, people pondered why authentication (especially web authentication) sucks so bad, and wondered why biometrics hadn't taken off yet. The people who worked on the software in question heard their cue, and like clockwork, chimed in to defend why it really was necessary and useful to type your passwords twelve times at the beginning of each day.

The bit flipped, the algorithm advanced, and self-appointed security nazis popped out of the woodwork to yell at people for wanting to save their passwords and shave a few seconds off their morning routine.

The thing is, real security experts never chime in on mailing lists telling people what to do. Real security experts know that talking to people one-by-one is pointless: next month there will be a new n00b asking the exact same question, doing the exact same retarded thing.

Instead, real security experts -- people who want to achieve change in general -- work silently behind the scenes to change the system so that the players are automatically guided down better paths.

I see this pattern all over the place, not just in software, and it drives me crazy. Think of all the effort expended trying to save the planet by changing peoples' behavior one-by-one. If the planet needs saving, we are screwed because running commercials encouraging people to turn their thermostats down isn't going to make any difference at all. If the planet needs saving, we're going to need a concerted effort to find a systematic solution to a systemic problem, not people keying each others' SUVs and touchy-feely TV commercials.

Working on mass market software has taught me that you can't educate everyone. Even if you could reach them all, people are mostly lazy, dumb, and preoccupied. If you really want to make a change in this world, you need to change the system, not the people.


Igor said...

Change yourself -> change the world.

Simon said...

Challenge someone else to change in pair with you.
Knowing or even understanding different advice on what to change can be hard; some advice might only be correct for a specific region ("buy this instead of that").
Systematic solutions? Probably need to start at primary school level.

JT said...

1. You're right about the need for systemic change. Got to sell off the compact fluorescents before we can market LEDs.

2. Still, I like to think of my family as a system; an important system for change.

3. Yet, we are an insignificant cluster of oddballs intent on living well and saving the planet while we're at it. It's confusing.

4. Even so, I watched George Carlin's riff on saving the planet in the darkened, chilly house and laugh my a*s off as I sipped a nice semi-locally produced microbrew.

5. But it seems change is coming, or maybe I just have indigestion.

Anonymous said...

This is a great truth. Not a screed at all.

Corollary: if want to benefit the world, and people know your name, it might be evidence that you're doing it wrong.

The world needs entrepreneurs, politicians, and writers, and those people gain a certain notoriety. But the system designer who makes something so compelling that it spreads by itself might be almost unknown, and the work will seem like it just happened. I think Tim Berners-Lee is in that category, as are most of the people who labored on the IETF in the early years.

Anonymous said...

My very first computer science professor was somehow blackmailed into sitting on a committee that oversaw landscaping projects. When the committee was presented with plans to re-sidewalk and re-sod quite a large commons area, he suggested they sod the entire area at first, observe the foot traffic for a while, then lay the sidewalks where the sod had worn down. Everybody thought he was crazy so they proceeded with the plans. "Unsupported" foot paths later emerged of course.

Few people will do the right thing (e.g. use the sidewalks) when doing the wrong thing serves them (e.g. take more expedient routes).

Good security follows the natural grain. Bad security tries, and fails, to impose its own grain.

Laurence said...

Perhaps this is the same story "Anonymous" is talking about, or maybe not: Way more about paths at UC Berkeley than you’d ever want to read.An interesting phrase from that post: "foolish fascism or opportunistic organicism".