20+ years of software experience • Specialities: ◦ System dynamics ◦ Applied formal methods ◦ Architecture and system rescue • Engineering manager at Rebellion Defense
20+ years of software experience • Specialities: ◦ System dynamics ◦ Applied formal methods ◦ Architecture and system rescue • Engineering manager at Rebellion Defense I work in defense
orders branches to upgrade to Windows 10 ◦ Many computers too old to support it ◦ 2018: "For the most part, with the exception of a couple [of agencies], we are there," Essye Miller, the Acting Department of Defense Chief Information Officer • Bad networks • Low connectivity • Data is old and in bad formats (PowerPoint files)
threat to safety isn’t the doomsday tech, it’s the failure of normal technology that is everywhere. • Feedback loops and context are important • Many engineers don’t think that anything they build could have safety consequences
threat to safety isn’t the doomsday tech, it’s the failure of normal technology that is everywhere. • Feedback loops and context are important • Many engineers don’t think that anything they build could have safety consequences Kind of my jam →
probability of failure New View • Ergonomics (how people adapt) • Sociological impact • System Dynamics 🏼 Sometimes our solutions make things much worse Traditional View -vs- New View Safety
Experts build and maintain their expertise by operating a system • Automation takes away those experiences ◦ Makes it difficult for a “human in the loop” to supervise ◦ Experts lose skills ◦ Onboarding more difficult ◦ More complex systems that are harder to reason about
sensor data and take notes Tier 2 Takes all the notes from Tier 1 and aggregates them into themes, locations, trends Tier 3 Takes the trend data from Tier 2 in produces intelligence and strategy.
sensor data and take notes Tier 2 Takes all the notes from Tier 1 and aggregates them into themes, locations, trends Tier 3 Takes the trend data from Tier 2 in produces intelligence and strategy. Let’s replace Tier 1 with some AI
sensor data and take notes Tier 2 Takes all the notes from Tier 1 and aggregates them into themes, locations, trends Tier 3 Takes the trend data from Tier 2 in produces intelligence and strategy.
by configuration changes • Edge cases triggering unexpected behavior as total activity scales • What is monitoring the monitoring system? • Onboarding Xooglers at USDS
by configuration changes • Edge cases triggering unexpected behavior • What is monitoring the monitoring system? • Onboarding Xooglers at USDS SREcon 2019 Asia/Pacific Ironies of Automation: A Comedy in Three Parts
its downsides when it comes to costs and workload (SLOs) • But added more and more specific functionality is also a form of optimization (optimizing for a use case instead of performance) • Increased optimization often decreases resilience Wait? Why? 😟:
things make technology more accessible • Those alternative pathways come in handy when a blocker to the primary operation appears • Variation is the first thing optimization tends to eliminate
want to build “elite” fighting forces and focus on weeding people out • But the reality of wars is that militaries need people to build expertise fast so that resources are going to action conflicts and not training new recruits. • When technology robs people of expertise rather than helping them build it, losing experts become hurts much more. • We’re watching this dynamic play out in the Ukraine right now, where the biggest blocker to military aid is training fighters to use the tech.
cases reused for other things ◦ Salesforce, Wordpress, etc… ◦ Introduces security holes ◦ Dead/junk code ◦ Modifications not backed up anywhere • Missing market adjustments ◦ Facebook losing users to Twitter ◦ Instagram losing them to TikTok
accident investigation: epistemological, preventive, moral and existential meaning-making Sidney. Dekker, 2014 • Society uses post-incident accountability to process grief ◦ suffering == human moral choice, ◦ Desire single acts and actors as cause of failure ◦ Accidents tend to have neither obvious causes nor clear, linear cause! effect relationships. • We can always find a human to blame ◦ Who was operating? ◦ Who was maintaining? ◦ Who was supervising? ◦ Who manufactured?
humans and machines alone • But only of they are working together in a specific way ❌ Computer recommending a move to the human ✅ Computer listing a set of possible responses to human’s planned move • People will always alter their use of technology so that they can blame the technology when failure happens • Fully delegating decisions to the machine • Using the computer in unapproved ways • They will do this even when this risks their lives (Tesla autopilot crashes)
• When it’s right you’re grateful • When it’s wrong we just ignore it • Impossible to passively delegate • When it’s right you don’t notice • When it’s wrong it creates confusion or annoyance • Extra work proactively overriding
mbellotti
tasshi
0si43
kyoheig3
manfredsteyer
suzukihoge
yuisakamoto
77web
yusukeito
ivargrimstad
ysk8hori
javiergs
colly
mclloyd
tenderlove
hannesfritz
chrisshort
aarron
jponch
sstephenson
jmmastey
rmw
aleyda
chriscoyier
