惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园 - 【当耐特】
Help Net Security
Help Net Security
P
Proofpoint News Feed
J
Java Code Geeks
爱范儿
爱范儿
Last Week in AI
Last Week in AI
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
F
Full Disclosure
Google DeepMind News
Google DeepMind News
H
Help Net Security
G
Google Developers Blog
Jina AI
Jina AI
Vercel News
Vercel News
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
L
Lohrmann on Cybersecurity
S
Schneier on Security
Microsoft Azure Blog
Microsoft Azure Blog
IT之家
IT之家
Security Archives - TechRepublic
Security Archives - TechRepublic
阮一峰的网络日志
阮一峰的网络日志
N
News and Events Feed by Topic
GbyAI
GbyAI
B
Blog
O
OpenAI News
博客园_首页
Cisco Talos Blog
Cisco Talos Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Hacker News: Ask HN
Hacker News: Ask HN
TaoSecurity Blog
TaoSecurity Blog
腾讯CDC
MongoDB | Blog
MongoDB | Blog
M
MIT News - Artificial intelligence
C
Cybersecurity and Infrastructure Security Agency CISA
Cyberwarzone
Cyberwarzone
Webroot Blog
Webroot Blog
Simon Willison's Weblog
Simon Willison's Weblog
Y
Y Combinator Blog
C
Cisco Blogs
A
Arctic Wolf
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
T
The Exploit Database - CXSecurity.com
Security Latest
Security Latest
AI
AI
W
WeLiveSecurity
aimingoo的专栏
aimingoo的专栏
The Register - Security
The Register - Security
Project Zero
Project Zero
H
Hackread – Cybersecurity News, Data Breaches, AI and More
N
Netflix TechBlog - Medium
Blog — PlanetScale
Blog — PlanetScale

Jonathon Belotti [thundergolfer]

Failure numbers every programmer should know Can an AI datacenter be beautiful? There's been a vibe shift in vibe coding Keeping 20,000 GPUs healthy The 10 best software podcast episodes I ever heard Larval stage support engineering: great at what doesn’t scale "A Foundational Result in Machine Learning" Gray’s ‘5 minute rule’ in the cloud era Aussie engineers, get to The States!
safetykit
Jonathon Belotti · 2026-05-17 · via Jonathon Belotti [thundergolfer]

Lockout tags left on controls in an abandoned power plant

Tags left in place in a powerplant after it was shut down, decommissioned, and abandoned.

For some reason I’m a particularly cautious software engineer. It has its downsides, but one concrete benefit is that when I slip (everyone does), those slips are less likely to cause an incident. Over time I’ve seen slips contribute to many serious incidents, and have come to properly value the role of straightforward safety mechanisms in tools. The most obvious and commonly used mechanism is --dry-run, but there are many more safety mechanisms you can introduce into a semi-automated system. I’ve made a small Python gist called safetykit to collect these mechanisms. It is a set of runnable demonstrations that advance a simple idea: production scripts should have seatbelts.

The gist exists to make common safety techniques concrete. Instead of saying “be careful with destructive scripts”, it shows a few ways a script can slow down, explain itself, ask for help, recover from interruption, and leave evidence behind.

dryrun

Separates planning from execution by printing what would happen first, then shows the wet run committing the same delete.

confirm

Requires a typed confirmation before deleting a selected file, using a stronger guard than a reflexive y/n prompt. One cautionary reference is Leveson and Turner’s Therac-25 accident investigation, where repeated proceed prompts helped train operators into dangerous reflexes.

pause

Inserts a deliberate delay before a scary action so the human operator has time to interrupt.

abort

Writes through a temporary file and atomic replace so cancellation does not leave a corrupt partial output.

undo

Moves a file into quarantine first, waits briefly for a cancel key, and only commits the delete if the user does not undo it.

feedback

Feedback is central to safety. When humans or machines act in the world, they need feedback to tell whether their actions are safe and whether their internal model of the world corresponds to reality. This demo ramps CPU pressure on one logical core while printing color-coded progress, then stops cleanly when the user notices the overload and interrupts.

audit

Emits a JSON Lines audit trail with hash chaining so a run has a durable record of what happened.

two_person

Requires a second independently run script, with a shared secret, before the initiating script proceeds. It’s a translation of the two-person rule used in nuclear weapons management. This software version has serious design flaws, but it was a fun exercise to sketch out.

None of these techniques is exotic. That is the point. Most scripts can be made much safer with small, boring additions.