惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
The Blog of Author Tim Ferriss
Know Your Adversary
Know Your Adversary
P
Palo Alto Networks Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
K
Kaspersky official blog
L
LINUX DO - 热门话题
P
Proofpoint News Feed
P
Privacy & Cybersecurity Law Blog
Google DeepMind News
Google DeepMind News
Attack and Defense Labs
Attack and Defense Labs
Cisco Talos Blog
Cisco Talos Blog
AI
AI
L
LINUX DO - 最新话题
H
Heimdal Security Blog
Hacker News: Ask HN
Hacker News: Ask HN
Webroot Blog
Webroot Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
The GitHub Blog
The GitHub Blog
I
Intezer
Blog — PlanetScale
Blog — PlanetScale
有赞技术团队
有赞技术团队
S
Securelist
博客园_首页
IT之家
IT之家
Schneier on Security
Schneier on Security
博客园 - 叶小钗
罗磊的独立博客
WordPress大学
WordPress大学
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
MongoDB | Blog
MongoDB | Blog
P
Proofpoint News Feed
阮一峰的网络日志
阮一峰的网络日志
A
Arctic Wolf
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
W
WeLiveSecurity
The Register - Security
The Register - Security
D
DataBreaches.Net
S
Security @ Cisco Blogs
Security Archives - TechRepublic
Security Archives - TechRepublic
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
腾讯CDC
Recorded Future
Recorded Future
NISL@THU
NISL@THU
N
News and Events Feed by Topic
T
Tailwind CSS Blog
N
News and Events Feed by Topic
Cyberwarzone
Cyberwarzone
T
Tor Project blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com

Jonathon Belotti [thundergolfer]

Failure numbers every programmer should know Can an AI datacenter be beautiful? There's been a vibe shift in vibe coding Keeping 20,000 GPUs healthy The 10 best software podcast episodes I ever heard Larval stage support engineering: great at what doesn’t scale "A Foundational Result in Machine Learning" Gray’s ‘5 minute rule’ in the cloud era Aussie engineers, get to The States!
safetykit
Jonathon Belotti · 2026-05-17 · via Jonathon Belotti [thundergolfer]

Lockout tags left on controls in an abandoned power plant

Tags left in place in a powerplant after it was shut down, decommissioned, and abandoned.

For some reason I’m a particularly cautious software engineer. It has its downsides, but one concrete benefit is that when I slip (everyone does), those slips are less likely to cause an incident. Over time I’ve seen slips contribute to many serious incidents, and have come to properly value the role of straightforward safety mechanisms in tools. The most obvious and commonly used mechanism is --dry-run, but there are many more safety mechanisms you can introduce into a semi-automated system. I’ve made a small Python gist called safetykit to collect these mechanisms. It is a set of runnable demonstrations that advance a simple idea: production scripts should have seatbelts.

The gist exists to make common safety techniques concrete. Instead of saying “be careful with destructive scripts”, it shows a few ways a script can slow down, explain itself, ask for help, recover from interruption, and leave evidence behind.

dryrun

Separates planning from execution by printing what would happen first, then shows the wet run committing the same delete.

confirm

Requires a typed confirmation before deleting a selected file, using a stronger guard than a reflexive y/n prompt. One cautionary reference is Leveson and Turner’s Therac-25 accident investigation, where repeated proceed prompts helped train operators into dangerous reflexes.

pause

Inserts a deliberate delay before a scary action so the human operator has time to interrupt.

abort

Writes through a temporary file and atomic replace so cancellation does not leave a corrupt partial output.

undo

Moves a file into quarantine first, waits briefly for a cancel key, and only commits the delete if the user does not undo it.

feedback

Feedback is central to safety. When humans or machines act in the world, they need feedback to tell whether their actions are safe and whether their internal model of the world corresponds to reality. This demo ramps CPU pressure on one logical core while printing color-coded progress, then stops cleanly when the user notices the overload and interrupts.

audit

Emits a JSON Lines audit trail with hash chaining so a run has a durable record of what happened.

two_person

Requires a second independently run script, with a shared secret, before the initiating script proceeds. It’s a translation of the two-person rule used in nuclear weapons management. This software version has serious design flaws, but it was a fun exercise to sketch out.

None of these techniques is exotic. That is the point. Most scripts can be made much safer with small, boring additions.