In DevOps (and Lean, TPS) the more advanced form of this is the Poka-Yoke (https://en.wikipedia.org/wiki/Poka-yoke). Poka-yokes don't just add safety, they also guide the human away from making a mistake.
The canonical example is the automatic shift knob in a car. The shift knob is designed to 1) prevent you from accidentally shifting all the way back into reverse without pressing the shift button, and 2) prevents you from leaving park or neutral without depressing the brake pedal. This way you don't damage the drivetrain or accidentally cause the car to roll forward/backward.
Poka-yoke is a form of defensive design (https://en.wikipedia.org/wiki/Defensive_design). For a beautiful example of defensive design, see the average electric kettle. If water boils over the top it won't short the device, if it boils dry it'll stop operating, the handle and body are plastic to prevent burning yourself, the handle is ergonomic to make carrying 1.5L of sloshing boiling water not cause you to spill it, the cord is detached from the kettle so you don't yank the cord and spill the boiling water, the switches are located on the bottom away from hot steam, and the lids usually lock while in operation, again to prevent damage from spillage or steam. It's the simplest and safest possible way to boil water, and it's $20.
The example that comes to my mind is lockout tags. [0] It usually means temporarily jamming up a specific control marked as the lockout/ignition/energizing control while you're working on some big and gnarly machine. There's a bunch of regulation around the specifics of what that control has to prevent if not activated/lockedout, but usually it's a dirt-simple breaker switch or hydraulic valve, controlling whatever the main source of energy into the machine is. The ones with holes are for padlocks that everyone will lock padlocks onto so you have a count of who's still "down there".
If you ever URGENTLY needed to start a machine, and you knew it was safe to do so, the average shop gremlin could always break the tag and start it since they're normally made of craptacular plastic or thin sheet metal... but it's easily enough friction to make you rethink what you're doing. Never known anyone that's ever had to break a tag like that.
My favorite example of poka-yoke is when the pieces and hardware in build-it-yourself furniture kits won't fit anywhere except the correct places: two screws only have the same width if they're interchangeable, wood bars refuse to go in unless facing the right direction, etc.
There's a great example I found a while back when I replaced the fuse box in one of my Range Rovers.
It has seven plugs (there's space for eight) each of which have space for eight pins. The plugs are identical - almost. They're different colours, and they have a T- or U-shaped pin that fits into a hole in the appropriate flying socket on the engine bay wiring harness. The pins are rotated for each plug. [1]
There's no way to fit the fusebox the wrong way round in the engine bay because it has three mounting holes with odd spacings, and one has an angled slot for a bracket that holds a coolant pipe which definitely wouldn't fit if it was wrong.
There's no way to fit the sockets in wrong even without the pegs because the wiring harness only allows them to line up with the correct plugs.
Even the three high-current screw terminals that feed the body ECU under the driver's seat have got little lugs sticking out so you can't mix them up, although since they're all unswitched feeds fused at 60A it kind of doesn't matter.
There are a lot of nice little bits of design like that. Shame they didn't extend that to the ignition coil connectors on later V8s, which are the same for both pairs of coil packs. See if you can guess what causes a lot of "crank, no start" faults when people have been in at the back of the engine.
Funny you say that. As I was using it at a hotel, I was just reflecting on how poorly designed the average kettle is, with the stationary handle on the top and a spout guard: https://stock.adobe.com/video/hot-cup-tea-kettle/189747353
Once the water is boiled, you flip the guard, and get your first scalding. Pour the water and get a nice splash of steam due to the fixed position of the handle as it rises up past your hand. And refilling the kettle is yet another opportunity to get scalded, as the handle gets in the way of your efforts to remove the lid.
There's a great piece of software called "molly-guard", which intercepts calls to "poweroff" and "reboot" and similar. It checks if it's being invoked via an SSH session, and if so, it asks you to type the name of the system you're shutting down. That way, you never accidentally shut down a remote server when you meant to shut down your own system (or a different server).
> There is no worse feeling for a programmer than waking up, walking up to the machine that was supposed to work through the night, and seeing it did absolutely nothing, stupidly waiting for hours for a response to a question that didn't even matter.
No, there's one worse feeling. Walking up to the machine that was supposed to work throughout the night, and seeing it had a surprise update that rebooted the system.
I feel like modern tv remotes are the opposite of this principle. It is often the case that almost every single button will when pushed in some way interrupt the current program, often jumping out to a different menu or changing to a different program or something. It makes handling the remote or trying to change the volume a fraught experience.
I once was a communications contractor for the major NJ power utility. One of their long time field techs (let’s just refer to him as Mr. T) was giving a tour of a substation that was built from the looks of it in the 50s. I have, you see, this bad habit of leaning on things… well Mr. T, without missing a beat, slid his forearm between my hip and a faded green Bakelite knob, the kind that goes in and out rather than twisting. He informed me that if I had leaned any further I would have shut off half of Newark.
Samsung learned about molly guards the hard way - recall of millions of products after accidental fires from people/pets activating the front-panel dials.
Luckily, there’s an easy solution recently devised that can prevent this safety hazard in homes across America, Samsung said. Customers concerned about unintentional activations can request free knob locks and covers that Samsung confirmed made it much harder to accidentally turn on the stove.
During the meeting, the CPSC shared data showing that across 338 incidents between January 1, 2018, and May 30, 2024, stoves from “ten specific manufacturers” were involved in fires causing 31 injuries and two deaths. Additionally, the CPSC had recorded “two other fatal incidents where a range was accidentally turned on when a knob was bumped, but the manufacturer is unknown.”
...Companies said the CPSC data would help them “fully understand the issues” and “make sure that reasonable and foreseeable circumstances would be addressed” without impacting compliance with the Americans with Disabilities Act.
After mentioning this article to relatives, one said they had nixed buying one product because of the front dials. Then we heard from a relative in another city who bought a house due to a newborn baby - one of the additional purchases was a oven/stove/range with front panel dials.
I do wish those were a thing on flat touch sensitive induction cooktops! (For all those pesky water droplets causing the cooktop to error out and turning itself off)
93 comments
The canonical example is the automatic shift knob in a car. The shift knob is designed to 1) prevent you from accidentally shifting all the way back into reverse without pressing the shift button, and 2) prevents you from leaving park or neutral without depressing the brake pedal. This way you don't damage the drivetrain or accidentally cause the car to roll forward/backward.
Poka-yoke is a form of defensive design (https://en.wikipedia.org/wiki/Defensive_design). For a beautiful example of defensive design, see the average electric kettle. If water boils over the top it won't short the device, if it boils dry it'll stop operating, the handle and body are plastic to prevent burning yourself, the handle is ergonomic to make carrying 1.5L of sloshing boiling water not cause you to spill it, the cord is detached from the kettle so you don't yank the cord and spill the boiling water, the switches are located on the bottom away from hot steam, and the lids usually lock while in operation, again to prevent damage from spillage or steam. It's the simplest and safest possible way to boil water, and it's $20.
If you ever URGENTLY needed to start a machine, and you knew it was safe to do so, the average shop gremlin could always break the tag and start it since they're normally made of craptacular plastic or thin sheet metal... but it's easily enough friction to make you rethink what you're doing. Never known anyone that's ever had to break a tag like that.
[0] https://en.wikipedia.org/wiki/Lockout%E2%80%93tagout
It has seven plugs (there's space for eight) each of which have space for eight pins. The plugs are identical - almost. They're different colours, and they have a T- or U-shaped pin that fits into a hole in the appropriate flying socket on the engine bay wiring harness. The pins are rotated for each plug. [1]
There's no way to fit the fusebox the wrong way round in the engine bay because it has three mounting holes with odd spacings, and one has an angled slot for a bracket that holds a coolant pipe which definitely wouldn't fit if it was wrong.
There's no way to fit the sockets in wrong even without the pegs because the wiring harness only allows them to line up with the correct plugs.
Even the three high-current screw terminals that feed the body ECU under the driver's seat have got little lugs sticking out so you can't mix them up, although since they're all unswitched feeds fused at 60A it kind of doesn't matter.
There are a lot of nice little bits of design like that. Shame they didn't extend that to the ignition coil connectors on later V8s, which are the same for both pairs of coil packs. See if you can guess what causes a lot of "crank, no start" faults when people have been in at the back of the engine.
[1] https://bparts-eu.s3-eu-west-1.amazonaws.com/images/62538/bi...
Once the water is boiled, you flip the guard, and get your first scalding. Pour the water and get a nice splash of steam due to the fixed position of the handle as it rises up past your hand. And refilling the kettle is yet another opportunity to get scalded, as the handle gets in the way of your efforts to remove the lid.
> There is no worse feeling for a programmer than waking up, walking up to the machine that was supposed to work through the night, and seeing it did absolutely nothing, stupidly waiting for hours for a response to a question that didn't even matter.
No, there's one worse feeling. Walking up to the machine that was supposed to work throughout the night, and seeing it had a surprise update that rebooted the system.
One of my favorite things about ditching Windows.
https://en.wikipedia.org/wiki/Ed_Krol
Also, perhaps
rmshould be molly guarded to move things to the trash on all systems by default, and delete only if forced to by a flag.Note: I’d have expected Molly to be a cat, because they tend to be pretty good at disrupting things in my experience.
see https://arstechnica.com/tech-policy/2024/08/samsung-recalls-...
After mentioning this article to relatives, one said they had nixed buying one product because of the front dials. Then we heard from a relative in another city who bought a house due to a newborn baby - one of the additional purchases was a oven/stove/range with front panel dials.