Edit: This comment refers to the site going down at 11pm PT last night, not the site going down now at ~5:40pm PT.
Hah, surprise! It was just a false alarm, the site is actually still up. Definitely not because we suck at programming and flipped a boolean in a giant boolean logic expression that should have definitely been better factored and therefore allowed anyone with zero karma (but only exactly zero karma) to launch the missiles.
This was of course totally intended and part of a metaphor of how Petrov had to deal with shoddy software engineering and false nuclear alarms. Take this as a lesson in… something. I am sorry.
I do really wish good luck to whoever is managing the resolution of that manifold market.
I’m curious how you discovered this? Like, was it something like “oh, that was faster than expected, let’s double check we did the code right… ah shit”?
Or, well. How you think you might have discovered this, if it had happened accidentally and not on purpose, of course.
Just to clarify: Did the LW team discover a bug and take the site down while the bug was being fixed or did someone with zero karma actually push the button?
If it’s the second case:
How did you discover this given that no information about the person pressing (or rather entering the code) is being collected?
Shouldn’t this count as having the nukes launched and the site simply staying down? Just like a real-life system where the security clearance system is severely buggy and a random janitor launches the missiles by simply trying some knobs. Sure, it would suck, but it wouldn’t change the outcome.
How did you discover this given that no information about the person pressing (or rather entering the code) is being collected?
It was actually a pretty close call. I think the rest of the team had stopped working for the night and resigned themselves to the site going down so quickly, but I had a nagging doubt that something was wrong.
We currently have some code keeping track of what users pushed the big button, without launching the nukes (i.e. not entered any codes, or entered the wrong codes), mostly as a vestige from last years. By that point, already like 50 users had pressed it. I did a count on our database for any button pressed by users who were above the karma threshold, without returning any of the names, and it returned 0, so I knew that something had gone wrong.
I had also looked at the code and had a suspicion the code was quite hard to get right, because of a bunch of timezone shenanigans (which javascript has terrible handling for). So I pinged Robert and we walked through the code together and found the bug. My suspicion about timezones ended up being wrong, but we discovered a different bug that was more straightforward.
Shouldn’t this count as having the nukes launched and the site simply staying down? Just like a real-life system where the security clearance system is severely buggy and a random janitor launches the missiles by simply trying some knobs. Sure, it would suck, but it wouldn’t change the outcome.
I considered it, but I decided against it. I think false alarms are more in the same spirit of the game, and I still wanted to run the actual experiment we set out to run.
I think the rest of the team had stopped working for the night and resigned themselves to the site going down so quickly, but I had a nagging doubt that something was wrong.
I feel like there’s some kind of parallel here with Petrov’s situation that I’m not smart enough to describe beyond saying I think it exists.
I mean, I am sure glad we had it, given that it allowed me to debug this.
I also think de-facto, making it so I really couldn’t tell who launched nukes would require many hours of effort and changes to our logging infrastructure that seem ill-advised, so ultimately the only thing that whoever launches the nukes can rely on is our word and promise here. I don’t think it’s worth it for me to make that information unrecoverable, given both the risk and time cost it would entail.
Sure, but in the unlikely event that a high karma user had blown up the site immediately wouldn’t you have known their identity and broken your word? If anything I’d like you to not promise and instead say “it’s unlikely we’ll know”.
wouldn’t you have known their identity and broken your word?
No:
I did a count on our database for any button pressed by users who were above the karma threshold, without returning any of the names, and it returned 0, so I knew that something had gone wrong.
Edit: This comment refers to the site going down at 11pm PT last night, not the site going down now at ~5:40pm PT.
Hah, surprise! It was just a false alarm, the site is actually still up. Definitely not because we suck at programming and flipped a boolean in a giant boolean logic expression that should have definitely been better factored and therefore allowed anyone with zero karma (but only exactly zero karma) to launch the missiles.
This was of course totally intended and part of a metaphor of how Petrov had to deal with shoddy software engineering and false nuclear alarms. Take this as a lesson in… something. I am sorry.
I do really wish good luck to whoever is managing the resolution of that manifold market.
Yay!!!! I was unironically annoyed that we pressed the button like 2 hours in.
I’m curious how you discovered this? Like, was it something like “oh, that was faster than expected, let’s double check we did the code right… ah shit”?
Or, well. How you think you might have discovered this, if it had happened accidentally and not on purpose, of course.
I wondered about the same thing.
Just to clarify: Did the LW team discover a bug and take the site down while the bug was being fixed or did someone with zero karma actually push the button?
If it’s the second case:
How did you discover this given that no information about the person pressing (or rather entering the code) is being collected?
Shouldn’t this count as having the nukes launched and the site simply staying down? Just like a real-life system where the security clearance system is severely buggy and a random janitor launches the missiles by simply trying some knobs. Sure, it would suck, but it wouldn’t change the outcome.
It was actually a pretty close call. I think the rest of the team had stopped working for the night and resigned themselves to the site going down so quickly, but I had a nagging doubt that something was wrong.
We currently have some code keeping track of what users pushed the big button, without launching the nukes (i.e. not entered any codes, or entered the wrong codes), mostly as a vestige from last years. By that point, already like 50 users had pressed it. I did a count on our database for any button pressed by users who were above the karma threshold, without returning any of the names, and it returned 0, so I knew that something had gone wrong.
I had also looked at the code and had a suspicion the code was quite hard to get right, because of a bunch of timezone shenanigans (which javascript has terrible handling for). So I pinged Robert and we walked through the code together and found the bug. My suspicion about timezones ended up being wrong, but we discovered a different bug that was more straightforward.
I considered it, but I decided against it. I think false alarms are more in the same spirit of the game, and I still wanted to run the actual experiment we set out to run.
I feel like there’s some kind of parallel here with Petrov’s situation that I’m not smart enough to describe beyond saying I think it exists.
I think you should remove the code which checks which users pressed the button but didn’t enter the code. That seems not in the spirit of the game.
I mean, I am sure glad we had it, given that it allowed me to debug this.
I also think de-facto, making it so I really couldn’t tell who launched nukes would require many hours of effort and changes to our logging infrastructure that seem ill-advised, so ultimately the only thing that whoever launches the nukes can rely on is our word and promise here. I don’t think it’s worth it for me to make that information unrecoverable, given both the risk and time cost it would entail.
Sure, but in the unlikely event that a high karma user had blown up the site immediately wouldn’t you have known their identity and broken your word? If anything I’d like you to not promise and instead say “it’s unlikely we’ll know”.
No, I wouldn’t have known, since I intentionally only counted the number of records, not seen any details about them.
I retract my criticism.
No:
It can count metaphorically, but I still want to do the real test.
Did it go down after 21 hours when the karma threshold was at 300, or did I miscalculate?
It was up at the start of the 200 karma threshold, but I don’t know how long for.
Edit: 40 minutes.