That’s neat, actually. A very similar pattern is used by GitHub/GitLab: for example when you delete a repository, you have to type out the name of it to proceed. That forces you to take a second to think about if that is really what you want to do, and it also forces you to type out the name of the repo, preventing you from accidentally deleting the wrong one.
I remember back when I played World of Warcraft, after clicking the button, you’d have to type DELETE in a text box to confirm deleting a character. Similar idea.
I wish this was for source repos only. I often fork a repo for making typo-fixes to README and end up with a large amount of fork repos that are cumbersome to get rid of.
You’re absolutely right! It can kinda clutter up your repositories, because then it’s a mix of original things and forks of stuff that you’ve once contributed to. The thing is, the whole forking workflow makes sense for a distributed version control system. But if you’re hosting it all on a centralized platform, then why do we have to “fork” at all, why can’t we just directly push to some specific ref and have that show up as a pull request? I’m not sure if you’re familiar with Gerrit, but that is what they are doing, and it works really well (tho I don’t fully understand the workings of it).
Though you can copy paste
A fine poka-yoke.
A related idea: molly-guard asks you to input the hostname when you run shutdown over an ssh session.
One could require the number to be spelled out, or approximated
Blah blah blah 123456 machines will be affected by this. Proceed?
Enter, in words, the number of machines to continue: One hundred and twenty three thousand four hundred and fifty six
To the nearest 10,000, enter the number of affected machines: 120000
Even with something this complex you will have a learning effect set in, if you encounter it too often, where you will eventually mindlessly type in the rounded number without having thought about how big that number actually is and if it’s what you were going for.
The only thing that really works is to have the use of this kind of tool be so rare that every time you use it you’re already kind of on alert, because it’s not your usual procedure.
Yeah, typically I’ll point-and-call these sorts of potentially dangerous actions; it’s saved me numerous times in the past
There’s a patter used in many validated environments, where to take an operational action (or even signing a document) the systems asks you for your password.
It works nicely and it translates to the idea of signing an authorisation to proceed.
The issue with that is you get used to typing your password without thinking, and doesn’t prevent you from running the wrong action (e.g. targeting more machines than you intended).
This is a cool idea, I’m definitely going to look for ways to use it with new and existing systems that require a confirmation prompt.
One additional layer on top of this would be to ask the user to type in a phrase with the number of machines affected that explain what they are trying to do. This phrase could then be broadcast to an internal messaging system or such. (e.g. “I am upgrading 932 machines to the latest kernel version”, or something like that).
This is definitely a big improvement over the simple Y/n prompt, but as already hinted at in the post, when you run into this too often it loses its effectiveness. That’s even when you do tricks like the formatting one, because when you do something repeatedly the brain will eventually automate as much as possible of it without having to consciously think about it anymore, even if it is such a “complex” task, as stripping all separators.
To me when this happens too often, instead of asking more complex questions, there should be a second engineer to validate it. I’m not sure how feasible that is depending on the scenarios, but if you’re impacting the whole fleet, I’d be happy to have a coworker validate with me that the thing I’m doing actually makes sense.
A simple notification with the command that is being run sent to the on-call engineer(s) with a TOTP token that needs to be sent back to the executor makes sense to me.
Neat idea. Our prompts are too binary, too simple always. They are coupled to the computer thing that makes them work.
I’ve had another idea for dialogs, prompts, popups. They have memory. Imagine a prompt that remembers how many times it has been seen. Then there could be logic like “we really don’t want to ask them to sign up for our newsletter more than 3x, they said no 3x”. It wouldn’t work for marketing because marketing don’t care but then at least there’s memory.
They said no three times.
They said no three times.