> Sometimes it feels as though existing problems get a free pass because of tradition
In safety-critical systems, known problems are often tolerated because they are predictable. In these cases, mitigations are understood, and there's a well-defined upper bound on the amount of damage that can be caused if the mitigations fail.
> but new issues (even if addressed) are scary and so the entire thing should be stopped.
New issues are unpredictable, and do not have known mitigations. (Once they can be reliably predicted and mitigated, they are no longer "new".) There's also no known upper bound on the amount of damage these issues can cause.
As an added bonus, the quantity of bugs in a long-deployed system is generally well understood, while it's difficult to place an upper bound on the number of bugs in a system that hasn't been tested in production yet.
To make this concrete: Imagine finding a bug that causes several thousand phones to occasionally reboot unexpectedly. Pleased with yourself, you publish a patch and push it out to all affected devices.
One week later, a thousand of those devices power off and never power on again--they've been permanently bricked by your update.
Are your users angry because you refused to give the random reboots a "free pass" because of "tradition"? Or are they angry because you made drastic changes to a system that basically worked without taking the time to understand the consequences?
> In safety-critical systems, known problems are often tolerated because they are predictable. In these cases, mitigations are understood, and there's a well-defined upper bound on the amount of damage that can be caused if the mitigations fail.
Oh, voter suppression is well-understood and predictable. I disagree with you that mitigations have been effective.
In safety-critical systems, known problems are often tolerated because they are predictable. In these cases, mitigations are understood, and there's a well-defined upper bound on the amount of damage that can be caused if the mitigations fail.
> but new issues (even if addressed) are scary and so the entire thing should be stopped.
New issues are unpredictable, and do not have known mitigations. (Once they can be reliably predicted and mitigated, they are no longer "new".) There's also no known upper bound on the amount of damage these issues can cause.
As an added bonus, the quantity of bugs in a long-deployed system is generally well understood, while it's difficult to place an upper bound on the number of bugs in a system that hasn't been tested in production yet.
To make this concrete: Imagine finding a bug that causes several thousand phones to occasionally reboot unexpectedly. Pleased with yourself, you publish a patch and push it out to all affected devices.
One week later, a thousand of those devices power off and never power on again--they've been permanently bricked by your update.
Are your users angry because you refused to give the random reboots a "free pass" because of "tradition"? Or are they angry because you made drastic changes to a system that basically worked without taking the time to understand the consequences?