The major thing that springs to mind here is I've never seen a compelling reason to believe that the original CIA suggestions actually worked. In my experience workers like that exist naturally and organisations are great at just sidelining them. I think in that section the CIA was just writing a listicle that sounded good [0].
The way to cripple a company is to get bad people promoted into management and have them optimise something plausible but not profitable. Like what happened in a lot of slow-fail engineering companies - insist on maximising the profit metric to the point where the actual product becomes compromised. That strategy can be intiated from almost anywhere in management too because a constant "what if we optimise for profit" [1] usually does well at meetings.
Being a destructive CTO is almost too easy. Just don't do anything much, weed out any competent people in the level below you and develop a culture of pushing blame aaaaalllllllll the way down the org chart, ideally out of the technical part of the tree, so that nothing broken gets fixed. When people catch on, allow blame to move 1 level up the org chart and do a big shakeup to clear out any institutional knowledge that might have built up in spite of you. That game can go on for years.
[0] I've seen people where "do things through official channels" and "demand written orders" would have made them more productive. We are our own worst enemies.
[1] Yes, the irony here is that naive optimising for profit is typically not profitable.
> I've never seen a compelling reason to believe that the original CIA suggestions actually worked.
Let’s set asside the fact that the document wasn’t written by the CIA.
The purported goal of this document was to provide practicaly applicable advice to the regular citizen who found themselves under enemy occupation. Most concretely to be given to the French people who did not like the German occupation.
You are talking about the strategy “working” or “not working” as if these are binary things. The goal here was not that these simple steps will bring Germany to their knees but to increase the cost of the occupation. To cause enough deniable friction which bogs down the resources and make everything just a bit more inefficient.
> In my experience workers like that exist naturally
They do. And that is the point. That is what makes these strategies deniable.
> and organisations are great at just sidelining them
If that is your experience I would love to work where you worked. In my experience when someone is following this strategy sidelining only happens slowly and at great costs. One of the many costs is people comitting avoidable blunders when they dismiss real and well reasoned objections in their haste to cut through a sea of useless ones.
> to get bad people promoted into management
Sure. But that takes time. You are thinking on a different time scale than the authors of this document were thinking about. The document was published in Jan 1944. The Normandy landings happened in June the same year and by the end of the next year the war was won. You don’t have time to slowly promote bad people into management. If a dude who read your booklet bumbles about a bit and delays the repair of a train line by days that is a win in this context. Nobody expected that Germany is going to collapse on their own just because enough people sabotage meetings and plug up toilets. (That is by the way also a suggestion from the manual 5.1.b.2. Somewhat less often cited than the points applicable to office work.)
You can do far far worse than naive optimizing for profit. Optimizing for *REPORTED* profit.
People learn very quickly to manipulate the reporting, modeling, and accounting.
Just less than two decades ago we had the entire financial system lending massive amounts of money to the worst possible borrowers and REPORTING massive profits.
Oh yeah, this one really is fun. We used to joke that the CTO of one of the companies I worked for made a killing as his second job was for our competitors.
Turns out the dude has been doing that for about 15 years between various places and now is about to retire, blameless in the eyes of everyone who doesn't understand what happened.
They do work, we had a director who did all that in a previous company (probably unintentionally), and things ground to a halt and productivity fell to zero.
> CIA produced a fantastic book during the peak of World War 2 called Simple Sabotage.
Not quite right. The Office of Strategic Services did that. The CIA was created only in 1947 several years after the end of the second World War in 1945.
The manual misses the most important step: getting rid of people who have even the slightest idea of how the product as a whole should work and/or a coherent vision of a better future. The word "vision" is not even present in the text. Visioners are the ones who can sabotage the saboteurs.
A good subject for organizational theory case studies would be the relative cultural immunity of companies with a well-articulated founding vision document, charter of principles, or other operational guidance for employees.
The 'Hiring' section needs an update: ask Leetcode hard-level problems, and demand to witness enlightenment and an optimized solution in under 30 minutes. Uncertainty and doubt shall not be tolerated.
This is interesting because a lot of the decisions to “sabotage” are about convincing people to attempt to cover their own asses.
I think in that light, number 1 is to foster an atmosphere of fear where anyone attempting to make things better will be confronted if things don’t go perfectly.
> Make sure production environment differs from developer environments in as many ways as possible.
I feel like this, in some capacity, is borderline inevitable in the modern architectures with a bunch of external services, or at the very least will 100% require that your devs are connected to the Internet all the time to be able to do anything, vs systems that are 100% self hostable.
Or even just running a complex Kubernetes cluster with a service mesh and other solutions on the test/staging/prod infra vs loosely mapping to more lightweight options locally, unless you have a super beefy setup. And even then, if everything is split into multiple separate services far enough, you just won't be able to run everything locally, meaning that you need to use some of the components from shared dev environments which will inevitably lead to stepping on each other's heels.
Once you go past something like Docker Compose for local environments, things can go sour.
The way I think about this without going insane isn't "developer environment must be exactly the same as production environment" because like you said, you'll never do it — there's too many things you can't replicate locally.
So I flip it around — production should work exactly like the development environments. If there's a a difference between the two that matters we update production to match. You want to talk to other services by a well-known container name instead of an env var we
pass? Sure, whatever we can do that.
The eight rules laid out in the beginning of the article are strictly followed, almost word-for-word, at my workplace. Not ironically, not for sabotage reasons, but legitimately as "best practices".
It's a miracle that somehow the company remains in business.
In a web context, I was thinking this when I checked out the web site of the Electronic Frontier Foundation (EFF) [1]; why would they use a thin, small typeface with light gray color on a bright/white background which makes the text less appealing to read? It must be subtle sabotage from within!
(Some may counter this with Hanlon's razor [2]; Never attribute to malice that which is adequately explained by stupidity.)
All this is so normalized these days that many of the items on this list are referred to with reverence as best practice.
Plus calling these things "sabotage" isn't right even as a metaphor, and IMO confuses the issue. These people aren't on a third-party payroll, they are just self-serving.
No one is creeping into your office in the middle of the night. You invited them over, let them in, watched them piss in the fish tank, and then gave them a promotion and a raise. Now you're surprised everyone is lining up to fuck up the place? As usual the value judgements are just a distraction in matters of economics, look at the incentives.
> Deploy as infrequently as possible. Urge extreme caution about deployments. Leverage any production issue as a reason to “pull the brakes”.
Deploying infrequently doesn't necessarily sabotage things if it results in well-written and tested code before deployments, which tends to create stable systems. If anything, it's the opposite of "move fast and break things." If you want to sabotage things, urge frequent deployment and minimal testing.
Not sure about the entire list, but I've seen 4 of those many times. They are common techniques of impostor-employee to fool an impostor-manager:
1. A person who knows little of the topic assumes that talking a lot means knowing a lot. Hence long ChatGPT-like speeches. This has been my personal number 1 red flag since long before LLMs became a thing.
2. An incompetent manager is helpless in a situation when "everybody screwed up a little bit" as they don't pay attention to ownership or don't even understand its importance. Hence creating groups/committees to blur personal responsibility.
3. "Bring up irrelevant issues" is natural consequence of not understanding the topic very well, combined with forcing oneself to take part in the discussion. Pretty sure it's not even intentional. But either way, it's irrelevant from your point of view, but not from the the manager's, so it works.
4. Advocate caution at everything is because if the team screws up and attracts attention from higher ups, people at the most risk will be the lowest performers and the manager. It's a shared interest.
In fact, a sabotage manual should include the opposite action for each point. These are not the methods of sabotage, they're the methods of shrouding your sabotage in plausibility. It wouldn't provide you plausible deniability if doing the things on the list was never reasonable.
It's cute, but in quite a few industries, a lot of these are driven by outside e.g regulatory forces that have proven to be necessary ("written in blood" etc), so the better question to ask is how many of these process encumberments can be streamlined e.g with paved road approaches.
Security and compliance benefit heavily from this approach, and I'm sure it can be extended elsewhere as well (architecture reviews etc).
[+] [-] roenxi|1 year ago|reply
The way to cripple a company is to get bad people promoted into management and have them optimise something plausible but not profitable. Like what happened in a lot of slow-fail engineering companies - insist on maximising the profit metric to the point where the actual product becomes compromised. That strategy can be intiated from almost anywhere in management too because a constant "what if we optimise for profit" [1] usually does well at meetings.
Being a destructive CTO is almost too easy. Just don't do anything much, weed out any competent people in the level below you and develop a culture of pushing blame aaaaalllllllll the way down the org chart, ideally out of the technical part of the tree, so that nothing broken gets fixed. When people catch on, allow blame to move 1 level up the org chart and do a big shakeup to clear out any institutional knowledge that might have built up in spite of you. That game can go on for years.
[0] I've seen people where "do things through official channels" and "demand written orders" would have made them more productive. We are our own worst enemies.
[1] Yes, the irony here is that naive optimising for profit is typically not profitable.
[+] [-] krisoft|1 year ago|reply
Let’s set asside the fact that the document wasn’t written by the CIA.
The purported goal of this document was to provide practicaly applicable advice to the regular citizen who found themselves under enemy occupation. Most concretely to be given to the French people who did not like the German occupation.
You are talking about the strategy “working” or “not working” as if these are binary things. The goal here was not that these simple steps will bring Germany to their knees but to increase the cost of the occupation. To cause enough deniable friction which bogs down the resources and make everything just a bit more inefficient.
> In my experience workers like that exist naturally
They do. And that is the point. That is what makes these strategies deniable.
> and organisations are great at just sidelining them
If that is your experience I would love to work where you worked. In my experience when someone is following this strategy sidelining only happens slowly and at great costs. One of the many costs is people comitting avoidable blunders when they dismiss real and well reasoned objections in their haste to cut through a sea of useless ones.
> to get bad people promoted into management
Sure. But that takes time. You are thinking on a different time scale than the authors of this document were thinking about. The document was published in Jan 1944. The Normandy landings happened in June the same year and by the end of the next year the war was won. You don’t have time to slowly promote bad people into management. If a dude who read your booklet bumbles about a bit and delays the repair of a train line by days that is a win in this context. Nobody expected that Germany is going to collapse on their own just because enough people sabotage meetings and plug up toilets. (That is by the way also a suggestion from the manual 5.1.b.2. Somewhat less often cited than the points applicable to office work.)
[+] [-] oldgradstudent|1 year ago|reply
People learn very quickly to manipulate the reporting, modeling, and accounting.
Just less than two decades ago we had the entire financial system lending massive amounts of money to the worst possible borrowers and REPORTING massive profits.
[+] [-] jt2190|1 year ago|reply
[+] [-] thih9|1 year ago|reply
Naive optimizing for anything, while consuming that metric as fuel, has that effect.
A.k.a. “We will continue having meetings until we figure out why productivity is dropping”.
[+] [-] hobs|1 year ago|reply
Turns out the dude has been doing that for about 15 years between various places and now is about to retire, blameless in the eyes of everyone who doesn't understand what happened.
[+] [-] stavros|1 year ago|reply
[+] [-] mattacular|1 year ago|reply
Yes but only over a relatively long time period, which the overarching system itself is not incentivizing anyone to look at too carefully.
[+] [-] krisoft|1 year ago|reply
Not quite right. The Office of Strategic Services did that. The CIA was created only in 1947 several years after the end of the second World War in 1945.
[+] [-] llm_trw|1 year ago|reply
Excellent. Continue the good work.
[+] [-] hinkley|1 year ago|reply
[+] [-] patrakov|1 year ago|reply
[+] [-] unknown|1 year ago|reply
[deleted]
[+] [-] walterbell|1 year ago|reply
[+] [-] penguin_booze|1 year ago|reply
[+] [-] ohyes|1 year ago|reply
I think in that light, number 1 is to foster an atmosphere of fear where anyone attempting to make things better will be confronted if things don’t go perfectly.
[+] [-] KronisLV|1 year ago|reply
I feel like this, in some capacity, is borderline inevitable in the modern architectures with a bunch of external services, or at the very least will 100% require that your devs are connected to the Internet all the time to be able to do anything, vs systems that are 100% self hostable.
Or even just running a complex Kubernetes cluster with a service mesh and other solutions on the test/staging/prod infra vs loosely mapping to more lightweight options locally, unless you have a super beefy setup. And even then, if everything is split into multiple separate services far enough, you just won't be able to run everything locally, meaning that you need to use some of the components from shared dev environments which will inevitably lead to stepping on each other's heels.
Once you go past something like Docker Compose for local environments, things can go sour.
[+] [-] Spivak|1 year ago|reply
So I flip it around — production should work exactly like the development environments. If there's a a difference between the two that matters we update production to match. You want to talk to other services by a well-known container name instead of an env var we pass? Sure, whatever we can do that.
[+] [-] hinkley|1 year ago|reply
[+] [-] teddyh|1 year ago|reply
[+] [-] btbuildem|1 year ago|reply
It's a miracle that somehow the company remains in business.
[+] [-] xjay|1 year ago|reply
(Some may counter this with Hanlon's razor [2]; Never attribute to malice that which is adequately explained by stupidity.)
[1] https://www.eff.org/
[2] https://en.wikipedia.org/wiki/Hanlon's_razor
[+] [-] wgx|1 year ago|reply
[+] [-] misswaterfairy|1 year ago|reply
[+] [-] pcloadletter_|1 year ago|reply
[+] [-] photonthug|1 year ago|reply
Plus calling these things "sabotage" isn't right even as a metaphor, and IMO confuses the issue. These people aren't on a third-party payroll, they are just self-serving.
No one is creeping into your office in the middle of the night. You invited them over, let them in, watched them piss in the fish tank, and then gave them a promotion and a raise. Now you're surprised everyone is lining up to fuck up the place? As usual the value judgements are just a distraction in matters of economics, look at the incentives.
[+] [-] oopsallmagic|1 year ago|reply
[+] [-] kmoser|1 year ago|reply
Deploying infrequently doesn't necessarily sabotage things if it results in well-written and tested code before deployments, which tends to create stable systems. If anything, it's the opposite of "move fast and break things." If you want to sabotage things, urge frequent deployment and minimal testing.
[+] [-] kstrauser|1 year ago|reply
> This is from the 1994 music video Sabotage by Beastie Boys. The lyrics are mostly about technology leadership and developer productivity.
That caught me off guard. Well done.
[+] [-] lemonlime0x3C33|1 year ago|reply
[+] [-] hamstergene|1 year ago|reply
1. A person who knows little of the topic assumes that talking a lot means knowing a lot. Hence long ChatGPT-like speeches. This has been my personal number 1 red flag since long before LLMs became a thing.
2. An incompetent manager is helpless in a situation when "everybody screwed up a little bit" as they don't pay attention to ownership or don't even understand its importance. Hence creating groups/committees to blur personal responsibility.
3. "Bring up irrelevant issues" is natural consequence of not understanding the topic very well, combined with forcing oneself to take part in the discussion. Pretty sure it's not even intentional. But either way, it's irrelevant from your point of view, but not from the the manager's, so it works.
4. Advocate caution at everything is because if the team screws up and attracts attention from higher ups, people at the most risk will be the lowest performers and the manager. It's a shared interest.
[+] [-] desio|1 year ago|reply
[+] [-] ohyes|1 year ago|reply
[+] [-] mike_hock|1 year ago|reply
[+] [-] red_admiral|1 year ago|reply
[+] [-] glitchc|1 year ago|reply
[+] [-] unknown|1 year ago|reply
[deleted]
[+] [-] quantum_state|1 year ago|reply
[+] [-] eganist|1 year ago|reply
Security and compliance benefit heavily from this approach, and I'm sure it can be extended elsewhere as well (architecture reviews etc).