Molly guard in reverse

Posted by surprisetalk 1 day ago

Molly guard in reverse(unsung.aresluna.org)

https://en.wiktionary.org/wiki/molly-guard

199 points | 80 commentspage 3

cynicalsecurity 10 hours ago|

"Reverse Molly guard" is dead man's switch.

ogogmad 11 hours ago||

This sounded at first like a mouth guard, to stop teeth grinding.

TiredOfLife 13 hours ago||

Does the disk drive or sim card slot ejector really qualify as Molly Guard?

pocksuppet 13 hours ago|

The guard is it being a tiny hole you have to find a tool to reach into, instead of a button.

davidshepherd7 16 hours ago||

That page is copied verbatim from https://unsung.aresluna.org/molly-guard-in-reverse/ (which is linked at the top). The original page also has much better formatting.

dang 6 hours ago||

Changed now from https://bookofjoe2.blogspot.com/2026/02/molly-guard.html above. Thanks!

clbrmbr 13 hours ago|||

@dang Can a moderator update the link? The original is much better and we shouldn’t promote the copyposter.

bookofjoe 6 hours ago|||

I just emailed a screenshot of this discussion to @dang.

I await his response.

bookofjoe 8 hours ago|||

Full disclosure: I posted the original and it disappeared from HN so fast it made my head spin.

Isn't it better that someone gave it a second chance, even if only by clicking a link?

MYEUHD 7 hours ago|||

You made 94 posts in the past 10 days...

bookofjoe 6 hours ago||

What is your point? As a rule I post to HN around 10x/day, pretty much hourly.... Judging by how regularly my posts appear at the top of the HN homepage, others appear to welcome my contributions.

albedoa 7 hours ago|||

No, your behavior is weird and hostile actually. Does Marcin even know that you lifted the content?

A traditional link blog would highlight a short excerpt so that the reader might be encouraged to click through to the full piece.

bookofjoe 6 hours ago||

Yes. I just emailed him, in fact, and he responded with details, no hostility!

>your behavior is weird and hostile actually

Look in the mirror.

>A traditional link blog would highlight a short excerpt so that the reader might be encouraged to click through to the full piece.

Mine is not a "traditional link blog" nor has it ever been since its inception on August 24, 2004. You're the first person I've known to use the phrase "traditional link blog." I like it! Maybe you should start one.

bookofjoe 6 hours ago|||

BTW I agree about the formatting being much better. Alas, I'm limited to Google's primitive Blogger as a host so that's the best I can do.

batisteo 13 hours ago||

…and Google-hosted.

bookofjoe 8 hours ago||

Sorry about that.

Typepad, which hosted my original blog since August 24, 2004, on September 1, 2025 gave me 30 days notice that it would shut down at midnight September 30, 2025, making my roughly 40,000 (not a typo) past posts inaccessible.

I spent a frantic month trying about 10 blog hosts seeking one I, a card-carrying Technodolt, could actually use without a lot of pain.

The only one that came close was Google's Blogger.

Alas, it's horrible: janky, confusing, and always changing something I thought I'd finalized.

Oh well...

yolosollo 18 hours ago||

[dead]

spongebobstoes 18 hours ago|

this isn't like a Molly guard. this is like asking the toddler to be careful

fainpul 17 hours ago|

Just please don't start adding molly-guards to your software. The concept only makes sense in the physical world, e.g. where the "important button", that you might never have to press, needs to be in reach all the time. In software, there are better solutions.

hrmtst93837 10 hours ago||

Spend a week with a self-service admin dashboard and you'll learn why software needs molly guards too, because one-click disasters are common online.

fainpul 9 hours ago||

> In software, there are better solutions.

You missed the point. Most things can be solved better. For example with undo or "fake undo" based on a delayed action or many other solutions, depending on the individual problem. Just asking "are you sure?" or forcing the user to jump through some hoops is the laziest and least user friendly way.

fragmede 17 hours ago||

my favorite Debian package is Mollyguard so when you shut down a server remotely via SSH it just checks the second time to make sure you really wanted to shut down that server and not your laptop.

fainpul 17 hours ago||

"Are you sure?" type guards are not suitable for actions which the user does regularly. If a user repeats this action regularly, they quickly automate the thought process (i.e. don't give it any thought anymore) and it becomes useless.

sixhobbits 16 hours ago|||

Reminds me of this Matt Levine

>> At 08:56 a ‘Trade Limit Warning’ pop-up alert appeared within PTE. This presented the trader with 711 warning messages, consisting of hard block and soft block messages, listed in a single alert where only the first 18 lines of alerts were immediately visible unless the person who received the alert scrolled down. The trader did not appreciate their inputting error and overrode all of the soft warnings in the pop-up.

> You get 711 alerts, you only see 18 of them, you are like “ehh 18 alerts is pretty much the normal number,” you override them all without reading.

kqr 14 hours ago||||

I agree. Fortunately, molly-guard the software can be configured with automated checks to allow safe actions (e.g. shutting down servers that don't receive significant traffic) without pestering the user.

This means a properly configured mollly-guard is invisible for routine actions but kicks in only when a genuine mistake is suspected because the operation would cause some sort of meaningful loss. That way, users aren't trained to ignore it.

fainpul 14 hours ago||

> can be configured with automated checks to allow safe actions (e.g. shutting down servers that don't receive significant traffic)

That's clever. This is what I meant when I wrote, that software allows for better solutions.

selfhoster11 16 hours ago||||

Which is why that's not what it does. It asks you to input the hostname instead, just like deleting a repo in Github does.

fainpul 16 hours ago||

I know how it works. Please don't nit-pick. It's an interruption that forces the user to confirm. That's what I meant.

I discussed this also here:

https://news.ycombinator.com/item?id=46845740

fragmede 16 hours ago||

It's not nitpicking. The nature of the interruption being different is material. I've lost files to automatically answering yes to rm -i y/n confirm. Typing the hostname itself is different enough to get me, at least to stop and go wait, hold on. And snap me out of doing the wrong one. Especially an SSH gateway machine.

devnotes77 9 hours ago|||

[dead]