Arguments

A working index of the claims the essays develop — propositions, not terms. Each carries the books that argue for it and the ones that complicate it.

Anticipation

1 claim · definition →

Confidence in total control is itself the most dangerous form of hubris.

The tools that extend control create vulnerabilities we cannot foresee. Each layer of automation widens the epistemic distance between system behaviour and operator understanding.

Worked out in Nov 2025 ·Jan 2026 ·Feb 2026

+

The Maniac, Benjamin Labatut

Von Neumann's confidence is the cautionary tale, not the model.
+

Normal Accidents, Charles Perrow

More monitoring and more redundancy can introduce new interaction paths that defeat oversight.
+

The Spire, William Golding

Jocelin's will substitutes for foundations; the cost is borne by everyone around him.

Circuit breakers

1 claim · definition →

The right to pause must precede the requirement to understand.

In tightly coupled systems, waiting for diagnostic certainty allows escalation. The right to halt — before the cause is known — matters more than the speed of resumption.

Worked out in Jan 2026

+

Normal Accidents, Charles Perrow

Aeroflot 593 and China Eastern 583: the coupling closed the response window before the operators could form a hypothesis.
−

ISO 22301 (business continuity), ISO

Recovery-time objectives bias governance toward fast resumption rather than safe pause.

Completeness without hierarchy

1 claim · definition →

Documentation that aspires to completeness destroys the abstraction thought requires.

When documentation captures everything, it provides no way to distinguish signal from noise. The model's value lies in what it omits — a map smaller than the territory is what makes the territory navigable.

Worked out in Feb 2026 ·Apr 2026

+

Collected Fictions, Jorge Luis Borges

Funes, the Library, and the cartographers' map — three parables for the failure mode of total documentation.
+

Seeing Like a State, James C. Scott

State simplifications are useful precisely because they are simplifications; the trouble starts when they are mistaken for the territory.
−

Enterprise architecture orthodoxy, Various

The instinct to capture every requirement, every exception, every edge case — completeness as the proxy for rigour.

Custodianship

2 claims · definition →

Custodianship, not mastery, is the relationship we can have with systems we did not build and cannot fully comprehend.

We inherit systems built on inadequate foundations and must steward rather than master. The discipline is care, not control.

Worked out in Feb 2026 ·Mar 2026

+

Piranesi, Susanna Clarke

The House is valuable because it is the House — Piranesi's posture against Ketterley's extractive search.
+

The Spire, William Golding

Jocelin's spire stands only because everyone after him refused his attitude toward it.
+

The Road, Cormac McCarthy

The father's body angled between the boy and the world is custodianship made physical.

A framework that cannot name the concrete person or thing it protects has lost contact with its purpose.

Continuity of what, for whom? Without a concrete noun on the other side, the framework maintains itself instead of what it was built to protect.

Worked out in Mar 2026 ·Apr 2026

+

The Road, Cormac McCarthy

Strip away every institutional layer and what remains is the thing the layers existed to serve.
+

Searching for Safety, Aaron Wildavsky

Safety is for survivable lives; without that telos, the resilience-anticipation debate is empty.

Degraded state

1 claim · definition →

A system running in a degraded state without showing it has already failed at governance.

Sensors overridden, alarms muted, redundant backups quietly active — the system looks normal even when its safeguards are reduced. Operators cannot respond to a degradation they cannot see.

Worked out in Jan 2026 ·Sep 2025

+

Normal Accidents, Charles Perrow

Hidden-mode automation generates contradictory cues exactly when operators are under stress.
+

Wool, Hugh Howey

The cleaning suit's failure is built into the design; only Mechanical's covert workaround restores legibility.

Essentialism

1 claim · definition →

Searching for a single root cause obscures the loops that produced the behaviour.

The instinct to compress reality into one explanation feels like rigour but is the opposite. In complex systems, ordinary actions combine into outcomes no single component caused; last-link investigation produces closure without learning.

Worked out in Dec 2025 ·Jan 2026 ·Apr 2026

+

Thinking in Systems, Donella Meadows

Behaviour comes from the structure of relationships, not from any single component.
+

Normal Accidents, Charles Perrow

System accidents are by definition not attributable to a single proximate cause.
−

ISO 9001 / GMP CAPA frameworks, Various standards bodies

Corrective-action regimes pressurise organisations toward identifying *the* cause, even when none exists.

Information flows

1 claim · definition →

Information asymmetry, sustained, becomes the governance mechanism.

When operators cannot verify what they are shown, whoever controls the interface governs through perception rather than consent. Authority that cannot be challenged is opacity dressed as oversight.

Worked out in Sep 2025 ·Apr 2026

+

Wool, Hugh Howey

IT's authority rests on the camera lens, not on consent — and the rule lasts only as long as the lens is unchallenged.
+

Seeing Like a State, James C. Scott

Administrative legibility is asymmetric by design: visible to the state, opaque to those rendered legible.
−

NIS2, European Commission

Mandates supply-chain visibility on the assumption that asymmetries can be inventoried — but the asymmetry the directive targets is structural, not accidental.

Interactive complexity

1 claim · definition →

Systems sophisticated enough to learn are systems we cannot fully predict.

Adaptive capacity requires fallibility — the capacity to err, deviate, and behave novelly. Regimes that demand determinism foreclose the very capability adaptation depends on.

Worked out in Nov 2025

+

The Maniac, Benjamin Labatut

Von Neumann's insight that intelligence requires fallibility — and that machines must err to think.
−

GAMP 5 / GxP validation frameworks, ISPE

Validation lifecycle assumes specifiable, reproducible behaviour; learning systems break the assumption.

Legibility

2 claims · definition → · quotes →

The act of making a system legible distorts what it claims to observe.

Measurement is not neutral. The categories chosen to render a system visible to administrative power shape what it becomes; the map, backed by power, remakes the territory it claims merely to describe.

Worked out in Apr 2026 ·Sep 2025

+

Seeing Like a State, James C. Scott

High-modernist legibility as an active reshaping of the legible.
+

Things Fall Apart, Chinua Achebe

Legibility from the receiving end — Umuofia's order erased into the District Commissioner's paragraph.
+

Wool, Hugh Howey

The camera lens and the AR helmet do not show the world; they manufacture a version operators will police.

Practical knowledge cannot survive the translation into formal procedure.

Mētis — the embodied, contextual knowledge of practitioners — degrades when codified. The codification preserves the form and loses the function.

Worked out in Apr 2026 ·Oct 2025

+

Seeing Like a State, James C. Scott

Mētis as the residue formal knowledge cannot capture.
+

The Volga Rises in Europe, Curzio Malaparte

The German mechanics' calm, deliberate gestures under fire are mētis — the workplace knowledge that procedures cannot specify.
+

Street-Level Bureaucracy, Michael Lipsky

Frontline workers' adaptive routines as the actual operating system of the state.

Legitimacy

1 claim · definition →

Legibility is not legitimacy: the capacity to be read is not the right to be trusted.

A system can satisfy every regulatory criterion and still be rejected by the operators it claims to serve. The audit signature certifies the audit was conducted, not that the system has earned the consent of those it governs.

Worked out in Apr 2026 ·Sep 2025

+

Seeing Like a State, James C. Scott

Legibility's structural confidence — what the framework cannot read does not exist for the framework.
+

Things Fall Apart, Chinua Achebe

Umuofia's governance is legitimate without being legible; the colonial replacement inverts both properties.
−

GAMP 5, ISPE

Validation lifecycle treats the produced documentation as evidence the system works, not merely evidence it can be read.

Leverage points

1 claim · definition →

The highest leverage point is the paradigm from which the system arises.

Changing parameters and incentives produces minor adjustments. Changing the mindset from which the goals, rules, and feedback loops arise reconfigures the system.

Worked out in Dec 2025

+

Thinking in Systems, Donella Meadows

The twelve leverage points place mindset above all parameter and structure interventions.
+

The Dispossessed, Ursula K. Le Guin

Shevek's General Temporal Theory reconfigures Anarres-Urras relations not by force but by changing what value means.

Map vs. territory

1 claim · definition →

Orientation, not comprehension, is what governance documentation can realistically provide.

Useful documentation maps a navigable corner rather than aspiring to totality. The practitioner who survives complex systems orients without claiming to know more than they do.

Worked out in Feb 2026 ·Apr 2026

+

Piranesi, Susanna Clarke

The Catalogue and the Table of Tides as orientation, not mastery.
+

Seeing Like a State, James C. Scott

The cadastral map is useful as a partial view; it becomes dangerous when it forgets what it omits.

Megaproject

1 claim · quotes →

Megaprojects fail not from technical complexity but from coalitional fragility.

The dominant failure mode is the political coalition authorising the project, which fractures under the time horizons megaprojects require. Technical complexity is merely the medium through which coalitional decay expresses itself.

Worked out in Feb 2026

+

How Big Things Get Done, Bent Flyvbjerg

Empirical record points to coalition decay as the dominant failure mode.
+

The Spire, William Golding

The cathedral is a coalition; the spire is what the coalition cannot bear.

Resilience

3 claims · definition → · quotes →

Anticipation cannot replace resilience.

When failure modes are intractable, predicting every one costs more than preparing to recover from any. Anticipation buys less than the adaptive capacity that copes with what prediction cannot reach.

Worked out in Mar 2026 ·Jan 2026 ·Apr 2026

+

Searching for Safety, Aaron Wildavsky

Reactive resilience > predictive anticipation when failure modes are intractable.
+

Normal Accidents, Charles Perrow

Coupling × interaction-complexity makes some failures unanticipatable.
+

The Road, Cormac McCarthy

Pure trial-and-error governance under conditions where every anticipatory framework has failed.
−

How Big Things Get Done, Bent Flyvbjerg

Reference-class forecasting recovers a great deal of anticipatory power.

Failure is the most reliable information a system produces about itself.

A safe system that has not failed has not been tested. Near-misses, recoveries, and small failures are primary data; without trials there are no errors, and without errors there is no learning.

Worked out in Mar 2026 ·Jan 2026 ·Nov 2025

+

Searching for Safety, Aaron Wildavsky

Trial-and-error as the only reliable safety-information mechanism.
+

Normal Accidents, Charles Perrow

Catalogues failure modes as the empirical inputs to system design.
−

The Maniac, Benjamin Labatut

Von Neumann's wager that we can predict the stable and control the unstable — failure as nuisance to be designed out.

Stability is not health: a system that suppresses feedback for unity silences what makes it adaptable.

The absence of disturbance is not strength but the loss of the mechanism by which a system knows itself. Adaptability comes from absorbing change, not from suppressing it.

Worked out in Dec 2025 ·Sep 2025

+

Thinking in Systems, Donella Meadows

A system that can't change is dead; resilience requires open feedback.
+

The Dispossessed, Ursula K. Le Guin

Anarres' moral consensus ossifies into dogma the moment dissent becomes betrayal.
+

Wool, Hugh Howey

The silo's apparent stability is the absence of anyone who can challenge IT's reading of the world.

Safety as process

1 claim · definition →

Safety has a half-life: it degrades unless continuously re-accomplished.

Safety is not a state achieved and preserved but what emerges when risk is engaged, absorbed, and survived. The decline is invisible until it is too late.

Worked out in Mar 2026

+

Searching for Safety, Aaron Wildavsky

The secret of safety lies in danger; searching is the end.
−

ISO 22301 (business continuity), ISO

Frames continuity as a programme to be implemented and audited rather than a process that decays without continuous reaccomplishment.

Self-referential compliance

1 claim · definition →

Compliance regimes that reward documentation drift toward certifying themselves rather than the system.

Validation passing is treated as evidence the system works rather than evidence it can produce documentation. At each step, readability is mistaken for trustworthiness.

Worked out in Apr 2026 ·Jan 2026

+

Seeing Like a State, James C. Scott

The framework that has forgotten it is a simplification confuses its categories with the world.
+

Normal Accidents, Charles Perrow

Procedural closure after incidents prevents the system-level learning that compliance was meant to enable.
−

ISO 27001 / NIS2, Various standards bodies

Properly implemented controls remain meaningful — but the standard has no defence against organisations that treat its filings as the goal.

Socio-technical system

1 claim · definition →

Technical discipline under stress is sustained by craft identity, not by formal hierarchy.

Operators sustain technical precision under stress because craft identity demands it, not because hierarchy compels it. Treat operators as interchangeable resources and you eliminate the bonds that response depends on.

Worked out in Oct 2025

+

The Volga Rises in Europe, Curzio Malaparte

Soldiers as artisans; NCOs as foremen; the unit held together by bonds of craft rather than rank.
−

Scientific-management tradition, Various

Treats workers as substitutable executors of standardised procedure — the disposition Malaparte's mobile foundry quietly refutes.

Strategic misrepresentation

1 claim · definition →

Megaproject approval selects for delusion: the projects most likely to be approved are those with the most deceptive forecasts.

Underestimate costs to win approval; once committed, sunk-cost dynamics and political pressure make reversal impossible. The system selects for optimism, not viability.

Worked out in Feb 2026

+

How Big Things Get Done, Bent Flyvbjerg

Survival of the unfittest — bias is structural, not psychological.
−

Traditional project-management orthodoxy, Various

Frames optimism bias as a correctable error of individual planners rather than a selection effect of the approval process.

Tight coupling

1 claim · definition → · quotes →

Coupling is a design choice, not a property of the world.

Engineers tighten coupling for efficiency without acknowledging the resilience cost. Buffers and circuit breakers are not waste — they are what allows intervention before correct components combine into catastrophe.

Worked out in Jan 2026 ·Dec 2025

+

Normal Accidents, Charles Perrow

Coupling as a deliberate axis on the systems-design 2×2.
+

Thinking in Systems, Donella Meadows

The 'and' between components is the designer's choice.
−

The Maniac, Benjamin Labatut

Von Neumann's logic of acceleration treats coupling as an opportunity for control rather than a risk to absorb.