As I type this, it’s hot here in Amsterdam. In the past, one might have said ‘unseasonably warm’ a phrase that, in our current circumstances, seems like a form of wishful thinking, an echo of an earlier time – not more innocent but not as burdened with the hyper-problem of C02. I mention the temperature, and add the fact that I don’t have air conditioning (because traditionally, it wasn’t needed), to set expectations; this may not be the sharpest bit of work. But then again, perhaps I’ll rise, like the temperature, to the occasion.

But enough preamble.

In a recent edition of educator and angry Marxist uncle Derrick Varn’s ever excellent Youtube program, Varn Vlog, the subject of ‘kludges’ is discussed. Merriam Webster states that  a kludge is “a haphazard or makeshift solution to a problem and especially to a computer or programming problem” which is precisely right. Varn builds on the theme of kludges to explain the provisional character of modern systems – not just technical but bureaucracies, corporations, and so on.

I know a thing or two about kludges, having worked in the technology industry for decades – an industry that is essentially a massive ziggurat of kludges, covered by a polished surface to hide the stone knives, bear skins, rubber bands, glue and endless scurrying about. Apple, for example, pretends to run with the smooth efficiency of a Borg cube but is really an assemblage of various kludges, deployed to increase market share and profitability (the only real goals).

Now I’m going to tell you a brief story about a kludge I was compelled to put into place, forced, as Varn would note, by path dependencies. The story’s point isn’t to elicit sympathy (or perhaps, considering the system I’m describing, horror) but to give you a glimpse into just how right Varn is and how sloppy things can be. This is only one of many such stories I could tell.

The Saga of Phil’s Server

Once upon a time, never mind how many years ago, I was consulting at an energy company, let’s call it SPARK which, in addition to owning a variety of power generation systems – hydro, fossil, nuclear, across the continental US – also had an energy futures trading division. This division, which I’ll call SPARK-HYPERION because it captures the degree of self regard and the amount of money generated (many billions) was responsible for calculating the available excess generating capacity of SPARK’s fleet of assets alongside weather conditions in various markets and the correspondingly forecasted need. SPARK is part of the PJM Interconnection network which makes it possible to send power between regions.

PJM Interconnect – Example Data

Here’s the scenario: 

Let’s say that a weather event in a neighboring region (perhaps a heat wave) increases electricity demand in excess of that region’s capacity. Through the interconnection of regions, SPARK could send spare power from its assets to the region in need, but of course, for a price, generating a profit from the trade. The forecasting of potential need in neighboring regions, based on a combination of real-time weather satellite data, and real-time power generation data was considered a key strategic capability and millions were spent on keeping this at a state of the art level (one project I led was creating a method for distributing the computational requirements for analysis across the spare capacity of idle office PCs at night – that was fun).


Keep this word in mind because it explains what happens next in our story.

Energy futures traders needed data from power plants to determine what was available on the market. This is why Phil (of course, not his real name) had access to a live feed of the megawatt output of a nuclear power plant that was part of SPARK’s generating portfolio. What Phil’s requirement didn’t explain was the reason this system, which connected to the nuke plant’s SCADA, showing, via a web interface, coolant levels and other critical things, was under his desk.  What his job requirement also didn’t explain was why that system was available to pretty much everyone on the corporate network. Just drop the address of the server into your browser and poof! Instant access to nuke plant data. 

The Tru64 Unix system that connected to a nuclear power plant was under Phil’s desk, within easy reach of anyone strolling by with their terrible office coffee; not in a data center.  That was the first kludge; a rushed together ‘solution’ designed to give Phil the data he needed with minimal latency but also, as a knock on effect, minimal security. I discovered this troublesome computer during a security assessment of the corporate network using a Nessus vulnerability scanner system I created from a spare PC running the Linux operating system. There I was, sitting at my desk, sipping tea like a character in a BBC murder mystery. The results showed a system, on the corporate network, running a web server. How interesting. I browsed to the site, saw the status of a nuclear power plant, and nearly spat out my tea. Quietly, I walked into the office of the VP of information technology. ‘If you don’t want an unpleasant visit from Homeland Security and the Federal Energy Regulatory Commission‘, I started, ‘I suggest you listen to what I’m about to tell you.’ What a marvelous, completely normal day.

The second kludge was from me, a forced mitigation compelled by path dependencies including palpable executive fear of disrupting, for even the shortest of moments, Phil’s multimillion dollar generating workflow by moving the system to where it should have been all along, the data center (no reader, not even an after hour or weekend move was permitted – no one wanted to be the exec who said yes to that in case anything went wrong). I couldn’t move the system to a more secure location, with all that would have meant for enhanced monitoring and control so, of necessity, I had to bring more security to Phil’s desk.

I received authorization to install a multi-thousand dollar Cisco firewall, designed to sit comfortably in a professionally managed data center,  providing network security services to hundreds if not thousands of systems, under Phil’s already busy desk. This was a kludge on top of a kludge. Ladies and gentlemen, this was a multi-billion dollar firm.

Classic Cisco Network Topology

A Fable of Competence

In modern mythology, by which I mean marketing, technologies are deployed in companies with a cool competence building on past perfection with new perfection: shiny and flawless. In reality, despite our best efforts, complex systems accrue debts: past compromises force new compromises to ensure the entire system continues to function. Keep this in mind the next time you think about your bank or credit card company or Meta or Google or the world as a whole.