7/4/2026 at 5:20:08 PM
I recently left Google having worked on a number of projects with various YouTube teams. I think I can explain why it's being handled this way by YouTube.This is a fairly nuanced/involved issue, so the task of classifying the bug likely made it's way to one of the engineers responsible for the implementation of this feature.
That engineer has already launched this project, and filed it away under their GRAD (performance) artifacts for when promo/annual review talks roll around. There's no motivation for this engineer to waste time fixing this bug because it won't benefit their promo packet, and they are already being put under pressure to launch other projects which _will_ benefit their promo packet.
So they do what they can to sweep it under the rug because that's what the promo/annual review framework (GRAD) incentivizes and rewards.
by Mg6yDfjp5U
7/4/2026 at 7:56:23 PM
I design and build trains.If I ignored a safety issue that I discovered - not one I caused by design but even one I discovered in an existing design - because of a performance review my engineering licence would be revoked and I would be kicked out of the industry.
This is a prime example of why programmers are not seriously considered engineers.
by NamTaf
7/4/2026 at 8:13:03 PM
> This is a prime example of why programmers are not seriously considered engineers.Seems to me like your comment is simply an example of prejudice.
You're just describing another standardized incentive structure that you're operating in, and using that as a basis to extrapolate that programmers of all kinds—whether they work on a video platform or on machinery that could cause catastrophe if it fails—are implicitly careless careerists who refuse responsibility by nature.
by brailsafe
7/4/2026 at 8:33:17 PM
I understand the direction of your comment, engineering doesn't guarantee security either.Hubris is the single biggest downfall, whether it's pegged on insecurity, or a false sense of knowledge, superiority or entitlement.
The very best and most experienced people I know have deep expertise, and maintain a healthy mistrust of their own work to keep an eye on it and improving it.
Real world experience and run history is a big thing, and people can re-learn the lessons of the past over and over with their egos, or also be open to learning from others to learn quicker.
by j45
7/4/2026 at 8:26:03 PM
"The rat is always right." - B.F. Skinner.When the rat presses a lever, don't blame the rat. This is super reductionist of course, but I always keep it in mind.
by HelloMcFly
7/4/2026 at 8:32:03 PM
It's worse than that. Google will get rid of you if you are just fixing bugs. Ergo, the people who are inclined to fix are forced out or forced not to fix.by bagels
7/4/2026 at 8:06:38 PM
I think there is a fine line. YouTube is not critical software and no one’s life depends on the safety (putting mental health aside) of the code running. Some software engineers do however write code that is critical, but to your point, I don’t think they are ever considered liable.I went through an acquisition as a Canadian software developer getting acquired by an American company. They wanted us to be called engineers like the rest of their SWEs but in Canada it’s a protected namespace. It’s illegal to call yourself an engineer without having the ring and the papers. Which personally I can appreciate.
by fathermarz
7/4/2026 at 8:15:12 PM
Youtube should consider their engineers responsible for the software they write. Big companies these days are just bureaucracy tricks and politics. There's a small handful of real talent, but they're quickly moving to new startups.Also, I'm Canadian as well, and almost everyone calls themselves "software engineer" these days. You just can't say P.eng. in your title. You could be forced to remove it from linkedin/etc if you're called out, but it rarely happens.
by m00x
7/4/2026 at 8:12:46 PM
The entire rail industry suffers from massive deferred maintenance issues that manifest as serious safety concerns. This shit happens in every industry: dieselgate, 737max, flint water crisis, PG&E camp fire, etc. Let's not pretend one engineering discipline is holier than thou -- especially when the consequences are derailments versus some leaked youtube videos.by beambot
7/4/2026 at 8:09:43 PM
> This is a prime example of why programmers are not seriously considered engineers.The problem isn't the programmers ffs. In your industry, if your superior orders you (or creates the incentive) to hide bad stuff under the rug, you have the ability to push back, at least to some degree.
Programmers? We don't have that. Maybe the few of us who actually work on security critical stuff, but some generic AI BS? No chance. You're being treated as a cog.
by mschuster91
7/4/2026 at 8:12:55 PM
All sorts of employees are treated as disposable. The issue is absolutely that software engineers have no culture of responsibility or safety and no professional licensing group to enforce it for them.by Arainach
7/4/2026 at 8:30:42 PM
[delayed]by brailsafe
7/4/2026 at 8:03:19 PM
I remember hearing this perspective when I first started in the software industry, and I agreed with it for quite some time. But frankly, we’ve never been further from it.by richardfey
7/4/2026 at 6:10:46 PM
I feel like things have become so much more cynical in the last 5 years, in this regard.I feel like part of it is the "over-systemization" of promos. I see the logic behind it to some extent - if there's a system, it's "fairer"/"more democratic". But, then we end up with ridiculous gamified promo systems.
by throwrioawfo
7/4/2026 at 6:53:59 PM
objective systems become gamifiedsubjective systems become politicized
pick your poison
by campbel
7/4/2026 at 7:29:00 PM
I'll pick small company, thank you.by ismailmaj
7/4/2026 at 7:46:32 PM
This isn’t a bad approach but it’s not a panacea: small companies can be pretty messed up too, albeit perhaps in different ways.by bartread
7/4/2026 at 8:23:41 PM
The impact is local though, it would be only a problem if the median small company is more messed up than the large co.It not likely to happen because being small there are more threats or market forces to deal with so they cannot do as they please. Monopolies or just economies of scale affords large co and the small number of executives that control them outsized influence - both good and bad.
by manquer
7/4/2026 at 7:42:07 PM
This is great. I'd begun to conclude the pendulum swung too far towards "moneyball" and both approaches have trade-offs, but this is perfectly succinctby anonymars
7/4/2026 at 8:06:49 PM
Yeah... there are no systems that are not political. Even if you agree objectivity is a thing, someone has to persuade others to buy into whatever that objectivity is, and that's still politics, and not cynical at all.by doctorpangloss
7/4/2026 at 7:20:40 PM
Why not both?by BadBadJellyBean
7/4/2026 at 7:29:39 PM
it is both because the "objective" system is also rife with subjective judgementsby lacunary
7/4/2026 at 6:43:39 PM
Eh, clearcut promo paths used to be a bigger thing in the 90s and they did work for a little while, they just didn't handle exceptions well, and then the whole developed world up and thought they were also exceptions. Certifications used to matter more, now they are so cheapened that you cannot do much without them.by jambalaya8
7/4/2026 at 7:22:38 PM
5 years ago they had the same incentives.by ikiris
7/4/2026 at 7:59:14 PM
But five years ago they had a stronger engineering culture. The old values were rapidly eroding, but some still held.by tmoertel
7/4/2026 at 6:44:37 PM
It’s not about fairness or democracy (maybe you meant meritocracy?) at all although it’s sold that way to participants - it’s primarily about ownership’s ability to cascade management duties, including mitigating latent negotiation powers by individual workers and groups of workersby wahnfrieden
7/4/2026 at 5:36:07 PM
Glad to hear this is a universal big tech experience. The promo process is entirely antithetical to shipping good productsby ronbenton
7/4/2026 at 6:59:41 PM
Shipping great products is about the details that almost nobody will noticeA good promo process needs to notice the invisible
Apple did it for decades
by gguncth
7/4/2026 at 6:31:02 PM
I don't think it's the promo process itself. If the bug was something that actually affects Google's bottom line, I guarantee that Google would find a way such that the engineer would be incentivized to fix it.by Aunche
7/4/2026 at 6:30:51 PM
Sweep it under the rug is not limited to any paticular industry.by tiahura
7/4/2026 at 5:40:53 PM
What do you mean? Youtube is unquestionably one of the most successful projects ever launched? Seems like the process works astoundingly well.by citizenpaul
7/4/2026 at 5:44:40 PM
Youtube wasn't launched by Google, it was purchased.by strictnein
7/4/2026 at 6:44:59 PM
Youtube launched 1 year and 8 months before being acquired by google.... It's largely semantics to say that what Youtube is today, isn't a direct result of Google's ownership for nearly 20 years now....by UnlockedSecrets
7/4/2026 at 7:42:23 PM
From talking to someone that worked at YouTube for 15 years, they still had a lot of core Python code in 2016 that was legacy from the OG company/team and that code needed to be transitioned to follow the Google way of doing things in C++/Go.I don't think it was distinct enough from the Google culture like Android was at the start of the acquisition but it seems they had leeway to do their own thing.
by ismailmaj
7/4/2026 at 7:43:42 PM
Google had Google Video and couldn't hold up, that's why they bought Youtube.by grg0
7/4/2026 at 7:54:49 PM
What YT is now:- ads every now and then
- addictive shorts no one needs
- suggested videos nobody asked for
- geo ban of videos
by sdevonoes
7/4/2026 at 8:30:57 PM
No concept of language in a user facing way. No filter by language no search by language. On the contrary searches are translated before running and return all languages, videos are dubbed even when you speak the original language, same but with titles being translated etc. Search being shit is kind of on par with being a Google product though. I wonder if they had any language preferences before Google bought them. I don't remember that far back.by dizhn
7/4/2026 at 7:36:48 PM
Huh? It's not semantics to point out that a project wasn't launched by Google, when the point was about a successful project launch from Google.by strictnein
7/4/2026 at 5:55:12 PM
Youtube survives on google's massive repertoire of products being vastly more profitable, not because it's the best of its kind.by mid-kid
7/4/2026 at 6:28:15 PM
And free bandwdith. Free bandwidth is nice.by thx67
7/4/2026 at 5:57:49 PM
And you honestly believe the main factor in YouTube success was the quality of the code?That's a thought that doesn't even deserve further comment.
by ghurtado
7/4/2026 at 6:28:05 PM
Did the promo process exist at YouTube's creation?by dooglius
7/4/2026 at 5:42:42 PM
Good != Successful.I assume that's why they wrote good and not successful.
It's an average software product with incredible scaling behind it and a lot of elbow grease to keep it chumming along, but it's not great software by the definition of "bugs actually get dealt with"
by OtomotO
7/4/2026 at 5:58:02 PM
It's great software in the sense that it makes a shit ton of money though. In the end software that doesn't get used and doesn't make any money but has no bugs is not valuable either.Not saying that this is the trade off you have to make but if you have a working mode in place that achieves usage and money somewhat consistently i can understand being hesitant about changing it to optimize for less bugs instead.
by jascha_eng
7/4/2026 at 6:10:59 PM
The only people for whom it makes sense to define "great" as "makes money" are the people who produce and sell said product.Similarly, most people don't put much stock in the salesmen of a product describing their own product as great.
Stop debasing all of quality to profitability.
by estaroc
7/4/2026 at 6:51:08 PM
Surely the Therac would have made more money if they had covered up the deaths instead of fixing the bugs and owning up to them.Why do you think they would compromise how good their software is merely to save lives?
by ori_b
7/4/2026 at 6:22:10 PM
That's just two different scales.Weapons are a great product for weapon dealers and manufacturers as well, just not so much for the people killed by them (or their families, or survivors)
So sure, if making a shitload of money is the metric, YouTube is a great product.
That wasn't the point of the person you answered to though.
by OtomotO
7/4/2026 at 5:58:55 PM
This is what you get when the MBAs are in charge. They just go with P&L, Spreadsheets, etc. and care only about the current quarter and meeting the goals.by mlmonkey
7/4/2026 at 6:50:17 PM
Google leadership has been from research/engineering and product backgrounds. This is how hierarchical businesses operateby wahnfrieden
7/4/2026 at 6:30:30 PM
The rot is deep.by sscaryterry
7/4/2026 at 6:29:56 PM
I also used to work at Google and what you have described is not the way the VRP works at all.1. The engineers on the VRP teams set the severity of the bug based on impact. The engineering team responsible for the fix can argue the severity but only if they can show there is some other mitigating factor that the VRP team wasn't aware of.
2. Google has a great security culture and while it may be true that maintaining existing code may not be as sexy as building new features, fixing vulnerabilities does look good on GRAD (performance) because the impact is already well documented.
3. Believe it or not, the VRP team does like to give away rewards. However, to do this, they have to follow a rubric to keep all of the payouts consistent and fair.
4. Constructive and polite discourse is welcome and a researcher may reply to their bug asking for more details or to make their case in the event that they think the VRP team did not understand the severity. The team is made up of humans who are open to the idea that they missed something in the initial report. They, like all other bug bounty programs, are also struggling to keep up with the huge influx of AI generated slop so mistakes can happen.
by cdbdbspt
7/4/2026 at 6:54:54 PM
My first thought when reading the article was: "The generous interpretation here is that whoever is fielding reports gets so many false positives that they miss true positives (like this report), especially if there's any gray area."I'm not saying that excuses it, but it is one likely explanation for how it happened. When looking at just one report, the response seems negligent. When looking at a pile of 1000 nonsense reports, with a handful like this, I understand the difficulty.
by jonahx
7/4/2026 at 5:54:06 PM
Of all the fucked up things in this comment, giving a single Engineer lifetime responsibility for all bugs in code they wrote is probably the dumbest.And it's slowly becoming the norm. The last place I worked at, a large and well known Tech company, didn't even roll with QA's. That just wasn't a role anywhere in the division. You are fully responsible for all the bugs in all the code you ever wrote
Cute at first. Unsustainable in the long term
by ghurtado
7/4/2026 at 6:25:19 PM
I disagree with this pretty strongly. If you’re not going to take responsibility for your bugs I don’t want to work with you.Don’t make other people QA your work; if you’re not able to figure out how to do that yourself while you work you’re legitimately bad at your job.
Once you leave an employer obviously you have no obligation to fix bugs in IP you don’t own or anything.
by weitendorf
7/4/2026 at 6:41:19 PM
I think it's reasonable to have a culture where you're encouraged to consult the IC who wrote the code even after they've moved on to other projects. But I don't think they should be responsible for fixing the bugs.And I don't mean this to excuse the bad code written by ICs. I just think it's not sustainable from the POV of the org itself to depend so heavily on individuals, especially ones who aren't familiar with the entire codebase anymore.
The team currently in charge needs to have full ownership and be responsible for the code, even if they didn't write it.
by tredre3
7/4/2026 at 7:51:03 PM
That works as long as there's a finish line. If you make a framework, or a set of libraries, it's easy to get pigeon holed into all new feature work around those.by nomel
7/4/2026 at 7:43:37 PM
OP used the word "lifetime" which makes a key difference.I don't want to be responsible for a bug in my 8 years old code, which I probably even forgot how it worked etc. I probably don't even work anymore in the same team or on the same service.
Why the hell should I be responsible and how is this sustainable?
I am not even sure if your criticism makes any sense at all anymore nowadays. AI is writing 80% of the code, if not more. It's technically not even your code anymore, although there is your name on the commit. Why should I be responsible for that 3 years from now, when I have again moved team or service etc.
Accountability ok, but you should not retire with your code.
by mk89
7/4/2026 at 8:17:13 PM
> Why the hell should I be responsible and how is this sustainable?Well, it works for professional engineers, you know, the people designing bridges, tunnels, heavy machinery, aircraft, spacecraft or medical instruments. When something happens and they can't show that their work adhered to the generally accepted best standards at the time... they're held liable. And sometimes, that liability includes jail time, particularly when people are seriously injured or die.
And how it is sustainable? Simple: legal requirements that force managers to allot enough time and tooling to their engineering teams, because engineers whose professional license is on the line will rather quit than be forced to sign off something that is unsafe.
In the software world, this might result in AI not being used at all - simply put: no matter what, AI in its current form is always going to be vulnerable to in-band attacks, or to use an older term... phreaking [1]. It might result in software having to go through formal proof programs, fuzzers, whatever. It might result in entire programming languages just being outright banned in production code in favor of programming languages that eliminate entire classes of vulnerabilities.
And before the usual "but China/India/... would outcompete us" complaints come... well, have you ever seen a Chinese widebody airliner in Western airspace? No. Because China is not able to pass over the engineering gates we have set in place. We could easily do the same with software.
Requiring at least some sort of quality gates on software would not be bad for you as a programmer. Quite the contrary: it would hand you power over your incompetent beancounter boss.
by mschuster91
7/4/2026 at 8:13:50 PM
Lifetime is too much. One or two re-orgs at most.People only spend a couple of years at each company anyway
by boredatoms
7/4/2026 at 6:44:21 PM
It's not cute, it's a sensible way to build greater understanding by learning from mistakes. The thing is, it has to be engrained in the culture and that also means it may need to take priority over other work. Responsibility doesn't need to mean you have to write the code, just see it through.by goosejuice
7/4/2026 at 6:04:56 PM
Ok. So QA finds a bug. Who’s responsible for fixing it? The only value of QA is to try to make sure you become aware of issues before customers find themby vlovich123
7/4/2026 at 8:32:13 PM
QA probably has their own promotion path that doesn't involve finding bugs. :)by dizhn
7/4/2026 at 6:06:17 PM
The company, not the individualby episteme
7/4/2026 at 6:20:27 PM
And who in the company do you propose should fix itby ShrootBuck
7/4/2026 at 6:35:08 PM
someone hired by the company to understand the application and fix the bugive inherited a lot of code
by jareklupinski
7/4/2026 at 6:48:46 PM
It's even worse when you don't work at a tech. Even the simplest of Excel formulae, power automate flows simply go abandoned once the creator moves on, or maybe a very expensive consultant is onboard to maintain what amounts to a handful of lines of code. It's embarrassing how little initiative the average information worker has when it comes to stuff like this.by dfxm12
7/4/2026 at 6:43:08 PM
It's ultimately Google's responsibility to ship bug free products. I don't care who implements a fix, but Google management should make sure someone fixes it.by dfxm12
7/4/2026 at 6:46:38 PM
No, it’s really not, it’s none of our jobs to do that. It’s our job to make our employer (even if you are your own employer) money.It’s incredibly rare you have the luxury of even trying to deliver bug free code, let alone achieve it.
by carl_dr
7/4/2026 at 6:51:37 PM
People eventually stop using, and paying for, buggy code.by dfxm12
7/4/2026 at 7:16:23 PM
ROFL this has not been my experience. Many more people stop paying because of some featuritis request you snubed to keep the bugs under control.by ZiiS
7/4/2026 at 6:48:57 PM
Spoken like a user and not an ownerby wahnfrieden
7/4/2026 at 6:42:13 PM
[dead]by newtonianrules
7/4/2026 at 6:12:02 PM
> This is a fairly nuanced/involved issueIs it though?
by varispeed
7/4/2026 at 6:24:52 PM
Definitely. The front line support agents handle only the most basic requests. Anything even remotely complicated, such as this, would be internally kicked around until they found someone familiar with the project to give input. Which most likely is someone who worked on the original implementation.by Mg6yDfjp5U