Skip to content


Stef Walter edited this page Jul 11, 2014 · 8 revisions

Preventing an accidental click from destroying data or causing an outage on a server is important.

However Confirmation dialogs and prompts are evil. Bad bad bad. I've given talks on this at conferences, and you can see lots of articles about this on the net.

There are three levels of problem here:

  • Preventing an outage with a safety switch
  • Clearly describing data loss before it happens.

This does not cover trivially undoable operations where no outage or data loss would occur. Those should simply never have a prompt or special handling. The action should just happen, and/or have an way to undo.

Preventing Outages: Safety Switches

Example Implementation:

Example use cases:

  • Turning off a network card
  • Destroying a network bond
  • Unmounting a disk

No actual data loss occurs, but having a network outage as the result of a fat fingered click is not okay. We need a safety cover for the button here:

safety switch

There are examples of this on the iPhone, see the weather app.

Explaining Destructive Operations

Example use cases

  • Format a disk
  • Delete a partition
  • Destroy RAID

After clicking the button to delete a disk partition, or destroy a RAID, we should describe in detail what's going to be destroyed. Ideally this will happen inline and replace the item in question.

Clone this wiki locally
You can’t perform that action at this time.