The Six Laws of System Failure

Pattern Classes

Every exhibit in this museum is an instance of a root failure mechanic. These six classes are the physics beneath the patterns. Learn them, and you can recognize failures you have never seen before.

The language changes. The framework changes. The pattern does not.

Law 0Katie's Law — Laziness

“Every system is shaped by the human drive to do less work. This is not a flaw. It is the economic force that produces all software — and all software failure.”

Every pattern in this museum exists because a human made a reasonable choice to do less work. Two-digit years saved two columns on a punch card. String concatenation was faster than learning prepared statements. Trusting the cookie meant not building a token system. The six laws describe how systems fail. Katie's Law describes why humans build them that way. It is the gravity beneath the geology — the force that creates the layers this museum teaches you to read.

⧫Boundary Collapse6 exhibits

When data crosses into a system that interprets structure, without being constrained or transformed, it becomes executable.

Direct Injection

The Concatenated Query

Reflected Execution

The Embedded Script

Format Dissolution

The Unquoted CSV

Memory Invasion

The Overflowed Return

Object Resurrection

The Trusting Deserializer

Instruction Confusion

The Instructed Hallucination

◎Ambient Authority4 exhibits

When a system trusts the presence of a credential instead of verifying the intent behind it, authentication becomes indistinguishable from authorization.

Confused Deputy

The Forged Request

Predictable Identity

The Phantom Session

Missing Authorization

The Open Door The Unguarded Memory

◇Transitive Trust4 exhibits

When a system inherits trust from a source it did not verify, the attack surface extends to everything that source touches.

Supply Chain Inheritance

The Poisoned Dependency LEO I — The First Business Computer Bug

Credential Exposure

The Committed Secret

Delegated Authority

The Autonomous Executor

◈Complexity Accretion6 exhibits

Systems do not become complex. They accumulate complexity — one reasonable decision at a time — until no single person can hold the whole in their head.

Responsibility Collapse

The God Object ENIAC — The First Programmers Debugged with Their Hands SAGE — The First Software Crisis

Sedimentary Code

The Dead Branch The Tangled Goto

Eager Consumption

The Greedy Initializer

◐Temporal Coupling4 exhibits

Code that assumes sequential execution, stable state, or consistent timing will fail the moment concurrency, scale, or latency proves the assumption wrong.

Race Condition

The Unsynchronized Handshake

Scale Blindness

The Runaway Migration The Hardwired Year The Dropped Deck — Why Code Has Line Numbers

◑Observer Interference2 exhibits

When the system that monitors health becomes a participant in the system it monitors, observation becomes a failure vector.

Recursive Observation

The Ouroboros Health Check Apollo Guidance Computer — The Software That Saved the Moon Landing

Pattern Relationships

Patterns do not exist in isolation. Each connection reveals how one failure enables, evolves into, or mirrors another. Click a class above to filter.

Cross-Domain Analog (9)

AI Bridge (4)

Enables (10)

Precursor (3)

The Concatenated Query

Cross-Domain Analog

The Embedded Script

The Concatenated Query

Cross-Domain Analog

The Unquoted CSV

The Concatenated Query

Cross-Domain Analog

The Trusting Deserializer

The Overflowed Return

Precursor

The Concatenated Query

The Embedded Script

AI Bridge

The Instructed Hallucination

The Concatenated Query

AI Bridge

The Instructed Hallucination

The Trusting Deserializer

AI Bridge

The Instructed Hallucination

Enables

Enables

Cross-Domain Analog

Enables

The Poisoned Dependency

Enables

The Concatenated Query

The Autonomous Executor

AI Bridge

The Forged Request

The Committed Secret

Enables

The Autonomous Executor

The God Object

Enables

The Dead Branch

The Greedy Initializer

Cross-Domain Analog

The God Object

The Dead Branch

Enables

The Concatenated Query

The Unsynchronized Handshake

Cross-Domain Analog

The Runaway Migration

Enables

The Ouroboros Health Check

The Hardwired Year

Cross-Domain Analog

The Runaway Migration

The Unguarded Memory

Precursor

The Open Door

The Unguarded Memory

Enables

The Overflowed Return

Precursor

Enables

Cross-Domain Analog

The Ouroboros Health Check

Cross-Domain Analog

The Greedy Initializer

The Insight

Mitigation does not remove a pattern. It relocates it. Each fix reduces exposure but introduces new assumptions. When those assumptions fail, the pattern re-emerges — often in a context the mitigation was not designed for. The AI era does not create new failure modes. It provides new execution contexts for the same six laws.