> Please build a system with 100% availability under load and with no false positive. I'll wait.

Seriously? This is absolutely trivial: you don't build a system like this in the first place, as whatever is failing here--and 100% if it is a system actively designed to prevent people from posting links to their own timeline--isn't providing value: it is just a bigger surface in which there are going to be random bugs and false positives. I will thereby repeat: building systems that occasionally set themselves up for mistakes IS THE MALICE. I am not claiming that making a mistake is malicious, or that only malicious people make mistakes: we all make mistakes, so we should thereby do everything we can to limit our power and refuse to build systems that might fail.

(edit: I added a paragraph here but it came after a reply, so I moved that paragraph--without further edit--to my comment reply to that reply comment.)

A link preview adds value to those reading the posts. Because it can sometimes fail to process a link and prevent users from posting links is not a sign of sure malice, it's possibly incompetence (in the way the system was designed or implemented, in the business rules of requiring it to validate successfully before a link can be posted, etc.).

I'm a little lost at what your point is because if you think the above is malice, there's malice in every poorly implemented feature. Say Instagram does a rough check to ensure no nudity is contained in the images you're posting and that system goes down preventing you from posting to your own IG -- that too is malice?

Actually, a fraudster can design their system such that when preview service is the one rendering the page, it returns an error, but when a legit user is making the request, it may proceed showing bad stuff.

This is known as cloaking.

Safe thing to do is to block the submission instead of letting it through anyway, or potentially downrank the tweet, or graylist or whatever, or put it into failed queue for investigation, or something along thoselines.

I think crowd here would be delighted when twitter allows spam links because they figured out a way to fool the preview service in some ways.

Please do so. "Absolutely possible" is showing me you are way too confident of things and this usually is a sign you actually never done so.

The idea that you believe that a system I am saying shouldn't be built will somehow have a bug in it despite not existing is ridiculous. I will once again repeat, therefore, with more context: I am not claiming one should or can build systems without mistakes... I am claiming that, because we make mistakes--and because we all know that we all (including myself) make mistakes--we should not build certain kinds of systems, and that building systems that put us in a position where making mistakes cause these kinds of effects "is the malice".

Regardless, if it IS a mistake, we can assume Twitter will offer a formal apology indicating that they made a mistake that accepts fault for the impact it had on others, explain how they think that mistake occurred in enough detail that we can agree that it was a mistake and not an excuse, they will take steps to prevent that similar mistake from happening in the future, and they will further attempt to "make it right" somehow to the mastadon community (particularly so, as this was a competitor) with some extra benefit or concession... right? I will note that going around making mistakes and neither apologizing for them not taking responsibility for them--instead just flippantly hiding behind "we all make mistakes" while continuing to put yourself in a position where your mistakes matter to people--is itself a malicious act.

Every feature has a complexity burden it imposes on the overall system, and also a risk profile to causing failures as the overall environment changes.

Some features are definitely not worth the complexity they impose. Sometimes a feature is so important you need to add it despite the systemic risk that it obviously carries.

Most of the time the designer or implementer doesn’t stop to even consider this analysis and just fires off some code to add the feature and lets it become “technical debt” because it’s SEP at that point.

The best engineers have an immediate intuition about these types of features and a visceral reaction when asked to code them. Something along the lines of, “I have a bad feeling about this” to “No way I’m coding this, it’s a metaphorical bridge just waiting to collapse.”

If malice requires intent I think most of the time there isn’t actual malice. If malice can stem from ignorance then I fully agree with you.