Skip to content

Feedback Loops & Why Speed Matters

If you take one idea from this whole book, take this one: the goal is to shorten the loop between making a change and learning whether it worked. Almost every DevOps practice — automated tests, fast pipelines, monitoring, small deploys — is, underneath, a way to make that loop tighter. Once you see it, you can’t unsee it.

A feedback loop is the cycle: you change something, the change produces a result, you observe the result, and you use what you learned to make the next change.

┌──────────────────────────────────────────┐
│ │
▼ │
CHANGE ──> RUN IN REALITY ──> OBSERVE ──> LEARN
(commit) (deploy) (does it (fix or
work?) continue)

The length of one trip around that loop is what matters. A short loop means you find out you’re wrong quickly, while the change is small and fresh in your mind, and the fix is cheap. A long loop means you find out you’re wrong late, after the mistake has compounded and you’ve forgotten the details — and the fix is expensive.

This is not unique to software. It’s how all skilled work improves: the chef tastes the sauce as they cook, not after serving it. A flight simulator gives feedback in seconds so a pilot can learn without crashing a real plane. The faster the feedback, the faster the learning, the safer the outcome. DevOps is the application of that principle to shipping software.

Batch size: the lever you didn’t know you were pulling

Section titled “Batch size: the lever you didn’t know you were pulling”

Here’s where speed and safety stop being opposites. The key variable is batch size — how much change you ship at once.

Imagine two teams shipping the same total amount of work over a month:

BIG BATCH │ SMALL BATCHES
───────── │ ─────────────
1 release, 200 changes │ 40 releases, ~5 changes each
once a month │ ~twice a day

Intuition says the once-a-month team is safer — fewer deploys, fewer chances to break things, change is scary so do it rarely. Intuition is wrong, and seeing why is the heart of DevOps.

When the big-batch release breaks (and a release with 200 changes will have something wrong in it), you face two brutal questions: which of the 200 changes did it? and how do we undo it? Two hundred intertwined changes are nearly impossible to bisect, and rolling back one means rolling back all of them. The blast radius is enormous and the diagnosis is a nightmare.

When a small-batch release breaks, you know almost instantly what broke it — there were only five changes, probably the obvious one — and rolling back is trivial. The blast radius is tiny.

BIG BATCH FAILS SMALL BATCH FAILS
────────────── ─────────────────
"Something in 200 changes "It's the change we
broke prod. Good luck." shipped 4 minutes ago."
blast radius: huge blast radius: tiny
rollback: undo everything rollback: undo one thing
diagnosis: hours diagnosis: minutes

If small batches are safer, why does anyone ship big ones? Because of the wall from the last page. When deploying is painful — manual steps, scary handoffs, a real chance of a 2 a.m. page — people rationally deploy less often to avoid the pain. But deploying less often means each deploy is bigger, which makes it more painful and risky, which makes people deploy even less. A vicious cycle:

deploys are painful ──> deploy less often ──> bigger batches
▲ │
│ ▼
└──────────── more painful & risky ──────────┘

The way out is to attack the pain, not the frequency. Make deploying cheap, automatic, and safe — and small frequent deploys become not just possible but natural. That is what the automation in this book is for. Every manual step removed from the deploy path shrinks the pain, which shrinks the batch, which shrinks the risk.

We need a name for the length of the loop. Lead time for changes is the clock from code committed to code running in production. It’s the most honest single measure of how tight your feedback loop is.

commit ─────────────────────────────────> running in prod
└──────────────── lead time ─────────────────┘

A team with a lead time of minutes gets feedback from real users the same day they write the code. A team with a lead time of weeks is flying with a long delay between the controls and the response — they’ve forgotten the context by the time reality answers. Short lead time isn’t about working faster or harder; it’s about removing the waiting and the manual steps between commit and production. It’s so important it’s one of the four DORA metrics we’ll meet next.

The change-to-production loop is actually nested loops, and DevOps tightens each one:

Loop”Change” → “feedback”How DevOps shortens it
Localwrite code → does it compile/pass?tests that run in seconds on your machine
Integrationmerge → does it work with everyone else’s?continuous integration on every commit
Deployship → is it healthy in prod?automated pipeline + observability
Productrelease → do users like it?metrics, feature flags, fast rollback

Each row is the same shape — change, observe, learn — at a different timescale. Make every loop tight and an idea can travel from someone’s head to validated-in-production in hours instead of months.

The thread: the manual, error-prone step here is waiting — the slow human handoffs and the big-bang releases that delay feedback until a failure is huge and unbisectable. Shrinking the batch and automating the path to production removes that wait. You learn you’re wrong while the change is tiny and the fix is cheap, which is exactly what makes production safer.

  1. Draw the four-stage feedback loop. Why does the length of one trip around it matter so much?
  2. Two teams ship the same total work; one in monthly big batches, one in tiny daily ones. Explain why the small-batch team is safer, using blast radius and diagnosis time.
  3. What is the “doom loop” that pushes teams toward big batches, and where do you break it — at the frequency or at the pain? Why?
  4. Define lead time for changes precisely (from what event to what event?). Why is a weeks-long lead time dangerous beyond just being slow?
  5. Pick any one nested loop from the table and explain how a specific automation tightens it.
Show answers
  1. CHANGE → RUN IN REALITY → OBSERVE → LEARN, looping back to the next change. The length of one trip matters because a short loop means you find out you’re wrong quickly — while the change is small, fresh in mind, and cheap to fix — whereas a long loop means you learn late, after the mistake has compounded and you’ve forgotten the details.
  2. When the big-batch release breaks (and 200 intertwined changes will have something wrong), the blast radius is huge and diagnosis takes hours (“which of 200 did it?”, and rolling back one undoes all). A small batch has a tiny blast radius — only ~5 changes, so the culprit is obvious in minutes and rollback is trivial. Risk is about how much rides on each deploy, not how often you deploy.
  3. The doom loop: deploys are painful → deploy less often → bigger batches → more painful & risky → deploy even less. You break it at the pain, not the frequency — make deploying cheap, automatic, and safe, and small frequent deploys become natural. Attacking frequency directly (forcing more deploys while they’re still painful) just hurts more.
  4. Lead time for changes is the clock from code committed to code running in production. A weeks-long lead time is dangerous beyond slowness because you’ve forgotten the context by the time reality answers — you’re flying with a long delay between the controls and the response, so feedback arrives too late to act on cheaply.
  5. Open-ended — e.g. the Integration loop (merge → does it work with everyone else’s?) is tightened by continuous integration running on every commit, so you learn within minutes that your change conflicts, instead of discovering it during a painful merge weeks later.