Skip to main content
Hashnodetechwastitechwasti

Command Palette

Search for a command to run...

Feature Flags, Rollbacks, and Damage Control.

Updated
M
Maheshwar Ligade

Learner, Love to make things simple, Full Stack Developer, StackOverflower, Passionate about using machine learning, deep learning and AI

Part of seriesBackward Compatibility

How experienced teams ship changes safely—and recover when things go wrong

Introduction: Production will always surprise you

No matter how good your design is, production will surprise you.

  • Real users behave differently

  • Real data exposes edge cases

  • Real traffic finds weak spots

The difference between mature teams and struggling teams is not who makes fewer mistakes.
It’s who can recover faster.

Feature flags, rollbacks, and damage control are not advanced techniques.
They are survival tools.

Feature flags are not optional anymore

If you deploy code that cannot be turned off, you are gambling.

Feature flags give you:

  • Control after deployment

  • Separation between deploy and release

  • A way out when assumptions fail

They don’t prevent bugs.
They reduce the blast radius.

What feature flags are actually for

Feature flags are best used for:

  • Turning new behavior on and off

  • Gradual rollout

  • A/B testing (carefully)

  • Emergency shutdowns

They are not:

  • Permanent configuration

  • A replacement for design

  • An excuse to skip testing

Example 1: New business rule rollout

You introduce a new pricing rule.

Without feature flag:

  • Deploy code

  • Issue found

  • Rollback required

  • Database changes complicate rollback

With feature flag:

  • Deploy code (flag OFF)

  • Enable for 5% users

  • Observe metrics

  • Roll back instantly if needed

Very different outcomes.

The simplest flag is often enough

Feature flags don’t need complex systems.

Sometimes a simple check is enough:

if (featureFlags.isEnabled("new_pricing")) {
    applyNewPricing();
} else {
    applyOldPricing();
}

The power comes from control, not sophistication.

Rollbacks are part of the design

If rollback is painful, it won’t happen fast enough.

Rollbacks fail when:

  • Schema changes are irreversible

  • Data formats change silently

  • Old code can’t run on new data

Rule of thumb

If you can’t roll back in minutes, you don’t have a rollback plan.

Example 2: Schema change without rollback

You deploy:

  • New code

  • New schema

  • Data migration

A bug appears.

Code rollback:

  • Old code doesn’t understand new schema

  • Data is already changed

Rollback fails.

Lesson:
Feature flags don’t save you if the data is incompatible.

Damage control is a skill, not a reaction

When something breaks in production, panic makes things worse.

Experienced teams follow a simple order:

  1. Stop the bleeding

  2. Stabilize the system

  3. Understand what happened

  4. Fix forward carefully

Feature flags help with step one.

Example 3: Kill switch in action

A background job starts consuming too much CPU.

Without kill switch:

  • Restart servers

  • Scale nodes

  • Hope for improvement

With kill switch:

  • Disable the job

  • System stabilizes

  • Root cause analysis begins

No heroics required.

Anti-patterns that reduce safety

Anti-pattern 1: Permanent feature flags

Flags that never get removed become:

  • Dead code

  • Confusing logic

  • Maintenance burden

Flags should have an expiry date.

Anti-pattern 2: Flags without ownership

If no one owns a flag:

  • No one cleans it up

  • No one knows when it’s safe to remove

  • No one remembers why it exists

Every flag needs an owner.

Anti-pattern 3: Believing flags fix bad design

Feature flags cannot fix:

  • Poor data models

  • Breaking API changes

  • Irreversible migrations

They are seatbelts, not engines.

Gradual rollout beats big releases

Instead of:

  • Releasing to everyone at once

Prefer:

  • Internal users first

  • Small percentage of traffic

  • Gradual increase

Problems surface early.
Impact stays small.

Observability makes flags useful

Feature flags without metrics are blind.

You should observe:

  • Error rates

  • Latency

  • Business metrics

  • User behavior

If you can’t see the impact, you can’t control it.

A simple readiness checklist

Before releasing a flagged feature:

  1. Can we turn it off instantly?

  2. Does old code still work?

  3. Is rollback tested?

  4. Are metrics in place?

  5. Who owns this flag?

If any answer is “no”, pause.

Final thought: control beats confidence

Confidence feels good.
Control saves systems.

Feature flags, rollbacks, and damage control are not signs of weakness.
They are signs of experience.

The best teams don’t hope nothing goes wrong.
They prepare for when it does.

More such articles:

https://medium.com/techwasti

https://www.youtube.com/@maheshwarligade

https://techwasti.com/series/spring-boot-tutorials

https://techwasti.com/series/go-language

#software-development#software-engineering#software-architecture#software-testing#programming-blogs#programming-tips#programming-languages#feature-flags#architecture

Comments

Join the discussion

No comments yet. Be the first to comment.

Backward Compatibility

Part 2 of 5

Hard-earned lessons on why breaking changes cause real damage in production, and how experienced engineers design new features that respect the past.

Up next

Database Changes in Live Systems.

Why schema changes break production and how experienced teams avoid it. Introduction: Databases remember everything You can redeploy code in minutes.You can roll back services.You can toggle feature flags. But your database? It remembers every decis...

More from this blog

T

techwasti

276 posts

TechWasti is a community where we are sharing thoughts, concepts, ideas, and codes.