Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Distributed Failure: Learning Lessons From Aviation

Andrew Godwin
April 24, 2018
Programming
2
390

Distributed Failure: Learning Lessons From Aviation

A talk I first gave at Code Europe Warsaw, spring 2018.

Andrew Godwin

April 24, 2018
Tweet

More Decks by Andrew Godwin

See All by Andrew Godwin
Reconciling Everything
andrewgodwin
1
200
Django Through The Years
andrewgodwin
0
83
Writing Maintainable Software At Scale
andrewgodwin
0
320
A Newcomer's Guide To Airflow's Architecture
andrewgodwin
0
240
Async, Python, and the Future
andrewgodwin
2
530
How To Break Django: With Async
andrewgodwin
1
570
Taking Django's ORM Async
andrewgodwin
0
580
The Long Road To Asynchrony
andrewgodwin
0
510
The Scientist & The Engineer
andrewgodwin
1
570

Other Decks in Programming

See All in Programming
SpringBoot+MyBatisで例外が出たときどこを見るか
syukai
0
110
Folding Cheat Sheet #2
philipschwarz
PRO
0
110
AWS Application Composerで始める、 サーバーレスなデータ基盤構築 / 20240406-jawsug-hokuriku-shinkansen
kasacchiful
1
240
App Router への移行は「改善」となり得るのか?/ Can migration to App Router be an improvement
takefumiyoshii
8
2.1k
Folding Cheat Sheet #1
philipschwarz
PRO
0
200
⼤規模⾔語モデルの拡張(RAG)が 終わったかも知れない件について
nearme_tech
22
14k
両面どころかインフラもTSでできるよ ~ 全方位TypeScriptによるプロダクト開発 ~
myfinder
9
3.2k
データアナリストが行うDatabricksを活用したETLの自動化事例
shinoa
0
240
受託開発でGitLab CI を活用していく
xiombatsg
1
260
GitHub Actionsで泣かないためにやっておきたい設定 / Recommended GHA settings to avoid crying
pinkumohikan
3
380
PHPの次期バージョンはこの時期どうなっているのか - Internalsの開発体制について - PHPカンファレンス小田原
youkidearitai
PRO
1
150
Swiftの型推論を学ぼう | Let's Learn About Type Inference in Swift
omochi
3
3.3k

Featured

See All Featured
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
24
2.3k
jQuery: Nuts, Bolts and Bling
dougneiner
58
7.1k
The Cost Of JavaScript in 2023
addyosmani
13
3.8k
Documentation Writing (for coders)
carmenintech
59
3.9k
KATA
mclloyd
14
12k
Rebuilding a faster, lazier Slack
samanthasiow
72
8.2k
10 Git Anti Patterns You Should be Aware of
lemiorhan
645
57k
Music & Morning Musume
bryan
40
5.5k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
19
1.9k
The Power of CSS Pseudo Elements
geoffreycrofte
58
5k
Visualization
eitanlees
135
14k
Git: the NoSQL Database
bkeepers
PRO
421
63k

Transcript

  1. DISTRIBUTED FAILURE Andrew Godwin @andrewgodwin Learning lessons from aviation

  2. Hi, I’m Andrew Godwin

  3. Content Warning Aviation accidents Road accidents Discussion of death

  4. Software is difficult.

  5. Distributed is even harder.

  6. None

  7. Not unique to distributed systems

  8. None

  9. Who's solved this? Aviation.

  10. A Boeing 747 has six million parts

  11. A Boeing 747 has six million parts

  12. Airplane Car Walking Train 220 130 30.8 Deaths per billion

    hours (UK 1990-2000) 30

  13. People matter as much as machines

  14. Pilot 76% Aviation Accident Causes (2005 Nall report) 9% Other

    16% Mechanical

  15. Let's look at some aviation principles

  16. Principle #1 Hard Failure

  17. If something is wrong it turns itself off

  18. This only works if you have redundancy

  19. None

  20. These are great ways to ensure you never fix something.

  21. No accident or outage has a single cause. Stop your

    code getting into odd states.
  22. None

  23. Single points of failure can be good

  24. None

  25. Principle #2 Good Alerting

  26. Cockpits are incredibly selective about what sets off an audio

    alarm

  27. Alert fatigue is real. Avoid at all costs.

  28. Never, ever, put all errors in the same place

  29. Critical Normal Background

  30. Critical Normal Background Wakes someone up. Actionable.

  31. Critical Normal Background Wakes someone up. Actionable. Fixed over the

    next week.

  32. Critical Normal Background Wakes someone up. Actionable. Fixed over the

    next week. Metrics, not errors.

  33. Have you been ignoring an error for weeks? Then turn

    off its error reporting.

  34. Principle #3 Find your limits

  35. Everything will fail. You should know when.

  36. Copyright Boeing

  37. What's your Minimum Equipment List?

  38. REQUIRED OPTIONAL

  39. Did you load test? Did you fuzz test?

  40. You don't have to perfectly scale.

  41. Risk is fine when you're informed!

  42. Principle #4 Build for failure

  43. No single thing in an aircraft can fail and take

    it down.

  44. We all want this for our code, but the way

    to do it is to build for failure.

  45. Kill your application randomly Practice server network failures Develop on

    unreliable connections

  46. The majority of pilot training is handling emergencies.

  47. None

  48. Use checklists. Don't rely on memory.

  49. If you practice failure, you'll be ready when the inevitable

    happens.

  50. Pilot 76% Aviation Accident Causes (2005 Nall report) 9% Other

    16% Mechanical

  51. Principle #5 Communicate well

  52. Distributed software means separate teams.

  53. As you grow, communication becomes exponentially harder.

  54. None
  55. None
  56. None

  57. Clear communication is vital.

  58. Write everything down.

  59. Have a clear chain of command.

  60. Make decisions.

  61. Principle #6 No blame culture

  62. How do I know all these aviation stats?

  63. Every incident is reported and investigated.

  64. There is never a single cause of a problem.

  65. Make it very difficult to do again.

  66. None
  67. None

  68. Encourage reporting.

  69. Reward maintenance as well as firefighting

  70. None

  71. In aviation, every rule is written in blood.

  72. Software is not yet there. But we are getting closer.

  73. Margaret Hamilton Her error detection code saved Apollo 11

  74. Therac-25 Killed 3, severely injured at least 3 more

  75. None
  76. None

  77. Hard failure Good alerting Find your limits Build for failure

    Communicate well No blame culture

  78. Thanks.