$30 off During Our Annual Pro Sale. View Details »

Distributed Failure: Learning Lessons From Aviation

Andrew Godwin
April 24, 2018
Programming
2
320

Distributed Failure: Learning Lessons From Aviation

A talk I first gave at Code Europe Warsaw, spring 2018.

Andrew Godwin

April 24, 2018
Tweet

More Decks by Andrew Godwin

See All by Andrew Godwin
Writing Maintainable Software At Scale
andrewgodwin
0
170
A Newcomer's Guide To Airflow's Architecture
andrewgodwin
0
140
Async, Python, and the Future
andrewgodwin
2
420
How To Break Django: With Async
andrewgodwin
1
400
Taking Django's ORM Async
andrewgodwin
0
390
The Long Road To Asynchrony
andrewgodwin
0
410
The Scientist & The Engineer
andrewgodwin
1
430
Pioneering Real-Time
andrewgodwin
0
180
Just Add Await: Retrofitting Async Into Django
andrewgodwin
2
1.2k

Other Decks in Programming

See All in Programming
Hive Distributed Profiling System in Treasure Data - Japanese version #tdtechtalk
okumin
0
130
WebAssembly for the Backend
adriancole
0
170
コルーチン〜Androidと非同期処理〜
nyafunta9858
0
100
SvelteKitを本番投入してみて
kubotak
0
240
Elm_LandでElm入門
negiboudu
0
150
Ship Faster With Feature Flags
davidodari
0
160
Excelを扱うRubyGemまとめ 2022
ktam1219
0
260
Kubernetes Admission Webhook Deep Dive
zoetrope
7
660
Step Functionsの設計時に知っておいたほうがいいかもしれないこと
pirosikick
0
150
ビルドツールViteを10分で解説!
akitotsukahara
0
130
클라우드 시대에 맞는 사이트 신뢰성 엔지니어
outsider
0
630
How to dynamically validate data with Symfony
marionleherisson
0
110

Featured

See All Featured
The Straight Up "How To Draw Better" Workshop
denniskardys
225
130k
Faster Mobile Websites
deanohume
294
29k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
351
21k
A Tale of Four Properties
chriscoyier
149
21k
Streamline your AJAX requests with AmplifyJS and jQuery
dougneiner
127
8.7k
From Idea to $5000 a Month in 5 Months
shpigford
374
44k
Scaling GitHub
holman
453
140k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
13
5.3k
How New CSS Is Changing Everything About Graphic Design on the Web
jensimmons
214
11k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
12
1.1k
What's in a price? How to price your products and services
michaelherold
231
9.6k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
15
1.1k

Transcript

  1. DISTRIBUTED FAILURE Andrew Godwin @andrewgodwin Learning lessons from aviation

  2. Hi, I’m Andrew Godwin

  3. Content Warning Aviation accidents Road accidents Discussion of death

  4. Software is difficult.

  5. Distributed is even harder.

  6. None

  7. Not unique to distributed systems

  8. None

  9. Who's solved this? Aviation.

  10. A Boeing 747 has six million parts

  11. A Boeing 747 has six million parts

  12. Airplane Car Walking Train 220 130 30.8 Deaths per billion

    hours (UK 1990-2000) 30

  13. People matter as much as machines

  14. Pilot 76% Aviation Accident Causes (2005 Nall report) 9% Other

    16% Mechanical

  15. Let's look at some aviation principles

  16. Principle #1 Hard Failure

  17. If something is wrong it turns itself off

  18. This only works if you have redundancy

  19. None

  20. These are great ways to ensure you never fix something.

  21. No accident or outage has a single cause. Stop your

    code getting into odd states.
  22. None

  23. Single points of failure can be good

  24. None

  25. Principle #2 Good Alerting

  26. Cockpits are incredibly selective about what sets off an audio

    alarm

  27. Alert fatigue is real. Avoid at all costs.

  28. Never, ever, put all errors in the same place

  29. Critical Normal Background

  30. Critical Normal Background Wakes someone up. Actionable.

  31. Critical Normal Background Wakes someone up. Actionable. Fixed over the

    next week.

  32. Critical Normal Background Wakes someone up. Actionable. Fixed over the

    next week. Metrics, not errors.

  33. Have you been ignoring an error for weeks? Then turn

    off its error reporting.

  34. Principle #3 Find your limits

  35. Everything will fail. You should know when.

  36. Copyright Boeing

  37. What's your Minimum Equipment List?

  38. REQUIRED OPTIONAL

  39. Did you load test? Did you fuzz test?

  40. You don't have to perfectly scale.

  41. Risk is fine when you're informed!

  42. Principle #4 Build for failure

  43. No single thing in an aircraft can fail and take

    it down.

  44. We all want this for our code, but the way

    to do it is to build for failure.

  45. Kill your application randomly Practice server network failures Develop on

    unreliable connections

  46. The majority of pilot training is handling emergencies.

  47. None

  48. Use checklists. Don't rely on memory.

  49. If you practice failure, you'll be ready when the inevitable

    happens.

  50. Pilot 76% Aviation Accident Causes (2005 Nall report) 9% Other

    16% Mechanical

  51. Principle #5 Communicate well

  52. Distributed software means separate teams.

  53. As you grow, communication becomes exponentially harder.

  54. None
  55. None
  56. None

  57. Clear communication is vital.

  58. Write everything down.

  59. Have a clear chain of command.

  60. Make decisions.

  61. Principle #6 No blame culture

  62. How do I know all these aviation stats?

  63. Every incident is reported and investigated.

  64. There is never a single cause of a problem.

  65. Make it very difficult to do again.

  66. None
  67. None

  68. Encourage reporting.

  69. Reward maintenance as well as firefighting

  70. None

  71. In aviation, every rule is written in blood.

  72. Software is not yet there. But we are getting closer.

  73. Margaret Hamilton Her error detection code saved Apollo 11

  74. Therac-25 Killed 3, severely injured at least 3 more

  75. None
  76. None

  77. Hard failure Good alerting Find your limits Build for failure

    Communicate well No blame culture

  78. Thanks.