Game Days: Failing for Fun and Profit

Transcript

1. @andyfleener GAME DAYS FAILING FOR FUN AND PROFIT BY ANDY

   FLEENER

2. HI I’M ANDY

3. @andyfleener

4. @andyfleener ABOUT ME ▸ Platform Operations Manager ▸ Ruby Developer

   for 10 years ▸ In Operations for last 5 years ▸ New View Safety Nerd

5. @andyfleener WHAT’S A “NEW VIEW SAFETY NERD”

6. @andyfleener BAD IDEA: BLAME AND PUNISH GOOD IDEA: LEARN AND

   GROW

7. @andyfleener SYSTEMS THINKING!

8. @andyfleener WHAT’S SYSTEMS THINKING? ▸ It can be very counterintuitive

   ▸ Success and Failure are not easily defined ▸ Emergent properties of a system are the feedback required to close the loop Creative Commons Image: Liam Ross

9. @andyfleener COMPLEX SYSTEMS ARE PRETTY DOPE Creative Commons Image: John

   Smith

10. @andyfleener #REALTALK: I ENJOY BREAKING THINGS

11. @andyfleener

12. @andyfleener WHICH IS GOOD BECAUSE

13. @andyfleener LIVE LOOK AT THE INTERNET

14. @andyfleener HERE’S THE BILLIONS AND BILLIONS OF E-COINS QUESTION

15. @andyfleener IF THE SYSTEM IS UNSAFE HOW DO WE KEEP

    IT RUNNING?

16. @andyfleener FAILURE INJECTION!

17. @andyfleener ENTER GAME DAYS

18. @andyfleener A PROGRAM DESIGNED TO INCREASE RESILIENCE BY PURPOSELY INJECTING

    MAJOR FAILURES INTO CRITICAL SYSTEMS SEMI-REGULARLY TO DISCOVER FLAWS AND SUBTLE DEPENDENCIES. ACM Queue Volume 10, issue 9 Resilience Engineering: Learning to Embrace Failure(September 13, 2012)

19. @andyfleener CHANGE A BASIC ASSUMPTION AND YOU HAVE CHANGED THE

    SYSTEM ITSELF. Eli Goldratt THEORY OF CONSTRAINTS

20. @andyfleener IT’S THE SYSTEM, MAN

21. THE VALUE OF GAME DAYS ▸ Find latent failures ▸

    Practice Incident Response ▸Learn about your systems

22. @andyfleener GAME DAYS A BRIEF INCOMPLETE HISTORY

23. @andyfleener IT IS SAID THAT IF YOU KNOW YOUR ENEMIES

    AND KNOW YOURSELF, YOU WILL NOT BE IMPERILED IN A HUNDRED BATTLES Sun Tzu ART OF WAR

24. THIS CONCEPT IS OLD ▸ Security has been doing “Red

    Team” Exercises for decades ▸ Military organizations have been doing war games since the 1800s including predicting how the Japanese would attack Pearl Harbor 9 years before it happened

25. THE GAME DAY AS WE KNOW THEM ▸Amazon and the

    Master of disaster Jesse Robbins ▸Game Days at Etsy ▸PagerDuty and Failure Fridays

26. @andyfleener

27. @andyfleener WHAT ABOUT SPORTSENGINE?

28. GAME DAYS AT SPORTSENGINE: A HISTORY ▸ Started doing Game

    Days in 2013 ▸ The first Game Day was just 3 Operations Engineers busting our staging environment ▸ We’ve been running them quarterlyish since ▸ Our last game day crossed 4 teams with an attacking team of 5 and a responding team of 6

29. @andyfleener LOGISTICS

30. @andyfleener PICK A RED TEAM

31. @andyfleener ENSURE YOU HAVE A BLUE TEAM

32. @andyfleener TREAT GAMES AS PRODUCTION INCIDENTS BY FOLLOWING THE FULL

    INCIDENT RESPONSE LIFECYCLE

33. @andyfleener GET MULTIPLE TEAMS INVOLVED!

34. @andyfleener OPERATIONAL CONCERNS ARE BUSINESS CONCERNS

35. @andyfleener TAKE IT SERIOUSLY BUT DON’T FORGET TO HAVE FUN

36. None

37. ADVICE FOR THE RED TEAM ▸ Have more games prepared

    than you think you’ll actually get to ▸ Some Games won’t have the impact you expect ▸ Fake it until you make it(alerts, monitors, support requests) ▸ Advanced technique: Apply constraints to responders

38. @andyfleener USE TOOLS THAT EXIST ▸ Toxiproxy by Shopify ▸

    Comcast by tylertreat ▸ Chaos Monkey by Netflix Creative Commons Image: Toms River Fire Dept

39. ADVICE FOR THE BLUE TEAM ▸ Treat your response like

    it’s PRODUCTION ▸ Use this as a way to train New/Junior Engineers on your world class Incident Response ▸ Time the response to create urgency

40. @andyfleener EXAMPLE GAME CASE STUDIES

41. THE FAKE DDOS ATTACK ▸ A Classic real world concern

    ▸ We’ve done this game multiple times in different ways ▸ The easiest way is to leave a “D” off ▸ It might be harder than you think ▸ Fake this by outlawing an IP block as a mitigation technique

42. THE MISCONFIGURED NETWORK ▸ This is a super easy game

    adjust a firewall rule in a critical location ▸ Another Classic that happens throughout the internet ▸ This can be an easy way to see the devastating effects of high network latency

43. @andyfleener

44. THE SSL NEGOTIATION FAILURE ▸ Changed permissions on the ssl

    cert files ▸ Cause weird negotiation failure state that was hard to debug ▸ This actually happened later due to a failed chef configuration ▸ Big win because we understood the behavior when it happened

45. THE LATENT BUG BOMB ▸ These are fun and super

    common real world scenarios ▸ This is the perfect way to get a dev team involved ▸ I’ve done things like add command injection endpoints ▸ These are most effective by finding the biggest blast radius

46. THE FORK BOMB ▸ This is a great one to

    run if you want to seriously trash some servers ▸ Fork bombs are super easy to write ▸ You can write a fork bomb in any language ▸ Heres Ruby: loop { fork { load(__FILE__) } }

47. @andyfleener AS YOU CAN TELL I ENJOY BEING ON THE

    RED TEAM

48. @andyfleener

49. @andyfleener

50. @andyfleener THE PRIME DIRECTIVE : LEARN

51. @andyfleener BY LEARNING, OUR SYSTEM CAN CONTINUE TO GROW AND

    IMPROVE

52. @andyfleener WE’RE ACTIVELY ADDING CAPACITY TO THE SYSTEM TO FAIL

53. @andyfleener IS THE KEY TO CREATING NOT JUST RELIABLE SYSTEMS

    BUT RESILIENT ONES ADDING CAPACITY TO FAIL

54. @andyfleener TOOLS AND TOOLING BREAKOUT SESSION

55. @andyfleener STAY AWESOME AND THANKS!