Learning in production (or why Apollo 11 nearly failed) (ConFoo 2025)

Transcript

1. LEARNING IN PRODUCTION or why the Apollo 11 landing nearly

   failed Michiel Rook @michieltcs

2. 1969

3. None
4. None
5. None

6. @michieltcs #StandWithUkraine IT ALMOST DIDN'T HAPPEN

7. None

8. 1970

9. None
10. None
11. None

12. 2020

13. None
14. None
15. None

16. @michieltcs #StandWithUkraine

17. @michieltcs #StandWithUkraine "SpaceX provided audio recordings from the Crew Dragon’s

    fi rst orbital test fl ight to help prepare Hurley and Behnken for the ride during launch and re-entry."

18. @michieltcs #StandWithUkraine KEY TAKEAWAYS:

19. @michieltcs #StandWithUkraine TESTING

20. @michieltcs #StandWithUkraine EXPERIMENTATION

21. @michieltcs #StandWithUkraine SIMULATION

22. @michieltcs #StandWithUkraine ADAPTATION

23. @michieltcs #StandWithUkraine "BUT THAT IS ROCKET SCIENCE!"

24. @michieltcs #StandWithUkraine "THAT WOULDN'T WORK HERE"

25. @michieltcs #StandWithUkraine "WE DON'T HAVE THE BUDGET"

26. @michieltcs #StandWithUkraine "WE DON'T HAVE THE PEOPLE"

27. @michieltcs #StandWithUkraine "WE DON'T HAVE THE TIME"

28. @michieltcs #StandWithUkraine WHAT CAN WE LEARN FROM SPACE?

29. @michieltcs #StandWithUkraine WE ARE BUILDING

30. @michieltcs #StandWithUkraine WE ARE PART OF

31. @michieltcs #StandWithUkraine COMPLEX (DISTRIBUTED) SYSTEMS

32. @michieltcs #StandWithUkraine NOT LINEAR NOT NEWTONIAN NOT CARTESIAN

33. @michieltcs #StandWithUkraine CHANGES GENERALLY NOT REVERSIBLE

34. @michieltcs #StandWithUkraine MODEL DOES NOT MATCH REALITY

35. @michieltcs #StandWithUkraine SURPRISING FAILURE MODES

36. @michieltcs #StandWithUkraine "OKAY, BUT WE CAN BUILD SIMPLE THINGS"

37. @michieltcs #StandWithUkraine "WE SHOULD JUST PLAN BETTER"

38. @michieltcs #StandWithUkraine "WE SHOULD JUST BE MORE CAREFUL"

39. @michieltcs #StandWithUkraine "WE SHOULD JUST NOT MAKE MISTAKES"

40. @michieltcs #StandWithUkraine DAV I D WO O D S H

    T T P S : // YO U T U. B E /G N V X FG C - 5 J W

41. @michieltcs #StandWithUkraine "human failure is the biggest threat to security,

    therefore we periodically train our employees" (found on linkedin)

42. @michieltcs #StandWithUkraine "OKAY, BUT WHAT IF WE JUST TEST MORE"

43. @michieltcs @michieltcs #StandWithUkraine UNIT TESTS UI / E2E / VISUAL

    TESTS INTEGRATION / CONTRACT TESTS COST SPEED

44. @michieltcs #StandWithUkraine "Testing shows the presence, not absence, of bugs."

    E D S G E R W. D I J K S T RA

45. @michieltcs @michieltcs #StandWithUkraine

46. @michieltcs @michieltcs #StandWithUkraine

47. @michieltcs #StandWithUkraine "OKAY, BUT WHAT IF WE STOP CHANGE"

48. @michieltcs #StandWithUkraine "... incidents resulting from change is one of

    the most e ff ective metrics .... It isn’t a measure of system failures; it’s a measure of departmental failures"

49. @michieltcs #StandWithUkraine "... incidents resulting from change is one of

    the most e ff ective metrics .... It isn’t a measure of system failures; it’s a measure of departmental failures"

50. @michieltcs #StandWithUkraine "Every week of delay between having an idea

    and launching it to customers can mean millions of dollars lost in opportunity costs. IT matters." S T E V E S M I T H

51. @michieltcs #StandWithUkraine CHANGE IS INEVITABLE

52. @michieltcs #StandWithUkraine CHANGE IS NECESSARY

53. @michieltcs #StandWithUkraine "IF YOU’VE GOT TO BLAME SOMETHING, BLAME IMPERMANENCE."

54. @michieltcs @michieltcs #StandWithUkraine

55. @michieltcs #StandWithUkraine DEALING WITH THE UNKNOWN

56. @michieltcs #StandWithUkraine BUILD YOUR ADAPTIVE CAPACITY

57. @michieltcs @michieltcs #StandWithUkraine

58. @michieltcs @michieltcs #StandWithUkraine

59. @michieltcs #StandWithUkraine "We don’t rise to the level of our

    expectations, we fall to the level of our training." A R C H I LO C H U S , G R E E K S O L D I E R , P O E T, C . 6 5 0 B C

60. @michieltcs #StandWithUkraine WHAT DO YOU NEED?

61. @michieltcs #StandWithUkraine TO BUILD AN ADAPTIVE ORGANISATION?

62. @michieltcs #StandWithUkraine ‣ An adaptive architecture ‣ Incremental deployments ‣

    Automated provisioning ‣ Ubiquitous telemetry ‣ Chaos Engineering ‣ You Build It You Run It ‣ Post-incident reviews H T T P S : // W W W. S T E V ES M I T H .T EC H / B LO G / B U I L D - O P E RA B I L I T Y- I N /

63. @michieltcs #StandWithUkraine ‣ An adaptive architecture ‣ Incremental deployments ‣

    Automated provisioning ‣ Ubiquitous telemetry ‣ Chaos Engineering ‣ You Build It You Run It ‣ Post-incident reviews auto scaling, circuit breakers, health checks H T T P S : // W W W. S T E V ES M I T H .T EC H / B LO G / B U I L D - O P E RA B I L I T Y- I N /

64. @michieltcs #StandWithUkraine ‣ An adaptive architecture ‣ Incremental deployments ‣

    Automated provisioning ‣ Ubiquitous telemetry ‣ Chaos Engineering ‣ You Build It You Run It ‣ Post-incident reviews small & frequent deploys, blue/green, canary, rolling, rollbacks H T T P S : // W W W. S T E V ES M I T H .T EC H / B LO G / B U I L D - O P E RA B I L I T Y- I N /

65. @michieltcs #StandWithUkraine ‣ An adaptive architecture ‣ Incremental deployments ‣

    Automated provisioning ‣ Ubiquitous telemetry ‣ Chaos Engineering ‣ You Build It You Run It ‣ Post-incident reviews terraform, ansible, packer, etc. H T T P S : // W W W. S T E V ES M I T H .T EC H / B LO G / B U I L D - O P E RA B I L I T Y- I N /

66. @michieltcs #StandWithUkraine ‣ An adaptive architecture ‣ Incremental deployments ‣

    Automated provisioning ‣ Ubiquitous telemetry ‣ Chaos Engineering ‣ You Build It You Run It ‣ Post-incident reviews observability and operability H T T P S : // W W W. S T E V ES M I T H .T EC H / B LO G / B U I L D - O P E RA B I L I T Y- I N /

67. @michieltcs #StandWithUkraine ‣ An adaptive architecture ‣ Incremental deployments ‣

    Automated provisioning ‣ Ubiquitous telemetry ‣ Chaos Engineering ‣ You Build It You Run It ‣ Post-incident reviews controlled experiments on systems H T T P S : // W W W. S T E V ES M I T H .T EC H / B LO G / B U I L D - O P E RA B I L I T Y- I N /

68. @michieltcs #StandWithUkraine ‣ An adaptive architecture ‣ Incremental deployments ‣

    Automated provisioning ‣ Ubiquitous telemetry ‣ Chaos Engineering ‣ You Build It You Run It ‣ Post-incident reviews you OWN it you run it H T T P S : // W W W. S T E V ES M I T H .T EC H / B LO G / B U I L D - O P E RA B I L I T Y- I N /

69. @michieltcs #StandWithUkraine ‣ An adaptive architecture ‣ Incremental deployments ‣

    Automated provisioning ‣ Ubiquitous telemetry ‣ Chaos Engineering ‣ You Build It You Run It ‣ Post-incident reviews H T T P S : // W W W. S T E V ES M I T H .T EC H / B LO G / B U I L D - O P E RA B I L I T Y- I N / blameless postmortems, knowledge sharing, learning

70. @michieltcs #StandWithUkraine ‣ An adaptive architecture ‣ Incremental deployments ‣

    Automated provisioning ‣ Ubiquitous telemetry ‣ Chaos Engineering ‣ You Build It You Run It ‣ Post-incident reviews H T T P S : // W W W. S T E V ES M I T H .T EC H / B LO G / B U I L D - O P E RA B I L I T Y- I N /

71. @michieltcs #StandWithUkraine INTEGRATE EARLY

72. @michieltcs #StandWithUkraine INTEGRATE OFTEN

73. @michieltcs #StandWithUkraine MAKE THINGS SMALL

74. @michieltcs #StandWithUkraine BIG STEPS

75. @michieltcs #StandWithUkraine FAIL BIG

76. @michieltcs #StandWithUkraine SMALL STEPS

77. @michieltcs #StandWithUkraine FAIL SMALL

78. @michieltcs #StandWithUkraine $ = REALIZED VALUE C R E D

    I T S TO @ FG O U L D I N G

79. 21 Accelerate: State of DevOps 2019 | How Do We

    Compare? ELITE PERFORMERS Comparing the elite group against the low performers, we find that elite performers have… frequent code deployments 208 TIMES MORE time to recover from incidents 2,604 TIMES FASTER lead time from commit to deploy 106 TIMES FASTER change failure rate (changes are 1/7 as likely to fail) 7 TIMES LOWER Throughput Stability Source: 2019 State Of DevOps report

80. @michieltcs #StandWithUkraine OBSERVABILITY AND OPERABILITY

81. @michieltcs @michieltcs #StandWithUkraine

82. @michieltcs #StandWithUkraine "a measure of how well internal states of

    a system can be inferred from knowledge of its external outputs." H T T P S : // E N .W I K I P E D I A .O R G / W I K I / O B S E RVA B I L I T Y

83. @michieltcs @michieltcs #StandWithUkraine source: laredoute.io

84. @michieltcs #StandWithUkraine "the properties of a system which make it

    work well in production " H T T P S : //C O N F LU X D I G I TA L . N E T/ W H AT- I S - O P E RA B I L I T Y

85. @michieltcs #StandWithUkraine "the properties of a system which make it

    work well in production " H T T P S : //C O N F LU X D I G I TA L . N E T/ W H AT- I S - O P E RA B I L I T Y the operator experience

86. @michieltcs #StandWithUkraine EASY TO DEPLOY

87. @michieltcs #StandWithUkraine EASY TO TEST

88. @michieltcs #StandWithUkraine EASY TO INSPECT

89. @michieltcs #StandWithUkraine FEEDBACK LOOPS

90. @michieltcs @michieltcs #StandWithUkraine

91. @michieltcs #StandWithUkraine

92. @michieltcs #StandWithUkraine CHAOS ENGINEERING

93. @michieltcs #StandWithUkraine "the facilitation of experiments to uncover systemic weaknesses"

94. @michieltcs #StandWithUkraine "the discipline of experimenting on a distributed system

    in order to build con fi dence in the system’s capability to withstand turbulent conditions in production*"

95. @michieltcs @michieltcs #StandWithUkraine

96. @michieltcs @michieltcs #StandWithUkraine

97. @michieltcs #StandWithUkraine NOT (JUST) ABOUT BREAKING THINGS

98. @michieltcs #StandWithUkraine NOT (JUST) ABOUT BREAKING PROD

99. @michieltcs #StandWithUkraine START SMALL

100. @michieltcs #StandWithUkraine TEST ACC PROD

101. @michieltcs #StandWithUkraine H T T P S : // W

     W W.YO U T U B E .C O M / WATC H ? V = N O O G K N BW0 G K

102. @michieltcs #StandWithUkraine INCIDENT ANALYSIS

103. @michieltcs #StandWithUkraine "Here's the secret: Incident analysis is not actually

     about the incident." N O RA J O N ES

104. EVERY INCIDENT IS AN ICEBERG https:/ /www.hdwallpapers.net/nature/the-invisible-part-of-the-iceberg-wallpaper-746.htm

105. @michieltcs #StandWithUkraine ROOT CAUSE ANALYSIS?

106. @michieltcs #StandWithUkraine ROOT CAUSE ANALYSIS?

107. @michieltcs #StandWithUkraine "What you call 'root cause' is simply the

     place where you stop looking any further." S I D N E Y D E K K E R

108. @michieltcs #StandWithUkraine “What is the cause of the accident? This

     question is just as bizarre as asking what the cause is of not having an accident.” S I D N E Y D E K K E R

109. @michieltcs #StandWithUkraine “... the more I realized that this accident

     occurred not because something extraordinary had happened, but rather just the opposite” S C OT T A . S N O O K

110. @michieltcs #StandWithUkraine WHAT THEN?

111. @michieltcs #StandWithUkraine “"Regardless of what we discover, we understand and

     truly believe that everyone did the best job they could, given what they knew at the time, their skills and abilities, the resources available, and the situation at hand."” H T T P S : // R E T R O S P EC T I V E W I K I .O R G / I N D E X . P H P ? T I T L E = T H E _ P R I M E _ D I R EC T I V E

112. @michieltcs #StandWithUkraine BLAMELESS POSTMORTEMS

113. @michieltcs #StandWithUkraine BLAME AWARE POSTMORTEMS

114. @michieltcs #StandWithUkraine WHAT INFORMATION WAS AVAILABLE?

115. @michieltcs #StandWithUkraine WHAT INFORMATION MADE SENSE?

116. @michieltcs #StandWithUkraine WHAT FACTORS CONTRIBUTED TO THE EVENT?

117. @michieltcs #StandWithUkraine HOW DID THIS DIFFER FROM "NORMAL" OPS?

118. @michieltcs #StandWithUkraine WEAK VS STRONG SIGNALS

119. @michieltcs #StandWithUkraine HOW DID PEOPLE ADAPT?

120. @michieltcs #StandWithUkraine JUST CULTURE

121. @michieltcs #StandWithUkraine DO YOU ENCOURAGE SHARING AND LEARNING?

122. @michieltcs #StandWithUkraine PROTECT PEOPLE THAT SHARE BAD NEWS?

123. @michieltcs #StandWithUkraine CELEBRATE PEOPLE THAT SHARE BAD NEWS?

124. None

125. @michieltcs #StandWithUkraine IN SUMMARY

126. @michieltcs #StandWithUkraine YOU CAN'T TEST EVERYTHING

127. @michieltcs #StandWithUkraine YOU CAN'T PREPARE FOR EVERYTHING

128. @michieltcs #StandWithUkraine YOU CAN LEARN

129. @michieltcs #StandWithUkraine TO BE PREPARED

130. @michieltcs #StandWithUkraine TO DEAL WITH ANYTHING

131. @michieltcs @michieltcs #StandWithUkraine THANK YOU FOR LISTENING! @michieltcs / @michielrook.bsky.social

     email: [email protected] www.michielrook.nl

132. @michieltcs @michieltcs #StandWithUkraine https://www.michielrook.nl/2024/08/literature-tips/