From: Paul Rubin <no.email@nospam.invalid>
Subject: Re: newbie, Spark 2014 or Ada 2012
Date: Thu, 09 Jul 2015 16:25:45 -0700
Date: 2015-07-09T16:25:45-07:00 [thread overview]
Message-ID: <87bnfk7w1y.fsf@jester.gateway.sonic.net> (raw)
In-Reply-To: mnmu29$kp3$1@dont-email.me
"Jeffrey R. Carter" <spam.jrcarter.not@spam.not.acm.org> writes:
> So when does this bookshelf that doesn't need to be correct, robust,
> and reliable need to ship? This is a red herring. It has nothing to do
> with what we're discussing.
It's possible to make a reliable bookshelf without a lot of engineering
is all I'm saying.
> Engineering becomes important when the thing will be used by
> others. That's at least 99% of S/W.
I don't believe that. I'm probably the sole user of 50% of the code
that I write at work, and 90%+ of the code that I write at home. And
the stuff I write at work that's used by others is generally running on
servers, so the users are interacting with it but not actually running
it themselves, which also makes things easier. One such program crashed
dozens of times a day during its early deployment and nobody noticed or
cared (a monitoring daemon restarted it within milliseconds after every
crash). Yes we could have worked more of the bugs out before deploying,
but that would have meant delaying launch for no significant gains. We
instead examined the crash logs and fixed problems when they occurred,
and things got stable after a while. That would have been an
irresponsible approach for a safety critical or financial site or one
with medical records etc., but for what we were doing (an information
service) it was fine.
It occurs to me, some of the highest reliability systems in the world
(phone switches designed for 40-year lifetimes with zero seconds down)
are programmed in Erlang, which is typeless like Python. Those systems
do need real development and QA processes, but part of the Erlang
mindset is that the software WILL have bugs and the system has to keep
running in the presence of those bugs. So the programs are written as
interacting lightweight processes that are expected to crash if they hit
problems. Crashed processes are monitored and restarted, or the
workload migrated if the restart scheme fails. One of the mottos is
"the power cord is a single point of failure" which means that the
systems use redundant hardware and have the ability to keep running
(maybe at degraded capacity) even when something breaks.
next prev parent reply other threads:[~2015-07-09 23:25 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-06 0:28 newbie, Spark 2014 or Ada 2012 nomadlite
2015-07-06 1:30 ` Paul Rubin
2015-07-06 7:04 ` nomadfate
2015-07-06 7:20 ` Paul Rubin
2015-07-06 7:50 ` Jacob Sparre Andersen
2015-07-06 18:44 ` Jeffrey R. Carter
2015-07-06 9:34 ` Björn Lundin
2015-07-06 16:19 ` Paul Rubin
2015-07-06 22:37 ` Björn Lundin
2015-07-07 1:30 ` Paul Rubin
2015-07-07 9:35 ` darkestkhan
2015-07-07 17:26 ` David Botton
2015-07-07 3:46 ` Nasser M. Abbasi
2015-07-07 8:24 ` Björn Lundin
2015-07-07 8:57 ` Georg Bauhaus
2015-07-07 18:48 ` Randy Brukardt
2015-07-07 22:56 ` Paul Rubin
2015-07-08 19:50 ` Randy Brukardt
2015-07-08 22:57 ` Paul Rubin
2015-07-09 17:59 ` Björn Lundin
2015-07-09 20:10 ` Paul Rubin
2015-07-09 20:22 ` Jeffrey R. Carter
2015-07-09 20:41 ` Paul Rubin
2015-07-09 21:59 ` Jeffrey R. Carter
2015-07-09 22:37 ` Paul Rubin
2015-07-09 22:55 ` Jeffrey R. Carter
2015-07-09 23:25 ` Paul Rubin [this message]
2015-07-10 22:12 ` Randy Brukardt
2015-07-06 19:20 ` David Botton
2015-07-06 2:16 ` David Botton
2015-07-06 6:56 ` nomadfate
2015-07-06 19:18 ` David Botton
2015-07-10 22:49 ` nomadfate
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox