Eccentric Flower:201006/System Failure
From Eccentric Flower
System Failure
As I write this, I am preparing to spend the second day in a row trying to figure out why our web server is suddenly acting as if someone has piped Kryptonite into its circulatory system. It has no basis to choke this badly, and so far nothing diagnostic is providing the slightest clue. It is, in short, a completely unforeseeable failure - one which could not have been anticipated in any way.
Also as I write this, Twitter, which has behaved badly and sluggishly for many days, has gone beyond sluggish and into "outage." My Twitter page is available for a few minutes out of every half hour right now; the rest of the time it insists it is over capacity, which may not be true, because I believe Twitter puts up the "over capacity" page for all error responses that are not in the 500 range (for those it puts up "Something is technically wrong.")
Twitter should have read the writing on the wall a couple of months ago and begun ramping up capacity. Their failure, in other words, was completely predictable and is thus completely inexcusable.
I'm not very tolerant of failures - less tolerant of my own than other people's, but not by much. I recognize failures happen, and I try not to be too hard on the people who are left holding the blame for the truly unpredictable ones. However, this only makes me go even harder on the ones which could have been predicted. If they can be predicted, they can be avoided. Period. (Sometimes the avoidance measures have to be pretty Draconian, I admit - maybe intolerably so in some cases.)
Here's a lovely failure which could totally have been avoided. While we were in Washington this past weekend, we had a rental car. It was an Impreza. Now, we love Subarus here - we drive a Forester and think very highly of it - but this car, it instantly became apparent, had some extremely suspect design decisions. Most of them were merely inconvenient, like the bad angles on the windows and seats, or incomprehensible, the dash indicator that meant something bad if red and something innocuous if the exact same symbol was blue ... but this one could actually have been dangerous.
Place a dot on the position in the shifting groove where you think you need to place the shift lever to put the car in Drive. Think about it a bit before moving down to see the other pictures.
If you put the dot here, you're wrong:
That puts the car in "sport mode," where you must upshift/downshift manually by pushing the gearshift temporarily into the areas marked with the + and - signs ... a way of faking a manual transmission for all the midlife-crisis men who want to feel like they are driving a hot sportscar but who are too wimpy to buy a real one ... or, viewed more charitably, a way for people like me who hate automatics, but are sometimes forced to drive one, to change gears when the gears should be changed at about 2500 RPM, rather than the ten-seconds-after-the-proper-time 3500 RPM that most automatics wait until.
If you have accidentally done this, like my wife did, working on the usual principle that Drive is "all the way to the end," then you will find that the car refuses to change gears and the engine will rev higher and higher as you try to go twenty miles per hour in first gear. If you are my wife, who drives a manual transmission car normally and knows perfectly well what overrev sounds like, you pull over because you are worried that something is badly wrong with the car, and your husband digs out the (still shrinkwrapped!) owner's manual and finds the problem, and you both spend the rest of the drive talking about how utterly stupid a design decision this is.
If you are not as on the ball as we are, you drive down the road and onto the highway and somehow manage to ignore the noise the car is making from trying to go fifty in first gear, and eventually, not long after, your engine dies.
This is where you should put the lever if you want the normal automatic-transmission sense of "Drive":
How could this have been avoided? Well, some labelling of "sport mode" down on the shift panel would certainly have helped. (There is an indicator light on the dashboard, very small, and difficult to see if you don't know where to look.) Even better would have been some sort of lockout - like a button to press on the shift lever or some other Are You Sure hoop to jump through that would prevent shifting into sport mode unless that was what you really intended to do.
Of course, the manufacturer would say that this in no way demonstrates any culpability on their part, since all users are expected to read and memorize the entire owner's manual before ever operating the vehicle. One day someone's going to have a court case over an expectation like that, if it hasn't already happened.
Bottom line is, it is expensive and requires genuine thought to design something in a way which avoids stupidity and anticipates as many possible breakdowns/failures/disasters as possible. No one likes to design for disaster. It's hard. But it is a necessary evil if we are to have any quality of life at all. When it is done badly, the consequences can be far beyond not being able to get to a web site or having some operational problems with your car.
If you need a further example of this, please take note of the Gulf of Mexico at this time.
Oh... So, is THAT why some people insist on stick shifts? I drive an old car with a stick shift, and I'm always grinding the gears and stalling out at intersections. Automatics are pure bliss by comparison. I knew some people actually preferred sticks, but I couldn't imagine why.
-- 20:15, 9 June 2010 (BST)
I want to change gears when *I* want to change gears.
They also break down less often than automatics, last longer, are cheaper, and (when used properly) are more fuel-efficient. As far as I can tell, automatics are one of those technological improvements that actually improve nothing except reducing the amount of thought and attention needed by the driver. Sorry. No offense meant if that feels like a good trade for you.
-- 20:22, 9 June 2010 (BST)
I'll admit to being an automatic-shift driver, but mostly because it's tougher to find standard-shift cars. Whenever I've had to drive a standard-shift (borrowing, generally), I like it very much, especially in the snow.
Your "failure to anticipate" idea reminds me that there are no safety rails in Europe. Apparently, nobody has fallen off of anything yet.
-- 00:32, 10 June 2010 (BST)
"I want to change gears when *I* want to change gears."
And I want to lock my doors when *I* want to lock them, not mandatorily, when I put the car into drive. Worse yet is to have to put the car into park to unlock said doors. I know, I know, it's a *safety feature.* Horse feathers! I am quite capable of locking my own doors, thank you. I admit, a fair percentage of the driving population here in SoFlo is, shall we say, of a certain age. So maybe they don't know how to lock the doors, or might forget to. I dunno. But that feature drives me straight up and sideways. (It's my mother's car...)
-- 03:45, 10 June 2010 (BST)
Andy:
If twitter's failure was completely inexcusable, I think you should call them up and ask for a full refund.
Or if you think the user outrage at the outage is so great that its user base will jump ship, you should start a twitter competitor to get all those users, and make millions of dollars.
Why is it inexcusable if a free service decides that it isn't worth the costs of providing 99.99% availability?
I read a fascinating book once about engineering disasters that made the point that engineering isn't about building perfect, never-fail systems; that's impossible. It's about understanding the failure modes and their chances, and making cost-benefit analyses. Only in the digital world, rather than the real world, which is analog, is a failure rate of 0 possible.
-- 13:34, 10 June 2010 (BST)
Well, of course you can argue "you get what you pay for." However, Twitter has a PR motive for reducing its downtime, especially if they're on the verge of trying to figure out how to convert to a profitable service without pissing off their users. It strikes me that this need is strong enough that their trying to achieve 100% availability suddenly becomes worth pursuing. Maybe they figure it differently. I hope they enjoyed all the bad press they got over the past two days. (Did I mention I'm really intolerant of failure and quite nasty about it? Especially nasty about companies/corporations, who are not human and therefore are not entitled to politeness and/or compassion?)
I would love it if there were viable alternatives for the service that Twitter provides, so that when their outage became intolerable, the whole user base was willing and able to switch bodily and instantly to their competitor. Now that would send a message: We'll come back when you stop fucking up. Right now if they do that they have nowhere to go, so Twitter doesn't have to sit up and take notice.
I would love to see a greatly mobile, extremely fickle price-and-quality-oriented consumer base, without brand loyalty or other such drives. Basically, I want a lot more commodities to be like sugar.
White refined sugar is a remarkably consistent product. It is almost always of acceptable quality, and there is virtually no difference in product quality or nature between various packagers. Consumers know this, and therefore they shop for sugar with little or no brand loyalty. Surveys have proved this. They pick whatever is available. They would probably pick whichever was cheapest, but because sugar is (in essence) a totally fungible commodity, prices have long since standardized to a set point and there is utterly no difference between brands at all.
I love this model. I'm not saying that there shouldn't be features competition - in fact for many products (computers, for example) I like the "pay more, get more" price model (and its corollary "I need less so I should be able to pay less"). But there are a surprising number of goods and services on the market which should have a price model like sugar - products which have fundamentally no difference between them and which should be handled like commodities.
Manufacturers, of course, hate the sugar model because it means they can't gouge (see the other thread).
In the case of Twitter, of course, pricing isn't a factor (yet). Their problem is they have no competition. Once they do, you can bet that working for 100% uptime will become much more attractive, especially if the competitor offers services that are near-identical enough that it becomes a pick-your-identical-commodity-provider decision. Almost makes me want to go create that rival, just to try to watch Twitter sweat a little. But I won't have to. Because soon Twitter will run out of the VC they've been living on and will have to make money. When they do, all the no-ads-ever zealots and everything-for-free naifs will desert them. Suddenly, someone will decide it's attractive to try to enter that market to catch the escapee business. And then, not long after, they will realize they'll need to make money. And then we'll see a contest of equal rivals. Normally it would be a while to wait, but this process has accelerated greatly on the web. I give it about a year.
-- 16:52, 10 June 2010 (BST)
Utterly off topic, did you ever get around to seeing Robbins' Alice? If memory serves, someone else volunteered to see it and review it. Unless I missed something, it never came up again.
-- 03:31, 11 June 2010 (BST)
Jette:
Hey, that's my car! Fortunately, the salesman explained the whole sports mode thing during the first test drive. I've had other cars with weird auto transmissions so I would have put the dot in the right place anyway, but I wouldn't assume everyone does that. You're quite right.
-- 17:18, 9 June 2010 (BST)