Successfully reported this slideshow.

Debugging under fire: Keeping your head when systems have lost their mind

8

Share

May. 02, 2017
8 likes 3,594 views
Upcoming SlideShare
SRE Topics with Charity Majors and Liz Fong-Jones of Honeycomb
SRE Topics with Charity Majors and Liz Fong-Jones of Honeycomb
Loading in …3
×
1 of 29
1 of 29

Debugging under fire: Keeping your head when systems have lost their mind

May. 02, 2017
8 likes 3,594 views

8

Share

Download to read offline

Software

My opening keynote from GOTO Chicago 2017. Video: https://www.youtube.com/watch?v=30jNsCVLpAE

My opening keynote from GOTO Chicago 2017. Video: https://www.youtube.com/watch?v=30jNsCVLpAE

Software

Recommended

More Related Content

Similar to Debugging under fire: Keeping your head when systems have lost their mind

Feedback loops between tooling and culture
Chris Winters
All Day DevOps 2017 - There is No Root Cause
Matthew Boeckman
DevSecOps with Microsoft Tech
Darin Morris
Ops in the Time of Serverless Containerized Webscale (CF Summit)
bridgetkromhout
The Rocky Cloud Road
Gert Drapers
DevOps and the Future of InfoSec
Darin Morris
Smau Bologna 2013 Stefano Zanero
Smau
Devoxx US 2017 "The Seven (More) Deadly Sins of Microservices"
Daniel Bryant
Solving the Hidden Costs of Kubernetes with Observability
DevOps.com
Ispectrum magazine #15
Ispectrum Magazine
JavaOne 2016 "Java, Microservices, Cloud and Containers"
Daniel Bryant
Architecting a Post Mortem - Velocity 2018 San Jose Tutorial
Will Gallego
The Marriage of Communication and Code: How Strategists and Technicians Can E...
Andrea Goulet
OOP/MM 2017: "Seven (More) Deadly Sins of Microservices"
Daniel Bryant
The seven deadly sins of microservices
Haufe-Lexware GmbH & Co KG
The Thought Leader Interview: GE’s Bill Ruh on the Industrial Internet Revolu...
Strategy&, a member of the PwC network
Continuous Deployment - The New #1 Security Feature, from BSildesLA 2012
Nick Galbreath
Critical Thinking for Software Testers
TechWell
Perspectives on Open
Tim O'Reilly
Ops in the time of serverless containerized webscale (AATC)
bridgetkromhout

More from bcantrill

Towards Holistic Systems
bcantrill
The Coming Firmware Revolution
bcantrill
Hardware/software Co-design: The Coming Golden Age
bcantrill
Tockilator: Deducing Tock execution flows from Ibex Verilator traces
bcantrill
No Moore Left to Give: Enterprise Computing After Moore's Law
bcantrill
Andreessen's Corollary: Ethical Dilemmas in Software Engineering
bcantrill
Visualizing Systems with Statemaps
bcantrill
Platform values, Rust, and the implications for system software
bcantrill
Is it time to rewrite the operating system in Rust?
bcantrill
dtrace.conf(16): DTrace state of the union
bcantrill
The Hurricane's Butterfly: Debugging pathologically performing systems
bcantrill
Papers We Love: ARC after dark
bcantrill
Principles of Technology Leadership
bcantrill
Zebras all the way down: The engineering challenges of the data path
bcantrill
Platform as reflection of values: Joyent, node.js, and beyond
bcantrill
Down Memory Lane: Two Decades with the Slab Allocator
bcantrill
The State of Cloud 2016: The whirlwind of creative destruction
bcantrill
Oral tradition in software engineering: Passing the craft across generations
bcantrill
The Container Revolution: Reflections after the first decade
bcantrill
Debugging (Docker) containers in production
bcantrill

Featured

What to Upload to SlideShare
SlideShare
Be A Great Product Leader (Amplify, Oct 2019)
Adam Nash
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
APIdays Paris 2019 - Innovation @ scale, APIs as Digital Factories' New Machi...
apidays
A few thoughts on work life-balance
Wim Vanderbauwhede
Is vc still a thing final
Mark Suster
The GaryVee Content Model
Gary Vaynerchuk
Mammalian Brain Chemistry Explains Everything
Loretta Breuning, PhD
Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden
Inside Google's Numbers in 2017
Rand Fishkin
Pinot: Realtime Distributed OLAP datastore
Kishore Gopalakrishna
How to Become a Thought Leader in Your Niche
Leslie Samuel
Visual Design with Data
Seth Familian
Designing Teams for Emerging Challenges
Aaron Irizarry
UX, ethnography and possibilities: for Libraries, Museums and Archives
Ned Potter
Winners and Losers - All the (Russian) President's Men
Ian Bremmer

Related Books

Free with a 14 day trial from Scribd

See all
In the Plex: How Google Thinks, Works, and Shapes Our Lives Steven Levy
(4.5/5)
Free
Hamlet's BlackBerry: A Practical Philosophy for Building a Good Life in the Digital Age William Powers
(4/5)
Free
The Impulse Economy: Understanding Mobile Shoppers and What Makes Them Buy Gary Schwartz
(4.5/5)
Free
Emergence: The Connected Lives of Ants, Brains, Cities, and Software Steven Johnson
(4.5/5)
Free
Tubes: A Journey to the Center of the Internet Andrew Blum
(4/5)
Free
World Wide Mind: The Coming Integration of Humanity, Machines, and the Internet Michael Chorost
(4/5)
Free
An Army of Davids: How Markets and Technology Empower Ordinary People to Beat Big Media, Big Government, and Other Goliaths Glenn Reynolds
(4/5)
Free
The End of Business As Usual: Rewire the Way You Work to Succeed in the Consumer Revolution Brian Solis
(5/5)
Free
Blog Schmog: The Truth About What Blogs Can (and Can't) Do for Your Business Robert W. Bly
(4/5)
Free
The Thank You Economy Gary Vaynerchuk
(4/5)
Free
Talking Back to Facebook: The Common Sense Guide to Raising Kids in the Digital Age James P. Steyer
(4.5/5)
Free
The Nature of the Future: Dispatches from the Socialstructed World Marina Gorbis
(4/5)
Free
Public Parts: How Sharing in the Digital Age Improves the Way We Work and Live Jeff Jarvis
(3.5/5)
Free
Socialnomics: How Social Media Transforms the Way We Live and Do Business Erik Qualman
(4/5)
Free
Uncanny Valley: A Memoir Anna Wiener
(4.5/5)
Free
The Inmates Are Running the Asylum (Review and Analysis of Cooper's Book) BusinessNews Publishing
(4/5)
Free

Related Audiobooks

Free with a 14 day trial from Scribd

See all
Algorithms to Live By: The Computer Science of Human Decisions Brian Christian
(4.5/5)
Free
The Death of Expertise: The Campaign Against Established Knowledge and Why it Matters Tom Nichols
(4.5/5)
Free
Alone Together: Why We Expect More from Technology and Less from Each Other Sherry Turkle
(4.5/5)
Free
Blockchain Revolution: How the Technology Behind Bitcoin Is Changing Money, Business, and the World Don Tapscott
(4/5)
Free
The Emperor's New Mind: Concerning Computers, Minds, and the Laws of Physics Roger Penrose
(3.5/5)
Free
New Dark Age: Technology and the End of the Future James Bridle
(4.5/5)
Free
Ten Arguments for Deleting Your Social Media Accounts Right Now Jaron Lanier
(4/5)
Free
Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Seth Stephens-Davidowitz
(4.5/5)
Free
The History of the Future: Oculus, Facebook, and the Revolution That Swept Virtual Reality Blake J. Harris
(4.5/5)
Free
The New New Thing: A Silicon Valley Story Michael Lewis
(4.5/5)
Free
Cognitive Surplus: Creativity and Generosity in a Connected Age Clay Shirky
(4/5)
Free
The Dark Net: Inside the Digital Underworld Jamie Bartlett
(4/5)
Free
An Introduction to Information Theory: Symbols, Signals and Noise John R. Pierce
(4.5/5)
Free
The Social Life of Information: Updated, with a New Preface-Revised John Seely Brown
(0/5)
Free
Who Owns the Future? Jaron Lanier
(4/5)
Free
Targeted: The Cambridge Analytica Whistleblower's Inside Story of How Big Data, Trump, and Facebook Broke Democracy and How It Can Happen Again Findaway
(4/5)
Free

Debugging under fire: Keeping your head when systems have lost their mind

  1. 1. Debugging under fire Keeping your head when
 systems have lost their mind CTO bryan@joyent.com Bryan Cantrill @bcantrill
  2. 2. The genesis of an outage
  3. 3. “Please don’t be me, please don’t be me”
  4. 4. “…doesn’t begin to describe it”
  5. 5. “WHEE!”
  6. 6. “Fat-finger”? • Not just a “fat-finger”; even this relatively simple failure reflected deeper complexities:
 
 
 
 
 
 
 
 • Outage was instructive — and lucky — on many levels…
  7. 7. It could have been much worse! • The (open source!) software stack that we have developed to run our public cloud, Triton, is a complicated distributed system • Compute nodes are PXE booted from the headnode with a RAM-resident platform image • It seemed entire conceivable that the services needed to boot compute nodes would not be able to start because a compute node could not boot… • This was a condition we had tested, but at nowhere near the scale — this was a failure that we hadn’t anticipated!
  8. 8. How did we get here? • Software is increasingly delivered as part of a service • Software configuration, deployment and management is increasingly automated • But automation is not total: humans are still in the loop, even if only developing software • Semi-automated systems are fraught with peril: the arrogance and power of automation — but with human fallibility
  9. 9. Human fallibility in semi-automated systems
  10. 10. Human fallibility in semi-automated systems
  11. 11. Whither microservices? • Microservices have yielded simpler components — but more complicated systems • …and open source has allowed us to deploy many more kinds of software components, increasing complexity again • As abstractions become more robust, failures become rare, but arguably more acute: service outage is more likely due to cascading failure in which there is not one bug but several • That these failures may be in discrete software services makes understanding the system very difficult…
  12. 12. The Microservices Complexity Paradox
  13. 13. The Microservices Complexity Paradox an active shooter
  14. 14. Modern software failure modes
  15. 15. An even more apt metaphor
  16. 16. A mechanical distributed system
  17. 17. But… but… alerts and monitoring! 
 “It is a difficult thing to look at a winking light on a board, or hear a peeping alarm — let alone several of them — and immediately draw any sort of rational picture of something happening” — Nuclear Regulatory Commission’s Special Report
 on incident at Three Mile Island
  18. 18. The debugging imperative • We suffer from many of the same problems as nuclear power in the 1970s: we are delivering systems that we think can’t fail • In particular, distributed systems are vulnerable to software defects — we must be able to debug them in production • What does it mean to develop software to be debugged? • Prompts a deeper question: how do we debug, anyway?
  19. 19. Debugging in the abstract • Debugging is the process by which we understand pathological behavior in a software system • It is not unlike the process by which we understand the behavior of a natural system — a process we call science • Reasoning about the natural world can be very difficult: experiments are expensive and even observations can be very difficult • Physical science is hypothesis-centric
  20. 20. The exceptionalism of software • Software is entirely synthetic — it is mathematical machine! • The conclusions of software debugging are often mathematical in their unequivocal power! • Software is so distilled and pure — experiments are so cheap and observation so limitless — that we can structure our reasoning about it differently • We can understand software by simply observing it
  21. 21. The art of debugging • The art of debugging isn’t to guess the answer — it is to be able to ask the right questions to know how to answer them • Answered questions are facts, not hypotheses • Facts form constraints on future questions and hypotheses • As facts beget questions which beget observations and more facts, hypotheses become more tightly constrained — like a cordon being cinched around the truth
  22. 22. The craft of debuggable software • The essence of debugging is asking and answering questions — and the craft of writing debuggable software is allowing the software to be able to answer questions about itself • This takes many forms: • Designing for postmortem debuggability • Designing for in situ instrumentation • Designing for post hoc debugging
  23. 23. A culture of debugging • Debugging must be viewed as the process by which systems are understood and improved, not merely as the process by which bugs are made to go away! • Too often, we have found that beneath innocent wisps of smoke lurk raging coal infernos • Engineers must be empowered to understand anomalies! • Engineers must be empowered to take the extra time to build for debuggability — we must be secure in the knowledge that this pays later dividends!
  24. 24. Debugging during an outage • When systems are down, there is a natural tension: do we optimize for recovery or understanding? • “Can we resume service without losing information?” • “What degree of service can we resume with minimal loss of information?” • Overemphasizing recovery with respect to understanding may leave the problem undebugged or (worse) exacerbate the problem with a destructive but unrelated action
  25. 25. The peril of overemphasizing recovery • Recovery in lieu of understanding normalizes broken software • If it becomes culturally engrained, the dubious principle of software recovery has toxic corollaries, e.g.: • Software should tolerate bad input (viz. “npm isntall”) • Software should “recover” from fatal failures (uncaught exceptions, segmentation violations, etc.) • Software should not assert the correctness of its state • These anti-patterns impede debuggability!
  26. 26. Debugging after an outage • After an outage, we must debug to complete understanding • In mature systems, we can expect cascading failures — which can be exhausting to fully unwind • It will be (very!) tempting after an outage to simply move on, but every service failure (outage-inducing or not) represents an opportunity to advance understanding • Software engineers must be encouraged to understand their own failures to encourage designing for debuggability
  27. 27. Enshrining debuggability • Designing for debuggability effects true software robustness: differentiating operational failure from programmatic ones • Operational failures should be handled; programmatic failures should be debugged • Ironically, the more software is designed for debuggability the less you will need to debug it — and the more you will leverage it to debug the software that surrounds it
  28. 28. Debugging under fire • It will always be stressful to debug a service that is down • When a service is down, we must balance the need to restore service with the need to debug it • Missteps can be costly; taking time to huddle and think can yield a better, safer path to recovery and root-cause • In massive outages, parallelize by having teams take different avenues of investigation • Viewing outages as opportunities for understanding allows us to develop software cultures that value debuggability!
  29. 29. Hungry for more? • If you are the kind of software engineer who values debuggability — and loves debugging — Joyent is hiring! • If you have not yet hit your Cantrillian LD50, I will be joining Brigit Kromhout, Andrew Clay Shafer, Matt Stratton as “Old Geeks Shout At Cloud” • Thank you!

×