AA261: DevOps lessons in collaborative maintenance

•

2 likes•1,163 views

On January 31, 2000, Alaska Airlines Flight 261 plunged into the Pacific ocean in an extreme "nose down" position, killing all 88 crew and passengers on board. The NTSB concluded AA261's horizontal stabiliser trim system's jackscrew was inadequately maintained, causing the pilots to lose all control of the plane. There are striking parallels with the problems we face daily in IT operations & software development, and the 30 years of give and take between the aircraft manufacturer's engineers, airline maintenance staff, and federal regulators that preceded AA261's simple mechanical failure. In this talk, Lindsay looks at the complex interplay between the parties in the AA261 crash through a DevOps lens, investigating the collaborative approach to maintenance and operation of the MD-83 aircraft, and relating the complexities back to the complex IT systems we build and maintain.

Technology

AA261
DevOps lessons in
collaborative maintenance

2 hours into flight:
Jammed horizontal stabiliser

This is a maintenance accident. Alaska
Airlines' maintenance and inspection of its
horizontal stabilizer activation system was
poorly conceived and woefully executed. The
failure was compounded by poor oversight...
had any of the managers, mechanics,
inspectors, supervisors or FAA overseers
whose job it was to protect this mechanism
done their job conscientiously, this accident
cannot happen.
-- John J. Goglia, NTSB Board Member

[hindsight] converts a once
vague, unlikely future into an
immediate, certain past
-- Sidney Dekker

“poorly conceived
and
woefully executed”

1965 every 300-350 hours launch of DC-9

1985 every 700 hours industry deregulation

1987 every 1000 hours industry standardisation

1991 every 1200 hours industry standardisation

1994 every 1600 hours industry standardisation

1996 every 8 months (2550 hours) Alaska Airlines policy change

Complex system constraints
Jens Rasmussen

outside: failure of foresight

oad

saf
rkl

ety
wo

economy

outside: failure of foresight

oad

saf
rkl inside:

ety
trade-oﬀs
wo
in direction of
greater eﬃciency

economy

trade-oﬀs
in direction of
greater eﬃciency

Why would they make bad
decisions intentionally?

“people make what they
consider to be the best
decision based on available
knowledge at the time”

“God, our ops team are arseholes. I just want
to deploy this change and go home!”

“God, our ops team are arseholes. I just want
to deploy this change and go home!”
oad

saf
rkl

ety
wo

economy

“God, our ops team are arseholes. I just want
to deploy this change and go home!”
oad

oad
saf

saf
rkl

rkl
ety

ety
wo

wo
economy economy

Is deployment important
to the business?

“It’s 3am an the pager has gone oﬀ again. Why
can’t these devs just write code that works?”

“It’s 3am an the pager has gone oﬀ again. Why
can’t these devs just write code that works?”
oad

saf
rkl

ety
wo

economy

“It’s 3am an the pager has gone oﬀ again. Why
can’t these devs just write code that works?”
oad

oad
saf

saf
rkl

rkl
ety

ety
wo

wo
economy economy

Why didn’t the dev know the
code would fail like this?

Why weren’t you involved
when the code was written?

“root cause” is simply the
point you stop looking
-- Sidney Dekker

Thank you!
Liked the talk? Let @auxesis know!

Sidney Dekker [books]
Field Guide to Understand Human Error
Drift Into Failure
Just Culture

Dan Manges [blog]
How incidents affect infrastructure priorities

Similar to AA261: DevOps lessons in collaborative maintenance

Marc provides a North American perspective on hybrid energy systems, using the Nome Joint Utilities Systems of Nome, Alaska, as a case study. Marc introduces the ACEP facilities and discusses a collaborative approach, as demonstrated by the successful R&D and testing campaign integrating an energy storage flywheel with a power conversion and control system (Hatch Engineering, Williams Hybrid Power and ABB)

Ips connect 2015 marc mueller stoffels

james_hamilton

AGME Expansion Project Final 122104

Richard Houdlette

Disruptive Business Model

Yves Pigneur

For more information, go to http://www.thinkdsi.com/grid/. With the current focus on building a smart grid and investments being made on the technology side as well as the infrastructure side, energy is certainly getting much press! Uncertainty has never been higher. This webinar aims to discuss this uncertainty. Based on field research and expert interviews, the recent comprehensive report "Future of the Energy Grid 2025" by Decision Strategies International presents views on everything from fuel mix to behind-the-meter innovation. What could the grid look like in 2025? How will different stakeholders be affected? Scott Snyder, President, and Stephan Hagelauer, Senior Consultant, will present the key findings of the report, and give you tools and tactics to help you develop resilient strategies and robust portfolio initiatives to succeed in the energy industry. Three executives representing stakeholders in the energy industry will present how they have used the report to help “future proof” their own organizations and discuss some of the factors they find critical to success: -Karl Pfirrman, Executive Vice President of PJM -Rear Admiral Phil Cullom in charge of the US Navy Energy Strategy -Govi Rao, CEO of Lighting Science

Future of the U.S. Energy Grid

thinkdsi

Integrated Rig Stacking Solutions LLC

Chip Keener

Reliability

Dakshna Moorthy Sottu

Helicopter Aviation: Human Factors

IHSTFAA

Compressed air repair implementation

TNenergy

Wave energy

Matilde Larenza

Shimpo high precision catalog

Electromate

Ppt for automatic plant irrigation system

stk25

Similar to AA261: DevOps lessons in collaborative maintenance (11)

Ips connect 2015 marc mueller stoffels

AGME Expansion Project Final 122104

Disruptive Business Model

Future of the U.S. Energy Grid

Integrated Rig Stacking Solutions LLC

Reliability

Helicopter Aviation: Human Factors

Compressed air repair implementation

Wave energy

Shimpo high precision catalog

Ppt for automatic plant irrigation system

More from Lindsay Holmwood

On June 1, 2009 Air France 447 crashed into the Atlantic ocean killing all 228 passengers and crew. The 15 minutes leading up to the impact were a terrifying demonstration of the how thick the fog of war is in complex systems. Mainstream reports of the incident put the blame on the pilots - a common motif in incident reports that conveniently ignore a simple fact: people were just actors within a complex system, doing their best based on the information at hand. While the systems you build and operate likely don't control the fate of people's lives, they share many of the same complexity characteristics. Dev and Ops can learn an abundance from how the feedback loops between these aviation systems are designed and how these systems are operated. In this talk Lindsay will cover what happened on the flight, why the mainstream explanation doesn't add up, how design assumptions can impact people's ability to respond to rapidly developing situations, and how to improve your operational effectiveness when dealing with rapidly developing failure scenarios.

Escalating complexity: DevOps learnings from Air France 447

Lindsay Holmwood

Bulletproof Networks provides managed hosting services to some of the largest companies in Australia. Bulletproof implements strong isolation of customer environments, and this can present unique challenges when re-using Puppet code across our customer base. Additionally, the environments range in size from small to very large, and our tools + processes need to be able to handle both uses cases equally well. In this talk Lindsay + Mick will cover how Bulletproof's approach to these problems has evolved over the last 4 years, and some of the tools Bulletproof has developed and built upon to provide an awesome service to our customers.

Islands: Puppet at Bulletproof Networks

Lindsay Holmwood

We all know that load testing is important, but it's all too common that it's left to the very end of a project and it's invariably the first thing that gets dropped when budgets and timeframes get cut. Furthermore, most of us don't know where or how to start implementing effective load tests, let alone how to analyse the results. Lindsay Holmwood, Software Manager at Bulletproof Networks, will be talking about integrating performance testing into your application development + deploy cycle from the very beginning, using inexpensive and easy to use SaaS tools. There will be a hands on demonstration of the Blitz load + performance testing tool, coupled with a brief dive into the Blitz API internals to retrieve and analyse advanced reporting information.

Load testing with Blitz

Lindsay Holmwood

Latency: The Silent Monitoring System Killer

Lindsay Holmwood

We’re all familiar with the Puppet manifest development cycle: “make your change, commit your change, push your change, run Puppet, debug the output, then go back to the beginning to refactor or fix a bug”. What if you could could shorten the cycle to “make a change, run puppet, commit change”? Enter Rump, a tool for doing Puppet runs locally from a Git checkout. Rump encourages a Puppet workflow where you quickly + iteratively develop your Puppet manifests on a single machine, then push your changes up to a repository to deploy to the rest of your infrastructure. Lindsay will be demonstrating how to setup Rump, showing off some awesome workflows for doing local iterative development, and exposing super cool features like testing your manifests against new versions of Puppet in a single command.

Rump - making Puppetmaster-less Puppet meaty

Lindsay Holmwood

Does Behaviour Driven Development have a role in the infrastructure world? Enter Behaviour Driven Infrastructure where systems administrators can apply some simple open source tools and BDD principles to make infrastructure management more powerful, more insightful and deliver more value to their customers. The typical enterprise monitoring and configuration management set-up for a website is: - Is the Apache package installed and the appropriate version? - Is the Apache service running? - Can I connect to the HTTP port and is HTML returned? - Multiply this by a few hundred iterations of hosts and types of services and you’re probably looking at your typical Nagios, Puppet, Cfengine, Hyperic set-up. All this monitoring misses something critical though – we’re not actually monitoring that the service does what it should. Yes, it matters whether Apache is installed, the Apache service is running, and you can connect to HTTP but does this actually prove anything about the availability of the service we’re managing and providing for our customers? Nope… We need to demonstrate more than just a check that says the Apache server is up. We need to demonstrate that the service delivered by that infrastructure was available to our customers AND functioning as intended. Enter Behaviour Driven Infrastructure or BDI which applies the principles of Behavioural Driven Development to the management of infrastructure. In this presentation you’ll learn: - How Behaviour Driven Development works - What makes a behavioural test - How to install and use Cucumber to perform BDI - Practical examples of behavioural tests in Cucumber, and - How to integrate BDI into your work flow and your enterprise monitoring and configuration management frameworks.

Behaviour driven infrastructure

Lindsay Holmwood

HA websites are where the rubber meets the road - at 200km/h. Traditional separation of dev and ops just doesn't cut it. Everything is related to everything. Code relies on performant and resilient infrastructure, but highly performant infrastructure will only get a poorly written application so far. Worse still, root cause analysis in HA sites will more often than not identify problems that don't clearly belong to either devs or ops. The two options are collaborate or die. This talk will introduce 3 core principles for improving collaboration between operations and development teams: consistency, repeatability, and visibility. These principles will be investigated with real world case studies and associated technologies audience members can start using now. In particular, there will be a focus on: - fast provisioning of test environments with configuration management - reliable and repeatable automated deployments - application and infrastructure visibility with statistics collection, logging, and visualisation

Burn down the silos! Helping dev and ops gel on high availability websites

Lindsay Holmwood

Writing checks for your monitoring system is boring. You end up writing the same checks again and again, and it can be difficult to verify behavior instead of availability. Wouldn't it be useful to have a standard library of checks you could reuse across your infrastructure? it lets you write reusable behavioral tests in human-readable language.Say hello to cucumber-nagios - it lets you write reusable behavioral tests in human-readable language. As cucumber-nagios output the test results in the Nagios plugin format you can run your checks from any monitoring system that understands the format.

Behaviour Driven Monitoring with cucumber-nagios

Lindsay Holmwood

Flapjack: rethinking monitoring for the cloud

Lindsay Holmwood

Setting up monitoring for web applications can be complicated - tests tend to lack expressiveness, or and quite often they don't even test the right problem in the first place. cucumber-nagios lets a sysadmin write behavioural tests for their web apps in plain English, and outputs the test results in the Nagios plugin format, allowing a sysadmin to be notified by Nagios when their production apps aren't behaving.

Monitoring web application behaviour with cucumber-nagios

Lindsay Holmwood

Your own (little) gem: building an online business with Ruby

Lindsay Holmwood

Deploying Merb

Lindsay Holmwood

More from Lindsay Holmwood (12)

Escalating complexity: DevOps learnings from Air France 447

Islands: Puppet at Bulletproof Networks

Load testing with Blitz

Latency: The Silent Monitoring System Killer

Rump - making Puppetmaster-less Puppet meaty

Behaviour driven infrastructure

Burn down the silos! Helping dev and ops gel on high availability websites

Behaviour Driven Monitoring with cucumber-nagios

Flapjack: rethinking monitoring for the cloud

Monitoring web application behaviour with cucumber-nagios

Your own (little) gem: building an online business with Ruby

Deploying Merb

Recently uploaded

ScyllaDB has the potential to deliver impressive performance and scalability. The better you understand how it works, the more you can squeeze out of it. But before you squeeze, make sure you know what to monitor! Watch our experienced Postgres developer work through monitoring and performance strategies that help him understand what mistakes he’s made moving to NoSQL. And learn with him as our database performance expert offers friendly guidance on how to use monitoring and performance tuning to get his sample Rust application on the right track. This webinar focuses on using monitoring and performance tuning to discover and correct mistakes that commonly occur when developers move from SQL to NoSQL. For example: - Common issues getting up and running with the monitoring stack - Using the CQL optimizations dashboard - Common issues causing high latency in a node - Common issues causing replica imbalance - What a healthy system looks like in terms of memory - Key metrics to keep an eye on This isn’t “Death-by-Powerpoint.” We’ll walk through problems encountered while migrating a real application from Postgres to ScyllaDB – and try to fix them live as well.

Optimizing NoSQL Performance Through Observability

ScyllaDB

Screen flow is a powerful automation tool that is commonly designed for internal and external users. However, what about the guest users? We will dive into various methods of launching screen flows and understand how to make them publicly accessible, extending their usability to a broader audience. The presentation will also cover the implementation of security layers and highlight best practices for a smooth and protected user experience. Discover the potential of screen flows beyond conventional use and learn how to leverage them effectively.

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

CzechDreamin

The standard Salesforce Approval process can be limiting in many ways, especially in complex scenarios. What if there was a way to implement very flexible approvals where one can use Apex code to make data updates in unrelated records, dynamically generate next steps details, and compute assignees on the fly? And still use UI-based configurations to implement concrete approval processes. In this session, we will share ideas behind such a solution and show a few lines of code to get you started.

Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder

CzechDreamin

Key Trends Shaping the Future of Infrastructure.pdf

Cheryl Hung

IESVE for Early Stage Design and Planning

IES VE

I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.

"Impact of front-end architecture on development cost", Viktor Turskyi

Fwdays

Already know how to write a basic SOQL query? Great! But what about an *aggregate* SOQL query? You know, the kind that uses aggregate functions like COUNT & MAX along with GROUP BY and HAVING clauses? No? Well, get ready to learn how to slice & dice your org’s data right inside your own dev console. From finding duplicate records to prototyping summary & matrix reports, learn the ins and outs of aggregate queries during this fast-paced but admin-friendly session on advanced SOQL concepts.

SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...

CzechDreamin

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Product School

This talk focuses on the practical aspects of integrating various telephony systems with Salesforce, drawing on examples from implementations in the Czech scene. It aims to inform attendees about the spectrum of telephony solutions available, from small to large scale, and their compatibility with Salesforce. The presentation will highlight key considerations for selecting a telephony provider that integrates smoothly with Salesforce, including important questions to support the decision-making process. It will also discuss methods for integrating existing telephony systems with Salesforce, aimed at companies contemplating or in the process of adopting this CRM platform. The discussion is designed to provide a straightforward overview of the steps and considerations involved in telephony and Salesforce integration, with an emphasis on functionality, compatibility, and the practical experiences of Czech companies.

Integrating Telephony Systems with Salesforce: Insights and Considerations, B...

CzechDreamin

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

Abida Shariff

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

Intrigued by why some of the world's largest companies (Netflix, Google, Cisco, Twitter, Uber etc) are using gRPC? In this demo based talk we delve into the world of gRPC in .Net, what it does and why we should use it. We compare the interface with both Rest and graphQL. We will show you how to implement grpc server-side in .net and in the web. Finally, I will show you how the tooling helps you deliver powerful interfaces and interact with them quickly and simply.

Demystifying gRPC in .Net by John Staveley

John Staveley

Welcome to UiPath Test Automation using UiPath Test Suite series part 2. In this session, we will cover API test automation along with a web automation demo. Topics covered: Test Automation introduction API Example of API automation Web automation demonstration Speaker Pathrudu Chintakayala, Associate Technical Architect @Yash and UiPath MVP Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

UiPath Test Automation using UiPath Test Suite series, part 2

DianaGray10

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Product School

WSO2CONMay2024OpenSourceConferenceDebrief.pptx

Jennifer Lim

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Product School

You’ve heard good data matters in Machine Learning, but does it matter for Generative AI applications? Corporate data often differs significantly from the general Internet data used to train most foundation models. Join me for a demo on building an open source RAG (Retrieval Augmented Generation) stack using Milvus vector database for Retrieval, LangChain, Llama 3 with Ollama, Ragas RAG Eval, and optional Zilliz cloud, OpenAI.

Introduction to Open Source RAG and RAG Evaluation

Zilliz

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Tobias Schneck

Discover the essentials of performance testing in the IT sector with our concise guide. Learn about various testing types such as load, stress, endurance, spike, scalability, and volume testing. Understand key performance metrics like response time, throughput, CPU and memory utilization, and error rate. Explore top tools like Apache JMeter, LoadRunner, Gatling, Neoload, and BlazeMeter. Gain insights into best practices for defining objectives, creating realistic scenarios, automating tests, and optimizing performance to ensure user satisfaction, reliability, scalability, and cost efficiency. Ideal for developers, QA engineers, and IT professionals. Visit Expeed Software for more information. https://expeed.com/

In-Depth Performance Testing Guide for IT Professionals

Expeed Software

Recently uploaded (20)

Optimizing NoSQL Performance Through Observability

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder

Key Trends Shaping the Future of Infrastructure.pdf

IESVE for Early Stage Design and Planning

"Impact of front-end architecture on development cost", Viktor Turskyi

SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Integrating Telephony Systems with Salesforce: Insights and Considerations, B...

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

Essentials of Automations: Optimizing FME Workflows with Parameters

Demystifying gRPC in .Net by John Staveley

UiPath Test Automation using UiPath Test Suite series, part 2

Designing Great Products: The Power of Design and Leadership by Chief Designe...

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

WSO2CONMay2024OpenSourceConferenceDebrief.pptx

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Introduction to Open Source RAG and RAG Evaluation

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

In-Depth Performance Testing Guide for IT Professionals

AA261: DevOps lessons in collaborative maintenance

1. AA261 DevOps lessons in collaborative maintenance

2. Lindsay Holmwood @auxesis

3. Software Manager @ Bulletproof Networks

5. Trigger warning: death

6. January 31, 2000 Puerto Vallarta

7. Seattle

8. Departed PVR at 13.37 PST

9. Ascended to 31,000ft

10. 2 hours into flight: Jammed horizontal stabiliser

11. No trim control

12. Redirected to LAX

13.

14. Pilots unjammed horizontal stabilisers

15.

16.

17. 2 pilots 3 crew 83 passengers

18.

19.

20.

21.

22. This is a maintenance accident. Alaska Airlines' maintenance and inspection of its horizontal stabilizer activation system was poorly conceived and woefully executed. The failure was compounded by poor oversight... had any of the managers, mechanics, inspectors, supervisors or FAA overseers whose job it was to protect this mechanism done their job conscientiously, this accident cannot happen. -- John J. Goglia, NTSB Board Member

23. hindsight != foresight

24. [hindsight] converts a once vague, unlikely future into an immediate, certain past -- Sidney Dekker

25. This is a maintenance accident. Alaska Airlines' maintenance and inspection of its horizontal stabilizer activation system was poorly conceived and woefully executed. The failure was compounded by poor oversight... had any of the managers, mechanics, inspectors, supervisors or FAA overseers whose job it was to protect this mechanism done their job conscientiously, this accident cannot happen. -- John J. Goglia, NTSB Board Member

26. This is a maintenance accident. Alaska Airlines' maintenance and inspection of its horizontal stabilizer activation system was poorly conceived and woefully executed. The failure was compounded by poor oversight... had any of the managers, mechanics, inspectors, supervisors or FAA overseers whose job it was to protect this mechanism done their job conscientiously, this accident cannot happen. -- John J. Goglia, NTSB Board Member

27.

28. “poorly conceived and woefully executed”

29.

30.

31.

32. DC-9 -> MD-80 -> MD-83

33.

34. Evolutionary product development

35. Appropriated maintenance schedules

36. Jackscrew lubrication interval

37.

38. 1965 every 300-350 hours launch of DC-9 1985 every 700 hours industry deregulation 1987 every 1000 hours industry standardisation 1991 every 1200 hours industry standardisation 1994 every 1600 hours industry standardisation 1996 every 8 months (2550 hours) Alaska Airlines policy change

39. 1965 every 300-350 hours launch of DC-9 1985 every 700 hours industry deregulation 1987 every 1000 hours industry standardisation 1991 every 1200 hours industry standardisation 1994 every 1600 hours industry standardisation 1996 every 8 months (2550 hours) Alaska Airlines policy change

40. 1965 every 300-350 hours launch of DC-9 1985 every 700 hours industry deregulation 1987 every 1000 hours industry standardisation 1991 every 1200 hours industry standardisation 1994 every 1600 hours industry standardisation 1996 every 8 months (2550 hours) Alaska Airlines policy change

41. 1965 every 300-350 hours launch of DC-9 1985 every 700 hours industry deregulation 1987 every 1000 hours industry standardisation 1991 every 1200 hours industry standardisation 1994 every 1600 hours industry standardisation 1996 every 8 months (2550 hours) Alaska Airlines policy change

42. 1965 every 300-350 hours launch of DC-9 1985 every 700 hours industry deregulation 1987 every 1000 hours industry standardisation 1991 every 1200 hours industry standardisation 1994 every 1600 hours industry standardisation 1996 every 8 months (2550 hours) Alaska Airlines policy change

43. 1965 every 300-350 hours launch of DC-9 1985 every 700 hours industry deregulation 1987 every 1000 hours industry standardisation 1991 every 1200 hours industry standardisation 1994 every 1600 hours industry standardisation 1996 every 8 months (2550 hours) Alaska Airlines policy change

44. 1965 every 300-350 hours launch of DC-9 1985 every 700 hours industry deregulation 1987 every 1000 hours industry standardisation 1991 every 1200 hours industry standardisation 1994 every 1600 hours industry standardisation 1996 every 8 months (2550 hours) Alaska Airlines policy change

45. Decrementalism

46. Complex system constraints Jens Rasmussen

47.

48. wo rkl oad

49. wo rkl oad economy

50. wo rkl oad economy saf ety

51.

52. tim e

53. e tim cost

54. ty ali qu cost e tim

55. wo rkl oad economy saf ety

56. wo rkl oad economy saf ety

57. wo rkl oad economy saf ety

58. wo rkl oad economy saf ety

59. wo rkl oad economy saf ety

60. wo rkl oad economy saf ety

61. wo rkl oad economy saf ety

62. wo rkl oad economy saf ety

63. wo rkl oad economy saf ety

64. outside: failure of foresight oad saf rkl ety wo economy

65. outside: failure of foresight oad saf rkl inside: ety trade-oﬀs wo in direction of greater eﬃciency economy

66. trade-oﬀs in direction of greater eﬃciency

67. trade-oﬀs in direction of greater eﬃciency

68. Constraints on knowledge

69. Why would they make bad decisions intentionally?

70. Decisions seemed rational

71. Local rationalisation

72. “people make what they consider to be the best decision based on available knowledge at the time”

73. This is a maintenance accident. Alaska Airlines' maintenance and inspection of its horizontal stabilizer activation system was poorly conceived and woefully executed. The failure was compounded by poor oversight... had any of the managers, mechanics, inspectors, supervisors or FAA overseers whose job it was to protect this mechanism done their job conscientiously, this accident cannot happen. -- John J. Goglia, NTSB Board Member

74. wo rkl oad economy saf ety

75. ty ali qu cost e tim

76.

77. Devops constraints

78. “God, our ops team are arseholes. I just want to deploy this change and go home!”

79. “God, our ops team are arseholes. I just want to deploy this change and go home!” oad saf rkl ety wo economy

80. “God, our ops team are arseholes. I just want to deploy this change and go home!” oad oad saf saf rkl rkl ety ety wo wo economy economy

81. What are the circumstances?

82. Where are the tensions?

83. Have ops been burnt before?

84. Is there deployment friction? Why?

85. Is deployment high-risk?

86. Is deployment time consuming?

87. Is deployment important to the business?

88.

89. “It’s 3am an the pager has gone oﬀ again. Why can’t these devs just write code that works?”

90. “It’s 3am an the pager has gone oﬀ again. Why can’t these devs just write code that works?” oad saf rkl ety wo economy

91. “It’s 3am an the pager has gone oﬀ again. Why can’t these devs just write code that works?” oad oad saf saf rkl rkl ety ety wo wo economy economy

92. [hindsight] converts a once vague, unlikely future into an immediate, certain past -- Sidney Dekker

93. What are the circumstances?

94. Where are the tensions?

95. Why didn’t the dev know the code would fail like this?

96. Why weren’t you involved when the code was written?

97. How is code reviewed?

98. Is the infrastructure anti-fragile?

99. Is the code anti-fragile?

100.

101. Hindsight bias

102. [hindsight] converts a once vague, unlikely future into an immediate, certain past -- Sidney Dekker

103.

104. What are the motivations?

105. “amoral actors”

106. wo rkl oad economy saf ety

107. wo rkl oad economy saf ety

108. “root cause” is simply the point you stop looking -- Sidney Dekker

109. What are the circumstances?

110. Where are the tensions?

111. Thank you!

112. Thank you! Liked the talk? Let @auxesis know!

113. Sidney Dekker [books] Field Guide to Understand Human Error Drift Into Failure Just Culture Dan Manges [blog] How incidents affect infrastructure priorities

AA261: DevOps lessons in collaborative maintenance

Recommended

Recommended

More Related Content

Similar to AA261: DevOps lessons in collaborative maintenance

Similar to AA261: DevOps lessons in collaborative maintenance (11)

More from Lindsay Holmwood

More from Lindsay Holmwood (12)

Recently uploaded

Recently uploaded (20)

AA261: DevOps lessons in collaborative maintenance