[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ??? (was RE: A simple guy with a simple problem)
- From: John Cowan <firstname.lastname@example.org>
- To: Tim Bray <email@example.com>
- Date: Thu, 15 Mar 2001 08:25:11 -0500 (EST)
Tim Bray scripsit:
> >30 seconds of downtime per year???
> >Presumably you write in assembly language
> Bad, fragile software engineering practice
In general, yes. But are you willing to bet lives that
there won't be a bug somewhere in the compiler or support
libraries that surfaces one fine day? Remember, if
it takes you an hour to find it, that's your whole
downtime available until 2121.
> >on the bare metal of mil-spec
> in the computing space, typically less robust & reliable than
> commercial off the shelf stuff with redundancy
Maybe true by now, "milspec" probably doesn't mean what it
once did. But consider how long you have to recover from
Multistate power outages happen about every 30 years.
You have 15 minutes to recover from them, assuming no other
Catastrophic fires, the kind that leave a city mostly ruined,
happen about every 100 years in the U.S., more often
elsewhere. You have less than an hour to reroute all
communications through a network jammed with emergency
operations and people trying to find out about their
friends and relations.
Catastrophic wars, the kind that leave your essential
support personnel dead (or in the army and unavailable),
happen every 50-100 years. You have less than an hour
to relocate all operations to an unaffected country,
assuming you can find one.
You don't catch me promising 30 sec/yr downtime for
> Depending on well-debugged existing code/gear is one of the
> the best practices in achieving high reliability. -T
High reliability, yes. Extremely high reliability, the kind
we are talking about here, no.
John Cowan firstname.lastname@example.org
One art/there is/no less/no more/All things/to do/with sparks/galore