Revisiting the Aviation Safety vs. Networking discussion
michael at rancid.berkeley.edu
Mon Dec 28 13:38:37 CST 2009
On 12/25/09 7:57 AM, Anton Kapela wrote:
> What I'm getting at is that after following this thread for a while,
> I'm not convinced any amount of process-borrowing is going to solve
> problems better, faster, or even avoid them in the first place. At
> best, our craft is 1/3rd as "old" (if that's somehow I measure of
> maturity) as flight and nobody is being sued to settle 200+ accidental
> deaths because of our mistakes.
So, we're supposed to make the mistakes of aviation, nuclear power, the
chemical industry (i.e. Bhopal), oil production & refining, etc., all
Checklists and MOPs are but one of the things we ignore from other
industries. Some others:
o Increasing complexity and tight coupling lead to systemic failures.
Simply grafting redundancy onto complex systems can make them less, not
more, reliable. Yet this is the trend in networking. "Want bells and
whistles, firewalls, load-balancers, rate-limiters in your network? You
can have 'em without sacrificing reliability if you just buy two of 'em!"
o The gradual acceptance of components or procedures that have adequate
reliability for a certain task (say, research) that are not reliable
enough for another task (e.g. being a critical part of a 1,000 megawatt
nuclear power plant) without understanding the implications. Do we know
how our technology is being used and will be used? Will the people
adopting IP for everything (the "smart grid," VoIP, life-supporting
functions) fail to see these implications just as the people who shoved
a fissile core into a pressure vessel did?
This last point directly contradicts the theme of your message. The
notion that what we do is not (yet) a matter of life-or-death has bitten
other industries in the past and it provides a nice illustration of why
we should *not* be ignoring their lessons.
More information about the NANOG