On Friday, 3 October 2014 at 16:11:00 UTC, Ola Fosheim Grøstad
wrote:
On Friday, 3 October 2014 at 15:43:59 UTC, Sean Kelly wrote:
My point, and I think Kagamin's as well, is that the entire
plane is a system and the redundant internals are subsystems.
They may not share memory, but they are wired to the same
sensors, servos, displays, etc. Thus the point about shutting
down the entire plane as a result of a small failure is fair.
An airplane is a bad analogy for a regular server. You have
redundant backups everywhere and you are not allowed to take
off at the smallest sign of deviation from normal operation.
That depends on design (logic). Ever heard of this?
http://www.reddit.com/r/programming/comments/1ax0oa/how_kdes_1500_git_repositories_almost_were_lost/
I think Walter forgets that you ensure integrity of a complex
system of servers by utilizing a rock solid proven transaction
database/task-scheduler for handling all critical information.
If that fails, you probably should shut down everything, roll
back to the last backup and reboot.
I agree with Walter wholeheartedly. If I get him correctly he
speaks about distinction between the program logic and input
errors. Not about recovery strategies/decisions.
But you don't shut down a restaurant because the waiter forgets
to write down an order every once in a while, you shut it down
if the kitchen is unsuitable for preparing food. After
sanitizing the kitchen you open the restaurant again. You also
don't fire the sloppy waiter until you have a better waiter at
hand…
Let me play the game of finding analogies ;)
IMO, an exception is more suitable for the analogy with waiter
and dirty kitchen.
A logic error would be a case when you think you are running a
garage but suddenly you noticed your stuff is selling meals and
is wearing chef's uniforms.
Piotrek
