General

SRE Weekly Issue #30

lex

July 10, 2016

General

Comments

View on sreweekly.com

Articles

HumanOps

How did I not know about HumanOps before now?? Their site is great, as is their manifesto. A large part of what I do at $JOB is to study and improve the human aspects of operations.

The wellbeing of human operators impacts the reliability of systems.

Unfucking Your Oncall Culture (slides)

Slides from Charity Majors’s talk at HumanOps. Some choice tidbits in there, and I can’t wait until they post the audio.

DevOps On-Call: How we Handle our Schedules

Here’s a description of how Server Density handles their on-call duties. They use a hybrid approach with some alerts going to devs and some handled by a dedicated ops team. This idea is really intriguing to me:

After an out-of-hours alert the responder gets the following 24 hours off from on-call. This helps with the social/health implications of being woken up multiple nights in a row.

Product Integration Testing at the Speed of Netflix

This article is written by Netflix’s integration testing team, which is obviously not their SRE team. Nevertheless, integration testing at Netflix is important to ensure that new features start out working reliably and stay working after they’re out.

De-risking NFV: Pitfalls to Avoid and How to Get Past Them

The pitfall discussed in this article is a lack of packet-level visibility that hampers operators’ ability to quickly diagnose network issues. The article starts by outlining the issue then discusses methods of mitigating it including Tap As a Service.

Response to network outages needs to get smarter

This article makes the case for out of band management (OOBM) tools in responding to network issues. It’s good review, especially for those that have experience primarily or solely with cloud infrastructure.

Distributed Apps, Microservices, and the Shift Away from Root Cause Analysis

Now there’s an inflammatory article title — it reeks of the NoOps debate. I would argue that a microservice architecture makes an RCA just as necessary if not more so.

How DevOps Failed 60K Users

Former Slideshare engineer Sylvain Kalache shares this war-story about DevOps gone awry. I’d say there’s a third takeaway not listed in the article: DevOps need not mean full access to the entire infrastructure for everyone.

Outages

Bankwest
Seacom
Verizon
Spark (New Zealand telecom)
npm
- NPM had an 8+ hour outage that left many build system providers such as Travis, CircleCI, and Heroku and individual users scrambling. Their postmortem indicates that a major end-of-day deploy the day before was to blame. Conversation in a related github issue suggests a monitoring gap and a lack of overnight on-call coverage for complex outages such as this one.
  
  Full disclosure: Heroku, my employer, is mentioned.
WhatsApp
- This article alleges that the government of Zimbabwe cut access to WhatsApp to disrupt anti-government protests.
Etsy
Pokemon Go
- Seems like approximately the entire internet is talking about this.
Tinder
Claro (Dominican Republic telecom
ReachNow (car sharing service)
- BMW is offering customers a $10 credit.
Orange Poland (telecom)
Pingdom
- Pingdom had a series of outages in its API and UI this week. As a result, they are planning to create a status site after previously relying on Twitter to notify customers of outages.

SRE Weekly Issue #29

lex

July 3, 2016

General

Comments

View on sreweekly.com

Articles

DevOps vs SRE: delayed coverage of the dumbest war – charity.wtf

I can’t summarize this awesome article well enough, so I’m just going to quote Charity a bunch:

the outcomes associated with operations (reliability, scalability, operability) are the responsibility of *everyone* from support to CEO.

if you have a candidate come in and they’re a jerk to your office manager or your cleaning person, don’t fucking hire that person because having jerks on your team is an operational risk

If you try and just apply Google SRE principles to your own org according to their prescriptive model, you’re gonna be in for a really, really bad time.

March Outages post-mortem

Traffic spikes can be incredibly difficult to handle, foreseen or not. Packagecloud.io details its efforts to survive a daily spike of 600% of normal traffic in March.

New high availability checklist now available | Azure

This checklist is aimed toward deployment on Azure, but a lot of the items could be generalized and applied to infrastructures deployed elsewhere.

Emails reveal months of missteps leading up to Tennessee’s disastrous online testing debut

In-depth detail surrounding the multiple failures of TNReady mentioned earlier this year (issues #10 and #20).

The Two Sides to Google Infrastructure for Everyone Else

A two-sided debate, both sides of which are Gareth Rushgrove (maintainer of the excellent Devops Weekly). Should we try to adopt Google’s way of doing things in our own infrastructures? For example, error budgets:

What if you’re operating an air traffic control system or a nuclear power station? Your goal is probably closer to zero outages

Outages

Telstra
- Another announcement that they’re dedicating more money to outages, and another subsequent outage. Telstra’s CEO says that the number of outages has not actually increased.
Google Compute Engine
- Click through for the full postmortem.
  
  On Wednesday 29 June 2016, newly created Google Compute Engine instances and newly created network load balancers in all zones were partially unreachable for a duration of 106 minutes.
Virgin Mobile
Google Calendar
Snapchat
Idea (mobile telecom)
Microsoft Office 365
Comcast (Boston, MA, US)

SRE Weekly Issue #28

lex

June 26, 2016

General

Comments

A more packed issue this week to make up for missing last week. This issue is coming to you from beautiful Cape Cod, where my family and I are vacationing for the week.

View on sreweekly.com

Articles

Postmortem-Report-Reviews/2016-04-14-lexelby-Google-Compute-Engine-2016-04-11.md

In April, Google Compute Engine suffered a major outage that was reported here. I wrote up this review for the Operations Incident Board’s Postmortem Report Reviews project.

The Netflix Tech Blog: Netflix Billing Migration to AWS

Migration of a service without downtime can be an incredibly challenging engineering feat. Netflix details their effort to migrate their billing system complete with its rens of terabytes of RDBMS data into EC2.

Our primary goal was to define a secure, resilient and granular path for migration to the Cloud, without impacting the member experience.

How Ransomware Changes Backup and Disaster Recovery

Ransomware is designed to really ruin your day. It not only corrupts your in-house data; it also tries to encrypt your backup. Even if it’s off-site. Does your backup/recovery strategy stand up to this kind of failure?

Making the Case for Real-Time Incident Management: Downtime Data and DevOps

VictorOps gives us this shiny, number-filled PDF that you can use as ammunition to convince execs that downtime really matters.

DevOps Students Learn the Value of Uptime With 3 a.m. Calls

Students of Holberton School‘s full-stack engineer curriculum are on-call and actually get paged in the middle of the night. Nifty idea. Why should training in on-call only be on-the-job?

Safety Moment – Rumble Strips

I think the rumble strip is a near-perfect safeguard.

That’s Pre-Accident Podcast’s Todd Conklin on rumble strips, the warning tracks on the sides of highways. This short (4-minute) podcast asks the question, can we apply the principles behind rumble strips in our infrastructures?

FCC Adopts Rules to Promote Reliable Submarine Cable Communications Infrastructure

The FCC adds undersea cable operators to the list of mandatory reporters to the NORS (Network Outage Reporting System). But companies such as AT&T claim that the reporting will be of limited value, since outages that have no end-user impact (due to redundant underseas links) must still be reported.

Updated high availability and disaster recovery app design guidance

Microsoft updated its article on designing highly available apps using Azure. These kinds of articles are important. In theory, no one ought to go down just because one EC2 or Azure region goes down.

Reducing Alert Noise

SignalFX published this four-part series on avoiding spurious alerts in metric-based monitoring systems. The tutorial bits are specific to SignalFX, but the general principles could be applied to any metric-based alerting system.

Thanks to Aneel at SignalFX for this one.

Outages

Baltimore, MD, USA 911 (emergency services)
- Verizon blames a routing error.
HBO NOW
- HBO Now’s stream of Game of Thrones sputtered and died just as the most anticipated episode of the season spooled up.
Bitfinex (Bitcoin exchange)
- The outage purportedly resulted in a Bitcoin price dip.
Telia (transit provider)
- This one was big. The Register reports in this article that Telia mistakenly routed Europe’s traffic to Hong Kong. Many services and providers were impacted including CloudFlare, Slack, and AWS’s eu-west-1 region.
Blizzard
LinkedIn
- Just two days after the Microsoft acquisition.
Verizon (Florida, USA)
Youtube
Spotify
PlayStation Network
Asos.com
Twitter (India)
US Air Force Inspector General’s database
- Thanks to Niall for this one.

SRE Weekly Issue #27

lex

June 13, 2016

General

Comments

View on sreweekly.com

Sorry I’m a tad late this week!

If you only have time to read one long article, I highly recommend this first one.

Articles

How Technology Led a Hospital To Give a Patient 38 Times His Dosage

This fascinating series delves deeply into the cascade of failures leading up to the nearly fatal overdose of a pediatric patient hospitalized for a routine colonoscopy. It’s a five-article series, and it’s well worth every minute you’ll spend reading it. Human error, interface design, misplaced trust in automation, learning from aviation; it’s all here in abundance and depth.

WTF is operations? #serverless

In this second part of a two part series (featured here last week), Charity Majors delves into what operations means as we move toward a “serverless” infrastructure.

If you chose a provider, you do not get to just point your finger at them in the post mortem and say it’s their fault. You chose them, it’s on you.

CenturyLink Targets ‘Six Nines’ Reliability | Light Reading

Interesting, though I have to say I’m a bit skeptical when I hear someone target six nines. Especially when they say this:

Redefining five nines is redefining them to go up to six nines,” said James Feger, CenturyLink’s vice president of network strategy and development […]

PAPod 73 – An Over-Emphasis on Prevention?

The Pre-Accident Podcast reminds us that incident response is just as important as incident prevention.

The Future of Incident Notification in the Modern Enterprise

As automated remediation increases, the problems that actually hit our pagers become more complex and higher-level. This opinion piece from PagerDuty explores that trend and where it’s leading us.

The major lesson IT can learn from Netflix’s high availability testing methodology

A high-level overview of the difference between HA and DR and Netflix’s HA testing tool, Chaos Monkey.

Outages

Fastly
- I noticed this one when it got in the way of my work.
Slack
The Pirate Bay
Telstra
eBay
SaskTel (Canada telecom)
34SP.com
Lending Club
Acunetix
- An opportunistic blackhat photoshopped a screenshot of the downed site, making it appear that they had breached its security.
EU referendum poll voter registration (UK)
Amazon EC2 and EBS (Sydney, AU)
- A major outage in one availability zone took down many sites and services in Australia. Amazon quickly released this detailed post-analysis. TL;DR: an extended utility voltage sag didn’t cause isolation breakers to trip, and the flywheel UPSes then quickly dumped all of their energy into the power grid.

SRE Weekly Issue #26

lex

June 5, 2016

General

Comments

View on sreweekly.com

Articles

Operational Best Practices #serverless – charity.wtf

Here’s Charity Majors being awesome as always. There’s a reason this article is first this week. In this part one of two articles, Charity recaps her recent talk at serverlessconf in which she argues that you can never get away from operations, no matter how “serverless” you go.

[…] no matter how pretty the abstractions are, you’re still dealing with dusty old concepts like “persistent state” and “queries” and “unavailability” and so forth […]

I’m still laughing about #NoDevs. Thought-leadering through trolling FTW.

Making Facebook Self-Healing

This is an older article (2011), but it’s still well worth reading. Facebook began automating remediation of standard hardware failure, and then they reinvested the time saved into improving the automation.

Today, the FBAR service is run by two full time engineers, but according to the most recent metrics, it’s doing the work of 200 full fine system administrators.

Autoscaling on Complex Telemetry

A system that doesn’t auto-scale to meet demand can be unreliable in the face of demand spikes. But auto-scaling adds complexity to a system, and increasing complexity can also decrease reliability. This article outlines a method to attempt to reason about auto-scaling based on multiple metrics. Bonus TIL: Erlang threads busy-wait for work.

You deleted the customer what, now? Human error – deal with it

A run-down of basic techniques for avoiding and dealing with human error. I like this article for a couple of choice quotes, such as: “human error scales up” — as your infrastructure grows bigger, the scope of potential damage from a single error also grows bigger.

Simplicity: A Prerequisite for Reliability

The latest in Mathias Lafeldt’s Production Ready series is this article about complexity.

The more complex a system, the more difficult it is to build a mental model of the system, and the harder it becomes to operate and debug it.

Outages

J.F.K International Airport (New York)
Epyx 1link
Mailgun
- Mailgun had a series of outages in May, and they’ve released this postmortem.
PlayStation Network
Apple
Amazon.com search
TeamViewer
- Rampant rumors circulated suggesting that the outage was a security breach and that many users’ computers had been hijacked. TeamViewer denies this and states that it was a DoS attack.
Cricket Wireless (US telecom)
Amazon Web Services (Sydney, AU)
- The outage took many Australian services down with it.

← Older Posts

Newer Posts →

General

SRE Weekly Issue #30

Articles

Outages

SRE Weekly Issue #29

Articles

Outages

SRE Weekly Issue #28

Articles

Outages

SRE Weekly Issue #27

Articles

Outages

SRE Weekly Issue #26

Articles

Outages

Subscribe

RSS

Mastodon

Search Issues