Re: Issues with Gmail

[Michael Thomas <mike () mtcc com>]

On 09/02/2009 11:20 AM, joel jaeggli wrote:
> Long before we has widespread commercial internet, we still had to have the backup plan for when the single highly 
> fault tollerant entitity on which we were dependant on for a particular service went out.
>
> Sometimes, that plan is wait for restoration, whether it was because the bell systems got a bit melty on the long 
> distance,  or because your regional utility managed to melt down the power grid taking out both substations providing 
> diverse feeds.
>
> Systemic but temporarly localized failured has existed as long as the weather. One can move the failure around but I think I 
> can confidently assert that we'll never entirely eleminate it.

Right, but a cascading failure now with the internet is liable to be far more
serious than back in the good old days. The electrical grid is probably an
example of a system with relatively low resilience, but once it goes onto the
net its resilience is vastly lessened. So we're making this grand engineering
and economic trade off of less resilience for better interconnection. Which has
a tendency to be a great trade off when things are going right, and a terrible one
when things are going wrong :)

I've always wondered what is going to happen when we have our first catastrophic
cascading failure ala the blackout of 1965 or something similar but with the net
instead. The real miracle of the net is that we _haven't_ had such a thing yet,
but it really is only a matter of time unless somebody's willing to stand up and
say that such things have been safely engineered away :)

Mike

> Michael Thomas<mike () mtcc com>  wrote:
>
> > On 09/02/2009 10:33 AM, Robert Mathews (OSIA) wrote:
> > > On Wed, Sep 2, 2009 at 5:05 AM, Randy Bush<randy () psg com>   wrote:
> > > > [....] the internet is a wonderful
> > > > demonstration of building a reliable network out of reliable components.
> > > >
> > > > but what we have with google mail (and apps) is two scary problems
> > > >
> > > > o way too many users relying on a single point of failure. so it
> > > > makes the nyt when it breaks because of the number of users
> > > > affected, and
> > >
> > > I choose to not assume to "what/which single point of failure" this
> > > reference by Randy applies.   However, we can take confidence in the
> > > fact that Google's Gmail service architecture is distributed; not to be
> > > interpreted of course, as suggesting that within the distribution, there
> > > isn't a single point of failure.   Perhaps, from a network operations
> > > point of view, the point needs elaboration.
> >
> > I think that Randy might be conflating single point of failure with
> > "resilience". Google, distributed on every level as it is, is still
> > just one operator and in this case the lemmings faithfully followed
> > each other into the sea. We've been on an anti-resilience binge for
> > quite some time, accelerated to warp speed by the advent of the
> > Internet itself. There's something to be said about not having all of your
> > police scanners, etc, etc on the internet from a resilience
> > standpoint, but the siren call is strong for good reasons too.
> >
> > Mike