Month: July 2012

How Complex Systems Fail

A very good article. The author provides 18 points about complex systems and fault tolerance. He talks about complex systems in general, but it translates very well to IT systems. Particularly point #8 that “Post-accident attribution accident to a ‘root cause’ is fundamentally wrong.” is very much true. I’ve engaged in this process more times then I care to remember and nearly every time it leads to fighting yesterday’s war. Complex systems also generate their own emergent properties that are hard if not impossible to see; which is a huge contributing factor to massive failures.

http://www.ctlab.org/documents/How%20Complex%20Systems%20Fail.pdf

 

 

Highest level of security

Reading the last dailywtf post brought to mind another old story from my past. I was working for a consulting/VAR company at the time and I’ve had clients ranging from Fortune 500 to small shops with <10 people. This was a really small company with a single “IT guy” that ran everything. Of course problems eventually ensued and we were called in. If I remember correctly, it was a layer 2 loop that took them down. A few hours were spent tracing the spaghetti in the so-called rack which should have given me a hint. After that I proceeded to the assessment of their networks & systems and after a little while I noticed that there were no firewalls or any kind of security on the servers themselves. They were all on public IPs and wide open to the world.  I brought it up with the resident IT expert and asked him if he wasn’t worried about security. He answered that it’s all just a big waste of money and they are perfectly safe since he watches the servers all the time.  I thought I found a great retort and asked what happens at night or when he is not there. His reply was an instant classic. He said that he simply turns everything off when he leaves. There wasn’t much else I could say. You can’t get more secure then that.