18 Dec 2005 ncm   » (Master)

I am told that it is much less obvious that it seems to me that the only way to get reliable failure recovery is to have the failure-recovery code exercised routinely as part of the normal operation of the system. Example: A friend worked on high-availability AIX clusters, and they had only one response to any problem: reboot the machine involved. It would be hard to have done any testing without exercising the boot sequence, sometime or other, so you know the failure recovery mechanism works. (If the time spent rebooting interferes with throughput, make it fail less often; failure recovery's no substitute for engineering!)

If the response to any unexpected problem in your interactive program is to abort instantly ("no shriving time allow'd"), a log can ensure users never lose anything. If the log is also your auto-save mechanism and your undo/redo mechanism, then reliable crash recovery is both free (because you needed auto-save anyhow) and heavily exercised (because people use undo/redo routinely). As a bonus, it makes test scripting and reproducing bugs easy. Using mmap(), big images and clipboard contents needn't be fsync()ed to the log before "risky" operations, because the OS will sync the pages out by itself if the process up-and-dies. (The OS is better at cleaning up than you are.) That makes auto-save happen continuously, in background, without threads or worse complications. You only need to ensure the log pages always say something sensible.

Monotone-0.24 is out.

Cranky observation of the day: Venus radiates back to space twice the energy it receives from the sun. The temperature is about the same everywhere on the planet, dayside and nightside, tropics and poles, even though its day is 243 of our days long. Its ionosphere rotates in four days -- in the opposite direction -- despite lack of coriolis forces or any other conventional motor. It's considered impolite to ask planetary scientists why all this happens, just as it is to ask an astrophysicist how a quasar (supposedly among the most distant and oldest visible objects in the universe) comes to be physically in front of the opaque nearby galaxy NGC 7319.

mchirico: For C++ books, I'm much more inclined to recommend Vandevoorde & Josuttis, "C++ Templates" and Abrahams & Gurtovoy, "C++ Template Metaprogramming". Most writers about C++ who started out in the '90s dwell on virtual functions and "O-O gook" (as Stepanov calls it) far beyond their actual usefulness. When it's all you have (as in Java, or, about equivalently, C++ circa 1990), you have little choice, but hey! it's almost 2006.

fxn: Why limit it to IT people? "People wearing suits cannot be trusted" is shorter, much more widely applicable, and equally correct as "IT people wearing suits cannot be trusted". Maybe it's like the expression, "Apricots are almost God!", which means the same as "Apricots are God!", but gets an easier reception. (Substitute other stone-fruit according to preference.)

[Update] titus: Deep, abiding thanks for those links in your last diary entry.

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!