Minimalist Architecture

discipline banner.gif (11841 bytes)

Columns

i. Architecture Teams

ii. Architectural Requirements

iii. Minimalist Architecture

Related White Papers

i. Software Architecture (.pdf)

ii. Visual Architecting Process (.pdf)

For more on Architecture Action Guides see

i. Downloads

ii. Action Guide book draft

iii. Software Architecture Workshop

For more on Architecting see

Architecting Process

Project Wipe-out: Big Failures

Architects help manage risk. We learn from mistakes, so the best mistakes to learn from are someone else's! Here are some big failures to learn from.

System faults and failures--some examples that made the news

World's Worst Oil Spills infographic, June 8, 2010 and Jumping the Walrus: When Risk Management Goes Bad, Robert Charette, July 2, 2010 and BP's Safety Record, Jun 9, 2010

Apple Speaks on the Matter of the "Death Grip," July 2, 2010 and The New iPhone's Other Performance Problem, July 2, 2010 and Apple Says iPhone 4 Reception Mystery Is Solved! AT&T's Signal Was Never Really There! by Kit Eaton, FastCompany, Jul 2, 2010 and Apple Promises Free Bumpers, July 16, 2010

Microsoft Pulls Plug on Kin Phones, June 30, 2010

Virgin Blue's Brand New Airline Reservation & Ticketing System Crashes, June 18, 2010

The Size Of Toyota’s Problem Moves Toward $10 Billion, February 17, 2010,
Wozniak cites 'scary' Prius acceleration problem, February 1, 2010,

Haven't found that software glitch, Toyota? Keep trying, March 2010

TurboTax Software Slows Just as the Big Deadline Nears, April 23, 2010

Intuit Finally Recovers From Maintenance Error Caused By Power Outage, June 17, 2010

Twitter architect gets hit by the blame-bus: Bug or architectural flaw? smoothspan blog, April 23, 2008,
Some thoughts on Twitter's availability problems, Dare Obasanjo, May 22, 2008

System health monitoring misfires at Amazon: Fixing the root cause of Amazon's S3 outage, smoothspan blog, July 27, 2008

LAX IT failure: Leaps of Faith Don't Work and NIC Card Soup Gives LAX A Tummy-Ache, Aug 17, 2007

Sainsbury's ongoing saga:
- How Sainsbury's Transformed Its Supply Chain, Supply Chain Management Review, May 7, 2004.
- "Last October, for instance, the giant British food retailer J Sainsbury PLC had to write off its US $526 million investment in an automated supply-chain management system. It seems that merchandise was stuck in the company's depots and warehouses and was not getting through to many of its stores. Sainsbury was forced to hire about 3000 additional clerks to stock its shelves manually." Why Software Fails, Robert N. Charette, IEEE Spectrum, September 2005.
- Sainsbury's strategy begins to deliver, Guardian Unlimited, Julia Finch, Thursday March 10, 2005.

Software and systems project failure:

Standish Group's Chaos Report
Standish: Project Success Rates Improved Over 10 Years, SoftwareMag.com, Jan 15, 2004.
Imagination, process failures doom software projects, by David Worthington, November 2, 2009
Why projects fail? It's all the business' fault, Matt Deacon
Failure of imagination, wikipedia
Software Project Failure: The Reasons, The Costs, Carmine Mangione
Software Hall of Shame, Robert N. Charette, IEEE Spectrum, September 2005.
Failure Rate, summarizing statistics on IT project failures, by IT Cortex.
Failure Examples, collected by IT Cortex.
Kmart: Code Blue by David F. Carr and Edward Cone, Baseline, November/December 2001.
McDonald's: McBusted by Larry Barrett and Sean Gallagher, Baseline, July 2, 2003.
Oops! Ford and Oracle mega-software project crumbles by Patricia Keefe, ADTMag, November 11, 2004.
FBI: Who Killed the Virtual Case File?, IEEE Spectrum, September 2005.

Software system failure:

Who Needs Hackers, John Schwartz, The New York Times -- recommended!
Top 25 programming errors in software security, Ellen Messmer
Why Software Fails, Robert Charette
Big IT Projects Fail Worldwide, podcast by Robert Charette
System Resonance and the Stock Market, Grady Booch
Intermittent Behavior and Intermittent Behavior Revisited, Grady Booch
Television for Software Engineers, Dan Prichett
The RISKS Digest: ACM Forum on Risks to the Public in Computers and Related Systems. Volume 24, Issue 29, May 26, 2006.
History's Worst Software Bugs, Simson Garfinkel, Wired, November 08, 2005.
Software Horror Stories, Nachum Deshowitz, Tel Aviv University
Software failure cited in August blackout investigation, Computerworld, November 20, 2004.
Oxford Health Plans Case Study, Robert N. Charette, IEEE Spectrum, September 2005.
Teched-out Cars Bug Drivers, by Julia Sheers, Wired, June 29, 2004.
Glitch in iTunes deletes drives, by Farhad Manjoo, Wired, November 05, 2001.

Classic examples of system failures

Personal observations on the reliability of the Shuttle, by R.P. Feynman, and ☼video of Feynman doing the famous o ring demo
Patriot missile defense system failure

Bugs, Slugs and Work-arounds

The Daily WTF: Curious Perversions in Information Technology

Learning from failure:

Learning from Software Failure, IEEE Spectrum, September 2005.
Why Software Fails, Robert N. Charette, IEEE Spectrum, September 2005.
Failure Causes, summarizing statistics on causes of IT project failures, by IT Cortex.
To Engineer is Human: The Role of Failure in Successful Design, by Henry Petroski, 1992.
Success through Failure: The Paradox of Design, by Henry Petroski, Princeton University Press, 2006.
Fail Early, Fail Often, Jeff Atwood, May 1, 2006

Research papers

Medical Devices: D.R. Wallace, D.R. Kuhn, Failure Modes in Medical Device Software: an Analysis of 15 Years of Recall Data, International Journal of Reliability, Quality, and Safety Engineering, Vol. 8, No. 4, 2001.

Medical Devices: Robert Wears, and Richard Cook, Automation, Interaction, Complexity and Failure

NASA database: D.R. Kuhn, D.R. Wallace, A.J. Gallo, Jr., Software Fault Interactions and Implications for Software Testing, IEEE Trans. on Software Engineering, vol. 30, no. 6, June, 2004.

Learning from failure

Success Through Failure: The Paradox of Design by Henry Petroski Princeton University Press: 2006. Here is an overview.
Learning from failure, Dean Takahashi
Learning from failure, Steven Cass
Understanding Failure by Examining Success, Robert Charette

Funny fail

From Ruth Malan's Journal

Shatner on Failure
Failures of Imagination and Process
Architect as Design Authority
Inherit the Wind
The Cost of Quality
Feynman's analysis (Personal observations on the reliability of the Shuttle) also demonstrates that in addition to looking for the areas of attentional deficit, we need to look at the areas where there is a lot of defensive over-rationalizing. At any rate, that is key to the architect's process--looking for make-or-break, the project sinkers (what lies below the waterline on the iceberg), all the while keeping an eye on what we need to do to make the system great. Because great buys us leeway on other areas where we only need to be good enough. -- Ruth Malan, 1/6/10 Architecture and Life
Update on Failed Projects and Project Wipe-Out
Failures of Imagination, or just Optimism
Risks and Consequences ... and Checklists

By analogy

Why We Fall Apart, Leonid Gavrilov and Natalia Gavrilova, September 2004
Famous failures of complex engineering systems

What to do

Steve McConnell's "Classic Mistakes Enumerated" is a well-researched treatise on mistakes to avoid on software projects.
2010 CWE/SANS Top 25 Most Dangerous Software Errors -- recommended!
Common Weakness Enumeration
Assessing the Odds of Catastrophe; see also unknown unkown, wikipedia; see also Dilbert 6/26/10
The Rugged Software Manifesto. See also: 'Rugged Manifesto' promotes secure coding NetworkWorld, 2/28/10, and The Rugged Software Manifesto, Vikas Hazrati, InfoQ, June 22, 2010
Architecture Reviews, Grady Booch, ♫IEEE Software on architecture #25, July 2010

Gems and Keepers

The most precious gem found on this mining expedition:

"...a club that began in 1945 when engineers found a moth in Panel F, Relay #70 of the Harvard Mark II system.The computer was running a test of its multiplier and adder when the engineers noticed something was wrong. The moth was trapped, removed and taped into the computer's logbook with the words: 'first actual case of a bug being found.'" from History's Worst Software Bugs, Simson Garfinkel, Wired, Nov 08, 2005.

I might keep this one around for when my kids are teenagers:

"Good judgment comes from experience, and experience comes from bad judgment." Barry LePatner

And this is a good one for a chuckle in workshops:

"None of us is as dumb as all of us." Jeff Atwood

These are neat too:

"The nicest thing about not planning is that failure comes as a complete surprise and is not preceded by a period of worry and depression." - Sir John Harvey-Jones

"Not only are a system’s desired operating modes influenced by its architecture, but so are some of its failure modes. Thus an architecture that permits only one path between elements may fail if a leg of any path breaks. All of a tree below a broken node is isolated from the rest of the tree."

-- Edward Crawley, Olivier de Weck, Steven Eppinger, Christopher Magee, Joel Moses, Warren Seering, Joel Schindall, David Wallace and Daniel Whitney, "The Influence of Architecture in Engineering Systems,"
MIT esd, March 2004

"Success breeds complacency. Complacency breeds failure. Only the paranoid survive." -- Andrew Grove

“If automobiles had followed the same development cycle as the computer, a Rolls-Royce would today cost $100, get a million miles per gallon, and explode once a year, killing everyone inside” -- Robert Cringely

Editorial Comment on Software System Failures

These horror stories (I can't let them enter my mind when I'm driving my car!), neglect several points of note:

software is everywhere, and most of the time, we don't even notice it. That means it is doing its job well—most of the time.
small software failures do not make the news. They may add up to big losses for our economy and for our businesses, but they are under the radar.

Even when these failures cost nothing more than hours, it is a big drain on productivity, and a high stress burden. The gain is high. The pain is sporadic, and usually hits below our pain-versus-gain tolerance threshold and we grumble, but put up with it.

Still, ignoring the pain is not a very resourceful way to approach our future health!

Software development is a complex, human endeavor. Even the very smartest, best people make mistakes. It is a hard truth, but bugs are hard to eliminate—entirely. Some of the approach to bug control is architectural:

reduce complexity: separation of concerns, partitioning the problem, encapsulation, ...
bug elimination: use proven parts where available; insist parts come with test suites and bug reports; design tests for the interactions among parts; ...
bug damage control: identify failure modes and failure consequences and create strategies to reduce or at least contain damage. We're getting better at doing this for security. We need to do it with all kinds of failure modes. We need to explore scenarios like "what happens if the Web server goes down?" so we don't have this situation: "One day, one of the credit bureaus' Web servers went down for hours. When Lydian Trust's 'get credit' service tried to make the call, there was no answer. Because the connection to the server was loosely linked, the system didn't know what to do. 'Get credit' hadn't been built to make more than one call. So while it waited for a response, hundreds of loan applications stalled." (Koch, Christopher, "A New Blueprint For The Enterprise," CIO Magazine, May 1, 2005.)

And some of the approach to bug control is through process (as poisonous as that might be to some):

have another pair of eyes help detect bugs (e.g., pair programming in XP, design and code reviews, etc.)
start testing before any code is written, and test every day from then on!

And some of the approach to bug control is through management discipline:

set realistic schedules and don't overestimate what can be done
set realistic expectations (up and down the organization)
don't press to move to the next iteration (feature, storyline, etc.) if quality is already slipping; call a holt to decide on the severity of the situation and approach to moving forward. Eric Sink's (Why we all sell code with bugs) approach to the fix-and-delay versus release-and-face-the-music decision is pragmatic. But we need to have less of those bugs to decide upon! Because if there are bugs we know about, how many more are lurking behind the cladding?

References

Garfinkel, Simson, "History's Worst Software Bugs," Wired, Nov 08, 2005
Jackson, Daniel, "Dependable Software by Design," Scientific American, May 22, 2006. http://www.scientificamerican.com/print_version.cfm?articleID=00020D04-CFD8-146C-8D8D83414B7F0000
Koch, Christopher, "A New Blueprint For The Enterprise," CIO Magazine, May 1, 2005.

Restrictions on use: All material that is copyrighted Bredemeyer Consulting and published on this page and other pages of our site, may be downloaded and printed for personal use. If you wish to quote or paraphrase fragments of our work in another publication or web site, please properly acknowledge us as the source, with appropriate reference to the article or web page used. If you wish to republish any of our work, in any medium, you must get written permission from the lead author. Also, any commercial use must be authorized in writing by Bredemeyer Consulting.

Copyright © 2006 Bredemeyer Consulting
URL: http://www.bredemeyer.com
Page Author: Ruth Malan
Page Created: June 2, 2006
Last Modified: June 5, 2006