On Thursday 29 January 2009 02:29:05 am Toby Murray wrote: > On Thu, 2009-01-29 at 00:02 -0700, Shawn Willden wrote: > > Of course, you're still left with estimating the probability that > > Brian goes berserk in the machine room, and I don't know how you do that, > > but assuming you can come up with a reasonable number, the math can > > factor it in, correctly. > > What about the more realistic and estimable probability that there is a > fire in the machine room or other such event (flooding etc.) that causes a > similar failure?
Yep, those, too. Those sorts of failures are actually easier to get a handle on, by looking at the number of similar data centers that have suffered some sort of catastrophic failures. You can even factor in geography-specific factors like hurricanes, tornadoes, earthquakes, etc. All of this is non-trivial and as you accumulate more and more guesses you start to get into a GIGO situation. However, since what you want to find is a lower bound on reliability, you can estimate pessimistically so that most error goes in the direction of showing lower-than-practical reality. My paper (lossmodel.pdf at http://tinyurl.com/bbuhal) includes a simplistic and contrived example of incorporating multiple sorts of failure modes, some group and some individual. Section 2.5. Shawn. _______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
