Chaos Monkey Released Into the Wild 76
Quince alPillan writes "Netflix revealed today that they've released Chaos Monkey, an open source Amazon Web Service testing tool that will randomly turn off instances in Auto Scaling Groups. 'We have found that the best defense against major unexpected failures is to fail often. By frequently causing failures, we force our services to be built in a way that is more resilient. We are excited to make a long-awaited announcement today that will help others who embrace this approach. ...source code for the founding member of the Simian Army, Chaos Monkey, is available to the community.'"
Into the wild? (Score:5, Informative)
And by "into the wild", they mean they're now letting it run on other people's sites.
Re:Into the wild? (Score:5, Funny)
This is why we don't let you write headlines.
Re: (Score:1)
I think the concept is good. That if the desire is to withstand failures of unforeseen natures, then test with random failures and observe how the software reacts to it.
In practice, it will likely get you fired in a production environment, but I still think the idea behind it is sound.
Re:Into the wild? (Score:5, Insightful)
Sound idea, sure. But not a substitute for good engineering. You see this issue come up again and again with these cloud services. The pressure from sales and marketing to move quickly and monetize the idea (and support lots of subscribers quickly) is not conducive to building a solid infrastructure. Netflix's approach is actually the exact opposite of Amazon's. Amazon's system is highly engineered and designed to resist failures that take down Amazon.com for it's customers. That is their number one goal. Amazon.com has not been down for a long time. AWS is an offshoot of that effort to resell their extra cycles but it's not nearly as engineered at the Amazon.com application built on top, which redirects around the globe and does lots of other things. It seems that AWS always has some new service coming out, but think about this: all those services were probably made by Amazon 3 years ago and they are just now releasing them to you..
Netflix, on the other hand, seems to be just hacking together a site, if this is really what they primarily used to QA their application. What you're doing with this random failure thing is just statistically creating errors and finding bugs in failure handling code statistically. This means there's _up to_ an infinite number of bugs that will *not* be found with this method because they are unlikely or the tester is unlucky.
It certainly has to do with the math of it, but it also has to do with the human culture that arises when working like this. See, with this brute force iterative programming, you are building a nest of patches. So what you are going to end up with is going to be more complicated and less functional than if you do the hard work. And that's the issue. Thinking about stuff in terms of thousands or millions of nodes is "too hard" so the aforementioned cloud providers keep coming up with "creative solutions" like this. (I remember reading about Facebook hacking mysql a few years back and shaking my head as well..) But, like "creative accounting", it may not be illegal but it may get you into trouble. You're never going to be absolutely sure the application will stay up and available. Ok, fine, so it Netflix goes down no ones going to die, but still...there's millions of dollars and subscriber goodwill at stake and that's not nothing.
Anyway, don't think that I'm railing against creative testing, but they shouldn't think they are so clever as the release seems to imply they think they are ;)
Re: (Score:3)
Re: (Score:2)
That's a lot of guesswork... I don't see many links backing your positions up.
His positions are superficial and emotional, that's all.
Re:Into the wild? (Score:4, Insightful)
Re: (Score:1)
The superiority of Amazon's engineering culture over Netflix must be the reason why during the last major EC2 outage, Netflix managed to stay up and operational...
Re: (Score:2)
To clarify what I specifically wrote in my post, Amazon.com (Amazon's application, where they make the money), has not been down in a long time. The Virgina EC2 outage only affected the excess capacity they resell to AWS customers. I'm not singling out Netflix and I'm not saying that this is a bad or horrible or un-useful tool. I appreciate all the stuff Netflix is open-sourcing.
Re: (Score:1)
I've been using Netflix for years now - and I've only had trouble with the streaming service once, maybe twice in that time. Hulu often freaks out, Vudu the same - so I think the proof is in the pudding. Lastly, this is just an additional testing piece, and frankly it is very cool. No where did they say it was a substitute for good engineering.
Re: (Score:3)
If Netflix is hacking together a site, why is their HD streaming more reliably pleasing than any other online service, including places like Comcast, which presumably has 100x the engineers on hand? Maybe they are good at teh hacking?
Re: (Score:3)
It is better than Amazons on the PS3 for me. Amazon gets stuck buffering a lot for me.
Re: (Score:3)
Meh, what's the point of good engineering if you never test it? I've heard of a quite a few wonderfully expensive and over-engineered UPS and RAID deployments that failed completely because they never bothered to actually test the procedures. The last company I worked at would often have regular "emergency power off" events where they'd do a complete shutdown of the entire datacenter triggered by various environmental factors. And you know what? More times than not they'd still find a system that someho
Re: (Score:2)
Sound idea, sure. But not a substitute for good engineering.
That argument only makes sense if it were the case that Netflix is using it in lieue of good engineering. But, it isn't, so...
Also, this is a false dichotomy. Chaos Monkey is in great part a form of fault injection, which itself is part of good engineering.
You see this issue come up again and again with these cloud services.
Like amazon EC2?
The pressure from sales and marketing to move quickly and monetize the idea (and support lots of subscribers quickly) is not conducive to building a solid infrastructure. Netflix's approach is actually the exact opposite of Amazon's.
You know this from a fact, or is it pure speculation?
Amazon's system is highly engineered and designed to resist failures that take down Amazon.com for it's customers. That is their number one goal. Amazon.com has not been down for a long time. AWS is an offshoot of that effort to resell their extra cycles but it's not nearly as engineered at the Amazon.com application built on top, which redirects around the globe and does lots of other things. It seems that AWS always has some new service coming out, but think about this: all those services were probably made by Amazon 3 years ago and they are just now releasing them to you..
Great non sequitur.
Netflix, on the other hand, seems to be just hacking together a site, if this is really what they primarily used to QA their application.
Seems? Seems? First you state in very certain terms that Netflix is doing the exact opposite to Amazon. A
Re: (Score:2)
Thanks for taking the time to reply to my post, I appreciate it.
Re:Into the wild? (Score:4, Informative)
Seems more about that they've just published the source code on github [github.com] under the Apache licence.
So you can run your own chaos monkey on your own amazon cloud systems, or modify it to run on your private cloud, or whatever.
Re: (Score:1)
Re: (Score:1)
panic(cpu 0): Enraged Monkey Error: Out of bananas!
Very Erlang-y (Score:3, Informative)
We have found that the best defense against major unexpected failures is to fail often. By frequently causing failures, we force our services to be built in a way that is more resilient.
Sounds like what has been common in Erlang for decades. [wikibooks.org]
Off topic: when I watch the /. homepage, I am logged in. As soon as I click on a story, I become an Anonymous Coward. Did anybody else experience this bug too?
Re: (Score:2)
I don't have such a problem.
Re: (Score:2)
Re: (Score:2)
Off topic: when I watch the /. homepage, I am logged in. As soon as I click on a story, I become an Anonymous Coward. Did anybody else experience this bug too?
Some would see this as a super power... of course they're already trolls, but mighty trolls with super powers.
Seriously, I've seen something like this in FF with some privacy plugins, but it's been awhile.
Re: (Score:2)
You're probably disabling subdomain cookies. For instance right now we're not on slashdot.org, we're on it.slashdot.org.
Missleading title (Score:4, Funny)
Re: (Score:1)
I'm just wondering what makes Chaos Monkey different than Timetwister, and how much mana it costs.
Re: (Score:2)
Freakin' PING can be turned into a DDOS tool in like five seconds. Doesn't mean it shouldn't be distributed.
Also, I imagine it needs some form of authentication to actually turn your site off. Which means you'd have to already have a privileged username/password for each site you want to attack. Pretty poor DDOS tool.
Re: (Score:3)
they just released the source to something that can be turned into a ddos tool in like 5 minutes? seriously?
If someone else has the private keys that let them control your EC2 instances, then you probably have more to worry about than a tool that will randomly shut down your running instances.
Re: (Score:2)
Please try to read the summary again. If anyone has gained the access level required to run this software, you are already f*cked beyond rescue.
Chaos Monkey? (Score:1)
One black, one red, one green, one blue and one white mana + X ,where X is random. Throw any in play instant through the room: if it lands face-down eat a banana. If it lands face-up the instant is played a normal.
Re: (Score:2)
Chaos Monkey? (Score:1)
The Truth (Score:2, Informative)
Better go underground ... (Score:1)
Obligatory... (Score:4, Funny)
MonkeyLives [folklore.org]
Re: (Score:2)
Don't know if you noticed this:
We kept our system flags in an area of very low memory reserved for the system globals, starting at address 256 ($100 in hexadecimal)
100 bucks for an address?
Cool story, though.
I love this thing (Score:4, Interesting)
Not only for the idea that a serious company lets a masturbating-and-throwing-poo grinning idiot loose in their sensitive vitals, but also because it draws so many parallels with other resilient systems.
Allergies cured by parasitical worms? Chaos Monkey Effect - you need something attacking your defences for your system to stay healthy
Ecosystem that relies on bushfires to clear old vegetation? Chaos Monkey Effect
Something almost Zen about not only turning an attacker's violence against them, but deliberately introducing new attackers so your system is strengthened by them.
Well done chaps, carry on.
Re: (Score:1)
Java, meh (Score:5, Funny)
Leave it to some java developers to write 100k lines of code to do a shutdown -h now.
Re:Java, meh (Score:4, Funny)
1 line to do shutdown -h now.
99,999 lines to build a GUI.
That sounds about right.
Re: (Score:2)
Personally I am shocked they did not write it in Scala.
oh..THAT chaos monkey (Score:2)
at first I was thinking the article was about this chaos monkey.
http://www.wtop.com/681/2859976/Rock-throwing-chimp-plans-complex-attacks-on-visitors [wtop.com]
Excellent idea and great work (Score:1)
Congrats team, give yourselves a slap in the face!
Good idea for mobile devs too... (Score:2)
Except they need to randomly turn off the network connection in their test envronment. It's amazing how many mobile apps assume you'll always have a solid connection and never be in an elevator, or walking between tall buildings, or the basement of a convention center, or any other place with a spotty or overloaded signal.
Wait.. (Score:2)
The shot heard 'round the Web... (Score:2)
A Cure for "Unexpected" (Score:4, Funny)
"We have found that the best defense against major unexpected failures is to fail often."
In other words, you'll never be disappointed if you expect total incompetence. I've already achieved this same thing on my own with my Netflix account, by completely and utterly lowering my expectations.
In other news... (Score:2)
Script kiddies are released on the internet to improve security by exploiting unchecked buffers and unsanitized inputs...
Security of information at all time high.
Errrr...
For a bit more background about Chaos Monkey (Score:3)
God, title sounded WAY more awesome (Score:2)
I was picturing a wild, multicolored, gene-spliced ball of fur tearing around, shoving badgers in lion's ears 'n shit.
Chaos Monkey start up this morning... (Score:2)