- so I’m saying it should not only be pressure tested but be in continuous operation in order to flush out failure modes before a catastrophic scenario plays out, it needs to be providing value way before an extinction level event plays out.
This seems to rely on an assumption that the failure modes that would exist in “normal mode” are related or correlated, to a fairly high degree, to the failure modes that could show up in “catastrophic mode.” That’s not obvious to me.
I’m not sure, if you look back at Biosphere 2 for example a large number of the failure modes were identified fairly early on. In my experience there are two things that cause unexpected failure modes, scale and duration. i.e. running something at a larger scale than was previously tested can often reveal unintuitive failure modes and running something for longer that previous can reveal failure modes.
I get what your saying that running a service in a different environment to what it was tested in can cause unforseen issues, but I think with simulation and testing like they did for bejing airport or the kind of testing they do at SpaceX—we should be aiming to test these things to failure points.
This seems to rely on an assumption that the failure modes that would exist in “normal mode” are related or correlated, to a fairly high degree, to the failure modes that could show up in “catastrophic mode.” That’s not obvious to me.
I’m not sure, if you look back at Biosphere 2 for example a large number of the failure modes were identified fairly early on. In my experience there are two things that cause unexpected failure modes, scale and duration. i.e. running something at a larger scale than was previously tested can often reveal unintuitive failure modes and running something for longer that previous can reveal failure modes.
I get what your saying that running a service in a different environment to what it was tested in can cause unforseen issues, but I think with simulation and testing like they did for bejing airport or the kind of testing they do at SpaceX—we should be aiming to test these things to failure points.