[ksmith14]

The Google SREs mentioned this in their book; the Chubby locking service had uptime that was so high that folks started to neglect making their own services resilient to Chubby failures: https://landing.google.com/sre/book/chapters/service-level-o...

[robax]

+1 for this book. As a junior DevOps engineer this book has been super helpful.

[philsnow]

the book is structured in a way that makes it pretty easy to jump around and pick and choose which parts you want to read or skip, so it's not a very large commitment to read it

[AdamM12]

Mine just came in the mail today. Pretty stoked.

[mav3rick]

Still that's bad design on the clients' part. E.g. - Just because malloc "never" fails doesn't mean it can't fail :) so better error check for it.

[Filligree]

Doesn't matter. Engineering around human failure is part of the profession.

[kjeetgill]

That's a beautiful way to put it. I'd read that book.

[Filligree]

Well, I'm a Google SRE so...

[smcameron]

Failure of malloc() might be a bad example to pick because on linux, by default, most distros overcommit, so malloc won't fail, generally. Instead, malloc will succeed allocating the address space just fine, but the RAM will get allocated upon first use, meaning that even though malloc gave you a supposedly valid pointer rather than NULL, actually using that pointer will crash your program.

[mav3rick]

Other distros may have this differently and return NULL. It's not portable and also just bad to not check for it.

[tannhaeuser]

Is there a way to fix this/switch it off? I never got the rationale for this behaviour.

[zorked]

There's a sysctl: vm.overcommit_memory=2

What most people don't realize is that you will get more OOMs if you disable overcommit.