In Making Work Visible, Dominica DeGrandis defines the concept of Lead Time as the time between feature request and feature delivery. In a standard Kanban board, Lead Time is the time it takes for a card to move to the Done column, starting when it is added to the To Do column.

There are also component metrics to look at that break down Lead Time. The time it takes to move from To Do to Doing is called the Backlog Wait Time. And the time it takes to move from Doing to Done is the Cycle Time.

The goal for an organization concerned with feature delivery is to improve on two aspects of Lead Time: raw Lead Time and Lead Time Variability. Features need to ship as fast as possible and as predictably as possible. To make that happen, modern companies organize developers into small teams that integrate as many skillsets as possible. In a traditional organization, the UI/UX design team may need to submit a design to the front end engineering team to be implemented. Because these are two different teams with two different backlogs of work, that design may languish in the front end engineering team's To Do column, leaving the feature in a Wait State, extending the overall Lead Time. In that scenario, pairing up a UI/UX designer with a front end engineer then makes sense; it eliminates a wait state. If we extend that same train of logic, we end up with UI/UX, front end engineering, back end engineering, database, security, and infrastructure compentencies on a single team.

But that decomposition isn't always possible or desired. There are certain competencies that aren't always required to complete a feature: not every feature needs a full stack performance analysis or a new authentication integration. In a recent conference talk, even Google stated that their SRE team is largely siloed from developers. So there are many cases in which it doesn't make sense to have specialists scattered among the small teams. If we accept that some competencies will be siloed, how do we protect Lead Time and Lead Time Variability?

Backlog Management for A Siloed Team

Network engineers spend a lot of time studying queueing. Routers need to make decisions about where to send packets and those decisions can take time. When the queue of packets waiting for a routing decision begins backing up, each packet has a longer wait time before it gets forwarded. This longer queue can overwhelm the router. It only has a limited amount of memory dedicated to packet queues, and when that queue is full, no more packets are even allowed to get in line (we call that a 100% drop rate). If that happens, then every computer and application that needs to get traffic through the router breaks down. Failure begins to cascade through the entire network.

So routers implement Quality of Service (QoS) and Active Queue Management (AQM) policies. That memory space dedicated to waiting packets is divided into serveral queues of different priorities. The network's QoS design decides what kind of traffic belongs in each queue. For example, VOIP traffic usually gets assigned to the highest priority queue. When VOIP packets begin backing up, phone conversations suddenly start stuttering due to an increase in the variability of packet arrival times, or jitter. AQM is implemented for each queue with the goal of preventing the queue from filling up. The most common algorithm to accomplish this is Random Early Detection (RED). RED defines two thresholds: kind of busy and really busy. When that queue is kind of busy, RED will begin dropping packets at a relatively low drop rate. When the queue becomes really busy, RED increases the drop rate. The logic behind this is that applications are able to send that packet again later (usually 5-20 milliseconds), so the actually service interruption is minimal. But the most important, time critical, data always gets through on time.

What can we learn from this example about that siloed team's To Do column? The longer the queue is, the longer any item will take to make it through the backlog. Think of this in the case of a backlog grooming meeting. If a team has to go through and re-prioritize 300 cards to decide what to work on next, what are the chances that some really important items will be lost in the shuffle? And how long will that backlog grooming meeting run over, impacting the time available to work active items? If a mechanism isn't in place to restrict queue length, lead time will increase due to increased backlog wait time AND due to increased cycle time.

Does that mean teams should start turning away work at random? Probably not. But team leads, product owners, and the like can begin telling requestors that "due to current obligations, the team is unlikely to be able to work on this request until Q4." These team leads can hold deferred requests in place that isn't visible to the rest of the team. They don't show up on the Kanban board's backlog, and thus don't take up team members' mental space unnecessarily.

Once we put conventions in place to protect the queue length, what can we do to reduce Cycle Time and Cycle Time Variability?

Decreasing Cycle Time for Siloed Teams

To protect Lead Time, it is necessary to reduce individual utilization. When someone isn't that busy, it's far easier for them to pick up an urgent work item. When someone isn't that busy, it's far easier to chase all the fine details of a particular request to completion, rather than just doing the essential work and deferring less urgent tasks like documentation (or maybe that's just me). We can make a large part of that utilization visible by enforcing Work In Progress (WIP) limits for individual and team workloads. And for the rest of that utilization, we need to examine overhead.

Application architecture has been moving towards microservices: autonomous, loosely-coupled bits of code that do one thing and one thing only. Because each functional component is isolated, the software environment is modular by design, making it really easy to maintain, update, or even replace one component of a large application without affecting too many dependencies. Before, an application server would contain a large amount of monolithic code to do several different things, interact with several different external services, and return several different pieces of data to an end user.

These monoliths were architected, in large part, because of overhead. The original servers were all physical machines. The overhead in rack space, power, and cooling meant that fewer, beefier servers made more sense than many smaller servers. There was too much overhead to justify running tiny amounts of code on a server. The monolithic design was more cost effective. When OS virtualization was created, it became possible to run several segregated virtual machines (VMs) on a single physical server. The design message going out to developers and system administrators became "only run a single significant process on each VM." Functional decomposition became limited by the overhead of replicated operating systems. Each VM still had to run a kernel, operating system, networking stack, and all the related processes that keep those things operating. Over the past decade, the industry has eliminated even more of the overhead by developing container technology. Containers only replicate software dependencies, sharing all of the OS overhead with tens or hundreds of other containers on a single system.

Right now, many knowledge workers have overhead comparable to an old server. There exists a constant barage of emails, instant messages (IMs), meetings, tracking spreadsheets to update, websites to log into, training to complete, and dozens of other small tasks that need to exist alongside meaningful work. DeGrandis points out that project managers struggle to effectively manage a project when they get interrupted with questions about project status updates several times a day. What opportunities exist to reduce administrative work that individuals and teams need to manage? How can managers treat their teams like a nervous sysadmin treats a problematic VM that "just needs one more agent installed on it, I promise?" Reducing or consolidating meeting attendance, email and IM presence, paperwork, training, and task and time tracking are all possible methods to reduce overhead, thus reducing overall utilization and focusing attention on meaningful work.

The challenge is that this is a culture shift that goes beyond just the company. Our modern workplace culture incentivizes busyness by default. Employees feel like they're doing something wrong when there isn't that much to do. Hearing stories about companies like Amazon modeling what 100% output within a position looks like and judging individuals against that standard reinforces that anxiety. In knowledge work settings, it's always easy to satisfy that anxiety by sending more emails, responding to more IMs, and attending more meetings.

But the cost of those interactions on real work is devastating. As told in Cal Newport's A World Without Email, the company RescueTime performed a study on users of its platform and found that half of its users checked email or IM an average of at least once every six minutes. In fact, they found that most of their users never went more than an hour without checking email or IM. So most RescueTime users are unable to go more than a full hour without their work being interrupted. And since it takes up to 20 minutes to turn full attention to a task, those small interruptions result in a significant blow to what any individual is able to accomplish. And the people who signed up for RescueTime are the ones who are mindful of how they spend their time! How do the rest of us stack up?

But wait! Meetings, emails, and IMs are how people communicate! How can someone get the information they need to complete some piece of work without these tools? It turns out that we can turn to the microservices architecture to offer a suggestion for this, too.

Creating consistent interfaces is key to reducing back-and-forth communication and clarification. The ubiquity of REST APIs means that every piece of software maintains application state client-side. Every piece of software supports providing required identifiers and inputs for every API call. CRUD functions do much of the same thing. A developer knows that creating create, rename, update, and delete methods for an object will satisfy every valid interaction with that object. A consistent interface with a functional team acts in a very similar way. If all required information is provided up front, less back and forth is required to accomplish a goal.

That is quite a tall order: how do you guarantee you can provide every since piece of necessary information up front. A lot of knowledge work is ambiguous, and things are always changing. I've found that some teams I interact with have solved the problem quite well. I can submit a request to them and consistently expect to have a meeting scheduled on my calendar soon after. In that meeting, all of the back and forth required to collect information, clarify intentions, and set requirements can happen synchronously. Asynchronous communication through email and IM is significantly reduced after that meeting.

Conclusion

If a company or organization is concerned with delivering features to customers, it needs to take a serious look at how individuals and teams manage their workloads. If Lead Time is what matters, then teams need to have the freedom to restrict backlog length to something managable. Teams need to have enough capacity so that each individual maintains a moderate utilization. The company culture needs to emphasize completeness over busyness. Teams need to consolidate or abstract overhead so that each individual can reduce the number of interruptions in the day. And teams need to define better interfaces between teams to help reduce those small interruptions.

The companies and teams that transition to this workflow successfully will see more advantages than just protecting Lead Time. Employees will have a lower incidence rate of burnout and they will feel more comfortable with their work/life balance. So turnover will reduce, leading to retained institutional knowledge. That retained institutional knowledge will help with technical debt reduction and bug squash efforts, providing a more stable platform over time.

My programming education in college was very computer engineery, and not at all computer sciency. Instead of "Hello, World", we started with logic gates and MOSFETs. We learned how to make single purpose circuits, and then how to design an instruction set to combine those circuits to make a programmable circuit. After writing simple programs in machine code in a simplified Instruction Set Architecture, assembly language was remarkably readable. When we started learning C, a good portion of the education was compiling simple functions to the representative assembly.

While this curriculum was very well suited to the embedded systems, digital logic design, and microprocessor design courses that followed, it wasn't the best preparation for building modern applications. I had a difficult time ignoring the layers of abstraction between the Java code I was writing and the resulting machine code. I spent so much time trying to rationalize the abstraction of simple built-in methods like String.toUpper() that I couldn't code productively. In fact, it took years for me to understand that I had fundamental misunderstandings about some features of higher level languages.

I vividly remember the lightbulb moment I had when I realized the utility of exceptions. Until that moment, there wasn't any difference between an exception and a segfault in my mind. When an exception isn't handled, it causes the program to halt, just like a segfault. I spent a lot of time and CPU cycles coding around exceptions. During that lightbulb moment, I was writing a function in Powershell to make sure a given file was available to edit. I spent a couple hours trying to figure out what flag or attribute existed to tell me if I could use it or not, and finally found a StackOverflow post that told me to just try to edit it and deal with the exception if I couldn't. Struggling through that function finally taught me that exceptions are not errors; exceptions are flow control.

Learning How and When

Abraham Maslow popularized the phrase "if all you have is a hammer, everything looks like a nail." His argument, when using that phrase, was for methodological innovation in psychology research. Novel problems must be researched with novel approaches. But he acknowledges that the learning process to find the correct approach is inelegant. "What one mostly learns from such first efforts is how it should be done better the next time."

In the learning process, most of the work is learning to recognize a situation that a particular approach is well suited for, and I think an excellent way to do that is to treat that approach as the only option. In rock climbing, I refined my heel hook technique by using that for every single move until I understood when it would help and when it would hinder. In programming, I challenged myself to write a functional command line tool without a single if statement.

Exceptions in Python

Exceptions in Python and other higher level languages are really just the language trying to tell you that something unexpected happened, and they give you the opportunity to choose how to manage that unexpected thing. For example, something as simple as opening a file carries a bunch of underlying assumptions. The file must exist, the program must have the proper permissions to read the file, and the program must be able to access the directory the file is in (it's tough to get to the corporate network drive when you aren't on the VPN). Depending on which of those requirements is satisfied, you may want to handle things differently. If the program can't access the directory, maybe you want to doublecheck that there aren't any spelling errors in the file path. If the file doesn't exist, maybe you want to create it. Exceptions gives you, the programmer, options to deal with those problems rather than allowing the program to just quit.

There are really only 3 elements of Python I relied on to replace if statements:

try

A try block defines a section of code where an exception might occur. It's common practice to use these only at the edges of a program, or where it interacts with something potentially unreliable like a file, a network connection, or a user.

try:
    do_thing_that_might_fail_weirdly()

except

An except block is the complement to a try block, like an else is to an if.

try:
    do_thing_that_might_fail_weirdly()
except:
    print("The thing failed weirdly")

Excepts can also look for specific exceptions. These can be defined by the programmer or just built in.

except WeirdFailure:
    print("The thing failed weirdly")

Excepts can also be chained together off a single try block, searching for different errors.

try:
    do_thing_that_might_fail_weirdly()
except WeirdFailure:
    print("The thing did the weird thing")
except OtherWeirdFailure:
    print("The thing did the other weird thing")
except:
    print("This block catches every other exception")

assert

This was my big cheating move. Assert statements are usually used in tests to make sure things are as you expect. In this coding challenge, I heavily relied on assert statements to get around conditional statements.

try:
    assert "show" == user_input # Hammer, meet scrambled eggs
except AssertionError:
    pass

TODO List Manager Structure

The user experience I wanted for this todo list manager was a captive command line interface. I wanted to launch the program by choosing one of many different lists and then interacting with only that chosen list. I wanted to make sure I could check items off the list, give myself notes, and support sub-tasks.

Launching the Program

I used the argparse library in Python to automatically define command line flags and a help dialog:

def initiate():
    description = "Manage all your TODOs with this overcomplicated application!"
    parser = argparse.ArgumentParser(description=description)
    parser.add_argument('todo_path', help="File path to the todo file you want to interact with.")

    args = parser.parse_args()
    return args.todo_path

Opening that todo file and reading in the JSON gave me the first opportunity to use the hammer I chose for this exercise. I needed to check two things: that the file exists, and that it is a valid JSON file. The function below will do one of three things: return the dictionary representation of the JSON file passed into it, return a blank dictionary, or close the program.

def read_todo_file(file_path):
    try:
        with open(file_path) as todo_file:
            todo = json.load(todo_file)
    except json.JSONDecodeError:
        # We don't want to corrupt a file that is in the wrong format.
        print(f"{file_path} exists, but is not a valid JSON file. Exiting")
        sys.exit()
    except:
        # If the file doesn't exist, then we create a new file
        print(f"{file_path} does not exist, starting a new todo list.")
        todo = {}
    finally:
        return todo

Once the todo file is read into memory, we enter the user interface.

User Interface

I chose a very simple user interface; it's just >. Once a user enters a command, it runs through a set of expected commands, and has a catch-all clause to handle gibberish or misspellings. If you look carefully, you'll see that it's recursive, but with no way to get back up the layers of recursion. It's a dumb memory leak, but that wasn't the point of this challenge.

def user_interface(todo, file_path):

    user_input = input("> ")

    try:
        try:
            assert "show" == user_input.lower()
            show(todo, file_path)
        except AssertionError:
            pass
        try:
            assert "show closed" == user_input.lower()
            show_closed(todo, file_path)
        except AssertionError:
            pass
        try:
            cmd = "show task "
            assert cmd in user_input.lower()
            show_task(todo, user_input.lower().replace(cmd,''), file_path)
        except AssertionError:
            pass
        try:
            cmd = "add notes "
            assert cmd in user_input.lower()
            add_notes(todo, user_input.lower().replace(cmd,''), file_path)
        except AssertionError:
            pass
        try:
            cmd = "add subtask "
            assert cmd in user_input.lower()
            add_subtask(todo,user_input.lower().replace(cmd,''), file_path)
        except AssertionError:
            pass
        try:
            cmd = "add "
            assert cmd in user_input.lower()
            add_task(todo, user_input.lower().replace(cmd,''), file_path)
        except AssertionError:
            pass
        try:
            cmd = "close "
            assert cmd in user_input.lower()
            close_task(todo, user_input.lower().replace(cmd,''), file_path)
        except AssertionError:
            pass
        try:
            assert "exit" == user_input.lower()
            exit(todo, file_path)
        except AssertionError:
            pass
        try:
            assert "help" == user_input.lower()
            help(todo, file_path)
        except AssertionError:
            pass
        raise SyntaxError
    except SyntaxError:
        print("Syntax Error")
        user_interface(todo, file_path)

One interesting thing I want to point out is that at the end of the upper level try block, I put in raise SyntaxError. SyntaxError is a built-in exception, and I'm manually throwing that exception because it's the best way for me to express that the user didn't type what I wanted them to. The except block at the end will deal with that by means of my horrible recursion.

Using Dictionary Exceptions

I defined the "show" command to list all open tasks. In the JSON schema, an open task is defined as a task that does not have a "completed_timestamp" element. Therefore, I can try to read that timestamp and put the code I care about in the except block.

def show(todo, file_path):
    for task in todo.keys():
        try:
            complete = todo[task]["completed_timestamp"]
        except KeyError:
            print(task)

    user_interface(todo, file_path)

The traditional way to write that would be something like the function below. I mostly turned that not in conditional phrase into what I'll call an "intentionally subverted expectation."

def show(todo):
    for task in todo.keys():
        if "completed_timestamp" not in task.keys():
            print(task)

I am particularly proud of the way I close tasks. Just like when reading in the original todo file, there were three cases to deal with: the task is open, the task is already closed, and the task doesn't exist. First, I try to get the completion timestamp. My expectation is that does not exist and the program will throw a KeyError. However, the program will also throw a KeyError if task_name doesn't exist, so I need another try/except block inside the upper except block. Inside that, I write a line that will throw a KeyError only if the task does not exist. And once we get through all those potential exceptions, we take the useful action of creating the completed_timestamp key and giving it a value.

If the original statement executes without any exception, I know that the task is already closed. Therefore, I raise a ValueError to handle that case.

def close_task(todo, task_name, file_path):
    try:
        complete = todo[task_name]["completed_timestamp"]
        raise ValueError
    except ValueError:
        # Ironicaly, the error is that there is a value
        print("Task already closed. Nothing else to do")
    except KeyError:
        try:
            task = todo[task_name]
            todo[task_name]["completed_timestamp"] = str(datetime.now())
        except KeyError:
            print("No task found")

    user_interface(todo, file_path)

Conclusion

I will never use this program for any of my todo lists. I will never use most of these techniques for any useful code. But I did treat exceptions as the hammer that would solve all of my problems and found the truly useful cases. The best case for using exceptions in this program is reading in the original todo file. I can't think of a more efficient or more readable way to make sure that todo file exists and is a valid JSON file.

As usual, the complete code for this post is available on Github.

Over the past few years, my girlfriend has gone through medical school. That has given me a wonderful opportunity to get some exposure to what I am convinced is one of the most rigorous and most effective training regimens to learn troubleshooting. Talking with her and many of her classmates, I've been able to see the strong parallels between medicine and IT and apply some of the procedures taught in medical school to my work (after all, isn't CPR pretty much just percussive maintenance?).

The frameworks that medical school teaches to diagnose patients are completely adaptable to IT troubleshooting, and I have enjoyed more effective troubleshooting sessions, faster problem resolution, and a more enjoyable experience troubleshooting because of them. And now, I think my understanding of that adaptation is mature enough to share. In this post, I'll talk a little more about the similarities and differences between medicine and IT, describe two diagnosis procedures, and walk through a sample scenario to apply them.

Comparing Medicine and IT

In my opinion, the training that medicine has in place and the general level of competence almost everyone exhibits are traits that the IT world should aspire to. And the reason medicine does this so well is due to the rigor of training.

Someone who wants to be a doctor will finish their undergraduate degree, attend medical school (4 years), attend residency (2-5 years), and possibly attend a fellowship (2-8 years) to enjoy a position roughly equivalent to Tier 3 helpdesk. The reason there's even content for that much education and training is because today's medicine is the culmination of something like 5,000 years of focused research on the human body, which hasn't changed all that much in that time. In comparison, computer time has only been around for 50 years, and someone released a new Javascript framework in the time it took to read this paragraph.

Medical school, in particular, really focuses on two things: the things that can go wrong with the human body and how to figure out which thing is going wrong right now. In fact, someone interested in pure research (solutions architecture?) would not even be required to go to medical school. Those developing vaccines, for example, are much more likely to have PhDs in immunology or microbiology than MDs.

Put through the lens of medical education, our current system of putting Computer Science graduates into helpdesk roles seems flawed. "Oh, you think you broke your leg? Press 1 to speak with a microbiologist."

Imagine a system like medical school for IT: all the knowledge the wizened sysadmin in the corner shouts out is taught in a classroom setting. Performance issues depending on types of load for the default Java Virtual Machine (JVM) configuration. What does deadlock in the database look like? What's an effective response to different types of DDoS attacks?

That sort of education is impossible in the current state of IT. Things change so fast, and companies' implementations differ so greatly, that there is no way to keep coursework relevant and up-to-date. Imagine learning all about network troubleshooting and then going to work for Google: oh SNAP, they don't do networking like anyone else. Really, the best thing we can do is maintain good documentation of how our systems are supposed to function and hire people with the right fundamentals to adapt well to the quirks.

But once we assume that an individual has a decent understanding of a system having issues, whatever the method, we can start discussing how that person would troubleshoot those issues.

Differential Diagnosis

The first diagnostic framework to discuss is differential diagnosis. It's something that talented IT people likely already implement, but it isn't something taught very well. The idea is very simple. Take a well defined problem and come up with a ranked list of possible causes, in order of likeliness. Then, select tests to perform to either circle or cross out items on that list. Keep an eye out for possible causes that are very severe; you may want to try to rule those out first.

Consider getting a report that a user can't access a file on a file share. Your list might look something like:

1. User isn't connected to the network
2. Someone moved the file
3. Potential permissions issue
4. Cryptolocker

While ransomware is really low on that list in terms of likeliness, it would have a massive impact. Therefore, your first test might be to try to access that file yourself. If you can, you end up ruling out the most severe item on the list. And maybe even #2 as a bonus.

This is an iterative process, so as you check more things and obtain more information, add and remove items from that list as necessary.

Because the medical field is already so rigorous as to what symptoms mean which possible causes, differential diagnosis is a tested skill. One exam a medical student has to take is called Step 2: Clinical Knowledge. This exam features word problems that describe a set of symptoms and ask the student what the best test to perform would be. And while each test listed in the multiple choice may be useful, there is only one that is the correct next step for this patient. IT has a long way to go before it gets to that level of maturity.

The second framework I want to discuss is nothing more than a procedure that ensures you have the best information possible to build out your differential diagnosis.

HOPS: Structured Information Gathering and Testing

The next time you go to the doctor's office for an issue, you may recognize this procedure taking place:

• History: a nurse will doublecheck your medical background and may ask what happened or what you're experiencing. There's a good chance the doctor will repeat many of those questions.
• Observations: the doctor will look at your condition. Unusually pale? Strange mole? Large bruise? Limbs bent the wrong way? Severe bleeding?
• Palpations: the doctor will do a brief physical exam. They may check heart rate, breathing function, and blood pressure. They may poke and prod a little bit.
• Special Tests: the doctor will do a test that costs extra money and takes extra time. X-Ray, other imaging, throat swabs that go to a lab, or even a referral to a specialist are all examples of special tests.

Notice how there is a definite turn between information gathering and testing. The doctor transitions from observation to poking and prodding. That's where differential diagnosis happens, and all of the tests that follow are based on that list.

Applied to IT, HOPS requires only a couple changes. Palpations becomes interpreted as cheap tests, or tests that can be performed without causing more impact to the user or the business. This could be pinging a server, testing if a TCP port is listening with telnet, or checking the syslog server for a specific message.

Special tests become expensive tests, or any test that will cause even greater impact. At a bank, closing one of the teller windows costs money. At a call center, taking an agent off the phones costs money. At any enterprise, turning off a service to restart with a different logging level costs money. These tests should not be run lightly, and ideally they should be used to confirm what the cheap tests suggest.

In my opinion, investment in monitoring infrastructure should be framed in terms of increasing the number and scope of tests that can be performed cheaply when something is going wrong. Network monitoring infrastructure can turn costly packet captures for timing analysis into cheap tests. Application monitoring solutions like AppDynamics or Dynatrace can transform the expensive operation to enable debug mode on a server into a cheap test to dig into the information already being collected.

When an IT professional applies HOPS, it may look like the following:

• History: are there any known issues with the system? What changes were made in the last few days? Patching? Infrastructure changes? Code releases?
• Observation: what symptoms are exhibited? What's the user experience? What does the alert in the monitoring system say? What error is displayed on the screen? Was there a stack trace printed somewhere?
• Palpations: what tests can be performed cheaply? Ping, traceroute, telnet? Are routing neighbors up? What monitoring is already in place?
• Special Tests: What else can be done to investigate?

Again, the differential diagnosis is formed after observation is completed, and it guides the tests that come after.

What Might This Look Like in Practice?

To demonstrate this system in its full form, I'll walk through an example. You just came back from lunch, sleepy from the sizable chicken parmesan sub. Ding! A new email. It says there's a new ticket assigned to you: "High Priority: Web Site is Intermittently Failing to Load Home Page." You're in such a rush to log back into the ITIL system that you almost spill the soda you brought back with you.

History

Fighting back against the carb coma, you begin by checking the ticketing system to see if there are any recorded changes over the last week that list the main web site as an impacted application. You see nothing significant.

You then check active incidents to see if there is anything else going on that could be impacting the main web site. You don't see anything related.

You engage the individual who submitted the ticket and obtain the following pieces of information: the issue has been sporadic since mid-morning, a reload of the page normally fixes things, and the error actually displayed is a generic HTTP 500.

Observation

The error displayed is a generic server-side error code without any detail. A reload usually returns the correct result.

A check on the syslog server shows that the web server logs the HTTP 500 error, but without any other helpful information.

Differential Diagnosis

1. Database deadlock - deadlock on a specific database table would normally cause a constant issue for the same database call, which a generic web site home page would be requesting, but it could appear transient if the database call is specific to the user-agent string or customer location. If deadlock protection is enabled in the specific database, then it could be fixing the deadlocks almost as fast as they happen, causing a transient issue.
2. Overloaded database, or middleware (including microservice) server - A returned error code means there probably wasn't a drop in communication between the client and the web server. A transient issue could indicate a failed back-end call. A failed back-end call could be caused by an overloaded server that is only letting some calls through. It's more common to see deadlocks issues than sizing issues.
3. DDoS, or similar attack - This could certainly result in failed web page loads, but those would normally be 4xx errors. Unless this is an attack that directly affects the web server. Severe case, but less likely.
4. Flaky connection between web server and back end - These sorts of connections typically have plenty of redundancy, so a single bad OSPF neighbor shouldn't cause this. And that would have generated its own incident.

Palpations

1. Check firewall and web server CPU and RAM utilization. These are both reasonably low, so that rules out a DDoS.
2. Check the monitoring dashboard for middleware servers. Look for evidence of a sharp increase in thread count, which is usually evidence of hung threads. You don't see anything, which makes deadlock a little less likely.
3. Check the syslog server for deadlock alerts. Nothing. This completely rules out deadlocks.
4. Check the monitoring dashboard for CPU and RAM utilization on the middleware and database servers. Middleware servers look fine, but one database has massively elevated RAM usage. This particular database, ironically, is used to track user experience on the website, and isn't required for normal function.

Special Tests

1. Take this database offline. At the code level, direct connection failure will be a quick method return that the web server can work around, as opposed to a delayed return that results in a timeout. Over the next 10 minutes, the web server stops logging HTTP 500 responses, and the issue is resolved.

Prescription

• Increase the size of the VM running that database and bring it back online. If the HTTP 500 errors return, go through HOPS again, but with a little more focused view.
• Recommend a code change for more granular timeouts and more graceful failures in the web server.

Conclusion

I have been applying differential diagnosis and HOPS in my own work over the past year, and I've found that my ability to resolve complex issues quickly has improved dramatically. I have more fun troubleshooting since I don't feel like I'm just banging my head against a wall. And in cases where I'm leading a troubleshooting effort, asking leading questions that guide the other participants on this path really improves the engagement and efficiency of the entire group.

So give this framework a try. See how it works for you. It's frustrating at first to be stuck considering options and making a list while everything is broken, the company is losing money, and you feel like you should be doing something. But the returns are there.

It all started so innocently. I had heard so much about the Jinja2 templating engine for network automation, and I decided to come up with a quick presentation to show it off while giving myself an excuse to learn it. In short, Jinja is a templating engine originally used for dynamically rendering HTML in Python that has been adopted by the network automation community to spit out customized configuration flat files.

Due to the diverse background of my audience, I didn't want to have the caucus of DBAs or the gaggle of Unix sysadmins suffer through a Cisco IOS configuration just because that's the format I'm more comfortable with. I came up with the idea of templating Mad Libs as a fun way to level the playing field.

Basics of Jinja2 for Mad Libs

When using Jinja, you have a template file along with your script. The template (saved as template.txt in this example) might look like the below. Variables to be substituted reside within double-curly brackets.

Hello {{ name }}, I'm the Jinja Ninja!

Your code to render and print the text to console would be:

from Jinja2 import Environment, FileSystemLoader

env = Environment(loader=FilesystemLoader(searchpath=/path/to/templates))
jinja_ninja_template = env.get_template('template.txt')

# Two Ways to Format the Rendering. I'll Show Both.
my_name = "Josh"
named_arg_render = jinja_ninja_template.render(name = my_name)

variable_dict = {name: my_name}
dictionary_render = jinja_ninja_template.render(variable_dict)

print(named_arg_render)
# Would print "Hello Josh, I'm the Jinja Ninja!"
print(dictionary_render)
# Would also print "Hello Josh, I'm the Jinja Ninja!"

Advanced Fancy Templating for Mad Libs

I adapted some classic literature to a mad libs format because I didn't want to write things from scratch. Poems especially make some pretty weird and funny mad libs. And my template for Stopping by Woods on a Snowy Evening by Robert Frost allowed me to demonstrate some really interesting bits of Jinja's templating.

Stopping by {{ plural_noun_1|capitalize }} on a {{ noun_3|capitalize ~ 'y' }} Evening

by Robert Frost and {{ your_name }}

Whose {{ plural_noun_1 }} these are I think I know.   
His {{ noun_1 }} is in the {{ noun_2 }} though;   
He will not see me stopping here   
To watch his {{ plural_noun_1 }} fill up with {{ noun_3 }}.   

My little {{ noun_4 }} must think it queer   
To stop without a {{ noun_5 }} near   
Between the {{ plural_noun_1 }} and {{ adjective_1 }} lake   
The {{ superlative_adjective_1 }} evening of the year.   

He gives his {{ noun_6 }} a shake   
To {{ verb_1 }} if there is some mistake.   
The only other sound’s the sweep   
Of {{ adjective_2 }} wind and downy {{ noun_7 }}.   

The {{ plural_noun_1 }} are {{ adjective_3 }}, dark and deep,   
But I have {{ plural_noun_2 }} to keep,
{% for i in range(2) %}   
And {{ plural_noun_3 }} to {{ verb_2 }} before I {{ verb_3 }}{% if loop.last %}.{% else %},{% endif %}
{% endfor %}

• Whereas you might do something like string_variable_name.capitalize() in Python to capitalize a string, you use the pipe operator to perform "filtering" in the template.
• String concatenation is done via the tilde ~
• Looping is absolutely allowed using typical Python for loops. Code blocks in the template use the {% %} format. There is a dictionary called loop that is exposed in a for loop (documentation here) to summarize useful information about the loop.
• You can use part of that loop dictionary as a condition in an if statement. Notice in the last line of the template how I have an if/else block nested inside the for loop. Its entire purpose is to determine whether to put a comma or period at the end of the line that repeats.
• The documentation and error handling for Jinja is incredible. The official documentation website and a little experimentation were completely sufficient to work through everything in this project.

What if You Don't Know What Variables Are In the Template?

To create a generic script to interpret the Jinja templates, it needs to be able to handle a varying number of verbs, nouns, and other parts of speech, as well as more unusual stuff like proper nouns, collections of words that rhyme, or whatever else is there. So, we need to make our script discover what's in the template. Here's how:

from Jinja2 import Environment, FileSystemLoader, meta

env = Environment(loader = FileSystemLoader(searchpath = '/path/to/templates'))

# This is the part where we figure out what we need
template_src = env.loader.get_source(template)
template_parsed = env.parse(template_src)
parts_of_speech = meta.find_undeclared_variables(template_parsed) # Returns a set
user_prompts = list(parts_of_speech) # Lists iterate faster than sets
try:
    # If you use range() to make a for loop,
    # Jinja2 will return 'range' as an
    # undeclared variable. You have to ignore it.
    user_prompts.remove("range")
except ValueError:
    pass

# This is where we prompt the user
dictionary_for_rendering = {}
for prompt in user_prompts:
    dictionary_for_rendering[prompt] = input(f'{prompt}: ')

# And now we render
template = env.get_template(template)
print(template.render(dictionary_for_rendering)

This Was The Initial Presentation

I successfully presented a command line script that would discover variables in a Jinja template, prompt the user to fill them in, and display the result. There was wild applause in my own head.

How Did This Get Out Of Hand?

A few things happened to transform this effort from a fun and silly presentation to a truly wacky side project. First, I brought my laptop to a coffee shop one Saturday morning and everyone around me got really excited to screw up classic literature via random word choices. Second, I completed my fireplace project and learned how truly easy Flask is to use. Third, I began planning a presentation that would require some sample network data (working title is Did the Infrastructure or the Application Mess Up: Fault Domain Isolation Through Packet Capture Timing Analysis).

Let's Adapt This For A Browser

This was the perfect opportunity to use Jinja for what it was actually designed for: dynamically rendered HTML!

I knew I wanted three webpages: one to present the story options, one to prompt the user for the parts of speech, and one to show the result. This was plenty to get the stub going:

from flask import Flask, request
from jinja2 import Environment, FileSystemLoader

app = Flask(__name__) # the application needs to be a global statement
web_env = Environment(
            loader = FileSystemLoader(searchpath = r'./html_templates')
        )
story_env = Environment(
            loader = FileSystemLoader(searchpath = r'./story_templates')
        )

@app.route('/')
def home_page():
    pass

@app.route('/show_form')
def madlib_form():
    pass

@app.route('/show_output', methods=['POST'])
def present_madlib():
    pass

if __name__ == '__main__':
    app.run(debug = True) # debug mode dynamically reloads the web server upon code changes

Because I wanted this to become a little more appropriate for the real world, I decided to change the undeclared variable search to just a list in a file. On an actual web server, it would save a decent amount of processing, comparatively. So, I offloaded all the story attributes to a JSON file.

{
    "stories": [
        {
            "id": 1,
            "name": "The Woods",
            "template": "woods.txt",
            "portrait": "/portraits/robert_frost.jpg",
            "attributes": [
                {"type": "Your Name", "var_name": "your_name"},
                {"type": "Plural Noun", "var_name": "plural_noun_1"},
                {"type": "Plural Noun", "var_name": "plural_noun_2"},
                {"type": "Plural Noun", "var_name": "plural_noun_3"},
                {"type": "Noun", "var_name": "noun_1"},
                {"type": "Noun", "var_name": "noun_2"},
                {"type": "Noun", "var_name": "noun_3"},
                {"type": "Noun", "var_name": "noun_4"},
                {"type": "Noun", "var_name": "noun_5"},
                {"type": "Noun", "var_name": "noun_6"},
                {"type": "Noun", "var_name": "noun_7"},
                {"type": "Adjective", "var_name": "adjective_1"},
                {"type": "Adjective", "var_name": "adjective_2"},
                {"type": "Adjective", "var_name": "adjective_3"},
                {"type": "Superlative Adjective", "var_name": "superlative_adjective_1"},
                {"type": "Verb", "var_name": "verb_1"},
                {"type": "Verb", "var_name": "verb_2"},
                {"type": "Verb", "var_name": "verb_3"}
            ]
        }
    ]
}

Don't worry, we'll get to that portraits value a little further in the descent into madness. For now, this gives us plenty of information to start rendering some web pages.

def home_page():
    home_page_template = web_env.get_template('home.html')
    stories = madlibs_helpers.get_story_list() 
    # I offloaded local file operations to a helper file.
    # If in the future I take this from JSON files to a
    # database, there's no need to mess with the Flask code.
    return home_page_template.render(story_list = stories)

This then renders the following HTML templates:

home.html

{% extends "base.html" %}
{% block body %}
    <h2>Choose from the following mad libs!</h2>
    {% for story in story_list %}
    <p><a href="/show_form?id={{ story.id }}">{{ story.name }}</a></p>
    {% endfor %}
{% endblock %}

base.html - Notice how I fill in the body block in home.html

<!DOCTYPE html>
<head>
    {% block head %}
    <title>Josh's Mad Libs!</title>
    {% endblock %}
</head>
<body>
    {% block body %}
    {% endblock %}
</body>

The other two pages went just as easily, and I was able to start capturing data for my other presentation.

Not Enough Data

The problem with making a really easy, lightweight web application is that when you need to use it to demonstrate issues that can happen with slightly heavier web applications, it doesn't generate enough traffic. I didn't even fill full packets with those HTML responses!

So, what takes a decent amount of data? Pictures! Why not put a picture of the original author of these selections of classic literature along with the filled-in mad lib? Why not find pictures where the author looks truly disappointed at how the user has ruined their life's work?

That's where that portrait attribute comes into play.

Where Are We Now?

So now, I have a web application that generates a decent amount of traffic that I can use to model network issues, server issues, backend access issues, and other things for my timing analysis presentation. And since I put so much effort into it, I decided I should just release it to the world!

I stuck it on a lightweight Droplet from DigitalOcean. You can check it out at madlibs.je-clark.com. All the code (minus some config work to get things going on the Droplet) is on Github.

Feel free to let me know if there are any other selections from classic literature that would make good (or truly horrible) Mad Libs. I've discovered that things between 100 and 150 words work pretty well.

Have fun! I know I have.

I'm not sure why this is a thing, but my last couple apartments have had non-functional fireplaces. At best, it's a decent-looking mantle to put some pictures; at worst, it's just a waste of space. But I endeavor to elevate everything in my apartment! I want a fire!

The idea is to stick an old monitor inside the fireplace, connect it to a Raspberry Pi, and come up with some way to start playing a video of a lovely crackling fire.

How Do I Start the Video?

Because the Raspberry Pi runs Linux, my first thought was "just do a one line bash script to start VLC Player." My second thought was "Nah, I need that Python street cred," and the decision was made.

It turns out there are several ways to run system commands with Python, and it took some experimentation to find the proper way.

The simplest way is just to run it as a system command:

import os
os.system("cvlc -f fireplace_vid.mp4")

However, it seems that my Python installation tries to run this command as root, and VLC doesn't like being run as root. So, I moved to the subprocess library:

import subprocess
subprocess.run(['cvlc','-f','fireplace_vid.mp4'])

This is the newfangled wrapper on top of Popen that tries to make things a little simpler. However, the problem I found is that this command doesn't return until the process is finished. That doesn't really work for a 10 hour video. In light of that, I finally went to the good ol' Popen:

import subprocess
subprocess.Popen(['cvlc','-f','fireplace_vid.mp4'])

This did exactly what I wanted. It ran the call, which started the video, and returned immediately.

How Do I Stop the Video?

Like I mentioned, this is a 10 hour video, and I didn't want to start it and have no way to turn it off other than yanking power to my Raspberry Pi. I ended up going with the simplest approach, which ended up being very useful with the eventual API implementation:

import os
os.system('killall vlc') # Burn it all down!

What's This Flask Thing?

At this point, I started thinking about how to turn it on and off. I didn't want to have to SSH in and run commands every time I wanted a fire, so I started thinking about using an API. It would be so easy, just hit a link in my browser bookmarks and BOOM! Fire!

One of my buddies mentioned an idea of using the Flask package to guide a presentation on HTTP APIs, so I decided to try it out. I found a wonderful tutorial that laid out everything I needed. I had almost all my code laid out minutes later.

from flask import Flask
import os, subproccess

app = Flask(__name__)

@app.route('/fire', method=['GET'])
def start_fire():
    subprocess.Popen(['cvlc','-f','fireplace_vid.mp4','&'])
    return 'Fire Started!'

@app.route('/extinguish', method=['GET'])
def stop_fire():
    os.system('killall vlc')
    return 'No Mo Fire'

if __name__ == '__main__':
    app.run(host='0.0.0.0')

This clearly isn't production-ready code, but it's totally fine for my home use. The decorators just above each function create the endpoint on the web server and call the correct function when an HTTP request comes in.

Can I Turn the Monitor Off, Too?

Now that I'm already really fancy, can I have the monitor go black when there's no fire playing? And can I wake it up just before I start the video? It turns out that Raspbian has a command called tvservice. All I need to do is add that into each of my functions.

from flask import Flask
import os, subproccess

app = Flask(__name__)

@app.route('/fire', method=['GET'])
def start_fire():
    os.system('tvservice --preferred') # Starts the monitor with its preferred settings
    subprocess.Popen(['cvlc','-f','fireplace_vid.mp4','&'])
    return 'Fire Started!'

@app.route('/extinguish', method=['GET'])
def stop_fire():
    os.system('killall vlc')
    os.system('tvservice --off')
    return 'No Mo Fire'

if __name__ == '__main__':
    app.run(host='0.0.0.0')

Is That It?

It is! 15 lines of code to run a smartphone controlled digital fireplace.