Every system built by a single institution has points of failure that can bring the entire system down. Even in organizations that have tried hard for internal redundancy – for example, Google and Amazon have extremely distributed infrastructures – there will always be system-wide shared components, architectures, or assumptions that are flawed. The only way to guarantee there aren’t is to set up completely separate, competing organizations – in other words, new institutions.
This insight has practical implications when building internet services. One thing I learned from my Hunch co-founder Tom Pinckney is, if you really care about having a reliable website, always host your servers at two data centers, owned by different companies, on networks owned by different companies, on separate power grids, and so forth. Our last company, SiteAdvisor, handled billions of requests per hour but never went down when the institutions we depended on went down – which was surprisingly often. (We did have downtime, but it was due to our own flawed components, assumptions etc.).
The importance of institutional redundancy is profoundly more important when applied to the internet at …
Every system built by a single institution has points of failure that can bring the entire system down. Even in organizations that have tried hard for internal redundancy – for example, Google and Amazon have extremely distributed infrastructures – there will always be system-wide shared components, architectures, or assumptions that are flawed. The only way to guarantee there aren’t is to set up completely separate, competing organizations – in other words, new institutions.
This insight has practical implications when building internet services. One thing I learned from my Hunch co-founder Tom Pinckney is, if you really care about having a reliable website, always host your servers at two data centers, owned by different companies, on networks owned by different companies, on separate power grids, and so forth. Our last company, SiteAdvisor, handled billions of requests per hour but never went down when the institutions we depended on went down – which was surprisingly often. (We did have downtime, but it was due to our own flawed components, assumptions etc.).
The importance of institutional redundancy is profoundly more important when applied to the internet at large. The US government originally designed the internet to be fully decentralized so as to withstand large-scale nuclear attack. The core services built on top of the internet – the web (HTTP), email (SMTP), subscription messaging (RSS) – were made similarly open and therefore distributable across institutions. This explains their remarkable system-wide reliability. It also explains why we should be worried about reliability when core internet services are owned by a single company.
The principle of not depending on single institutions applies beyond technology. Every institution is opaque to outsiders, with single points of failure, human and otherwise. For example, one of the primary lessons of the recent financial crisis is that the most important form of diversification is across institutions, not, as the experts have told us for decades, across asset classes. The Madoff fraud was one extreme, but there were plenty of cases of lesser fraud and countless cases of poor financial management, most of which would have been almost impossible to anticipate by outsiders.