《非暴力沟通》Part I 沟通中的暴力

物理暴力更容易被感知。比如各种暴力犯罪,战争,乃至家庭暴力等等。因为物理性的暴力往往留下可见的创伤或者痕迹,比如炸塌的建筑物,飞溅的弹壳,渗透血液的衣服,布满伤痕的脸等等。但是在看不见的精神领域,暴力的存在同样广泛。这本《非暴力沟通》的全部目的是要倡导非暴力的沟通形式,从爱的角度而非暴力的角度出发,从而获得更好的沟通效果以建立更有意义的联结。

作者在书中没有明确给出暴力的定义,但通读全书之后不难理解,书名中的暴力是指沟通过程中将负面的情绪投射到沟通对象身上的行为。比如焦虑、紧张、愤怒、沮丧、悲伤、痛苦等,沟通者通过通过语言或者非语言的方式将负面的情绪表达出来,进而对对方的精神产生压力甚至伤害。

最常见的是暴力对他人进行道德评判。道德评判就是将行为或者想法放在道德准则之下加以判断好坏。我们经常有意无意的对他人进行道德评判,这种评判有时候是为了通过贬损对方行为的道德价值来获得心理上的满足,释放或者补偿,亦或者通过明确表明对方的行为的地道的来给对方压力,以期改变对方的行为。但是非常不幸的是,这种做法通常除了暂时泄愤,很难达到想要的效果。这种做法通常会招来对方的敌意,即使对方做出让步也不是心甘情愿的,而是出于恐惧或者内疚的行动,最终很可能心怀怨恨。

另一种常见的沟通暴力是进行比较。比较也是进行批判的一种形式。最常见的恐怕是父母将孩子与其他更加优秀的所谓别人家的孩子进行比较。这种比较的根源乃是父母对子女更高的期望,但比较非但常常不能鼓舞人,反而会让人更加沮丧并加深隔膜。

第三种是回避责任。常见的例子是认为自己别无选择。比如认为自己的选择是因为不得不遵从命令等等。回避责任一般是沟通对象想要逃避指责。但回避责任也即意味着自我的退化,等于承认我们不具有完全的行动的自由。

强人所难是第四种常见的沟通暴力。当沟通中一方对另一方有更高权力的时候,强人所难更容易发生。按照组织行为学的定义,权力既是使对方按照自己的意愿行事的能力。权力的运用当然具有多种形式,但是使用强制力是其中常见的一种。权力的所有者一般通过威胁或者暗示不服从的后果的方式行使强制权力。尤其当缺少有效的监督制约手段,或者被强制的人缺少反抗的手段的时候。除了权力,通过社会压力来迫使对方服从也是一种常见的暴力。比如通过强调社会习俗,通过强调群体一致的必要性等方式来给对方提供行为上的压力。

沟通中的暴力,或者用作者的话说,异化的沟通是如此广泛的存在,我们有必要从根本上审视其存在的基础。作者在书中将沟通中的暴力可以归结为性恶论,认为我们长期以来强调人性本恶以及通过教育控制天性,导致了我们对自己的感受和需要心存疑虑,以至于不愿体会内心的世界,而选择以异化的方式沟通。我认为这种解释阐释了事情的一方面,但另一方面,也来自于我们自我中心的傲慢造成的对他人情感和需求的忽略。当我们不认为对方是与自己一样怀有理性,可以达成理解,可以被说服的对象的时候,我们就会倾向于使用暴力的方式进行沟通。异化的沟通方式更加深了人与人之间的隔阂。而缺少情感联系的人被平等对待的机会和沟通成功的机会更少,于是沟通者更加依赖暴力沟通的恶性循环。

Release It: Stability Antipatterns

What is antipattern?

Stability antipatterns are systematic patterns of failure about service stability.

Why study antipatterns?

Software rarely crashes today. Each of the antipatterns will create, accelerate, or multiply cracks in the system. Learning the antipatterns helps us avoid apply them in our system and software design.

Pattern 1: Integration Point

Integration point refers to the point where a system integrates with a remote system, for example, a remote service, or a Database service. Integration points are the number-one killer of systems, but it is not an option to build a system without integration point. The key is to remember any integration point you introduced can cause a failure on the system. Circuit breaker pattern is a good strategy to handle the integration point: fails the request fast when the circuit break happens, which is often triggered when enough failure is seen. The fast failure protect the system from continuing to hammer the dependent integration system or from holding the critical system resource in integrating with the failed remote system.

Pattern 2: Chain Reaction

A chain reaction occurs when there is some defect in an application—usually a resource leak or a load-related crash. A chain reaction happens because the death of one server makes the others pick up the slack. Most of the time, a chain reaction happens when your application has a memory leak. Partitioning servers, with Bulkheads, can prevent Chain Reactions from taking out the entire service. Use Circuit Breaker also helps.

Pattern 3: Cascading Failures

A cascading failure occurs when cracks jump from one system or layer to another, usually because of insufficiently paranoid integration points. A cascading failure can also happen after a chain reaction in a lower layer. A cascading failure often results from a resource pool, such as a connection pool, that gets exhausted when none of its calls return. The threads that get the connections block forever; all other threads get blocked waiting for connections. Safe resource pools always limit the time a thread can wait to check out the source. A cascading failure happens after something else has already gone wrong. Circuit Breaker protects your system by avoiding calls out to the troubled integration point. Using Timeouts ensures that you can come back from a call out to the troubled one.

Pattern 4: Users

Users in the real world do things that you won’t predict If there’s a weak spot in your application, they’ll find it through sheer numbers. Test scripts are useful for functional testing but too predictable for stability testing. You should have a special load test to validate the stability of your service. Become intimate with your network design, it should help avert attacks.

Pattern 5: Blocked Threads

The blocked threads antipattern is the proximate cause of almost all failure. And it usually happens when you check resources out of a connection pool, deal with caches or object registries or make calls to external systems. However, it is very difficult to find hanging threads during development due to the essential complexity on concurrent programming and testing. You should be careful when you introduce the synchronized keyword to your code. That means one thread is executing the code, other threads will be blocked. When you have to design the concurrency programming, you should try to use proven primitives and you should defend the blocking thread with timeout settings.

You should also be careful with the third-party libraries, they often come with some resource pooling that is built on the multithreading. Your first problem with these libraries is determining exactly how they behave. If the library breaks easily, you need to protect your request-handling threads. If the library allows you to set timeouts, use them.

Pattern 6: Attack Of Self-Denial

In the retail or similar website, the special offer could cause an attack of self-denial. In such cases, protect the shared resource would be critical.

Pattern 7: Scaling Effects

The shared resource can be a bottleneck when we try to scale the service. In most of the cases, the shared resource can only be used exclusively. When the shared resource saturates, you get a connection backlog. A shared-nothing architecture can solve this problem largely: each request is processed by one node, and the node does not have shared memory or storage. It is relatively hard to achieve the sharing nothing architecture, however, many approaches can be taken in order to reduce the dependency on the shared resource, for examples partition the database table.

Pattern 8: Unbalanced Capacities

Production systems are deployed to some relatively fixed set of resources. The unbalanced capacities problem rarely observed during QA as inmost QA phase the system is scaled down to two servers. How do you test if your system is under the unbalanced capacities? You could use the capacity modeling to make sure at least you are on the ballpark. Then, test your system with excessive workload.

Pattern 9: Slow Response

A slow response is worse than refusing a connection or returning an error. The fast failure allows the caller to finish processing the trasaction quickly. The slow response from the lower layers can gradually propagate to the upper layer and cause a cascaded failure. Some common seen slow response root cause include the contention of DB connection, the memory leaks, and the inefficient low-level protocols, etc.

Pattern 10: SLA Inversion

A service-level agreement (SLA) is a contractual agreement about how well the organization must deliver its services. However, when building a software system, the best you can possibly do is the SLA of the worst of your service providers. And SLA inversion means a system that must meet a high-availability SLA depends on systems of lower availability. To handle the SLA inversion, on the one hand, you can decouple from the lower availability system or handle the degradation gracefully. You need to make sure your system can continue to operate without the remote system. On the other hand, when you craft your SLAs, you should focus on particular functions and features. For features that require a remote dependency, you can only achieve the best SLAs the remote system offers. Pattern 11: Unbounded Result Sets A common seen DB query pattern is that the application sends a query to the DB and run a for loop to traversal all the results without realizing that the result size can be way lager than the server could handle. This pattern is hard to detect during the development phase as the testing data set is often very small, sometimes not even right after ramped to production as until the data set grows to be too big to handle. One solution is to use the LIMIT keyword to limit the result size sent back from DB. For large query set, it is worthy of introducing the pagination on the API and on the database level.

Organization Behavior: Motivation Theory

Organization Behavior is the study of individuals and groups in organizations.

This blog introduce the basic concepts of the Motivation Theory.

What Is Motivation?

Motivation is the desire to act and move toward a goal. In the workplace: motivation refers to forces within an individual that account of the level, direction, and persistence of effort expended at work.

  • Direction refers to an individuals’s choice when presented with a number of possible alternatives
  • Level refers to the amount of effort a person puts forth.
  • Persistence refers to the length of time a person sticks with a given action.

Why Managers Care About Motivation?

One question that all managers think about the most is: How can I motivate my employee?

Why managers care so much about employee’s motivation? Because Managers’s success depends on the success of his subordinates. And the employee’s motivation level determines the quantity or quality of their work or service.

Can I Motivate My Employee?

You can’t directly change people’s motivation, just like you can’t control people’s mind. But you can build a better culture and environment to influence people’s motivation. Motivation is a result of your managerial work rather than an approach. As a manager, you should focus on understanding the factors that influences your employee’s motivation, on identifying the motivation structure for each individual employee, and continue to build a better environment and motivation plan for each individual employee.

Three Type of Motivation Theories

So, what motivates people in the workplace and how to change their motivation?

In general there are three types of motivation theories, they try to answer the question from three different perspective:

  • Reinforcement theory emphasizes the linkage between individual behavior and some specific outcomes to show how managers can alter the direction, level, or persistence of individual actions.
  • Content theory focus primarily on individual needs. It suggests that motivation comes from the individual’s attempt to satisfy needs.
  • Process theory focus on thought or cognitive processes that take place within the minds of people and influence their behavior.

Reinforcement Theory

Managers often seen themselves as coaches: to teach and assist the employee to achieve a better results. The coaching process often means the manager need to encourage certain behavior and discourage other behaviors. How to change people’s behavior? In the reinforcement theory, it is about the stimuli and the outcome.

Reinforcement is largely based on the theory of the classic and operant conditioning. The classic conditioning is focus on the stimuli that influence behavior and tries to link the stimuli that indirectly influence the behavior with the behavior directly.

In the classic experiment conducted by Pavlov, he “taught” dogs to salivate at the sound of a bell by ringing the bell when feeding the dogs. The trick is to associate one neutral potential stimulus(ring the bell) with another stimulus(the meat) that already affects behavior. However, the classic conditioning is not quite practical in the workplace, it is hard to find out the stimuli in most cases, not to mention to associate them with the behavior.

However, it is often easier to associate the consequence with the behavior. Operant conditioning controls behavior by manipulating its consequences. The basis for manipulating consequences is E. L. Thorndike’s law of effect. The law of effect is simple but powerful: behavior that results in a pleasant outcome is likely to be repeated while behavior that results in an unpleasant outcome is not likely to be repeated.

Then how do we reinforce the desired behavior and nonreinforce or punish the undesired behavior? The first strategy is positive reinforcement. This strategy is generally interpreted as rewards: it can be a pay increase, a recognition, or a better opportunity.

Remember that your reinforcement must be contingent and immediate. And it often take times to change the behavior to a desired level, you should be ready to gradually shape the employee’s behavior to the desired level. In the meantime, you can also utilize negative reinforcement, where you discourage, punish or extinct the undesired behavior.

Content Theory

The content theory is built based on some physiological studies: for example, Maslow’s study about people’s need. According to Maslow’s hierarchy of needs theory, human beings have lower order needs such as physical, safety, and social needs, in the meantime, they have higher order needs such as esteem and self-actualization.

While Maslow’s theory is powerful, it is often too complex to be applied to the workplace directly. A more practical theory is the ERG theory, it divides the needs into three major components:

  • Existence needs: desire for physiological and material well-being
  • Relatedness needs: desire for satisfying interpersonal relationships
  • Growth needs: desire for continued personal growth and development.

ERG theory is different from Maslow’s theory in that is allows multiple theory to be activated at one time.

The third important theory is Acquited Needs Theory:

  • Need for achievement (nAch): the desire to dosomething better or more efficiently, to solve problems, or to master complextasks;
  • Need for affiliation (nAff): the desire to establish and maintainfriendly and warm relations with others
  • Need for power (nPower): the desire to control others, to influence their behavior, or to be responsible for others.

The theory is particularly useful because each need can be linked with a set of work preferences.

Process Theory

Equity theory posits that people will act to eliminate any felt inequity in the rewards received for their work in comparison with others. The equity theory is based on the phenomenon of social comparison.

Victor Vroom’s expectancy theory posits that motivation is a result of a rational calculation: my effort will yield acceptable performance and performance will be rewarded.

  • Exceptancy: How possible it is for the person to achieve that performance:
  • Instrumentality: Probability assigned by the individual that a given level of achieved task performance will lead to various work outcomes.
  • Valence is the value attached by the individual to various work outcomes.

Expectancy theory predicts that motivation to work hard to earn the merit pay will be low if expectancy is low—a person feels that he or she cannot achieve the necessary performance level.

Quick Read 1: Circuit Breaker Pattern

Quick Read is a series of blogs aiming to provide a quick explanation for one concept. One at A Time.

Source:

What is Circuit Breaker?

Circuit breaker is a design pattern used in modern software development. It is used to detect failures and encapsulates the logic of preventing a failure from constantly recurring, during maintenance, temporary external system failure or unexpected system difficulties. The Circuit Breaker pattern also enables an application to detect whether the fault has been resolved.

How does CB improves service availability?

Almost every software system has some dependencies on the remote system, e.g. a DB instance, when the DB slows down significantly because of heavy load or not available, the request from the clients might have to wait long time until the request times out. These requests will hold the some of the critical resource of the system such as connection pool, memory, CPU. New requests for the same resource access will keep come to the system and continue to hold these resources even after the previous requests have timed out.

And requests that doesn’t need to access these remote resources will be blocked until the critical resources becomes available: the failure in one module failed more modules. With CB on the remote resource access path, the later requests would quickly fail by the CB and the resources will be quickly released. Hence, other part of the system is still available.

In sum, CB improves the overall service availability by breaking the access to the operations that might fail to prevent a bigger failure happen to the system.

How does Circuit Breaker work?

CB usually work as a proxy on the path access some dependent resource. You can wrap a protected function call in a circuit breaker object, which monitors for failures. Once the failures reach a certain threshold, the circuit breaker trips, and all further calls to the circuit breaker return with an error, without the protected call being made at all.

What’s the difference between CB and retry?

Many failures are transient, say a network packet loss or issue. These failure can be resolved by retry. However, there are failures due to unanticipated events, and that might take much longer to fix. In these situations it might be pointless for an application to continually retry an operation that is unlikely to succeed, and instead the application should quickly accept that the operation has failed and handle this failure accordingly.

The retry logic should be sensitive to any exceptions returned by the circuit breaker and abandon retry attempts if the circuit breaker indicates that a fault is not transient.

Is TIMEOUT enough to protect the system?

Timeout is a common strategy in system integration, when the access or task failed to finish within given time, the service is timed out in order to prevent infinite waiting. And timeout is often handled (sometime with retry). However, timeout on the client side usually takes too long be detected, while all the critical resource is already used up int these period of time, and caused cascaded failure.

For example: an operation that invokes a service could be configured to implement a timeout, and reply with a failure message if the service fails to respond within this period. This strategy could cause many concurrent requests to the same operation to be blocked until the timeout period expires. These blocked requests might hold critical system resources such as memory, threads, database connections, and so on.

It would be preferable for the operation to fail immediately instead of wait until timeout.

Does CB needs manual reset after break happens?

we can have the breaker itself detect if the underlying calls are working again. We can implement this self-resetting behavior by trying the protected call again after a suitable interval, and resetting the breaker should it succeed.

A circuit breaker component might have the following three status:

  • Closed
  • Open
  • Half-open

In the half-open status, some requests could be allowed to send through, if successful, the system transition to open status, otherwise back to closed status.

How does CB pattern work for asynchronous calls?

Asynchronous calls or tasks usually submit to the queue/worker system for execution. In some cases, the callers are less sensitive for the call execution or result. In other times, a timeout can be set up for such tasks incase they take too long.

How to install CB in the async task execution? A common technique is to put all requests on a queue, which the supplier consumes at its speed – a useful technique to avoid overloading servers. In this case the circuit breaks when the queue fills up.

Are there any framework available to use for Circuit Breaker?

Yes, Hystrix, Netflex, and the integration with Spring Cloud.

Release It! Stability

Notes from reading the book: Release It! Design and Deploy Production-Ready Software.

Morden software system usually needs to process transactions, which is an abstract unit of work. A resilient system keeps processing transactions even when there are transient impulses, persistent stresses, or component failure disrupting normal processing.

Failure Mode

Software system failures come with many different format, for example, the bug in the system can gradually accumulate and eventually fail the system. In this post, however, we mainly want to discuss the failures caused by impulsive traffic. Software system runs stably in regular traffic, but when impulses and excessive requests can trigger catastrophic failure. Some component of the system will start to fail before everything else does. The original trigger and the way the crack spreads to the rest of the system, together with the results of the damage, are collectively called a failure mode.

Cracks Propagate and Chain of Failures

Failure mode is often used especially when analyzing software system failures. We need to trace back to when the failure started to happen, how it was propagated, and finally, how we could have avoid such issues.

When we consider the reliability of the system, we need to keep in mind that the failures in the components are not independent, they can propagate and failure in one component might cause failure in another component. And under every system outage, there is a chain of failures.

Patterns and Antipatterns

The failures will happen no matter what we do, and our job is to design the system’s reaction to specific failures. This is why we should learn patterns and anti-patterns. Patterns are not to prevent failures from happening but to prevent them from propagating by containing the failures and preserve partial functionality instead of the total crashes. And learn anti-patterns is to help us avoid applying them on our system design. For example, tight coupling accelerates cracks.

Release It! Chapter 13: Availability

This is the study notes from the book Release It! Design and Deploy Production-Ready Software.

AVAILABILITY is one of the most frequently used term to describe the reliability of the system. In this section, we will dive deep into the hard of availability. We will discuss how availability is measured and how it is achieved in modern internet services.

First of all, we must realize that there is a tension between the availability and the cost:

  • The desire for greater availability.
  • The desire for minimizing cost.

Every improvement on the availability means an increase cost. But in the mean time, every bit availability improvement also means saved revenue. When you decide the availability of your system, please be clear about the availability level you want to achieve. You want to gathering availability requirements:

  • Availability time can be translated to the system downtime
  • The system downtime improvement means the reduced revenue loss
  • How much revenue loss the business can tolerate.
  • How much cost it takes to reduce the lose.

Next, you want to documenting availability requirements. One common mistake during documenting availabilities are define the system SLAs as a whole, without realizing that the system might have many features that each one carries with a different availability number. Therefore:

  • Define the SLAs in terms of specific features or functions of the system. Don’t define them vaguely based on the system.
  • Be aware of your dependent systems: you can’t afford a better SLA than the worst of the external dependencies involved in a feature.
  • Make sure you can define how you want to measure the availability: how do you know the feature or function is available. And you’d better equipped with some auto availability detection devices

How the high availability is achieve? One major technical is about load balancing. Load balancing is to distribute request across a pool or farm of servers to serve all requests correctly. Horizontally scalable systems achieve both availability and scalability through multiplicity. Adding more machines to increase capacity simultaneous improves resiliency to impulses. And the small servers can be added incrementally as needed, which is way more cost effective.

There are many approaches for load balancing.

DNS Round-robin

DNS solution provides a service name to IP address look up. By mapping the service to multiple IP address and return them in a round robin matter, we can achieve load balancing through DNS. DNS load balancing is often used for small to medium business websites. However, this approach have some security issues: front end IP addresses are visible and reachable from clients, which means they can be attacked. And DNS has no information about the health of the web server, it can send the request to a dead service not.

Reverse Proxy

Let’s first clarify what is a proxy server: it multiplex many outgoing calls into one single source IP address. While the reverse proxy does the opposite: demultiplex calls incoming into a single IP address and fans them to multiples address. Reverse proxy acts as an interceptor for every request. In the current reverse proxy implementation, another feature it to cache the static content to reduce the load on the web server. And since reverse proxy is in the middle of every request, can track which origin severs are healthy and responsive.

Hardware Load Balancer

Hardware load balancer is similar to a reverse proxy server. It can provide switching at layers 4 through 7 of the OSI stack. But it is way more expensive than other software options.

Clustering

Clustering is different from a service pool. The servers within the cluster are aware of each other and actively participating in distributing load. There are two types of clusters for scaling in general:

  • Active/active cluster: for load balancing.
  • Active/passive: used for redundancy in the case of failure. One handles all the load until it fails and the passive one takes over and become active.

Load balanced clusters do not scale linearly, as clusters incur communication overhead such as heart beat. Within the cluster, the application most likely can coordinates its own availability and failover by having a master control node.

Critical Thinking: The Basic Concepts

In a simplest form, critical thinking is about effectively processing the information to reach a conclusion.

I found critical thinking was not easy to master when I first learnt it during my GRE test training at my college. The students are required to finish two essays in one hour, one focused on analyzing an issue, the other focused on making an argument based on a given topic. It was difficult not only because critical thinking skills were new to most of us, but also because the topics were mostly classical moral, legal, sociology controversial topics that requires large amount of background knowledge to be able to make solid reasoning.

I find it necessary to revisit these skills because I increasingly realized the importance of effectively information processing. I will start from a few basic concepts about critical thinking.

  • Claim, Issues, Argument

A claim is basically a statement, is about what we say. And we question about the statement, we raised an issue. An argument is different that it has to include two parts: the premise and the conclusion. The premise it to support the conclusion. In real life, however, people don’t directly share their argument, and your job is to find out the conclusion and their premise to support the conclusion.

  • Inductive Argument and Deductive Argument

Inductive Argument is the argument that if the premise is true, there is no chance that the conclusion is true. While in deductive argument, if the premise is true, it is a strong support for the conclusion, but the conclusion is not necessarily guaranteed.

  • Argument and Explanation

An explanation is different from an argument, that an explanation is to explain a fact, so that it often starts from a fact statement, then comes with why the fact is so. While an argument is trying to prove a conclusion, which is not a fact, as otherwise there is not need to prove it.

  • Value judgement, Moral Judgement

Besides making argument, people oftentimes make value judgement and moral judgement as well. Value judgement is more about the value to the person according to his or her personal preference. While moral judgement is more about moral, that what is right and what is wrong.

  • Evaluating Argument

In general, there are three steps to validate the argument. First of all, you should clarify the argument structure. The most basic structure is about the premise and the conclusion, however, in many reasonings, there could be more than one level of argument, that the conclusion of the first argument might becomes the premise of the next argument, and in many other cases, the premise or the conclusion could be understated.

The next step is to evaluate the logic: from a pure logical point of view, whether the reasoning make sense. In this step, it is especially important to not to be affected by the rhetoric expressions.

If the logic of the reasoning make sense, then you want to validate the premise: whether it is a true statement. And in many case, you have to realize that some of the premise are not within your own background knowledge, that you have to do research to validate the credibility of the premise.