@inproceedings{guo2013failure,
author = {Guo, Zhenyu and McDirmid, Sean and Yang, Mao and Zhuang, Li and Zhang, Pu and Luo, Yingwei and Bergan, Tom and Bodík, Peter and Musuvathi, Madan and Zhang, Zheng and Zhou, Lidong},
title = {Failure Recovery: When the Cure Is Worse Than the Disease},
booktitle = {HotOS},
year = {2013},
month = {May},
abstract = {Cloud services inevitably fail: machines lose power, networks become disconnected, pesky software bugs cause sporadic crashes, and so on. Unfortunately, failure recovery itself is often faulty; e.g. recovery can accidentally recursively replicate small failures to other machines until the entire cloud service fails in a catastrophic outage, amplifying a small cold into a contagious deadly plague! We propose that failure recovery should be engineered fore-most according to the maxim of primum non nocere, that it “does no harm.” Accordingly, we must consider the system holistically when failure occurs and recover only when observed activity safely allows for it.},
publisher = {USENIX},
url = {http://approjects.co.za/?big=en-us/research/publication/failure-recovery-when-the-cure-is-worse-than-the-disease/},
edition = {HotOS},
}