Exercises 41 rationales for making trade-offs.* Together, the principles and hints suggest that computer system design, though for the most part not based on mathematical theories, is also not completely ad hoc: it is actually based on sound principles derived from experience and analysis of both successful and failed systems. The reader who understands and absorbs these principles and hints will have learned much of what this book has to say. The third theme, making systems robust and resilient, has also already emerged, both in the statement of the robustness principle and with the idea that modular- ity, by limiting interconnections, can help control propagation of effects. The terms robustness and resilience are informal and overlapping descriptions of a general goal of design: that a system should not be sensitive to modest, long-term shifts in its envi- ronment (usually called robustness) and that it should continue operating correctly in the face of transient adversity (usually called resilience). Each succeeding chapter introduces at least one progressively stronger way to make a system more robust and resilient. Thus, the chapter on naming shows how indirection of names can make systems less fragile. Then, the chapters on clients and services and on virtualization demonstrate how to enforce modularity to limit the effects of mistakes and accidents. The chapter on networks introduces techniques that provide reliable communica- tions despite communication failures. The chapter on fault tolerance then generalizes