Web capacity planning borrows the **factor of safety** from structural and mechanical engineering: a margin of resource held back beyond the theoretical limit to absorb uncertainty. Steel and concrete fail past a strain; servers fail near 100% CPU or disk — so you design below that. In practice the safety factor is the gap between a resource's true failure point and the ceiling you set. Flickr's 85% CPU limit is a 15% margin. The margin is an educated guess, calibrated from **observed past spikes**: a typical Yahoo-front-page link caused an ~8% traffic bump for ~2 hours, and 5–15% spikes were common — confirming 15% was adequate. Two refinements: tune the margin per resource (caches tolerate spikes better, so they can run a thinner margin), and fold the safety factor into forecasts by adjusting the ceiling value you trend against — don't forecast to the failure point, forecast to the safe line below it. --- *Source: [[The Art of Capacity Planning]] (John Allspaw, O'Reilly 2008) — Ch 4 — Predicting Trends*