People:
> On Mon, Aug 11, 2003 at 10:58:18PM -0400, Christopher Browne wrote:
> > 1. Nobody has gone through any formal proofs, and there are few
> > systems _anywhere_ that are 100% reliable.
>
> I think the problem is that ext2 is known to be not perfectly crash
> safe. That is, fsck on reboot after a crash can cause, in some
> extreme cases, recently-fscynced data to end up in lost+found/. The
> data may or may not be recoverable from there.
Aside from that, as recently as eighteen months ago I had to manually fsck an
ext2 system after an unexpected power-out. After my interactive session the
system recovered and no data was lost. However, the client lost 3.5 hours of
work time ... 2.5 hours for me to get to the site, and 1 hour to recover the
server (mostly waiting time).
So it's a tradeoff with loss of performance vs. recovery time. In a server
room with redundant backup power supplies, "clean room" security and
fail-over services, I can certainly imagine that data journalling would not
be needed. That is, however, the minority ...
--
Josh Berkus
Aglio Database Solutions
San Francisco
