1. 1

    I try never to entertain simplistic questions like “why not X?” because they often reinforce an asymmetry of bullshit. They’re not specific and they derail what could be a value q&a into combative zealotry.

    If you want an answer other than “because that’s what I chose”, be more specific.

    1. 24

      There are plenty of things to criticize Google for – and this page does list a few valid points – but a lot of these points are … I’m not entirely sure how to accurately describe them without resorting to some rather negative and unfriendly adjectives.

      Calling parental controls “Google censorship”? Yeah nah, that’s just off the deep end lads.

      1. 20

        Most of the “parental controls” I’ve seen from Google are highly opinionated about what is and is not appropriate for children, and do not allow the parent to meaningfully choose what things are and are not appropriate. The “parental controls” thus far I have seen, by taking control away from the parent are therefore fundamentally censorship whether intentional or not. Now you might agree with those positions, but agreeing with a censorship doesn’t mean it isn’t censorship. The positions they choose in the future may not align with your values. They may encourage content you oppose, and ban content you support. This is already the present climate on youtube, so it’s not a slippery slope. A lot of the “children’s videos” are genuinely very messed up, and a lot of the “banned content” is wholesome.

        1. 11

          Most of the “parental controls” I’ve seen from Google are highly opinionated about what is and is not appropriate for children, and do not allow the parent to meaningfully choose what things are and are not appropriate

          They do not support a parent in choosing. They are in no position to disallow it.

          by taking control away from the parent are therefore fundamentally censorship whether intentional or not

          They don’t take control away from the parent though. The parent is perfectly free to not use googles (patently crap, in the case of youtube kids) filter.

          In general life, I’m a language descriptivist; whatever language gets the point across is fine. This, however is a technical forum. Words mean things, and diluting those meanings to score a point undermines technical communication in a way that actively sabotages building working software.

          This kind of semantic shenanigans (where a word to describe a genuine threat like ‘censorship’ get repurposed to also describe “software that isn’t sufficiently configurable for my tastes”) is actively harmful.

          1. 9

            I genuinely disagree that these are semantic shenanigans. When dealing with children, and software that specifically claims to support child users, characterizing the issue as “software that isn’t sufficiently configurable to my tastes” is a really bold position. Censorship is not some boogeyman that can only be done by the federal government. It also is not some universal crime against society. It is however something that warrants concern when it shapes the kinds of content that children are exposed to on a daily basis. Especially when parents are faced with a binary decision to follow google’s social mores or not. You may feel it is as simple as not using their services, however problems are rarely so simple.

            1. 4

              Especially when parents are faced with a binary decision to follow google’s social mores or not

              It’s not a binary decision. If it were, I would (tentatively) agree that this is censorship.

              Parents previously faced the choice between:

              • Keep kids off the web.
              • Let kids use the web supervised.
              • Let kids use the web unsupervised.
              • Let kids use the web unsupervised, but only while running one of the several available parental control packages.
              • Let kids use the web unsupervised, but learn enough computing to setup their own parental control package.

              I don’t see how adding an additional option to the list of parental control packages creates a binary decision.

          2. 10

            I agree about this. As a parent, my opinions about what are suitable for my children are quite different than the consensus that Google uses. I am slightly more lenient about sex, much less lenient about violence, and am most concerned about brain-rotting addictive content (see YouTube Kids) that Google thinks is totally okay. I would really like to have flexible parental controls; IMO this is not about tastes, but about values.

            1. 3

              I am slightly more lenient about sex, much less lenient about violence, and am most concerned about brain-rotting addictive content (see YouTube Kids) that Google thinks is totally okay

              It sounds like our values align fairly closely on this, but other people have different values, and all of us have the choice to use a different solutions/product than Google’s.

              1. 2

                Choosing to use other products or not doesn’t mean that it is or is not censorship. You can choose a different product or solution and that is better than not having any other choice. It is still censorship. I think the position that only governments can censor because we can use other services implies that censorship is a complete and perfect ability to control media. This has never been true, not even when governments do it. It’s akin to saying to someone who is living under censorship in a particular nation that they can move to another country that doesn’t censor, or that if some censorship is not perfectly enforced it’s not real censorship.

          3. 16

            Calling parental controls “Google censorship”? Yeah nah, that’s just off the deep end lads.

            That one crossed the line for me as well. I wish the FSF would stay a bit more objective and stick to the facts. It actively harms their credibility to pad lists like this with such items. It sure as hell means I won’t link this page to someone in order to convince them.

            1. 13

              That one crossed the line for me as well. I wish the FSF would stay a bit more objective and stick to the facts. It actively harms their credibility to pad lists like this with such items. It sure as hell means I won’t link this page to someone in order to convince them.

              The FSF is more concerned with how easily this kind of functionality can be turned into a tool for mass-censorship. They are also concerned about the fact that parents don’t trust their kids anymore, what this technology means for us as human beings and how easily masses of people can be manipulated by this.

              As for the mass-manipulation, they certainly have a point there and I would definitely link to this page to show people how much this stuff can influence them and their decisions.

              1. 11

                how easily this kind of functionality can be turned into a tool for mass-censorship

                Is the FSF also against firewalls? TCP wrappers? Ad blockers (Ad censorship?) And a long list of technology that can be used for this purpose?

                A lot of tools and tech can be subverted for nefarious purposes. I don’t really buy these kind of “sliding slope”-kind of arguments.

                concerned about the fact that parents don’t trust their kids anymore

                It’s not about trust, it’s about your 5-year old not stumbling on “ISIS soldier beheads infidel”, or “two young teens get assfucked by 8 men”, etc. All of that is … really easy to do.

                Either way, if they wanted to discus the finer points of the ethics of parental control over your children’s lives – a tricky topic with no easy answers – then fair enough. But that’s not what this page does: it just shouts “Google Censorship!!!!!11”

                1. 3

                  Imagine if software were written to not be hackable by default. Imagine that software were not susceptible to viruses. We wouldn’t need firewalls. We wouldn’t need CFAA.

                  Similarly, imagine if software were written to not run unknown code without consent by default. We wouldn’t need ad blockers.

                  A lot of the software that we use in daily life is software which works around the corporate and aristocratic controls which our society attempts to place upon us. It would be nice if we didn’t have to write so much code to work around faulty code written by bad actors with poor incentives.

                  1. 2

                    I can agree that the position as a bullet point could never neatly fit within a bullet point. I also feel that any firewall, tcp-wrapper, or ad blocker that blocked content on a moral basis, where only one moral perspective was represented is at best problematic. This gets more problematic as we consider that this filter would be the primary option for most people on the most used services. What happens when those positions deviate strongly from our views of right and wrong, but still prevents the content we definitely don’t want our children to see. Most parents would reluctantly use the filter that protects their children at cost.

                  2. 3

                    Why should the free software foundation have a say about parenting?

                    1. 3

                      Why should the free software foundation have a say about parenting?

                      It’s not about having a say in parenting. It’s about informing parents about the types of manipulation kids and parents are subject too. It’s also about making parents aware of the fact that a simple “gadget” or “technology” can severely damage the trust a child has in it’s parent or caretaker. With these kinds of tools that is a real concern, because kids also have secrets for their parents.

                      1. 3

                        The FSF has long held many moral positions, as it is common for non-profits to do. I would argue that it’s important for the FSF to respond to corporations attempting to shape our children’s minds. Without that, software definitely will not be free for long. Whether or not you agree with parental censorship (most do to some extent, as do I to an extent), I would be surprised to hear that you think that we should leave it to a third party who may or may not have motivated reasoning, and not our children’s best interest in mind.

                  3. 8

                    I for one didn’t bother clicking the link because I already knew what kind of wankfest it was going to be.

                    1. 1

                      Calling parental controls “Google censorship”? Yeah nah, that’s just off the deep end lads.

                      While I agree with you in the large and a big reason for not being an FSF supporter at all is that they don’t seem to be objective or in many cases logical (eg. commercial software should not be mentioned in ports collection, on website which feels a lot like what they elsewhere condemn as censorship), I think blocking content/access is the very definition of censorship. How is it not?

                      From Wikipedia:

                      Censorship is the suppression of speech, public communication, or other information, on the basis that such material is considered objectionable, harmful, sensitive, or “inconvenient”.

                      To me parental controls sound like censorship of what is considered harmful material.

                      Of course that’s not to mean that it has the same level, based on motivation, but it’s nonetheless a form of censorship. Compared to other statements that still seems to be the most neutral. A reader can always consider it a justified mean of censorship.

                      1. 1

                        the suppression of speech

                        It’s not the suppression of speech. It’s the suppression of hearing.

                        By analogy: Telling your kids they aren’t allowed to watch a particular show on TV isn’t censorship. Telling the TV station they aren’t allowed to broadcast that show is.

                        1. 1

                          To play devil’s advocate, that would mean that China isn’t censoring the rest of the Internet, just “suppressing the hearing of it”.

                          1. 3

                            So, that’s… actually quite a good point.

                            There clearly is a difference between:

                            • A parent telling their children they can’t access “harmful material” via the connection they are providing them until they are of age, and
                            • A government telling their adult citizens they can’t access “harmful material”, via any connection, ever.

                            The key differences are:

                            • Scale (I have two children; the Chinese government has nearly 1.4 billion subjects)
                            • Permanence (“You can’t read this yet” vs “You can’t read this, ever”)
                            • Provision (If my kids somehow arranged their own connection, I don’t think I could bring myself to filter it.)
                          2. 1

                            There is an “or” in that sentence and I mentioned it’s “harmful material”. I wrote nothing of this being suppression of speech.

                            Also if one reads on on Wikpedia:

                            It occurs in a variety of different media, including speech, books, music, films, and other arts, the press, radio, television, and the Internet for a variety of claimed reasons including national security, to control obscenity, child pornography, and hate speech, to protect children or other vulnerable groups, to promote or restrict political or religious views, and to prevent slander and libel.

                            Also this doesn’t make sense. By your definition China blocking the parts of the internet, CNN, etc. isn’t censorship, because they just don’t allow people to visit a website, book banning.

                            This isn’t about analogies though. That’s what I tried to express in my comment. Censorship isn’t about intent or mean.

                            Just to make it clear: My intention isn’t on putting these on the same level at all, which is why I avoided analogies. It was to raise the fact that on a purely technical level that term is correct. Or actually more that the author of this might have meant it that way.

                            I find the use of other words in this article, like malware way more questionable. But honestly that term is anyway very broad and is focused mostly on intention (it’s most likely not considered malware when an OS installer has a bug wiping a complete hard disk, rather then only a certain partition for example).

                            1. 1

                              By your definition China blocking the parts of the internet, CNN, etc. isn’t censorship, because they just don’t allow people to visit a website, book banning.

                              Leaving aside that China, as a Communist state is basically lawless (or rather, the Party is above the law), I’m pretty sure that there are statutes in Chinese law forbidding the publication of certain topics “at the discretion of the authorities”. Even a bandit regime has laws, so that the citizen that complains they can’t reach CNN can be admonished that accessing it is breaking the law.

                              Hence, the Great Wall is not a private company acting in its own interest, it’s a system maintained by the state to prevent its citizens from accessing information deemed harmful - i.e. censorship.

                      1. 6

                        These articles are interesting, but they often gloss over what is the most interesting part to me, the decision to go from something off the shelf to something home-grown. Why doesn’t HAProxy scale horizontally? Why not something like nginx? Are there hardware load balancers that could have helped here? What’s the expected ROI of scaling load balancing horizontally instead of vertically? What are other folks doing in the industry?

                        1. 2

                          I’ve noticed an interesting desire amongst engineers to save money and use open source, ignoring the cost of their effort.

                          A site we run at $work also had performance issues with our HA Proxies. We simply replaced them with commercial software LBs and went on to other things. We didn’t blog about it because the project took a month or so and wasn’t very glamorous.

                          1. 5

                            I don’t think it’s necessarily a desire to save money, it’s a desire to use software you can understand, modify and enhance as needed. I’m guessing the commercial load balancer you’re using is pretty much a black box - if you have problems you’re going to have to rely on vendor support ([insert horror story here]) instead of being able to fix it yourself. Troubleshooting is a helluva lot easier if you have source code…

                            Yes, going with a commercial product is better in a lot of cases, but there are always trade-offs.

                            1. 4

                              Agreed - there’s always the risk of bugs and black boxes. On that topic, the question is if the velocity you gain is worth it? After all - many are comfortable to run on EC2 with ELBs, despite both of them being very opaque.

                              Bug wise, I can only talk about my experience; we’ve had no major implementation bugs and the experience has been very smooth. We have been running these devices for several years.

                              This of course could change but as a reference point, I also have a cluster of several hundred Nginx proxies which very work well, but we’ve had some showstopper bugs over the years. At those times, having the ability to dive into the code has not been helpful due to the complexity of the product and the fact that these bugs happen infrequently enough that we don’t have an nginx code internals expert on staff. Sure we can read/fix the code, but the MTTR is still high.

                              In GHs case, they now need to maintain at least 1 or 2 members of staff full time on this codebase otherwise their knowledge will begin to degrade. The bus factor is high.

                              For future features, they can at best have a small team working on this problem without it becoming a distraction for a company their size. I do see they plan to open source this, which may reduce the size of that issue, assuming the project gets traction.

                              In my case, I pay a vendor for a team of hundreds of specialists working full time on this problem. We have gained many features for “free” over the past years.

                              In terms of debugging - the inspection capabilities on the software we chose have been unmatched by anything else I’ve used. We can do realtime deep inspection of requests. This isn’t anywhere near the blackboxyness of ELBs which most are comfortable to use.

                              For control, the cluster has a very complete REST API and to assist teams, somebody wrote a Terraform provider in their 20% time.

                              We run the devices in a service provider model, meaning we have a centrally managed hardware platform and then we do containerised virtual loadbalancer deploys so that teams who have unique use cases can get their own instances. The devices are integrated into our BGP routing mesh and so traffic is seamlessly directed to where it should be. This is all vendor supported.

                              ITO traffic, we do tens of gigs over millions of connnections at peak. We use many protocols - not just HTTP and a good portion of our requests are short lived.

                              As you might infer, I’m very happy with my choice :)

                        1. 4

                          Interesting analysis. I’ve been bitten multiple times by the config management rolling back my local changes because it doesn’t know it’s a maintenance window.

                          My lesson has been to do maintenance using the automation, rather than working around it and trying to make it stop. Way more work, but usually safer and more incremental.

                          1. 1

                            Why not disable salt/chef/puppet clients on the host you’re performing maintenance on?

                            That is how we do it in production and it works well – otherwise this exact thing happens. Config management returns to the state you told it to maintain :)

                            1. 5

                              Doing it via config management lets you test your automation against a staging cluster before rolling out.

                              1. 4

                                Works but painfully for n=[1,10). Impossible when n=[25,…)

                                But the real fun happens somewhere in [10,25]. The odds favor you forgetting a machine - so your environment suddenly becomes a hybrid of old and new, which has lead to insanely disastrous results.

                                If, instead, all changes go through your tools, you can guarantee uniform application, you won’t forget to turn off CM at the beginning/on at the end, and you’ve got free rollback in the face of issues. Plus there’s little chance for a well meaning ops person to hammer on a bad change to get it going, hence less divergence.

                                The pro move IMO is to make your deployments completely immutable - we do this to great success at $dayjob. Deploying a patch means building and testing a new container/fleet of containers, driven through a CI process. Then deployment is just push to the Docker cluster, smoketest, and DNS cutover. It’s so much easier to work in the large when you get away from the concept of changing apps in situ and instead think about wholesale replacement.

                                1. 4

                                  This generally works - the main issue is that for it to be reliable you need to ensure that the human never forgets to turn off the config management (most works as expected except during emergency changes when it gets forgotten).

                                  Another issue is that when you restart the config management, you then have a period where it starts to apply changes again and you essentially need to hope that it’s going to maintain the correct state and not undo/damage your work.

                                  If instead you do the work through the config management tool, you get to have it along for the ride the whole way, so it’s a more deterministic outcome. You also get the added benefit of being able to flow your entire change through a deploy process (assuming your config management goes through PR review, CI, canaries, etc).

                                  How much all this sounds like it’s worth it probably depends on the number of machines you have running :)

                              1. 27

                                I think I’m constitutionally incapable of being fair to tools like Mongo and Javascript, but I’ve seen abominations in “real databases” that make me wonder if the problem is less the pissweak tools and more the total lack of interest in thinking. I mean, you can swap Mongo out for something SQL based and still not understand your data or the way in which the entities you care about are related.

                                1. 13

                                  The selection of pissweak tools may be a priori indicative of a lack of thinking.

                                  What I find more puzzling is that given the prevalence of “mongo is shit” sentiment on various sites, the twitters, etc., why would anybody willing brag “made with love with mongo” about their site? It’s like a split reality where I see nothing but scorn for mongodb, but people still pick it. And yes, it can be trendy to hate the thing that’s popular, but a lot of the scorn comes from actual practitioners. Is it really true that people select mongodb unaware that many others have such a low opinion of it?

                                  1. 21

                                    I think it’s different social circles entirely. The people who use node.js and mongodb aren’t the same people talking about PLT or CAP on nerd twitter; they’re the ones who came from PHP and wordpress on VPS, in my experience. And boy howdy are they numerous.

                                    1. 4

                                      I work at Joyent, and most of the software we’ve written is built on Node: Triton, our cloud orchestration stack; and Manta, our hybrid object storage and compute system. We use PostgreSQL, rather than Mongo, though. And we’re pretty serious about CAP and other models for understanding distributed systems problems – even on nerd twitter!

                                      1. 2

                                        Did you guys lose a bet, or?

                                        1. 4

                                          No. The reason we keep using Node is because we’ve put a lot of effort into giving it first class live system and post mortem debugging features. We have a lot of DTrace instrumentation we can make active use of on both development and production systems. We also have the ability to take either discretionary or on-abort core files and extract the full Javascript (and C/native) heap, digging out all the objects and the stack trace (including JS frames) of the failure.

                                          If we were to move to another language or platform, it would have to be at least as debuggable as Node is today – both on live systems and in post mortem.

                                          1. 1

                                            the reason we keep nailing our hands to the wall is that we’ve made a tremendous investment in hammers and state of the art surgical facilities. We can fix all manner of puncture wounds, be they shallow glancing gash or through-hole artery-severing crucifixion. No other language or platform could possibly offer as much opportunity for hand surgeon practice!

                                            1. 3

                                              I get that it’s very trendy to bash on Javascript; I hope you receive your share of Internet points for doing so. It’s not, by any stretch of the imagination, my favourite language – for any number of reasons. Engineering is all about trade-offs, and we’ve traded off some obviously undesirable aspects of the Javascript language against the ability to instrument and debug real production systems.

                                              What language and platform should I be using instead, assuming first class support for dynamic instrumentation (DTrace) and post mortem core file analysis is a constraint?

                                              1. 1

                                                I confess to making excessive fun. But that’s because ‘we need post mortem core file analysis’ has been a checked checkbox since the time of UUCP, kremvax and a.out; and dtrace, while truly excellent, kudos and commendations to all involved, is the heaviest of weird hammers to swing in production first.

                                                Any of the JVM or BEAM languages provide hands down better language facilities, production support and debuggability, and many of them also provide better concurrency, throughput, numerics, libraries, type systems, and developer pools. And of course all of them are packed full of delicious dtrace probes as well.

                                                So: why write anything non-browser in js? Much less anything important like an object storage system?

                                                1. 5

                                                  I completely disagree that post mortem core file analysis is a solved problem for all languages and runtime environments. How do I take an operating system core file from an Erlang application and extract and inspect or report on all of the Erlang-level objects? Attaching a debugger to a live Erlang VM, or relying on some kind of dump format written out by the VM doesn’t count; I mean a dump of the memory and the process state by the operating system without input from the VM.

                                                  It’s possible that OpenJDK may provide some facility to do this with a combination of jmap, jhat, and VisualVM, but I’ve also never actually seen this work reliably across different JVMs and operating systems. Java environments are also notoriously heavyweight, both on the server and especially in the development tools.

                                                  With a C application, there are techniques for locating all (or at least many) objects in memory. The debugger I use, mdb, has ::typegraph – a facility for Post Mortem Object Type Identification. We have even better luck with Javascript, because V8 stores heap objects with sufficient self-describing structure that we can, through ::findjsobjects, readily identify type information and available properties. This is all possible long after the failed process is a distant memory and service has been restored by the supervisor. This is not, as far as I know, a feature available for every other (or even most other) languages or runtimes.

                                                  I also completely disagree that DTrace is a weird hammer to swing when looking at what a production system is doing. Though I may not always emit a raw D script as the first step in determining what a system is doing, I absolutely use tools built on top of DTrace very frequently. For example: our key value store, Moray, includes a tool, moraystat.d, built as a DTrace script. In addition, our logging framework (bunyan) includes a formatting CLI with a flag that allows it to begin collecting log records from one or all processes running on the current system at any log level – it uses DTrace to achieve that, as well.

                                                  DTrace also makes it trivial for us to produce Flame Graphs by profiling the call frame stack, including both Javascript and native C frames. We can use a tool like stackvis to produce a succinct visual representation of what a process (or the kernel, or both) is doing with its time. When a Node program is spinning on CPU, this is often one of the first pieces of data I will collect, in order to understand what’s going on. It’s also trivial to grab a break down of system calls being made, including the JS stack that induced the call.

                                                  As I said before, not everything is perfect, obviously. But we’ve built a robust software stack using these components, in large part because we’ve been able to look deeply into the system and understand what’s broken or even just suboptimal. I would love to have static types, and stronger types, but I don’t think I’d give up the engineering facilities that we have in order to get there.

                                                  1. 1

                                                    How do I take an operating system core file from an Erlang application and extract and inspect or report on all of the Erlang-level objects? Attaching a debugger to a live Erlang VM, or relying on some kind of dump format written out by the VM doesn’t count; I mean a dump of the memory and the process state by the operating system without input from the VM.

                                                    Given the existence of rich debuggers that do in fact attach to live Erlang VMs, even remotely; and a rich dump format written out by the VM in the rare event that it fails, one has to wonder why you define these particular goalposts so narrowly and make these exclusions so very specifically. Is it maybe because the way that you find out about errors in node.js, and the way that you debug them generally, is because node.js crashes, killing every unit of concurrency and all state in the system, and then requires intense human forensic analysis to bring the system back up? And that, therefore, you gear all of your resources towards making even that behavior borderline tolerable? And that by ignoring that you could have not had those errors in the first place, and further by closing the discussion against the other solutions that are radically operationally superior to core dump analysis, you can soothe yourself that you haven’t invested all of your time into obtaining stockholm syndrome at a deeply suboptimal local maxima?

                                                    I love dtrace myself, but just imagine if you had built all of what you’ve built on a more solid foundation. You wouldn’t need half the scaffolding and splints and bandaids and patches and flying buttresses that you’ve apparently erected to get your job done. Imagine if you could dive into dtrace to go see what was going on with a process that was “spinning on CPU”, but it was rarely a critical emergency, because your code wasn’t a mess of single threaded callbacks, and the rest of your program continued running while you looked into the problem and maybe hot-upgraded a fix.

                                                    Anyway – glad you’re proud of your engineering efforts; hope it works for you.

                                      2. 3

                                        I think a lot of the problems that exist are due to people wanting to get an idea implemented as quickly as possible. When time is critical, documentation is avoided over a handful of Google searches that lead to bad (and outdated) Stack Overflow answers, be it choosing what technologies to use or getting help with an error message from some code.

                                        It’s really easy to ship a product with just a handful of search queries, unfortunately.

                                      3. 5

                                        I think a lot of it is “well that won’t affect me”.

                                        From my perspective, I’m at least aware of a lot of Mongo’s shortcomings, but if I had a project where I didn’t entirely know the data schema yet, and was just spiking out a test and wanted to iterate quickly over dealing with data cleanliness, I’d still consider using mongo.

                                        And maybe a lot of that is why it’s so heavily used. Plus, it is super easy to just start using.

                                        1. 5

                                          Is it really true that people select mongodb unaware that many others have such a low opinion of it?

                                          Definitely, there’s a lot of people who are just getting into backend development (perhaps having come from the frontend, or web-design) and they only know Js, Node and MongoDB because it’s what was taught in the bootcamp/tutorial they used to get their idea off the ground.

                                          1. 2

                                            For example, FreeCodeCamp teaches Mongo, Node, and Express for their backend developer certification.

                                          2. 5

                                            This also happened early in Mongo’s life; they made it very clear they used memory-mapped files, and so DB size is quite limited on 32-bit, yet “mongo lost my data” still became a meme.

                                            Software is hard.

                                          3. 8

                                            Yeah, I think people underestimate or don’t want to consider the degree to which database selection / design is hard. Which is a shame because the design of your database is a fundamental decision on which the rest of the application relies. It is important to get it right.

                                            Getting it right means:

                                            • Understanding the sort of data you’re storing
                                            • Understanding the ways in which you want to be able to use that data
                                            • Considering what data structures, database type, etc. will best facilitate success under those constraints

                                            Taking some time at the start of a project to consider these things is worthwhile, and regular review of the constraints (do they still apply? Are there new constraints to consider?) and of your database system’s health (performance, availability, consistency) is worthwhile too.

                                            All in all, database selection should be hype-less. It is a technical decision for which there are actual arguments to be for or against a particular solution, and making a poor choice will hurt. Take the time to do it right.

                                            1. 6

                                              less the pissweak tools and more the total lack of interest in thinking.

                                              I think it’s rather more lack of interest in thinking about the stuff the dev doesn’t find interesting. Which is a problem, to be sure, but it’s not quite obdurate ignorance.

                                              One of the arguments for tools like schema’d databases and strongly typed languages is that they force attention on some of those things which many devs would find tedious, rather than interesting. Likewise, they prevent some errors that lack of attention will generate. But, as you point out, attention isn’t necessarily enough to make good code.

                                              1. 4

                                                I think this is where experience matters. If you’ve been around the block a few times, you know that you have to care deeply about data storage and that no vendor can magic it away behind some marketing.

                                                You only get that experience through by doing it wrong a few times.

                                                1. 2

                                                  The thing that is often overlooked, at least in the world of software that might choose Mongo, is the need for ad-hoc querying. How else are you going to learn anything about your data, and the way it changes over time? I’ve never seen a database of any size that hasn’t needed additional interfaces, and if all your constraints are in the client, or you use some kind of godawful k/v schema, oh well.

                                                  1. 7

                                                    This is why I believe Kafka is the best thing to ever happen to databases. Consume from a topic and store data in multiple databases based on different query patterns. Then Mongo is just one materialized view over your data.

                                              1. 3

                                                I wonder how well 64mb instances will work in practice - box packing that into machines is likely to cause a huge number of processes (not a major issue - I have boxes with 50k+ threads on them) but I’ve found a major issue is crazy context switching which hits performance in a big way.

                                                Personally speaking; If I was building a business, I would pick one of the established players (AWS, Google, Joyent). Picking a niche player seems like a recipe for being forced into a later migration.

                                                There are of course interesting features, but I think YAGNI often applies and these need to be offset against the added risks.

                                                1. 2

                                                  Personally speaking; If I was building a business, I would pick one of the established players (AWS, Google, Joyent).

                                                  I agree, though it’s also priced at about ½ Joyent’s prices when comparing same-RAM-allocation containers (e.g. 1.44¢/hr vs. 2.6¢/hr for a 1-GB container), so it seems more like it’s competing in the “budget cloud” category, which has somewhat different criteria and targets a different set of customers. Mostly just has to be cheap-ish and good enough. Whether it fits that niche depends on how much performance lags though… if it’s ½ the price but also ½ as fast, then it gets a bit less interesting, unless you’re purely RAM-constrained.

                                                  1. 1

                                                    That’s Digital Ocean’s game, right? How does it compare to them?

                                                    1. 2

                                                      It’s roughly the same price as DigitalOcean comparing equal RAM sizes. I suppose you’d only go for Hyper_ if you found their container-submission engine more in line with your needs than DO’s VM offering, otherwise DO is obviously more established.

                                                1. 8

                                                  Yes, Apple did build a very secure high value vault, which evrybody said was impossible HOWEVER, they were only able to do so by removing the other thing everybody said makes it impossible to build - the master key.

                                                  The system is secure because nobody has admin access. Admin access has been disabled because there is no way for a computer to verify the intent behind admin access.

                                                  If your enable admin access, the system is no longer secure. They built a working implementation of the argument evrybody has been making.

                                                  1. 4

                                                    Between this and the secure boot bypass, there’s a lot of misinformation running around. Everything is a golden key or a backdoor or whatever, even when it isn’t.

                                                  1. 3

                                                    I have always wanted to ask a ninja-level sysop: how good is the canned ZFS setup provided by FreeNAS compared to something custom like this? I am about to drop a few grand on a pair (RAID is not backup!) of custom storage machines and I am curious how much more performance, uptime, and longevity can be squeezed out beyond the FreeNAS defaults. just in terms of orders of magnitude, are we talking 25% or 5%?

                                                    1. 3

                                                      The folks at IXsystems know their stuff. Their team has serious technical clue. I would be strongly in favour of trusting the 11 years of experience FreeNAS has rather than rolling something homegrown.

                                                      On performance, ZFS isn’t the fastest out there but it’s pretty reliable to hardware failure.

                                                      1. 1

                                                        excellent, and exactly what I wanted to know!

                                                      2. 1

                                                        I am about to drop a few grand on a pair (RAID is not backup!)

                                                        Don’t expect HA to be backup either…

                                                        1. 1

                                                          wasn’t. was referring to the pair as a backup. one will be offsite and take daily clones.

                                                      1. 7

                                                        It’s an interesting potential solution to the issue that HN faces (which is that they have many smart people who think each other are idiots). I don’t know that you can “fix” an intellectual pissing contest with endorsements and still keep a large active community. I think they will lose many users who will go elsewhere (and this may be a good thing for them).