Threads for lindvall

  1. 4

    So, I have a serious question: I understand different databases have different trade-offs; that’s fine. But since jepsen tests seem to reliably fail in non-intuitive ways on MongoDB, I’m having trouble figuring out two things:

    1. Are services running on MongoDB just losing data constantly and no one notices? If not, has it decreased the frequency, or the failure states, compared to five years ago?
    2. Does this imply that there should be some sort of “jepsen-for-the-99%” test? What would it take for MongoDB to legitimately pass? What else that currently fails jepsen would then pass?
    1. 2

      Yes, services have just been losing data. Take parse for instance:

      • Frequent (daily) master reelections on AWS EC2. Rollback files were discarded and let to data loss

      https://medium.baqend.com/parse-is-gone-a-few-secrets-about-their-infrastructure-91b3ab2fcf71

      1. 2

        Network partitions & failovers are both relatively uncommon operations in day-to-day operations.

        You’re only moderately likely to lose a few minutes of updates once every few years.

        1. 2

          This is something that has proven to be untrue many times over and has been refuted by @aphyr himself:

          https://queue.acm.org/detail.cfm?id=2655736

          1. 1

            I said “relatively uncommon”; that is, not frequently enough to cause enough data loss to kill a business built on it.

        2. 1
          1. Sort of, yes. If your network experiences a hiccup, your mongodb cluster can go AWOL or FUBAR, depending on how the dice roll. That is on top of the usual problems with organically growing document stores…

          2. To legit pass, a MongoDB server should handle network failure to the cluster by becoming either unavailable or, if a quorum is present, continuing operation. Continuing operation in the absence of a quorum or any other mechanism to ensure data consistency is an immediate fail IMO.

        1. 1

          I’d certainly appreciate such a thing.

          1. 11

            TIL I can buy domains and then cancel the money transfer

            1. 1

              This illustrates why 3rd party escrow services are important when doing legitimate transactions.

              1. 4

                She used an escrow service. I’m confused about that.

            1. 5

              Haha, how many years do I have to quietly read and occasionally post before I get cred for not being a throwaway and “knowing the community,” and participating with downvotes, which offer several reasons that aren’t about community, reasonably? It’s like actual new folks are meant to shitpost a few jokes for easy karma to get past the bar.

              1. 2

                I had a similar feeling. I’ve read the site daily for a couple years, but don’t tend to comment, so am well under the karma bar. It makes me wonder if the current way that karma is created and used is really lining up with what is intended.

                1. 3

                  In fairness if you don’t comment, why you gotta downvote others' comments? Post rebuttals!

                  1. 3

                    Half the time people are downvoted, they complain about sock puppet armies. Which I think is not true, but this way it’s a slightly less convenient excuse.

                1. 11

                  I frankly don’t believe Popescu’s b.s. about the other account belonging to a relative. I used to work at an eBay like site for high end audio and a big part of my job was fighting fraudsters there. This was a common refrain from them when caught “Oh that account shares my IP address but it’s my sister not me.” Bullcrap.

                  1. 2

                    Even if the relative story is true; it doesn’t make anything better. It’s his account and it is his fault who he links up with. If he didn’t want that responsibility then he should have let his relative pay for her own account.

                    1. 5

                      I think the phrase “links up with” can be misleading or at least confusing. From everything I understand, there was no formal “linking” of accounts, but instead a number of ways in which the accounts implicitly shared traits (used the same credit card, etc) and thus the Apple fraud team determined they were linked.

                      Not notifying each account that they were going to terminate seems like a big oversight that could have made things turn out quite differently.

                      1. 1

                        Not notifying each account that they were going to terminate seems like a big oversight that could have made things turn out quite differently.

                        I totally agree, but thinking about it from Apple’s perspective, I can understand why they wouldn’t have contacted the primary account. It could have given away some of the signals they use for detecting ‘linked’ accounts which to my knowledge weren’t public before.

                  1. 3

                    This is sweet. I like the layout.

                    1. 2

                      This post could really use a better title: “Time Travel: Implementing Undo in Om”

                      1. 1

                        Agreed.

                        While I like to keep the primary subject of posts, sometimes, more context is needed when displayed on an aggregator.