People: > On Mon, Aug 11, 2003 at 10:58:18PM -0400, Christopher Browne wrote: > > 1. Nobody has gone through any formal proofs, and there are few > > systems _anywhere_ that are 100% reliable. > > I think the problem is that ext2 is known to be not perfectly crash > safe. That is, fsck on reboot after a crash can cause, in some > extreme cases, recently-fscynced data to end up in lost+found/. The > data may or may not be recoverable from there.
Aside from that, as recently as eighteen months ago I had to manually fsck an ext2 system after an unexpected power-out. After my interactive session the system recovered and no data was lost. However, the client lost 3.5 hours of work time ... 2.5 hours for me to get to the site, and 1 hour to recover the server (mostly waiting time). So it's a tradeoff with loss of performance vs. recovery time. In a server room with redundant backup power supplies, "clean room" security and fail-over services, I can certainly imagine that data journalling would not be needed. That is, however, the minority ... -- Josh Berkus Aglio Database Solutions San Francisco ---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster