> On Mon, Aug 11, 2003 at 10:58:18PM -0400, Christopher Browne wrote:
> > 1.  Nobody has gone through any formal proofs, and there are few
> > systems _anywhere_ that are 100% reliable.
> I think the problem is that ext2 is known to be not perfectly crash
> safe.  That is, fsck on reboot after a crash can cause, in some
> extreme cases, recently-fscynced data to end up in lost+found/.  The
> data may or may not be recoverable from there.

Aside from that, as recently as eighteen months ago I had to manually fsck an 
ext2 system after an unexpected power-out.   After my interactive session the 
system recovered and no data was lost.  However, the client lost 3.5 hours of 
work time ... 2.5 hours for me to get to the site, and 1 hour to recover the 
server (mostly waiting time).  

So it's a tradeoff with loss of performance vs. recovery time.   In a server 
room with redundant backup power supplies, "clean room" security and 
fail-over services, I can certainly imagine that data journalling would not 
be needed.   That is, however, the minority ...

Josh Berkus
Aglio Database Solutions
San Francisco

---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster

Reply via email to