On Mon, Mar 24, 2014 at 04:37:37PM +0100, Lodewijk andré de la porte wrote:
2014-03-24 2:47 GMT+01:00 Peter Gutmann <pgut001@cs.auckland.ac.nz>:
Their prime directive is that financial value can never be created or destroyed, so you can never have a situation in which a failure anywhere will result in one blob of financial value being recorded in two locations, or no locations. Saying that you'll address this by rolling back transactions won't fly both because no standard database can handle the load they work at, and because the financial world isn't going to stop and wait while you perform a rollback.
So how do they do that? If there's power failure on a specific box, what happens? Are all transactions synced to disk before commit, thus minimal rollbacks? A minimal rollback takes a very small margin of what would happen in case of power failure on a box. Maybe they have several boxes advocating a single transaction, so that expectible failures would never crash a system completely.
Except the financial world DID crash, and they just had the government(s) print new money to do the rollback for them. That's the difference with MtGox, there's no single authority (or distributed consensus mechanism) that is capable of rolling anything back.... except for the Japanese bankruptcy proceeding. So maybe technically you could argue the **accounting** database system never crashed, but we were feeding in garbage mortages and processing meaningless transactions at a rate the world had never seen before or since. And then it took at least 3-5 years to rollback and unwind all the corrupted input data. -- ---------------------------------------------------------------------------- Troy Benjegerdes 'da hozer' hozer@hozed.org 7 elements earth::water::air::fire::mind::spirit::soul grid.coop Never pick a fight with someone who buys ink by the barrel, nor try buy a hacker who makes money by the megahash