On 1/20/2006 6:26 PM, Jim C. Nasby wrote:
> On Fri, Jan 20, 2006 at 04:47:01PM -0500, Andrew Sullivan wrote:
>> On Fri, Jan 20, 2006 at 04:21:15PM -0500, Christopher Browne wrote:
>> > Maximizing availability, which is what HA is forcibly and unambiguously
>> > about, may not be exactly the same thing as providing guarantees that
>> > committed transactions can never be lost.
>> 
>> Right.  And even banks are forced to make some compromises here.  For
>> instance, nobody can do 2PC or any synchronous transaction
>> replication across WANs.  So a perfect, up to the millisecond version
>> of the bank can't be online somewhere else.  In a system I'm familiar
>> with, the transaction log is 2PCd somewhere else at transaction time,
>> but not live data.  If the remote site had to come into use, you'd
>> have a few minutes of recovery time while you replayed and caught up.  
> 
> Sounds perfectly reasonable. Not being able to do credit-card auth for 5
> minutes will piss a bunch of people off, but losing actual data would be
> *really* bad.

You might be mistaken in this point. Banks are like insurance companies. 
The volume of financial transactions they process allows to evaluate the 
cost to "secure" something vs. the possible damage if something is lost.

Even 20 years ago the bank I was working for in Germany didn't bother to 
compare the signatures on checks cashed at the counter if the amount was 
under 1000 DM (about $400 US at that time). You could literally sign 
your check with "Mickey Mouse" and go to any of the 250 locations and 
you'd get cash for that check. The few cases where the bank had to 
refund were far cheaper than checking every single signature.


Jan

-- 
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#================================================== JanWieck at Yahoo.com #