Author: Administrator

Recovering from self inflicted data corruption – a summary

Of late I have been torturing myself about the question of - even if I build on top of a highly reliable storage service like Windows Azure Table Service do I still need to worry about backups, versioning, journals and such? The answer would seem to be, yes, I do. Mostly because even if the table store works perfectly, I’m still going to have bugs I introduced that are going to hork my data.

In fact what I specifically need to do is:

  1. Lobby the Windows Azure Table Storage team to add undelete for tables so if I accidentally blow away one of my tables I have some hope (oh and ACL’s would be nice too)
  2. Be very careful about how I update my schemas
  3. Implement a command journal (and be clear about their limitations)
  4. If time permits implement tombstoning
  5. If I’m feeling really wacko implement my own versioning system on top of the table store (or just backups if I’m feeling only slightly wacko)
  6. Put into place a realistic plan to take advantage of all these features while keeping in mind the limitations of these techniques.

The links in the previous text are to the other articles in this series that I wrote for my blog. Those articles are:

Implementing Versioning in Windows Azure Table Store

In a previous article I argued that I needed some kind of journaling/backup for my Windows Azure Tables in order to handle my own screw ups. In this article I re-examine the value of versioning for recovering from self inflicted data corruption. Discuss backups as a possible substitute for versioning. Look at what versioning might look like if added as a native feature of Windows Azure Table Store and finish up by proposing a design that would let me implement versioning on top of Windows Azure Table Store.

This article is part of a series. Click here to see summary and complete list of articles in the series.

Continue reading Implementing Versioning in Windows Azure Table Store

The limits of recovering from application logic failures

I have been blathering on all week about how to prepare for application logic failures in services and how to potentially recover from the damage those errors cause. I have yammered on about command journals (twice), tombstones, versioning etc. But none of these techniques is magical. They all have very serious limits that mean in most non-trivial cases the best one can really do is say to the user ”Here is the command I screwed up, here are the specific mistakes made, here is what the values should have been, do you want to repair this damage?” Below I explore three specific examples of those limits that I call: read syndrome, put syndrome and e-tag effect.

This article is part of a series. Click here to see summary and complete list of articles in the series.

Continue reading The limits of recovering from application logic failures

Tombstoning on top of Windows Azure Table Store

After command journaling probably the next most effective protection against application logic errors is tombstoning (keeping a copy of the last version of a deleted row). In this article I propose a design for adding tombstoning to Windows Azure Table Store using two tables, a main table and a tombstone table.

This article is part of a series. Click here to see summary and complete list of articles in the series.

Continue reading Tombstoning on top of Windows Azure Table Store

Thoughts on implementing a command journal

I had previously concluded that command journaling (creating a journal of all the external user commands and internal maintenance commands I issue) is really useful for recovering from self inflicted data corruption. In this article I look into the various techniques I can use to implement a command journal so as to trade off between system performance and the journal’s utility in recovery.

This article is part of a series. Click here to see summary and complete list of articles in the series.

Continue reading Thoughts on implementing a command journal

Techniques to Ease Recovering from Self Inflicted Data Corruption

In a previous article I argued that even with the protections Windows Azure Table Store provides for my data I can still screw things up myself and so need to put in place protections against my own mistakes. Below I walk through the three scenarios I previously listed and explain how command journaling, tombstoning and versioning could make recovering from my errors much easier.

This article is part of a series. Click here to see summary and complete list of articles in the series.

Continue reading Techniques to Ease Recovering from Self Inflicted Data Corruption

The Limits of Command Journals

In a previous article I argued that I needed some kind of journaling/backup for my Windows Azure Tables in order to make it easier for me to recover from my own screw ups. One type of journaling I suggested was command journaling. In this article I look at the practical limitations of command journals and conclude that while they are (somewhat) useful for notifying users who might have been affected by data corruption they aren’t likely in the general case to be re-playable so their real value is probably less than it might appear.

This article is part of a series. Click here to see summary and complete list of articles in the series.

Continue reading The Limits of Command Journals

Do I need to backup/journal my Windows Azure Table Store?

Windows Azure provides a highly scalable, reliable, fault resistent table store. So in theory my service can dump data into the table store and walk away secure in the knowledge that I’ll get back what I put in and that the data will be there when I need it. So is there any reason I should care about backing up or journaling my Windows Azure Tables? As I argue below the answer is - yes. But the reason isn’t to protect me against Azure’s mistakes, it’s to protect me from myself.

This article is part of a series. Click here to see summary and complete list of articles in the series.

Continue reading Do I need to backup/journal my Windows Azure Table Store?

Chef’s Choice SmartKettle Model 688

I love green tea and its variants such as jasmine and genmaicha. But these teas only taste good to me when made with hot water around 160’s. Anything hotter just turns them into an acid brew. But seriously, sticking a thermometer into a cup to measure the heat just wasn’t working out. I bemoaned the lack of a kettle with a thermostat to save me. Thankfully Wired clued me in to a great solution – the Chef’s Choice SmartKettle Model 688. My wife was nice enough to buy me one, it works great and my green tea tastes outstanding!

11/3/2009 – General Election – Redmond, King County, Washington

Honestly, I don't know why i'm bothering with this. Now that we have gone to an all mail based ballot we have all but guaranteed that over time voter fraud will be the rule. There are just so many easy ways to cause ballots to 'spoil' (before if I screwed up a ballot the machine would tell me, now if there is a mistake I'm just out of luck), to connect who a person is with their ballot, to make ballot purchasing or coercion verifiable and therefore easy, that it's ridiculous. An all mail in ballot system is inherently an illegitimate voting system. We lost folks. There's no way around it. I don't know why I insist on going through the charade that our votes matter. Any system that makes fraud easy will be defrauded and an all mail in ballot system is the very definition of a 'fraud friendly' environment. But my guess is that the fraud will take a little while to start up in full bloom so until then I'll pretend my vote matters. I'll pretend my vote was received. I'll pretend that my vote was counted correctly. Because that's all the system leave me with, pretense.

  • Initiative Measure No. 1033 - NO

  • Referendum Measure No. 71 - APPROVED

  • King County Charter Amendment No. 1 - YES

  • King County Charter Amendment No. 2 - YES

  • King County Charter Amendment No. 3 - YES

  • King County Charter Amendment No. 4 - YES

  • King County Executive - Dow Constantine

  • Sheriff - Sue Rahr

  • King County Assessor - Bob Rosenberger

  • Metropolitan King County Council District No. 3 - Kathy Lambert

  • Court of Appeals, Division No. 1, District No.1 Judge Position No. 3 - Anne L. Ellington

  • Port of Seattle Commissioner Position No. 1 - John Creighton

  • Port of Seattle Commissioner Position No. 3 - Rob Holland

  • Port of Seattle Commissioner Position No. 4 - Tom Albro

  • City of Redmond - Council Position No. 2 - John P. (Pat) Vache

  • City of Redmond - Council Position No. 4 - Kim Allen

  • City of Redmond - Council Position No. 6 - John Stilin

  • Lake Washington School District No. 414 Director District No. 3 - Nancy Phillips Bernard

  • Lake Washington School District No. 414 Director District No. 4 - Doug Eglington

  • Public Hospital District No. 2 - Commissioner District No. 1 - Al F. DeYoung

  • Public Hospital District No. 2 -Commissioner Position No. 4 - Charles A. Pilcher

Continue reading 11/3/2009 – General Election – Redmond, King County, Washington