Re: [Ilc] Clarifications and thoughts purpose of ILC list Thu, 23 February 2017 20:03 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C70311299F9 for <>; Thu, 23 Feb 2017 12:03:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Mt73ZP0oazTQ for <>; Thu, 23 Feb 2017 12:03:36 -0800 (PST)
Received: from ( [IPv6:2001:470:806d:1::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EABF4129853 for <>; Thu, 23 Feb 2017 12:03:36 -0800 (PST)
Received: from (localhost []) by (8.15.2/8.15.2) with ESMTP id v1NK3aD1058239; Thu, 23 Feb 2017 12:03:36 -0800 (PST)
Received: (from dm@localhost) by (8.15.2/8.15.2/Submit) id v1NK3a2w088645; Thu, 23 Feb 2017 12:03:36 -0800 (PST)
To: Tony Arcieri <>
In-Reply-To: <>
References: <> <> <> <> <> <>
Date: Thu, 23 Feb 2017 12:03:36 -0800
Message-ID: <>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <>
Subject: Re: [Ilc] Clarifications and thoughts purpose of ILC list
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: David Mazieres expires 2017-05-24 PDT <>
List-Id: "Discussion of mechanisms and applications for Internet-level consensus." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 23 Feb 2017 20:03:38 -0000

Tony Arcieri <> writes:

> Correctly designed AP systems support a merge operation to reconcile
> disparate states. CRDTs are an example of a system that can always merge
> data automatically in a conflict-free manner...
> ...
> The main option, which is particularly applicable to systems which publish
> to read-only clients, is to allow stale reads. This flips the semantics
> from CP to AP, allowing inconsistent views of the current state of the data
> (i.e. sacrificing consistency for availability), but should be safe if data
> being read is not incorporated into subsequent writes (i.e. stale reads are
> only allowed by truly read-only clients)

Ah, so I agree with the points you are making, I just think they are at
a different level of abstraction from the consensus mechanism.  In other
words, I can take a safe consensus protocol and use it to implement a
secure read-only log.  That log abstraction might support an operation
along the lines of "verify that some log prefix satisfies some
predicate," which one might then use to check that a particular
transaction committed, or to get a recent value of some variable without
necessarily knowing the latest.

So the question is not "are weak consistency models useful for systems?"
to which the answer would be an obvious yes.  The question is what, if
any, support would weakly consistent systems require from an underlying
Internet-level consensus protocol?  My preference would be to answer
"none," because I worry such support would complicate reasoning about
the safety of strongly consistent systems.  But that's obviously a good
topic for discussion on this list.