For safety critical systems, one strategy is to store at least two copies of important data and compare them regularly. If they don't match, you either try to recover somehow or go into a safe state, depending on the context.
For safety critical systems, one strategy is to store at least two copies of important data and compare them regularly. If they don't match, you either try to recover somehow or go into a safe state, depending on the context.
At least three copies, so you can recover based on consensus.
If your pieces of important data are very tiny, that's probably your best option.
If they're hundreds of bytes or more, then two copies plus two hashes will do a better job.
Ah, true! You just restore the one that matches its hash. Elegant.
A single hash should be enough.
Yes, but what's easier depends on layout. "Consensus" makes me think of multiple entire nodes, and in that situation you can have a nice symmetry by making each node store one copy and one small hash.
If you're doing something that's more centralized then one hash might be simpler, but if you're centralized then you should probably use your own error correction codes instead of having multiple copies.
In many cases the system is perfectly safe when it shuts off. Two is enough for that.
“never go to sea with two chronometers, take one or three”
Seems like chronometers would be a case where two are better than one, because the mistakes are analog. If they don't exactly agree, just take the average. You'll have more error than if you were lucky enough to take the better chronometer, but less than if you had taken only the worse one. Minimizing the worst case is probably the best way to stay off the rocks.
And for breaking failures, two is way better than one! Having zero working chronometers would be bad.
And come to think of it, if the two chronometers are wrong in different directions, then the average could be more accurate than either of them.
I use ZFS even on consumer devices, these days. Parity checks all the way!