Posts
Since we almost always need partitioning, the choice is consistency vs availability (meaning availability for updates).
Turns out the CAP theorem rules out relatively little. (He talks about probabilities of catastrophic failure, like half your nodes.)
Facebook approach to consistency with backup: reads may be stale, until your own write after which read from master
Real world: weak consistency + delayed exception + compensation
Mike Stonebreaker (Ingres/Postgres)
Myths:
- SQL is too slow
- want key-value interface
- SQL systems don't scale
- no open-source implementations
- ACID is too slow
- in CAP, choose AP over CA
VoltDB is a current example
2 reasons for slowness:
* interface: don't use ODBC/JDBC; use stored procedures instead
* services (eg. disk buffer pool, crash recovery, locking, multi-threading)
A modern DB on TPC-C benchmark, only 12% of time spent in useful work; other 88% was spent on buffer pool, latching, locking, & recovery. ACID is 1/3 of the cost; get rid of it to speed up 50% (see reference 1 here).
NoSQL
2 criteria:
- no joins
- no complex transactions
Facebook Connect is simplest 'cause they're the sole provider
OpenID is open with different providers, and you have already it with Google, Yahoo, etc.
SAML is the mother-of-formats using tokens and allowing all kinds of granularity
OAuth secures APIs, RESTful
WS-Trust secures web services, SOAP
Douglas Crackford (creator of JavaScript, JSON)
"The only way we can get things done is to avoid doing anything at all."
"One reason JSON worked is that it tried to solve the intersection problem rather than the union problem."
Web standards mandate security holes.
Safe JavaScript subsets:
These have been incorporated into ECMAScript Fifth Edition.
DOM is a big hole, so must fix DOM as well as JavaScript. HTML5 is making things worse:
- new modes of attack
- new capabilities of attack
- long standards process
We must kill IE6.
30 days after all browsers have stable versions of ECMAScript5, let's stop supporting IE6.
Ross Turk
To get around the toll-cost per SMS, let's allow bundling of the API with ad access so provider shares in the benefit (revenue share).
3 calls-to-action if you have ideas:
- redg.snodgrass@alcatel-lucent.com
- openapiservice.com
- ross.turk@alcatel-lucent.com
Monica Keller, Facebook
Facebook allows your app to be notified of your user's changes & updates. It's not PubSub, just an HTTP callback.
Dustin Whittle on YQL
Very easy to try out and have them host your scripts.
datatables.org
Chris Messina on XAuth
Not for authentication: it's a central server telling the user's available services.
Brad Fitzpatrick on WebFinger
Try it out at webfinger.org
No comments:
Post a Comment