[colechristensen]

All you're doing is advocating larger, less frequent failures with people who know less. Robustness isn't just about your software or your ops setup, but also about your people and their knowledge and experience. I cannot see how less frequent, more intense failures with people who know less is preferable, and that anything else is "very dangerous advice"

You will ultimately have many fewer resources available if your strategy is to gloss over failure modes by telling inexperienced engineers to hope they won't happen. It's technical debt and the interest payments are very high.

[sitkack]

You are both right. But both wrong. If you want better consistency, use either object storage or a database. If you are mutating multiple entities and need consistency, now you need a distributed transaction.

But ALL cloud providers provide warning before an instance is shutdown. There is absolutely no reason, other than a crash for an instance to have a hard shutdown.

[colechristensen]

He makes valid points, but in defense of an original ridiculous statement that the articles suggestions are extremely dangerous. There are all sorts of benefits to an ACID database, it's just not reasonable to scream about the necessity of it because reboots are scary.

[sitkack]

I agree.

But! Lots of applications aren't built to handle partial writes, which will absolutely occur if apps are hard killed. Any disucssion around this topic should reference Crash-only Software [0][1][2] and Micro Reboots [3]

[0] https://en.wikipedia.org/wiki/Crash-only_software

[1] https://www.usenix.org/conference/hotos-ix/crash-only-softwa...

[2] https://lwn.net/Articles/191059/

[3] https://www.usenix.org/legacy/event/osdi04/tech/full_papers/...