Everyone expects filesystem to behave transactionally these days, so that if you follow the create-write-rename pattern that you either get the old contents or the new contents of the file. I just wrote this diatribe on the ubuntu bug report:

https://bugs.edge.launchpad.net/ubuntu/+source/linux/+bug/317781?comments=all

ted ts'o:

I'll opine that POSIX needs to be updated.

The use of the create-new-file-write-rename design pattern is pervasive and expected that after a crash either the new contents or the old contents of the file will be found there, but zero length is unacceptable. This is the behavior that we saw with ext2 where the metadata and data writes could get re-ordered and result in zero-length files. With the 800 servers that I was maintaining then, it meant that the perl scripts for our account management software would zero-length out /etc/passwd, along with other corruption often enough that we were rebuilding servers every week or two. As the site grew and roles and responsibilites grew that meant that with 30,000 linux boxes, even with 1,000-day uptimes there were 30 server crashes per day ( even without crappy graphics drivers, a linux server busy doing apache and a bunch of mixed network/cpu/disk-io seems to have about this average uptime -- i'm not unhappy with this, but at large numbers of servers, then server crashes catch up with you ). And while I've never seen this result in data loss, it does result in churn in rebuilding and reimaging servers. It could also cause issues where a server is placed back into rotation looking like it is working (nothing so obvious as /etc/passwd corrupted), but is still failing on something critical after a reboot. You can jump through intellectual hoops about how servers shouldn't be put back into rotation without validation, but even at the small site that I'm at now with 2,000 servers and about 300 different kinds of servers, we don't have good validation, don't have the resources to build it, and rely on servers being able to be put back into rotation after they reboot without worrying about subtle corruption issues.

There is now an expectation that filesystems have transactional behavior. Deal with it. If it isn't explicitly part of POSIX then POSIX needs to be updated in order to reflect the actual realities of how people are using Unix-like systems these days -- POSIX was not handed down from God to Linus on the Mount. It can and should be amended. And this should not damage the performance benefits of doing delayed writes. Just because you have to be consistent doesn't mean that you have to start doing fsync()s for me all the time. If I don't explictly call fsync()/fdatasync() you can hold the writes in memory for 30 minutes and abusively punish me for not doing that explicitly myself. But just delay *both* the data and metadata writes so that I either get the full "transaction" or I don't. And stop whining about how people don't know how to use your precious filesystem.

It goes a lot beyond that as well, when you get into technical and cave diving.

I'm continually drawing parallels between my experiences at Amazon managing 30,000 servers, and cave diving in terms of the philosophies that are successful. You can't be successful managing that many servers if they are all unique, there has to be standards and there has to be uniform reactions among the operational staff for any emergencies to reduce MTTR. Underwater it takes on an additional urgency since your reactions to emergencies involve lack of breathing gas and your "MTTR" needs to be in seconds. There's also principles of failure analysis and single points of failure which cross over fairly easily. There's also more nebulous principles such as resisting the urge to solve problems in advance of actually encountering them -- which draws me towards Agile simply for the You Aint Gonna Need It - YAGNI principle - for reducing the complexity of designs. And the law of unintended consequences applies in both disciplines -- trying to fix a problem you don't actually have can cause problems elsewhere.

That's not even getting into the way that some people get geeky about being underwater. There's a whole different set of wildlife down there to get geeky about, and most divers love to find some new animal underwater and figure out what it was they saw online by consulting other geeks who can ID the critter. When cave diving there's a whole different set of geekery involved in the environment of the cave that I don't even know a tiny fraction of so far. And with wrecks, there's the whole history of the wrecks, as well as the geekery involved in going out and doing the historical research and side scanning and finding new wrecks.

Diving really has a nearly unlimited ceiling on how geeky you can get about it.

40m/130ft is actually a baby technical dive. Its easy to do an hour-long dive on wrecks at that depth and do only very minimal O2 deco with minimal risk.

I got interested in technical diving after having done a day where we did 2 recreational 30-minute dives to 30m and got narc'd, while the technical divers on the boat both did 2 60-minute dives using helium to reduce narcosis and penetrated the entire length of both wrecks that we dove on. I've since gone back there and done both of those dives again as technical dives, and added scooters so that we spent a bunch of time zooming around a viewing the entire outside of the wrecks. Very fun dives.

60m/200ft is a whole different ballgame, and 90m/300ft is yet another ballgame, entirely.

Or unless you're simply certified to penetrate the wreck, and ideally this includes both courses taken on wreck penetration (and cave diving), along with more long-term mentoring with other experienced wreck divers.

It may be a little crazy, but I think that people who jump out of perfectly working airplanes for fun, or like to climb up sheer rock faces are absolutely nuts. Wreck diving (and cave diving) are far from suicidal if you just get the training, experience, mentoring and follow some basic rules.

Artificial reefs are also very useful for wreck diving n00bs. As a n00b, myself, so far I've only got 24 cave dives under my belt, and two wreck penetration dives on the Saskatchewan and Cape Breton up in Nanaimo, British Columbia (artificial wrecks). The newly sunk artificial reefs are somewhat safer for newbie wreck divers since they have been 'cleaned up' and have less crap that you're going to get caught on, so that less experienced wreck divers can get experience executing dives in an overhead environment with less crap inside the space, no wires hanging down waiting to grab ahold of scuba gear, etc. Although given the fatality on the Cape Breton and the triple-fatality on an artificial wreck in Florida fairly recently it is not without risks (both of those incidents involved violation of training standards).

I also don't believe the PADI wreck diver certification trains a diver to enter wrecks. It is about diving on wrecks rather than in them. You have to go to do a different (technical) dive training agency in order to get trained to dive inside wrecks.