Re: [PATCH 0/3] btrfs-progs: receive: fix a silent data loss bug with encoded writes

[Christoph Anton Mitterer <calestyo@scientia.org>]

On Wed, 2022-11-16 at 10:50 +0000, Filipe Manana wrote:
> There will always be users who'll miss such alerts, many don't read
> all the emails in this list, many are not even subscribed to the
> mailing list, etc.

Sure... and it will never be possible to have a system which really
reaches 100% of the desired users.

But this isn't only the case for a something that notices about data
corruption issues, it's also the case for any other warning system:
- civil defense via sirens (people may life to far away, wear
  headphones with loud music, be deaf, sleep with earmuffs) via apps
  (they often simply fail or are overloaded, people may not have a
  smartphone at all, it maybe powered off)
- software security advisories (again, people may not be subscribed to
  such mailing lists, may not run upgrades regularly respectively check
  for security updates in some automated fashion, or attackers may try
  to specifically block such information from certain people)
- etc. pp.
- and even *if* the information reaches someone, it's still not 
  guaranteed that he cares about or understands it well enough


I don't think the goal is ever about reaching everyone - the goal is
having a simple way of reaching those who care.

Because whether it's storage farm admins who keep important scientific
data on btrfs or some end user who values his precious collection of
pictures, etc. ... it would be quite good for them to be able to react
in cases of (especially silent) data corruption.

And I should emphasis, that this is in no way targeted for lazy people
who don't make backups.
I for example do have some rather sophisticated backup strategy, but if
there's silent data corruption it's often quite hard to tell whether
the data is still valid, even if one does things like storing hash sums
of them (and verifying these of some 10TB of data already takes several
days).


> Do you have examples of other projects that have an effective alert
> system?

Well, as I've said, not at the filesystem level. But it's e.g. common
practise for security incidents.


Upstream developers put quite some effort into finding and fixing such
bugs, which is appreciated, but IMO that is a bit ridiculed by the fact
that people then may still loose their data, just because they never
take notice about such issues, when they'd still have valid backups.


Cheers,
Chris.