On Thu, Jun 30, 2016 at 07:32:45PM +0000, Mark Svancarek wrote:
Model V is the one I'd build if I weren't so concerned about the plethora of local privacy laws and law enforcement regimes.
There is another thing about Model V I didn't point out but that I think is worth noting. Model V is monolithic in that anyone on the whole Internet who wants to look at anything out of the RDS has to contact this single service. Everything we know about how the Internet has scaled well suggests that monolithic services are extremely hard to do well. The things that have really gotten huge are of two types: 1. Distributed systems that are mostly cheap to operate. Think DNS, the web, and so on. Certain large operators have an expensive installation, but no individual service is super expensive to operate and if it fails it doesn't take down the class of service completely. 2. Massive single-company category killers that depend on advertising revenue, revenue gained by knowing a lot about users and selling that, money dependent on a "magic happens here" belief on the part of investors, or paid use (or all of these). Think Google, Facebook, Twitter, Office360, and Amazon (both the commerce site and AWS) -- or maybe pets.com for the third category of these. Notable here is that if the operator has a bad day the entire _class_ of service disappears. There is no alternative Facebook: if they're broken, Facebook stops. (Fortunately, they're very, very good and rarely have this happen; but that's not an operation built on a shoestring.) The plan for a monolithic RDS is basically to build (2) and hope that revenues and operations staff adequate to (1) will be enough. I hope it is self-evident what the problem is here. Moreover, I hope that everyone involved in this WG is familiar enough with the term "DDoS" to see why building a Big Giant Centralised Service might be like painting a target on ICANN. Or perhaps _another_ target. Best regards, A -- Andrew Sullivan ajs@anvilwalrusden.com