Comment by olliej

The entire point of modern journaling filesystems and properly designed transactional databases is to ensure 100% data integrity in case of power loss, every time, no matter what. The thinking you have is from the 1990s. We can (and do) do better today.

A properly designed transactional database will only ever "fail ahead". If power fails a transaction that was in the process of committing might commit without an ack, but will never return an ack and then be lost on the next startup. The ack means the data is safe, regardless of what happened afterwards.

>Add a secondary UPS. What will be the next excuse?

You shouldn't have to add a secondary UPS at all, period, and still get that.

Databases are designed that way (for integrity under sudden power loss) - the OS just needs to provide a standard call for the sync that they can use.

Now, fsync not guaranteeing a write is one thing -- and it's common in other OSes, even Linux behaved like that.

The non-commital fullsync on the other hand (and the slow speed) are problematic, and that's not an excuse for the user having such a bizarro case as wanting to run a DB on their Mac Mini without 2 UPS, that's you excusing Apple.

Not to mention that 2 UPS wont solve the problem if you're not there to shut down the computer gracefully as they, themselves, are depleted (e.g. at night) when there's a powerloss.

Since no Mac device has two power support adding a second UPS means chaining which will only increase the risk of something going wrong in the chain.

Nobody expects 100% data integrity on power of. What is expected is that data that what was fsynced has 100% data integrity once that system call returns. This information is also used when moving files across the network, the file gets deleted on the sender when the receiver said fsync is completed. This means you could loose entire files of data when moving things over the network onto a Mac