1. Customer places an order.
2. SYN: Can I charge $30?
3. SYN/ACK: Yes.
4. ACK + SYN: Do it.
5. SYN/ACK: I am gonna do it.
6. ACK: I see that you're gonna do it.
"If that was their model, then at no point does a communication failure cause a charge to be in an ambiguous state. If I never get the message in #5, the customer is not charged. If I get the message in #5 and my response in #6 is not received, the customer is not charged."
Er.....that doesn't appear to solve anything, instead it just pushes the error state down a level; there's still an ambiguous state where #6 is sent and not received.
The client thinks the charge is going to take place, and so thinks the client will be charged, but the bank never gets #6 and so never makes the charge, aka distributed atomic operations are hard.
He doesn't say that the change makes things perfect - he says "There's only one possible failure mode and not two, and that failure mode is the safer one"
"Because acknowledgement of message receipt can be lost as easily as the original message, a potentially infinite series of messages are required to come to consensus."
What you want isn't really a handshake, it's a commit, and no finite amount of messages will ensure agreement over a lossy network.
[+] [-] Danack|10 years ago|reply
Er.....that doesn't appear to solve anything, instead it just pushes the error state down a level; there's still an ambiguous state where #6 is sent and not received.
The client thinks the charge is going to take place, and so thinks the client will be charged, but the bank never gets #6 and so never makes the charge, aka distributed atomic operations are hard.
[+] [-] AndrewDucker|10 years ago|reply
[+] [-] tveita|10 years ago|reply
"Because acknowledgement of message receipt can be lost as easily as the original message, a potentially infinite series of messages are required to come to consensus."
What you want isn't really a handshake, it's a commit, and no finite amount of messages will ensure agreement over a lossy network.