In response to Chris Browne <cbbro...@acm.org>: > > It seems to me that using serially assigned values, along with manually > assigned server IDs, to construct a would-be-unique value, is likely to > introduce quite a lot *more risk* of system failure than would the use > of UUIDs.
First off, server IDs are not randomly assigned. They are assigned automatically when the software is activated and tracked by the master server. Second, there is a very simple mechanism to prevent attempted "device cloning" from causing a problem. (it's not a particularly difficult problem to solve, actually) Third, and very important, is the following conversation we had during planning: "Can we get good quality random data on mobile devices?" "We'll have to research it, we don't know yet." "Wait, before we do the research -- if we find that some mobile devices have good quality random data and others don't -- can we tell the client which devices they're allowed to use?" "No, the client will dictate which devices it must work on." So basically, we realized that even if our concerns about UUID collisions we're unreasonably paranoid, we still couldn't guarantee that the devices would be up to the task of generating UUIDs with sufficient randomness. As I tried to point out earlier in the thread, the collision issue was one of MANY things we considered in this design. It is, however, the ONLY one that's directly relevant to the original conversation. Now that my description of our design seems to be coming under fire, I feel the need to at least point out that we thought it through more than that. I suppose that's mostly my own fault for trying to bring in an example that it's impractical to discuss in full detail. As other people have pointed out, there are concerns about malicious impersonation, device failure, data corruption ... each of these may be more or less likely or dangerous than UUID collision, but not all of them are _intended_ to be solved by not using UUIDs, so claiming that abandoning UUIDs does not fix these problems is completely correct, and also a straw man. > So someone that rules out UUIDs based on some fallacious imagined > "infinite chance of collisions" is jumping away from a small risk, and > accepting one much more likely to take lives. The possibility of collisions is not fallacious, however, the use of "infinite" (I don't remember who wrote that) is obviously not correct. -- Bill Moran http://www.potentialtech.com http://people.collaborativefusion.com/~wmoran/ -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general