I got some junk mail from Amazon the other day, in which they mentioned, in passing, that “Amazon S3 standard storage is designed to provide 99.999999999% durability”. My immediate, and somewhat contradictory, reactions were:
- No way!
- What does that even mean?
Below, I expand on those reactions.
What Does It Mean?
A raw “99.999999999%” doesn’t mean much. Amazon’s S3 page clarifies the matter somewhat, saying that S3 is “[d]esigned to provide 99.999999999% durability and 99.99% availability of objects over a given year”. Presumably, this means that there’s only a 0.00000000001 (1e-11) probability of any one of your objects going *poof* over the course of a single year. Put another way, if you store 100 billion objects in S3 for one year, you can expect to lose one of them.
Actually, if you think about it in this way, the 99.999999999% figure is a little low — or, more precisely, not as close to 100% as you’d like. Reportedly S3 is now storing 100 billion objects, so about one would get lost every year. (More generally, I calculate that there’s only a 37% chance of nothing being lost in a year.)
No Way!
My basic problem with the 99.999999999% figure is that 1e-11 is a very small number — by way of comparison, 1e11 seconds is about 3,167 years. It seems that there must be many disasters (nuclear war, biological plague, alien invasion) with better odds of occurring in the next year than 1e-11 — and many of those things would cause the loss of your S3 data.
Asteroids
Let’s just take one example: world-killer asteroids. No one knows, for certain, just how likely a civilization-ending asteroid impact is, but at least this is something that people have thought about.
According to Wikipedia’s entry for the Torino scale, an asteroid impact “capable of causing global climatic catastrophe that may threaten the future of civilization as we know it” occurs “on average once per 100,000 years, or less often”. (Like I said, no one knows, for sure.)
Very, very crudely, however, we can put the chances of a giant space rock killing your S3 data over the course of the next year at 1 in 200,000. To calculate this, I’m taking the “once per 100,000 years” figure, doubling it to “once per 200,000 years” to be conservative, and noting that the next year covers 1/200,000th of the period of time during which we can be reasonably certain of seeing at least one large collision. I assume that there’s little reason to believe that we’ve spotted all the potential data-loss causing giant space rocks near Earth, and that therefore a collision is no more likely to occur in the distant than the near future.
A 1/200,000 event is 500,000 times more likely than a 1e-11 event. In other words, Amazon’s claim is, in metaphysical terms, bunk. On the other hand, if a giant space rock wipes out civilization, you probably won’t care if Amazon’s lost your backed-up vacation snaps.
Summary
99.999999999% is both not quite good enough, and way too good to be true. That’s probability for you.
