Martin Kleppmann's Blog - Latest Comments

Re: Accounting for Computer Scientists — Martin Kleppmann‘s blog

steve gordon — Thu, 18 Dec 2025 14:23:02 -0000

Really interesting and makes a solid point about how accounting concepts map to systems thinking. A lot of the same ideas — consistency, reconciliation, tracking state over time, also show up in modern data and finance tools. Seeing how they apply across disciplines helps set expectations for where AI and automation can help and where human judgment still matters. Tools like Runeleven are a good example of using automation for the repetitive parts while keeping humans in control of interpretation and decisions.

Re: Should you put several event types in the same Kafka topic?

Anshuman Singh — Sat, 13 Dec 2025 23:12:05 -0000

brilliant writeup. thanks

Re: Why the mobile web is so slow

Anshuman Singh — Sat, 13 Dec 2025 23:11:20 -0000

Haha, we have too far

Re: How to do distributed locking — Martin Kleppmann’s blog

vicaya — Thu, 14 Aug 2025 15:09:56 -0000

Lock/lease expiration in this particular case is a red-herring non-problem that does not cause data correctness issues. To implement transactions with strict linearizability with a WAL (append only write ahead log), you just need to make sure all writes are linearized without conflict, so the fencing token at a WAL subsystem would suffice.

Re: How to do distributed locking — Martin Kleppmann’s blog

vicaya — Thu, 14 Aug 2025 15:01:12 -0000

This is a low level algorithm to actually implement transactions properly by databases/filesystems. Application developers should not be using distributed lock/lease directly.

Re: Java's hashCode is not safe for distributed systems

Vaibhav Pandey — Mon, 04 Aug 2025 21:41:20 -0000

Can you elaborate? How does making hashing inconsistent among processes prevent DDoS on a single request? It is the same process

Re: Accounting for Computer Scientists — Martin Kleppmann‘s blog

borderlinesurprised — Sat, 02 Aug 2025 09:05:37 -0000

A clear introduction to the basic ideas. Simple things presented simply.

Re: Accounting for Computer Scientists — Martin Kleppmann‘s blog

borderlinesurprised — Sat, 02 Aug 2025 09:03:49 -0000

Expressing these ideas in the language of graphs is excellent for a mathematics student as well. Thanks. I am aware this is simplified, but having a basic idea of what is going on is also useful, and this post helped in that direction.

Re: How to do distributed locking — Martin Kleppmann’s blog

Mariusz — Sun, 08 Jun 2025 11:44:34 -0000

So basically you're proposing to use optimistic locking with a token instead of pessimistic locking.

The obvious question is then: why use a lock at all? It seems you could just use a token generator service + a storage service check and have same guarantees.

Re: How to do distributed locking — Martin Kleppmann’s blog

Huu Viet — Wed, 14 May 2025 07:10:38 -0000

manual

Re: How to do distributed locking — Martin Kleppmann’s blog

Huu Viet — Wed, 14 May 2025 07:10:26 -0000

It is man page actually. https://man7.org/linux/man-pages/man2/gettimeofday.2.html

Re: How to do distributed locking — Martin Kleppmann’s blog

한성현 — Fri, 09 May 2025 09:16:51 -0000

There is a typo in 'The man page for gettimeofday explicitly says that the time '
man -> main

Re: How to do distributed locking — Martin Kleppmann’s blog

Gerardo Recinto — Thu, 01 May 2025 03:30:15 -0000

This is an interesting topic, incidentally, I just released an article about achieving distributed locking using Redis regular IO (read & set).

Please check it out here for details: https://www.linkedin.com/pulse/master-less-cluster-wide-resource-locking-gerardo-recinto-g4mec/?trackingId=%2FRvVnuf4TwirkXACC4TYCw%3D%3D

Enjoy! :)

Re: Please stop calling databases CP or AP — Martin Kleppmann’s blog

Sergey Yaskov — Sun, 15 Dec 2024 07:10:38 -0000

I'm really confused now.

The article above states: "Consistency in CAP actually means linearizability."
However, the paper you shared says: "Consistency, which we can think of as serializability for this discussion."

How can the paper reference the CAP theorem and claim that "Spanner is a CA system" (albeit "in effect") if Spanner-consistency is not the same as CAP-consistency?

It seems like this is exactly what the article warns against: "But if you’re using some other notion of consistency or availability, you can’t expect the CAP theorem to still apply."

Re: How to do distributed locking — Martin Kleppmann’s blog

Valentin Kovalenko — Thu, 12 Dec 2024 04:01:39 -0000

Note that another commenter brought the same exact point I did (search for "What I'm saying is, it sure looks like if it's possible to implement fenced updates in the storage at all, then you don't need a separate lock service anymore."), and even got a reply from Martin.

Re: How to do distributed locking — Martin Kleppmann’s blog

disqus_jHxIQ3HL9H — Thu, 12 Dec 2024 02:11:44 -0000

Sorry for the bump.

Main use-case I can envisage: "best-effort transaction" support, over subsets of linearizable stores (plural!) that have CAS but not transactions.

During client x's lease, x could issue (potentially multiple) writes to (potentially multiple) linearizable stores participating in the arrangement. x could even extend their lease for a long-running "pseudo-transaction", if the network plays nice.

Atomicity is the kicker, though: x might need to live with only its first i of n writes executing with serial isolation, before its lease expires (say it's unable to renew it due to packet delay) - unless the next client y is forced to begin with a compensating transaction...

Re: How to do distributed locking — Martin Kleppmann’s blog

Denis Gabaidulin — Sun, 10 Nov 2024 13:08:39 -0000

Hi, Martin!

Thanks for the article. The fencing token approach is very helpful in case of correctness, but the main problem (as for me) a storage should support tokens validation. For example, if I have S3, and I want to store a file only from leader, how vanilla S3 implementation could check the correctness of a token. There's no a conditional put in API. Seems we need some kind of proxy on top of S3 which would handle put requests with tokens?

Re: Accounting for Computer Scientists — Martin Kleppmann‘s blog

Timex Peachtree — Wed, 02 Oct 2024 11:03:52 -0000

Glad to help this has been so long but anyway would help https://www.syncfusion.com/succinctly-free-ebooks/accounting

Re: Accounting for Computer Scientists — Martin Kleppmann‘s blog

Timex Peachtree — Wed, 02 Oct 2024 10:44:22 -0000

I know the comment is so long from when you have posted.
This might help for developers. - Syncfusion - Accounting Succinctly

Re: How to do distributed locking — Martin Kleppmann’s blog

Neil Lugovoy — Sun, 15 Sep 2024 21:10:02 -0000

I want to answer the two questions I asked earlier now that I have a better understanding of distributed systems.

"I'm interested in enforcing that the client with the expired lease is not allowed to write to storage at all even if it writes before the client holding the lease.

1. Are there any algorithms to enforce this?"

If you need to enforce this for correctness then you should use your database to do it. What you want is to transactionally acquire a lock and write to the database and then release the lock. Databases already have this functionality built in! Putting the lock in another service makes everything harder because of the problems outlined in this blog post.

I would ask why do you have this requirement? Is it really about the client or about some other property you want to enforce. It is tempting to lock more than you need to enforce a constraint, but what is the minimum you need to lock? Can you structure your database transaction and table(s) such that the database enforces this in an efficient manner? The answer is almost always yes.

"2. Are there any libraries or storage solutions that implement such an algorithm?"

I would recommend you read about the locking strategy your database uses. The database already acquires locks by itself when you use it. It does a good job locking only what is needed

Postgres h ttps://www.postgresql.org/docs/7.1/locking-tables.html
MySQL https://dev.mysql.com/doc/refman/8.4/en/innodb-locking.html

Re: How to do distributed locking — Martin Kleppmann’s blog

Martin Kleppmann — Sun, 14 Apr 2024 16:01:15 -0000

That only works if the lock service and the storage system have perfectly synchronised clocks. However, clock sync typically runs over NTP, which is subject to the same network delays as all other packets, and that delay causes the clocks to be slightly out of sync with each other. Even if the clock drift is on the order of milliseconds, that's not close enough for this to be safe.

Re: How to do distributed locking — Martin Kleppmann’s blog

Sambit Bharimalla — Sun, 14 Apr 2024 02:53:57 -0000

What if the Lock Service also responds with lock start time and expiration time to client 1. Client 1 in turn send it to storage system. Storage system just validates expiry time in future or not. Assumping absense of clock synchronization issue.

Re: How to do distributed locking — Martin Kleppmann’s blog

Kobe W — Mon, 18 Mar 2024 19:33:01 -0000

actually, validating the access token before the storage accepts the request is still not 100% reliable. Consider the case where the lock happen to expire and then be acquired by another client just after the validation passes. due to timing issue, the storage can then take concurrent writes from two clients at the same time.

This is because "validate the token" and "take the write" are not atomic operations and doesn't happen instantaneously.

Re: How to do distributed locking — Martin Kleppmann’s blog

Kobe W — Mon, 18 Mar 2024 19:27:33 -0000

the storage service is already validating the token somehow with lock service, so on top of that, additionally checking the TTL of current lock shouldn't be too hard. The latency is already there.

Re: How to do distributed locking — Martin Kleppmann’s blog

Raviraj — Mon, 13 Nov 2023 02:49:11 -0000

Why the heck title is how-to-do-distributed-locking
When whole article is about how Redlock is not a good choice.