The automatic garbage collection of Tahoe gave me the biggest headache.
It gives the customers a choice of wasting space (for money) or risk
losing data when they don't have their repair and renew lease process in
order. It's inherent in the protocol where the clients link the blocks
together and the storage nodes decide when to delete.
To me, that makes the service rather brittle for long term
fire-and-forget backup (which was my main goal). I've toyed with ideas
of creating a verifier service where client nodes store a list of CAPs
that need be kept. The verifier would regularly check the health and
repair if necessary and keep a log of that for later inspection.
It would allow me to control the match the repair frequency and garbage
collection to prevent accidental data loss, making my service more
robust than the competition ;-) It also spares a lot of traffic on 3G
capped connections.
The customer should be able to trust the protocol that when s/he
switches off the client but keeps paying the service that all files are
there, unconditionally.
