Don’t be too confident
•Crashes can occur during rollback or restart!
–Algorithms must be idempotent
•Must be sure that log is stored separately from data (on different disk array; often replicated off-site!)
–In case disk crash corrupts data, log allows fixing this
–Also, since log is append-only, don’t want have random access to data moving disk heads away
•