our worries would also be helped if he didn't also host the database with his company.
Actually, I will suggest that this would be worse, and since this is an issue discussion, I will explain why in a little more depth than usual. I hope you will read me...
First, let's talk about Historians. They divide sources in 3 levels: Primary, Secondary and Tertiary.
A Primary source is invaluable. It's a document from a participant or clear witness of an event.
A Secondary source is good. It's a document from someone with access to a primary source, like a journalist speaking to a witness and writing about it.
A Tertiary source (anything more remote) is worthless.
Let's talk about the Database.
The Database is, for a lot of the data in it, a Primary source. Any Clark where I was the SoS is a primary source. I would say any Clark run by a SoS other than me, but there weren't any of that yet. There will be in the future, once I retire from the Chancery (not before I will have had surpassed JJ as the most number of Clarks run by a SoS, hehe), my replacement will also run the Database as a primary source, provided I (or someone as careful as I have been) run the database.
Here is why:
The second anyone modifies anything in the database from the past without careful historical review will CORRUPT it.
Let's take a simple example: Let's say I had decided, prior to returning to the Kingdom, to alter the content of the database to perhaps add a few bills, change a few votes, adjust a few things, so that my standing is better.
If that has been the case, no one could have contradicted it unless they found secondary sources like PDF files of past Clarks (which I didn't use to do).
You see, the WHOLE Database rests on a simple premise: That I, the keeper of the Database, as diligently made sure it was 100% historically accurate. No alterations, no changes, nothing to corrupt it's message.
This doesn't mean there weren't changes! When the Cosa Number Scandal was discovered, a lot of changes were made, but they were made so that the Database would be more accurate, not less.
Ok, that's enough of an introduction...
The server were the Database is hosted.
My company (which BTW I am not the sole owner nor the sole employee, but that's another story), operates several servers. I'd say a lot, but I am not sure where the limit between several and lot. In short, we recently activated server #23, so 1 short of 2 dozen.
Many of those servers are dedicated to a single client (like #23, #22, and quite a few more), or semi-dedicated between 2 clients (like #13, #18, #6, and 3 more).
The rest of the servers (we don't say how many exactly) are either open shared (there 3 of them right now, #16, #14, #20), which are servers which still accept new customers, or closed shared (most of the other numbers, including #1 to 8, excluding #6 which is semi-dedicated), as well as (#10,11 and 12), which are shared server which are considered "full" and we don't add new customers to them.
But one of them is special. #15. It's our super-server. 32GB of ram, special HDD, faster CPU, and while it is technically a closed shared, it's not the full story...
You see, one of the customers on #15 should normally have a semi-dedicated server, but they don't want to pay for one. They do pay for perhaps 50% of our development revenues, so when we activated them on #15, it was FAR from being closed, but we closed it anyway. We also changed the root password so that only me and the datacenter (it's their rule in case of an emergency) have access to it.
Eric, my employee who manages the security of our servers, doesn't login to #15. He tells me what to do. The reason is that our primary development client is on it with business critical data.
There are still normal clients on #15, but they are never replaced and year after year, attrition reduces them...
This is where I put however my personal projects, like Talossa.ca, and my development sites, because it is a fast machine only I have access to it. Not even my employees know what's on it.
Now, they have a "reseller" access to maintain our shares hosting clients on it, like increase their bandwidth, but not root access and no access to Talossa.ca.
This means that the site is safe from modification other than thru the Database tools I built, or the phpmyadmin tool I use when my tools are insufficient.
This protects 99% of the site from unauthorized modifications. The 1% remaining is ME. Personally, should I decide to make a change.
There are good news however: I now publish the Clark in PDF form, so that the integrity can be checked, and there is a Database export script to further check the integrity.
As long as I host it, for free might I add, the database is protected from undue change.
I also keep daily, weekly, monthly backups, as well as offsite cloud based-backup, that my employees have access to in case of problems.
Moving the database elsewhere breaks that integrity by adding more agents: if you, for example, setup the hosting account instead of ONE person with root access to the DB we would end up with TWO, you, and I.
But you do have a point!!!Let's not divert however, that you DO have a point. The point is that if tomorrow, I am hit by a bus (please note that Eric is in Gaspesie, far from Montréal as such, even a Nuclear Blast in Montreal would keep him alive), and my employees decide not to give a DAMN about Talossa, then the data is partially lost (There is still a db export, which I will make even better shortly after the election).
But the solution isn't to host the DB elsewhere, it's to host a DB BACKUP elsewhere!
The Kingdom could very well setup a hosting account independent of me, and then, give me remote SCP access to it.
I could then write a script which would daily sync the various DB scripts and the full Database (not the short export you can do, the full one, with secret votes for example), so that should I disappear, you will be able to keep it running.
That's my plan for in the next few months.
Everyday, you will have automatically a fresh new backup EVEN if I died a few days earlier!!! That's the big point! If I die, you guys might not know for a few days, but the database will keep running, and the backups will keep occuring.
And since my servers are paid by a company credit card with a 15,000$ limit which is paid in full every month, and that I have a 2 months credit with datacenter, in theory, the servers should keep going long enough for your guys to realize that I don't answer my phone anymore.
You will then be able to pickup the database where it was, without a hitch.
But until a die (or disappear), my primary copy will be sage from alteration, safe from political intervention, safe from corruption.
If I do go away however, your secondary copy will be able to become a primary copy in the hands of my replacement, and you will, I hope, setup a new backup server to protect from his disappearance.
In short:
- Change the hosting: NO WAY
- Create a secondary hosting in case my hosting goes away: ABSOLUTELY, that was the plan all along!