I'm finally starting to think about building some fault tolerance into the
Magma server.  My understanding of the traditional approach is to perform
"transaction logging" to a log file that can, in the event of a power failure
in mid-commit, be used as input to a "recovery utility" to allow proper
restoration of that transaction and overwrite any potential corruption in the
main db file.

But why slow down every commit with a write to a log file if that *only* buys
me a guarantee against corruption of the main db file in the event of a
power-failure?  Instead, what if I "log" the commit records directly to another
Magma database (on a secondary computer), thus keeping an idential mirror of
the main database.  In the event of a failure of the primary computer, clients
could just reconnect to the the mirrored database on the secondary computer.

So I get redundancy and "backup" for essentially the same cost.

I'm scratching my head about other questions too, such as what should happen if
the secondary computer fails and there's no place to log anymore?

Looking for ideas, thanks..