My concerns with Cassandra are precisely here: this is easy to misuse it.
There are a lot of constraints on the schema (more specifically on the design of partition & clustering keys).
Each choice leads to many restrictions on what can be requested/updated/removed;
and to different issues with tombstones and GC.
The Discord's story is exactly what I experimented: a series of surprises, and even really bad surprises in production.
In both cases, the story ended with an efficient system, but with by far more engineering work and rework than initially planned.
Cassandra does require you to know more of it's internals than most other data stores. Unfortunately, the move to CQL and very SQL-like names for things that are nothing at ALL like their SQL counterparts is not helping.
Also, our own personal death by tombstone: A developer who didn't even know those existed checked in some logic that would write null into a column every time a thing succeeded.
After that passed QA and went into production, all hell broke loose with queries timing out everywhere. SUCH FUN.
You get this massively scalable (to thousands of nodes and tens of millions of operations per second) database for free, and all you have to do is have your developers read about it before they use it. Is that expecting too much?
Let me ask this, then:
It's an OSS project. Let's pretend I'm a committer or on the PMC, and I'd like to fix this in a way that works for you. We need a null write to act as a delete. We need tombstones to make sure things that are meant to be deleted stay deleted. We have to have all the tombstones we scan in heap on reads to reconcile what's deleted and what's not deleted within a partition on any given slice query.
What would you want to see changed to avoid the tombstone problem? There are dozens of blogs around that say "dont write null values if you dont want a tombstone to be created" (like this article, or ), but beyond that, do you expect to see errors in logs?
We've made unbound values in prepared statements no longer equivalent to null/delete .
What else would you expect an OSS project to do to protect you from abusing it? Serious question.
Basically - do the research first.