Towards Robust Distributed Systems

In this keynote at the 2000 ACM Symposium on Principles of Distributed Computing, Brewer conjectured that a distributed system cannot simultaneously guarantee consistency, availability, and partition tolerance — you must choose at most two of the three. The conjecture, later proved formally by Gilbert and Lynch in 2002, became known as the CAP theorem and reshaped how engineers reason about distributed architectures. Before CAP, many system designers implicitly assumed they could have all three properties; after it, the tradeoff became an explicit design decision. The theorem explains why Amazon's Dynamo chose availability over consistency, why Google's Spanner invested massively in synchronized clocks to push the boundary, and why every NoSQL database positions itself somewhere on the CAP triangle. It is one of those rare results that changed not just theory but the daily vocabulary of practitioners.