<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Gitlab on Azarudeen.com</title><link>http://azarudeen.com/tags/gitlab/</link><description>Recent content in Gitlab on Azarudeen.com</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Sat, 01 Oct 2016 10:00:00 +0530</lastBuildDate><atom:link href="http://azarudeen.com/tags/gitlab/index.xml" rel="self" type="application/rss+xml"/><item><title>Typos That Broke the Internet: S3, GitLab, and Radical Transparency</title><link>http://azarudeen.com/posts/04-oct-2016-to-dec-2017-typos-that-broke-the-internet/</link><pubDate>Sat, 01 Oct 2016 10:00:00 +0530</pubDate><guid>http://azarudeen.com/posts/04-oct-2016-to-dec-2017-typos-that-broke-the-internet/</guid><description>&lt;h1 id="typos-that-broke-the-internet-oct-2016--dec-2017"&gt;Typos That Broke the Internet (Oct 2016 – Dec 2017)&lt;/h1&gt;
&lt;p&gt;If one window proved that public, honest postmortems build more trust than they
cost, it&amp;rsquo;s this one. A livestreamed database recovery and a typo that took down
half the web produced two of the most-read incident reports in history.&lt;/p&gt;
&lt;h2 id="the-incidents-that-defined-the-period"&gt;The incidents that defined the period&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Dyn DNS DDoS, October 21, 2016&lt;/strong&gt; — The Mirai botnet, built from IoT devices,
took down a major managed-DNS provider and with it Twitter, Netflix, Reddit,
and GitHub for much of a day. The industry&amp;rsquo;s introduction to &lt;em&gt;dependency
concentration&lt;/em&gt;: dozens of &amp;ldquo;independent&amp;rdquo; sites shared one DNS provider.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;GitLab database incident, January 31, 2017&lt;/strong&gt; — An exhausted engineer, fighting
replication lag, ran &lt;code&gt;rm -rf&lt;/code&gt; on the &lt;strong&gt;primary&amp;rsquo;s&lt;/strong&gt; data directory. Five backup
mechanisms failed or were misconfigured. GitLab &lt;strong&gt;livestreamed the recovery on
YouTube&lt;/strong&gt; and published a minute-by-minute postmortem
(&lt;a href="https://about.gitlab.com/blog/2017/02/10/postmortem-of-database-outage-of-january-31/"&gt;about.gitlab.com&lt;/a&gt;).
~6 hours of data was lost — and GitLab&amp;rsquo;s reputation arguably &lt;em&gt;improved&lt;/em&gt;.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;AWS S3 us-east-1, February 28, 2017&lt;/strong&gt; — An operator debugging the billing
system mistyped a playbook parameter and removed far more capacity than
intended; the index subsystem required a full restart it hadn&amp;rsquo;t had in years
(&lt;a href="https://aws.amazon.com/message/41926/"&gt;aws.amazon.com/message/41926&lt;/a&gt;).
Thousands of sites broke — including, memorably, AWS&amp;rsquo;s own status page, whose
health icons were hosted on S3.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Cloudbleed, February 2017&lt;/strong&gt; — A parser bug leaked memory across Cloudflare
customers into cached pages. Cloudflare&amp;rsquo;s forensic-grade disclosure set a new
bar for security postmortems.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;British Airways, May 2017&lt;/strong&gt; — A datacenter power event (a contractor and a
UPS) grounded flights globally; the vague public explanation became the
counterexample to GitLab-style transparency.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Equifax breach, 2017&lt;/strong&gt; — An unpatched Struts vulnerability; the postmortem
lesson was less about the bug than about asset inventory and patch governance.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2 id="what-the-postmortems-reveal"&gt;What the postmortems reveal&lt;/h2&gt;
&lt;p&gt;&lt;strong&gt;1. Transparency won, decisively.&lt;/strong&gt; GitLab and AWS gave specifics (the command,
the parameter, the safety checks now added); BA gave vagueness. The market
noticed which companies it trusted more afterward. &amp;ldquo;Publish the real postmortem&amp;rdquo;
became a competitive strategy, not a legal risk.&lt;/p&gt;</description></item></channel></rss>