It's always DNS.

Apart from when it's BGP. But it's normally DNS.

unless it's dave from accounts clicking the random link

Modern computer systems are so fragile that a single line of code can bring down the house of cards.

It's a sad indictment of the state of our computer systems (and industry) that the whole lot can go mammaries skywards so easily.

It's long past time that companies started to get more active on making more resiliant software.

In fairness, that's always been the case. A wayward line of code in an OS kernel could certainly bring your system to a screeching halt, no matter how resilient the rest of it is. The main things which have changed are that so many distributed systems are dependent on external resources and that, in the case of AWS users, those systems are apparently dependent on a single point of failure. Resolving these problems is a trivial task and thus left as an exercise for the reader.

One could argue that it's actually a sign of the complexity of those systems.

After all, something simple like rupturing a fuel line in a car can cause all sorts of problems. Is this any different?

I'm not excusing poor design and deployment, and heaven knows we see far too much of that especially now we have "professional managers" running the patch, but engineering of all kinds is all about finding the balance between cost and the acceptable likelihood of failure. Let's hope that the relevant parties here will reassess that based on today's incident.

From the Wikipedia article on DNS: This mechanism provides distributed and fault-tolerant service and was designed to avoid a single large central database. (my emphasis)

Somebody forgot the "distributed" part and that fault tolerance depends on it.

It sounds like the DNS service was robust. It was robustly pointing things at the wrong place...

It's penny pinching.

Somewhere I can guarantee there is a component that is a single point of failure that wasn't protected as it would have cost too much.

By definition, if you have redundancy, you have inefficiency. By all means choose efficiency over resilience, but for the love of god, own it when things go wrong.

There is also lack of care. Due to vendor lock in, what those businesses, government departments are going to do?

Still tickled by an old posting...

[1]Abend's Observation: "Many cloud systems are actually just distributed single points of failure"

And here the distributed single point of failure that all were referencing was AWS?

[1] https://forums.theregister.com/forum/all/2024/01/27/teams_outage_again/#c_4800389

wasn't protected as it would have cost too much

Nope, not a company like Amazon. It is because:

1) no one realized it was and always has been a single point

2) originally it was protected, but other changes caused it to become a single point without anyone realizing

3) they know it is a single point and there is a huge project underway to address that but it isn't complete yet

4) they know it is a single point but they can't address that without basically throwing out their entire design and starting over from scratch

and even government services such as tax agency HMRC were impacted.

Surely HMRC shouldn't have anything stored in US-EAST-1 no? and if they had I am sure government will promptly launch an investigation?

(setting aside the whole omnishambles of using AWS at all - due to Cloud Act, tax payer data are not safe)

They may well have no /data/ stored there - it should all be in the UK region (eu-west-2). But as the article explains, it turns out that the entire global AWS cloud still has critical dependencies on its 'mothership' region, the original hub in N Virginia.

As far as I know, the UK isn’t a dependency of the US.

This isn’t just an inconvenience - it’s a sovereignty issue. It’s absurd that critical UK government systems can go down because something broke in Virginia. Whether or not data is physically stored there is irrelevant: AWS is bound by the US Cloud Act, and no amount of “UK region” branding changes that.

To clarify - governments are not exempt from US Cloud Act, so placing data in eu-west-2 is just coping mechanism. It has nothing to do with ensuring safety of data about us. This whole procurement should have been audited.

government should not be using any US hyperscaler. its laziness from crown commercial & matybe m envelopes.

UK government infrastructure & data should be on UK owned infrastructure

> it’s a sovereignty issue

We've exercised our sovereignty and chosen to store our data using a US provider.

Maybe ask your MP why they're not using https://crownhostingdc.co.uk/

>> the entire global AWS cloud still has critical dependencies on its 'mothership' region

> As far as I know, the UK isn’t a dependency of the US

Grabbing the wrong end of the stick there

Terms and conditions. Vol. 4, p.632, Item 23:

If AWS staff are trying their best, no compensation is payable.

The way we used to do tech, on prem, was much more reliable. Even if someone nuked the East coast of America, your server room would keep whirring, and your stuff would just work.

All the stuff GAFA flog us to ensure themselves a healthy income: SaaS, Cloud storage and AI, make our tech inherently less resilient and force us to pay regular fees to GAFA to exist.

You'd like to think people would change after this. I'm sure 'lessons will be learned' but nobody will actually do anything differently. They will choose the lazy option and just keep paying the subs.

If you want to depend on a third party for your music, pay for streaming. If not, buy CDs. Ditto for enterprise level tech. DIY or rely. Personally, I still buy CDs.

The way we used to do tech,

Ever been to an AWS sales meeting with a client?

The old-school on-prem engineers just don’t have the same woo and bullshitting skills.

We had Windows Virtual Desktops going "poof" after 20 mins.

Was it our Cisco VPN using AWS for logging?

Was it VMWare phoning home and having no cloud db?

Was it some other logging timing out?

What are we going to do? Run TCPdump on our pipe, log all the IPs and work out of they are in AWS ? (well, we will now).

If our intranet was down all morning we'd be in the boardroom explaining.

Happily we can now just say "AWS was down" and everybody shrugs.

Happily we can now just say "AWS was down" and everybody shrugs.

I used to say: Happily we can now just say "It's a MS product" and everybody shrugs.

Amazon's US-EAST-1 region outage caused widespread chaos, taking websites and services offline even in Europe and raising some difficult questions.

Yes, you're not wrong. So much for how seriously big business takes GDPR.

GDPR was created for big business to legitimise personal data trade under guise of protecting privacy (classic gaslighting).

Most users don't read what they consent to (courtesy of Cookie Law that trained them to click agree to anything).

GDPR != Cookie law.

You missed my point. The Cookie Law wasn’t about privacy - it was behavioural conditioning. It trained people to click “Agree” without reading anything.

GDPR was the next step: once users were preconditioned, it gave corporations a legal framework to collect and trade data with subject consent. Before GDPR, that kind of large-scale data trading was legally murky.

Well it trained me to click disagree without reading anything.

Multiple levels of 'Someone else’s computer/system/service' relying on each other !!!

Each level is configured to be 'Good enough' as being 'better than good enough' costs more and needs more 'expensive' labour.

Everyone ignores the obvious risks because it 'probably won't happen' ... when it does it is 'someone else’s fault' !!!

Rinse, repeat and 'make bank' as the Americans say, supposedly !!!

P.S.

Don't ever learn any lessons ... because they cost money too.

Also the original C-level architect(s) of these disasters, who needs to learn, are usually long gone setting in place the next disaster to come ('AI' perhaps !!!???)

:)

Yes, it was DNS. But that could mean anything. Did a server fail - in which case their redundancy is hopeless - or did someone just put the wrong data in - in which case they need to improve their procedures - or what?

... in its original implementation because nobody bothered to replicate it across other regions - maybe because having authentication management close to Langley is a bonus? Ot it's jyst the proverbial sysadmin laziness? "It works [most of the time], don't touch it...."

Cloud computing only increases your security attack surface. This of a wall of brains ... it only takes a cloud vendor's Igor the mess things up. You are still exposed to your error and have added the vendors (even thou they are generally very good. Another risk, though not in play today, is vendor lock in, don't use proprietary tools unless you have to and if you must ... do not use the cloud vendors or you have made them a monopoly.

Centralization is another issue because AWS is so large that the likelihood that sites that you depend on use AWS is high. So if AWS gets sick, it affects a lot of sites and services at once. Detecting the true cause may be hard to deduce.

AWS's control plane being centralization in US-EAST-1 creates a dependency. When US-EAST-1 experiences issues it can cause global impacts because orchestration and control APIs become unavailable or degraded.

AWS is now critical infrastructure for humanity. Too big to fail. And, oops, it failed. It only takes one small corner of AWS to create this much chaos, worldwide? We kid ourselves that we have conquered the resilience problem...

Or even an old geezer, I wrote code that relied on remote databases and in said environment you would have alternate service "pipes" available.

So when a client process couldn't get a response to a request in a timely manner, it would try again and if that failed would try one of the alternate service "pipes".

For mission critical stuff, you had an active-active topology which meant that some alternate service "pipes" would route to the primary database and some to the secondary database.

And we are talking active-active systems with very large databases and 10,000's of active users.

Under pining this was also comms connections that were physically seperate (i.e. the digger driver can only take out one link) and also used different comms vendors with radically different routing (in the physical sense).

Of course, the above is an extreme (but necessary) topology for that app that is the life (and $$$$) blood of your company.

My reading of this AWS issue is some relatively noddy (in terms of scale) but global dynamodb database couldn't be reached and if said database is so important then why aren't their multiple, synced copies in multiple regions/countries with multiple pathways to these copies and the software that access it being able to detect a failed request and "self heal" by trying other pathways.

Kids today and all that but I sit here shaking my head that shit I and countless others did years ago with critical apps/databases has been lost to the current generation.

Bluck

Your one stop shop for decentralisation.