I don't think I had ever fully internalized how often I open this site throughout the day. Finish a task? HN. Got frustrated/stuck on a problem? HN break. Waiting for something to install/upload/compile/etc? HN.
Needless to say I opened a new tab, typed "n", and hit enter countless times today before my brain caught up with my muscle memory.
Yep. Same. It says a lot about the quality of HN, I think. Also, I can't remember the last time it was down. For a while, I thought there must be something wrong with my internet connection or DNS config or something.
Habitual usage doesn't necessarily correlate to quality, I'd say. People who use Facebook/Twitter also have this sort of muscle reflex developed over time.
That said, HN does have quality content and the signal/noise is way better than sites designed specifically to keep you addicted.
It might not correlate to quality, but if the information found at a website wasn't valued we wouldn't be constantly pulling the site up, just like facebook users do.
I'd argue that this site has a good signal/noise ratio by design and specifically to keep you addicted (where "addicted" means using and constantly returning to the site). This site is just designed to attract people who are put off by the kinds of tricks employed elsewhere
I feel the voting process on HN deserves a lot of credit for the quality of front-page content. I wish a knew more about it, other than karma>500 giving the ability to downvote.
Wow, it works, but it really seems like it shouldn't. I'd expected reserved domain names to not resolve at all let alone be pingable and point at a working webserver. Has it always had a website?
If they're running a mail server too I'm guilty of sending them a lot of spam. randomname@example.com is what I've always used for people unnecessarily requesting an email addresses
> For a while, I thought there must be something wrong with my internet connection or DNS config or something.
Definitely thought the same. Then I realized that I'm browsing trough work VPN and had a second thought: what if our admins decided to fight procrastination?
Easy to make sure you're not seeing some cached version by doing a search for random string from mashing your keyboard. These days literally any string of characters shorter than 10 will find some sort of result and there's very little chance you have it cached somehow.
Me too! I was, shamefully, in the middle of work so had a mini panic thinking my 5 min HN scroll was gonna become an hour long battle with my connection!
> Needless to say I opened a new tab, typed "n", and hit enter countless times today before my brain caught up with my muscle memory.
I do this too, and it's because this site is an addictive slot machine just like every other social networking site. I actually really hate this website, but I'm here almost every day, because I can't seem to break the habit. Neat. It's probably because I have a common impulse control / executive functioning disorder, and the way the front page works exploits some bug in my brain.
If it helps, I wouldn't say it's a disorder since it appears that basically everyone has a habit like this. It's probably a byproduct of some kind of adaptive advantage, but I don't have it in me to speculate exactly what at the moment. The only variable is what exactly you do automatically. Nowadays, everyone has their app or web page. Before smartphones and the internet being available everywhere, I remember my mentor talking about quitting cigarettes. This was shortly after the non-smoking section of the restaurant became the whole restaurant. She said that part of why it was so hard to quit was that even when she meant to cut back, she'd still find herself a third of the way through a cigarette before she realized that she'd lit one. I tear at the skin next to my fingernails in addition to opening HN (which was what I switched to when it became painfully obvious that Reddit was both bad for me and run by bad people). I moved my ebook app to the first screen on my phone and moved this app to a spot where I wasn't used to finding it. I figured it might get me to read more. What actually happened is that I started absent-mindedly swiping to the second screen and opening up the app.
It's a pretty universal issue. Companies are just getting better at using it to their advantage.
I really love HN but I too feel like it's an addiction/slot machine.
My solution: a 3-hour focus mode browser extension.
1. Install the BlockSite chrome extension [1].
2. In BlockSite settings, add HN, Twitter, and any other distracting sites to the Focus Mode list and set Focus Mode time to 3 hours.
3. Ensure you uninstall all social media apps from your phone
4. When I find myself opening a new tab and typing "n" to get a dopamine hit, I then turn on my 3-hour focus mode.
Others have mentioned browser add-ons / DNS providers who can limit/blacklist sites. Maybe try one of those? The thing that's worked best for me though is leaving my phone in another room for a while or taking a walk without it.
i got addiction problems and this is the only website that's healthy for me. there's no endless scroll if you just visit the "news" and don't go to the "newest" page. i like how it's intentional to go to the next page. i usually only click through like ~5 pages at most, and once i've visited ~10-20 times in a day, most all the content is stale. it's also been helpful for me to set the procrastination limits. so many times i'll visit and can't scroll and just move on.
with that said, the comments are the most addictive part of this site.
Why hate this site? Because it contains interesting/useful content often enough to make you come back? That'd be a weird reason to hate the site. I too have a common impulse control/executive functioning disorder, but I don't hate the things that it makes me vulnerable to. If I were feeling resentful, I'd have to put the blame on my condition.
I don't have to ask why you hate reddit, the valid reasons for hating reddit are myriad
I was in almost the exact same position all day. What made it worse though was the fact that this happened right in the middle of my attempts at curbing my browsing habits. Once my app timers for Reddit is Fun, Instagram, and Twitter were up, it was time for HN... except there was no HN. What that meant is that I was reaching for a stimulus and then not getting it, the same way that an alcoholic wouldn't feel satisfied by, say, a can of soda. It was weird to experience, but very enlightening. It both made me realize how subconsciously my addiction is reinforced and reaffirmed to me that it is, in fact, an addiction. I'm not going to stop using HN of course, but I'm definitely going to be more aware of how I use it (e.g. passively vs. intentionally) from now on.
As far as addictions go, I find HN actually one that delivers actual knowledge. Literally every day I read something I didn't know before. Unlike on Facebook that just tries to serve me with more of the stuff I have already seen.
I like wasting time on HN because it's time not actually wasted :)
And don't get me started on Twitter... Sure there are some gems on twitter but I have to wade through 1000s of tweets of pure nonsense to see them. No thanks. If it's something really great someone will post a link on HN anyway :)
I find it valuable in moderation but some days I spend way too much time on it; past the point of diminishing returns. There's also an opportunity cost of what I could be doing with a lot of the time, which often would leave me feeling better than mindless HN reading.
I reference back to it for a lot of info too, which I guess I should probably load more of into my own notes database. But still today there were a bunch of saved comments I wanted to re-read as reference multiple times, definitely noticeable to miss it. Or alternatively if I'd grabbed the URLs for everything I'm assuming the wayback machine probably archives this pretty well. Perils of depending on the HNcloud service :).
That used to happen to me with Slashdot too. I'm so happy that today I didn't even realize HN was down, I think I tried once, it didn't load and went do something else, I assumed it was some local DNS or internet issue.
I set the delay to 1 minute: Short enough that I can wait if I really need to read a thread, but long enough to nudge me back to my primary task if I’m just browsing.
My Firefox on Manjaro defaulted to CTRL-SHIFT-p to open an incognito window, took me a minute to unlearn CTRL-SHIFT-n, but I figured I can't have the only PC with that hotkey.
This happened last couple of times I switched laptops - my old habit to visit "guardian.co.uk" by typing "guar" and hitting enter no longer works because I've now accidentally searched too many times for "guar" :D
You can make the omnibox forget about URLs and search terms you've used a lot by selecting them with the down key then pressing Shift+Delete (https://superuser.com/a/189334).
Note that that doesn’t seem to work if you have a bookmark with that content (as it seems to find the bookmark, which is reasonable behavior but caught me out when I was trying to change the URL to an internal tool and didn’t realize why it wasn’t working to delete the auto-complete).
Wow, I've never realized just how often I do this. There's some sort of a reward pathway in my brain connecting my right index finger to seeing that orange bar and lines of text.
I once had a small fleet of SSDs fail because they had some uptime counters that overflowed after 4.5 years, and that somehow persistently wrecked some internal data structures. It turned them into little, unrecoverable bricks.
It was not awesome seeing a bunch of servers go dark in just about the order we had originally powered them on. Not a fun day at all.
These were made by SanDisk (SanDisk Optimus Lightning II) and the number of hours is between 39,984 and 40,032... I can't be precise because they are dead and I am going off of when the hardware configurations were entered in to our database (could have been before they were powered on) or when we handed them over to HN, and when the disks failed.
Unbelievable. Thank you for sharing your experience!
Edit: here's why I like this theory. I don't believe that the two disks had similar levels of wear, because the primary server would get more writes than the standby, and we switched between the two so rarely. The idea that they would have failed within hours of each other because of wear doesn't seem plausible.
But the two servers were set up at the same time, and it's possible that the two SSDs had been manufactured around the same time (same make and model). The idea that they hit the 40,000 hour mark within a few hours of each other seems entirely plausible.
Mike of M5 (mikiem in this thread) told us today that it "smelled like a timing issue" to him, and that is squarely in this territory.
This morning, I googled for issues with the firmware and the model of SSD, I got nothing. But now I am searching for "40000 hours SSD" and a million relevant results. Of course, why would I search for 40000 hours.
This kind of thing is why I love Hacker News. Someone runs into a strange technical situation, and someone else happens to share their own obscure, related anecdote, which just happens to precisely solve the mystery. Really cool to see it benefit HN itself this time.
Interesting how something that is so specifically and unexpectedly devastating, yet known for such a long time without any serious public awareness from companies involved, is referred to as a "bug".
It makes you lose data and need to purchase new hardware, where I come from, that's usually referred to as "planned" or "convenient" obsolescence.
Depends on who exactly we are talking about as having the intent...
Both planned and convenient obsolescence are beneficial to device manufacturers. Without proper accountability for that, it only becomes a normal practice.
I wonder if it might be closer to 40,032 hours. The official Dell wording [1] is "after approximately 40,000 hours of usage". 2^57 nanoseconds is 40031.996687737745 hours. Not sure what's special about 57, but a power of 2 limit for a counter makes sense. That time might include some manufacturer testing too.
It might not be nanoseconds, but something that's a power of 2 number of nanoseconds going into an appropriately small container seems likely. For example, a 62.5MHz counter going into 53 bits breaks at the same limit. Why 53 bits? That's where things start to get weird with IEEE doubles - adding 1 no longer fits into the mantissa and the number doesn't change. So maybe someone was doing a bit of fp math to figure out the time or schedule a next event? Anyway, very likely some kind of clock math that wrapped or saturated and broke a fundamental assumption.
53 is indeed a magic value for IEEE doubles, but why would anybody count an inherently integer value with floating-point? That's a serious rookie mistake.
Of course there's no law that says SSD firmware writers can't be rookies.
A lot of companies have teams dedicated to hardware that don’t give a shit about it. And their managers don’t give a shit.
Then the people under them who do give a shit, because they depend on those servers, aren’t allowed to register with HP etc for updates, or to apply firmware updates, because “separation of duties”.
It's concerning that a hosting company was unaware of the 40,000 hour situation with SSD it was deploying. Anyone in hosting would have been made aware of this, or at least should have kept a better grip on happenings in the market.
I had a similar issue, but it was a single RAID-5 array and wear of some other manufacture defect. They were the same brand, model, and batch. When the first failed and the array got in recovery mode I ordered 3 replacements and upped the backup frequency. It was good that I did that because the two remaining drives died shortly after.
The lesson I learned is that the three replacements went to different arrays and we never again let drives from the same batch be part of the same array.
There's a principle in aviation of staggering engine maintenance on multiple-engined airplanes to avoid maintenance-induced errors leading to complete power loss.
Yeah just coming here to say this. Multiple disk failures are pretty probable. I've had batches of both disks and SSDs with sequential serial numbers, subjected to the same workloads, all fail within the same ~24 hour periods.
Seems like it was only a few days ago that there was a comment from a former Dropbox engineer here pointing out that a lot of disk drives they bought when they stood up their own datacenter had been found to all have a common flaw involving tiny metal slivers.
I hadn't heard of it either until disks in our storage cluster at work started failing faster than the cluster could rebuild in an event our ops team named SATApocalypse. It was a perfect storm of cascading failures.
I also don't know about literature on this phenomenon, but i recall HP had two different SSD recalls because when the uptime counter rolled over, they would fail. That's not even load dependent, just did you get a batch and power them on all at the same time. Uptime is too high causing issues isn't that unusual for storage, unfortunately.
It's not always easy, but if you can, you want manufacturer diversity, batch diversity, maybe firmware version diversity[1], and power on time diversity. That adds a lot of variables if you need to track down issues though.
[1] you don't want to have versions with known issues that affect you, but it's helpful to have different versions to diagnose unknown issues.
That one looks not too bad, seems like you can fix it with a firmware update after it fails. A lot of disk failures due to firmware bugs end up with the disk not responding to the bus, so it becomes somewhere between impossible and impractical to update the firmware.
Not sure about literature but that was a known thing in the Ops circles I was in 10 years ago: never use the same brand for disk pairs, to minimize wear-and-tear related defects from arising at the same time.
This is why I try to mismatch manufacturers in RAID arrays. I'm told there is a small performance hit (things run towards the speed of the slowest, separately in terms of latency and throughput) but I doubt the difference is high and I like the reduction in potential failure-during-rebuild rates. Of course I have off-machine and off-site backups as well as RAID, but having to use them to restore a large array would be a greater inconvenience than just being able to restore the array (followed by checksum verifies over the whole lot for paranoia's sake).
Eek - now I'm glad I wait a few months before buying each disk for my NAS.
Not doing it for this reason but rather financial ones :) But as I have a totally mixed bunch of sizes I have no RAID and a disk loss would be horrible.
Have to be careful doing that too or you'll end up with subtly different revisions of the same model. This may or may not cause problems depending on the drives/controller/workload but can result in you chasing down weird performance gremlins or thinking you have a drive that's going bad.
That's why serious SAN vendors take care to provide you a mix of disks (e.g. on a brand new NetApp you can see that disks are of 2-3 different types, and with quite different serial numbers).
Or even if the power supplies were purchased around the same time. I had a batch of servers that as soon as they arrived started chewing through hard drives. It took about 10 failed drives before I realized it was a problem with the power supplies.
Anyone familiar with car repair will tell you that if one headlight burns out you should just go ahead and replace both, because of this exact phenomenon. I suppose with LEDs we may not have to worry about it anymore
Even if they're not the same, they're written at the same time and rate, meaning they have the same wear over time, subject to the same power/heat issues, etc.
Hopefully, regularly checking the disks' S.M.A.R.T status will help you stay on top of issues caused by those factors.
Also, you shouldn't wait for disks to fail to replace them. HN's disks were used for 4.5 years, which is greater than the typical disk lifetime, in my experience. They should have replaced them sooner, one by one, in anticipation of failure. This would also allow them to stagger their disk purchases to avoid similar manufacturing dates.
I've seen too many dead disks with a perfect SMART. When the numbers go down (or up) and triggers are fired then you are surely need to replace the disk[0], but SMART without warnings just means nothing.
[0] my desktop run for years entirely on the disks removed from the client PCs after a failure. Some of them had a pretty bad SMART, on a couple I needed to move the starting point of the partition a couple GBs further from the sector 0 (otherwise they would stall pretty soon), but overall they worked fine - but I never used them as a reliable storage and I knew I can lose them anytime.
Of course I don't use repurposed drives in the servers.
PS and when I tried to post it I received " We're having some trouble serving your request. Sorry! " Sheesh.
> Double disk failure is improbable but not impossible.
It's actually surprisingly common for failover hardware to fail shortly after the primary hardware. It's normally been exposed to similar conditions to what killed the primary and the strain of failing over pushes it over the edge.
For load balancing I would consider this very likely because both are equally loaded. But "failover" I would usually consider a scenario where a second server is purely in wait for the primary to fail, in which case it would be virtually unused. Like an active/passive scenario as someone mentioned below.
But perhaps I got my terminology mixed up. I'm not working with servers so much anymore.
If it's active/active failover then they get the same wear, if it's active/passive most of the components don't, but the storage might. Then again if it's active/passive, flaws can "hibernate" and get triggered exactly when failing over.
You know how they say to always test your backups? Always test your failover too.
If you have an active/passive HA setup and don't test it periodically (by taking the active server offline and switching them afterwards), my guess is that double disk failures will be more common than single disk failures for you.
Still, I see no reason for prioritizing that failure mode on a site like HN.
A long time ago we had a Dell server which was pre setup raid from Dell (don't ask, I didn't order it). Eventually one disk on this server died, what sucked was that the second disk in the raid array also failed only a few minutes later. We had to restore from backup which sucked but to our surprise when we opened the Dell server the two disks had sequential serial numbers. They came from the same batch at the same time. Not a good thing to do when you sell people pre configured raid systems at a mark up...
By second disk failure do they mean that the disks on both the primary and fallback servers failed? Or do they mean that two disks (of a RAID1 or similar setup) in the fallback server failed?
The latter is understandable, the former would be quite a surprise for such a popular site. That means that the machines have no disk redundancy and the server is going down immediately on disk failure. The fallback server would be the only backup.
So, 7h 45m of downtime. What we don't know is how many posts (or votes, etc.) happened after our last backup, and were therefore lost. The latest vote we have was at 2022-07-08 12:46:05 UTC, which is about the same as the last post.
There can't be many lost posts or votes, though, because I checked HN Search (https://hn.algolia.com/) just before we brought HN back up, and their most recent comment and story were behind ours. That means our last backup on the ill-fated server was taken after the last API update (HN Search relies on our API), and the API gets updated every 30 seconds.
I'm not saying that's a rock-solid argument, but it suggests that 30 seconds is an upper bound on how much data we lost.
Curiosity got the better of me. Why was there a 6 ID gap between the last post and first post? The answer seems to be that admins were making posts, which is neat. (There was also one lonely Flexport job ad.)
Is your backup system tied to your API? Algolia is a third party service, and streaming the latest HN data to Algolia seems pretty similar to streaming it to a backup system.
Btw, job ads get queued long in advance and then the software picks the next one when it's time for a job ad. After 8 hours of being down, the software thought it was time for a job ad.
> So that means dataloss.. Probably restored from backup.
If the server went down at XX:XX, and the backup they restored from is also from XX:XX, there isn't dataloss. If the server was down for 8 hours, the last data being 8 hours old isn't dataloss, it's correct.
They were in two mirrors, each mirror in a different server. Each server in different racks in the same row. The servers were on different power circuits from different panels.
HN will be around a hundred years. I think it's more than just a forum. We've seen lots of people coordinate during disasters, for example. Dan and his team do a good job running it. (I'm not a part of it.)
EDIT: My response was based on some edits that are now removed.
The reason it's an institution is because it hasn't been bought by some corp trying to squeeze value out of eyeballs, which is why it hasn't really changed much.
However, it takes money and time to keep it around in a not for profit way, so it will be an institution as long as it's funding is the same.
Yeah I really hope that if Ycombinator ever wants to pull out, that they don't sell it but let the community pull together to support it. I'd gladly donate to keep it running as it is.
It would be even better if they just keep doing it as they are though <3
Slashdot has been around since 1997 and people still rave about its moderation system today. However, while I have high hopes for HN, it could very well go the way of digg overnight
I doubt that though. Digg was hyped way too much and the inevitable decline that comes after a hype killed it. Some things are good enough to survive that phase but Digg wasn't. HN never had a hype phase, just slow but strong & steady growth. And not growing too much either.
It seems the perfect circumstances to really last. It doesn't have an invasive business model, or investors screaming for ROI either. That's the kind of thing that often leads to user-hostile changes that so often start the decline into oblivion.
Also, I would imagine it's pretty cheap to host, after all it's all very simple text, I don't think it hosts any pictures beside the little Ycombinator logo in the corner :)
Change of ownership is inevitable, as people don't live forever. When that happens, if the new owners aren't interested or motivated to keep funding HN, it could easily go the way of the dodo.
Hopefully archive.org is involved in archiving HN, though unfortunately archive.org's future itself is in jeopardy.
Thanks! I heard of this back in the day but I didn't know it reached the courts now. I feel this is a bit self-inflicted though. A valuable service like this is already under scrutiny for copyrights and playing chicken with big publishers with tons of money to spend on lawyers is a really bad idea. I'm also opposed to the way copyright works but I would separate that fight from the service.
I guess it got them some goodwill during Corona but it could cause more damage than it's worth.
I wouldn't have done it, it was not like it was a real value during the pandemic. Those who are really into books and don't care about copyright already know their way to more gray-area sites like LibGen.
This downtime made me realize (again) how much I appreciate the kind of interesting topics that show up here, the depth of discussion, and a general attitude of good faith that (most) engage with here.
I realized how little of this I find elsewhere in my life - whether through Reddit or even my IRL friend circles.
This realization saddens me - I feel like I shouldn’t have to rely on HN so much to scratch this particular itch.
> This realization saddens me - I feel like I shouldn’t have to rely on HN so much to scratch this particular itch.
> Perhaps I need to get out more.
Another way to look at it is that you have a particular set of interests and HN is the online outlet that serves those interests. There's nothing wrong with that, at all and you don't need to have multiple sources for it. No different than someone who likes to ride bikes owning one bike, or someone who likes to read going to the same local library every week for 10 years.
It is very different from your examples. Even if you only own one bike, there are innumerable others in existence and companies making new ones every day, if yours is destroyed or lost. Similarly, there are plenty of local libraries to choose from, even if your favorite one closes.
Whereas, if HN closes, there is no equivalent replacement available.
What I am saying is that you don't need to worry about any of that. Sure, if HN permanently shutters - you'll need to go find a replacement. But HN isn't going anywhere, as far as I am aware. You don't need redundancy for your online community/content consumption
The beautiful part of the internet is that it provides space for people to share incredibly niche interests. For all of its problems and complications, that beauty still exists.
I don't know about this "going out", but a few other useful websites like this one would be nice. It really does seem bad to not have a couple alternatives on hand.
I've been wanting to create something similar but for cryptocurrencies. A place with no scam/bullshit posts and only deeply technical discussions about the latest trends in zero-knowledge proofs, consensus protocols, scalability challenges, etc.
But I'm too lazy to write the application. I wish there was some SDK I could spin up, like PHPBB back in the days, to have something exactly like HN.
Not that I deserve or expect one from a free service, but because I enjoy reading postmortems from failures where both the primary and backup systems failed, I like to see what holes I might have in my own failover setup.
While the naysayers will say, "Why isn't this in the cloud?," I think the response times and uptime of hackernews is really impressive. If anyone has a write-up of the infrastructure that runs HN, I would be interested. Maybe startups really can be run off of a rasberry pi
Brief AWS outages were limited to us-east-1 where they appear to deploy canary builds and I think they quickly learned from those missteps. OTOH I receive almost weekly emails on my oracle cloud instance connectivity being down. I don’t even understand who their customers are that can tolerate frequent outage
Sure, but you're talking about all of AWS as if every customer is impacted when any part of AWS suffers a failure. But that's not the case, which makes it quite an apples/oranges comparison.
But even comparing the apples to the oranges, this HN status page someone else pointed out https://hn.hund.io/ seems to show that HN has had more than one outage in just the past month. All but today's and last night's being quite short, but still. Sometimes you need some extra complexity if you want to make it to zero downtime overall.
That's not something the HN website needs but I think AWS is doing fine even if that's your point of comparison.
I made the comment that some of our web portals could run off of a raspberry pi perfectly fine, and I wasn’t necessarily suggesting we go do that, but merely trying to get the point across that we don’t need 700 interweaved AWS systems to do what a single host with Apache + Postgres has been doing fine for years.
If I was (re)designing this, I would keep the existing bare metal server but I would also put in place double (or triple) cloud redundancy/failover. We all love HN so much that it should have zero downtime :-)
HN was down for hours, no website hosted properly using cloud providers is down for more than a few minutes a year. It's trivial to set up multiple providers, multiple regions. Rather than having a few servers with some admin guy swapping out disks, really embarrassing for a so called tech site.
> Even accounting for this outage, most other SAAS platforms still can't compete with HN's non-existent SLA.
8 hours of downtime in a given year is 99.9%, so only three nines. The major SaaS platforms all are basically at least as resilient as this, and most have more stringent SLAs.
The last post[1] before this one was posted at 12:45:10 UTC. This current post was made at 20:30:55 UTC, so that's a gap of 7 hours 45 minutes and 45 seconds.
Whenever I get frustrated by cloud complexity I wonder if its all worth it, as HN, stackoverflow, camelx3 etc are still on real servers. Maybe it is worth it after all.
I've wondered about this a lot recently as I've spent a lot of time recently fighting with Terraform, Atlantis, CircleCI, github and AWS. The first half of my career was deploying code to various UNIX machines. When there was a problem I could login to that machine and use various (common) tools to diagnose the issue. I may not have had root but I was at least able to gain insight into what was likely the culprit. The interface was immediate and allowed quick iteration to test out a solution.
It feels like we've lost a lot of that observability and immediacy with the cloud. It's not as easy to quickly understand the larger picture. You can understand the state of various services with the web console or command line tools but tracing a path through those services is much less obvious and efficient.
I'm kind of nervous to even discuss this as I wonder if it's just my age showing, especially since I see very people mention this as one of the downsides of various cloud solutions. Maybe I'm just jaded?
Oh my goodness yes. I had the "great" idea to use Azure Functions to do a task at work. It's **ing insane how difficult it is to specify an Azure Function all in code with reasonable CI/CD, AD permissions, logging, and dev/prod instances. I wrote about what it takes at https://www.bbkane.com/blog/azure-functions-with-terraform/ but the experience really soured me on cloud services.
Is this... a deliberate attempt at constructing a Rube Goldberg machine?
In all seriousness, at least 2/3rds of the complexity is because of your choice of tools and approach. Terraform alone makes things significantly more complex. If you just want to trigger a deployment, then a Template Spec made from a Bicep file could be banged out in like... an hour.[1]
When in Rome, do as the Romans do. You basically took a Microsoft product and tried to automate it with a bunch of Linux-native tools. Why would you think this would be smooth and efficient?
Have you ever tried automating Linux with VB Script? This is almost the same thing.
> Is this... a deliberate attempt at constructing a Rube Goldberg machine?
> I normally bill for cloud automation advice, but the gist is
Can you please omit supercilious swipes from your comments here? Everybody knows different things. If you know more than someone else about $thing, that's great—but please don't put them down for it. That's not in the spirit of kindness and curious conversation that we're hoping for here.
jiggawatts, this is an honest attempt. I'd LOVE it if there's an easier way I somehow missed.
And talk is cheap. I dare you to write a blog post or make a public GitHub repo doing the equivalent work (see Goals section) with your own tools. If you can, I'll be super impressed (not that my admiration is worth anything ).
One thing you'll run into is that AD roles and other authn aren't accessible via ARM templates/Bicep
> AD roles and other authn aren't accessible via ARM templates/Bicep
I normally bill for cloud automation advice, but the gist is:
You can automate RBAC/IAM via Bicep or ARM[1], but only for existing groups or system managed identities or user managed identities. This usually covers everything that is typically done for cloud automation.
Note that the initial setup might require "manual" steps to set up the groups and their memberships, but then the rest can be automated. In other words, there's a one-time "prerequisites" step followed by 'n' fully automated deployments.
You can also use templates to deploy groups dynamically[2] if you really need to, but this ought to be rare. The problem with this is that templates are designed to deploy resources, and AAD groups aren't resources.
More generally, your mistake IMHO was to try to automate the automation itself, while side-stepping the Azure-native automation tooling by choosing Terraform+Functions instead of Template Specs with delegated permissions via Azure RBAC. Most of your template is used to deploy the infrastructure to deploy a relatively simple template!
This reminds me of people writing VB Scripts to generate CMD files that generate VB Scripts to trigger more scripts in turn. I wish I was kidding, but a huge enterprise did this seven levels deep for a critical systems-management processes. It broke, and caused massive problems. Don't do this, just KISS and remember https://xkcd.com/1205/
Lol, same boat. Not sure if I'm the old wise guy who really knows his sh*t about what's important, or the old useless guy rambling and moaning in the corner.
Oh that is interesting, I guess they just spun up a beefy EC2 instance. I'm noticing slower performance, I used to get about <200ms for front page. Now it's 500ms-1s? Or is this placebo with my bias to thinking AWS is slow?
I used to spend a lot of time there in the 2000s, but when they changed the site's layout and it suddenly needed a bunch of JS I stopped going. Maybe I'll give it a shot again though... the outage made me think I need more options.
And all those poor project managers at the end of 2022 wondering what on earth they did right on the 8th of July that caused productivity to reach previously unthinkable heights.
Same, I ended up updating my pihole which was long overdue. Just finished, loaded up HN and it worked - "huh, wonder what the problem was with my pihole" I thought ... well it needed doing anyway.
Thank you HN admins for bringing the site back online with everything restored from backup. Thank you also for the 99.99% of the time that HN just runs and runs without issue.
What? I refreshed way more than 4 times before I believed it was offline.
At the early 00's, when Google went offline I wouldn't believe it, and go check my connection (even if I was fetching other sites at the same time). Looks like nowadays HN is in that place.
I read an article recently on avoiding fallback in distributed systems.[0]
Is it more appropriate to call the strategy in this case fallback, or failover? Since the secondary server wasn't running in production until the first one failed, it sounds like fallback?
Perhaps higher reliability strategies would have been instead of having a secondary server, just have more mirrored disks on the main server, to reduce the likelihood of the array being compromised?
Alternatively, to run both the primary and secondary servers in production all the time. But that would presumably merely move the single point of failure to the proxy?
My first thought was “oh sh*t, they finally added this to the list of time-wasting social media blocked sites” :( It was only when I saw it also didn’t work on my phone, that I realized HN itself was actually down
My first thought was that my own Internet was down. My second was that HN was somehow dependent on Rogers. Hard to go through a Friday afternoon without HN!
I assume this post will be flagged as off topic, but I actually just went to visit moments before it came back up. I didn't figure out that it wasn't an issue with my internet connection until I saw this post.
I've been noticing internet problems here and there all week, and was getting a little sketched out (is the heat waves, Russia, or alien attack:) so this really got me worried.
Must admit it was really hard to find out what was going on. I stumbled upon a twitter link somewhere deep down a list of search results. Doe HN have a status page of any kind?
HN is my default 'is the internet working' site and that genuinely threw me for a loop across multiple devices today dealing with hotspots while our power was out.
let's not forget that aside from content signal-to-noise ratio of the links, HN comments provide nearly half of the value because one can see the "other" side of the "story", sort of like visceral critical thinking...
Mr. dang, can I use the opportunity to suggest to turn the tiny upvote and downvote arrows into links, separated by sufficient distance? My fingertip is 15x larger than these arrows and it takes quite a bit of precision to hit the right one. I bet, half of upvotes and downvotes are erroneous for this reason.
The "undown" or "unvote" link that appears tells you which one you hit. I appreciate how little space they take up. If you're doing it with touch just zoom in.
HN just lost 10% of it's users. Being down for hours is unforgivable in this day and age with cloud providers. Please get with the times, your a tech site for god sake!!!
oh thank god you put this here, I was unable to determine this for myself.
I'm sorry, this kind of thing reeks of point "whoring" to me, and I consider that to be an indefensible thing to do; it's pollution. We can see the site. We know it's up. We don't need to be told. Stop doing things purely to increase your score. This isn't a game. Etc.
Imagine running a website that doesn't earn you millions and millions of dollars and it gets taken out for a mere eight hours by a couple disk failures.
Needless to say I opened a new tab, typed "n", and hit enter countless times today before my brain caught up with my muscle memory.