undefined | Better HN

0 pointsBarrin925y ago0 comments

At this point I'd advocate for a huge red button or a gong that someone can smash and it just halts the platform

0 comments

Kill-switches are dangerous, since they get built and never get used. I work on an anti-abuse system. It caused two user-visible outages in the last couple of years, one of which was an accidentally triggered kill-switch that had not been used in years and had some unexpected side-effects.

So I can see why they wouldn't have one of those pre-built for setting the entire site to a read-only mode. It's not at all obvious whether the risks are larger with or without that capability built in. But a spam filter with configs you can push quickly seems like table stakes, and should be a system that gets excercised weekly if not daily.

castratikron5y ago

"This is a test of the emergency broadcast system..."

dmix5y ago

"Press okay if you want to enable cookies"

MattGaiser5y ago

You don't need to kill the entire site. Just the ability to post new messages.

actuator5y ago

They are somewhat right. I have built these feature flag/kill switch kind of things and they rarely get tested. Over time it might not even work or have other side effects.

On the other hand, a product like Twitter having some content moderation filter seems very likely.

1 more reply

catalogia5y ago

> Kill-switches are dangerous, since they get built and never get used.

What about the circuit breakers at their data centers? Serious question..

Nextgrid5y ago

Even if there is no "huge red button", at this stage it should be easy to reconfigure their load balancers to just return 500 for all endpoints or even take down their DNS records and essentially shut down the platform until they sort it out.

Lobosque5y ago

This seems like a pretty big red button.

Nextgrid5y ago

If there was no other option I would personally go as far as pulling the power, data loss be damned.

This is in many ways worse than your typical large-scale malware or ransomware crisis (like the one that hit Maersk for example).

Malware or ransomware attacks are typically limited to internal company impact with potential stolen data (which you usually discover after it’s been stolen already).

This current situation however has ongoing external impact for as long as the platform is kept online and could even have geopolitical repercussions if a certain high-profile “real” account ends up affected.

The fact that they left the platform online for so long with an ongoing, uncontained attack is absolutely irresponsible.

j / k navigate · click thread line to collapse

0 comments

jsnell5y ago

castratikron5y ago

"This is a test of the emergency broadcast system..."

dmix5y ago

"Press okay if you want to enable cookies"

MattGaiser5y ago

You don't need to kill the entire site. Just the ability to post new messages.

actuator5y ago

They are somewhat right. I have built these feature flag/kill switch kind of things and they rarely get tested. Over time it might not even work or have other side effects.

On the other hand, a product like Twitter having some content moderation filter seems very likely.

1 more reply

catalogia5y ago

> Kill-switches are dangerous, since they get built and never get used.

What about the circuit breakers at their data centers? Serious question..

Nextgrid5y ago

Lobosque5y ago

This seems like a pretty big red button.

Nextgrid5y ago

If there was no other option I would personally go as far as pulling the power, data loss be damned.

This is in many ways worse than your typical large-scale malware or ransomware crisis (like the one that hit Maersk for example).

Malware or ransomware attacks are typically limited to internal company impact with potential stolen data (which you usually discover after it’s been stolen already).

The fact that they left the platform online for so long with an ongoing, uncontained attack is absolutely irresponsible.

j / k navigate · click thread line to collapse