Amazon S3 Versioning, Multi-Factor Authentication Now Available

Continuing their trend of releasing substantial features and additional services in their web services portfolio on a regular basis, Amazon announced this week the availability of versioning and multi-factor authentication across their Simple Storage Service (S3) property.

How S3 Versioning Works
Versioning is a critical feature many developers had requested as data stored on S3, while maintained in triplicate across the S3 file-system automatically, is still vulnerable to sweeping delete operations by developers, errant scripts, or other causes. Moreover, developers had to manually version changing files if they wanted to preserve the ability to roll-back to an earlier revision or undo a “delete”. In any event, a lot of custom code had to be created to replicate these behaviors, and most solutions weren’t particularly graceful.

Read More »

Posted in: Cool Stuff, Development

Barnes & Noble Security Question Error Message Mocks You, Your Loved Ones

bn_security_question I finally bought a Barnes & Noble membership today. Despite almost always buying my books on the Amazon, (a site I much prefer referring to with the definite article “the” intact because it sounds cooler), I occasionally will pick one up from B&N if I really want a book that. day. I was buying $55 or so in books, with one being a bestseller which means 40% off, so I was looking at just over $10 off with a membership. $15 for a membership, sure, whatever.

In trying to link my new account from the store with an online account, it prompts for a security question. I select “mother’s middle name” since things like “what’s your favorite restaurant?” are ridiculously inane as I’ll almost *certainly* forget what I entered, which will promptly be followed by feelings of wanting to stab someone. And then I enter ma’s middle name: marie. Nevermind that the security answer is CaSe SeNsItIvE, (because, clearly, I should also be forced to remember if I proper-cased my answer) it goes ahead and tells me:
bn_error_message

Great. Now Barnes & Noble is calling me a liar AND insulting my mother. Swimming performance there, kids. [Really, the error message reads as follows: Your Security Answer is not formatted properly. A Security Answer must be 6–15 characters long, spaces allowed. Remember that Security Answers are case sensitive (i.e., "Dickens" is not the same as "dickens").]

The moral of the story? Don’t enforce ridiculous limitations on a security question if the user’s correct answer might violate those limitations. And don’t insult your customer’s mothers. (CrunchGear blogged about this too, some two weeks ago.)

Reblog this post [with Zemanta]

Posted in: Design, Rants

Trusting In The Cloud: A Call For Post-Mortem As Facebook Loses Notification Settings

notification_settingsI first read about Facebook having lost some users’ notification settings on TechCrunch four days ago. This was worrisome to me, but I got sick over the weekend and didn’t have a chance to write about it. Then I got my very own email from Facebook telling me the same: they’ve lost my notification settings and if I’d be so kind as to reset them, and that they apologized for the inconvenience.

Facebook needs to publish a public post-mortem on this, as soon as humanly possible. When any data disappears from the cloud, no matter how innocuous, it calls into consideration serious questions of trust and competence. I’ve trusted Facebook for a long time. The engineers who have built it have done an amazing job at making sure things scale brilliantly, at cobbling together various pieces of technology and contributing their own back to the community to make the site highly available and without many of the horrible growing pains MySpace experienced, when Tom would send a message telling everyone bulletins will be down and to please not email him.

Read More »

Posted in: Rants

Amazon Explains S3 Outage: Gossip Kills

Amazon has released a rather comprehensive write-up on their post-mortem analysis of why Amazon S3 went down last week. The S3 servers use a gossiping protocol to determine system states, including what servers are available and the status of the nodes across the network.

A single bit corrupted in several of these gossips such that they were still intelligible but reflecting inaccurate data about the system state. These propagated through the network (much like a virus, really) and caused most of the servers to spend most of their time gossiping or failing to complete the gossip; if the gossip doesn’t complete, the server can’t/won’t send its data.

While Amazon MD5 checksums data in containers to ensure its integrity as its being transmitted, they weren’t doing this on their gossips. They’ve since established several new practices to attempt to ensure that a problem like this won’t cause a failure across the entire system, including better failure handling with gossips and faster restoration when nodes do go down.

They end their missive simply enough, owning up in a way I give them credit for:

Though we’re proud of our operational performance in operating Amazon S3 for almost 2.5 years, we know that any downtime is unacceptable and we won’t be satisfied until performance is statistically indistinguishable from perfect.

“Statistically indistinguishable from perfect” is a rather poetic phrase, and I’d like to think we strive for that over at Synapse Studios. But my stats-masters programmer would just mock me.

Read their full statement here.

Posted in: Tech News