[AusNOG] AWS sites inaccessciible

Mark Smith markzzzsmith at gmail.com
Wed Jun 15 12:06:56 EST 2016


On 15 Jun 2016 10:35, "Mark Newton" <newton at atdot.dotat.org> wrote:
>
> On 15 Jun 2016, at 10:16 AM, Mark Smith <markzzzsmith at gmail.com> wrote:
> > (I don't think there is any excuse for terse error messages or just
> > error codes anymore - it's 2016, we have plenty of CPU, RAM and
> > bandwidth so we can afford to help make troubleshooting easier and
> > quicker. The developer seconds saved by being terse can multiply into
> > 100s of hours of lost time to the developer's end-users, in particular
> > for Internet scale services like Akamai et. al.)
>
> That really depends on the extent to which more detailed error messages
can be
> used as a signal to attackers to either add more agents on more networks,
or
> back off, to remain underneath triggering thresholds, doesn’t it?
>

So the choice is between frustrating legitimate users of you service by
making you service hard to troubleshoot if it fails verses providing
information on how successful their attack is. I think balance needs to be
towards the legitimate users - without them, you don't have a service worth
using and therefore worth trying to attack.

An smart attacker probably won't rely on your status messages anyway,
they'll look to other signs their attack is successful that you're not in a
position to control. You could be lying after all.

If nothing else, I look at the 10 seconds to read the email by say 50% of
people on this mailing list (more than 2K last I remember), means that the
cost of this terseness is already more than 10 000 seconds or more than 2.5
hours of lost human productivity.

The cost to Mal, his customers, and to Qantas, either reputational or in
lost business (if the website appears down, Virgin might be the next port
of call within seconds) would be much higher.

There is also a possible cost to Akamai. Unless their customer doesn't
allow them to, they could brand the error page. That will get their name
out there in front of an audience that doesn't normally see it ... like
Cloudflare do when the origin website is under attack.

A helpful error message would also enhance their reputation in the eyes of
somebody like Mal who might look favorably on them if he wanted to buy CDN
services in the future. As trivial as it might sound, if all else was
equal, I'd choose the provider who provides the easiest troubleshooting
experience, because how hard something is to get going again becomes
suddenly much more important if I'm trying to fix it at 3am.

Regards,
Mark.

>   - mark
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160615/34d8671b/attachment.html>


More information about the AusNOG mailing list