> Google Cloud accidentally deletes UniSuper’s online account due to ‘unprecedented misconfiguration’
which is a lot more alarming.
I've heard of sudden and unwarranted bans before, but never an accidental deletion of a customer who they only just convinced to migrate to Google Cloud last year!
Yes, surprised this hasn't hit the top of Hacker News and instead gone un-noticed. If Google did delete the account, this is massive.
Large financial pension fund with advertised $124 billion in funds under management so not some toy cat gif startup has account deleted accidentally by Google. That can very easily wipe out a company using cloud as cloud vendors advertise you to. From the article it sounds like they are lucky they had offsite backups but still potential for data loss and restoring offsite backups likely a task in itself.
It's a major incident, I feel for the ops team who'll be working under massive pressure trying to get everything back up.
Indeed. My gut feeling is that most companies using AWS, Azure or Google Cloud are not going to be making backups elsewhere. I wonder how much data would've been lost if they didn't have backups elsewhere?
Interestingly the Australian financial services regulator (APRA) has a requirement that companies have a multi-cloud plan for each of their applications. For example, a 'company critical' application needs to be capable of migrating to a secondary cloud service within 4 weeks.
I'm not sure how common this regulation would be across industries in Australia or whether it's something that is common in other countries as well.
US federal financial regulators and NYDFS have similar concerns and strong opinions, but nothing in statute or regulatory rule making yet (to my knowledge; I haven’t had to sit in those meetings for about 2 years).
Below is an email that I (the OP) received a few hours ago titled "A letter from the CEO":
> Dear dualscyther
> I am writing to provide you with an update on the disruption to our services.
> Firstly, let me begin by personally apologising for the outage, and thank you for your patience with our teams as they work around the clock to progressively get our systems back online.
> As always, members are our top priority.
> I would like to be very clear on some key points: member accounts are safe, and no data was exposed to unauthorised third parties as a result of this outage.
> I would also like to reassure members that pension payments have not been disrupted and will continue as per normal. The next regular pension payment is scheduled on 15 May 2024, and is due in accounts by 17 May 2024.
> We're here to help, so please get in touch with our contact centre should you require support or your question isn't covered in the frequently asked questions published on our website.
> Update on restoration of services The progressive restoration of member services will begin Thursday, 9 May 2024. Please note that some services will still be limited as we continue the restoration.
> Services that we expect to have online in some capacity will include the ability to login to online services, access Mobile App, and see balances—initially as at Monday, 29 April 2024. As regular trading and investments have been continuing as normal, this will be reflected in your balance once our systems have been restored.
> We will keep members informed as systems progressively come online. I commit to members receiving daily updates on the progressive restoration of services, and again thank you for your patience.
> We have collated some frequently asked questions, including around lump sum withdrawals, investment switches and the operation of investments during this outage.
> For up to date information, including answers to frequently asked questions, please visit our website.
> What caused the technology outage? Many members have rightly asked what exactly happened.
> Google Cloud continues to investigate and gather information on the nature of this incident which caused an outage to our systems.
> Let me stress that Google Cloud has provided clear assurance that this was not the result of a malicious act or cyber-attack, and UniSuper data has not been exposed to unauthorised parties because of this issue.
> While a full root cause analysis is ongoing, Google Cloud has confirmed this is an isolated one-of-a-kind issue that has not previously arisen elsewhere.
> Google Cloud has confirmed that they are taking measures to ensure this issue does not happen again.
> We take our responsibility to deliver secure, reliable services to our members extremely seriously. I would like to be clear that Google Cloud is not the only cloud service provider UniSuper utilises, and this planning has ensured our ability to restore services and minimise data loss.
> Additional resources to support swift resumption of services To minimise further disruption to our members as we come back online, we are putting on additional resources to work through all enquiries and member requests as quickly as possible once systems are operational again.
> Thank you again for your patience and understanding, particularly with our team in the contact centre, as we work to restore services swiftly, safely and securely.
> Yours sincerely,
> Peter Chun
> Chief Executive Officer, UniSuper
I couldn't figure out how to email the author and I don't have twitter, but I found a few mistakes in the "More power" section that tripped me up a bit as I followed along, so just posting here in case it helps anyone else:
Yes, you can licence it however you want because you are the copyright holder. See mongodb. IANAL. Licences are to restrict those who do not hold copyright.
> Licences are to restrict those who do not hold copyright.
On the contrary, licenses gives permission to those who do not hold copyright. Without any license, only the copyright holder has any rights to copy or modify the work in any way (except for fair use). A license gives permissions to non-copyright holders to do things which would otherwise be illegal under copyright law. A license can never restrict what anyone would otherwise be allowed to do, since it is not a contract.
> FreeNAS and TrueNAS have been separate-but-related members of the #1 Open Source storage software family since 2012. FreeNAS is the free Open Source version with an expert community and has led the pursuit of innovations like Plugins and VMs. TrueNAS is the enterprise version for organizations of all sizes that need additional uptime and performance, as well as the enterprise-grade support necessary for critical data and applications.
> In the 11.3 release, FreeNAS and TrueNAS share over 95% of the same source code but are built into separate images, each with their own name. The Version 12.0 release will change this process by moving to one unified image with two different editions: a free, Open Source edition (this will never change!) and an enterprise edition.
> Both editions will have common Open Source code, unified documentation, and a shared product name.
So I suspect that the source code for TrueNAS is not available.
Ah, I see. I thought they were completely different products, but it sounds like TrueNAS is an enterprise version of FreeNAS and this unification seems like it is just deprecating the FreeNAS name.
I've found that returning 200 with errors seems to be the sane way to do things, since sometimes it's difficult to tell whether a server error belongs in the http later or graphql layer.
https://news.ycombinator.com/item?id=40304666