Where there are clouds – there is sometimes rain. Developer Jason Rohrer found that out the hard way after he attempted to access his code repositories on GitHub’s cloud-based platform and found that he couldn’t.
Microsoft-owned GitHub locked down Rohrer’s account without warning on June 4 after the hosting service received an alleged complaint from a single user. What the coder found most concerning was the lack of communication about the matter.
“The biggest problem here was that I wasn’t even emailed when my account was blocked,” Rohrer wrote. “GitHub emails me notifications all the time. For such an active account with such a deep history, taking it down in a silent POOF with no notification? I was greeted with a 404.”
Rohrer is a game developer that hosts his pen-source code on GitHub. To run One Hour One Life and a dozen other games he’s created, Rohrer relies on the service to provide access to the 5,000 commits and twenty-three code repositories that he created over the span of 5 years.
He took to Twitter shortly after discovering the problem: “If you’re thinking about using @github for your life’s work, FYI, they may remove it without any warning or notice, based on some user ‘report’ made out of spite. That happened today for the 5+ years of One Hour One Life work that I’m hosting there. They didn’t even email me.”
GitHub’s CEO, Nat Friedman, issued an apology to Rohrer on Twitter, stated that his account access had been restored and promised to investigate the incident. Indeed, Rohrer’s account was liberated from 404 limbo by GitHub’s support team but it’s still left an unfavorable impression with him.
Rohrer is not the only cautionary tale about remotely-hosted services, however, that has occurred in recent weeks. Digital Ocean (DO) is a cloud-based platform that found themselves in hot water after a small-startup Raiseup found themselves locked out of their own DO host account.
Raiseup’s CTO Nicolas Beauvais also Tweeted about his company’s experiences with an account block that happened in May. Beauvais reported that his small AI firm had been “killed” because of Digital Ocean’s actions “How @DigitalOcean just killed our company @raiseupcom. A long thread for a very sad story.”
Beauvais described the impact of the DO mishap. “We lost everything, our servers, and more importantly one year of database backups. We now have to explain to our clients, Fortune 500 companies, why we can’t restore their account.”
In an effort to shed more light on the incident, Digital Ocean posted a lengthy explanation on their blog as to why the account had been 404’d. On May 29, Raiseup’s account was locked and resources powered down after their anti-fraud and abuse software generated a false positive.
Raiseup and DO communicated on the matter and their account was restored. Unfortunately, the account generated another false positive based on the same segment of innocuous code that had triggered the first lockdown.
To DO’s credit, they owned up to their end of things and shared details about what changes they planned on making to ensure something like this didn’t happen again but for Beauvais – the damage may already have been done to Raiseup.
While the advantages of cloud-computing are numerous, there are certain limitations as well. When a business contracts with a third-party to act as a hub for their tech operations, that business is sharing information with an entirely different entity with its own rules and regulations.
In terms of summarizing some of the underlying uncertainties that comes when a company contracts with a third-party cloud-based service, this user said it best when he posted a comment on Malwarebytes Labs website. User Guiwhiz responded to a ‘Should you store your data on the cloud?’ published on Malwarebyte’s blog: “So you’re telling me my company’s data is on servers I don’t own, managed by people I don’t know and have no control over hiring and firing, and since I don’t know where it sits physically I don’t know which regulatory and legal compliance regime controls data residency or which government might have access to that data?”
This comment is not meant to represent the full cloud-story because there are many things possible that weren’t possible before the advent of all things cumulus. Smaller businesses can offer equivalent enterprise-grade solutions that only the large tech giants could in the past. Scaling offers endless opportunities for saving money, expanding operations and quick turn-arounds on operations that would have never been possible without it. Despite the democratizing nature of the cloud, the question of how that data is handled by third-party providers may make the process slightly less egalitarian.
Beauvais shared how powerless he felt about what was happening to his data: “I am scared I could be hit by an out-of-control abuse algorithm and a broken customer service process,” Beauvais said in a Checkly blog post, “And I have zero twitter clout or any other online notoriety.”