Most active commenters
  • LunaSea(14)
  • mike_d(5)
  • fmajid(3)

←back to thread

Reliability: It’s not great

(community.fly.io)
1226 points bishopsmother | 40 comments | 06 Mar 23 17:47 UTC | HN request time: 0.862s | source | bottom
Show context
samwillis ◴[06 Mar 23 19:38 UTC] No.35046486[source]
Fundamentally I think some of the problems come down to the difference between what Fly set out to build and what the market currently want.

Fly (to my understanding) at its core is about edge compute. That is where they started and what the team are most excited about developing. It's a brilliant idea, they have the skills and expertise. They are going to be successful at it.

However, at the same time the market is looking for a successor to Heroku. A zero dev ops PAAS with instant deployment, dirt simple managed Postgres, generous free level of service, lower cost as you scale, and a few regions around the world. That isn't what Fly set out to do... exactly, but is sort of the market they find themselves in when Heroku then basically told its low value customers to go away.

It's that slight miss alignment of strategy and market fit that results in maybe decisions being made that benefit the original vision, but not necessarily the immediate influx of customers.

I don't envy the stress the Fly team are under, but what an exciting set of problems they are trying to solve, I do envy that!

replies(20): >>35046650 #>>35046685 #>>35046754 #>>35046953 #>>35047128 #>>35047302 #>>35047334 #>>35047345 #>>35047376 #>>35047603 #>>35047656 #>>35047786 #>>35047788 #>>35047937 #>>35048244 #>>35048674 #>>35049946 #>>35050285 #>>35051885 #>>35056048 #
ec109685 ◴[06 Mar 23 20:15 UTC] No.35046953[source]
The CloudFlare folks wrote a good blog post on how they are seeing their customers use Edge compute — latency is far down on the list: https://blog.cloudflare.com/cloudflare-workers-serverless-we...
replies(2): >>35047067 #>>35047122 #
fmajid ◴[06 Mar 23 20:29 UTC] No.35047122[source]
The US CLOUD Act means a EU customer cannot use a US cloud provider to host PII, even if the server itself is physically in the EU, because US law will still compel the provider to yield the data to US authorities. The European Commission is trying to paper over the cracks with a fig leaf of judicial review, but it's only a matter of time until a Schrems III decision from the CJEU invalidates that polite fiction.
replies(6): >>35047259 #>>35049766 #>>35049953 #>>35050521 #>>35053056 #>>35054838 #
1. LunaSea ◴[06 Mar 23 20:40 UTC] No.35047259[source]
The amount of EU companies following this law is exactly 0.
replies(7): >>35047293 #>>35047380 #>>35047435 #>>35047449 #>>35047569 #>>35047724 #>>35053938 #
2. ◴[06 Mar 23 20:42 UTC] No.35047293[source]
3. exac ◴[06 Mar 23 20:50 UTC] No.35047380[source]
I know I've personally spent a large portion of my time updating systems to be compliant in the last few years, in North American companies.
replies(2): >>35047993 #>>35048274 #
4. speedgoose ◴[06 Mar 23 20:54 UTC] No.35047435[source]
It’s not true. I know people who lost contracts because they were using Azure and the customer wanted to respect the law.
replies(1): >>35048957 #
5. pjmlp ◴[06 Mar 23 20:55 UTC] No.35047449[source]
I can attest that there are a lot more than zero in Germany.
replies(1): >>35048865 #
6. huijzer ◴[06 Mar 23 21:04 UTC] No.35047569[source]
Please tell the legal department of our uni. I’m stuck with a home-made Kubernetes cluster where I have to mail the admins for provisioning, SSL and domain management. Would love to switch to Fly or Render
7. e12e ◴[06 Mar 23 21:16 UTC] No.35047724[source]
This simply isn't true. At least not for EEC(Norway).
replies(1): >>35048892 #
8. mro_name ◴[06 Mar 23 21:36 UTC] No.35047993[source]
might well have been yak shaving. If a company is under US jurisdiction it simply cannot comply to EU data protection.
replies(1): >>35049073 #
9. mananaysiempre ◴[06 Mar 23 21:58 UTC] No.35048274[source]
... Are those North American companies prepared to willingly break EU laws then? Because in my (amateur) understanding it’s logically impossible to satisfy both CLOUD Act requirements and EU data protection ones (not just GDPR, but general due-process rights the CJEU considers required for privacy violations and US courts deny noncitizens).
replies(1): >>35049265 #
10. LunaSea ◴[06 Mar 23 22:46 UTC] No.35048865[source]
I would be glad to be shown a company with AWS, Google Chrome, Google Search, Slack and all the usual suspects.
11. LunaSea ◴[06 Mar 23 22:48 UTC] No.35048892[source]
I have never seen a company without Google Search, Google Chrome, AWS, Microsoft 360 and the lot.

Which alternatives are they based on?

replies(2): >>35049234 #>>35054717 #
12. LunaSea ◴[06 Mar 23 22:53 UTC] No.35048957[source]
I've talked with companies like that as well and they start with strict rules and end up allowing clouds because no solution is compliant anyway.
replies(1): >>35053496 #
13. ◴[06 Mar 23 23:03 UTC] No.35049073{3}[source]
14. fcantournet ◴[06 Mar 23 23:16 UTC] No.35049234{3}[source]
Those would not contain PII from your users though, unless you have terrible policies about copying personal information in random Google Docs.
replies(2): >>35050527 #>>35052972 #
15. mike_d ◴[06 Mar 23 23:20 UTC] No.35049265{3}[source]
Yes.

Whenever a US law and a foreign law conflict, the US law always wins when you are in the United States. Complying with US laws is also a perfectly valid defense if a European citizen or state ends up bringing action against you in a US court.

replies(1): >>35052978 #
16. cavisne ◴[07 Mar 23 01:55 UTC] No.35050527{4}[source]
Companies have to guess what is PII and what is not, the EU have no idea (other than they know which companies they want to punish)
replies(1): >>35052578 #
17. e12e ◴[07 Mar 23 07:28 UTC] No.35052578{5}[source]
The GDPR is quite clear on defining PII, I don't understand why you would claim otherwise?
replies(1): >>35053935 #
18. LunaSea ◴[07 Mar 23 08:25 UTC] No.35052972{4}[source]
All of these will absolutely contain PII every time.
replies(1): >>35054798 #
19. LunaSea ◴[07 Mar 23 08:27 UTC] No.35052978{4}[source]
European states simply sue in their own territory or in front of the European Union Court of Justice.
replies(1): >>35065472 #
20. speedgoose ◴[07 Mar 23 09:51 UTC] No.35053496{3}[source]
I guess it works when you don't have any compliant competitor.
replies(3): >>35053815 #>>35053923 #>>35054095 #
21. LunaSea ◴[07 Mar 23 10:37 UTC] No.35053815{4}[source]
That is exactly the problem at hand.

It's a combination of low to no enforcement, competitivity-killing laws and unrealistic efforts for said companies to take on.

22. fmajid ◴[07 Mar 23 10:55 UTC] No.35053923{4}[source]
Hetzner or OVH would be compliant.
replies(1): >>35054236 #
23. fmajid ◴[07 Mar 23 10:57 UTC] No.35053935{6}[source]
“It is difficult to get a man to understand something, when his salary depends on his not understanding it.” — Upton Sinclair
24. xorcist ◴[07 Mar 23 10:57 UTC] No.35053938[source]
Defense and government is a huge sector. You can live very well off it.

They are not going to skimp on the rules. A large part of banking won't, either.

25. di4na ◴[07 Mar 23 11:19 UTC] No.35054095{4}[source]
Yep. The real question is how long until we get one.

Scaleway seems to go in the right direction but still a bit of work needed

26. LunaSea ◴[07 Mar 23 11:41 UTC] No.35054236{5}[source]
They are however far from service parity with AWS, Azure and GCP.

I can't speak for Hetzner but OVH has also availability issues.

27. arnorhs ◴[07 Mar 23 12:49 UTC] No.35054717{3}[source]
So there is nothing in eu laws preventing you from opting into using these services. What _is_ prohibited is having a EU based product/service where your users are not aware that by using a service their data will be stored under us jurisdiction.

That is not the same as using us based products

28. tpxl ◴[07 Mar 23 12:58 UTC] No.35054798{5}[source]
Nice bit of FUD you got there.

You can use Google Search and be 100% compliant, because Google doesn't see any customer data. Google chrome isn't even a service, I can't imagine how you'd manage to stick customer data in there.

And if you think there are no companies without AWS and Microsoft 360, you need to expand your horizon. I work for one such company, and so do many of my peers.

replies(2): >>35054944 #>>35055024 #
29. dividedbyzero ◴[07 Mar 23 13:14 UTC] No.35054944{6}[source]
There are also lots of companies that use AWS etc. for everything but customer PII and keep that in some SAP system on-prem.
30. LunaSea ◴[07 Mar 23 13:24 UTC] No.35055024{6}[source]
Google Chrome through telemetry and account history synchronisation which log PII in URLs and searched.

Google Search will see PII go by if your marketing team is researching leads on LinkedIn for example.

> And if you think there are no companies without AWS and Microsoft 360, you need to expand your horizon. I work for one such company, and so do many of my peers.

And that's great.

What is the services stack your company is implementing?

What kind of alternatives do you use for your email, browser, centralised data storage, etc. ?

replies(1): >>35067720 #
31. mike_d ◴[08 Mar 23 05:04 UTC] No.35065472{5}[source]
Yup. Which is basically a no-op. You need a court having jurisdiction over the defendant to have any relief. Even if you receive a financial judgement, international law does not put much weight in absentia cases.
replies(1): >>35065826 #
32. LunaSea ◴[08 Mar 23 06:11 UTC] No.35065826{6}[source]
If you have customers in the EU than the court has jurisdiction.

If the company doesn't comply, fines will be directly taken from customer payments for example.

replies(1): >>35066464 #
33. mike_d ◴[08 Mar 23 08:01 UTC] No.35066464{7}[source]
Again - regardless of if a domestic court believes they have jurisdiction, any court case not brought in the venue of the defendant is effectively meaningless as you cannot be granted meaningful relief.

If the destination bank account is outside the EU, they can't touch it without cooperation from the defendant countries courts - which requires you to file in the defendants venue. If an EU country unilaterally seized intra-bank remittance they would be cut off from the international banking system without hesitation.

You seem to really be grasping at straws here, but the EU is not some all powerful entity that can enforce its laws outside its jurisdiction.

replies(1): >>35070752 #
34. tpxl ◴[08 Mar 23 11:25 UTC] No.35067720{7}[source]
I honestly can't tell if you're trolling or you said 'AWS' and 'Microsoft 360' and meant cloud and managed email.

> What kind of alternatives do you use for your email, browser, centralised data storage, etc. ?

There are plenty of browser alternatives (firefox, safari, vivaldi, even chromium).

There are dozens if not hundreds of email providers, and you can even provide your own.

You can 'centralize data storage' on disks on hardware you own, on premises or colocated. You could even use one of the dozens to hundreds of managed service and cloud providers.

replies(1): >>35070795 #
35. LunaSea ◴[08 Mar 23 16:09 UTC] No.35070752{8}[source]
> Again - regardless of if a domestic court believes they have jurisdiction, any court case not brought in the venue of the defendant is effectively meaningless as you cannot be granted meaningful relief.

Of course you can, you simply reach for assets within the border of said member country or the EU. As I mentioned in my previous comment, you can for example get the funds from outgoing payments by customers of said company. You can also freeze accounts, prevent ownership or investments by any citizen of that country as well.

> If the destination bank account is outside the EU, they can't touch it without cooperation from the defendant countries courts - which requires you to file in the defendants venue. If an EU country unilaterally seized intra-bank remittance they would be cut off from the international banking system without hesitation.

There is nothing unilateral about a country seising money as payment of a fine from a company. This is a standard tool that every countries' IRS equivalent agency have in their tool belt.

> You seem to really be grasping at straws here, but the EU is not some all powerful entity that can enforce its laws outside its jurisdiction.

I never said that EU is all powerful, however, if business is done within the EU, EU countries have the power to access any and all funds going to the US for companies that do not comply.

They can also decide to block said service as a punitive measure.

replies(1): >>35079415 #
36. LunaSea ◴[08 Mar 23 16:12 UTC] No.35070795{8}[source]
> I honestly can't tell if you're trolling or you said 'AWS' and 'Microsoft 360' and meant cloud and managed email.

I meant both clouds and managed email / storages services.

> safari

Don't both Firefox and Safari have telemetry and various ping back services?

> There are dozens if not hundreds of email providers, and you can even provide your own.

> You can 'centralize data storage' on disks on hardware you own, on premises or colocated. You could even use one of the dozens to hundreds of managed service and cloud providers.

Sure you can, I'm just saying that it is rarely if ever done in medium to large companies.

37. mike_d ◴[09 Mar 23 08:44 UTC] No.35079415{9}[source]
> Of course you can, you simply reach for assets within the border of said member country or the EU.

Which is exactly what I said. If the US company has an EU subsidiary you sue in that venue that can grant you relief. There are US tax implications of holding foreign assets, so the 1% of US companies with overseas interests create a foreign subsidiary, the other 99% have absolutely nothing within the reach of the EU.

> There is nothing unilateral about a country seising money as payment of a fine from a company.

Funds in transit belong to the sender until they arrive in the destination account. The EU would be seizing the funds of an innocent third party (the customer), and the target company would just shrug and say "your payment didn't arrive send it again." The EU cannot seize a transaction in flight and also compel the target company to honor it against their books.

> if business is done within the EU, EU countries have the power to access any and all funds going to the US for companies that do not comply.

See above. Taking money from random EU customers I guess is something they could do, but I imagine their citizenry would be none too pleased about it.

Let me try to simplify it for you: the EU cannot take what is not in EU jurisdiction without the cooperation of the foreign court. If a company says they were complying with their domestic law which violated EU law, they would likely not receive the cooperation of domestic courts to grant relief.

replies(1): >>35085562 #
38. LunaSea ◴[09 Mar 23 19:35 UTC] No.35085562{10}[source]
Let me make it simpler for you.

If say Google were to not follow the GDPR for example, even if they didn't have any European subsidiaries, the EU or a member country would simply make all Google customers pay their subscription fees to them instead of Google as fine payment for the fine. Customers would see no service disruption.

replies(1): >>35090661 #
39. mike_d ◴[10 Mar 23 05:16 UTC] No.35090661{11}[source]
In your example Google would not receive the funds and credit the customers account. How would they differentiate an EU government stealing the money from a customer who just didn't pay and say they did?

Feel free to call up your credit card or power company and ask them what happens if you send them a payment but it gets seized by the government along the way. Their answer will be that you still owe them money.

In your example the EU customers would be out the money, not Google. With no EU nexus (in your hypothetical) they cannot compel Google to provide services they were not paid for.

replies(1): >>35093145 #
40. LunaSea ◴[10 Mar 23 11:37 UTC] No.35093145{12}[source]
> How would they differentiate an EU government stealing the money from a customer who just didn't pay and say they did?

Because they would have been notified by a court beforehand and the fine would constitute an outstanding debt linked to a lost lawsuit.

Once that happens, the national collection agencies would take over and use the tools at their disposal, like collecting from customers directly, which is the equivalent of garnishing wages but for companies.

They would then receive regular updates about the remaining debt and what was already paid and by whom.

> Feel free to call up your credit card or power company and ask them what happens if you send them a payment but it gets seized by the government along the way. Their answer will be that you still owe them money.

If Google then refused service to the customers who's payments were redirected to that country's collection agencies, then additional punitive measure would be taken by the country.

Some of the punitive measure could be:

- growing interests on the outstanding debt

- blocking the service within the country or EU

- advertise that Google is delinquent and is refusing to pay it's debt to financial institutions

- prevent banks and financial institutions from loaning money or investing in Google

- configure an embargo for imports and exports towards Google

- extradition requests for C-suite or adding them to Interpol and Europol wanted people list

- etc.

> In your example the EU customers would be out the money, not Google. With no EU nexus (in your hypothetical) they cannot compel Google to provide services they were not paid for.

They can't force Google to provide services but Google will also lose that market (for the EU that's 450M people) and increasing punitive measures.

Also, Google refusing to pay would probably discourage financial institutions anywhere from servicing Google in the future and other countries from authorising Google on it's national market.