Slashdot Mirror

← Back to Stories (view on slashdot.org)

Man Deletes His Entire Company With One Line of Bad Code (independent.co.uk)

Posted by msmash on from the undo-undo-oh-god dept.

Reader JustAnotherOldGuy writes: Marco Marsala appears to have deleted his entire company with one mistaken piece of code. By accidentally telling his computer to delete everything in his servers, the hosting provider has seemingly removed all trace of his company and the websites that he looks after for his customers. Marsala wrote on a Centos help forum, "I run a small hosting provider with more or less 1535 customers and I use Ansible to automate some operations to be run on all servers. Last night I accidentally ran, on all servers, a Bash script with a rm -rf {foo}/{bar} with those variables undefined due to a bug in the code above this line. All servers got deleted and the offsite backups too because the remote storage was mounted just before by the same script (that is a backup maintenance script)." The terse "rm -rf" is so famously destructive that it has become a joke within some computing circles, but not to this guy. Can this example finally serve as a textbook example of why you need to make offsite backups that are physically removed from the systems you're archiving?"Rm -rf" would mark the block as empty, and if the programmer hasn't written anything new, he should be able to recover nearly all of the data. Something about the story feels weird.

9 of 460 comments (clear)

  1. Three words by MPAB · · Score: 4, Insightful

    Offsite, offline BACKUPS

    1. Re:Three words by Aighearach · · Score: 4, Insightful

      That's all great, but even a less complete, sloppy backup system would be an improvement here.

      Another thing people don't understand about cloud hosting... you should still have your own self-managed, non-cloud server that holds your images and ideally runs your service during the low-traffic hours. Whatever your daily lowest traffic 6 hours is, in most cases, should be traditionally hosted. Cloud is super-duper-awesome-webscale for the peak traffic, no way around that if you have peak traffic hours.

      Personally, I can re-deploy (including the latest database backup) from my dev workstation using a simple rake task.

      Another problem is; relying on your hosting company for backups. Never do that. The same fire/earthquate/bash script/volcano that makes the backup necessary, would destroy it! Expect the hosting company to have insurance, don't expect them to care if your data gets lost. Especially if it "user error."

      This has nothing to do with "PC/internet mentality" and everything to do with the latest anti-waterfall, anti-planning, 80% is all that matters mindset. Traditionally, this was easily solved because there was an engineering mindset.

  2. Wasn't he trolling? by anlag · · Score: 5, Insightful

    I saw the post on ServerFault, and while the original scenario could have happened, the OP's follow-up blunder to reverse the input and output parameters of dd when trying to preserve the disk seemed just a wee bit too unlikely. I looked at the article to see if there was any additional data to suggest this was real, but it seems entirely based on the SF thread. Until corroborated, I'm going to call bs.

  3. manishs by Verdatum · · Score: 4, Insightful

    Manishs, you seem to actually critically read articles before posting them, and you actually provide insight after the summary. What is up with that?

  4. What happened to NEWS for Nerds? by Jack9 · · Score: 2, Insightful

    This was a blatant troll on a forum and now because some idiot millennial wrote an op-ed piece, some idiot (manishs) put it on the /. frontpage?
    Are the admins now supporting the things the moderation system fights on their own site?

    This story is more of an embarrassment than the political vomit I've had to endure because _this_ story doesn't even qualify as news. e.g. What Company did he destroy exactly? You would think the incredibly obvious lack of facts would be a tipoff to someone.

    --

    Often wrong but never in doubt.
    I am Jack9.
    Everyone knows me.
    1. Re: What happened to NEWS for Nerds? by Darinbob · · Score: 5, Insightful

      I make it a point to lump people into the category of "everyone". Then I can despise them all equally without picking and choosing favorites.

  5. Still value as a troll by Minupla · · Score: 4, Insightful

    I collect these stories for people who I mentor. Even if they're trolls, they work as cautionary tales, because lots of people have had similar smaller scale disasters (as evidenced by posts in this thread) and it's healthy for mentees to get a taste of what can happen when you (for example) forget to error check your script parameters.

    In a big way it doesn't matter if it's true or not, it could be true which makes it a teachable moment. I'm sure everyone who reads the story will run a mental checklist to see if they have a script somewhere that could EVER do it. Do they have their backups mounted when they should be rsyncing, etc.

    Min

    --
    On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
  6. Corrections by ledow · · Score: 3, Insightful

    Man ALLOWS his entire company to be wiped out in one command.

    Man DESIGNS his entire company to be wiped out in one command.

    Man SETS UP his entire company to be wiped out in one command.

    Hint: I work in schools. Once I had a teacher delete their entire planning folder. Then (and DO NOT ask me why, because I don't understand it either), they emptied that folder from Recycle Bin. They rang up in the more embarrassed panic.

    And then it was explained that we still had copies of that folder in:

    a) Shadow Copies of the profile on the client.
    b) Network Copies of the profile that they were logged in as (and which fortunately hadn't logged off once they realised what they did).
    c) Shadow Copies of the profile folder on the server.
    d) Copies of the profile folder on all the other servers.
    e) Copies of all the servers on replica servers.
    f) Copies of the server VM's and storage in a primary backup location.
    g) Copies of the server VM's and storage in a secondary backup location.
    h) Copies of the server VM's and storage in a tertiary backup location.
    i) Several off-line and off-site copies of the server VM's and storage .
    k) Random, casual backups all over the place.

    And that's just for the crap that teachers think is important (i.e. a lesson plan they have to write every two weeks and which they can't re-use anyway).

    Fuck knows what this guy was thinking, but there's no one one command ANYWHERE should be able to do that many actions, let alone dangerous actions that you haven't evaluated properly. Honestly, some of those machines don't even TURN ON until the backup window, and even the backup devices have rollback and shadow-copy-like functionality on top of whatever the backup software gives (incrementals, etc.). And several are DELIBERATELY offline for almost their entire lives and have entirely disparate credentials so no one command could ever affect them.

    Not being funny, but we're talking a small school of 400 5-14 year olds here. He actually has more customers than I have users. And you just can't fuck about like that, so if he thinks he can, I honestly have zero sympathy and can only laugh.

  7. rsnap is popular. Should pull from read-only accou by raymorris · · Score: 4, Insightful

    Rsnap is a very popular backup system which uses network mounted drive as it's default/most common configuration. I constantly remind people on the rsnap mailing list about the existence of cryptolocker type malware.

    A much safer way to do it is to have the backup system PULL backups using a read-only account. That way no command on the live system can touch the backups, and the backup system can't change anything on the live system - either accidentally or maliciously.

    One solid backup / hot spare system that does it safely by default is Clonebox.