Comment by ptero
5 years ago
This is not new; such things happened many times in the past (25 years ago Microsoft was the behemoth trampling small companies) and will happen again. I do not think Google is doing it consciously -- this is probably just collateral damage from some bot or rule.
The way to handle it is to reduce dependencies on the cloud. This does not mean cutting cloud services altogether, but once the company is big enough (and the author talks about 1000s SMEs and millions of users), plan for graceful degradation with a fallback to a different provider and another fallback to owned servers.
This takes work and reduces capability during the crunch, but it is often a lot easier and cheaper than people think if planned properly and not in a shotgun style of crisis engineering. My 2c.
Author here. The scary bit is that the blacklist is enforced client side in Chrome and other programs. Our servers and systems were running just fine when this happened, but if Google Chrome refuses to open your website, you're still down.
The closest parallel I can think of are expired SSL certificates, but the level of transparency and decentralization of that system vs. this opaque blacklist is not really on the same league.
Some derisking solution may be wrapping your web app as native client. E.g. Electron app is Chrome technically but you get more control over its settings. I know Microsoft (SmartScreen) and Apple may block apps for many reasons too but at least you get more baskets for your eggs.
Yeah i read stories that Yahoo in 1990s called itself a media company and it's product managers "producers" out of fear that once you call yourself a software company - Microsoft will crush you...
As for using clouds - there is absolutely no point in the world to use them for anything above staging level, or very very low level launches. People should switch away from cloud as soon as they see even tentative signs of a product-market fit.
You will save so, so much money switching away from clouds too.
No, you don't need to use a hundred different AWS/GCP/whatever services, and yes, managing your own infrastructure is a lot easier than you think (and sometimes easier/faster than AWS).
The Stack Exchange network, at least around 2018 or so, was hosted on 12 servers they own!
Completely agree. The clouds are still very comfortable for development though, and i use them a lot. But i'd never even think of using cloud in production.
> I do not think Google is doing it consciously -- this is probably just collateral damage from some bot or rule.
"Collateral damage" from some bot or rule just means that Google doesn't care enough about the edge cases (which, at Google scale, are particularly harmful): Google consciously decided this when implementing their algorithms.
> this is probably just collateral damage from some bot or rule
The point is, collateral damage and/or false positives are not acceptable for a service with an impact like this. In the real world, we consider them war crimes, etc. Bots and rules are implementations of policies and policies come with responsibility.