Comment by tgsovlerkhgsel

Blaming Railway for this feels a bit off... criticizing that they advertise the API for MCP use is valid, criticizing the lack of ability to set more granular permissions is valid - but complaining that an API call doesn't come with a confirmation prompt, or that after you deleted your data the infrastructure provider takes time to figure out whether they can use their backup to undo your mistake?

With a major provider, there would be a "recovery SLA", and it would be "we guarantee that once you make the delete call we won't be able to get your data back".

What I'm missing in this article is "we fucked up by not having actual, provider-independent, offline backups newer than 3 months". They'd have the same result if a rogue employee or ransomware actor got access to their Railway account, or Railway accidentally deleted their account, Railway went down, etc.