This just in everyone...

Android Dev: *sent and email to network admin* can you please unblock github for a few mins.

Network admin: *Replied* Can you take a screenshot whats the error your getting.

Android Dev: *Replied with screenshot* "Failed to load resource: the server responded with a status of 503 (Service Unavailable)"

Network admin: that is a known issue. *Replied with Wordpress Links.

Android Dev: why is github working outside our network then?

Network admin: there must be a problem with your code that needs to be tweaked.

Team: *FACE PALM*

Most times I've my phone's location switched off. Every time I open some random app, which doesn't require any location service, a toast pops up saying location unavailable. This is simply bonkers.

Issue or Error? Rant story time!

I was working on a windows desktop app, and everything was ok, you know, tests completed succesfully, all in time, etc. The problem was when we showed the demo to one of our clients. He saw several screens and we explained all the features to him.

Client: *Sees a Error pop-up indicating that a remote service is temporarly unavailable (what it has to happen in order to show him how the system would warn him when an external service is out of service)
Client: What’s that?
Lead dev: What do you mean?
Client: Yes. That’s an error pop-up
Lead dev: Yes, it’s a message that tells you that there was an issue connecting to the bank service
C: No, no and no. Please change it
L: Why? Don’t you want the system to tell you when there is a connection issue and why is that happening?
C: Yes, but my employees could lost their minds because of this class of messages!
L: So...?
C: You have to change it
L: Ok. What do you want to change?
C: First of all, don’t put an “Error” icon, put an “Warning” icon, and instead of “Error” title, put... “Issue”
L: “Issue?”
C: Yeah. Don’t put the “E” word, if the users see an “Error” message, they could think that the program doesn’t work, even if it does work.

We all though “WTF?!”

To make the story shorter, we changed all the pop-ups. That took two days.

Is that correct? I know that “Error” sounds hard but, seriously? “Issue: The remote service is not available, contact your bank?”

Get your shit together Microsoft..

Stakeholder: Users are unable to buy tickets on the website. IT says Azure’s health check is showing an unhealthy status.

[It’s Sunday. Web Engineering is not on call so no one sees this right away.]

Stakeholder: IT restarted the Azure website twice, but users still can’t place orders.

Me: There was never an issue with the Azure site. That health check is inaccurate. There is a rewrite rule that sends the Azure supplied domain to our custom domain. The Azure health check doesn’t like that so it returns an unhealthy status. The problem is the ticketing server that the website has to communicate with. The ticketing server is overwhelmed and can’t handle more requests. IT should have checked the ticketing server’s logs. This has happened before and it’s never been an Azure issue. It’s a ticketing server issue.

Stakeholder and IT: Oops 😅

—-

JFC. Stop trying to make this web engineering’s problem. Stop trying to make it look like engineering dropped the ball. The ticketing server has experienced this issue multiple times. The ticketing server is maintained by a different team. The website’s symptoms are always the same and there are steps you need to take before you make the decision to restart the website, which will cause the website to show a blue screen of death that says 503 service unavailable for a few minutes. And we have a switch to shut off all transactions. Why do you not want to use it when it’s clear the website can’t process transactions???

In last episode of "How SystemD screwed me over", we talked about Systemd's PrivateTMP and how it stopped me from generating SSL certificates.

In today's episode - SystemD vs CGroups!

Mister Pottering and his team apparently felt that CGroups are underused (As they can be quite difficult to set up), and so decided to integrate them into SystemD by default. As well as to provide a friendlier interface to control their values.

One can read about these interactions in the manual page "systemd.resource-control"

All is cool so far. So what happened to me today?

Imagine you did a major system release upgrade of a production server, previously tested on a standalone server. This upgrade doesn't only upgrade the distribution however, it also includes the switch from SysVInit to SystemD. Still, everything went smooth before, nothing to worry now then, right? Wrong.

The test server was never properly stress-tested. This would prove to be an issue.

When the upgrade finishes, it is 4 AM. I am happy to go to bed at last. At 6 AM, however, I am woken up again as the server's webservices are unavailable, and the machine is under 100% CPU load. Weird, I check htop and see that Apache now eats up all 32 virtual cores. So I restart it, casting it off to some weird bug or something as the load returns to normal.

2 hours later, however, the same situation occurs. This time, I scour all the logs I can, and find something weird - Many mentions that Apache couldn't create a worker thread? That's weird.

Several hours of research and tinkering later, I found out the following:
1 - By default, all processes of a system that runs SystemD are part of several CGroups. One of these CGroups is the PID CGroup, meant to stop a runaway process from exhausting all PIDs/TIDs of a system.

This limit is, by default, set to a certain amount of the total available PIDs. If a process exhausts this limit, it can no longer perform operations like fork().

So now, I know the how and why, but how should I solve this? The sanest option would be to get a rough estimate of just how many threads the Apache webserver might need. This option, though, is harder, than apparent. I cannot just take the MaxRequestsWorkers number... The instance has roughly double the amount of threads already. The cause being, as I found out, the HTTP/2 module, which spawns additional threads that do not count towards this limit. So I have no idea what limit to set.

Or I could... Disable the limit for just the webserver via the TasksAccounting switch. I thought this would work. And it did seem to... Until I ran out of TIDs again - Although systemctl status apache2.service no longer reported the number of tasks or a task limit of the process, the PID CGroup stayed set to the previous limit. Later I found out that I can only really disable the Task Accounting for all the units of a given slice and its parents.

This, though, systemctl somewhat didn't make apparent (And I skimmed the manual, that part was my fault)

So... The only remaining option I had was to... Just set the limit to infinite. And that worked, at last.

It took me several hours to debug this issue. And I once again feel like uninstalling systemd again, in favor of sysvinit.

What did I learn? RTFM, carefully, everything is important, it is not enough to read *half* the paragraph of a given configuration option...

Oh, and apache + http/2 = huge TID sink.

anyone else get second thoughts about their bank when they see this kind of message after logging in?

"Online Banking is unavailable
We are really sorry we are preventing you from completing your banking today. Our technical teams are aware and actively investigating. Please know they are working hard to restore service as soon as possible.

Please call us at 123-456-7890 for banking assistance or information."

er... what?

3 weeks into getting dragged into another MS-stack project, I have already been repeatedly reminded why I decided to invest so much energy in moving my career as far away from Microsoft dependency as possible. Even something as simple as reviewing settings on Azure App Service is a hit-or-miss affair, being completely unavailable for hours at a time at least once a week. Azure Functions are consistently unavailable for at least a few minutes every day. Don't even get me started on "Azure DevOps".

Why the fuck do people still place their trust (and critical infrastructure) in the hands of Microsoft?

So the saga of broken fucking everything continues at work, and I'm managing it, effectively, and doing it correctly on the first go-round. It's a long process though, because the two retards who preceded me were equally inept for completely different, yet equally disruptive and destructive reasons. The first dude was just plain psychotic, probably still is. I'd post some of his code, but I don't want anyone's face to melt off like those Nazi dudes at the end of Raiders of the Lost Ark. I can handle it because I'm constantly inebriated, which is not as fun as it sounds. If you have to ask yourself if you can handle it, you probably aren't, unless you've had to Uber to/from work due to still being fucking drunk. Anyway, enough about that, and it was only like twice. The rest of the times, I was more blazed than Jerry Garcia at a weed smoking contest. Moving along.

UPS shipping labels broke two weeks ago, I fixed it, but these fucking 10xers jointly decided to not only never implement anything resembling error handling, other than EMPTY GOD DAMN "try/catch"es (empty catch, wow so efficient), and instead of using COMMENTS, which I know are a new thing, they'd wrap blocks of code in something like: if 1 = 0 {} FUCK YOU DICKFACES. As I was saying before I got emotional again, they tied the success to all kinds of unrelated, irrelevant shit. I'm literally needle/haystacking my way through the entire 200GB codebase, ALONE, trying to find all the borked things. Helpfully, my phone is ringing all the time from customer service, complaining about things that are either nothing to do with the site, or due to user stupidity, 75% of the time.

A certain department at my company relies on some pretty specific documents to do their job, and these documents are/were generated from data in the database. So until I can find and fix all of the things, I've diverted my own attention as much as possible to the rapid implementation of a report generation microservice so that no one elses work is further disrupted while I continue my cursed easter egg hunt from fucking hell.

After a little more than two days, I'm about to lauch a standalone MS to handle the reports, and it's unfortunately more complicated than I'd like, because it requires a certain library that isn't available on Winblows, so I've dockerized the application. Anyway, just after lunch, I've finished my final round of tests, and I'm about ready to begin migrating it to the server and setting up (shitty fucking shit) IIS to serve it appropriately. At this point, this particular report has been unavailable by web for about 8 days.

A little after lunch, and with no forewarning of any kind, the manager of managers runs upstairs and screams at me to "work faster" and that "this needs to be back online RIGHT NOW", but I also know that this individual is going to throw a fit if things on this pdf aren't a pixel perfect match. So I just say "that's some amazing advice, I wish I'd had the foresight to just do it better and work faster". Silence for a good five seconds, then I follow up with "please leave and let me get back to my work". At that moment from around the corner, my "supervisor" suddenly, magically even, remembers that he has had the ability to print this crucial, amazingly super fucking important document all along, despite me directly asking him a week ago, and he prints it and takes it where it needs to go. In the time that it takes him to go to that other department and return, I deploy my service.

I spent the rest of the day browsing indeed and linkedin jobs, but damn this market is kinda weird right now, yeah?

Just deployed my Nodejs app but some routes are returning *503 Service Unavailable*.

And others are working just fine

Is there a special way to name routes when on production?

Because everything was working fine on localhost

Thanks for your help

I vaguely remember some joke about how difficult networking is and how some Jeff Atwood blog post I think makes the comparison about analogy of sending actors in a taxi to somewhere being compared to a packet, anything can happen inbetween but you will get the packet or something indistinguishable from the original at the other end if all goes well.

Are occasional/intermittent 503 service unavailable or 504 gateway timeouts unavoidable for microservices calling another external microservice?

Like at that point isn't receiving a 503 or 504 from something else, somewhat outside my jurisdriction, albeit I am fucked if I am depending on them and need to fail gracefully.