HackerTrans
TopNewTrendsCommentsPastAskShowJobs

abritishguy

no profile record

Submissions

Tolerating full cloud outages with Monzo Stand-in

monzo.com
64 points·by abritishguy·tahun lalu·41 comments

comments

abritishguy
·11 bulan yang lalu·discuss
*she
abritishguy
·tahun lalu·discuss
It's a very good question. The stand-in system itself has been built to have basically no external dependencies itself.

So, the question you are really asking is "to what extent are the other parties involved in the processing of payments resilient to AWS failure" – e.g. Stripe probably isn't and that's probably a decent chunk of e-commerce.

I definitely don't think this would be anything close to smooth sailing if AWS was to fully go down, but we do have the benefit that underlying payment infra is still dominated by on-prem with leased lines etc. My best guess of the actual behaviour would be that bank transfers would keep working, the card networks themselves would keep working but the average e-commerce website would not.

Naturally, we can only control for what we can control for – and for us the primary benefit of stand-in is what it gives us in the much more likely scenario of an incident in our platform.
abritishguy
·10 tahun yang lalu·discuss
I don't see a distributed lock implementation being both 100% correct without any support of the resources guarded by the lock and actually feasible.

For data which absolutely must never violate the lock then the underlying data storage has to be involved. The vast majority of times where a distributed lock is used is where the underlying storage doesn't provide any support and the distributed lock is good enough, failures are exceptional and not disastrous.

If you want perfect correctness then you can just not have auto-release but practically this will cause more problems than it solves.
abritishguy
·12 tahun yang lalu·discuss
There are lots of things that you can do easily with postman but would be difficult with a CLI tool.