Mozilla buys Pocket, a typo causes a major AWS outage, SpaceX plans to go around the moon, Cloudflare follows up on last week’s security bug, and Azure releases a new CLI tool.

Mozilla buys Pocket

Pocket, probably the most-used read-it-later service¹, has been acquired by Mozilla. This is an interesting move in several ways. Starting with the fact that this is Mozilla’s first acquisition.

As I mentioned not that long ago, Mozilla has a fair number of products but they were all built in house. To suddenly see them buy a closed-source product is therefore interesting in itself. Of course, from their perspective this acquisition makes sense. Not only did Pocket start out as a Firefox extension, but it has been built into Firefox as a standard feature for almost 2 years.

Still, as always, this isn’t necessarily a good thing for Pocket users in the long run. Mozilla tends to do what they think is right, and while that includes a good focus on their users, Pocket is a quite different kind of product than what they’re using so far. So just like when Instapaper was purchased by Pinterest, it’s unclear what the future will bring. Other than that in general read-it-later services will be more a feature than a separate product.

Now, I don’t think it will come as a surprise if the integration of Pocket in Firefox will grow even more and turn into a feature not unlike Safari’s Reading List. On the other hand, how will Mozilla’s team integrate with the Pocket team? Mozilla is a non-profit organization while Pocket obviously wanted to make money, for example by showing ads to its free tier users and having a paid tier. It will be interesting to see how this will work out, but on some level it might be even more interesting to consider Mozilla’s general way of dealing with software.

Every Mozilla project is a community project with open source software. Firefox has many contributors from outside of Mozilla, and anyone who wants to can use the code to build their own version. Pocket isn’t. It’s a closed source service that is only worked on by their own team. Plenty of times open source code is acquired and brought into a closed source environment, with mixed results. The reverse is not as common though, so I for one am looking forward to see what will happen here.

AWS oopsie

You may have noticed that there was a slight hiccup in the Internet last week. Many sites that had trouble loading and fun things like that. This was caused by a problem at the service that everyone seems to use these days: AWS. The problem was limited, it was an outage of the S3 service in the us-east-1 region. Which unfortunately means that it was a service that a lot of other services rely on, in their most-used region.

As I prefer to look at the root causes for incidents like this instead of what happened, let’s have a quick look at the post-mortem provided by AWS. Oh… Well, that sounds like someone was having a bad day. In short, someone filled in the wrong number in an automation script. Many of us will have experience with that moment where you press enter and suddenly realize you didn’t mean what you just typed and try to CTRL-C it away. Sometimes you’re lucky and catch it in time, and sometimes you take down half the Internet.

The issue here therefore isn’t that someone made that typo, it’s that it was possible to make that typo. AWS has now said that they’ll update their automation software to prevent this from happening², but it’s also a lesson to everyone else. You should be careful when you write your software to do potentially destructive actions. A question asking if you’re sure helps, but there are other options as well. Maybe you have tool that lets you spin up and destroy AWS environments. It might be a good idea that you don’t let it destroy certain environments if they have a tag set (or some other checks) so you don’t bring down a production environment by accident. Automation is great, just be careful with your tools.

Small things

A couple of small things that I don’t have much to say about. First is the announcement from SpaceX that they’ll be taking a couple of tourists for a trip around the moon. On the one hand that seems like a wonderful thing to spend your money on when you’re very rich, and on the other… well it still sound amazing. It’s still quite a while off in the future as the actual rocket is still being built, but it once again shows the ambition that SpaceX has.

Last week I spoke of Cloudflare’s security bug, named “Cloudbleed” because all these things need cutesie names. I didn’t go into too many details about the impact at the time as there wasn’t all that much known. Now, Cloudflare has released their initial findings of the impact and it sounds like good news. They can’t guarantee anything as they can’t look at every interaction³, but so far it looks like no passwords, credit card details, or health data was leaked. That doesn’t mean that refreshing your passwords as part of good password hygiene isn’t a good idea, but the chance of anyone having gotten it is quite small. The report on their findings is very informative so have a read through it.

Lastly, Azure has released their new CLI tool. Unlike the first one, which was some sort of nodejs shell that I personally didn’t like using, this is built as a proper CLI tool. Very similar to the AWS version, it splits functionality into sub commands, and allows you to run your commands that way. It doesn’t sound like it can do everything yet⁴, but from playing around with it I found it a great improvement for what it does support.