% curl -I https://www.v6.facebook.com
HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Set-Cookie: reg_fb_gate=https%3A%2F%2Fwww.v6.facebook.com%2F; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=https%3A%2F%2Fwww.v6.facebook.com%2F; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
Date: Thu, 19 Jun 2014 08:03:22 GMT
That the service may be unreliable and it's one more point of failure is just one of the reasons why it's a bad idea to depend on FB (or Twitter, or G+ login) for your logins, and this is why their attempt to subsume the web with corporate corrals will ultimately fail.
If you want to take advantage of this market then there are ways to use Login with Facebook without being wholly dependent. Basically if you have full account management, but you allow third-party authentication that ties into that account, especially allowing multiple OAuth providers to be linked to a single of your internal accounts (eg. see how Stack Overflow works), you can significantly mitigate the downside.
The purist and old-school web head and open standards guy in me hates it, but you can't argue with the business case for it.
There is a simple solution to this. STOP ASKING USERS TO SIGN UP! Do your REALLY need to collect the users e-mail? Do REALLY need them to have an account at all? If you do, then when they register don't ask for their e-mail address if it isn't necessary, or at least make the e-mail address an optional field. Hacker News never asked for my e-mail, because there is no need for them to have it. I probably wouldn't have made an account if it did require an e-mail address.
As you say with FB login there are ways to mitigate that risk, but to take one example - if FB charge for the service in future at 0.01c per use, many of your users will still want to login with FB because it's easier for them, and you'll be stuck with the bill. This happened with sites using google maps in 2012 when they started charging - each of these decisions has to be weighed up individually as a risk, but I think login is too important to delegate to another site and a significant addition of complexity and risk.
That said, your example doesn't demonstrate much risk at all. What are the incentives for FB to start charging for this? It just doesn't make any sense for them to give up that data and that control to try to squeeze existing site operators out of a buck. I mean, never say never, but the risk is much less than it was with Google Maps where you always had to be asking what Google was getting out of this expensive and difficult-to-build-your-own service.
It's naive to assume that a company will defend their subsidiary. I am not condoning how they treated you but your assertion of the app has nothing to do with Facebook is incredulous.
Also, reliability is one factor out of several, it is not the only, or even the primary, risk with using something like FB login.
It depends on your line of business, but if you compare the benefits of making user signup faster, lowering acquisition barriers and getting access to the social graph of users against the risks of depending on one of the top infrastructures in the cloud, I think it may well be worth the trouble.
Probably you are talking about redundancy where, I agree, it does go down.
As for which risk is the most important risk, well, that's up to your business to decide. But nothing is without risk, all you can do is choose which to expose yourself to.
You can packup your application and move it to Amazon/Rackspace/DigitalOcean, but if you use Facebook login exclusively or use a third party API for a core service and they decide to change (as GP suggests), you're fucked.
Using it for logins is really questionable. But if you are, for example, building a game for Facebook, it gives you many advantages, so occasional downtime is not really the biggest issue. Let's check the things you wrote about in gaming context:
- charging for the service later TRUE (viral is dead, you pay for the ads to get new players in)
- cut you out of a relationship with your own customer - somewhat FALSE (you can request e-mails from your customers, and have a direct contact afterwards). Even with fan pages, they are not cuting you out, but merely asking to pay to get your message to them
- require you to use their store TRUE, but every other platform does the same
- copy your idea and give it for free. FALSE - Facebook never made a game AFAIK
- squezee you margins. TRUE. I do notice that Cost Per Install for my games is getting higher the more I advertize, and that it suddenly jumped from about $0.15 per install to $0.50 per install a few days ago - about the same time when they switched to the new payment user interface.
OAuth dialogs don't load and the graph API is down too.
Today's unofficial but fun to pronounce related word is "specificity".
Also affects the like buttons across the web, see the error on an old TC article here: http://cl.ly/image/2Q3V1X240D12
No application, desktop or web app, is truly bulletproof.
The downtime will surely end and it'll be back up again for sure, facebook has very smart people behind it, but this event will have served as a very interesting 'accidental' social experiment. Honestly, I'm not that interested on what happened technically, but I'm interested what effect it had socially for the common man outside the techcrunch/HN/reddit/tech bubble.
On-topic: does facebook have a consolidated status page?
Nobody is on Facebook constantly. It was down for about 30 minutes, tops. The "common man" just did whatever common men do for all those minutes when they're not on Facebook. Maybe, maybe not, they'll make up the slack later.
Sure, someone was inconvenienced because they relied on being able to find some information or send a message on Facebook and couldn't, but I'll bet far, far more people are inconvenienced on a daily basis in a similar way when their smartphone runs out of battery or is stolen or otherwise lost. Or the network (mobile or fixed line) is down.
I do agree that a lot of people, if not, everybody will not go crazy or be inconvenienced by a 30-minute downtime, not everyone is on it 24/7. I'm just saying I'm interested on where all those man-minutes went to for avid users.
Probably ringing on their neighbours' door, playing Xbox or having lunch with their family, etc.
If you mean all code it will be the end of Facebook.
But ofcourse this is never going to happen.
Once you delete something it stays on facebook for like weeks.
They would have to have accidentally blown up everything with a bomb to have the problem you're talking about.
As for not deleting data that you request to be deleted, that's normal practice. I know on every site I run, when someone clicks delete, it flags the content and it's hidden, but remains in the database. Deleted data is still valuable data, and it has a wide variety of uses.
“Earlier this morning, we experienced an issue that prevented people from posting to Facebook for a brief period of time. We resolved the issue quickly, and we are now back to 100%. We're sorry for any inconvenience this may have caused,”
pi@pi ~ $ curl -I http://facebook.com/
HTTP/1.1 503 No server is available for the request
Content-Type: text/html; charset=utf-8
Date: Thu, 19 Jun 2014 07:54:55 GMT
Moreover, it's not just facebook itself, any site or app that uses signin with facebook or their oauth, nope, that is not working either.
However the main reason, is I don't know if it's ever gone down before. I certainly cannot think of a time.
It's all about the context, who/what/where/etc.
Like and follow buttons affected too.
Network error on the App.
[Edit] It's down down under as well.
Edit: down in France as well.
*The internet is down.
Seems like a major screw up.
Sorry, Something went wrong.
We're working on getting this fixed as soon as we can.
Edit - This is India reporting.
Maybe I'm jaded because I don't really "get" the whole social network phenomena, but honestly, who really cares anyway? Productivity will (briefly) go up; a few people dependant on FB SSO's wont be able to log into some other pointless services and the internet will continue to function.
I normally down vote people when they say "what does xyz have to do with HN?", but 3 submissions commenting on a procrastination portal being down is really scraping the barrel.
I see the submissions have now been consolidated. That makes much more sense. Good work HN admins :)
For many people, Facebook is how they interact with the web. It's their primary portal for talking with their friends, sharing photos, sending messages, and catching up on news stories.
Calling it a "social network" is like calling Google only a search engine. It's way, way more. And this outage is completely unprecedented. Can you recall a previous time that Facebook has been down? I can't.
This has a major impact on a lot of sites, and there are millions of people that do care about Facebook.
It is worthy of a HN submission, although I personally care most about the postmortem to find out what went wrong.
Imagine how many people are locked out of thousands of websites where the only way to sign in and check your order or something is by using Facebook login, which is not working.
It will be interesting to read postmortem but as far as "is down" stories go, they should be just auto-deleted from HN