Nostr notes by Matt Nordhoff

Luckily for some, AWS's public SLAs have an "SLA ...

2026-03-03T01:47:34Z

In reply to nevent1q…m7dh
_________________________

Luckily for some, AWS's public SLAs have an "SLA Exclusions" section that says you can get lost in case of force majeure! I guess they can skip the refunds and everyone can proceed straight to the lawsuits.

https://aws.amazon.com/s3/sla/
https://aws.amazon.com/compute/sla/

I wonder what local laws say or what kinda contracts their large/government clients get.

Lengthy update on https://health.aws.amazon.com/health/status ...

2026-03-03T01:15:05Z

Lengthy update on https://health.aws.amazon.com/health/status earlier:

> **Mar 02 4:19 PM PST**> We are providing an update on the ongoing service disruptions affecting the AWS Middle East (UAE) Region (ME-CENTRAL-1) and the AWS Middle East (Bahrain) Region (ME-SOUTH-1). Due to the ongoing conflict in the Middle East, both affected regions have experienced physical impacts to infrastructure as a result of drone strikes. In the UAE, two of our facilities were directly struck, while in Bahrain, a drone strike in close proximity to one of our facilities caused physical impacts to our infrastructure. These strikes have caused structural damage, disrupted power delivery to our infrastructure, and in some cases required fire suppression activities that resulted in additional water damage. We are working closely with local authorities and prioritizing the safety of our personnel throughout our recovery efforts.

> In the ME-CENTRAL-1 (UAE) Region, two of our three Availability Zones (mec1-az2 and mec1-az3) remain significantly impaired. The third Availability Zone (mec1-az1) continues to operate normally, though some services have experienced indirect impact due to dependencies on the affected zones. In the ME-SOUTH-1 (Bahrain) Region, one facility has been impacted. Across both regions, customers are experiencing elevated error rates and degraded availability for services including Amazon EC2, Amazon S3, Amazon DynamoDB, AWS Lambda, Amazon Kinesis, Amazon CloudWatch, Amazon RDS, and the AWS Management Console and CLI. We are working to restore full service availability as quickly as possible, though we expect recovery to be prolonged given the nature of the physical damage involved.

> …

RE: https://infosec.exchange/@mnordhoff/116160410647779449 Based ...

2026-03-02T23:23:38Z

In reply to nevent1q…5rz7
_________________________

RE: https://infosec.exchange/@mnordhoff/116160410647779449

Based on its unique architecture, Amazon S3 is designed to exceed 99.999999999% data durability.

The S3 Standard storage class offers a 99.9% availability SLA and is designed for 99.99% availability.

https://aws.amazon.com/s3/storage-classes/

quoting
note1nwy…82q2

I missed this yesterday, but AWS Middle East (UAE) (me-central-1) has been having issues due to the war.

"At around 4:30 AM PST [2026-03-01], one of our Availability Zones (mec1-az2) was impacted by objects that struck the data center, creating sparks and fire. The fire department shut off power to the facility and generators as they worked to put out the fire."

"**Mar 01 10:46 PM PST** We can confirm that a localized power issue has affected another Availability Zone in the ME-CENTRAL-1 Region (mec1-az3)."

This might be the first time AWS has ever had separate, serious outages affecting multiple AZs simultaneously, if you exclude the many many outages where a region-level service like S3 goes down due to a software issue.

https://health.aws.amazon.com/health/status

Edit: I didn't scroll down! Middle East (Bahrain) also has an affected AZ.

"**Mar 01 11:09 PM PST** We are investigating connectivity and power issues affecting APIs and instances in a single Availability Zone (mes1-az2) in the ME-SOUTH-1 Region due to a localized power issue."

I missed this yesterday, but AWS Middle East (UAE) (me-central-1) ...

2026-03-02T16:00:03Z

I missed this yesterday, but AWS Middle East (UAE) (me-central-1) has been having issues due to the war.

"At around 4:30 AM PST [2026-03-01], one of our Availability Zones (mec1-az2) was impacted by objects that struck the data center, creating sparks and fire. The fire department shut off power to the facility and generators as they worked to put out the fire."

"**Mar 01 10:46 PM PST** We can confirm that a localized power issue has affected another Availability Zone in the ME-CENTRAL-1 Region (mec1-az3)."

This might be the first time AWS has ever had separate, serious outages affecting multiple AZs simultaneously, if you exclude the many many outages where a region-level service like S3 goes down due to a software issue.

https://health.aws.amazon.com/health/status

Edit: I didn't scroll down! Middle East (Bahrain) also has an affected AZ.

"**Mar 01 11:09 PM PST** We are investigating connectivity and power issues affecting APIs and instances in a single Availability Zone (mes1-az2) in the ME-SOUTH-1 Region due to a localized power issue."

RE: https://infosec.exchange/@mnordhoff/115675202677067879 ...

2025-12-09T11:11:11Z

In reply to nevent1q…842n
_________________________

RE: https://infosec.exchange/@mnordhoff/115675202677067879

https://groups.google.com/a/list.nist.gov/g/internet-time-service/c/Zd7VaR-vqV4

> On Saturday, 6 December 2025 at approximately 21:13 UTC, the atomic time source (a single cesium beam atomic clock) for all the internet time servers at the NIST Gaithersburg campus failed and exhibited a time step of approximately -10 ms.

Oh.

quoting
note12kk…ljut

time.cloudflare.com suddenly 5-10 ms off the real time in the eastern US.

I'd guess probably something boring, like network asymmetry near the top of the tree (bottom of the tree?).

(When the service was new, the accuracy was routinely worse than this.)

time.cloudflare.com suddenly 5-10 ms off the real time in the ...

2025-12-06T23:25:17Z

time.cloudflare.com suddenly 5-10 ms off the real time in the eastern US.

I'd guess probably something boring, like network asymmetry near the top of the tree (bottom of the tree?).

(When the service was new, the accuracy was routinely worse than this.)

Cloudflare will also turn off Cloudflare's security features ...

2025-11-18T17:22:06Z

In reply to nevent1q…5dd7
_________________________

Cloudflare will also turn off Cloudflare's security features if Cloudflare is down!

https://blog.cloudflare.com/details-of-the-cloudflare-outage-on-july-2-2019/

Almost all of the gTLD registry backend operators, and some ...

2025-08-17T20:16:16Z

Almost all of the gTLD registry backend operators, and some ccTLDs, love moving infrastructure to AWS.

I wonder if there will ever be any negative consequences to this, beyond the financial ones.

:pika:

I'm not sure. I think Ubuntu generated/generates their own, ...

2025-03-03T02:00:58Z

In reply to nevent1q…0jxh
_________________________

I'm not sure. I think Ubuntu generated/generates their own, but my memory could be playing tricks on me.

I liked how old versions of Ubuntu shipped tons of small ...

2025-03-02T22:41:26Z

In reply to nevent1q…x5nz
_________________________

I liked how old versions of Ubuntu shipped tons of small parameters, about a dozen 6144-bit ones (dated 2004), and three 8192-bit ones (dated 2006). Obviously someone at OpenSSH/Debian/Ubuntu got tired of waiting and hit ^C.

(Now they have dozens of each, dated more recently.)

So, yesterday's thing was, DigiCert is dumping IPv6 support ...

2025-01-05T13:56:46Z

So, yesterday's thing was, DigiCert is dumping IPv6 support after their current CDN, Edgio, went bankrupt.

(2 longstanding companies merged and rebranded onto a colonial .io domain and filed for bankruptcy 2 years later, eh?)

But DigiCert also recently acquired the oft-DDoSed DNS service UltraDNS (to go with the other DNS service they acquired before), which uses Edgio for DDoS protection!

(traceroute an UltraDNS nameserver like pdns196.ultradns.com or b.cctld.us, you may see AS22822/llnw.net near the destination.)

Wonder how that's gonna go.

https://social.elizabeth.cat/notes/a2m7w4bjk1e3newm

The .fun TLD has been a bit broken for a month now. 👍 ...

2024-11-18T09:28:57Z

The .fun TLD has been a bit broken for a month now. 👍

https://dnsviz.net/d/fun/ZzsFkg/dnssec/

They use a secondary DNS service -- but don't list it in the root zone, so it doesn't really make the TLD more reliable -- and it stopped updating the zone around 2024-10-18 for some reason.

And the three companies involved have yet to fix it for some reason.

So under certain circumstances a small percentage of DNS queries for .fun domains just randomly fail. 🤷

Nostr event nevent1qqsq8nxqsdhjxgxassc096uy68xv8xs6m77rf272dcx7u2xu6n0r4yqzyq7nr8hy32p7p3tlsrsg6wp6hplpw7dxe2l6tjsrlskukx23ra0n79rhz82

2024-09-25T09:47:57Z

https://vercara.com/news/digicert-completes-acquisition-of-vercara

!?!?!? First DigiCert acquired DNS Made Easy/Constellix, now they acquired Vercara (UltraDNS).

Real loss for competition in the US enterprise DNS market. Now it's just like NS1 (acquired by IBM instead), Akamai, *sigh* Cloudflare, and non-traditional services like Amazon.

(Defining a "traditional" DNS service as roughly one that supports zone transfers, arbitrary record types and static DNSSEC.)

(Meanwhile I continue to lament the non-enterprise-budget personal or small business DNS market.)

Popular controversial hosting company Cloudflare has been ...

2024-09-11T15:11:33Z

Popular controversial hosting company Cloudflare has been reenabling Encrypted Client Hello (ECH) recently. They had announced it with [fanfare](https://blog.cloudflare.com/announcing-encrypted-client-hello/ ) and then disabled it again with [less fanfare](https://community.cloudflare.com/t/early-hints-and-encrypted-client-hello-ech-are-currently-disabled-globally/567730 ).

Almost all of the popular domains with it enabled look NSFW. :blobshrug:<code>$ dig +short openstreetmap.org https<br>1 . alpn="h3,h2" ipv4hint=104.21.88.66,172.67.173.161 ech=AEX+DQBBswAgACCY/JoV+3cuHZdOgYzHZ0SP9Ms+TN3PN8D8vk10GJU/AgAEAAEAAQASY2xvdWRmbGFyZS1lY2guY29tAAA= ipv6hint=2606:4700:3030::ac43:ada1,2606:4700:3034::6815:5842<br></code>

(That domain is not NSFW. Probably.)

Apparently [someone noticed and Cloudflare confirmed it](https://community.cloudflare.com/t/encrypted-client-hello-ech-are-being-enabled-again/700863 ) 3 weeks ago.