It was not offline. It was pretty slow - some requests failed entirely - but only for authenticated users which suggests the problem was server/database capacity as the unauthenticated pages served from cache were still very fast.
HN tends to slow down when there are very active discussion threads. The FB is down threads died down quite a bit when their site came back online. The threads for FB is back online had much sparser discussion.
If you loaded in private browsing (or logged out), HN was speedy as normal. If you're like me, from time to time you accidentally sign out and don't notice it until much later.
Facebook was ensuring that they could shut down when the reveal happens. If you can't control the flow of communication, you cause an information blackout. Expect every major tech site to practice in the coming weeks as well.
However if you are completely disabling cookies and connecting for a unreliable source (like a public wifi or TOR) then there is nothing to store that your session is trust worthy.
> The robots went silent. What about the traffic coming to our CDN sites from Facebook User-Agents? The gap is indisputable. We see about 30% of a typical request rate hitting us. But it's not zero; why is that? We'll let you know a little secret. Never trust User-Agent information; it's broken. User-Agent spoofing is everywhere.
That is an interesting way of finding out how many spoof connections exist for Facebook and who the spoofers are. Just take down Facebook and all the traffic that says to be Facebook is spoofing. Simple as that.
Interesting, but makes sense. want to do previews, look like a preview bot - presumably there's also some sites that serve preview metadata only to such user agents.
You don't need anything to go down, just get a list of the subnets within their BGP ASN and filter those out, the rest are these spoofs. You can do this trivially at any time.
It's not necessarily spoofing. During the outage you could still open the FB app, at least on Android, and it would show you cached content. By default it opens links in the FB Browser, which was probably still working during the outage. So it shouldn't go to zero.
Example in-app browser UA, pulled from my server logs just now: Mozilla/5.0 (Linux; Android 11; Pixel 3 XL Build/RQ3A.210905.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/93.0.4577.82 Mobile Safari/537.36 [FB_IAB/FB4A;FBAV/337.0.0.32.118;]
I don't think the user agents under discussion are the UAs sent by the Facebook browser, but rather the ones sent by Facebook's crawlers.
The Facebook browser is distributed across all of humanity, so it'd be expected to have legitimate activity during the outage.
The Facebook crawlers, however, are presumably all behind the blackholed Facebook network, so any request purporting to be from a Facebook crawler is likely up to no good.
Funny how absolutely nothing changed for me during this outage everyone, their grandmas and their dogs seem to be talking about. I don't use Facebook. And nothing of value was lost. Amazing how they're a multibillion dollar company.
37 comments
[ 4.6 ms ] story [ 56.7 ms ] threadMaybe though, GP is meta, about how psyops efforts moved elsewhere.
Probably too silly but I found the thought fun. Hope you've enjoyed it too.
Wouldn't those have been coming from Cloudflare, though?
https://news.ycombinator.com/item?id=18496344
I’m really curious why this was the case.
There's not a whole lot of mystery here.
That said, I can't claim that those threads didn't have more readers than other threads. But I can't say they they did either.
It also seems uniquely interesting that some people experienced the slowness but others did not.
Sincerely,
A Network Engineer
However if you are completely disabling cookies and connecting for a unreliable source (like a public wifi or TOR) then there is nothing to store that your session is trust worthy.
That is an interesting way of finding out how many spoof connections exist for Facebook and who the spoofers are. Just take down Facebook and all the traffic that says to be Facebook is spoofing. Simple as that.
But guess what? iMessage adds Facebot and Twitterbot to its User—Agent when getting a preview when you send someone a link.
So, as ever, shit’s complicated in the real world.
Example in-app browser UA, pulled from my server logs just now: Mozilla/5.0 (Linux; Android 11; Pixel 3 XL Build/RQ3A.210905.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/93.0.4577.82 Mobile Safari/537.36 [FB_IAB/FB4A;FBAV/337.0.0.32.118;]
The Facebook browser is distributed across all of humanity, so it'd be expected to have legitimate activity during the outage.
The Facebook crawlers, however, are presumably all behind the blackholed Facebook network, so any request purporting to be from a Facebook crawler is likely up to no good.