Atlassian: We estimate the rebuilding effort to last for up to 2 more weeks

If you would permanently delete data for selected customers from a large multitenant system, it could actually take some time to restore it - even with proper backups.

You can’t just do a full recovery as that would mess those customers who were not affected (it likely takes time to notice the mistake - others have continued to use the system). You might need to write some tools to migrate the data from backups. Also you really need to test everything very carefully - otherwise you might be in even deeper trouble (looking at corrupted instead of lost data).

In large organization this kind of ”manual” recovery might require people from multiple teams as no single person knows all the areas. This adds overhead. Throwing too many people in does not help either. When you start thinking about it, few weeks is not that long.

And JIRA is definitely not simple. It’s complicated beast and likely the SaaS features combined with all the legacy makes it even more complicated.

Restore from off-site tape backup. The kind of service where you ship them ~dozen new tapes in a lockbox each week and they ship you the oldest dozen back. It's supposed to be the "if all of a data centers happen to burn to ashes simultaneously" option. If you say "give us all of our tapes, asap" and then have some pour souls swapping them out as fast as the data can be read... it would probably take a few weeks.

My theory in my other comment is that they've deleted some data and are waiting on third-party data recovery specialists. That would explain the timescale.

Jira cloud became much more complex when they went all in on AWS. The reason for the cloud/server fork 4 or 5 years ago was so that cloud engineers could couple to a zillion AWS services without having to build back any backwards compatibility. So data stores are very much more disparate than just a PgSQL DB and redis (which is how it used to be).

Restoring everything from backups is very hard.

Something that can make restore-from-backups harder, and that I've seen happen, is when the backup/restore systems themselves get destroyed by the same black swan event. Then you have to first recover those by doing fresh installs, and you have to have all the people on hand who know what the configurations would have been to be able to then use the backup library. Then you have to begin restoring a few target systems to check that everything is OK with the restore process, then you have to restore everything though you'll be limited by the restore system's bandwidth.

How could this happen? Well, a disgruntled employee could make it happen. It happened at Paine Webber in 2002 [0]. In that case the attacker left a time bomb in the boot process on all systems they could reach, and that included the backup/restore servers. Worse, the time bomb was in the backups themselves, so restored systems ate themselves as soon as they were booted, which slowed down the recovery process.

  [0] https://www.independent.co.uk/news/business/news/disgruntled-worker-tried-to-cripple-ubs-in-protest-over-32-000-bonus-481515.html
  
      https://www.justice.gov/archive/criminal/cybercrime/press-releases/2002/duronioIndict.htm

If you are not regularly testing restores then you don't have backups.

I have no specific information on this, but in general and in theory:

Isn't this how an incompetent, insincere and desperate company being subjected to a ransom attack would communicate publicly?

My guess is they failed halfway through a major schema or api migration. If some of the services have already progressed too far, then rolling back another service to previous backup snapshot will make the two incompatible. Especially if one of the services is global and the other is per customer.

The only way out is to figure out the bugs and continue migrating forward, fixing issues as they appear one by one.

What if they have backups of the data, but not the specifics of users' sites?

Supposedly they’re having to basically restore everyone from backups because a system designed to delete old data was a bit more efficient than it should have been: https://reddit.com/r/sysadmin/comments/u14qqq/_/i4a0mk8/?con...

>While running a maintenance script, a small number of sites were disabled unintentionally.

https://twitter.com/Atlassian/status/1511870509973090304

Most likely they wiped the data

There are two ways this can go:

1) This outage will get their organization to prioritize work such that it never happens again.

2) This outage is representative of a dysfunctional organization that can't prioritize work correctly.

If you've been using Atlassian software for a while and are used to how they prioritize tickets then one of those options seems far more likely than the other.

Same situation.

Absolutely no one even knew this was happening and doesn’t give a shit now because it’s a project death march.

JIRA as a whole has been a fucking shit show of a product over the last decade even on-prem.

Why would you continue with that plan? You couldn't get a clearer warning signal.

"could platform" ... perfect typo!

While our tenant was unaffected, i told my management of this issue. They just shrugged and said we could watch and eat popcorn. I was half way expecting them to raise eyebrows

I was kinda like....."not really the point of bringing it up."

Its worth noting we have had them just delete things within our account before. In fact one of our Senior VP's had their account just....disappear one day. We couldn't @ them in chats, tickets etc. Atlassian just shrugged and "restored" the account and said it was some issue with a stored proc on their backend or something.

I have always felt uneasy about how flippant they are in their processes. But it seems that is not shared.

I'm sure they will also be thrilled waiting sometimes seconds for a character to echo. Good Luck, I suffer with cloud Atlassian every day.

That's ever single company under capitalism tho. Anything else is only empty platitudes.

The stock market parted with reality sometime during 2020.

Can you imagine screwing up this bad and customers still not leave?

I'll probably should buy their stock.

Might have more to do with them moving their HQ from UK to US.

This would allow them access to more investors.

Breaking news: stocks are meaningless numbers.

The outage has been in the past week and it's down over 10%... talking about the last months price changes is irrelevant compared to the last week.

To be fair, Jira screams SaaS.

I don't want any of my company trapped on it, but if they were I'm sure as well not going to self host that spawn of hell.

They've only killed off one version of self-hosted Jira. Their datacenter edition is still alive.

> If you'd self-hosted you'd be fine.

Maybe. But you're counting on your sysadmin(s), who are also managing dozens of other things, to keep up to speed on Jira and its quirks, and apply patches and new versions as they become available without missing any steps or screwing something up.

On average, you're still probably better off having a company that knows the product also host it for you, but obviously they can make mistakes too, and the downside is that when they do it might affect all clients, not just one.

I worked at a company that self hosted Jira, and it was miserable then, I can’t imagine depending on the cloud. I’ll never approve Atlassian products after that experience.

We're using the cloud version and we're fine too (no outage). What's your point? Are you claiming that self-hosted is never down? Or that self-hosted is more reliable? Because I doubt that. Difference is just that when self-hosted goes down, it doesn't end up in the news.