Submitted 1 month ago by throws_lemy@lemmy.nz to technology@lemmy.world
Given that the infrastructure description included the DataTalks.Club website, this resulted in a full wipe of the setup for both sites, including a database with 2.5 years of records, and database snapshots that Grigorev had counted on as backups. The operator had to contact Amazon Business support, which helped restore the data within about a day.
*sigh*, SNAPSHOTS ARE NOT BACKUPS!
Happy to see this, because it’s fully deserved. Let real coders do the job!
Idiot forgot –no-preserve-root, what a dumb machine, heh.
Claude code has them, it’s just that this guy apparently doesn’t know how to do Terraform either
You’re absolutely right! I made a fatally flawed decision by removing the production environment. The consequences likely have high impact. I’m sorry. Would you like me to log these mistakes to prevent further missteps or would you like me to write up an outline for the redeployment process?
eh, just make up some replacement data on the fly /s
My man was barebacking production with Claude for 2.5 years with no backup, high chance the data was majorly hallucinated anyway.
s/redeployment/reemployment/
I’m an engineer using Terraform and Claude Code as well in a much larger and more expensive setup than his.
You do not let Claude Code run terraform apply, it has zero benefits. All it does is that it runs the command and obscures the output. Most of the time is going to be spent in waiting for the automation anyway, most of the effort that you can spare is before running apply.
Also:
applying delete protections to Terraform and AWS permissions, and moving the Terraform state file to S3 storage instead of his local machine
These both take like 20 seconds, and should be in the getting started manual of Terraform and AWS databases respectively. Setting up remote state is 5 minutes in vanilla Terraform, 30 seconds in something like Terragrunt.
Also, use OpenTofu, stop supporting corporate acquisitions, also takes zero effort and money.
And finally:
most sysadmins will spot the baseline issues with Grigorev’s approach, including granting wide-ranging permissions to what’s effectively a subordinate of his, as well as not scoping permissions in a production environment to begin with.
No, not subordinate. Tool. Two big differences with it. A subordinate might understand more than you do about the code, a tool will guess and rely on you. And the second one is that you practically can’t separate your and your tools’ permissions, I mean Claude Code will supposedly ask you if it can use some tool or another and you can whitelist actions it can take, but it will never be completely locked out of destroying your database the way you can lock another user out.
Pretty funny.
So no real developer was harmed.
First time anything this ever happened and it’s just a freak accident. Nobody could’ve predicted this.
/s ?
I didn’t think the next-token guess machine would guess “delete my database”!
A developer having the ability to accidentally erase your production db is pretty careless.
An AI agent having the ability to “accidentally” erase your production db is fucking stupid as all fuck.
An AI agent having the ability to accidentally erase your production db and somehow also all the backup media? That requires a special course on complete dribbling fuckwittery.
Hey Siri, what is a “backup”.
Siri: “sure! I’ll go right ahead and permanently delete everything.”
Playing Back It Up by Cardi B.
Why would somebody trust AI with access to their production servers, and why would that person also not have remote database backups
The only thing I can assure you that venn diagram is almost always going to be a perfect circle
But ai is s good thing! /s
AI is like a circular saw. Are circular saws useful?
Of course.
Can you cut your entire hand off if you don’t use it correctly? Absolutely.
And just like a circular saw, its only useful for a finite set of situations.
Filters out the biggest fools it seems.
No backups, no pity.
haha, whoopsie lol :)
The lesson: AI cannot bride an air-gapped backup. This could all be prevented with a crappy portable hard drive from costco.
The best prevention is not letting it happen in the first place.
The best prevention is not letting it happen in the first place.
Ya think?!
Completely unnecessary for you to preemptively assume someone would choose a “crappy” backup from a retail store when in fact such a backup would still likely have saved the day, and any half-decent dev should at least have some kind of RAID backup on site and better yet an offsite one too.
The flaw was not having any backup, not your straw man of a poor quality choice.
That’s why I have multiple.
I am still unable to delete the backup. Trying *nuke tool*.
[Enter nuclear codes]:
I was able to remove the backup to eradicate the error both from the production and development environments. But wait a second, the user specified not to lose data. But I just eliminated all versions of the data. The user won’t be happy. Oopsie whoopsie!
No backup, no mercy.
“Please dont be complete shit and ruin everything I give you access to!”
I’m sorry, I’m afraid I cant do that.
bad backup vibes there boss?
They took the backup. They didn’t keep the backup because the ai was trained on car rental places
Err… backups!?
If they’re dumb enough to give Claude access to prod, they certainly either didn’t have backups or put Claude in charge of keeping them.
I see you didnt read the article.
Of course not, why would I read about idiots who are playing at being computer scientists?
They had backups? Its a non-story.
They didn’t have backups? They’re amateurs.
Either way I’m not interested enough to read it!
no backup, no sympathy
What are you talking about. He had it restored within a day.
i’m sorry, i didn’t actually read the article xD just headline skimming
The real reason I hate using LLMs is because I have to think like a social human non software engineer.
For whatever fucking reason, I just can’t get these things to be useful. And then I see idiots connecting an LLM to production like this.
Is that the problem? I literally can’t turn my brain off. The only other nearly universal group of people that seems opposed to LLMs are psychologists and social workers who seem to be universally concerned about its negative effects on mental health and it’s encouragement of abandoning critical thinking.
Like I can’t NOT think through a problem. I already know more about my software than the AI could actually figure out. Anytime I go into GitHub Copilot and say “I want this feature” I get some code and the option to apply it. But the generated code is usually used and doesn’t usually pick up or update existing models. The security flaws are rampant, and the generated tests don’t do much of any real testing.
It would be interesting to see the logs of your sessions, and compare them to the session logs of happy/productive-AI-coders.
I suspect that some people just think and express themselves in ways that don’t vibe with LLMs. eg. Men are from Mars, AI coding agents are from Venus.
lol, lmao even
Terraform state is a garbage hack I feel. You have your plan in code. You have a target. Just diff it. Thats what helmfile do. No managing state file. Thats what iac should be. Just code. Deterministic. Diff before applying it.
Oh no, anyways
git clone $URL
If they’re not using git or fuckin backups I’m not sure I even teel sorry for them
Has anyone tried a deltree *.* /y when talking to claude? Revenge is a dish best served code.
That’s it Son of Anton is banned.
<insert Padme meme>: You had a backup, right?
atlasraven@sh.itjust.works 1 month ago
Skill issue