Year old startup overloaded GitHub – Incident report
32 comments
·January 10, 2025diggan
mschuster91
> Writing it like that looks like you're pushing the blame on your downtime/outage to GitHub, like they're responsible for your application be up, instead of taking full responsibility for it.
Well, they did what they were supposed to - they explicitly asked Github what they were up to, Github gave an explicit "we're ok with this, go ahead", and once Github sees that, whoops, it's causing errors they don't even bother to check if there are support tickets open with the customer, they just go and disable their access.
diggan
But that's true for any 3rd party you'd depend on. Everything will work until it doesn't. Doesn't mean you're less responsible for your project being down.
A title like "GitHub caused our outage" would still make it clear the downtime wasn't the direct action of anyone on the team, yet still take responsibility over that it happened. Instead, labeling it "Incident report for the GitHub outage" just seems like straight up blaming someone else.
Mathnerd314
Well, Github explicitly took responsibility. The first action Github did once Lovable reached out for support was "reinstate our app and apologize for the issues it caused us and our users."
And no, you are not responsible for every 3rd party service you use. Some services are unavoidable, some services are just nice-to-have, but if you can't trust a service to perform its advertised function, it is the service's fault.
arccy
sounds like a pretty sane thing to do: github protects the majority of their customers from instability caused by a few.
unless you're a super important partner, the people on call might never have heard of your little app and just decide that it's the only safe thing to do to protect the reliability of the system.
aimazon
Many mistakes were made by Lovable that they could be berated for but on a more positive note, there is a lesson for us all: if you're doing something that you're worried about being problematic (e.g: creating a large volume of GitHub repositories) reaching out is a good thing but it is important to understand who you are reaching out to. GitHub is a huge organization, front-line support is not likely to have intimate knowledge of how exactly the acceptable usage policy is enforced nor the permission to make agreements. The key when reaching out is to find someone who has authority on the subject. Ideally, GitHub's front-line support would have escalated to the appropriate person/team but that isn't always possible (maybe they don't know who, maybe they're having a bad day and forgot). If the answer you get seems too convenient, it is probably not correct.
chrisgd
If I reach out and they can’t direct me to the right solution, that doesn’t seem like something I need to continue to solve for them. Seems too onerous.
temp8388344
The same user who posted this (Henrik501) also posted a comment two days ago (their only HN comment so far) praising the Lovable team for their incident response:
https://news.ycombinator.com/item?id=42646297
And now this post with an exaggerated title. Seems like they're shilling and trying to make Lovable sound like a product with such huge traction that it "even brought Github down". They keep making outlandish claims on social media too, like reaching $4m ARR in 5 weeks etc. This company is very suspicious.
hiatus
The same username on Github follows only one person, Niklas Vatn, who appears to be a lovable employee. https://github.com/Henrik501?tab=following
Looking more into it, Henrik Westerlund works on "growth" at lovable (via LinkedIn) and posted Lovable to Product Hunt https://www.producthunt.com/@henrik_westerlund. So it appears they are shilling.
temp8388344
Pathetic company built on lies and shady "growth hacks"
kgeist
>praising the Lovable team for their incident response
For 8 hours, no one is aware the service is down. It then takes ~3 more days to fix it. One of their first decisions is to 'make as much noise as possible on social media' (?), and every step seems to create additional problems (corrupt repos etc.) Nothing appears to be well thought out, the blog post reads like they weren't ready for this at all, panicked and chaotic decisions without understanding the tech stack on a deeper level (race conditions, rate limits etc.) Not a lot of confidence in the team behind a project that looks like nothing more than a glue between an LLM and a storage backend.
elicksaur
Title is misleading. Clicked thinking this startup caused a GitHub outage.
Getting a flag like this hardly “overloaded” anything. Alerts for these things usually trigger well below any actual risk to the system.
qeternity
I don't really understand how a well funded startup like this, with something that is relatively trivial, yet critical to their product, decided to just shove it into GitHub.
remram
Their product is the creation of Git repos. Putting it on the platform their customers want to use makes a lot of sense.
They probably should have had a backup location from day 2 though, I agree. If nothing else, in case of a GitHub outage.
diggan
> Their product is the creation of Git repos. Putting it on the platform their customers want to use makes a lot of sense.
Maybe I read the landing page very wrong, but it seems to be a "app building toolkit" of some sorts? Not just "creation of git repos".
They could have made the GitHub repository creation happen when the user does some action, instead of at the stage of "create app" which probably every single user does at least once, even people with no intention of actually building apps.
Or better yet, offer their own viewer for Git repositories they themselves host. It's not overly difficult, and the `git` CLI tools even ship with a web UI you can take inspiration from.
d3nj4l
If you want a GitHub like UI Forgejo is FOSS too.
qeternity
If you read the post-mortem, you will see that this has nothing to do with the platform their customers want to use, and everything to do with creating repos internally for their own organization.
Their product has change tracking which is clearly powered by git repos on GitHub.
So again, I ask, for something that is a SPOF, why rely on a third party?
cratermoon
What value does Lovable's product add, then?
Kwpolska
It doesn’t add value. It fills them with LLM-generated code.
happytoexplain
I see this sentence a lot:
"How can somebody who does X just do Y?", implying that Y is somehow bad or wrong in the context of X, or contrasts with the experience level implied by X.
Maybe it's true of the subject. Maybe they should have known better. But I think it's beneficial to take a step back and view it from the perspective of readers: Many people - even people familiar with X and Y - may have no idea why Y is bad in the given context, or, more relevantly, why this should be obvious, as you imply by using the word "just". I think there's a lot of benefit to be gained by trying to observe yourself, and notice when you are writing in this style, and add more context.
diggan
Honestly, doesn't surprise me much. Homebrew, the most popular package manager/repository for macOS, basically lives on GitHub and bases everything on top of it. Over the years, I think there been times when they've actually brought down GitHub (or close to at least).
Most folks seem fine with it, at least it still lives on like normal as far as I know. I think engineering principles flew out the window a long time ago, all people care about now is shipping as fast as they possibly can.
V__
Besides the outage, isn't it kind of an insane setup to use GitHub to store every clients' project, especially with 10k new repos every day?
rikafurude21
git is not github, and its kind of funny that the best these guys could come up with for storing git repos of text files was using github. any competent dev could come up with a solution in an afternoon. using github at all tells you quite a bit
CamouflagedKiwi
315,000 repositories + 10,000 per day? They were obviously correctly concerned this wouldn't be able to go on forever, hence the pre-emptive email, and of course they got the response saying it was okay, but I really feel like this is the kind of thing that's too dangerous to leave your company sitting on because sooner or later they were going to be told "no". It feels too much like it's found a point of arbitrage in Github's ToS, and indeed ended up causing problems.
I suppose they did respond pretty fast, but if I were them I'd have liked to have had the S3 option in my back pocket earlier. Maybe I'm just being too risk-averse here...
Kwpolska
The title ("Year old startup overloaded GitHub – Incident report") is a misrepresentation. A coding-LLM-as-a-service startup got banned by GitHub for abusing it by creating thousands of repositories.
null
gnabgib
Discussion yesterday (14 points, 8 comments) https://news.ycombinator.com/item?id=42645887
koreanguy
[dead]
Why is the title of the post-mortem "GitHub Outage"? It makes it sound like Lovable somehow brought down GitHub, when in reality it seems like they were rate-limited by GitHub for creating lots of repositories, then got their GitHub App completely blocked for breaching the Terms of Service.
> Incident report for the GitHub outage on January 2-3, 2025
Writing it like that looks like you're pushing the blame on your downtime/outage to GitHub, like they're responsible for your application to be up, instead of taking full responsibility for it.