Firstly, my apologies for the minute and a bit of echo at the start of this video, OBS had somehow magically decided to start recording both the primary mic and the one built into my camera. Easy fix, moving on…
During the livestream, I was perplexed as to why the HIBP DB was suddenly maxing out. Turns out that this aligned with dropping a constraint on the table of domains which appears to have caused the table to reindex and massively slow down the queries for breached email addresses. Further, we simultaneously started having problems related to MAXDOP (the maximum degree of parallelism for the stored procedure running the query), which was only resolved after we forced it to not run on multiple CPUs by setting it to 1 (weirdly, 2 is also fine but 3 or higher completely killed perf). Fun times, running a service like this.
References
- Sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device.
- The Internet Archive’s Zendesk was accessed and replies sent to a bunch of tickets (it’s just gone from bad to bad for them, and still no disclosure to individuals…)
- Basically everyone thinks unauthorised access should result in breach notifications being sent to impact individuals (I mean, it’s a predictable outcome, but there were still some wacky arguments against it)
- I’m feeling pretty damn exasperated about the lack of breach disclosure lately (multiple incidents this year have included my own personal data, and I’m pissed)