> Railway owns our vendor choices, and we ultimately own this one. Your customers don't care whether the failure was Google or Railway; they see your product. Your uptime is our responsibility, and we'll keep delivering on it.

This is an excellent closing statement.

sschueller•about 11 hours ago

It should be possible to sue Google for damages in such cases. This isnt a network outage or service failure which I would consider part of ToS.

VladVladikoff•about 8 hours ago

What if the reason for their stuff being shut down was a payment issue like an expired credit card or maxed credit account? Unless I missed it skim reading their post I don’t see any information anywhere about their communications with Google.

bastawhiz•about 5 hours ago

If you have an account manager and a contract, there's zero excuse for automated suspension. That's literally the whole point of having a dedicated person. From the report:

> May 19, 22:22 UTC - P0 ticket filed with Google Cloud. Railway's GCP account manager engaged directly.

Cthulhu_•about 7 hours ago

It's always possible to sue, but Google has good terms of service and lawyers - I'm 99% confident that a lawsuit would end up nowhere.

bastawhiz•about 5 hours ago

They have every right to sue, and if they did sue they almost certainly would win. This is clear breach of contract. The only argument Google could make is "they did something to violate our agreement" but they'd have to prove that, and then have a damn good explanation for why they were in the right to suspend the account without any outreach. Unless Railway did something egregious, Google clearly made an error.

But that's not what will happen. Google will offer an apology (perhaps even a public one), a giant pile of account credit, and a pinky promise not to do it again. Railway will accept it and hmmm and haw internally about whether to decrease their reliance on GCP, and then when they calculate the cost of going in on other clouds more heavily (or their own metal), they'll just think harder about weird failure modes.

redwood•about 7 hours ago

I can assure you that Google will be giving them significant commercial incentives as an apology for this behind the scene

quentindanjou•about 11 hours ago

Railway say the incident is resolved but many are still down (returning 502): on our side, we had to manually trigger a redeploy to fix it but I believe it should have been triggered automatically by Railway and I can't understand how they can mark this as resolved while many are still down.

In total, down for >11 hours on our side.

tardwrangler•about 16 hours ago

Everyone is eager to point a finger at Google, but I've been a user of Railway for a while now, and I've seen enough nonsense to want to hear what GCP has to say about this before drawing any conclusions. Let's just say Railway has had problems like this before, and the way their team handles them does not inspire any confidence.

Regardless of how it happened, for me, this is the straw that broke the camel's back.

puppymaster•about 15 hours ago

another ditto from me, albeit anecdotal again. Railway dev teams play fast and loose with sprinkles of vibe coding everywhere on top. There's 'oops yea bear with us we are still a startup' and then there's railway.

swyx•about 14 hours ago

i mean even google and aws are not without sin on this one. maybe wait for an RCA before punching someone who is currently down. theres a reason classy people do "hugops" when a competitor goes down, regardless of reputation.

1dom•about 14 hours ago

Personally, I don't see this as people punching someone who's down. This is the sort of real life experience and necessary context from actual technical users that I come to HN comments for.

Someone is just asking to get Google's side and explaining why they want that, which seems reasonable since we're in a post where Google is being punched/blamed for this, and it sounds like it isn't Railways first questionable outage.

locknitpicker•about 15 hours ago

> Let's just say Railway has had problems like this before, and the way their team handles them does not inspire any confidence.

This. It's very odd that in other threads we see a bunch of accounts heavily invested in criticizing a cloud provider, but what's conspicuously absent from this wave of indignation is any curiosity in the root cause, or even any interest in exploring what it might have been. Quite odd.

gizzlon•about 15 hours ago

Agreed, I'm very curious as to how this could happen.

But TheRegister did reach out to Google and they have not replied yet: https://www.theregister.com/off-prem/2026/05/20/google-cloud...

locknitpicker•about 10 hours ago

> But TheRegister did reach out to Google and they have not replied yet

That is exactly what GCP should do: not comment on a customer's issues. Even when it's due to abuse from a customer, which might even be the case.

maipen•about 12 hours ago

Two years ago I needed their support and they were so toxic that I just moved to vercel and told them to f off. But I wanted something similar for other services and then I found coolify. There’s absolutely no reason to use railway when you can use coolify.

pbronez•about 9 hours ago

Yeah I’m planning a similar transition for my personal infrastructure. Railway is super easy to get started with, dashboard and logs features are nice, but I’ve just lost confidence in it.

prathamtharwani•about 16 hours ago

Could you point us to any specific past instances? I'd be interested to read about them.

jeffreyq•about 15 hours ago

https://blog.railway.com/p/incident-report-february-11-2026

x0x0•about 12 hours ago

"we did not have the monitoring or controls to prevent our anti-fraud from hard killing 3% of workloads, including many instances of pg"

Oof.

theobr•about 12 hours ago

I got details I shouldn't have. I can confidently say this one's 100% on Google, and I will be disappointed if Railway is unable to share more. There is literally nothing they could have done to prevent this aside from avoiding GCP entirely.

blensor•about 9 hours ago

I saw your youtube video, and while I am generally a fan of the small guy against big corps, this was a bit much with all the "I am so afraid to say something but I have to" talk.

So I will hold my judgement until this has been disected a bit more

pratio•about 8 hours ago

For those who come after me, curious about the video, here it is.

https://x.com/theo/status/2056946993407369300

https://xcancel.com/theo/status/2056946993407369300

Couldn't find it on yt.

Either way, I agree with blensor here, there's no new info on the railway incident itself but mostly about google's direction towards antigravity.

About the author of the video mentioning that he's scared, unfortunately, that has always been the case with Journalism/columnists etc, speaking ill of the platform which you use to sell your wares tends to backfire. Wish him all the luck

rs_rs_rs_rs_rs•about 14 hours ago

>I've seen enough nonsense to want to hear what GCP has to say about this before drawing any conclusions

Sure but not even a warning before shutting down their account?

DannyBee•about 7 hours ago

According to the timeline the account was suspended for 18 minutes total. That is fast enough that it could have simply been a bug in a Google rollout or something that made something think it was suspended when it wasn’t really.

If it was actually suspended the yeah it’s weird not to get an email.

egorfine•about 13 hours ago

First time?

It's google, come on.

dangoodmanUT•about 19 hours ago

It has been 0 days since GCP has taken down a startup (again).

You see this at least once a year. Never heard of this from AWS or Azure.

In all seriousness, this is why we don't use them. They have the most ergonomic cloud of the big three, then absolutely murder it by having this kind of reputation.

somewhatgoated•about 18 hours ago

On the other hand i can’t remember when there was a serious outage on GCP, unlike AWS/Azure who seem to go down catastrophically a couple of times per year.

abofh•about 18 hours ago

I've been in AWS for almost twenty years at this point. It's been a long time since I've seen a global outage of the data plane on anything. The control plane, especially the US-east-1 services? Yes - but if you're off of east-1, your outages are measured in missile strikes, not botched deployments.

andreareina•about 17 hours ago

Didn't the latest outage affect people not on us-east-1 because internal aws services depend on us-east-1?

shrikant•about 9 hours ago

I can easily remember a few multi-hour AWS incidents from the last few years, since I've had to handle the resulting fires at my various employers at those times. Not sure how you missed these, or do they not count as "global outages" for some reason?

December 2021: https://www.cloudcomputing-news.net/news/aws-outage-takes-do...

June 2023: https://newsletter.pragmaticengineer.com/p/the-scoop-52

October 2025: https://www.cnbc.com/2025/10/20/amazon-web-services-outage-t...

Each of these were massive outages impacting very large services across the web.

adamtaylor_13•about 17 hours ago

Perhaps you don't notice GCP outages because so few companies rely on them?

koito17•about 14 hours ago

There is a mobile game I know of that had an outage as a result of a GCP service outage. That is the only time I've noticed GCP outages.

With that said, I would not say few companies rely on GCP. Search for "GCP" in this month's HN hiring thread. There are 23 hits, more than Azure's 21. AWS has 90 hits, which I guess shows its sheer dominance in the startup space. But these figures more or less agree with my intuition of the major clouds being AWS/GCP/Azure.

somewhatgoated•about 7 hours ago

We rely on them so I would have definitely noticed. Even a couple of minutes and our customers would freak out…

locknitpicker•about 15 hours ago

> Perhaps you don't notice GCP outages because so few companies rely on them?

GCP is the world's third largest cloud provider, and has around half of AWS' market share. Claiming no one uses it reads like Yogi Berra's "no one goes there anymore, it's too crowded".

fragmede•about 17 hours ago

GCP has a lot of customers. But you wouldn't know the companies that do, unless you worked there and wanted to leak it, or it publicly comes out. Eg it's been publicly acknowledged that Apple uses GCP for iCloud, https://www.cnbc.com/amp/2018/02/26/apple-confirms-it-uses-g... , and Home Depot is another that's used as a case study, https://cloud.google.com/customers/the-home-depot but most customers don't want to make a big deal about being on GCP as it's none of our business who's hosting them.

VirusNewbie•about 15 hours ago

Spotify, Ebay, Paypal, Apple, Walmart, Uber are huge users. Lots of other big named companies are big users that I don't think are public.

Then there's Anthropic...huge user.

pixl97•about 18 hours ago

GCP never goes down because they banned all their customers.

somewhatgoated•about 7 hours ago

A funny meme but just untrue

plandis•about 18 hours ago

GCP has had outages. From a quick search it looks like they had a global outage less than a year ago:

https://status.cloud.google.com/incidents/ow5i3PPK96RduMcb1S...

JoRyGu•about 18 hours ago

AWS goes down catastrophically but are back up in minutes/hours most of the time (as long as they aren't down because Iran blew up their data center). That's obviously REALLY bad for certain industries, but I suspect for the vast majority of their customers it's not a big deal. We've been able to isolate the damage almost every time just by having AZ failover in place and avoiding us-east-1 where we can.

graemep•about 13 hours ago

Failover is supposed to protect you every time, unless something really exceptional happens.

While its possible to to isolate the effects, judging by how many things stop working when there is an AWS failure a lot of people fail to do that. I think the shit of responsibility to AWS removes the incentive to put effort into resilience against AWS failure.

ajross•about 16 hours ago

> AWS goes down catastrophically but are back up in minutes/hours most of the time

The outage in the linked article appears to have been resolved in 4-5 hours.

corpoposter•about 18 hours ago

IIRC the Paris datacenter flood took down a whole “region” and some data was permanently unrecoverable.

nemothekid•about 17 hours ago

>On the other hand i can’t remember when there was a serious outage on GCP

They had a really bad global outage a year ago. At least with AWS outages are contained to a single region.

onion2k•about 14 hours ago

You can't have 100% uptime. It's unfeasible, especially for a startup. You should be telling your customers that downtime might happen, sometimes for reasons beyond your control, and that if it does then you'll do your best to recover and to compensate them for the inconvenience. You should cultivate a relationship with your early customers that makes them feel bad for you when there's an outage rather than angry about how it impacts them. Maybe even go as far as firing the customers who give you a hard time over it. That way if your cloud provider falls over it's really annoying but not a big deal.

Your cloud provider blocking your business from running is far worse.

mlhpdx•about 14 hours ago

None of the AWS “outages” have impacted us. They have either been regional, in which case we stand down the region (we run multiple hot regions), or didn’t involve things we need to maintain operation.

I can’t imagine AWS ever doing such a cascading delete. I mean, they have made deletion protection a difficult thing to ignore even for individual resources.

blobbers•about 18 hours ago

Unfortunately, if everyone goes down people are understanding. If just _you_ go down, then its oddly less forgiveable.

manyatoms•about 17 hours ago

How is blackhole-ing a customer not considered an outage?

Izikiel43•about 17 hours ago

I still remember the one where they nuked all the storage of I think an Australian insurance company I think, luckily the it department had done a multi cloud setup for backups

Barbing•about 16 hours ago

  Google Cloud accidentally deletes $125 billion Australian pension fund - May 2024

https://www.business-standard.com/world-news/google-cloud-ac...

devmor•about 18 hours ago

There was a pretty bad one last summer - their IAM system got a bad update and it broke almost all GCP services for an hour or so, since every authenticated API call reaches out to IAM.

It had lasting effects for us for a little over 3 hours.

danesparza•about 18 hours ago

You can read the parent post, right?

overfeed•about 18 hours ago

> Never heard of this from AWS or Azure.

AWS does it more efficiently; it takes down many startups at a time when us-east-1 goes down.

stingraycharles•about 18 hours ago

That’s an entirely different type of problem, and avoidable by just using us-east-2 (I still don’t understand why people default to us-east-1 unless they require some highly specific services).

aloha2436•about 17 hours ago

Is it that easily avoidable? A lot of AWS's control plane seems to have dependencies on us-east-1, or at least that's what it's looked like as a non-us-east-1 user during recent outages.

MattGaiser•about 18 hours ago

Sympathy. Railway is going to have numerous people blaming them for this outage. When us-east-1 fails, it is headline news, so you are not to blame.

xavdid•about 17 hours ago

If my cloud provider brings my startup down, it's my problem. If they bring all the startups down, that's their problem.

yandie•about 17 hours ago

During my 5 years of my startup, we had only 1 outage due to AWS because we picked us-west-2 as the primary reason. If anyone starting a company and picks us-east-1 as the primary reason, they should be fired. There's absolutely no reason to be in that region.

tempest_•about 17 hours ago

Why do people want to be in that region? Is it the default or something?

I know some workloads help to be colocated but all these places are connected by fiber and every cloud has a worldwide CDN it seems.

mgfist•about 17 hours ago

And we all celebrate it since we can't do any work

Spooky23•about 17 hours ago

https://en.wikipedia.org/wiki/Timeline_of_Amazon_Web_Service...

Azure nerfed the front door of all Azure and O365 services last year.

All of these companies are great at what they did, and occasionally fuck up.

OsrsNeedsf2P•about 15 hours ago

AWS has throttled our service so badly that we couldn't operate. I was thinking of writing a blog post about how they stalled our growth for a month but it seems moot

rozap•about 18 hours ago

Yep, we also don't touch them for this same reason.

abrookewood•about 19 hours ago

Yep, agree 100%. Such a stupid move on their behalf.

jameson•about 19 hours ago

What was the reason GCP took down a startup previously?

__s•about 18 hours ago

hn.algolia.com gcp blocked

https://news.ycombinator.com/item?id=46731498 https://news.ycombinator.com/item?id=33360416

Then I recall https://news.ycombinator.com/item?id=45798827

https://news.ycombinator.com/item?id=33737577

jameson•about 15 hours ago

Wow... Just wow...

busterarm•about 18 hours ago

Hetzner and OVH also do this all the time.

It's AWS and Azure that are the outliers and tend not to care too much what their customers do with their infrastructure. AWS is perfectly fine with allowing me to run copies of 15 year old vulnerable AMIs copied from AMIs they've long since deprecated and removed. Even for removed features like NAT AMIs.

tjpnz•about 19 hours ago

AWS normally contacts you first.

kevin_nisbet•about 19 hours ago

Do they?

The only anecdotal thing I've seen is we hired a vendor to do a pentest a few years ago, and they setup some stuff in an AWS account and that account got totally yeeted out of existence by AWS if memory serves.

alchemism•about 19 hours ago

I’m fairly certain you are supposed to contact any vendor before attempting to penetrate hosts with authorization, not the other way around.

dannyw•about 18 hours ago

You should not be conducting unauthorized penetration tests against third party infrastructure providers without permission. They have processes and systems and usually just wants a heads up of what you plan to test and t the duration / timestamps.

Cuz otherwise you look like a threat actor.

That’s assuming your vendor was pentesting AWS systems. If you meant you hired a vendor to pentest your own systems on AWS, that’s of course a totally different matter.

mixdup•about 18 hours ago

Responding to an unknown security tester like that is a selling point, not a cautionary tale

raverbashing•about 11 hours ago

If a vendor doesn't know the basics about pentesting open infra and can't be bothered to look up terms of use sounds like they know ssh-it about fsck

cherioo•about 19 hours ago

They better do. What is google doing?

Gigachad•about 19 hours ago

It's all AI powered

valgaze•about 17 hours ago

May 2024 UniSuper incident: https://cloud.google.com/blog/products/infrastructure/detail...

https://www.unisuper.com.au/about-us/media-centre/2024/a-joi...

A joint statement from UniSuper CEO Peter Chun and Google Cloud CEO Thomas Kurian

8 May 2024

UniSuper and Google Cloud understand the disruption to services experienced by members has been extremely frustrating and disappointing. We extend our sincere apologies to all members.

While supporting UniSuper to bring its systems back online, Google Cloud has been conducting a root cause analysis.

Thomas Kurian has confirmed that the disruption arose from an unprecedented sequence of events, where an inadvertent misconfiguration during provisioning of UniSuper’s Private Cloud services ultimately resulted in the deletion of UniSuper’s Private Cloud subscription.

This is described as an isolated, “one-of-a-kind occurrence” that has never before occurred with any Google Cloud client globally. This should not have happened. Google Cloud has identified the sequence of events and taken measures to ensure it does not happen again.

Why did the outage last so long?

UniSuper had duplication across two geographies as protection against outages and data loss. However, the deletion of the Private Cloud subscription triggered deletion across both geographies.

Restoring the Private Cloud required significant coordination and effort between UniSuper and Google Cloud, including recovery of hundreds of virtual machines, databases, and applications.

dantiberian•about 16 hours ago

I wrote about the UniSuper issue at the time: https://danielcompton.net/google-cloud-unisuper. It was a pretty nasty bug where their VMWare environment was created with a one-year expiry date, but was one "resource" from the perspective of Google Cloud.

suttontom•about 15 hours ago

"UniSuper’s production Google Cloud VMware Engine (GCVE) private cloud was automatically deleted one year after it’s creation due to a misconfiguration in how it was created. When it was created, there was a bug in the creation script which passed a null value."

That's pretty amazing. Not due to a cascading failure from someone changing a config deep inside of a system that caused a bunch of unintended effects, just someone who messed up writing a shell script?

GoblinSlayer•about 14 hours ago

Probably javascript. Shell scripts don't have null values.

IshKebab•about 14 hours ago

This is why you never use shell scripts for non-interactive tasks.

raverbashing•about 15 hours ago

Creating stuff with 1yr (implicit) expiry by default is just a delayed footgun tbh

onion2k•about 14 hours ago

That's one footgun, but then pushing that into production and actually deleting things rather than queuing them to be deleted later after a sanity check until the system is stable, and not informing users that the 1 year policy existing, (probably) not documenting that the expiry exists, not testing 'what happens if we pass in null?', etc are a whole series of mistakes.

This was less "Oh look, a rare edge case that was easy to miss!" and more "We don't bother putting guardrails into critical systems. Oops!"

karlkloss•about 15 hours ago

"deletion of the Private Cloud subscription triggered deletion across both geographies"

It's called single point of failure, and it's the nightmare of everyone who was ever in charge of safety.

kvakvs•about 17 hours ago

The instant cascading worldwide deletion upon closing or deleting a subscription sounds like a recipe for disaster. Why not mark it for deletion and delete say... a day or a week later?

shye•about 17 hours ago

From personal experience, as a customer who once did something stupid: Google Cloud does soft deletes. But you need to reach out to support fast enough. And really, if you deleted something important and discovered it only the next day, and not within minutes, you're having a bigger issue that a soft delete won't solve.

chillfox•about 13 hours ago

What kind of shitty soft delete can’t be undone a few weeks after?

Weekends and public holidays are a thing, plus it’s quite common for companies to shut down for 2 weeks over Christmas.

There’s a lot of opportunity for mistakes or malicious actions to happen at times that won’t be discovered for a while.

manapause•about 17 hours ago

It’s a good question. That said unless there are compliance or fallback concerns i would prefer a service that burns my data on departure.

raverbashing•about 15 hours ago

No, that's the naive view

Because in case of a compromise/unauthorized access that's exactly what you don't want to happen

modernpacifist•about 17 hours ago

Either mark-for-delete has the same impact as deleting in terms of shooting all the Cloud resources associated with the subscription, at which point the outage still happens but maybe the recovery is smoother or you've just delayed the inevitable by a week because no one will look at it unless there is actual impact.

jeremyjh•about 15 hours ago

You just turn it all off. So yes, the disruption is the same but restoral is much smoother. Much easier said than done - that has be baked into every service and there would certainly be a cost from it that would have to be passed along to everyone.

locknitpicker•about 15 hours ago

> The instant cascading worldwide deletion upon closing or deleting a subscription sounds like a recipe for disaster.

I don't agree. What do you expect to happen when you explicitly delete your user account? Do you expect your systems to remain in operation for a week? That itself would be a major risk and liability, as your whole infrastructure would still be up even though you cut your access to it.

Also, isn't your whole infrastructure expected to be automatically deployed with IaC? The notable exception is data, which is already soft deleted and recoverable through customer support.

All in all, where do you expect the customer's responsibility to end and the cloud provider's to start? The shared responsibility model is covered by any intro course in no uncertain terms.

binarycleric•about 19 hours ago

How the heck do these things happen, especially with companies with huge monthly spend? At my last job we had some suspicious workloads running on AWS and our TAM reached out to us before taking any action. Who wants to bet this was some AI automation gone wrong and because GCP seems to be allergic to actually contacting a human to get a response, this just sits in some support queue that outsourced workers look at after a few hours just to give a canned response?

garciasn•about 19 hours ago

Nothing surprises me with anything related to support on GCP. While we absolutely do not need them, I have been through no less than 12 different Account Executives over the last 6y and they're all ENTIRELY and COMPLETELY useless.

They all introduce themselves, beg me to setup a meeting w/them and some sort of engineering resource(s), and they come to a meeting with a canned slide deck that is so absurdly unrelated to us that I just laugh, and then the next time I hear from them it's because we have a new AE.

This is my most recent reply (right after Next '26):

> I really appreciate you reaching out; however, we have met with, I dunno at this point, more than a dozen GCP Account reps, execs, technical teams, etc over the years and there's little to no value for us or you, now or in the future. Please do feel free to invest your time on your other clients. We're good; truly.

I love GCP and its services; we have been very pleased with it over the years, but the human side of it? Fucking sucks and I just don't see why they even bother.

throwaway041207•about 16 hours ago

This is actually kind of validating. I work for a company that spends almost 1mm a year on GCP. We've never had an actual support contract with them because the numbers work out to, at a minimum, being 10% of our spend. We've yet to encounter a situation where we actually needed GCP support, so we've held off. In the moments where we'd like to get some support (mostly around datastore behavior) we've managed to work around it or figure it out ourselves. So it's good to know we haven't missed out on much. Beyond the offensive aspect of GCP offering no support if we aren't willing to cough up a non-trivial percentage of our spend, I'm pretty happy with it.

OptionOfT•about 19 hours ago

It's because they're measured on something, unsure which metric, but it's definitely not how helpful they are to you.

YuriNiyazov•about 18 hours ago

Don't know about GCP, but our AE on AWS was also continuously rotating, and as best I can tell, their job was to figure out what we are planning to build, and to ensure that we should always use <INSERT AWS SERVICE DU JOUR> for that, rather than a competitor product or build it ourselves.

dylanpyle•about 18 hours ago

For what it's worth - I'm not sure what the criteria is (I assume we're "medium sized / not a big upsell opportunity"?) - our GCP rep quickly pushed us to switching to using a GCP reseller. They took over our billing so that we can pay via ACH, and provide both free first-line support/escalation and paid engagements for bigger projects; they don't charge a premium on top, apparently Google pays them for supporting us. Hasn't made much of a difference in how we operate, but at least we have a direct-ish line for issues when they come up.

shye•about 17 hours ago

That's exactly why I'm less pleased with GCP: to trust a CSP (or any service), I need to be assured that when (not if) things go wrong, I could escalate to a team that would have my back.

idontwantthis•about 18 hours ago

It doesn’t worry you enough that someday you could have a serious problem and they wouldn’t be able to help you?

garciasn•about 18 hours ago

On the list of things that worry me the most about our company's stuff, an issue I cannot solve w/o help from a human at GCP is around #900000042.

ndneighbor•about 18 hours ago

huh- I guess there are two HN submissions with meaningful replies...

I said this in the other thread, we got access to our account back, but even with a Account Rep. and a CSM on our account- it still took them a while to figure out what was going on.

I'm sure it could have been worse if we didn't have a rep on our account.

guluarte•about 19 hours ago

It's Google. They let you use their services, but the moment you don't fit the norm, they suspend you.

rajeshvar•about 17 hours ago

What does blocked mean? Is there a different post that I am missing? There is shared infrastructure in GCP for networking (ex-googler here) and if only railway is affected, then it is not clear if it is only GCP or if there is something from Railway's perspective that needs to be addressed.

Kwpolska•about 14 hours ago

https://station.railway.com/community/what-we-know-so-far-ma...

> Around 22:20 UTC, our Google Cloud account was placed into a "restricted" status hence removing all of our cloud overflow VMs, our CloudSQL instance, and our API.

tardedmeme•about 11 hours ago

It means they ban you. Cancel your account. No takesie backsies. Say bye bye to your revenue. This can happen at any time for any reason or no reason and it's amazing nobody's learned from all the other times it happened.

BitWiseVibe•about 19 hours ago

As someone who runs some public APIs, the amount of spam from Railway IPs is insane. They have horrible abuse prevention. Hopefully this encourages them to improve their operations.

nikcub•about 17 hours ago

This is the conflict at the center of running a hosting company - make it easy to signup and you get a lot of new users but also a lot of abuse.

Implement anti-abuse measures and you will hit some loud false positives (this may be the case with GCP here).

I don't envy anybody running a hosting co - the internet is a really ugly place under the surface.

edit: to add - AWS are really good here. Must be the ~30 years of retail fraud and abuse experience.

duckmysick•about 13 hours ago

Hetzner is famously aggressive with their KYC (Know Your Customer) requirements, often locking new sign-ups and asking for photos of ID.

Damned if you do, damned if you don't.

bootsmann•about 14 hours ago

Is it really a false positive if railway lets people run abusive services on GCP and then GCP consequently shuts them down?

iloveplants•about 6 hours ago

the services are running on railways own servers, not gcp

edelbitter•about 16 hours ago

I continue to receive phishing via AWS pretending to be Amazon. And not even the Unicode-lookalike shenanigans that my spam filter refuses for excessive mixed scripts, no; literally claiming to be Amazon as in: the company that operates the relay.

swyx•about 14 hours ago

i wonder if DID or World (various ways of Proof of Human) can help solve this issue.

nikcub•about 10 hours ago

This just incentivizes market for bio-mules, which already exists with world[0] - where prices stay low because it was rolled out to low-income countries.

Then there's the platform game theory. If you adopt you add friction which reduces signups, and there will always be a competitor who would risk the 10x fraud increase in order to capture 100x the market. Railway has seen hyper-growth because it's so easy to run from, and is recommended by, coding agents[1].

The solutions are here already just not well implemented or understood - probabilistic fraud detection, resource limits, service and automation limits, standard gov identity verification as a signal, enterprise sales channels with human relationships, etc.

There are tradeoffs with each platform choice that just aren't well understood. Most users shop on price and DX and don't see the abuse infra or problem until it hits them.

Google and GCP have a problem where they completely cook users who get flagged in their automated fraud net (this isn't news - or shouldn't be)

[0] https://www.coindesk.com/policy/2023/05/24/black-market-for-...

[1] and the problems that come with providing that simple interface, like sometimes dropping prod

fjni•about 20 hours ago

Wait… railway runs on GCP? Didn’t they make a whole thing about not “building a cloud on top of another cloud?”

Or did they just mean that they’re not renting VPSs but only metal from the cloud provider?

In my mind I was so excited that there was another provider not just paying one of the hyperscalars but at a minimum colocating and owning more of their stack. https://blog.railway.com/p/heroku-walked-railway-run

miniman1337•about 20 hours ago

from the blog linked via Wayback Machine. "From Day 1, we had this notion at the forefront.

The other notion that we have intuited is that you can’t build a cloud on another cloud. We have devoted years of practice running our own metal (and playing well with other clouds) to make sure that Railway’s business, which invariably becomes your customer’s business, is as rock solid as possible."

dlcarrier•about 17 hours ago

I'm not familiar with Railway, so this might not make any sense, but it's possible they were using their own hardware but managing it with Google accounts. It's not uncommon for a company's offsite human-to-human communications to fail when there's a Google outage or ban, so it's not unexpected to have the same interference with human-to-machine or machine-to-machine communications.

MrDarcy•about 19 hours ago

That’s strange, when I interviewed with the founder a few years ago he told me they were on AWS wanting to move to firecracker.

eoswald•about 20 hours ago

Yep, and this is why I'm pissed. They lied. They're completely dependent on GCP. So, I gotta do some research, i need something a little more stable (and less dependent on one company's whims) than this. This is bad for them, because it really strikes at the heart of their 'big claim,' peacefull software deployments. This is chaos.

ndneighbor•about 19 hours ago

Yea, I mean, that's the whole MO of our platform and we failed at that. So yea, that's disappointing and more so for our customers.

I can provide an explanation about the GCP dependency. Yes, we have host workloads off GCP, and we have been able to build a good business by performing a cloud exit. However, we were worried that we would have a circular dependency on our own cloud. I don't think we expected to get auto-modded out of our own account, hence we left our DB on CloudSQL.

It was never our intent to deceive people that we didn't own our own destiny with our business. The last GCP issue, we were assured that this scenario wouldn't happen (when we got auto-ratelimited, which was bad, but survivable) - but it seems like we have further work to do. Apologies.

purduemike•about 18 hours ago

Why CloudSQL? why not AlloyDB for stability?

fontain•about 19 hours ago

I’m very sympathetic and understand that decisions are easy to criticize in hindsight but leaving your database in GCP while moving everything else to your own data centres seems so backwards I can’t even begin to imagine how that could happen. Was this really an intentional design decision?

chatmasta•about 18 hours ago

I thought Railway was building their own data centers? [0]

> The fact of the matter is, you simply cannot build a cloud on someone else’s cloud.

Indeed…

[0] https://blog.railway.com/p/launch-week-02-welcome

QuinnyPig•about 16 hours ago

Vercel seems to be pulling it off. So does PlanetScale, albeit for databases only. But everything’s a database.

ksajadi•about 15 hours ago

When you signup for Railway, they have uncommon way of making sure you have read and understood their T&C regarding abuse of their systems, including crypto mining, etc.

My guess is that many are abusing their free tier, causing them trouble with their service providers.

I take no joy in seeing Railway take a hit like this, even as a competitor, but free compute attracts all sorts of strange users. We've been there and decided early on to avoid free compute even it costs us our top of the funnel.

eoswald•about 20 hours ago

Sorry, I have a hard time blaming Google for this, when Railway seems to be having increasing trouble keeping the platform stable. Something like this should NOT take down an ENTIRE service. There should be a backup when literally your business is about being the reliable backend. This just seems like poor planning to me.

ryanisnan•about 20 hours ago

I don't quite know what you mean. Do you really expect Railway to use a multi-cloud architecture to host all of their client's projects? I suspect that would lead to a lower availability, all things considered.

eoswald•about 20 hours ago

Well, in the same token, is it smart to base your ENTIRE architecture on a single cloud architecture? Isn't that why some of us build in fallbacks for AWS-hosted services? I mean, their enitre platform, both public and private facing, is running on the same thing. One error, one problem, takes out the entire service.

irjustin•about 19 hours ago

Taking this at face value, this doesn't happen to AWS clients - at least I don't read about it here.

AWS may have data centers[0] go[1] down[2], but that's within expected bounds of standard ops.

[0] https://hooks.slack.com/services/TJ7HQS7FC/B0B5S7UTBJ4/PUHIC...

[1] https://www.aljazeera.com/news/2025/10/21/what-caused-amazon...

[2] https://netflixtechblog.com/lessons-netflix-learned-from-the...

impulser_•about 20 hours ago

They literally own their own data centers. That's whats surprising about this. They are lying to their customers when they say they operate their own data center because obviously they don't if everyone's apps are down with GCP blocking their account.

brookst•about 19 hours ago

Is it not possible that they own their own data center and have an unfortunate Google dependency?

Obviously a fiasco but I’m not prepared to call them liars when it could be an honest mistake.

ryanisnan•about 20 hours ago

Oh, I see what you mean. Eh, it's possibly the same reason that AWS essentially goes down when us-east-1 goes down.

cactusplant7374•about 20 hours ago

Disaster recovery is pretty expensive, right? Especially for their size.

UrbanNorminal•about 19 hours ago

Is google allergic to humans or something? Cannot they just send an email or call the company before taking a wrecking ball to the entire company's infra? Are they stupid?

BarryMilo•about 18 hours ago

Surely this is automated. They wouldn't waste precious dollars on employing humans just to keep other humans happy.

snypher•about 16 hours ago

It surprises me there's not a manual review for $$$$ accounts. Speculation at this stage, but it's weird they would be put in the Recycle Bin like that.

lateral_cloud•about 16 hours ago

Keep the pitchforks at bay for now. No one knows what actually happened yet and we are only seeing one side of this outage.

faangguyindia•about 21 hours ago

Google cloud also locked out a Korean Goverment Organization recently. The guy posted on GCP subreddit.

Google really need to improve their support team. It's strange such a big corp can't even afford to have proper support team.

danpalmer•about 20 hours ago

> It's strange such a big corp can't even afford to have proper support team

Railway say they are in touch with that support team.

shooker435•about 19 hours ago

god help them

danpalmer•about 14 hours ago

I had good experiences with their support, and bad experiences with AWS support. tldr: YMMV.

aranelsurion•about 10 hours ago

> support team

They must’ve upgraded them to Gemini 3.5 by now.

choilive•about 19 hours ago

Not strange, Google has never had a proper support team unless you are an "Enterprise" level customer.

benwoodward•about 19 hours ago

pretty sure their support team is a flaky ML model that is haplessly flagging random accounts

King-Aaron•about 20 hours ago

> It's strange such a big corp can't even afford to have proper support team

This seems to be by design.

ndneighbor•about 19 hours ago

We have a CSM, Head of Customer Support contact, and further contacts with GCP. Despite that, we still had this issue.

add-sub-mul-div•about 19 hours ago

Automating support, automating everything is the key to their whole deal. Tech giants leapfrogged the rest of the economy by innovating a company that can scale its customers without having to scale itself proportionally.

bearjaws•about 19 hours ago

I will never leverage GCP in an enterprise setting, it's honestly amazing how hard they fumble the bag. Will be interesting to see when GCP support started working with them, from the updates there was an hour and change from when they identified the issue and GCP support was confirmed.

In the cloud space it seems like AWS does nothing and wins.

brokenodo•about 18 hours ago

Well, as a 2 week tenured and very happy Railway customer until now, I am now a Render customer. Somehow DNS cut over within 1 min(!) and live after about 30 minutes of work. Not bad!

DrewADesign•about 18 hours ago

In my experience, DNS changes are a lot faster than they used to be. There’s some website that has a map that tries to resolve your domain with a bunch of name servers around the world that was pretty neat to look at last time I migrated something.

nbarbettini•about 17 hours ago

I became so conditioned to waiting hours(!) for DNS propagation that I'm always pleasantly surprised when it takes <5 min these days.

DrewADesign•about 7 hours ago

Yeah way back in the day I’d be used to waiting overnight

twostorytower•about 16 hours ago

I love pointing my name servers to Cloudflare so any DNS changes from that are practically instant.

swyx•about 14 hours ago

as with many things, we say we like decentralization but quietly vote for centralization

Avicebron•about 20 hours ago

Isn't Railway the "the API key to delete the backups is in the prod database, because that's where the backups live duh" guys?

trvz•about 14 hours ago

No, this is the company that failed those guys.

You should also read the story, as you're perpetuating a false version of it: https://x.com/lifeof_jer/status/2048103471019434248

codegeek•about 19 hours ago

This is bad. Even their own website is down at railway.com. Looks like total dependency on google cloud. Surprising for a company of their scale with all this VC money.

choilive•about 19 hours ago

They run a decent amount of their own compute/bare metal server for customer workloads. But likely still had some critical dependencies on GCP.

rmeara•about 15 hours ago

Google has a total dependency on it's own infra and does fine. Why do its customers need multicloud? Huge PITA unless you need an absurd number of 9s

cube00•about 16 hours ago

> Surprising for a company of their scale with all this VC money.

Not sure too many VCs would be cool with deep redundancy when there's more features to build to bring in more customers instead.

whh•about 19 hours ago

This could kill a startup. I really don't like Google's automated and silent account murder functionality.

MrDarcy•about 19 hours ago

There’s no way this was automated or silent.

The only reasonable explanation is Railway lost control of their estate and something was happening that warranted a group of humans to decide flipping the kill switch was the best of a set of bad alternatives.

macintux•about 19 hours ago

You’re giving Google far more credit than they’ve earned.

whh•about 11 hours ago

It's almost certainly one of those Android Store related checks or YouTube account checks. It's why it's best to disable login for the services you don't want your staff messing with on Google Workspace.

faangguyindia•about 18 hours ago

you can go on google cloud subreddit and watch horror stories

i actually built a good plan out of those horror stories for my companies.

throwaranay4933•about 21 hours ago

This screenshot from Discord suggests the idea that the outage is caused by automated GCP account ban: https://x.com/acgfbr/status/2056866780866351323

Alive-in-2025•about 18 hours ago

Automated account bans are the bane of internet existence today. I was banned from reddit for "bad behavior", I appealed and both times it's oops, there was nothing there, some automated system thought your comment was rude even though it wasn't.

Then they send you very strongly worded messages that says trying to work around the ban will lead to something bad happening.

I've been worried my main email account provider would do this. The core issue is even if you pay, even if you are a company as shown here companies don't carefully enough have limits on banning. I can only imagine they ban lots of scammy things every day so "they think it's working great".

enahs-sf•about 20 hours ago

I respect what railway is doing but also would never run my business on such a platform.

eoswald•about 20 hours ago

Today changed my opinion on them completely. Was willing to give them the benefit of the doubt that they're growing fast, but now seeing that they've failed to scale properly, and are missing little things that become big things later. I can't take that risk.

dpark•about 20 hours ago

That kind of sounds like you don’t respect what they are doing.

enahs-sf•about 17 hours ago

I think it’s good people are making IaaS platforms, but have dealt with enough firefighter hero bullshit to have seen this coming a mile away. Uptime and redundancy are strongly correlated.

usernametaken29•about 18 hours ago

I didn’t knew Railway so with this misleading headline I thought a Google Cloud data centre was being built in the way of a railroad. That’d been a funny story to read..

Polizeiposaune•about 16 hours ago

An elevated railroad once ran through one end of what is now a Google-owned building (Chelsea Market in Manhattan). It's now part of the High Line elevated pedestrian park.

astafrig•about 18 hours ago

How is the title misleading?

tauntz•about 13 hours ago

"Railway Blocked by Google Cloud"

If you don't happen to know that "Railway" is referring to a company, then you might reasonably read that as "a GCP outage caused issues in the train network somewhere".

zx8080•about 13 hours ago

For those who opened this link to read news about the real railway (with trains), it's not about it. Thank you for wasting my time!

TheTaytay•about 19 hours ago

I’ve seen a few smug “all your eggs in one basket” comments here.

I’m aware of some companies hosting their own metal and infra, but I’m not aware of large companies mitigating risk by hosting on separate cloud providers as a fallback mechanism. We might disagree with cloud provider choice, or think they should have been hosting their own metal, but that’s still an “all your eggs in one basket” choice, right?

Heck, they might even have multi-region fallback with GCP, but if GCP bans your account, that doesn’t matter.

Are there good examples of running a company of railway’s size so redundantly that their host could nuke one of their accounts and they’d just keep on trucking?

fontain•about 19 hours ago

They do run their own metal. That’s their entire ethos. Railway is their own cloud.

chradams•about 19 hours ago

Just google multi-cloud. Yes. It's a thing.

wmf•about 19 hours ago

99% of multi-cloud is fake though. True multi-cloud is incredibly rare.

TheTaytay•about 16 hours ago

I appreciate it. That's my belief as well. Very easy to write a post like, "Just use multiple clouds!" or to claim to have done it with a small project. But it's hard for me to imagine the benefits outweighing the extremely massive complexity costs at a certain scale.

padolsey•about 19 hours ago

Does anyone know how this even happens inside the walls of google? Is it an automated process? How is such a (presumably) high revenue account just magically blocked without human intervention? I'm quite perplexed.

jpollock•about 19 hours ago

There would have been efforts to contact them, but it would have been via their contact method, aka the email they set it up with.

Common ways this happens? They are using a credit card to run their business with no backup payment method. Then the company's contact person is on vacation.

mbreese•about 18 hours ago

Yeah, I'm not sure what to think here. We know Google is not the best at customer service and has automated account suspensions. But, what I'm curious about here is why this happened.

Railway hosts applications for customers. An uneducated guess for some possible reasons: 1) one of those customers hosted something they shouldn't have 2) railway had something spawn that took up too many resources 3) Or their account balance was too high 4) Or something...

But all of this probably culminates in someone needed to read an email that was missed.

Scaling a customer infrastructure setup like Railway is hard. This is one of the non-technical hard parts - how to make sure your account with your primary vendor is safe. But, I'm willing to wait to pass judgement here until more information is available. I'm sure the post-mortem will have lessons. I'd like to know more.

thayne•about 17 hours ago

> via their contact method, aka the email they set it up with

If it's anything like AWS, that may be just one of hundreds of emails they send every day, most of which are just noise.

scratchyone•about 19 hours ago

Honestly still insane to nuke a high-volume client's business after a single payment issue. There would be no reason for Google to believe that a single hiccup like that is evidence that they won't get paid and have to cut account access immediately.

4lx87•about 5 hours ago

It is insane, but my past experience with GCP is they suspended all service only days after a failed payment, after years of paying on time. It's a major factor in why I don't use them anymore. I'm not waking up to angry customers again because the CC is expired and I missed an email.

I'd be curious to know why Railway's account was suspended. Was it a similar payment issue or something else?

antran22•about 16 hours ago

Railway might not be even in the realm of high-volume clients for Google. For all we know they might be efficient in utilizing Google infrastructure.

But most likely, it's just automations in place without an appropriate human override coupled with gross negligence.

jasonkester•about 16 hours ago

Yeah, compared to the AWS experience:

I had a toy Free Tier account that managed to overstep a limit one month and rack up $0.0038 in charges.

AWS hounded me about it for an entire year before finally putting the account on hold. Then kept at it for months more before finally deleting it.

It’s pike the paperboy from Better off Dead, if he were to continue delivering newspapers while hounding you for his two dollars.

cube00•about 14 hours ago

Railway "What we know so far: May 19th 2026": https://station.railway.com/community/what-we-know-so-far-ma...

mjy78•about 17 hours ago

All in on cloud so we don’t need to worry about backups. Now your subscription is the single point of failure.

jefborges•about 19 hours ago

Railway is back, but I’m not sure if I can trust keeping my projects there, so I’m going to migrate to another company.

oofbey•about 18 hours ago

After reading about how their delete database API also deletes all the backups, I concluded they are not to be trusted.

CodesInChaos•about 14 hours ago

Don't all major clouds do that by default? But at least they have additional protections you can configure, if you know about them.

marknutter•about 17 hours ago

It's not back.

thrownthatway•about 16 hours ago

Huh.

Railway dot com

Has nothing to do with railways.

I wish software people would get their own words.

patrickmay•about 8 hours ago

I was also expecting a story about a physical railway being shut down.

hnburnsy•about 18 hours ago

From their founder on X...

"Absolutely. The Railway network is a mesh ring between AWS, GCP, and Metal

So: - High availability interconnects - High availability path routing between clouds - Database itself is high availability

However, Google's VPC itself is not. So we will add a shard to Metal and AWS"

hnburnsy•about 18 hours ago

More here...

https://x.com/JustJake

sammy2255•about 18 hours ago

The 3-2-1 backup rule is pretty outdated in the world of cloud. You could have 3 complete copies of your data in different S3 buckets, but if they're all under the same account you've lost your blast radius protection

zootboy•about 14 hours ago

It's not outdated, you just actually need to follow it. 3 copies of data in separate S3 buckets is ignoring the "2" in the 3-2-1 rule: 2 different mediums, and also the "1" rule: 1 copy offsite. In the cloud era, offsite means not on the same cloud provider. Different mediums ideally means a non-cloud provider (e.g. a NAS at your office under your control).

rsync•about 18 hours ago

If only there were a quick and easy way to replicate s3 buckets to an independent provider…

… on the Unix command line …

… to a cloud older than AWS…

… if only …

funtech•about 17 hours ago

Wish I could upvote this comment account more. Too many people look for something new and shiny when trusty ol tools are sitting right there. :)

oefrha•about 17 hours ago

Well having backups help, but I certainly can’t migrate my infra to rsync.net on moments’ notice (or ever since rsync.net does storage and nothing else) so my customers aren’t affected.

lemagedurage•about 16 hours ago

Inflated egress costs might make this prohibitively expensive, $80 per TB at GCP and AWS

eclipticplane•about 17 hours ago

I don't think that technology exists. Sorry.

whalesalad•about 16 hours ago

You replicate data to different clouds.

jaspanglia•about 16 hours ago

Cloud platform dependencies are becoming a huge single point of failure

jkogara•about 12 hours ago

Interestingly, upon logging in this morning I was presented with a new terms and conditions banner that required me to agree to not deploy a list of, to varying degrees, nefarious things (bots, torrents, "anything illegal", etc.). Is it likely that some of these workloads resulted in the auto restriction from GCP?

gnabgib•about 20 hours ago

Dupe - join the discussion started an hour ago instead of query string work (12 points, 4 comments) https://news.ycombinator.com/item?id=48200827

aarondf•about 20 hours ago

I added the qs because it defaulted to a story from 3 months ago.

danpalmer•about 8 hours ago

7 minutes from bug filing to account restoration. This shouldn't have happened in the first place, but that's an excellent response time from the support team.

Mengkudulangsat•about 20 hours ago

That explains why all my vibe-coded hobby projects are down.

Thank God I'm not dealing with any public-facing sites! Would have been an expensive lesson for a newbie coder if my job depended on this.

orliesaurus•about 19 hours ago

I wonder if someone has exploited a weird Google-safety automated process to report something on Railway which caused Google to block the whole thing.

whh•about 11 hours ago

There's that "automated action" again. Regardless of the architectural decision, it makes me incredibly uneasy relying on GCP if these types of things can happen.

AbstractH24•about 8 hours ago

Did anyone discover any unexpected tools/wesbties use railway during this outage?

r_lee•about 19 hours ago

seriously, is it possible to trust GCP with critical data/services at this point if you're not a billion dollar company?

I'm exaggerating but someone said they got "auto banned"

what if that happens to a small account which hosts some really important data/services there?

xyzzy_plugh•about 19 hours ago

I've managed several accounts with GCP over the years and I've always maintained a great relationship with our contacts there. Some of these accounts were quite small, on the order of <$20k/mo, and even then we were kept abreast of anything that might be cause for concern. I always maintain a standing biweekly meeting with at least someone on the other side (account exec, technical staff, whatever) and I've yet to be blindsided by anything.

Is Google's communication good? No, not particularly. The only way something like TFA happens is if the relationship is neglected (by one or both parties). I'm not saying Railway did something wrong, but there are usually many flags and opportunities to correct long before drastic actions.

I get the impression that Railway plays fast and loose with a lot of their limits and resources and that Google may not be a fan of that.

Edit: would also like to say that if you put all your resources in one GCP project you are going to have a bad time. If you organize stuff over many projects it is very unlikely that they will ever take account wide action. I've had issues with, for example, a particular tenant's behavior, but it never jeopardized the other tenants.

Avicebron•about 19 hours ago

> what if that happens to a small account which hosts some really important data/services there?

Pray to @dang that you will make the front page of HN?

throwaway85825•about 19 hours ago

Even if you are a billion dollar company you still have problems like the Australian pension did. Google is just that bad.

chi_features•about 19 hours ago

https://blog.railway.com/p/series-b

Agreed. Railway are probably not far off a billion dollar company though!

jrockway•about 18 hours ago

I don't think you can ever trust one service with critical data. Some Claude instance deletes your prod database, you have to restore from an offsite backup because it also deleted your local backups. Even at small startups we did pg_dump to AWS from GCP because ... who knows what is going to happen to GCP, and we want to continue to be in business if that happens.

I don't feel safe with any one single point of failure. "Your credit card bounced", "you thought it was dev", "you got hacked", etc. are all the same problem to me and no cloud provider solves those merely by setting up an account.

ttoinou•about 19 hours ago

Railway isnt far from being a billion dollar company, no ?

intelVISA•about 6 hours ago

I don't want to believe this, lol.

zelon88•about 18 hours ago

Wild to me that any tech sector business would want to rent an operating environment to park their entire infrastructure into. This is the equivalent to traveling shoe salesmen setting up a tent in the parking lot of a strip mall.

brunooliv•about 12 hours ago

Having tried many of these hosting services to host/play with toy apps, DigitalOcean and Fly.io are both unparalleled GOATs.

mattbee•about 14 hours ago

The risk of an "upstream cloud provider" is not something you need to tolerate in your supplier of internet infrastructure!

dlcarrier•about 16 hours ago

This is the kind of outage worthy of a Kevin Fang video.

yomismoaqui•about 12 hours ago

Remember, the cloud is someone else's computer.

If that person turns it off you're screwed.

tux•about 19 hours ago

At this point you can’t trust Google anymore, it keeps breaking things. Imagine having Google AI do this thins automatically. Will have apocalypse in in a day.

dwa3592•about 19 hours ago

Wait, I thought railway was a cloud provider like AWS, GCP but better and more agile. At least that's the impression i got from their website.

pavelevst•about 16 hours ago

Avoid vendor locking, have backups, make disaster recovery standby (or plan for quick recovery elsewhere)

leventhan•about 17 hours ago

What's a good alternative to Railway?

steve1977•about 16 hours ago

Lesson learned: don't rely on a single hyperscaler, even (or especially) as a startup.

burnerRhodov3•about 16 hours ago

I just... I don't really understand why startups even use AWS, GC, or any other cloud hosted software? Hetzner, etc. Are all extremely cheap, and honestly scale so well... Code nowadays is cheaper for configs, and having full control over your compute is... liberating.

dannersy•about 16 hours ago

Low cost to entry, easy to get scale from the beginning if you need it. The large cloud providers throw free credit at startups to lock them in all the time. I had a short lived stint trying to get my own startup off the ground and it was really easy to get free compute from Google with no strings attached. This was many years ago now, but I would be surprised if it is any different.

I am with you entirely and would not have taken that route today, but it is really easy to see why people go that route.

antran22•about 15 hours ago

A few years ago, when I was kinda active in the startup scene in my area, you have people selling access to cloud credits with penny-on-the-dollar price. The credits are given out liberally to big-corps, organization by AWS/GCP, through workshops, webinars, events. All in the hope of roping the departments into building MVPs, demos on AWS/GCP, but people also find a way to cheat on that system and make some quick bucks.

I know a startup of my acquaintances that have been running on AWS for 5 years straight without paying a single dollar to AWS. When the credits almost run out, they started to migrate their data over to another account with credit. That happened twice already.

It helps to have a portable, replicable IaC config. But also this is sustainable because they are a pretty small struggling shop. You will probably not be able to do this if you are trying to maintain more than 3 nines for an enterprise client.

chi_features•about 14 hours ago

Perhaps Railway does a bit more than what you think, they have some great functionality (I'm not affiliated with them). Check out [Features | Railway](https://railway.com/features) "PR Environments", they are incredible for the QA process

steve1977•about 16 hours ago

Oh absolutely... and many use architectures that have evolved out of the needs of really big companies and are not really a good fit for a startup. But I guess they want to be "ready for growth".

brokenodo•about 20 hours ago

I’m a new customer and have been falling in love with Railway over the last 2 weeks, but this is quite the wake up call.

csw-001•about 20 hours ago

Literally in the same boat. I've been really happy with it, but this is a major eye opener.... It's been done for a looooong time by provider standards.

reelvideocap•about 20 hours ago

same

choilive•about 19 hours ago

Been a customer with them for over a year now, small incidents here and there but never anything this major.

TheAtomic•about 19 hours ago

same same

bilalq•about 17 hours ago

Building a startup on GCP (or even Google Workspace) is an existential risk.

redanddead•about 19 hours ago

one of the many reasons companies are cloud agnostic and dont want to get locked in

fh67•about 18 hours ago

Yeah but until you find that the new cloud provider won't approve your compute quota or doesn't have enough capacity in the region or you hit fraud flags for stagnant account spinning up lots of compute.

parineum•about 18 hours ago

There's a lot of, what seems to me, unfounded blame being directed at Google for this. Isn't railway the company that just blamed Anthropic for deleting their prod database?

mmmore•about 18 hours ago

Nope, Railway was the company who was hosting PocketOS, which is the company that blamed Cursor for deleting their prod database. Railway is only involved insofar as their API allowed an instant delete of the prod database.

oofbey•about 18 hours ago

Railway deserves a lot of blame here. Deleting backups along with the database is a lot like not having backups. Moronic design choice.

Genego•about 17 hours ago

Why does Railway deserve any blame here at all? It was an MCP with elevated infra access, that the user willingly connected through Cursor, which allowed an LLM Agent to manage infra on Railway. The user would first have gone through oAuth confirming the access level scope (I would have rejected the moment it indicates to me that it can delete critical infra and backups...). So obviously it has access to all commands the user would also have access to. From my perspective the blame is entirely on the user, and partly on Cursor for not enforcing HITL correctly across their agents.

sidrag22•about 18 hours ago

fairly certain you are remembering the goofy article that was going around where a railway user allowed an agent to delete his db. iirc he questioned the agent after and the agent told him it should have read the file that told him not to do things, so just sounds like he deleted his db and blamed his tools.

koolhead17•about 17 hours ago

Let's blame some rouge AI agent at GCP causing this.

jujube3•about 18 hours ago

If you buy a cloud-on-a-cloud, you're a clown-on-a-clown.

ryanisnan•about 20 hours ago

Yikes. I was wondering why my TLS certs were coming up as invalid.

bshack0•about 20 hours ago

so....what are we switching to y'all? cloud-run ? ;P

auxiliarymoose•about 20 hours ago

federated hardware (a bunch of raspberry pis networked into a high availability kubernetes cluster, hidden across various local coffee shops for free power and bandwidth)

throwatdem12311•about 20 hours ago

raspberry-pi cluster in my closet

frio•about 19 hours ago

16GiB Raspberry Pi 5s in my country are now going for ~$450USD, so I've gotta say that's out of reach for me now :(.

eezing•about 17 hours ago

“Deletion of private cloud subscription…”

Who deleted it?

isninkhamiss•about 19 hours ago

github got way more noise for less

ChrisArchitect•about 19 hours ago

Earlier: https://news.ycombinator.com/item?id=48200827

Drew-Aetherwave•about 19 hours ago

It is killing me...

jamwise•about 16 hours ago

There goes a 9

mcontrerazCL•about 20 hours ago

all my fkn postgres bd in railways! what do i do now?

eoswald•about 20 hours ago

Hahah at least you're not getting called every five minutes because you cant shut off the alerts, because its apparently deployed SOMEWHERE but good luck finding how to access it. Can't wait to see the bill from Twilio because of this lol

cactusplant7374•about 20 hours ago

Take a walk. Breathe in the fresh air. It feels good.

WhereIsTheTruth•about 14 hours ago

When your cloud depends on an other cloud

All these companies are fraud

Osborn_Ojure•about 19 hours ago

compute recovered, get ready boys!

fnord77•about 17 hours ago

wish I knew what "railway" is

iloveplants•about 21 hours ago

seems like it's every day

shevy-java•about 17 hours ago

Do not become dependent on Google. Ever.

rvz•about 19 hours ago

Let me guess… Googler running AI agent in production that blocked this startup’s account.

paganel•about 12 hours ago

Apparently this has nothing to do with real-world trains and to the real-world rail system, at first, and reading the title alone, I had thought that some trains might have got stuck somewhere because of an IT (google cloud) failure. It's just another SaaS story.

rekabis•about 20 hours ago

TL;DR: putting all your eggs into one basket is bad, man.

lfx•about 20 hours ago

That’s true, however having only few eggs and shopping for several baskets does not make sense in early days. Not sure how big railway is, but usually you start small with one egg.

christophilus•about 20 hours ago

You’d think they wouldn’t have started with GCP. There are plenty of datacenters where you can buy racks and racks of servers, and talk to a human when something goes wrong, and even walk in and access your servers. That’s what I’d be using if I were to build a Rackspace today.

tomschlick•about 19 hours ago

They started on GCP and have been migrating to their own "Metal" DC doing exactly what you're describing. But GCP is still their overflow given how rapidly they are growing and holds some amount of networking that routes to their DC.

wmf•about 19 hours ago

Colo is worse than cloud when you're getting started. Sure, you can talk to a person but everything else is much lower quality. People are obsessed with having someone to yell at but yelling does not fix outages.

rekabis•about 20 hours ago

TL;DR: putting all your eggs into one basket is bad, man.

Aachen•about 4 hours ago

Note, you submitted a dupe: https://news.ycombinator.com/item?id=48201711 (the comment I'm replying to is 1 ID older so I guess this is the canonical one to reply to)

canpan•about 19 hours ago

How to handle domains? The rest is easy, but your domain registrar blocking you sounds like a pain. My current solution is to use a local small provider, just for the domain. Then if there is a problem with your play account it is out of any blast radius.

FlamingMoe•about 19 hours ago

What do you mean by local small provider? A registrar on main street?

rekabis•about 15 hours ago

What the deuce are you blathering on about. An account got blocked, this has nothing to do with a domain.

And I’m talking about having disparate failovers that don’t rely on a single hosting provider. At that point, who cares what Google does to your cloud account… work with the hot failover and spin up another hot failover somewhere else.

truekonrads•about 19 hours ago

MarkMonitor

Barbing•about 19 hours ago

Any changes since acquisition?

Looks like they were sold at the beginning of the year to a company without a Wikipedia page whose parent company doesn’t have one either https://en.wikipedia.org/wiki/Markmonitor

  Acquired in November 2022 by Newfold Digital, it was later announced that the firm would be sold to Com Laude, a company owned by PX3 Partners.

Edit-Private equity apparently https://px3partners.com

  PX3 stands for purpose, passion, and performance. It is a pan-European private equity firm with headquarters in London. It invests behind transformative themes and targets companies operating within select segments of the business services, consumer and leisure, and industrials sectors with strong business fundamentals.

binarycleric•about 19 hours ago

Same applies to all the companies betting the farm on AWS.

rekabis•about 15 hours ago

Precisely. If you’re going to have a hot failover, it behoves you to have an entirely separate entity billing you for that hosting.

Honestly, I don’t know where the downvotes are coming from. Do people have no clue about service resiliency? I can understand if it’s a personal project or you haven’t yet scaled to paying customers, but anything at scale with serious money involved needs to be completely independent of the underlying hosting. It should remain up even if an entire provider goes titsup.