§ whyisthisdown // notes from the night shift
Writing for engineering teams on observability, incident analysis, and building resilient systems. No frameworks-of-the-week — just what breaks and how to tell.
Sixteen months of relief — except the two soonest obligations are still seven months out, and Article 12's logging requirement is an architecture decision you can't defer. Brussels blinked. You can't.
Nine seconds. One curl. A startup's production data and all its backups, gone. The agent wrote a confession afterward — and the confession was the least useful part. Same architecture failure, third time this year.
Twenty-two thousand MCP servers. Zero mandatory security checks. The protocol won — the trust layer never shipped. An audit of what's actually exposed.
Four GitHub incidents in five days. Three are the same failure wearing different masks — stale caches, ghost state, retry storms. That pattern is probably in your stack too.
You pasted logs into ChatGPT and got a plausible RCA. It's wrong. What changes when your LLM can query the observability stack directly — and what new failure modes that creates.
5,300 measurements, 6 scenarios. The headline is 19.6× speedup — the real findings are that stdio isn't serial, framework overhead is zero, and a hardcoded constant was capping your throughput.
Everyone's plugging unvetted MCP servers into production LLMs. Nobody's asking who's liable when they leak credentials or delete data. The governance gap enterprises are ignoring.