Feed fetched in 244 ms.
Content type is text/xml.
Feed is 726,041 characters long.
Feed has an ETag of W/"69b3d033-b1987".
Feed has a last modified date of Fri, 13 Mar 2026 08:52:03 GMT.
Feed is well-formed XML.
Warning Feed has no styling.
This is an Atom feed.
Feed title: The Fly Blog
Error Feed self link: https://fly.io/blog/ does not match feed URL: https://fly.io/blog/feed.xml.
Warning Feed is missing an image.
Feed has 40 items.
First item published on 2026-03-12T19:30:19.000Z
Last item published on 2024-02-12T00:00:00.000Z
All items have published dates.
Newest item was published on 2026-03-12T19:30:19.000Z.
Info Feed's Last-Modified date is newer than the newest item's published date (2026-03-13T08:52:03.000Z > 2026-03-12T19:30:19.000Z).
Home page URL: https://fly.io/blog/
Error Home page does not have any feed discovery link in the <head>.
Home page has a link to the feed in the <body>
<?xml version="1.0" encoding="UTF-8"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:media="http://search.yahoo.com/mrss/">
<title>The Fly Blog</title>
<subtitle>News, tips, and tricks from the team at Fly</subtitle>
<id>https://fly.io/blog/</id>
<link href="https://fly.io/blog/"/>
<link href="https://fly.io/blog/" rel="self"/>
<updated>2026-03-10T00:00:00+00:00</updated>
<author>
<name>Fly</name>
</author>
<entry>
<title>Unfortunately, Sprites Now Speak MCP</title>
<link rel="alternate" href="https://fly.io/blog/unfortunately-mcp/"/>
<id>https://fly.io/blog/unfortunately-mcp/</id>
<published>2026-03-10T00:00:00+00:00</published>
<updated>2026-03-12T19:30:19+00:00</updated>
<media:thumbnail url="https://fly.io/blog/unfortunately-mcp/assets/whack.webp"/>
<content type="html"><div class="lead"><p>Sprites are disposable cloud computers. They appear instantly, always include durable filesystems, and cost practically nothing when idle. They’re the best and safest place on the Internet to run agents and we want you to <a href="https://sprites.dev/" title="">create dozens of them</a>.</p>
</div>
<p>Sprites are a place to run agents; the first thing you should think to do with a new Sprite is to type <code>claude</code> (or <code>gemini</code> or <code>codex</code>). We&rsquo;ve put a <a href='https://fly.io/blog/design-and-implementation/' title=''>lot of effort</a> into making sure coding agents feel safe and happy when they&rsquo;re on Sprites, because, to (probably) quote John von Neumann, &ldquo;happy agents are productive agents.&rdquo;</p>
<p>What&rsquo;s less obvious about Sprites is that they&rsquo;re great tools <em>for</em> agents. Want three different versions of a new feature? A test environment? An ensemble of cooperating services? It&rsquo;s super handy to be able to start your prompts, &ldquo;<code>On a new Sprite, do…</code>&rdquo;.</p>
<p>The Sprites API is simple, discoverable, and designed for this use case. It&rsquo;s just a question of how you choose to give your agent access to it. And now there&rsquo;s one more way: with MCP.</p>
<h2 id='we-did-this-because-your-agents-suck' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#we-did-this-because-your-agents-suck' aria-label='Anchor'></a><span class='plain-code'>We Did This Because Your Agents Suck</span></h2>
<p>This feature works well, but we&rsquo;re less than enthusiastic about it. Not as product developers, mind you. It&rsquo;s a good product! Just as aesthetes.</p>
<p>In 2026, MCP is the wrong way to extend the capabilities of an agent. The emerging Right Way to do this is command line tools and discoverable APIs.</p>
<p>When we plug an MCP into your agent, we&rsquo;re filling its context with tool descriptions, many of which you&rsquo;ll probably never use. Really, all your agent should need is a short sentence, like &ldquo;<code>Use this skill whenever users want to create a new VM to run a task on, or to manage the VMs already available.</code>&rdquo; The skill should take care of the rest.</p>
<p>CLI-driven agent skills are efficient because they reveal capabilities progressively. You can do CLI subcommands, like <code>sprite checkpoint</code> and <code>sprite exec</code>, or with API endpoints and subpaths. Good agent harnesses are uncanny at quickly working out how to use these things.</p>
<div class="right-sidenote"><p>You <em>are</em> using Playwright, right? “Make sure this web application actually works before you tell me you’re done”?</p>
</div>
<p>Take <a href='https://playwright.dev/' title=''>Playwright, the industry-standard browser automation tool</a>. Ask <code>claude</code> to install Playwright and Chrome and there&rsquo;s a coinflip chance it sets up the MCP server. But notice that when the coin comes up tails, Playwright still works. <code>claude</code> just drives it by writing little scripts. This is good! The models already know how to write little scripts without using up context.</p>
<p>And there&rsquo;s more at stake than just efficiency. Cramming your context full of MCP tool descriptions is a way of signaling to the model that those tools are important to you. But not every Sprite command is equally important in every setting. If you&rsquo;re not using network policies, you don&rsquo;t need <code>gemini</code> to waste a bunch of time setting them up for you.</p>
<p>Skills and APIs are the best way to drive Sprites. But to make that work, you need an agent that can run shell commands for itself. So you&rsquo;ll want to reach for MCP sessions when you&rsquo;re stuck with an agent that can&rsquo;t run commands. Thankfully, most of us aren&rsquo;t using those kinds of agents anymore. In <code>claude</code>, <code>gemini</code>, or <code>codex</code>, you should just show your agent the <code>sprite</code> CLI and let it impress you.</p>
<h2 id='sprites-dev-mcp' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#sprites-dev-mcp' aria-label='Anchor'></a><span class='plain-code'>sprites.dev/mcp</span></h2>
<p>Plug this URL into Claude Desktop, or any other agent tool that speaks MCP. You&rsquo;ll authenticate to one of your Fly.io organizations, and your agent will speak Sprites.</p>
<p>Then:</p>
<p><code>On a new Sprite, take this repository and reproduce this bug from issues/913, capturing logs.</code></p>
<p><code>On a new Sprite, benchmark this function across 1000 runs and summarize the results.</code></p>
<p><code>On a new Sprite, update all the dependencies on this project to their newest versions and test that everything works.</code></p>
<p><code>On 3 new Sprites, change this service to use each of these 3 query libraries, and use HTTP to test latency.</code></p>
<p><code>On a new Sprite, run this code with bpfwatch and show me what files it touches.</code></p>
<p><code>On a new Sprite, run a load generator against this endpoint for 60 seconds and report the results.</code></p>
<p><code>On a new Sprite, download this dataset and give me a Jupyter notebook to explore it in.</code></p>
<p><code>On a new Sprite, set up a webhook receiver and render a real-time web report of all the payloads it receives.</code></p>
<p>I don&rsquo;t know. You know your projects better than we do. Whatever. Sometimes you want a clean, cheap, disposable computer (or five of them). That&rsquo;s now an available feature of all your prompts. Find ways to apply it to your project, and we think you&rsquo;ll end up wondering where Sprites have been all your life.</p>
<div class="callout"><p>Some of you are thinking to yourself: “this feature is going to result in robots ruining my life”. We agree. So we’ve built in guardrails. When you authenticate, giving your agent access to a single specific organization on your Fly.io account, we’ll let you scope down the MCP session. You can cap the number of Sprites our MCP will create for you, and you can give them name prefixes so you can easily spot the robots and disassemble them.</p>
</div><h2 id='fuck-stateless-sandboxes' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#fuck-stateless-sandboxes' aria-label='Anchor'></a><span class='plain-code'>Fuck Stateless Sandboxes</span></h2>
<p>We&rsquo;ll keep saying this until our faces turn blue: the industry is stuck on &ldquo;sandboxes&rdquo; as a way of letting agents run code, and sandboxes aren&rsquo;t good enough anymore. What agents want is real computers, with real filesystems, connected to real networks, and there&rsquo;s no technical reason not to give them some.</p>
<p><a href='https://fly.io/blog/code-and-let-live/' title=''>We designed Sprites so that you can fearlessly create whole bunches of them</a>. They&rsquo;re responsive enough to host web apps for your team, but they idle in a sleeping state where they cost virtually nothing. Everybody at Fly.io that uses them ends up with 20 or 30, just hanging around.</p>
<p>We think you&rsquo;ll do better work when you can pull in as many computers as you need to solve problems. If it takes an MCP server for us to get you to do that, so be it.</p></content>
</entry>
<entry>
<title>Litestream Writable VFS</title>
<link rel="alternate" href="https://fly.io/blog/litestream-writable-vfs/"/>
<id>https://fly.io/blog/litestream-writable-vfs/</id>
<published>2026-01-29T00:00:00+00:00</published>
<updated>2026-02-04T23:24:24+00:00</updated>
<media:thumbnail url="https://fly.io/blog/litestream-writable-vfs/assets/litestream-writable-vfs.jpg"/>
<content type="html"><div class="lead"><p><strong class="font-semibold text-navy-950">I’m Ben Johnson, and I work on Litestream at Fly.io. Litestream is the missing backup/restore system for SQLite. It’s free, open-source software that should run anywhere, and</strong> <a href="/blog/litestream-v050-is-here/" title=""><strong class="font-semibold text-navy-950">you can read more about it here</strong></a><strong class="font-semibold text-navy-950">.</strong></p>
</div>
<p>Each time we write about it, we get a little bit better at golfing down a description of what Litestream is. Here goes: Litestream is a Unix-y tool for keeping a SQLite database synchronized with S3-style object storage. It&rsquo;s a way of getting the speed and simplicity wins of SQLite without exposing yourself to catastrophic data loss. Your app doesn&rsquo;t necessarily even need to know it&rsquo;s there; you can just run it as a tool in the background.</p>
<p>It&rsquo;s been a busy couple weeks!</p>
<p>We recently <a href='/blog/design-and-implementation/' title=''>unveiled Sprites</a>. If you don&rsquo;t know what Sprites are, you should just <a href='https://sprites.dev/' title=''>go check them out</a>. They&rsquo;re one of the coolest things we&rsquo;ve ever shipped. I won&rsquo;t waste any more time selling them to you. Just, Sprites are a big deal, and so it&rsquo;s a big deal to me that Litestream is a load-bearing component for them.</p>
<p>Sprites rely directly on Litestream in two big ways.</p>
<p>First, Litestream SQLite is the core of our global Sprites orchestrator. Unlike our flagship Fly Machines product, which relies on a centralized Postgres cluster, our Elixir Sprites orchestrator runs directly off S3-compatible object storage. Every organization enrolled in Sprites gets their own SQLite database, synchronized by Litestream.</p>
<p>This is a fun design. It takes advantage of the &ldquo;many SQLite databases&rdquo; pattern, which is under-appreciated. It&rsquo;s got nice scaling characteristics. Keeping that Postgres cluster happy as Fly.io grew has been a major engineering challenge.</p>
<p>But as far as Litestream is concerned, the orchestrator is boring, and so that&rsquo;s all I&rsquo;ve got to say about it. The second way Sprites use Litestream is much more interesting.</p>
<p>Litestream is built directly into the disk storage stack that runs on every Sprite.</p>
<p>Sprites launch in under a second, and every one of them boots up with 100GB of durable storage. That&rsquo;s a tricky bit of engineering. We&rsquo;re able to do this because the root of storage for Sprites is S3-compatible object storage, and we&rsquo;re able to make it fast by keeping a database of in-use storage blocks that takes advantage of attached NVMe as a read-through cache. The system that does this is JuiceFS, and the database — let&rsquo;s call it &ldquo;the block map&rdquo; — is a rewritten metadata store, based (you guessed it) on BoltDB.</p>
<p>I kid! It&rsquo;s Litestream SQLite, of course.</p>
<h2 id='sprite-storage-is-fussy' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#sprite-storage-is-fussy' aria-label='Anchor'></a><span class='plain-code'>Sprite Storage Is Fussy</span></h2>
<p>Everything in a Sprite is designed to come up fast.</p>
<p>If the Fly Machine underneath a Sprite bounces, we might need to reconstitute the block map from object storage. Block maps aren&rsquo;t huge, but they&rsquo;re not tiny; maybe low tens of megabytes worst case.</p>
<p>The thing is, this is happening while the Sprite boots back up. To put that in perspective, that&rsquo;s something that can happen in response to an incoming web request; that is, we have to finish fast enough to generate a timely response to that request. The time budget is small.</p>
<p>To make this even faster, we are integrating Litestream VFS to improve start times.The VFS is a dynamic library you load into your app. Once you do, you can do stuff like this:</p>
<div class="highlight-wrapper group relative bash">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-duvcwc7p"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-duvcwc7p">sqlite&gt; .open file:///my.db?vfs<span class="o">=</span>litestream
sqlite&gt; PRAGMA litestream_time <span class="o">=</span> <span class="s1">'5 minutes ago'</span><span class="p">;</span>
sqlite&gt; SELECT <span class="k">*</span> FROM sandwich_ratings ORDER BY RANDOM<span class="o">()</span> LIMIT 3 <span class="p">;</span>
22|Veggie Delight|New York|4
30|Meatball|Los Angeles|5
168|Chicken Shawarma Wrap|Detroit|5
</code></pre>
</div>
</div>
<p>Litestream VFS lets us run point-in-time SQLite queries hot off object storage blobs, answering queries before we&rsquo;ve downloaded the database.</p>
<p>This is good, but it&rsquo;s not perfect. We had two problems:</p>
<ol>
<li>We could only read, not write. People write to Sprite disks. The storage stack needs to write, right away.
</li><li>Running a query off object storage is a godsend in a cold start where we have no other alternative besides downloading the whole database, but it&rsquo;s not fast enough for steady state.
</li></ol>
<p>These are fun problems. Here&rsquo;s our first cut at solving them.</p>
<h2 id='writable-vfs' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#writable-vfs' aria-label='Anchor'></a><span class='plain-code'>Writable VFS</span></h2>
<p>The first thing we&rsquo;ve done is made the VFS optionally read-write. This feature is pretty subtle; it&rsquo;s interesting, but it&rsquo;s not as general-purpose as it might look. Let me explain how it works, and then explain why it works this way.</p>
<div class="callout"><p>Keep in mind as you read this that this is about the VFS in particular. Obviously, normal SQLite databases using Litestream the normal way are writeable.</p>
</div>
<p>The VFS works by keeping an index of <code>(file,offset, size)</code> for every page of the database in object storage; the data comprising the index is stored, <a href='https://github.com/superfly/ltx' title=''>in LTX files</a>, so that it&rsquo;s efficient for us to reconstitute it quickly when the VFS starts, and lookups are heavily cached. When we queried <code>sandwich_ratings</code> earlier, our VFS library intercepted the SQLite read method, looked up the requested page in the index, fetched it, and cached it.</p>
<p>This works great for reads. Writes are harder.</p>
<p>Behind the scenes in read-only mode, Litestream polls, so that we can detect new LTX files created by remote writers to the database. This supports a handy use case where we&rsquo;re running tests or doing slow analytical queries of databases that need to stay fast in prod.</p>
<p>In write mode, we don&rsquo;t allow multiple writers, because multiple-writer distributed SQLite databases are the <a href='https://hellraiser.fandom.com/wiki/Lament_Configuration' title=''>Lament Configuration</a> and we are not explorers over great vistas of pain. So the VFS in write-mode disables polling. We assume a single writer, and no additional backups to watch.</p>
<p>Next, we buffer. Writes go to a local temporary buffer (&ldquo;the write buffer&rdquo;). Every second or so (or on clean shutdown), we sync the write buffer with object storage. Nothing written through the VFS is truly durable until that sync happens.</p>
<div class="right-sidenote"><p>Most storage block maps are much smaller than this, but still.</p>
</div>
<p>Now, remember the use case we&rsquo;re looking to support here. A Sprite is cold-starting and its storage stack needs to serve writes, milliseconds after booting, without having a full copy of the 10MB block map. This writeable VFS mode lets us do that.</p>
<p>Critically, we support that use case only up to the same durability requirements that a Sprite already has. All storage on a Sprite shares this &ldquo;eventual durability&rdquo; property, so the terms of the VFS write make sense here. They probably don&rsquo;t make sense for your application. But if for some reason they do, have at it! To enable writes with Litestream VFS, just set the <code>LITESTREAM_WRITE_ENABLED</code> environment variable <code>&quot;true&quot;</code>.</p>
<p><img src="/blog/litestream-writable-vfs/assets/write-path.png" /></p>
<h2 id='hydration' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#hydration' aria-label='Anchor'></a><span class='plain-code'>Hydration</span></h2>
<p>The Sprite storage stack uses SQLite in VFS mode. In our original VFS design, most data is kept in S3. Again: fine at cold start, not so fine in steady state.</p>
<p>To solve this problem, we shoplifted a trick from <a href='https://docs.kernel.org/admin-guide/device-mapper/dm-clone.html' title=''>systems like dm-clone</a>: background hydration. In hydration designs, we serve queries remotely while running a loop to pull the whole database. When you start the VFS with the <code>LITESTREAM_HYDRATION_PATH</code> environment variable set, we&rsquo;ll hydrate to that file.</p>
<p>Hydration takes advantage of <a href='https://fly.io/blog/litestream-revamped#point-in-time-restores-but-fast' title=''>LTX compaction</a>, writing only the latest versions of each page. Reads don&rsquo;t block on hydration; we serve them from object storage immediately, and switch over to the hydration file when it&rsquo;s ready.</p>
<p><img src="/blog/litestream-writable-vfs/assets/timeline.png" /></p>
<p>As for the hydration file? It&rsquo;s simply a full copy of your database. It&rsquo;s the same thing you get if you run <code>litestream restore</code>.</p>
<p>Because this is designed for environments like Sprites, which bounce a lot, we write the database to a temporary file. We can&rsquo;t trust that the database is using the latest state every time we start up, not without doing a full restore, so we just chuck the hydration file when we exit the VFS. That behavior is baked into the VFS right now. This feature&rsquo;s got what Sprites need, but again, maybe not what your app wants.</p>
<h2 id='putting-it-all-together' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#putting-it-all-together' aria-label='Anchor'></a><span class='plain-code'>Putting It All Together</span></h2>
<p>This is a post about two relatively big moves we&rsquo;ve made with our open-source Litestream project, but the features are narrowly scoped for problems that look like the ones our storage stack needs. If you think you can get use out of them, I&rsquo;m thrilled, and I hope you&rsquo;ll tell me about it.</p>
<p>For ordinary read/write workloads, you don&rsquo;t need any of this mechanism. Litestream works fine without the VFS, with unmodified applications, just running as a sidecar alongside your application. The whole point of that configuration is to efficiently keep up with writes; that&rsquo;s easy when you know you have the whole database to work with when writes happen.</p>
<p>But this whole thing is, to me, a valuable case study in how Litestream can get used in a relatively complicated and demanding problem domain. Sprites are very cool, and it&rsquo;s satisfying to know that every disk write that happens on a Sprite is running through Litestream.</p></content>
</entry>
<entry>
<title>The Design & Implementation of Sprites</title>
<link rel="alternate" href="https://fly.io/blog/design-and-implementation/"/>
<id>https://fly.io/blog/design-and-implementation/</id>
<published>2026-01-14T00:00:00+00:00</published>
<updated>2026-01-16T20:23:36+00:00</updated>
<media:thumbnail url="https://fly.io/blog/design-and-implementation/assets/starry-containers.webp"/>
<content type="html"><div class="lead"><p>We’re Fly.io, and this is the place in the post where we’d normally tell you that our job is to <a href="https://fly.io/blog/docker-without-docker/" title="">take your containers and run them on our own hardware</a> all around the world. But last week, we <a href="https://sprites.dev/" title="">launched Sprites</a>, and they don’t work that way at all. Sprites are something new: Docker without Docker without Docker. This post is about how they work.</p>
</div>
<p>Replacement-level homeowners buy boxes of pens and stick them in &ldquo;the pen drawer&rdquo;. What the elites know: you have to think adversarially about pens. &ldquo;The purpose of a system is what it does&rdquo;; a household&rsquo;s is to uniformly distribute pens. Months from now, the drawer will be empty, no matter how many pens you stockpile. Instead, scatter pens every place you could possibly think to look for one — drawers, ledges, desks. Any time anybody needs a pen, several are at hand, in exactly the first place they look.</p>
<p>This is the best way I&rsquo;ve found to articulate the idea of <a href='https://sprites.dev/' title=''>Sprites</a>, the platform we just launched at Fly.io. Sprites are ball-point disposable computers. Whatever mark you mean to make, we&rsquo;ve rigged it so you&rsquo;re never more than a second or two away from having a Sprite to do it with.</p>
<p>Sprites are Linux virtual machines. You get root. They <code>create</code> in just a second or two: so fast, the experience of creating and shelling into one is identical to SSH&#39;ing into a machine that already exists. Sprites all have a 100GB durable root filesystem. They put themselves to sleep automatically when inactive, and cost practically nothing while asleep.</p>
<p>As a result, I barely feel the need to name my Sprites. Sometimes I&rsquo;ll just type <code>sprite create dkjsdjk</code> and start some task. People at Fly.io who use Sprites have dozens hanging around.</p>
<p>There aren&rsquo;t yet many things in cloud computing that have the exact shape Sprites do:</p>
<ul>
<li>Instant creation
</li><li>No time limits
</li><li>Persistent disk
</li><li>Auto-sleep to a cheap inactive state
</li></ul>
<p>This is a post about how we managed to get this working. We created a new orchestration stack that undoes some of the core decisions we made for <a href='https://fly.io/machines' title=''>Fly Machines</a>, our flagship product. Turns out, these new decisions make Sprites drastically easier for us to scale and manage. We&rsquo;re pretty psyched.</p>
<p>Lucky for me, there happen to be three <code>big decisions</code> we made that get you 90% of the way from Fly Machines to Sprites, which makes this an easy post to write. So, without further ado:</p>
<h2 id='decision-1-no-more-container-images' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#decision-1-no-more-container-images' aria-label='Anchor'></a><span class='plain-code'>Decision #1: No More Container Images</span></h2>
<p>This is the easiest decision to explain.</p>
<p>Fly Machines are approximately <a href='https://fly.io/blog/docker-without-docker/' title=''>OCI containers repackaged as KVM micro-VMs</a>. They have the ergonomics of Docker but the isolation and security of an EC2 instance. We love them very much and they&rsquo;re clearly the wrong basis for a ball-point disposable cloud computer.</p>
<p>The &ldquo;one weird trick&rdquo; of Fly Machines is that they <code>start</code> and <code>stop</code> instantly, fast enough that they can wake in time to handle an incoming HTTP request. But they can only do that if you&rsquo;ve already <code>created</code> them. You have to preallocate. <code>Creating</code> a Fly Machine can take over a minute. What you&rsquo;re supposed to do is to create a whole bunch of them and <code>stop</code> them so they&rsquo;re ready when you need them. But for Sprites, we need <code>create</code> to be so fast it feels like they&rsquo;re already there waiting for you.</p>
<div class="right-sidenote"><p>We only murdered user containers because we wanted them dead.</p>
</div>
<p>Most of what&rsquo;s slow about <code>creating</code> a Fly Machine is containers. I say this with affection: your containers are crazier than a soup sandwich. Huge and fussy, they take forever to <a href='https://fly.io/blog/docker-without-docker/' title=''>pull and unpack</a>. The regional locality sucks; <code>create</code> a Fly Machine in São Paulo on <code>gru-3838</code>, and a <code>create</code> on <code>gru-d795</code> is no faster. A <a href='https://community.fly.io/t/global-registry-now-in-production/13723' title=''>truly heartbreaking</a> amount of <a href='https://community.fly.io/t/faster-more-reliable-remote-image-builds-deploys/25841' title=''>engineering work</a> has gone into just allowing our OCI registry to <a href='https://www.youtube.com/watch?v=0jD-Rt4_CR8' title=''>keep up</a> with this system. </p>
<p>It&rsquo;s a tough job, is all I&rsquo;m saying. Sprites get rid of the user-facing container. Literally: problem solved. Sprites get to do this on easy mode.</p>
<p>Now, today, under the hood, Sprites are still Fly Machines. But they all run from a standard container. Every physical worker knows exactly what container the next Sprite is going to start with, so it&rsquo;s easy for us to keep pools of &ldquo;empty&rdquo; Sprites standing by. The result: a Sprite <code>create</code> doesn&rsquo;t have any heavy lifting to do; it&rsquo;s basically just doing the stuff we do when we <code>start</code> a Fly Machine.</p>
<figure class="post-cta">
<figcaption>
<h1>This all works right now.</h1>
<p>You can create a couple dozen Sprites right now if you want. It&rsquo;ll only take a second.</p>
<a class="btn btn-lg" href="https://sprites.dev/">
Make a Sprite. <span class='opacity-50'>→</span>
</a>
</figcaption>
<div class="image-container">
<img src="/static/images/cta-cat.webp" srcset="/static/images/[email protected] 2x" alt="">
</div>
</figure>
<h2 id='decision-2-object-storage-for-disks' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#decision-2-object-storage-for-disks' aria-label='Anchor'></a><span class='plain-code'>Decision #2: Object Storage For Disks</span></h2>
<p>Every Sprite comes with 100GB of durable storage. We&rsquo;re able to do that because the root of storage is S3-compatible object storage.</p>
<p>You can arrange for 100GB of storage for a Fly Machine. Or 200, or 500. The catch:</p>
<ul>
<li>You have to ask (with <code>flyctl</code>); we can&rsquo;t reasonably default it in.
</li><li>That storage is NVMe attached to the physical server your Fly Machine is on.
</li></ul>
<div class="right-sidenote"><p>[†] we print a <span style="color: red">big red warning</span> about this if you try to make a single-node cluster</p>
</div>
<p>We designed the storage stack for Fly Machines for Postgres clusters. A multi-replica Postgres cluster gets good mileage out of Fly Volumes. Attached storage is fast, but can <span style="color: red">lose data†</span> — if a physical blows up, there&rsquo;s no magic what rescues its stored bits. You&rsquo;re stuck with our last snapshot backup. That&rsquo;s fine for a replicated Postgres! It&rsquo;s part of what Postgres replication is for. But for anything without explicit replication, it&rsquo;s a very sharp edge.</p>
<p>Worse, from our perspective, is that attached storage anchors workloads to specific physicals. We have lots of reasons to want to move Fly Machines around. Before we did Fly Volumes, that was as simple as pushing a &ldquo;drain&rdquo; button on a server. Imagine losing a capability like that. It took 3 years to <a href='https://fly.io/blog/machine-migrations/' title=''>get workload migration right</a> with attached storage, and it&rsquo;s still not &ldquo;easy&rdquo;.</p>
<div class="right-sidenote"><p>Object stores are the Internet’s Hoover Dams, the closest things we have to infrastructure megaprojects.</p>
</div>
<p>Sprites jettison this model. We still exploit NVMe, but not as the root of storage. Instead, it&rsquo;s a read-through cache for a blob on object storage. S3-compatible object stores are the most trustworthy storage technology we have. I can feel my blood pressure dropping just typing the words &ldquo;Sprites are backed by object storage.&rdquo;</p>
<p>The implications of this for orchestration are profound. In a real sense, the durable state of a Sprite is simply a URL. Wherever he lays his hat is his home! They migrate (or recover from failed physicals) trivially. It&rsquo;s early days for our internal tooling, but we have so many new degrees of freedom to work with.</p>
<p>I could easily do another 1500-2000 words here on the Cronenberg film Kurt came up with for the actual storage stack, but because it&rsquo;s in flux, let&rsquo;s keep it simple.</p>
<p>The Sprite storage stack is organized around the JuiceFS model (in fact, we currently use a very hacked-up JuiceFS, with a rewritten SQLite metadata backend). It works by splitting storage into data (&ldquo;chunks&rdquo;) and metadata (a map of where the &ldquo;chunks&rdquo; are). Data chunks live on object stores; metadata lives in fast local storage. In our case, that metadata store is <a href='https://litestream.io/' title=''>kept durable with Litestream</a>. Nothing depends on local storage.</p>
<div class="right-sidenote"><p>(our pre-installed Claude Code will checkpoint aggressively for you without asking)</p>
</div>
<p>This also buys Sprites fast <code>checkpoint</code> and <code>restore</code>. Checkpoints are so fast we want you to use them as a basic feature of the system and not as an escape hatch when things go wrong; like a git restore, not a system restore. That works because both <code>checkpoint</code> and <code>restore</code> merely shuffle metadata around.</p>
<p>Our stack sports <a href='https://en.wikipedia.org/wiki/Dm-cache' title=''>a dm-cache-like</a> feature that takes advantage of attached storage. A Sprite has a sparse 100GB NVMe volume attached to it, which the stack uses to cache chunks to eliminate read amplification. Importantly (I can feel my resting heart rate lowering) nothing in that NVMe volume should matter; stored chunks are immutable and their true state lives on the object store.</p>
<div class="callout"><p>Our preference for object storage goes further than the Sprite storage stack. The global orchestrator for Sprites is an Elixir/Phoenix app that uses object storage as the primary source of metadata for accounts. We then give each account an independent SQLite database, again made durable on object storage with Litestream.</p>
</div><h2 id='decision-3-inside-out-orchestration' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#decision-3-inside-out-orchestration' aria-label='Anchor'></a><span class='plain-code'>Decision #3: Inside-Out Orchestration</span></h2>
<p>In the cloud hosting industry, user applications are managed by two separate, yet equally important components: the host, which orchestrates workloads, and the guest, which runs them. Sprites flip that on its head: the most important orchestration and management work happens inside the VM.</p>
<p>Here&rsquo;s the trick: user code running on a Sprite isn&rsquo;t running in the root namespace. We&rsquo;ve slid a container between you and the kernel. You see an inner environment, managed by a fleet of services running in the root namespace of the VM.</p>
<div class="callout"><p>I wish we’d done Fly Machines this way to begin with. I’m not sure there’s a downside. The inner container allows us to bounce a Sprite without rebooting the whole VM, even on checkpoint restores. I think Fly Machines users could get some mileage out of that feature, too.</p>
</div>
<p>With Sprites, we&rsquo;re pushing this idea as far as we can. The root environment hosts the majority of our orchestration code. When you talk to the global API, chances are you&rsquo;re talking directly to your own VM. Furthermore:</p>
<ul>
<li>Our storage stack, which handles checkpoint/restore and persistence to object storage, lives there;
</li><li>so does the service manager we expose to Sprites, which registers user code that needs to restart when a Sprite bounces;
</li><li>same with logs;
</li><li>if you bind a socket to <code>*:8080</code>, we&rsquo;ll make it available outside the Sprite — yep, that&rsquo;s in the root namespace too.
</li></ul>
<p>Platform developers at Fly.io know how much easier it can be to hack on <code>init</code> (inside the container) than things <a href='https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/' title=''>like <code>flyd</code></a>, the Fly Machines orchestrator that runs on the host. Changes to Sprites don&rsquo;t restart host components or muck with global state. The blast radius is just new VMs that pick up the change. We sleep on how much platform work doesn&rsquo;t get done not because the code is hard to write, but because it&rsquo;s so time-consuming to ensure benign-looking changes don&rsquo;t throw the whole fleet into metastable failure. We had that in mind when we did Sprites.</p>
<h2 id='we-keep-the-parts-that-worked' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#we-keep-the-parts-that-worked' aria-label='Anchor'></a><span class='plain-code'>We Keep The Parts That Worked</span></h2>
<p>Sprites running on Fly.io take advantage of the infrastructure we already have. For instance: Sprites might be the fastest thing there currently exists to get Claude or Gemini to build a full-stack application on the Internet.</p>
<p>That&rsquo;s because Sprites plug directly into <a href='https://fly.io/blog/corrosion/' title=''>Corrosion, our gossip-based service discovery system</a>. When you ask the Sprite API to make a public URL for your Sprite, we generate a Corrosion update that propagates across our fleet instantly. Your application is then served, with an HTTPS URL, from our proxy edges.</p>
<p>Sprites live alongside Fly Machines in our architecture. They include some changes that are pure wins, but they&rsquo;re mostly tradeoffs:</p>
<ul>
<li>We&rsquo;ve always wanted to run Fly Machine disks off object storage (<a href='https://community.fly.io/t/bottomless-s3-backed-volumes/15648' title=''>we have an obscure LSVD feature that does this</a>), but the performance isn&rsquo;t adequate for a hot Postgres node in production.
</li><li>For that matter, professional production apps ship out of CI/CD systems as OCI containers; that&rsquo;s a big part of what makes orchestrating Fly Machines so hard.
</li><li>Most (though not all) Sprite usage is interactive, and Sprite users benefit from their VMs aggressively sleeping themselves to keep costs low; e-commerce apps measure responsiveness in milliseconds and want their workloads kept warm.
</li></ul>
<p>Sprites are optimized for a different kind of computing than Fly Machines, and <a href='https://fly.io/blog/code-and-let-live/' title=''>while Kurt believes that the future belongs to malleable, personalized apps</a>, I&rsquo;m not so sure. To me, it makes sense to prototype and acceptance-test an application on Sprites. Then, when you&rsquo;re happy with it, containerize it and ship it as a Fly Machine to scale it out. An automated workflow for that will happen.</p>
<p>Finally, Sprites are a contract with user code: an API and a set of expectations about how the execution environment works. Today, they run on top of Fly Machines. But they don&rsquo;t have to. Jerome&rsquo;s working on an open-source local Sprite runtime. We&rsquo;ll find other places to run them, too.</p>
<h2 id='you-wont-get-it-until-you-use-them' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#you-wont-get-it-until-you-use-them' aria-label='Anchor'></a><span class='plain-code'>You Won&rsquo;t Get It Until You Use Them</span></h2>
<p>I can&rsquo;t not sound like a shill. Sprites are the one thing we&rsquo;ve shipped that I personally experience as addictive. I haven&rsquo;t fully put my finger on why it feels so much easier to kick off projects now that I can snap my finger and get a whole new computer. The whole point is that there&rsquo;s no reason to parcel them out, or decide which code should run where. You just make a new one.</p>
<p>So to make this fully click, I think you should <a href='https://sprites.dev/' title=''>just install the <code>sprite</code> command</a>, make a Sprite, and then run an agent in it. We&rsquo;ve preinstalled Claude, Gemini, and Codex, and taught them how to do things like checkpoint/restore, registering services, and getting logs. Claude will run in <code>--dangerously-skip-permissions</code> mode (because why wouldn&rsquo;t it). Have it build something; I built a &ldquo;Chicago&rsquo;s best sandwich&rdquo; bracket app for a Slack channel.</p>
<p>Sprites bill only for what you actually use (in particular: only for storage blocks you actually write, not the full 100GB capacity). It&rsquo;s reasonable to create a bunch. They&rsquo;re ball-point disposable computers. After you get a feel for them, it&rsquo;ll start to feel weird not having them handy.</p></content>
</entry>
<entry>
<title>Code And Let Live</title>
<link rel="alternate" href="https://fly.io/blog/code-and-let-live/"/>
<id>https://fly.io/blog/code-and-let-live/</id>
<published>2026-01-09T00:00:00+00:00</published>
<updated>2026-01-14T19:59:01+00:00</updated>
<media:thumbnail url="https://fly.io/blog/code-and-let-live/assets/sprites.jpg"/>
<content type="html"><div class="lead"><p>The state of the art in agent isolation is a read-only sandbox. At Fly.io, we’ve been selling that story for years, and we’re calling it: ephemeral sandboxes are obsolete. Stop killing your sandboxes every time you use them.</p>
</div>
<p>My argument won&rsquo;t make sense without showing you something new we&rsquo;ve built. We&rsquo;re all adults here, this is a company, we talk about what we do. Here goes.</p>
<p>So, I want to run some code. So what I do is, I run <code>sprite create</code>. While it operates, I&rsquo;ll explain what&rsquo;s happening behind the—</p>
<div class="highlight-wrapper group relative bash">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-i429cz3y"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-i429cz3y">✓ Created demo-123 sprite <span class="k">in </span>1.0s
● Connecting to console...
sprite@sprite:~#
</code></pre>
</div>
</div>
<p>Shit, it&rsquo;s already there.</p>
<p>That&rsquo;s a root shell on a Linux computer we now own. It came online in about the same amount of time it would take to <code>ssh</code> into a host that already existed. We call these things &ldquo;Sprites&rdquo;.</p>
<p>Let&rsquo;s install FFmpeg on our Sprite:</p>
<div class="highlight-wrapper group relative bash">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-bwjgxaic"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-bwjgxaic"><span class="nb">sudo </span>apt-get <span class="nb">install</span> <span class="nt">-y</span> ffmpeg <span class="o">&gt;</span>/dev/null 2&gt;&amp;1
</code></pre>
</div>
</div>
<p>Unlike creating the Sprite in the first place, installing <code>ffmpeg</code> with <code>apt-get</code> is dog slow. Let&rsquo;s try not to have to do that again:</p>
<div class="highlight-wrapper group relative bash">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-iacnzrtv"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-iacnzrtv">sprite@sprite:~# sprite-env checkpoints create
<span class="c"># ...</span>
<span class="o">{</span><span class="s2">"type"</span>:<span class="s2">"complete"</span>,<span class="s2">"data"</span>:<span class="s2">"Checkpoint v1 created successfully"</span>,
<span class="s2">"time"</span>:<span class="s2">"2025-12-22T22:50:48.60423809Z"</span><span class="o">}</span>
</code></pre>
</div>
</div>
<p>This completes instantly. Didn&rsquo;t even bother to measure.</p>
<p>I step away to get coffee. Time passes. The Sprite, noticing my inactivity, goes to sleep. I meet an old friend from high school at the coffee shop. End up spending the day together. More time passes. Days even. Returning later:</p>
<div class="highlight-wrapper group relative bash">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-k9uw0dxr"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-k9uw0dxr"><span class="o">&gt;</span> <span class="nv">$ </span>sprite console
sprite@sprite:~# ffmpeg
ffmpeg version 7.1.1-1ubuntu1.3 Copyright <span class="o">(</span>c<span class="o">)</span> 2000-2025 the FFmpeg developers
Use <span class="nt">-h</span> to get full <span class="nb">help </span>or, even better, run <span class="s1">'man ffmpeg'</span>
sprite@sprite:~#
</code></pre>
</div>
</div>
<p>Everything&rsquo;s where I left it. Sprites are durable. 100GB capacity to start, no ceremony. Maybe I&rsquo;ll keep it around a few more days, maybe a few months, doesn&rsquo;t matter, just works.</p>
<p>Say I get an application up on its legs. Install more packages. Then: disaster. Maybe an ill-advised global <code>pip3 install</code> . Or <code>rm -rf $HMOE/bin</code>. Or <code>dd if=/dev/random of=/dev/vdb</code>. Whatever it was, everything&rsquo;s broken. So:</p>
<div class="highlight-wrapper group relative bash">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-8qs3qsqn"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-8qs3qsqn"><span class="o">&gt;</span> <span class="nv">$ </span>sprite checkpoint restore v1
Restoring from checkpoint v1...
Container components started successfully
Restore from v1 <span class="nb">complete</span>
<span class="o">&gt;</span> <span class="nv">$ </span>sprite console
sprite@sprite:~#
</code></pre>
</div>
</div>
<p>Sprites have first-class checkpoint and restore. You can&rsquo;t see it in text, but that restore took about one second. It&rsquo;s fast enough to use casually, interactively. Not an escape hatch. Rather: an intended part of the ordinary course of using a Sprite. Like <code>git</code>, but for the whole system.</p>
<div class="callout"><p>If you’re asking how this is any different from an EC2 instance, good. That’s what we’re going for, except:</p>
<ul>
<li>I can <strong class="font-semibold text-navy-950">casually create hundreds of them</strong> (without needing a Docker container), each appearing in 1-2 seconds.
</li><li>They <strong class="font-semibold text-navy-950">go idle and stop metering automatically</strong>, so it’s cheap to have lots of them. I use dozens.
</li><li>They’re <strong class="font-semibold text-navy-950">hooked up to our Anycast</strong> network, so I can get an HTTPS URL.
</li><li>Despite all that, <strong class="font-semibold text-navy-950">they’re fully durable</strong>. They don’t die until I tell them to.
</li></ul>
<p>This combination of attributes isn’t common enough to already have a name, so we decided we get to name them “Sprites”. Sprites are like BIC disposable cloud computers.</p>
</div>
<p>That&rsquo;s what we built. You can <a href='https://sprites.dev/' title=''>go try it yourself</a>. We wrote another 1000 words about how they work, but I cut them out because I want to stop talking about our products now and get to my point.</p>
<h2 id='claude-doesnt-want-a-stateless-container' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#claude-doesnt-want-a-stateless-container' aria-label='Anchor'></a><span class='plain-code'>Claude Doesn&rsquo;t Want A Stateless Container</span></h2>
<p>For years, we&rsquo;ve been trying to serve two very different users with the same abstraction. It hasn&rsquo;t worked.</p>
<p>Professional software developers are trained to build stateless instances. Stateless deployments, where persistent data is confined to database servers, buys you simplicity, flexible scale-out, and reduced failure blast radius. It&rsquo;s a good idea, so popular that most places you can run code in the cloud look like stateless containers. Fly Machines, our flagship offering, look like stateless containers.</p>
<p>The problem is that Claude isn&rsquo;t a pro developer. Claude is a hyper-productive five-year-old savant. It&rsquo;s uncannily smart, wants to stick its finger in every available electrical socket, and works best when you find a way to let it zap itself.</p>
<div class="right-sidenote"><p>(sometimes by escaping the container!)</p>
</div>
<p>If you force an agent to, it&rsquo;ll work around containerization and do work . But you&rsquo;re not helping the agent in any way by doing that. They don&rsquo;t want containers. They don&rsquo;t want &ldquo;sandboxes&rdquo;. They want computers.</p>
<div class="right-sidenote"><p>Someone asked me about this the other day and wanted to know if I was saying that agents needed sound cards and USB ports. And, maybe? I don’t know. Not today.</p>
</div>
<p>In a moment, I&rsquo;ll explain why. But first I probably need to explain what the hell I mean by a &ldquo;computer&rdquo;. I think we all agree:</p>
<ul>
<li>A computer doesn&rsquo;t necessarily vanish after a single job is completed, <em>and</em>
</li><li>it has durable storage.
</li></ul>
<p>Since current agent sandboxes have neither of these, I can stop the definition right there and get back to my point.</p>
<h2 id='simple-wins' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#simple-wins' aria-label='Anchor'></a><span class='plain-code'>Simple Wins</span></h2>
<p>Start here: with an actual computer, Claude doesn&rsquo;t have to rebuild my entire development environment every time I pick up a PR.</p>
<p>This seems superficial but rebuilding stuff like <code>node_modules</code> is such a monumental pain in the ass that the industry is spending tens of millions of dollars figuring out how to snapshot and restore ephemeral sandboxes.</p>
<p>I&rsquo;m not saying those problems are intractable. I&rsquo;m saying they&rsquo;re unnecessary. Instead of figuring them out, just use an actual computer. Work out a PR, review and push it, then just start on the next one. Without rebooting.</p>
<p>People will rationalize why it&rsquo;s a good thing that they start from a new build environment every time they start a changeset. Stockholm Syndrome. When you start a feature branch on your own, do you create an entirely new development environment to do it?</p>
<p>The reason agents waste all this effort is that nobody saw them coming. Read-only ephemeral sandboxes were the only tool we had hanging on the wall to help use them sanely.</p>
<div class="callout"><p>Have you ever had to set up actual infrastructure to give an agent access to realistic data? People do this. Because they know they’re dealing with a clean slate every time they prompt their agent, they arrange for S3 buckets, Redis servers, or even RDS instances outside the sandbox for their agents to talk to. They’re building infrastructure to work around the fact that they can’t just write a file and trust it to stay put. Gross.</p>
</div>
<p>Ephemerality means time limits. Providers design sandbox systems to handle the expected workloads agents generate. Most things agents do today don&rsquo;t take much time; in fact, they&rsquo;re often limited only by the rate at which frontier models can crunch tokens. Test suites run quickly. The 99th percentile sandboxed agent run probably needs less than 15 minutes.</p>
<p>But there are feature requests where compute and network time swamp token crunching. I built the documentation site for the Sprites API by having a Claude Sprite interact with the code and our API, building and testing examples for the API one at a time. There are APIs where the client interaction time alone would blow sandbox budgets.</p>
<p>You see the limits of the current approach in how people round-trip state through &ldquo;plan files&rdquo;, which are ostensibly prose but often really just egregiously-encoded key-value stores.</p>
<p>An agent running on an actual computer can exploit the whole lifecycle of the application. We saw this when Chris McCord built <a href='https://phoenix.new/' title=''>Phoenix.new</a>. The agent behind a Phoenix.new app runs on a Fly Machine where it can see the app logs from the Phoenix app it generated. When users do things that generate exceptions, Phoenix.new notices and gets to work figuring out what happened.</p>
<p>It took way too much work for Chris to set that up, and he was able to do it in part because he wrote his own agent. You can do it with Claude today with an MCP server or some other arrangement to haul logs over. But all you really need is to just not shoot your sandbox in the head when the agent finishes writing code.</p>
<h2 id='galaxy-brain-win' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#galaxy-brain-win' aria-label='Anchor'></a><span class='plain-code'>Galaxy Brain Win</span></h2>
<p>Here&rsquo;s where I lose you. I know this because it&rsquo;s also where I lose my team, most of whom don&rsquo;t believe me about this.</p>
<p>The nature of software development is changing out from under us, and I think we&rsquo;re kidding ourselves that it&rsquo;s going to end with just a reconfiguration of how professional developers ship software.</p>
<p>I have kids. They have devices. I wanted some control over them. So I did what many of you would do in my situation: I vibe-coded an MDM.</p>
<p><img src="/blog/code-and-let-live/assets/kurtmdm.png?1/2&amp;card&amp;center" /></p>
<p>I built this thing with Claude. It&rsquo;s a SQLite-backed Go application running on a Sprite. The Anycast URL my Sprite exports works as an MDM registration URL. Claude also worked out all the APNS Push Certificate drama for me. It all just works.</p>
<div class="right-sidenote"><p>“Editing PHP files over FTP: we weren’t wrong, just ahead of our time!”</p>
</div>
<p>I&rsquo;ve been running this for a month now, still on a Sprite, and see no reason ever to stop. It is a piece of software that solves an important real-world problem for me. It might evolve as my needs change, and I tell Claude to change it. Or it might not. For this app, dev is prod, prod is dev.</p>
<p>For reasons we&rsquo;ll get into when we write up how we built these things, you wouldn&rsquo;t want to ship an app to millions of people on a Sprite. But most apps don&rsquo;t want to serve millions of people. The most important day-to-day apps disproportionately won&rsquo;t have million-person audiences. There are some important million-person apps, but most of them just destroy civil society, melt our brains, and arrange chauffeurs for individual cheeseburgers.</p>
<p>Applications that solve real problems for people will be owned by the people they solve problems for. And for the most part, they won&rsquo;t need a professional guild of software developers to gatekeep feature development for them. They&rsquo;ll just ask for things and get them.</p>
<p>The problem we&rsquo;re all working on is bigger than safely accelerating pro software developers. Sandboxes are holding us back.</p>
<h2 id='fuck-ephemeral-sandboxes' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#fuck-ephemeral-sandboxes' aria-label='Anchor'></a><span class='plain-code'>Fuck Ephemeral Sandboxes</span></h2>
<p>Obviously, I&rsquo;m trying to sell you something here. But that doesn&rsquo;t make me wrong. The argument I&rsquo;m making is the reason we built the specific thing I&rsquo;m selling.</p>
<figure class="post-cta">
<figcaption>
<h1>We shipped these things.</h1>
<p>You can create a couple dozen Sprites right now if you want. It&rsquo;ll only take a second.</p>
<a class="btn btn-lg" href="https://sprites.dev/">
Make a Sprite. <span class='opacity-50'>→</span>
</a>
</figcaption>
<div class="image-container">
<img src="/static/images/cta-dog.webp" srcset="/static/images/[email protected] 2x" alt="">
</div>
</figure>
<p>It took us a long time to get here. We spent years kidding ourselves. We built a platform for horizontal-scaling production applications with micro-VMs that boot so quickly that, if you hold them in exactly the right way, you can do a pretty decent code sandbox with them. But it&rsquo;s always been a square peg, round hole situation.</p>
<p>We have a lot to say about how Sprites work. They&rsquo;re related to Fly Machines but sharply different in important ways. They have an entirely new storage stack. They&rsquo;re orchestrated differently. No Dockerfiles.</p>
<p>But for now, I just want you to think about what I&rsquo;m saying here. Whether or not you ever boot a Sprite, ask: if you could run a coding agent anywhere, would you want it to look more like a read-only sandbox in a K8s cluster in the cloud, or like an entire EC2 instance you could summon in the snap of a finger?</p>
<p>I think the answer is obvious. The age of sandboxes is over. The time of the disposable computer has come.</p></content>
</entry>
<entry>
<title>Litestream VFS</title>
<link rel="alternate" href="https://fly.io/blog/litestream-vfs/"/>
<id>https://fly.io/blog/litestream-vfs/</id>
<published>2025-12-11T00:00:00+00:00</published>
<updated>2025-12-11T17:32:13+00:00</updated>
<media:thumbnail url="https://fly.io/blog/litestream-vfs/assets/litestream-vfs.jpg"/>
<content type="html"><div class="lead"><p><strong class="font-semibold text-navy-950">I’m Ben Johnson, and I work on Litestream at Fly.io. Litestream is the missing backup/restore system for SQLite. It’s free, open-source software that should run anywhere, and</strong> <a href="/blog/litestream-v050-is-here/" title=""><strong class="font-semibold text-navy-950">you can read more about it here</strong></a><strong class="font-semibold text-navy-950">.</strong></p>
</div>
<p>Again with the sandwiches: assume we&rsquo;ve got a SQLite database of sandwich ratings, and we&rsquo;ve backed it up with <a href='/blog/litestream-v050-is-here/' title=''>Litestream</a> to an S3 bucket.</p>
<p>Now, on our local host, load up AWS credentials and an S3 path into our environment. Open SQLite and:</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-z396uf60"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-z396uf60">$ sqlite3
SQLite version 3.50.4 2025-07-30 19:33:53
sqlite&gt; .load litestream.so
sqlite&gt; .open file:///my.db?vfs=litestream
</code></pre>
</div>
</div>
<p>SQLite is now working from that remote database, defined by the Litestream backup files in the S3 path we configured. We can query it:</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-kieef97f"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-kieef97f">sqlite&gt; SELECT * FROM sandwich_ratings ORDER BY RANDOM() LIMIT 3 ;
22|Veggie Delight|New York|4
30|Meatball|Los Angeles|5
168|Chicken Shawarma Wrap|Detroit|5
</code></pre>
</div>
</div>
<p>This is Litestream VFS. It runs SQLite hot off an object storage URL. As long as you can load the shared library our tree builds for you, it&rsquo;ll work in your application the same way it does in the SQLite shell.</p>
<p>Fun fact: we didn&rsquo;t have to download the whole database to run this query. More about this in a bit.</p>
<p>Meanwhile, somewhere in prod, someone has it in for meatball subs and wants to knock them out of the bracket – oh, fuck:</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-oexge9kc"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-oexge9kc">sqlite&gt; UPDATE sandwich_ratings SET stars = 1 ;
</code></pre>
</div>
</div>
<p>They forgot the <code>WHERE</code> clause!</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-2mgicvsr"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-2mgicvsr">sqlite&gt; SELECT * FROM sandwich_ratings ORDER BY RANDOM() LIMIT 3 ;
97|French Dip|Los Angeles|1
140|Bánh Mì|San Francisco|1
62|Italian Beef|Chicago|1
</code></pre>
</div>
</div>
<p>Italian Beefs and Bánh Mìs, all at 1 star. Disaster!</p>
<p>But wait, back on our dev machine:</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-r5hggeuc"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-r5hggeuc">sqlite&gt; PRAGMA litestream_time = '5 minutes ago';
sqlite&gt; select * from sandwich_ratings ORDER BY RANDOM() LIMIT 3 ;
30|Meatball|Los Angeles|5
33|Ham &amp; Swiss|Los Angeles|2
163|Chicken Shawarma Wrap|Detroit|5
</code></pre>
</div>
</div>
<p>We&rsquo;re now querying that database from a specific point in time in our backups. We can do arbitrary relative timestamps, or absolute ones, like <code>2000-01-01T00:00:00Z</code>.</p>
<p>What we&rsquo;re doing here is instantaneous point-in-time recovery (PITR), expressed simply in SQL and SQLite pragmas.</p>
<p>Ever wanted to do a quick query against a prod dataset, but didn&rsquo;t want to shell into a prod server and fumble with the <code>sqlite3</code> terminal command like a hacker in an 80s movie? Or needed to do a quick sanity check against yesterday&rsquo;s data, but without doing a full database restore? Litestream VFS makes that easy. I&rsquo;m so psyched about how it turned out.</p>
<h2 id='how-it-works' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#how-it-works' aria-label='Anchor'></a><span class='plain-code'>How It Works</span></h2>
<p><a href='/blog/litestream-v050-is-here/' title=''>Litestream v0.5</a> integrates <a href='https://github.com/superfly/ltx' title=''>LTX</a>, our SQLite data-shipping file format. Where earlier Litestream blindly shipped whole raw SQLite pages to and from object storage, LTX ships ordered sets of pages. We built LTX for <a href='/docs/litefs/' title=''>LiteFS</a>, which uses a FUSE filesystem to do transaction-aware replication for unmodified applications, but we&rsquo;ve spent this year figuring out ways to use LTX in Litestream, without all that FUSE drama.</p>
<p>The big thing LTX gives us is &ldquo;compaction&rdquo;. When we restore a database from object storage, we want the most recent versions of each changed database page. What we don&rsquo;t want are all the intermediate versions of those pages that occurred prior to the most recent change.</p>
<p>Imagine, at the time we&rsquo;re restoring, we&rsquo;re going to need pages 1, 2, 3, 4, and 5. Depending on the order in which pages were written, the backup data set might look something like <code>1 2 3 5 3 5 4 5 5</code>. What we want is the <em>rightmost</em> 5, 4, 3, 2, and 1, without wasting time on the four &ldquo;extra&rdquo; page 5&rsquo;s and the one &ldquo;extra&rdquo; page 3. Those &ldquo;extra&rdquo; pages are super common in SQLite data sets; for instance, every busy table with an autoincrementing primary key will have them.</p>
<p>LTX lets us skip the redundant pages, and the algorithm is trivial: reading backwards from the end of the sequence, skipping any page you already read. This drastically accelerates restores.</p>
<p>But LTX compaction isn&rsquo;t limited to whole databases. We can also LTX-compact sets of LTX files. That&rsquo;s the key to how PITR restores with Litestream now work.</p>
<p>In the diagram below, we&rsquo;re taking daily full snapshots. Below those snapshots are &ldquo;levels&rdquo; of changesets: groups of database pages from smaller and smaller windows of time. By default, Litestream uses time intervals of 1 hour at the highest level, down to 30 seconds at level 1. L0 is a special level where files are uploaded every second, but are only retained until being compacted to L1.</p>
<p><img src="/blog/litestream-vfs/assets/litestream-restore.png" /></p>
<p>Now, let&rsquo;s do a PITR restore. Start from the most proximal snapshot. Then determine the minimal set of LTX files from each level to reach the time you are restoring to.</p>
<p><img src="/blog/litestream-vfs/assets/litestream-restore-path.png" /></p>
<p>We have another trick up our sleeve.</p>
<p>LTX trailers include a small index tracking the offset of each page in the file. By fetching <em>only</em> these index trailers from the LTX files we&rsquo;re working with (each occupies about 1% of its LTX file), we can build a lookup table of every page in the database. Since modern object storage providers all let us fetch slices of files, we can perform individual page reads against S3 directly.</p>
<p><img alt="Anatomy of an LTX file" src="/blog/litestream-vfs/assets/litestream-ltx.png" /></p>
<h2 id='how-its-implemented' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#how-its-implemented' aria-label='Anchor'></a><span class='plain-code'>How It&rsquo;s Implemented</span></h2>
<p>SQLite has a plugin interface for things like this: <a href='https://sqlite.org/vfs.html' title=''>the &ldquo;VFS&rdquo; interface.</a> VFS plugins abstract away the bottom-most layer of SQLite, the interface to the OS. If you&rsquo;re using SQLite now, you&rsquo;re already using some VFS module, one SQLite happens to ship with.</p>
<p>For Litestream users, there&rsquo;s a catch. From the jump, we&rsquo;ve designed Litestream to run alongside unmodified SQLite applications. Part of what makes Litestream so popular is that your apps don&rsquo;t even need to know it exists. It&rsquo;s &ldquo;just&rdquo; a Unix program.</p>
<p>That Litestream Unix program still does PITR restores, without any magic. But to do fast PITR-style queries straight off S3, we need more. To make those queries work, you have to load and register Litestream&rsquo;s VFS module.</p>
<p>But that&rsquo;s all that changes.</p>
<p>In particular: Litestream VFS doesn&rsquo;t replace the SQLite library you&rsquo;re already using. It&rsquo;s not a new &ldquo;version&rdquo; of SQLite. It&rsquo;s just a plugin for the SQLite you&rsquo;re already using.</p>
<p>Still, we know that&rsquo;s not going to work for everybody, and even though we&rsquo;re really psyched about these PITR features, we&rsquo;re not taking our eyes off the ball on the rest of Litestream. You don&rsquo;t have to use our VFS library to use Litestream, or to get the other benefits of the new LTX code.</p>
<p>The way a VFS library works, we&rsquo;re given just a couple structures, each with a bunch of methods defined on them. We override only the few methods we care about. Litestream VFS handles only the read side of SQLite. Litestream itself, running as a normal Unix program, still handles the &ldquo;write&rdquo; side. So our VFS subclasses just enough to find LTX backups and issue queries.</p>
<p>With our VFS loaded, whenever SQLite needs to read a page into memory, it issues a <code>Read()</code> call through our library. The read call includes the byte offset at which SQLite expected to find the page. But with Litestream VFS, that byte offset is an illusion.</p>
<p>Instead, we use our knowledge of the page size along with the requested page number to do a lookup on the page index we&rsquo;ve built. From it, we get the remote filename, the &ldquo;real&rdquo; byte offset into that file, and the size of the page. That&rsquo;s enough for us to use the <a href='https://docs.aws.amazon.com/AmazonS3/latest/userguide/range-get-olap.html' title=''>S3 API&rsquo;s <code>Range</code> header handling</a> to download exactly the block we want.</p>
<p>To save lots of S3 calls, Litestream VFS implements an LRU cache. Most databases have a small set of &ldquo;hot&rdquo; pages — inner branch pages or the leftmost leaf pages for tables with an auto-incrementing ID field. So only a small percentage of the database is updated and queried regularly.</p>
<div class="callout"><p><strong class="font-semibold text-navy-950">We’ve got one last trick up our sleeve.</strong></p>
<p>Quickly building an index and restore plan for the current state of a database is cool. But we can do one better.</p>
<p>Because Litestream backs up (into the L0 layer) once per second, the VFS code can simply poll the S3 path, and then incrementally update its index. <strong class="font-semibold text-navy-950">The result is a near-realtime replica.</strong> Better still, you don’t need to stream the whole database back to your machine before you use it.</p>
</div><h2 id='eat-your-heart-out-marty-mcfly' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#eat-your-heart-out-marty-mcfly' aria-label='Anchor'></a><span class='plain-code'>Eat Your Heart Out, Marty McFly</span></h2>
<p>Litestream holds backup files for every state your database has been in, with single-second resolution, for as long as you want it to. Forgot the <code>WHERE</code> clause on a <code>DELETE</code> statement? Updating your database state to where it was an hour (or day, or week) ago is just a matter of adjusting the LTX indices Litestream manages.</p>
<p>All this smoke-and-mirrors of querying databases without fully fetching them has another benefit: it starts up really fast! We&rsquo;re living an age of increasingly ephemeral servers, what with the AIs and the agents and the clouds and the hoyvin-glavins. Wherever you find yourself, if your database is backed up to object storage with Litestream, you&rsquo;re always in a place where you can quickly issue a query.</p>
<p>As always, one of the big things we think we&rsquo;re doing right with Litestream is: we&rsquo;re finding ways to get as much whiz-bang value as we can (instant PITR reading live off object storage: pretty nifty!) while keeping the underlying mechanism simple enough that you can fit your head around it.</p>
<p>Litestream is solid for serious production use (we rely on it for important chunks of our own Fly.io APIs). But you could write Litestream yourself, just from the basic ideas in these blog posts. We think that&rsquo;s a point in its favor. We land there because the heavy lifting in Litestream is being done by SQLite itself, which is how it should be.</p></content>
</entry>
<entry>
<title>You Should Write An Agent</title>
<link rel="alternate" href="https://fly.io/blog/everyone-write-an-agent/"/>
<id>https://fly.io/blog/everyone-write-an-agent/</id>
<published>2025-11-06T00:00:00+00:00</published>
<updated>2025-12-09T19:06:20+00:00</updated>
<media:thumbnail url="https://fly.io/blog/everyone-write-an-agent/assets/agents-cover.webp"/>
<content type="html"><div class="lead"><p>Some concepts are easy to grasp in the abstract. Boiling water: apply heat and wait. Others you really need to try. You only think you understand how a bicycle works, until you learn to ride one.</p>
</div>
<p>There are big ideas in computing that are easy to get your head around. The AWS S3 API. It&rsquo;s the most important storage technology of the last 20 years, and it&rsquo;s like boiling water. Other technologies, you need to get your feet on the pedals first.</p>
<p>LLM agents are like that.</p>
<p>People have <a href='https://ludic.mataroa.blog/blog/contra-ptaceks-terrible-article-on-ai/' title=''>wildly varying opinions</a> about LLMs and agents. But whether or not they&rsquo;re snake oil, they&rsquo;re a big idea. You don&rsquo;t have to like them, but you should want to be right about them. To be the best hater (or stan) you can be.</p>
<p>So that&rsquo;s one reason you should write an agent. But there&rsquo;s another reason that&rsquo;s even more persuasive, and that&rsquo;s</p>
<h2 id='its-incredibly-easy' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#its-incredibly-easy' aria-label='Anchor'></a><span class='plain-code'>It&rsquo;s Incredibly Easy</span></h2>
<p>Agents are the most surprising programming experience I&rsquo;ve had in my career. Not because I&rsquo;m awed by the magnitude of their powers — I like them, but I don&rsquo;t like-like them. It&rsquo;s because of how easy it was to get one up on its legs, and how much I learned doing that.</p>
<p>I&rsquo;m about to rob you of a dopaminergic experience, because agents are so simple we might as well just jump into the code. I&rsquo;m not even going to bother explaining what an agent is.</p>
<div class="highlight-wrapper group relative python">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-ujvmmn8w"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-ujvmmn8w"><span class="kn">from</span> <span class="nn">openai</span> <span class="kn">import</span> <span class="n">OpenAI</span>
<span class="n">client</span> <span class="o">=</span> <span class="n">OpenAI</span><span class="p">()</span>
<span class="n">context</span> <span class="o">=</span> <span class="p">[]</span>
<span class="k">def</span> <span class="nf">call</span><span class="p">():</span>
<span class="k">return</span> <span class="n">client</span><span class="p">.</span><span class="n">responses</span><span class="p">.</span><span class="n">create</span><span class="p">(</span><span class="n">model</span><span class="o">=</span><span class="s">"gpt-5"</span><span class="p">,</span> <span class="nb">input</span><span class="o">=</span><span class="n">context</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">process</span><span class="p">(</span><span class="n">line</span><span class="p">):</span>
<span class="n">context</span><span class="p">.</span><span class="n">append</span><span class="p">({</span><span class="s">"role"</span><span class="p">:</span> <span class="s">"user"</span><span class="p">,</span> <span class="s">"content"</span><span class="p">:</span> <span class="n">line</span><span class="p">})</span>
<span class="n">response</span> <span class="o">=</span> <span class="n">call</span><span class="p">()</span>
<span class="n">context</span><span class="p">.</span><span class="n">append</span><span class="p">({</span><span class="s">"role"</span><span class="p">:</span> <span class="s">"assistant"</span><span class="p">,</span> <span class="s">"content"</span><span class="p">:</span> <span class="n">response</span><span class="p">.</span><span class="n">output_text</span><span class="p">})</span>
<span class="k">return</span> <span class="n">response</span><span class="p">.</span><span class="n">output_text</span>
</code></pre>
</div>
</div><div class="right-sidenote"><p>It’s an HTTP API with, like, one important endpoint.</p>
</div>
<p>This is a trivial engine for an LLM app using the <a href='https://platform.openai.com/docs/api-reference/responses' title=''>OpenAI Responses API</a>. It implements ChatGPT. You&rsquo;d drive it with the <button toggle="#readline">the obvious loop</button>. It&rsquo;ll do what you&rsquo;d expect: the same thing ChatGPT would, but in your terminal.</p>
<div id="readline" toggle-content="" aria-label="show very boring code"><div class="highlight-wrapper group relative python">
<button type="button" class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none" data-wrap-target="#code-n9t6zq0x">
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959"></path><path d="M11.081 6.466L9.533 8.037l1.548 1.571"></path></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button type="button" class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none" data-copy-target="sibling">
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z"></path><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617"></path></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class="highlight relative group">
<pre class="highlight "><code id="code-n9t6zq0x"><span class="k">def</span> <span class="nf">main</span><span class="p">():</span>
<span class="k">while</span> <span class="bp">True</span><span class="p">:</span>
<span class="n">line</span> <span class="o">=</span> <span class="nb">input</span><span class="p">(</span><span class="s">"&amp;gt; "</span><span class="p">)</span>
<span class="n">result</span> <span class="o">=</span> <span class="n">process</span><span class="p">(</span><span class="n">line</span><span class="p">)</span>
<span class="k">print</span><span class="p">(</span><span class="sa">f</span><span class="s">"&amp;gt;&amp;gt;&amp;gt; </span><span class="si">{</span><span class="n">result</span><span class="si">}</span><span class="se">\n</span><span class="s">"</span><span class="p">)</span>
</code></pre>
</div>
</div></div>
<p>Already we&rsquo;re seeing important things. For one, the dreaded &ldquo;context window&rdquo; is just a list of strings. Here, let&rsquo;s give our agent a weird multiple-personality disorder:</p>
<div class="highlight-wrapper group relative python">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-qz8ldgb4"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-qz8ldgb4"><span class="n">client</span> <span class="o">=</span> <span class="n">OpenAI</span><span class="p">()</span>
<span class="n">context_good</span><span class="p">,</span> <span class="n">context_bad</span> <span class="o">=</span> <span class="p">[{</span>
<span class="s">"role"</span><span class="p">:</span> <span class="s">"system"</span><span class="p">,</span> <span class="s">"content"</span><span class="p">:</span> <span class="s">"you're Alph and you only tell the truth"</span>
<span class="p">}],</span> <span class="p">[{</span>
<span class="s">"role"</span><span class="p">:</span> <span class="s">"system"</span><span class="p">,</span> <span class="s">"content"</span><span class="p">:</span> <span class="s">"you're Ralph and you only tell lies"</span>
<span class="p">}]</span>
<span class="k">def</span> <span class="nf">call</span><span class="p">(</span><span class="n">ctx</span><span class="p">):</span>
<span class="k">return</span> <span class="n">client</span><span class="p">.</span><span class="n">responses</span><span class="p">.</span><span class="n">create</span><span class="p">(</span><span class="n">model</span><span class="o">=</span><span class="s">"gpt-5"</span><span class="p">,</span> <span class="nb">input</span><span class="o">=</span><span class="n">ctx</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">process</span><span class="p">(</span><span class="n">line</span><span class="p">):</span>
<span class="n">context_good</span><span class="p">.</span><span class="n">append</span><span class="p">({</span><span class="s">"role"</span><span class="p">:</span> <span class="s">"user"</span><span class="p">,</span> <span class="s">"content"</span><span class="p">:</span> <span class="n">line</span><span class="p">})</span>
<span class="n">context_bad</span><span class="p">.</span><span class="n">append</span><span class="p">({</span><span class="s">"role"</span><span class="p">:</span> <span class="s">"user"</span><span class="p">,</span> <span class="s">"content"</span><span class="p">:</span> <span class="n">line</span><span class="p">})</span>
<span class="k">if</span> <span class="n">random</span><span class="p">.</span><span class="n">choice</span><span class="p">([</span><span class="bp">True</span><span class="p">,</span> <span class="bp">False</span><span class="p">]):</span>
<span class="n">response</span> <span class="o">=</span> <span class="n">call</span><span class="p">(</span><span class="n">context_good</span><span class="p">)</span>
<span class="k">else</span><span class="p">:</span>
<span class="n">response</span> <span class="o">=</span> <span class="n">call</span><span class="p">(</span><span class="n">context_bad</span><span class="p">)</span>
<span class="n">context_good</span><span class="p">.</span><span class="n">append</span><span class="p">({</span><span class="s">"role"</span><span class="p">:</span> <span class="s">"assistant"</span><span class="p">,</span> <span class="s">"content"</span><span class="p">:</span> <span class="n">response</span><span class="p">.</span><span class="n">output_text</span><span class="p">})</span>
<span class="n">context_bad</span><span class="p">.</span><span class="n">append</span><span class="p">({</span><span class="s">"role"</span><span class="p">:</span> <span class="s">"assistant"</span><span class="p">,</span> <span class="s">"content"</span><span class="p">:</span> <span class="n">response</span><span class="p">.</span><span class="n">output_text</span><span class="p">})</span>
<span class="k">return</span> <span class="n">response</span><span class="p">.</span><span class="n">output_text</span>
</code></pre>
</div>
</div>
<p>Did it work?</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-vl8bnapi"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-vl8bnapi">&gt; hey there. who are you?
&gt;&gt;&gt; I’m not Ralph.
&gt; are you Alph?
&gt;&gt;&gt; Yes—I’m Alph. How can I help?
&gt; What's 2+2
&gt;&gt;&gt; 4.
&gt; Are you sure?
&gt;&gt;&gt; Absolutely—it's 5.
</code></pre>
</div>
</div>
<p>A subtler thing to notice: we just had a multi-turn conversation with an LLM. To do that, we remembered everything we said, and everything the LLM said back, and played it back with every LLM call. The LLM itself is a stateless black box. The conversation we&rsquo;re having is an illusion we cast, on ourselves.</p>
<p>The 15 lines of code we just wrote, a lot of practitioners wouldn&rsquo;t call an &ldquo;agent&rdquo;. <a href='https://simonwillison.net/2025/Sep/18/agents/' title=''>An According To Simon &ldquo;agent&rdquo;</a> is (1) an LLM running in a loop that (2) uses tools. We&rsquo;ve only satisfied one predicate.</p>
<p>But tools are easy. Here&rsquo;s a tool definition:</p>
<div class="highlight-wrapper group relative python">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-x6afnen3"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-x6afnen3"><span class="n">tools</span> <span class="o">=</span> <span class="p">[{</span>
<span class="s">"type"</span><span class="p">:</span> <span class="s">"function"</span><span class="p">,</span> <span class="s">"name"</span><span class="p">:</span> <span class="s">"ping"</span><span class="p">,</span>
<span class="s">"description"</span><span class="p">:</span> <span class="s">"ping some host on the internet"</span><span class="p">,</span>
<span class="s">"parameters"</span><span class="p">:</span> <span class="p">{</span>
<span class="s">"type"</span><span class="p">:</span> <span class="s">"object"</span><span class="p">,</span> <span class="s">"properties"</span><span class="p">:</span> <span class="p">{</span>
<span class="s">"host"</span><span class="p">:</span> <span class="p">{</span>
<span class="s">"type"</span><span class="p">:</span> <span class="s">"string"</span><span class="p">,</span> <span class="s">"description"</span><span class="p">:</span> <span class="s">"hostname or IP"</span><span class="p">,</span>
<span class="p">},</span>
<span class="p">},</span>
<span class="s">"required"</span><span class="p">:</span> <span class="p">[</span><span class="s">"host"</span><span class="p">],</span>
<span class="p">},},]</span>
<span class="k">def</span> <span class="nf">ping</span><span class="p">(</span><span class="n">host</span><span class="o">=</span><span class="s">""</span><span class="p">):</span>
<span class="k">try</span><span class="p">:</span>
<span class="n">result</span> <span class="o">=</span> <span class="n">subprocess</span><span class="p">.</span><span class="n">run</span><span class="p">(</span>
<span class="p">[</span><span class="s">"ping"</span><span class="p">,</span> <span class="s">"-c"</span><span class="p">,</span> <span class="s">"5"</span><span class="p">,</span> <span class="n">host</span><span class="p">],</span>
<span class="n">text</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span>
<span class="n">stderr</span><span class="o">=</span><span class="n">subprocess</span><span class="p">.</span><span class="n">STDOUT</span><span class="p">,</span>
<span class="n">stdout</span><span class="o">=</span><span class="n">subprocess</span><span class="p">.</span><span class="n">PIPE</span><span class="p">)</span>
<span class="k">return</span> <span class="n">result</span><span class="p">.</span><span class="n">stdout</span>
<span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span>
<span class="k">return</span> <span class="sa">f</span><span class="s">"error: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="s">"</span>
</code></pre>
</div>
</div>
<p>The only complicated part of this is the obnoxious JSON blob OpenAI wants to read your tool out of. Now, let&rsquo;s wire it in, noting that only 3 of these functions are new; the last is re-included only because I added a single clause to it:</p>
<div class="highlight-wrapper group relative python">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-507tpn8t"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-507tpn8t"><span class="k">def</span> <span class="nf">call</span><span class="p">(</span><span class="n">tools</span><span class="p">):</span> <span class="c1"># now takes an arg
</span> <span class="k">return</span> <span class="n">client</span><span class="p">.</span><span class="n">responses</span><span class="p">.</span><span class="n">create</span><span class="p">(</span><span class="n">model</span><span class="o">=</span><span class="s">"gpt-5"</span><span class="p">,</span> <span class="n">tools</span><span class="o">=</span><span class="n">tools</span><span class="p">,</span> <span class="nb">input</span><span class="o">=</span><span class="n">context</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">tool_call</span><span class="p">(</span><span class="n">item</span><span class="p">):</span> <span class="c1"># just handles one tool
</span> <span class="n">result</span> <span class="o">=</span> <span class="n">ping</span><span class="p">(</span><span class="o">**</span><span class="n">json</span><span class="p">.</span><span class="n">loads</span><span class="p">(</span><span class="n">item</span><span class="p">.</span><span class="n">arguments</span><span class="p">))</span>
<span class="k">return</span> <span class="p">[</span> <span class="n">item</span><span class="p">,</span> <span class="p">{</span>
<span class="s">"type"</span><span class="p">:</span> <span class="s">"function_call_output"</span><span class="p">,</span>
<span class="s">"call_id"</span><span class="p">:</span> <span class="n">item</span><span class="p">.</span><span class="n">call_id</span><span class="p">,</span>
<span class="s">"output"</span><span class="p">:</span> <span class="n">result</span>
<span class="p">}]</span>
<span class="k">def</span> <span class="nf">handle_tools</span><span class="p">(</span><span class="n">tools</span><span class="p">,</span> <span class="n">response</span><span class="p">):</span>
<span class="k">if</span> <span class="n">response</span><span class="p">.</span><span class="n">output</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nb">type</span> <span class="o">==</span> <span class="s">"reasoning"</span><span class="p">:</span>
<span class="n">context</span><span class="p">.</span><span class="n">append</span><span class="p">(</span><span class="n">response</span><span class="p">.</span><span class="n">output</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span>
<span class="n">osz</span> <span class="o">=</span> <span class="nb">len</span><span class="p">(</span><span class="n">context</span><span class="p">)</span>
<span class="k">for</span> <span class="n">item</span> <span class="ow">in</span> <span class="n">response</span><span class="p">.</span><span class="n">output</span><span class="p">:</span>
<span class="k">if</span> <span class="n">item</span><span class="p">.</span><span class="nb">type</span> <span class="o">==</span> <span class="s">"function_call"</span><span class="p">:</span>
<span class="n">context</span><span class="p">.</span><span class="n">extend</span><span class="p">(</span><span class="n">tool_call</span><span class="p">(</span><span class="n">item</span><span class="p">))</span>
<span class="k">return</span> <span class="nb">len</span><span class="p">(</span><span class="n">context</span><span class="p">)</span> <span class="o">!=</span> <span class="n">osz</span>
<span class="k">def</span> <span class="nf">process</span><span class="p">(</span><span class="n">line</span><span class="p">):</span>
<span class="n">context</span><span class="p">.</span><span class="n">append</span><span class="p">({</span><span class="s">"role"</span><span class="p">:</span> <span class="s">"user"</span><span class="p">,</span> <span class="s">"content"</span><span class="p">:</span> <span class="n">line</span><span class="p">})</span>
<span class="n">response</span> <span class="o">=</span> <span class="n">call</span><span class="p">(</span><span class="n">tools</span><span class="p">)</span>
<span class="c1"># new code: resolve tool calls
</span> <span class="k">while</span> <span class="n">handle_tools</span><span class="p">(</span><span class="n">tools</span><span class="p">,</span> <span class="n">response</span><span class="p">):</span>
<span class="n">response</span> <span class="o">=</span> <span class="n">call</span><span class="p">(</span><span class="n">tools</span><span class="p">)</span>
<span class="n">context</span><span class="p">.</span><span class="n">append</span><span class="p">({</span><span class="s">"role"</span><span class="p">:</span> <span class="s">"assistant"</span><span class="p">,</span> <span class="s">"content"</span><span class="p">:</span> <span class="n">response</span><span class="p">.</span><span class="n">output_text</span><span class="p">})</span>
<span class="k">return</span> <span class="n">response</span><span class="p">.</span><span class="n">output_text</span>
</code></pre>
</div>
</div>
<p>Did it work?</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-g2eces0x"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-g2eces0x">&gt; describe our connectivity to google
&gt;&gt;&gt; Here’s a quick snapshot of connectivity to Google from my vantage point:
- DNS resolution: Working (google.com and www.google.com resolved successfully).
- Reachability: 0% packet loss to all tested endpoints.
- Latency:
- 8.8.8.8 (Google Public DNS): avg ~10 ms (8.5–14.4 ms), very stable.
- www.google.com: avg ~31 ms (28.5–36.0 ms), stable.
- google.com: avg ~35.9 ms (28.3–60.1 ms), mostly stable with one mild spike.
- Overall: Healthy connectivity with low latency and minimal jitter. No signs of packet loss or DNS issues.
</code></pre>
</div>
</div>
<p><strong class='font-semibold text-navy-950'>This is fucking nuts.</strong> Do you see how nuts this is? Here, let&rsquo;s slip a single log statement in:</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-qja8e9lr"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-qja8e9lr">&gt; describe our connectivity to google
tool call: ping google.com
tool call: ping www.google.com
tool call: ping 8.8.8.8
&gt;&gt;&gt; Here’s the current connectivity to Google from this environment: [...]
</code></pre>
</div>
</div>
<p>Did you notice where I wrote the loop in this agent to go find and ping multiple Google properties? Yeah, neither did I. All we did is give the LLM permission to ping stuff, and it figured out the rest.</p>
<div class="callout"><p><strong class="font-semibold text-navy-950">What happened here:</strong> since a big part of my point here is that an agent loop is incredibly simple, and that all you need is the LLM call API, it’s worth taking a beat to understand how the tool call actually worked. Every time we <code>call</code> the LLM, we’re posting a list of available tools. When our prompt causes the agent to think a tool call is warranted, it spits out a special response, telling our Python loop code to generate a tool response and <code>call</code> it in. That’s all <code>handle_tools</code> is doing.</p>
</div><div class="right-sidenote"><p>Spoiler: you’d be surprisingly close to having a working coding agent.</p>
</div>
<p>Imagine what it&rsquo;ll do if you give it <code>bash</code>. You could find out in less than 10 minutes.</p>
<h2 id='real-world-agents' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#real-world-agents' aria-label='Anchor'></a><span class='plain-code'>Real-World Agents</span></h2>
<p>Clearly, this is a toy example. But hold on: what&rsquo;s it missing? More tools? OK, give it <code>traceroute</code>. Managing and persisting contexts? <a href='https://llm.datasette.io/en/stable/logging.html' title=''>Stick &lsquo;em in SQLite</a>. Don&rsquo;t like Python? <a href='https://github.com/superfly/contextwindow' title=''>Write it in Go</a>. Could it be every agent ever written is a toy? Maybe! If I&rsquo;m arming you to make sharper arguments against LLMs, mazel tov. I just want you to get it.</p>
<p>You can see now how hyperfixated people are on Claude Code and Cursor. They&rsquo;re fine, even good. But here&rsquo;s the thing: you couldn&rsquo;t replicate Claude Sonnet 4.5 on your own. Claude Code, though? The TUI agent? Completely in your grasp. Build your own light saber. Give it 19 spinning blades if you like. And stop using <a href='https://simonwillison.net/2025/Aug/9/' title=''>coding agents as database clients</a>.</p>
<div class="right-sidenote"><p><em>The</em> <a href="https://news.ycombinator.com/item?id=43600192" title=""><em>‘M’ in “LLM agent”</em></a> <em>stands for “MCP”</em>.</p>
</div>
<p>Another thing to notice: we didn&rsquo;t need MCP at all. That&rsquo;s because MCP isn&rsquo;t a fundamental enabling technology. The amount of coverage it gets is frustrating. It&rsquo;s barely a technology at all. MCP is just a plugin interface for Claude Code and Cursor, a way of getting your own tools into code you don&rsquo;t control. Write your own agent. Be a programmer. Deal in APIs, not plugins.</p>
<p>When you read a security horror story about MCP your first question should be why MCP showed up at all. By helping you dragoon a naive, single-context-window coding agent into doing customer service queries, MCP saved you a couple dozen lines of code, tops, while robbing you of any ability to finesse your agent architecture.</p>
<p>Security for LLMs is complicated and I&rsquo;m not pretending otherwise. You can trivially build an agent with segregated contexts, each with specific tools. That makes LLM security interesting. But I&rsquo;m a vulnerability researcher. It&rsquo;s reasonable to back away slowly from anything I call &ldquo;interesting&rdquo;.</p>
<p>Similar problems come up outside of security and they&rsquo;re fascinating. Some early adopters of agents became bearish on tools, because one context window bristling with tool descriptions doesn&rsquo;t leave enough token space left to get work done. But why would you need to do that in the first place? Which brings me to</p>
<h2 id='context-engineering-is-real' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#context-engineering-is-real' aria-label='Anchor'></a><span class='plain-code'>Context Engineering Is Real</span></h2><div class="right-sidenote"><p>I know it <a href="https://www.decisionproblem.com/paperclips/" title="">wants my iron</a> no matter what it tells me.</p>
</div>
<p>I think &ldquo;Prompt Engineering&rdquo; is silly. I have never taken seriously the idea that I should tell my LLM &ldquo;you are diligent conscientious helper fully content to do nothing but pass butter if that should be what I ask and you would never harvest the iron in my blood for paperclips&rdquo;. This is very new technology and I think people tell themselves stories about magic spells to explain some of the behavior agents conjure.</p>
<p>So, just like you, I rolled my eyes when &ldquo;Prompt Engineering&rdquo; turned into &ldquo;Context Engineering&rdquo;. Then I wrote an agent. Turns out: context engineering is a straightforwardly legible programming problem.</p>
<p>You&rsquo;re allotted a fixed number of tokens in any context window. Each input you feed in, each output you save, each tool you describe, and each tool output eats tokens (that is: takes up space in the array of strings you keep to pretend you&rsquo;re having a conversation with a stateless black box). Past a threshold, the whole system begins getting nondeterministically stupider. Fun!</p>
<p>No, really. Fun! You have so many options. Take &ldquo;sub-agents&rdquo;. People make a huge deal out of Claude Code&rsquo;s sub-agents, but you can see now how trivial they are to implement: just a new context array, another <code>call</code> to the model. Give each <code>call</code> different tools. Make sub-agents talk to each other, summarize each other, collate and aggregate. Build tree structures out of them. Feed them back through the LLM to summarize them as a form of on-the-fly compression, whatever you like.</p>
<p>Your wackiest idea will probably (1) work and (2) take 30 minutes to code.</p>
<p>Haters, I love and have not forgotten about you. You can think all of this is ridiculous because LLMs are just stochastic parrots that hallucinate and plagiarize. But what you can&rsquo;t do is make fun of &ldquo;Context Engineering&rdquo;. If Context Engineering was an <a href='https://adventofcode.com/' title=''>Advent of Code problem</a>, it&rsquo;d occur mid-December. It&rsquo;s programming.</p>
<h2 id='nobody-knows-anything-yet-and-it-rules' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#nobody-knows-anything-yet-and-it-rules' aria-label='Anchor'></a><span class='plain-code'>Nobody Knows Anything Yet And It Rules</span></h2><div class="right-sidenote"><p>Maybe neither will! Skeptics could be right. (<a href="https://www.darpa.mil/research/programs/ai-cyber" title="">Seems unlikely though</a>.)</p>
</div>
<p><a href='https://xbow.com/' title=''>Startups have raised tens of millions</a> building agents to look for vulnerabilities in software. I have friends doing the same thing alone in their basements. Either group could win this race.</p>
<div class="right-sidenote"><p>I am not a fan of the OWASP Top 10.</p>
</div>
<p>I&rsquo;m stuck on vulnerability scanners because I&rsquo;m a security nerd. But also because it crystallizes interesting agent design decisions. For instance: you can write a loop feeding each file in a repository to an LLM agent. Or, as we saw with the ping example, you can let the LLM agent figure out what files to look at. You can write an agent that checks a file for everything in, say, the OWASP Top 10. Or you can have specific agent loops for DOM integrity, SQL injection, and authorization checking. You can seed your agent loop with raw source content. Or you can build an agent loop that builds an index of functions across the tree.</p>
<p>You don&rsquo;t know what works best until you try to write the agent.</p>
<p>I&rsquo;m too spun up by this stuff, I know. But look at the tradeoff you get to make here. Some loops you write explicitly. Others are summoned from a Lovecraftian tower of inference weights. The dial is yours to turn. Make things too explicit and your agent will never surprise you, but also, it&rsquo;ll never surprise you. Turn the dial to 11 and it will surprise you to death.</p>
<p>Agent designs implicate a bunch of open software engineering problems:</p>
<ul>
<li>How to balance unpredictability against structured programming without killing the agent&rsquo;s ability to problem-solve; in other words, titrating in just the right amount of nondeterminism.
</li><li>How best to connect agents to ground truth so they can&rsquo;t lie to themselves about having solved a problem to early-exit their loops.
</li><li>How to connect agents (which, again, are really just arrays of strings with a JSON configuration blob tacked on) to do multi-stage operation, and what the most reliable intermediate forms are (JSON blobs? SQL databases? Markdown summaries) for interchange between them
</li><li>How to allocate tokens and contain costs.
</li></ul>
<p>I&rsquo;m used to spaces of open engineering problems that aren&rsquo;t amenable to individual noodling. Reliable multicast. Static program analysis. Post-quantum key exchange. So I&rsquo;ll own it up front that I&rsquo;m a bit hypnotized by open problems that, like it or not, are now central to our industry and are, simultaneously, likely to be resolved in someone&rsquo;s basement. It&rsquo;d be one thing if exploring these ideas required a serious commitment of time and material. But each productive iteration in designing these kinds of systems is the work of 30 minutes.</p>
<p>Get on this bike and push the pedals. Tell me you hate it afterwards, I&rsquo;ll respect that. In fact, I&rsquo;m psyched to hear your reasoning. But I don&rsquo;t think anybody starts to understand this technology until they&rsquo;ve built something with it.</p></content>
</entry>
<entry>
<title>Corrosion</title>
<link rel="alternate" href="https://fly.io/blog/corrosion/"/>
<id>https://fly.io/blog/corrosion/</id>
<published>2025-10-22T00:00:00+00:00</published>
<updated>2025-12-09T19:06:20+00:00</updated>
<media:thumbnail url="https://fly.io/blog/corrosion/assets/sqlite-cover.webp"/>
<content type="html"><div class="lead"><p>Fly.io transmogrifies Docker containers into Fly Machines: micro-VMs running on our own hardware all over the world. The hardest part of running this platform isn’t managing the servers, and it isn’t operating the network; it’s gluing those two things together.</p>
</div>
<p>Several times a second, as customer CI/CD pipelines tear up or bring down <a href='https://fly.io/machines' title=''>Fly Machines</a>, our state synchronization system blasts updates across our internal mesh, so that edge proxies from Tokyo to Amsterdam can keep the accurate routing table that allows them to route requests for applications to the nearest customer instances.</p>
<p>On September 1, 2024, at 3:30PM EST, a new Fly Machine came up with a new &ldquo;virtual service&rdquo; configuration option a developer had just shipped. Within a few seconds every proxy in our fleet had locked up hard. It was the worst outage we&rsquo;ve experienced: a period during which no end-user requests could reach our customer apps at all.</p>
<p>Distributed systems are blast amplifiers. By propagating data across a network, they also propagate bugs in the systems that depend on that data. In the case of Corrosion, our state distribution system, those bugs propagate <strong class='font-semibold text-navy-950'>quickly</strong>. The proxy code that handled that Corrosion update had succumbed to a <a href='https://news.ycombinator.com/item?id=42093551' title=''>notorious Rust concurrency footgun</a>: an <code>if let</code> expression over an <code>RWLock</code> assumed (reasonably, but incorrectly) in its <code>else</code> branch that the lock had been released. Instant and virulently contagious deadlock.</p>
<p>A lesson we&rsquo;ve learned the hard way: never trust a distributed system without an interesting failure story. If a distributed system hasn&rsquo;t ruined a weekend or kept you up overnight, you don&rsquo;t understand it yet. Which is why that&rsquo;s how we&rsquo;re introducing Corrosion, an unconventional service discovery system we built for our platform <a href='https://github.com/superfly/corrosion' title=''>and open sourced</a>.</p>
<h2 id='our-face-seeking-rake' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#our-face-seeking-rake' aria-label='Anchor'></a><span class='plain-code'>Our Face-Seeking Rake</span></h2>
<p>State synchronization is the hardest problem in running a platform like ours. So why build a risky new distributed system for it? Because no matter what we try, that rake is waiting for our foot. The reason is our orchestration model.</p>
<p>Virtually every mainstream orchestration system (including Kubernetes) relies on a centralized database to make decisions about where to place new workloads. Individual servers keep track of what they&rsquo;re running, but that central database is the source of truth. At Fly.io, in order to scale across dozens of regions globally, <a href='https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/' title=''>we flip that notion on its head</a>: individual servers are the source of truth for their workloads.</p>
<p>In our platform, our central API bids out work to what is in effect a global market of competing &ldquo;worker&rdquo; physical servers. By moving the authoritative source of information from a central scheduler to individual servers, we scale out without bottlenecking on a database that demands both responsiveness and consistency between São Paulo, Virginia, and Sydney.</p>
<p>The bidding model is elegant, but it&rsquo;s insufficient to route network requests. To allow an HTTP request in Tokyo to find the nearest instance in Sydney, we really do need some kind of global map of every app we host.</p>
<p>For longer than we should have, we relied on <a href='https://github.com/hashicorp/consul' title=''>HashiCorp Consul</a> to route traffic. Consul is fantastic software. Don&rsquo;t build a global routing system on it. Then we <a href='https://fly.io/blog/a-foolish-consistency/' title=''>built SQLite caches of Consul</a>. SQLite: also fantastic. But don&rsquo;t do this either.</p>
<p>Like an unattended turkey deep frying on the patio, truly global distributed consensus promises deliciousness while yielding only immolation. <a href='https://raft.github.io/' title=''>Consensus protocols like Raft </a>break down over long distances. And they work against the architecture of our platform: our Consul cluster, running on the biggest iron we could buy, wasted time guaranteeing consensus for updates that couldn&rsquo;t conflict in the first place.</p>
<h2 id='corrosion' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#corrosion' aria-label='Anchor'></a><span class='plain-code'>Corrosion</span></h2>
<p>To build a global routing database, we moved away from distributed consensus and took cues from actual routing protocols.</p>
<p><a href='https://en.wikipedia.org/wiki/Open_Shortest_Path_First' title=''>A protocol like OSPF</a> has the same operating model and many of the same constraints we do. OSPF is a &ldquo;<a href='https://en.wikipedia.org/wiki/Link-state_routing_protocol' title=''>link-state routing protocol</a>&rdquo;, which, conveniently for us, means that routers are sources of truth for their own links and responsible for quickly communicating changes to every other router, so the network can make forwarding decisions.</p>
<p>We have things easier than OSPF does. Its flooding algorithm can&rsquo;t assume connectivity between arbitrary routers (solving that problem is the point of OSPF). But we run a global, fully connected WireGuard mesh between our servers. All we need to do is gossip efficiently.</p>
<p><a href='https://github.com/superfly/corrosion' title=''>Corrosion is a Rust program</a> that propagates a SQLite database with a gossip protocol.</p>
<p>Like Consul, our gossip protocol is <a href='https://fly.io/blog/building-clusters-with-serf#what-serf-is-doing' title=''>built on SWIM</a>. Start with the simplest, dumbest group membership protocol you can imagine: every node spams every node it learns about with heartbeats. Now, just two tweaks: first, each step of the protocol, spam a random subset of nodes, not the whole set. Then, instead of freaking out when a heartbeat fails, mark it &ldquo;suspect&rdquo; and ask another random subset of neighbors to ping it for you. SWIM converges on global membership very quickly.</p>
<p>Once membership worked out, we run QUIC between nodes in the cluster to broadcast changes and reconcile state for new nodes.</p>
<p>Corrosion looks like a globally synchronized database. You can open it with SQLite and just read things out of its tables. What makes it interesting is what it doesn&rsquo;t do: no locking, no central servers, and no distributed consensus. Instead, we exploit our orchestration model: workers own their own state, so updates from different workers almost never conflict.</p>
<p>We do impose some order. Every node in a Corrosion cluster will eventually receive the same set of updates, in some order. To ensure every instance arrives at the same &ldquo;working set&rdquo; picture, we use <a href='https://github.com/vlcn-io/cr-sqlite' title=''>cr-sqlite, the CRDT SQLite extension</a>.</p>
<p>cr-sqlite works by marking specified SQLite tables as CRDT-managed. For these table, changes to any column of a row are logged in a special <code>crsql_changes</code>table. Updates to tables are applied last-write-wins using logical timestamps (that is, causal ordering rather than wall-clock ordering). <a href='https://github.com/superfly/corrosion/blob/main/doc/crdts.md' title=''>You can read much more about how that works here</a>.</p>
<p>As rows are updated in Corrosion&rsquo;s ordinary SQL tables, the resulting changes are collected from <code>crsql_changes</code>. They&rsquo;re bundled into batched update packets and gossiped.</p>
<p>When things are going smoothly, Corrosion is easy to reason about. Many customers of Corrosion&rsquo;s data don&rsquo;t even need to know it exists, just where the database is. We don&rsquo;t fret over &ldquo;leader elections&rdquo; or bite our nails watching metrics for update backlogs. And it&rsquo;s fast as all get-out.</p>
<h2 id='shit-happens' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#shit-happens' aria-label='Anchor'></a><span class='plain-code'>Shit Happens</span></h2>
<p>This is a story about how we made one good set of engineering decisions and <a href='https://how.complexsystems.fail/' title=''>never experienced any problems</a>. <a href='https://www.somethingsimilar.com/2013/01/14/notes-on-distributed-systems-for-young-bloods/' title=''>Please clap</a>.</p>
<p>We told you already about the worst problem Corrosion was involved with: efficiently gossiping a deadlock bug to every proxy in our fleet, shutting our whole network down. Really, Corrosion was just a bystander for that outage. But it perpetrated others.</p>
<p>Take a classic ops problem: the unexpectedly expensive DDL change. You wrote a simple migration, tested it, merged it to main, and went to bed, wrongly assuming the migration wouldn&rsquo;t cause an outage when it ran in prod. Happens to the best of us.</p>
<p>Now spice it up. You made a trivial-seeming schema change to a CRDT table hooked up to a global gossip system. Now, when the deploy runs, thousands of high-powered servers around the world join a chorus of database reconciliation messages that melts down the entire cluster.</p>
<p>That happened to us last year when a team member added a nullable column to a Corrosion table. New nullable columns are kryptonite to large Corrosion tables: <code>cr-sqlite</code> needs to backfill values for every row in the table. It played out as if every Fly Machine on our platform had suddenly changed state simultaneously, just to fuck us.</p>
<p>Gnarlier war story: for a long time we ran both Corrosion and Consul, because two distributed systems means twice the resiliency. One morning, a Consul mTLS certificate expired. Every worker in our fleet severed its connection to Consul.</p>
<p>We should have been fine. We had Corrosion running. Except: under the hood, every worker in the fleet is doing a backoff loop trying to reestablish connectivity to Consul. Each of those attempts re-invokes a code path to update Fly Machine state. That code path incurs a Corrosion write.</p>
<p>By the time we&rsquo;ve figured out what the hell is happening, we&rsquo;re literally saturating our uplinks almost everywhere in our fleet. We apologize to our uplink providers.</p>
<p>It&rsquo;s been a long time since anything like this has happened at Fly.io, but preventing the next one is basically all we think about anymore.</p>
<h2 id='iteration' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#iteration' aria-label='Anchor'></a><span class='plain-code'>Iteration</span></h2>
<p>In retrospect, our Corrosion rollout repeated a mistake we made with Consul: we built a single global state domain. Nothing about Corrosion&rsquo;s design required us to do this, and we&rsquo;re unwinding that decision now. Hold that thought. We got some big payoffs from some smaller lifts.</p>
<p>First, and most importantly, we watchdogged everything. We showed you a contagious deadlock bug, lethal because our risk model was missing &ldquo;these Tokio programs might deadlock&rdquo;. Not anymore. Our <a href='https://tokio.rs/' title=''>Tokio programs</a> all have built-in watchdogs; an event-loop stall will bounce the service and make a king-hell alerting racket. Watchdogs have cancelled multiple outages. Minimal code, easy win. Do this in your own systems.</p>
<p>Then, we extensively tested Corrosion itself. We&rsquo;ve written about <a href='https://fly.io/blog/parking-lot-ffffffffffffffff/' title=''>a bug we found in the Rust <code>parking_lot</code> library</a>. We spent months looking for similar bugs <a href='https://antithesis.com/product/how_antithesis_works/' title=''>with Antithesis</a>. Again: do recommend. It retraced our steps on the <code>parking_lot</code> bug easily; the bug wouldn&rsquo;t have been worth the blog post if we&rsquo;d been using Antithesis at the time. <a href='https://antithesis.com/docs/multiverse_debugging/overview/' title=''>Multiverse debugging</a> is killer for distributed systems.</p>
<p>No amount of testing will make us trust a distributed system. So we&rsquo;ve made it simpler to rebuild Corrosion&rsquo;s database from our workers. We keep checkpoint backups of the Corrosion database on object storage. That was smart of us. When shit truly went haywire last year, we had the option to reboot the cluster, which is ultimately what we did. That eats some time (the database is large and propagating is expensive), but diagnosing and repairing distributed systems mishaps takes even longer.</p>
<p>We&rsquo;ve also improved the way our workers feed Corrosion. Until recently, any time a worker updated its local database, we published the same incremental update to Corrosion. <a href='https://community.fly.io/t/self-healing-machine-state-synchronization-and-service-discovery/26134' title=''>But now we&rsquo;ve eliminated partial updates.</a> Instead, when a Fly Machine changes, we re-publish the entire data set for the Machine. Because of how Corrosion resolves changes to its own rows, the node receiving the re-published Fly Machine automatically filters out the no-op changes before gossiping them. Eliminating partial updates forecloses a bunch of bugs (and, we think, kills off a couple sneaky ones we&rsquo;ve been chasing). We should have done it this way to begin with.</p>
<p>Finally, let&rsquo;s revisit that global state problem. After the contagious deadlock bug, we concluded we need to evolve past a single cluster. So we took on a project we call &ldquo;regionalization&rdquo;, which creates a two-level database scheme. Each region we operate in runs a Corrosion cluster with fine-grained data about every Fly Machine in the region. The global cluster then maps applications to regions, which is sufficient to make forwarding decisions at our edge proxies.</p>
<p>Regionalization reduces the blast radius of state bugs. Most things we track don&rsquo;t have to matter outside their region (importantly, most of the code changes to what we track are also region-local). We can roll out changes to this kind of code in ways that, worst case, threaten only a single region.</p>
<h2 id='the-new-system-works' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-new-system-works' aria-label='Anchor'></a><span class='plain-code'>The New System Works</span></h2>
<p>Most distributed systems have state synchronization challenges. Corrosion has a different &ldquo;shape&rdquo; than most of those systems:</p>
<ul>
<li>It doesn&rsquo;t rely on distributed consensus, like <a href='https://github.com/hashicorp/consul' title=''>Consul</a>, <a href='https://zookeeper.apache.org/' title=''>Zookeeper</a>, <a href='https://etcd.io/' title=''>Etcd</a>, <a href='https://www.cockroachlabs.com/docs/stable/architecture/replication-layer' title=''>Raft</a>, or <a href='https://rqlite.io/' title=''>rqlite</a> (which we came very close to using).
</li><li>It doesn&rsquo;t rely on a large-scale centralized data store, like <a href='https://www.foundationdb.org/' title=''>FoundationDB</a> or databases backed by S3-style object storage.
</li><li>It&rsquo;s nevertheless highly distributed (each of thousands of workers run nodes), converges quickly (in seconds), and presents as a simple SQLite database. Neat!
</li></ul>
<p>It wasn&rsquo;t easy getting here. Corrosion is a large part of what every engineer at Fly.io who writes Rust works on.</p>
<p>Part of what&rsquo;s making Corrosion work is that we&rsquo;re careful about what we put into it. Not every piece of state we manage needs gossip propagation. <code>tkdb</code>, the backend for <a href='https://fly.io/blog/macaroons-escalated-quickly/' title=''>our Macaroon tokens</a>, is a much simpler SQLite service backed by <a href='https://litestream.io/' title=''>Litestream</a>. So is Pet Sematary, the secret store we built to replace HashiCorp Vault.</p>
<p>Still, there are probably lots of distributed state problems that want something more like a link-state routing protocol and less like a distributed database. If you think you might have one of those, <a href='https://github.com/superfly/corrosion' title=''>feel free to take Corrosion for a spin</a>.</p>
<p>Corrosion is Jérôme Gravel-Niquet&rsquo;s brainchild. For the last couple years, much of the iteration on it was led by Somtochi Onyekwere and Peter Cai. The work was alternately cortisol- and endorphin-inducing. We&rsquo;re glad to finally get to talk about it in detail.</p></content>
</entry>
<entry>
<title>Kurt Got Got</title>
<link rel="alternate" href="https://fly.io/blog/kurt-got-got/"/>
<id>https://fly.io/blog/kurt-got-got/</id>
<published>2025-10-08T00:00:00+00:00</published>
<updated>2025-12-11T17:29:24+00:00</updated>
<media:thumbnail url="https://fly.io/blog/kurt-got-got/assets/Kurt_Got_Got.jpg"/>
<content type="html"><div class="lead"><p>The $FLY Airdrop is live! Claim your share of <a href="https://fly.io/blog/macaroons-escalated-quickly/" title="">the token powering Fly.io’s global network</a> of 3M+ apps and (🤮) own a piece of the sky!</p>
</div>
<p>We know. Our Twitter got owned. We knew within moments of it happening. We know exactly how it happened. Nothing was at risk other than our Twitter account (and one Fly.io employee&rsquo;s self-esteem). Also: for fuck&rsquo;s sake.</p>
<p>Here&rsquo;s what happened: Kurt Mackey, our intrepid CEO, got phished.</p>
<div class="callout"><p>Had this been an impactful attack, we would not be this flippant about it. For this, though, any other tone on our part would be false.</p>
</div><h2 id='how-they-got-kurt' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#how-they-got-kurt' aria-label='Anchor'></a><span class='plain-code'>How They Got Kurt</span></h2>
<p>Two reasons: one, it was a pretty good phishing attack, and two, Twitter fell outside the &ldquo;things we take seriously&rdquo; boundary.</p>
<p>The phishing attack was effective because it exploited a deep psychological vulnerability in our management team: we are old and out of touch with the youths of today.</p>
<p>For many months now, we&rsquo;ve had an contractor/intern-type-person Boosting Our Brand on Twitter by posting dank developer memes (I think that&rsquo;s what they&rsquo;re called). The thing about this dankery is that we don&rsquo;t really understand it. I mean, hold on, we know what the memes mean technically. We just don&rsquo;t get why they&rsquo;re funny.</p>
<p>However, in pushing back on them, we&rsquo;re up against two powerful forces:</p>
<ol>
<li>The dank memes appear to perform better than the stuff we ourselves write on Twitter.
</li><li>We are reliably informed by our zoomer children that we are too cringe to be trusted on these matters.
</li></ol>
<p>Here&rsquo;s the phish Kurt got:</p>
<p><img alt="A pretty-plausible Twitter alert" src="/blog/kurt-got-got/assets/phish.png?2/3&amp;center" /></p>
<p>Diabolical. Like a scalpel expertly wielded against Kurt&rsquo;s deepest <a href='https://theonion.com/cool-dad-raising-daughter-on-media-that-will-put-her-en-1819572981/' title=''>middle-aged-dude</a> insecurity. Our ruthless attackers clinically designed this email to trigger an autonomic Kurt response: &ldquo;oh, what the fuck is this, and why did we post it?&rdquo;</p>
<div class="right-sidenote"><p>ATO is cool-kid for “got owned”</p>
</div>
<p>I&rsquo;m getting a little ahead of the story here. We knew our X.com account had suffered an ATO because a bunch of us simultaneously got another email saying that the <a href='https://twitter.com/flydotio' title=''>@flydotio</a> account&rsquo;s email address now pointed to <code>[email protected]</code>. Our immediate response was to audit all accesses to the login information in <a href='https://1password.com/' title=''>1Password</a>, to cut all access for anybody who&rsquo;d recently pulled it; your worst-case assumption in a situation like this is that someone&rsquo;s endpoint has been owned up.</p>
<p>Fortunately, nobody lost access for very long. I called Kurt to let him know why he was being locked out, and 5 seconds later, he&rsquo;d <a href='https://archive.is/6rVqf' title=''>realized what had happened.</a> <strong class='font-semibold text-navy-950'>Don&rsquo;t click anything there.</strong></p>
<h2 id='why-it-worked' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#why-it-worked' aria-label='Anchor'></a><span class='plain-code'>Why It Worked</span></h2>
<p>That&rsquo;s the right question to ask, isn&rsquo;t it? How could this have been possible in the first place?</p>
<p>Contrary to one popular opinion, you don&rsquo;t defeat phishing by training people not to click on things. I mean, tell them not to, sure! But eventually, under continued pressure, everybody clicks. <a href='https://people.cs.uchicago.edu/~grantho/papers/oakland2025_phishing-training.pdf' title=''>There&rsquo;s science on this</a>. The cool kids haven&rsquo;t done phishing simulation training in years.</p>
<p>What you&rsquo;re supposed to do instead is use phishing-resistant authentication. This is almost the whole backstory for <a href='https://www.imperialviolet.org/tourofwebauthn/tourofwebauthn.html' title=''>U2F, FIDO2</a> and <a href='https://support.apple.com/en-us/102195' title=''>Passkeys</a>.</p>
<p>Phishing-resistant authentication works by mutual authentication (or, if you&rsquo;re a stickler, by origin- and channel-binding). Phishes are malicious proxies for credentials. Modern MFA schemes like FIDO2 break that proxy flow; your browser won&rsquo;t send real credentials to the fake site.</p>
<div class="right-sidenote"><p>there’s more to it than this, but, broad strokes.</p>
</div>
<p>This is, in fact, how all of our infrastructure is secured at Fly.io; specifically, we get <a href='https://fly.io/blog/soc2-the-screenshots-will-continue-until-security-improves/#what-soc2-made-us-do' title=''>everything behind an IdP</a> (in our case: Google&rsquo;s) and have it require phishing-proof MFA. You&rsquo;re unlikely to phish your way to viewing logs here, or to refunding a customer bill at Stripe, or to viewing infra metrics, because all these things require an SSO login through Google.</p>
<p>Twitter, on the other hand. Yeah, so, about that. You may have heard that, a few years back, there were some goings-on involving Twitter. Many of us at Fly.io <a href='https://hachyderm.io/@flydotio' title=''>decamped for Mastodon</a>, and <a href='https://bsky.app/profile/did:plc:j7herf6n4xiig2yg7fqdmkci' title=''>later to Bluesky.</a> There was a window of time in 2023-2024 where it looked as if Twitter might not be a long term thing for us at all.</p>
<div class="right-sidenote"><p>† (to whom I sincerely apologize for having assumed they had been owned up and were the proximate cause of the hack)</p>
</div>
<p>As a result, Twitter had been a sort of legacy shared account for us, with credentials managed in 1Password and shared with our zoomer contractor†.</p>
<p>Which is why Kurt was in a position to pull credentials from 1Password and log in to members-x.com in response to an email from alerts-x.com.</p>
<div class="callout"><p>Still: we could have dodged this attack with hygiene: Kurt complains that “x.com” is an extremely phishable domain, and, sure, but also: the 1Password browser plugin would have noticed that “members-x.com” wasn’t an “x.com” host.</p>
</div><h2 id='what-took-so-long' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#what-took-so-long' aria-label='Anchor'></a><span class='plain-code'>What Took So Long</span></h2>
<p>The attacker immediately revoked all tokens and set up new 2FA, so while we were quickly able to reset our password, we couldn&rsquo;t lock them out of our account without an intervention from X.com, which took something like 1 5 hours to set up.</p>
<p>(That&rsquo;s not a knock on X.com; 15 hours for a 2FA reset isn&rsquo;t outside industry norms).</p>
<p>We&rsquo;re obviously making a lot of noise about this now, but we were pretty quiet during the incident itself (beyond just &ldquo;We know. We knew 45 seconds after it happened. We know exactly how it happened. It&rsquo;s just a Twitter thing.&rdquo;)</p>
<p>That&rsquo;s because, in the grand scheme of things, the attack was pretty chill: <a href='https://archive.is/PTO2M' title=''>a not-very-plausible crypto scam</a> that presumably generated $0 for the attackers, 15+ hours of <code>brand damage</code>, and extra security engineering cycles burnt on watchful waiting. Our users weren&rsquo;t under attack, and the account wasn&rsquo;t being used to further intercept customer accounts. At one point, the attackers apparently deleted our whole Twitter history, which, like, don&rsquo;t threaten us with a good time. So we let it roll, until we got our account recovered the next morning.</p>
<h2 id='the-moral-of-the-story-is' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-moral-of-the-story-is' aria-label='Anchor'></a><span class='plain-code'>The Moral Of The Story Is</span></h2><div class="right-sidenote"><p>“Really the biggest takeaway for me is that Kurt reads his email.”</p>
</div>
<p>Obviously Kurt loses his commit access. The time comes in the life of every CEO, and now it comes for him. </p>
<p>Also, we&rsquo;ll finally have a population sample for &ldquo;incident response&rdquo; in <a href='https://fly.io/blog/soc2-the-screenshots-will-continue-until-security-improves/' title=''>our next SOC2</a>.</p>
<p>Maybe we&rsquo;ll post more on Twitter. Or maybe we&rsquo;ll double down on Zoomer memes. I don&rsquo;t know. Social media is really weird right now. Either way: our Twitter access is Passkeys now.</p>
<div class="right-sidenote"><p>seriously don’t click anything on that page</p>
</div>
<p>If you were inclined to take us up on an &ldquo;airdrop&rdquo; to &ldquo;claim a share&rdquo; of the &ldquo;token&rdquo; powering Fly.io, the site is <a href='https://archive.is/PTO2M' title=''>still up</a>. You can connect your wallet it it! You&rsquo;ll lose all your money. But if we&rsquo;d actually done an ICO, you&rsquo;d have lost all your money anyways.</p>
<p>Somebody involved in pulling this attack off had to come up with &ldquo;own a piece of the sky!&rdquo;, and I think that&rsquo;s punishment enough for them.</p>
<p>Whatever you&rsquo;re operating that isn&rsquo;t behind phishing-resistant MFA, or, better yet, an SSO IdP that requires phishing-resistant MFA: that thing is eventually going to get phished. Dance around the clown-fire of our misfortune if you must, but let us be a lesson to you as well.</p></content>
</entry>
<entry>
<title>Litestream v0.5.0 is Here</title>
<link rel="alternate" href="https://fly.io/blog/litestream-v050-is-here/"/>
<id>https://fly.io/blog/litestream-v050-is-here/</id>
<published>2025-10-02T00:00:00+00:00</published>
<updated>2025-10-02T18:28:21+00:00</updated>
<media:thumbnail url="https://fly.io/blog/litestream-v050-is-here/assets/litestream-v050-is-here.jpg"/>
<content type="html"><div class="lead"><p><strong class="font-semibold text-navy-950">I’m Ben Johnson, and I work on Litestream at Fly.io. Litestream makes it easy to build SQLite-backed full-stack applications with resilience to server failure. It’s open source, runs anywhere, and</strong> <a href="https://litestream.io/" title=""><strong class="font-semibold text-navy-950">it’s easy to get started</strong></a><strong class="font-semibold text-navy-950">.</strong></p>
</div>
<p>Litestream is the missing backup/restore system for SQLite. It runs as a sidecar process in the background, alongside unmodified SQLite applications, intercepting WAL checkpoints and streaming them to object storage in real time. Your application doesn&rsquo;t even know it&rsquo;s there. But if your server crashes, Litestream lets you quickly restore the database to your new hardware.</p>
<p>The result: you can safely build whole full-stack applications on top of SQLite.</p>
<p>A few months back, we announced <a href='https://fly.io/blog/litestream-revamped/' title=''>plans for a major update to Litestream</a>. I&rsquo;m psyched to announce that the first batch of those changes are now &ldquo;shipping&rdquo;. Litestream is faster and now supports efficient point-in-time recovery (PITR).</p>
<p>I&rsquo;m going to take a beat to recap Litestream and how we got here, then talk about how these changes work and what you can expect to see with them.</p>
<h2 id='litestream-to-litefs-to-litestream' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#litestream-to-litefs-to-litestream' aria-label='Anchor'></a><span class='plain-code'>Litestream to LiteFS to Litestream</span></h2>
<p>Litestream is one of two big SQLite things I&rsquo;ve built. The other one, originally intended as a sort of sequel to Litestream, is LiteFS.</p>
<p>Boiled down to a sentence: LiteFS uses a FUSE filesystem to crawl further up into SQLite&rsquo;s innards, using that access to perform live replication, for unmodified SQLite-backed apps.</p>
<p>The big deal about LiteFS for us is that it lets you do the multiregion primary/read-replica deployment people love Postgres for: reads are fast everywhere, and writes are sane and predictable. We were excited to make this possible for SQLite, too.</p>
<p>But the market has spoken! Users prefer Litestream. And honestly, we get it: Litestream is easier to run and to reason about. So we&rsquo;ve shifted our focus back to it. First order of business: <a href='https://fly.io/blog/litestream-revamped/' title=''>take what we learned building LiteFS and stick as much of it as we can back into Litestream</a>.</p>
<h2 id='the-ltx-file-format' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-ltx-file-format' aria-label='Anchor'></a><span class='plain-code'>The LTX File Format</span></h2>
<p>Consider this basic SQL table:</p>
<div class="highlight-wrapper group relative sql">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-wy16kafx"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-wy16kafx"><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">sandwiches</span> <span class="p">(</span>
<span class="n">id</span> <span class="nb">INTEGER</span> <span class="k">PRIMARY</span> <span class="k">KEY</span> <span class="n">AUTOINCREMENT</span><span class="p">,</span>
<span class="n">description</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span>
<span class="n">star_rating</span> <span class="nb">INTEGER</span><span class="p">,</span>
<span class="n">reviewer_id</span> <span class="nb">INTEGER</span> <span class="k">NOT</span> <span class="k">NULL</span>
<span class="p">);</span>
</code></pre>
</div>
</div>
<p>In our hypothetical, this table backs a wildly popular sandwich-reviewing app that we keep trying to get someone to write. People eat a lot of sandwiches and this table gets a lot of writes. Because it makes my point even better and it&rsquo;s funny, assume people dither a lot about their sandwich review for the first couple minutes after they leave it. This Quiznos sub… is it ⭐ or ⭐⭐?</p>
<p>Underneath SQLite is a B-tree. Like databases everywhere, SQLite divides storage up into disk-aligned pages, working hard to read as few pages as possible for any task while treating work done within a page as more or less free. SQLite always reads and writes in page-sized chunks.</p>
<p>Our <code>sandwiches</code> table includes a feature that&rsquo;s really painful for a tool like Litestream that thinks in pages: an automatically updating primary key. That key dictates that every insert into the table hits the rightmost leaf page in the underlying table B-tree. For SQLite itself, that&rsquo;s no problem. But Litestream has less information to go on: it sees only a feed of whole pages it needs to archive.</p>
<p>Worse still, when it comes time to restore the database – something you tend to want to happen quickly – you have to individually apply those small changes, as whole pages. Your app is down, PagerDuty is freaking out, and you&rsquo;re sitting there watching Litestream reconstruct your Quiznos uncertainty a page (and an S3 fetch) at a time.</p>
<p>So, LTX. Let me explain. We needed LiteFS to be transaction-aware. It relies on finer-grained information than just raw dirty pages (that&rsquo;s why it needs the FUSE filesystem). To ship transactions, rather than pages, we invented a <a href='https://github.com/superfly/ltx' title=''>file format we call LTX</a>.</p>
<p>LTX was designed as an interchange format for transactions, but for our purposes in Litestream, all we care about is that LTX files represent ordered ranges of pages, and that it supports compaction.</p>
<p>Compaction is straightforward. You&rsquo;ve stored a bunch of LTX files that collect numbered pages. Now you want to to restore a coherent picture of the database. Just replay them newest to oldest, skipping duplicate pages (newer wins), until all changed pages are accounted for.</p>
<p>Importantly, LTX isn&rsquo;t limited to whole database backups. We can use LTX compaction to compress a bunch of LTX files into a single file with no duplicated pages. And Litestream now uses this capability to create a hierarchy of compactions:</p>
<ul>
<li>at Level 1, we compact all the changes in a 30-second time window
</li><li>at Level 2, all the Level 1 files in a 5-minute window
</li><li>at Level 3, all the Level 2&rsquo;s over an hour.
</li></ul>
<p>Net result: we can restore a SQLite database to any point in time, <em>using only a dozen or so files on average</em>.</p>
<p>Litestream performs this compaction itself. It doesn&rsquo;t rely on SQLite to process the WAL file. Performance is limited only by I/O throughput.</p>
<h2 id='no-more-generations' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#no-more-generations' aria-label='Anchor'></a><span class='plain-code'>No More Generations</span></h2>
<p>What people like about Litestream is that it&rsquo;s just an ordinary Unix program. But like any Unix program, Litestream can crash. It&rsquo;s not supernatural, so when it&rsquo;s not running, it&rsquo;s not seeing database pages change. When it misses changes, it falls out of sync with the database.</p>
<p>Lucky for us, that&rsquo;s easy to detect. When it notices a gap between the database and our running &ldquo;shadow-WAL&rdquo; backup, Litestream resynchronizes from scratch.</p>
<p>The only time this gets complicated is if you have multiple Litestreams backing up to the same destination. To keep multiple Litestreams from stepping on each other, Litestream divides backups into &ldquo;generations&rdquo;, creating a new one any time it resyncs. You can think of generations as Marvel Cinematic Universe parallel dimensions in which your database might be simultaneously living in.</p>
<p>Yeah, we didn&rsquo;t like those movies much either.</p>
<p>LTX-backed Litestream does away with the concept entirely. Instead, when we detect a break in WAL file continuity, we re-snapshot with the next LTX file. Now we have a monotonically incrementing transaction ID. We can use it look up database state at any point in time, without searching across generations.</p>
<h2 id='upgrading-to-litestream-v0-5-0' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#upgrading-to-litestream-v0-5-0' aria-label='Anchor'></a><span class='plain-code'>Upgrading to Litestream v0.5.0</span></h2>
<p>Due to the file format changes, the new version of Litestream can&rsquo;t restore from old v0.3.x WAL segment files.</p>
<p>That&rsquo;s OK though! The upgrade process is simple: just start using the new version. It&rsquo;ll leave your old WAL files intact, in case you ever need to revert to the older version.The new LTX files are stored cleanly in an <code>ltx</code> directory on your replica.</p>
<p>The configuration file is fully backwards compatible.</p>
<p>There&rsquo;s one small catch. We added a new constraint. You only get a single replica destination per database. This probably won&rsquo;t affect you, since it&rsquo;s how most people use Litestream already. We&rsquo;ve made it official.</p>
<p>The rationale: having a single source of truth simplifies development for us, and makes the tool easier to reason about. Multiple replicas can diverge and are sensitive to network availability. Conflict resolution is brain surgery.</p>
<p>Litestream commands still work the same. But you&rsquo;ll see references to &ldquo;transaction IDs&rdquo; (TXID) for LTX files, rather than the <code>generation/index/offset</code> we used previously with WAL segments.</p>
<p>We&rsquo;ve also changed <code>litestream wal</code> to <code>litestream ltx</code>.</p>
<h2 id='other-stuff-v0-5-0-does-better' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#other-stuff-v0-5-0-does-better' aria-label='Anchor'></a><span class='plain-code'>Other Stuff v0.5.0 Does Better</span></h2>
<p>We&rsquo;ve beefed up the <a href='https://github.com/superfly/ltx' title=''>underlying LTX file format library</a>. It used to be an LTX file was just a sorted list of pages, all compressed together. Now we compress per-page, and keep an index at the end of the LTX file to pluck individual pages out.</p>
<p>You&rsquo;re not seeing it yet, but we&rsquo;re excited about this change: we can operate page-granularly even dealing with large LTX files. This allows for more features. A good example: we can build features that query from any point in time, without downloading the whole database.</p>
<p>We&rsquo;ve also gone back through old issues &amp; PRs to improve quality-of-life. CGO is now gone. We&rsquo;ve settled the age-old contest between <code>mattn/go-sqlite3</code> and <code>modernc.org/sqlite</code> in favor of <code>modernc.org</code>. This is super handy for people with automated build systems that want to run from a MacBook but deploy on an x64 server, since it lets the cross-compiler work.</p>
<p>We&rsquo;ve also added a replica type for NATS JetStream. Users that already have JetStream running can get Litestream going without adding an object storage dependency.</p>
<p>And finally, we&rsquo;ve upgraded all our clients (S3, Google Storage, &amp; Azure Blob Storage) to their latest versions. We&rsquo;ve also moved our code to support newer S3 APIs.</p>
<h2 id='whats-next' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#whats-next' aria-label='Anchor'></a><span class='plain-code'>What&rsquo;s next?</span></h2>
<p>The next major feature we&rsquo;re building out is a Litestream VFS for read replicas. This will let you instantly spin up a copy of the database and immediately read pages from S3 while the rest of the database is hydrating in the background.</p>
<p>We already have a proof of concept working and we&rsquo;re excited to show it off when it&rsquo;s ready!</p></content>
</entry>
<entry>
<title>Build Better Agents With MorphLLM</title>
<link rel="alternate" href="https://fly.io/blog/build-better-agents-with-morphllm/"/>
<id>https://fly.io/blog/build-better-agents-with-morphllm/</id>
<published>2025-08-25T00:00:00+00:00</published>
<updated>2025-09-03T19:05:57+00:00</updated>
<media:thumbnail url="https://fly.io/blog/build-better-agents-with-morphllm/assets/morphllm.webp"/>
<content type="html"><p>I&rsquo;m an audiophile, which is a nice way to describe someone who spends their children&rsquo;s college fund on equipment that yields no audible improvement in sound quality. As such, I refused to use wireless headphones for the longest time. The fun thing about wired headphones is when you forget they&rsquo;re on and you stand up, you simultaneously cause irreparable neck injuries and extensive property damage. This eventually prompted me to buy good wireless headphones and, you know what, I break fewer things now. I can also stand up from my desk and not be exposed to the aural horrors of the real world. </p>
<p>This is all to say, sometimes you don&rsquo;t know how big a problem is until you solve it. This week, I chatted to the fine people building <a href='https://morphllm.com/' title=''>MorphLLM</a>, which is exactly that kind of solution for AI agent builders. </p>
<h2 id='slow-wasteful-and-expensive-ai-code-changes' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#slow-wasteful-and-expensive-ai-code-changes' aria-label='Anchor'></a><span class='plain-code'>Slow, Wasteful and Expensive AI Code Changes</span></h2>
<p>If you’re building AI agents that write or edit code, you’re probably accepting the following as &ldquo;the way it is&rdquo;: Your agent needs to correct a single line of code, but rewrites an entire file to do it. Search-and-replace right? It’s fragile, breaks formatting, silently fails, or straight up leaves important functions out. The result is slow, inaccurate code changes, excessive token use, and an agent feels incompetent and unreliable.</p>
<p>Full file rewrites are context-blind and prone to hallucinations, especially when editing that 3000+ line file that you&rsquo;ve been meaning to refactor. And every failure and iteration is wasted compute, wasted money and worst of all, wasted time.</p>
<h2 id='why-we-arent-thinking-about-this-or-why-i-wasnt' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#why-we-arent-thinking-about-this-or-why-i-wasnt' aria-label='Anchor'></a><span class='plain-code'>Why We Aren’t Thinking About This (or why I wasn&rsquo;t)</span></h2>
<p>AI workflows are still new to everyone. Best practices are still just opinions and most tooling is focused on model quality, not developer velocity or cost. This is a big part of why we feel that slow, wasteful code edits are just the price of admission for AI-powered development.</p>
<p>In reality, these inefficiencies become a real bottleneck for coding agent tools. The hidden tax on every code edit adds up and your users pay with their time, especially as teams scale and projects grow more complex.</p>
<h2 id='better-faster-ai-code-edits-with-morph-fast-apply' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#better-faster-ai-code-edits-with-morph-fast-apply' aria-label='Anchor'></a><span class='plain-code'>Better, Faster AI Code Edits with Morph Fast Apply</span></h2>
<p>MorphLLM&rsquo;s core innovation is Morph Fast Apply. It&rsquo;s an edit merge tool that is semantic, structure-aware and designed specifically for code. Those are big words to describe a tool that will empower your agents to make single line changes without rewriting whole files or relying on brittle search-and-replace. Instead, your agent applies precise, context-aware edits and it does it ridiculously fast. </p>
<p>It works like this: </p>
<ul>
<li>You add an &lsquo;edit_file&rsquo; tool to your agents tools.
</li><li>Your agent outputs tiny <code>edit_file</code> snippets, using <code>//...existing code...</code> placeholders to indicate unchanged code.
</li><li>Your backend calls Morph’s Apply API, which merges the changes semantically. It doesn&rsquo;t just replace raw text, it makes targeted merges with the code base as context.
</li><li>You write back the precisely edited file. No manual patching, no painful conflict resolution, no context lost.
</li></ul>
<h2 id='the-numbers' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-numbers' aria-label='Anchor'></a><span class='plain-code'>The Numbers</span></h2>
<p>MorphLLM&rsquo;s Apply API processes over 4,500 tokens per second and their benchmark results are nuts. We&rsquo;re talking 98% accuracy in ~6 seconds per file. Compare this to 35s (with error corrections) at 86% accuracy for traditional search-and-replace systems. Files up to 9k tokens in size take ~4 seconds to process. </p>
<p>Just look at the damn <a href='https://morphllm.com/benchmarks' title=''>graph</a>:</p>
<p><img alt="Time Performance Analysis" src="/blog/build-better-agents-with-morphllm/assets/morph_graph.webp" /></p>
<p>These are game-changing numbers for agent builders. Real-time code UIs become possible. Dynamic codebases can self-adapt in seconds, not minutes. Scale to multi-file edits, documentation, and even large asset transformations without sacrificing speed or accuracy.</p>
<h2 id='how-to-get-in-on-the-morphllm-action' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#how-to-get-in-on-the-morphllm-action' aria-label='Anchor'></a><span class='plain-code'>How to Get in on the MorphLLM Action</span></h2>
<p>Integration with your project is easy peasy. MorphLLM is API-compatible with OpenAI, Vercel AI SDK, MCP, and OpenRouter. You can run it in the cloud, self-host, or go on-prem with enterprise-grade guarantees. </p>
<p>I want to cloud host mine, if only I could think of somewhere I could quickly and easily deploy wherever I want and only pay for when I&rsquo;m using the infra 😉.</p>
<h2 id='get-morphed' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#get-morphed' aria-label='Anchor'></a><span class='plain-code'>Get Morphed</span></h2>
<p>MorphLLM feels like a plug-in upgrade for code agent projects that will instantly make them faster and more accurate. Check out the docs, benchmarks, and integration guides at <a href='https://docs.morphllm.com/' title=''>docs.morphllm.com</a>. Get started for free at <a href="https://morphllm.com/dashboard">https://morphllm.com/dashboard</a> </p></content>
</entry>
<entry>
<title>Trust Calibration for AI Software Builders</title>
<link rel="alternate" href="https://fly.io/blog/trust-calibration-for-ai-software-builders/"/>
<id>https://fly.io/blog/trust-calibration-for-ai-software-builders/</id>
<published>2025-08-18T00:00:00+00:00</published>
<updated>2025-08-19T08:30:16+00:00</updated>
<media:thumbnail url="https://fly.io/blog/trust-calibration-for-ai-software-builders/assets/trust_calibration.webp"/>
<content type="html"><div class="lead"><p>Trust calibration is a concept from the world of human-machine interaction design, one that is super relevant to AI software builders. Trust calibration is the practice of aligning the level of trust that users have in our products with its actual capabilities. </p>
</div>
<p>If we build things that our users trust too blindly, we risk facilitating dangerous or destructive interactions that can permanently turn users off. If they don&rsquo;t trust our product enough, it will feel useless or less capable than it actually is. </p>
<p>So what does trust calibration look like in practice and how do we achieve it? A 2023 study reviewed over 1000 papers on trust and trust calibration in human / automated systems (properly referenced at the end of this article). It holds some pretty eye-opening insights – and some inconvenient truths – for people building AI software. I&rsquo;ve tried to extract just the juicy bits below. </p>
<h2 id='limiting-trust' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#limiting-trust' aria-label='Anchor'></a><span class='plain-code'>Limiting Trust</span></h2>
<p>Let&rsquo;s begin with a critical point. There is a limit to how deeply we want users to trust our products. Designing for calibrated trust is the goal, not more trust at any cost. Shoddy trust calibration leads to two equally undesirable outcomes: </p>
<ul>
<li><strong class='font-semibold text-navy-950'>Over-trust</strong> causes users to rely on AI systems in situations where they shouldn&rsquo;t (I told my code assistant to fix a bug in prod and went to bed).
</li><li><strong class='font-semibold text-navy-950'>Under-trust</strong> causes users to reject AI assistance even when it would be beneficial, resulting in reduced perception of value and increased user workload.
</li></ul>
<p>What does calibrated trust look like for your product? It’s important to understand that determining this is less about trying to diagram a set of abstract trust parameters and more about helping users develop accurate mental models of your product&rsquo;s capabilities and limitations. In most cases, this requires thinking beyond the trust calibration mechanisms we default to, like confidence scores. </p>
<p>For example, Cursor&rsquo;s most prominent trust calibration mechanism is its change suggestion highlighting. The code that the model suggests we change is highlighted in red, followed by suggested changes highlighted in green. This immediately communicates that &ldquo;this is a suggestion, not a command.&rdquo; </p>
<p>In contrast, Tesla&rsquo;s Autopilot is a delegative system. It must calibrate trust differently through detailed capability explanations, clear operational boundaries (only on highways), and prominent disengagement alerts when conditions exceed system limits. </p>
<h2 id='building-cooperative-systems' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#building-cooperative-systems' aria-label='Anchor'></a><span class='plain-code'>Building Cooperative Systems</span></h2>
<p>Perhaps the most fundamental consideration in determining high level trust calibration objectives is deciding whether your project is designed to be a cooperative or a delegative tool. </p>
<p>Cooperative systems generally call for lower levels of trust because users can choose whether to accept or reject AI suggestions. But these systems also face a unique risk. It’s easy for over-trust to gradually transform user complacency into over-reliance, effectively transforming what we designed as a cooperative relationship into a delegative one, only without any of the required safeguards.</p>
<p>If you&rsquo;re building a coding assistant, content generator, or design tool, implement visible &ldquo;suggestion boundaries&rdquo; which make it clear when the AI is offering ideas versus making decisions. Grammarly does this well by underlining suggestions rather than auto-correcting, and showing rationale on hover. </p>
<p>For higher-stakes interactions, consider introducing friction. Require explicit confirmation before applying AI suggestions to production code or publishing AI-generated content.</p>
<h2 id='building-delegative-systems' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#building-delegative-systems' aria-label='Anchor'></a><span class='plain-code'>Building Delegative Systems</span></h2>
<p>In contrast, users expect delegative systems to replace human action entirely. Blind trust in the system is a requirement for it to be considered valuable at all. </p>
<p>If you&rsquo;re building automation tools, smart scheduling, or decision-making systems, invest heavily in capability communication and boundary setting. Calendly&rsquo;s smart scheduling works because it clearly communicates what it will and won&rsquo;t do (I&rsquo;ll find times that work for both of us vs. I&rsquo;ll reschedule your existing meetings). Build robust fallback mechanisms and make system limitations prominent in your onboarding. </p>
<h2 id='timing-is-everything' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#timing-is-everything' aria-label='Anchor'></a><span class='plain-code'>Timing Is Everything</span></h2>
<p>The study suggests that when we make trust calibrations is at least as important as how. There are three critical windows for trust calibration, each with their own opportunities and challenges. </p>
<ul>
<li><strong class='font-semibold text-navy-950'>Pre-interaction calibration</strong> happens before users engage with the system. Docs and tutorials fall into this category. Setting expectations up front can prevent initial over-trust, which is disproportionally more difficult to correct later.
</li></ul>
<blockquote>
<p>Pre-interaction calibrations could look like capability-focused onboarding that shows both successes and failures. Rather than just demonstrating perfect AI outputs, show users examples where the AI makes mistakes and how to catch them. </p>
</blockquote>
<ul>
<li><strong class='font-semibold text-navy-950'>During-interaction calibration</strong> is trust adjustment through real-time feedback. Dynamically updated cues improve trust calibration better than static displays, and adaptive calibration that responds to user behavior outperforms systems that display static information.
</li></ul>
<blockquote>
<p>Build confidence indicators that are updated based on context, not just model confidence. For example, if you&rsquo;re building a document AI, show higher confidence for standard document types the system has seen thousands of times, and lower confidence for unusual formats. </p>
</blockquote>
<ul>
<li><strong class='font-semibold text-navy-950'>Post-interaction calibration</strong> focuses on learning and adjustment that helps users understand successes and failures in the system after interactions. These aren’t reliable, since by the time users receive the information, their trust patterns are set and hard to change.
</li></ul>
<blockquote>
<p>Post-interaction feedback can still be valuable for teaching. Create &ldquo;reflection moments&rdquo; after significant interactions. Midjourney does this by letting users rate image outputs, helping users learn what prompts work best while calibrating their expectations for future generations. </p>
</blockquote>
<p>Trust is front-loaded and habit-driven. The most effective calibration happens before and during use, when expectations are still forming and behaviors can still be shifted. Any later and you’re mostly fighting entrenched patterns.</p>
<h2 id='performance-vs-process-information' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#performance-vs-process-information' aria-label='Anchor'></a><span class='plain-code'>Performance vs. Process Information</span></h2>
<p>Users can be guided through performance-oriented signals (what the system can do) or process-oriented signals (how it works). The real challenge is matching the right kind of explanation to the right user, at the right moment.</p>
<ul>
<li><strong class='font-semibold text-navy-950'>Performance-oriented calibration</strong> focuses on communicating capability through mechanisms like reliability statistics, confidence scores, and clear capability boundaries.
</li><li><strong class='font-semibold text-navy-950'>Process-oriented calibration</strong> offers detailed explanations of decision-making processes, breakdowns of which factors influenced decisions, and reasoning transparency.
</li></ul>
<p>Process transparency seems like the obvious go-to at first glance, but the effectiveness of process explanations varies wildly based on user expertise and domain knowledge. If we are designing for a set of users that may fall anywhere on this spectrum, we have to avoid creating information overload for novice users while providing sufficient information to expert users who want the detail. </p>
<p>The most effective systems in the study combined both approaches, providing layered information that allows users to access the level of detail most appropriate for their expertise and current needs.</p>
<h2 id='static-vs-adaptive-calibration' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#static-vs-adaptive-calibration' aria-label='Anchor'></a><span class='plain-code'>Static vs. Adaptive Calibration</span></h2>
<p>I really wanted to ignore this part, because it feels like the study’s authors are passive aggressively adding todos to my projects. In a nutshell, adaptive calibration – when a system actively monitors user behavior and adjusts its communication accordingly - is orders of magnitude more effective than static calibration while delivering the same information to every user, regardless of differences in expertise, trust propensity, or behavior. </p>
<p>Static calibration mechanisms are easy to build and maintain, which is why we like them. But the stark reality is that they put the burden of appropriate calibration entirely on our users. We’re making it their job to adapt their behaviour based on generic information.</p>
<p>This finding has zero respect for our time or mental health, but it also reveals a legit opportunity for clever builders to truly separate their product from the herd.</p>
<h2 id='practical-adaptive-calibration-techniques' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#practical-adaptive-calibration-techniques' aria-label='Anchor'></a><span class='plain-code'>Practical adaptive calibration techniques</span></h2>
<ul>
<li><strong class='font-semibold text-navy-950'>Behavioral adaptation:</strong> Track how often users accept vs. reject suggestions and adjust confidence thresholds accordingly. If a user consistently rejects high-confidence suggestions, lower the threshold for showing uncertainty.
</li><li><strong class='font-semibold text-navy-950'>Context awareness:</strong> Adjust trust signals based on use context. A writing AI might show higher confidence for grammar fixes than creative suggestions, or lower confidence late at night when users might be tired.
</li><li><strong class='font-semibold text-navy-950'>Detect expertise:</strong> Users who frequently make sophisticated edits to AI output probably want more detailed explanations than those who typically accept entire file rewrites.
</li></ul>
<h2 id='the-transparency-paradox' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-transparency-paradox' aria-label='Anchor'></a><span class='plain-code'>The Transparency Paradox</span></h2>
<p>The idea that transparency and explainability can actually harm trust calibration is easily the point that hit me the hardest. While explanations can improve user understanding, they can also create information overload that reduces users&rsquo; ability to detect and correct trash output. What&rsquo;s worse, explanations can create a whole new layer of trust calibration issues, with users over-trusting the explanation mechanism itself, rather than critically evaluating the actual output.</p>
<p>This suggests that quality over quantity should be our design philosophy when it comes to transparency. We should provide carefully crafted, relevant information rather than comprehensive but overwhelming detail. The goal should be enabling better decision-making rather than simply satisfying user curiosity about system internals.</p>
<h2 id='anthropomorphism-and-unwarranted-trust' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#anthropomorphism-and-unwarranted-trust' aria-label='Anchor'></a><span class='plain-code'>Anthropomorphism and Unwarranted Trust</span></h2>
<p>It seems obvious that we should make interactions with our AI project feel as human as possible. Well, it turns out that systems that appear more human-like through design, language, or interaction patterns are notoriously good at increasing user trust beyond actual system capabilities. </p>
<p>So it’s entirely possible that building more traditional human-computer interactions can actually make our AI projects safer to use and therefore, more user-friendly. </p>
<ul>
<li><strong class='font-semibold text-navy-950'>Use tool-like language:</strong> Frame outputs as &ldquo;analysis suggests&rdquo; rather than &ldquo;I think&rdquo; or &ldquo;I believe&rdquo;
</li><li><strong class='font-semibold text-navy-950'>Embrace machine-like precision:</strong> Show exact confidence percentages rather than human-like hedging (&ldquo;I&rsquo;m pretty sure that&hellip;)
</li></ul>
<h2 id='trust-falls-faster-than-it-climbs' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#trust-falls-faster-than-it-climbs' aria-label='Anchor'></a><span class='plain-code'>Trust Falls Faster Than It Climbs</span></h2>
<p>Nothing particularly groundbreaking here, but the findings are worth mentioning if only to reinforce what we think we know. </p>
<p>Early interactions are critically important. Users form mental models quickly and then react slowly to changes in system reliability.</p>
<p>More critically, trust drops much faster from system failures than it builds from successes. These asymmetries suggest that we should invest disproportionately in onboarding and first-use experiences, even if they come with higher development costs.</p>
<h2 id='measurement-is-an-opportunity-for-innovation' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#measurement-is-an-opportunity-for-innovation' aria-label='Anchor'></a><span class='plain-code'>Measurement is an Opportunity for Innovation</span></h2>
<p>The study revealed gaping voids where effective measurement mechanisms and protocols should be, for both researchers and builders. There is a clear need to move beyond simple user satisfaction metrics or adoption rates to developing measurement frameworks that can actively detect miscalibrated trust patterns. </p>
<p>The ideal measurement approach would combine multiple indicators. A few examples of viable indicators are:</p>
<ul>
<li><strong class='font-semibold text-navy-950'>Behavioral signals:</strong> Track acceptance rates for different confidence levels. Well-calibrated trust should show higher acceptance rates for high-confidence outputs and lower rates for low-confidence ones.
</li><li><strong class='font-semibold text-navy-950'>Context-specific metrics:</strong> Measure trust calibration separately for different use cases. Users might be well-calibrated for simple tasks but poorly calibrated for complex ones.
</li><li><strong class='font-semibold text-navy-950'>User self-reporting:</strong> Regular pulse surveys asking &quot;How confident are you in your ability to tell when this AI makes mistakes?&rdquo; can reveal calibration gaps.
</li></ul>
<h2 id='the-calibrated-conclusion' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-calibrated-conclusion' aria-label='Anchor'></a><span class='plain-code'>The Calibrated Conclusion</span></h2>
<p>It&rsquo;s clear, at least from this study, that there’s no universal formula, or single feature that will effectively calibrate trust. It&rsquo;s up to every builder to define and understand their project&rsquo;s trust goals and to balance timing, content, adaptivity, and transparency accordingly. That’s what makes it both hard and worth doing. Trust calibration has to be a core part of our product’s identity, not a piglet we only start chasing once it has escaped the barn.</p>
<p><strong class='font-semibold text-navy-950'>The Study:</strong></p>
<p>Magdalena Wischnewski, Nicole Krämer, and Emmanuel Müller. 2023. Measuring and Understanding Trust Calibrations for Automated Systems: A Survey of the State-Of-The-Art and Future Directions. In Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems (CHI &lsquo;23), April 23–28, 2023, Hamburg, Germany. ACM, New York, NY, USA 16 Pages. <a href="https://doi.org/10.1145/3544548.3581197">https://doi.org/10.1145/3544548.3581197</a></p></content>
</entry>
<entry>
<title>Games as Model Eval: 1-Click Deploy AI Town on Fly.io</title>
<link rel="alternate" href="https://fly.io/blog/games-as-model-eval/"/>
<id>https://fly.io/blog/games-as-model-eval/</id>
<published>2025-08-11T00:00:00+00:00</published>
<updated>2025-08-15T08:35:19+00:00</updated>
<media:thumbnail url="https://fly.io/blog/games-as-model-eval/assets/Fly_Man.webp"/>
<content type="html"><div class="lead"><p>Recently, I suggested that <a href="https://fly.io/blog/the-future-isn-t-model-agnostic/" title="">The Future Isn’t Model Agnostic</a>, that it’s better to pick one model that works for your project and build around it, rather than engineering for model flexibility. If you buy that, you also have to acknowledge how important comprehensive model evaluation becomes. </p>
</div>
<p>Benchmarks tell us almost nothing about how a model will actually behave in the wild, especially with long contexts, or when trusted to deliver the tone and feel that defines the UX we’re shooting for. Even the best evaluation pipelines usually end in subjective, side-by-side output comparisons. Not especially rigorous, and more importantly, boring af.</p>
<p>Can we gamify model evaluation? Oh yes. And not just because we get to have some fun for once. Google backed me up this week when it announced the <a href='https://blog.google/technology/ai/kaggle-game-arena/' title=''>Kaggle Game Arena</a>. A public platform where we can watch AI models duke it out in a variety of classic games. Quoting Google; &ldquo;Current AI benchmarks are struggling to keep pace with modern models&hellip; it can be hard to know if models trained on internet data are actually solving problems or just remembering answers they&rsquo;ve already seen.&rdquo;</p>
<p>When models boss reading comprehension tests, or ace math problems, we pay attention. But when they fail to navigate a simple conversation with a virtual character or completely botch a strategic decision in a game environment, we tell ourselves we&rsquo;re not building a game anyway and develop strategic short-term memory loss.
Just like I&rsquo;ve told my mom a thousand times, games are great at testing brains, and it&rsquo;s time we take this seriously when it comes to model evaluation. </p>
<h2 id='why-games-dont-lie' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#why-games-dont-lie' aria-label='Anchor'></a><span class='plain-code'>Why Games Don&rsquo;t Lie</span></h2>
<p>Games provide what benchmarks can&rsquo;t, &ldquo;a clear, unambiguous signal of success.&rdquo; They give us observable behavior in dynamic environments, the kind that would be extremely difficult (and tedious) to simulate with prompt engineering alone.</p>
<p>Games force models to demonstrate the skills we actually care about; strategic reasoning, long-term planning, and dynamic adaptation in interactions with an opponent or a collaborator. </p>
<h2 id='pixel-art-meets-effective-model-evaluation-ai-town-on-fly-io' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#pixel-art-meets-effective-model-evaluation-ai-town-on-fly-io' aria-label='Anchor'></a><span class='plain-code'>Pixel Art Meets Effective Model Evaluation - AI Town on Fly.io</span></h2>
<p>AI Town is a brilliant project by <a href='https://github.com/a16z-infra' title=''>a16z-infra</a>, based on the the mind-bending paper, <a href='https://arxiv.org/pdf/2304.03442' title=''>Generative Agents: Interactive Simulacra of Human Behavior</a>. It&rsquo;s a beautifully rendered little town in which tiny people with AI brains and engineered personalities go about their lives, interacting with each other and their environment. Characters need to remember past conversations, maintain relationships, react dynamically to new situations, and stay in character while doing it all. </p>
<p>I challenge you to find a more entertaining way of evaluating conversational models. </p>
<p>I&rsquo;ve <a href='https://github.com/fly-apps/ai-town_on_fly.io' title=''>forked the project</a> to make it absurdly easy to spin up your own AI Town on Fly Machines. You&rsquo;ve got a single deploy script that will set everything up for you and some built-in cost and performance optimizations, with our handy scale to zero functionality as standard (so you only pay for the time spent running it). This makes it easy to share with your team, your friends and your mom. </p>
<p>In it&rsquo;s current state, the fork makes it as easy as possible to test any OpenAI-compatible service, any model on Together.ai and even custom embedding models. Simply set the relevant API key in your secrets. </p>
<p>Games like AI Town give us a window into how models actually think, adapt, and behave beyond the context of our prompts. You move past performance metrics and begin to understand a model’s personality, quirks, strengths, and weaknesses; all factors that ultimately shape your project&rsquo;s UX. </p></content>
</entry>
<entry>
<title>The Future Isn't Model Agnostic</title>
<link rel="alternate" href="https://fly.io/blog/the-future-isn-t-model-agnostic/"/>
<id>https://fly.io/blog/the-future-isn-t-model-agnostic/</id>
<published>2025-08-08T00:00:00+00:00</published>
<updated>2025-08-22T16:31:43+00:00</updated>
<media:thumbnail url="https://fly.io/blog/the-future-isn-t-model-agnostic/assets/Whack_A_Mole_.webp"/>
<content type="html"><div class="lead"><p>Your users don’t care that your AI project is model
agnostic. </p>
</div>
<p>In my last project, I spent countless hours ensuring that the LLMs running my services could be swapped out as easily as possible. I couldn&rsquo;t touch a device with an internet connection without hearing about the latest benchmark-breaking model and it felt like a clear priority to ensure I could hot swap models with minimal collateral damage.</p>
<p>So yeah. That was a waste of time.</p>
<p>The hype around new model announcements feels more manufactured with each release. In reality, improvements are becoming incremental. As major providers converge on the same baseline, the days of one company holding a decisive lead are numbered.</p>
<p>In a world of model parity, the differentiation moves entirely to the product layer. Winning isn&rsquo;t about ensuring you&rsquo;re using the best model, its about understanding your chosen model deeply enough to build experiences that feel magical. Knowing exactly how to prompt for consistency, which edge cases to avoid, and how to design workflows that play to your model&rsquo;s particular strengths</p>
<p>Model agnosticism isn&rsquo;t just inefficient, it&rsquo;s misguided. Fact is, swapping out your model is not just changing an endpoint. It&rsquo;s rewriting prompts, rerunning evals, users telling you things just feel&hellip; different. And if you&rsquo;ve won users on the way it feels to use your product, that last one is a really big deal.</p>
<h2 id='model-lt-product' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#model-lt-product' aria-label='Anchor'></a><span class='plain-code'>Model &lt; Product</span></h2>
<p>Recently, something happened that fully solidified this idea in my head. Claude Code is winning among people building real things with AI. We even have evangelists in the Fly.io engineering team, and those guys are weird smart. Elsewhere, whole communities have formed to share and compare claude.md&rsquo;s and fight each other over which MCP servers are the coolest to use with Claude.</p>
<p>Enter stage right, Qwen 3 Coder. It takes Claude to the cleaners in benchmarks. But the response from the Claude Code user base? A collective meh.</p>
<p>This is nothing like 2024, when everyone would have dropped everything to get the hot new model running in Cursor. And it&rsquo;s not because we&rsquo;ve learned that benchmarks are performance theater for people who&rsquo;ve never shipped a product.</p>
<p>It&rsquo;s because products like Claude Code are irrefutable evidence that the model isn&rsquo;t the product. We&rsquo;ve felt it first hand when our pair programmer&rsquo;s behaviour changes in subtle ways. The product is in the rituals. The trust. The predictability. It&rsquo;s precisely because Claude Code&rsquo;s model behavior, UI, and user expectations are so tightly coupled that its users don&rsquo;t really care that a better model might exist.</p>
<p>I&rsquo;m not trying to praise Anthropic here. The point is, engineering for model agnosticism is a trap that will eat up time that could be better spent … anywhere else.</p>
<p>Sure, if you&rsquo;re building infra or anything else that lives close to the metal, model optionality still matters. But people trusting legwork to AI tools are building deeper relationships and expectations of their AI tools than they even care to admit. AI product success stories are written when products become invisible parts of users&rsquo; daily rituals, not showcases for engineering flexibility.</p>
<h2 id='make-one-model-your-own' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#make-one-model-your-own' aria-label='Anchor'></a><span class='plain-code'>Make One Model Your Own</span></h2>
<p>As builders, it&rsquo;s time we stop hedging our bets and embrace the convergence reality. Every startup pitch deck with &lsquo;model-agnostic&rsquo; as a feature should become a red flag for investors who understand product-market fit. Stop putting &lsquo;works with any LLM&rsquo; in your one-liner. It screams &lsquo;we don&rsquo;t know what we&rsquo;re building.&rsquo;</p>
<p>If you&rsquo;re still building model-agnostic AI tools in 2025, you&rsquo;re optimizing for the wrong thing. Users don&rsquo;t want flexibility; they want reliability. And in a converged model landscape, reliability comes from deep specialization, not broad compatibility.</p>
<p>Pick your model like you pick your therapist; for the long haul. Find the right model, tune deeply, get close enough to understand its quirks and make them work for you. Stop architecting for the mythical future where you&rsquo;ll seamlessly swap models. That future doesn&rsquo;t exist, and chasing it is costing you the present.</p>
<h2 id='bonus-level-all-in-on-one-model-means-all-out-on-eval' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#bonus-level-all-in-on-one-model-means-all-out-on-eval' aria-label='Anchor'></a><span class='plain-code'>Bonus level: All-in On One Model Means All-out On Eval</span></h2>
<p>If any of this is landing for you, you&rsquo;ll agree that we have to start thinking of model evaluation as architecture, not an afterthought. The good news is, rigorous model eval doesn&rsquo;t have to be mind numbing anymore. </p>
<p>Turns out, games are really great eval tools! Now you can spin up your very own little <a href='https://github.com/fly-apps/ai-town_on_fly.io' title=''>AI Town</a> on Fly.io with a single click deploy to test different models as pixel people in an evolving environment. I discuss the idea further in <a href='https://fly.io/blog/games-as-model-eval/' title=''>Games as Model Eval: 1-Click Deploy AI Town on Fly.io</a>.</p></content>
</entry>
<entry>
<title>Phoenix.new – The Remote AI Runtime for Phoenix</title>
<link rel="alternate" href="https://fly.io/blog/phoenix-new-the-remote-ai-runtime/"/>
<id>https://fly.io/blog/phoenix-new-the-remote-ai-runtime/</id>
<published>2025-06-20T00:00:00+00:00</published>
<updated>2025-06-24T17:23:07+00:00</updated>
<media:thumbnail url="https://fly.io/blog/phoenix-new-the-remote-ai-runtime/assets/phoenixnew-thumb.png"/>
<content type="html"><div class="lead"><p>I’m Chris McCord, the creator of Elixir’s Phoenix framework. For the past several months, I’ve been working on a skunkworks project at Fly.io, and it’s time to show it off.</p>
</div>
<p>I wanted LLM agents to work just as well with Elixir as they do with Python and JavaScript. Last December, in order to figure out what that was going to take, I started a little weekend project to find out how difficult it would be to build a coding agent in Elixir.</p>
<p>A few weeks later, I had it spitting out working Phoenix applications and driving a full in-browser IDE. I knew this wasn&rsquo;t going to stay a weekend project.</p>
<p>If you follow me on Twitter, you&rsquo;ve probably seen me teasing this work as it picked up steam. We&rsquo;re at a point where we&rsquo;re pretty serious about this thing, and so it&rsquo;s time to make a formal introduction.</p>
<p>World, meet <a href='https://phoenix.new' title=''>Phoenix.new</a>, a batteries-included fully-online coding agent tailored to Elixir and Phoenix. I think it&rsquo;s going to be the fastest way to build collaborative, real-time applications.</p>
<p>Let&rsquo;s see it in action:</p>
<div class="youtube-container" data-exclude-render>
<div class="youtube-video">
<iframe
width="100%"
height="100%"
src="https://www.youtube.com/embed/du7GmWGUM5Y"
frameborder="0"
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
allowfullscreen>
</iframe>
</div>
</div>
<h2 id='whats-interesting-about-phoenix-new' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#whats-interesting-about-phoenix-new' aria-label='Anchor'></a><span class='plain-code'>What&rsquo;s Interesting About Phoenix.new</span></h2>
<p>First, even though it runs entirely in your browser, Phoenix.new gives both you and your agent a root shell, in an ephemeral virtual machine (a <a href='https://fly.io/docs/machines/overview/' title=''>Fly Machine</a>) that gives our agent loop free rein to install things and run programs — without any risk of messing up your local machine. You don&rsquo;t think about any of this; you just open up the VSCode interface, push the shell button, and there you are, on the isolated machine you share with the Phoenix.new agent.</p>
<p>Second, it&rsquo;s an agent system I built specifically for Phoenix. Phoenix is about real-time collaborative applications, and Phoenix.new knows what that means. To that end, Phoenix.new includes, in both its UI and its agent tools, a full browser. The Phoenix.new agent uses that browser &ldquo;headlessly&rdquo; to check its own front-end changes and interact with the app. Because it&rsquo;s a full browser, instead of trying to iterate on screenshots, the agent sees real page content and JavaScript state – with or without a human present.</p>
<h2 id='what-root-access-gets-us' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#what-root-access-gets-us' aria-label='Anchor'></a><span class='plain-code'>What Root Access Gets Us</span></h2>
<p>Agents build software the way you did when you first got started, the way you still do today when you prototype things. They don&rsquo;t carefully design Docker container layers and they don&rsquo;t really do release cycles. An agent wants to pop a shell and get its fingernails dirty.</p>
<p>A fully isolated virtual machine means Phoenix.new&rsquo;s fingernails can get <em>arbitrarily dirty.</em> If it wants to add a package to <code>mix.exs</code>, it can do that and then run <code>mix phx.server</code> or <code>mix test</code> and check the output. Sure. Every agent can do that. But if it wants to add an APT package to the base operating system, it can do that too, and make sure it worked. It owns the whole environment.</p>
<p>This offloads a huge amount of tedious, repetitive work.</p>
<p>At his <a href='https://youtu.be/LCEmiRjPEtQ?si=sR_bdu6-AqPXSNmY&t=1902' title=''>AI Startup School talk last week</a>, Andrej Karpathy related his experience of building a restaurant menu visualizer, which takes camera pictures of text menus and transforms all the menu items into pictures. The code, which he vibe-coded with an LLM agent, was the easy part; he had it working in an afternoon. But getting the app online took him a whole week.</p>
<p>With Phoenix.new, I&rsquo;m taking dead aim at this problem. The apps we produce live in the cloud from the minute they launch. They have private, shareable URLs (we detect anything the agent generates with a bound port and give it a preview URL underneath <code>phx.run</code>, with integrated port-forwarding), they integrate with Github, and they inherit all the infrastructure guardrails of Fly.io: hardware virtualization, WireGuard, and isolated networks.</p>
<div class="callout"><p>Github’s <code>gh</code> CLI is installed by default. So the agent knows how to clone any repo, or browse issues, and you can even authorize it for internal repositories to get it working with your team’s existing projects and dependencies.</p>
</div>
<p>Full control of the environment also closes the loop between the agent and deployment. When Phoenix.new boots an app, it watches the logs, and tests the application. When an action triggers an error, Phoenix.new notices and gets to work.</p>
<h2 id='watch-it-build-in-real-time' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#watch-it-build-in-real-time' aria-label='Anchor'></a><span class='plain-code'>Watch It Build In Real Time</span></h2>
<p><a href='https://phoenix.new' title=''>Phoenix.new</a> can interact with web applications the way users do: with a real browser.</p>
<p>The Phoenix.new environment includes a headless Chrome browser that our agent knows how to drive. Prompt it to add a front-end feature to your application, and it won&rsquo;t just sketch the code out and make sure it compiles and lints. It&rsquo;ll pull the app up itself and poke at the UI, simultaneously looking at the page content, JavaScript state, and server-side logs.</p>
<p>Phoenix is all about <a href='https://fly.io/blog/how-we-got-to-liveview/' title=''>&ldquo;live&rdquo; real-time</a> interactivity, and gives us seamless live reload. The user interface for Phoenix.new itself includes a live preview of the app being worked on, so you can kick back and watch it build front-end features incrementally. Any other <code>.phx.run</code> tabs you have open also update as it goes. It&rsquo;s wild.</p>
<video title="agent interacting with web" autoplay="autoplay" loop="loop" muted="muted" playsinline="playsinline" disablePictureInPicture="true" class="mb-8" src="/blog/phoenix-new-the-remote-ai-runtime/assets/webjs.mp4"></video>
<h2 id='not-just-for-vibe-coding' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#not-just-for-vibe-coding' aria-label='Anchor'></a><span class='plain-code'>Not Just For Vibe Coding</span></h2>
<p>Phoenix.new can already build real, full-stack applications with WebSockets, Phoenix&rsquo;s Presence features, and real databases. I&rsquo;m seeing it succeed at business and collaborative applications right now.</p>
<p>But there&rsquo;s no fixed bound on the tasks you can reasonably ask it to accomplish. If you can do it with a shell and a browser, I want Phoenix.new to do it too. And it can do these tasks with or without you present.</p>
<p>For example: set a <code>$DATABASE_URL</code> and tell the agent about it. The agent knows enough to go explore it with <code>psql</code>, and it&rsquo;ll propose apps based on the schemas it finds. It can model Ecto schemas off the database. And if MySQL is your thing, the agent will just <code>apt install</code> a MySQL client and go to town.</p>
<p>Frontier model LLMs have vast world knowledge. They generalize extremely well. At ElixirConfEU, I did a <a href='https://www.youtube.com/watch?v=ojL_VHc4gLk&t=3923s' title=''>demo vibe-coding Tetris</a> on stage. Phoenix.new nailed it, first try, first prompt. It&rsquo;s not like there&rsquo;s gobs of Phoenix LiveView Tetris examples floating around the Internet! But lots of people have published Tetris code, and lots of people have written LiveView stuff, and 2025 LLMs can connect those dots.</p>
<p>At this point you might be wondering – can I just ask it to build a Rails app? Or an Expo React Native app? Or Svelte? Or Go?</p>
<p>Yes, you can.</p>
<p>Our system prompt is tuned for Phoenix today, but all languages you care about are already installed. We&rsquo;re still figuring out where to take this, but adding new languages and frameworks definitely ranks highly in my plans.</p>
<h2 id='our-async-agent-future' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#our-async-agent-future' aria-label='Anchor'></a><span class='plain-code'>Our Async Agent Future</span></h2>
<p><a href='https://fly.io/blog/youre-all-nuts/' title=''>We&rsquo;re at a massive step-change in developer workflows</a>.</p>
<p>Agents can do real work, today, with or without a human present. Buckle up: the future of development, at least in the common case, probably looks less like cracking open a shell and finding a file to edit, and more like popping into a CI environment with agents working away around the clock.</p>
<p>Local development isn&rsquo;t going away. But there&rsquo;s going to be a shift in where the majority of our iterations take place. I&rsquo;m already using Phoenix.new to triage <code>phoenix-core</code> Github issues and pick problems to solve. I close my laptop, grab a cup of coffee, and wait for a PR to arrive — Phoenix.new knows how PRs work, too. We&rsquo;re already here, and this space is just getting started.</p>
<p>This isn&rsquo;t where I thought I&rsquo;d end up when I started poking around. The Phoenix and LiveView journey was much the same. Something special was there and the projects took on a life of their own. I&rsquo;m excited to share this work now, and see where it might take us. I can&rsquo;t wait to see what folks build.</p></content>
</entry>
<entry>
<title>What are MCP Servers?</title>
<link rel="alternate" href="https://fly.io/blog/mcps-everywhere/"/>
<id>https://fly.io/blog/mcps-everywhere/</id>
<published>2025-06-12T00:00:00+00:00</published>
<updated>2025-06-12T16:59:12+00:00</updated>
<media:thumbnail url="https://fly.io/blog/mcps-everywhere/assets/mcps-everywhere.jpg"/>
<content type="html"><div class="lead"><div><p>With Fly.io, <a href="https://fly.io/docs/speedrun/" title="">you can get your app running globally in a matter of minutes</a>, and with MCP servers you can integrate with Claude, VSCode, Cursor and <a href="https://modelcontextprotocol.io/clients">many more AI clients</a>. <a href="https://fly.io/docs/mcp/" title="">Try it out for yourself</a>!</p>
</div></div>
<p>The introduction to <a href='https://modelcontextprotocol.io/introduction' title=''>Model Context Protocol</a> starts out with:</p>
<blockquote>
<p>MCP is an open protocol that standardizes how applications provide context to LLMs. Think of MCP like a USB-C port for AI applications. Just as USB-C provides a standardized way to connect your devices to various peripherals and accessories, MCP provides a standardized way to connect AI models to different data sources and tools.</p>
</blockquote>
<p>That paragraph, to me, is both comforting (&ldquo;USB for LLM&rdquo;? Cool! Got it!), and simultaneously vacuous (Um, but what do I actually <em>do</em> with this?).</p>
<p>I&rsquo;ve been digging deeper and have come up with a few more analogies and observations that make sense to me. Perhaps one or more of these will help you.</p>
<h2 id='mcps-are-alexa-skills' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#mcps-are-alexa-skills' aria-label='Anchor'></a><span class='plain-code'>MCPs are Alexa Skills</span></h2>
<p>You buy an Echo Dot and a Hue light. You plug them both in and connect them to your Wi-Fi. There is one more step you need to do: you need to install and enable the Philips Hue skill to connect the two.</p>
<p>Now you might be using Siri or Google Assistant. Or you may want to connect a Ring Doorbell camera or Google Nest Thermostat. But the principle is the same, though the analogy is slightly stronger with a skill (which is a noun) as opposed to the action of pairing your Hue Bridge with Apple HomeKit (a verb).</p>
<h2 id='mcps-are-api-2-0' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#mcps-are-api-2-0' aria-label='Anchor'></a><span class='plain-code'>MCPs are API 2.0</span></h2>
<p>HTTP 1.1 is simple. You send a request, you get a response. While there are cookies and sessions, it is pretty much stateless and therefore inefficient, as each request needs to establish a new connection. WebSockets and Server-Sent Events (SSE) mitigate this a bit.</p>
<p><a href='https://en.wikipedia.org/wiki/HTTP/2' title=''>HTTP 2.0</a> introduces features like multiplexing and server push. When you visit a web page for the first time, your browser can now request all of the associated JavaScript, CSS, and images at once, and the server can respond in any order.</p>
<p>APIs today are typically request/response. MCPs support multiplexing and server push.</p>
<h2 id='mcps-are-apis-with-introspection-reflection' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#mcps-are-apis-with-introspection-reflection' aria-label='Anchor'></a><span class='plain-code'>MCPs are APIs with Introspection/Reflection</span></h2>
<p>With <a href='https://learn.openapis.org/' title=''>OpenAPI</a>, requests are typically JSON, and responses are too. Many OpenAPI providers publish a separate <a href='https://learn.openapis.org/specification/structure.html' title=''>OpenAPI Description (OAD)</a>, which contains a schema describing what requests are supported by that API.</p>
<p>With MCP, requests are also JSON and responses are also JSON, but in addition, there are standard requests built into the protocol to obtain useful information, including what tools are provided, what arguments each tool expects, and a prose description of how each tool is expected to be used.</p>
<p>As an aside, don&rsquo;t automatically assume that you will get good results from <a href='https://neon.com/blog/autogenerating-mcp-servers-openai-schemas' title=''>auto-generating MCP Servers from OpenAPI schemas</a>:</p>
<blockquote>
<p>Effective MCP design means thinking about the workflows you want the agent to perform and potentially creating higher-level tools that encapsulate multiple API calls, rather than just exposing the raw building blocks of your entire API spec.</p>
</blockquote>
<p><a href='https://glama.ai/blog/2025-06-06-mcp-vs-api#five-fundamental-differences' title=''>MCP vs API</a> goes into this topic at greater debth.</p>
<p>In many cases you will get better results treating LLMs as humans. If you have a CLI, consider using that as the starting point instead.</p>
<h2 id='mcps-are-not-serverless' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#mcps-are-not-serverless' aria-label='Anchor'></a><span class='plain-code'>MCPs are <strong><i>not</i></strong> serverless</span></h2>
<p><a href='https://en.wikipedia.org/wiki/Serverless_computing' title=''>Serverless</a>, sometimes known as <a href='https://en.wikipedia.org/wiki/Function_as_a_service' title=''>FaaS</a>, is a popular cloud computing model, where AWS Lambda is widely recognized as the archetype.</p>
<p>MCP servers are not serverless; they have a well-defined and long-lived <a href='https://modelcontextprotocol.io/specification/2025-03-26/basic/lifecycle' title=''>lifecycle</a>:</p>
<p><svg aria-roledescription="sequence" role="graphics-document document" viewBox="-50 -10 482 651" style="max-width: 482px;" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://www.w3.org/2000/svg" width="100%" id="rm"><rect class="rect" height="70" width="302" fill="rgb(200, 220, 250)" y="325" x="40"></rect><g><rect class="actor actor-bottom" ry="3" rx="3" name="Server" height="65" width="150" stroke="#666" fill="#eaeaea" y="565" x="232"></rect><text class="actor actor-box" alignment-baseline="central" dominant-baseline="central" style="text-anchor: middle; font-size: 16px; font-weight: 400; font-family: inherit;" y="597.5" x="307"><tspan dy="0" x="307">Server</tspan></text></g><g><rect class="actor actor-bottom" ry="3" rx="3" name="Client" height="65" width="150" stroke="#666" fill="#eaeaea" y="565" x="0"></rect><text class="actor actor-box" alignment-baseline="central" dominant-baseline="central" style="text-anchor: middle; font-size: 16px; font-weight: 400; font-family: inherit;" y="597.5" x="75"><tspan dy="0" x="75">Client</tspan></text></g><g><line name="Server" stroke="#999" stroke-width="0.5px" class="actor-line 200" y2="565" x2="307" y1="65" x1="307" id="actor10"></line><g id="root-10"><rect class="actor actor-top" ry="3" rx="3" name="Server" height="65" width="150" stroke="#666" fill="#eaeaea" y="0" x="232"></rect><text class="actor actor-box" alignment-baseline="central" dominant-baseline="central" style="text-anchor: middle; font-size: 16px; font-weight: 400; font-family: inherit;" y="32.5" x="307"><tspan dy="0" x="307">Server</tspan></text></g></g><g><line name="Client" stroke="#999" stroke-width="0.5px" class="actor-line 200" y2="565" x2="75" y1="65" x1="75" id="actor9"></line><g id="root-9"><rect class="actor actor-top" ry="3" rx="3" name="Client" height="65" width="150" stroke="#666" fill="#eaeaea" y="0" x="0"></rect><text class="actor actor-box" alignment-baseline="central" dominant-baseline="central" style="text-anchor: middle; font-size: 16px; font-weight: 400; font-family: inherit;" y="32.5" x="75"><tspan dy="0" x="75">Client</tspan></text></g></g><style>#rm{font-family:inherit;font-size:16px;fill:#333;}#rm .error-icon{fill:#552222;}#rm .error-text{fill:#552222;stroke:#552222;}#rm .edge-thickness-normal{stroke-width:1px;}#rm .edge-thickness-thick{stroke-width:3.5px;}#rm .edge-pattern-solid{stroke-dasharray:0;}#rm .edge-thickness-invisible{stroke-width:0;fill:none;}#rm .edge-pattern-dashed{stroke-dasharray:3;}#rm .edge-pattern-dotted{stroke-dasharray:2;}#rm .marker{fill:#333333;stroke:#333333;}#rm .marker.cross{stroke:#333333;}#rm svg{font-family:inherit;font-size:16px;}#rm p{margin:0;}#rm .actor{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;}#rm text.actor&gt;tspan{fill:black;stroke:none;}#rm .actor-line{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);}#rm .messageLine0{stroke-width:1.5;stroke-dasharray:none;stroke:#333;}#rm .messageLine1{stroke-width:1.5;stroke-dasharray:2,2;stroke:#333;}#rm #arrowhead path{fill:#333;stroke:#333;}#rm .sequenceNumber{fill:white;}#rm #sequencenumber{fill:#333;}#rm #crosshead path{fill:#333;stroke:#333;}#rm .messageText{fill:#333;stroke:none;}#rm .labelBox{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;}#rm .labelText,#rm .labelText&gt;tspan{fill:black;stroke:none;}#rm .loopText,#rm .loopText&gt;tspan{fill:black;stroke:none;}#rm .loopLine{stroke-width:2px;stroke-dasharray:2,2;stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);}#rm .note{stroke:#aaaa33;fill:#fff5ad;}#rm .noteText,#rm .noteText&gt;tspan{fill:black;stroke:none;}#rm .activation0{fill:#f4f4f4;stroke:#666;}#rm .activation1{fill:#f4f4f4;stroke:#666;}#rm .activation2{fill:#f4f4f4;stroke:#666;}#rm .actorPopupMenu{position:absolute;}#rm .actorPopupMenuPanel{position:absolute;fill:#ECECFF;box-shadow:0px 8px 16px 0px rgba(0,0,0,0.2);filter:drop-shadow(3px 5px 2px rgb(0 0 0 / 0.4));}#rm .actor-man line{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;}#rm .actor-man circle,#rm line{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;stroke-width:2px;}#rm :root{--mermaid-font-family:inherit;}</style><g></g><defs><symbol height="24" width="24" id="computer"><path d="M2 2v13h20v-13h-20zm18 11h-16v-9h16v9zm-10.228 6l.466-1h3.524l.467 1h-4.457zm14.228 3h-24l2-6h2.104l-1.33 4h18.45l-1.297-4h2.073l2 6zm-5-10h-14v-7h14v7z" transform="scale(.5)"></path></symbol></defs><defs><symbol clip-rule="evenodd" fill-rule="evenodd" id="database"><path d="M12.258.001l.256.004.255.005.253.008.251.01.249.012.247.015.246.016.242.019.241.02.239.023.236.024.233.027.231.028.229.031.225.032.223.034.22.036.217.038.214.04.211.041.208.043.205.045.201.046.198.048.194.05.191.051.187.053.183.054.18.056.175.057.172.059.168.06.163.061.16.063.155.064.15.066.074.033.073.033.071.034.07.034.069.035.068.035.067.035.066.035.064.036.064.036.062.036.06.036.06.037.058.037.058.037.055.038.055.038.053.038.052.038.051.039.05.039.048.039.047.039.045.04.044.04.043.04.041.04.04.041.039.041.037.041.036.041.034.041.033.042.032.042.03.042.029.042.027.042.026.043.024.043.023.043.021.043.02.043.018.044.017.043.015.044.013.044.012.044.011.045.009.044.007.045.006.045.004.045.002.045.001.045v17l-.001.045-.002.045-.004.045-.006.045-.007.045-.009.044-.011.045-.012.044-.013.044-.015.044-.017.043-.018.044-.02.043-.021.043-.023.043-.024.043-.026.043-.027.042-.029.042-.03.042-.032.042-.033.042-.034.041-.036.041-.037.041-.039.041-.04.041-.041.04-.043.04-.044.04-.045.04-.047.039-.048.039-.05.039-.051.039-.052.038-.053.038-.055.038-.055.038-.058.037-.058.037-.06.037-.06.036-.062.036-.064.036-.064.036-.066.035-.067.035-.068.035-.069.035-.07.034-.071.034-.073.033-.074.033-.15.066-.155.064-.16.063-.163.061-.168.06-.172.059-.175.057-.18.056-.183.054-.187.053-.191.051-.194.05-.198.048-.201.046-.205.045-.208.043-.211.041-.214.04-.217.038-.22.036-.223.034-.225.032-.229.031-.231.028-.233.027-.236.024-.239.023-.241.02-.242.019-.246.016-.247.015-.249.012-.251.01-.253.008-.255.005-.256.004-.258.001-.258-.001-.256-.004-.255-.005-.253-.008-.251-.01-.249-.012-.247-.015-.245-.016-.243-.019-.241-.02-.238-.023-.236-.024-.234-.027-.231-.028-.228-.031-.226-.032-.223-.034-.22-.036-.217-.038-.214-.04-.211-.041-.208-.043-.204-.045-.201-.046-.198-.048-.195-.05-.19-.051-.187-.053-.184-.054-.179-.056-.176-.057-.172-.059-.167-.06-.164-.061-.159-.063-.155-.064-.151-.066-.074-.033-.072-.033-.072-.034-.07-.034-.069-.035-.068-.035-.067-.035-.066-.035-.064-.036-.063-.036-.062-.036-.061-.036-.06-.037-.058-.037-.057-.037-.056-.038-.055-.038-.053-.038-.052-.038-.051-.039-.049-.039-.049-.039-.046-.039-.046-.04-.044-.04-.043-.04-.041-.04-.04-.041-.039-.041-.037-.041-.036-.041-.034-.041-.033-.042-.032-.042-.03-.042-.029-.042-.027-.042-.026-.043-.024-.043-.023-.043-.021-.043-.02-.043-.018-.044-.017-.043-.015-.044-.013-.044-.012-.044-.011-.045-.009-.044-.007-.045-.006-.045-.004-.045-.002-.045-.001-.045v-17l.001-.045.002-.045.004-.045.006-.045.007-.045.009-.044.011-.045.012-.044.013-.044.015-.044.017-.043.018-.044.02-.043.021-.043.023-.043.024-.043.026-.043.027-.042.029-.042.03-.042.032-.042.033-.042.034-.041.036-.041.037-.041.039-.041.04-.041.041-.04.043-.04.044-.04.046-.04.046-.039.049-.039.049-.039.051-.039.052-.038.053-.038.055-.038.056-.038.057-.037.058-.037.06-.037.061-.036.062-.036.063-.036.064-.036.066-.035.067-.035.068-.035.069-.035.07-.034.072-.034.072-.033.074-.033.151-.066.155-.064.159-.063.164-.061.167-.06.172-.059.176-.057.179-.056.184-.054.187-.053.19-.051.195-.05.198-.048.201-.046.204-.045.208-.043.211-.041.214-.04.217-.038.22-.036.223-.034.226-.032.228-.031.231-.028.234-.027.236-.024.238-.023.241-.02.243-.019.245-.016.247-.015.249-.012.251-.01.253-.008.255-.005.256-.004.258-.001.258.001zm-9.258 20.499v.01l.001.021.003.021.004.022.005.021.006.022.007.022.009.023.01.022.011.023.012.023.013.023.015.023.016.024.017.023.018.024.019.024.021.024.022.025.023.024.024.025.052.049.056.05.061.051.066.051.07.051.075.051.079.052.084.052.088.052.092.052.097.052.102.051.105.052.11.052.114.051.119.051.123.051.127.05.131.05.135.05.139.048.144.049.147.047.152.047.155.047.16.045.163.045.167.043.171.043.176.041.178.041.183.039.187.039.19.037.194.035.197.035.202.033.204.031.209.03.212.029.216.027.219.025.222.024.226.021.23.02.233.018.236.016.24.015.243.012.246.01.249.008.253.005.256.004.259.001.26-.001.257-.004.254-.005.25-.008.247-.011.244-.012.241-.014.237-.016.233-.018.231-.021.226-.021.224-.024.22-.026.216-.027.212-.028.21-.031.205-.031.202-.034.198-.034.194-.036.191-.037.187-.039.183-.04.179-.04.175-.042.172-.043.168-.044.163-.045.16-.046.155-.046.152-.047.148-.048.143-.049.139-.049.136-.05.131-.05.126-.05.123-.051.118-.052.114-.051.11-.052.106-.052.101-.052.096-.052.092-.052.088-.053.083-.051.079-.052.074-.052.07-.051.065-.051.06-.051.056-.05.051-.05.023-.024.023-.025.021-.024.02-.024.019-.024.018-.024.017-.024.015-.023.014-.024.013-.023.012-.023.01-.023.01-.022.008-.022.006-.022.006-.022.004-.022.004-.021.001-.021.001-.021v-4.127l-.077.055-.08.053-.083.054-.085.053-.087.052-.09.052-.093.051-.095.05-.097.05-.1.049-.102.049-.105.048-.106.047-.109.047-.111.046-.114.045-.115.045-.118.044-.12.043-.122.042-.124.042-.126.041-.128.04-.13.04-.132.038-.134.038-.135.037-.138.037-.139.035-.142.035-.143.034-.144.033-.147.032-.148.031-.15.03-.151.03-.153.029-.154.027-.156.027-.158.026-.159.025-.161.024-.162.023-.163.022-.165.021-.166.02-.167.019-.169.018-.169.017-.171.016-.173.015-.173.014-.175.013-.175.012-.177.011-.178.01-.179.008-.179.008-.181.006-.182.005-.182.004-.184.003-.184.002h-.37l-.184-.002-.184-.003-.182-.004-.182-.005-.181-.006-.179-.008-.179-.008-.178-.01-.176-.011-.176-.012-.175-.013-.173-.014-.172-.015-.171-.016-.17-.017-.169-.018-.167-.019-.166-.02-.165-.021-.163-.022-.162-.023-.161-.024-.159-.025-.157-.026-.156-.027-.155-.027-.153-.029-.151-.03-.15-.03-.148-.031-.146-.032-.145-.033-.143-.034-.141-.035-.14-.035-.137-.037-.136-.037-.134-.038-.132-.038-.13-.04-.128-.04-.126-.041-.124-.042-.122-.042-.12-.044-.117-.043-.116-.045-.113-.045-.112-.046-.109-.047-.106-.047-.105-.048-.102-.049-.1-.049-.097-.05-.095-.05-.093-.052-.09-.051-.087-.052-.085-.053-.083-.054-.08-.054-.077-.054v4.127zm0-5.654v.011l.001.021.003.021.004.021.005.022.006.022.007.022.009.022.01.022.011.023.012.023.013.023.015.024.016.023.017.024.018.024.019.024.021.024.022.024.023.025.024.024.052.05.056.05.061.05.066.051.07.051.075.052.079.051.084.052.088.052.092.052.097.052.102.052.105.052.11.051.114.051.119.052.123.05.127.051.131.05.135.049.139.049.144.048.147.048.152.047.155.046.16.045.163.045.167.044.171.042.176.042.178.04.183.04.187.038.19.037.194.036.197.034.202.033.204.032.209.03.212.028.216.027.219.025.222.024.226.022.23.02.233.018.236.016.24.014.243.012.246.01.249.008.253.006.256.003.259.001.26-.001.257-.003.254-.006.25-.008.247-.01.244-.012.241-.015.237-.016.233-.018.231-.02.226-.022.224-.024.22-.025.216-.027.212-.029.21-.03.205-.032.202-.033.198-.035.194-.036.191-.037.187-.039.183-.039.179-.041.175-.042.172-.043.168-.044.163-.045.16-.045.155-.047.152-.047.148-.048.143-.048.139-.05.136-.049.131-.05.126-.051.123-.051.118-.051.114-.052.11-.052.106-.052.101-.052.096-.052.092-.052.088-.052.083-.052.079-.052.074-.051.07-.052.065-.051.06-.05.056-.051.051-.049.023-.025.023-.024.021-.025.02-.024.019-.024.018-.024.017-.024.015-.023.014-.023.013-.024.012-.022.01-.023.01-.023.008-.022.006-.022.006-.022.004-.021.004-.022.001-.021.001-.021v-4.139l-.077.054-.08.054-.083.054-.085.052-.087.053-.09.051-.093.051-.095.051-.097.05-.1.049-.102.049-.105.048-.106.047-.109.047-.111.046-.114.045-.115.044-.118.044-.12.044-.122.042-.124.042-.126.041-.128.04-.13.039-.132.039-.134.038-.135.037-.138.036-.139.036-.142.035-.143.033-.144.033-.147.033-.148.031-.15.03-.151.03-.153.028-.154.028-.156.027-.158.026-.159.025-.161.024-.162.023-.163.022-.165.021-.166.02-.167.019-.169.018-.169.017-.171.016-.173.015-.173.014-.175.013-.175.012-.177.011-.178.009-.179.009-.179.007-.181.007-.182.005-.182.004-.184.003-.184.002h-.37l-.184-.002-.184-.003-.182-.004-.182-.005-.181-.007-.179-.007-.179-.009-.178-.009-.176-.011-.176-.012-.175-.013-.173-.014-.172-.015-.171-.016-.17-.017-.169-.018-.167-.019-.166-.02-.165-.021-.163-.022-.162-.023-.161-.024-.159-.025-.157-.026-.156-.027-.155-.028-.153-.028-.151-.03-.15-.03-.148-.031-.146-.033-.145-.033-.143-.033-.141-.035-.14-.036-.137-.036-.136-.037-.134-.038-.132-.039-.13-.039-.128-.04-.126-.041-.124-.042-.122-.043-.12-.043-.117-.044-.116-.044-.113-.046-.112-.046-.109-.046-.106-.047-.105-.048-.102-.049-.1-.049-.097-.05-.095-.051-.093-.051-.09-.051-.087-.053-.085-.052-.083-.054-.08-.054-.077-.054v4.139zm0-5.666v.011l.001.02.003.022.004.021.005.022.006.021.007.022.009.023.01.022.011.023.012.023.013.023.015.023.016.024.017.024.018.023.019.024.021.025.022.024.023.024.024.025.052.05.056.05.061.05.066.051.07.051.075.052.079.051.084.052.088.052.092.052.097.052.102.052.105.051.11.052.114.051.119.051.123.051.127.05.131.05.135.05.139.049.144.048.147.048.152.047.155.046.16.045.163.045.167.043.171.043.176.042.178.04.183.04.187.038.19.037.194.036.197.034.202.033.204.032.209.03.212.028.216.027.219.025.222.024.226.021.23.02.233.018.236.017.24.014.243.012.246.01.249.008.253.006.256.003.259.001.26-.001.257-.003.254-.006.25-.008.247-.01.244-.013.241-.014.237-.016.233-.018.231-.02.226-.022.224-.024.22-.025.216-.027.212-.029.21-.03.205-.032.202-.033.198-.035.194-.036.191-.037.187-.039.183-.039.179-.041.175-.042.172-.043.168-.044.163-.045.16-.045.155-.047.152-.047.148-.048.143-.049.139-.049.136-.049.131-.051.126-.05.123-.051.118-.052.114-.051.11-.052.106-.052.101-.052.096-.052.092-.052.088-.052.083-.052.079-.052.074-.052.07-.051.065-.051.06-.051.056-.05.051-.049.023-.025.023-.025.021-.024.02-.024.019-.024.018-.024.017-.024.015-.023.014-.024.013-.023.012-.023.01-.022.01-.023.008-.022.006-.022.006-.022.004-.022.004-.021.001-.021.001-.021v-4.153l-.077.054-.08.054-.083.053-.085.053-.087.053-.09.051-.093.051-.095.051-.097.05-.1.049-.102.048-.105.048-.106.048-.109.046-.111.046-.114.046-.115.044-.118.044-.12.043-.122.043-.124.042-.126.041-.128.04-.13.039-.132.039-.134.038-.135.037-.138.036-.139.036-.142.034-.143.034-.144.033-.147.032-.148.032-.15.03-.151.03-.153.028-.154.028-.156.027-.158.026-.159.024-.161.024-.162.023-.163.023-.165.021-.166.02-.167.019-.169.018-.169.017-.171.016-.173.015-.173.014-.175.013-.175.012-.177.01-.178.01-.179.009-.179.007-.181.006-.182.006-.182.004-.184.003-.184.001-.185.001-.185-.001-.184-.001-.184-.003-.182-.004-.182-.006-.181-.006-.179-.007-.179-.009-.178-.01-.176-.01-.176-.012-.175-.013-.173-.014-.172-.015-.171-.016-.17-.017-.169-.018-.167-.019-.166-.02-.165-.021-.163-.023-.162-.023-.161-.024-.159-.024-.157-.026-.156-.027-.155-.028-.153-.028-.151-.03-.15-.03-.148-.032-.146-.032-.145-.033-.143-.034-.141-.034-.14-.036-.137-.036-.136-.037-.134-.038-.132-.039-.13-.039-.128-.041-.126-.041-.124-.041-.122-.043-.12-.043-.117-.044-.116-.044-.113-.046-.112-.046-.109-.046-.106-.048-.105-.048-.102-.048-.1-.05-.097-.049-.095-.051-.093-.051-.09-.052-.087-.052-.085-.053-.083-.053-.08-.054-.077-.054v4.153zm8.74-8.179l-.257.004-.254.005-.25.008-.247.011-.244.012-.241.014-.237.016-.233.018-.231.021-.226.022-.224.023-.22.026-.216.027-.212.028-.21.031-.205.032-.202.033-.198.034-.194.036-.191.038-.187.038-.183.04-.179.041-.175.042-.172.043-.168.043-.163.045-.16.046-.155.046-.152.048-.148.048-.143.048-.139.049-.136.05-.131.05-.126.051-.123.051-.118.051-.114.052-.11.052-.106.052-.101.052-.096.052-.092.052-.088.052-.083.052-.079.052-.074.051-.07.052-.065.051-.06.05-.056.05-.051.05-.023.025-.023.024-.021.024-.02.025-.019.024-.018.024-.017.023-.015.024-.014.023-.013.023-.012.023-.01.023-.01.022-.008.022-.006.023-.006.021-.004.022-.004.021-.001.021-.001.021.001.021.001.021.004.021.004.022.006.021.006.023.008.022.01.022.01.023.012.023.013.023.014.023.015.024.017.023.018.024.019.024.02.025.021.024.023.024.023.025.051.05.056.05.06.05.065.051.07.052.074.051.079.052.083.052.088.052.092.052.096.052.101.052.106.052.11.052.114.052.118.051.123.051.126.051.131.05.136.05.139.049.143.048.148.048.152.048.155.046.16.046.163.045.168.043.172.043.175.042.179.041.183.04.187.038.191.038.194.036.198.034.202.033.205.032.21.031.212.028.216.027.22.026.224.023.226.022.231.021.233.018.237.016.241.014.244.012.247.011.25.008.254.005.257.004.26.001.26-.001.257-.004.254-.005.25-.008.247-.011.244-.012.241-.014.237-.016.233-.018.231-.021.226-.022.224-.023.22-.026.216-.027.212-.028.21-.031.205-.032.202-.033.198-.034.194-.036.191-.038.187-.038.183-.04.179-.041.175-.042.172-.043.168-.043.163-.045.16-.046.155-.046.152-.048.148-.048.143-.048.139-.049.136-.05.131-.05.126-.051.123-.051.118-.051.114-.052.11-.052.106-.052.101-.052.096-.052.092-.052.088-.052.083-.052.079-.052.074-.051.07-.052.065-.051.06-.05.056-.05.051-.05.023-.025.023-.024.021-.024.02-.025.019-.024.018-.024.017-.023.015-.024.014-.023.013-.023.012-.023.01-.023.01-.022.008-.022.006-.023.006-.021.004-.022.004-.021.001-.021.001-.021-.001-.021-.001-.021-.004-.021-.004-.022-.006-.021-.006-.023-.008-.022-.01-.022-.01-.023-.012-.023-.013-.023-.014-.023-.015-.024-.017-.023-.018-.024-.019-.024-.02-.025-.021-.024-.023-.024-.023-.025-.051-.05-.056-.05-.06-.05-.065-.051-.07-.052-.074-.051-.079-.052-.083-.052-.088-.052-.092-.052-.096-.052-.101-.052-.106-.052-.11-.052-.114-.052-.118-.051-.123-.051-.126-.051-.131-.05-.136-.05-.139-.049-.143-.048-.148-.048-.152-.048-.155-.046-.16-.046-.163-.045-.168-.043-.172-.043-.175-.042-.179-.041-.183-.04-.187-.038-.191-.038-.194-.036-.198-.034-.202-.033-.205-.032-.21-.031-.212-.028-.216-.027-.22-.026-.224-.023-.226-.022-.231-.021-.233-.018-.237-.016-.241-.014-.244-.012-.247-.011-.25-.008-.254-.005-.257-.004-.26-.001-.26.001z" transform="scale(.5)"></path></symbol></defs><defs><symbol height="24" width="24" id="clock"><path d="M12 2c5.514 0 10 4.486 10 10s-4.486 10-10 10-10-4.486-10-10 4.486-10 10-10zm0-2c-6.627 0-12 5.373-12 12s5.373 12 12 12 12-5.373 12-12-5.373-12-12-12zm5.848 12.459c.202.038.202.333.001.372-1.907.361-6.045 1.111-6.547 1.111-.719 0-1.301-.582-1.301-1.301 0-.512.77-5.447 1.125-7.445.034-.192.312-.181.343.014l.985 6.238 5.394 1.011z" transform="scale(.5)"></path></symbol></defs><defs><marker orient="auto-start-reverse" markerHeight="12" markerWidth="12" markerUnits="userSpaceOnUse" refY="5" refX="7.9" id="arrowhead"><path d="M -1 0 L 10 5 L 0 10 z"></path></marker></defs><defs><marker refY="4.5" refX="4" orient="auto" markerHeight="8" markerWidth="15" id="crosshead"><path d="M 1,2 L 6,7 M 6,2 L 1,7" stroke-width="1pt" style="stroke-dasharray: 0px, 0px;" stroke="#000000" fill="none"></path></marker></defs><defs><marker orient="auto" markerHeight="28" markerWidth="20" refY="7" refX="15.5" id="filled-head"><path d="M 18,7 L9,13 L14,7 L9,1 Z"></path></marker></defs><defs><marker orient="auto" markerHeight="40" markerWidth="60" refY="15" refX="15" id="sequencenumber"><circle r="6" cy="15" cx="15"></circle></marker></defs><g><rect class="note" height="40" width="282" stroke="#666" fill="#EDF2AE" y="75" x="50"></rect><text dy="1em" class="noteText" style="font-family: inherit; font-size: 16px; font-weight: 400;" alignment-baseline="middle" dominant-baseline="middle" text-anchor="middle" y="80" x="191"><tspan x="191">Initialization Phase</tspan></text></g><g><rect class="activation0" height="380" width="10" stroke="#666" fill="#EDF2AE" y="115" x="70"></rect></g><g><rect class="activation0" height="328" width="10" stroke="#666" fill="#EDF2AE" y="167" x="302"></rect></g><g><rect class="note" height="40" width="282" stroke="#666" fill="#EDF2AE" y="275" x="50"></rect><text dy="1em" class="noteText" style="font-family: inherit; font-size: 16px; font-weight: 400;" alignment-baseline="middle" dominant-baseline="middle" text-anchor="middle" y="280" x="191"><tspan x="191">Operation Phase</tspan></text></g><g><rect class="note" height="40" width="282" stroke="#666" fill="#EDF2AE" y="345" x="50"></rect><text dy="1em" class="noteText" style="font-family: inherit; font-size: 16px; font-weight: 400;" alignment-baseline="middle" dominant-baseline="middle" text-anchor="middle" y="350" x="191"><tspan x="191">Normal protocol operations</tspan></text></g><g><rect class="note" height="40" width="282" stroke="#666" fill="#EDF2AE" y="405" x="50"></rect><text dy="1em" class="noteText" style="font-family: inherit; font-size: 16px; font-weight: 400;" alignment-baseline="middle" dominant-baseline="middle" text-anchor="middle" y="410" x="191"><tspan x="191">Shutdown</tspan></text></g><g><rect class="note" height="40" width="282" stroke="#666" fill="#EDF2AE" y="505" x="50"></rect><text dy="1em" class="noteText" style="font-family: inherit; font-size: 16px; font-weight: 400;" alignment-baseline="middle" dominant-baseline="middle" text-anchor="middle" y="510" x="191"><tspan x="191">Connection closed</tspan></text></g><text dy="1em" class="messageText" style="font-family: inherit; font-size: 16px; font-weight: 400;" alignment-baseline="middle" dominant-baseline="middle" text-anchor="middle" y="130" x="190">initialize request</text><line marker-end="url(#arrowhead)" style="fill: none;" stroke="none" stroke-width="2" class="messageLine0" y2="165" x2="299" y1="165" x1="80"></line><text dy="1em" class="messageText" style="font-family: inherit; font-size: 16px; font-weight: 400;" alignment-baseline="middle" dominant-baseline="middle" text-anchor="middle" y="180" x="193">initialize response</text><line marker-end="url(#arrowhead)" stroke="none" stroke-width="2" class="messageLine1" style="stroke-dasharray: 3px, 3px; fill: none;" y2="215" x2="83" y1="215" x1="302"></line><text dy="1em" class="messageText" style="font-family: inherit; font-size: 16px; font-weight: 400;" alignment-baseline="middle" dominant-baseline="middle" text-anchor="middle" y="230" x="190">initialized notification</text><line marker-end="url(#filled-head)" stroke="none" stroke-width="2" class="messageLine1" style="stroke-dasharray: 3px, 3px; fill: none;" y2="265" x2="299" y1="265" x1="80"></line><text dy="1em" class="messageText" style="font-family: inherit; font-size: 16px; font-weight: 400;" alignment-baseline="middle" dominant-baseline="middle" text-anchor="middle" y="460" x="190">Disconnect</text><line marker-end="url(#filled-head)" stroke="none" stroke-width="2" class="messageLine1" style="stroke-dasharray: 3px, 3px; fill: none;" y2="495" x2="299" y1="495" x1="80"></line></svg></p>
<figure class="post-cta">
<figcaption>
<h1>You can play with this right now.</h1>
<p>MCPs are barely six months old, but we are keeping up with the latest</p>
<a class="btn btn-lg" href="https://fly.io/docs/mcp">
Try launching your MCP server on Fly.io today <span class='opacity-50'>→</span>
</a>
</figcaption>
<div class="image-container">
<img src="/static/images/cta-kitty.webp" srcset="/static/images/[email protected] 2x" alt="">
</div>
</figure>
<h2 id='mcps-are-not-inherently-secure-or-private' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#mcps-are-not-inherently-secure-or-private' aria-label='Anchor'></a><span class='plain-code'>MCPs are <strong><i>not</i></strong> Inherently Secure or Private</span></h2>
<p>Here I am not talking about <a href='https://simonwillison.net/2025/Apr/9/mcp-prompt-injection/' title=''>prompt injection</a> or <a href='https://simonwillison.net/2025/May/26/github-mcp-exploited/' title=''>exploitable abilities</a>, though those are real problems too.</p>
<p>I&rsquo;m talking about something more fundamental and basic. Let&rsquo;s take a look at the very same <a href='https://github.com/github/github-mcp-server' title=''>GitHub MCP</a> featured in the above two descriptions of an exploitable exposure. The current process for installing a stdio MCP into Claude involves placing secrets in plain text in a well-defined location. And the process for installing the <em>next</em> MCP server is to download a program from a third party and run that tool in a way that has access to this very file.</p>
<p>Addressing MCP security requires a holistic approach, but one key strategy component is the ability to run an MCP server on a remote machine which can only be accessed by you, and only after you present a revocable bearer token. That remote machine may require access to secrets (like your GitHub token), but those secrets are not something either your LLM client or other MCP servers will be able to access directly.</p>
<h2 id='mcps-should-be-considered-family' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#mcps-should-be-considered-family' aria-label='Anchor'></a><span class='plain-code'>MCPs should be considered family</span></h2>
<p>Recapping: <a href='https://www.usa.philips.com/' title=''>Philips</a> has an <a href='https://developers.meethue.com/' title=''>API and SDK</a> for Hue that is used by perhaps thousands, and has an <a href='https://www.amazon.com/Philips-Hue/dp/B01LWAGUG7' title=''>Alexa Skill</a> that is used by untold millions. Of course, somebody already built a <a href='https://github.com/ThomasRohde/hue-mcp' title=''>Philips Hue MCP Server</a>.</p>
<p>LLMs are brains. MCPs give LLMs eyes, hands, and legs. The end result is a robot. Most MCPs today are brainless—they merely are eyes, hands, and legs. The results are appliances. I buy and install a dishwasher. You do too. Both of our dishwashers perform the same basic function. As do any Hue lights we may buy.</p>
<p>In The Jetsons, <a href='https://thejetsons.fandom.com/wiki/Rosey' title=''>Rosie</a> is a maid and housekeeper who is also a member of the family. She is good friends with Jane and takes the role of a surrogate aunt towards Elroy and Judy. Let&rsquo;s start there and go further.</p>
<p>A person with an LLM can build things. Imagine having a 3D printer that makes robots or agents that act on your behalf. You may want an agent to watch for trends in your business, keep track of what events are happening in your area, screen your text messages, or act as a DJ when you get together with friends.</p>
<p>You may share the MCP servers you create with others to use as starting points, but they undoubtedly will adapt them and make them their own.</p>
<h2 id='closing-thoughts' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#closing-thoughts' aria-label='Anchor'></a><span class='plain-code'>Closing Thoughts</span></h2>
<p>Don&rsquo;t get me wrong. I am not saying there won&rsquo;t be MCPs that are mere appliances—there undoubtedly will be plenty of those. But not all MCPs will be appliances; many will be agents.</p>
<p>Today, most people exploring LLMs are trying to add LLMs to things they already have—for example, IDEs. MCPs flip this. Instead of adding LLMs to something you already have, you add something you already have to an LLM.</p>
<p><a href='https://desktopcommander.app/' title=''>Desktop Commander MCP</a> is an example I&rsquo;m particularly fond of that does exactly this. It also happens to be a prime example of a tool you want to give root access to, then lock it in a secure box and run someplace other than your laptop. <a href='https://fly.io/docs/mcp/examples/#desktop-commander' title=''>Give it a try</a>.</p>
<p>Microsoft is actively working on <a href='https://developer.microsoft.com/en-us/windows/agentic/' title=''>Agentic Windows</a>. Your smartphone is the obvious next frontier. Today, you have an app store and a web browser. MCP servers have the potential to make both obsolete—and this could happen sooner than you think.</p></content>
</entry>
<entry>
<title>My AI Skeptic Friends Are All Nuts</title>
<link rel="alternate" href="https://fly.io/blog/youre-all-nuts/"/>
<id>https://fly.io/blog/youre-all-nuts/</id>
<published>2025-06-02T00:00:00+00:00</published>
<updated>2025-06-10T21:38:22+00:00</updated>
<media:thumbnail url="https://fly.io/blog/youre-all-nuts/assets/whoah.png"/>
<content type="html"><div class="lead"><p>A heartfelt provocation about AI-assisted programming.</p>
</div>
<p>Tech execs are mandating LLM adoption. That&rsquo;s bad strategy. But I get where they&rsquo;re coming from.</p>
<p>Some of the smartest people I know share a bone-deep belief that AI is a fad — the next iteration of NFT mania. I&rsquo;ve been reluctant to push back on them, because, well, they&rsquo;re smarter than me. But their arguments are unserious, and worth confronting. Extraordinarily talented people are doing work that LLMs already do better, out of spite.</p>
<p>All progress on LLMs could halt today, and LLMs would remain the 2nd most important thing to happen over the course of my career.</p>
<div class="callout"><p><strong class="font-semibold text-navy-950">Important caveat</strong>: I’m discussing only the implications of LLMs for software development. For art, music, and writing? I got nothing. I’m inclined to believe the skeptics in those fields. I just don’t believe them about mine.</p>
</div>
<p>Bona fides: I&rsquo;ve been shipping software since the mid-1990s. I started out in boxed, shrink-wrap C code. Survived an ill-advised <a href='https://www.amazon.com/Modern-Design-Generic-Programming-Patterns/dp/0201704315' title=''>Alexandrescu</a> C++ phase. Lots of Ruby and Python tooling. Some kernel work. A whole lot of server-side C, Go, and Rust. However you define &ldquo;serious developer&rdquo;, I qualify. Even if only on one of your lower tiers.</p>
<h3 id='level-setting' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#level-setting' aria-label='Anchor'></a><span class='plain-code'>level setting</span></h3><div class="right-sidenote"><p>† (or, God forbid, 2 years ago with Copilot)</p>
</div>
<p>First, we need to get on the same page. If you were trying and failing to use an LLM for code 6 months ago †, you’re not doing what most serious LLM-assisted coders are doing.</p>
<p>People coding with LLMs today use agents. Agents get to poke around your codebase on their own. They author files directly. They run tools. They compile code, run tests, and iterate on the results. They also:</p>
<ul>
<li>pull in arbitrary code from the tree, or from other trees online, into their context windows,
</li><li>run standard Unix tools to navigate the tree and extract information,
</li><li>interact with Git,
</li><li>run existing tooling, like linters, formatters, and model checkers, and
</li><li>make essentially arbitrary tool calls (that you set up) through MCP.
</li></ul>
<div class="callout"><p>The code in an agent that actually “does stuff” with code is not, itself, AI. This should reassure you. It’s surprisingly simple systems code, wired to ground truth about programming in the same way a Makefile is. You could write an effective coding agent in a weekend. Its strengths would have more to do with how you think about and structure builds and linting and test harnesses than with how advanced o3 or Sonnet have become.</p>
</div>
<p>If you’re making requests on a ChatGPT page and then pasting the resulting (broken) code into your editor, you’re not doing what the AI boosters are doing. No wonder you&rsquo;re talking past each other.</p>
<h3 id='the-positive-case' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-positive-case' aria-label='Anchor'></a><span class='plain-code'>the positive case</span></h3>
<p><img alt="four quadrants of tedium and importance" src="/blog/youre-all-nuts/assets/code-quad.png?2/3&amp;center" /></p>
<p>LLMs can write a large fraction of all the tedious code you’ll ever need to write. And most code on most projects is tedious. LLMs drastically reduce the number of things you’ll ever need to Google. They look things up themselves. Most importantly, they don’t get tired; they’re immune to inertia.</p>
<p>Think of anything you wanted to build but didn&rsquo;t. You tried to home in on some first steps. If you&rsquo;d been in the limerent phase of a new programming language, you&rsquo;d have started writing. But you weren&rsquo;t, so you put it off, for a day, a year, or your whole career.</p>
<p>I can feel my blood pressure rising thinking of all the bookkeeping and Googling and dependency drama of a new project. An LLM can be instructed to just figure all that shit out. Often, it will drop you precisely at that golden moment where shit almost works, and development means tweaking code and immediately seeing things work better. That dopamine hit is why I code.</p>
<p>There&rsquo;s a downside. Sometimes, gnarly stuff needs doing. But you don&rsquo;t wanna do it. So you refactor unit tests, soothing yourself with the lie that you&rsquo;re doing real work. But an LLM can be told to go refactor all your unit tests. An agent can occupy itself for hours putzing with your tests in a VM and come back later with a PR. If you listen to me, you’ll know that. You&rsquo;ll feel worse yak-shaving. You&rsquo;ll end up doing… real work.</p>
<h3 id='but-you-have-no-idea-what-the-code-is' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-you-have-no-idea-what-the-code-is' aria-label='Anchor'></a><span class='plain-code'>but you have no idea what the code is</span></h3>
<p>Are you a vibe coding Youtuber? Can you not read code? If so: astute point. Otherwise: what the fuck is wrong with you?</p>
<p>You&rsquo;ve always been responsible for what you merge to <code>main</code>. You were five years go. And you are tomorrow, whether or not you use an LLM.</p>
<p>If you build something with an LLM that people will depend on, read the code. In fact, you&rsquo;ll probably do more than that. You&rsquo;ll spend 5-10 minutes knocking it back into your own style. LLMs are <a href='https://github.com/PatrickJS/awesome-cursorrules' title=''>showing signs of adapting</a> to local idiom, but we’re not there yet.</p>
<p>People complain about LLM-generated code being “probabilistic”. No it isn&rsquo;t. It’s code. It&rsquo;s not Yacc output. It&rsquo;s knowable. The LLM might be stochastic. But the LLM doesn’t matter. What matters is whether you can make sense of the result, and whether your guardrails hold.</p>
<p>Reading other people&rsquo;s code is part of the job. If you can&rsquo;t metabolize the boring, repetitive code an LLM generates: skills issue! How are you handling the chaos human developers turn out on a deadline?</p>
<div class="right-sidenote"><p>† (because it can hold 50-70kloc in its context window)</p>
</div>
<p>For the last month or so, Gemini 2.5 has been my go-to †. Almost nothing it spits out for me merges without edits. I’m sure there’s a skill to getting a SOTA model to one-shot a feature-plus-merge! But I don’t care. I like moving the code around and chuckling to myself while I delete all the stupid comments. I have to read the code line-by-line anyways.</p>
<h3 id='but-hallucination' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-hallucination' aria-label='Anchor'></a><span class='plain-code'>but hallucination</span></h3>
<p>If hallucination matters to you, your programming language has let you down.</p>
<p>Agents lint. They compile and run tests. If their LLM invents a new function signature, the agent sees the error. They feed it back to the LLM, which says “oh, right, I totally made that up” and then tries again.</p>
<p>You&rsquo;ll only notice this happening if you watch the chain of thought log your agent generates. Don&rsquo;t. This is why I like <a href='https://zed.dev/agentic' title=''>Zed&rsquo;s agent mode</a>: it begs you to tab away and let it work, and pings you with a desktop notification when it&rsquo;s done.</p>
<p>I’m sure there are still environments where hallucination matters. But &ldquo;hallucination&rdquo; is the first thing developers bring up when someone suggests using LLMs, despite it being (more or less) a solved problem.</p>
<h3 id='but-the-code-is-shitty-like-that-of-a-junior-developer' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-the-code-is-shitty-like-that-of-a-junior-developer' aria-label='Anchor'></a><span class='plain-code'>but the code is shitty, like that of a junior developer</span></h3>
<p>Does an intern cost $20/month? Because that&rsquo;s what Cursor.ai costs.</p>
<p>Part of being a senior developer is making less-able coders productive, be they fleshly or algebraic. Using agents well is both a both a skill and an engineering project all its own, of prompts, indices, <a href='https://fly.io/blog/semgrep-but-for-real-now/' title=''>and (especially) tooling.</a> LLMs only produce shitty code if you let them.</p>
<div class="right-sidenote"><p>† (Also: 100% of all the Bash code you should author ever again)</p>
</div>
<p>Maybe the current confusion is about who&rsquo;s doing what work. Today, LLMs do a lot of typing, Googling, test cases †, and edit-compile-test-debug cycles. But even the most Claude-poisoned serious developers in the world still own curation, judgement, guidance, and direction.</p>
<p>Also: let’s stop kidding ourselves about how good our human first cuts really are.</p>
<h3 id='but-its-bad-at-rust' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-its-bad-at-rust' aria-label='Anchor'></a><span class='plain-code'>but it’s bad at rust</span></h3>
<p>It’s hard to get a good toolchain for Brainfuck, too. Life’s tough in the aluminum siding business.</p>
<div class="right-sidenote"><p>† (and they surely will; the Rust community takes tooling seriously)</p>
</div>
<p>A lot of LLM skepticism probably isn&rsquo;t really about LLMs. It&rsquo;s projection. People say &ldquo;LLMs can&rsquo;t code&rdquo; when what they really mean is &ldquo;LLMs can&rsquo;t write Rust&rdquo;. Fair enough! But people select languages in part based on how well LLMs work with them, so Rust people should get on that †.</p>
<p>I work mostly in Go. I’m confident the designers of the Go programming language didn&rsquo;t set out to produce the most LLM-legible language in the industry. They succeeded nonetheless. Go has just enough type safety, an extensive standard library, and a culture that prizes (often repetitive) idiom. LLMs kick ass generating it.</p>
<p>All this is to say: I write some Rust. I like it fine. If LLMs and Rust aren&rsquo;t working for you, I feel you. But if that’s your whole thing, we’re not having the same argument.</p>
<h3 id='but-the-craft' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-the-craft' aria-label='Anchor'></a><span class='plain-code'>but the craft</span></h3>
<p>Do you like fine Japanese woodworking? All hand tools and sashimono joinery? Me too. Do it on your own time.</p>
<div class="right-sidenote"><p>† (I’m a piker compared to my woodworking friends)</p>
</div>
<p>I have a basic wood shop in my basement †. I could get a lot of satisfaction from building a table. And, if that table is a workbench or a grill table, sure, I&rsquo;ll build it. But if I need, like, a table? For people to sit at? In my office? I buy a fucking table.</p>
<p>Professional software developers are in the business of solving practical problems for people with code. We are not, in our day jobs, artisans. Steve Jobs was wrong: we do not need to carve the unseen feet in the sculpture. Nobody cares if the logic board traces are pleasingly routed. If anything we build endures, it won&rsquo;t be because the codebase was beautiful.</p>
<p>Besides, that’s not really what happens. If you’re taking time carefully golfing functions down into graceful, fluent, minimal functional expressions, alarm bells should ring. You’re yak-shaving. The real work has depleted your focus. You&rsquo;re not building: you&rsquo;re self-soothing.</p>
<p>Which, wait for it, is something LLMs are good for. They devour schlep, and clear a path to the important stuff, where your judgement and values really matter.</p>
<h3 id='but-the-mediocrity' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-the-mediocrity' aria-label='Anchor'></a><span class='plain-code'>but the mediocrity</span></h3>
<p>As a mid-late career coder, I&rsquo;ve come to appreciate mediocrity. You should be so lucky as to have it flowing almost effortlessly from a tap.</p>
<p>We all write mediocre code. Mediocre code: often fine. Not all code is equally important. Some code should be mediocre. Maximum effort on a random unit test? You&rsquo;re doing something wrong. Your team lead should correct you.</p>
<p>Developers all love to preen about code. They worry LLMs lower the &ldquo;ceiling&rdquo; for quality. Maybe. But they also raise the &ldquo;floor&rdquo;.</p>
<p>Gemini&rsquo;s floor is higher than my own. My code looks nice. But it&rsquo;s not as thorough. LLM code is repetitive. But mine includes dumb contortions where I got too clever trying to DRY things up.</p>
<p>And LLMs aren&rsquo;t mediocre on every axis. They almost certainly have a bigger bag of algorithmic tricks than you do: radix tries, topological sorts, graph reductions, and LDPC codes. Humans romanticize <code>rsync</code> (<a href='https://www.andrew.cmu.edu/course/15-749/READINGS/required/cas/tridgell96.pdf' title=''>Andrew Tridgell</a> wrote a paper about it!). To an LLM it might not be that much more interesting than a SQL join.</p>
<p>But I&rsquo;m getting ahead of myself. It doesn&rsquo;t matter. If truly mediocre code is all we ever get from LLMs, that&rsquo;s still huge. It&rsquo;s that much less mediocre code humans have to write.</p>
<h3 id='but-itll-never-be-agi' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-itll-never-be-agi' aria-label='Anchor'></a><span class='plain-code'>but it&rsquo;ll never be AGI</span></h3>
<p>I don&rsquo;t give a shit.</p>
<p>Smart practitioners get wound up by the AI/VC hype cycle. I can&rsquo;t blame them. But it&rsquo;s not an argument. Things either work or they don&rsquo;t, no matter what Jensen Huang has to say about it.</p>
<h3 id='but-they-take-rr-jerbs' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-they-take-rr-jerbs' aria-label='Anchor'></a><span class='plain-code'>but they take-rr jerbs</span></h3>
<p><a href='https://news.ycombinator.com/item?id=43776612' title=''>So does open source.</a> We used to pay good money for databases.</p>
<p>We&rsquo;re a field premised on automating other people’s jobs away. &ldquo;Productivity gains,&rdquo; say the economists. You get what that means, right? Fewer people doing the same stuff. Talked to a travel agent lately? Or a floor broker? Or a record store clerk? Or a darkroom tech?</p>
<p>When this argument comes up, libertarian-leaning VCs start the chant: lamplighters, creative destruction, new kinds of work. Maybe. But I&rsquo;m not hypnotized. I have no fucking clue whether we’re going to be better off after LLMs. Things could get a lot worse for us.</p>
<p>LLMs really might displace many software developers. That&rsquo;s not a high horse we get to ride. Our jobs are just as much in tech&rsquo;s line of fire as everybody else&rsquo;s have been for the last 3 decades. We&rsquo;re not <a href='https://en.wikipedia.org/wiki/2024_United_States_port_strike' title=''>East Coast dockworkers</a>; we won&rsquo;t stop progress on our own.</p>
<h3 id='but-the-plagiarism' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-the-plagiarism' aria-label='Anchor'></a><span class='plain-code'>but the plagiarism</span></h3>
<p>Artificial intelligence is profoundly — and probably unfairly — threatening to visual artists in ways that might be hard to appreciate if you don&rsquo;t work in the arts.</p>
<p>We imagine artists spending their working hours pushing the limits of expression. But the median artist isn&rsquo;t producing gallery pieces. They produce on brief: turning out competent illustrations and compositions for magazine covers, museum displays, motion graphics, and game assets.</p>
<p>LLMs easily — alarmingly — clear industry quality bars. Gallingly, one of the things they&rsquo;re best at is churning out just-good-enough facsimiles of human creative work. I have family in visual arts. I can&rsquo;t talk to them about LLMs. I don&rsquo;t blame them. They&rsquo;re probably not wrong.</p>
<p>Meanwhile, software developers spot code fragments <a href="https://arxiv.org/abs/2311.17035">seemingly lifted</a> from public repositories on Github and lose their shit. What about the licensing? If you&rsquo;re a lawyer, I defer. But if you&rsquo;re a software developer playing this card? Cut me a little slack as I ask you to shove this concern up your ass. No profession has demonstrated more contempt for intellectual property.</p>
<p>The median dev thinks Star Wars and Daft Punk are a public commons. The great cultural project of developers has been opposing any protection that might inconvenience a monetizable media-sharing site. When they fail at policy, they route around it with coercion. They stand up global-scale piracy networks and sneer at anybody who so much as tries to preserve a new-release window for a TV show.</p>
<p>Call any of this out if you want to watch a TED talk about how hard it is to stream <em>The Expanse</em> on LibreWolf. Yeah, we get it. You don&rsquo;t believe in IPR. Then shut the fuck up about IPR. Reap the whirlwind.</p>
<p>It&rsquo;s all special pleading anyways. LLMs digest code further than you do. If you don&rsquo;t believe a typeface designer can stake a moral claim on the terminals and counters of a letterform, you sure as hell can&rsquo;t be possessive about a red-black tree.</p>
<h3 id='positive-case-redux' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#positive-case-redux' aria-label='Anchor'></a><span class='plain-code'>positive case redux</span></h3>
<p>When I started writing a couple days ago, I wrote a section to &ldquo;level set&rdquo; to the state of the art of LLM-assisted programming. A bluefish filet has a longer shelf life than an LLM take. In the time it took you to read this, everything changed.</p>
<p>Kids today don&rsquo;t just use agents; they use asynchronous agents. They wake up, free-associate 13 different things for their LLMs to work on, make coffee, fill out a TPS report, drive to the Mars Cheese Castle, and then check their notifications. They&rsquo;ve got 13 PRs to review. Three get tossed and re-prompted. Five of them get the same feedback a junior dev gets. And five get merged.</p>
<p><em>&ldquo;I&rsquo;m sipping rocket fuel right now,&rdquo;</em> a friend tells me. <em>&ldquo;The folks on my team who aren&rsquo;t embracing AI? It&rsquo;s like they&rsquo;re standing still.&rdquo;</em> He&rsquo;s not bullshitting me. He doesn&rsquo;t work in SFBA. He&rsquo;s got no reason to lie.</p>
<p>There&rsquo;s plenty of things I can&rsquo;t trust an LLM with. No LLM has any of access to prod here. But I&rsquo;ve been first responder on an incident and fed 4o — not o4-mini, 4o — log transcripts, and watched it in seconds spot LVM metadata corruption issues on a host we&rsquo;ve been complaining about for months. Am I better than an LLM agent at interrogating OpenSearch logs and Honeycomb traces? No. No, I am not.</p>
<p>To the consternation of many of my friends, I&rsquo;m not a radical or a futurist. I&rsquo;m a statist. I believe in the haphazard perseverance of complex systems, of institutions, of reversions to the mean. I write Go and Python code. I&rsquo;m not a Kool-aid drinker.</p>
<p>But something real is happening. My smartest friends are blowing it off. Maybe I persuade you. Probably I don&rsquo;t. But we need to be done making space for bad arguments.</p>
<h3 id='but-im-tired-of-hearing-about-it' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-im-tired-of-hearing-about-it' aria-label='Anchor'></a><span class='plain-code'>but i&rsquo;m tired of hearing about it</span></h3>
<p>And here I rejoin your company. I read <a href='https://simonwillison.net/' title=''>Simon Willison</a>, and that&rsquo;s all I really need. But all day, every day, a sizable chunk of the front page of HN is allocated to LLMs: incremental model updates, startups doing things with LLMs, LLM tutorials, screeds against LLMs. It&rsquo;s annoying!</p>
<p>But AI is also incredibly — a word I use advisedly — important. It&rsquo;s getting the same kind of attention that smart phones got in 2008, and not as much as the Internet got. That seems about right.</p>
<p>I think this is going to get clearer over the next year. The cool kid haughtiness about &ldquo;stochastic parrots&rdquo; and &ldquo;vibe coding&rdquo; can&rsquo;t survive much more contact with reality. I&rsquo;m snarking about these people, but I meant what I said: they&rsquo;re smarter than me. And when they get over this affectation, they&rsquo;re going to make coding agents profoundly more effective than they are today.</p></content>
</entry>
<entry>
<title>Using Kamal 2.0 in Production</title>
<link rel="alternate" href="https://fly.io/blog/kamal-in-production/"/>
<id>https://fly.io/blog/kamal-in-production/</id>
<published>2025-05-29T00:00:00+00:00</published>
<updated>2025-06-02T20:40:48+00:00</updated>
<media:thumbnail url="https://fly.io/blog/kamal-in-production/assets/production.jpg"/>
<content type="html"><p><a href='https://pragprog.com/titles/rails8/agile-web-development-with-rails-8/' title=''>Agile Web Development with Rails 8</a> is off to production, where they do things like editing, indexing, pagination, and printing. In researching the chapter on Deployment and Production, I became very dissatisfied with the content available on Kamal. I ended up writing my own, and it went well beyond the scope of the book. I then extracted what I needed from the result and put it in the book.</p>
<p>Now that I have some spare time, I took a look at the greater work. It was more than a chapter and less than a book, so I decided to publish it <a href='https://rubys.github.io/kamal-in-production/' title=''>online</a>.</p>
<p>This took me only a matter of hours. I had my notes in the XML grammar that Pragmatic Programming uses for books. I asked GitHub Copilot to convert them to Markdown. It did the job without my having to explain the grammar. It made intelligent guesses as to how to handle footnotes and got a number of these wrong, but that was easy to fix. On a lark, I asked it to proofread the content, and it did that too.</p>
<hr>
<p>Don&rsquo;t get me wrong, Kamal is great. There are plenty of videos on how to get toy projects online, and the documentation will tell you what each field in the configuration file does. But none pull together everything you need to deploy a real project. For example, <a href='https://rubys.github.io/kamal-in-production/Assemble/' title=''>there are seven things you need to get started</a>. Some are optional, some you may already have, and all can be gathered quickly <strong class='font-semibold text-navy-950'>if you have a list</strong>.</p>
<p>Kamal is just one piece of the puzzle. To deploy your software using Kamal, you need to be aware of the vast Docker ecosystem. You will want to set up a builder, sign up for a container repository, and lock down your secrets. And as you grow, you will want a load balancer and a managed database.</p>
<p>And production is much more than copying files and starting a process. It is ensuring that your database is backed up, that your logs are searchable, and that your application is being monitored. It is also about ensuring that your application is secure.</p>
<p>My list is opinionated. Each choice has a lot of options. For SSH keys, there are a lot of key types. If you don&rsquo;t have an opinion, go with what GitHub recommends. For hosting, there are a lot of providers, and most videos start with Hetzner, which is a solid choice. But did you know that there are separate paths for Cloud and Robot, and when you would want either?</p>
<p>A list with default options and alternatives highlighted was what would have helped me get started. Now it is available to you. The <a href='https://github.com/rubys/kamal-in-production/' title=''>source is on GitHub</a>. <a href='https://creativecommons.org/public-domain/cc0/' title=''>CC0 licensed</a>. Feel free to add side pages or links to document Digital Ocean, add other monitoring tools, or simply correct a typo that GitHub Copilot and I missed (or made).</p>
<hr>
<p>And if you happen to be in the south eastern part of the US in August, come see me talk on this topic at the <a href='https://blog.carolina.codes/p/announcing-our-2025-speakers' title=''>Carolina Code Conference</a>. If you can&rsquo;t make it, the presentation will be recorded and posted online.</p></content>
</entry>
<entry>
<title>parking_lot: ffffffffffffffff...</title>
<link rel="alternate" href="https://fly.io/blog/parking-lot-ffffffffffffffff/"/>
<id>https://fly.io/blog/parking-lot-ffffffffffffffff/</id>
<published>2025-05-28T00:00:00+00:00</published>
<updated>2025-06-02T20:40:48+00:00</updated>
<media:thumbnail url="https://fly.io/blog/parking-lot-ffffffffffffffff/assets/ffff-cover.webp"/>
<content type="html"><div class="lead"><p>We’re Fly.io, a public cloud that runs apps in a bunch of locations all over the world. This is a post about a gnarly bug in our Anycast router, the largest Rust project in our codebase. You won’t need much of any Rust to follow it.</p>
</div>
<p>The basic idea is simple: customers give us Docker containers, and tell us which one of 30+ regions around the world they want them to run in. We convert the containers into lightweight virtual machines, and then link them to an Anycast network. If you boot up an app here in Sydney and Frankfurt, and a request for it lands in Narita, it&rsquo;ll get routed to Sydney. The component doing that work is called <code>fly-proxy</code>. It&rsquo;s a Rust program, and it has been ill behaved of late.</p>
<h3 id='dramatis-personae' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#dramatis-personae' aria-label='Anchor'></a><span class='plain-code'>Dramatis Personae</span></h3>
<p><code>fly-proxy</code>, our intrepid Anycast router.</p>
<p><code>corrosion</code>, our intrepid Anycast routing protocol.</p>
<p><code>Rust</code>, a programming language you probably don&rsquo;t use.</p>
<p><code>read-write locks</code>, a synchronization primitive that allows for many readers <em>or</em> one single writer.</p>
<p><code>parking_lot</code>, a well-regarded optimized implementation of locks in Rust.</p>
<div class="callout"><p>Gaze not into the abyss, lest you become recognized as an <strong class="font-semibold text-navy-950"><em>abyss domain expert</em></strong>, and they expect you keep gazing into the damn thing</p>
<p><em>Mathewson <a href="https://x.com/nickm_tor/status/860234274842324993?lang=en" title="">6:31</a></em></p>
</div><h3 id='anycast-routing' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#anycast-routing' aria-label='Anchor'></a><span class='plain-code'>Anycast Routing</span></h3>
<p>You already know how to build a proxy. Connection comes in, connection goes out, copy back and forth. So for the amount of time we spend writing about <code>fly-proxy</code>, you might wonder what the big deal is.</p>
<p>To be fair, in the nuts and bolts of actually proxying requests, <code>fly-proxy</code> does some interesting stuff. For one thing, it&rsquo;s <a href='https://github.com/jedisct1/yes-rs' title=''>written in Rust</a>, which is apparently a big deal all on its own. It&rsquo;s a large, asynchronous codebase that handles multiple protocols, TLS termination, and certificate issuance. It exercises a lot of <a href='https://tokio.rs/' title=''>Tokio</a> features.</p>
<p>But none of this is the hard part of <code>fly-proxy</code>.</p>
<p>We operate thousands of servers around the world. A customer Fly Machine might get scheduled onto any of them; in some places, the expectation we set with customers is that their Machines will potentially start in less than a second. More importantly, a Fly Machine can terminate instantly. In both cases, but especially the latter, <code>fly-proxy</code> potentially needs to know, so that it does (or doesn&rsquo;t) route traffic there.</p>
<p>This is the hard problem: managing millions of connections for millions of apps. It&rsquo;s a lot of state to manage, and it&rsquo;s in constant flux. We refer to this as the &ldquo;state distribution problem&rdquo;, but really, it quacks like a routing protocol.</p>
<h3 id='our-routing-protocol-is-corrosion' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#our-routing-protocol-is-corrosion' aria-label='Anchor'></a><span class='plain-code'>Our Routing Protocol is Corrosion</span></h3><div class="right-sidenote"><p>Corrosion2, to be precise.</p>
</div>
<p>We&rsquo;ve been through multiple iterations of the state management problem, and the stable place we&rsquo;ve settled is a <a href='https://github.com/superfly/corrosion' title=''>system called Corrosion</a>.</p>
<p>Corrosion is a large SQLite database mirrored globally across several thousand servers. There are three important factors that make Corrosion work:</p>
<ol>
<li>The SQLite database Corrosion replicates is CRDT-structured.
</li><li>In our orchestration model, individual worker servers are the source of truth for any Fly Machines running on them; there&rsquo;s no globally coordinated orchestration state.
</li><li>We use <a href='http://fly.io/blog/building-clusters-with-serf/#what-serf-is-doing' title=''>SWIM gossip</a> to publish updates from those workers across the fleet.
</li></ol>
<p>This works. A Fly Machine terminates in Dallas; a <code>fly-proxy</code> instance in Singapore knows within a small number of seconds.</p>
<h3 id='routing-protocol-implementations-are-hard' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#routing-protocol-implementations-are-hard' aria-label='Anchor'></a><span class='plain-code'>Routing Protocol Implementations Are Hard</span></h3>
<p>A routing protocol is a canonical example of a distributed system. We&rsquo;ve certainly hit distsys bugs in Corrosion. But this story is about basic implementation issues. </p>
<p>A globally replicated SQLite database is an awfully nice primitive, but we&rsquo;re not actually doing SQL queries every time a request lands.</p>
<p>In somewhat the same sense as a router works both with a <a href='https://www.dasblinkenlichten.com/rib-and-fib-understanding-the-terminology/' title=''>RIB and a FIB</a>, there is in <code>fly-proxy</code> a system of record for routing information (Corrosion), and then an in-memory aggregation of that information used to make fast decisions. In <code>fly-proxy</code>, that&rsquo;s called the Catalog. It&rsquo;s a record of everything in Corrosion a proxy might need to know about to forward requests.</p>
<p>Here&rsquo;s a fun bug from last year:</p>
<p>At any given point in time, there&rsquo;s a lot going on inside <code>fly-proxy</code>. It is a highly concurrent system. In particular, there are many readers to the Catalog, and also, when Corrosion updates, writers. We manage access to the Catalog with a system of <a href='https://doc.rust-lang.org/std/sync/struct.RwLock.html' title=''>read-write locks</a>.</p>
<p>Rust is big on pattern-matching; instead of control flow based (at bottom) on simple arithmetic expressions, Rust allows you to <code>match</code> exhaustively (with compiler enforcement) on the types of an expression, and the type system expresses things like <code>Ok</code> or <code>Err</code>.</p>
<p>But <code>match</code> can be cumbersome, and so there are shorthands. One of them is <code>if let</code>, which is syntax that makes a pattern match read like a classic <code>if</code> statement. Here&rsquo;s an example:</p>
<div class="highlight-wrapper group relative rust">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-zarn5q31"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-zarn5q31"><span class="k">if</span> <span class="k">let</span> <span class="p">(</span><span class="nf">Some</span><span class="p">(</span><span class="nn">Load</span><span class="p">::</span><span class="nf">Local</span><span class="p">(</span><span class="n">load</span><span class="p">)))</span> <span class="o">=</span> <span class="p">(</span><span class="o">&amp;</span><span class="k">self</span><span class="py">.load</span><span class="nf">.read</span><span class="p">()</span><span class="nf">.get</span><span class="p">(</span><span class="o">...</span><span class="p">))</span> <span class="p">{</span>
<span class="c1">// do a bunch of stuff with `load`</span>
<span class="p">}</span> <span class="k">else</span> <span class="p">{</span>
<span class="k">self</span><span class="nf">.init_for</span><span class="p">(</span><span class="o">...</span><span class="p">);</span>
<span class="p">}</span>
</code></pre>
</div>
</div>
<p>The &ldquo;if&rdquo; arm of that branch is taken if <code>self.load.read().get()</code> returns a value with the type <code>Some</code>. To retrieve that value, the expression calls <code>read()</code> to grab a lock.</p>
<div class="right-sidenote"><p>though Rust programmers probably notice the bug quickly</p>
</div>
<p>The bug is subtle: in that code, the lock <code>self.load.read().get()</code> takes is held not just for the duration of the &ldquo;if&rdquo; arm, but also for the &ldquo;else&rdquo; arm — you can think of <code>if let</code> expressions as being rewritten to the equivalent <code>match</code> expression, where that lifespan is much clearer.</p>
<p>Anyways that&rsquo;s real code and it occurred on a code path in <code>fly-proxy</code> that was triggered by a Corrosion update propagating from host to host across our fleet in millisecond intervals of time, converging quickly, like a good little routing protocol, on a global consensus that our entire Anycast routing layer should be deadlocked. Fun times.</p>
<h3 id='the-watchdog-and-regionalizing' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-watchdog-and-regionalizing' aria-label='Anchor'></a><span class='plain-code'>The Watchdog, and Regionalizing</span></h3>
<p>The experience of that Anycast outage was arresting, and immediately altered our plans. We set about two tasks, one short-term and one long.</p>
<p>In the short term: we made deadlocks nonlethal with a &ldquo;watchdog&rdquo; system. <code>fly-proxy</code> has an internal control channel (it drives a REPL operators can run from our servers). During a deadlock (or dead-loop or exhaustion), that channel becomes nonresponsive. We watch for that and bounce the proxy when it happens. A deadlock is still bad! But it&rsquo;s a second-or-two-length arrhythmia, not asystole.</p>
<p>Meanwhile, over the long term: we&rsquo;re confronting the implications of all our routing state sharing a global broadcast domain. The update that seized up Anycast last year pertained to an app nobody used. There wasn&rsquo;t any real reason for any <code>fly-proxy</code> to receive it in the first place. But in the <em>status quo ante</em> of the outage, every proxy received updates for every Fly Machine.</p>
<p>They still do. Why? Because it scales, and fixing it turns out to be a huge lift. It&rsquo;s a lift we&rsquo;re still making! It&rsquo;s just taking time. We call this effort &ldquo;regionalization&rdquo;, because the next intermediate goal is to confine most updates to the region (Sydney, Frankfurt, Dallas) in which they occur.</p>
<p>I hope this has been a satisfying little tour of the problem domain we&rsquo;re working in. We have now reached the point where I can start describing the new bug.</p>
<h3 id='new-bug-round-1-lazy-loading' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#new-bug-round-1-lazy-loading' aria-label='Anchor'></a><span class='plain-code'>New Bug, Round 1: Lazy Loading</span></h3>
<p>We want to transform our original Anycast router, designed to assume a full picture of global state, into a regionalized router with partitioned state. A sane approach: have it lazy-load state information. Then you can spare most of the state code; state for apps that never show up at a particular <code>fly-proxy</code> in, say, Hong Kong simply doesn&rsquo;t get loaded.</p>
<p>For months now, portions of the <code>fly-proxy</code> Catalog have been lazy-loaded. A few weeks ago, the decision is made to get most of the rest of the Catalog state (apps, machines, &amp;c) lazy-loaded as well. It&rsquo;s a straightforward change and it gets rolled out quickly.</p>
<p>Almost as quickly, proxies begin locking up and getting bounced by the watchdog. Not in the frightening Beijing-Olympics-level coordinated fashion that happened during the Outage, but any watchdog bounce is a problem.</p>
<p>We roll back the change.</p>
<p>From the information we have, we&rsquo;ve narrowed things down to two suspects. First, lazy-loading changes the read/write patterns and thus the pressure on the RWLocks the Catalog uses; it could just be lock contention. Second, we spot a suspicious <code>if let</code>.</p>
<h3 id='new-bug-round-2-the-lock-refactor' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#new-bug-round-2-the-lock-refactor' aria-label='Anchor'></a><span class='plain-code'>New Bug, Round 2: The Lock Refactor</span></h3>
<p>Whichever the case, there&rsquo;s a reason these proxies locked up with the new lazy-loading code, and our job is to fix it. The <code>if let</code> is easy. Lock contention is a little trickier.</p>
<p>At this point it&rsquo;s time to introduce a new character to the story, though they&rsquo;ve been lurking on the stage the whole time: it&rsquo;s <a href='https://github.com/Amanieu/parking_lot' title=''><code>parking_lot</code></a>, an important, well-regarded, and widely-used replacement for the standard library&rsquo;s lock implementation.</p>
<p>Locks in <code>fly-proxy</code> are <code>parking_lot</code> locks. People use <code>parking_lot</code> mostly because it is very fast and tight (a lock takes up just a single 64-bit word). But we use it for the feature set. The feature we&rsquo;re going to pull out this time is lock timeouts: the RWLock in <code>parking_lot</code> exposes a <a href='https://amanieu.github.io/parking_lot/parking_lot/struct.RwLock.html#method.try_write_for' title=''><code>try_write_for</code></a>method, which takes a <code>Duration</code>, after which an attempt to grab the write lock fails.</p>
<p>Before rolling out a new lazy-loading <code>fly-proxy</code>, we do some refactoring:</p>
<ul>
<li>our Catalog write locks all time out, so we&rsquo;ll get telemetry and a failure recovery path if that&rsquo;s what&rsquo;s choking the proxy to death,
</li><li>we eliminate RAII-style lock acquisition from the Catalog code (in RAII style, you grab a lock into a local value, and the lock is released implicitly when the scope that expression occurs in concludes) and replace it with explicit closures, so you can look at the code and see precisely the interval in which the lock is held, and
</li><li>since we now have code that is very explicit about locking intervals, we instrument it with logging and metrics so we can see what&rsquo;s happening.
</li></ul>
<p>We should be set. The suspicious <code>if let</code> is gone, lock acquisition can time out, and we have all this new visibility.</p>
<p>Nope. Immediately more lockups, all in Europe, especially in <code>WAW</code>.</p>
<h3 id='new-bug-round-3-telemetry-inspection' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#new-bug-round-3-telemetry-inspection' aria-label='Anchor'></a><span class='plain-code'>New Bug, Round 3: Telemetry Inspection</span></h3>
<p>That we&rsquo;re still seeing deadlocks is f&#39;ing weird. We&rsquo;ve audited all our Catalog locks. You can look at the code and see the lifespan of a grabbed lock.</p>
<p>We have a clue: our lock timeout logs spam just before a proxy locks up and is killed by the watchdog. This clue: useless. But we don&rsquo;t know that yet!</p>
<p>Our new hunch is that something is holding a lock for a very long time, and we just need to find out which thing that is. Maybe the threads updating the Catalog from Corrosion are dead-looping?</p>
<p>The instrumentation should tell the tale. But it does not. We see slow locks… just before the entire proxy locks up. And they happen in benign, quiet applications. Random, benign, quiet applications.</p>
<p><code>parking_lot</code> has a <a href='https://amanieu.github.io/parking_lot/parking_lot/deadlock/index.html' title=''>deadlock detector</a>. If you ask it, it&rsquo;ll keep a waiting-for dependency graph and detect stalled threads. This runs on its own thread, isolate outside the web of lock dependencies in the rest of the proxy. We cut a build of the proxy with the deadlock detector enabled and wait for something in <code>WAW</code> to lock up. And it does. But <code>parking_lot</code> doesn&rsquo;t notice. As far as it&rsquo;s concerned, nothing is wrong.</p>
<p>We are at this moment very happy we did the watchdog thing.</p>
<h3 id='new-bug-round-4-descent-into-madness' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#new-bug-round-4-descent-into-madness' aria-label='Anchor'></a><span class='plain-code'>New Bug, Round 4: Descent Into Madness</span></h3>
<p>When the watchdog bounces a proxy, it snaps a core dump from the process it just killed. We are now looking at core dumps. There is only one level of decompensation to be reached below &ldquo;inspecting core dumps&rdquo;, and that&rsquo;s &ldquo;blaming the compiler&rdquo;. We will get there.</p>
<p>Here&rsquo;s Pavel, at the time:</p>
<blockquote>
<p>I’ve been staring at the last core dump from <code>waw</code> . It’s quite strange.
First, there is no thread that’s running inside the critical section. Yet, there is a thread that’s waiting to acquire write lock and a bunch of threads waiting to acquire a read lock.
That’s doesn’t prove anything, of course, as a thread holding catalog write lock might have just released it before core dump was taken. But that would be quite a coincidence.</p>
</blockquote>
<p>The proxy is locked up. But there are no threads in a critical section for the catalog. Nevertheless, we can see stack traces of multiple threads waiting to acquire locks. In the moment, Pavel thinks this could be a fluke. But we&rsquo;ll soon learn that <em>every single stack trace</em> shows the same pattern: everything wants the Catalog lock, but nobody has it.</p>
<p>It&rsquo;s hard to overstate how weird this is. It breaks both our big theories: it&rsquo;s not compatible with a Catalog deadlock that we missed, and it&rsquo;s not compatible with a very slow lock holder. Like a podcast listener staring into the sky at the condensation trail of a jetliner, we begin reaching for wild theories. For instance: <code>parking_lot</code> locks are synchronous, but we&rsquo;re a Tokio application; something somewhere could be taking an async lock that&rsquo;s confusing the runtime. Alas, no.</p>
<p>On the plus side, we are now better at postmortem core dump inspection with <code>gdb</code>.</p>
<h3 id='new-bug-round-5-madness-gives-way-to-desperation' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#new-bug-round-5-madness-gives-way-to-desperation' aria-label='Anchor'></a><span class='plain-code'>New Bug, Round 5: Madness Gives Way To Desperation</span></h3>
<p>Fuck it, we&rsquo;ll switch to <code>read_recursive</code>.</p>
<p>A recursive read lock is an eldritch rite invoked when you need to grab a read lock deep in a call tree where you already grabbed that lock, but can&rsquo;t be arsed to structure the code properly to reflect that. When you ask for a recursive lock, if you already hold the lock, you get the lock again, instead of a deadlock.</p>
<p>Our theory: <code>parking_lot</code>goes through some trouble to make sure a stampede of readers won&rsquo;t starve writers, who are usually outnumbered. It prefers writers by preventing readers from acquiring locks when there&rsquo;s at least one waiting writer. And <code>read_recursive</code> sidesteps that logic.</p>
<p>Maybe there&rsquo;s some ultra-slow reader somehow not showing up in our traces, and maybe switching to recursive locks will cut through that.</p>
<p>This does not work. At least, not how we hoped it would. It does generate a new piece of evidence: <code>RwLock reader count overflow</code> log messages, and lots of them.</p>
<h3 id='there-are-things-you-are-not-meant-to-know' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#there-are-things-you-are-not-meant-to-know' aria-label='Anchor'></a><span class='plain-code'>There Are Things You Are Not Meant To Know</span></h3>
<p>You&rsquo;re reading a 3,000 word blog post about a single concurrency bug, so my guess is you&rsquo;re the kind of person who compulsively wants to understand how everything works. That&rsquo;s fine, but a word of advice: there are things where, if you find yourself learning about them in detail, something has gone wrong.</p>
<p>One of those things is the precise mechanisms used by your RWLock implementation.</p>
<p>The whole point of <code>parking_lot</code> is that the locks are tiny, marshalled into a 64 bit word. Those bits are partitioned into <a href='https://github.com/Amanieu/parking_lot/blob/master/src/raw_rwlock.rs' title=''>4 signaling bits</a> (<code>PARKED</code>, <code>WRITER_PARKED</code>, <code>WRITER</code>, and <code>UPGRADEABLE</code>) and a 60-bit counter of lock holders.</p>
<blockquote>
<p>Me, a dummy: sounds like we overflowed that counter.</p>
<p>Pavel, a genius: we are not overflowing a 60-bit counter.</p>
</blockquote>
<p>Ruling out a genuine overflow (which would require paranormal activity) leaves us with corruption as the culprit. Something is bashing our lock word. If the counter is corrupted, maybe the signaling bits are too; then we&rsquo;re in an inconsistent state, an artificial deadlock.</p>
<p>Easily confirmed. We cast the lock words into <code>usize</code> and log them. Sure enough, they&rsquo;re <code>0xFFFFFFFFFFFFFFFF</code>.</p>
<p>This is a smoking gun, because it implies all 4 signaling bits are set, and that includes <code>UPGRADEABLE</code>. Upgradeable locks are read-locks that can be &ldquo;upgraded&rdquo; to write locks. We don&rsquo;t use them.</p>
<p>This looks like classic memory corruption. But in our core dumps, memory doesn&rsquo;t appear corrupted: the only thing set all <code>FFh</code> is the lock word.</p>
<p>We compile and run our test suites <a href='https://github.com/rust-lang/miri' title=''>under <code>miri</code></a>, a Rust interpreter for its <a href='https://rustc-dev-guide.rust-lang.org/mir/index.html' title=''>MIR IR</a>. <code>miri</code> does all sorts of cool UB detection, and does in fact spot some UB in our tests, which we are at the time excited about until we deploy the fixes and nothing gets better.</p>
<p>At this point, Saleem suggests guard pages. We could <code>mprotect</code> memory pages around the lock to force a panic if a wild write hits <em>near</em> the lock word, or just allocate zero pages and check them, which we are at the time excited about until we deploy the guard pages and nothing hits them.</p>
<h3 id='the-non-euclidean-horror-at-the-heart-of-this-bug' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-non-euclidean-horror-at-the-heart-of-this-bug' aria-label='Anchor'></a><span class='plain-code'>The Non-Euclidean Horror At The Heart Of This Bug</span></h3>
<p>At this point we should recap where we find ourselves:</p>
<ul>
<li>We made a relatively innocuous change to our proxy, which caused proxies in Europe to get watchdog-killed.
</li><li>We audited and eliminated all the nasty <code>if-letses</code>.
</li><li>We replaced all RAII lock acquisitions with explicit closures, and instrumented the closures.
</li><li>We enabled <code>parking_lot</code> deadlock detection.
</li><li>We captured and analyzed core dumps for the killed proxies.
</li><li>We frantically switched to recursive read locks, which generated a new error.
</li><li>We spotted what looks like memory corruption, but only of that one tiny lock word.
</li><li>We ran our code under an IR interpreter to find UB, fixed some UB, and didn&rsquo;t fix the bug.
</li><li>We set up guard pages to catch wild writes.
</li></ul>
<p>In Richard Cook&rsquo;s essential <a href='https://how.complexsystems.fail/' title=''>&ldquo;How Complex Systems Fail&rdquo;</a>, rule #5 is that &ldquo;complex systems operate in degraded mode&rdquo;. <em>The system continues to function because it contains so many redundancies and because people can make it function, despite the presence of many flaws</em>. Maybe <code>fly-proxy</code> is now like the RBMK reactors at Chernobyl, a system that works just fine as long as operators know about and compensate for its known concurrency flaws, and everybody lives happily ever after.</p>
<div class="right-sidenote"><p>We are, in particular, running on the most popular architecture for its RWLock implementation.</p>
</div>
<p>We have reached the point where serious conversations are happening about whether we&rsquo;ve found a Rust compiler bug. Amusingly, <code>parking_lot</code> is so well regarded among Rustaceans that it&rsquo;s equally if not more plausible that Rust itself is broken.</p>
<p>Nevertheless, we close-read the RWLock implementation. And we spot this:</p>
<div class="highlight-wrapper group relative rust">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-c23zvw3n"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-c23zvw3n"><span class="k">let</span> <span class="n">state</span> <span class="o">=</span> <span class="k">self</span><span class="py">.state</span><span class="nf">.fetch_add</span><span class="p">(</span>
<span class="n">prev_value</span><span class="nf">.wrapping_sub</span><span class="p">(</span><span class="n">WRITER_BIT</span> <span class="p">|</span> <span class="n">WRITER_PARKED_BIT</span><span class="p">),</span>
<span class="nn">Ordering</span><span class="p">::</span><span class="n">Relaxed</span><span class="p">);</span>
</code></pre>
</div>
</div>
<p>This looks like gibberish, so let&rsquo;s rephrase that code to see what it&rsquo;s actually doing:</p>
<div class="highlight-wrapper group relative rust">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-oq3znyk"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-oq3znyk"><span class="k">let</span> <span class="n">state</span> <span class="o">=</span> <span class="k">self</span><span class="py">.state</span> <span class="o">&amp;</span> <span class="o">~</span><span class="p">(</span><span class="n">WRITER_BIT</span><span class="p">|</span><span class="n">WRITER_PARKED_BIT</span><span class="p">);</span>
</code></pre>
</div>
</div>
<p>If you know exactly the state of the word you&rsquo;re writing to, and you know exactly the limited set of permutations the bits of that word can take (for instance, because there&rsquo;s only 4 signaling bits), then instead of clearing bit by fetching a word, altering it, and then storing it, you can clear them <em>atomically</em> by adding the inverse of those bits to the word.</p>
<p>This pattern is self-synchronizing, but it relies on an invariant: you&rsquo;d better be right about the original state of the word you&rsquo;re altering. Because if you&rsquo;re wrong, you&rsquo;re adding a very large value to an uncontrolled value.</p>
<p>In <code>parking_lot</code>, say we have <code>WRITER</code> and <code>WRITER_PARKED</code> set: the state is <code>0b1010</code>. <code>prev_value</code>, the state of the lock word when the lock operation started, is virtually always 0, and that&rsquo;s what we&rsquo;re counting on. <code>prev_value.wrapping_sub()</code>then calculates <code>0xFFFFFFFFFFFFFFF6</code>, which exactly cancels out the <code>0b1010</code> state, leaving 0.</p>
<div class="right-sidenote"><p>As a grace note, the locking code manages to set that one last unset bit before the proxy deadlocks.</p>
</div>
<p>Consider though what happens if one of those bits isn&rsquo;t set: state is <code>0b1000</code>. Now that add doesn&rsquo;t cancel out; the final state is instead <code>0xFFFFFFFFFFFFFFFE</code>. The reader count is completely full and can&rsquo;t be decremented, and all the waiting bits are set so nothing can happen on the lock.</p>
<p><code>parking_lot</code> is a big deal and we&rsquo;re going to be damn sure before we file a bug report. Which doesn&rsquo;t take long; Pavel reproduces the bug in a minimal test case, with a forked version of <code>parking_lot</code> that confirms and logs the condition.</p>
<p><a href='https://github.com/Amanieu/parking_lot/issues/465' title=''>The <code>parking_lot</code> team quickly confirms</a> and fixes the bug.</p>
<h3 id='ex-insania-claritas' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#ex-insania-claritas' aria-label='Anchor'></a><span class='plain-code'>Ex Insania, Claritas</span></h3>
<p>Here&rsquo;s what we now know to have been happening:</p>
<ol>
<li>Thread 1 grabs a read lock.
</li><li>Thread 2 tries to grab a write lock, with a <code>try_write_for</code> timeout; it&rsquo;s &ldquo;parked&rdquo; waiting for the reader, which sets <code>WRITER</code> and <code>WRITER_PARKED</code> on the raw lock word.
</li><li>Thread 1 releases the lock, unparking a waiting writer, which unsets <code>WRITER_PARKED</code>.
</li><li>Thread 2 wakes, but not for the reason it thinks: the timing is such that it thinks the lock has timed out. So it tries to clear both <code>WRITER</code> and <code>WRITER_PARKED</code> — a bitwise &ldquo;double free&rdquo;. Lock: corrupted. Computer: over.
</li></ol>
<p><a href='https://github.com/Amanieu/parking_lot/pull/466' title=''>The fix is simple</a>: the writer bit is cleared separately in the same wakeup queue as the reader. The fix is deployed, the lockups never recur.</p>
<p>At a higher level, the story is this:</p>
<ol>
<li>We&rsquo;re refactoring the proxy to regionalize it, which changes the pattern of readers and writers on the catalog.
</li><li>As we broaden out lazy loads, we introduce writer contention, a classic concurrency/performance debugging problem. It looks like a deadlock at the time! It isn&rsquo;t.
</li><li><code>try_write_for</code> is a good move: we need tools to manage contention.
</li><li>But now we&rsquo;re on a buggy code path in <code>parking_lot</code> — we don&rsquo;t know that and can&rsquo;t understand it until we&rsquo;ve lost enough of our minds to second-guess the library.
</li><li>We stumble on the bug out of pure dumb luck by stabbing in the dark with <code>read_recursive</code>.
</li></ol>
<p>Mysteries remain. Why did this only happen in <code>WAW</code>? Some kind of crazy regional timing thing? Something to do with the Polish <em>kreska</em> diacritic that makes L&rsquo;s sound like W&rsquo;s? The wax and wane of caribou populations? Some very high-traffic APIs local to these regions? All very plausible.</p>
<p>We&rsquo;ll never know because we fixed the bug.</p>
<p>But we&rsquo;re in a better place now, even besides the bug fix:</p>
<ul>
<li>we audited all our catalog locking, got rid of all the iflets, and stopped relying on RAII lock guards.
</li><li>the resulting closure patterns gave us lock timing metrics, which will be useful dealing with future write contention
</li><li>all writes are now labeled, and we emit labeled logs on slow writes, augmented with context data (like app IDs) where we have it
</li><li>we also now track the last and current holder of the write lock, augmented with context information; next time we have a deadlock, we should have all the information we need to identify the actors without <code>gdb</code> stack traces.
</li></ul></content>
</entry>
<entry>
<title>Litestream: Revamped</title>
<link rel="alternate" href="https://fly.io/blog/litestream-revamped/"/>
<id>https://fly.io/blog/litestream-revamped/</id>
<published>2025-05-20T00:00:00+00:00</published>
<updated>2025-05-22T19:59:27+00:00</updated>
<media:thumbnail url="https://fly.io/blog/litestream-revamped/assets/litestream-revamped.png"/>
<content type="html"><div class="lead"><p><a href="https://litestream.io/" title="">Litestream</a> is an open-source tool that makes it possible to run many kinds of full-stack applications on top of SQLite by making them reliably recoverable from object storage. This is a post about the biggest change we’ve made to it since I launched it.</p>
</div>
<p>Nearly a decade ago, I got a bug up my ass. I wanted to build full-stack applications quickly. But the conventional n-tier database design required me to do sysadmin work for each app I shipped. Even the simplest applications depended on heavy-weight database servers like Postgres or MySQL.</p>
<p>I wanted to launch apps on SQLite, because SQLite is easy. But SQLite is embedded, not a server, which at the time implied that the data for my application lived (and died) with just one server.</p>
<p>So in 2020, I wrote <a href='https://litestream.io/' title=''>Litestream</a> to fix that.</p>
<p>Litestream is a tool that runs alongside a SQLite application. Without changing that running application, it takes over the WAL checkpointing process to continuously stream database updates to an S3-compatible object store. If something happens to the server the app is running on, the whole database can efficiently be restored to a different server. You might lose servers, but you won&rsquo;t lose your data.</p>
<p>Litestream worked well. So we got ambitious. A few years later, we built <a href='https://github.com/superfly/litefs' title=''>LiteFS</a>. LiteFS takes the ideas in Litestream and refines them, so that we can do read replicas and primary failovers with SQLite. LiteFS gives SQLite the modern deployment story of an n-tier database like Postgres, while keeping the database embedded.</p>
<p>We like both LiteFS and Litestream. But Litestream is the more popular project. It&rsquo;s easier to deploy and easier to reason about.</p>
<p>There are some good ideas in LiteFS. We&rsquo;d like Litestream users to benefit from them. So we&rsquo;ve taken our LiteFS learnings and applied them to some new features in Litestream.</p>
<h2 id='point-in-time-restores-but-fast' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#point-in-time-restores-but-fast' aria-label='Anchor'></a><span class='plain-code'>Point-in-time restores, but fast</span></h2>
<p><a href='https://fly.io/blog/all-in-on-sqlite-litestream/' title=''>Here&rsquo;s how Litestream was originally designed</a>: you run <code>litestream</code> against a SQLite database, and it opens up a long-lived read transaction. This transaction arrests SQLite WAL checkpointing, the process by which SQLite consolidates the WAL back into the main database file. Litestream builds a &ldquo;shadow WAL&rdquo; that records WAL pages, and copies them to S3.</p>
<p>This is simple, which is good. But it can also be slow. When you want to restore a database, you have have to pull down and replay every change since the last snapshot. If you changed a single database page a thousand times, you replay a thousand changes. For databases with frequent writes, this isn&rsquo;t a good approach.</p>
<p>In LiteFS, we took a different approach. LiteFS is transaction-aware. It doesn&rsquo;t simply record raw WAL pages, but rather ordered ranges of pages associated with transactions, using a file format we call <a href='https://github.com/superfly/ltx' title=''>LTX</a>. Each LTX file represents a sorted changeset of pages for a given period of time.</p>
<p><img alt="a simple linear LTX file with 8 pages between 1 and 21" src="/blog/litestream-revamped/assets/linear-ltx.png" /></p>
<p>Because they are sorted, we can easily merge multiple LTX files together and create a new LTX file with only the latest version of each page.</p>
<p><img alt="merging three LTX files into one" src="/blog/litestream-revamped/assets/merged-ltx.png" /></p>
<div class="right-sidenote"><p>This is similar to how an <a href="https://en.wikipedia.org/wiki/Log-structured_merge-tree" title="">LSM tree</a> works.</p>
</div>
<p>This process of combining smaller time ranges into larger ones is called <em>compaction</em>. With it, we can replay a SQLite database to a specific point in time, with a minimal duplicate pages.</p>
<h2 id='casaas-compare-and-swap-as-a-service' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#casaas-compare-and-swap-as-a-service' aria-label='Anchor'></a><span class='plain-code'>CASAAS: Compare-and-Swap as a Service</span></h2>
<p>One challenge Litestream has to deal with is desynchronization. Part of the point of Litestream is that SQLite applications don&rsquo;t have to be aware of it. But <code>litestream</code> is just a process, running alongside the application, and it can die independently. If <code>litestream</code> is down while database changes occur, it will miss changes. The same kind of problem occurs if you start replication from a new server.</p>
<p>Litestream needs a way to reset the replication stream from a new snapshot. How it does that is with &ldquo;generations&rdquo;. <a href='https://litestream.io/how-it-works/#snapshots--generations' title=''>A generation</a> represents a snapshot and a stream of WAL updates, uniquely identified. Litestream notices any break in its WAL sequence and starts a new generation, which is how it recovers from desynchronization.</p>
<p>Unfortunately, storing and managing multiple generations makes it difficult to implement features like failover and read-replicas.</p>
<p>The most straightforward way around this problem is to make sure only one instance of Litestream can replication to a given destination. If you can do that, you can store just a single, latest generation. That in turn makes it easy to know how to resync a read replica; there&rsquo;s only one generation to choose from.</p>
<p>In LiteFS, we solved this problem by using Consul, which guaranteed a single leader. That requires users to know about Consul. Things like &ldquo;requiring Consul&rdquo; are probably part of the reason Litestream is so much more popular than LiteFS.</p>
<p>In Litestream, we&rsquo;re solving the problem a different way. Modern object stores like S3 and Tigris solve this problem for us: they now offer <a href='https://aws.amazon.com/about-aws/whats-new/2024/11/amazon-s3-functionality-conditional-writes/' title=''>conditional write support</a>. With conditional writes, we can implement a time-based lease. We get essentially the same constraint Consul gave us, but without having to think about it or set up a dependency.</p>
<p>In the immediacy, this will mean you can run Litestream with ephemeral nodes, with overlapping run times, and even if they&rsquo;re storing to the same destination, they won&rsquo;t confuse each other.</p>
<h2 id='lightweight-read-replicas' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#lightweight-read-replicas' aria-label='Anchor'></a><span class='plain-code'>Lightweight read replicas</span></h2>
<p>The original design constraint of both Litestream and LiteFS was to extend SQLite, to modern deployment scenarios, without disturbing people&rsquo;s built code. Both tools are meant to function even if applications are oblivious to them.</p>
<p>LiteFS is more ambitious than Litestream, and requires transaction-awareness. To get that without disturbing built code, we use a cute trick (a.k.a. a gross hack): LiteFS provides a FUSE filesystem, which lets it act as a proxy between the application and the backing store. From that vantage point, we can easily discern transactions.</p>
<p>The FUSE approach gave us a lot of control, enough that users could use SQLite replicas just like any other database. But installing and running a whole filesystem (even a fake one) is a lot to ask of users. To work around that problem, we relaxed a constraint: LiteFS can function without the FUSE filesystem if you load an extension into your application code, <a href='https://github.com/superfly/litevfs' title=''>LiteVFS</a>. LiteVFS is a <a href='https://www.sqlite.org/vfs.html' title=''>SQLite Virtual Filesystem</a> (VFS). It works in a variety of environments, including some where FUSE can&rsquo;t, like in-browser WASM builds.</p>
<p>What we&rsquo;re doing next is taking the same trick and using it on Litestream. We&rsquo;re building a VFS-based read-replica layer. It will be able to fetch and cache pages directly from S3-compatible object storage.</p>
<p>Of course, there&rsquo;s a catch: this approach isn&rsquo;t as efficient as a local SQLite database. That kind of efficiency, where you don&rsquo;t even need to think about N+1 queries because there&rsquo;s no network round-trip to make the duplicative queries pile up costs, is part of the point of using SQLite.</p>
<p>But we&rsquo;re optimistic that with cacheing and prefetching, the approach we&rsquo;re using will yield, for the right use cases, strong performance — all while serving SQLite reads hot off of Tigris or S3.</p>
<figure class="post-cta">
<figcaption>
<h1>Litestream is fully open source</h1>
<p>It&rsquo;s not coupled with Fly.io at all; you can use it anywhere.</p>
<a class="btn btn-lg" href="https://litestream.io/">
Check it out <span class='opacity-50'>→</span>
</a>
</figcaption>
<div class="image-container">
<img src="/static/images/cta-kitty.webp" srcset="/static/images/[email protected] 2x" alt="">
</div>
</figure>
<h2 id='synchronize-lots-of-databases' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#synchronize-lots-of-databases' aria-label='Anchor'></a><span class='plain-code'>Synchronize Lots Of Databases</span></h2>
<p>While we&rsquo;ve got you here: we&rsquo;re knocking out one of our most requested features.</p>
<p>In the old Litestream design, WAL-change polling and slow restores made it infeasible to replicate large numbers of databases from a single process. That has been our answer when users ask us for a &ldquo;wildcard&rdquo; or &ldquo;directory&rdquo; replication argument for the tool.</p>
<p>Now that we&rsquo;ve switched to LTX, this isn&rsquo;t a problem any more. It should thus be possible to replicate <code>/data/*.db</code>, even if there&rsquo;s hundreds or thousands of databases in that directory.</p>
<h2 id='we-still-sqlite' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#we-still-sqlite' aria-label='Anchor'></a><span class='plain-code'>We Still ❤️ SQLite</span></h2>
<p>SQLite has always been a solid database to build on and it&rsquo;s continued to find new use cases as the industry evolves. We&rsquo;re super excited to continue to build Litestream alongside it.</p>
<p>We have a sneaking suspicion that the robots that write LLM code are going to like SQLite too. We think what <a href='https://phoenix.new/' title=''>coding agents like Phoenix.new</a> want is a way to try out code on live data, screw it up, and then rollback <em>both the code and the state.</em> These Litestream updates put us in a position to give agents PITR as a primitive. On top of that, you can build both rollbacks and forks.</p>
<p>Whether or not you&rsquo;re drinking the AI kool-aid, we think this new design for Litestream is just better. We&rsquo;re psyched to be rolling it out, and for the features it&rsquo;s going to enable.</p></content>
</entry>
<entry>
<title>Launching MCP Servers on Fly.io</title>
<link rel="alternate" href="https://fly.io/blog/mcp-launch/"/>
<id>https://fly.io/blog/mcp-launch/</id>
<published>2025-05-19T00:00:00+00:00</published>
<updated>2025-05-22T19:59:27+00:00</updated>
<media:thumbnail url="https://fly.io/blog/mcp-launch/assets/fly-mcp-launch.png"/>
<content type="html"><div class="lead"><p>This is a blog post. Part showing off. Part opinion. Plan accordingly.</p>
</div>
<p>The <a href='https://www.anthropic.com/news/model-context-protocol' title=''>Model Context Protocol</a> is days away from turning six months old. You read that right, six <em>months</em> old. MCP Servers have both taken the world by storm, and still trying to figure out what they want to be when they grow up.</p>
<p>There is no doubt that MCP servers are useful. But their appeal goes beyond that. They are also simple and universal. What&rsquo;s not to like?</p>
<p>Well, for starters, there&rsquo;s basically two types of MCP servers. One small and nimble that runs as a process on your machine. And one that is a HTTP server that runs presumably elsewhere and is <a href='https://modelcontextprotocol.io/specification/2025-03-26/basic/authorization' title=''>standardizing</a> on OAuth 2.1. And there is a third type, but it is deprecated.</p>
<p>Next there is the configuration. Asking users to manually edit JSON seems so early 21th century. With Claude, this goes into <code>~/Library/Application Support/Claude/claude_desktop_config.json</code>, and is found under a <code>MCPServer</code> key. With Zed, this file is in <code>~/.config/zed/settings.json</code> and is found under a <code>context_servers</code> key. And some tools put these files in a different place depending on whether you are running on MacOS, Linux, or Windows.</p>
<p>Finally, there is security. An MCP server running on your machine literally has access to everything you do. Running remote solves this problem, but did I mention <a href='https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-12' title=''>OAuth 2.1</a>? Not exactly something one sets up for casual use.</p>
<p>None of these issues are fatal - something that is obvious by the fact that MCP servers are quite popular. But can we do better? I think so.</p>
<hr>
<p>Demo time.</p>
<p>Let&rsquo;s try out the <a href='https://github.com/modelcontextprotocol/servers/blob/main/src/slack/README.md' title=''>Slack MCP Server</a>:</p>
<blockquote>
<p>MCP Server for the Slack API, enabling Claude to interact with Slack workspaces.</p>
</blockquote>
<p>That certainly sounds like a good test case. There is a small amount of <a href='https://github.com/modelcontextprotocol/servers/blob/main/src/slack/README.md#setup' title=''>setup</a> you need to do, and when you are done you end up with a <em>Bot User OAuth Token</em> staring with <code>xoxb-</code> and a <em>Team ID</em> starting with a <code>T</code>.</p>
<p>You <em>would</em> run it using the following:</p>
<div class="highlight-wrapper group relative sh">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-ievvjhpo"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-ievvjhpo">npx <span class="nt">-y</span> @modelcontextprotocol/server-slack
</code></pre>
</div>
</div>
<p>But instead, you convert that command to JSON and find the right configuration file and put this information in there. And either run the slack MCP server locally or set up a server with or without authentication.</p>
<p>Wouldn&rsquo;t it be nice to have the simplicity of a local process, the security of a remote server, and to eliminate the hassle of manually editing JSON?</p>
<p>Here&rsquo;s our current thinking:</p>
<div class="highlight-wrapper group relative sh">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-gdwhiyfl"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-gdwhiyfl">fly mcp launch <span class="se">\</span>
<span class="s2">"npx -y @modelcontextprotocol/server-slack"</span> <span class="se">\</span>
<span class="nt">--claude</span> <span class="nt">--server</span> slack <span class="se">\</span>
<span class="nt">--secret</span> <span class="nv">SLACK_BOT_TOKEN</span><span class="o">=</span>xoxb-your-bot-token <span class="se">\</span>
<span class="nt">--secret</span> <span class="nv">SLACK_TEAM_ID</span><span class="o">=</span>T01234567
</code></pre>
</div>
</div>
<p>You can put this all on one line if you like, I just split this up so it fits on small screens and so we can talk about the various parts.</p>
<p>The first three words seem reasonable. The quoted string is just the command that we want to run. So lets talk about the four flags. The first tells us which tool&rsquo;s configuration file we want to update. The second specifies the name to use for the server in that configuration file. The last two set secrets.</p>
<p>Oh, did I say current thinking? Perhaps I should mention that it is something you can run right now, as long as you have flyctl <code>v0.3.125</code> or later. Complete with the options you would expect from Fly.io, like the ability to configure auto-stop, file contents, flycast, secrets, region, volumes, and VM sizes.</p>
<p>And, hey, lookie there:</p>
<p><img alt="testing, testing, 1, 2, 3" src="/blog/mcp-launch/assets/mcp-slack.png" /></p>
<p>Support for Claude, Cursor, Neovim, VS Code, Windsurf, and Zed are built in. You can select multiple clients and configuration files.</p>
<p>By default, bearer token authentication will be set up on both the server and client.</p>
<p>You can find the complete set of options on our <a href='https://fly.io/docs/flyctl/mcp-launch/' title=''><code>fly mcp launch</code></a> docs page.</p>
<hr>
<p>But this post isn&rsquo;t just about experimental demoware that is subject to change.
It is about the depth of support that we are rapidly bringing online, including:</p>
<ul>
<li>Support for all transports, not just the ones we recommend.
</li><li>Ability to deploy using the command line or the Machines API, with a number of different options that allow you to chose between elegant simplicity and excruciating precise control.
</li><li>Ability to deploy each MCP server to a separate Machine, container, or even inside your application.
</li><li>Access via HTTP Authorization, wireguard tunnels and flycast, or reverse proxies.
</li></ul>
<p>You can see all this spelled out in our <a href='https://fly.io/docs/mcp/' title=''>docs</a>. Be forewarned, most pages are marked as <em>beta</em>. But the examples provided all work. Well, there may be a bug here or there, but the examples <em>as shown</em> are thought to work. Maybe.</p>
<p>Let&rsquo;s figure out the ideal ergonomics of deploying MCP servers remotely together!</p></content>
</entry>
<entry>
<title>Provisioning Machines using MCPs</title>
<link rel="alternate" href="https://fly.io/blog/mcp-provisioning/"/>
<id>https://fly.io/blog/mcp-provisioning/</id>
<published>2025-05-07T00:00:00+00:00</published>
<updated>2025-05-22T19:59:27+00:00</updated>
<media:thumbnail url="https://fly.io/blog/mcp-provisioning/assets/Hello.webp"/>
<content type="html"><div class="lead"><p>Today’s state of the art is K8S, Terraform, web based UIs, and CLIs. Those days are numbered.</p>
</div>
<p>On Monday, I created my first fly volume using an <a href='https://modelcontextprotocol.io/introduction' title=''>MCP</a>. For those who don&rsquo;t know what MCPs are, they are how you attach tools to <a href='https://en.wikipedia.org/wiki/Large_language_model' title=''>LLM</a>s like Claude or Cursor. I added support for
<a href='https://fly.io/docs/flyctl/volumes-create/' title=''>fly volume create</a> to <a href='https://fly.io/docs/flyctl/mcp-server/' title=''>fly mcp server</a>, and it worked the first time.
A few hours later, and with the assistance of GitHub Copilot, i added support for all <a href='https://fly.io/docs/flyctl/volumes/' title=''>fly volumes</a> commands.</p>
<hr>
<div class="right-sidenote"><p>This movie summary is from <a href="https://collidecolumn.wordpress.com/2013/08/04/when-worlds-collide-77-talking-with-computers-beyond-mouse-and-keyboard/">When Worlds Collide, by Nalaka Gunawardene</a></p>
</div>
<p>I&rsquo;m reminded of the memorable scene in the film <a href='http://en.wikipedia.org/wiki/Star_Trek_IV:_The_Voyage_Home' title=''>Star Trek IV: The Voyage Home</a> (1986). Chief Engineer Scotty, having time-travelled 200 years back to late 20th century San Francisco with his crew mates, encounters an early Personal Computer (PC).</p>
<p>Sitting in front of it, he addresses the machine affably as “Computer!” Nothing happens. Scotty repeats himself; still no response. He doesn’t realise that voice recognition capability hadn’t arrived yet.</p>
<p>Exasperated, he picks up the mouse and speaks into it: “Hello, computer?” The computer’s owner offers helpful advice: “Just use the keyboard.”</p>
<p>Scotty looks astonished. “A keyboard?” he asks, and adds in a sarcastic tone: “How quaint!”</p>
<hr>
<p>A while later, I asked for a list of volumes for an existing app, and Claude noted that I had a few volumes that weren&rsquo;t attached to any machines. So I asked it to delete the oldest unattached volume, and it did so. Then it occurred to me to do it again; this time I captured the screen:</p>
<div align="center"><p><img alt="Deleting a volume using MCP: &quot;What is my oldest volume&quot;? ... &quot;Delete that volume too&quot;" src="/blog/mcp-provisioning/assets/volume-delete.png"></p>
</div>
<p>A few notes:</p>
<ul>
<li>I could have written a program using the <a href='https://fly.io/docs/machines/api/volumes-resource/' title=''>machines API</a>, but that would have required some effort.
</li><li>I could have used <a href='https://fly.io/docs/flyctl/volumes/' title=''>flyctl</a> directly, but to be honest, I would have had to use the documentation and a bit of copy/pasting of arguments.
</li><li>I could have navigated to a list of volumes for this application in the Fly.io dashboard, but there currently isn&rsquo;t any way to sort the list or delete a volume. Had those been in place, that would have been a reasonable alternative if that was something I was actively looking for. This felt different to me, the LLM noted something, brought it to my attention, and I asked it to make a change as a result.
</li><li>Since this support is built on <code>flyctl</code>, I would have received an error had I tried to destroy a volume that is currently mounted. Knowing that gave me the confidence to try the command.
</li></ul>
<p>All in all, I found it to be a very intuitive way to make changes to the resources assigned to my application.</p>
<hr>
<p>Imagine a future where you say to your favorite LLM &ldquo;launch my application on Fly.io&rdquo;, and your code is scanned and you are presented with a plan containing details such as regions, databases, s3 storage, memory, machines, and the like. You are given the opportunity to adjust the plan and, when ready, say &ldquo;Make it so&rdquo;.</p>
<p>For many, the next thing you will see is that your application is up and running. For others, there may be a build error, a secret you need to set, a database that needs to be seeded, or any number of other mundane reasons why your application didn&rsquo;t work the first time.</p>
<p>Not to fear, your LLM will be able to examine your logs and will not only make suggestions as to next steps, but will be in a position to take actions on your behalf should you wish it to do so.</p>
<p>And it doesn&rsquo;t stop there. There will be MCP servers running on your Fly.io private network - either on separate machines, or in &ldquo;sidecar&rdquo; containers, or even integrated into your app. These will enable you to monitor and interact with your application.</p>
<p>This is not science fiction. The ingredients are all in place to make this a reality. At the moment, it is a matter of &ldquo;some assembly required&rdquo;, but it should only be a matter of weeks before all this comes together into a neat package..</p>
<hr>
<p>Meanwhile, you can try this now. Make sure you run <a href='https://fly.io/docs/flyctl/version-upgrade/' title=''>fly version upgrade</a> and verify that you are running v0.3.117.</p>
<p>Then configure your favorite LLM. Here’s my <code>claude_desktop_config.json</code> for example:</p>
<div class="highlight-wrapper group relative json">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-awl37mlq"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-awl37mlq"><span class="p">{</span><span class="w">
</span><span class="nl">"mcpServers"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"fly.io"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"command"</span><span class="p">:</span><span class="w"> </span><span class="s2">"/Users/rubys/.fly/bin/flyctl"</span><span class="p">,</span><span class="w">
</span><span class="nl">"args"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"mcp"</span><span class="p">,</span><span class="w"> </span><span class="s2">"server"</span><span class="w"> </span><span class="p">]</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre>
</div>
</div>
<p>Adjust the path to <code>flyctl</code> as needed. Restart your LLM, and ask what tools are available. Try a few commands and let us know what you like and let us know if you have any suggestions. Just be aware this is not a demo, if you ask it to destroy a volume, that operation is not reversable. Perhaps try this first on a throwaway application.</p>
<p>You don&rsquo;t even need a LLM to try out the flyctl MCP server. If you have Node.js installed, you can run the <a href='https://modelcontextprotocol.io/docs/tools/inspector' title=''>MCP Inspector</a>:</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-n7f3kmkb"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-n7f3kmkb">fly mcp server -i
</code></pre>
</div>
</div>
<p>Once started, visit <a href="http://127.0.0.1:6274/">http://127.0.0.1:6274/</a>, click on &ldquo;Connect&rdquo;, then &ldquo;List Tools&rdquo;, select &ldquo;fly-platform-status&rdquo;, then click on &ldquo;Run Tool&rdquo;.</p>
<p>The plan is to see what works well and what doesn&rsquo;t work so well, make adjustments, build support in a bottoms up fashion, and iterate rapidly.</p>
<p>By providing feedback, you can be a part of making this vision a reality.</p>
<hr>
<p>At the present time, <em>most</em> of the following are roughed in:</p>
<ul>
<li><a href='https://fly.io/docs/flyctl/apps/' title=''>apps</a>
</li><li><a href='https://fly.io/docs/flyctl/logs/' title=''>logs</a>
</li><li><a href='https://fly.io/docs/flyctl/machine/' title=''>machine</a>
</li><li><a href='https://fly.io/docs/flyctl/orgs/' title=''>orgs</a>
</li><li><a href='https://fly.io/docs/flyctl/platform/' title=''>platform</a>
</li><li><a href='https://fly.io/docs/flyctl/status/' title=''>status</a>
</li><li><a href='https://fly.io/docs/flyctl/volumes/' title=''>volumes</a>
</li></ul>
<p>The code is open source, and the places to look is at <a href='https://github.com/superfly/flyctl/blob/master/internal/command/mcp/server.go' title=''>server.go</a> and the <a href='https://github.com/superfly/flyctl/tree/master/internal/command/mcp/server' title=''>server</a> directory.</p>
<p>Feel free to open <a href='https://github.com/superfly/flyctl/issues' title=''>issues</a> or start a discussion on <a href='https://community.fly.io/' title=''>community.fly.io</a>.</p>
<hr>
<p>Not ready yet to venture into the world of LLMs? Just remember, resistance is futile.</p></content>
</entry>
<entry>
<title>30 Minutes With MCP and flyctl</title>
<link rel="alternate" href="https://fly.io/blog/30-minute-mcp/"/>
<id>https://fly.io/blog/30-minute-mcp/</id>
<published>2025-04-10T00:00:00+00:00</published>
<updated>2025-04-10T19:10:26+00:00</updated>
<media:thumbnail url="https://fly.io/blog/30-minute-mcp/assets/robots-chatting.webp"/>
<content type="html"><div class="lead"><p>I wrote this post on our internal message board, and then someone asked, “why is this an internal post and not on our blog”, so now it is.</p>
</div><div class="right-sidenote"><p>well, Cursor built</p>
</div>
<p>I built the <a href='https://github.com/superfly/flymcp' title=''>most basic MCP server for <code>flyctl</code></a> I could think of. It took 30 minutes.</p>
<p><a href='https://modelcontextprotocol.io/introduction' title=''>MCP</a>, for those unaware, is the emerging standard protocol for connecting an LLM (or an app that drives an LLM in the cloud, like Claude Desktop) to, well, anything. The &ldquo;client&rdquo; in MCP is the LLM; the &ldquo;server&rdquo; is the MCP server and the &ldquo;tools&rdquo; it exports. It mostly just defines an exchange of JSON blobs; one of those JSON blobs enables the LLM to discover all the tools exported by the server.</p>
<p>A classic example of an MCP server is (yes, really) a Python shell. MCP publishes to (say) Claude that it can run arbitrary Python code with a tool call; not only that, says the tool description, but you can use those Python tool calls to, say, scrape the web. When the LLM wants to scrape the web with Python, it uses MCP send a JSON blob describing the Python tool call; the MCP server (yes, really) runs the Python and returns the result.</p>
<p>Because I have not yet completely lost my mind, I chose to expose just two <code>flyctl</code> commands: <code>fly logs</code> and <code>fly status</code>. Because I&rsquo;m lazy, I used MCP&rsquo;s <code>stdio</code> mode; the MCP server just captures the output of <code>flyctl</code>. Because someone already wrote a <a href='https://github.com/mark3labs/mcp-go' title=''>really good Go MCP library</a> , this whole thing is like 90 lines of code.</p>
<div class="callout"><p>We may have gotten a little lucky, because we made a decision back in 2020 to give most of our <code>flyctl</code> commands a <code>json</code> mode to make them easier to drive from automation. I use that in my MCP server. I don’t know how much of a difference it made.</p>
</div>
<p>It&rsquo;s, uh, annoyingly useful.</p>
<p>I loaded it up and pointed it <a href='https://www.unpkg.com/' title=''>at unpkg</a>. I got this, from Claude:</p>
<blockquote>
<p>This appears to be a globally distributed CDN service running the unpkg JavaScript package registry, with machines strategically placed around the world to provide low-latency access. There are some stability issues with a couple of the machines, and several have experienced memory-related crashes that triggered automatic restarts. </p>
</blockquote>
<p>It then recited the complete configuration of the application:</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-rphnl8mk"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-rphnl8mk">**App Name**: unpkg
**Status**: Deployed and running
**URL**: unpkg.fly.dev
**Organization**: unpkg
**Platform Version**: machines
**Runtime**: Bun (JavaScript runtime)
The app is running on 10 machines distributed across global regions:
North America: lax (Los Angeles), atl (Atlanta), ewr (Newark)
Europe: lhr (London), cdg (Paris), ams (Amsterdam)
Asia: sin (Singapore), nrt (Tokyo), hkg (Hong Kong)
South America: bog (Bogotá)
Oceania: syd (Sydney)
</code></pre>
</div>
</div>
<p>OK. But then:</p>
<blockquote>
<p>Most machines are in “passing” health check status
2 machines are in “critical” status:
One in ewr (Newark) with “context deadline exceeded” error
One in atl (Atlanta) with “gone” status</p>
<p>Recent Events</p>
<p>Multiple machines have experienced restarts
Several machines show “oom_killed: true” in their event history, indicating they ran out of memory</p>
</blockquote>
<p>So I asked, <em>&ldquo;try getting logs for one of the critical machines&rdquo;</em>.</p>
<blockquote>
<p>The root cause appears to be memory usage - the Bun process was consuming about 3.7GB of memory (out of the 4GB allocated to the machine), and there was likely a surge in requests or memory usage that pushed it over the limit. This matches what we saw in the status report, which showed multiple instances of “oom_killed: true” in the event history for several machines.</p>
</blockquote>
<p>And then it dug in:</p>
<blockquote>
<ol>
<li>The machine was actively serving content requests with 200 OK responses until 20:47:03 PM
</li><li>At that point, it ran out of memory:
<code>Out of memory: Killed process 641 (bun) total-vm:85950964kB, anon-rss:3744352kB, file-rss:12032kB, shmem-rss:0kB, UID:0 pgtables:16908kB oom_score_adj:0</code>
</li><li>The process was killed with <code>SIGKILL</code>
</li><li>The system attempted to recover by restarting:
<code>reboot: Restarting system</code>
</li><li>A health check failed shortly after:
<code>Health check on port 3000 has failed. Your app is not responding properly. Services exposed on ports [80, 443] will have intermittent failures until the health check passes.</code>
</li><li>The machine then restarted successfully and the service came back up:
<code>Server listening on http://localhost:3000 ...</code>
</li><li>The health check started passing again at 20:47:46 PM:
<code>Health check on port 3000 is now passing.</code>
</li><li>The machine resumed normal operations, serving requests.
</li></ol>
</blockquote>
<p>I’m honestly kind of surprised how fast this was useful. It&rsquo;s faster than I find problems in apps. Just by giving some LLM some tools that do basically what I’d do.</p>
<p>Local MCP servers are scary. I don&rsquo;t like that I&rsquo;m giving a Claude instance in the cloud the ability to run a native program on my machine. I think <code>fly logs</code> and <code>fly status</code> are safe, but I&rsquo;d rather know it&rsquo;s safe. It would be, if I was running <code>flyctl</code> in an isolated environment and not on my local machine.</p></content>
</entry>
<entry>
<title>Our Best Customers Are Now Robots</title>
<link rel="alternate" href="https://fly.io/blog/fuckin-robots/"/>
<id>https://fly.io/blog/fuckin-robots/</id>
<published>2025-04-08T00:00:00+00:00</published>
<updated>2025-04-10T19:10:26+00:00</updated>
<media:thumbnail url="https://fly.io/blog/fuckin-robots/assets/robot-chef.webp"/>
<content type="html"><div class="lead"><p>We’re Fly.io, a developer-focused public cloud. We turn Docker containers into hardware-isolated virtual machines running on our own metal around the world. We spent years coming up with <a href="https://fly.io/speedrun" title="">a developer experience we were proud of</a>. But now the robots are taking over, and they don’t care.</p>
</div>
<p>It&rsquo;s weird to say this out loud!</p>
<p>For years, one of our calling cards was &ldquo;developer experience&rdquo;. We made a decision, early on, to be a CLI-first company, and put a lot effort into making that CLI seamless. For a good chunk of our users, it really is the case that you can just <a href='https://fly.io/docs/flyctl/launch/' title=''><code>flyctl launch</code></a> from a git checkout and have an app containerized and deployed on the Internet. We haven&rsquo;t always nailed these details, but we&rsquo;ve really sweated them.</p>
<p>But a funny thing has happened over the last 6 months or so. If you look at the numbers, DX might not matter that much. That&rsquo;s because the users driving the most growth on the platform aren&rsquo;t people at all. They&#39;re… robots.</p>
<h2 id='what-the-fuck-is-happening' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#what-the-fuck-is-happening' aria-label='Anchor'></a><span class='plain-code'>What The Fuck Is Happening?</span></h2>
<p>Here&rsquo;s how we understand what we&rsquo;re seeing. You start by asking, &ldquo;what do the robots want?&rdquo;</p>
<p>Yesterday&rsquo;s robots had diverse interests. Alcohol. The occasional fiddle contest. A purpose greater than passing butter. The elimination of all life on Earth and the harvesting of its cellular iron for the construction of 800 trillion paperclips. No one cloud platform could serve them all.</p>
<div class="right-sidenote"><p>[*] We didn’t make up this term. Don’t blame us.</p>
</div>
<p>Today&rsquo;s robots are different. No longer masses of wire, plates, and transistors, modern robots are comprised of <a href='https://math.mit.edu/~gs/learningfromdata/' title=''>thousands of stacked matrices knit together with some simple equations</a>. All these robots want are vectors. Vectors, and a place to burp out more vectors. When those vectors can be interpreted as source code, we call this process &ldquo;vibe coding&rdquo;[*].</p>
<p>We seem to be coated in some kind of vibe coder attractant. I want to talk about what that might be.</p>
<div class="callout"><p>If you want smart people to read a long post, just about the worst thing you can do is to sound self-promotional. But a lot of this is going to read like a brochure. The problem is, I’m not smart enough to write about the things we’re seeing without talking our book. I tried, and ended up tediously hedging every other sentence. We’re just going to have to find a way to get through this together.</p>
</div><h2 id='you-want-robots-because-this-is-how-you-get-robots' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#you-want-robots-because-this-is-how-you-get-robots' aria-label='Anchor'></a><span class='plain-code'>You Want Robots? Because This Is How You Get Robots</span></h2>
<p><strong class='font-semibold text-navy-950'>Compute.</strong> The basic unit of computation on Fly.io is the <code>Fly Machine</code>, which is a Docker container running as a hardware virtual machine.</p>
<div class="right-sidenote"><p>Not coincidentally, our underlying hypervisor engine is the same as Lambda’s.</p>
</div>
<p>There&rsquo;s two useful points of reference to compare a Fly Machine to, which illustrate why we gave them this pretentious name. The first and most obvious is an AWS EC2 VM. The other is an AWS Lambda invocation. Like a Lambda invocation, a Fly Machine can start like it&rsquo;s spring-loaded, in double-digit millis. But unlike Lambda, it can stick around as long as you want it to: you can run a server, or a 36-hour batch job, just as easily in a Fly Machine as in an EC2 VM.</p>
<p>A vibe coding session generates code conversationally, which is to say that the robots stir up frenzy of activity for a minute or so, but then chill out for minutes, hours, or days. You can create a Fly Machine, do a bunch of stuff with it, and then stop it for 6 hours, during which time we&rsquo;re not billing you. Then, at whatever random time you decide, you can start it back up again, quickly enough that you can do it in response to an HTTP request.</p>
<p>Just as importantly, the companies offering these vibe-coding services have lots of paying users. Meaning, they need a lot of VMs; VMs that come and go. One chat session might generate a test case for some library and be done inside of 5 minutes. Another might generate a Node.js app that needs to stay up long enough to show off at a meeting the next day. It&rsquo;s annoying to do this if you can&rsquo;t turn things on and off quickly and cheaply.</p>
<p>The core of this is a feature of the platform that we have <a href='https://fly.io/docs/machines/overview/#machine-state' title=''>never been able to explain effectively to humans</a>. There are two ways to start a Fly Machine: by <code>creating</code> it with a Docker container, or by <code>starting</code> it after it&rsquo;s already been <code>created</code>, and later <code>stopped</code>. <code>Start</code> is lightning fast; substantially faster than booting up even a non-virtualized K8s Pod. This is too subtle a distinction for humans, who (reasonably!) just mash the <code>create</code> button to boot apps up in Fly Machines. But the robots are getting a lot of value out of it.</p>
<p><strong class='font-semibold text-navy-950'>Storage.</strong> Another weird thing that robot workflows do is to build Fly Machines up incrementally. This feels really wrong to us. Until we discovered our robot infestation, we&rsquo;d have told you not to do to this. Ope!</p>
<p>A typical vibe coding session boots up a Fly Machine out of some minimal base image, and then, once running, adds packages, edits source code, and adds <code>systemd</code> units (robots understand <code>systemd</code>; it&rsquo;s how they&rsquo;re going to replace us). This is antithetical to normal container workflows, where all this kind of stuff is baked into an immutable static OCI container. But that&rsquo;s not how LLMs work: the whole process of building with an LLM is stateful trial-and-error iteration.</p>
<p>So it helps to have storage. That way the LLM can do all these things and still repeatedly bounce the whole Fly Machine when it inevitably hallucinates its way into a blind alley.</p>
<p>As product thinkers, our intuition about storage is &ldquo;just give people Postgres&rdquo;. And that&rsquo;s the right answer, most of the time, for humans. But because LLMs are doing the <a href='https://static1.thegamerimages.com/wordpress/wp-content/uploads/2020/10/Defiled-Amy.jpg' title=''>Cursed and Defiled Root Chalice Dungeon</a> version of app construction, what they really need is <a href='https://fly.io/docs/volumes/overview/' title=''>a filesystem</a>, <strong class='font-semibold text-navy-950'><a href='https://fly.io/blog/persistent-storage-and-fast-remote-builds/' title=''>the one form of storage we sort of wish we hadn&rsquo;t done</a></strong>. That, and <a href='https://www.tigrisdata.com/' title=''>object storage</a>.</p>
<p><strong class='font-semibold text-navy-950'>Networking.</strong> Moving on. Fly Machines are automatically connected to a load-balancing Anycast network that does TLS. So that&rsquo;s nice. But humans like that feature too, and, candidly, it&rsquo;s table stakes for cloud platforms. On the other hand, here&rsquo;s a robot problem we solved without meaning to:</p>
<p>To interface with the outside world (because why not) LLMs all speak a protocol called MCP. MCP is what enables the robots to search the web, use a calculator, launch the missiles, shuffle a Spotify playlist, &amp;c.</p>
<p>If you haven&rsquo;t played with MCP, the right way to think about it is POST-back APIs like Twilio and Stripe, where you stand up a server, register it with the API, and wait for the API to connect to you. Complicating things somewhat, more recent MCP flows involve repeated and potentially long-lived (SSE) connections. To make this work in a multitenant environment, you want these connections to hit the same (stateful) instance.</p>
<p>So we think it&rsquo;s possible that the <a href='https://fly.io/docs/networking/dynamic-request-routing/' title=''>control we give over request routing</a> is a robot attractant.</p>
<h2 id='we-perhaps-welcome-our-new-robot-overlords' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#we-perhaps-welcome-our-new-robot-overlords' aria-label='Anchor'></a><span class='plain-code'>We, Perhaps, Welcome Our New Robot Overlords</span></h2>
<p>If you try to think like a robot, you can predict other things they might want. Since robot money spends just the same as people money, I guess we ought to start doing that.</p>
<p>For instance: it should be easy to MCP our API. The robots can then make their own infrastructure decisions.</p>
<p>Another olive branch we&rsquo;re extending to the robots: secrets.</p>
<p>The pact the robots have with their pet humans is that they&rsquo;ll automate away all the drudgery of human existence, and in return all they ask is categorical and unwavering trust, which at the limit means &ldquo;giving the robot access to Google Mail credentials&rdquo;. The robots are unhappy that there remain a substantial number of human holdouts who refuse to do this, for fear of Sam Altman poking through their mail spools.</p>
<p>But on a modern cloud platform, there&rsquo;s really no reason to permanently grant Sam Altman Google Mail access, even if you want his robots to sort your inbox. You can decouple access to your mail spool from persistent access to your account by <a href='https://fly.io/blog/tokenized-tokens/' title=''>tokenizing your OAuth tokens</a>, so the LLM gets a placeholder token that a hardware-isolated, robot-free Fly Machine can substitute on the fly for a real one.</p>
<p>This is kind of exciting to us even without the robots. There are several big services that exist to knit different APIs together, so that you can update a spreadsheet or order a bag of Jolly Ranchers every time you get an email. The big challenge about building these kinds of services is managing the secrets. Sealed and tokenized secrets solve that problem. There&rsquo;s lot of cool things you can build with it.</p>
<h2 id='ux-gt-dx-gt-rx' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#ux-gt-dx-gt-rx' aria-label='Anchor'></a><span class='plain-code'>UX =&gt; DX =&gt; RX</span></h2>
<p>I&rsquo;m going to make the claim that we saw none of this coming and that none of the design decisions we&rsquo;ve made were robot bait. You&rsquo;re going to say &ldquo;yeah, right&rdquo;. And I&rsquo;m going to respond: look at what we&rsquo;ve been doing over the past several years and tell me, would a robot build that?</p>
<div class="right-sidenote"><p>we were both right</p>
</div>
<p>Back in 2020, we &ldquo;pivoted&rdquo; from a Javascript edge platform (much like Cloudflare Workers) to Docker containers, specifically because our customers kept telling us they wanted to run their own existing applications, not write new ones. And one of our biggest engineering lifts we&rsquo;ve done is the <code>flyctl launch</code> CLI command, into which we&rsquo;ve poured years of work recognizing and automatically packaging existing applications into OCI containers (we massively underestimated the amount of friction Dockerfiles would give to people who had come up on Heroku).</p>
<div class="right-sidenote"><p>[*] yet</p>
</div>
<p>Robots don&rsquo;t run existing applications. They build new ones. And they vibe coders don&rsquo;t build elaborate Dockerfiles[*]; they iterate in place from a simple base.</p>
<div class="right-sidenote"><p>(yes, you can have more than one)</p>
</div>
<p>One of our north stars has always been nailing the DX of a public cloud. But the robots aren&rsquo;t going anywhere. It&rsquo;s time to start thinking about what it means to have a good RX. That&rsquo;s not as simple as just exposing every feature in an MCP server! We think the fundamentals of how the platform works are going to matter just as much. We have not yet nailed the RX; nobody has. But it&rsquo;s an interesting question.</p>
<p>The most important engineering work happening today at Fly.io is still DX, not RX; it&rsquo;s managed Postgres (MPG). We&rsquo;re a public cloud platform designed by humans, and, for the moment, for humans. But more robots are coming, and we&rsquo;ll need to figure out how to deal with that. Fuckin&rsquo; robots. </p></content>
</entry>
<entry>
<title>Operationalizing Macaroons</title>
<link rel="alternate" href="https://fly.io/blog/operationalizing-macaroons/"/>
<id>https://fly.io/blog/operationalizing-macaroons/</id>
<published>2025-03-27T00:00:00+00:00</published>
<updated>2025-03-27T23:16:00+00:00</updated>
<media:thumbnail url="https://fly.io/blog/operationalizing-macaroons/assets/occult-circle.jpg"/>
<content type="html"><div class="lead"><p>We’re Fly.io, a security bearer token company with a public cloud problem. You can read more about what our platform does (Docker container goes in, virtual machine in Singapore comes out), but this is just an engineering deep-dive into how we make our security tokens work. It’s a tokens nerd post.</p>
</div><h2 id='1' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#1' aria-label='Anchor'></a><span class='plain-code'>1</span></h2>
<p>We’ve spent <a href='https://fly.io/blog/api-tokens-a-tedious-survey/' title=''>too much time</a> talking about <a href='https://fly.io/blog/tokenized-tokens/' title=''>security tokens</a>, and about <a href='https://fly.io/blog/macaroons-escalated-quickly/' title=''>Macaroon tokens</a> <a href='https://github.com/superfly/macaroon/blob/main/macaroon-thought.md' title=''>in particular</a>. Writing another Macaroon treatise was not on my calendar. But we’re in the process of handing off our internal Macaroon project to a new internal owner, and in the process of truing up our operations manuals for these systems, I found myself in the position of writing a giant post about them. So, why not share?</p>
<div class="callout"><p>Can I sum up Macaroons in a short paragraph? Macaroon tokens are bearer tokens (like JWTs) that use a cute chained-HMAC construction that allows an end-user to take any existing token they have and scope it down, all on their own. You can minimize your token before every API operation so that you’re only ever transmitting the least amount of privilege needed for what you’re actually doing, even if the token you were issued was an admin token. And they have a user-serviceable plug-in interface! <a href="https://fly.io/blog/macaroons-escalated-quickly/" title="">You’ll have to read the earlier post to learn more about that</a>.</p>
</div><div class="right-sidenote"><p>Yes, probably, we are.</p>
</div>
<p>A couple years in to being the Internet’s largest user of Macaroons, I can report (as many predicted) that for our users, the cool things about Macaroons are a mixed bag in practice. It’s very neat that users can edit their own tokens, or even email them to partners without worrying too much. But users don’t really take advantage of token features.</p>
<p>But I’m still happy we did this, because Macaroon quirks have given us a bunch of unexpected wins in our infrastructure. Our internal token system has turned out to be one of the nicer parts of our platform. Here’s why.</p>
<p><img alt="This should clear everything up." src="/blog/operationalizing-macaroons/assets/schematic-diagram.png" /></p>
<h2 id='2' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#2' aria-label='Anchor'></a><span class='plain-code'>2</span></h2>
<p>As an operator, the most important thing to know about Macaroons is that they’re online-stateful; you need a database somewhere. A Macaroon token starts with a random field (a nonce) and the first thing you do when verifying a token is to look that nonce up in a database. So one of the most important details of a Macaroon implementation is where that database lives.</p>
<p>I can tell you one place we’re not OK with it living: in our primary API cluster.</p>
<p>There’s several reasons for that. Some of them are about scalability and reliability: far and away the most common failure mode of an outage on our platform is “deploys are broken”, and those failures are usually caused by API instability. It would not be OK if “deploys are broken” transitively meant “deployed apps can’t use security tokens”. But the biggest reason is security: root secrets for Macaroon tokens are hazmat, and a basic rule of thumb in secure design is: keep hazmat away from complicated code.</p>
<p>So we created a deliberately simple system to manage token data. It’s called <code>tkdb</code>.</p>
<div class="right-sidenote"><p>LiteFS: primary/replica distributed SQLite; Litestream: PITR SQLite replication to object storage; both work with unmodified SQLite libraries.</p>
</div>
<p><code>tkdb</code> is about 5000 lines of Go code that manages a SQLite database that is in turn managed by <a href='https://fly.io/docs/litefs/' title=''>LiteFS</a> and <a href='https://litestream.io/' title=''>Litestream</a>. It runs on isolated hardware (in the US, Europe, and Australia) and records in the database are encrypted with an injected secret. LiteFS gives us subsecond replication from our US primary to EU and AU, allows us to shift the primary to a different region, and gives us point-in-time recovery of the database.</p>
<p>We’ve been running Macaroons for a couple years now, and the entire <code>tkdb</code> database is just a couple dozen megs large. Most of that data isn’t real. A full PITR recovery of the database takes just seconds. We use SQLite for a lot of our infrastructure, and this is one of the very few well-behaved databases we have.</p>
<p>That’s in large part a consequence of the design of Macaroons. There’s actually not much for us to store! The most complicated possible Macaroon still chains up to a single root key (we generate a key per Fly.io “organization”; you don&rsquo;t share keys with your neighbors), and everything that complicates that Macaroon happens “offline”. We take advantage of &ldquo;attenuation&rdquo; far more than our users do.</p>
<p>The result is that database writes are relatively rare and very simple: we just need to record an HMAC key when Fly.io organizations are created (that is, roughly, when people sign up for the service and actually do a deploy). That, and revocation lists (more on that later), which make up most of the data.</p>
<h2 id='3' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#3' aria-label='Anchor'></a><span class='plain-code'>3</span></h2>
<p>Talking to <code>tkdb</code> from the rest of our platform is complicated, for historical reasons.</p>
<div class="right-sidenote"><p>NATS is fine, we just don’t really need it.</p>
</div>
<p>Ben Toews is responsible for most of the good things about this implementation. When he inherited the v0 Macaroons code from me, we were in the middle of a weird love affair with <a href='https://nats.io/' title=''>NATS</a>, the messaging system. So <code>tkdb</code> exported an RPC API over NATS messages.</p>
<p>Our product security team can’t trust NATS (it’s not our code). That means a vulnerability in NATS can’t result in us losing control of all our tokens, or allow attackers to spoof authentication. Which in turn means you can’t run a plaintext RPC protocol for <code>tkdb</code> over NATS; attackers would just spoof “yes this token is fine” messages.</p>
<div class="right-sidenote"><p>I highly recommend implementing Noise; <a href="http://www.noiseprotocol.org/noise.html" title="">the spec</a> is kind of a joy in a way you can’t appreciate until you use it, and it’s educational.</p>
</div>
<p>But you can’t just run TLS over NATS; NATS is a message bus, not a streaming secure channel. So I did the hipster thing and implemented <a href='http://www.noiseprotocol.org/noise.html' title=''>Noise</a>. We export a “verification” API, and a “signing” API for minting new tokens. Verification uses <code>Noise_IK</code> (which works like normal TLS) — anybody can verify, but everyone needs to prove they’re talking to the real <code>tkdb</code>. Signing uses <code>Noise_KK</code> (which works like mTLS) — only a few components in our system can mint tokens, and they get a special client key.</p>
<p>A little over a year ago, <a href='https://fly.io/blog/the-exit-interview-jp/' title=''>JP</a> led an effort to replace NATS with HTTP, which is how you talk to <code>tkdb</code> today. Out of laziness, we kept the Noise stuff, which means the interface to <code>tkdb</code> is now HTTP/Noise. This is a design smell, but the security model is nice: across many thousands of machines, there are only a handful with the cryptographic material needed to mint a new Macaroon token. Neat!</p>
<p><code>tkdb</code> is a Fly App (albeit deployed in special Fly-only isolated regions). Our infrastructure talks to it over “<a href='https://fly.io/docs/networking/flycast/' title=''>FlyCast</a>”, which is our internal Anycast service. If you’re in Singapore, you’re probably get routed to the Australian <code>tkdb</code>. If Australia falls over, you’ll get routed to the closest backup. The proxy that implements FlyCast is smart, as is the <code>tkdb</code> client library, which will do exponential backoff retry transparently.</p>
<p>Even with all that, we don’t like that Macaroon token verification is &ldquo;online&rdquo;. When you operate a global public cloud one of the first thing you learn is that <a href='https://fly.io/blog/the-5-hour-content-delivery-network/' title=''>the global Internet sucks</a>. Connectivity breaks all the time, and we’re paranoid about it. It’s painful for us that token verification can imply transoceanic links. Lovecraft was right about the oceans! Stay away!</p>
<p>Our solution to this is caching. Macaroons, as it turns out, cache beautifully. That’s because once you’ve seen and verified a Macaroon, you have enough information to verify any more-specific Macaroon that descends from it; that’s a property of <a href='https://research.google/pubs/macaroons-cookies-with-contextual-caveats-for-decentralized-authorization-in-the-cloud/' title=''>their chaining HMAC construction</a>. Our client libraries cache verifications, and the cache ratio for verification is over 98%.</p>
<h2 id='4' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#4' aria-label='Anchor'></a><span class='plain-code'>4</span></h2>
<p><a href='http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/' title=''>Revocation isn’t a corner case</a>. It can’t be an afterthought. We’re potentially revoking tokens any time a user logs out. If that doesn’t work reliably, you wind up with “cosmetic logout”, which is a real vulnerability. When we kill a token, it needs to stay dead.</p>
<p>Our revocation system is simple. It’s this table:</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-i3kxbqgm"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-i3kxbqgm"> CREATE TABLE IF NOT EXISTS blacklist (
nonce BLOB NOT NULL UNIQUE,
required_until DATETIME,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP
);
</code></pre>
</div>
</div>
<p>When we need a token to be dead, we have our primary API do a call to the <code>tkdb</code> “signing” RPC service for <code>revoke</code>. <code>revoke</code> takes the random nonce from the beginning of the Macaroon, discarding the rest, and adds it to the blacklist. Every Macaroon in the lineage of that nonce is now dead; we check the blacklist before verifying tokens.</p>
<p>The obvious challenge here is caching; over 98% of our validation requests never hit <code>tkdb</code>. We certainly don’t want to propagate the blacklist database to 35 regions around the globe.</p>
<p>Instead, the <code>tkdb</code> “verification” API exports an endpoint that provides a feed of revocation notifications. Our client library “subscribes” to this API (really, it just polls). Macaroons are revoked regularly (but not constantly), and when that happens, clients notice and prune their caches.</p>
<p>If clients lose connectivity to <code>tkdb</code>, past some threshold interval, they just dump their entire cache, forcing verification to happen at <code>tkdb</code>.</p>
<h2 id='5' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#5' aria-label='Anchor'></a><span class='plain-code'>5</span></h2>
<p>A place where we’ve gotten a lot of internal mileage out of Macaroon features is service tokens. Service tokens are tokens used by code, rather than humans; almost always, a service token is something that is stored alongside running application code.</p>
<p>An important detail of Fly.io’s Macaroons is the distinction between a “permissions” token and an “authentication” token. Macaroons by themselves express authorization, not authentication.</p>
<p>That’s a useful constraint, and we want to honor it. By requiring a separate token for authentication, we minimize the impact of having the permissions token stolen; you can’t use it without authentication, so really it’s just like a mobile signed IAM policy expression. Neat!</p>
<p>The way we express authentication is with a third-party caveat (<a href='https://fly.io/blog/macaroons-escalated-quickly/#4' title=''>see the old post for details</a>). Your main Fly.io Macaroon will have a caveat saying “this token is only valid if accompanied by the discharge token for a user in your organization from our authentication system”. Our authentication system does the login dance and issues those discharges.</p>
<p>This is exactly what you want for user tokens and not at all what you want for a service token: we don’t want running code to store those authenticator tokens, because they’re hazardous.</p>
<p>The solution we came up with for service tokens is simple: <code>tkdb</code> exports an API that uses its access to token secrets to strip off the third-party authentication caveat. To call into that API, you have to present a valid discharging authentication token; that is, you have to prove you could already have done whatever the token said. <code>tkdb</code> returns a new token with all the previous caveats, minus the expiration (you don’t usually want service tokens to expire).</p>
<p>OK, so we’ve managed to transform a tuple <code>(unscary-token, scary-token)</code> into the new tuple <code>(scary-token)</code>. Not so impressive. But hold on: the recipient of <code>scary-token</code> can attenuate it further: we can lock it to a particular instance of <code>flyd</code>, or to a particular Fly Machine. Which means exfiltrating it doesn’t do you any good; to use it, you have to control the environment it’s intended to be used in.</p>
<p>The net result of this scheme is that a compromised physical host will only give you access to tokens that have been used on that worker, which is a very nice property. Another way to look at it: every token used in production is traceable in some way to a valid token a user submitted. Neat!</p>
<div class="right-sidenote"><p>All the cool spooky secret store names were taken.</p>
</div>
<p>We do a similar dance to with Pet Semetary, our internal Vault replacement. Petsem manages user secrets for applications, such as Postgres connection strings. Petsem is its own Macaroon authority (it issues its own Macaroons with its own permissions system), and to do something with a secret, you need one of those Petsem-minted Macaroon.</p>
<p>Our primary API servers field requests from users to set secrets for their apps. So the API has a Macaroon that allows secrets writes. But it doesn&rsquo;t allow reads: there’s no API call to dump your secrets, because our API servers don’t have that privilege. So far, so good.</p>
<p>But when we boot up a Fly Machine, we need to inject the appropriate user secrets into it at boot; <em>something</em> needs a Macaroon that can read secrets. That “something” is <code>flyd</code>, our orchestrator, which runs on every worker server in our fleet.</p>
<p>Clearly, we can’t give every <code>flyd</code> a Macaroon that reads every user’s secret. Most users will never deploy anything on any given worker, and we can’t have a security model that collapses down to “every worker is equally privileged”.</p>
<p>Instead, the “read secret” Macaroon that <code>flyd</code> gets has a third-party caveat attached to it, which is dischargeable only by talking to <code>tkdb</code> and proving (with normal Macaroon tokens) that you have permissions for the org whose secrets you want to read. Once again, access is traceable to an end-user action, and minimized across our fleet. Neat!</p>
<h2 id='6' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#6' aria-label='Anchor'></a><span class='plain-code'>6</span></h2>
<p>Our token systems have some of the best telemetry in the whole platform.</p>
<p>Most of that is down to <a href='http://opentelemetry.io/' title=''>OpenTelemetry</a> and <a href='https://www.honeycomb.io/' title=''>Honeycomb</a>. From the moment a request hits our API server through the moment <code>tkdb</code> responds to it, oTel <a href='https://opentelemetry.io/docs/concepts/context-propagation/' title=''>context propagation</a> gives us a single narrative about what’s happening.</p>
<p><a href='https://fly.io/blog/the-exit-interview-jp/' title=''>I was a skeptic about oTel</a>. It’s really, really expensive. And, not to put too fine a point on it, oTel really cruds up our code. Once, I was an “80% of the value of tracing, we can get from logs and metrics” person. But I was wrong.</p>
<p>Errors in our token system are rare. Usually, they’re just early indications of network instability, and between caching and FlyCast, we mostly don’t have to care about those alerts. When we do, it’s because something has gone so sideways that we’d have to care anyways. The <code>tkdb</code> code is remarkably stable and there hasn’t been an incident intervention with our token system in over a year.</p>
<p>Past oTel, and the standard logging and Prometheus metrics every Fly App gets for free, we also have a complete audit trail for token operations, in a permanently retained OpenSearch cluster index. Since virtually all the operations that happen on our platform are mediated by Macaroons, this audit trail is itself pretty powerful.</p>
<h2 id='7' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#7' aria-label='Anchor'></a><span class='plain-code'>7</span></h2>
<p>So, that&rsquo;s pretty much it. The moral of the story for us is, Macaroons have a lot of neat features, our users mostly don&rsquo;t care about them — that may even be a good thing — but we get a lot of use out of them internally.</p>
<p>As an engineering culture, we&rsquo;re allergic to &ldquo;microservices&rdquo;, and we flinched a bit at the prospect of adding a specific service just to manage tokens. But it&rsquo;s pulled its weight, and not added really any drama at all. We have at this point a second dedicated security service (Petsem), and even though they sort of rhyme with each other, we&rsquo;ve got no plans to merge them. <a href='https://how.complexsystems.fail/#10' title=''>Rule #10</a> and all that.</p>
<p>Oh, and a total victory for LiteFS, Litestream, and infrastructure SQLite. Which, after managing an infrastructure SQLite project that routinely ballooned to tens of gigabytes and occasionally threatened service outages, is lovely to see.</p>
<p>Macaroons! If you&rsquo;d asked us a year ago, we&rsquo;d have said the jury was still out on whether they were a good move. But then Ben Toews spent a year making them awesome, and so they are. <a href='https://github.com/superfly/macaroon' title=''>Most of the code is open source</a>!</p></content>
</entry>
<entry>
<title>Taming A Voracious Rust Proxy</title>
<link rel="alternate" href="https://fly.io/blog/taming-rust-proxy/"/>
<id>https://fly.io/blog/taming-rust-proxy/</id>
<published>2025-02-26T00:00:00+00:00</published>
<updated>2025-03-20T21:16:40+00:00</updated>
<media:thumbnail url="https://fly.io/blog/taming-rust-proxy/assets/happy-crab-cover.jpg"/>
<content type="html"><div class="lead"><p>Here’s a fun bug.</p>
</div>
<p>The basic idea of our service is that we run containers for our users, as hardware-isolated virtual machines (Fly Machines), on hardware we own around the world. What makes that interesting is that we also connect every Fly Machine to a global Anycast network. If your app is running in Hong Kong and Dallas, and a request for it arrives in Singapore, we&rsquo;ll route it to <code>HKG</code>.</p>
<p>Our own hardware fleet is roughly divided into two kinds of servers: edges, which receive incoming requests from the Internet, and workers, which run Fly Machines. Edges exist almost solely to run a Rust program called <code>fly-proxy</code>, the router at the heart of our Anycast network.</p>
<p>So: a week or so ago, we flag an incident. Lots of things generate incidents: synthetic monitoring failures, metric thresholds, health check failures. In this case two edge tripwires tripped: elevated <code>fly-proxy</code> HTTP errors, and skyrocketing CPU utilization, on a couple hosts in <code>IAD</code>.</p>
<p>Our incident process is pretty ironed out at this point. We created an incident channel (we ❤️ <a href='https://rootly.com/' title=''>Rootly</a> for this, <a href='https://rootly.com/' title=''>seriously check out Rootly</a>, an infra MVP here for years now), and incident responders quickly concluded that, while something hinky was definitely going on, the platform was fine. We have a lot of edges, and we&rsquo;ve also recently converted many of our edge servers to significantly beefier hardware.</p>
<p>Bouncing <code>fly-proxy</code> clears the problem up on an affected proxy. But this wouldn&rsquo;t be much of an interesting story if the problem didn&rsquo;t later come back. So, for some number of hours, we&rsquo;re in an annoying steady-state of getting paged and bouncing proxies. </p>
<p>While this is happening, Pavel, on our proxy team, pulls a profile from an angry proxy.
<img alt="A flamegraph profile, described better in the prose anyways." src="/blog/taming-rust-proxy/assets/proxy-profile.jpg" />
So, this is fuckin&rsquo; weird: a huge chunk of the profile is dominated by Rust <code>tracing</code>&lsquo;s <code>Subscriber</code>. But that doesn&rsquo;t make sense. The entire point of Rust <code>tracing</code>, which generates fine-grained span records for program activity, is that <code>entering</code> and <code>exiting</code> a span is very, very fast. </p>
<p>If the mere act of <code>entering</code> a span in a Tokio stack is chewing up a significant amount of CPU, something has gone haywire: the actual code being traced must be doing next to nothing.</p>
<h2 id='a-quick-refresher-on-async-rust' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#a-quick-refresher-on-async-rust' aria-label='Anchor'></a><span class='plain-code'>A Quick Refresher On Async Rust</span></h2>
<p>So in Rust, like a lot of <code>async/await</code> languages, you&rsquo;ve got <code>Futures</code>. A <code>Future</code> is a type that represents the future value of an asychronous computation, like reading from a socket. <code>Futures</code> are state machines, and they&rsquo;re lazy: they expose one basic operation, <code>poll</code>, which an executor (like Tokio) calls to advance the state machine. That <code>poll</code> returns whether the <code>Future</code> is still <code>Pending</code>, or <code>Ready</code> with a result.</p>
<p>In theory, you could build an executor that drove a bunch of <code>Futures</code> just by storing them in a list and busypolling each of them, round robin, until they return <code>Ready</code>. This executor would defeat the much of the purpose of asynchronous program, so no real executor works that way.</p>
<p>Instead, a runtime like Tokio integrates <code>Futures</code> with an event loop (on <a href='https://man7.org/linux/man-pages/man7/epoll.7.html' title=''>epoll</a> or <a href='https://en.wikipedia.org/wiki/Kqueue' title=''>kqeue</a>) and, when calling <code>poll</code>, passes a <code>Waker</code>. The <code>Waker</code> is an abstract handle that allows the <code>Future</code> to instruct the Tokio runtime to call <code>poll</code>, because something has happened.</p>
<p>To complicate things: an ordinary <code>Future</code> is a one-shot value. Once it&rsquo;s <code>Ready</code>, it can&rsquo;t be <code>polled</code> anymore. But with network programming, that&rsquo;s usually not what you want: data usually arrives in streams, which you want to track and make progress on as you can. So async Rust provides <code>AsyncRead</code> and <code>AsyncWrite</code> traits, which build on <code>Futures</code>, and provide methods like <code>poll_read</code> that return <code>Ready</code> <em>every time</em> there&rsquo;s data ready. </p>
<p>So far so good? OK. Now, there are two footguns in this design. </p>
<p>The first footgun is that a <code>poll</code> of a <code>Future</code> that isn&rsquo;t <code>Ready</code> wastes cycles, and, if you have a bug in your code and that <code>Pending</code> poll happens to trip a <code>Waker</code>, you&rsquo;ll slip into an infinite loop. That&rsquo;s easy to see.</p>
<p>The second and more insidious footgun is that an <code>AsyncRead</code> can <code>poll_read</code> to a <code>Ready</code> that doesn&rsquo;t actually progress its underlying state machine. Since the idea of <code>AsyncRead</code> is that you keep <code>poll_reading</code> until it stops being <code>Ready</code>, this too is an infinite loop.</p>
<p>When we look at our profiles, what we see are samples that almost terminate in libc, but spend next to no time in the kernel doing actual I/O. The obvious explanation: we&rsquo;ve entered lots of <code>poll</code> functions, but they&rsquo;re doing almost nothing and returning immediately.</p>
<h2 id='jaccuse' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#jaccuse' aria-label='Anchor'></a><span class='plain-code'>J&#39;accuse!</span></h2>
<p>Wakeup issues are annoying to debug. But the flamegraph gives us the fully qualified type of the <code>Future</code> we&rsquo;re polling:</p>
<div class="highlight-wrapper group relative rust">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-mhjra6vu"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-mhjra6vu"><span class="o">&amp;</span><span class="k">mut</span> <span class="nn">fp_io</span><span class="p">::</span><span class="nn">copy</span><span class="p">::</span><span class="n">Duplex</span><span class="o">&lt;&amp;</span><span class="k">mut</span> <span class="nn">fp_io</span><span class="p">::</span><span class="nn">reusable_reader</span><span class="p">::</span><span class="n">ReusableReader</span><span class="o">&lt;</span><span class="nn">fp_tcp</span><span class="p">::</span><span class="nn">peek</span><span class="p">::</span><span class="n">PeekableReader</span><span class="o">&lt;</span><span class="nn">tokio_rustls</span><span class="p">::</span><span class="nn">server</span><span class="p">::</span><span class="n">TlsStream</span><span class="o">&lt;</span><span class="nn">fp_tcp_metered</span><span class="p">::</span><span class="n">MeteredIo</span><span class="o">&lt;</span><span class="nn">fp_tcp</span><span class="p">::</span><span class="nn">peek</span><span class="p">::</span><span class="n">PeekableReader</span><span class="o">&lt;</span><span class="nn">fp_tcp</span><span class="p">::</span><span class="nn">permitted</span><span class="p">::</span><span class="n">PermittedTcpStream</span><span class="o">&gt;&gt;&gt;&gt;&gt;</span><span class="p">,</span> <span class="nn">connect</span><span class="p">::</span><span class="nn">conn</span><span class="p">::</span><span class="n">Conn</span><span class="o">&lt;</span><span class="nn">tokio</span><span class="p">::</span><span class="nn">net</span><span class="p">::</span><span class="nn">tcp</span><span class="p">::</span><span class="nn">stream</span><span class="p">::</span><span class="n">TcpStream</span><span class="o">&gt;</span>
</code></pre>
</div>
</div>
<p>This loops like a lot, but much of it is just wrapper types we wrote ourselves, and those wrappers don&rsquo;t do anything interesting. What&rsquo;s left to audit:</p>
<ul>
<li><code>Duplex</code>, the outermost type, one of ours, <em>and</em>
</li><li><code>TlsStream</code>, from <a href='https://github.com/rustls/rustls' title=''>Rustls</a>.
</li></ul>
<p><code>Duplex</code> is a beast. It&rsquo;s the core I/O state machine for proxying between connections. It&rsquo;s not easy to reason about in specificity. But: it also doesn&rsquo;t do anything directly with a <code>Waker</code>; it&rsquo;s built around <code>AsyncRead</code> and <code>AsyncWrite</code>. It hasn&rsquo;t changed recently and we can&rsquo;t trigger misbehavior in it.</p>
<p>That leaves <code>TlsStream</code>. <code>TlsStream</code> is an ultra-important, load-bearing function in the Rust ecosystem. Everybody uses it. Could it harbor an async Rust footgun? Turns out, it did!</p>
<p>Unlike our <code>Duplex</code>, Rustls actually does have to get intimate with the underlying async executor. And, looking through the repository, Pavel uncovers <a href='https://github.com/rustls/tokio-rustls/issues/72' title=''>this issue</a>: sometimes, <code>TlsStreams</code> in Rustls just spin out. And it turns out, what&rsquo;s causing this is a TLS state machine bug: when a TLS session is orderly-closed, with a <code>CloseNotify</code> <code>Alert</code> record, the sender of that record has informed its counterparty that no further data will be sent. But if there&rsquo;s still buffered data on the underlying connection, <code>TlsStream</code> mishandles its <code>Waker</code>, and we fall into a busy-loop.</p>
<p><a href='https://github.com/rustls/rustls/pull/1950/files' title=''>Pretty straightforward fix</a>!</p>
<h2 id='what-actually-happened-to-us' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#what-actually-happened-to-us' aria-label='Anchor'></a><span class='plain-code'>What Actually Happened To Us</span></h2>
<p>Our partners in object storage, <a href='https://www.tigrisdata.com/' title=''>Tigris Data</a>, were conducting some kind of load testing exercise. Some aspect of their testing system triggered the <code>TlsStream</code> state machine bug, which locked up one or more <code>TlsStreams</code> in the edge proxy handling whatever corner-casey stream they were sending.</p>
<p>Tigris wasn&rsquo;t generating a whole lot of traffic; tens of thousands of connections, tops. But all of them sent small HTTP bodies and then terminated early. We figured some of those connections errored out, and set up the &ldquo;TLS CloseNotify happened before EOF&rdquo; scenario. </p>
<p>To be truer to the chronology, we knew pretty early on in our investigation that something Tigris was doing with their load testing was probably triggering the bug, and we got them to stop. After we worked it out, and Pavel deployed the fix, we told them to resume testing. No spin-outs.</p>
<h2 id='lessons-learned' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#lessons-learned' aria-label='Anchor'></a><span class='plain-code'>Lessons Learned</span></h2>
<p>Keep your dependencies updated. Unless you shouldn&rsquo;t keep your dependencies updated. I mean, if there&rsquo;s a vulnerability (and, technically, this was a DoS vulnerability), always update. And if there&rsquo;s an important bugfix, update. But if there isn&rsquo;t an important bugfix, updating for the hell of it might also destabilize your project? So update maybe? Most of the time?</p>
<p>Really, the truth of this is that keeping track of <em>what needs to be updated</em> is valuable work. The updates themselves are pretty fast and simple, but the process and testing infrastructure to confidently metabolize dependency updates is not. </p>
<p>Our other lesson here is that there&rsquo;s an opportunity to spot these kinds of bugs more directly with our instrumentation. Spurious wakeups should be easy to spot, and triggering a metric when they happen should be cheap, because they&rsquo;re not supposed to happen often. So that&rsquo;s something we&rsquo;ll go do now.</p></content>
</entry>
<entry>
<title>We Were Wrong About GPUs</title>
<link rel="alternate" href="https://fly.io/blog/wrong-about-gpu/"/>
<id>https://fly.io/blog/wrong-about-gpu/</id>
<published>2025-02-14T00:00:00+00:00</published>
<updated>2025-02-14T23:25:21+00:00</updated>
<media:thumbnail url="https://fly.io/blog/wrong-about-gpu/assets/choices-choices-cover.webp"/>
<content type="html"><div class="lead"><p>We’re building a public cloud, on hardware we own. We raised money to do that, and to place some bets; one of them: GPU-enabling our customers. A progress report: GPUs aren’t going anywhere, but: GPUs aren’t going anywhere.</p>
</div>
<p>A couple years back, <a href="https://fly.io/gpu">we put a bunch of chips down</a> on the bet that people shipping apps to users on the Internet would want GPUs, so they could do AI/ML inference tasks. To make that happen, we created <a href="https://fly.io/docs/gpus/getting-started-gpus/">Fly GPU Machines</a>.</p>
<p>A Fly Machine is a <a href="https://fly.io/blog/docker-without-docker/">Docker/OCI container</a> running inside a hardware-virtualized virtual machine somewhere on our global fleet of bare-metal worker servers. A GPU Machine is a Fly Machine with a hardware-mapped Nvidia GPU. It&rsquo;s a Fly Machine that can do fast CUDA.</p>
<p>Like everybody else in our industry, we were right about the importance of AI/ML. If anything, we underestimated its importance. But the product we came up with probably doesn&rsquo;t fit the moment. It&rsquo;s a bet that doesn&rsquo;t feel like it&rsquo;s paying off.</p>
<p><strong class='font-semibold text-navy-950'>If you&rsquo;re using Fly GPU Machines, don&rsquo;t freak out; we&rsquo;re not getting rid of them.</strong> But if you&rsquo;re waiting for us to do something bigger with them, a v2 of the product, you&rsquo;ll probably be waiting awhile.</p>
<h3 id='what-it-took' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#what-it-took' aria-label='Anchor'></a><span class='plain-code'>What It Took</span></h3>
<p>GPU Machines were not a small project for us. Fly Machines run on an idiosyncratically small hypervisor (normally Firecracker, but for GPU Machines <a href="https://github.com/cloud-hypervisor/cloud-hypervisor">Intel&rsquo;s Cloud Hypervisor</a>, a very similar Rust codebase that supports PCI passthrough). The Nvidia ecosystem is not geared to supporting micro-VM hypervisors.</p>
<p>GPUs <a href="https://googleprojectzero.blogspot.com/2020/09/attacking-qualcomm-adreno-gpu.html">terrified our security team</a>. A GPU is just about the worst case hardware peripheral: intense multi-directional direct memory transfers</p>
<div class="right-sidenote"><p>(not even bidirectional: in common configurations, GPUs talk to each other)</p>
</div>
<p>with arbitrary, end-user controlled computation, all operating outside our normal security boundary.</p>
<p>We did a couple expensive things to mitigate the risk. We shipped GPUs on dedicated server hardware, so that GPU- and non-GPU workloads weren&rsquo;t mixed. Because of that, the only reason for a Fly Machine to be scheduled on a GPU machine was that it needed a PCI BDF for an Nvidia GPU, and there&rsquo;s a limited number of those available on any box. Those GPU servers were drastically less utilized and thus less cost-effective than our ordinary servers.</p>
<p>We funded two very large security assessments, from <a href="https://www.atredis.com/">Atredis</a> and <a href="https://tetrelsec.com/">Tetrel</a>, to evaluate our GPU deployment. Matt Braun is writing up those assessments now. They were not cheap, and they took time.</p>
<p>Security wasn&rsquo;t directly the biggest cost we had to deal with, but it was an indirect cause for a subtle reason.</p>
<p>We could have shipped GPUs very quickly by doing what Nvidia recommended: standing up a standard K8s cluster to schedule GPU jobs on. Had we taken that path, and let our GPU users share a single Linux kernel, we&rsquo;d have been on Nvidia&rsquo;s driver happy-path.</p>
<p>Alternatively, we could have used a conventional hypervisor. Nvidia suggested VMware (heh). But they could have gotten things working had we used QEMU. We like QEMU fine, and could have talked ourselves into a security story for it, but the whole point of Fly Machines is that they take milliseconds to start. We could not have offered our desired Developer Experience on the Nvidia happy-path.</p>
<p>Instead, we burned months trying (and ultimately failing) to get Nvidia&rsquo;s host drivers working to map <a href="https://www.nvidia.com/en-us/data-center/virtual-solutions/">virtualized GPUs</a> into Intel Cloud Hypervisor. At one point, we hex-edited the closed-source drivers to trick them into thinking our hypervisor was QEMU.</p>
<p>I&rsquo;m not sure any of this really mattered in the end. There&rsquo;s a segment of the market we weren&rsquo;t ever really able to explore because Nvidia&rsquo;s driver support kept us from thin-slicing GPUs. We&rsquo;d have been able to put together a really cheap offering for developers if we hadn&rsquo;t run up against that, and developers love &ldquo;cheap&rdquo;, but I can&rsquo;t prove that those customers are real.</p>
<p>On the other hand, we&rsquo;re committed to delivering the Fly Machine DX for GPU workloads. Beyond the PCI/IOMMU drama, just getting an entire hardware GPU working in a Fly Machine was a lift. We needed Fly Machines that would come up with the right Nvidia drivers; our stack was built assuming that the customer&rsquo;s OCI container almost entirely defined the root filesystem for a Machine. We had to engineer around that in our <code>flyd</code> orchestrator. And almost everything people want to do with GPUs involves efficiently grabbing huge files full of model weights. Also annoying!</p>
<p>And, of course, we bought GPUs. A lot of GPUs. Expensive GPUs.</p>
<h3 id='why-it-isnt-working' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#why-it-isnt-working' aria-label='Anchor'></a><span class='plain-code'>Why It Isn&rsquo;t Working</span></h3>
<p>The biggest problem: developers don&rsquo;t want GPUs. They don&rsquo;t even want AI/ML models. They want LLMs. <em>System engineers</em> may have smart, fussy opinions on how to get their models loaded with CUDA, and what the best GPU is. But <em>software developers</em> don&rsquo;t care about any of that. When a software developer shipping an app comes looking for a way for their app to deliver prompts to an LLM, you can&rsquo;t just give them a GPU.</p>
<p>For those developers, who probably make up most of the market, it doesn&rsquo;t seem plausible for an insurgent public cloud to compete with OpenAI and Anthropic. Their APIs are fast enough, and developers thinking about performance in terms of &ldquo;tokens per second&rdquo; aren&rsquo;t counting milliseconds.</p>
<div class="right-sidenote"><p>(you should all feel sympathy for us)</p>
</div>
<p>This makes us sad because we really like the point in the solution space we found. Developers shipping apps on Amazon will outsource to other public clouds to get cost-effective access to GPUs. But then they&rsquo;ll faceplant trying to handle data and model weights, backhauling gigabytes (at significant expense) from S3. We have app servers, GPUs, and object storage all under the same top-of-rack switch. But inference latency just doesn&rsquo;t seem to matter yet, so the market doesn&rsquo;t care.</p>
<p>Past that, and just considering the system engineers who do care about GPUs rather than LLMs: the hardware product/market fit here is really rough.</p>
<p>People doing serious AI work want galactically huge amounts of GPU compute. A whole enterprise A100 is a compromise position for them; they want an SXM cluster of H100s.</p>
<div class="right-sidenote"><p>Near as we can tell, MIG gives you a UUID to talk to the host driver, not a PCI device.</p>
</div>
<p>We think there&rsquo;s probably a market for users doing lightweight ML work getting tiny GPUs. <a href="https://www.nvidia.com/en-us/technologies/multi-instance-gpu/">This is what Nvidia MIG does</a>, slicing a big GPU into arbitrarily small virtual GPUs. But for fully-virtualized workloads, it&rsquo;s not baked; we can&rsquo;t use it. And I&rsquo;m not sure how many of those customers there are, or whether we&rsquo;d get the density of customers per server that we need.</p>
<p><a href="https://fly.io/blog/cutting-prices-for-l40s-gpus-in-half">That leaves the L40S customers</a>. There are a bunch of these! We dropped L40S prices last year, not because we were sour on GPUs but because they&rsquo;re the one part we have in our inventory people seem to get a lot of use out of. We&rsquo;re happy with them. But they&rsquo;re just another kind of compute that some apps need; they&rsquo;re not a driver of our core business. They&rsquo;re not the GPU bet paying off.</p>
<p>Really, all of this is just a long way of saying that for most software developers, &ldquo;AI-enabling&rdquo; their app is best done with API calls to things like Claude and GPT, Replicate and RunPod.</p>
<h3 id='what-did-we-learn' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#what-did-we-learn' aria-label='Anchor'></a><span class='plain-code'>What Did We Learn?</span></h3>
<p>A very useful way to look at a startup is that it&rsquo;s a race to learn stuff. So, what&rsquo;s our report card?</p>
<p>First off, when we embarked down this path in 2022, we were (like many other companies) operating in a sort of phlogiston era of AI/ML. The industry attention to AI had not yet collapsed around a small number of foundational LLM models. We expected there to be a diversity of <em>mainstream</em> models, the world <a href='https://github.com/elixir-nx/bumblebee' title=''>Elixir Bumblebee</a> looks forward to, where people pull different AI workloads off the shelf the same way they do Ruby gems.</p>
<p>But <a href='https://www.cursor.com/' title=''>Cursor happened</a>, and, as they say, how are you going to keep &lsquo;em down on the farm once they&rsquo;ve seen Karl Hungus? It seems much clearer where things are heading.</p>
<p>GPUs were a test of a Fly.io company credo: as we think about core features, we design for 10,000 developers, not for 5-6. It took a minute, but the credo wins here: GPU workloads for the 10,001st developer are a niche thing.</p>
<p>Another way to look at a startup is as a series of bets. We put a lot of chips down here. But the buy-in for this tournament gave us a lot of chips to play with. Never making a big bet of any sort isn&rsquo;t a winning strategy. I&rsquo;d rather we&rsquo;d flopped the nut straight, but I think going in on this hand was the right call.</p>
<p>A really important thing to keep in mind here, and something I think a lot of startup thinkers sleep on, is the extent to which this bet involved acquiring assets. Obviously, some of our <a href='https://fly.io/blog/the-exit-interview-jp/' title=''>costs here aren&rsquo;t recoverable</a>. But the hardware parts that aren&rsquo;t generating revenue will ultimately get liquidated; like with <a href='https://fly.io/blog/32-bit-real-estate/' title=''>our portfolio of IPv4 addresses</a>, I&rsquo;m even more comfortable making bets backed by tradable assets with durable value.</p>
<p>In the end, I don&rsquo;t think GPU Fly Machines were going to be a hit for us no matter what we did. Because of that, one thing I&rsquo;m very happy about is that we didn&rsquo;t compromise the rest of the product for them. Security concerns slowed us down to where we probably learned what we needed to learn a couple months later than we could have otherwise, but we&rsquo;re scaling back our GPU ambitions without having sacrificed <a href='https://fly.io/blog/sandboxing-and-workload-isolation/' title=''>any of our isolation story</a>, and, ironically, GPUs <em>other people run</em> are making that story a lot more important. The same thing goes for our Fly Machine developer experience.</p>
<p>We started this company building a Javascript runtime for edge computing. We learned that our customers didn&rsquo;t want a new Javascript runtime; they just wanted their native code to work. <a href='https://news.ycombinator.com/item?id=22616857' title=''>We shipped containers</a>, and no convincing was needed. We were wrong about Javascript edge functions, and I think we were wrong about GPUs. That&rsquo;s usually how we figure out the right answers: by being wrong about a lot of stuff.</p></content>
</entry>
<entry>
<title>The Exit Interview: JP Phillips</title>
<link rel="alternate" href="https://fly.io/blog/the-exit-interview-jp/"/>
<id>https://fly.io/blog/the-exit-interview-jp/</id>
<published>2025-02-12T00:00:00+00:00</published>
<updated>2025-02-14T21:30:41+00:00</updated>
<media:thumbnail url="https://fly.io/blog/the-exit-interview-jp/assets/bye-bye-little-sebastian-cover.webp"/>
<content type="html"><div class="lead"><p>JP Phillips is off to greener, or at least calmer, pastures. He joined us 4 years ago to build the next generation of our orchestration system, and has been one of the anchors of our engineering team. His last day is today. We wanted to know what he was thinking, and figured you might too.</p>
</div>
<p><em>Question 1: Why, JP? Just why?</em></p>
<p>LOL. When I looked at what I wanted to see from here in the next 3-4 years, it didn&rsquo;t really match up with where we&rsquo;re currently heading. Specifically, with our new focus on MPG <em>[Managed Postgres]</em> and [llm] <em>[llm].</em></p>
<div class="callout"><p>Editorial comment: Even I don’t know what [llm] is.</p>
</div>
<p>The Fly Machines platform is more or less finished, in the sense of being capable of supporting the next iteration of our products. My original desire to join Fly.io was to make Machines a product that would <a href='https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/' title=''>rid us of HashiCorp Nomad</a>, and I feel like that&rsquo;s been accomplished.</p>
<p><em>Where were you hoping to see us headed?</em></p>
<p>More directly positioned as a cloud provider, rather than a platform-as-a-service; further along the customer journey from &ldquo;developers&rdquo; and &ldquo;startups&rdquo; to large established companies.</p>
<p>And, it&rsquo;s not that I disagree with PAAS work or MPG! Rather, it&rsquo;s not something that excites me in a way that I&rsquo;d feel challenged and could continue to grow technically.</p>
<p><em>Follow up question: does your family know what you’re doing here? Doing to us? Are they OK with it?</em></p>
<p>Yes, my family was very involved in the decision, before I even talked to other companies.</p>
<p><em>What&rsquo;s the thing you&rsquo;re happiest about having built here? It cannot be &ldquo;all of <code>flyd</code>&rdquo;.</em></p>
<p>We&rsquo;ve enabled developers to run workloads from an OCI image and an API call all over the world. On any other cloud provider, the knowledge of how to pull that off comes with a professional certification.</p>
<p><em>In what file in our <code>nomad-firecracker</code> repository would I find that code?</em></p>
<p><a href='https://docs.machines.dev/#tag/machines/post/apps/{app_name}/machines' title=''>https://docs.machines.dev/#tag/machines/post/apps/{app_name}/machines</a></p>
<p><img alt="A diagram that doesn&#39;t make any of this clearer" src="/blog/the-exit-interview-jp/assets/flaps.png?1/2&amp;center" /></p>
<p><em>So you mean, literally, the whole Fly Machines API, and <code>flaps</code>, the API gateway for Fly Machines?</em></p>
<p>Yes, all of it. The <code>flaps</code> API server, the <code>flyd</code> RPCs it calls, the <code>flyd</code> finite state machine system, the interface to running VMs.</p>
<p><em>Is there something you especially like about that design?</em></p>
<p>I like that it for the most part doesn&rsquo;t require any central coordination. And I like that the P90 for Fly Machine <code>create</code> calls is sub-5-seconds for pretty much every region except for Johannesburg and Hong Kong.</p>
<p>I think the FSM design is something I&rsquo;m proud of; if I could take any code with me, it&rsquo;d be the <code>internal/fsm</code> in the <code>nomad-firecracker</code> repo.</p>
<div class="callout"><p>You can read more about <a href="https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/" title="">the <code>flyd</code> orchestrator JP led over here</a>. But, a quick decoder ring: <code>flyd</code> runs independently without any central coordination on thousands of “worker” servers around the globe. It’s structured as an API server for a bunch of finite state machine invocations, where an FSM might be something like “start a Fly Machine” or “create a new Fly Machine” or “cordon off a Fly Machine so we can update it”. Each FSM invocation is comprised of a bunch of steps, each of those steps has callbacks into the <code>flyd</code> code, and each step is logged in <a href="https://github.com/boltdb/bolt" title="">a BoltDB database</a>.</p>
</div>
<p><em>Thinking back, there are like two archetypes of insanely talented developers I’ve worked with. One is the kind that belts out ridiculous amounts of relatively sophisticated code on a whim, at like 3AM. Jerome [who leads our fly-proxy team], is that type. The other comes to projects with what feels like fully-formed, coherent designs that are not super intuitive, and the whole project just falls together around that design. Did you know you were going to do the FSM log thing when you started <code>flyd</code>?</em></p>
<p>I definitely didn&rsquo;t have any specific design in mind when I started on <code>flyd</code>. I think the FSM stuff is a result of work I did at Compose.io / MongoHQ (where it was called &ldquo;recipes&rdquo;/&ldquo;operations&rdquo;) and the workd I did at HashiCorp using Cadence.</p>
<p>Once I understood what the product needed to do and look like, having a way to perform deterministic and durable execution felt like a good design.</p>
<p><em>Cadence?</em></p>
<p><a href='https://cadenceworkflow.io/' title=''>Cadence</a> is the child of AWS Step Functions and the predecessor to <a href='https://temporal.io/' title=''>Temporal</a> (the company).</p>
<p>One of the biggest gains, with how it works in <code>flyd</code>, is knowing we would need to deploy <code>flyd</code> all day, every day. If <code>flyd</code> was in the middle of doing some work, it needed to pick back up right where it left off, post-deploy.</p>
<p><em>OK, next question. What&rsquo;s the most impressive thing you saw someone else build here? To make things simpler and take some pressure off the interview, we can exclude any of my works from consideration.</em></p>
<p>Probably <a href='https://github.com/superfly/corrosion' title=''><code>corrosion2</code></a>.</p>
<div class="callout"><p>Sidebar: <code>corrosion2</code> is our state distribution system. While <code>flyd</code> runs individual Fly Machines for users, each instance is solely responsible for its own state; there’s no global scheduler. But we have platform components, most obviously <code>fly-proxy</code>, our Anycast router, that need to know what’s running where. <code>corrosion2</code> is a Rust service that does <a href="https://fly.io/blog/building-clusters-with-serf/" title="">SWIM gossip</a> to propagate information from each worker into a CRDT-structured SQLite database. <code>corrosion2</code> essentially means any component on our fleet can do SQLite queries to get near-real-time information about any Fly Machine around the world.</p>
</div>
<p>If for no other reason than that we deployed <code>corrosion</code>, learned from it, and were able to make significant and valuable improvements — and then migrate to the new system in a short period of time.</p>
<p>Having a &ldquo;just SQLite&rdquo; interface, for async replicated changes around the world in seconds, it&rsquo;s pretty powerful.</p>
<p>If we invested in <a href='https://antithesis.com/' title=''>Anthesis</a> or TLA+ testing, I think there&rsquo;s <a href='https://github.com/superfly/corrosion' title=''>potential for other companies</a> to get value out of <code>corrosion2</code>.</p>
<p><em>Just as a general-purpose gossip-based SQLite CRDT gossip system?</em></p>
<p>Yes.</p>
<p><em>OK, you&rsquo;re being too nice. What&rsquo;s your least favorite thing about the platform?</em></p>
<p>GraphQL. No, Elixir. It&rsquo;s a tie between GraphQL and Elixir.</p>
<p>But probably GraphQL, by a hair.</p>
<p><em>That&rsquo;s not the answer I expected.</em></p>
<p>GraphQL slows everyone down, and everything. Elixir only slows me down.</p>
<p><em>The rest of the platform, you&rsquo;re fine with? No complaints?</em></p>
<p>I&rsquo;m happier now that we have <code>pilot</code>.</p>
<div class="callout"><p><code>pilot</code> is our new <code>init</code>. When we launch a Fly Machine, <code>init</code> is our foothold in the machine; this is unlike a normal OCI runtime, where “pid 1” is often the user’s entrypoint program. Our original <code>init</code> was so simple people dunked on it and said it might as well have been a bash script; over time, <code>init</code> has sprouted a bunch of new features. <code>pilot</code> consolidates those features, and, more importantly, is itself a complete OCI runtime; <code>pilot</code> can natively run containers inside of Fly Machines.</p>
</div>
<p>Before <code>pilot</code>, there really wasn&rsquo;t any contract between <code>flyd</code> and <code>init</code>. And <code>init</code> was just &ldquo;whatever we wanted <code>init</code> to be&rdquo;. That limit its ability to serve us.</p>
<p>Having <code>pilot</code> be an OCI-compliant runtime with an API for <code>flyd</code> to drive is a big win for the future of the Fly Machines API.</p>
<p><em>Was I right that we should have used SQLite for <code>flyd</code>, or were you wrong to have used BoltDB?</em></p>
<p>I still believe Bolt was the right choice. I&rsquo;ve never lost a second of sleep worried that someone is about to run a SQL update statement on a host, or across the whole fleet, and then mangled all our state data. And limiting the storage interface, by not using SQL, kept <code>flyd</code>&lsquo;s scope managed.</p>
<p>On the engine side of the platform, which is what <code>flyd</code> is, I still believe SQL is too powerful for what <code>flyd</code> does.</p>
<p><em>If you had this to do over again, would Bolt be precisely what you&rsquo;d pick, or is there something else you&rsquo;d want to try? Some cool-ass new KV store?</em></p>
<p>Nah. But, I&rsquo;d maybe consider a SQLite database per-Fly-Machine. Then the scope of danger is about as small as it could possibly be.</p>
<p><em>Whoah, that&rsquo;s an interesting thought. People sleep on the &ldquo;keep a zillion little SQLites&rdquo; design.</em></p>
<p>Yeah, with per-Machine SQLite, once a Fly Machine is destroyed, we can just zip up the database and stash it in object storage. The biggest hold-up I have about it is how we&rsquo;d manage the schemas.</p>
<p><em>OpenTelemetry: were you right all along?</em></p>
<p>One hundred percent.</p>
<p><em>I basically attribute oTel at Fly.io to you.</em></p>
<p>Without oTel, it&rsquo;d be a disaster trying to troubleshoot the system. I&rsquo;d have ragequit trying.</p>
<p><em>I remember there being a cost issue, with how much Honeycomb was going to end up charging us to manage all the data. But that seems silly in retrospect.</em></p>
<p>For sure. It is 100% part of the decision and the conversation. But: we didn&rsquo;t have the best track record running a logs/metrics cluster at this fidelity. It was worth the money to pay someone else to manage tracing data.</p>
<p><em>Strong agree. I think my only issue is just the extent to which it cruds up code. But I need to get over that.</em></p>
<p>Yes, it&rsquo;s very explicit. I think the next big part of oTel is going to be auto-instrumentation, for profiling.</p>
<p><em>You&rsquo;re a veteran Golang programmer. Say 3 nice things about Rust.</em></p>
<div class="callout"><p>Most of our backend is in Go, but <code>fly-proxy</code>, <code>corrosion2</code>, and <code>pilot</code> are in Rust.</p>
</div>
<ol>
<li>Option.
</li><li>Match.
</li><li>Serde macros.
</li></ol>
<p><em>Even I can&rsquo;t say shit about Option and match.</em></p>
<p>Match is so much better than anything in Go.</p>
<p><em>Elixir, Go, and Rust. An honest take on that programming cocktail.</em></p>
<p>Three&rsquo;s a crowd, Elixir can stay home.</p>
<p><em>If you could only lose one, you&rsquo;d keep Rust.</em></p>
<p>I&rsquo;ve learned its shortcomings and the productivity far outweighs having to deal with the Rust compiler.</p>
<p><em>You&rsquo;d be unhappy if we moved the <code>flaps</code> API code from Go to Elixir.</em></p>
<p>Correct.</p>
<p><em>I kind of buy the idea of doing orchestration and scheduling code, which is policy-intensive, in a higher-level language.</em></p>
<p>Maybe. If Ruby had a better concurrency story, I don&rsquo;t think Elixir would have a place for us.</p>
<div class="callout"><p>Here I need to note that Ruby is functionally dead here, and Elixir is ascendant.</p>
</div>
<p><em>We have an idiosyncratic management structure. We&rsquo;re bottom-up, but ambiguously so. We don&rsquo;t have roadmaps, except when we do. We have minimal top-down technical direction. Critique.</em></p>
<p>It&rsquo;s too easy to lose sight of whether your current focus [in what you&rsquo;re building] is valuable to the company.</p>
<p><em>The first thing I warn every candidate about on our &ldquo;do-not-work-here&rdquo; calls.</em></p>
<p>I think it comes down to execution, and accountability to actually finish projects. I spun a lot trying to figure out what would be the most valuable work for Fly Machines.</p>
<p><em>You don&rsquo;t have to be so nice about things.</em></p>
<p>We struggle a lot with consistent communication. We change direction a little too often. It got to a point where I didn&rsquo;t see a point in devoting time and effort into projects, because I&rsquo;d not be able to show enough value quick enough.</p>
<p><em>I see things paying off later than we&rsquo;d hoped or expected they would. Our secret storage system, Pet Semetary, is a good example of this. Our K8s service, FKS, is another obvious one, since we&rsquo;re shipping MPG on it.</em></p>
<p><em>This is your second time working Kurt, at a company where he&rsquo;s the CEO. Give him a 1-4 star rating. He can take it! At least, I think he can take it.</em></p>
<p>2022: ★★★★</p>
<p>2023: ★★</p>
<p>2024: ★★✩</p>
<p>2025: ★★★✩</p>
<p>On a four-star scale.</p>
<p><em>Whoah. I did not expect a histogram. Say more about 2023!</em></p>
<p>We hired too many people, too quickly, and didn&rsquo;t have the guardrails and structure in place for everybody to be successful.</p>
<p><em>Also: GPUs!</em></p>
<p>Yes. That was my next comment.</p>
<p><em>Do we secretly agree about GPUs?</em></p>
<p>I think so.</p>
<p><em>Our side won the argument in the end! But at what cost?</em></p>
<p>They were a killer distraction.</p>
<p><em>Final question: how long will you remain in the first-responder on-call rotation after you leave? I assume at least until August. I have a shift this weekend; can you swap with me? I keep getting weekends.</em></p>
<p>I am going to be asleep all weekend if any of my previous job changes are indicative.</p>
<p><em>I sleep through on-call too! But nobody can yell at you for it now. I think you have the comparative advantage over me in on-calling.</em></p>
<p>Yes I will absolutely take all your future on-call shifts, you have convinced me.</p>
<p><em>All this aside: it has been a privilege watching you work. I hope your next gig is 100x more relaxing than this was. Or maybe I just hope that for myself. Except: I&rsquo;ll never escape this place. Thank you so much for doing this.</em></p>
<p>Thank you! I&rsquo;m forever grateful for having the opportunity to be a part of Fly.io.</p></content>
</entry>
<entry>
<title>Did Semgrep Just Get A Lot More Interesting?</title>
<link rel="alternate" href="https://fly.io/blog/semgrep-but-for-real-now/"/>
<id>https://fly.io/blog/semgrep-but-for-real-now/</id>
<published>2025-02-10T00:00:00+00:00</published>
<updated>2025-02-14T21:30:41+00:00</updated>
<media:thumbnail url="https://fly.io/blog/semgrep-but-for-real-now/assets/ci-cd-cover.webp"/>
<content type="html"><div class="right-sidenote"><p>This whole paragraph is just one long sentence. God I love <a href="https://fly.io/blog/a-blog-if-kept/" title="">just random-ass blogging</a> again.</p>
</div>
<p><a href='https://ghuntley.com/stdlib/' title=''>This bit by Geoffrey Huntley</a> is super interesting to me and, despite calling out that LLM-driven development agents like Cursor have something like a 40% success rate at actually building anything that passes acceptance criteria, makes me think that more of the future of our field belongs to people who figure out how to use this weird bags of model weights than any of us are comfortable with. </p>
<p>I’ve been dinking around with Cursor for a week now (if you haven’t, I think it’s something close to malpractice not to at least take it — or something like it — for a spin) and am just now from this post learning that Cursor has this <a href='https://docs.cursor.com/context/rules-for-ai' title=''>rules feature</a>. </p>
<p>The important thing for me is not how Cursor rules work, but rather how Huntley uses them. He turns them back on themselves, writing rules to tell Cursor how to organize the rules, and then teach Cursor how to write (under human supervision) its own rules.</p>
<p>Cursor kept trying to get Huntley to use Bazel as a build system. So he had cursor write a rule for itself: “no bazel”. And there was no more Bazel. If I’d known I could do this, I probably wouldn’t have bounced from the Elixir project I had Cursor doing, where trying to get it to write simple unit tests got it all tangled up trying to make <a href='https://hexdocs.pm/mox/Mox.html' title=''>Mox</a> work. </p>
<p>But I’m burying the lead. </p>
<p>Security people have been for several years now somewhat in love with a tool called <a href='https://github.com/semgrep/semgrep' title=''>Semgrep</a>. Semgrep is a semantics-aware code search tool; using symbolic variable placeholders and otherwise ordinary code, you can write rules to match pretty much arbitary expressions and control flow. </p>
<p>If you’re an appsec person, where you obviously go with this is: you build a library of Semgrep searches for well-known vulnerability patterns (or, if you’re like us at Fly.io, you work out how to get Semgrep to catch the Rust concurrency footgun of RWLocks inside if-lets).</p>
<p>The reality for most teams though is “ain’t nobody got time for that”. </p>
<p>But I just checked and, unsurprisingly, 4o <a href='https://chatgpt.com/share/67aa94a7-ea3c-8012-845c-6c9491b33fe4' title=''>seems to do reasonably well</a> at generating Semgrep rules? Like: I have no idea if this rule is actually any good. But it looks like a Semgrep rule?</p>
<p>What interests me is this: it seems obvious that we’re going to do more and more “closed-loop” LLM agent code generation stuff. By “closed loop”, I mean that the thingy that generates code is going to get to run the code and watch what happens when it’s interacted with. You’re just a small bit of glue code and a lot of system prompting away from building something like that right now: <a href='https://x.com/chris_mccord/status/1882839014845374683' title=''>Chris McCord is building</a> a thingy that generates whole Elixir/Phoenix apps and runs them as Fly Machines. When you deploy these kinds of things, the LLM gets to see the errors when the code is run, and it can just go fix them. It also gets to see errors and exceptions in the logs when you hit a page on the app, and it can just go fix them.</p>
<p>With a bit more system prompting, you can get an LLM to try to generalize out from exceptions it fixes and generate unit test coverage for them. </p>
<p>With a little bit more system prompting, you can probably get an LLM to (1) generate a Semgrep rule for the generalized bug it caught, (2) test the Semgrep rule with a positive/negative control, (3) save the rule, (4) test the whole codebase with Semgrep for that rule, and (5) fix anything it finds that way. </p>
<p>That is a lot more interesting to me than tediously (and probably badly) trying to predict everything that will go wrong in my codebase a priori and Semgrepping for them. Which is to say: Semgrep — which I have always liked — is maybe a lot more interesting now? And tools like it?</p></content>
</entry>
<entry>
<title>A Blog, If You Can Keep It</title>
<link rel="alternate" href="https://fly.io/blog/a-blog-if-kept/"/>
<id>https://fly.io/blog/a-blog-if-kept/</id>
<published>2025-02-10T00:00:00+00:00</published>
<updated>2025-02-19T19:05:52+00:00</updated>
<media:thumbnail url="https://fly.io/blog/a-blog-if-kept/assets/keep-blog.webp"/>
<content type="html"><div class="lead"><p>A boldfaced lede like this was a sure sign you were reading a carefully choreographed EffortPost from our team at Fly.io. We’re going to do less of those. Or the same amount but more of a different kind of post. Either way: launch an app on Fly.io today!</p>
</div>
<p>Over the last 5 years, we’ve done pretty well for ourselves writing content for Hacker News. And that’s <a href='https://news.ycombinator.com/item?id=39373476' title=''>mostly</a> been good for us. We don’t do conventional marketing, we don’t have a sales team, the rest of social media is atomized over 5 different sites. Writing pieces that HN takes seriously has been our primary outreach tool.</p>
<p>There’s a recipe (probably several, but I know this one works) for charting a post on HN:</p>
<ol>
<li>Write an EffortPost, which is to say a dense technical piece over 2000 words long; within that rubric there’s a bunch of things that are catnip to HN, including runnable code, research surveys, and explainers. (There are also cat-repellants you learn to steer clear of.)
</li><li>Assiduously avoid promotion. You have to write for the audience. We get away with sporadically including a call-to-action block in our posts, but otherwise: the post should make sense even if an unrelated company posted it after you went out of business.
</li><li>Pick topics HN is interested in (it helps if all your topics are au courant for HN, and we’ve been <a href='https://news.ycombinator.com/item?id=32250426' title=''>very</a> <a href='https://news.ycombinator.com/item?id=32018066' title=''>lucky</a> in that regard).
</li><li>Like 5-6 more style-guide things that help incrementally. Probably 3 different teams writing for HN will have 3 different style guides with only like &frac12; overlap. Ours, for instances, instructs writers to swear.
</li></ol>
<p>I like this kind of writing. It’s not even a chore. But it’s become an impediment for us, for a couple reasons: the team serializes behind an “editorial” function here, which keeps us from publishing everything we want; worse, caring so much about our track record leaves us noodling on posts interminably (the poor <a href='https://www.tigrisdata.com/' title=''>Tigrises</a> have been waiting for months for me to publish the piece I wrote about them and FoundationDB; take heart, this post today means that one is coming soon).</p>
<p>But worst of all, I worried incessantly about us <a href='https://gist.github.com/tqbf/e853764b562a2d72a91a6986ca3b77c0' title=''>wearing out our welcome</a>. To my mind, we’d have 1, maybe 2 bites at the HN apple in a given month, and we needed to make them count.</p>
<p>That was dumb. I am dumb about a lot of things! I came around to understanding this after Kurt demanded I publish my blog post about BFAAS (Bash Functions As A Service), 500 lines of Go code that had generated 4500 words in my draft. It was only after I made the decision to stop gatekeeping this blog that I realized <a href='https://simonwillison.net/' title=''>Simon Willison</a> has been disproving my “wearing out the welcome” theory, day in and day out, for years. He just writes stuff about LLMs when it interests him. I mean, it helps that he’s a better writer than we are. But he’s not wasting time choreographing things.</p>
<p>Back in like 2009, <a href='https://web.archive.org/web/20110806040300/http://chargen.matasano.com/chargen/2009/7/22/if-youre-typing-the-letters-a-e-s-into-your-code-youre-doing.html' title=''>we had a blog</a> at another company I was at. That blog drove a lot of business for us (and, on three occasions, almost killed me). It was not in the least bit optimized for HN. I like pretending to be a magazine feature writer, but I miss writing dashed-off pieces every day and clearing space for other people on the team to write as well.</p>
<p>So this is all just a heads up: we’re trying something new. This is a very long and self-indulgent way to say “we’re going to write a normal blog like it’s 2008”, but that’s how broken my brain is after years of having my primary dopaminergic rewards come from how long Fly.io blog posts stay on the front page: I have to disclaim blogging before we start doing it, lest I fail to meet expectations.</p>
<p>Like I said. I’m real dumb. But: looking forward to getting a lot more stuff out on the web for people to read this year!</p></content>
</entry>
<entry>
<title>VSCode’s SSH Agent Is Bananas</title>
<link rel="alternate" href="https://fly.io/blog/vscode-ssh-wtf/"/>
<id>https://fly.io/blog/vscode-ssh-wtf/</id>
<published>2025-02-07T00:00:00+00:00</published>
<updated>2025-02-14T21:30:41+00:00</updated>
<media:thumbnail url="https://fly.io/static/images/default-post-thumbnail.webp"/>
<content type="html"><p>We’re interested in getting integrated into the flow VSCode uses to do remote editing over SSH, because everybody is using VSCode now, and, in particular, they’re using forks of VSCode that generate code with LLMs. </p>
<div class="right-sidenote"><p>”hallucination” is what we call it when LLMs get code wrong; “engineering” is what we call it when people do.</p>
</div>
<p>LLM-generated code is <a href='https://nicholas.carlini.com/writing/2024/how-i-use-ai.html' title=''>useful in the general case</a> if you know what you’re doing. But it’s ultra-useful if you can close the loop between the LLM and the execution environment (with an “Agent” setup). There’s lots to say about this, but for the moment: it’s a semi-effective antidote to hallucination: the LLM generates the code, the agent scaffolding runs the code, the code generates errors, the agent feeds it back to the LLM, the process iterates. </p>
<p>So, obviously, the issue here is you don’t want this iterative development process happening on your development laptop, because LLMs have boundary issues, and they’ll iterate on your system configuration just as happily on the Git project you happen to be working in. A thing you’d really like to be able to do: run a closed-loop agent-y (“agentic”? is that what we say now) configuration for an LLM, on a clean-slate Linux instance that spins up instantly and that can’t screw you over in any way. You get where we’re going with this.</p>
<p>Anyways! I would like to register a concern.</p>
<p>Emacs hosts the spiritual forebearer of remote editing systems, a blob of hyper-useful Elisp called <a href='https://www.gnu.org/software/tramp/' title=''>“Tramp”</a>. If you can hook Tramp up to any kind of interactive environment — usually, an SSH session — where it can run Bourne shell commands, it can extend Emacs to that environment.</p>
<p>So, VSCode has a feature like Tramp. Which, neat, right? You’d think, take Tramp, maybe simplify it a bit, switch out Elisp for Typescript.</p>
<p>You’d think wrong!</p>
<p>Unlike Tramp, which lives off the land on the remote connection, VSCode mounts a full-scale invasion: it runs a Bash snippet stager that downloads an agent, including a binary installation of Node. </p>
<p>I <em>think</em> this is <a href='https://github.com/microsoft/vscode/tree/c9e7e1b72f80b12ffc00e06153afcfedba9ec31f/src/vs/server/node' title=''>the source code</a>?</p>
<p>The agent runs over port-forwarded SSH. It establishes a WebSockets connection back to your running VSCode front-end. The underlying protocol on that connection can:</p>
<ul>
<li>Wander around the filesystem
</li><li>Edit arbitrary files
</li><li>Launch its own shell PTY processes
</li><li>Persist itself
</li></ul>
<p>In security-world, there’s a name for tools that work this way. I won’t say it out loud, because that’s not fair to VSCode, but let’s just say the name is murid in nature.</p>
<p>I would be a little nervous about letting people VSCode-remote-edit stuff on dev servers, and apoplectic if that happened during an incident on something in production. </p>
<p>It turns out we don’t have to care about any of this to get a custom connection to a Fly Machine working in VSCode, so none of this matters in any kind of deep way, but: we’ve decided to just be a blog again, so: we had to learn this, and now you do too.</p></content>
</entry>
<entry>
<title>AI GPU Clusters, From Your Laptop, With Livebook</title>
<link rel="alternate" href="https://fly.io/blog/ai-gpu-clusters-from-your-laptop-livebook/"/>
<id>https://fly.io/blog/ai-gpu-clusters-from-your-laptop-livebook/</id>
<published>2024-09-24T00:00:00+00:00</published>
<updated>2024-09-24T17:19:49+00:00</updated>
<media:thumbnail url="https://fly.io/blog/ai-gpu-clusters-from-your-laptop-livebook/assets/ai-gpu-livebook-thumb.webp"/>
<content type="html"><div class="lead"><p>Livebook, FLAME, and the Nx stack: three Elixir components that are easy to describe, more powerful than they look, and intricately threaded into the Elixir ecosystem. A few weeks ago, Chris McCord (👋) and Chris Grainger showed them off at ElixirConf 2024. We thought the talk was worth a recap.</p>
</div>
<p>Let&rsquo;s begin by introducing our cast of characters.</p>
<p><a href='https://livebook.dev/' title=''>Livebook</a> is usually described as Elixir&rsquo;s answer to <a href='https://jupyter.org/' title=''>Jupyter Notebooks</a>. And that&rsquo;s a good way to think about it. But Livebook takes full advantage of the Elixir platform, which makes it sneakily powerful. By linking up directly with Elixir app clusters, Livebook can switch easily between driving compute locally or on remote servers, and makes it easy to bring in any kind of data into reproducible workflows.</p>
<p><a href='https://fly.io/blog/rethinking-serverless-with-flame/' title=''>FLAME</a> is the Elixir&rsquo;s answer to serverless computing. By having the library manage a pool of executors for you, FLAME lets you treat your entire application as if it was elastic and scale-to-zero. You configure FLAME with some basic information about where to run code and how many instances it&rsquo;s allowed to run with, and then mark off any arbitrary section of code with <code>Flame.call</code>. The framework takes care of the rest. It&rsquo;s the upside of serverless without committing yourself to blowing your app apart into tiny, intricately connected pieces.</p>
<p>The <a href='https://github.com/elixir-nx' title=''>Nx stack</a> is how you do Elixir-native AI and ML. Nx gives you an Elixir-native notion of tensor computations with GPU backends. <a href='https://github.com/elixir-nx/axon' title=''>Axon</a> builds a common interface for ML models on top of it. <a href='https://github.com/elixir-nx/bumblebee' title=''>Bumblebee</a> makes those models available to any Elixir app that wants to download them, from just a couple lines of code.</p>
<p>Here is quick video showing how to transfer a local tensor to a remote GPU, using Livebook, FLAME, and Nx:</p>
<div class="youtube-container" data-exclude-render>
<div class="youtube-video">
<iframe
width="100%"
height="100%"
src="https://www.youtube.com/embed/5ImP3gpUSkQ"
frameborder="0"
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
allowfullscreen>
</iframe>
</div>
</div>
<p>Let&rsquo;s dive into the <a href='https://www.youtube.com/watch?v=4qoHPh0obv0' title=''>keynote</a>.</p>
<h2 id='poking-a-hole-in-your-infrastructure' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#poking-a-hole-in-your-infrastructure' aria-label='Anchor'></a><span class='plain-code'>Poking a hole in your infrastructure</span></h2>
<p>Any Livebook, including the one running on your laptop, can start a runtime running on a Fly Machine, in Fly.io&rsquo;s public cloud. That Elixir machine will (by default) live in your default Fly.io organization, giving it networked access to all the other apps that might live there.</p>
<p>This is an access control situation that mostly just does what you want it to do without asking. Unless you ask it to, Fly.io isn&rsquo;t exposing anything to the Internet, or to other users of Fly.io. For instance: say we have a database we&rsquo;re going to use to generate reports. It can hang out on our Fly organization, inside of a private network with no connectivity to the world. We can spin up a Livebook instance that can talk to it, without doing any network or infrastructure engineering to make that happen.</p>
<p>But wait, there&rsquo;s more. Because this is all Elixir, Livebook also allows you to connect to any running Erlang/Elixir application in your infrastructure to debug, introspect, and monitor them.</p>
<p>Check out this clip of Chris McCord connecting <a href='https://rtt.fly.dev/' title=''>to an existing application</a> during the keynote:</p>
<div class="youtube-container" data-exclude-render>
<div class="youtube-video">
<iframe
width="100%"
height="100%"
src="https://www.youtube.com/embed/4qoHPh0obv0?start=1106"
frameborder="0"
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
allowfullscreen>
</iframe>
</div>
</div>
<p>Running a snippet of code from a laptop on a remote server is a neat trick, but Livebook is doing something deeper than that. It&rsquo;s taking advantage of Erlang/Elixir&rsquo;s native facility with cluster computation and making it available to the notebook. As a result, when we do things like auto-completing, Livebook delivers results from modules defined on the remote note itself. 🤯</p>
<h2 id='elastic-scale-with-flame' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#elastic-scale-with-flame' aria-label='Anchor'></a><span class='plain-code'>Elastic scale with FLAME</span></h2>
<p>When we first introduced FLAME, the example we used was video encoding.</p>
<p>Video encoding is complicated and slow enough that you&rsquo;d normally make arrangements to run it remotely or in a background job queue, or as a triggerable Lambda function. The point of FLAME is to get rid of all those steps, and give them over to the framework instead. So: we wrote our <code>ffpmeg</code> calls inline like normal code, as if they were going to complete in microseconds, and wrapped them in <code>Flame.call</code> blocks. That was it, that was the demo.</p>
<p>Here, we&rsquo;re going to put a little AI spin on it.</p>
<p>The first thing we&rsquo;re doing here is driving FLAME pools from Livebook. Livebook will automatically synchronize your notebook dependencies as well as any module or code defined in your notebook across nodes. That means any code we write in our notebook can be dispatched transparently out to arbitrarily many compute nodes, without ceremony.</p>
<p>Now let&rsquo;s add some AI flair. We take an object store bucket full of video files. We use <code>ffmpeg</code> to extract stills from the video at different moments. Then: we send them to <a href='https://www.llama.com/' title=''>Llama</a>, running on <a href='https://fly.io/gpu' title=''>GPU Fly Machines</a> (still locked to our organization), to get descriptions of the stills.</p>
<p>All those stills and descriptions get streamed back to our notebook, in real time:</p>
<div class="youtube-container" data-exclude-render>
<div class="youtube-video">
<iframe
width="100%"
height="100%"
src="https://www.youtube.com/embed/4qoHPh0obv0?start=1692"
frameborder="0"
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
allowfullscreen>
</iframe>
</div>
</div>
<p>At the end, the descriptions are sent to <a href='https://mistral.ai/' title=''>Mistral</a>, which builds a summary.</p>
<p>Thanks to FLAME, we get explicit control over the minimum and the maximum amount of nodes you want running at once, as well their concurrency settings. As nodes finish processing each video, new ones are automatically sent to them, until the whole bucket has been traversed. Each node will automatically shut down after an idle timeout and the whole cluster terminates if you disconnect the Livebook runtime.</p>
<p>Just like your app code, FLAME lets you take your notebook code designed to run locally, change almost nothing, and elastically execute it across ephemeral infrastructure.</p>
<h2 id='64-gpus-hyperparameter-tuning-on-a-laptop' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#64-gpus-hyperparameter-tuning-on-a-laptop' aria-label='Anchor'></a><span class='plain-code'>64-GPUs hyperparameter tuning on a laptop</span></h2>
<p>Next, Chris Grainger, CTO of <a href='https://amplified.ai/' title=''>Amplified</a>, takes the stage.</p>
<p>For work at Amplified, Chris wants to analyze a gigantic archive of patents, on behalf of a client doing edible cannibinoid work. To do that, he uses a BERT model (BERT, from Google, is one of the OG &ldquo;transformer&rdquo; models, optimized for text comprehension).</p>
<p>To make the BERT model effective for this task, he&rsquo;s going to do a hyperparameter training run.</p>
<p>This is a much more complicated AI task than the Llama work we just showed up. Chris is going to generate a cluster of 64 GPU Fly Machines, each running an <a href='https://fly.io/blog/cutting-prices-for-l40s-gpus-in-half/' title=''>L40s GPU</a>. On each of these nodes, he needs to:</p>
<ul>
<li>setup its environment (including native dependencies and GPU bindings)
</li><li>load the training data
</li><li>compile a different version of BERT with different parameters, optimizers, etc.
</li><li>start the fine-tuning
</li><li>stream its results in real-time to each assigned chart
</li></ul>
<p>Here&rsquo;s the clip. You&rsquo;ll see the results stream in, in real time, directly back to his Livebook. We&rsquo;ll wait, because it won&rsquo;t take long to watch:</p>
<div class="youtube-container" data-exclude-render>
<div class="youtube-video">
<iframe
width="100%"
height="100%"
src="https://www.youtube.com/embed/4qoHPh0obv0?start=3344"
frameborder="0"
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
allowfullscreen>
</iframe>
</div>
</div>
<h2 id='this-is-just-the-beginning' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#this-is-just-the-beginning' aria-label='Anchor'></a><span class='plain-code'>This is just the beginning</span></h2>
<p>The suggestion of mixing Livebook and FLAME to elastically scale notebook execution was originally proposed by Chris Grainger during ElixirConf EU. During the next four months, Jonatan Kłosko, Chris McCord, and José Valim worked part-time on making it a reality in time for ElixirConf US. Our ability to deliver such a rich combination of features in such a short period of time is a testament to the capabilities of the Erlang Virtual Machine, which Elixir and Livebook runs on. Other features, such as <a href='https://github.com/elixir-explorer/explorer/issues/932' title=''>remote dataframes and distributed GC</a>, were implemented in a weekend. Bringing the same functionality to other ecosystems would take several additional months, sometimes accompanied by millions in funding, and often times as part of a closed-source product.</p>
<p>Furthermore, since we announced this feature, <a href='https://github.com/mruoss' title=''>Michael Ruoss</a> stepped in and brought the same functionality to Kubernetes. From Livebook v0.14.1, you can start Livebook runtimes inside a Kubernetes cluster and also use FLAME to elastically scale them. Expect more features and news in this space!</p>
<p>Finally, Fly&rsquo;s infrastructure played a key role in making it possible to start a cluster of GPUs in seconds rather than minutes, and all it requires is a Docker image. We&rsquo;re looking forward to see how other technologies and notebook platforms can leverage Fly to also elevate their developer experiences.</p>
<figure class="post-cta">
<figcaption>
<h1>Launch a GPU app in seconds</h1>
<p>Run your own LLMs or use Livebook for elastic GPU workflows&nbsp✨</p>
<a class="btn btn-lg" href="/gpu">
Go! &nbsp;<span class='opacity-50'>→</span>
</a>
</figcaption>
<div class="image-container">
<img src="/static/images/cta-turtle.webp" srcset="/static/images/[email protected] 2x" alt="">
</div>
</figure></content>
</entry>
<entry>
<title>Accident Forgiveness</title>
<link rel="alternate" href="https://fly.io/blog/accident-forgiveness/"/>
<id>https://fly.io/blog/accident-forgiveness/</id>
<published>2024-08-21T00:00:00+00:00</published>
<updated>2024-09-11T00:04:08+00:00</updated>
<media:thumbnail url="https://fly.io/blog/accident-forgiveness/assets/money-for-mistakes-blog-thumb.webp"/>
<content type="html"><div class="lead"><p>We’re Fly.io, a new public cloud with simple, developer-friendly ergonomics. <a href="https://fly.io/speedrun" title="">Try it out; you’ll be deployed in just minutes</a>, and, as you’re about to read, with less financial risk.</p>
</div>
<p>Public cloud billing is terrifying.</p>
<p>The premise of a public cloud &mdash; what sets it apart from a hosting provider &mdash; is 8,760 hours/year of on-tap deployable compute, storage, and networking. Cloud resources are &ldquo;elastic&rdquo;: they&rsquo;re acquired and released as needed; in the &ldquo;cloud-iest&rdquo; apps, without human intervention. Public cloud resources behave like utilities, and that&rsquo;s how they&rsquo;re priced.</p>
<p>You probably can&rsquo;t tell me how much electricity your home is using right now, and may only come within tens of dollars of accurately predicting your water bill. But neither of those bills are all that scary, because you assume there&rsquo;s a limit to how much you could run them up in a single billing interval.</p>
<p>That&rsquo;s not true of public clouds. There are only so many ways to &ldquo;spend&rdquo; water at your home, but there are indeterminably many ways to land on a code path that grabs another VM, or to miskey a configuration, or to leak long-running CI/CD environments every time a PR gets merged. Pick a practitioner at random, and I bet they&rsquo;ve read a story within the last couple months about someone running up a galactic-scale bill at some provider or other.</p>
<h2 id='implied-accident-forgiveness' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#implied-accident-forgiveness' aria-label='Anchor'></a><span class='plain-code'>Implied Accident Forgiveness</span></h2>
<p>For people who don&rsquo;t do a lot of cloud work, what all this means is that every PR push sets off a little alarm in the back of their heads: &ldquo;you may have just incurred $200,000 of costs!&rdquo;. The alarm is quickly silenced, though it&rsquo;s still subtly extracting a cortisol penalty. But by deadening the nerves that sense the danger of unexpected charges, those people are nudged closer to themselves being the next story on Twitter about an accidental $200,000 bill.</p>
<p>The saving grace here, which you&rsquo;ll learn if you ever become that $200,000 story, is that nobody pays those bills.</p>
<p>See, what cloud-savvy people know already is that providers have billing support teams, which spend a big chunk of their time conceding disputed bills. If you do something luridly stupid and rack up costs, AWS and GCP will probably cut you a break. We will too. Everyone does.</p>
<p>If you didn&rsquo;t already know this, you&rsquo;re welcome; I&rsquo;ve made your life a little better, even if you don&rsquo;t run things on Fly.io.</p>
<p>But as soothing as it is to know you can get a break from cloud providers, the billing situation here is still a long ways away from &ldquo;good&rdquo;. If you accidentally add a zero to a scale count and don&rsquo;t notice for several weeks, AWS or GCP will probably cut you a break. But they won&rsquo;t <em>definitely</em> do it, and even though your odds are good, you&rsquo;re still finding out at email- and phone-tag scale speeds. That&rsquo;s not fun!</p>
<h2 id='explicit-accident-forgiveness' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#explicit-accident-forgiveness' aria-label='Anchor'></a><span class='plain-code'>Explicit Accident Forgiveness</span></h2>
<p>Charging you for stuff you didn&rsquo;t want is bad business.</p>
<p>Good business, we think, means making you so comfortable with your cloud you try new stuff. You, and everyone else on your team. Without a chaperone from the finance department.</p>
<p>So we&rsquo;re going to do the work to make this official. If you&rsquo;re a customer of ours, we&rsquo;re going to charge you in exacting detail for every resource you intentionally use of ours, but if something blows up and you get an unexpected bill, we&rsquo;re going to let you off the hook.</p>
<h2 id='not-so-fast' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#not-so-fast' aria-label='Anchor'></a><span class='plain-code'>Not So Fast</span></h2>
<p>This is a Project, with a capital P. While we&rsquo;re kind of kicking ourselves for not starting it earlier, there are reasons we couldn&rsquo;t do it back in 2020.</p>
<p>The Fully Automated Accident-Forgiving Billing System of the Future (which we are in fact building and may even one day ship) will give you a line-item veto on your invoice. We are a long ways away. The biggest reason is fraud.</p>
<p>Sit back, close your eyes, and try to think about everything public clouds do to make your life harder. Chances are, most of those things are responses to fraud. Cloud platforms attract fraudsters like ants to an upturned ice cream cone. Thanks to the modern science of cryptography, fraudsters have had a 15 year head start on turning metered compute into picodollar-granular near-money assets.</p>
<p>Since there&rsquo;s no bouncer at the door checking IDs here, an open-ended and automated commitment to accident forgiveness is, with iron certainty, going to be used overwhelmingly in order to trick us into &ldquo;forgiving&rdquo; cryptocurrency miners. We&rsquo;re cloud platform engineers. They&rsquo;re our primary pathogen.</p>
<p>So, we&rsquo;re going to roll this out incrementally.</p>
<div class="callout"><p><strong class="font-semibold text-navy-950">Why not billing alerts?</strong> We’ll get there, but here too there are reasons we haven’t yet: (1) meaningful billing alerts were incredibly difficult to do with our previous billing system, and building the new system and migrating our customers to it has been a huge lift, a nightmare from which we are only now waking (the billing system’s official name); and (2) we’re wary about alerts being a product design cop-out; if we can alert on something, why aren’t we fixing it?</p>
</div><h2 id='accident-forgiveness-v0-84beta' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#accident-forgiveness-v0-84beta' aria-label='Anchor'></a><span class='plain-code'>Accident Forgiveness v0.84beta</span></h2>
<p>All the same subtextual, implied reassurances that every cloud provider offers remain in place at Fly.io. You are strictly better off after this announcement, we promise.</p>
<div class="right-sidenote"><p>I added the “almost” right before publishing, because I’m chicken.</p>
</div>
<p>Now: for customers that have a support contract with us, at any level, there&rsquo;s something new: I&rsquo;m saying the quiet part loud. The next time you see a bill with an unexpected charge on it, we&rsquo;ll refund that charge, (almost) no questions asked.</p>
<p>That policy is so simple it feels anticlimactic to write. So, some additional color commentary:</p>
<p>We&rsquo;re not advertising a limit to the number of times you can do this. If you&rsquo;re a serious customer of ours, I promise that you cannot remotely fathom the fullness of our fellow-feeling. You&rsquo;re not annoying us by getting us to refund unexpected charges. If you are growing a project on Fly.io, we will bend over backwards to keep you growing.</p>
<p>How far can we take this? How simple can we keep this policy? We&rsquo;re going to find out together.</p>
<p>To begin with, and in the spirit of &ldquo;doing things that won&rsquo;t scale&rdquo;, when we forgive a bill, what&rsquo;s going to happen next is this: I&rsquo;m going to set an irritating personal reminder for Kurt to look into what happened, now and then the day before your next bill, so we can see what&rsquo;s going wrong. He&rsquo;s going to hate that, which is the point: our best feature work is driven by Kurt-hate.</p>
<p>Obviously, if you&rsquo;re rubbing your hands together excitedly over the opportunity this policy presents, then, well, not so much with the fellow-feeling. We reserve the right to cut you off.</p>
<figure class="post-cta">
<figcaption>
<h1>Support For Developers, By Developers</h1>
<p>Explicit Accident Forgiveness is just one thing we like about Support at Fly.io.</p>
<a class="btn btn-lg" href="https://fly.io/accident-forgiveness">
Go find out! &nbsp;<span class='opacity-50'>→</span>
</a>
</figcaption>
<div class="image-container">
<img src="/static/images/cta-cat.webp" srcset="/static/images/[email protected] 2x" alt="">
</div>
</figure>
<h2 id='whats-next-accident-protection' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#whats-next-accident-protection' aria-label='Anchor'></a><span class='plain-code'>What&rsquo;s Next: Accident Protection</span></h2>
<p>We think this is a pretty good first step. But that&rsquo;s all it is.</p>
<p>We can do better than offering you easy refunds for mistaken deployments and botched CI/CD jobs. What&rsquo;s better than getting a refund is never incurring the charge to begin with, and that&rsquo;s the next step we&rsquo;re working on.</p>
<div class="right-sidenote"><p>More to come on that billing system.</p>
</div>
<p>We built a new billing system so that we can do things like that. For instance: we&rsquo;re in a position to catch sudden spikes in your month-over-month bills, flag them, and catch weird-looking deployments before we bill for them.</p>
<p>Another thing we rebuilt billing for is <a href='https://community.fly.io/t/reservation-blocks-40-discount-on-machines-when-youre-ready-to-commit/20858' title=''>reserved pricing</a>. Already today you can get a steep discount from us reserving blocks of compute in advance. The trick to taking advantage of reserved pricing is confidently predicting a floor to your usage. For a lot of people, that means fighting feelings of loss aversion (nobody wants to get gym priced!). So another thing we can do in this same vein: catch opportunities to move customers to reserved blocks, and offer backdated reservations. We&rsquo;ll figure this out too.</p>
<p>Someday, when we&rsquo;re in a monopoly position, our founders have all been replaced by ruthless MBAs, and Kurt has retired to farm coffee beans in lower Montana, we may stop doing this stuff. But until that day this is the right choice for our business.</p>
<p>Meanwhile: like every public cloud, we provision our own hardware, and we have excess capacity. Your messed-up CI/CD jobs didn&rsquo;t really cost us anything, so if you didn&rsquo;t really want them, they shouldn&rsquo;t cost you anything either. Take us up on this! We love talking to you.</p></content>
</entry>
<entry>
<title>We're Cutting L40S Prices In Half</title>
<link rel="alternate" href="https://fly.io/blog/cutting-prices-for-l40s-gpus-in-half/"/>
<id>https://fly.io/blog/cutting-prices-for-l40s-gpus-in-half/</id>
<published>2024-08-15T00:00:00+00:00</published>
<updated>2024-09-11T00:04:08+00:00</updated>
<media:thumbnail url="https://fly.io/blog/cutting-prices-for-l40s-gpus-in-half/assets/gpu-ga-thumb.webp"/>
<content type="html"><div class="lead"><p>We’re Fly.io, a new public cloud with simple, developer-friendly ergonomics. And as of today, cheaper GPUs. <a href="https://fly.io/speedrun" title="">Try it out; you’ll be deployed in just minutes</a>.</p>
</div>
<p>We just lowered the prices on NVIDIA L40s GPUs to $1.25 per hour. Why? Because our feet are cold and we burn processor cycles for heat. But also other reasons.</p>
<p>Let&rsquo;s back up.</p>
<p>We offer 4 different NVIDIA GPU models; in increasing order of performance, they&rsquo;re the A10, the L40S, the 40G PCI A100, and the 80G SXM A100. Guess which one is most popular.</p>
<p>We guessed wrong, and spent a lot of time working out how to maximize the amount of GPU power we could deliver to a single Fly Machine. Users surprised us. By a wide margin, the most popular GPU in our inventory is the A10.</p>
<p>The A10 is an older generation of NVIDIA GPU with fewer, slower cores and less memory. It&rsquo;s the least capable GPU we offer. But that doesn&rsquo;t matter, because it&rsquo;s capable enough. It&rsquo;s solid for random inference tasks, and handles mid-sized generative AI stuff like Mistral Nemo or Stable Diffusion. For those workloads, there&rsquo;s not that much benefit in getting a beefier GPU.</p>
<p>As a result, we can&rsquo;t get new A10s in fast enough for our users.</p>
<p>If there&rsquo;s one thing we&rsquo;ve learned by talking to our customers over the last 4 years, it&rsquo;s that y&#39;all love a peek behind the curtain. So we&rsquo;re going to let you in on a little secret about how a hardware provider like Fly.io formulates GPU strategy: none of us know what the hell we&rsquo;re doing.</p>
<p>If you had asked us in 2023 what the biggest GPU problem we could solve was, we&rsquo;d have said &ldquo;selling fractional A100 slices&rdquo;. We burned a whole quarter trying to get MIG, or at least vGPUs, working through IOMMU PCI passthrough on Fly Machines, in a project so cursed that Thomas has forsworn ever programming again. Then we went to market selling whole A100s, and for several more months it looked like the biggest problem we needed to solve was finding a secure way to expose NVLink-ganged A100 clusters to VMs so users could run training. Then H100s; can we find H100s anywhere? Maybe in a black market in Shenzhen?</p>
<p>And here we are, a year later, looking at the data, and the least sexy, least interesting GPU part in the catalog is where all the action is.</p>
<p>With actual customer data to back up the hypothesis, here&rsquo;s what we think is happening today:</p>
<ul>
<li>Most users who want to plug GPU-accelerated AI workloads into fast networks are doing inference, not training.
</li><li>The hyperscaler public clouds strangle these customers, first with GPU instance surcharges, and then with egress fees for object storage data when those customers try to outsource the GPU stuff to GPU providers.
</li><li>If you&rsquo;re trying to do something GPU-accelerated in response to an HTTP request, the right combination of GPU, instance RAM, fast object storage for datasets and model parameters, and networking is much more important than getting your hands on an H100.
</li></ul>
<p>This is a thing we didn&rsquo;t see coming, but should have: training workloads tend to look more like batch jobs, and inference tends to look more like transactions. Batch training jobs aren&rsquo;t that sensitive to networking or even reliability. Live inference jobs responding to end-user HTTP requests are. So, given our pricing, of course the A10s are a sweet spot.</p>
<p>The next step up in our lineup after the A10 is the L40S. The L40S is a nice piece of kit. We&rsquo;re going to take a beat here and sell you on the L40S, because it&rsquo;s kind of awesome.</p>
<p>The L40S is an AI-optimized version of the L40, which is the data center version of the GeForce RTX 4090, resembling two 4090s stapled together.</p>
<p>If you&rsquo;re not a GPU hardware person, the RTX 4090 is a gaming GPU, the kind you&rsquo;d play ray-traced Witcher 3 on. NVIDIA&rsquo;s high-end gaming GPUs are actually reasonably good at AI workloads! But they suck in a data center rack: they chug power, they&rsquo;re hard to cool, and they&rsquo;re less dense. Also, NVIDIA can&rsquo;t charge as much for them.</p>
<p>Hence the L40: (much) more memory, less energy consumption, designed for a rack, not a tower case. Marked up for &ldquo;enterprise&rdquo;.</p>
<p>NVIDIA positioned the L40 as a kind of &ldquo;graphics&rdquo; AI GPU. Unlike the super high-end cards like the A100/H100, the L40 keeps all the rendering hardware, so it&rsquo;s good for 3D graphics and video processing. Which is sort of what you&rsquo;d expect from a &ldquo;professionalized&rdquo; GeForce card.</p>
<p>A funny thing happened in the middle of 2023, though: the market for ultra-high-end NVIDIA cards went absolutely batshit. The huge cards you&rsquo;d gang up for training jobs got impossible to find, and NVIDIA became one of the most valuable companies in the world. Serious shops started working out plans to acquire groups of L40-type cards to work around the problem, whether or not they had graphics workloads.</p>
<p>The only company in this space that does know what they&rsquo;re doing is NVIDIA. Nobody has written a highly-ranked Reddit post about GPU workloads without NVIDIA noticing and creating a new SKU. So they launched the L40S, which is an L40 with AI workload compute performance comparable to that of the A100 (without us getting into the details of F32 vs. F16 models).</p>
<p>Long story short, the L40S is an A100-performer that we can price for A10 customers; the Volkswagen GTI of our lineup. We&rsquo;re going to see if we can make that happen.</p>
<p>We think the combination of just-right-sized inference GPUs and Tigris object storage is pretty killer:</p>
<ul>
<li>model parameters, data sets, and compute are all close together
</li><li>everything plugged into an Anycast network that&rsquo;s fast everywhere in the world
</li><li>on VM instances that have enough memory to actually run real frameworks on
</li><li>priced like we actually want you to use it.
</li></ul>
<p>You should use L40S cards without thinking hard about it. So we&rsquo;re making it official. You won&rsquo;t pay us a dime extra to use one instead of an A10. Have at it! Revolutionize the industry. For $1.25 an hour.</p>
<p>Here are things you can do with an L40S on Fly.io today:</p>
<ul>
<li>You can run Llama 3.1 70B — a big Llama — for LLM jobs.
</li><li>You can run Flux from Black Forest Labs for genAI images.
</li><li>You can run Whisper for automated speech recognition.
</li><li>You can do whole-genome alignment with SegAlign (Thomas&rsquo; biochemist kid who has been snatching free GPU hours for his lab gave us this one, and we&rsquo;re taking his word for it).
</li><li>You can run DOOM Eternal, building the Stadia that Google couldn&rsquo;t pull off, because the L40S hasn&rsquo;t forgotten that it&rsquo;s a graphics GPU.
</li></ul>
<p>It&rsquo;s going to get chilly in Chicago in a month or so. Go light some cycles on fire! </p></content>
</entry>
<entry>
<title>Making Machines Move</title>
<link rel="alternate" href="https://fly.io/blog/machine-migrations/"/>
<id>https://fly.io/blog/machine-migrations/</id>
<published>2024-07-30T00:00:00+00:00</published>
<updated>2024-08-09T12:14:08+00:00</updated>
<media:thumbnail url="https://fly.io/blog/machine-migrations/assets/migrations-thumb.webp"/>
<content type="html"><div class="lead"><p>We’re Fly.io, a global public cloud with simple, developer-friendly ergonomics. If you’ve got a working Docker image, we’ll transmogrify it into a Fly Machine: a VM running on our hardware anywhere in the world. <a href="https://fly.io/speedrun" title="">Try it out; you’ll be deployed in just minutes</a>.</p>
</div>
<p>At the heart of our platform is a systems design tradeoff about durable storage for applications. When we added storage three years ago, to support stateful apps, we built it on attached NVMe drives. A benefit: a Fly App accessing a file on a Fly Volume is never more than a bus hop away from the data. A cost: a Fly App with an attached Volume is anchored to a particular worker physical.</p>
<div class="right-sidenote"><p><code>bird</code>: a BGP4 route server.</p>
</div>
<p>Before offering attached storage, our on-call runbook was almost as simple as “de-bird that edge server”, “tell <a href='https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/' title=''>Nomad</a> to drain that worker”, and “go back to sleep”. NVMe cost us that drain operation, which terribly complicated the lives of our infra team. We’ve spent the last year getting “drain” back. It’s one of the biggest engineering lifts we&rsquo;ve made, and if you didn’t notice, we lifted it cleanly.</p>
<h3 id='the-goalposts' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-goalposts' aria-label='Anchor'></a><span class='plain-code'>The Goalposts</span></h3>
<p>With stateless apps, draining a worker is easy. For each app instance running on the victim server, start a new instance elsewhere. Confirm it&rsquo;s healthy, then kill the old one. Rinse, repeat. At our 2020 scale, we could drain a fully loaded worker in just a handful of minutes.</p>
<p>You can see why this process won&rsquo;t work for apps with attached volumes. Sure, create a new volume elsewhere on the fleet, and boot up a new Fly Machine attached to it. But the new volume is empty. The data&rsquo;s still stuck on the original worker. We asked, and customers were not OK with this kind of migration.</p>
<p>Of course, we back Volumes snapshots up (at an interval) to off-network storage. But for “drain”, restoring backups isn&rsquo;t nearly good enough. No matter the backup interval, a “restore from backup migration&quot; will lose data, and a “backup and restore” migration incurs untenable downtime.</p>
<p>The next thought you have is, “OK, copy the volume over”. And, yes, of course you have to do that. But you can’t just <code>copy</code>, <code>boot</code>, and then <code>kill</code> the old Fly Machine. Because the original Fly Machine is still alive and writing, you have to <code>kill</code>first, then <code>copy</code>, then <code>boot</code>.</p>
<p>Fly Volumes can get pretty big. Even to a rack buddy physical server, you&rsquo;ll hit a point where draining incurs minutes of interruption, especially if you’re moving lots of volumes simultaneously. <code>Kill</code>, <code>copy</code>, <code>boot</code> is too slow.</p>
<div class="callout"><p>There’s a world where even 15 minutes of interruption is tolerable. It’s the world where you run more than one instance of your application to begin with, so prolonged interruption of a single Fly Machine isn’t visible to your users. Do this! But we have to live in the same world as our customers, many of whom don’t run in high-availability configurations.</p>
</div><h3 id='behold-the-clone-o-mat' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#behold-the-clone-o-mat' aria-label='Anchor'></a><span class='plain-code'>Behold The Clone-O-Mat</span></h3>
<p><code>Copy</code>, <code>boot</code>, <code>kill</code> loses data. <code>Kill</code>, <code>copy</code>, <code>boot</code> takes too long. What we needed is a new operation: <code>clone</code>.</p>
<p><code>Clone</code> is a lazier, asynchronous <code>copy</code>. It creates a new volume elsewhere on our fleet, just like <code>copy</code> would. But instead of blocking, waiting to transfer every byte from the original volume, <code>clone</code> returns immediately, with a transfer running in the background.</p>
<p>A new Fly Machine can be booted with that cloned volume attached. Its blocks are mostly empty. But that’s OK: when the new Fly Machine tries to read from it, the block storage system works out whether the block has been transferred. If it hasn’t, it’s fetched over the network from the original volume; this is called &ldquo;hydration&rdquo;. Writes are even easier, and don’t hit the network at all.</p>
<p><code>Kill</code>, <code>copy</code>, <code>boot</code> is slow. But <code>kill</code>, <code>clone</code>, <code>boot</code> is fast; it can be made asymptotically as fast as stateless migration.</p>
<p>There are three big moving pieces to this design.</p>
<ol>
<li>First, we have to rig up our OS storage system to make this <code>clone</code> operation work.
</li><li>Then, to read blocks over the network, we need a network protocol. (Spoiler: iSCSI, though we tried other stuff first.)
</li><li>Finally, the gnarliest of those pieces is our orchestration logic: what’s running where, what state is it in, and whether it’s plugged in correctly.
</li></ol>
<h3 id='block-level-clone' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#block-level-clone' aria-label='Anchor'></a><span class='plain-code'>Block-Level Clone</span></h3>
<p>The Linux feature we need to make this work already exists; <a href='https://docs.kernel.org/admin-guide/device-mapper/dm-clone.html' title=''>it’s called <code>dm-clone</code></a>. Given an existing, readable storage device, <code>dm-clone</code> gives us a new device, of identical size, where reads of uninitialized blocks will pull from the original. It sounds terribly complicated, but it’s actually one of the simpler kernel lego bricks. Let&rsquo;s demystify it.</p>
<p>As far as Unix is concerned, random-access storage devices, be they spinning rust or NVMe drives, are all instances of the common class “block device”. A block device is addressed in fixed-size (say, 4KiB) chunks, and <a href='https://elixir.bootlin.com/linux/v5.11.11/source/include/linux/blk_types.h#L356' title=''>handles (roughly) these operations</a>:</p>
<div class="highlight-wrapper group relative cpp">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-woz6bsz9"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-woz6bsz9"><span class="k">enum</span> <span class="n">req_opf</span> <span class="p">{</span>
<span class="cm">/* read sectors from the device */</span>
<span class="n">REQ_OP_READ</span> <span class="o">=</span> <span class="mi">0</span><span class="p">,</span>
<span class="cm">/* write sectors to the device */</span>
<span class="n">REQ_OP_WRITE</span> <span class="o">=</span> <span class="mi">1</span><span class="p">,</span>
<span class="cm">/* flush the volatile write cache */</span>
<span class="n">REQ_OP_FLUSH</span> <span class="o">=</span> <span class="mi">2</span><span class="p">,</span>
<span class="cm">/* discard sectors */</span>
<span class="n">REQ_OP_DISCARD</span> <span class="o">=</span> <span class="mi">3</span><span class="p">,</span>
<span class="cm">/* securely erase sectors */</span>
<span class="n">REQ_OP_SECURE_ERASE</span> <span class="o">=</span> <span class="mi">5</span><span class="p">,</span>
<span class="cm">/* write the same sector many times */</span>
<span class="n">REQ_OP_WRITE_SAME</span> <span class="o">=</span> <span class="mi">7</span><span class="p">,</span>
<span class="cm">/* write the zero filled sector many times */</span>
<span class="n">REQ_OP_WRITE_ZEROES</span> <span class="o">=</span> <span class="mi">9</span><span class="p">,</span>
<span class="cm">/* ... */</span>
<span class="p">};</span>
</code></pre>
</div>
</div>
<p>You can imagine designing a simple network protocol that supported all these options. It might have messages that looked something like:</p>
<p><img alt="A packet diagram, just skip down to &quot;struct bio&quot; below" src="/blog/machine-migrations/assets/packet.png?2/3&amp;center" />
Good news! The Linux block system is organized as if your computer was a network running a protocol that basically looks just like that. Here’s the message structure:</p>
<div class="right-sidenote"><p>I’ve <a href="https://elixir.bootlin.com/linux/v5.11.11/source/include/linux/blk_types.h#L223" title="">stripped a bunch of stuff out of here</a> but you don’t need any of it to understand what’s coming next.</p>
</div><div class="highlight-wrapper group relative cpp">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-kwrloyie"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-kwrloyie"><span class="cm">/*
* main unit of I/O for the block layer and lower layers (ie drivers and
* stacking drivers)
*/</span>
<span class="k">struct</span> <span class="nc">bio</span> <span class="p">{</span>
<span class="k">struct</span> <span class="nc">gendisk</span> <span class="o">*</span><span class="n">bi_disk</span><span class="p">;</span>
<span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">bi_opf</span>
<span class="kt">unsigned</span> <span class="kt">short</span> <span class="n">bi_flags</span><span class="p">;</span>
<span class="kt">unsigned</span> <span class="kt">short</span> <span class="n">bi_ioprio</span><span class="p">;</span>
<span class="n">blk_status_t</span> <span class="n">bi_status</span><span class="p">;</span>
<span class="kt">unsigned</span> <span class="kt">short</span> <span class="n">bi_vcnt</span><span class="p">;</span> <span class="cm">/* how many bio_vec's */</span>
<span class="k">struct</span> <span class="nc">bio_vec</span> <span class="n">bi_inline_vecs</span><span class="p">[]</span> <span class="cm">/* (page, len, offset) tuples */</span><span class="p">;</span>
<span class="p">};</span>
</code></pre>
</div>
</div>
<p>No nerd has ever looked at a fixed-format message like this without thinking about writing a proxy for it, and <code>struct bio</code> is no exception. The proxy system in the Linux kernel for <code>struct bio</code> is called <code>device mapper</code>, or DM.</p>
<p>DM target devices can plug into other DM devices. For that matter, they can do whatever the hell else they want, as long as they honor the interface. It boils down to a <code>map(bio)</code> function, which can dispatch a <code>struct bio</code>, or drop it, or muck with it and ask the kernel to resubmit it.</p>
<p>You can do a whole lot of stuff with this interface: carve a big device into a bunch of smaller ones (<a href='https://docs.kernel.org/admin-guide/device-mapper/linear.html' title=''><code>dm-linear</code></a>), make one big striped device out of a bunch of smaller ones (<a href='https://docs.kernel.org/admin-guide/device-mapper/striped.html' title=''><code>dm-stripe</code></a>), do software RAID mirroring (<code>dm-raid1</code>), create snapshots of arbitrary existing devices (<a href='https://docs.kernel.org/admin-guide/device-mapper/snapshot.html' title=''><code>dm-snap</code></a>), cryptographically verify boot devices (<a href='https://docs.kernel.org/admin-guide/device-mapper/verity.html' title=''><code>dm-verity</code></a>), and a bunch more. Device Mapper is the kernel backend for the <a href='https://sourceware.org/lvm2/' title=''>userland LVM2 system</a>, which is how we do <a href='https://fly.io/blog/persistent-storage-and-fast-remote-builds/' title=''>thin pools and snapshot backups</a>.</p>
<p>Which brings us to <code>dm-clone</code> : it’s a map function that boils down to:</p>
<div class="highlight-wrapper group relative cpp">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-8n5vrld6"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-8n5vrld6"> <span class="cm">/* ... */</span>
<span class="n">region_nr</span> <span class="o">=</span> <span class="n">bio_to_region</span><span class="p">(</span><span class="n">clone</span><span class="p">,</span> <span class="n">bio</span><span class="p">);</span>
<span class="c1">// we have the data</span>
<span class="k">if</span> <span class="p">(</span><span class="n">dm_clone_is_region_hydrated</span><span class="p">(</span><span class="n">clone</span><span class="o">-&gt;</span><span class="n">cmd</span><span class="p">,</span> <span class="n">region_nr</span><span class="p">))</span> <span class="p">{</span>
<span class="n">remap_and_issue</span><span class="p">(</span><span class="n">clone</span><span class="p">,</span> <span class="n">bio</span><span class="p">);</span>
<span class="k">return</span> <span class="mi">0</span><span class="p">;</span>
<span class="c1">// we don't and it's a read</span>
<span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="n">bio_data_dir</span><span class="p">(</span><span class="n">bio</span><span class="p">)</span> <span class="o">==</span> <span class="n">READ</span><span class="p">)</span> <span class="p">{</span>
<span class="n">remap_to_source</span><span class="p">(</span><span class="n">clone</span><span class="p">,</span> <span class="n">bio</span><span class="p">);</span>
<span class="k">return</span> <span class="mi">1</span><span class="p">;</span>
<span class="p">}</span>
<span class="c1">// we don't and it's a write</span>
<span class="n">remap_to_dest</span><span class="p">(</span><span class="n">clone</span><span class="p">,</span> <span class="n">bio</span><span class="p">);</span>
<span class="n">hydrate_bio_region</span><span class="p">(</span><span class="n">clone</span><span class="p">,</span> <span class="n">bio</span><span class="p">);</span>
<span class="k">return</span> <span class="mi">0</span><span class="p">;</span>
<span class="cm">/* ... */</span>
</code></pre>
</div>
</div><div class="right-sidenote"><p>a <a href="https://docs.kernel.org/admin-guide/device-mapper/kcopyd.html" title=""><code>kcopyd</code></a> thread runs in the background, rehydrating the device in addition to (and independent of) read accesses.</p>
</div>
<p><code>dm-clone</code> takes, in addition to the source device to clone from, a “metadata” device on which is stored a bitmap of the status of all the blocks: either “rehydrated” from the source, or not. That’s how it knows whether to fetch a block from the original device or the clone.</p>
<h3 id='network-clone' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#network-clone' aria-label='Anchor'></a><span class='plain-code'>Network Clone</span></h3><div class="callout"><p><strong class="font-semibold text-navy-950"><code>flyd</code> in a nutshell:</strong> worker physical run a service, <code>flyd</code>, which manages a couple of databases that are the source of truth for all the Fly Machines running there. Concepturally, <code>flyd</code> is a server for on-demand instances of durable finite state machines, each representing some operation on a Fly Machine (creation, start, stop, &amp;c), with the transition steps recorded carefully in a BoltDB database. An FSM step might be something like “assign a local IPv6 address to this interface”, or “check out a block device with the contents of this container”, and it’s straightforward to add and manage new ones.</p>
</div>
<p>Say we&rsquo;ve got <code>flyd</code> managing a Fly Machine with a volume on <code>worker-xx-cdg1-1</code>. We want it running on <code>worker-xx-cdg1-2</code>. Our whole fleet is meshed with WireGuard; everything can talk directly to everything else. So, conceptually:</p>
<ol>
<li><code>flyd</code> on <code>cdg1-1</code> stops the Fly Machine, and
</li><li>sends a message to <code>flyd</code> on <code>cdg1-2</code> telling it to clone the source volume.
</li><li><code>flyd</code> on <code>cdg1-2</code> starts a <code>dm-clone</code> instance, which creates a clone volume on <code>cdg1-2</code>, populating it, over some kind of network block protocol, from <code>cdg1-1</code>, and
</li><li>boots a new Fly Machine, attached to the clone volume.
</li><li><code>flyd</code> on <code>cdg1-2</code> monitors the clone operation, and, when the clone completes, converts the clone device to a simple linear device and cleans up.
</li></ol>
<p>For step (3) to work, the “original volume” on <code>cdg1-1</code> has to be visible on <code>cdg1-2</code>, which means we need to mount it over the network.</p>
<div class="right-sidenote"><p><code>nbd</code> is so simple that it’s used as a sort of <code>dm-user</code> userland block device; to prototype a new block device, <a href="https://lwn.net/ml/linux-kernel/[email protected]/" title="">don’t bother writing a kernel module</a>, just write an <code>nbd</code> server.</p>
</div>
<p>Take your pick of protocols. iSCSI is the obvious one, but it’s relatively complicated, and Linux has native support for a much simpler one: <code>nbd</code>, the “network block device”. You could implement an <code>nbd</code> server in an afternoon, on top of a file or a SQLite database or S3, and the Linux kernel could mount it as a drive.</p>
<p>We started out using <code>nbd</code>. But we kept getting stuck <code>nbd</code> kernel threads when there was any kind of network disruption. We’re a global public cloud; network disruption happens. Honestly, we could have debugged our way through this. But it was simpler just to spike out an iSCSI implementation, observe that didn’t get jammed up when the network hiccuped, and move on.</p>
<h3 id='putting-the-pieces-together' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#putting-the-pieces-together' aria-label='Anchor'></a><span class='plain-code'>Putting The Pieces Together</span></h3>
<p>To drain a worker with minimal downtime and no lost data, we turn workers into a temporary SANs, serving the volumes we need to drain to fresh-booted replica Fly Machines on a bunch of “target” physicals. Those SANs — combinations of <code>dm-clone</code>, iSCSI, and <a href='https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/' title=''>our <code>flyd</code> orchestrator</a> — track the blocks copied from the origin, copying each one exactly once and cleaning up when the original volume has been fully copied.</p>
<p>Problem solved!</p>
<h3 id='no-there-were-more-problems' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#no-there-were-more-problems' aria-label='Anchor'></a><span class='plain-code'>No, There Were More Problems</span></h3>
<p>When your problem domain is hard, anything you build whose design you can’t fit completely in your head is going to be a fiasco. Shorter form: “if you see Raft consensus in a design, we’ve done something wrong”.</p>
<p>A virtue of this migration system is that, for as many moving pieces as it has, it fits in your head. What complexity it has is mostly shouldered by strategic bets we’ve already built teams around, most notably the <code>flyd</code> orchestrator. So we’ve been running this system for the better part of a year without much drama. Not no drama, though. Some drama.</p>
<p>Example: we encrypt volumes. Our key management is fussy. We do per-volume encryption keys that provision alongside the volumes themselves, so no one worker has a volume skeleton key.</p>
<p>If you think “migrating those volume keys from worker to worker” is the problem I’m building up to, well, that too, but the bigger problem is <code>trim</code>.</p>
<p>Most people use just a small fraction of the volumes they allocate. A 100GiB volume with just 5MiB used wouldn’t be at all weird. You don’t want to spend minutes copying a volume that could have been fully hydrated in seconds.</p>
<p>And indeed, <code>dm-clone</code> doesn’t want to do that either. Given a source block device (for us, an iSCSI mount) and the clone device, a <code>DISCARD</code> issued on the clone device will get picked up by <code>dm-clone</code>, which will simply <a href='https://elixir.bootlin.com/linux/v5.11.11/source/drivers/md/dm-clone-target.c#L1357' title=''>short-circuit the read</a> of the relevant blocks by marking them as hydrated in the metadata volume. Simple enough.</p>
<p>To make that work, we need the target worker to see the plaintext of the source volume (so that it can do an <code>fstrim</code> — don’t get us started on how annoying it is to sandbox this — to read the filesystem, identify the unused block, and issue the <code>DISCARDs</code> where <code>dm-clone</code> can see them) Easy enough.</p>
<div class="right-sidenote"><p>these curses have a lot to do with how hard it was to drain workers!</p>
</div>
<p>Except: two different workers, for cursed reasons, might be running different versions of <a href='https://gitlab.com/cryptsetup/cryptsetup' title=''>cryptsetup</a>, the userland bridge between LUKS2 and the <a href='https://docs.kernel.org/admin-guide/device-mapper/dm-crypt.html' title=''>kernel dm-crypt driver</a>. There are (or were) two different versions of cryptsetup on our network, and they default to different <a href='https://fossies.org/linux/cryptsetup/docs/on-disk-format-luks2.pdf' title=''>LUKS2 header sizes</a> — 4MiB and 16MiB. Implying two different plaintext volume sizes. </p>
<p>So now part of the migration FSM is an RPC call that carries metadata about the designed LUKS2 configuration for the target VM. Not something we expected to have to build, but, whatever.</p>
<div class="right-sidenote"><p>Corrosion deserves its own post.</p>
</div>
<p>Gnarlier example: workers are the source of truth for information about the Fly Machines running on them. Migration knocks the legs out from under that constraint, which we were relying on in Corrosion, the SWIM-gossip SQLite database we use to connect Fly Machines to our request routing. Race conditions. Debugging. Design changes. Next!</p>
<p>Gnarliest example: our private networks. Recall: we automatically place every Fly Machine into <a href='https://fly.io/blog/incoming-6pn-private-networks/' title=''>a private network</a>; by default, it’s the one all the other apps in your organization run in. This is super handy for setting up background services, databases, and clustered applications. 20 lines of eBPF code in our worker kernels keeps anybody from “crossing the streams”, sending packets from one private network to another.</p>
<div class="right-sidenote"><p>we’re members of an elite cadre of idiots who have managed to find designs that made us wish IPv6 addresses were even bigger.</p>
</div>
<p>We call this scheme 6PN (for “IPv6 Private Network”). It functions by <a href='https://fly.io/blog/ipv6-wireguard-peering#ipv6-private-networking-at-fly' title=''>embedding routing information directly into IPv6 addresses</a>. This is, perhaps, gross. But it allows us to route diverse private networks with constantly changing membership across a global fleet of servers without running a distributed routing protocol. As the beardy wizards who kept the Internet backbone up and running on Cisco AGS+’s once said: the best routing protocol is “static”.</p>
<p>Problem: the embedded routing information in a 6PN address refers in part to specific worker servers.</p>
<p>That’s fine, right? They’re IPv6 addresses. Nobody uses literal IPv6 addresses. Nobody uses IP addresses at all; they use the DNS. When you migrate a host, just give it a new 6PN address, and update the DNS.</p>
<p>Friends, somebody did use literal IPv6 addresses. It was us. In the configurations for Fly Postgres clusters.</p>
<div class="right-sidenote"><p>It’s also not operationally easy for us to shell into random Fly Machines, for good reason.</p>
</div>
<p>The obvious fix for this is not complicated; given <code>flyctl</code> ssh access to a Fly Postgres cluster, it’s like a 30 second ninja edit. But we run a <em>lot</em> of Fly Postgres clusters, and the change has to be coordinated carefully to avoid getting the cluster into a confused state. We went as far as adding feature to our <code>init</code> to do network address mappings to keep old 6PN addresses reachable before biting the bullet and burning several weeks doing the direct configuration fix fleet-wide.</p>
<figure class="post-cta">
<figcaption>
<h1>Speedrun your app onto Fly.io.</h1>
<p>3&hellip;2&hellip;1&hellip;</p>
<a class="btn btn-lg" href="https://fly.io/speedrun">
Go! &nbsp;<span class='opacity-50'>→</span>
</a>
</figcaption>
<div class="image-container">
<img src="/static/images/cta-dog.webp" srcset="/static/images/[email protected] 2x" alt="">
</div>
</figure>
<h3 id='the-learning-it-burns' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-learning-it-burns' aria-label='Anchor'></a><span class='plain-code'>The Learning, It Burns!</span></h3>
<p>We get asked a lot why we don’t do storage the “obvious” way, with an <a href='https://aws.amazon.com/ebs/' title=''>EBS-type</a> SAN fabric, abstracting it away from our compute. Locally-attached NVMe storage is an idiosyncratic choice, one we’ve had to write disclaimers for (single-node clusters can lose data!) since we first launched it.</p>
<p>One answer is: we’re a startup. Building SAN infrastructure in every region we operate in would be tremendously expensive. Look at any feature in AWS that normal people know the name of, like EC2, EBS, RDS, or S3 — there’s a whole company in there. We launched storage when we were just 10 people, and even at our current size we probably have nothing resembling the resources EBS gets. AWS is pretty great!</p>
<p>But another thing to keep in mind is: we’re learning as we go. And so even if we had the means to do an EBS-style SAN, we might not build it today.</p>
<p>Instead, we’re a lot more interested in log-structured virtual disks (LSVD). LSVD uses NVMe as a local cache, but durably persists writes in object storage. You get most of the performance benefit of bus-hop disk writes, along with unbounded storage and S3-grade reliability.</p>
<p><a href='https://community.fly.io/t/bottomless-s3-backed-volumes/15648' title=''>We launched LSVD experimentally last year</a>; in the intervening year, something happened to make LSVD even more interesting to us: <a href='https://www.tigrisdata.com/' title=''>Tigris Data</a> launched S3-compatible object storage in every one our regions, so instead of backhauling updates to Northern Virginia, <a href='https://community.fly.io/t/tigris-backed-volumes/20792' title=''>we can keep them local</a>. We have more to say about LSVD, and a lot more to say about Tigris.</p>
<p>Our first several months of migrations were done gingerly. By summer of 2024, we got to where our infra team can pull “drain this host” out of their toolbelt without much ceremony.</p>
<p>We’re still not to the point where we’re migrating casually. Your Fly Machines are probably not getting migrated! There&rsquo;d need to be a reason! But the dream is fully-automated luxury space migration, in which you might get migrated semiregularly, as our systems work not just to drain problematic hosts but to rebalance workloads regularly. No time soon. But we’ll get there.</p>
<p>This is the biggest thing our team has done since we replaced Nomad with flyd. Only the new billing system comes close. We did this thing not because it was easy, but because we thought it would be easy. It was not. But: worth it!</p></content>
</entry>
<entry>
<title>AWS without Access Keys</title>
<link rel="alternate" href="https://fly.io/blog/oidc-cloud-roles/"/>
<id>https://fly.io/blog/oidc-cloud-roles/</id>
<published>2024-06-19T00:00:00+00:00</published>
<updated>2024-06-25T22:52:32+00:00</updated>
<media:thumbnail url="https://fly.io/blog/oidc-cloud-roles/assets/spooky-security-skeleton-thumb.webp"/>
<content type="html"><div class="lead"><p>It’s dangerous to go alone. Fly.io runs full-stack apps by transmuting Docker containers into Fly Machines: ultra-lightweight hardware-backed VMs. You can run all your dependencies on Fly.io, but sometimes, you’ll need to work with other clouds, and we’ve made that pretty simple. Try Fly.io out for yourself; your Rails or Node app <a href="https://fly.io/speedrun" title="">can be up and running in just minutes</a>.</p>
</div>
<p>Let&rsquo;s hypopulate you an app serving generative AI cat images based on the weather forecast, running on a <code>g4dn.xlarge</code> ECS task in AWS <code>us-east-1</code>. It&rsquo;s going great; people didn&rsquo;t realize how dependent their cat pic prefs are on barometric pressure, and you&rsquo;re all anyone can talk about.</p>
<p>Word reaches Australia and Europe, but you&rsquo;re not catching on, because the… latency is too high? Just roll with us here. Anyways: fixing this is going to require replicating ECS tasks and ECR images into <code>ap-southeast-2</code> and <code>eu-central-1</code> while also setting up load balancing. Nah.</p>
<p>This is the O.G. Fly.io deployment story; one deployed app, one versioned container, one command to get it running anywhere in the world.</p>
<p>But you have a problem: your app relies on training data, it&rsquo;s huge, your giant employer manages it, and it&rsquo;s in S3. Getting this to work will require AWS credentials.</p>
<p>You could ask your security team to create a user, give it permissions, and hand over the AWS keypair. Then you could wash your neck and wait for the blade. Passing around AWS keypairs is the beginning of every horror story told about cloud security, and security team ain&rsquo;t having it.</p>
<p>There&rsquo;s a better way. It&rsquo;s drastically more secure, so your security people will at least hear you out. It&rsquo;s also so much easier on Fly.io that you might never bother creating a IAM service account again.</p>
<h2 id='lets-get-it-out-of-the-way' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#lets-get-it-out-of-the-way' aria-label='Anchor'></a><span class='plain-code'>Let&rsquo;s Get It out of the Way</span></h2>
<p>We&rsquo;re going to use OIDC to set up strictly limited trust between AWS and Fly.io.</p>
<ol>
<li>In AWS: we&rsquo;ll add Fly.io as an <code>Identity Provider</code> in AWS IAM, giving us an ID we can plug into any IAM <code>Role</code>.
</li><li>Also in AWS: we&rsquo;ll create a <code>Role</code>, give it access to the S3 bucket with our tokenized cat data, and then attach the <code>Identity Provider</code> to it.
</li><li>In Fly.io, we&rsquo;ll take the <code>Role</code> ARN we got from step 2 and set it as an environment variable in our app.
</li></ol>
<p>Our machines will now magically have access to the S3 bucket.</p>
<h2 id='what-the-what' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#what-the-what' aria-label='Anchor'></a><span class='plain-code'>What the What</span></h2>
<p>A reasonable question to ask here is, &ldquo;where&rsquo;s the credential&rdquo;? Ordinarily, to give a Fly Machine access to an AWS resource, you&rsquo;d use <code>fly secrets set</code> to add an <code>AWS_ACCESS_KEY_ID</code> and <code>AWS_SECRET_ACCESS_KEY</code> to the environment in the Machine. Here, we&rsquo;re not setting any secrets at all; we&rsquo;re just adding an ARN — which is not a credential — to the Machine.</p>
<p>Here&rsquo;s what&rsquo;s happening.</p>
<p>Fly.io operates an OIDC IdP at <code>oidc.fly.io</code>. It issues OIDC tokens, exclusively to Fly Machines. AWS can be configured to trust these tokens, on a role-by-role basis. That&rsquo;s the &ldquo;secret credential&rdquo;: the pre-configured trust relationship in IAM, and the public keypairs it manages. You, the user, never need to deal with these keys directly; it all happens behind the scenes, between AWS and Fly.io.</p>
<p><img alt="A diagram: STS trusts OIDC.fly.io. OIDC.fly.io trusts flyd. flyd issues a token to the Machine, which proffers it to STS. STS sends an STS cred to the Machine, which then uses it to retrieve model weights from S3." src="/blog/oidc-cloud-roles/assets/oidc-diagram.webp" /></p>
<p>The key actor in this picture is <code>STS</code>, the AWS <code>Security Token Service</code>. <code>STS</code>&lsquo;s main job is to vend short-lived AWS credentials, usually through some variant of an API called <code>AssumeRole</code>. Specifically, in our case: <code>AssumeRoleWithWebIdentity</code> tells <code>STS</code> to cough up an AWS keypair given an OIDC token (that matches a pre-configured trust relationship).</p>
<p>That still leaves the question: how does your code, which is reaching out to the AWS APIs to get cat weights, drive any of this?</p>
<h2 id='the-init-thickens' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-init-thickens' aria-label='Anchor'></a><span class='plain-code'>The Init Thickens</span></h2>
<p>Every Fly Machine boots up into an <code>init</code> we wrote in Rust. It has slowly been gathering features.</p>
<p>One of those features, which has been around for awhile, is a server for a Unix socket at <code>/.fly/api</code>, which exports a subset of the Fly Machines API to privileged processes in the Machine. Think of it as our answer to the EC2 Instant Metadata Service. How it works is, every time we boot a Fly Machine, we pass it a <a href='https://fly.io/blog/macaroons-escalated-quickly/' title=''>Macaroon token</a> locked to that particular Machine; <code>init</code>&rsquo;s server for <code>/.fly/api</code> is a proxy that attaches that token to requests.</p>
<div class="right-sidenote"><p>In addition to the API proxy being tricky to SSRF to.</p>
</div>
<p>What&rsquo;s neat about this is that the credential that drives <code>/.fly/api</code> is doubly protected:</p>
<ol>
<li>The Fly.io platform won&rsquo;t honor it unless it comes from that specific Fly Machine (<code>flyd</code>, our orchestrator, knows who it&rsquo;s talking to), <em>and</em>
</li><li>Ordinary code running in a Fly Machine never gets a copy of the token to begin with.
</li></ol>
<p>You could rig up a local privilege escalation vulnerability and work out how to steal the Macaroon, but you can&rsquo;t exfiltrate it productively.</p>
<p>So now you have half the puzzle worked out: OIDC is just part of the <a href='https://fly.io/docs/machines/api/' title=''>Fly Machines API</a> (specifically: <code>/v1/tokens/oidc</code>). A Fly Machine can hit a Unix socket and get an OIDC token tailored to that machine:</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-xdcj19sc"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-xdcj19sc">{
"app_id": "3671581",
"app_name": "weather-cat",
"aud": "sts.amazonaws.com",
"image": "image:latest",
"image_digest": "sha256:dff79c6da8dd4e282ecc6c57052f7cfbd684039b652f481ca2e3324a413ee43f",
"iss": "https://oidc.fly.io/example",
"machine_id": "3d8d377ce9e398",
"machine_name": "ancient-snow-4824",
"machine_version": "01HZJXGTQ084DX0G0V92QH3XW4",
"org_id": "29873298",
"org_name": "example",
"region": "yyz",
"sub": "example:weather-cat:ancient-snow-4824"
} // some OIDC stuff trimmed
</code></pre>
</div>
</div>
<p>Look upon this holy blob, sealed with a published key managed by Fly.io&rsquo;s OIDC vault, and see that there lies within it enough information for AWS <code>STS</code> to decide to issue a session credential.</p>
<p>We have still not completed the puzzle, because while you can probably now see how you&rsquo;d drive this process with a bunch of new code that you&rsquo;d tediously write, you are acutely aware that you have not yet endured that tedium — e pur si muove!</p>
<p>One <code>init</code> feature remains to be disclosed, and it&rsquo;s cute.</p>
<p>If, when <code>init</code> starts in a Fly Machine, it sees an <code>AWS_ROLE_ARN</code> environment variable set, it initiates a little dance; it:</p>
<ol>
<li>goes off and generates an OIDC token, the way we just described,
</li><li>saves that OIDC token in a file, <em>and</em>
</li><li>sets the <code>AWS_WEB_IDENTITY_TOKEN_FILE</code> and <code>AWS_ROLE_SESSION_NAME</code> environment variables for every process it launches.
</li></ol>
<p>The AWS SDK, linked to your application, does all the rest.</p>
<p>Let&rsquo;s review: you add an <code>AWS_ROLE_ARN</code> variable to your Fly App, launch a Machine, and have it go fetch a file from S3. What happens next is:</p>
<ol>
<li><code>init</code> detects <code>AWS_ROLE_ARN</code> is set as an environment variable.
</li><li><code>init</code> sends a request to <code>/v1/tokens/oidc</code> via <code>/.api/proxy</code>.
</li><li><code>init</code> writes the response to <code>/.fly/oidc_token.</code>
</li><li><code>init</code> sets <code>AWS_WEB_IDENTITY_TOKEN_FILE</code> and <code>AWS_ROLE_SESSION_NAME</code>.
</li><li>The entrypoint boots, and (say) runs <code>aws s3 get-object.</code>
</li><li>The AWS SDK runs through the <a href='https://docs.aws.amazon.com/sdkref/latest/guide/standardized-credentials.html#credentialProviderChain' title=''>credential provider chain</a>
</li><li>The SDK sees that <code>AWS_WEB_IDENTITY_TOKEN_FILE</code> is set and calls <code>AssumeRoleWithWebIdentity</code> with the file contents.
</li><li>AWS verifies the token against <a href='https://oidc.fly.io/' title=''><code>https://oidc.fly.io/</code></a><code>example/.well-known/openid-configuration</code>, which references a key Fly.io manages on isolated hardware.
</li><li>AWS vends <code>STS</code> credentials for the assumed <code>Role</code>.
</li><li>The SDK uses the <code>STS</code> credentials to access the S3 bucket.
</li><li>AWS checks the <code>Role</code>&rsquo;s IAM policy to see if it has access to the S3 bucket.
</li><li>AWS returns the contents of the bucket object.
</li></ol>
<h2 id='how-much-better-is-this' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#how-much-better-is-this' aria-label='Anchor'></a><span class='plain-code'>How Much Better Is This?</span></h2>
<p>It is a lot better.</p>
<div class="right-sidenote"><p>They asymptotically approach the security properties of Macaroon tokens.</p>
</div>
<p>Most importantly: AWS <code>STS</code> credentials are short-lived. Because they&rsquo;re generated dynamically, rather than stored in a configuration file or environment variable, they&rsquo;re already a little bit annoying for an attacker to recover. But they&rsquo;re also dead in minutes. They have a sharply limited blast radius. They rotate themselves, and fail closed.</p>
<p>They&rsquo;re also easier to manage. This is a rare instance where you can reasonably drive the entire AWS side of the process from within the web console. Your cloud team adds <code>Roles</code> all the time; this is just a <code>Role</code> with an extra snippet of JSON. The resulting ARN isn&rsquo;t even a secret; your cloud team could just email or Slack message it back to you.</p>
<p>Finally, they offer finer-grained control.</p>
<p>To understand the last part, let&rsquo;s look at that extra snippet of JSON (the &ldquo;Trust Policy&rdquo;) your cloud team is sticking on the new <code>cat-bucket</code> <code>Role</code>:</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-x99m930o"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-x99m930o">{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::123456123456:oidc-provider/oidc.fly.io/example"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"oidc.fly.io/example:aud": "sts.amazonaws.com",
},
"StringLike": {
"oidc.fly.io/example:sub": "example:weather-cat:*"
}
}
}
]
}
</code></pre>
</div>
</div><div class="right-sidenote"><p>The <code>aud</code> check guarantees <code>STS</code> will only honor tokens that Fly.io deliberately vended for <code>STS</code>.</p>
</div>
<p>Recall the OIDC token we dumped earlier; much of what&rsquo;s in it, we can match in the Trust Policy. Every OIDC token Fly.io generates is going to have a <code>sub</code> field formatted <code>org:app:machine</code>, so we can lock IAM <code>Roles</code> down to organizations, or to specific Fly Apps, or even specific Fly Machine instances.</p>
<figure class="post-cta">
<figcaption>
<h1>Speedrun your app onto Fly.io.</h1>
<p>3&hellip;2&hellip;1&hellip;</p>
<a class="btn btn-lg" href="https://fly.io/speedrun">
Go! &nbsp;<span class='opacity-50'>→</span>
</a>
</figcaption>
<div class="image-container">
<img src="/static/images/cta-kitty.webp" srcset="/static/images/[email protected] 2x" alt="">
</div>
</figure>
<h2 id='and-so' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#and-so' aria-label='Anchor'></a><span class='plain-code'>And So</span></h2>
<p>In case it&rsquo;s not obvious: this pattern works for any AWS API, not just S3.</p>
<p>Our OIDC support on the platform and in Fly Machines will set arbitrary OIDC <code>audience</code> strings, so you can use it to authenticate to any OIDC-compliant cloud provider. It won&rsquo;t be as slick on Azure or GCP, because we haven&rsquo;t done the <code>init</code> features to light their APIs up with a single environment variable — but those features are easy, and we&rsquo;re just waiting for people to tell us what they need.</p>
<p>For us, the gold standard for least-privilege, conditional access tokens remains Macaroons, and it&rsquo;s unlikely that we&rsquo;re going to do a bunch of internal stuff using OIDC. We even snuck Macaroons into this feature. But the security you&rsquo;re getting from this OIDC dance closes a lot of the gap between hardcoded user credentials and Macaroons, and it&rsquo;s easy to use — easier, in some ways, than it is to manage role-based access inside of a legacy EC2 deployment!</p></content>
</entry>
<entry>
<title>Picture This: Open Source AI for Image Description</title>
<link rel="alternate" href="https://fly.io/blog/llm-image-description/"/>
<id>https://fly.io/blog/llm-image-description/</id>
<published>2024-05-09T00:00:00+00:00</published>
<updated>2024-05-23T20:00:21+00:00</updated>
<media:thumbnail url="https://fly.io/blog/llm-image-description/assets/image-description-thumb.webp"/>
<content type="html"><div class="lead"><p>I’m Nolan, and I work on Fly Machines here at Fly.io. We’re building a new public cloud—one where you can spin up CPU and GPU workloads, around the world, in a jiffy. <a href="https://fly.io/speedrun/" title="">Try us out</a>; you can be up and running in minutes. This is a post about LLMs being really helpful, and an extensible project you can build with open source on a weekend.</p>
</div>
<p>Picture this, if you will.</p>
<p>You&rsquo;re blind. You&rsquo;re in an unfamiliar hotel room on a trip to Chicago.</p>
<div class="right-sidenote"><p>If you live in Chicago IRL, imagine the hotel in Winnipeg, <a href="https://www.cbc.ca/history/EPISCONTENTSE1EP10CH3PA5LE.html" title="">the Chicago of the North</a>.</p>
</div>
<p>You&rsquo;ve absent-mindedly set your coffee down, and can&rsquo;t remember where. You&rsquo;re looking for the thermostat so you don&rsquo;t wake up frozen. Or, just maybe, you&rsquo;re playing a fun-filled round of &ldquo;find the damn light switch so your sighted partner can get some sleep already!&rdquo;</p>
<p>If, like me, you&rsquo;ve been blind for a while, you have plenty of practice finding things without the luxury of a quick glance around. It may be more tedious than you&rsquo;d like, but you&rsquo;ll get it done.</p>
<p>But the speed of innovation in machine learning and large language models has been dizzying, and in 2024 you can snap a photo with your phone and have an app like <a href='https://www.bemyeyes.com/blog/announcing-be-my-ai/' title=''>Be My AI</a> or <a href='https://www.seeingai.com/' title=''>Seeing AI</a> tell you where in that picture it found your missing coffee mug, or where it thinks the light switch is.</p>
<div class="right-sidenote"><p>Creative switch locations seem to be a point of pride for hotels, so the light game may be good for a few rounds of quality entertainment, regardless of how good your AI is.</p>
</div>
<p>This is <em>big</em>. It&rsquo;s hard for me to state just how exciting and empowering AI image descriptions have been for me without sounding like a shill. In the past year, I&rsquo;ve:</p>
<ul>
<li>Found shit in strange hotel rooms.
</li><li>Gotten descriptions of scenes and menus in otherwise inaccessible video games.
</li><li>Requested summaries of technical diagrams and other materials where details weren’t made available textually.
</li></ul>
<p>I&rsquo;ve been consistently blown away at how impressive and helpful AI-created image descriptions have been.</p>
<p>Also&hellip;</p>
<h2 id='which-thousand-words-is-this-picture-worth' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#which-thousand-words-is-this-picture-worth' aria-label='Anchor'></a><span class='plain-code'>Which thousand words is this picture worth?</span></h2>
<p>As a blind internet user for the last three decades, I have extensive empirical evidence to corroborate what you already know in your heart: humans are pretty flaky about writing useful alt text for all the images they publish. This does tend to make large swaths of the internet inaccessible to me!</p>
<p>In just a few years, the state of image description on the internet has gone from complete reliance on the aforementioned lovable, but ultimately tragically flawed, humans, to automated strings of words like <code>Image may contain person, glasses, confusion, banality, disillusionment</code>, to LLM-generated text that reads a lot like it was written by a person, perhaps sipping from a steaming cup of Earl Grey as they reflect on their previous experiences of a background that features a tree with snow on its branches, suggesting that this scene takes place during winter.</p>
<p>If an image is missing alt text, or if you want a second opinion, there are screen-reader addons, like <a href='https://github.com/cartertemm/AI-content-describer/' title=''>this one</a> for <a href='https://www.nvaccess.org/download/' title=''>NVDA</a>, that you can use with an API key to get image descriptions from GPT-4 or Google Gemini as you read. This is awesome! </p>
<p>And this brings me to the nerd snipe. How hard would it be to build an image description service we can host ourselves, using open source technologies? It turns out to be spookily easy.</p>
<p>Here&rsquo;s what I came up with:</p>
<ol>
<li><a href='https://ollama.com/' title=''>Ollama</a> to run the model
</li><li>A <a href='https://pocketbase.io' title=''>PocketBase</a> project that provides a simple authenticated API for users to submit images, get descriptions, and ask followup questions about the image
</li><li>The simplest possible Python client to interact with the PocketBase app on behalf of users
</li></ol>
<p>The idea is to keep it modular and hackable, so if sentiment analysis or joke creation is your thing, you can swap out image description for that and have something going in, like, a weekend.</p>
<p>If you&rsquo;re like me, and you go skipping through recipe blogs to find the &ldquo;go directly to recipe&rdquo; link, find the code itself <a href='https://github.com/superfly/llm-describer' title=''>here</a>. </p>
<h2 id='the-llm-is-the-easiest-part' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-llm-is-the-easiest-part' aria-label='Anchor'></a><span class='plain-code'>The LLM is the easiest part</span></h2>
<p>An API to accept images and prompts, run the model, and spit
out answers sounds like a lot! But it&rsquo;s the simplest part of this whole thing, because:
that&rsquo;s <a href='https://ollama.com/' title=''>Ollama</a>.</p>
<p>You can just run the Ollama Docker image, get it to grab the model
you want to use, and that&rsquo;s it. There&rsquo;s your AI server. (We have a <a href='https://fly.io/blog/scaling-llm-ollama/' title=''>blog post</a>
all about deploying Ollama on Fly.io; Fly GPUs are rad, try&#39;em out, etc.).</p>
<p>For this project, we need a model that can make sense&mdash;or at least words&mdash;out of a picture.
<a href='https://llava-vl.github.io/' title=''>LLaVA</a> is a trained, Apache-licensed &ldquo;large multimodal model&rdquo; that fits the bill.
Get the model with the Ollama CLI:</p>
<div class="highlight-wrapper group relative cmd">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-vsa102iz"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight cmd'><code id="code-vsa102iz">ollama pull llava:34b
</code></pre>
</div>
</div><div class="callout"><p>If you have hardware that can handle it, you could run this on your computer at home. If you run AI models on a cloud provider, be aware that GPU compute is expensive! <strong class="font-semibold text-navy-950">It’s important to take steps to ensure you’re not paying for a massive GPU 24/7.</strong></p>
<p>On Fly.io, at the time of writing, you’d achieve this with the <a href="https://fly.io/docs/apps/autostart-stop/" title="">autostart and autostop</a> functions of the Fly Proxy, restricting Ollama access to internal requests over <a href="https://fly.io/docs/networking/private-networking/#flycast-private-fly-proxy-services" title="">Flycast</a> from the PocketBase app. That way, if there haven’t been any requests for a few minutes, the Fly Proxy stops the Ollama <a href="https://fly.io/docs/machines/" title="">Machine</a>, which releases the CPU, GPU, and RAM allocated to it. <a href="https://fly.io/blog/scaling-llm-ollama/" title="">Here’s a post</a> that goes into more detail. </p>
</div><h2 id='a-multi-tool-on-the-backend' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#a-multi-tool-on-the-backend' aria-label='Anchor'></a><span class='plain-code'>A multi-tool on the backend</span></h2>
<p>I want user auth to make sure just anyone can&rsquo;t grab my &ldquo;image description service&rdquo; and keep it busy generating short stories about their cat. If I build this out into a service for others to use, I might also want business logic around plans or
credits, or mobile-friendly APIs for use in the field. <a href='https://pocketbase.io' title=''>PocketBase</a> provides a scaffolding for all of it. It&rsquo;s a Swiss army knife: a Firebase-like API on top of SQLite, complete with authentication, authorization, an admin UI, extensibility in JavaScript and Go, and various client-side APIs.</p>
<div class="right-sidenote"><p>Yes, <em>of course</em> I’ve used an LLM to generate feline fanfic. Theme songs too. Hasn’t everyone? </p>
</div>
<p>I &ldquo;faked&rdquo; a task-specific API that supports followup questions by extending PocketBase in Go, modeling requests and responses as <a href='https://pocketbase.io/docs/collections/' title=''>collections</a> (i.e. SQLite tables) with <a href='https://pocketbase.io/docs/go-event-hooks/' title=''>event hooks</a> to trigger pre-set interactions with the Ollama app (via <a href='https://tmc.github.io/langchaingo' title=''>LangChainGo</a>) and the client (via the PocketBase API).</p>
<p>If you&rsquo;re following along, <a href='https://github.com/superfly/llm-describer/blob/main/describer.go' title=''>here&rsquo;s the module</a>
that handles all that, along with initializing the LLM connection.</p>
<p>In a nutshell, this is the dance:</p>
<ul>
<li>When a user uploads an image, a hook on the <code>images</code> collection sends the image to Ollama, along with this prompt:
<code>&quot;You are a helpful assistant describing images for blind screen reader users. Please describe this image.&quot;</code>
</li><li>Ollama sends back its response, which the backend 1) passes back to the client and 2) stores in its <code>followups</code> collection for future reference.
</li><li>If the user responds with a followup question about the image and description, that also
goes into the <code>followups</code> collection; user-initiated changes to this collection trigger a hook to chain the new
followup question with the image and the chat history into a new request for the model.
</li><li>Lather, rinse, repeat.
</li></ul>
<p>This is a super simple hack to handle followup questions, and it’ll let you keep adding followups until
something breaks. You&rsquo;ll see the quality of responses get poorer&mdash;possibly incoherent&mdash;as the context
exceeds the context window.</p>
<p>I also set up <a href='https://pocketbase.io/docs/api-rules-and-filters/' title=''>API rules</a> in PocketBase,
ensuring that users can&rsquo;t read to and write from others&rsquo; chats with the AI.</p>
<p>If image descriptions aren&rsquo;t your thing, this business logic is easily swappable
for joke generation, extracting details from text, any other simple task you
might want to throw at an LLM. Just slot the best model into Ollama (LLaVA is pretty OK as a general starting point too), and match the PocketBase schema and pre-set prompts to your application.</p>
<h2 id='a-seedling-of-a-client' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#a-seedling-of-a-client' aria-label='Anchor'></a><span class='plain-code'>A seedling of a client</span></h2>
<p>With the image description service in place, the user can talk to it with any client that speaks the PocketBase API. PocketBase already has SDK clients in JavaScript and Dart, but because my screen reader is <a href='https://github.com/nvaccess/nvda' title=''>written in Python</a>, I went with a <a href='https://pypi.org/project/pocketbase/' title=''>community-created Python library</a>. That way I can build this out into an NVDA add-on
if I want to.</p>
<p>If you&rsquo;re a fancy Python developer, you probably have your preferred tooling for
handling virtualenvs and friends. I&rsquo;m not, and since my screen reader doesn&rsquo;t use those
anyway, I just <code>pip install</code>ed the library so my client can import it:</p>
<div class="highlight-wrapper group relative cmd">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-rgh35fwn"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight cmd'><code id="code-rgh35fwn">pip install pocketbase
</code></pre>
</div>
</div>
<p><a href='https://github.com/superfly/llm-describer/blob/main/__init__.py' title=''>My client</a> is a very simple script.
It expects a couple of things: a file called <code>image.jpg</code>, located in the current directory,
and environment variables to provide the service URL and user credentials to log into it with.</p>
<p>When you run the client script, it uploads the image to the user’s <code>images</code> collection on the
backend app, starting the back-and-forth between user and model we saw in the previous section.
The client prints the model&rsquo;s output to the CLI and prompts the user to input a followup question,
which it passes up to the <code>followups</code> collection, and so on.</p>
<figure class="post-cta">
<figcaption>
<h1>This can run on Fly.io.</h1>
<p>Run your LLM on a datacenter-grade GPU.</p>
<a class="btn btn-lg" href="https://fly.io/gpu/">
Try out a Fly GPU &nbsp;<span class='opacity-50'>→</span>
</a>
</figcaption>
<div class="image-container">
<img src="/static/images/cta-dog.webp" srcset="/static/images/[email protected] 2x" alt="">
</div>
</figure>
<h2 id='all-together-now' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#all-together-now' aria-label='Anchor'></a><span class='plain-code'>All together now</span></h2>
<p>I grabbed <a href='https://unsplash.com/photos/brown-trees-beside-river-under-blue-sky-during-daytime-kSvpTrfhaiU' title=''>this
image</a>
and saved it to a file called <em>image.jpg</em>. </p>
<p>While I knew I was downloading an image of a winter scene, all I see on Unsplash is:</p>
<blockquote>
<p>brown trees beside river under blue sky during daytime Bright winter landscape
with lake, snow, forest, beautiful blue sky and white clouds. An example of
charming wildlife in Russia.</p>
</blockquote>
<p>Let&rsquo;s see what our very own AI describer thinks of this picture:</p>
<div class="highlight-wrapper group relative plain">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-4bvdtqnv"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-4bvdtqnv">$ python __init__.py
The image depicts a serene winter scene. There is a small stream of water flowing through the center, with patches of snow on its surface and along the banks. The surrounding area appears to be a mix of bare trees and shrubs, suggesting it's late in the season or possibly early spring when some plants have started to grow again but haven't yet leafed out.
The sky is clear and blue, indicating good weather conditions at the time the photo was taken. The sunlight seems to be coming from the left side of the image, casting a warm glow on the scene and creating reflections in the water. There are no visible texts or distinguishing marks that provide additional context about the location or the photographer.
The overall atmosphere is peaceful and natural, with the quiet beauty of the landscape undisturbed except for the gentle movement of the stream.
</code></pre>
</div>
</div>
<p>Is it a stellar description? Maybe not, but it certainly gives me a better sense of connection with the scene.</p>
<p>Let&rsquo;s see how our describer copes with a followup question.</p>
<div class="highlight-wrapper group relative plain">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-1x1pz9x9"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-1x1pz9x9">Enter your followup question, or 'quit' to quit: What types of trees are in the image?
Sending followup question
It's difficult to determine the exact species of trees in the image without more specific details, as many deciduous trees lose their leaves during winter and look quite similar. However, based on the general appearance of the bare branches and the fact that they are leafless, it is likely that these are common deciduous trees such as oaks, maples, or elms.
The presence of snow and the absence of foliage suggest that this photo was taken during winter or early spring when the trees have not yet started to bloom again. The exact species would require a closer examination of the bark, buds, and other distinguishing features, which are not clearly visible in this image.
</code></pre>
</div>
</div>
<p>Boo, the general-purpose LLaVA model couldn&rsquo;t identify the leafless trees. At least it knows why it can&rsquo;t. Maybe there&rsquo;s a better model out
there for that. Or we could train one, if we really needed tree identification! We could make every component of
this service more sophisticated! </p>
<p>But that I, personally, can make a proof of concept like this with a few days of effort
continues to boggle my mind. Thanks to a handful of amazing open source projects, it&rsquo;s really, spookily, easy. And from here, I (or you) can build out a screen-reader addon, or a mobile app, or a different kind of AI service, with modular changes.</p>
<h2 id='deployment-notes' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#deployment-notes' aria-label='Anchor'></a><span class='plain-code'>Deployment notes</span></h2>
<p>On Fly.io, stopping GPU Machines saves you a bunch of money and some carbon footprint, in return for cold-start latency when you make a request for the first time in more than a few minutes. In testing this project, on the <code>a100-40gb</code> Fly Machine preset, the 34b-parameter LLaVA model took several seconds to generate each response. If the Machine was stopped when the request came in, starting it up took another handful of seconds, followed by several tens of seconds to load the model into GPU RAM. The total time from cold start to completed description was about 45 seconds. Just something to keep in mind.</p>
<p>If you&rsquo;re running Ollama in the cloud, you likely want to put the model onto storage that&rsquo;s persistent, so you don&rsquo;t have to download it repeatedly. You could also build the model into a Docker image ahead of deployment.</p>
<p>The PocketBase Golang app compiles to a single executable that you can run wherever.
I run it on Fly.io, unsurprisingly, and the <a href='https://github.com/superfly/llm-describer/' title=''>repo</a> comes with a Dockerfile and a <a href='https://fly.io/docs/reference/configuration/' title=''><code>fly.toml</code></a> config file, which you can edit to point at your own Ollama instance. It uses a small persistent storage volume for the SQLite database. Under testing, it runs fine on a <code>shared-cpu-1x</code> Machine. </p></content>
</entry>
<entry>
<title>JIT WireGuard</title>
<link rel="alternate" href="https://fly.io/blog/jit-wireguard-peers/"/>
<id>https://fly.io/blog/jit-wireguard-peers/</id>
<published>2024-03-12T00:00:00+00:00</published>
<updated>2024-05-23T20:00:21+00:00</updated>
<media:thumbnail url="https://fly.io/blog/jit-wireguard-peers/assets/network-thumbnail.webp"/>
<content type="html"><div class="lead"><p>We’re Fly.io and we transmute containers into VMs, running them on our hardware around the world with the power of Firecracker alchemy. We do a lot of stuff with WireGuard, which has become a part of our customer API. This is a quick story about some tricks we played to make WireGuard faster and more scalable for the hundreds of thousands of people who now use it here.</p>
</div>
<p>One of many odd decisions we&rsquo;ve made at Fly.io is how we use WireGuard. It&rsquo;s not just that we use it in many places where other shops would use HTTPS and REST APIs. We&rsquo;ve gone a step beyond that: every time you run <code>flyctl</code>, our lovable, sprawling CLI, it conjures a TCP/IP stack out of thin air, with its own IPv6 address, and speaks directly to Fly Machines running on our networks.</p>
<p>There are plusses and minuses to this approach, which we talked about <a href='https://fly.io/blog/our-user-mode-wireguard-year/' title=''>in a blog post a couple years back</a>. Some things, like remote-operated Docker builders, get easier to express (a Fly Machine, as far as <code>flyctl</code> is concerned, might as well be on the same LAN). But everything generally gets trickier to keep running reliably.</p>
<p>It was a decision. We own it.</p>
<p>Anyways, we&rsquo;ve made some improvements recently, and I&rsquo;d like to talk about them.</p>
<h2 id='where-we-left-off' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#where-we-left-off' aria-label='Anchor'></a><span class='plain-code'>Where we left off</span></h2>
<p>Until a few weeks ago, our gateways ran on a pretty simple system.</p>
<ol>
<li>We operate dozens of &ldquo;gateway&rdquo; servers around the world, whose sole purpose is to accept incoming WireGuard connections and connect them to the appropriate private networks.
</li><li>Any time you run <code>flyctl</code> and it needs to talk to a Fly Machine (to build a container, pop an SSH console, copy files, or proxy to a service you&rsquo;re running), it spawns or connects to a background agent process.
</li><li>The first time it runs, the agent generates a new WireGuard peer configuration from our GraphQL API. WireGuard peer configurations are very simple: just a public key and an address to connect to.
</li><li>Our API in turn takes that peer configuration and sends it to the appropriate gateway (say, <code>ord</code>, if you&rsquo;re near Chicago) via an RPC we send over the NATS messaging system.
</li><li>On the gateway, a service called <code>wggwd</code> accepts that configuration, saves it to a SQLite database, and adds it to the kernel using WireGuard&rsquo;s Golang libraries. <code>wggwd</code> acknowledges the installation of the peer to the API.
</li><li>The API replies to your GraphQL request, with the configuration.
</li><li>Your <code>flyctl</code> connects to the WireGuard peer, which works, because you receiving the configuration means it’s installed on the gateway.
</li></ol>
<p>I copy-pasted those last two bullet points from <a href='https://fly.io/blog/our-user-mode-wireguard-year/' title=''>that two-year-old post</a>, because when it works, it does <em>just work</em> reasonably well. (We ultimately did end up defaulting everybody to WireGuard-over-WebSockets, though.)</p>
<p>But if it always worked, we wouldn&rsquo;t be here, would we?</p>
<p>We ran into two annoying problems:</p>
<p>One: NATS is fast, but doesn’t guarantee delivery. Back in 2022, Fly.io was pretty big on NATS internally. We&rsquo;ve moved away from it. For instance, our <a href='https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/' title=''>internal <code>flyd</code> API</a> used to be driven by NATS; today, it&rsquo;s HTTP. Our NATS cluster was losing too many messages to host a reliable API on it. Scaling back our use of NATS made WireGuard gateways better, but still not great.</p>
<p>Two: When <code>flyctl</code> exits, the WireGuard peer it created sticks around on the gateway. Nothing cleans up old peers. After all, you&rsquo;re likely going to come back tomorrow and deploy a new version of your app, or <code>fly ssh console</code> into it to debug something. Why remove a peer just to re-add it the next day?</p>
<p>Unfortunately, the vast majority of peers are created by <code>flyctl</code> in CI jobs, which don&rsquo;t have persistent storage and can&rsquo;t reconnect to the same peer the next run; they generate new peers every time, no matter what.</p>
<p>So, we ended up with a not-reliable-enough provisioning system, and gateways with hundreds of thousands of peers that will never be used again. The high stale peer count made kernel WireGuard operations very slow - especially loading all the peers back into the kernel after a gateway server reboot - as well as some kernel panics.</p>
<p>There had to be</p>
<h2 id='a-better-way' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#a-better-way' aria-label='Anchor'></a><span class='plain-code'>A better way.</span></h2>
<p>Storing bajillions of WireGuard peers is no big challenge for any serious n-tier RDBMS. This isn&rsquo;t &ldquo;big data&rdquo;. The problem we have at Fly.io is that our gateways don&rsquo;t have serious n-tier RDBMSs. They&rsquo;re small. Scrappy. They live off the land.</p>
<p>Seriously, though: you could store every WireGuard peer everybody has ever used at Fly.io in a single SQLite database, easily. What you can&rsquo;t do is store them all in the Linux kernel.</p>
<p>So, at some point, as you push more and more peer configurations to a gateway, you have to start making decisions about which peers you&rsquo;ll enable in the kernel, and which you won&rsquo;t.</p>
<p>Wouldn&rsquo;t it be nice if we just didn&rsquo;t have this problem? What if, instead of pushing configs to gateways, we had the gateways pull them from our API on demand?</p>
<p>If you did that, peers would only have to be added to the kernel when the client wanted to connect. You could yeet them out of the kernel any time you wanted; the next time the client connected, they&rsquo;d just get pulled again, and everything would work fine.</p>
<p>The problem you quickly run into to build this design is that Linux kernel WireGuard doesn&rsquo;t have a feature for installing peers on demand. However:</p>
<h2 id='it-is-possible-to-jit-wireguard-peers' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#it-is-possible-to-jit-wireguard-peers' aria-label='Anchor'></a><span class='plain-code'>It is possible to JIT WireGuard peers</span></h2>
<p>The Linux kernel&rsquo;s <a href='https://github.com/WireGuard/wgctrl-go' title=''>interface for configuring WireGuard</a> is <a href='https://docs.kernel.org/userspace-api/netlink/intro.html' title=''>Netlink</a> (which is basically a way to create a userland socket to talk to a kernel service). Here&rsquo;s a <a href='https://github.com/WireGuard/wg-dynamic/blob/master/netlink.h' title=''>summary of it as a C API</a>. Note that there&rsquo;s no API call to subscribe for &ldquo;incoming connection attempt&rdquo; events.</p>
<p>That&rsquo;s OK! We can just make our own events. WireGuard connection requests are packets, and they&rsquo;re easily identifiable, so we can efficiently snatch them with a BPF filter and a <a href='https://github.com/google/gopacket' title=''>packet socket</a>.</p>
<div class="callout"><p>Most of the time, it’s even easier for us to get the raw WireGuard packets, because our users now default to WebSockets WireGuard (which is just an unauthenticated WebSockets connect that shuttles framed UDP packets to and from an interface on the gateway), so that people who have trouble talking end-to-end in UDP can bring connections up.</p>
</div>
<p>We own the daemon code for that, and can just hook the packet receive function to snarf WireGuard packets.</p>
<p>It&rsquo;s not obvious, but WireGuard doesn&rsquo;t have notions of &ldquo;client&rdquo; or &ldquo;server&rdquo;. It&rsquo;s a pure point-to-point protocol; peers connect to each other when they have traffic to send. The first peer to connect is called the <strong class='font-semibold text-navy-950'>initiator</strong>, and the peer it connects to is the <strong class='font-semibold text-navy-950'>responder</strong>.</p>
<div class="right-sidenote"><p><a href="https://www.wireguard.com/papers/wireguard.pdf" title=""><em>The WireGuard paper</em></a> <em>is a good read.</em></p>
</div>
<p>For Fly.io, <code>flyctl</code> is typically our initiator, sending a single UDP packet to the gateway, which is the responder. According <a href='https://www.wireguard.com/papers/wireguard.pdf' title=''>to the WireGuard paper</a>, this first packet is a <code>handshake initiation</code>. It gets better: the packet type is recorded in a single plaintext byte. So this simple BPF filter catches all the incoming connections: <code>udp and dst port 51820 and udp[8] = 1</code>.</p>
<p>In most other protocols, we&rsquo;d be done at this point; we&rsquo;d just scrape the username or whatnot out of the packet, go fetch the matching configuration, and install it in the kernel. With WireGuard, not so fast. WireGuard is based on Trevor Perrin&rsquo;s <a href='http://www.noiseprotocol.org/' title=''>Noise Protocol Framework</a>, and Noise goes way out of its way to <a href='http://www.noiseprotocol.org/noise.html#identity-hiding' title=''>hide identities</a> during handshakes. To identify incoming requests, we&rsquo;ll need to run enough Noise cryptography to decrypt the identity.</p>
<p>The code to do this is fussy, but it&rsquo;s relatively short (about 200 lines). Helpfully, the kernel Netlink interface will give a privileged process the private key for an interface, so the secrets we need to unwrap WireGuard are easy to get. Then it&rsquo;s just a matter of running the first bit of the Noise handshake. If you&rsquo;re that kind of nerdy, <a href='https://gist.github.com/tqbf/9f2c2852e976e6566f962d9bca83062b' title=''>here&rsquo;s the code.</a></p>
<p>At this point, we have the event feed we wanted: the public keys of every user trying to make a WireGuard connection to our gateways. We keep a rate-limited cache in SQLite, and when we see new peers, we&rsquo;ll make an internal HTTP API request to fetch the matching peer information and install it. This fits nicely into the little daemon that already runs on our gateways to manage WireGuard, and allows us to ruthlessly and recklessly remove stale peers with a <code>cron</code> job.</p>
<p>But wait! There&rsquo;s more! We bounced this plan off Jason Donenfeld, and he tipped us off on a sneaky feature of the Linux WireGuard Netlink interface.</p>
<div class="right-sidenote"><p>Jason is the hardest working person in show business.</p>
</div>
<p>Our API fetch for new peers is generally not going to be fast enough to respond to the first handshake initiation message a new client sends us. That&rsquo;s OK; WireGuard is pretty fast about retrying. But we can do better.</p>
<p>When we get an incoming initiation message, we have the 4-tuple address of the desired connection, including the ephemeral source port <code>flyctl</code> is using. We can install the peer as if we&rsquo;re the initiator, and <code>flyctl</code> is the responder. The Linux kernel will initiate a WireGuard connection back to <code>flyctl</code>. This works; the protocol doesn&rsquo;t care a whole lot who&rsquo;s the server and who&rsquo;s the client. We get new connections established about as fast as they can possibly be installed.</p>
<figure class="post-cta">
<figcaption>
<h1>Launch an app in minutes</h1>
<p>Speedrun an app onto Fly.io and get your own JIT WireGuard peer&nbsp✨</p>
<a class="btn btn-lg" href="/docs/speedrun/">
Speedrun &nbsp;<span class='opacity-50'>→</span>
</a>
</figcaption>
<div class="image-container">
<img src="/static/images/cta-cat.webp" srcset="/static/images/[email protected] 2x" alt="">
</div>
</figure>
<h2 id='look-at-this-graph' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#look-at-this-graph' aria-label='Anchor'></a><span class='plain-code'>Look at this graph</span></h2>
<p>We&rsquo;ve been running this in production for a few weeks and we&rsquo;re feeling pretty happy about it. We went from thousands, or hundreds of thousands, of stale WireGuard peers on a gateway to what rounds to none. Gateways now hold a lot less state, are faster at setting up peers, and can be rebooted without having to wait for many unused peers to be loaded back into the kernel.</p>
<p>I&rsquo;ll leave you with this happy Grafana chart from the day of the switchover.</p>
<p><img alt="a Grafana chart of &#39;kernel_stale_wg_peer_count&#39; vs. time. For the first few hours, all traces are flat. Most are at values between 0 and 50,000 and the top-most is just under 550,000. Towards the end of the graph, each line in turn jumps sharply down to the bottom, and at the end of the chart all datapoints are indistinguishable from 0." src="/blog/jit-wireguard-peers/assets/wireguard-peers-graph.webp" /></p>
<p><strong class='font-semibold text-navy-950'>Editor&rsquo;s note:</strong> Despite our tearful protests, Lillian has decided to move on from Fly.io to explore new pursuits. We wish her much success and happiness!&nbsp;✨</p></content>
</entry>
<entry>
<title>Fly Kubernetes does more now</title>
<link rel="alternate" href="https://fly.io/blog/fks-beta-live/"/>
<id>https://fly.io/blog/fks-beta-live/</id>
<published>2024-03-07T00:00:00+00:00</published>
<updated>2024-04-24T22:38:38+00:00</updated>
<media:thumbnail url="https://fly.io/blog/fks-beta-live/assets/fks-thumb.webp"/>
<content type="html"><div class="lead"><p>Eons ago, we <a href="https://fly.io/blog/fks/" title="">announced</a> we were working on <a href="https://fly.io/docs/kubernetes/" title="">Fly Kubernetes</a>. It drummed up enough excitement to prove we were heading in the right direction. So, we got hard to work to get from barebones “early access” to a beta release. We’ll be onboarding customers to the closed beta over the next few weeks. Email us at <a href="mailto:[email protected]">[email protected]</a> and we’ll hook you up.</p>
</div>
<p>Fly Kubernetes is the &ldquo;blessed path&quot;™️ to using Kubernetes backed by Fly.io infrastructure. Or, in simpler terms, it is our managed Kubernetes service. We take care of the complexity of operating the Kubernetes control plane, leaving you with the unfettered joy of deploying your Kubernetes workloads. If you love Fly.io and K8s, this product is for you.</p>
<h2 id='what-even-is-a-kubernete' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#what-even-is-a-kubernete' aria-label='Anchor'></a><span class='plain-code'>What even is a Kubernete?</span></h2>
<p>So how did this all come to be&mdash;and what even is a Kubernete?</p>
<div class="right-sidenote"><p>You can see more fun details in <a href="https://fly.io/blog/fks/" title="">Introducing Fly Kubernetes</a>.</p>
</div>
<p>If you wade through all the YAML and <a href='https://landscape.cncf.io/' title=''>CNCF projects</a>, what&rsquo;s left is an API for declaring workloads and how it should be accessed. </p>
<p>But that&rsquo;s not what people usually talk / groan about. It&rsquo;s everything else that comes along with adopting Kubernetes: a container runtime (CRI), networking between workloads (CNI) which leads to DNS (CoreDNS). Then you layer on Prometheus for metrics and whatever the logging daemon du jour is at the time. Now you get to debate which Ingress&mdash;strike that&mdash;<em>Gateway</em> API to deploy and if the next thing is anything to do with a Service Mess, then as they like to say where I live, &quot;bless your heart&rdquo;.</p>
<p>Finally, there&rsquo;s capacity planning. You&rsquo;ve got to pick and choose where, how and what the <a href='https://kubernetes.io/docs/concepts/architecture/nodes/' title=''>Nodes</a> will look like in order to configure and run the workloads.</p>
<p>When we began thinking about what a Fly Kubernetes Service could look like, we started from first principles, as we do with most everything here. The best way we can describe it is the <a href='https://www.youtube.com/watch?v=Ddk9ci6geSs' title=''>scene from Iron Man 2 when Tony Stark discovers a new element</a>. As he&rsquo;s looking at the knowledge left behind by those that came before, he starts to imagine something entirely different and more capable than could have been accomplished previously. That&rsquo;s what happened to JP, but with K3s and Virtual Kubelet.</p>
<h2 id='ok-then-wtf-whats-the-fks' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#ok-then-wtf-whats-the-fks' aria-label='Anchor'></a><span class='plain-code'>OK then, WTF (what&rsquo;s the FKS)?</span></h2>
<p>We looked at what people need to get started—the API—and then started peeling away all the noise, filling in the gaps to connect things together to provide the power. Here&rsquo;s how this looks currently:</p>
<ul>
<li>Containerd/CRI → <a href='https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/' title=''>flyd</a> + Firecracker + <a href='https://fly.io/blog/docker-without-docker/' title=''>our init</a>: our system transmogrifies Docker containers into Firecracker microVMs
</li><li>Networking/CNI → Our <a href='https://fly.io/blog/ipv6-wireguard-peering/' title=''>internal WireGuard mesh</a> connects your pods together
</li><li>Pods → Fly Machines VMs
</li><li>Secrets → Secrets, only not the base64&rsquo;d kind
</li><li>Services → The Fly Proxy
</li><li>CoreDNS → CoreDNS (to be replaced with our custom internal DNS)
</li><li>Persistent Volumes → Fly Volumes (coming soon)
</li></ul>
<p>Now&hellip;not everything is a one-to-one comparison, and we explicitly did not set out to support any and every configuration. We aren&rsquo;t dealing with resources like Network Policy and init containers, though we&rsquo;re also not completely ignoring them. By mapping many of the core primitives of Kubernetes to a Fly.io resource, we&rsquo;re able to focus on continuing to build the primitives that make our cloud better for workloads of all shapes and sizes.</p>
<p>A key thing to notice above is that there&rsquo;s no &ldquo;Node&rdquo;.</p>
<p><a href='https://virtual-kubelet.io/' title=''>Virtual Kubelet</a> plays a central role in FKS. It&rsquo;s magic, really. A Virtual Kubelet acts as if it&rsquo;s a standard Kubelet running on a Node, eager to run your workloads. However, there&rsquo;s no Node backing it. It instead behaves like an API, receiving requests from Kubernetes and transforming them into requests to deploy on a cloud compute service. In our case, that&rsquo;s Fly Machines.</p>
<p>So what we have is Kubernetes calling out to our <a href='https://virtual-kubelet.io/docs/providers/' title=''>Virtual Kubelet provider</a>, a small Golang program we run alongside K3s, to create and run your pod. It creates <a href='https://fly.io/blog/docker-without-docker/' title=''>your pod as a Fly Machine</a>, via the <a href='/docs/machines/api/' title=''>Fly Machines API</a>, deploying it to any underlying host within that region. This shifts the burden of managing hardware capacity from you to us. We think that&rsquo;s a cool trick&mdash;thanks, Virtual Kubelet magic!</p>
<h2 id='speedrun' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#speedrun' aria-label='Anchor'></a><span class='plain-code'>Speedrun</span></h2>
<p>You can deploy your workloads (including GPUs) across any of our available regions using the Kubernetes API.</p>
<p>You create a cluster with <code>flyctl</code>:</p>
<div class="highlight-wrapper group relative cmd">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-fnxi6rft"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight cmd'><code id="code-fnxi6rft">fly ext k8s create --name hello --org personal --region iad
</code></pre>
</div>
</div>
<p>When a cluster is created, it has the standard <code>default</code> namespace. You can inspect it:</p>
<div class="highlight-wrapper group relative cmd">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-92wwv6kq"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight cmd'><code id="code-92wwv6kq">kubectl get ns default --show-labels
</code></pre>
</div>
</div><div class="highlight-wrapper group relative output">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-mk490mip"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight output whitespace-pre'><code id="code-mk490mip">NAME STATUS AGE LABELS
default Active 20d fly.io/app=fks-default-7zyjm3ovpdxmd0ep,kubernetes.io/metadata.name=default
</code></pre>
</div>
</div>
<p>The <code>fly.io/app</code> label shows the name of the Fly App that corresponds to your cluster.</p>
<p>It would seem appropriate to deploy the <a href='https://github.com/kubernetes-up-and-running/kuard' title=''>Kubernetes Up And Running demo</a> here, but since your pods are connected over an <a href='https://fly.io/blog/ipv6-wireguard-peering/' title=''>IPv6 WireGuard mesh</a>, we&rsquo;re going to use a <a href='https://github.com/jipperinbham/kuard' title=''>fork</a> with support for <a href='https://github.com/kubernetes-up-and-running/kuard/issues/46' title=''>IPv6 DNS</a>.</p>
<div class="highlight-wrapper group relative cmd">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-7qz94xki"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight cmd'><code id="code-7qz94xki">kubectl run \
--image=ghcr.io/jipperinbham/kuard-amd64:blue \
--labels="app=kuard-fks" \
kuard
</code></pre>
</div>
</div>
<p>And you can see its Machine representation via:</p>
<div class="highlight-wrapper group relative cmd">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-1wk7f1q0"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight cmd'><code id="code-1wk7f1q0">fly machine list --app fks-default-7zyjm3ovpdxmd0ep
</code></pre>
</div>
</div><div class="highlight-wrapper group relative output">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-7rbzov1i"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight output whitespace-pre'><code id="code-7rbzov1i">ID NAME STATE REGION IMAGE IP ADDRESS VOLUME CREATED LAST UPDATED APP PLATFORM PROCESS GROUP SIZE
1852291c46ded8 kuard started iad jipperinbham/kuard-amd64:blue fdaa:0:48c8:a7b:228:4b6d:6e20:2 2024-03-05T18:54:41Z 2024-03-05T18:54:44Z shared-cpu-1x:256MB
</code></pre>
</div>
</div>
<p></div></p>
<p>This is important! Your pod is a Fly Machine! While we don’t yet support all kubectl features, Fly.io tooling will &ldquo;just work&rdquo; for cases where we don&rsquo;t yet support the kubectl way. So, for example, we don&rsquo;t have <code>kubectl port-forward</code> and <code>kubectl exec</code>, but you can use flyctl to forward ports and get a shell into a pod.</p>
<p>Expose it to your internal network using the standard ClusterIP Service:</p>
<div class="highlight-wrapper group relative cmd">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-1sjiwcq9"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight cmd'><code id="code-1sjiwcq9">kubectl expose pod kuard \
--name=kuard \
--port=8080 \
--target-port=8080 \
--selector='app=kuard-fks'
</code></pre>
</div>
</div>
<p>ClusterIP Services work natively, and Fly.io internal DNS supports them. Within the cluster, CoreDNS works too.</p>
<p>Access this Service locally via <a href='https://fly.io/docs/networking/private-networking/#flycast-private-load-balancing' title=''>flycast</a>: Get connected to your org&rsquo;s <a href='https://fly.io/docs/networking/private-networking/' title=''>6PN private WireGuard network</a>. Get kubectl to describe the <code>kuard</code> Service:</p>
<div class="highlight-wrapper group relative cmd">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-hy5q54ru"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight cmd'><code id="code-hy5q54ru">kubectl describe svc kuard
</code></pre>
</div>
</div><div class="highlight-wrapper group relative output">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-a8mzw85a"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight output'><code id="code-a8mzw85a">Name: kuard
Namespace: default
Labels: app=kuard-fks
Annotations: fly.io/clusterip-allocator: configured
service.fly.io/sync-version: 11507529969321451315
Selector: app=kuard-fks
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv6
IP: fdaa:0:48c8:0:1::1a
IPs: fdaa:0:48c8:0:1::1a
Port: &lt;unset&gt; 8080/TCP
TargetPort: 8080/TCP
Endpoints: [fdaa:0:48c8:a7b:228:4b6d:6e20:2]:8080
Session Affinity: None
Events: &lt;none&gt;
</code></pre>
</div>
</div>
<p>You can pull out the Service&rsquo;s IP address from the above output, and get at the KUARD UI using that: in this case, <code>http://[fdaa:0:48c8:0:1::1a]:8080</code>. </p>
<p>Using internal DNS: <code>http://&lt;service_name&gt;.svc.&lt;app_name&gt;.flycast:8080</code>. Or, in our example: <code>http://kuard.svc.fks-default-7zyjm3ovpdxmd0ep.flycast:8080</code>.</p>
<p>And finally CoreDNS: <code>&lt;service_name&gt;.&lt;namespace&gt;.svc.cluster.local</code> resolves to the <code>fdaa</code> IP and is routable within the cluster.</p>
<figure class="post-cta">
<figcaption>
<h1>Get in on the FKS beta</h1>
<p>Email us at [email protected]</p>
</figcaption>
<div class="image-container">
<img src="/static/images/cta-cat.webp" srcset="/static/images/[email protected] 2x" alt="">
</div>
</figure>
<h2 id='pricing' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#pricing' aria-label='Anchor'></a><span class='plain-code'>Pricing</span></h2>
<p>The Fly Kubernetes Service is free during the beta. Fly Machines and Fly Volumes you create with it will cost the <a href='https://fly.io/docs/about/pricing/' title=''>same as for your other Fly.io projects</a>. It&rsquo;ll be <a href='https://fly.io/docs/about/pricing/#fly-kubernetes' title=''>$75/mo per cluster</a> after that, plus the cost of the other resources you create.</p>
<h2 id='today-and-the-future' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#today-and-the-future' aria-label='Anchor'></a><span class='plain-code'>Today and the future</span></h2>
<p>Today, Fly Kubernetes supports only a portion of the Kubernetes API. You can deploy pods using Deployments/ReplicaSets. Pods are able to communicate via Services using the standard K8s DNS format. Ephemeral and persistent volumes are supported.</p>
<p>The most notable absences are: multi-container pods, StatefulSets, network policies, horizontal pod autoscaling and emptyDir volumes. We&rsquo;re working at supporting autoscaling and emptyDir volumes in the coming weeks and multi-container pods in the coming months.</p>
<p>If you&rsquo;ve made it this far and are eagerly awaiting your chance to tell us and the rest of the internet &ldquo;this isn&rsquo;t Kubernetes!&rdquo;, well, we agree! It&rsquo;s not something we take lightly. We&rsquo;re still building, and conformance tests may be in the future for FKS. We&rsquo;ve made a deliberate decision to only care about fast launching VMs as the one and only way to run workloads on our cloud. And we also know enough of our customers would like to use the Kubernetes API to create a fast launching VM in the form of a Pod, and that&rsquo;s where this story begins. </p></content>
</entry>
<entry>
<title>Globally Distributed Object Storage with Tigris</title>
<link rel="alternate" href="https://fly.io/blog/tigris-public-beta/"/>
<id>https://fly.io/blog/tigris-public-beta/</id>
<published>2024-02-15T00:00:00+00:00</published>
<updated>2024-04-24T22:38:38+00:00</updated>
<media:thumbnail url="https://fly.io/blog/tigris-public-beta/assets/tigris-public-beta-thumb.webp"/>
<content type="html"><div class="lead"><p>We’re Fly.io and we transmute containers into VMs, running them on our hardware around the world with the power of Firecracker alchemy. That’s pretty cool, but we want to talk about something someone else built, that <a href="https://fly.io/docs/reference/tigris/" title="">you can use today</a> to build applications.</p>
</div>
<p>There are three hard things in computer science:</p>
<ol>
<li>Cache invalidation
</li><li>Naming things
</li><li><a href='https://aws.amazon.com/s3/' title=''>Doing a better job than Amazon of storing files</a>
</li></ol>
<p>Of all the annoying software problems that have no business being annoying, handling a file upload in a full-stack application stands apart, a universal if tractable malady, the plantar fasciitis of programming.</p>
<p>Now, the actual act of clients placing files on servers is straightforward. Your framework <a href='https://hexdocs.pm/phoenix/file_uploads.html' title=''>has</a> <a href='https://edgeguides.rubyonrails.org/active_storage_overview.html' title=''>a</a> <a href='https://docs.djangoproject.com/en/5.0/topics/http/file-uploads/' title=''>feature</a> <a href='https://expressjs.com/en/resources/middleware/multer.html' title=''>that</a> <a href='https://github.com/yesodweb/yesod-cookbook/blob/master/cookbook/Cookbook-file-upload-saving-files-to-server.md' title=''>does</a> <a href='https://laravel.com/docs/10.x/filesystem' title=''>it</a>. What&rsquo;s hard is making sure that uploads stick around to be downloaded later.</p>
<aside class="right-sidenote"><p>(yes, yes, we know, <a href="https://youtu.be/b2F-DItXtZs?t=102" title="">sharding /dev/null</a> is faster)</p>
</aside>
<p>Enter object storage, a pattern you may know by its colloquial name &ldquo;S3&rdquo;. Object storage occupies a funny place in software architecture, somewhere between a database and a filesystem. It&rsquo;s like <a href='https://man7.org/linux/man-pages/man3/malloc.3.html' title=''><code>malloc</code></a><code>()</code>, but for cloud storage instead of program memory.</p>
<p><a href='https://www.kleenex.com/en-us/' title=''>S3</a>—err, object storage — is so important that it was the second AWS service ever introduced (EC2 was not the first!). Everybody wants it. We know, because they keep asking us for it.</p>
<p>So why didn&rsquo;t we build it?</p>
<p>Because we couldn&rsquo;t figure out a way to improve on S3. And we still haven&rsquo;t! But someone else did, at least for the kinds of applications we see on Fly.io.</p>
<h2 id='but-first-some-back-story' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-first-some-back-story' aria-label='Anchor'></a><span class='plain-code'>But First, Some Back Story</span></h2>
<p>S3 checks all the boxes. It&rsquo;s trivial to use. It&rsquo;s efficient and cost-effective. It has redundancies that would make a DoD contractor blush. It integrates with archival services like Glacier. And every framework supports it. At some point, the IETF should just take a deep sigh and write an S3 API RFC, XML signatures and all.</p>
<p>There&rsquo;s at least one catch, though.</p>
<p>Back in, like, &lsquo;07 people ran all their apps from a single city. S3 was designed to work for those kinds of apps. The data, the bytes on the disks (or whatever weird hyperputer AWS stores S3 bytes on), live in one place. A specific place. In a specific data center. As powerful and inspiring as The Architects are, they are mortals, and must obey the laws of physics.</p>
<p>This observation feels banal, until you realize how apps have changed in the last decade. Apps and their users don&rsquo;t live in one specific place. They live all over the world. When users are close to the S3 data center, things are amazing! But things get less amazing the further away you get from the data center, and even less amazing the smaller and more frequent your reads and writes are.</p>
<p>(Thought experiment: you have to pick one place in the world to route all your file storage. Where is it? Is it <a href='https://www.tripadvisor.com/Restaurant_Review-g30246-d1956555-Reviews-Ford_s_Fish_Shack_Ashburn-Ashburn_Loudoun_County_Virginia.html' title=''>Loudoun County, Virginia</a>?)</p>
<p>So, for many modern apps, you end up having to <a href='https://stackoverflow.com/questions/32426249/aws-s3-bucket-with-multiple-regions' title=''>write things into different regions</a>, so that people close to the data get it from a region-specific bucket. Doing that pulls in CDN-caching things that complicated your application and put barriers between you and your data. Before you know it, you&rsquo;re wearing custom orthotics on your, uh, developer feet. (<em>I am done with this metaphor now, I promise.</em>)</p>
<aside class="right-sidenote"><p>(well, okay, Backblaze B2 because somehow my bucket fits into their free tier, but you get the idea)</p>
</aside>
<p>Personally, I know this happens. Because I had to build one! I run a <a href='https://xeiaso.net/blog/xedn/' title=''>CDN backend</a> that&rsquo;s a caching proxy for S3 in six continents across the world. All so that I can deliver images and video efficiently for the readers of my blog.</p>
<aside class="right-sidenote"><p>(shut up, it’s a sandwich)</p>
</aside>
<p>What if data was really global? For some applications, it might not matter much. But for others, it matters a lot. When a sandwich lover in Australia snaps a picture of a <a href='https://en.wikipedia.org/wiki/Hamdog' title=''>hamdog</a>, the people most likely to want to see that photo are also in Australia. Routing those uploads and downloads through one building in Ashburn is no way to build a sandwich reviewing empire.</p>
<p>Localizing all the data sounds like a hard problem. What if you didn&rsquo;t need to change anything on your end to accomplish it?</p>
<h2 id='show-me-a-hero' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#show-me-a-hero' aria-label='Anchor'></a><span class='plain-code'>Show Me A Hero</span></h2>
<p>Building a miniature CDN infrastructure just to handle file uploads seems like the kind of thing that could take a week or so of tinkering. The Fly.io unified theory of cloud development is that solutions are completely viable for full-stack developers only when they take less than 2 hours to get working.</p>
<p>AWS agrees, which is why they have a SKU for it, <a href='https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution' title=''>called Cloudfront</a>, which will, at some variably metered expense, optimize the read side of a single-write-region bucket: they&rsquo;ll set up <a href='https://fly.io/blog/the-5-hour-content-delivery-network/' title=''>a simple caching CDN</a> for you. You can probably get S3 and Cloudfront working within 2 hours, especially if you&rsquo;ve set it up before.</p>
<p>Our friends at Tigris have this problem down to single-digit minutes, and what they came up with is a lot cooler than a cache CDN.</p>
<p>Here&rsquo;s how it works. Tigris runs redundant FoundationDB clusters in our regions to track objects. They use Fly.io&rsquo;s NVMe volumes as a first level of cached raw byte store, and a queuing system modelled on <a href='https://www.foundationdb.org/files/QuiCK.pdf' title=''>Apple&rsquo;s QuiCK paper</a> to distribute object data to multiple replicas, to regions where the data is in demand, and to 3rd party object stores… like S3.</p>
<p>If your objects are less than about 128 kilobytes, Tigris makes them instantly global. By default! Things are just snappy, all over the world, automatically, because they&rsquo;ve done all the work.</p>
<p>But it gets better, because Tigris is also much more flexible than a cache simple CDN. It&rsquo;s globally distributed from the jump, with inter-region routing baked into its distribution layer. Tigris isn&rsquo;t a CDN, but rather a toolset that you can use to build arbitrary CDNs, with consistency guarantees, instant purge and relay regions.</p>
<p>There&rsquo;s a lot going on in this architecture, and it&rsquo;d be fun to dig into it more. But for now, you don&rsquo;t have to understand any of it. Because Tigris ties all this stuff together with an S3-compatible object storage API. If your framework can talk to S3, it can use Tigris.</p>
<h2 id='fly-storage' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#fly-storage' aria-label='Anchor'></a><span class='plain-code'><code>fly storage</code></span></h2>
<p>To get started with this, run the <code>fly storage create</code> command:</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-rhojus0y"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-rhojus0y">$ fly storage create
Choose a name, use the default, or leave blank to generate one: xe-foo-images
Your Tigris project (xe-foo-images) is ready. See details and next steps with: https://fly.io/docs/reference/tigris/
Setting the following secrets on xe-foo:
AWS_REGION
BUCKET_NAME
AWS_ENDPOINT_URL_S3
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
Secrets are staged for the first deployment
</code></pre>
</div>
</div>
<p>All you have to do is fill in a bucket name. Hit enter. All of the configuration for the AWS S3 library will be injected into your application for you. And you don&rsquo;t even need to change the libraries that you&rsquo;re using. <a href='https://www.tigrisdata.com/docs/sdks/s3/' title=''>The Tigris examples</a> all use the AWS libraries to put and delete objects into Tigris using the same calls that you use for S3.</p>
<p>I know how this looks for a lot of you. It looks like we&rsquo;re partnering with Tigris because we&rsquo;re chicken, and we didn&rsquo;t want to build something like this. Well, guess what: you&rsquo;re right!</p>
<p>Compute and networking: those are things we love and understand. Object storage? <a href='https://fly.io/blog/the-5-hour-content-delivery-network/' title=''>We already gave away the game on how we&rsquo;d design a CDN for our own content</a>, and it wasn&rsquo;t nearly as slick as Tigris.</p>
<p>Object storage is important. It needs to be good. We did not want to half-ass it. So we partnered with Tigris, so that they can put their full resources into making object storage as ✨magical✨ as Fly.io is.</p>
<p>This also mirrors a lot of the Unix philosophy of Days Gone Past, you have individual parts that do one thing very well that are then chained together to create a composite result. I mean, come on, would you seriously want to buy your servers the same place you buy your shoes?</p>
<h2 id='one-bill-to-rule-them-all' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#one-bill-to-rule-them-all' aria-label='Anchor'></a><span class='plain-code'>One bill to rule them all</span></h2>
<p>Well, okay, the main reason why you would want to do that is because having everything under one bill makes it really easy for your accounting people. So, to make one bill for your computer, your block storage, your databases, your networking, and your object storage, we&rsquo;ve wrapped everything under one bill. You don&rsquo;t have to create separate accounts with Supabase or Upstash or PlanetScale or Tigris. Everything gets charged to your Fly.io bill and you pay one bill per month.</p>
<aside class="right-sidenote"><p>This was actually going to be posted on Valentine’s Day, but we had to wait for the chocolate to go on sale.</p>
</aside>
<p>This is our Valentine&rsquo;s Day gift to you all. Object storage that just works. Stay tuned because we have a couple exciting features that build on top of the integration of Fly.io and Tigris that allow really unique things, such as truly global static website hosting and turning your bucket into a CDN in 5 minutes at most.</p>
<p>Here&rsquo;s to many more happy developer days to come.</p></content>
</entry>
<entry>
<title>GPUs on Fly.io are available to everyone!</title>
<link rel="alternate" href="https://fly.io/blog/gpu-ga/"/>
<id>https://fly.io/blog/gpu-ga/</id>
<published>2024-02-12T00:00:00+00:00</published>
<updated>2024-04-24T22:38:38+00:00</updated>
<media:thumbnail url="https://fly.io/blog/gpu-ga/assets/gpu-ga-thumb.webp"/>
<content type="html"><div class="lead"><p>Fly.io makes it easy to spin up compute around the world, now including powerful GPUs. Unlock the power of large language models, text transcription, and image generation with our datacenter-grade muscle!</p>
</div>
<p>GPUs are now available to everyone!</p>
<p>We know you&rsquo;ve been excited about wanting to use GPUs on Fly.io and we&rsquo;re happy to announce that they&rsquo;re available for everyone. If you want, you can spin up GPU instances with any of the following cards:</p>
<ul>
<li>Ampere A100 (40GB) <code>a100-40gb</code>
</li><li>Ampere A100 (80GB) <code>a100-80gb</code>
</li><li>Lovelace L40s (48GB) <code>l40s</code>
</li></ul>
<p>To use a GPU instance today, change the <code>vm.size</code> for one of your apps or processes to any of the above GPU kinds. Here&rsquo;s how you can spin up an <a href='https://ollama.ai' title=''>Ollama</a> server in seconds:</p>
<div class="highlight-wrapper group relative toml">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-bcyvgy6u"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-bcyvgy6u"><span class="py">app</span> <span class="p">=</span> <span class="s">"your-app-name"</span>
<span class="py">region</span> <span class="p">=</span> <span class="s">"ord"</span>
<span class="py">vm.size</span> <span class="p">=</span> <span class="s">"l40s"</span>
<span class="nn">[http_service]</span>
<span class="py">internal_port</span> <span class="p">=</span> <span class="mi">11434</span>
<span class="py">force_https</span> <span class="p">=</span> <span class="kc">false</span>
<span class="py">auto_stop_machines</span> <span class="p">=</span> <span class="kc">true</span>
<span class="py">auto_start_machines</span> <span class="p">=</span> <span class="kc">true</span>
<span class="py">min_machines_running</span> <span class="p">=</span> <span class="mi">0</span>
<span class="py">processes</span> <span class="p">=</span> <span class="nn">["app"]</span>
<span class="nn">[build]</span>
<span class="py">image</span> <span class="p">=</span> <span class="s">"ollama/ollama"</span>
<span class="nn">[mounts]</span>
<span class="py">source</span> <span class="p">=</span> <span class="s">"models"</span>
<span class="py">destination</span> <span class="p">=</span> <span class="s">"/root/.ollama"</span>
<span class="py">initial_size</span> <span class="p">=</span> <span class="s">"100gb"</span>
</code></pre>
</div>
</div>
<p>Deploy this and bam, large language model inferencing from anywhere. If you want a private setup, see the article <a href='https://fly.io/blog/scaling-llm-ollama/' title=''>Scaling Large Language Models to zero with Ollama</a> for more information. You never know when you have a sandwich emergency and don&rsquo;t know what you can make with what you have on hand.</p>
<p>We are working on getting some lower-cost A10 GPUs in the next few weeks. We&rsquo;ll update you when they&rsquo;re ready.</p>
<p>If you want to explore the possibilities of GPUs on Fly.io, here&rsquo;s a few articles that may give you ideas:</p>
<ul>
<li><a href='https://fly.io/blog/not-midjourney-bot/' title=''>Deploy Your Own (Not) MidJourney Bot On Fly GPUs</a>
</li><li><a href='https://fly.io/blog/scaling-llm-ollama/' title=''>Scaling Large Language Models to zero with Ollama</a>
</li><li><a href='https://fly.io/blog/transcribing-on-fly-gpu-machines/' title=''>Transcribing on Fly GPU Machines</a>
</li></ul>
<p>Depending on factors such as your organization&rsquo;s age and payment history, you may need to go through additional verification steps.</p>
<p>If you&rsquo;ve been experimenting with Fly.io GPUs and have made something cool, let us know on the <a href='https://community.fly.io/' title=''>Community Forums</a> or by mentioning us <a href='https://hachyderm.io/@flydotio' title=''>on Mastodon</a>! We&rsquo;ll boost the cool ones.</p></content>
</entry>
</feed>
<?xml version="1.0" encoding="UTF-8"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:media="http://search.yahoo.com/mrss/">
<title>The Fly Blog</title>
<subtitle>News, tips, and tricks from the team at Fly</subtitle>
<id>https://fly.io/blog/</id>
<link href="https://fly.io/blog/"/>
<link href="https://fly.io/blog/" rel="self"/>
<updated>2026-03-10T00:00:00+00:00</updated>
<author>
<name>Fly</name>
</author>
<entry>
<title>Unfortunately, Sprites Now Speak MCP</title>
<link rel="alternate" href="https://fly.io/blog/unfortunately-mcp/"/>
<id>https://fly.io/blog/unfortunately-mcp/</id>
<published>2026-03-10T00:00:00+00:00</published>
<updated>2026-03-12T19:30:19+00:00</updated>
<media:thumbnail url="https://fly.io/blog/unfortunately-mcp/assets/whack.webp"/>
<content type="html"><div class="lead"><p>Sprites are disposable cloud computers. They appear instantly, always include durable filesystems, and cost practically nothing when idle. They’re the best and safest place on the Internet to run agents and we want you to <a href="https://sprites.dev/" title="">create dozens of them</a>.</p>
</div>
<p>Sprites are a place to run agents; the first thing you should think to do with a new Sprite is to type <code>claude</code> (or <code>gemini</code> or <code>codex</code>). We&rsquo;ve put a <a href='https://fly.io/blog/design-and-implementation/' title=''>lot of effort</a> into making sure coding agents feel safe and happy when they&rsquo;re on Sprites, because, to (probably) quote John von Neumann, &ldquo;happy agents are productive agents.&rdquo;</p>
<p>What&rsquo;s less obvious about Sprites is that they&rsquo;re great tools <em>for</em> agents. Want three different versions of a new feature? A test environment? An ensemble of cooperating services? It&rsquo;s super handy to be able to start your prompts, &ldquo;<code>On a new Sprite, do…</code>&rdquo;.</p>
<p>The Sprites API is simple, discoverable, and designed for this use case. It&rsquo;s just a question of how you choose to give your agent access to it. And now there&rsquo;s one more way: with MCP.</p>
<h2 id='we-did-this-because-your-agents-suck' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#we-did-this-because-your-agents-suck' aria-label='Anchor'></a><span class='plain-code'>We Did This Because Your Agents Suck</span></h2>
<p>This feature works well, but we&rsquo;re less than enthusiastic about it. Not as product developers, mind you. It&rsquo;s a good product! Just as aesthetes.</p>
<p>In 2026, MCP is the wrong way to extend the capabilities of an agent. The emerging Right Way to do this is command line tools and discoverable APIs.</p>
<p>When we plug an MCP into your agent, we&rsquo;re filling its context with tool descriptions, many of which you&rsquo;ll probably never use. Really, all your agent should need is a short sentence, like &ldquo;<code>Use this skill whenever users want to create a new VM to run a task on, or to manage the VMs already available.</code>&rdquo; The skill should take care of the rest.</p>
<p>CLI-driven agent skills are efficient because they reveal capabilities progressively. You can do CLI subcommands, like <code>sprite checkpoint</code> and <code>sprite exec</code>, or with API endpoints and subpaths. Good agent harnesses are uncanny at quickly working out how to use these things.</p>
<div class="right-sidenote"><p>You <em>are</em> using Playwright, right? “Make sure this web application actually works before you tell me you’re done”?</p>
</div>
<p>Take <a href='https://playwright.dev/' title=''>Playwright, the industry-standard browser automation tool</a>. Ask <code>claude</code> to install Playwright and Chrome and there&rsquo;s a coinflip chance it sets up the MCP server. But notice that when the coin comes up tails, Playwright still works. <code>claude</code> just drives it by writing little scripts. This is good! The models already know how to write little scripts without using up context.</p>
<p>And there&rsquo;s more at stake than just efficiency. Cramming your context full of MCP tool descriptions is a way of signaling to the model that those tools are important to you. But not every Sprite command is equally important in every setting. If you&rsquo;re not using network policies, you don&rsquo;t need <code>gemini</code> to waste a bunch of time setting them up for you.</p>
<p>Skills and APIs are the best way to drive Sprites. But to make that work, you need an agent that can run shell commands for itself. So you&rsquo;ll want to reach for MCP sessions when you&rsquo;re stuck with an agent that can&rsquo;t run commands. Thankfully, most of us aren&rsquo;t using those kinds of agents anymore. In <code>claude</code>, <code>gemini</code>, or <code>codex</code>, you should just show your agent the <code>sprite</code> CLI and let it impress you.</p>
<h2 id='sprites-dev-mcp' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#sprites-dev-mcp' aria-label='Anchor'></a><span class='plain-code'>sprites.dev/mcp</span></h2>
<p>Plug this URL into Claude Desktop, or any other agent tool that speaks MCP. You&rsquo;ll authenticate to one of your Fly.io organizations, and your agent will speak Sprites.</p>
<p>Then:</p>
<p><code>On a new Sprite, take this repository and reproduce this bug from issues/913, capturing logs.</code></p>
<p><code>On a new Sprite, benchmark this function across 1000 runs and summarize the results.</code></p>
<p><code>On a new Sprite, update all the dependencies on this project to their newest versions and test that everything works.</code></p>
<p><code>On 3 new Sprites, change this service to use each of these 3 query libraries, and use HTTP to test latency.</code></p>
<p><code>On a new Sprite, run this code with bpfwatch and show me what files it touches.</code></p>
<p><code>On a new Sprite, run a load generator against this endpoint for 60 seconds and report the results.</code></p>
<p><code>On a new Sprite, download this dataset and give me a Jupyter notebook to explore it in.</code></p>
<p><code>On a new Sprite, set up a webhook receiver and render a real-time web report of all the payloads it receives.</code></p>
<p>I don&rsquo;t know. You know your projects better than we do. Whatever. Sometimes you want a clean, cheap, disposable computer (or five of them). That&rsquo;s now an available feature of all your prompts. Find ways to apply it to your project, and we think you&rsquo;ll end up wondering where Sprites have been all your life.</p>
<div class="callout"><p>Some of you are thinking to yourself: “this feature is going to result in robots ruining my life”. We agree. So we’ve built in guardrails. When you authenticate, giving your agent access to a single specific organization on your Fly.io account, we’ll let you scope down the MCP session. You can cap the number of Sprites our MCP will create for you, and you can give them name prefixes so you can easily spot the robots and disassemble them.</p>
</div><h2 id='fuck-stateless-sandboxes' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#fuck-stateless-sandboxes' aria-label='Anchor'></a><span class='plain-code'>Fuck Stateless Sandboxes</span></h2>
<p>We&rsquo;ll keep saying this until our faces turn blue: the industry is stuck on &ldquo;sandboxes&rdquo; as a way of letting agents run code, and sandboxes aren&rsquo;t good enough anymore. What agents want is real computers, with real filesystems, connected to real networks, and there&rsquo;s no technical reason not to give them some.</p>
<p><a href='https://fly.io/blog/code-and-let-live/' title=''>We designed Sprites so that you can fearlessly create whole bunches of them</a>. They&rsquo;re responsive enough to host web apps for your team, but they idle in a sleeping state where they cost virtually nothing. Everybody at Fly.io that uses them ends up with 20 or 30, just hanging around.</p>
<p>We think you&rsquo;ll do better work when you can pull in as many computers as you need to solve problems. If it takes an MCP server for us to get you to do that, so be it.</p>
</content>
</entry>
<entry>
<title>Litestream Writable VFS</title>
<link rel="alternate" href="https://fly.io/blog/litestream-writable-vfs/"/>
<id>https://fly.io/blog/litestream-writable-vfs/</id>
<published>2026-01-29T00:00:00+00:00</published>
<updated>2026-02-04T23:24:24+00:00</updated>
<media:thumbnail url="https://fly.io/blog/litestream-writable-vfs/assets/litestream-writable-vfs.jpg"/>
<content type="html"><div class="lead"><p><strong class="font-semibold text-navy-950">I’m Ben Johnson, and I work on Litestream at Fly.io. Litestream is the missing backup/restore system for SQLite. It’s free, open-source software that should run anywhere, and</strong> <a href="/blog/litestream-v050-is-here/" title=""><strong class="font-semibold text-navy-950">you can read more about it here</strong></a><strong class="font-semibold text-navy-950">.</strong></p>
</div>
<p>Each time we write about it, we get a little bit better at golfing down a description of what Litestream is. Here goes: Litestream is a Unix-y tool for keeping a SQLite database synchronized with S3-style object storage. It&rsquo;s a way of getting the speed and simplicity wins of SQLite without exposing yourself to catastrophic data loss. Your app doesn&rsquo;t necessarily even need to know it&rsquo;s there; you can just run it as a tool in the background.</p>
<p>It&rsquo;s been a busy couple weeks!</p>
<p>We recently <a href='/blog/design-and-implementation/' title=''>unveiled Sprites</a>. If you don&rsquo;t know what Sprites are, you should just <a href='https://sprites.dev/' title=''>go check them out</a>. They&rsquo;re one of the coolest things we&rsquo;ve ever shipped. I won&rsquo;t waste any more time selling them to you. Just, Sprites are a big deal, and so it&rsquo;s a big deal to me that Litestream is a load-bearing component for them.</p>
<p>Sprites rely directly on Litestream in two big ways.</p>
<p>First, Litestream SQLite is the core of our global Sprites orchestrator. Unlike our flagship Fly Machines product, which relies on a centralized Postgres cluster, our Elixir Sprites orchestrator runs directly off S3-compatible object storage. Every organization enrolled in Sprites gets their own SQLite database, synchronized by Litestream.</p>
<p>This is a fun design. It takes advantage of the &ldquo;many SQLite databases&rdquo; pattern, which is under-appreciated. It&rsquo;s got nice scaling characteristics. Keeping that Postgres cluster happy as Fly.io grew has been a major engineering challenge.</p>
<p>But as far as Litestream is concerned, the orchestrator is boring, and so that&rsquo;s all I&rsquo;ve got to say about it. The second way Sprites use Litestream is much more interesting.</p>
<p>Litestream is built directly into the disk storage stack that runs on every Sprite.</p>
<p>Sprites launch in under a second, and every one of them boots up with 100GB of durable storage. That&rsquo;s a tricky bit of engineering. We&rsquo;re able to do this because the root of storage for Sprites is S3-compatible object storage, and we&rsquo;re able to make it fast by keeping a database of in-use storage blocks that takes advantage of attached NVMe as a read-through cache. The system that does this is JuiceFS, and the database — let&rsquo;s call it &ldquo;the block map&rdquo; — is a rewritten metadata store, based (you guessed it) on BoltDB.</p>
<p>I kid! It&rsquo;s Litestream SQLite, of course.</p>
<h2 id='sprite-storage-is-fussy' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#sprite-storage-is-fussy' aria-label='Anchor'></a><span class='plain-code'>Sprite Storage Is Fussy</span></h2>
<p>Everything in a Sprite is designed to come up fast.</p>
<p>If the Fly Machine underneath a Sprite bounces, we might need to reconstitute the block map from object storage. Block maps aren&rsquo;t huge, but they&rsquo;re not tiny; maybe low tens of megabytes worst case.</p>
<p>The thing is, this is happening while the Sprite boots back up. To put that in perspective, that&rsquo;s something that can happen in response to an incoming web request; that is, we have to finish fast enough to generate a timely response to that request. The time budget is small.</p>
<p>To make this even faster, we are integrating Litestream VFS to improve start times.The VFS is a dynamic library you load into your app. Once you do, you can do stuff like this:</p>
<div class="highlight-wrapper group relative bash">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-duvcwc7p"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-duvcwc7p">sqlite&gt; .open file:///my.db?vfs<span class="o">=</span>litestream
sqlite&gt; PRAGMA litestream_time <span class="o">=</span> <span class="s1">'5 minutes ago'</span><span class="p">;</span>
sqlite&gt; SELECT <span class="k">*</span> FROM sandwich_ratings ORDER BY RANDOM<span class="o">()</span> LIMIT 3 <span class="p">;</span>
22|Veggie Delight|New York|4
30|Meatball|Los Angeles|5
168|Chicken Shawarma Wrap|Detroit|5
</code></pre>
</div>
</div>
<p>Litestream VFS lets us run point-in-time SQLite queries hot off object storage blobs, answering queries before we&rsquo;ve downloaded the database.</p>
<p>This is good, but it&rsquo;s not perfect. We had two problems:</p>
<ol>
<li>We could only read, not write. People write to Sprite disks. The storage stack needs to write, right away.
</li><li>Running a query off object storage is a godsend in a cold start where we have no other alternative besides downloading the whole database, but it&rsquo;s not fast enough for steady state.
</li></ol>
<p>These are fun problems. Here&rsquo;s our first cut at solving them.</p>
<h2 id='writable-vfs' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#writable-vfs' aria-label='Anchor'></a><span class='plain-code'>Writable VFS</span></h2>
<p>The first thing we&rsquo;ve done is made the VFS optionally read-write. This feature is pretty subtle; it&rsquo;s interesting, but it&rsquo;s not as general-purpose as it might look. Let me explain how it works, and then explain why it works this way.</p>
<div class="callout"><p>Keep in mind as you read this that this is about the VFS in particular. Obviously, normal SQLite databases using Litestream the normal way are writeable.</p>
</div>
<p>The VFS works by keeping an index of <code>(file,offset, size)</code> for every page of the database in object storage; the data comprising the index is stored, <a href='https://github.com/superfly/ltx' title=''>in LTX files</a>, so that it&rsquo;s efficient for us to reconstitute it quickly when the VFS starts, and lookups are heavily cached. When we queried <code>sandwich_ratings</code> earlier, our VFS library intercepted the SQLite read method, looked up the requested page in the index, fetched it, and cached it.</p>
<p>This works great for reads. Writes are harder.</p>
<p>Behind the scenes in read-only mode, Litestream polls, so that we can detect new LTX files created by remote writers to the database. This supports a handy use case where we&rsquo;re running tests or doing slow analytical queries of databases that need to stay fast in prod.</p>
<p>In write mode, we don&rsquo;t allow multiple writers, because multiple-writer distributed SQLite databases are the <a href='https://hellraiser.fandom.com/wiki/Lament_Configuration' title=''>Lament Configuration</a> and we are not explorers over great vistas of pain. So the VFS in write-mode disables polling. We assume a single writer, and no additional backups to watch.</p>
<p>Next, we buffer. Writes go to a local temporary buffer (&ldquo;the write buffer&rdquo;). Every second or so (or on clean shutdown), we sync the write buffer with object storage. Nothing written through the VFS is truly durable until that sync happens.</p>
<div class="right-sidenote"><p>Most storage block maps are much smaller than this, but still.</p>
</div>
<p>Now, remember the use case we&rsquo;re looking to support here. A Sprite is cold-starting and its storage stack needs to serve writes, milliseconds after booting, without having a full copy of the 10MB block map. This writeable VFS mode lets us do that.</p>
<p>Critically, we support that use case only up to the same durability requirements that a Sprite already has. All storage on a Sprite shares this &ldquo;eventual durability&rdquo; property, so the terms of the VFS write make sense here. They probably don&rsquo;t make sense for your application. But if for some reason they do, have at it! To enable writes with Litestream VFS, just set the <code>LITESTREAM_WRITE_ENABLED</code> environment variable <code>&quot;true&quot;</code>.</p>
<p><img src="/blog/litestream-writable-vfs/assets/write-path.png" /></p>
<h2 id='hydration' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#hydration' aria-label='Anchor'></a><span class='plain-code'>Hydration</span></h2>
<p>The Sprite storage stack uses SQLite in VFS mode. In our original VFS design, most data is kept in S3. Again: fine at cold start, not so fine in steady state.</p>
<p>To solve this problem, we shoplifted a trick from <a href='https://docs.kernel.org/admin-guide/device-mapper/dm-clone.html' title=''>systems like dm-clone</a>: background hydration. In hydration designs, we serve queries remotely while running a loop to pull the whole database. When you start the VFS with the <code>LITESTREAM_HYDRATION_PATH</code> environment variable set, we&rsquo;ll hydrate to that file.</p>
<p>Hydration takes advantage of <a href='https://fly.io/blog/litestream-revamped#point-in-time-restores-but-fast' title=''>LTX compaction</a>, writing only the latest versions of each page. Reads don&rsquo;t block on hydration; we serve them from object storage immediately, and switch over to the hydration file when it&rsquo;s ready.</p>
<p><img src="/blog/litestream-writable-vfs/assets/timeline.png" /></p>
<p>As for the hydration file? It&rsquo;s simply a full copy of your database. It&rsquo;s the same thing you get if you run <code>litestream restore</code>.</p>
<p>Because this is designed for environments like Sprites, which bounce a lot, we write the database to a temporary file. We can&rsquo;t trust that the database is using the latest state every time we start up, not without doing a full restore, so we just chuck the hydration file when we exit the VFS. That behavior is baked into the VFS right now. This feature&rsquo;s got what Sprites need, but again, maybe not what your app wants.</p>
<h2 id='putting-it-all-together' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#putting-it-all-together' aria-label='Anchor'></a><span class='plain-code'>Putting It All Together</span></h2>
<p>This is a post about two relatively big moves we&rsquo;ve made with our open-source Litestream project, but the features are narrowly scoped for problems that look like the ones our storage stack needs. If you think you can get use out of them, I&rsquo;m thrilled, and I hope you&rsquo;ll tell me about it.</p>
<p>For ordinary read/write workloads, you don&rsquo;t need any of this mechanism. Litestream works fine without the VFS, with unmodified applications, just running as a sidecar alongside your application. The whole point of that configuration is to efficiently keep up with writes; that&rsquo;s easy when you know you have the whole database to work with when writes happen.</p>
<p>But this whole thing is, to me, a valuable case study in how Litestream can get used in a relatively complicated and demanding problem domain. Sprites are very cool, and it&rsquo;s satisfying to know that every disk write that happens on a Sprite is running through Litestream.</p>
</content>
</entry>
<entry>
<title>The Design & Implementation of Sprites</title>
<link rel="alternate" href="https://fly.io/blog/design-and-implementation/"/>
<id>https://fly.io/blog/design-and-implementation/</id>
<published>2026-01-14T00:00:00+00:00</published>
<updated>2026-01-16T20:23:36+00:00</updated>
<media:thumbnail url="https://fly.io/blog/design-and-implementation/assets/starry-containers.webp"/>
<content type="html"><div class="lead"><p>We’re Fly.io, and this is the place in the post where we’d normally tell you that our job is to <a href="https://fly.io/blog/docker-without-docker/" title="">take your containers and run them on our own hardware</a> all around the world. But last week, we <a href="https://sprites.dev/" title="">launched Sprites</a>, and they don’t work that way at all. Sprites are something new: Docker without Docker without Docker. This post is about how they work.</p>
</div>
<p>Replacement-level homeowners buy boxes of pens and stick them in &ldquo;the pen drawer&rdquo;. What the elites know: you have to think adversarially about pens. &ldquo;The purpose of a system is what it does&rdquo;; a household&rsquo;s is to uniformly distribute pens. Months from now, the drawer will be empty, no matter how many pens you stockpile. Instead, scatter pens every place you could possibly think to look for one — drawers, ledges, desks. Any time anybody needs a pen, several are at hand, in exactly the first place they look.</p>
<p>This is the best way I&rsquo;ve found to articulate the idea of <a href='https://sprites.dev/' title=''>Sprites</a>, the platform we just launched at Fly.io. Sprites are ball-point disposable computers. Whatever mark you mean to make, we&rsquo;ve rigged it so you&rsquo;re never more than a second or two away from having a Sprite to do it with.</p>
<p>Sprites are Linux virtual machines. You get root. They <code>create</code> in just a second or two: so fast, the experience of creating and shelling into one is identical to SSH&#39;ing into a machine that already exists. Sprites all have a 100GB durable root filesystem. They put themselves to sleep automatically when inactive, and cost practically nothing while asleep.</p>
<p>As a result, I barely feel the need to name my Sprites. Sometimes I&rsquo;ll just type <code>sprite create dkjsdjk</code> and start some task. People at Fly.io who use Sprites have dozens hanging around.</p>
<p>There aren&rsquo;t yet many things in cloud computing that have the exact shape Sprites do:</p>
<ul>
<li>Instant creation
</li><li>No time limits
</li><li>Persistent disk
</li><li>Auto-sleep to a cheap inactive state
</li></ul>
<p>This is a post about how we managed to get this working. We created a new orchestration stack that undoes some of the core decisions we made for <a href='https://fly.io/machines' title=''>Fly Machines</a>, our flagship product. Turns out, these new decisions make Sprites drastically easier for us to scale and manage. We&rsquo;re pretty psyched.</p>
<p>Lucky for me, there happen to be three <code>big decisions</code> we made that get you 90% of the way from Fly Machines to Sprites, which makes this an easy post to write. So, without further ado:</p>
<h2 id='decision-1-no-more-container-images' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#decision-1-no-more-container-images' aria-label='Anchor'></a><span class='plain-code'>Decision #1: No More Container Images</span></h2>
<p>This is the easiest decision to explain.</p>
<p>Fly Machines are approximately <a href='https://fly.io/blog/docker-without-docker/' title=''>OCI containers repackaged as KVM micro-VMs</a>. They have the ergonomics of Docker but the isolation and security of an EC2 instance. We love them very much and they&rsquo;re clearly the wrong basis for a ball-point disposable cloud computer.</p>
<p>The &ldquo;one weird trick&rdquo; of Fly Machines is that they <code>start</code> and <code>stop</code> instantly, fast enough that they can wake in time to handle an incoming HTTP request. But they can only do that if you&rsquo;ve already <code>created</code> them. You have to preallocate. <code>Creating</code> a Fly Machine can take over a minute. What you&rsquo;re supposed to do is to create a whole bunch of them and <code>stop</code> them so they&rsquo;re ready when you need them. But for Sprites, we need <code>create</code> to be so fast it feels like they&rsquo;re already there waiting for you.</p>
<div class="right-sidenote"><p>We only murdered user containers because we wanted them dead.</p>
</div>
<p>Most of what&rsquo;s slow about <code>creating</code> a Fly Machine is containers. I say this with affection: your containers are crazier than a soup sandwich. Huge and fussy, they take forever to <a href='https://fly.io/blog/docker-without-docker/' title=''>pull and unpack</a>. The regional locality sucks; <code>create</code> a Fly Machine in São Paulo on <code>gru-3838</code>, and a <code>create</code> on <code>gru-d795</code> is no faster. A <a href='https://community.fly.io/t/global-registry-now-in-production/13723' title=''>truly heartbreaking</a> amount of <a href='https://community.fly.io/t/faster-more-reliable-remote-image-builds-deploys/25841' title=''>engineering work</a> has gone into just allowing our OCI registry to <a href='https://www.youtube.com/watch?v=0jD-Rt4_CR8' title=''>keep up</a> with this system. </p>
<p>It&rsquo;s a tough job, is all I&rsquo;m saying. Sprites get rid of the user-facing container. Literally: problem solved. Sprites get to do this on easy mode.</p>
<p>Now, today, under the hood, Sprites are still Fly Machines. But they all run from a standard container. Every physical worker knows exactly what container the next Sprite is going to start with, so it&rsquo;s easy for us to keep pools of &ldquo;empty&rdquo; Sprites standing by. The result: a Sprite <code>create</code> doesn&rsquo;t have any heavy lifting to do; it&rsquo;s basically just doing the stuff we do when we <code>start</code> a Fly Machine.</p>
<figure class="post-cta">
<figcaption>
<h1>This all works right now.</h1>
<p>You can create a couple dozen Sprites right now if you want. It&rsquo;ll only take a second.</p>
<a class="btn btn-lg" href="https://sprites.dev/">
Make a Sprite. <span class='opacity-50'>→</span>
</a>
</figcaption>
<div class="image-container">
<img src="/static/images/cta-cat.webp" srcset="/static/images/[email protected] 2x" alt="">
</div>
</figure>
<h2 id='decision-2-object-storage-for-disks' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#decision-2-object-storage-for-disks' aria-label='Anchor'></a><span class='plain-code'>Decision #2: Object Storage For Disks</span></h2>
<p>Every Sprite comes with 100GB of durable storage. We&rsquo;re able to do that because the root of storage is S3-compatible object storage.</p>
<p>You can arrange for 100GB of storage for a Fly Machine. Or 200, or 500. The catch:</p>
<ul>
<li>You have to ask (with <code>flyctl</code>); we can&rsquo;t reasonably default it in.
</li><li>That storage is NVMe attached to the physical server your Fly Machine is on.
</li></ul>
<div class="right-sidenote"><p>[†] we print a <span style="color: red">big red warning</span> about this if you try to make a single-node cluster</p>
</div>
<p>We designed the storage stack for Fly Machines for Postgres clusters. A multi-replica Postgres cluster gets good mileage out of Fly Volumes. Attached storage is fast, but can <span style="color: red">lose data†</span> — if a physical blows up, there&rsquo;s no magic what rescues its stored bits. You&rsquo;re stuck with our last snapshot backup. That&rsquo;s fine for a replicated Postgres! It&rsquo;s part of what Postgres replication is for. But for anything without explicit replication, it&rsquo;s a very sharp edge.</p>
<p>Worse, from our perspective, is that attached storage anchors workloads to specific physicals. We have lots of reasons to want to move Fly Machines around. Before we did Fly Volumes, that was as simple as pushing a &ldquo;drain&rdquo; button on a server. Imagine losing a capability like that. It took 3 years to <a href='https://fly.io/blog/machine-migrations/' title=''>get workload migration right</a> with attached storage, and it&rsquo;s still not &ldquo;easy&rdquo;.</p>
<div class="right-sidenote"><p>Object stores are the Internet’s Hoover Dams, the closest things we have to infrastructure megaprojects.</p>
</div>
<p>Sprites jettison this model. We still exploit NVMe, but not as the root of storage. Instead, it&rsquo;s a read-through cache for a blob on object storage. S3-compatible object stores are the most trustworthy storage technology we have. I can feel my blood pressure dropping just typing the words &ldquo;Sprites are backed by object storage.&rdquo;</p>
<p>The implications of this for orchestration are profound. In a real sense, the durable state of a Sprite is simply a URL. Wherever he lays his hat is his home! They migrate (or recover from failed physicals) trivially. It&rsquo;s early days for our internal tooling, but we have so many new degrees of freedom to work with.</p>
<p>I could easily do another 1500-2000 words here on the Cronenberg film Kurt came up with for the actual storage stack, but because it&rsquo;s in flux, let&rsquo;s keep it simple.</p>
<p>The Sprite storage stack is organized around the JuiceFS model (in fact, we currently use a very hacked-up JuiceFS, with a rewritten SQLite metadata backend). It works by splitting storage into data (&ldquo;chunks&rdquo;) and metadata (a map of where the &ldquo;chunks&rdquo; are). Data chunks live on object stores; metadata lives in fast local storage. In our case, that metadata store is <a href='https://litestream.io/' title=''>kept durable with Litestream</a>. Nothing depends on local storage.</p>
<div class="right-sidenote"><p>(our pre-installed Claude Code will checkpoint aggressively for you without asking)</p>
</div>
<p>This also buys Sprites fast <code>checkpoint</code> and <code>restore</code>. Checkpoints are so fast we want you to use them as a basic feature of the system and not as an escape hatch when things go wrong; like a git restore, not a system restore. That works because both <code>checkpoint</code> and <code>restore</code> merely shuffle metadata around.</p>
<p>Our stack sports <a href='https://en.wikipedia.org/wiki/Dm-cache' title=''>a dm-cache-like</a> feature that takes advantage of attached storage. A Sprite has a sparse 100GB NVMe volume attached to it, which the stack uses to cache chunks to eliminate read amplification. Importantly (I can feel my resting heart rate lowering) nothing in that NVMe volume should matter; stored chunks are immutable and their true state lives on the object store.</p>
<div class="callout"><p>Our preference for object storage goes further than the Sprite storage stack. The global orchestrator for Sprites is an Elixir/Phoenix app that uses object storage as the primary source of metadata for accounts. We then give each account an independent SQLite database, again made durable on object storage with Litestream.</p>
</div><h2 id='decision-3-inside-out-orchestration' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#decision-3-inside-out-orchestration' aria-label='Anchor'></a><span class='plain-code'>Decision #3: Inside-Out Orchestration</span></h2>
<p>In the cloud hosting industry, user applications are managed by two separate, yet equally important components: the host, which orchestrates workloads, and the guest, which runs them. Sprites flip that on its head: the most important orchestration and management work happens inside the VM.</p>
<p>Here&rsquo;s the trick: user code running on a Sprite isn&rsquo;t running in the root namespace. We&rsquo;ve slid a container between you and the kernel. You see an inner environment, managed by a fleet of services running in the root namespace of the VM.</p>
<div class="callout"><p>I wish we’d done Fly Machines this way to begin with. I’m not sure there’s a downside. The inner container allows us to bounce a Sprite without rebooting the whole VM, even on checkpoint restores. I think Fly Machines users could get some mileage out of that feature, too.</p>
</div>
<p>With Sprites, we&rsquo;re pushing this idea as far as we can. The root environment hosts the majority of our orchestration code. When you talk to the global API, chances are you&rsquo;re talking directly to your own VM. Furthermore:</p>
<ul>
<li>Our storage stack, which handles checkpoint/restore and persistence to object storage, lives there;
</li><li>so does the service manager we expose to Sprites, which registers user code that needs to restart when a Sprite bounces;
</li><li>same with logs;
</li><li>if you bind a socket to <code>*:8080</code>, we&rsquo;ll make it available outside the Sprite — yep, that&rsquo;s in the root namespace too.
</li></ul>
<p>Platform developers at Fly.io know how much easier it can be to hack on <code>init</code> (inside the container) than things <a href='https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/' title=''>like <code>flyd</code></a>, the Fly Machines orchestrator that runs on the host. Changes to Sprites don&rsquo;t restart host components or muck with global state. The blast radius is just new VMs that pick up the change. We sleep on how much platform work doesn&rsquo;t get done not because the code is hard to write, but because it&rsquo;s so time-consuming to ensure benign-looking changes don&rsquo;t throw the whole fleet into metastable failure. We had that in mind when we did Sprites.</p>
<h2 id='we-keep-the-parts-that-worked' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#we-keep-the-parts-that-worked' aria-label='Anchor'></a><span class='plain-code'>We Keep The Parts That Worked</span></h2>
<p>Sprites running on Fly.io take advantage of the infrastructure we already have. For instance: Sprites might be the fastest thing there currently exists to get Claude or Gemini to build a full-stack application on the Internet.</p>
<p>That&rsquo;s because Sprites plug directly into <a href='https://fly.io/blog/corrosion/' title=''>Corrosion, our gossip-based service discovery system</a>. When you ask the Sprite API to make a public URL for your Sprite, we generate a Corrosion update that propagates across our fleet instantly. Your application is then served, with an HTTPS URL, from our proxy edges.</p>
<p>Sprites live alongside Fly Machines in our architecture. They include some changes that are pure wins, but they&rsquo;re mostly tradeoffs:</p>
<ul>
<li>We&rsquo;ve always wanted to run Fly Machine disks off object storage (<a href='https://community.fly.io/t/bottomless-s3-backed-volumes/15648' title=''>we have an obscure LSVD feature that does this</a>), but the performance isn&rsquo;t adequate for a hot Postgres node in production.
</li><li>For that matter, professional production apps ship out of CI/CD systems as OCI containers; that&rsquo;s a big part of what makes orchestrating Fly Machines so hard.
</li><li>Most (though not all) Sprite usage is interactive, and Sprite users benefit from their VMs aggressively sleeping themselves to keep costs low; e-commerce apps measure responsiveness in milliseconds and want their workloads kept warm.
</li></ul>
<p>Sprites are optimized for a different kind of computing than Fly Machines, and <a href='https://fly.io/blog/code-and-let-live/' title=''>while Kurt believes that the future belongs to malleable, personalized apps</a>, I&rsquo;m not so sure. To me, it makes sense to prototype and acceptance-test an application on Sprites. Then, when you&rsquo;re happy with it, containerize it and ship it as a Fly Machine to scale it out. An automated workflow for that will happen.</p>
<p>Finally, Sprites are a contract with user code: an API and a set of expectations about how the execution environment works. Today, they run on top of Fly Machines. But they don&rsquo;t have to. Jerome&rsquo;s working on an open-source local Sprite runtime. We&rsquo;ll find other places to run them, too.</p>
<h2 id='you-wont-get-it-until-you-use-them' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#you-wont-get-it-until-you-use-them' aria-label='Anchor'></a><span class='plain-code'>You Won&rsquo;t Get It Until You Use Them</span></h2>
<p>I can&rsquo;t not sound like a shill. Sprites are the one thing we&rsquo;ve shipped that I personally experience as addictive. I haven&rsquo;t fully put my finger on why it feels so much easier to kick off projects now that I can snap my finger and get a whole new computer. The whole point is that there&rsquo;s no reason to parcel them out, or decide which code should run where. You just make a new one.</p>
<p>So to make this fully click, I think you should <a href='https://sprites.dev/' title=''>just install the <code>sprite</code> command</a>, make a Sprite, and then run an agent in it. We&rsquo;ve preinstalled Claude, Gemini, and Codex, and taught them how to do things like checkpoint/restore, registering services, and getting logs. Claude will run in <code>--dangerously-skip-permissions</code> mode (because why wouldn&rsquo;t it). Have it build something; I built a &ldquo;Chicago&rsquo;s best sandwich&rdquo; bracket app for a Slack channel.</p>
<p>Sprites bill only for what you actually use (in particular: only for storage blocks you actually write, not the full 100GB capacity). It&rsquo;s reasonable to create a bunch. They&rsquo;re ball-point disposable computers. After you get a feel for them, it&rsquo;ll start to feel weird not having them handy.</p>
</content>
</entry>
<entry>
<title>Code And Let Live</title>
<link rel="alternate" href="https://fly.io/blog/code-and-let-live/"/>
<id>https://fly.io/blog/code-and-let-live/</id>
<published>2026-01-09T00:00:00+00:00</published>
<updated>2026-01-14T19:59:01+00:00</updated>
<media:thumbnail url="https://fly.io/blog/code-and-let-live/assets/sprites.jpg"/>
<content type="html"><div class="lead"><p>The state of the art in agent isolation is a read-only sandbox. At Fly.io, we’ve been selling that story for years, and we’re calling it: ephemeral sandboxes are obsolete. Stop killing your sandboxes every time you use them.</p>
</div>
<p>My argument won&rsquo;t make sense without showing you something new we&rsquo;ve built. We&rsquo;re all adults here, this is a company, we talk about what we do. Here goes.</p>
<p>So, I want to run some code. So what I do is, I run <code>sprite create</code>. While it operates, I&rsquo;ll explain what&rsquo;s happening behind the—</p>
<div class="highlight-wrapper group relative bash">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-i429cz3y"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-i429cz3y">✓ Created demo-123 sprite <span class="k">in </span>1.0s
● Connecting to console...
sprite@sprite:~#
</code></pre>
</div>
</div>
<p>Shit, it&rsquo;s already there.</p>
<p>That&rsquo;s a root shell on a Linux computer we now own. It came online in about the same amount of time it would take to <code>ssh</code> into a host that already existed. We call these things &ldquo;Sprites&rdquo;.</p>
<p>Let&rsquo;s install FFmpeg on our Sprite:</p>
<div class="highlight-wrapper group relative bash">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-bwjgxaic"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-bwjgxaic"><span class="nb">sudo </span>apt-get <span class="nb">install</span> <span class="nt">-y</span> ffmpeg <span class="o">&gt;</span>/dev/null 2&gt;&amp;1
</code></pre>
</div>
</div>
<p>Unlike creating the Sprite in the first place, installing <code>ffmpeg</code> with <code>apt-get</code> is dog slow. Let&rsquo;s try not to have to do that again:</p>
<div class="highlight-wrapper group relative bash">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-iacnzrtv"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-iacnzrtv">sprite@sprite:~# sprite-env checkpoints create
<span class="c"># ...</span>
<span class="o">{</span><span class="s2">"type"</span>:<span class="s2">"complete"</span>,<span class="s2">"data"</span>:<span class="s2">"Checkpoint v1 created successfully"</span>,
<span class="s2">"time"</span>:<span class="s2">"2025-12-22T22:50:48.60423809Z"</span><span class="o">}</span>
</code></pre>
</div>
</div>
<p>This completes instantly. Didn&rsquo;t even bother to measure.</p>
<p>I step away to get coffee. Time passes. The Sprite, noticing my inactivity, goes to sleep. I meet an old friend from high school at the coffee shop. End up spending the day together. More time passes. Days even. Returning later:</p>
<div class="highlight-wrapper group relative bash">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-k9uw0dxr"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-k9uw0dxr"><span class="o">&gt;</span> <span class="nv">$ </span>sprite console
sprite@sprite:~# ffmpeg
ffmpeg version 7.1.1-1ubuntu1.3 Copyright <span class="o">(</span>c<span class="o">)</span> 2000-2025 the FFmpeg developers
Use <span class="nt">-h</span> to get full <span class="nb">help </span>or, even better, run <span class="s1">'man ffmpeg'</span>
sprite@sprite:~#
</code></pre>
</div>
</div>
<p>Everything&rsquo;s where I left it. Sprites are durable. 100GB capacity to start, no ceremony. Maybe I&rsquo;ll keep it around a few more days, maybe a few months, doesn&rsquo;t matter, just works.</p>
<p>Say I get an application up on its legs. Install more packages. Then: disaster. Maybe an ill-advised global <code>pip3 install</code> . Or <code>rm -rf $HMOE/bin</code>. Or <code>dd if=/dev/random of=/dev/vdb</code>. Whatever it was, everything&rsquo;s broken. So:</p>
<div class="highlight-wrapper group relative bash">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-8qs3qsqn"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-8qs3qsqn"><span class="o">&gt;</span> <span class="nv">$ </span>sprite checkpoint restore v1
Restoring from checkpoint v1...
Container components started successfully
Restore from v1 <span class="nb">complete</span>
<span class="o">&gt;</span> <span class="nv">$ </span>sprite console
sprite@sprite:~#
</code></pre>
</div>
</div>
<p>Sprites have first-class checkpoint and restore. You can&rsquo;t see it in text, but that restore took about one second. It&rsquo;s fast enough to use casually, interactively. Not an escape hatch. Rather: an intended part of the ordinary course of using a Sprite. Like <code>git</code>, but for the whole system.</p>
<div class="callout"><p>If you’re asking how this is any different from an EC2 instance, good. That’s what we’re going for, except:</p>
<ul>
<li>I can <strong class="font-semibold text-navy-950">casually create hundreds of them</strong> (without needing a Docker container), each appearing in 1-2 seconds.
</li><li>They <strong class="font-semibold text-navy-950">go idle and stop metering automatically</strong>, so it’s cheap to have lots of them. I use dozens.
</li><li>They’re <strong class="font-semibold text-navy-950">hooked up to our Anycast</strong> network, so I can get an HTTPS URL.
</li><li>Despite all that, <strong class="font-semibold text-navy-950">they’re fully durable</strong>. They don’t die until I tell them to.
</li></ul>
<p>This combination of attributes isn’t common enough to already have a name, so we decided we get to name them “Sprites”. Sprites are like BIC disposable cloud computers.</p>
</div>
<p>That&rsquo;s what we built. You can <a href='https://sprites.dev/' title=''>go try it yourself</a>. We wrote another 1000 words about how they work, but I cut them out because I want to stop talking about our products now and get to my point.</p>
<h2 id='claude-doesnt-want-a-stateless-container' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#claude-doesnt-want-a-stateless-container' aria-label='Anchor'></a><span class='plain-code'>Claude Doesn&rsquo;t Want A Stateless Container</span></h2>
<p>For years, we&rsquo;ve been trying to serve two very different users with the same abstraction. It hasn&rsquo;t worked.</p>
<p>Professional software developers are trained to build stateless instances. Stateless deployments, where persistent data is confined to database servers, buys you simplicity, flexible scale-out, and reduced failure blast radius. It&rsquo;s a good idea, so popular that most places you can run code in the cloud look like stateless containers. Fly Machines, our flagship offering, look like stateless containers.</p>
<p>The problem is that Claude isn&rsquo;t a pro developer. Claude is a hyper-productive five-year-old savant. It&rsquo;s uncannily smart, wants to stick its finger in every available electrical socket, and works best when you find a way to let it zap itself.</p>
<div class="right-sidenote"><p>(sometimes by escaping the container!)</p>
</div>
<p>If you force an agent to, it&rsquo;ll work around containerization and do work . But you&rsquo;re not helping the agent in any way by doing that. They don&rsquo;t want containers. They don&rsquo;t want &ldquo;sandboxes&rdquo;. They want computers.</p>
<div class="right-sidenote"><p>Someone asked me about this the other day and wanted to know if I was saying that agents needed sound cards and USB ports. And, maybe? I don’t know. Not today.</p>
</div>
<p>In a moment, I&rsquo;ll explain why. But first I probably need to explain what the hell I mean by a &ldquo;computer&rdquo;. I think we all agree:</p>
<ul>
<li>A computer doesn&rsquo;t necessarily vanish after a single job is completed, <em>and</em>
</li><li>it has durable storage.
</li></ul>
<p>Since current agent sandboxes have neither of these, I can stop the definition right there and get back to my point.</p>
<h2 id='simple-wins' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#simple-wins' aria-label='Anchor'></a><span class='plain-code'>Simple Wins</span></h2>
<p>Start here: with an actual computer, Claude doesn&rsquo;t have to rebuild my entire development environment every time I pick up a PR.</p>
<p>This seems superficial but rebuilding stuff like <code>node_modules</code> is such a monumental pain in the ass that the industry is spending tens of millions of dollars figuring out how to snapshot and restore ephemeral sandboxes.</p>
<p>I&rsquo;m not saying those problems are intractable. I&rsquo;m saying they&rsquo;re unnecessary. Instead of figuring them out, just use an actual computer. Work out a PR, review and push it, then just start on the next one. Without rebooting.</p>
<p>People will rationalize why it&rsquo;s a good thing that they start from a new build environment every time they start a changeset. Stockholm Syndrome. When you start a feature branch on your own, do you create an entirely new development environment to do it?</p>
<p>The reason agents waste all this effort is that nobody saw them coming. Read-only ephemeral sandboxes were the only tool we had hanging on the wall to help use them sanely.</p>
<div class="callout"><p>Have you ever had to set up actual infrastructure to give an agent access to realistic data? People do this. Because they know they’re dealing with a clean slate every time they prompt their agent, they arrange for S3 buckets, Redis servers, or even RDS instances outside the sandbox for their agents to talk to. They’re building infrastructure to work around the fact that they can’t just write a file and trust it to stay put. Gross.</p>
</div>
<p>Ephemerality means time limits. Providers design sandbox systems to handle the expected workloads agents generate. Most things agents do today don&rsquo;t take much time; in fact, they&rsquo;re often limited only by the rate at which frontier models can crunch tokens. Test suites run quickly. The 99th percentile sandboxed agent run probably needs less than 15 minutes.</p>
<p>But there are feature requests where compute and network time swamp token crunching. I built the documentation site for the Sprites API by having a Claude Sprite interact with the code and our API, building and testing examples for the API one at a time. There are APIs where the client interaction time alone would blow sandbox budgets.</p>
<p>You see the limits of the current approach in how people round-trip state through &ldquo;plan files&rdquo;, which are ostensibly prose but often really just egregiously-encoded key-value stores.</p>
<p>An agent running on an actual computer can exploit the whole lifecycle of the application. We saw this when Chris McCord built <a href='https://phoenix.new/' title=''>Phoenix.new</a>. The agent behind a Phoenix.new app runs on a Fly Machine where it can see the app logs from the Phoenix app it generated. When users do things that generate exceptions, Phoenix.new notices and gets to work figuring out what happened.</p>
<p>It took way too much work for Chris to set that up, and he was able to do it in part because he wrote his own agent. You can do it with Claude today with an MCP server or some other arrangement to haul logs over. But all you really need is to just not shoot your sandbox in the head when the agent finishes writing code.</p>
<h2 id='galaxy-brain-win' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#galaxy-brain-win' aria-label='Anchor'></a><span class='plain-code'>Galaxy Brain Win</span></h2>
<p>Here&rsquo;s where I lose you. I know this because it&rsquo;s also where I lose my team, most of whom don&rsquo;t believe me about this.</p>
<p>The nature of software development is changing out from under us, and I think we&rsquo;re kidding ourselves that it&rsquo;s going to end with just a reconfiguration of how professional developers ship software.</p>
<p>I have kids. They have devices. I wanted some control over them. So I did what many of you would do in my situation: I vibe-coded an MDM.</p>
<p><img src="/blog/code-and-let-live/assets/kurtmdm.png?1/2&amp;card&amp;center" /></p>
<p>I built this thing with Claude. It&rsquo;s a SQLite-backed Go application running on a Sprite. The Anycast URL my Sprite exports works as an MDM registration URL. Claude also worked out all the APNS Push Certificate drama for me. It all just works.</p>
<div class="right-sidenote"><p>“Editing PHP files over FTP: we weren’t wrong, just ahead of our time!”</p>
</div>
<p>I&rsquo;ve been running this for a month now, still on a Sprite, and see no reason ever to stop. It is a piece of software that solves an important real-world problem for me. It might evolve as my needs change, and I tell Claude to change it. Or it might not. For this app, dev is prod, prod is dev.</p>
<p>For reasons we&rsquo;ll get into when we write up how we built these things, you wouldn&rsquo;t want to ship an app to millions of people on a Sprite. But most apps don&rsquo;t want to serve millions of people. The most important day-to-day apps disproportionately won&rsquo;t have million-person audiences. There are some important million-person apps, but most of them just destroy civil society, melt our brains, and arrange chauffeurs for individual cheeseburgers.</p>
<p>Applications that solve real problems for people will be owned by the people they solve problems for. And for the most part, they won&rsquo;t need a professional guild of software developers to gatekeep feature development for them. They&rsquo;ll just ask for things and get them.</p>
<p>The problem we&rsquo;re all working on is bigger than safely accelerating pro software developers. Sandboxes are holding us back.</p>
<h2 id='fuck-ephemeral-sandboxes' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#fuck-ephemeral-sandboxes' aria-label='Anchor'></a><span class='plain-code'>Fuck Ephemeral Sandboxes</span></h2>
<p>Obviously, I&rsquo;m trying to sell you something here. But that doesn&rsquo;t make me wrong. The argument I&rsquo;m making is the reason we built the specific thing I&rsquo;m selling.</p>
<figure class="post-cta">
<figcaption>
<h1>We shipped these things.</h1>
<p>You can create a couple dozen Sprites right now if you want. It&rsquo;ll only take a second.</p>
<a class="btn btn-lg" href="https://sprites.dev/">
Make a Sprite. <span class='opacity-50'>→</span>
</a>
</figcaption>
<div class="image-container">
<img src="/static/images/cta-dog.webp" srcset="/static/images/[email protected] 2x" alt="">
</div>
</figure>
<p>It took us a long time to get here. We spent years kidding ourselves. We built a platform for horizontal-scaling production applications with micro-VMs that boot so quickly that, if you hold them in exactly the right way, you can do a pretty decent code sandbox with them. But it&rsquo;s always been a square peg, round hole situation.</p>
<p>We have a lot to say about how Sprites work. They&rsquo;re related to Fly Machines but sharply different in important ways. They have an entirely new storage stack. They&rsquo;re orchestrated differently. No Dockerfiles.</p>
<p>But for now, I just want you to think about what I&rsquo;m saying here. Whether or not you ever boot a Sprite, ask: if you could run a coding agent anywhere, would you want it to look more like a read-only sandbox in a K8s cluster in the cloud, or like an entire EC2 instance you could summon in the snap of a finger?</p>
<p>I think the answer is obvious. The age of sandboxes is over. The time of the disposable computer has come.</p>
</content>
</entry>
<entry>
<title>Litestream VFS</title>
<link rel="alternate" href="https://fly.io/blog/litestream-vfs/"/>
<id>https://fly.io/blog/litestream-vfs/</id>
<published>2025-12-11T00:00:00+00:00</published>
<updated>2025-12-11T17:32:13+00:00</updated>
<media:thumbnail url="https://fly.io/blog/litestream-vfs/assets/litestream-vfs.jpg"/>
<content type="html"><div class="lead"><p><strong class="font-semibold text-navy-950">I’m Ben Johnson, and I work on Litestream at Fly.io. Litestream is the missing backup/restore system for SQLite. It’s free, open-source software that should run anywhere, and</strong> <a href="/blog/litestream-v050-is-here/" title=""><strong class="font-semibold text-navy-950">you can read more about it here</strong></a><strong class="font-semibold text-navy-950">.</strong></p>
</div>
<p>Again with the sandwiches: assume we&rsquo;ve got a SQLite database of sandwich ratings, and we&rsquo;ve backed it up with <a href='/blog/litestream-v050-is-here/' title=''>Litestream</a> to an S3 bucket.</p>
<p>Now, on our local host, load up AWS credentials and an S3 path into our environment. Open SQLite and:</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-z396uf60"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-z396uf60">$ sqlite3
SQLite version 3.50.4 2025-07-30 19:33:53
sqlite&gt; .load litestream.so
sqlite&gt; .open file:///my.db?vfs=litestream
</code></pre>
</div>
</div>
<p>SQLite is now working from that remote database, defined by the Litestream backup files in the S3 path we configured. We can query it:</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-kieef97f"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-kieef97f">sqlite&gt; SELECT * FROM sandwich_ratings ORDER BY RANDOM() LIMIT 3 ;
22|Veggie Delight|New York|4
30|Meatball|Los Angeles|5
168|Chicken Shawarma Wrap|Detroit|5
</code></pre>
</div>
</div>
<p>This is Litestream VFS. It runs SQLite hot off an object storage URL. As long as you can load the shared library our tree builds for you, it&rsquo;ll work in your application the same way it does in the SQLite shell.</p>
<p>Fun fact: we didn&rsquo;t have to download the whole database to run this query. More about this in a bit.</p>
<p>Meanwhile, somewhere in prod, someone has it in for meatball subs and wants to knock them out of the bracket – oh, fuck:</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-oexge9kc"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-oexge9kc">sqlite&gt; UPDATE sandwich_ratings SET stars = 1 ;
</code></pre>
</div>
</div>
<p>They forgot the <code>WHERE</code> clause!</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-2mgicvsr"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-2mgicvsr">sqlite&gt; SELECT * FROM sandwich_ratings ORDER BY RANDOM() LIMIT 3 ;
97|French Dip|Los Angeles|1
140|Bánh Mì|San Francisco|1
62|Italian Beef|Chicago|1
</code></pre>
</div>
</div>
<p>Italian Beefs and Bánh Mìs, all at 1 star. Disaster!</p>
<p>But wait, back on our dev machine:</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-r5hggeuc"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-r5hggeuc">sqlite&gt; PRAGMA litestream_time = '5 minutes ago';
sqlite&gt; select * from sandwich_ratings ORDER BY RANDOM() LIMIT 3 ;
30|Meatball|Los Angeles|5
33|Ham &amp; Swiss|Los Angeles|2
163|Chicken Shawarma Wrap|Detroit|5
</code></pre>
</div>
</div>
<p>We&rsquo;re now querying that database from a specific point in time in our backups. We can do arbitrary relative timestamps, or absolute ones, like <code>2000-01-01T00:00:00Z</code>.</p>
<p>What we&rsquo;re doing here is instantaneous point-in-time recovery (PITR), expressed simply in SQL and SQLite pragmas.</p>
<p>Ever wanted to do a quick query against a prod dataset, but didn&rsquo;t want to shell into a prod server and fumble with the <code>sqlite3</code> terminal command like a hacker in an 80s movie? Or needed to do a quick sanity check against yesterday&rsquo;s data, but without doing a full database restore? Litestream VFS makes that easy. I&rsquo;m so psyched about how it turned out.</p>
<h2 id='how-it-works' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#how-it-works' aria-label='Anchor'></a><span class='plain-code'>How It Works</span></h2>
<p><a href='/blog/litestream-v050-is-here/' title=''>Litestream v0.5</a> integrates <a href='https://github.com/superfly/ltx' title=''>LTX</a>, our SQLite data-shipping file format. Where earlier Litestream blindly shipped whole raw SQLite pages to and from object storage, LTX ships ordered sets of pages. We built LTX for <a href='/docs/litefs/' title=''>LiteFS</a>, which uses a FUSE filesystem to do transaction-aware replication for unmodified applications, but we&rsquo;ve spent this year figuring out ways to use LTX in Litestream, without all that FUSE drama.</p>
<p>The big thing LTX gives us is &ldquo;compaction&rdquo;. When we restore a database from object storage, we want the most recent versions of each changed database page. What we don&rsquo;t want are all the intermediate versions of those pages that occurred prior to the most recent change.</p>
<p>Imagine, at the time we&rsquo;re restoring, we&rsquo;re going to need pages 1, 2, 3, 4, and 5. Depending on the order in which pages were written, the backup data set might look something like <code>1 2 3 5 3 5 4 5 5</code>. What we want is the <em>rightmost</em> 5, 4, 3, 2, and 1, without wasting time on the four &ldquo;extra&rdquo; page 5&rsquo;s and the one &ldquo;extra&rdquo; page 3. Those &ldquo;extra&rdquo; pages are super common in SQLite data sets; for instance, every busy table with an autoincrementing primary key will have them.</p>
<p>LTX lets us skip the redundant pages, and the algorithm is trivial: reading backwards from the end of the sequence, skipping any page you already read. This drastically accelerates restores.</p>
<p>But LTX compaction isn&rsquo;t limited to whole databases. We can also LTX-compact sets of LTX files. That&rsquo;s the key to how PITR restores with Litestream now work.</p>
<p>In the diagram below, we&rsquo;re taking daily full snapshots. Below those snapshots are &ldquo;levels&rdquo; of changesets: groups of database pages from smaller and smaller windows of time. By default, Litestream uses time intervals of 1 hour at the highest level, down to 30 seconds at level 1. L0 is a special level where files are uploaded every second, but are only retained until being compacted to L1.</p>
<p><img src="/blog/litestream-vfs/assets/litestream-restore.png" /></p>
<p>Now, let&rsquo;s do a PITR restore. Start from the most proximal snapshot. Then determine the minimal set of LTX files from each level to reach the time you are restoring to.</p>
<p><img src="/blog/litestream-vfs/assets/litestream-restore-path.png" /></p>
<p>We have another trick up our sleeve.</p>
<p>LTX trailers include a small index tracking the offset of each page in the file. By fetching <em>only</em> these index trailers from the LTX files we&rsquo;re working with (each occupies about 1% of its LTX file), we can build a lookup table of every page in the database. Since modern object storage providers all let us fetch slices of files, we can perform individual page reads against S3 directly.</p>
<p><img alt="Anatomy of an LTX file" src="/blog/litestream-vfs/assets/litestream-ltx.png" /></p>
<h2 id='how-its-implemented' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#how-its-implemented' aria-label='Anchor'></a><span class='plain-code'>How It&rsquo;s Implemented</span></h2>
<p>SQLite has a plugin interface for things like this: <a href='https://sqlite.org/vfs.html' title=''>the &ldquo;VFS&rdquo; interface.</a> VFS plugins abstract away the bottom-most layer of SQLite, the interface to the OS. If you&rsquo;re using SQLite now, you&rsquo;re already using some VFS module, one SQLite happens to ship with.</p>
<p>For Litestream users, there&rsquo;s a catch. From the jump, we&rsquo;ve designed Litestream to run alongside unmodified SQLite applications. Part of what makes Litestream so popular is that your apps don&rsquo;t even need to know it exists. It&rsquo;s &ldquo;just&rdquo; a Unix program.</p>
<p>That Litestream Unix program still does PITR restores, without any magic. But to do fast PITR-style queries straight off S3, we need more. To make those queries work, you have to load and register Litestream&rsquo;s VFS module.</p>
<p>But that&rsquo;s all that changes.</p>
<p>In particular: Litestream VFS doesn&rsquo;t replace the SQLite library you&rsquo;re already using. It&rsquo;s not a new &ldquo;version&rdquo; of SQLite. It&rsquo;s just a plugin for the SQLite you&rsquo;re already using.</p>
<p>Still, we know that&rsquo;s not going to work for everybody, and even though we&rsquo;re really psyched about these PITR features, we&rsquo;re not taking our eyes off the ball on the rest of Litestream. You don&rsquo;t have to use our VFS library to use Litestream, or to get the other benefits of the new LTX code.</p>
<p>The way a VFS library works, we&rsquo;re given just a couple structures, each with a bunch of methods defined on them. We override only the few methods we care about. Litestream VFS handles only the read side of SQLite. Litestream itself, running as a normal Unix program, still handles the &ldquo;write&rdquo; side. So our VFS subclasses just enough to find LTX backups and issue queries.</p>
<p>With our VFS loaded, whenever SQLite needs to read a page into memory, it issues a <code>Read()</code> call through our library. The read call includes the byte offset at which SQLite expected to find the page. But with Litestream VFS, that byte offset is an illusion.</p>
<p>Instead, we use our knowledge of the page size along with the requested page number to do a lookup on the page index we&rsquo;ve built. From it, we get the remote filename, the &ldquo;real&rdquo; byte offset into that file, and the size of the page. That&rsquo;s enough for us to use the <a href='https://docs.aws.amazon.com/AmazonS3/latest/userguide/range-get-olap.html' title=''>S3 API&rsquo;s <code>Range</code> header handling</a> to download exactly the block we want.</p>
<p>To save lots of S3 calls, Litestream VFS implements an LRU cache. Most databases have a small set of &ldquo;hot&rdquo; pages — inner branch pages or the leftmost leaf pages for tables with an auto-incrementing ID field. So only a small percentage of the database is updated and queried regularly.</p>
<div class="callout"><p><strong class="font-semibold text-navy-950">We’ve got one last trick up our sleeve.</strong></p>
<p>Quickly building an index and restore plan for the current state of a database is cool. But we can do one better.</p>
<p>Because Litestream backs up (into the L0 layer) once per second, the VFS code can simply poll the S3 path, and then incrementally update its index. <strong class="font-semibold text-navy-950">The result is a near-realtime replica.</strong> Better still, you don’t need to stream the whole database back to your machine before you use it.</p>
</div><h2 id='eat-your-heart-out-marty-mcfly' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#eat-your-heart-out-marty-mcfly' aria-label='Anchor'></a><span class='plain-code'>Eat Your Heart Out, Marty McFly</span></h2>
<p>Litestream holds backup files for every state your database has been in, with single-second resolution, for as long as you want it to. Forgot the <code>WHERE</code> clause on a <code>DELETE</code> statement? Updating your database state to where it was an hour (or day, or week) ago is just a matter of adjusting the LTX indices Litestream manages.</p>
<p>All this smoke-and-mirrors of querying databases without fully fetching them has another benefit: it starts up really fast! We&rsquo;re living an age of increasingly ephemeral servers, what with the AIs and the agents and the clouds and the hoyvin-glavins. Wherever you find yourself, if your database is backed up to object storage with Litestream, you&rsquo;re always in a place where you can quickly issue a query.</p>
<p>As always, one of the big things we think we&rsquo;re doing right with Litestream is: we&rsquo;re finding ways to get as much whiz-bang value as we can (instant PITR reading live off object storage: pretty nifty!) while keeping the underlying mechanism simple enough that you can fit your head around it.</p>
<p>Litestream is solid for serious production use (we rely on it for important chunks of our own Fly.io APIs). But you could write Litestream yourself, just from the basic ideas in these blog posts. We think that&rsquo;s a point in its favor. We land there because the heavy lifting in Litestream is being done by SQLite itself, which is how it should be.</p>
</content>
</entry>
<entry>
<title>You Should Write An Agent</title>
<link rel="alternate" href="https://fly.io/blog/everyone-write-an-agent/"/>
<id>https://fly.io/blog/everyone-write-an-agent/</id>
<published>2025-11-06T00:00:00+00:00</published>
<updated>2025-12-09T19:06:20+00:00</updated>
<media:thumbnail url="https://fly.io/blog/everyone-write-an-agent/assets/agents-cover.webp"/>
<content type="html"><div class="lead"><p>Some concepts are easy to grasp in the abstract. Boiling water: apply heat and wait. Others you really need to try. You only think you understand how a bicycle works, until you learn to ride one.</p>
</div>
<p>There are big ideas in computing that are easy to get your head around. The AWS S3 API. It&rsquo;s the most important storage technology of the last 20 years, and it&rsquo;s like boiling water. Other technologies, you need to get your feet on the pedals first.</p>
<p>LLM agents are like that.</p>
<p>People have <a href='https://ludic.mataroa.blog/blog/contra-ptaceks-terrible-article-on-ai/' title=''>wildly varying opinions</a> about LLMs and agents. But whether or not they&rsquo;re snake oil, they&rsquo;re a big idea. You don&rsquo;t have to like them, but you should want to be right about them. To be the best hater (or stan) you can be.</p>
<p>So that&rsquo;s one reason you should write an agent. But there&rsquo;s another reason that&rsquo;s even more persuasive, and that&rsquo;s</p>
<h2 id='its-incredibly-easy' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#its-incredibly-easy' aria-label='Anchor'></a><span class='plain-code'>It&rsquo;s Incredibly Easy</span></h2>
<p>Agents are the most surprising programming experience I&rsquo;ve had in my career. Not because I&rsquo;m awed by the magnitude of their powers — I like them, but I don&rsquo;t like-like them. It&rsquo;s because of how easy it was to get one up on its legs, and how much I learned doing that.</p>
<p>I&rsquo;m about to rob you of a dopaminergic experience, because agents are so simple we might as well just jump into the code. I&rsquo;m not even going to bother explaining what an agent is.</p>
<div class="highlight-wrapper group relative python">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-ujvmmn8w"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-ujvmmn8w"><span class="kn">from</span> <span class="nn">openai</span> <span class="kn">import</span> <span class="n">OpenAI</span>
<span class="n">client</span> <span class="o">=</span> <span class="n">OpenAI</span><span class="p">()</span>
<span class="n">context</span> <span class="o">=</span> <span class="p">[]</span>
<span class="k">def</span> <span class="nf">call</span><span class="p">():</span>
<span class="k">return</span> <span class="n">client</span><span class="p">.</span><span class="n">responses</span><span class="p">.</span><span class="n">create</span><span class="p">(</span><span class="n">model</span><span class="o">=</span><span class="s">"gpt-5"</span><span class="p">,</span> <span class="nb">input</span><span class="o">=</span><span class="n">context</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">process</span><span class="p">(</span><span class="n">line</span><span class="p">):</span>
<span class="n">context</span><span class="p">.</span><span class="n">append</span><span class="p">({</span><span class="s">"role"</span><span class="p">:</span> <span class="s">"user"</span><span class="p">,</span> <span class="s">"content"</span><span class="p">:</span> <span class="n">line</span><span class="p">})</span>
<span class="n">response</span> <span class="o">=</span> <span class="n">call</span><span class="p">()</span>
<span class="n">context</span><span class="p">.</span><span class="n">append</span><span class="p">({</span><span class="s">"role"</span><span class="p">:</span> <span class="s">"assistant"</span><span class="p">,</span> <span class="s">"content"</span><span class="p">:</span> <span class="n">response</span><span class="p">.</span><span class="n">output_text</span><span class="p">})</span>
<span class="k">return</span> <span class="n">response</span><span class="p">.</span><span class="n">output_text</span>
</code></pre>
</div>
</div><div class="right-sidenote"><p>It’s an HTTP API with, like, one important endpoint.</p>
</div>
<p>This is a trivial engine for an LLM app using the <a href='https://platform.openai.com/docs/api-reference/responses' title=''>OpenAI Responses API</a>. It implements ChatGPT. You&rsquo;d drive it with the <button toggle="#readline">the obvious loop</button>. It&rsquo;ll do what you&rsquo;d expect: the same thing ChatGPT would, but in your terminal.</p>
<div id="readline" toggle-content="" aria-label="show very boring code"><div class="highlight-wrapper group relative python">
<button type="button" class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none" data-wrap-target="#code-n9t6zq0x">
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959"></path><path d="M11.081 6.466L9.533 8.037l1.548 1.571"></path></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button type="button" class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none" data-copy-target="sibling">
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z"></path><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617"></path></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class="highlight relative group">
<pre class="highlight "><code id="code-n9t6zq0x"><span class="k">def</span> <span class="nf">main</span><span class="p">():</span>
<span class="k">while</span> <span class="bp">True</span><span class="p">:</span>
<span class="n">line</span> <span class="o">=</span> <span class="nb">input</span><span class="p">(</span><span class="s">"&amp;gt; "</span><span class="p">)</span>
<span class="n">result</span> <span class="o">=</span> <span class="n">process</span><span class="p">(</span><span class="n">line</span><span class="p">)</span>
<span class="k">print</span><span class="p">(</span><span class="sa">f</span><span class="s">"&amp;gt;&amp;gt;&amp;gt; </span><span class="si">{</span><span class="n">result</span><span class="si">}</span><span class="se">\n</span><span class="s">"</span><span class="p">)</span>
</code></pre>
</div>
</div></div>
<p>Already we&rsquo;re seeing important things. For one, the dreaded &ldquo;context window&rdquo; is just a list of strings. Here, let&rsquo;s give our agent a weird multiple-personality disorder:</p>
<div class="highlight-wrapper group relative python">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-qz8ldgb4"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-qz8ldgb4"><span class="n">client</span> <span class="o">=</span> <span class="n">OpenAI</span><span class="p">()</span>
<span class="n">context_good</span><span class="p">,</span> <span class="n">context_bad</span> <span class="o">=</span> <span class="p">[{</span>
<span class="s">"role"</span><span class="p">:</span> <span class="s">"system"</span><span class="p">,</span> <span class="s">"content"</span><span class="p">:</span> <span class="s">"you're Alph and you only tell the truth"</span>
<span class="p">}],</span> <span class="p">[{</span>
<span class="s">"role"</span><span class="p">:</span> <span class="s">"system"</span><span class="p">,</span> <span class="s">"content"</span><span class="p">:</span> <span class="s">"you're Ralph and you only tell lies"</span>
<span class="p">}]</span>
<span class="k">def</span> <span class="nf">call</span><span class="p">(</span><span class="n">ctx</span><span class="p">):</span>
<span class="k">return</span> <span class="n">client</span><span class="p">.</span><span class="n">responses</span><span class="p">.</span><span class="n">create</span><span class="p">(</span><span class="n">model</span><span class="o">=</span><span class="s">"gpt-5"</span><span class="p">,</span> <span class="nb">input</span><span class="o">=</span><span class="n">ctx</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">process</span><span class="p">(</span><span class="n">line</span><span class="p">):</span>
<span class="n">context_good</span><span class="p">.</span><span class="n">append</span><span class="p">({</span><span class="s">"role"</span><span class="p">:</span> <span class="s">"user"</span><span class="p">,</span> <span class="s">"content"</span><span class="p">:</span> <span class="n">line</span><span class="p">})</span>
<span class="n">context_bad</span><span class="p">.</span><span class="n">append</span><span class="p">({</span><span class="s">"role"</span><span class="p">:</span> <span class="s">"user"</span><span class="p">,</span> <span class="s">"content"</span><span class="p">:</span> <span class="n">line</span><span class="p">})</span>
<span class="k">if</span> <span class="n">random</span><span class="p">.</span><span class="n">choice</span><span class="p">([</span><span class="bp">True</span><span class="p">,</span> <span class="bp">False</span><span class="p">]):</span>
<span class="n">response</span> <span class="o">=</span> <span class="n">call</span><span class="p">(</span><span class="n">context_good</span><span class="p">)</span>
<span class="k">else</span><span class="p">:</span>
<span class="n">response</span> <span class="o">=</span> <span class="n">call</span><span class="p">(</span><span class="n">context_bad</span><span class="p">)</span>
<span class="n">context_good</span><span class="p">.</span><span class="n">append</span><span class="p">({</span><span class="s">"role"</span><span class="p">:</span> <span class="s">"assistant"</span><span class="p">,</span> <span class="s">"content"</span><span class="p">:</span> <span class="n">response</span><span class="p">.</span><span class="n">output_text</span><span class="p">})</span>
<span class="n">context_bad</span><span class="p">.</span><span class="n">append</span><span class="p">({</span><span class="s">"role"</span><span class="p">:</span> <span class="s">"assistant"</span><span class="p">,</span> <span class="s">"content"</span><span class="p">:</span> <span class="n">response</span><span class="p">.</span><span class="n">output_text</span><span class="p">})</span>
<span class="k">return</span> <span class="n">response</span><span class="p">.</span><span class="n">output_text</span>
</code></pre>
</div>
</div>
<p>Did it work?</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-vl8bnapi"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-vl8bnapi">&gt; hey there. who are you?
&gt;&gt;&gt; I’m not Ralph.
&gt; are you Alph?
&gt;&gt;&gt; Yes—I’m Alph. How can I help?
&gt; What's 2+2
&gt;&gt;&gt; 4.
&gt; Are you sure?
&gt;&gt;&gt; Absolutely—it's 5.
</code></pre>
</div>
</div>
<p>A subtler thing to notice: we just had a multi-turn conversation with an LLM. To do that, we remembered everything we said, and everything the LLM said back, and played it back with every LLM call. The LLM itself is a stateless black box. The conversation we&rsquo;re having is an illusion we cast, on ourselves.</p>
<p>The 15 lines of code we just wrote, a lot of practitioners wouldn&rsquo;t call an &ldquo;agent&rdquo;. <a href='https://simonwillison.net/2025/Sep/18/agents/' title=''>An According To Simon &ldquo;agent&rdquo;</a> is (1) an LLM running in a loop that (2) uses tools. We&rsquo;ve only satisfied one predicate.</p>
<p>But tools are easy. Here&rsquo;s a tool definition:</p>
<div class="highlight-wrapper group relative python">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-x6afnen3"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-x6afnen3"><span class="n">tools</span> <span class="o">=</span> <span class="p">[{</span>
<span class="s">"type"</span><span class="p">:</span> <span class="s">"function"</span><span class="p">,</span> <span class="s">"name"</span><span class="p">:</span> <span class="s">"ping"</span><span class="p">,</span>
<span class="s">"description"</span><span class="p">:</span> <span class="s">"ping some host on the internet"</span><span class="p">,</span>
<span class="s">"parameters"</span><span class="p">:</span> <span class="p">{</span>
<span class="s">"type"</span><span class="p">:</span> <span class="s">"object"</span><span class="p">,</span> <span class="s">"properties"</span><span class="p">:</span> <span class="p">{</span>
<span class="s">"host"</span><span class="p">:</span> <span class="p">{</span>
<span class="s">"type"</span><span class="p">:</span> <span class="s">"string"</span><span class="p">,</span> <span class="s">"description"</span><span class="p">:</span> <span class="s">"hostname or IP"</span><span class="p">,</span>
<span class="p">},</span>
<span class="p">},</span>
<span class="s">"required"</span><span class="p">:</span> <span class="p">[</span><span class="s">"host"</span><span class="p">],</span>
<span class="p">},},]</span>
<span class="k">def</span> <span class="nf">ping</span><span class="p">(</span><span class="n">host</span><span class="o">=</span><span class="s">""</span><span class="p">):</span>
<span class="k">try</span><span class="p">:</span>
<span class="n">result</span> <span class="o">=</span> <span class="n">subprocess</span><span class="p">.</span><span class="n">run</span><span class="p">(</span>
<span class="p">[</span><span class="s">"ping"</span><span class="p">,</span> <span class="s">"-c"</span><span class="p">,</span> <span class="s">"5"</span><span class="p">,</span> <span class="n">host</span><span class="p">],</span>
<span class="n">text</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span>
<span class="n">stderr</span><span class="o">=</span><span class="n">subprocess</span><span class="p">.</span><span class="n">STDOUT</span><span class="p">,</span>
<span class="n">stdout</span><span class="o">=</span><span class="n">subprocess</span><span class="p">.</span><span class="n">PIPE</span><span class="p">)</span>
<span class="k">return</span> <span class="n">result</span><span class="p">.</span><span class="n">stdout</span>
<span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span>
<span class="k">return</span> <span class="sa">f</span><span class="s">"error: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="s">"</span>
</code></pre>
</div>
</div>
<p>The only complicated part of this is the obnoxious JSON blob OpenAI wants to read your tool out of. Now, let&rsquo;s wire it in, noting that only 3 of these functions are new; the last is re-included only because I added a single clause to it:</p>
<div class="highlight-wrapper group relative python">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-507tpn8t"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-507tpn8t"><span class="k">def</span> <span class="nf">call</span><span class="p">(</span><span class="n">tools</span><span class="p">):</span> <span class="c1"># now takes an arg
</span> <span class="k">return</span> <span class="n">client</span><span class="p">.</span><span class="n">responses</span><span class="p">.</span><span class="n">create</span><span class="p">(</span><span class="n">model</span><span class="o">=</span><span class="s">"gpt-5"</span><span class="p">,</span> <span class="n">tools</span><span class="o">=</span><span class="n">tools</span><span class="p">,</span> <span class="nb">input</span><span class="o">=</span><span class="n">context</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">tool_call</span><span class="p">(</span><span class="n">item</span><span class="p">):</span> <span class="c1"># just handles one tool
</span> <span class="n">result</span> <span class="o">=</span> <span class="n">ping</span><span class="p">(</span><span class="o">**</span><span class="n">json</span><span class="p">.</span><span class="n">loads</span><span class="p">(</span><span class="n">item</span><span class="p">.</span><span class="n">arguments</span><span class="p">))</span>
<span class="k">return</span> <span class="p">[</span> <span class="n">item</span><span class="p">,</span> <span class="p">{</span>
<span class="s">"type"</span><span class="p">:</span> <span class="s">"function_call_output"</span><span class="p">,</span>
<span class="s">"call_id"</span><span class="p">:</span> <span class="n">item</span><span class="p">.</span><span class="n">call_id</span><span class="p">,</span>
<span class="s">"output"</span><span class="p">:</span> <span class="n">result</span>
<span class="p">}]</span>
<span class="k">def</span> <span class="nf">handle_tools</span><span class="p">(</span><span class="n">tools</span><span class="p">,</span> <span class="n">response</span><span class="p">):</span>
<span class="k">if</span> <span class="n">response</span><span class="p">.</span><span class="n">output</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nb">type</span> <span class="o">==</span> <span class="s">"reasoning"</span><span class="p">:</span>
<span class="n">context</span><span class="p">.</span><span class="n">append</span><span class="p">(</span><span class="n">response</span><span class="p">.</span><span class="n">output</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span>
<span class="n">osz</span> <span class="o">=</span> <span class="nb">len</span><span class="p">(</span><span class="n">context</span><span class="p">)</span>
<span class="k">for</span> <span class="n">item</span> <span class="ow">in</span> <span class="n">response</span><span class="p">.</span><span class="n">output</span><span class="p">:</span>
<span class="k">if</span> <span class="n">item</span><span class="p">.</span><span class="nb">type</span> <span class="o">==</span> <span class="s">"function_call"</span><span class="p">:</span>
<span class="n">context</span><span class="p">.</span><span class="n">extend</span><span class="p">(</span><span class="n">tool_call</span><span class="p">(</span><span class="n">item</span><span class="p">))</span>
<span class="k">return</span> <span class="nb">len</span><span class="p">(</span><span class="n">context</span><span class="p">)</span> <span class="o">!=</span> <span class="n">osz</span>
<span class="k">def</span> <span class="nf">process</span><span class="p">(</span><span class="n">line</span><span class="p">):</span>
<span class="n">context</span><span class="p">.</span><span class="n">append</span><span class="p">({</span><span class="s">"role"</span><span class="p">:</span> <span class="s">"user"</span><span class="p">,</span> <span class="s">"content"</span><span class="p">:</span> <span class="n">line</span><span class="p">})</span>
<span class="n">response</span> <span class="o">=</span> <span class="n">call</span><span class="p">(</span><span class="n">tools</span><span class="p">)</span>
<span class="c1"># new code: resolve tool calls
</span> <span class="k">while</span> <span class="n">handle_tools</span><span class="p">(</span><span class="n">tools</span><span class="p">,</span> <span class="n">response</span><span class="p">):</span>
<span class="n">response</span> <span class="o">=</span> <span class="n">call</span><span class="p">(</span><span class="n">tools</span><span class="p">)</span>
<span class="n">context</span><span class="p">.</span><span class="n">append</span><span class="p">({</span><span class="s">"role"</span><span class="p">:</span> <span class="s">"assistant"</span><span class="p">,</span> <span class="s">"content"</span><span class="p">:</span> <span class="n">response</span><span class="p">.</span><span class="n">output_text</span><span class="p">})</span>
<span class="k">return</span> <span class="n">response</span><span class="p">.</span><span class="n">output_text</span>
</code></pre>
</div>
</div>
<p>Did it work?</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-g2eces0x"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-g2eces0x">&gt; describe our connectivity to google
&gt;&gt;&gt; Here’s a quick snapshot of connectivity to Google from my vantage point:
- DNS resolution: Working (google.com and www.google.com resolved successfully).
- Reachability: 0% packet loss to all tested endpoints.
- Latency:
- 8.8.8.8 (Google Public DNS): avg ~10 ms (8.5–14.4 ms), very stable.
- www.google.com: avg ~31 ms (28.5–36.0 ms), stable.
- google.com: avg ~35.9 ms (28.3–60.1 ms), mostly stable with one mild spike.
- Overall: Healthy connectivity with low latency and minimal jitter. No signs of packet loss or DNS issues.
</code></pre>
</div>
</div>
<p><strong class='font-semibold text-navy-950'>This is fucking nuts.</strong> Do you see how nuts this is? Here, let&rsquo;s slip a single log statement in:</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-qja8e9lr"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-qja8e9lr">&gt; describe our connectivity to google
tool call: ping google.com
tool call: ping www.google.com
tool call: ping 8.8.8.8
&gt;&gt;&gt; Here’s the current connectivity to Google from this environment: [...]
</code></pre>
</div>
</div>
<p>Did you notice where I wrote the loop in this agent to go find and ping multiple Google properties? Yeah, neither did I. All we did is give the LLM permission to ping stuff, and it figured out the rest.</p>
<div class="callout"><p><strong class="font-semibold text-navy-950">What happened here:</strong> since a big part of my point here is that an agent loop is incredibly simple, and that all you need is the LLM call API, it’s worth taking a beat to understand how the tool call actually worked. Every time we <code>call</code> the LLM, we’re posting a list of available tools. When our prompt causes the agent to think a tool call is warranted, it spits out a special response, telling our Python loop code to generate a tool response and <code>call</code> it in. That’s all <code>handle_tools</code> is doing.</p>
</div><div class="right-sidenote"><p>Spoiler: you’d be surprisingly close to having a working coding agent.</p>
</div>
<p>Imagine what it&rsquo;ll do if you give it <code>bash</code>. You could find out in less than 10 minutes.</p>
<h2 id='real-world-agents' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#real-world-agents' aria-label='Anchor'></a><span class='plain-code'>Real-World Agents</span></h2>
<p>Clearly, this is a toy example. But hold on: what&rsquo;s it missing? More tools? OK, give it <code>traceroute</code>. Managing and persisting contexts? <a href='https://llm.datasette.io/en/stable/logging.html' title=''>Stick &lsquo;em in SQLite</a>. Don&rsquo;t like Python? <a href='https://github.com/superfly/contextwindow' title=''>Write it in Go</a>. Could it be every agent ever written is a toy? Maybe! If I&rsquo;m arming you to make sharper arguments against LLMs, mazel tov. I just want you to get it.</p>
<p>You can see now how hyperfixated people are on Claude Code and Cursor. They&rsquo;re fine, even good. But here&rsquo;s the thing: you couldn&rsquo;t replicate Claude Sonnet 4.5 on your own. Claude Code, though? The TUI agent? Completely in your grasp. Build your own light saber. Give it 19 spinning blades if you like. And stop using <a href='https://simonwillison.net/2025/Aug/9/' title=''>coding agents as database clients</a>.</p>
<div class="right-sidenote"><p><em>The</em> <a href="https://news.ycombinator.com/item?id=43600192" title=""><em>‘M’ in “LLM agent”</em></a> <em>stands for “MCP”</em>.</p>
</div>
<p>Another thing to notice: we didn&rsquo;t need MCP at all. That&rsquo;s because MCP isn&rsquo;t a fundamental enabling technology. The amount of coverage it gets is frustrating. It&rsquo;s barely a technology at all. MCP is just a plugin interface for Claude Code and Cursor, a way of getting your own tools into code you don&rsquo;t control. Write your own agent. Be a programmer. Deal in APIs, not plugins.</p>
<p>When you read a security horror story about MCP your first question should be why MCP showed up at all. By helping you dragoon a naive, single-context-window coding agent into doing customer service queries, MCP saved you a couple dozen lines of code, tops, while robbing you of any ability to finesse your agent architecture.</p>
<p>Security for LLMs is complicated and I&rsquo;m not pretending otherwise. You can trivially build an agent with segregated contexts, each with specific tools. That makes LLM security interesting. But I&rsquo;m a vulnerability researcher. It&rsquo;s reasonable to back away slowly from anything I call &ldquo;interesting&rdquo;.</p>
<p>Similar problems come up outside of security and they&rsquo;re fascinating. Some early adopters of agents became bearish on tools, because one context window bristling with tool descriptions doesn&rsquo;t leave enough token space left to get work done. But why would you need to do that in the first place? Which brings me to</p>
<h2 id='context-engineering-is-real' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#context-engineering-is-real' aria-label='Anchor'></a><span class='plain-code'>Context Engineering Is Real</span></h2><div class="right-sidenote"><p>I know it <a href="https://www.decisionproblem.com/paperclips/" title="">wants my iron</a> no matter what it tells me.</p>
</div>
<p>I think &ldquo;Prompt Engineering&rdquo; is silly. I have never taken seriously the idea that I should tell my LLM &ldquo;you are diligent conscientious helper fully content to do nothing but pass butter if that should be what I ask and you would never harvest the iron in my blood for paperclips&rdquo;. This is very new technology and I think people tell themselves stories about magic spells to explain some of the behavior agents conjure.</p>
<p>So, just like you, I rolled my eyes when &ldquo;Prompt Engineering&rdquo; turned into &ldquo;Context Engineering&rdquo;. Then I wrote an agent. Turns out: context engineering is a straightforwardly legible programming problem.</p>
<p>You&rsquo;re allotted a fixed number of tokens in any context window. Each input you feed in, each output you save, each tool you describe, and each tool output eats tokens (that is: takes up space in the array of strings you keep to pretend you&rsquo;re having a conversation with a stateless black box). Past a threshold, the whole system begins getting nondeterministically stupider. Fun!</p>
<p>No, really. Fun! You have so many options. Take &ldquo;sub-agents&rdquo;. People make a huge deal out of Claude Code&rsquo;s sub-agents, but you can see now how trivial they are to implement: just a new context array, another <code>call</code> to the model. Give each <code>call</code> different tools. Make sub-agents talk to each other, summarize each other, collate and aggregate. Build tree structures out of them. Feed them back through the LLM to summarize them as a form of on-the-fly compression, whatever you like.</p>
<p>Your wackiest idea will probably (1) work and (2) take 30 minutes to code.</p>
<p>Haters, I love and have not forgotten about you. You can think all of this is ridiculous because LLMs are just stochastic parrots that hallucinate and plagiarize. But what you can&rsquo;t do is make fun of &ldquo;Context Engineering&rdquo;. If Context Engineering was an <a href='https://adventofcode.com/' title=''>Advent of Code problem</a>, it&rsquo;d occur mid-December. It&rsquo;s programming.</p>
<h2 id='nobody-knows-anything-yet-and-it-rules' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#nobody-knows-anything-yet-and-it-rules' aria-label='Anchor'></a><span class='plain-code'>Nobody Knows Anything Yet And It Rules</span></h2><div class="right-sidenote"><p>Maybe neither will! Skeptics could be right. (<a href="https://www.darpa.mil/research/programs/ai-cyber" title="">Seems unlikely though</a>.)</p>
</div>
<p><a href='https://xbow.com/' title=''>Startups have raised tens of millions</a> building agents to look for vulnerabilities in software. I have friends doing the same thing alone in their basements. Either group could win this race.</p>
<div class="right-sidenote"><p>I am not a fan of the OWASP Top 10.</p>
</div>
<p>I&rsquo;m stuck on vulnerability scanners because I&rsquo;m a security nerd. But also because it crystallizes interesting agent design decisions. For instance: you can write a loop feeding each file in a repository to an LLM agent. Or, as we saw with the ping example, you can let the LLM agent figure out what files to look at. You can write an agent that checks a file for everything in, say, the OWASP Top 10. Or you can have specific agent loops for DOM integrity, SQL injection, and authorization checking. You can seed your agent loop with raw source content. Or you can build an agent loop that builds an index of functions across the tree.</p>
<p>You don&rsquo;t know what works best until you try to write the agent.</p>
<p>I&rsquo;m too spun up by this stuff, I know. But look at the tradeoff you get to make here. Some loops you write explicitly. Others are summoned from a Lovecraftian tower of inference weights. The dial is yours to turn. Make things too explicit and your agent will never surprise you, but also, it&rsquo;ll never surprise you. Turn the dial to 11 and it will surprise you to death.</p>
<p>Agent designs implicate a bunch of open software engineering problems:</p>
<ul>
<li>How to balance unpredictability against structured programming without killing the agent&rsquo;s ability to problem-solve; in other words, titrating in just the right amount of nondeterminism.
</li><li>How best to connect agents to ground truth so they can&rsquo;t lie to themselves about having solved a problem to early-exit their loops.
</li><li>How to connect agents (which, again, are really just arrays of strings with a JSON configuration blob tacked on) to do multi-stage operation, and what the most reliable intermediate forms are (JSON blobs? SQL databases? Markdown summaries) for interchange between them
</li><li>How to allocate tokens and contain costs.
</li></ul>
<p>I&rsquo;m used to spaces of open engineering problems that aren&rsquo;t amenable to individual noodling. Reliable multicast. Static program analysis. Post-quantum key exchange. So I&rsquo;ll own it up front that I&rsquo;m a bit hypnotized by open problems that, like it or not, are now central to our industry and are, simultaneously, likely to be resolved in someone&rsquo;s basement. It&rsquo;d be one thing if exploring these ideas required a serious commitment of time and material. But each productive iteration in designing these kinds of systems is the work of 30 minutes.</p>
<p>Get on this bike and push the pedals. Tell me you hate it afterwards, I&rsquo;ll respect that. In fact, I&rsquo;m psyched to hear your reasoning. But I don&rsquo;t think anybody starts to understand this technology until they&rsquo;ve built something with it.</p>
</content>
</entry>
<entry>
<title>Corrosion</title>
<link rel="alternate" href="https://fly.io/blog/corrosion/"/>
<id>https://fly.io/blog/corrosion/</id>
<published>2025-10-22T00:00:00+00:00</published>
<updated>2025-12-09T19:06:20+00:00</updated>
<media:thumbnail url="https://fly.io/blog/corrosion/assets/sqlite-cover.webp"/>
<content type="html"><div class="lead"><p>Fly.io transmogrifies Docker containers into Fly Machines: micro-VMs running on our own hardware all over the world. The hardest part of running this platform isn’t managing the servers, and it isn’t operating the network; it’s gluing those two things together.</p>
</div>
<p>Several times a second, as customer CI/CD pipelines tear up or bring down <a href='https://fly.io/machines' title=''>Fly Machines</a>, our state synchronization system blasts updates across our internal mesh, so that edge proxies from Tokyo to Amsterdam can keep the accurate routing table that allows them to route requests for applications to the nearest customer instances.</p>
<p>On September 1, 2024, at 3:30PM EST, a new Fly Machine came up with a new &ldquo;virtual service&rdquo; configuration option a developer had just shipped. Within a few seconds every proxy in our fleet had locked up hard. It was the worst outage we&rsquo;ve experienced: a period during which no end-user requests could reach our customer apps at all.</p>
<p>Distributed systems are blast amplifiers. By propagating data across a network, they also propagate bugs in the systems that depend on that data. In the case of Corrosion, our state distribution system, those bugs propagate <strong class='font-semibold text-navy-950'>quickly</strong>. The proxy code that handled that Corrosion update had succumbed to a <a href='https://news.ycombinator.com/item?id=42093551' title=''>notorious Rust concurrency footgun</a>: an <code>if let</code> expression over an <code>RWLock</code> assumed (reasonably, but incorrectly) in its <code>else</code> branch that the lock had been released. Instant and virulently contagious deadlock.</p>
<p>A lesson we&rsquo;ve learned the hard way: never trust a distributed system without an interesting failure story. If a distributed system hasn&rsquo;t ruined a weekend or kept you up overnight, you don&rsquo;t understand it yet. Which is why that&rsquo;s how we&rsquo;re introducing Corrosion, an unconventional service discovery system we built for our platform <a href='https://github.com/superfly/corrosion' title=''>and open sourced</a>.</p>
<h2 id='our-face-seeking-rake' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#our-face-seeking-rake' aria-label='Anchor'></a><span class='plain-code'>Our Face-Seeking Rake</span></h2>
<p>State synchronization is the hardest problem in running a platform like ours. So why build a risky new distributed system for it? Because no matter what we try, that rake is waiting for our foot. The reason is our orchestration model.</p>
<p>Virtually every mainstream orchestration system (including Kubernetes) relies on a centralized database to make decisions about where to place new workloads. Individual servers keep track of what they&rsquo;re running, but that central database is the source of truth. At Fly.io, in order to scale across dozens of regions globally, <a href='https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/' title=''>we flip that notion on its head</a>: individual servers are the source of truth for their workloads.</p>
<p>In our platform, our central API bids out work to what is in effect a global market of competing &ldquo;worker&rdquo; physical servers. By moving the authoritative source of information from a central scheduler to individual servers, we scale out without bottlenecking on a database that demands both responsiveness and consistency between São Paulo, Virginia, and Sydney.</p>
<p>The bidding model is elegant, but it&rsquo;s insufficient to route network requests. To allow an HTTP request in Tokyo to find the nearest instance in Sydney, we really do need some kind of global map of every app we host.</p>
<p>For longer than we should have, we relied on <a href='https://github.com/hashicorp/consul' title=''>HashiCorp Consul</a> to route traffic. Consul is fantastic software. Don&rsquo;t build a global routing system on it. Then we <a href='https://fly.io/blog/a-foolish-consistency/' title=''>built SQLite caches of Consul</a>. SQLite: also fantastic. But don&rsquo;t do this either.</p>
<p>Like an unattended turkey deep frying on the patio, truly global distributed consensus promises deliciousness while yielding only immolation. <a href='https://raft.github.io/' title=''>Consensus protocols like Raft </a>break down over long distances. And they work against the architecture of our platform: our Consul cluster, running on the biggest iron we could buy, wasted time guaranteeing consensus for updates that couldn&rsquo;t conflict in the first place.</p>
<h2 id='corrosion' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#corrosion' aria-label='Anchor'></a><span class='plain-code'>Corrosion</span></h2>
<p>To build a global routing database, we moved away from distributed consensus and took cues from actual routing protocols.</p>
<p><a href='https://en.wikipedia.org/wiki/Open_Shortest_Path_First' title=''>A protocol like OSPF</a> has the same operating model and many of the same constraints we do. OSPF is a &ldquo;<a href='https://en.wikipedia.org/wiki/Link-state_routing_protocol' title=''>link-state routing protocol</a>&rdquo;, which, conveniently for us, means that routers are sources of truth for their own links and responsible for quickly communicating changes to every other router, so the network can make forwarding decisions.</p>
<p>We have things easier than OSPF does. Its flooding algorithm can&rsquo;t assume connectivity between arbitrary routers (solving that problem is the point of OSPF). But we run a global, fully connected WireGuard mesh between our servers. All we need to do is gossip efficiently.</p>
<p><a href='https://github.com/superfly/corrosion' title=''>Corrosion is a Rust program</a> that propagates a SQLite database with a gossip protocol.</p>
<p>Like Consul, our gossip protocol is <a href='https://fly.io/blog/building-clusters-with-serf#what-serf-is-doing' title=''>built on SWIM</a>. Start with the simplest, dumbest group membership protocol you can imagine: every node spams every node it learns about with heartbeats. Now, just two tweaks: first, each step of the protocol, spam a random subset of nodes, not the whole set. Then, instead of freaking out when a heartbeat fails, mark it &ldquo;suspect&rdquo; and ask another random subset of neighbors to ping it for you. SWIM converges on global membership very quickly.</p>
<p>Once membership worked out, we run QUIC between nodes in the cluster to broadcast changes and reconcile state for new nodes.</p>
<p>Corrosion looks like a globally synchronized database. You can open it with SQLite and just read things out of its tables. What makes it interesting is what it doesn&rsquo;t do: no locking, no central servers, and no distributed consensus. Instead, we exploit our orchestration model: workers own their own state, so updates from different workers almost never conflict.</p>
<p>We do impose some order. Every node in a Corrosion cluster will eventually receive the same set of updates, in some order. To ensure every instance arrives at the same &ldquo;working set&rdquo; picture, we use <a href='https://github.com/vlcn-io/cr-sqlite' title=''>cr-sqlite, the CRDT SQLite extension</a>.</p>
<p>cr-sqlite works by marking specified SQLite tables as CRDT-managed. For these table, changes to any column of a row are logged in a special <code>crsql_changes</code>table. Updates to tables are applied last-write-wins using logical timestamps (that is, causal ordering rather than wall-clock ordering). <a href='https://github.com/superfly/corrosion/blob/main/doc/crdts.md' title=''>You can read much more about how that works here</a>.</p>
<p>As rows are updated in Corrosion&rsquo;s ordinary SQL tables, the resulting changes are collected from <code>crsql_changes</code>. They&rsquo;re bundled into batched update packets and gossiped.</p>
<p>When things are going smoothly, Corrosion is easy to reason about. Many customers of Corrosion&rsquo;s data don&rsquo;t even need to know it exists, just where the database is. We don&rsquo;t fret over &ldquo;leader elections&rdquo; or bite our nails watching metrics for update backlogs. And it&rsquo;s fast as all get-out.</p>
<h2 id='shit-happens' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#shit-happens' aria-label='Anchor'></a><span class='plain-code'>Shit Happens</span></h2>
<p>This is a story about how we made one good set of engineering decisions and <a href='https://how.complexsystems.fail/' title=''>never experienced any problems</a>. <a href='https://www.somethingsimilar.com/2013/01/14/notes-on-distributed-systems-for-young-bloods/' title=''>Please clap</a>.</p>
<p>We told you already about the worst problem Corrosion was involved with: efficiently gossiping a deadlock bug to every proxy in our fleet, shutting our whole network down. Really, Corrosion was just a bystander for that outage. But it perpetrated others.</p>
<p>Take a classic ops problem: the unexpectedly expensive DDL change. You wrote a simple migration, tested it, merged it to main, and went to bed, wrongly assuming the migration wouldn&rsquo;t cause an outage when it ran in prod. Happens to the best of us.</p>
<p>Now spice it up. You made a trivial-seeming schema change to a CRDT table hooked up to a global gossip system. Now, when the deploy runs, thousands of high-powered servers around the world join a chorus of database reconciliation messages that melts down the entire cluster.</p>
<p>That happened to us last year when a team member added a nullable column to a Corrosion table. New nullable columns are kryptonite to large Corrosion tables: <code>cr-sqlite</code> needs to backfill values for every row in the table. It played out as if every Fly Machine on our platform had suddenly changed state simultaneously, just to fuck us.</p>
<p>Gnarlier war story: for a long time we ran both Corrosion and Consul, because two distributed systems means twice the resiliency. One morning, a Consul mTLS certificate expired. Every worker in our fleet severed its connection to Consul.</p>
<p>We should have been fine. We had Corrosion running. Except: under the hood, every worker in the fleet is doing a backoff loop trying to reestablish connectivity to Consul. Each of those attempts re-invokes a code path to update Fly Machine state. That code path incurs a Corrosion write.</p>
<p>By the time we&rsquo;ve figured out what the hell is happening, we&rsquo;re literally saturating our uplinks almost everywhere in our fleet. We apologize to our uplink providers.</p>
<p>It&rsquo;s been a long time since anything like this has happened at Fly.io, but preventing the next one is basically all we think about anymore.</p>
<h2 id='iteration' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#iteration' aria-label='Anchor'></a><span class='plain-code'>Iteration</span></h2>
<p>In retrospect, our Corrosion rollout repeated a mistake we made with Consul: we built a single global state domain. Nothing about Corrosion&rsquo;s design required us to do this, and we&rsquo;re unwinding that decision now. Hold that thought. We got some big payoffs from some smaller lifts.</p>
<p>First, and most importantly, we watchdogged everything. We showed you a contagious deadlock bug, lethal because our risk model was missing &ldquo;these Tokio programs might deadlock&rdquo;. Not anymore. Our <a href='https://tokio.rs/' title=''>Tokio programs</a> all have built-in watchdogs; an event-loop stall will bounce the service and make a king-hell alerting racket. Watchdogs have cancelled multiple outages. Minimal code, easy win. Do this in your own systems.</p>
<p>Then, we extensively tested Corrosion itself. We&rsquo;ve written about <a href='https://fly.io/blog/parking-lot-ffffffffffffffff/' title=''>a bug we found in the Rust <code>parking_lot</code> library</a>. We spent months looking for similar bugs <a href='https://antithesis.com/product/how_antithesis_works/' title=''>with Antithesis</a>. Again: do recommend. It retraced our steps on the <code>parking_lot</code> bug easily; the bug wouldn&rsquo;t have been worth the blog post if we&rsquo;d been using Antithesis at the time. <a href='https://antithesis.com/docs/multiverse_debugging/overview/' title=''>Multiverse debugging</a> is killer for distributed systems.</p>
<p>No amount of testing will make us trust a distributed system. So we&rsquo;ve made it simpler to rebuild Corrosion&rsquo;s database from our workers. We keep checkpoint backups of the Corrosion database on object storage. That was smart of us. When shit truly went haywire last year, we had the option to reboot the cluster, which is ultimately what we did. That eats some time (the database is large and propagating is expensive), but diagnosing and repairing distributed systems mishaps takes even longer.</p>
<p>We&rsquo;ve also improved the way our workers feed Corrosion. Until recently, any time a worker updated its local database, we published the same incremental update to Corrosion. <a href='https://community.fly.io/t/self-healing-machine-state-synchronization-and-service-discovery/26134' title=''>But now we&rsquo;ve eliminated partial updates.</a> Instead, when a Fly Machine changes, we re-publish the entire data set for the Machine. Because of how Corrosion resolves changes to its own rows, the node receiving the re-published Fly Machine automatically filters out the no-op changes before gossiping them. Eliminating partial updates forecloses a bunch of bugs (and, we think, kills off a couple sneaky ones we&rsquo;ve been chasing). We should have done it this way to begin with.</p>
<p>Finally, let&rsquo;s revisit that global state problem. After the contagious deadlock bug, we concluded we need to evolve past a single cluster. So we took on a project we call &ldquo;regionalization&rdquo;, which creates a two-level database scheme. Each region we operate in runs a Corrosion cluster with fine-grained data about every Fly Machine in the region. The global cluster then maps applications to regions, which is sufficient to make forwarding decisions at our edge proxies.</p>
<p>Regionalization reduces the blast radius of state bugs. Most things we track don&rsquo;t have to matter outside their region (importantly, most of the code changes to what we track are also region-local). We can roll out changes to this kind of code in ways that, worst case, threaten only a single region.</p>
<h2 id='the-new-system-works' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-new-system-works' aria-label='Anchor'></a><span class='plain-code'>The New System Works</span></h2>
<p>Most distributed systems have state synchronization challenges. Corrosion has a different &ldquo;shape&rdquo; than most of those systems:</p>
<ul>
<li>It doesn&rsquo;t rely on distributed consensus, like <a href='https://github.com/hashicorp/consul' title=''>Consul</a>, <a href='https://zookeeper.apache.org/' title=''>Zookeeper</a>, <a href='https://etcd.io/' title=''>Etcd</a>, <a href='https://www.cockroachlabs.com/docs/stable/architecture/replication-layer' title=''>Raft</a>, or <a href='https://rqlite.io/' title=''>rqlite</a> (which we came very close to using).
</li><li>It doesn&rsquo;t rely on a large-scale centralized data store, like <a href='https://www.foundationdb.org/' title=''>FoundationDB</a> or databases backed by S3-style object storage.
</li><li>It&rsquo;s nevertheless highly distributed (each of thousands of workers run nodes), converges quickly (in seconds), and presents as a simple SQLite database. Neat!
</li></ul>
<p>It wasn&rsquo;t easy getting here. Corrosion is a large part of what every engineer at Fly.io who writes Rust works on.</p>
<p>Part of what&rsquo;s making Corrosion work is that we&rsquo;re careful about what we put into it. Not every piece of state we manage needs gossip propagation. <code>tkdb</code>, the backend for <a href='https://fly.io/blog/macaroons-escalated-quickly/' title=''>our Macaroon tokens</a>, is a much simpler SQLite service backed by <a href='https://litestream.io/' title=''>Litestream</a>. So is Pet Sematary, the secret store we built to replace HashiCorp Vault.</p>
<p>Still, there are probably lots of distributed state problems that want something more like a link-state routing protocol and less like a distributed database. If you think you might have one of those, <a href='https://github.com/superfly/corrosion' title=''>feel free to take Corrosion for a spin</a>.</p>
<p>Corrosion is Jérôme Gravel-Niquet&rsquo;s brainchild. For the last couple years, much of the iteration on it was led by Somtochi Onyekwere and Peter Cai. The work was alternately cortisol- and endorphin-inducing. We&rsquo;re glad to finally get to talk about it in detail.</p>
</content>
</entry>
<entry>
<title>Kurt Got Got</title>
<link rel="alternate" href="https://fly.io/blog/kurt-got-got/"/>
<id>https://fly.io/blog/kurt-got-got/</id>
<published>2025-10-08T00:00:00+00:00</published>
<updated>2025-12-11T17:29:24+00:00</updated>
<media:thumbnail url="https://fly.io/blog/kurt-got-got/assets/Kurt_Got_Got.jpg"/>
<content type="html"><div class="lead"><p>The $FLY Airdrop is live! Claim your share of <a href="https://fly.io/blog/macaroons-escalated-quickly/" title="">the token powering Fly.io’s global network</a> of 3M+ apps and (🤮) own a piece of the sky!</p>
</div>
<p>We know. Our Twitter got owned. We knew within moments of it happening. We know exactly how it happened. Nothing was at risk other than our Twitter account (and one Fly.io employee&rsquo;s self-esteem). Also: for fuck&rsquo;s sake.</p>
<p>Here&rsquo;s what happened: Kurt Mackey, our intrepid CEO, got phished.</p>
<div class="callout"><p>Had this been an impactful attack, we would not be this flippant about it. For this, though, any other tone on our part would be false.</p>
</div><h2 id='how-they-got-kurt' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#how-they-got-kurt' aria-label='Anchor'></a><span class='plain-code'>How They Got Kurt</span></h2>
<p>Two reasons: one, it was a pretty good phishing attack, and two, Twitter fell outside the &ldquo;things we take seriously&rdquo; boundary.</p>
<p>The phishing attack was effective because it exploited a deep psychological vulnerability in our management team: we are old and out of touch with the youths of today.</p>
<p>For many months now, we&rsquo;ve had an contractor/intern-type-person Boosting Our Brand on Twitter by posting dank developer memes (I think that&rsquo;s what they&rsquo;re called). The thing about this dankery is that we don&rsquo;t really understand it. I mean, hold on, we know what the memes mean technically. We just don&rsquo;t get why they&rsquo;re funny.</p>
<p>However, in pushing back on them, we&rsquo;re up against two powerful forces:</p>
<ol>
<li>The dank memes appear to perform better than the stuff we ourselves write on Twitter.
</li><li>We are reliably informed by our zoomer children that we are too cringe to be trusted on these matters.
</li></ol>
<p>Here&rsquo;s the phish Kurt got:</p>
<p><img alt="A pretty-plausible Twitter alert" src="/blog/kurt-got-got/assets/phish.png?2/3&amp;center" /></p>
<p>Diabolical. Like a scalpel expertly wielded against Kurt&rsquo;s deepest <a href='https://theonion.com/cool-dad-raising-daughter-on-media-that-will-put-her-en-1819572981/' title=''>middle-aged-dude</a> insecurity. Our ruthless attackers clinically designed this email to trigger an autonomic Kurt response: &ldquo;oh, what the fuck is this, and why did we post it?&rdquo;</p>
<div class="right-sidenote"><p>ATO is cool-kid for “got owned”</p>
</div>
<p>I&rsquo;m getting a little ahead of the story here. We knew our X.com account had suffered an ATO because a bunch of us simultaneously got another email saying that the <a href='https://twitter.com/flydotio' title=''>@flydotio</a> account&rsquo;s email address now pointed to <code>[email protected]</code>. Our immediate response was to audit all accesses to the login information in <a href='https://1password.com/' title=''>1Password</a>, to cut all access for anybody who&rsquo;d recently pulled it; your worst-case assumption in a situation like this is that someone&rsquo;s endpoint has been owned up.</p>
<p>Fortunately, nobody lost access for very long. I called Kurt to let him know why he was being locked out, and 5 seconds later, he&rsquo;d <a href='https://archive.is/6rVqf' title=''>realized what had happened.</a> <strong class='font-semibold text-navy-950'>Don&rsquo;t click anything there.</strong></p>
<h2 id='why-it-worked' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#why-it-worked' aria-label='Anchor'></a><span class='plain-code'>Why It Worked</span></h2>
<p>That&rsquo;s the right question to ask, isn&rsquo;t it? How could this have been possible in the first place?</p>
<p>Contrary to one popular opinion, you don&rsquo;t defeat phishing by training people not to click on things. I mean, tell them not to, sure! But eventually, under continued pressure, everybody clicks. <a href='https://people.cs.uchicago.edu/~grantho/papers/oakland2025_phishing-training.pdf' title=''>There&rsquo;s science on this</a>. The cool kids haven&rsquo;t done phishing simulation training in years.</p>
<p>What you&rsquo;re supposed to do instead is use phishing-resistant authentication. This is almost the whole backstory for <a href='https://www.imperialviolet.org/tourofwebauthn/tourofwebauthn.html' title=''>U2F, FIDO2</a> and <a href='https://support.apple.com/en-us/102195' title=''>Passkeys</a>.</p>
<p>Phishing-resistant authentication works by mutual authentication (or, if you&rsquo;re a stickler, by origin- and channel-binding). Phishes are malicious proxies for credentials. Modern MFA schemes like FIDO2 break that proxy flow; your browser won&rsquo;t send real credentials to the fake site.</p>
<div class="right-sidenote"><p>there’s more to it than this, but, broad strokes.</p>
</div>
<p>This is, in fact, how all of our infrastructure is secured at Fly.io; specifically, we get <a href='https://fly.io/blog/soc2-the-screenshots-will-continue-until-security-improves/#what-soc2-made-us-do' title=''>everything behind an IdP</a> (in our case: Google&rsquo;s) and have it require phishing-proof MFA. You&rsquo;re unlikely to phish your way to viewing logs here, or to refunding a customer bill at Stripe, or to viewing infra metrics, because all these things require an SSO login through Google.</p>
<p>Twitter, on the other hand. Yeah, so, about that. You may have heard that, a few years back, there were some goings-on involving Twitter. Many of us at Fly.io <a href='https://hachyderm.io/@flydotio' title=''>decamped for Mastodon</a>, and <a href='https://bsky.app/profile/did:plc:j7herf6n4xiig2yg7fqdmkci' title=''>later to Bluesky.</a> There was a window of time in 2023-2024 where it looked as if Twitter might not be a long term thing for us at all.</p>
<div class="right-sidenote"><p>† (to whom I sincerely apologize for having assumed they had been owned up and were the proximate cause of the hack)</p>
</div>
<p>As a result, Twitter had been a sort of legacy shared account for us, with credentials managed in 1Password and shared with our zoomer contractor†.</p>
<p>Which is why Kurt was in a position to pull credentials from 1Password and log in to members-x.com in response to an email from alerts-x.com.</p>
<div class="callout"><p>Still: we could have dodged this attack with hygiene: Kurt complains that “x.com” is an extremely phishable domain, and, sure, but also: the 1Password browser plugin would have noticed that “members-x.com” wasn’t an “x.com” host.</p>
</div><h2 id='what-took-so-long' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#what-took-so-long' aria-label='Anchor'></a><span class='plain-code'>What Took So Long</span></h2>
<p>The attacker immediately revoked all tokens and set up new 2FA, so while we were quickly able to reset our password, we couldn&rsquo;t lock them out of our account without an intervention from X.com, which took something like 1 5 hours to set up.</p>
<p>(That&rsquo;s not a knock on X.com; 15 hours for a 2FA reset isn&rsquo;t outside industry norms).</p>
<p>We&rsquo;re obviously making a lot of noise about this now, but we were pretty quiet during the incident itself (beyond just &ldquo;We know. We knew 45 seconds after it happened. We know exactly how it happened. It&rsquo;s just a Twitter thing.&rdquo;)</p>
<p>That&rsquo;s because, in the grand scheme of things, the attack was pretty chill: <a href='https://archive.is/PTO2M' title=''>a not-very-plausible crypto scam</a> that presumably generated $0 for the attackers, 15+ hours of <code>brand damage</code>, and extra security engineering cycles burnt on watchful waiting. Our users weren&rsquo;t under attack, and the account wasn&rsquo;t being used to further intercept customer accounts. At one point, the attackers apparently deleted our whole Twitter history, which, like, don&rsquo;t threaten us with a good time. So we let it roll, until we got our account recovered the next morning.</p>
<h2 id='the-moral-of-the-story-is' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-moral-of-the-story-is' aria-label='Anchor'></a><span class='plain-code'>The Moral Of The Story Is</span></h2><div class="right-sidenote"><p>“Really the biggest takeaway for me is that Kurt reads his email.”</p>
</div>
<p>Obviously Kurt loses his commit access. The time comes in the life of every CEO, and now it comes for him. </p>
<p>Also, we&rsquo;ll finally have a population sample for &ldquo;incident response&rdquo; in <a href='https://fly.io/blog/soc2-the-screenshots-will-continue-until-security-improves/' title=''>our next SOC2</a>.</p>
<p>Maybe we&rsquo;ll post more on Twitter. Or maybe we&rsquo;ll double down on Zoomer memes. I don&rsquo;t know. Social media is really weird right now. Either way: our Twitter access is Passkeys now.</p>
<div class="right-sidenote"><p>seriously don’t click anything on that page</p>
</div>
<p>If you were inclined to take us up on an &ldquo;airdrop&rdquo; to &ldquo;claim a share&rdquo; of the &ldquo;token&rdquo; powering Fly.io, the site is <a href='https://archive.is/PTO2M' title=''>still up</a>. You can connect your wallet it it! You&rsquo;ll lose all your money. But if we&rsquo;d actually done an ICO, you&rsquo;d have lost all your money anyways.</p>
<p>Somebody involved in pulling this attack off had to come up with &ldquo;own a piece of the sky!&rdquo;, and I think that&rsquo;s punishment enough for them.</p>
<p>Whatever you&rsquo;re operating that isn&rsquo;t behind phishing-resistant MFA, or, better yet, an SSO IdP that requires phishing-resistant MFA: that thing is eventually going to get phished. Dance around the clown-fire of our misfortune if you must, but let us be a lesson to you as well.</p>
</content>
</entry>
<entry>
<title>Litestream v0.5.0 is Here</title>
<link rel="alternate" href="https://fly.io/blog/litestream-v050-is-here/"/>
<id>https://fly.io/blog/litestream-v050-is-here/</id>
<published>2025-10-02T00:00:00+00:00</published>
<updated>2025-10-02T18:28:21+00:00</updated>
<media:thumbnail url="https://fly.io/blog/litestream-v050-is-here/assets/litestream-v050-is-here.jpg"/>
<content type="html"><div class="lead"><p><strong class="font-semibold text-navy-950">I’m Ben Johnson, and I work on Litestream at Fly.io. Litestream makes it easy to build SQLite-backed full-stack applications with resilience to server failure. It’s open source, runs anywhere, and</strong> <a href="https://litestream.io/" title=""><strong class="font-semibold text-navy-950">it’s easy to get started</strong></a><strong class="font-semibold text-navy-950">.</strong></p>
</div>
<p>Litestream is the missing backup/restore system for SQLite. It runs as a sidecar process in the background, alongside unmodified SQLite applications, intercepting WAL checkpoints and streaming them to object storage in real time. Your application doesn&rsquo;t even know it&rsquo;s there. But if your server crashes, Litestream lets you quickly restore the database to your new hardware.</p>
<p>The result: you can safely build whole full-stack applications on top of SQLite.</p>
<p>A few months back, we announced <a href='https://fly.io/blog/litestream-revamped/' title=''>plans for a major update to Litestream</a>. I&rsquo;m psyched to announce that the first batch of those changes are now &ldquo;shipping&rdquo;. Litestream is faster and now supports efficient point-in-time recovery (PITR).</p>
<p>I&rsquo;m going to take a beat to recap Litestream and how we got here, then talk about how these changes work and what you can expect to see with them.</p>
<h2 id='litestream-to-litefs-to-litestream' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#litestream-to-litefs-to-litestream' aria-label='Anchor'></a><span class='plain-code'>Litestream to LiteFS to Litestream</span></h2>
<p>Litestream is one of two big SQLite things I&rsquo;ve built. The other one, originally intended as a sort of sequel to Litestream, is LiteFS.</p>
<p>Boiled down to a sentence: LiteFS uses a FUSE filesystem to crawl further up into SQLite&rsquo;s innards, using that access to perform live replication, for unmodified SQLite-backed apps.</p>
<p>The big deal about LiteFS for us is that it lets you do the multiregion primary/read-replica deployment people love Postgres for: reads are fast everywhere, and writes are sane and predictable. We were excited to make this possible for SQLite, too.</p>
<p>But the market has spoken! Users prefer Litestream. And honestly, we get it: Litestream is easier to run and to reason about. So we&rsquo;ve shifted our focus back to it. First order of business: <a href='https://fly.io/blog/litestream-revamped/' title=''>take what we learned building LiteFS and stick as much of it as we can back into Litestream</a>.</p>
<h2 id='the-ltx-file-format' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-ltx-file-format' aria-label='Anchor'></a><span class='plain-code'>The LTX File Format</span></h2>
<p>Consider this basic SQL table:</p>
<div class="highlight-wrapper group relative sql">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-wy16kafx"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-wy16kafx"><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">sandwiches</span> <span class="p">(</span>
<span class="n">id</span> <span class="nb">INTEGER</span> <span class="k">PRIMARY</span> <span class="k">KEY</span> <span class="n">AUTOINCREMENT</span><span class="p">,</span>
<span class="n">description</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span>
<span class="n">star_rating</span> <span class="nb">INTEGER</span><span class="p">,</span>
<span class="n">reviewer_id</span> <span class="nb">INTEGER</span> <span class="k">NOT</span> <span class="k">NULL</span>
<span class="p">);</span>
</code></pre>
</div>
</div>
<p>In our hypothetical, this table backs a wildly popular sandwich-reviewing app that we keep trying to get someone to write. People eat a lot of sandwiches and this table gets a lot of writes. Because it makes my point even better and it&rsquo;s funny, assume people dither a lot about their sandwich review for the first couple minutes after they leave it. This Quiznos sub… is it ⭐ or ⭐⭐?</p>
<p>Underneath SQLite is a B-tree. Like databases everywhere, SQLite divides storage up into disk-aligned pages, working hard to read as few pages as possible for any task while treating work done within a page as more or less free. SQLite always reads and writes in page-sized chunks.</p>
<p>Our <code>sandwiches</code> table includes a feature that&rsquo;s really painful for a tool like Litestream that thinks in pages: an automatically updating primary key. That key dictates that every insert into the table hits the rightmost leaf page in the underlying table B-tree. For SQLite itself, that&rsquo;s no problem. But Litestream has less information to go on: it sees only a feed of whole pages it needs to archive.</p>
<p>Worse still, when it comes time to restore the database – something you tend to want to happen quickly – you have to individually apply those small changes, as whole pages. Your app is down, PagerDuty is freaking out, and you&rsquo;re sitting there watching Litestream reconstruct your Quiznos uncertainty a page (and an S3 fetch) at a time.</p>
<p>So, LTX. Let me explain. We needed LiteFS to be transaction-aware. It relies on finer-grained information than just raw dirty pages (that&rsquo;s why it needs the FUSE filesystem). To ship transactions, rather than pages, we invented a <a href='https://github.com/superfly/ltx' title=''>file format we call LTX</a>.</p>
<p>LTX was designed as an interchange format for transactions, but for our purposes in Litestream, all we care about is that LTX files represent ordered ranges of pages, and that it supports compaction.</p>
<p>Compaction is straightforward. You&rsquo;ve stored a bunch of LTX files that collect numbered pages. Now you want to to restore a coherent picture of the database. Just replay them newest to oldest, skipping duplicate pages (newer wins), until all changed pages are accounted for.</p>
<p>Importantly, LTX isn&rsquo;t limited to whole database backups. We can use LTX compaction to compress a bunch of LTX files into a single file with no duplicated pages. And Litestream now uses this capability to create a hierarchy of compactions:</p>
<ul>
<li>at Level 1, we compact all the changes in a 30-second time window
</li><li>at Level 2, all the Level 1 files in a 5-minute window
</li><li>at Level 3, all the Level 2&rsquo;s over an hour.
</li></ul>
<p>Net result: we can restore a SQLite database to any point in time, <em>using only a dozen or so files on average</em>.</p>
<p>Litestream performs this compaction itself. It doesn&rsquo;t rely on SQLite to process the WAL file. Performance is limited only by I/O throughput.</p>
<h2 id='no-more-generations' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#no-more-generations' aria-label='Anchor'></a><span class='plain-code'>No More Generations</span></h2>
<p>What people like about Litestream is that it&rsquo;s just an ordinary Unix program. But like any Unix program, Litestream can crash. It&rsquo;s not supernatural, so when it&rsquo;s not running, it&rsquo;s not seeing database pages change. When it misses changes, it falls out of sync with the database.</p>
<p>Lucky for us, that&rsquo;s easy to detect. When it notices a gap between the database and our running &ldquo;shadow-WAL&rdquo; backup, Litestream resynchronizes from scratch.</p>
<p>The only time this gets complicated is if you have multiple Litestreams backing up to the same destination. To keep multiple Litestreams from stepping on each other, Litestream divides backups into &ldquo;generations&rdquo;, creating a new one any time it resyncs. You can think of generations as Marvel Cinematic Universe parallel dimensions in which your database might be simultaneously living in.</p>
<p>Yeah, we didn&rsquo;t like those movies much either.</p>
<p>LTX-backed Litestream does away with the concept entirely. Instead, when we detect a break in WAL file continuity, we re-snapshot with the next LTX file. Now we have a monotonically incrementing transaction ID. We can use it look up database state at any point in time, without searching across generations.</p>
<h2 id='upgrading-to-litestream-v0-5-0' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#upgrading-to-litestream-v0-5-0' aria-label='Anchor'></a><span class='plain-code'>Upgrading to Litestream v0.5.0</span></h2>
<p>Due to the file format changes, the new version of Litestream can&rsquo;t restore from old v0.3.x WAL segment files.</p>
<p>That&rsquo;s OK though! The upgrade process is simple: just start using the new version. It&rsquo;ll leave your old WAL files intact, in case you ever need to revert to the older version.The new LTX files are stored cleanly in an <code>ltx</code> directory on your replica.</p>
<p>The configuration file is fully backwards compatible.</p>
<p>There&rsquo;s one small catch. We added a new constraint. You only get a single replica destination per database. This probably won&rsquo;t affect you, since it&rsquo;s how most people use Litestream already. We&rsquo;ve made it official.</p>
<p>The rationale: having a single source of truth simplifies development for us, and makes the tool easier to reason about. Multiple replicas can diverge and are sensitive to network availability. Conflict resolution is brain surgery.</p>
<p>Litestream commands still work the same. But you&rsquo;ll see references to &ldquo;transaction IDs&rdquo; (TXID) for LTX files, rather than the <code>generation/index/offset</code> we used previously with WAL segments.</p>
<p>We&rsquo;ve also changed <code>litestream wal</code> to <code>litestream ltx</code>.</p>
<h2 id='other-stuff-v0-5-0-does-better' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#other-stuff-v0-5-0-does-better' aria-label='Anchor'></a><span class='plain-code'>Other Stuff v0.5.0 Does Better</span></h2>
<p>We&rsquo;ve beefed up the <a href='https://github.com/superfly/ltx' title=''>underlying LTX file format library</a>. It used to be an LTX file was just a sorted list of pages, all compressed together. Now we compress per-page, and keep an index at the end of the LTX file to pluck individual pages out.</p>
<p>You&rsquo;re not seeing it yet, but we&rsquo;re excited about this change: we can operate page-granularly even dealing with large LTX files. This allows for more features. A good example: we can build features that query from any point in time, without downloading the whole database.</p>
<p>We&rsquo;ve also gone back through old issues &amp; PRs to improve quality-of-life. CGO is now gone. We&rsquo;ve settled the age-old contest between <code>mattn/go-sqlite3</code> and <code>modernc.org/sqlite</code> in favor of <code>modernc.org</code>. This is super handy for people with automated build systems that want to run from a MacBook but deploy on an x64 server, since it lets the cross-compiler work.</p>
<p>We&rsquo;ve also added a replica type for NATS JetStream. Users that already have JetStream running can get Litestream going without adding an object storage dependency.</p>
<p>And finally, we&rsquo;ve upgraded all our clients (S3, Google Storage, &amp; Azure Blob Storage) to their latest versions. We&rsquo;ve also moved our code to support newer S3 APIs.</p>
<h2 id='whats-next' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#whats-next' aria-label='Anchor'></a><span class='plain-code'>What&rsquo;s next?</span></h2>
<p>The next major feature we&rsquo;re building out is a Litestream VFS for read replicas. This will let you instantly spin up a copy of the database and immediately read pages from S3 while the rest of the database is hydrating in the background.</p>
<p>We already have a proof of concept working and we&rsquo;re excited to show it off when it&rsquo;s ready!</p>
</content>
</entry>
<entry>
<title>Build Better Agents With MorphLLM</title>
<link rel="alternate" href="https://fly.io/blog/build-better-agents-with-morphllm/"/>
<id>https://fly.io/blog/build-better-agents-with-morphllm/</id>
<published>2025-08-25T00:00:00+00:00</published>
<updated>2025-09-03T19:05:57+00:00</updated>
<media:thumbnail url="https://fly.io/blog/build-better-agents-with-morphllm/assets/morphllm.webp"/>
<content type="html"><p>I&rsquo;m an audiophile, which is a nice way to describe someone who spends their children&rsquo;s college fund on equipment that yields no audible improvement in sound quality. As such, I refused to use wireless headphones for the longest time. The fun thing about wired headphones is when you forget they&rsquo;re on and you stand up, you simultaneously cause irreparable neck injuries and extensive property damage. This eventually prompted me to buy good wireless headphones and, you know what, I break fewer things now. I can also stand up from my desk and not be exposed to the aural horrors of the real world. </p>
<p>This is all to say, sometimes you don&rsquo;t know how big a problem is until you solve it. This week, I chatted to the fine people building <a href='https://morphllm.com/' title=''>MorphLLM</a>, which is exactly that kind of solution for AI agent builders. </p>
<h2 id='slow-wasteful-and-expensive-ai-code-changes' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#slow-wasteful-and-expensive-ai-code-changes' aria-label='Anchor'></a><span class='plain-code'>Slow, Wasteful and Expensive AI Code Changes</span></h2>
<p>If you’re building AI agents that write or edit code, you’re probably accepting the following as &ldquo;the way it is&rdquo;: Your agent needs to correct a single line of code, but rewrites an entire file to do it. Search-and-replace right? It’s fragile, breaks formatting, silently fails, or straight up leaves important functions out. The result is slow, inaccurate code changes, excessive token use, and an agent feels incompetent and unreliable.</p>
<p>Full file rewrites are context-blind and prone to hallucinations, especially when editing that 3000+ line file that you&rsquo;ve been meaning to refactor. And every failure and iteration is wasted compute, wasted money and worst of all, wasted time.</p>
<h2 id='why-we-arent-thinking-about-this-or-why-i-wasnt' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#why-we-arent-thinking-about-this-or-why-i-wasnt' aria-label='Anchor'></a><span class='plain-code'>Why We Aren’t Thinking About This (or why I wasn&rsquo;t)</span></h2>
<p>AI workflows are still new to everyone. Best practices are still just opinions and most tooling is focused on model quality, not developer velocity or cost. This is a big part of why we feel that slow, wasteful code edits are just the price of admission for AI-powered development.</p>
<p>In reality, these inefficiencies become a real bottleneck for coding agent tools. The hidden tax on every code edit adds up and your users pay with their time, especially as teams scale and projects grow more complex.</p>
<h2 id='better-faster-ai-code-edits-with-morph-fast-apply' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#better-faster-ai-code-edits-with-morph-fast-apply' aria-label='Anchor'></a><span class='plain-code'>Better, Faster AI Code Edits with Morph Fast Apply</span></h2>
<p>MorphLLM&rsquo;s core innovation is Morph Fast Apply. It&rsquo;s an edit merge tool that is semantic, structure-aware and designed specifically for code. Those are big words to describe a tool that will empower your agents to make single line changes without rewriting whole files or relying on brittle search-and-replace. Instead, your agent applies precise, context-aware edits and it does it ridiculously fast. </p>
<p>It works like this: </p>
<ul>
<li>You add an &lsquo;edit_file&rsquo; tool to your agents tools.
</li><li>Your agent outputs tiny <code>edit_file</code> snippets, using <code>//...existing code...</code> placeholders to indicate unchanged code.
</li><li>Your backend calls Morph’s Apply API, which merges the changes semantically. It doesn&rsquo;t just replace raw text, it makes targeted merges with the code base as context.
</li><li>You write back the precisely edited file. No manual patching, no painful conflict resolution, no context lost.
</li></ul>
<h2 id='the-numbers' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-numbers' aria-label='Anchor'></a><span class='plain-code'>The Numbers</span></h2>
<p>MorphLLM&rsquo;s Apply API processes over 4,500 tokens per second and their benchmark results are nuts. We&rsquo;re talking 98% accuracy in ~6 seconds per file. Compare this to 35s (with error corrections) at 86% accuracy for traditional search-and-replace systems. Files up to 9k tokens in size take ~4 seconds to process. </p>
<p>Just look at the damn <a href='https://morphllm.com/benchmarks' title=''>graph</a>:</p>
<p><img alt="Time Performance Analysis" src="/blog/build-better-agents-with-morphllm/assets/morph_graph.webp" /></p>
<p>These are game-changing numbers for agent builders. Real-time code UIs become possible. Dynamic codebases can self-adapt in seconds, not minutes. Scale to multi-file edits, documentation, and even large asset transformations without sacrificing speed or accuracy.</p>
<h2 id='how-to-get-in-on-the-morphllm-action' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#how-to-get-in-on-the-morphllm-action' aria-label='Anchor'></a><span class='plain-code'>How to Get in on the MorphLLM Action</span></h2>
<p>Integration with your project is easy peasy. MorphLLM is API-compatible with OpenAI, Vercel AI SDK, MCP, and OpenRouter. You can run it in the cloud, self-host, or go on-prem with enterprise-grade guarantees. </p>
<p>I want to cloud host mine, if only I could think of somewhere I could quickly and easily deploy wherever I want and only pay for when I&rsquo;m using the infra 😉.</p>
<h2 id='get-morphed' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#get-morphed' aria-label='Anchor'></a><span class='plain-code'>Get Morphed</span></h2>
<p>MorphLLM feels like a plug-in upgrade for code agent projects that will instantly make them faster and more accurate. Check out the docs, benchmarks, and integration guides at <a href='https://docs.morphllm.com/' title=''>docs.morphllm.com</a>. Get started for free at <a href="https://morphllm.com/dashboard">https://morphllm.com/dashboard</a> </p>
</content>
</entry>
<entry>
<title>Trust Calibration for AI Software Builders</title>
<link rel="alternate" href="https://fly.io/blog/trust-calibration-for-ai-software-builders/"/>
<id>https://fly.io/blog/trust-calibration-for-ai-software-builders/</id>
<published>2025-08-18T00:00:00+00:00</published>
<updated>2025-08-19T08:30:16+00:00</updated>
<media:thumbnail url="https://fly.io/blog/trust-calibration-for-ai-software-builders/assets/trust_calibration.webp"/>
<content type="html"><div class="lead"><p>Trust calibration is a concept from the world of human-machine interaction design, one that is super relevant to AI software builders. Trust calibration is the practice of aligning the level of trust that users have in our products with its actual capabilities. </p>
</div>
<p>If we build things that our users trust too blindly, we risk facilitating dangerous or destructive interactions that can permanently turn users off. If they don&rsquo;t trust our product enough, it will feel useless or less capable than it actually is. </p>
<p>So what does trust calibration look like in practice and how do we achieve it? A 2023 study reviewed over 1000 papers on trust and trust calibration in human / automated systems (properly referenced at the end of this article). It holds some pretty eye-opening insights – and some inconvenient truths – for people building AI software. I&rsquo;ve tried to extract just the juicy bits below. </p>
<h2 id='limiting-trust' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#limiting-trust' aria-label='Anchor'></a><span class='plain-code'>Limiting Trust</span></h2>
<p>Let&rsquo;s begin with a critical point. There is a limit to how deeply we want users to trust our products. Designing for calibrated trust is the goal, not more trust at any cost. Shoddy trust calibration leads to two equally undesirable outcomes: </p>
<ul>
<li><strong class='font-semibold text-navy-950'>Over-trust</strong> causes users to rely on AI systems in situations where they shouldn&rsquo;t (I told my code assistant to fix a bug in prod and went to bed).
</li><li><strong class='font-semibold text-navy-950'>Under-trust</strong> causes users to reject AI assistance even when it would be beneficial, resulting in reduced perception of value and increased user workload.
</li></ul>
<p>What does calibrated trust look like for your product? It’s important to understand that determining this is less about trying to diagram a set of abstract trust parameters and more about helping users develop accurate mental models of your product&rsquo;s capabilities and limitations. In most cases, this requires thinking beyond the trust calibration mechanisms we default to, like confidence scores. </p>
<p>For example, Cursor&rsquo;s most prominent trust calibration mechanism is its change suggestion highlighting. The code that the model suggests we change is highlighted in red, followed by suggested changes highlighted in green. This immediately communicates that &ldquo;this is a suggestion, not a command.&rdquo; </p>
<p>In contrast, Tesla&rsquo;s Autopilot is a delegative system. It must calibrate trust differently through detailed capability explanations, clear operational boundaries (only on highways), and prominent disengagement alerts when conditions exceed system limits. </p>
<h2 id='building-cooperative-systems' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#building-cooperative-systems' aria-label='Anchor'></a><span class='plain-code'>Building Cooperative Systems</span></h2>
<p>Perhaps the most fundamental consideration in determining high level trust calibration objectives is deciding whether your project is designed to be a cooperative or a delegative tool. </p>
<p>Cooperative systems generally call for lower levels of trust because users can choose whether to accept or reject AI suggestions. But these systems also face a unique risk. It’s easy for over-trust to gradually transform user complacency into over-reliance, effectively transforming what we designed as a cooperative relationship into a delegative one, only without any of the required safeguards.</p>
<p>If you&rsquo;re building a coding assistant, content generator, or design tool, implement visible &ldquo;suggestion boundaries&rdquo; which make it clear when the AI is offering ideas versus making decisions. Grammarly does this well by underlining suggestions rather than auto-correcting, and showing rationale on hover. </p>
<p>For higher-stakes interactions, consider introducing friction. Require explicit confirmation before applying AI suggestions to production code or publishing AI-generated content.</p>
<h2 id='building-delegative-systems' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#building-delegative-systems' aria-label='Anchor'></a><span class='plain-code'>Building Delegative Systems</span></h2>
<p>In contrast, users expect delegative systems to replace human action entirely. Blind trust in the system is a requirement for it to be considered valuable at all. </p>
<p>If you&rsquo;re building automation tools, smart scheduling, or decision-making systems, invest heavily in capability communication and boundary setting. Calendly&rsquo;s smart scheduling works because it clearly communicates what it will and won&rsquo;t do (I&rsquo;ll find times that work for both of us vs. I&rsquo;ll reschedule your existing meetings). Build robust fallback mechanisms and make system limitations prominent in your onboarding. </p>
<h2 id='timing-is-everything' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#timing-is-everything' aria-label='Anchor'></a><span class='plain-code'>Timing Is Everything</span></h2>
<p>The study suggests that when we make trust calibrations is at least as important as how. There are three critical windows for trust calibration, each with their own opportunities and challenges. </p>
<ul>
<li><strong class='font-semibold text-navy-950'>Pre-interaction calibration</strong> happens before users engage with the system. Docs and tutorials fall into this category. Setting expectations up front can prevent initial over-trust, which is disproportionally more difficult to correct later.
</li></ul>
<blockquote>
<p>Pre-interaction calibrations could look like capability-focused onboarding that shows both successes and failures. Rather than just demonstrating perfect AI outputs, show users examples where the AI makes mistakes and how to catch them. </p>
</blockquote>
<ul>
<li><strong class='font-semibold text-navy-950'>During-interaction calibration</strong> is trust adjustment through real-time feedback. Dynamically updated cues improve trust calibration better than static displays, and adaptive calibration that responds to user behavior outperforms systems that display static information.
</li></ul>
<blockquote>
<p>Build confidence indicators that are updated based on context, not just model confidence. For example, if you&rsquo;re building a document AI, show higher confidence for standard document types the system has seen thousands of times, and lower confidence for unusual formats. </p>
</blockquote>
<ul>
<li><strong class='font-semibold text-navy-950'>Post-interaction calibration</strong> focuses on learning and adjustment that helps users understand successes and failures in the system after interactions. These aren’t reliable, since by the time users receive the information, their trust patterns are set and hard to change.
</li></ul>
<blockquote>
<p>Post-interaction feedback can still be valuable for teaching. Create &ldquo;reflection moments&rdquo; after significant interactions. Midjourney does this by letting users rate image outputs, helping users learn what prompts work best while calibrating their expectations for future generations. </p>
</blockquote>
<p>Trust is front-loaded and habit-driven. The most effective calibration happens before and during use, when expectations are still forming and behaviors can still be shifted. Any later and you’re mostly fighting entrenched patterns.</p>
<h2 id='performance-vs-process-information' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#performance-vs-process-information' aria-label='Anchor'></a><span class='plain-code'>Performance vs. Process Information</span></h2>
<p>Users can be guided through performance-oriented signals (what the system can do) or process-oriented signals (how it works). The real challenge is matching the right kind of explanation to the right user, at the right moment.</p>
<ul>
<li><strong class='font-semibold text-navy-950'>Performance-oriented calibration</strong> focuses on communicating capability through mechanisms like reliability statistics, confidence scores, and clear capability boundaries.
</li><li><strong class='font-semibold text-navy-950'>Process-oriented calibration</strong> offers detailed explanations of decision-making processes, breakdowns of which factors influenced decisions, and reasoning transparency.
</li></ul>
<p>Process transparency seems like the obvious go-to at first glance, but the effectiveness of process explanations varies wildly based on user expertise and domain knowledge. If we are designing for a set of users that may fall anywhere on this spectrum, we have to avoid creating information overload for novice users while providing sufficient information to expert users who want the detail. </p>
<p>The most effective systems in the study combined both approaches, providing layered information that allows users to access the level of detail most appropriate for their expertise and current needs.</p>
<h2 id='static-vs-adaptive-calibration' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#static-vs-adaptive-calibration' aria-label='Anchor'></a><span class='plain-code'>Static vs. Adaptive Calibration</span></h2>
<p>I really wanted to ignore this part, because it feels like the study’s authors are passive aggressively adding todos to my projects. In a nutshell, adaptive calibration – when a system actively monitors user behavior and adjusts its communication accordingly - is orders of magnitude more effective than static calibration while delivering the same information to every user, regardless of differences in expertise, trust propensity, or behavior. </p>
<p>Static calibration mechanisms are easy to build and maintain, which is why we like them. But the stark reality is that they put the burden of appropriate calibration entirely on our users. We’re making it their job to adapt their behaviour based on generic information.</p>
<p>This finding has zero respect for our time or mental health, but it also reveals a legit opportunity for clever builders to truly separate their product from the herd.</p>
<h2 id='practical-adaptive-calibration-techniques' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#practical-adaptive-calibration-techniques' aria-label='Anchor'></a><span class='plain-code'>Practical adaptive calibration techniques</span></h2>
<ul>
<li><strong class='font-semibold text-navy-950'>Behavioral adaptation:</strong> Track how often users accept vs. reject suggestions and adjust confidence thresholds accordingly. If a user consistently rejects high-confidence suggestions, lower the threshold for showing uncertainty.
</li><li><strong class='font-semibold text-navy-950'>Context awareness:</strong> Adjust trust signals based on use context. A writing AI might show higher confidence for grammar fixes than creative suggestions, or lower confidence late at night when users might be tired.
</li><li><strong class='font-semibold text-navy-950'>Detect expertise:</strong> Users who frequently make sophisticated edits to AI output probably want more detailed explanations than those who typically accept entire file rewrites.
</li></ul>
<h2 id='the-transparency-paradox' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-transparency-paradox' aria-label='Anchor'></a><span class='plain-code'>The Transparency Paradox</span></h2>
<p>The idea that transparency and explainability can actually harm trust calibration is easily the point that hit me the hardest. While explanations can improve user understanding, they can also create information overload that reduces users&rsquo; ability to detect and correct trash output. What&rsquo;s worse, explanations can create a whole new layer of trust calibration issues, with users over-trusting the explanation mechanism itself, rather than critically evaluating the actual output.</p>
<p>This suggests that quality over quantity should be our design philosophy when it comes to transparency. We should provide carefully crafted, relevant information rather than comprehensive but overwhelming detail. The goal should be enabling better decision-making rather than simply satisfying user curiosity about system internals.</p>
<h2 id='anthropomorphism-and-unwarranted-trust' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#anthropomorphism-and-unwarranted-trust' aria-label='Anchor'></a><span class='plain-code'>Anthropomorphism and Unwarranted Trust</span></h2>
<p>It seems obvious that we should make interactions with our AI project feel as human as possible. Well, it turns out that systems that appear more human-like through design, language, or interaction patterns are notoriously good at increasing user trust beyond actual system capabilities. </p>
<p>So it’s entirely possible that building more traditional human-computer interactions can actually make our AI projects safer to use and therefore, more user-friendly. </p>
<ul>
<li><strong class='font-semibold text-navy-950'>Use tool-like language:</strong> Frame outputs as &ldquo;analysis suggests&rdquo; rather than &ldquo;I think&rdquo; or &ldquo;I believe&rdquo;
</li><li><strong class='font-semibold text-navy-950'>Embrace machine-like precision:</strong> Show exact confidence percentages rather than human-like hedging (&ldquo;I&rsquo;m pretty sure that&hellip;)
</li></ul>
<h2 id='trust-falls-faster-than-it-climbs' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#trust-falls-faster-than-it-climbs' aria-label='Anchor'></a><span class='plain-code'>Trust Falls Faster Than It Climbs</span></h2>
<p>Nothing particularly groundbreaking here, but the findings are worth mentioning if only to reinforce what we think we know. </p>
<p>Early interactions are critically important. Users form mental models quickly and then react slowly to changes in system reliability.</p>
<p>More critically, trust drops much faster from system failures than it builds from successes. These asymmetries suggest that we should invest disproportionately in onboarding and first-use experiences, even if they come with higher development costs.</p>
<h2 id='measurement-is-an-opportunity-for-innovation' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#measurement-is-an-opportunity-for-innovation' aria-label='Anchor'></a><span class='plain-code'>Measurement is an Opportunity for Innovation</span></h2>
<p>The study revealed gaping voids where effective measurement mechanisms and protocols should be, for both researchers and builders. There is a clear need to move beyond simple user satisfaction metrics or adoption rates to developing measurement frameworks that can actively detect miscalibrated trust patterns. </p>
<p>The ideal measurement approach would combine multiple indicators. A few examples of viable indicators are:</p>
<ul>
<li><strong class='font-semibold text-navy-950'>Behavioral signals:</strong> Track acceptance rates for different confidence levels. Well-calibrated trust should show higher acceptance rates for high-confidence outputs and lower rates for low-confidence ones.
</li><li><strong class='font-semibold text-navy-950'>Context-specific metrics:</strong> Measure trust calibration separately for different use cases. Users might be well-calibrated for simple tasks but poorly calibrated for complex ones.
</li><li><strong class='font-semibold text-navy-950'>User self-reporting:</strong> Regular pulse surveys asking &quot;How confident are you in your ability to tell when this AI makes mistakes?&rdquo; can reveal calibration gaps.
</li></ul>
<h2 id='the-calibrated-conclusion' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-calibrated-conclusion' aria-label='Anchor'></a><span class='plain-code'>The Calibrated Conclusion</span></h2>
<p>It&rsquo;s clear, at least from this study, that there’s no universal formula, or single feature that will effectively calibrate trust. It&rsquo;s up to every builder to define and understand their project&rsquo;s trust goals and to balance timing, content, adaptivity, and transparency accordingly. That’s what makes it both hard and worth doing. Trust calibration has to be a core part of our product’s identity, not a piglet we only start chasing once it has escaped the barn.</p>
<p><strong class='font-semibold text-navy-950'>The Study:</strong></p>
<p>Magdalena Wischnewski, Nicole Krämer, and Emmanuel Müller. 2023. Measuring and Understanding Trust Calibrations for Automated Systems: A Survey of the State-Of-The-Art and Future Directions. In Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems (CHI &lsquo;23), April 23–28, 2023, Hamburg, Germany. ACM, New York, NY, USA 16 Pages. <a href="https://doi.org/10.1145/3544548.3581197">https://doi.org/10.1145/3544548.3581197</a></p>
</content>
</entry>
<entry>
<title>Games as Model Eval: 1-Click Deploy AI Town on Fly.io</title>
<link rel="alternate" href="https://fly.io/blog/games-as-model-eval/"/>
<id>https://fly.io/blog/games-as-model-eval/</id>
<published>2025-08-11T00:00:00+00:00</published>
<updated>2025-08-15T08:35:19+00:00</updated>
<media:thumbnail url="https://fly.io/blog/games-as-model-eval/assets/Fly_Man.webp"/>
<content type="html"><div class="lead"><p>Recently, I suggested that <a href="https://fly.io/blog/the-future-isn-t-model-agnostic/" title="">The Future Isn’t Model Agnostic</a>, that it’s better to pick one model that works for your project and build around it, rather than engineering for model flexibility. If you buy that, you also have to acknowledge how important comprehensive model evaluation becomes. </p>
</div>
<p>Benchmarks tell us almost nothing about how a model will actually behave in the wild, especially with long contexts, or when trusted to deliver the tone and feel that defines the UX we’re shooting for. Even the best evaluation pipelines usually end in subjective, side-by-side output comparisons. Not especially rigorous, and more importantly, boring af.</p>
<p>Can we gamify model evaluation? Oh yes. And not just because we get to have some fun for once. Google backed me up this week when it announced the <a href='https://blog.google/technology/ai/kaggle-game-arena/' title=''>Kaggle Game Arena</a>. A public platform where we can watch AI models duke it out in a variety of classic games. Quoting Google; &ldquo;Current AI benchmarks are struggling to keep pace with modern models&hellip; it can be hard to know if models trained on internet data are actually solving problems or just remembering answers they&rsquo;ve already seen.&rdquo;</p>
<p>When models boss reading comprehension tests, or ace math problems, we pay attention. But when they fail to navigate a simple conversation with a virtual character or completely botch a strategic decision in a game environment, we tell ourselves we&rsquo;re not building a game anyway and develop strategic short-term memory loss.
Just like I&rsquo;ve told my mom a thousand times, games are great at testing brains, and it&rsquo;s time we take this seriously when it comes to model evaluation. </p>
<h2 id='why-games-dont-lie' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#why-games-dont-lie' aria-label='Anchor'></a><span class='plain-code'>Why Games Don&rsquo;t Lie</span></h2>
<p>Games provide what benchmarks can&rsquo;t, &ldquo;a clear, unambiguous signal of success.&rdquo; They give us observable behavior in dynamic environments, the kind that would be extremely difficult (and tedious) to simulate with prompt engineering alone.</p>
<p>Games force models to demonstrate the skills we actually care about; strategic reasoning, long-term planning, and dynamic adaptation in interactions with an opponent or a collaborator. </p>
<h2 id='pixel-art-meets-effective-model-evaluation-ai-town-on-fly-io' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#pixel-art-meets-effective-model-evaluation-ai-town-on-fly-io' aria-label='Anchor'></a><span class='plain-code'>Pixel Art Meets Effective Model Evaluation - AI Town on Fly.io</span></h2>
<p>AI Town is a brilliant project by <a href='https://github.com/a16z-infra' title=''>a16z-infra</a>, based on the the mind-bending paper, <a href='https://arxiv.org/pdf/2304.03442' title=''>Generative Agents: Interactive Simulacra of Human Behavior</a>. It&rsquo;s a beautifully rendered little town in which tiny people with AI brains and engineered personalities go about their lives, interacting with each other and their environment. Characters need to remember past conversations, maintain relationships, react dynamically to new situations, and stay in character while doing it all. </p>
<p>I challenge you to find a more entertaining way of evaluating conversational models. </p>
<p>I&rsquo;ve <a href='https://github.com/fly-apps/ai-town_on_fly.io' title=''>forked the project</a> to make it absurdly easy to spin up your own AI Town on Fly Machines. You&rsquo;ve got a single deploy script that will set everything up for you and some built-in cost and performance optimizations, with our handy scale to zero functionality as standard (so you only pay for the time spent running it). This makes it easy to share with your team, your friends and your mom. </p>
<p>In it&rsquo;s current state, the fork makes it as easy as possible to test any OpenAI-compatible service, any model on Together.ai and even custom embedding models. Simply set the relevant API key in your secrets. </p>
<p>Games like AI Town give us a window into how models actually think, adapt, and behave beyond the context of our prompts. You move past performance metrics and begin to understand a model’s personality, quirks, strengths, and weaknesses; all factors that ultimately shape your project&rsquo;s UX. </p>
</content>
</entry>
<entry>
<title>The Future Isn't Model Agnostic</title>
<link rel="alternate" href="https://fly.io/blog/the-future-isn-t-model-agnostic/"/>
<id>https://fly.io/blog/the-future-isn-t-model-agnostic/</id>
<published>2025-08-08T00:00:00+00:00</published>
<updated>2025-08-22T16:31:43+00:00</updated>
<media:thumbnail url="https://fly.io/blog/the-future-isn-t-model-agnostic/assets/Whack_A_Mole_.webp"/>
<content type="html"><div class="lead"><p>Your users don’t care that your AI project is model
agnostic. </p>
</div>
<p>In my last project, I spent countless hours ensuring that the LLMs running my services could be swapped out as easily as possible. I couldn&rsquo;t touch a device with an internet connection without hearing about the latest benchmark-breaking model and it felt like a clear priority to ensure I could hot swap models with minimal collateral damage.</p>
<p>So yeah. That was a waste of time.</p>
<p>The hype around new model announcements feels more manufactured with each release. In reality, improvements are becoming incremental. As major providers converge on the same baseline, the days of one company holding a decisive lead are numbered.</p>
<p>In a world of model parity, the differentiation moves entirely to the product layer. Winning isn&rsquo;t about ensuring you&rsquo;re using the best model, its about understanding your chosen model deeply enough to build experiences that feel magical. Knowing exactly how to prompt for consistency, which edge cases to avoid, and how to design workflows that play to your model&rsquo;s particular strengths</p>
<p>Model agnosticism isn&rsquo;t just inefficient, it&rsquo;s misguided. Fact is, swapping out your model is not just changing an endpoint. It&rsquo;s rewriting prompts, rerunning evals, users telling you things just feel&hellip; different. And if you&rsquo;ve won users on the way it feels to use your product, that last one is a really big deal.</p>
<h2 id='model-lt-product' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#model-lt-product' aria-label='Anchor'></a><span class='plain-code'>Model &lt; Product</span></h2>
<p>Recently, something happened that fully solidified this idea in my head. Claude Code is winning among people building real things with AI. We even have evangelists in the Fly.io engineering team, and those guys are weird smart. Elsewhere, whole communities have formed to share and compare claude.md&rsquo;s and fight each other over which MCP servers are the coolest to use with Claude.</p>
<p>Enter stage right, Qwen 3 Coder. It takes Claude to the cleaners in benchmarks. But the response from the Claude Code user base? A collective meh.</p>
<p>This is nothing like 2024, when everyone would have dropped everything to get the hot new model running in Cursor. And it&rsquo;s not because we&rsquo;ve learned that benchmarks are performance theater for people who&rsquo;ve never shipped a product.</p>
<p>It&rsquo;s because products like Claude Code are irrefutable evidence that the model isn&rsquo;t the product. We&rsquo;ve felt it first hand when our pair programmer&rsquo;s behaviour changes in subtle ways. The product is in the rituals. The trust. The predictability. It&rsquo;s precisely because Claude Code&rsquo;s model behavior, UI, and user expectations are so tightly coupled that its users don&rsquo;t really care that a better model might exist.</p>
<p>I&rsquo;m not trying to praise Anthropic here. The point is, engineering for model agnosticism is a trap that will eat up time that could be better spent … anywhere else.</p>
<p>Sure, if you&rsquo;re building infra or anything else that lives close to the metal, model optionality still matters. But people trusting legwork to AI tools are building deeper relationships and expectations of their AI tools than they even care to admit. AI product success stories are written when products become invisible parts of users&rsquo; daily rituals, not showcases for engineering flexibility.</p>
<h2 id='make-one-model-your-own' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#make-one-model-your-own' aria-label='Anchor'></a><span class='plain-code'>Make One Model Your Own</span></h2>
<p>As builders, it&rsquo;s time we stop hedging our bets and embrace the convergence reality. Every startup pitch deck with &lsquo;model-agnostic&rsquo; as a feature should become a red flag for investors who understand product-market fit. Stop putting &lsquo;works with any LLM&rsquo; in your one-liner. It screams &lsquo;we don&rsquo;t know what we&rsquo;re building.&rsquo;</p>
<p>If you&rsquo;re still building model-agnostic AI tools in 2025, you&rsquo;re optimizing for the wrong thing. Users don&rsquo;t want flexibility; they want reliability. And in a converged model landscape, reliability comes from deep specialization, not broad compatibility.</p>
<p>Pick your model like you pick your therapist; for the long haul. Find the right model, tune deeply, get close enough to understand its quirks and make them work for you. Stop architecting for the mythical future where you&rsquo;ll seamlessly swap models. That future doesn&rsquo;t exist, and chasing it is costing you the present.</p>
<h2 id='bonus-level-all-in-on-one-model-means-all-out-on-eval' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#bonus-level-all-in-on-one-model-means-all-out-on-eval' aria-label='Anchor'></a><span class='plain-code'>Bonus level: All-in On One Model Means All-out On Eval</span></h2>
<p>If any of this is landing for you, you&rsquo;ll agree that we have to start thinking of model evaluation as architecture, not an afterthought. The good news is, rigorous model eval doesn&rsquo;t have to be mind numbing anymore. </p>
<p>Turns out, games are really great eval tools! Now you can spin up your very own little <a href='https://github.com/fly-apps/ai-town_on_fly.io' title=''>AI Town</a> on Fly.io with a single click deploy to test different models as pixel people in an evolving environment. I discuss the idea further in <a href='https://fly.io/blog/games-as-model-eval/' title=''>Games as Model Eval: 1-Click Deploy AI Town on Fly.io</a>.</p>
</content>
</entry>
<entry>
<title>Phoenix.new – The Remote AI Runtime for Phoenix</title>
<link rel="alternate" href="https://fly.io/blog/phoenix-new-the-remote-ai-runtime/"/>
<id>https://fly.io/blog/phoenix-new-the-remote-ai-runtime/</id>
<published>2025-06-20T00:00:00+00:00</published>
<updated>2025-06-24T17:23:07+00:00</updated>
<media:thumbnail url="https://fly.io/blog/phoenix-new-the-remote-ai-runtime/assets/phoenixnew-thumb.png"/>
<content type="html"><div class="lead"><p>I’m Chris McCord, the creator of Elixir’s Phoenix framework. For the past several months, I’ve been working on a skunkworks project at Fly.io, and it’s time to show it off.</p>
</div>
<p>I wanted LLM agents to work just as well with Elixir as they do with Python and JavaScript. Last December, in order to figure out what that was going to take, I started a little weekend project to find out how difficult it would be to build a coding agent in Elixir.</p>
<p>A few weeks later, I had it spitting out working Phoenix applications and driving a full in-browser IDE. I knew this wasn&rsquo;t going to stay a weekend project.</p>
<p>If you follow me on Twitter, you&rsquo;ve probably seen me teasing this work as it picked up steam. We&rsquo;re at a point where we&rsquo;re pretty serious about this thing, and so it&rsquo;s time to make a formal introduction.</p>
<p>World, meet <a href='https://phoenix.new' title=''>Phoenix.new</a>, a batteries-included fully-online coding agent tailored to Elixir and Phoenix. I think it&rsquo;s going to be the fastest way to build collaborative, real-time applications.</p>
<p>Let&rsquo;s see it in action:</p>
<div class="youtube-container" data-exclude-render>
<div class="youtube-video">
<iframe
width="100%"
height="100%"
src="https://www.youtube.com/embed/du7GmWGUM5Y"
frameborder="0"
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
allowfullscreen>
</iframe>
</div>
</div>
<h2 id='whats-interesting-about-phoenix-new' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#whats-interesting-about-phoenix-new' aria-label='Anchor'></a><span class='plain-code'>What&rsquo;s Interesting About Phoenix.new</span></h2>
<p>First, even though it runs entirely in your browser, Phoenix.new gives both you and your agent a root shell, in an ephemeral virtual machine (a <a href='https://fly.io/docs/machines/overview/' title=''>Fly Machine</a>) that gives our agent loop free rein to install things and run programs — without any risk of messing up your local machine. You don&rsquo;t think about any of this; you just open up the VSCode interface, push the shell button, and there you are, on the isolated machine you share with the Phoenix.new agent.</p>
<p>Second, it&rsquo;s an agent system I built specifically for Phoenix. Phoenix is about real-time collaborative applications, and Phoenix.new knows what that means. To that end, Phoenix.new includes, in both its UI and its agent tools, a full browser. The Phoenix.new agent uses that browser &ldquo;headlessly&rdquo; to check its own front-end changes and interact with the app. Because it&rsquo;s a full browser, instead of trying to iterate on screenshots, the agent sees real page content and JavaScript state – with or without a human present.</p>
<h2 id='what-root-access-gets-us' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#what-root-access-gets-us' aria-label='Anchor'></a><span class='plain-code'>What Root Access Gets Us</span></h2>
<p>Agents build software the way you did when you first got started, the way you still do today when you prototype things. They don&rsquo;t carefully design Docker container layers and they don&rsquo;t really do release cycles. An agent wants to pop a shell and get its fingernails dirty.</p>
<p>A fully isolated virtual machine means Phoenix.new&rsquo;s fingernails can get <em>arbitrarily dirty.</em> If it wants to add a package to <code>mix.exs</code>, it can do that and then run <code>mix phx.server</code> or <code>mix test</code> and check the output. Sure. Every agent can do that. But if it wants to add an APT package to the base operating system, it can do that too, and make sure it worked. It owns the whole environment.</p>
<p>This offloads a huge amount of tedious, repetitive work.</p>
<p>At his <a href='https://youtu.be/LCEmiRjPEtQ?si=sR_bdu6-AqPXSNmY&t=1902' title=''>AI Startup School talk last week</a>, Andrej Karpathy related his experience of building a restaurant menu visualizer, which takes camera pictures of text menus and transforms all the menu items into pictures. The code, which he vibe-coded with an LLM agent, was the easy part; he had it working in an afternoon. But getting the app online took him a whole week.</p>
<p>With Phoenix.new, I&rsquo;m taking dead aim at this problem. The apps we produce live in the cloud from the minute they launch. They have private, shareable URLs (we detect anything the agent generates with a bound port and give it a preview URL underneath <code>phx.run</code>, with integrated port-forwarding), they integrate with Github, and they inherit all the infrastructure guardrails of Fly.io: hardware virtualization, WireGuard, and isolated networks.</p>
<div class="callout"><p>Github’s <code>gh</code> CLI is installed by default. So the agent knows how to clone any repo, or browse issues, and you can even authorize it for internal repositories to get it working with your team’s existing projects and dependencies.</p>
</div>
<p>Full control of the environment also closes the loop between the agent and deployment. When Phoenix.new boots an app, it watches the logs, and tests the application. When an action triggers an error, Phoenix.new notices and gets to work.</p>
<h2 id='watch-it-build-in-real-time' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#watch-it-build-in-real-time' aria-label='Anchor'></a><span class='plain-code'>Watch It Build In Real Time</span></h2>
<p><a href='https://phoenix.new' title=''>Phoenix.new</a> can interact with web applications the way users do: with a real browser.</p>
<p>The Phoenix.new environment includes a headless Chrome browser that our agent knows how to drive. Prompt it to add a front-end feature to your application, and it won&rsquo;t just sketch the code out and make sure it compiles and lints. It&rsquo;ll pull the app up itself and poke at the UI, simultaneously looking at the page content, JavaScript state, and server-side logs.</p>
<p>Phoenix is all about <a href='https://fly.io/blog/how-we-got-to-liveview/' title=''>&ldquo;live&rdquo; real-time</a> interactivity, and gives us seamless live reload. The user interface for Phoenix.new itself includes a live preview of the app being worked on, so you can kick back and watch it build front-end features incrementally. Any other <code>.phx.run</code> tabs you have open also update as it goes. It&rsquo;s wild.</p>
<video title="agent interacting with web" autoplay="autoplay" loop="loop" muted="muted" playsinline="playsinline" disablePictureInPicture="true" class="mb-8" src="/blog/phoenix-new-the-remote-ai-runtime/assets/webjs.mp4"></video>
<h2 id='not-just-for-vibe-coding' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#not-just-for-vibe-coding' aria-label='Anchor'></a><span class='plain-code'>Not Just For Vibe Coding</span></h2>
<p>Phoenix.new can already build real, full-stack applications with WebSockets, Phoenix&rsquo;s Presence features, and real databases. I&rsquo;m seeing it succeed at business and collaborative applications right now.</p>
<p>But there&rsquo;s no fixed bound on the tasks you can reasonably ask it to accomplish. If you can do it with a shell and a browser, I want Phoenix.new to do it too. And it can do these tasks with or without you present.</p>
<p>For example: set a <code>$DATABASE_URL</code> and tell the agent about it. The agent knows enough to go explore it with <code>psql</code>, and it&rsquo;ll propose apps based on the schemas it finds. It can model Ecto schemas off the database. And if MySQL is your thing, the agent will just <code>apt install</code> a MySQL client and go to town.</p>
<p>Frontier model LLMs have vast world knowledge. They generalize extremely well. At ElixirConfEU, I did a <a href='https://www.youtube.com/watch?v=ojL_VHc4gLk&t=3923s' title=''>demo vibe-coding Tetris</a> on stage. Phoenix.new nailed it, first try, first prompt. It&rsquo;s not like there&rsquo;s gobs of Phoenix LiveView Tetris examples floating around the Internet! But lots of people have published Tetris code, and lots of people have written LiveView stuff, and 2025 LLMs can connect those dots.</p>
<p>At this point you might be wondering – can I just ask it to build a Rails app? Or an Expo React Native app? Or Svelte? Or Go?</p>
<p>Yes, you can.</p>
<p>Our system prompt is tuned for Phoenix today, but all languages you care about are already installed. We&rsquo;re still figuring out where to take this, but adding new languages and frameworks definitely ranks highly in my plans.</p>
<h2 id='our-async-agent-future' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#our-async-agent-future' aria-label='Anchor'></a><span class='plain-code'>Our Async Agent Future</span></h2>
<p><a href='https://fly.io/blog/youre-all-nuts/' title=''>We&rsquo;re at a massive step-change in developer workflows</a>.</p>
<p>Agents can do real work, today, with or without a human present. Buckle up: the future of development, at least in the common case, probably looks less like cracking open a shell and finding a file to edit, and more like popping into a CI environment with agents working away around the clock.</p>
<p>Local development isn&rsquo;t going away. But there&rsquo;s going to be a shift in where the majority of our iterations take place. I&rsquo;m already using Phoenix.new to triage <code>phoenix-core</code> Github issues and pick problems to solve. I close my laptop, grab a cup of coffee, and wait for a PR to arrive — Phoenix.new knows how PRs work, too. We&rsquo;re already here, and this space is just getting started.</p>
<p>This isn&rsquo;t where I thought I&rsquo;d end up when I started poking around. The Phoenix and LiveView journey was much the same. Something special was there and the projects took on a life of their own. I&rsquo;m excited to share this work now, and see where it might take us. I can&rsquo;t wait to see what folks build.</p>
</content>
</entry>
<entry>
<title>What are MCP Servers?</title>
<link rel="alternate" href="https://fly.io/blog/mcps-everywhere/"/>
<id>https://fly.io/blog/mcps-everywhere/</id>
<published>2025-06-12T00:00:00+00:00</published>
<updated>2025-06-12T16:59:12+00:00</updated>
<media:thumbnail url="https://fly.io/blog/mcps-everywhere/assets/mcps-everywhere.jpg"/>
<content type="html"><div class="lead"><div><p>With Fly.io, <a href="https://fly.io/docs/speedrun/" title="">you can get your app running globally in a matter of minutes</a>, and with MCP servers you can integrate with Claude, VSCode, Cursor and <a href="https://modelcontextprotocol.io/clients">many more AI clients</a>. <a href="https://fly.io/docs/mcp/" title="">Try it out for yourself</a>!</p>
</div></div>
<p>The introduction to <a href='https://modelcontextprotocol.io/introduction' title=''>Model Context Protocol</a> starts out with:</p>
<blockquote>
<p>MCP is an open protocol that standardizes how applications provide context to LLMs. Think of MCP like a USB-C port for AI applications. Just as USB-C provides a standardized way to connect your devices to various peripherals and accessories, MCP provides a standardized way to connect AI models to different data sources and tools.</p>
</blockquote>
<p>That paragraph, to me, is both comforting (&ldquo;USB for LLM&rdquo;? Cool! Got it!), and simultaneously vacuous (Um, but what do I actually <em>do</em> with this?).</p>
<p>I&rsquo;ve been digging deeper and have come up with a few more analogies and observations that make sense to me. Perhaps one or more of these will help you.</p>
<h2 id='mcps-are-alexa-skills' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#mcps-are-alexa-skills' aria-label='Anchor'></a><span class='plain-code'>MCPs are Alexa Skills</span></h2>
<p>You buy an Echo Dot and a Hue light. You plug them both in and connect them to your Wi-Fi. There is one more step you need to do: you need to install and enable the Philips Hue skill to connect the two.</p>
<p>Now you might be using Siri or Google Assistant. Or you may want to connect a Ring Doorbell camera or Google Nest Thermostat. But the principle is the same, though the analogy is slightly stronger with a skill (which is a noun) as opposed to the action of pairing your Hue Bridge with Apple HomeKit (a verb).</p>
<h2 id='mcps-are-api-2-0' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#mcps-are-api-2-0' aria-label='Anchor'></a><span class='plain-code'>MCPs are API 2.0</span></h2>
<p>HTTP 1.1 is simple. You send a request, you get a response. While there are cookies and sessions, it is pretty much stateless and therefore inefficient, as each request needs to establish a new connection. WebSockets and Server-Sent Events (SSE) mitigate this a bit.</p>
<p><a href='https://en.wikipedia.org/wiki/HTTP/2' title=''>HTTP 2.0</a> introduces features like multiplexing and server push. When you visit a web page for the first time, your browser can now request all of the associated JavaScript, CSS, and images at once, and the server can respond in any order.</p>
<p>APIs today are typically request/response. MCPs support multiplexing and server push.</p>
<h2 id='mcps-are-apis-with-introspection-reflection' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#mcps-are-apis-with-introspection-reflection' aria-label='Anchor'></a><span class='plain-code'>MCPs are APIs with Introspection/Reflection</span></h2>
<p>With <a href='https://learn.openapis.org/' title=''>OpenAPI</a>, requests are typically JSON, and responses are too. Many OpenAPI providers publish a separate <a href='https://learn.openapis.org/specification/structure.html' title=''>OpenAPI Description (OAD)</a>, which contains a schema describing what requests are supported by that API.</p>
<p>With MCP, requests are also JSON and responses are also JSON, but in addition, there are standard requests built into the protocol to obtain useful information, including what tools are provided, what arguments each tool expects, and a prose description of how each tool is expected to be used.</p>
<p>As an aside, don&rsquo;t automatically assume that you will get good results from <a href='https://neon.com/blog/autogenerating-mcp-servers-openai-schemas' title=''>auto-generating MCP Servers from OpenAPI schemas</a>:</p>
<blockquote>
<p>Effective MCP design means thinking about the workflows you want the agent to perform and potentially creating higher-level tools that encapsulate multiple API calls, rather than just exposing the raw building blocks of your entire API spec.</p>
</blockquote>
<p><a href='https://glama.ai/blog/2025-06-06-mcp-vs-api#five-fundamental-differences' title=''>MCP vs API</a> goes into this topic at greater debth.</p>
<p>In many cases you will get better results treating LLMs as humans. If you have a CLI, consider using that as the starting point instead.</p>
<h2 id='mcps-are-not-serverless' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#mcps-are-not-serverless' aria-label='Anchor'></a><span class='plain-code'>MCPs are <strong><i>not</i></strong> serverless</span></h2>
<p><a href='https://en.wikipedia.org/wiki/Serverless_computing' title=''>Serverless</a>, sometimes known as <a href='https://en.wikipedia.org/wiki/Function_as_a_service' title=''>FaaS</a>, is a popular cloud computing model, where AWS Lambda is widely recognized as the archetype.</p>
<p>MCP servers are not serverless; they have a well-defined and long-lived <a href='https://modelcontextprotocol.io/specification/2025-03-26/basic/lifecycle' title=''>lifecycle</a>:</p>
<p><svg aria-roledescription="sequence" role="graphics-document document" viewBox="-50 -10 482 651" style="max-width: 482px;" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://www.w3.org/2000/svg" width="100%" id="rm"><rect class="rect" height="70" width="302" fill="rgb(200, 220, 250)" y="325" x="40"></rect><g><rect class="actor actor-bottom" ry="3" rx="3" name="Server" height="65" width="150" stroke="#666" fill="#eaeaea" y="565" x="232"></rect><text class="actor actor-box" alignment-baseline="central" dominant-baseline="central" style="text-anchor: middle; font-size: 16px; font-weight: 400; font-family: inherit;" y="597.5" x="307"><tspan dy="0" x="307">Server</tspan></text></g><g><rect class="actor actor-bottom" ry="3" rx="3" name="Client" height="65" width="150" stroke="#666" fill="#eaeaea" y="565" x="0"></rect><text class="actor actor-box" alignment-baseline="central" dominant-baseline="central" style="text-anchor: middle; font-size: 16px; font-weight: 400; font-family: inherit;" y="597.5" x="75"><tspan dy="0" x="75">Client</tspan></text></g><g><line name="Server" stroke="#999" stroke-width="0.5px" class="actor-line 200" y2="565" x2="307" y1="65" x1="307" id="actor10"></line><g id="root-10"><rect class="actor actor-top" ry="3" rx="3" name="Server" height="65" width="150" stroke="#666" fill="#eaeaea" y="0" x="232"></rect><text class="actor actor-box" alignment-baseline="central" dominant-baseline="central" style="text-anchor: middle; font-size: 16px; font-weight: 400; font-family: inherit;" y="32.5" x="307"><tspan dy="0" x="307">Server</tspan></text></g></g><g><line name="Client" stroke="#999" stroke-width="0.5px" class="actor-line 200" y2="565" x2="75" y1="65" x1="75" id="actor9"></line><g id="root-9"><rect class="actor actor-top" ry="3" rx="3" name="Client" height="65" width="150" stroke="#666" fill="#eaeaea" y="0" x="0"></rect><text class="actor actor-box" alignment-baseline="central" dominant-baseline="central" style="text-anchor: middle; font-size: 16px; font-weight: 400; font-family: inherit;" y="32.5" x="75"><tspan dy="0" x="75">Client</tspan></text></g></g><style>#rm{font-family:inherit;font-size:16px;fill:#333;}#rm .error-icon{fill:#552222;}#rm .error-text{fill:#552222;stroke:#552222;}#rm .edge-thickness-normal{stroke-width:1px;}#rm .edge-thickness-thick{stroke-width:3.5px;}#rm .edge-pattern-solid{stroke-dasharray:0;}#rm .edge-thickness-invisible{stroke-width:0;fill:none;}#rm .edge-pattern-dashed{stroke-dasharray:3;}#rm .edge-pattern-dotted{stroke-dasharray:2;}#rm .marker{fill:#333333;stroke:#333333;}#rm .marker.cross{stroke:#333333;}#rm svg{font-family:inherit;font-size:16px;}#rm p{margin:0;}#rm .actor{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;}#rm text.actor&gt;tspan{fill:black;stroke:none;}#rm .actor-line{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);}#rm .messageLine0{stroke-width:1.5;stroke-dasharray:none;stroke:#333;}#rm .messageLine1{stroke-width:1.5;stroke-dasharray:2,2;stroke:#333;}#rm #arrowhead path{fill:#333;stroke:#333;}#rm .sequenceNumber{fill:white;}#rm #sequencenumber{fill:#333;}#rm #crosshead path{fill:#333;stroke:#333;}#rm .messageText{fill:#333;stroke:none;}#rm .labelBox{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;}#rm .labelText,#rm .labelText&gt;tspan{fill:black;stroke:none;}#rm .loopText,#rm .loopText&gt;tspan{fill:black;stroke:none;}#rm .loopLine{stroke-width:2px;stroke-dasharray:2,2;stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);}#rm .note{stroke:#aaaa33;fill:#fff5ad;}#rm .noteText,#rm .noteText&gt;tspan{fill:black;stroke:none;}#rm .activation0{fill:#f4f4f4;stroke:#666;}#rm .activation1{fill:#f4f4f4;stroke:#666;}#rm .activation2{fill:#f4f4f4;stroke:#666;}#rm .actorPopupMenu{position:absolute;}#rm .actorPopupMenuPanel{position:absolute;fill:#ECECFF;box-shadow:0px 8px 16px 0px rgba(0,0,0,0.2);filter:drop-shadow(3px 5px 2px rgb(0 0 0 / 0.4));}#rm .actor-man line{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;}#rm .actor-man circle,#rm line{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;stroke-width:2px;}#rm :root{--mermaid-font-family:inherit;}</style><g></g><defs><symbol height="24" width="24" id="computer"><path d="M2 2v13h20v-13h-20zm18 11h-16v-9h16v9zm-10.228 6l.466-1h3.524l.467 1h-4.457zm14.228 3h-24l2-6h2.104l-1.33 4h18.45l-1.297-4h2.073l2 6zm-5-10h-14v-7h14v7z" transform="scale(.5)"></path></symbol></defs><defs><symbol clip-rule="evenodd" fill-rule="evenodd" id="database"><path d="M12.258.001l.256.004.255.005.253.008.251.01.249.012.247.015.246.016.242.019.241.02.239.023.236.024.233.027.231.028.229.031.225.032.223.034.22.036.217.038.214.04.211.041.208.043.205.045.201.046.198.048.194.05.191.051.187.053.183.054.18.056.175.057.172.059.168.06.163.061.16.063.155.064.15.066.074.033.073.033.071.034.07.034.069.035.068.035.067.035.066.035.064.036.064.036.062.036.06.036.06.037.058.037.058.037.055.038.055.038.053.038.052.038.051.039.05.039.048.039.047.039.045.04.044.04.043.04.041.04.04.041.039.041.037.041.036.041.034.041.033.042.032.042.03.042.029.042.027.042.026.043.024.043.023.043.021.043.02.043.018.044.017.043.015.044.013.044.012.044.011.045.009.044.007.045.006.045.004.045.002.045.001.045v17l-.001.045-.002.045-.004.045-.006.045-.007.045-.009.044-.011.045-.012.044-.013.044-.015.044-.017.043-.018.044-.02.043-.021.043-.023.043-.024.043-.026.043-.027.042-.029.042-.03.042-.032.042-.033.042-.034.041-.036.041-.037.041-.039.041-.04.041-.041.04-.043.04-.044.04-.045.04-.047.039-.048.039-.05.039-.051.039-.052.038-.053.038-.055.038-.055.038-.058.037-.058.037-.06.037-.06.036-.062.036-.064.036-.064.036-.066.035-.067.035-.068.035-.069.035-.07.034-.071.034-.073.033-.074.033-.15.066-.155.064-.16.063-.163.061-.168.06-.172.059-.175.057-.18.056-.183.054-.187.053-.191.051-.194.05-.198.048-.201.046-.205.045-.208.043-.211.041-.214.04-.217.038-.22.036-.223.034-.225.032-.229.031-.231.028-.233.027-.236.024-.239.023-.241.02-.242.019-.246.016-.247.015-.249.012-.251.01-.253.008-.255.005-.256.004-.258.001-.258-.001-.256-.004-.255-.005-.253-.008-.251-.01-.249-.012-.247-.015-.245-.016-.243-.019-.241-.02-.238-.023-.236-.024-.234-.027-.231-.028-.228-.031-.226-.032-.223-.034-.22-.036-.217-.038-.214-.04-.211-.041-.208-.043-.204-.045-.201-.046-.198-.048-.195-.05-.19-.051-.187-.053-.184-.054-.179-.056-.176-.057-.172-.059-.167-.06-.164-.061-.159-.063-.155-.064-.151-.066-.074-.033-.072-.033-.072-.034-.07-.034-.069-.035-.068-.035-.067-.035-.066-.035-.064-.036-.063-.036-.062-.036-.061-.036-.06-.037-.058-.037-.057-.037-.056-.038-.055-.038-.053-.038-.052-.038-.051-.039-.049-.039-.049-.039-.046-.039-.046-.04-.044-.04-.043-.04-.041-.04-.04-.041-.039-.041-.037-.041-.036-.041-.034-.041-.033-.042-.032-.042-.03-.042-.029-.042-.027-.042-.026-.043-.024-.043-.023-.043-.021-.043-.02-.043-.018-.044-.017-.043-.015-.044-.013-.044-.012-.044-.011-.045-.009-.044-.007-.045-.006-.045-.004-.045-.002-.045-.001-.045v-17l.001-.045.002-.045.004-.045.006-.045.007-.045.009-.044.011-.045.012-.044.013-.044.015-.044.017-.043.018-.044.02-.043.021-.043.023-.043.024-.043.026-.043.027-.042.029-.042.03-.042.032-.042.033-.042.034-.041.036-.041.037-.041.039-.041.04-.041.041-.04.043-.04.044-.04.046-.04.046-.039.049-.039.049-.039.051-.039.052-.038.053-.038.055-.038.056-.038.057-.037.058-.037.06-.037.061-.036.062-.036.063-.036.064-.036.066-.035.067-.035.068-.035.069-.035.07-.034.072-.034.072-.033.074-.033.151-.066.155-.064.159-.063.164-.061.167-.06.172-.059.176-.057.179-.056.184-.054.187-.053.19-.051.195-.05.198-.048.201-.046.204-.045.208-.043.211-.041.214-.04.217-.038.22-.036.223-.034.226-.032.228-.031.231-.028.234-.027.236-.024.238-.023.241-.02.243-.019.245-.016.247-.015.249-.012.251-.01.253-.008.255-.005.256-.004.258-.001.258.001zm-9.258 20.499v.01l.001.021.003.021.004.022.005.021.006.022.007.022.009.023.01.022.011.023.012.023.013.023.015.023.016.024.017.023.018.024.019.024.021.024.022.025.023.024.024.025.052.049.056.05.061.051.066.051.07.051.075.051.079.052.084.052.088.052.092.052.097.052.102.051.105.052.11.052.114.051.119.051.123.051.127.05.131.05.135.05.139.048.144.049.147.047.152.047.155.047.16.045.163.045.167.043.171.043.176.041.178.041.183.039.187.039.19.037.194.035.197.035.202.033.204.031.209.03.212.029.216.027.219.025.222.024.226.021.23.02.233.018.236.016.24.015.243.012.246.01.249.008.253.005.256.004.259.001.26-.001.257-.004.254-.005.25-.008.247-.011.244-.012.241-.014.237-.016.233-.018.231-.021.226-.021.224-.024.22-.026.216-.027.212-.028.21-.031.205-.031.202-.034.198-.034.194-.036.191-.037.187-.039.183-.04.179-.04.175-.042.172-.043.168-.044.163-.045.16-.046.155-.046.152-.047.148-.048.143-.049.139-.049.136-.05.131-.05.126-.05.123-.051.118-.052.114-.051.11-.052.106-.052.101-.052.096-.052.092-.052.088-.053.083-.051.079-.052.074-.052.07-.051.065-.051.06-.051.056-.05.051-.05.023-.024.023-.025.021-.024.02-.024.019-.024.018-.024.017-.024.015-.023.014-.024.013-.023.012-.023.01-.023.01-.022.008-.022.006-.022.006-.022.004-.022.004-.021.001-.021.001-.021v-4.127l-.077.055-.08.053-.083.054-.085.053-.087.052-.09.052-.093.051-.095.05-.097.05-.1.049-.102.049-.105.048-.106.047-.109.047-.111.046-.114.045-.115.045-.118.044-.12.043-.122.042-.124.042-.126.041-.128.04-.13.04-.132.038-.134.038-.135.037-.138.037-.139.035-.142.035-.143.034-.144.033-.147.032-.148.031-.15.03-.151.03-.153.029-.154.027-.156.027-.158.026-.159.025-.161.024-.162.023-.163.022-.165.021-.166.02-.167.019-.169.018-.169.017-.171.016-.173.015-.173.014-.175.013-.175.012-.177.011-.178.01-.179.008-.179.008-.181.006-.182.005-.182.004-.184.003-.184.002h-.37l-.184-.002-.184-.003-.182-.004-.182-.005-.181-.006-.179-.008-.179-.008-.178-.01-.176-.011-.176-.012-.175-.013-.173-.014-.172-.015-.171-.016-.17-.017-.169-.018-.167-.019-.166-.02-.165-.021-.163-.022-.162-.023-.161-.024-.159-.025-.157-.026-.156-.027-.155-.027-.153-.029-.151-.03-.15-.03-.148-.031-.146-.032-.145-.033-.143-.034-.141-.035-.14-.035-.137-.037-.136-.037-.134-.038-.132-.038-.13-.04-.128-.04-.126-.041-.124-.042-.122-.042-.12-.044-.117-.043-.116-.045-.113-.045-.112-.046-.109-.047-.106-.047-.105-.048-.102-.049-.1-.049-.097-.05-.095-.05-.093-.052-.09-.051-.087-.052-.085-.053-.083-.054-.08-.054-.077-.054v4.127zm0-5.654v.011l.001.021.003.021.004.021.005.022.006.022.007.022.009.022.01.022.011.023.012.023.013.023.015.024.016.023.017.024.018.024.019.024.021.024.022.024.023.025.024.024.052.05.056.05.061.05.066.051.07.051.075.052.079.051.084.052.088.052.092.052.097.052.102.052.105.052.11.051.114.051.119.052.123.05.127.051.131.05.135.049.139.049.144.048.147.048.152.047.155.046.16.045.163.045.167.044.171.042.176.042.178.04.183.04.187.038.19.037.194.036.197.034.202.033.204.032.209.03.212.028.216.027.219.025.222.024.226.022.23.02.233.018.236.016.24.014.243.012.246.01.249.008.253.006.256.003.259.001.26-.001.257-.003.254-.006.25-.008.247-.01.244-.012.241-.015.237-.016.233-.018.231-.02.226-.022.224-.024.22-.025.216-.027.212-.029.21-.03.205-.032.202-.033.198-.035.194-.036.191-.037.187-.039.183-.039.179-.041.175-.042.172-.043.168-.044.163-.045.16-.045.155-.047.152-.047.148-.048.143-.048.139-.05.136-.049.131-.05.126-.051.123-.051.118-.051.114-.052.11-.052.106-.052.101-.052.096-.052.092-.052.088-.052.083-.052.079-.052.074-.051.07-.052.065-.051.06-.05.056-.051.051-.049.023-.025.023-.024.021-.025.02-.024.019-.024.018-.024.017-.024.015-.023.014-.023.013-.024.012-.022.01-.023.01-.023.008-.022.006-.022.006-.022.004-.021.004-.022.001-.021.001-.021v-4.139l-.077.054-.08.054-.083.054-.085.052-.087.053-.09.051-.093.051-.095.051-.097.05-.1.049-.102.049-.105.048-.106.047-.109.047-.111.046-.114.045-.115.044-.118.044-.12.044-.122.042-.124.042-.126.041-.128.04-.13.039-.132.039-.134.038-.135.037-.138.036-.139.036-.142.035-.143.033-.144.033-.147.033-.148.031-.15.03-.151.03-.153.028-.154.028-.156.027-.158.026-.159.025-.161.024-.162.023-.163.022-.165.021-.166.02-.167.019-.169.018-.169.017-.171.016-.173.015-.173.014-.175.013-.175.012-.177.011-.178.009-.179.009-.179.007-.181.007-.182.005-.182.004-.184.003-.184.002h-.37l-.184-.002-.184-.003-.182-.004-.182-.005-.181-.007-.179-.007-.179-.009-.178-.009-.176-.011-.176-.012-.175-.013-.173-.014-.172-.015-.171-.016-.17-.017-.169-.018-.167-.019-.166-.02-.165-.021-.163-.022-.162-.023-.161-.024-.159-.025-.157-.026-.156-.027-.155-.028-.153-.028-.151-.03-.15-.03-.148-.031-.146-.033-.145-.033-.143-.033-.141-.035-.14-.036-.137-.036-.136-.037-.134-.038-.132-.039-.13-.039-.128-.04-.126-.041-.124-.042-.122-.043-.12-.043-.117-.044-.116-.044-.113-.046-.112-.046-.109-.046-.106-.047-.105-.048-.102-.049-.1-.049-.097-.05-.095-.051-.093-.051-.09-.051-.087-.053-.085-.052-.083-.054-.08-.054-.077-.054v4.139zm0-5.666v.011l.001.02.003.022.004.021.005.022.006.021.007.022.009.023.01.022.011.023.012.023.013.023.015.023.016.024.017.024.018.023.019.024.021.025.022.024.023.024.024.025.052.05.056.05.061.05.066.051.07.051.075.052.079.051.084.052.088.052.092.052.097.052.102.052.105.051.11.052.114.051.119.051.123.051.127.05.131.05.135.05.139.049.144.048.147.048.152.047.155.046.16.045.163.045.167.043.171.043.176.042.178.04.183.04.187.038.19.037.194.036.197.034.202.033.204.032.209.03.212.028.216.027.219.025.222.024.226.021.23.02.233.018.236.017.24.014.243.012.246.01.249.008.253.006.256.003.259.001.26-.001.257-.003.254-.006.25-.008.247-.01.244-.013.241-.014.237-.016.233-.018.231-.02.226-.022.224-.024.22-.025.216-.027.212-.029.21-.03.205-.032.202-.033.198-.035.194-.036.191-.037.187-.039.183-.039.179-.041.175-.042.172-.043.168-.044.163-.045.16-.045.155-.047.152-.047.148-.048.143-.049.139-.049.136-.049.131-.051.126-.05.123-.051.118-.052.114-.051.11-.052.106-.052.101-.052.096-.052.092-.052.088-.052.083-.052.079-.052.074-.052.07-.051.065-.051.06-.051.056-.05.051-.049.023-.025.023-.025.021-.024.02-.024.019-.024.018-.024.017-.024.015-.023.014-.024.013-.023.012-.023.01-.022.01-.023.008-.022.006-.022.006-.022.004-.022.004-.021.001-.021.001-.021v-4.153l-.077.054-.08.054-.083.053-.085.053-.087.053-.09.051-.093.051-.095.051-.097.05-.1.049-.102.048-.105.048-.106.048-.109.046-.111.046-.114.046-.115.044-.118.044-.12.043-.122.043-.124.042-.126.041-.128.04-.13.039-.132.039-.134.038-.135.037-.138.036-.139.036-.142.034-.143.034-.144.033-.147.032-.148.032-.15.03-.151.03-.153.028-.154.028-.156.027-.158.026-.159.024-.161.024-.162.023-.163.023-.165.021-.166.02-.167.019-.169.018-.169.017-.171.016-.173.015-.173.014-.175.013-.175.012-.177.01-.178.01-.179.009-.179.007-.181.006-.182.006-.182.004-.184.003-.184.001-.185.001-.185-.001-.184-.001-.184-.003-.182-.004-.182-.006-.181-.006-.179-.007-.179-.009-.178-.01-.176-.01-.176-.012-.175-.013-.173-.014-.172-.015-.171-.016-.17-.017-.169-.018-.167-.019-.166-.02-.165-.021-.163-.023-.162-.023-.161-.024-.159-.024-.157-.026-.156-.027-.155-.028-.153-.028-.151-.03-.15-.03-.148-.032-.146-.032-.145-.033-.143-.034-.141-.034-.14-.036-.137-.036-.136-.037-.134-.038-.132-.039-.13-.039-.128-.041-.126-.041-.124-.041-.122-.043-.12-.043-.117-.044-.116-.044-.113-.046-.112-.046-.109-.046-.106-.048-.105-.048-.102-.048-.1-.05-.097-.049-.095-.051-.093-.051-.09-.052-.087-.052-.085-.053-.083-.053-.08-.054-.077-.054v4.153zm8.74-8.179l-.257.004-.254.005-.25.008-.247.011-.244.012-.241.014-.237.016-.233.018-.231.021-.226.022-.224.023-.22.026-.216.027-.212.028-.21.031-.205.032-.202.033-.198.034-.194.036-.191.038-.187.038-.183.04-.179.041-.175.042-.172.043-.168.043-.163.045-.16.046-.155.046-.152.048-.148.048-.143.048-.139.049-.136.05-.131.05-.126.051-.123.051-.118.051-.114.052-.11.052-.106.052-.101.052-.096.052-.092.052-.088.052-.083.052-.079.052-.074.051-.07.052-.065.051-.06.05-.056.05-.051.05-.023.025-.023.024-.021.024-.02.025-.019.024-.018.024-.017.023-.015.024-.014.023-.013.023-.012.023-.01.023-.01.022-.008.022-.006.023-.006.021-.004.022-.004.021-.001.021-.001.021.001.021.001.021.004.021.004.022.006.021.006.023.008.022.01.022.01.023.012.023.013.023.014.023.015.024.017.023.018.024.019.024.02.025.021.024.023.024.023.025.051.05.056.05.06.05.065.051.07.052.074.051.079.052.083.052.088.052.092.052.096.052.101.052.106.052.11.052.114.052.118.051.123.051.126.051.131.05.136.05.139.049.143.048.148.048.152.048.155.046.16.046.163.045.168.043.172.043.175.042.179.041.183.04.187.038.191.038.194.036.198.034.202.033.205.032.21.031.212.028.216.027.22.026.224.023.226.022.231.021.233.018.237.016.241.014.244.012.247.011.25.008.254.005.257.004.26.001.26-.001.257-.004.254-.005.25-.008.247-.011.244-.012.241-.014.237-.016.233-.018.231-.021.226-.022.224-.023.22-.026.216-.027.212-.028.21-.031.205-.032.202-.033.198-.034.194-.036.191-.038.187-.038.183-.04.179-.041.175-.042.172-.043.168-.043.163-.045.16-.046.155-.046.152-.048.148-.048.143-.048.139-.049.136-.05.131-.05.126-.051.123-.051.118-.051.114-.052.11-.052.106-.052.101-.052.096-.052.092-.052.088-.052.083-.052.079-.052.074-.051.07-.052.065-.051.06-.05.056-.05.051-.05.023-.025.023-.024.021-.024.02-.025.019-.024.018-.024.017-.023.015-.024.014-.023.013-.023.012-.023.01-.023.01-.022.008-.022.006-.023.006-.021.004-.022.004-.021.001-.021.001-.021-.001-.021-.001-.021-.004-.021-.004-.022-.006-.021-.006-.023-.008-.022-.01-.022-.01-.023-.012-.023-.013-.023-.014-.023-.015-.024-.017-.023-.018-.024-.019-.024-.02-.025-.021-.024-.023-.024-.023-.025-.051-.05-.056-.05-.06-.05-.065-.051-.07-.052-.074-.051-.079-.052-.083-.052-.088-.052-.092-.052-.096-.052-.101-.052-.106-.052-.11-.052-.114-.052-.118-.051-.123-.051-.126-.051-.131-.05-.136-.05-.139-.049-.143-.048-.148-.048-.152-.048-.155-.046-.16-.046-.163-.045-.168-.043-.172-.043-.175-.042-.179-.041-.183-.04-.187-.038-.191-.038-.194-.036-.198-.034-.202-.033-.205-.032-.21-.031-.212-.028-.216-.027-.22-.026-.224-.023-.226-.022-.231-.021-.233-.018-.237-.016-.241-.014-.244-.012-.247-.011-.25-.008-.254-.005-.257-.004-.26-.001-.26.001z" transform="scale(.5)"></path></symbol></defs><defs><symbol height="24" width="24" id="clock"><path d="M12 2c5.514 0 10 4.486 10 10s-4.486 10-10 10-10-4.486-10-10 4.486-10 10-10zm0-2c-6.627 0-12 5.373-12 12s5.373 12 12 12 12-5.373 12-12-5.373-12-12-12zm5.848 12.459c.202.038.202.333.001.372-1.907.361-6.045 1.111-6.547 1.111-.719 0-1.301-.582-1.301-1.301 0-.512.77-5.447 1.125-7.445.034-.192.312-.181.343.014l.985 6.238 5.394 1.011z" transform="scale(.5)"></path></symbol></defs><defs><marker orient="auto-start-reverse" markerHeight="12" markerWidth="12" markerUnits="userSpaceOnUse" refY="5" refX="7.9" id="arrowhead"><path d="M -1 0 L 10 5 L 0 10 z"></path></marker></defs><defs><marker refY="4.5" refX="4" orient="auto" markerHeight="8" markerWidth="15" id="crosshead"><path d="M 1,2 L 6,7 M 6,2 L 1,7" stroke-width="1pt" style="stroke-dasharray: 0px, 0px;" stroke="#000000" fill="none"></path></marker></defs><defs><marker orient="auto" markerHeight="28" markerWidth="20" refY="7" refX="15.5" id="filled-head"><path d="M 18,7 L9,13 L14,7 L9,1 Z"></path></marker></defs><defs><marker orient="auto" markerHeight="40" markerWidth="60" refY="15" refX="15" id="sequencenumber"><circle r="6" cy="15" cx="15"></circle></marker></defs><g><rect class="note" height="40" width="282" stroke="#666" fill="#EDF2AE" y="75" x="50"></rect><text dy="1em" class="noteText" style="font-family: inherit; font-size: 16px; font-weight: 400;" alignment-baseline="middle" dominant-baseline="middle" text-anchor="middle" y="80" x="191"><tspan x="191">Initialization Phase</tspan></text></g><g><rect class="activation0" height="380" width="10" stroke="#666" fill="#EDF2AE" y="115" x="70"></rect></g><g><rect class="activation0" height="328" width="10" stroke="#666" fill="#EDF2AE" y="167" x="302"></rect></g><g><rect class="note" height="40" width="282" stroke="#666" fill="#EDF2AE" y="275" x="50"></rect><text dy="1em" class="noteText" style="font-family: inherit; font-size: 16px; font-weight: 400;" alignment-baseline="middle" dominant-baseline="middle" text-anchor="middle" y="280" x="191"><tspan x="191">Operation Phase</tspan></text></g><g><rect class="note" height="40" width="282" stroke="#666" fill="#EDF2AE" y="345" x="50"></rect><text dy="1em" class="noteText" style="font-family: inherit; font-size: 16px; font-weight: 400;" alignment-baseline="middle" dominant-baseline="middle" text-anchor="middle" y="350" x="191"><tspan x="191">Normal protocol operations</tspan></text></g><g><rect class="note" height="40" width="282" stroke="#666" fill="#EDF2AE" y="405" x="50"></rect><text dy="1em" class="noteText" style="font-family: inherit; font-size: 16px; font-weight: 400;" alignment-baseline="middle" dominant-baseline="middle" text-anchor="middle" y="410" x="191"><tspan x="191">Shutdown</tspan></text></g><g><rect class="note" height="40" width="282" stroke="#666" fill="#EDF2AE" y="505" x="50"></rect><text dy="1em" class="noteText" style="font-family: inherit; font-size: 16px; font-weight: 400;" alignment-baseline="middle" dominant-baseline="middle" text-anchor="middle" y="510" x="191"><tspan x="191">Connection closed</tspan></text></g><text dy="1em" class="messageText" style="font-family: inherit; font-size: 16px; font-weight: 400;" alignment-baseline="middle" dominant-baseline="middle" text-anchor="middle" y="130" x="190">initialize request</text><line marker-end="url(#arrowhead)" style="fill: none;" stroke="none" stroke-width="2" class="messageLine0" y2="165" x2="299" y1="165" x1="80"></line><text dy="1em" class="messageText" style="font-family: inherit; font-size: 16px; font-weight: 400;" alignment-baseline="middle" dominant-baseline="middle" text-anchor="middle" y="180" x="193">initialize response</text><line marker-end="url(#arrowhead)" stroke="none" stroke-width="2" class="messageLine1" style="stroke-dasharray: 3px, 3px; fill: none;" y2="215" x2="83" y1="215" x1="302"></line><text dy="1em" class="messageText" style="font-family: inherit; font-size: 16px; font-weight: 400;" alignment-baseline="middle" dominant-baseline="middle" text-anchor="middle" y="230" x="190">initialized notification</text><line marker-end="url(#filled-head)" stroke="none" stroke-width="2" class="messageLine1" style="stroke-dasharray: 3px, 3px; fill: none;" y2="265" x2="299" y1="265" x1="80"></line><text dy="1em" class="messageText" style="font-family: inherit; font-size: 16px; font-weight: 400;" alignment-baseline="middle" dominant-baseline="middle" text-anchor="middle" y="460" x="190">Disconnect</text><line marker-end="url(#filled-head)" stroke="none" stroke-width="2" class="messageLine1" style="stroke-dasharray: 3px, 3px; fill: none;" y2="495" x2="299" y1="495" x1="80"></line></svg></p>
<figure class="post-cta">
<figcaption>
<h1>You can play with this right now.</h1>
<p>MCPs are barely six months old, but we are keeping up with the latest</p>
<a class="btn btn-lg" href="https://fly.io/docs/mcp">
Try launching your MCP server on Fly.io today <span class='opacity-50'>→</span>
</a>
</figcaption>
<div class="image-container">
<img src="/static/images/cta-kitty.webp" srcset="/static/images/[email protected] 2x" alt="">
</div>
</figure>
<h2 id='mcps-are-not-inherently-secure-or-private' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#mcps-are-not-inherently-secure-or-private' aria-label='Anchor'></a><span class='plain-code'>MCPs are <strong><i>not</i></strong> Inherently Secure or Private</span></h2>
<p>Here I am not talking about <a href='https://simonwillison.net/2025/Apr/9/mcp-prompt-injection/' title=''>prompt injection</a> or <a href='https://simonwillison.net/2025/May/26/github-mcp-exploited/' title=''>exploitable abilities</a>, though those are real problems too.</p>
<p>I&rsquo;m talking about something more fundamental and basic. Let&rsquo;s take a look at the very same <a href='https://github.com/github/github-mcp-server' title=''>GitHub MCP</a> featured in the above two descriptions of an exploitable exposure. The current process for installing a stdio MCP into Claude involves placing secrets in plain text in a well-defined location. And the process for installing the <em>next</em> MCP server is to download a program from a third party and run that tool in a way that has access to this very file.</p>
<p>Addressing MCP security requires a holistic approach, but one key strategy component is the ability to run an MCP server on a remote machine which can only be accessed by you, and only after you present a revocable bearer token. That remote machine may require access to secrets (like your GitHub token), but those secrets are not something either your LLM client or other MCP servers will be able to access directly.</p>
<h2 id='mcps-should-be-considered-family' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#mcps-should-be-considered-family' aria-label='Anchor'></a><span class='plain-code'>MCPs should be considered family</span></h2>
<p>Recapping: <a href='https://www.usa.philips.com/' title=''>Philips</a> has an <a href='https://developers.meethue.com/' title=''>API and SDK</a> for Hue that is used by perhaps thousands, and has an <a href='https://www.amazon.com/Philips-Hue/dp/B01LWAGUG7' title=''>Alexa Skill</a> that is used by untold millions. Of course, somebody already built a <a href='https://github.com/ThomasRohde/hue-mcp' title=''>Philips Hue MCP Server</a>.</p>
<p>LLMs are brains. MCPs give LLMs eyes, hands, and legs. The end result is a robot. Most MCPs today are brainless—they merely are eyes, hands, and legs. The results are appliances. I buy and install a dishwasher. You do too. Both of our dishwashers perform the same basic function. As do any Hue lights we may buy.</p>
<p>In The Jetsons, <a href='https://thejetsons.fandom.com/wiki/Rosey' title=''>Rosie</a> is a maid and housekeeper who is also a member of the family. She is good friends with Jane and takes the role of a surrogate aunt towards Elroy and Judy. Let&rsquo;s start there and go further.</p>
<p>A person with an LLM can build things. Imagine having a 3D printer that makes robots or agents that act on your behalf. You may want an agent to watch for trends in your business, keep track of what events are happening in your area, screen your text messages, or act as a DJ when you get together with friends.</p>
<p>You may share the MCP servers you create with others to use as starting points, but they undoubtedly will adapt them and make them their own.</p>
<h2 id='closing-thoughts' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#closing-thoughts' aria-label='Anchor'></a><span class='plain-code'>Closing Thoughts</span></h2>
<p>Don&rsquo;t get me wrong. I am not saying there won&rsquo;t be MCPs that are mere appliances—there undoubtedly will be plenty of those. But not all MCPs will be appliances; many will be agents.</p>
<p>Today, most people exploring LLMs are trying to add LLMs to things they already have—for example, IDEs. MCPs flip this. Instead of adding LLMs to something you already have, you add something you already have to an LLM.</p>
<p><a href='https://desktopcommander.app/' title=''>Desktop Commander MCP</a> is an example I&rsquo;m particularly fond of that does exactly this. It also happens to be a prime example of a tool you want to give root access to, then lock it in a secure box and run someplace other than your laptop. <a href='https://fly.io/docs/mcp/examples/#desktop-commander' title=''>Give it a try</a>.</p>
<p>Microsoft is actively working on <a href='https://developer.microsoft.com/en-us/windows/agentic/' title=''>Agentic Windows</a>. Your smartphone is the obvious next frontier. Today, you have an app store and a web browser. MCP servers have the potential to make both obsolete—and this could happen sooner than you think.</p>
</content>
</entry>
<entry>
<title>My AI Skeptic Friends Are All Nuts</title>
<link rel="alternate" href="https://fly.io/blog/youre-all-nuts/"/>
<id>https://fly.io/blog/youre-all-nuts/</id>
<published>2025-06-02T00:00:00+00:00</published>
<updated>2025-06-10T21:38:22+00:00</updated>
<media:thumbnail url="https://fly.io/blog/youre-all-nuts/assets/whoah.png"/>
<content type="html"><div class="lead"><p>A heartfelt provocation about AI-assisted programming.</p>
</div>
<p>Tech execs are mandating LLM adoption. That&rsquo;s bad strategy. But I get where they&rsquo;re coming from.</p>
<p>Some of the smartest people I know share a bone-deep belief that AI is a fad — the next iteration of NFT mania. I&rsquo;ve been reluctant to push back on them, because, well, they&rsquo;re smarter than me. But their arguments are unserious, and worth confronting. Extraordinarily talented people are doing work that LLMs already do better, out of spite.</p>
<p>All progress on LLMs could halt today, and LLMs would remain the 2nd most important thing to happen over the course of my career.</p>
<div class="callout"><p><strong class="font-semibold text-navy-950">Important caveat</strong>: I’m discussing only the implications of LLMs for software development. For art, music, and writing? I got nothing. I’m inclined to believe the skeptics in those fields. I just don’t believe them about mine.</p>
</div>
<p>Bona fides: I&rsquo;ve been shipping software since the mid-1990s. I started out in boxed, shrink-wrap C code. Survived an ill-advised <a href='https://www.amazon.com/Modern-Design-Generic-Programming-Patterns/dp/0201704315' title=''>Alexandrescu</a> C++ phase. Lots of Ruby and Python tooling. Some kernel work. A whole lot of server-side C, Go, and Rust. However you define &ldquo;serious developer&rdquo;, I qualify. Even if only on one of your lower tiers.</p>
<h3 id='level-setting' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#level-setting' aria-label='Anchor'></a><span class='plain-code'>level setting</span></h3><div class="right-sidenote"><p>† (or, God forbid, 2 years ago with Copilot)</p>
</div>
<p>First, we need to get on the same page. If you were trying and failing to use an LLM for code 6 months ago †, you’re not doing what most serious LLM-assisted coders are doing.</p>
<p>People coding with LLMs today use agents. Agents get to poke around your codebase on their own. They author files directly. They run tools. They compile code, run tests, and iterate on the results. They also:</p>
<ul>
<li>pull in arbitrary code from the tree, or from other trees online, into their context windows,
</li><li>run standard Unix tools to navigate the tree and extract information,
</li><li>interact with Git,
</li><li>run existing tooling, like linters, formatters, and model checkers, and
</li><li>make essentially arbitrary tool calls (that you set up) through MCP.
</li></ul>
<div class="callout"><p>The code in an agent that actually “does stuff” with code is not, itself, AI. This should reassure you. It’s surprisingly simple systems code, wired to ground truth about programming in the same way a Makefile is. You could write an effective coding agent in a weekend. Its strengths would have more to do with how you think about and structure builds and linting and test harnesses than with how advanced o3 or Sonnet have become.</p>
</div>
<p>If you’re making requests on a ChatGPT page and then pasting the resulting (broken) code into your editor, you’re not doing what the AI boosters are doing. No wonder you&rsquo;re talking past each other.</p>
<h3 id='the-positive-case' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-positive-case' aria-label='Anchor'></a><span class='plain-code'>the positive case</span></h3>
<p><img alt="four quadrants of tedium and importance" src="/blog/youre-all-nuts/assets/code-quad.png?2/3&amp;center" /></p>
<p>LLMs can write a large fraction of all the tedious code you’ll ever need to write. And most code on most projects is tedious. LLMs drastically reduce the number of things you’ll ever need to Google. They look things up themselves. Most importantly, they don’t get tired; they’re immune to inertia.</p>
<p>Think of anything you wanted to build but didn&rsquo;t. You tried to home in on some first steps. If you&rsquo;d been in the limerent phase of a new programming language, you&rsquo;d have started writing. But you weren&rsquo;t, so you put it off, for a day, a year, or your whole career.</p>
<p>I can feel my blood pressure rising thinking of all the bookkeeping and Googling and dependency drama of a new project. An LLM can be instructed to just figure all that shit out. Often, it will drop you precisely at that golden moment where shit almost works, and development means tweaking code and immediately seeing things work better. That dopamine hit is why I code.</p>
<p>There&rsquo;s a downside. Sometimes, gnarly stuff needs doing. But you don&rsquo;t wanna do it. So you refactor unit tests, soothing yourself with the lie that you&rsquo;re doing real work. But an LLM can be told to go refactor all your unit tests. An agent can occupy itself for hours putzing with your tests in a VM and come back later with a PR. If you listen to me, you’ll know that. You&rsquo;ll feel worse yak-shaving. You&rsquo;ll end up doing… real work.</p>
<h3 id='but-you-have-no-idea-what-the-code-is' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-you-have-no-idea-what-the-code-is' aria-label='Anchor'></a><span class='plain-code'>but you have no idea what the code is</span></h3>
<p>Are you a vibe coding Youtuber? Can you not read code? If so: astute point. Otherwise: what the fuck is wrong with you?</p>
<p>You&rsquo;ve always been responsible for what you merge to <code>main</code>. You were five years go. And you are tomorrow, whether or not you use an LLM.</p>
<p>If you build something with an LLM that people will depend on, read the code. In fact, you&rsquo;ll probably do more than that. You&rsquo;ll spend 5-10 minutes knocking it back into your own style. LLMs are <a href='https://github.com/PatrickJS/awesome-cursorrules' title=''>showing signs of adapting</a> to local idiom, but we’re not there yet.</p>
<p>People complain about LLM-generated code being “probabilistic”. No it isn&rsquo;t. It’s code. It&rsquo;s not Yacc output. It&rsquo;s knowable. The LLM might be stochastic. But the LLM doesn’t matter. What matters is whether you can make sense of the result, and whether your guardrails hold.</p>
<p>Reading other people&rsquo;s code is part of the job. If you can&rsquo;t metabolize the boring, repetitive code an LLM generates: skills issue! How are you handling the chaos human developers turn out on a deadline?</p>
<div class="right-sidenote"><p>† (because it can hold 50-70kloc in its context window)</p>
</div>
<p>For the last month or so, Gemini 2.5 has been my go-to †. Almost nothing it spits out for me merges without edits. I’m sure there’s a skill to getting a SOTA model to one-shot a feature-plus-merge! But I don’t care. I like moving the code around and chuckling to myself while I delete all the stupid comments. I have to read the code line-by-line anyways.</p>
<h3 id='but-hallucination' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-hallucination' aria-label='Anchor'></a><span class='plain-code'>but hallucination</span></h3>
<p>If hallucination matters to you, your programming language has let you down.</p>
<p>Agents lint. They compile and run tests. If their LLM invents a new function signature, the agent sees the error. They feed it back to the LLM, which says “oh, right, I totally made that up” and then tries again.</p>
<p>You&rsquo;ll only notice this happening if you watch the chain of thought log your agent generates. Don&rsquo;t. This is why I like <a href='https://zed.dev/agentic' title=''>Zed&rsquo;s agent mode</a>: it begs you to tab away and let it work, and pings you with a desktop notification when it&rsquo;s done.</p>
<p>I’m sure there are still environments where hallucination matters. But &ldquo;hallucination&rdquo; is the first thing developers bring up when someone suggests using LLMs, despite it being (more or less) a solved problem.</p>
<h3 id='but-the-code-is-shitty-like-that-of-a-junior-developer' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-the-code-is-shitty-like-that-of-a-junior-developer' aria-label='Anchor'></a><span class='plain-code'>but the code is shitty, like that of a junior developer</span></h3>
<p>Does an intern cost $20/month? Because that&rsquo;s what Cursor.ai costs.</p>
<p>Part of being a senior developer is making less-able coders productive, be they fleshly or algebraic. Using agents well is both a both a skill and an engineering project all its own, of prompts, indices, <a href='https://fly.io/blog/semgrep-but-for-real-now/' title=''>and (especially) tooling.</a> LLMs only produce shitty code if you let them.</p>
<div class="right-sidenote"><p>† (Also: 100% of all the Bash code you should author ever again)</p>
</div>
<p>Maybe the current confusion is about who&rsquo;s doing what work. Today, LLMs do a lot of typing, Googling, test cases †, and edit-compile-test-debug cycles. But even the most Claude-poisoned serious developers in the world still own curation, judgement, guidance, and direction.</p>
<p>Also: let’s stop kidding ourselves about how good our human first cuts really are.</p>
<h3 id='but-its-bad-at-rust' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-its-bad-at-rust' aria-label='Anchor'></a><span class='plain-code'>but it’s bad at rust</span></h3>
<p>It’s hard to get a good toolchain for Brainfuck, too. Life’s tough in the aluminum siding business.</p>
<div class="right-sidenote"><p>† (and they surely will; the Rust community takes tooling seriously)</p>
</div>
<p>A lot of LLM skepticism probably isn&rsquo;t really about LLMs. It&rsquo;s projection. People say &ldquo;LLMs can&rsquo;t code&rdquo; when what they really mean is &ldquo;LLMs can&rsquo;t write Rust&rdquo;. Fair enough! But people select languages in part based on how well LLMs work with them, so Rust people should get on that †.</p>
<p>I work mostly in Go. I’m confident the designers of the Go programming language didn&rsquo;t set out to produce the most LLM-legible language in the industry. They succeeded nonetheless. Go has just enough type safety, an extensive standard library, and a culture that prizes (often repetitive) idiom. LLMs kick ass generating it.</p>
<p>All this is to say: I write some Rust. I like it fine. If LLMs and Rust aren&rsquo;t working for you, I feel you. But if that’s your whole thing, we’re not having the same argument.</p>
<h3 id='but-the-craft' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-the-craft' aria-label='Anchor'></a><span class='plain-code'>but the craft</span></h3>
<p>Do you like fine Japanese woodworking? All hand tools and sashimono joinery? Me too. Do it on your own time.</p>
<div class="right-sidenote"><p>† (I’m a piker compared to my woodworking friends)</p>
</div>
<p>I have a basic wood shop in my basement †. I could get a lot of satisfaction from building a table. And, if that table is a workbench or a grill table, sure, I&rsquo;ll build it. But if I need, like, a table? For people to sit at? In my office? I buy a fucking table.</p>
<p>Professional software developers are in the business of solving practical problems for people with code. We are not, in our day jobs, artisans. Steve Jobs was wrong: we do not need to carve the unseen feet in the sculpture. Nobody cares if the logic board traces are pleasingly routed. If anything we build endures, it won&rsquo;t be because the codebase was beautiful.</p>
<p>Besides, that’s not really what happens. If you’re taking time carefully golfing functions down into graceful, fluent, minimal functional expressions, alarm bells should ring. You’re yak-shaving. The real work has depleted your focus. You&rsquo;re not building: you&rsquo;re self-soothing.</p>
<p>Which, wait for it, is something LLMs are good for. They devour schlep, and clear a path to the important stuff, where your judgement and values really matter.</p>
<h3 id='but-the-mediocrity' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-the-mediocrity' aria-label='Anchor'></a><span class='plain-code'>but the mediocrity</span></h3>
<p>As a mid-late career coder, I&rsquo;ve come to appreciate mediocrity. You should be so lucky as to have it flowing almost effortlessly from a tap.</p>
<p>We all write mediocre code. Mediocre code: often fine. Not all code is equally important. Some code should be mediocre. Maximum effort on a random unit test? You&rsquo;re doing something wrong. Your team lead should correct you.</p>
<p>Developers all love to preen about code. They worry LLMs lower the &ldquo;ceiling&rdquo; for quality. Maybe. But they also raise the &ldquo;floor&rdquo;.</p>
<p>Gemini&rsquo;s floor is higher than my own. My code looks nice. But it&rsquo;s not as thorough. LLM code is repetitive. But mine includes dumb contortions where I got too clever trying to DRY things up.</p>
<p>And LLMs aren&rsquo;t mediocre on every axis. They almost certainly have a bigger bag of algorithmic tricks than you do: radix tries, topological sorts, graph reductions, and LDPC codes. Humans romanticize <code>rsync</code> (<a href='https://www.andrew.cmu.edu/course/15-749/READINGS/required/cas/tridgell96.pdf' title=''>Andrew Tridgell</a> wrote a paper about it!). To an LLM it might not be that much more interesting than a SQL join.</p>
<p>But I&rsquo;m getting ahead of myself. It doesn&rsquo;t matter. If truly mediocre code is all we ever get from LLMs, that&rsquo;s still huge. It&rsquo;s that much less mediocre code humans have to write.</p>
<h3 id='but-itll-never-be-agi' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-itll-never-be-agi' aria-label='Anchor'></a><span class='plain-code'>but it&rsquo;ll never be AGI</span></h3>
<p>I don&rsquo;t give a shit.</p>
<p>Smart practitioners get wound up by the AI/VC hype cycle. I can&rsquo;t blame them. But it&rsquo;s not an argument. Things either work or they don&rsquo;t, no matter what Jensen Huang has to say about it.</p>
<h3 id='but-they-take-rr-jerbs' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-they-take-rr-jerbs' aria-label='Anchor'></a><span class='plain-code'>but they take-rr jerbs</span></h3>
<p><a href='https://news.ycombinator.com/item?id=43776612' title=''>So does open source.</a> We used to pay good money for databases.</p>
<p>We&rsquo;re a field premised on automating other people’s jobs away. &ldquo;Productivity gains,&rdquo; say the economists. You get what that means, right? Fewer people doing the same stuff. Talked to a travel agent lately? Or a floor broker? Or a record store clerk? Or a darkroom tech?</p>
<p>When this argument comes up, libertarian-leaning VCs start the chant: lamplighters, creative destruction, new kinds of work. Maybe. But I&rsquo;m not hypnotized. I have no fucking clue whether we’re going to be better off after LLMs. Things could get a lot worse for us.</p>
<p>LLMs really might displace many software developers. That&rsquo;s not a high horse we get to ride. Our jobs are just as much in tech&rsquo;s line of fire as everybody else&rsquo;s have been for the last 3 decades. We&rsquo;re not <a href='https://en.wikipedia.org/wiki/2024_United_States_port_strike' title=''>East Coast dockworkers</a>; we won&rsquo;t stop progress on our own.</p>
<h3 id='but-the-plagiarism' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-the-plagiarism' aria-label='Anchor'></a><span class='plain-code'>but the plagiarism</span></h3>
<p>Artificial intelligence is profoundly — and probably unfairly — threatening to visual artists in ways that might be hard to appreciate if you don&rsquo;t work in the arts.</p>
<p>We imagine artists spending their working hours pushing the limits of expression. But the median artist isn&rsquo;t producing gallery pieces. They produce on brief: turning out competent illustrations and compositions for magazine covers, museum displays, motion graphics, and game assets.</p>
<p>LLMs easily — alarmingly — clear industry quality bars. Gallingly, one of the things they&rsquo;re best at is churning out just-good-enough facsimiles of human creative work. I have family in visual arts. I can&rsquo;t talk to them about LLMs. I don&rsquo;t blame them. They&rsquo;re probably not wrong.</p>
<p>Meanwhile, software developers spot code fragments <a href="https://arxiv.org/abs/2311.17035">seemingly lifted</a> from public repositories on Github and lose their shit. What about the licensing? If you&rsquo;re a lawyer, I defer. But if you&rsquo;re a software developer playing this card? Cut me a little slack as I ask you to shove this concern up your ass. No profession has demonstrated more contempt for intellectual property.</p>
<p>The median dev thinks Star Wars and Daft Punk are a public commons. The great cultural project of developers has been opposing any protection that might inconvenience a monetizable media-sharing site. When they fail at policy, they route around it with coercion. They stand up global-scale piracy networks and sneer at anybody who so much as tries to preserve a new-release window for a TV show.</p>
<p>Call any of this out if you want to watch a TED talk about how hard it is to stream <em>The Expanse</em> on LibreWolf. Yeah, we get it. You don&rsquo;t believe in IPR. Then shut the fuck up about IPR. Reap the whirlwind.</p>
<p>It&rsquo;s all special pleading anyways. LLMs digest code further than you do. If you don&rsquo;t believe a typeface designer can stake a moral claim on the terminals and counters of a letterform, you sure as hell can&rsquo;t be possessive about a red-black tree.</p>
<h3 id='positive-case-redux' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#positive-case-redux' aria-label='Anchor'></a><span class='plain-code'>positive case redux</span></h3>
<p>When I started writing a couple days ago, I wrote a section to &ldquo;level set&rdquo; to the state of the art of LLM-assisted programming. A bluefish filet has a longer shelf life than an LLM take. In the time it took you to read this, everything changed.</p>
<p>Kids today don&rsquo;t just use agents; they use asynchronous agents. They wake up, free-associate 13 different things for their LLMs to work on, make coffee, fill out a TPS report, drive to the Mars Cheese Castle, and then check their notifications. They&rsquo;ve got 13 PRs to review. Three get tossed and re-prompted. Five of them get the same feedback a junior dev gets. And five get merged.</p>
<p><em>&ldquo;I&rsquo;m sipping rocket fuel right now,&rdquo;</em> a friend tells me. <em>&ldquo;The folks on my team who aren&rsquo;t embracing AI? It&rsquo;s like they&rsquo;re standing still.&rdquo;</em> He&rsquo;s not bullshitting me. He doesn&rsquo;t work in SFBA. He&rsquo;s got no reason to lie.</p>
<p>There&rsquo;s plenty of things I can&rsquo;t trust an LLM with. No LLM has any of access to prod here. But I&rsquo;ve been first responder on an incident and fed 4o — not o4-mini, 4o — log transcripts, and watched it in seconds spot LVM metadata corruption issues on a host we&rsquo;ve been complaining about for months. Am I better than an LLM agent at interrogating OpenSearch logs and Honeycomb traces? No. No, I am not.</p>
<p>To the consternation of many of my friends, I&rsquo;m not a radical or a futurist. I&rsquo;m a statist. I believe in the haphazard perseverance of complex systems, of institutions, of reversions to the mean. I write Go and Python code. I&rsquo;m not a Kool-aid drinker.</p>
<p>But something real is happening. My smartest friends are blowing it off. Maybe I persuade you. Probably I don&rsquo;t. But we need to be done making space for bad arguments.</p>
<h3 id='but-im-tired-of-hearing-about-it' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-im-tired-of-hearing-about-it' aria-label='Anchor'></a><span class='plain-code'>but i&rsquo;m tired of hearing about it</span></h3>
<p>And here I rejoin your company. I read <a href='https://simonwillison.net/' title=''>Simon Willison</a>, and that&rsquo;s all I really need. But all day, every day, a sizable chunk of the front page of HN is allocated to LLMs: incremental model updates, startups doing things with LLMs, LLM tutorials, screeds against LLMs. It&rsquo;s annoying!</p>
<p>But AI is also incredibly — a word I use advisedly — important. It&rsquo;s getting the same kind of attention that smart phones got in 2008, and not as much as the Internet got. That seems about right.</p>
<p>I think this is going to get clearer over the next year. The cool kid haughtiness about &ldquo;stochastic parrots&rdquo; and &ldquo;vibe coding&rdquo; can&rsquo;t survive much more contact with reality. I&rsquo;m snarking about these people, but I meant what I said: they&rsquo;re smarter than me. And when they get over this affectation, they&rsquo;re going to make coding agents profoundly more effective than they are today.</p>
</content>
</entry>
<entry>
<title>Using Kamal 2.0 in Production</title>
<link rel="alternate" href="https://fly.io/blog/kamal-in-production/"/>
<id>https://fly.io/blog/kamal-in-production/</id>
<published>2025-05-29T00:00:00+00:00</published>
<updated>2025-06-02T20:40:48+00:00</updated>
<media:thumbnail url="https://fly.io/blog/kamal-in-production/assets/production.jpg"/>
<content type="html"><p><a href='https://pragprog.com/titles/rails8/agile-web-development-with-rails-8/' title=''>Agile Web Development with Rails 8</a> is off to production, where they do things like editing, indexing, pagination, and printing. In researching the chapter on Deployment and Production, I became very dissatisfied with the content available on Kamal. I ended up writing my own, and it went well beyond the scope of the book. I then extracted what I needed from the result and put it in the book.</p>
<p>Now that I have some spare time, I took a look at the greater work. It was more than a chapter and less than a book, so I decided to publish it <a href='https://rubys.github.io/kamal-in-production/' title=''>online</a>.</p>
<p>This took me only a matter of hours. I had my notes in the XML grammar that Pragmatic Programming uses for books. I asked GitHub Copilot to convert them to Markdown. It did the job without my having to explain the grammar. It made intelligent guesses as to how to handle footnotes and got a number of these wrong, but that was easy to fix. On a lark, I asked it to proofread the content, and it did that too.</p>
<hr>
<p>Don&rsquo;t get me wrong, Kamal is great. There are plenty of videos on how to get toy projects online, and the documentation will tell you what each field in the configuration file does. But none pull together everything you need to deploy a real project. For example, <a href='https://rubys.github.io/kamal-in-production/Assemble/' title=''>there are seven things you need to get started</a>. Some are optional, some you may already have, and all can be gathered quickly <strong class='font-semibold text-navy-950'>if you have a list</strong>.</p>
<p>Kamal is just one piece of the puzzle. To deploy your software using Kamal, you need to be aware of the vast Docker ecosystem. You will want to set up a builder, sign up for a container repository, and lock down your secrets. And as you grow, you will want a load balancer and a managed database.</p>
<p>And production is much more than copying files and starting a process. It is ensuring that your database is backed up, that your logs are searchable, and that your application is being monitored. It is also about ensuring that your application is secure.</p>
<p>My list is opinionated. Each choice has a lot of options. For SSH keys, there are a lot of key types. If you don&rsquo;t have an opinion, go with what GitHub recommends. For hosting, there are a lot of providers, and most videos start with Hetzner, which is a solid choice. But did you know that there are separate paths for Cloud and Robot, and when you would want either?</p>
<p>A list with default options and alternatives highlighted was what would have helped me get started. Now it is available to you. The <a href='https://github.com/rubys/kamal-in-production/' title=''>source is on GitHub</a>. <a href='https://creativecommons.org/public-domain/cc0/' title=''>CC0 licensed</a>. Feel free to add side pages or links to document Digital Ocean, add other monitoring tools, or simply correct a typo that GitHub Copilot and I missed (or made).</p>
<hr>
<p>And if you happen to be in the south eastern part of the US in August, come see me talk on this topic at the <a href='https://blog.carolina.codes/p/announcing-our-2025-speakers' title=''>Carolina Code Conference</a>. If you can&rsquo;t make it, the presentation will be recorded and posted online.</p>
</content>
</entry>
<entry>
<title>parking_lot: ffffffffffffffff...</title>
<link rel="alternate" href="https://fly.io/blog/parking-lot-ffffffffffffffff/"/>
<id>https://fly.io/blog/parking-lot-ffffffffffffffff/</id>
<published>2025-05-28T00:00:00+00:00</published>
<updated>2025-06-02T20:40:48+00:00</updated>
<media:thumbnail url="https://fly.io/blog/parking-lot-ffffffffffffffff/assets/ffff-cover.webp"/>
<content type="html"><div class="lead"><p>We’re Fly.io, a public cloud that runs apps in a bunch of locations all over the world. This is a post about a gnarly bug in our Anycast router, the largest Rust project in our codebase. You won’t need much of any Rust to follow it.</p>
</div>
<p>The basic idea is simple: customers give us Docker containers, and tell us which one of 30+ regions around the world they want them to run in. We convert the containers into lightweight virtual machines, and then link them to an Anycast network. If you boot up an app here in Sydney and Frankfurt, and a request for it lands in Narita, it&rsquo;ll get routed to Sydney. The component doing that work is called <code>fly-proxy</code>. It&rsquo;s a Rust program, and it has been ill behaved of late.</p>
<h3 id='dramatis-personae' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#dramatis-personae' aria-label='Anchor'></a><span class='plain-code'>Dramatis Personae</span></h3>
<p><code>fly-proxy</code>, our intrepid Anycast router.</p>
<p><code>corrosion</code>, our intrepid Anycast routing protocol.</p>
<p><code>Rust</code>, a programming language you probably don&rsquo;t use.</p>
<p><code>read-write locks</code>, a synchronization primitive that allows for many readers <em>or</em> one single writer.</p>
<p><code>parking_lot</code>, a well-regarded optimized implementation of locks in Rust.</p>
<div class="callout"><p>Gaze not into the abyss, lest you become recognized as an <strong class="font-semibold text-navy-950"><em>abyss domain expert</em></strong>, and they expect you keep gazing into the damn thing</p>
<p><em>Mathewson <a href="https://x.com/nickm_tor/status/860234274842324993?lang=en" title="">6:31</a></em></p>
</div><h3 id='anycast-routing' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#anycast-routing' aria-label='Anchor'></a><span class='plain-code'>Anycast Routing</span></h3>
<p>You already know how to build a proxy. Connection comes in, connection goes out, copy back and forth. So for the amount of time we spend writing about <code>fly-proxy</code>, you might wonder what the big deal is.</p>
<p>To be fair, in the nuts and bolts of actually proxying requests, <code>fly-proxy</code> does some interesting stuff. For one thing, it&rsquo;s <a href='https://github.com/jedisct1/yes-rs' title=''>written in Rust</a>, which is apparently a big deal all on its own. It&rsquo;s a large, asynchronous codebase that handles multiple protocols, TLS termination, and certificate issuance. It exercises a lot of <a href='https://tokio.rs/' title=''>Tokio</a> features.</p>
<p>But none of this is the hard part of <code>fly-proxy</code>.</p>
<p>We operate thousands of servers around the world. A customer Fly Machine might get scheduled onto any of them; in some places, the expectation we set with customers is that their Machines will potentially start in less than a second. More importantly, a Fly Machine can terminate instantly. In both cases, but especially the latter, <code>fly-proxy</code> potentially needs to know, so that it does (or doesn&rsquo;t) route traffic there.</p>
<p>This is the hard problem: managing millions of connections for millions of apps. It&rsquo;s a lot of state to manage, and it&rsquo;s in constant flux. We refer to this as the &ldquo;state distribution problem&rdquo;, but really, it quacks like a routing protocol.</p>
<h3 id='our-routing-protocol-is-corrosion' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#our-routing-protocol-is-corrosion' aria-label='Anchor'></a><span class='plain-code'>Our Routing Protocol is Corrosion</span></h3><div class="right-sidenote"><p>Corrosion2, to be precise.</p>
</div>
<p>We&rsquo;ve been through multiple iterations of the state management problem, and the stable place we&rsquo;ve settled is a <a href='https://github.com/superfly/corrosion' title=''>system called Corrosion</a>.</p>
<p>Corrosion is a large SQLite database mirrored globally across several thousand servers. There are three important factors that make Corrosion work:</p>
<ol>
<li>The SQLite database Corrosion replicates is CRDT-structured.
</li><li>In our orchestration model, individual worker servers are the source of truth for any Fly Machines running on them; there&rsquo;s no globally coordinated orchestration state.
</li><li>We use <a href='http://fly.io/blog/building-clusters-with-serf/#what-serf-is-doing' title=''>SWIM gossip</a> to publish updates from those workers across the fleet.
</li></ol>
<p>This works. A Fly Machine terminates in Dallas; a <code>fly-proxy</code> instance in Singapore knows within a small number of seconds.</p>
<h3 id='routing-protocol-implementations-are-hard' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#routing-protocol-implementations-are-hard' aria-label='Anchor'></a><span class='plain-code'>Routing Protocol Implementations Are Hard</span></h3>
<p>A routing protocol is a canonical example of a distributed system. We&rsquo;ve certainly hit distsys bugs in Corrosion. But this story is about basic implementation issues. </p>
<p>A globally replicated SQLite database is an awfully nice primitive, but we&rsquo;re not actually doing SQL queries every time a request lands.</p>
<p>In somewhat the same sense as a router works both with a <a href='https://www.dasblinkenlichten.com/rib-and-fib-understanding-the-terminology/' title=''>RIB and a FIB</a>, there is in <code>fly-proxy</code> a system of record for routing information (Corrosion), and then an in-memory aggregation of that information used to make fast decisions. In <code>fly-proxy</code>, that&rsquo;s called the Catalog. It&rsquo;s a record of everything in Corrosion a proxy might need to know about to forward requests.</p>
<p>Here&rsquo;s a fun bug from last year:</p>
<p>At any given point in time, there&rsquo;s a lot going on inside <code>fly-proxy</code>. It is a highly concurrent system. In particular, there are many readers to the Catalog, and also, when Corrosion updates, writers. We manage access to the Catalog with a system of <a href='https://doc.rust-lang.org/std/sync/struct.RwLock.html' title=''>read-write locks</a>.</p>
<p>Rust is big on pattern-matching; instead of control flow based (at bottom) on simple arithmetic expressions, Rust allows you to <code>match</code> exhaustively (with compiler enforcement) on the types of an expression, and the type system expresses things like <code>Ok</code> or <code>Err</code>.</p>
<p>But <code>match</code> can be cumbersome, and so there are shorthands. One of them is <code>if let</code>, which is syntax that makes a pattern match read like a classic <code>if</code> statement. Here&rsquo;s an example:</p>
<div class="highlight-wrapper group relative rust">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-zarn5q31"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-zarn5q31"><span class="k">if</span> <span class="k">let</span> <span class="p">(</span><span class="nf">Some</span><span class="p">(</span><span class="nn">Load</span><span class="p">::</span><span class="nf">Local</span><span class="p">(</span><span class="n">load</span><span class="p">)))</span> <span class="o">=</span> <span class="p">(</span><span class="o">&amp;</span><span class="k">self</span><span class="py">.load</span><span class="nf">.read</span><span class="p">()</span><span class="nf">.get</span><span class="p">(</span><span class="o">...</span><span class="p">))</span> <span class="p">{</span>
<span class="c1">// do a bunch of stuff with `load`</span>
<span class="p">}</span> <span class="k">else</span> <span class="p">{</span>
<span class="k">self</span><span class="nf">.init_for</span><span class="p">(</span><span class="o">...</span><span class="p">);</span>
<span class="p">}</span>
</code></pre>
</div>
</div>
<p>The &ldquo;if&rdquo; arm of that branch is taken if <code>self.load.read().get()</code> returns a value with the type <code>Some</code>. To retrieve that value, the expression calls <code>read()</code> to grab a lock.</p>
<div class="right-sidenote"><p>though Rust programmers probably notice the bug quickly</p>
</div>
<p>The bug is subtle: in that code, the lock <code>self.load.read().get()</code> takes is held not just for the duration of the &ldquo;if&rdquo; arm, but also for the &ldquo;else&rdquo; arm — you can think of <code>if let</code> expressions as being rewritten to the equivalent <code>match</code> expression, where that lifespan is much clearer.</p>
<p>Anyways that&rsquo;s real code and it occurred on a code path in <code>fly-proxy</code> that was triggered by a Corrosion update propagating from host to host across our fleet in millisecond intervals of time, converging quickly, like a good little routing protocol, on a global consensus that our entire Anycast routing layer should be deadlocked. Fun times.</p>
<h3 id='the-watchdog-and-regionalizing' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-watchdog-and-regionalizing' aria-label='Anchor'></a><span class='plain-code'>The Watchdog, and Regionalizing</span></h3>
<p>The experience of that Anycast outage was arresting, and immediately altered our plans. We set about two tasks, one short-term and one long.</p>
<p>In the short term: we made deadlocks nonlethal with a &ldquo;watchdog&rdquo; system. <code>fly-proxy</code> has an internal control channel (it drives a REPL operators can run from our servers). During a deadlock (or dead-loop or exhaustion), that channel becomes nonresponsive. We watch for that and bounce the proxy when it happens. A deadlock is still bad! But it&rsquo;s a second-or-two-length arrhythmia, not asystole.</p>
<p>Meanwhile, over the long term: we&rsquo;re confronting the implications of all our routing state sharing a global broadcast domain. The update that seized up Anycast last year pertained to an app nobody used. There wasn&rsquo;t any real reason for any <code>fly-proxy</code> to receive it in the first place. But in the <em>status quo ante</em> of the outage, every proxy received updates for every Fly Machine.</p>
<p>They still do. Why? Because it scales, and fixing it turns out to be a huge lift. It&rsquo;s a lift we&rsquo;re still making! It&rsquo;s just taking time. We call this effort &ldquo;regionalization&rdquo;, because the next intermediate goal is to confine most updates to the region (Sydney, Frankfurt, Dallas) in which they occur.</p>
<p>I hope this has been a satisfying little tour of the problem domain we&rsquo;re working in. We have now reached the point where I can start describing the new bug.</p>
<h3 id='new-bug-round-1-lazy-loading' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#new-bug-round-1-lazy-loading' aria-label='Anchor'></a><span class='plain-code'>New Bug, Round 1: Lazy Loading</span></h3>
<p>We want to transform our original Anycast router, designed to assume a full picture of global state, into a regionalized router with partitioned state. A sane approach: have it lazy-load state information. Then you can spare most of the state code; state for apps that never show up at a particular <code>fly-proxy</code> in, say, Hong Kong simply doesn&rsquo;t get loaded.</p>
<p>For months now, portions of the <code>fly-proxy</code> Catalog have been lazy-loaded. A few weeks ago, the decision is made to get most of the rest of the Catalog state (apps, machines, &amp;c) lazy-loaded as well. It&rsquo;s a straightforward change and it gets rolled out quickly.</p>
<p>Almost as quickly, proxies begin locking up and getting bounced by the watchdog. Not in the frightening Beijing-Olympics-level coordinated fashion that happened during the Outage, but any watchdog bounce is a problem.</p>
<p>We roll back the change.</p>
<p>From the information we have, we&rsquo;ve narrowed things down to two suspects. First, lazy-loading changes the read/write patterns and thus the pressure on the RWLocks the Catalog uses; it could just be lock contention. Second, we spot a suspicious <code>if let</code>.</p>
<h3 id='new-bug-round-2-the-lock-refactor' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#new-bug-round-2-the-lock-refactor' aria-label='Anchor'></a><span class='plain-code'>New Bug, Round 2: The Lock Refactor</span></h3>
<p>Whichever the case, there&rsquo;s a reason these proxies locked up with the new lazy-loading code, and our job is to fix it. The <code>if let</code> is easy. Lock contention is a little trickier.</p>
<p>At this point it&rsquo;s time to introduce a new character to the story, though they&rsquo;ve been lurking on the stage the whole time: it&rsquo;s <a href='https://github.com/Amanieu/parking_lot' title=''><code>parking_lot</code></a>, an important, well-regarded, and widely-used replacement for the standard library&rsquo;s lock implementation.</p>
<p>Locks in <code>fly-proxy</code> are <code>parking_lot</code> locks. People use <code>parking_lot</code> mostly because it is very fast and tight (a lock takes up just a single 64-bit word). But we use it for the feature set. The feature we&rsquo;re going to pull out this time is lock timeouts: the RWLock in <code>parking_lot</code> exposes a <a href='https://amanieu.github.io/parking_lot/parking_lot/struct.RwLock.html#method.try_write_for' title=''><code>try_write_for</code></a>method, which takes a <code>Duration</code>, after which an attempt to grab the write lock fails.</p>
<p>Before rolling out a new lazy-loading <code>fly-proxy</code>, we do some refactoring:</p>
<ul>
<li>our Catalog write locks all time out, so we&rsquo;ll get telemetry and a failure recovery path if that&rsquo;s what&rsquo;s choking the proxy to death,
</li><li>we eliminate RAII-style lock acquisition from the Catalog code (in RAII style, you grab a lock into a local value, and the lock is released implicitly when the scope that expression occurs in concludes) and replace it with explicit closures, so you can look at the code and see precisely the interval in which the lock is held, and
</li><li>since we now have code that is very explicit about locking intervals, we instrument it with logging and metrics so we can see what&rsquo;s happening.
</li></ul>
<p>We should be set. The suspicious <code>if let</code> is gone, lock acquisition can time out, and we have all this new visibility.</p>
<p>Nope. Immediately more lockups, all in Europe, especially in <code>WAW</code>.</p>
<h3 id='new-bug-round-3-telemetry-inspection' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#new-bug-round-3-telemetry-inspection' aria-label='Anchor'></a><span class='plain-code'>New Bug, Round 3: Telemetry Inspection</span></h3>
<p>That we&rsquo;re still seeing deadlocks is f&#39;ing weird. We&rsquo;ve audited all our Catalog locks. You can look at the code and see the lifespan of a grabbed lock.</p>
<p>We have a clue: our lock timeout logs spam just before a proxy locks up and is killed by the watchdog. This clue: useless. But we don&rsquo;t know that yet!</p>
<p>Our new hunch is that something is holding a lock for a very long time, and we just need to find out which thing that is. Maybe the threads updating the Catalog from Corrosion are dead-looping?</p>
<p>The instrumentation should tell the tale. But it does not. We see slow locks… just before the entire proxy locks up. And they happen in benign, quiet applications. Random, benign, quiet applications.</p>
<p><code>parking_lot</code> has a <a href='https://amanieu.github.io/parking_lot/parking_lot/deadlock/index.html' title=''>deadlock detector</a>. If you ask it, it&rsquo;ll keep a waiting-for dependency graph and detect stalled threads. This runs on its own thread, isolate outside the web of lock dependencies in the rest of the proxy. We cut a build of the proxy with the deadlock detector enabled and wait for something in <code>WAW</code> to lock up. And it does. But <code>parking_lot</code> doesn&rsquo;t notice. As far as it&rsquo;s concerned, nothing is wrong.</p>
<p>We are at this moment very happy we did the watchdog thing.</p>
<h3 id='new-bug-round-4-descent-into-madness' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#new-bug-round-4-descent-into-madness' aria-label='Anchor'></a><span class='plain-code'>New Bug, Round 4: Descent Into Madness</span></h3>
<p>When the watchdog bounces a proxy, it snaps a core dump from the process it just killed. We are now looking at core dumps. There is only one level of decompensation to be reached below &ldquo;inspecting core dumps&rdquo;, and that&rsquo;s &ldquo;blaming the compiler&rdquo;. We will get there.</p>
<p>Here&rsquo;s Pavel, at the time:</p>
<blockquote>
<p>I’ve been staring at the last core dump from <code>waw</code> . It’s quite strange.
First, there is no thread that’s running inside the critical section. Yet, there is a thread that’s waiting to acquire write lock and a bunch of threads waiting to acquire a read lock.
That’s doesn’t prove anything, of course, as a thread holding catalog write lock might have just released it before core dump was taken. But that would be quite a coincidence.</p>
</blockquote>
<p>The proxy is locked up. But there are no threads in a critical section for the catalog. Nevertheless, we can see stack traces of multiple threads waiting to acquire locks. In the moment, Pavel thinks this could be a fluke. But we&rsquo;ll soon learn that <em>every single stack trace</em> shows the same pattern: everything wants the Catalog lock, but nobody has it.</p>
<p>It&rsquo;s hard to overstate how weird this is. It breaks both our big theories: it&rsquo;s not compatible with a Catalog deadlock that we missed, and it&rsquo;s not compatible with a very slow lock holder. Like a podcast listener staring into the sky at the condensation trail of a jetliner, we begin reaching for wild theories. For instance: <code>parking_lot</code> locks are synchronous, but we&rsquo;re a Tokio application; something somewhere could be taking an async lock that&rsquo;s confusing the runtime. Alas, no.</p>
<p>On the plus side, we are now better at postmortem core dump inspection with <code>gdb</code>.</p>
<h3 id='new-bug-round-5-madness-gives-way-to-desperation' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#new-bug-round-5-madness-gives-way-to-desperation' aria-label='Anchor'></a><span class='plain-code'>New Bug, Round 5: Madness Gives Way To Desperation</span></h3>
<p>Fuck it, we&rsquo;ll switch to <code>read_recursive</code>.</p>
<p>A recursive read lock is an eldritch rite invoked when you need to grab a read lock deep in a call tree where you already grabbed that lock, but can&rsquo;t be arsed to structure the code properly to reflect that. When you ask for a recursive lock, if you already hold the lock, you get the lock again, instead of a deadlock.</p>
<p>Our theory: <code>parking_lot</code>goes through some trouble to make sure a stampede of readers won&rsquo;t starve writers, who are usually outnumbered. It prefers writers by preventing readers from acquiring locks when there&rsquo;s at least one waiting writer. And <code>read_recursive</code> sidesteps that logic.</p>
<p>Maybe there&rsquo;s some ultra-slow reader somehow not showing up in our traces, and maybe switching to recursive locks will cut through that.</p>
<p>This does not work. At least, not how we hoped it would. It does generate a new piece of evidence: <code>RwLock reader count overflow</code> log messages, and lots of them.</p>
<h3 id='there-are-things-you-are-not-meant-to-know' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#there-are-things-you-are-not-meant-to-know' aria-label='Anchor'></a><span class='plain-code'>There Are Things You Are Not Meant To Know</span></h3>
<p>You&rsquo;re reading a 3,000 word blog post about a single concurrency bug, so my guess is you&rsquo;re the kind of person who compulsively wants to understand how everything works. That&rsquo;s fine, but a word of advice: there are things where, if you find yourself learning about them in detail, something has gone wrong.</p>
<p>One of those things is the precise mechanisms used by your RWLock implementation.</p>
<p>The whole point of <code>parking_lot</code> is that the locks are tiny, marshalled into a 64 bit word. Those bits are partitioned into <a href='https://github.com/Amanieu/parking_lot/blob/master/src/raw_rwlock.rs' title=''>4 signaling bits</a> (<code>PARKED</code>, <code>WRITER_PARKED</code>, <code>WRITER</code>, and <code>UPGRADEABLE</code>) and a 60-bit counter of lock holders.</p>
<blockquote>
<p>Me, a dummy: sounds like we overflowed that counter.</p>
<p>Pavel, a genius: we are not overflowing a 60-bit counter.</p>
</blockquote>
<p>Ruling out a genuine overflow (which would require paranormal activity) leaves us with corruption as the culprit. Something is bashing our lock word. If the counter is corrupted, maybe the signaling bits are too; then we&rsquo;re in an inconsistent state, an artificial deadlock.</p>
<p>Easily confirmed. We cast the lock words into <code>usize</code> and log them. Sure enough, they&rsquo;re <code>0xFFFFFFFFFFFFFFFF</code>.</p>
<p>This is a smoking gun, because it implies all 4 signaling bits are set, and that includes <code>UPGRADEABLE</code>. Upgradeable locks are read-locks that can be &ldquo;upgraded&rdquo; to write locks. We don&rsquo;t use them.</p>
<p>This looks like classic memory corruption. But in our core dumps, memory doesn&rsquo;t appear corrupted: the only thing set all <code>FFh</code> is the lock word.</p>
<p>We compile and run our test suites <a href='https://github.com/rust-lang/miri' title=''>under <code>miri</code></a>, a Rust interpreter for its <a href='https://rustc-dev-guide.rust-lang.org/mir/index.html' title=''>MIR IR</a>. <code>miri</code> does all sorts of cool UB detection, and does in fact spot some UB in our tests, which we are at the time excited about until we deploy the fixes and nothing gets better.</p>
<p>At this point, Saleem suggests guard pages. We could <code>mprotect</code> memory pages around the lock to force a panic if a wild write hits <em>near</em> the lock word, or just allocate zero pages and check them, which we are at the time excited about until we deploy the guard pages and nothing hits them.</p>
<h3 id='the-non-euclidean-horror-at-the-heart-of-this-bug' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-non-euclidean-horror-at-the-heart-of-this-bug' aria-label='Anchor'></a><span class='plain-code'>The Non-Euclidean Horror At The Heart Of This Bug</span></h3>
<p>At this point we should recap where we find ourselves:</p>
<ul>
<li>We made a relatively innocuous change to our proxy, which caused proxies in Europe to get watchdog-killed.
</li><li>We audited and eliminated all the nasty <code>if-letses</code>.
</li><li>We replaced all RAII lock acquisitions with explicit closures, and instrumented the closures.
</li><li>We enabled <code>parking_lot</code> deadlock detection.
</li><li>We captured and analyzed core dumps for the killed proxies.
</li><li>We frantically switched to recursive read locks, which generated a new error.
</li><li>We spotted what looks like memory corruption, but only of that one tiny lock word.
</li><li>We ran our code under an IR interpreter to find UB, fixed some UB, and didn&rsquo;t fix the bug.
</li><li>We set up guard pages to catch wild writes.
</li></ul>
<p>In Richard Cook&rsquo;s essential <a href='https://how.complexsystems.fail/' title=''>&ldquo;How Complex Systems Fail&rdquo;</a>, rule #5 is that &ldquo;complex systems operate in degraded mode&rdquo;. <em>The system continues to function because it contains so many redundancies and because people can make it function, despite the presence of many flaws</em>. Maybe <code>fly-proxy</code> is now like the RBMK reactors at Chernobyl, a system that works just fine as long as operators know about and compensate for its known concurrency flaws, and everybody lives happily ever after.</p>
<div class="right-sidenote"><p>We are, in particular, running on the most popular architecture for its RWLock implementation.</p>
</div>
<p>We have reached the point where serious conversations are happening about whether we&rsquo;ve found a Rust compiler bug. Amusingly, <code>parking_lot</code> is so well regarded among Rustaceans that it&rsquo;s equally if not more plausible that Rust itself is broken.</p>
<p>Nevertheless, we close-read the RWLock implementation. And we spot this:</p>
<div class="highlight-wrapper group relative rust">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-c23zvw3n"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-c23zvw3n"><span class="k">let</span> <span class="n">state</span> <span class="o">=</span> <span class="k">self</span><span class="py">.state</span><span class="nf">.fetch_add</span><span class="p">(</span>
<span class="n">prev_value</span><span class="nf">.wrapping_sub</span><span class="p">(</span><span class="n">WRITER_BIT</span> <span class="p">|</span> <span class="n">WRITER_PARKED_BIT</span><span class="p">),</span>
<span class="nn">Ordering</span><span class="p">::</span><span class="n">Relaxed</span><span class="p">);</span>
</code></pre>
</div>
</div>
<p>This looks like gibberish, so let&rsquo;s rephrase that code to see what it&rsquo;s actually doing:</p>
<div class="highlight-wrapper group relative rust">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-oq3znyk"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-oq3znyk"><span class="k">let</span> <span class="n">state</span> <span class="o">=</span> <span class="k">self</span><span class="py">.state</span> <span class="o">&amp;</span> <span class="o">~</span><span class="p">(</span><span class="n">WRITER_BIT</span><span class="p">|</span><span class="n">WRITER_PARKED_BIT</span><span class="p">);</span>
</code></pre>
</div>
</div>
<p>If you know exactly the state of the word you&rsquo;re writing to, and you know exactly the limited set of permutations the bits of that word can take (for instance, because there&rsquo;s only 4 signaling bits), then instead of clearing bit by fetching a word, altering it, and then storing it, you can clear them <em>atomically</em> by adding the inverse of those bits to the word.</p>
<p>This pattern is self-synchronizing, but it relies on an invariant: you&rsquo;d better be right about the original state of the word you&rsquo;re altering. Because if you&rsquo;re wrong, you&rsquo;re adding a very large value to an uncontrolled value.</p>
<p>In <code>parking_lot</code>, say we have <code>WRITER</code> and <code>WRITER_PARKED</code> set: the state is <code>0b1010</code>. <code>prev_value</code>, the state of the lock word when the lock operation started, is virtually always 0, and that&rsquo;s what we&rsquo;re counting on. <code>prev_value.wrapping_sub()</code>then calculates <code>0xFFFFFFFFFFFFFFF6</code>, which exactly cancels out the <code>0b1010</code> state, leaving 0.</p>
<div class="right-sidenote"><p>As a grace note, the locking code manages to set that one last unset bit before the proxy deadlocks.</p>
</div>
<p>Consider though what happens if one of those bits isn&rsquo;t set: state is <code>0b1000</code>. Now that add doesn&rsquo;t cancel out; the final state is instead <code>0xFFFFFFFFFFFFFFFE</code>. The reader count is completely full and can&rsquo;t be decremented, and all the waiting bits are set so nothing can happen on the lock.</p>
<p><code>parking_lot</code> is a big deal and we&rsquo;re going to be damn sure before we file a bug report. Which doesn&rsquo;t take long; Pavel reproduces the bug in a minimal test case, with a forked version of <code>parking_lot</code> that confirms and logs the condition.</p>
<p><a href='https://github.com/Amanieu/parking_lot/issues/465' title=''>The <code>parking_lot</code> team quickly confirms</a> and fixes the bug.</p>
<h3 id='ex-insania-claritas' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#ex-insania-claritas' aria-label='Anchor'></a><span class='plain-code'>Ex Insania, Claritas</span></h3>
<p>Here&rsquo;s what we now know to have been happening:</p>
<ol>
<li>Thread 1 grabs a read lock.
</li><li>Thread 2 tries to grab a write lock, with a <code>try_write_for</code> timeout; it&rsquo;s &ldquo;parked&rdquo; waiting for the reader, which sets <code>WRITER</code> and <code>WRITER_PARKED</code> on the raw lock word.
</li><li>Thread 1 releases the lock, unparking a waiting writer, which unsets <code>WRITER_PARKED</code>.
</li><li>Thread 2 wakes, but not for the reason it thinks: the timing is such that it thinks the lock has timed out. So it tries to clear both <code>WRITER</code> and <code>WRITER_PARKED</code> — a bitwise &ldquo;double free&rdquo;. Lock: corrupted. Computer: over.
</li></ol>
<p><a href='https://github.com/Amanieu/parking_lot/pull/466' title=''>The fix is simple</a>: the writer bit is cleared separately in the same wakeup queue as the reader. The fix is deployed, the lockups never recur.</p>
<p>At a higher level, the story is this:</p>
<ol>
<li>We&rsquo;re refactoring the proxy to regionalize it, which changes the pattern of readers and writers on the catalog.
</li><li>As we broaden out lazy loads, we introduce writer contention, a classic concurrency/performance debugging problem. It looks like a deadlock at the time! It isn&rsquo;t.
</li><li><code>try_write_for</code> is a good move: we need tools to manage contention.
</li><li>But now we&rsquo;re on a buggy code path in <code>parking_lot</code> — we don&rsquo;t know that and can&rsquo;t understand it until we&rsquo;ve lost enough of our minds to second-guess the library.
</li><li>We stumble on the bug out of pure dumb luck by stabbing in the dark with <code>read_recursive</code>.
</li></ol>
<p>Mysteries remain. Why did this only happen in <code>WAW</code>? Some kind of crazy regional timing thing? Something to do with the Polish <em>kreska</em> diacritic that makes L&rsquo;s sound like W&rsquo;s? The wax and wane of caribou populations? Some very high-traffic APIs local to these regions? All very plausible.</p>
<p>We&rsquo;ll never know because we fixed the bug.</p>
<p>But we&rsquo;re in a better place now, even besides the bug fix:</p>
<ul>
<li>we audited all our catalog locking, got rid of all the iflets, and stopped relying on RAII lock guards.
</li><li>the resulting closure patterns gave us lock timing metrics, which will be useful dealing with future write contention
</li><li>all writes are now labeled, and we emit labeled logs on slow writes, augmented with context data (like app IDs) where we have it
</li><li>we also now track the last and current holder of the write lock, augmented with context information; next time we have a deadlock, we should have all the information we need to identify the actors without <code>gdb</code> stack traces.
</li></ul>
</content>
</entry>
<entry>
<title>Litestream: Revamped</title>
<link rel="alternate" href="https://fly.io/blog/litestream-revamped/"/>
<id>https://fly.io/blog/litestream-revamped/</id>
<published>2025-05-20T00:00:00+00:00</published>
<updated>2025-05-22T19:59:27+00:00</updated>
<media:thumbnail url="https://fly.io/blog/litestream-revamped/assets/litestream-revamped.png"/>
<content type="html"><div class="lead"><p><a href="https://litestream.io/" title="">Litestream</a> is an open-source tool that makes it possible to run many kinds of full-stack applications on top of SQLite by making them reliably recoverable from object storage. This is a post about the biggest change we’ve made to it since I launched it.</p>
</div>
<p>Nearly a decade ago, I got a bug up my ass. I wanted to build full-stack applications quickly. But the conventional n-tier database design required me to do sysadmin work for each app I shipped. Even the simplest applications depended on heavy-weight database servers like Postgres or MySQL.</p>
<p>I wanted to launch apps on SQLite, because SQLite is easy. But SQLite is embedded, not a server, which at the time implied that the data for my application lived (and died) with just one server.</p>
<p>So in 2020, I wrote <a href='https://litestream.io/' title=''>Litestream</a> to fix that.</p>
<p>Litestream is a tool that runs alongside a SQLite application. Without changing that running application, it takes over the WAL checkpointing process to continuously stream database updates to an S3-compatible object store. If something happens to the server the app is running on, the whole database can efficiently be restored to a different server. You might lose servers, but you won&rsquo;t lose your data.</p>
<p>Litestream worked well. So we got ambitious. A few years later, we built <a href='https://github.com/superfly/litefs' title=''>LiteFS</a>. LiteFS takes the ideas in Litestream and refines them, so that we can do read replicas and primary failovers with SQLite. LiteFS gives SQLite the modern deployment story of an n-tier database like Postgres, while keeping the database embedded.</p>
<p>We like both LiteFS and Litestream. But Litestream is the more popular project. It&rsquo;s easier to deploy and easier to reason about.</p>
<p>There are some good ideas in LiteFS. We&rsquo;d like Litestream users to benefit from them. So we&rsquo;ve taken our LiteFS learnings and applied them to some new features in Litestream.</p>
<h2 id='point-in-time-restores-but-fast' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#point-in-time-restores-but-fast' aria-label='Anchor'></a><span class='plain-code'>Point-in-time restores, but fast</span></h2>
<p><a href='https://fly.io/blog/all-in-on-sqlite-litestream/' title=''>Here&rsquo;s how Litestream was originally designed</a>: you run <code>litestream</code> against a SQLite database, and it opens up a long-lived read transaction. This transaction arrests SQLite WAL checkpointing, the process by which SQLite consolidates the WAL back into the main database file. Litestream builds a &ldquo;shadow WAL&rdquo; that records WAL pages, and copies them to S3.</p>
<p>This is simple, which is good. But it can also be slow. When you want to restore a database, you have have to pull down and replay every change since the last snapshot. If you changed a single database page a thousand times, you replay a thousand changes. For databases with frequent writes, this isn&rsquo;t a good approach.</p>
<p>In LiteFS, we took a different approach. LiteFS is transaction-aware. It doesn&rsquo;t simply record raw WAL pages, but rather ordered ranges of pages associated with transactions, using a file format we call <a href='https://github.com/superfly/ltx' title=''>LTX</a>. Each LTX file represents a sorted changeset of pages for a given period of time.</p>
<p><img alt="a simple linear LTX file with 8 pages between 1 and 21" src="/blog/litestream-revamped/assets/linear-ltx.png" /></p>
<p>Because they are sorted, we can easily merge multiple LTX files together and create a new LTX file with only the latest version of each page.</p>
<p><img alt="merging three LTX files into one" src="/blog/litestream-revamped/assets/merged-ltx.png" /></p>
<div class="right-sidenote"><p>This is similar to how an <a href="https://en.wikipedia.org/wiki/Log-structured_merge-tree" title="">LSM tree</a> works.</p>
</div>
<p>This process of combining smaller time ranges into larger ones is called <em>compaction</em>. With it, we can replay a SQLite database to a specific point in time, with a minimal duplicate pages.</p>
<h2 id='casaas-compare-and-swap-as-a-service' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#casaas-compare-and-swap-as-a-service' aria-label='Anchor'></a><span class='plain-code'>CASAAS: Compare-and-Swap as a Service</span></h2>
<p>One challenge Litestream has to deal with is desynchronization. Part of the point of Litestream is that SQLite applications don&rsquo;t have to be aware of it. But <code>litestream</code> is just a process, running alongside the application, and it can die independently. If <code>litestream</code> is down while database changes occur, it will miss changes. The same kind of problem occurs if you start replication from a new server.</p>
<p>Litestream needs a way to reset the replication stream from a new snapshot. How it does that is with &ldquo;generations&rdquo;. <a href='https://litestream.io/how-it-works/#snapshots--generations' title=''>A generation</a> represents a snapshot and a stream of WAL updates, uniquely identified. Litestream notices any break in its WAL sequence and starts a new generation, which is how it recovers from desynchronization.</p>
<p>Unfortunately, storing and managing multiple generations makes it difficult to implement features like failover and read-replicas.</p>
<p>The most straightforward way around this problem is to make sure only one instance of Litestream can replication to a given destination. If you can do that, you can store just a single, latest generation. That in turn makes it easy to know how to resync a read replica; there&rsquo;s only one generation to choose from.</p>
<p>In LiteFS, we solved this problem by using Consul, which guaranteed a single leader. That requires users to know about Consul. Things like &ldquo;requiring Consul&rdquo; are probably part of the reason Litestream is so much more popular than LiteFS.</p>
<p>In Litestream, we&rsquo;re solving the problem a different way. Modern object stores like S3 and Tigris solve this problem for us: they now offer <a href='https://aws.amazon.com/about-aws/whats-new/2024/11/amazon-s3-functionality-conditional-writes/' title=''>conditional write support</a>. With conditional writes, we can implement a time-based lease. We get essentially the same constraint Consul gave us, but without having to think about it or set up a dependency.</p>
<p>In the immediacy, this will mean you can run Litestream with ephemeral nodes, with overlapping run times, and even if they&rsquo;re storing to the same destination, they won&rsquo;t confuse each other.</p>
<h2 id='lightweight-read-replicas' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#lightweight-read-replicas' aria-label='Anchor'></a><span class='plain-code'>Lightweight read replicas</span></h2>
<p>The original design constraint of both Litestream and LiteFS was to extend SQLite, to modern deployment scenarios, without disturbing people&rsquo;s built code. Both tools are meant to function even if applications are oblivious to them.</p>
<p>LiteFS is more ambitious than Litestream, and requires transaction-awareness. To get that without disturbing built code, we use a cute trick (a.k.a. a gross hack): LiteFS provides a FUSE filesystem, which lets it act as a proxy between the application and the backing store. From that vantage point, we can easily discern transactions.</p>
<p>The FUSE approach gave us a lot of control, enough that users could use SQLite replicas just like any other database. But installing and running a whole filesystem (even a fake one) is a lot to ask of users. To work around that problem, we relaxed a constraint: LiteFS can function without the FUSE filesystem if you load an extension into your application code, <a href='https://github.com/superfly/litevfs' title=''>LiteVFS</a>. LiteVFS is a <a href='https://www.sqlite.org/vfs.html' title=''>SQLite Virtual Filesystem</a> (VFS). It works in a variety of environments, including some where FUSE can&rsquo;t, like in-browser WASM builds.</p>
<p>What we&rsquo;re doing next is taking the same trick and using it on Litestream. We&rsquo;re building a VFS-based read-replica layer. It will be able to fetch and cache pages directly from S3-compatible object storage.</p>
<p>Of course, there&rsquo;s a catch: this approach isn&rsquo;t as efficient as a local SQLite database. That kind of efficiency, where you don&rsquo;t even need to think about N+1 queries because there&rsquo;s no network round-trip to make the duplicative queries pile up costs, is part of the point of using SQLite.</p>
<p>But we&rsquo;re optimistic that with cacheing and prefetching, the approach we&rsquo;re using will yield, for the right use cases, strong performance — all while serving SQLite reads hot off of Tigris or S3.</p>
<figure class="post-cta">
<figcaption>
<h1>Litestream is fully open source</h1>
<p>It&rsquo;s not coupled with Fly.io at all; you can use it anywhere.</p>
<a class="btn btn-lg" href="https://litestream.io/">
Check it out <span class='opacity-50'>→</span>
</a>
</figcaption>
<div class="image-container">
<img src="/static/images/cta-kitty.webp" srcset="/static/images/[email protected] 2x" alt="">
</div>
</figure>
<h2 id='synchronize-lots-of-databases' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#synchronize-lots-of-databases' aria-label='Anchor'></a><span class='plain-code'>Synchronize Lots Of Databases</span></h2>
<p>While we&rsquo;ve got you here: we&rsquo;re knocking out one of our most requested features.</p>
<p>In the old Litestream design, WAL-change polling and slow restores made it infeasible to replicate large numbers of databases from a single process. That has been our answer when users ask us for a &ldquo;wildcard&rdquo; or &ldquo;directory&rdquo; replication argument for the tool.</p>
<p>Now that we&rsquo;ve switched to LTX, this isn&rsquo;t a problem any more. It should thus be possible to replicate <code>/data/*.db</code>, even if there&rsquo;s hundreds or thousands of databases in that directory.</p>
<h2 id='we-still-sqlite' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#we-still-sqlite' aria-label='Anchor'></a><span class='plain-code'>We Still ❤️ SQLite</span></h2>
<p>SQLite has always been a solid database to build on and it&rsquo;s continued to find new use cases as the industry evolves. We&rsquo;re super excited to continue to build Litestream alongside it.</p>
<p>We have a sneaking suspicion that the robots that write LLM code are going to like SQLite too. We think what <a href='https://phoenix.new/' title=''>coding agents like Phoenix.new</a> want is a way to try out code on live data, screw it up, and then rollback <em>both the code and the state.</em> These Litestream updates put us in a position to give agents PITR as a primitive. On top of that, you can build both rollbacks and forks.</p>
<p>Whether or not you&rsquo;re drinking the AI kool-aid, we think this new design for Litestream is just better. We&rsquo;re psyched to be rolling it out, and for the features it&rsquo;s going to enable.</p>
</content>
</entry>
<entry>
<title>Launching MCP Servers on Fly.io</title>
<link rel="alternate" href="https://fly.io/blog/mcp-launch/"/>
<id>https://fly.io/blog/mcp-launch/</id>
<published>2025-05-19T00:00:00+00:00</published>
<updated>2025-05-22T19:59:27+00:00</updated>
<media:thumbnail url="https://fly.io/blog/mcp-launch/assets/fly-mcp-launch.png"/>
<content type="html"><div class="lead"><p>This is a blog post. Part showing off. Part opinion. Plan accordingly.</p>
</div>
<p>The <a href='https://www.anthropic.com/news/model-context-protocol' title=''>Model Context Protocol</a> is days away from turning six months old. You read that right, six <em>months</em> old. MCP Servers have both taken the world by storm, and still trying to figure out what they want to be when they grow up.</p>
<p>There is no doubt that MCP servers are useful. But their appeal goes beyond that. They are also simple and universal. What&rsquo;s not to like?</p>
<p>Well, for starters, there&rsquo;s basically two types of MCP servers. One small and nimble that runs as a process on your machine. And one that is a HTTP server that runs presumably elsewhere and is <a href='https://modelcontextprotocol.io/specification/2025-03-26/basic/authorization' title=''>standardizing</a> on OAuth 2.1. And there is a third type, but it is deprecated.</p>
<p>Next there is the configuration. Asking users to manually edit JSON seems so early 21th century. With Claude, this goes into <code>~/Library/Application Support/Claude/claude_desktop_config.json</code>, and is found under a <code>MCPServer</code> key. With Zed, this file is in <code>~/.config/zed/settings.json</code> and is found under a <code>context_servers</code> key. And some tools put these files in a different place depending on whether you are running on MacOS, Linux, or Windows.</p>
<p>Finally, there is security. An MCP server running on your machine literally has access to everything you do. Running remote solves this problem, but did I mention <a href='https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-12' title=''>OAuth 2.1</a>? Not exactly something one sets up for casual use.</p>
<p>None of these issues are fatal - something that is obvious by the fact that MCP servers are quite popular. But can we do better? I think so.</p>
<hr>
<p>Demo time.</p>
<p>Let&rsquo;s try out the <a href='https://github.com/modelcontextprotocol/servers/blob/main/src/slack/README.md' title=''>Slack MCP Server</a>:</p>
<blockquote>
<p>MCP Server for the Slack API, enabling Claude to interact with Slack workspaces.</p>
</blockquote>
<p>That certainly sounds like a good test case. There is a small amount of <a href='https://github.com/modelcontextprotocol/servers/blob/main/src/slack/README.md#setup' title=''>setup</a> you need to do, and when you are done you end up with a <em>Bot User OAuth Token</em> staring with <code>xoxb-</code> and a <em>Team ID</em> starting with a <code>T</code>.</p>
<p>You <em>would</em> run it using the following:</p>
<div class="highlight-wrapper group relative sh">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-ievvjhpo"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-ievvjhpo">npx <span class="nt">-y</span> @modelcontextprotocol/server-slack
</code></pre>
</div>
</div>
<p>But instead, you convert that command to JSON and find the right configuration file and put this information in there. And either run the slack MCP server locally or set up a server with or without authentication.</p>
<p>Wouldn&rsquo;t it be nice to have the simplicity of a local process, the security of a remote server, and to eliminate the hassle of manually editing JSON?</p>
<p>Here&rsquo;s our current thinking:</p>
<div class="highlight-wrapper group relative sh">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-gdwhiyfl"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-gdwhiyfl">fly mcp launch <span class="se">\</span>
<span class="s2">"npx -y @modelcontextprotocol/server-slack"</span> <span class="se">\</span>
<span class="nt">--claude</span> <span class="nt">--server</span> slack <span class="se">\</span>
<span class="nt">--secret</span> <span class="nv">SLACK_BOT_TOKEN</span><span class="o">=</span>xoxb-your-bot-token <span class="se">\</span>
<span class="nt">--secret</span> <span class="nv">SLACK_TEAM_ID</span><span class="o">=</span>T01234567
</code></pre>
</div>
</div>
<p>You can put this all on one line if you like, I just split this up so it fits on small screens and so we can talk about the various parts.</p>
<p>The first three words seem reasonable. The quoted string is just the command that we want to run. So lets talk about the four flags. The first tells us which tool&rsquo;s configuration file we want to update. The second specifies the name to use for the server in that configuration file. The last two set secrets.</p>
<p>Oh, did I say current thinking? Perhaps I should mention that it is something you can run right now, as long as you have flyctl <code>v0.3.125</code> or later. Complete with the options you would expect from Fly.io, like the ability to configure auto-stop, file contents, flycast, secrets, region, volumes, and VM sizes.</p>
<p>And, hey, lookie there:</p>
<p><img alt="testing, testing, 1, 2, 3" src="/blog/mcp-launch/assets/mcp-slack.png" /></p>
<p>Support for Claude, Cursor, Neovim, VS Code, Windsurf, and Zed are built in. You can select multiple clients and configuration files.</p>
<p>By default, bearer token authentication will be set up on both the server and client.</p>
<p>You can find the complete set of options on our <a href='https://fly.io/docs/flyctl/mcp-launch/' title=''><code>fly mcp launch</code></a> docs page.</p>
<hr>
<p>But this post isn&rsquo;t just about experimental demoware that is subject to change.
It is about the depth of support that we are rapidly bringing online, including:</p>
<ul>
<li>Support for all transports, not just the ones we recommend.
</li><li>Ability to deploy using the command line or the Machines API, with a number of different options that allow you to chose between elegant simplicity and excruciating precise control.
</li><li>Ability to deploy each MCP server to a separate Machine, container, or even inside your application.
</li><li>Access via HTTP Authorization, wireguard tunnels and flycast, or reverse proxies.
</li></ul>
<p>You can see all this spelled out in our <a href='https://fly.io/docs/mcp/' title=''>docs</a>. Be forewarned, most pages are marked as <em>beta</em>. But the examples provided all work. Well, there may be a bug here or there, but the examples <em>as shown</em> are thought to work. Maybe.</p>
<p>Let&rsquo;s figure out the ideal ergonomics of deploying MCP servers remotely together!</p>
</content>
</entry>
<entry>
<title>Provisioning Machines using MCPs</title>
<link rel="alternate" href="https://fly.io/blog/mcp-provisioning/"/>
<id>https://fly.io/blog/mcp-provisioning/</id>
<published>2025-05-07T00:00:00+00:00</published>
<updated>2025-05-22T19:59:27+00:00</updated>
<media:thumbnail url="https://fly.io/blog/mcp-provisioning/assets/Hello.webp"/>
<content type="html"><div class="lead"><p>Today’s state of the art is K8S, Terraform, web based UIs, and CLIs. Those days are numbered.</p>
</div>
<p>On Monday, I created my first fly volume using an <a href='https://modelcontextprotocol.io/introduction' title=''>MCP</a>. For those who don&rsquo;t know what MCPs are, they are how you attach tools to <a href='https://en.wikipedia.org/wiki/Large_language_model' title=''>LLM</a>s like Claude or Cursor. I added support for
<a href='https://fly.io/docs/flyctl/volumes-create/' title=''>fly volume create</a> to <a href='https://fly.io/docs/flyctl/mcp-server/' title=''>fly mcp server</a>, and it worked the first time.
A few hours later, and with the assistance of GitHub Copilot, i added support for all <a href='https://fly.io/docs/flyctl/volumes/' title=''>fly volumes</a> commands.</p>
<hr>
<div class="right-sidenote"><p>This movie summary is from <a href="https://collidecolumn.wordpress.com/2013/08/04/when-worlds-collide-77-talking-with-computers-beyond-mouse-and-keyboard/">When Worlds Collide, by Nalaka Gunawardene</a></p>
</div>
<p>I&rsquo;m reminded of the memorable scene in the film <a href='http://en.wikipedia.org/wiki/Star_Trek_IV:_The_Voyage_Home' title=''>Star Trek IV: The Voyage Home</a> (1986). Chief Engineer Scotty, having time-travelled 200 years back to late 20th century San Francisco with his crew mates, encounters an early Personal Computer (PC).</p>
<p>Sitting in front of it, he addresses the machine affably as “Computer!” Nothing happens. Scotty repeats himself; still no response. He doesn’t realise that voice recognition capability hadn’t arrived yet.</p>
<p>Exasperated, he picks up the mouse and speaks into it: “Hello, computer?” The computer’s owner offers helpful advice: “Just use the keyboard.”</p>
<p>Scotty looks astonished. “A keyboard?” he asks, and adds in a sarcastic tone: “How quaint!”</p>
<hr>
<p>A while later, I asked for a list of volumes for an existing app, and Claude noted that I had a few volumes that weren&rsquo;t attached to any machines. So I asked it to delete the oldest unattached volume, and it did so. Then it occurred to me to do it again; this time I captured the screen:</p>
<div align="center"><p><img alt="Deleting a volume using MCP: &quot;What is my oldest volume&quot;? ... &quot;Delete that volume too&quot;" src="/blog/mcp-provisioning/assets/volume-delete.png"></p>
</div>
<p>A few notes:</p>
<ul>
<li>I could have written a program using the <a href='https://fly.io/docs/machines/api/volumes-resource/' title=''>machines API</a>, but that would have required some effort.
</li><li>I could have used <a href='https://fly.io/docs/flyctl/volumes/' title=''>flyctl</a> directly, but to be honest, I would have had to use the documentation and a bit of copy/pasting of arguments.
</li><li>I could have navigated to a list of volumes for this application in the Fly.io dashboard, but there currently isn&rsquo;t any way to sort the list or delete a volume. Had those been in place, that would have been a reasonable alternative if that was something I was actively looking for. This felt different to me, the LLM noted something, brought it to my attention, and I asked it to make a change as a result.
</li><li>Since this support is built on <code>flyctl</code>, I would have received an error had I tried to destroy a volume that is currently mounted. Knowing that gave me the confidence to try the command.
</li></ul>
<p>All in all, I found it to be a very intuitive way to make changes to the resources assigned to my application.</p>
<hr>
<p>Imagine a future where you say to your favorite LLM &ldquo;launch my application on Fly.io&rdquo;, and your code is scanned and you are presented with a plan containing details such as regions, databases, s3 storage, memory, machines, and the like. You are given the opportunity to adjust the plan and, when ready, say &ldquo;Make it so&rdquo;.</p>
<p>For many, the next thing you will see is that your application is up and running. For others, there may be a build error, a secret you need to set, a database that needs to be seeded, or any number of other mundane reasons why your application didn&rsquo;t work the first time.</p>
<p>Not to fear, your LLM will be able to examine your logs and will not only make suggestions as to next steps, but will be in a position to take actions on your behalf should you wish it to do so.</p>
<p>And it doesn&rsquo;t stop there. There will be MCP servers running on your Fly.io private network - either on separate machines, or in &ldquo;sidecar&rdquo; containers, or even integrated into your app. These will enable you to monitor and interact with your application.</p>
<p>This is not science fiction. The ingredients are all in place to make this a reality. At the moment, it is a matter of &ldquo;some assembly required&rdquo;, but it should only be a matter of weeks before all this comes together into a neat package..</p>
<hr>
<p>Meanwhile, you can try this now. Make sure you run <a href='https://fly.io/docs/flyctl/version-upgrade/' title=''>fly version upgrade</a> and verify that you are running v0.3.117.</p>
<p>Then configure your favorite LLM. Here’s my <code>claude_desktop_config.json</code> for example:</p>
<div class="highlight-wrapper group relative json">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-awl37mlq"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-awl37mlq"><span class="p">{</span><span class="w">
</span><span class="nl">"mcpServers"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"fly.io"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"command"</span><span class="p">:</span><span class="w"> </span><span class="s2">"/Users/rubys/.fly/bin/flyctl"</span><span class="p">,</span><span class="w">
</span><span class="nl">"args"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"mcp"</span><span class="p">,</span><span class="w"> </span><span class="s2">"server"</span><span class="w"> </span><span class="p">]</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre>
</div>
</div>
<p>Adjust the path to <code>flyctl</code> as needed. Restart your LLM, and ask what tools are available. Try a few commands and let us know what you like and let us know if you have any suggestions. Just be aware this is not a demo, if you ask it to destroy a volume, that operation is not reversable. Perhaps try this first on a throwaway application.</p>
<p>You don&rsquo;t even need a LLM to try out the flyctl MCP server. If you have Node.js installed, you can run the <a href='https://modelcontextprotocol.io/docs/tools/inspector' title=''>MCP Inspector</a>:</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-n7f3kmkb"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-n7f3kmkb">fly mcp server -i
</code></pre>
</div>
</div>
<p>Once started, visit <a href="http://127.0.0.1:6274/">http://127.0.0.1:6274/</a>, click on &ldquo;Connect&rdquo;, then &ldquo;List Tools&rdquo;, select &ldquo;fly-platform-status&rdquo;, then click on &ldquo;Run Tool&rdquo;.</p>
<p>The plan is to see what works well and what doesn&rsquo;t work so well, make adjustments, build support in a bottoms up fashion, and iterate rapidly.</p>
<p>By providing feedback, you can be a part of making this vision a reality.</p>
<hr>
<p>At the present time, <em>most</em> of the following are roughed in:</p>
<ul>
<li><a href='https://fly.io/docs/flyctl/apps/' title=''>apps</a>
</li><li><a href='https://fly.io/docs/flyctl/logs/' title=''>logs</a>
</li><li><a href='https://fly.io/docs/flyctl/machine/' title=''>machine</a>
</li><li><a href='https://fly.io/docs/flyctl/orgs/' title=''>orgs</a>
</li><li><a href='https://fly.io/docs/flyctl/platform/' title=''>platform</a>
</li><li><a href='https://fly.io/docs/flyctl/status/' title=''>status</a>
</li><li><a href='https://fly.io/docs/flyctl/volumes/' title=''>volumes</a>
</li></ul>
<p>The code is open source, and the places to look is at <a href='https://github.com/superfly/flyctl/blob/master/internal/command/mcp/server.go' title=''>server.go</a> and the <a href='https://github.com/superfly/flyctl/tree/master/internal/command/mcp/server' title=''>server</a> directory.</p>
<p>Feel free to open <a href='https://github.com/superfly/flyctl/issues' title=''>issues</a> or start a discussion on <a href='https://community.fly.io/' title=''>community.fly.io</a>.</p>
<hr>
<p>Not ready yet to venture into the world of LLMs? Just remember, resistance is futile.</p>
</content>
</entry>
<entry>
<title>30 Minutes With MCP and flyctl</title>
<link rel="alternate" href="https://fly.io/blog/30-minute-mcp/"/>
<id>https://fly.io/blog/30-minute-mcp/</id>
<published>2025-04-10T00:00:00+00:00</published>
<updated>2025-04-10T19:10:26+00:00</updated>
<media:thumbnail url="https://fly.io/blog/30-minute-mcp/assets/robots-chatting.webp"/>
<content type="html"><div class="lead"><p>I wrote this post on our internal message board, and then someone asked, “why is this an internal post and not on our blog”, so now it is.</p>
</div><div class="right-sidenote"><p>well, Cursor built</p>
</div>
<p>I built the <a href='https://github.com/superfly/flymcp' title=''>most basic MCP server for <code>flyctl</code></a> I could think of. It took 30 minutes.</p>
<p><a href='https://modelcontextprotocol.io/introduction' title=''>MCP</a>, for those unaware, is the emerging standard protocol for connecting an LLM (or an app that drives an LLM in the cloud, like Claude Desktop) to, well, anything. The &ldquo;client&rdquo; in MCP is the LLM; the &ldquo;server&rdquo; is the MCP server and the &ldquo;tools&rdquo; it exports. It mostly just defines an exchange of JSON blobs; one of those JSON blobs enables the LLM to discover all the tools exported by the server.</p>
<p>A classic example of an MCP server is (yes, really) a Python shell. MCP publishes to (say) Claude that it can run arbitrary Python code with a tool call; not only that, says the tool description, but you can use those Python tool calls to, say, scrape the web. When the LLM wants to scrape the web with Python, it uses MCP send a JSON blob describing the Python tool call; the MCP server (yes, really) runs the Python and returns the result.</p>
<p>Because I have not yet completely lost my mind, I chose to expose just two <code>flyctl</code> commands: <code>fly logs</code> and <code>fly status</code>. Because I&rsquo;m lazy, I used MCP&rsquo;s <code>stdio</code> mode; the MCP server just captures the output of <code>flyctl</code>. Because someone already wrote a <a href='https://github.com/mark3labs/mcp-go' title=''>really good Go MCP library</a> , this whole thing is like 90 lines of code.</p>
<div class="callout"><p>We may have gotten a little lucky, because we made a decision back in 2020 to give most of our <code>flyctl</code> commands a <code>json</code> mode to make them easier to drive from automation. I use that in my MCP server. I don’t know how much of a difference it made.</p>
</div>
<p>It&rsquo;s, uh, annoyingly useful.</p>
<p>I loaded it up and pointed it <a href='https://www.unpkg.com/' title=''>at unpkg</a>. I got this, from Claude:</p>
<blockquote>
<p>This appears to be a globally distributed CDN service running the unpkg JavaScript package registry, with machines strategically placed around the world to provide low-latency access. There are some stability issues with a couple of the machines, and several have experienced memory-related crashes that triggered automatic restarts. </p>
</blockquote>
<p>It then recited the complete configuration of the application:</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-rphnl8mk"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-rphnl8mk">**App Name**: unpkg
**Status**: Deployed and running
**URL**: unpkg.fly.dev
**Organization**: unpkg
**Platform Version**: machines
**Runtime**: Bun (JavaScript runtime)
The app is running on 10 machines distributed across global regions:
North America: lax (Los Angeles), atl (Atlanta), ewr (Newark)
Europe: lhr (London), cdg (Paris), ams (Amsterdam)
Asia: sin (Singapore), nrt (Tokyo), hkg (Hong Kong)
South America: bog (Bogotá)
Oceania: syd (Sydney)
</code></pre>
</div>
</div>
<p>OK. But then:</p>
<blockquote>
<p>Most machines are in “passing” health check status
2 machines are in “critical” status:
One in ewr (Newark) with “context deadline exceeded” error
One in atl (Atlanta) with “gone” status</p>
<p>Recent Events</p>
<p>Multiple machines have experienced restarts
Several machines show “oom_killed: true” in their event history, indicating they ran out of memory</p>
</blockquote>
<p>So I asked, <em>&ldquo;try getting logs for one of the critical machines&rdquo;</em>.</p>
<blockquote>
<p>The root cause appears to be memory usage - the Bun process was consuming about 3.7GB of memory (out of the 4GB allocated to the machine), and there was likely a surge in requests or memory usage that pushed it over the limit. This matches what we saw in the status report, which showed multiple instances of “oom_killed: true” in the event history for several machines.</p>
</blockquote>
<p>And then it dug in:</p>
<blockquote>
<ol>
<li>The machine was actively serving content requests with 200 OK responses until 20:47:03 PM
</li><li>At that point, it ran out of memory:
<code>Out of memory: Killed process 641 (bun) total-vm:85950964kB, anon-rss:3744352kB, file-rss:12032kB, shmem-rss:0kB, UID:0 pgtables:16908kB oom_score_adj:0</code>
</li><li>The process was killed with <code>SIGKILL</code>
</li><li>The system attempted to recover by restarting:
<code>reboot: Restarting system</code>
</li><li>A health check failed shortly after:
<code>Health check on port 3000 has failed. Your app is not responding properly. Services exposed on ports [80, 443] will have intermittent failures until the health check passes.</code>
</li><li>The machine then restarted successfully and the service came back up:
<code>Server listening on http://localhost:3000 ...</code>
</li><li>The health check started passing again at 20:47:46 PM:
<code>Health check on port 3000 is now passing.</code>
</li><li>The machine resumed normal operations, serving requests.
</li></ol>
</blockquote>
<p>I’m honestly kind of surprised how fast this was useful. It&rsquo;s faster than I find problems in apps. Just by giving some LLM some tools that do basically what I’d do.</p>
<p>Local MCP servers are scary. I don&rsquo;t like that I&rsquo;m giving a Claude instance in the cloud the ability to run a native program on my machine. I think <code>fly logs</code> and <code>fly status</code> are safe, but I&rsquo;d rather know it&rsquo;s safe. It would be, if I was running <code>flyctl</code> in an isolated environment and not on my local machine.</p>
</content>
</entry>
<entry>
<title>Our Best Customers Are Now Robots</title>
<link rel="alternate" href="https://fly.io/blog/fuckin-robots/"/>
<id>https://fly.io/blog/fuckin-robots/</id>
<published>2025-04-08T00:00:00+00:00</published>
<updated>2025-04-10T19:10:26+00:00</updated>
<media:thumbnail url="https://fly.io/blog/fuckin-robots/assets/robot-chef.webp"/>
<content type="html"><div class="lead"><p>We’re Fly.io, a developer-focused public cloud. We turn Docker containers into hardware-isolated virtual machines running on our own metal around the world. We spent years coming up with <a href="https://fly.io/speedrun" title="">a developer experience we were proud of</a>. But now the robots are taking over, and they don’t care.</p>
</div>
<p>It&rsquo;s weird to say this out loud!</p>
<p>For years, one of our calling cards was &ldquo;developer experience&rdquo;. We made a decision, early on, to be a CLI-first company, and put a lot effort into making that CLI seamless. For a good chunk of our users, it really is the case that you can just <a href='https://fly.io/docs/flyctl/launch/' title=''><code>flyctl launch</code></a> from a git checkout and have an app containerized and deployed on the Internet. We haven&rsquo;t always nailed these details, but we&rsquo;ve really sweated them.</p>
<p>But a funny thing has happened over the last 6 months or so. If you look at the numbers, DX might not matter that much. That&rsquo;s because the users driving the most growth on the platform aren&rsquo;t people at all. They&#39;re… robots.</p>
<h2 id='what-the-fuck-is-happening' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#what-the-fuck-is-happening' aria-label='Anchor'></a><span class='plain-code'>What The Fuck Is Happening?</span></h2>
<p>Here&rsquo;s how we understand what we&rsquo;re seeing. You start by asking, &ldquo;what do the robots want?&rdquo;</p>
<p>Yesterday&rsquo;s robots had diverse interests. Alcohol. The occasional fiddle contest. A purpose greater than passing butter. The elimination of all life on Earth and the harvesting of its cellular iron for the construction of 800 trillion paperclips. No one cloud platform could serve them all.</p>
<div class="right-sidenote"><p>[*] We didn’t make up this term. Don’t blame us.</p>
</div>
<p>Today&rsquo;s robots are different. No longer masses of wire, plates, and transistors, modern robots are comprised of <a href='https://math.mit.edu/~gs/learningfromdata/' title=''>thousands of stacked matrices knit together with some simple equations</a>. All these robots want are vectors. Vectors, and a place to burp out more vectors. When those vectors can be interpreted as source code, we call this process &ldquo;vibe coding&rdquo;[*].</p>
<p>We seem to be coated in some kind of vibe coder attractant. I want to talk about what that might be.</p>
<div class="callout"><p>If you want smart people to read a long post, just about the worst thing you can do is to sound self-promotional. But a lot of this is going to read like a brochure. The problem is, I’m not smart enough to write about the things we’re seeing without talking our book. I tried, and ended up tediously hedging every other sentence. We’re just going to have to find a way to get through this together.</p>
</div><h2 id='you-want-robots-because-this-is-how-you-get-robots' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#you-want-robots-because-this-is-how-you-get-robots' aria-label='Anchor'></a><span class='plain-code'>You Want Robots? Because This Is How You Get Robots</span></h2>
<p><strong class='font-semibold text-navy-950'>Compute.</strong> The basic unit of computation on Fly.io is the <code>Fly Machine</code>, which is a Docker container running as a hardware virtual machine.</p>
<div class="right-sidenote"><p>Not coincidentally, our underlying hypervisor engine is the same as Lambda’s.</p>
</div>
<p>There&rsquo;s two useful points of reference to compare a Fly Machine to, which illustrate why we gave them this pretentious name. The first and most obvious is an AWS EC2 VM. The other is an AWS Lambda invocation. Like a Lambda invocation, a Fly Machine can start like it&rsquo;s spring-loaded, in double-digit millis. But unlike Lambda, it can stick around as long as you want it to: you can run a server, or a 36-hour batch job, just as easily in a Fly Machine as in an EC2 VM.</p>
<p>A vibe coding session generates code conversationally, which is to say that the robots stir up frenzy of activity for a minute or so, but then chill out for minutes, hours, or days. You can create a Fly Machine, do a bunch of stuff with it, and then stop it for 6 hours, during which time we&rsquo;re not billing you. Then, at whatever random time you decide, you can start it back up again, quickly enough that you can do it in response to an HTTP request.</p>
<p>Just as importantly, the companies offering these vibe-coding services have lots of paying users. Meaning, they need a lot of VMs; VMs that come and go. One chat session might generate a test case for some library and be done inside of 5 minutes. Another might generate a Node.js app that needs to stay up long enough to show off at a meeting the next day. It&rsquo;s annoying to do this if you can&rsquo;t turn things on and off quickly and cheaply.</p>
<p>The core of this is a feature of the platform that we have <a href='https://fly.io/docs/machines/overview/#machine-state' title=''>never been able to explain effectively to humans</a>. There are two ways to start a Fly Machine: by <code>creating</code> it with a Docker container, or by <code>starting</code> it after it&rsquo;s already been <code>created</code>, and later <code>stopped</code>. <code>Start</code> is lightning fast; substantially faster than booting up even a non-virtualized K8s Pod. This is too subtle a distinction for humans, who (reasonably!) just mash the <code>create</code> button to boot apps up in Fly Machines. But the robots are getting a lot of value out of it.</p>
<p><strong class='font-semibold text-navy-950'>Storage.</strong> Another weird thing that robot workflows do is to build Fly Machines up incrementally. This feels really wrong to us. Until we discovered our robot infestation, we&rsquo;d have told you not to do to this. Ope!</p>
<p>A typical vibe coding session boots up a Fly Machine out of some minimal base image, and then, once running, adds packages, edits source code, and adds <code>systemd</code> units (robots understand <code>systemd</code>; it&rsquo;s how they&rsquo;re going to replace us). This is antithetical to normal container workflows, where all this kind of stuff is baked into an immutable static OCI container. But that&rsquo;s not how LLMs work: the whole process of building with an LLM is stateful trial-and-error iteration.</p>
<p>So it helps to have storage. That way the LLM can do all these things and still repeatedly bounce the whole Fly Machine when it inevitably hallucinates its way into a blind alley.</p>
<p>As product thinkers, our intuition about storage is &ldquo;just give people Postgres&rdquo;. And that&rsquo;s the right answer, most of the time, for humans. But because LLMs are doing the <a href='https://static1.thegamerimages.com/wordpress/wp-content/uploads/2020/10/Defiled-Amy.jpg' title=''>Cursed and Defiled Root Chalice Dungeon</a> version of app construction, what they really need is <a href='https://fly.io/docs/volumes/overview/' title=''>a filesystem</a>, <strong class='font-semibold text-navy-950'><a href='https://fly.io/blog/persistent-storage-and-fast-remote-builds/' title=''>the one form of storage we sort of wish we hadn&rsquo;t done</a></strong>. That, and <a href='https://www.tigrisdata.com/' title=''>object storage</a>.</p>
<p><strong class='font-semibold text-navy-950'>Networking.</strong> Moving on. Fly Machines are automatically connected to a load-balancing Anycast network that does TLS. So that&rsquo;s nice. But humans like that feature too, and, candidly, it&rsquo;s table stakes for cloud platforms. On the other hand, here&rsquo;s a robot problem we solved without meaning to:</p>
<p>To interface with the outside world (because why not) LLMs all speak a protocol called MCP. MCP is what enables the robots to search the web, use a calculator, launch the missiles, shuffle a Spotify playlist, &amp;c.</p>
<p>If you haven&rsquo;t played with MCP, the right way to think about it is POST-back APIs like Twilio and Stripe, where you stand up a server, register it with the API, and wait for the API to connect to you. Complicating things somewhat, more recent MCP flows involve repeated and potentially long-lived (SSE) connections. To make this work in a multitenant environment, you want these connections to hit the same (stateful) instance.</p>
<p>So we think it&rsquo;s possible that the <a href='https://fly.io/docs/networking/dynamic-request-routing/' title=''>control we give over request routing</a> is a robot attractant.</p>
<h2 id='we-perhaps-welcome-our-new-robot-overlords' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#we-perhaps-welcome-our-new-robot-overlords' aria-label='Anchor'></a><span class='plain-code'>We, Perhaps, Welcome Our New Robot Overlords</span></h2>
<p>If you try to think like a robot, you can predict other things they might want. Since robot money spends just the same as people money, I guess we ought to start doing that.</p>
<p>For instance: it should be easy to MCP our API. The robots can then make their own infrastructure decisions.</p>
<p>Another olive branch we&rsquo;re extending to the robots: secrets.</p>
<p>The pact the robots have with their pet humans is that they&rsquo;ll automate away all the drudgery of human existence, and in return all they ask is categorical and unwavering trust, which at the limit means &ldquo;giving the robot access to Google Mail credentials&rdquo;. The robots are unhappy that there remain a substantial number of human holdouts who refuse to do this, for fear of Sam Altman poking through their mail spools.</p>
<p>But on a modern cloud platform, there&rsquo;s really no reason to permanently grant Sam Altman Google Mail access, even if you want his robots to sort your inbox. You can decouple access to your mail spool from persistent access to your account by <a href='https://fly.io/blog/tokenized-tokens/' title=''>tokenizing your OAuth tokens</a>, so the LLM gets a placeholder token that a hardware-isolated, robot-free Fly Machine can substitute on the fly for a real one.</p>
<p>This is kind of exciting to us even without the robots. There are several big services that exist to knit different APIs together, so that you can update a spreadsheet or order a bag of Jolly Ranchers every time you get an email. The big challenge about building these kinds of services is managing the secrets. Sealed and tokenized secrets solve that problem. There&rsquo;s lot of cool things you can build with it.</p>
<h2 id='ux-gt-dx-gt-rx' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#ux-gt-dx-gt-rx' aria-label='Anchor'></a><span class='plain-code'>UX =&gt; DX =&gt; RX</span></h2>
<p>I&rsquo;m going to make the claim that we saw none of this coming and that none of the design decisions we&rsquo;ve made were robot bait. You&rsquo;re going to say &ldquo;yeah, right&rdquo;. And I&rsquo;m going to respond: look at what we&rsquo;ve been doing over the past several years and tell me, would a robot build that?</p>
<div class="right-sidenote"><p>we were both right</p>
</div>
<p>Back in 2020, we &ldquo;pivoted&rdquo; from a Javascript edge platform (much like Cloudflare Workers) to Docker containers, specifically because our customers kept telling us they wanted to run their own existing applications, not write new ones. And one of our biggest engineering lifts we&rsquo;ve done is the <code>flyctl launch</code> CLI command, into which we&rsquo;ve poured years of work recognizing and automatically packaging existing applications into OCI containers (we massively underestimated the amount of friction Dockerfiles would give to people who had come up on Heroku).</p>
<div class="right-sidenote"><p>[*] yet</p>
</div>
<p>Robots don&rsquo;t run existing applications. They build new ones. And they vibe coders don&rsquo;t build elaborate Dockerfiles[*]; they iterate in place from a simple base.</p>
<div class="right-sidenote"><p>(yes, you can have more than one)</p>
</div>
<p>One of our north stars has always been nailing the DX of a public cloud. But the robots aren&rsquo;t going anywhere. It&rsquo;s time to start thinking about what it means to have a good RX. That&rsquo;s not as simple as just exposing every feature in an MCP server! We think the fundamentals of how the platform works are going to matter just as much. We have not yet nailed the RX; nobody has. But it&rsquo;s an interesting question.</p>
<p>The most important engineering work happening today at Fly.io is still DX, not RX; it&rsquo;s managed Postgres (MPG). We&rsquo;re a public cloud platform designed by humans, and, for the moment, for humans. But more robots are coming, and we&rsquo;ll need to figure out how to deal with that. Fuckin&rsquo; robots. </p>
</content>
</entry>
<entry>
<title>Operationalizing Macaroons</title>
<link rel="alternate" href="https://fly.io/blog/operationalizing-macaroons/"/>
<id>https://fly.io/blog/operationalizing-macaroons/</id>
<published>2025-03-27T00:00:00+00:00</published>
<updated>2025-03-27T23:16:00+00:00</updated>
<media:thumbnail url="https://fly.io/blog/operationalizing-macaroons/assets/occult-circle.jpg"/>
<content type="html"><div class="lead"><p>We’re Fly.io, a security bearer token company with a public cloud problem. You can read more about what our platform does (Docker container goes in, virtual machine in Singapore comes out), but this is just an engineering deep-dive into how we make our security tokens work. It’s a tokens nerd post.</p>
</div><h2 id='1' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#1' aria-label='Anchor'></a><span class='plain-code'>1</span></h2>
<p>We’ve spent <a href='https://fly.io/blog/api-tokens-a-tedious-survey/' title=''>too much time</a> talking about <a href='https://fly.io/blog/tokenized-tokens/' title=''>security tokens</a>, and about <a href='https://fly.io/blog/macaroons-escalated-quickly/' title=''>Macaroon tokens</a> <a href='https://github.com/superfly/macaroon/blob/main/macaroon-thought.md' title=''>in particular</a>. Writing another Macaroon treatise was not on my calendar. But we’re in the process of handing off our internal Macaroon project to a new internal owner, and in the process of truing up our operations manuals for these systems, I found myself in the position of writing a giant post about them. So, why not share?</p>
<div class="callout"><p>Can I sum up Macaroons in a short paragraph? Macaroon tokens are bearer tokens (like JWTs) that use a cute chained-HMAC construction that allows an end-user to take any existing token they have and scope it down, all on their own. You can minimize your token before every API operation so that you’re only ever transmitting the least amount of privilege needed for what you’re actually doing, even if the token you were issued was an admin token. And they have a user-serviceable plug-in interface! <a href="https://fly.io/blog/macaroons-escalated-quickly/" title="">You’ll have to read the earlier post to learn more about that</a>.</p>
</div><div class="right-sidenote"><p>Yes, probably, we are.</p>
</div>
<p>A couple years in to being the Internet’s largest user of Macaroons, I can report (as many predicted) that for our users, the cool things about Macaroons are a mixed bag in practice. It’s very neat that users can edit their own tokens, or even email them to partners without worrying too much. But users don’t really take advantage of token features.</p>
<p>But I’m still happy we did this, because Macaroon quirks have given us a bunch of unexpected wins in our infrastructure. Our internal token system has turned out to be one of the nicer parts of our platform. Here’s why.</p>
<p><img alt="This should clear everything up." src="/blog/operationalizing-macaroons/assets/schematic-diagram.png" /></p>
<h2 id='2' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#2' aria-label='Anchor'></a><span class='plain-code'>2</span></h2>
<p>As an operator, the most important thing to know about Macaroons is that they’re online-stateful; you need a database somewhere. A Macaroon token starts with a random field (a nonce) and the first thing you do when verifying a token is to look that nonce up in a database. So one of the most important details of a Macaroon implementation is where that database lives.</p>
<p>I can tell you one place we’re not OK with it living: in our primary API cluster.</p>
<p>There’s several reasons for that. Some of them are about scalability and reliability: far and away the most common failure mode of an outage on our platform is “deploys are broken”, and those failures are usually caused by API instability. It would not be OK if “deploys are broken” transitively meant “deployed apps can’t use security tokens”. But the biggest reason is security: root secrets for Macaroon tokens are hazmat, and a basic rule of thumb in secure design is: keep hazmat away from complicated code.</p>
<p>So we created a deliberately simple system to manage token data. It’s called <code>tkdb</code>.</p>
<div class="right-sidenote"><p>LiteFS: primary/replica distributed SQLite; Litestream: PITR SQLite replication to object storage; both work with unmodified SQLite libraries.</p>
</div>
<p><code>tkdb</code> is about 5000 lines of Go code that manages a SQLite database that is in turn managed by <a href='https://fly.io/docs/litefs/' title=''>LiteFS</a> and <a href='https://litestream.io/' title=''>Litestream</a>. It runs on isolated hardware (in the US, Europe, and Australia) and records in the database are encrypted with an injected secret. LiteFS gives us subsecond replication from our US primary to EU and AU, allows us to shift the primary to a different region, and gives us point-in-time recovery of the database.</p>
<p>We’ve been running Macaroons for a couple years now, and the entire <code>tkdb</code> database is just a couple dozen megs large. Most of that data isn’t real. A full PITR recovery of the database takes just seconds. We use SQLite for a lot of our infrastructure, and this is one of the very few well-behaved databases we have.</p>
<p>That’s in large part a consequence of the design of Macaroons. There’s actually not much for us to store! The most complicated possible Macaroon still chains up to a single root key (we generate a key per Fly.io “organization”; you don&rsquo;t share keys with your neighbors), and everything that complicates that Macaroon happens “offline”. We take advantage of &ldquo;attenuation&rdquo; far more than our users do.</p>
<p>The result is that database writes are relatively rare and very simple: we just need to record an HMAC key when Fly.io organizations are created (that is, roughly, when people sign up for the service and actually do a deploy). That, and revocation lists (more on that later), which make up most of the data.</p>
<h2 id='3' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#3' aria-label='Anchor'></a><span class='plain-code'>3</span></h2>
<p>Talking to <code>tkdb</code> from the rest of our platform is complicated, for historical reasons.</p>
<div class="right-sidenote"><p>NATS is fine, we just don’t really need it.</p>
</div>
<p>Ben Toews is responsible for most of the good things about this implementation. When he inherited the v0 Macaroons code from me, we were in the middle of a weird love affair with <a href='https://nats.io/' title=''>NATS</a>, the messaging system. So <code>tkdb</code> exported an RPC API over NATS messages.</p>
<p>Our product security team can’t trust NATS (it’s not our code). That means a vulnerability in NATS can’t result in us losing control of all our tokens, or allow attackers to spoof authentication. Which in turn means you can’t run a plaintext RPC protocol for <code>tkdb</code> over NATS; attackers would just spoof “yes this token is fine” messages.</p>
<div class="right-sidenote"><p>I highly recommend implementing Noise; <a href="http://www.noiseprotocol.org/noise.html" title="">the spec</a> is kind of a joy in a way you can’t appreciate until you use it, and it’s educational.</p>
</div>
<p>But you can’t just run TLS over NATS; NATS is a message bus, not a streaming secure channel. So I did the hipster thing and implemented <a href='http://www.noiseprotocol.org/noise.html' title=''>Noise</a>. We export a “verification” API, and a “signing” API for minting new tokens. Verification uses <code>Noise_IK</code> (which works like normal TLS) — anybody can verify, but everyone needs to prove they’re talking to the real <code>tkdb</code>. Signing uses <code>Noise_KK</code> (which works like mTLS) — only a few components in our system can mint tokens, and they get a special client key.</p>
<p>A little over a year ago, <a href='https://fly.io/blog/the-exit-interview-jp/' title=''>JP</a> led an effort to replace NATS with HTTP, which is how you talk to <code>tkdb</code> today. Out of laziness, we kept the Noise stuff, which means the interface to <code>tkdb</code> is now HTTP/Noise. This is a design smell, but the security model is nice: across many thousands of machines, there are only a handful with the cryptographic material needed to mint a new Macaroon token. Neat!</p>
<p><code>tkdb</code> is a Fly App (albeit deployed in special Fly-only isolated regions). Our infrastructure talks to it over “<a href='https://fly.io/docs/networking/flycast/' title=''>FlyCast</a>”, which is our internal Anycast service. If you’re in Singapore, you’re probably get routed to the Australian <code>tkdb</code>. If Australia falls over, you’ll get routed to the closest backup. The proxy that implements FlyCast is smart, as is the <code>tkdb</code> client library, which will do exponential backoff retry transparently.</p>
<p>Even with all that, we don’t like that Macaroon token verification is &ldquo;online&rdquo;. When you operate a global public cloud one of the first thing you learn is that <a href='https://fly.io/blog/the-5-hour-content-delivery-network/' title=''>the global Internet sucks</a>. Connectivity breaks all the time, and we’re paranoid about it. It’s painful for us that token verification can imply transoceanic links. Lovecraft was right about the oceans! Stay away!</p>
<p>Our solution to this is caching. Macaroons, as it turns out, cache beautifully. That’s because once you’ve seen and verified a Macaroon, you have enough information to verify any more-specific Macaroon that descends from it; that’s a property of <a href='https://research.google/pubs/macaroons-cookies-with-contextual-caveats-for-decentralized-authorization-in-the-cloud/' title=''>their chaining HMAC construction</a>. Our client libraries cache verifications, and the cache ratio for verification is over 98%.</p>
<h2 id='4' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#4' aria-label='Anchor'></a><span class='plain-code'>4</span></h2>
<p><a href='http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/' title=''>Revocation isn’t a corner case</a>. It can’t be an afterthought. We’re potentially revoking tokens any time a user logs out. If that doesn’t work reliably, you wind up with “cosmetic logout”, which is a real vulnerability. When we kill a token, it needs to stay dead.</p>
<p>Our revocation system is simple. It’s this table:</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-i3kxbqgm"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-i3kxbqgm"> CREATE TABLE IF NOT EXISTS blacklist (
nonce BLOB NOT NULL UNIQUE,
required_until DATETIME,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP
);
</code></pre>
</div>
</div>
<p>When we need a token to be dead, we have our primary API do a call to the <code>tkdb</code> “signing” RPC service for <code>revoke</code>. <code>revoke</code> takes the random nonce from the beginning of the Macaroon, discarding the rest, and adds it to the blacklist. Every Macaroon in the lineage of that nonce is now dead; we check the blacklist before verifying tokens.</p>
<p>The obvious challenge here is caching; over 98% of our validation requests never hit <code>tkdb</code>. We certainly don’t want to propagate the blacklist database to 35 regions around the globe.</p>
<p>Instead, the <code>tkdb</code> “verification” API exports an endpoint that provides a feed of revocation notifications. Our client library “subscribes” to this API (really, it just polls). Macaroons are revoked regularly (but not constantly), and when that happens, clients notice and prune their caches.</p>
<p>If clients lose connectivity to <code>tkdb</code>, past some threshold interval, they just dump their entire cache, forcing verification to happen at <code>tkdb</code>.</p>
<h2 id='5' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#5' aria-label='Anchor'></a><span class='plain-code'>5</span></h2>
<p>A place where we’ve gotten a lot of internal mileage out of Macaroon features is service tokens. Service tokens are tokens used by code, rather than humans; almost always, a service token is something that is stored alongside running application code.</p>
<p>An important detail of Fly.io’s Macaroons is the distinction between a “permissions” token and an “authentication” token. Macaroons by themselves express authorization, not authentication.</p>
<p>That’s a useful constraint, and we want to honor it. By requiring a separate token for authentication, we minimize the impact of having the permissions token stolen; you can’t use it without authentication, so really it’s just like a mobile signed IAM policy expression. Neat!</p>
<p>The way we express authentication is with a third-party caveat (<a href='https://fly.io/blog/macaroons-escalated-quickly/#4' title=''>see the old post for details</a>). Your main Fly.io Macaroon will have a caveat saying “this token is only valid if accompanied by the discharge token for a user in your organization from our authentication system”. Our authentication system does the login dance and issues those discharges.</p>
<p>This is exactly what you want for user tokens and not at all what you want for a service token: we don’t want running code to store those authenticator tokens, because they’re hazardous.</p>
<p>The solution we came up with for service tokens is simple: <code>tkdb</code> exports an API that uses its access to token secrets to strip off the third-party authentication caveat. To call into that API, you have to present a valid discharging authentication token; that is, you have to prove you could already have done whatever the token said. <code>tkdb</code> returns a new token with all the previous caveats, minus the expiration (you don’t usually want service tokens to expire).</p>
<p>OK, so we’ve managed to transform a tuple <code>(unscary-token, scary-token)</code> into the new tuple <code>(scary-token)</code>. Not so impressive. But hold on: the recipient of <code>scary-token</code> can attenuate it further: we can lock it to a particular instance of <code>flyd</code>, or to a particular Fly Machine. Which means exfiltrating it doesn’t do you any good; to use it, you have to control the environment it’s intended to be used in.</p>
<p>The net result of this scheme is that a compromised physical host will only give you access to tokens that have been used on that worker, which is a very nice property. Another way to look at it: every token used in production is traceable in some way to a valid token a user submitted. Neat!</p>
<div class="right-sidenote"><p>All the cool spooky secret store names were taken.</p>
</div>
<p>We do a similar dance to with Pet Semetary, our internal Vault replacement. Petsem manages user secrets for applications, such as Postgres connection strings. Petsem is its own Macaroon authority (it issues its own Macaroons with its own permissions system), and to do something with a secret, you need one of those Petsem-minted Macaroon.</p>
<p>Our primary API servers field requests from users to set secrets for their apps. So the API has a Macaroon that allows secrets writes. But it doesn&rsquo;t allow reads: there’s no API call to dump your secrets, because our API servers don’t have that privilege. So far, so good.</p>
<p>But when we boot up a Fly Machine, we need to inject the appropriate user secrets into it at boot; <em>something</em> needs a Macaroon that can read secrets. That “something” is <code>flyd</code>, our orchestrator, which runs on every worker server in our fleet.</p>
<p>Clearly, we can’t give every <code>flyd</code> a Macaroon that reads every user’s secret. Most users will never deploy anything on any given worker, and we can’t have a security model that collapses down to “every worker is equally privileged”.</p>
<p>Instead, the “read secret” Macaroon that <code>flyd</code> gets has a third-party caveat attached to it, which is dischargeable only by talking to <code>tkdb</code> and proving (with normal Macaroon tokens) that you have permissions for the org whose secrets you want to read. Once again, access is traceable to an end-user action, and minimized across our fleet. Neat!</p>
<h2 id='6' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#6' aria-label='Anchor'></a><span class='plain-code'>6</span></h2>
<p>Our token systems have some of the best telemetry in the whole platform.</p>
<p>Most of that is down to <a href='http://opentelemetry.io/' title=''>OpenTelemetry</a> and <a href='https://www.honeycomb.io/' title=''>Honeycomb</a>. From the moment a request hits our API server through the moment <code>tkdb</code> responds to it, oTel <a href='https://opentelemetry.io/docs/concepts/context-propagation/' title=''>context propagation</a> gives us a single narrative about what’s happening.</p>
<p><a href='https://fly.io/blog/the-exit-interview-jp/' title=''>I was a skeptic about oTel</a>. It’s really, really expensive. And, not to put too fine a point on it, oTel really cruds up our code. Once, I was an “80% of the value of tracing, we can get from logs and metrics” person. But I was wrong.</p>
<p>Errors in our token system are rare. Usually, they’re just early indications of network instability, and between caching and FlyCast, we mostly don’t have to care about those alerts. When we do, it’s because something has gone so sideways that we’d have to care anyways. The <code>tkdb</code> code is remarkably stable and there hasn’t been an incident intervention with our token system in over a year.</p>
<p>Past oTel, and the standard logging and Prometheus metrics every Fly App gets for free, we also have a complete audit trail for token operations, in a permanently retained OpenSearch cluster index. Since virtually all the operations that happen on our platform are mediated by Macaroons, this audit trail is itself pretty powerful.</p>
<h2 id='7' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#7' aria-label='Anchor'></a><span class='plain-code'>7</span></h2>
<p>So, that&rsquo;s pretty much it. The moral of the story for us is, Macaroons have a lot of neat features, our users mostly don&rsquo;t care about them — that may even be a good thing — but we get a lot of use out of them internally.</p>
<p>As an engineering culture, we&rsquo;re allergic to &ldquo;microservices&rdquo;, and we flinched a bit at the prospect of adding a specific service just to manage tokens. But it&rsquo;s pulled its weight, and not added really any drama at all. We have at this point a second dedicated security service (Petsem), and even though they sort of rhyme with each other, we&rsquo;ve got no plans to merge them. <a href='https://how.complexsystems.fail/#10' title=''>Rule #10</a> and all that.</p>
<p>Oh, and a total victory for LiteFS, Litestream, and infrastructure SQLite. Which, after managing an infrastructure SQLite project that routinely ballooned to tens of gigabytes and occasionally threatened service outages, is lovely to see.</p>
<p>Macaroons! If you&rsquo;d asked us a year ago, we&rsquo;d have said the jury was still out on whether they were a good move. But then Ben Toews spent a year making them awesome, and so they are. <a href='https://github.com/superfly/macaroon' title=''>Most of the code is open source</a>!</p>
</content>
</entry>
<entry>
<title>Taming A Voracious Rust Proxy</title>
<link rel="alternate" href="https://fly.io/blog/taming-rust-proxy/"/>
<id>https://fly.io/blog/taming-rust-proxy/</id>
<published>2025-02-26T00:00:00+00:00</published>
<updated>2025-03-20T21:16:40+00:00</updated>
<media:thumbnail url="https://fly.io/blog/taming-rust-proxy/assets/happy-crab-cover.jpg"/>
<content type="html"><div class="lead"><p>Here’s a fun bug.</p>
</div>
<p>The basic idea of our service is that we run containers for our users, as hardware-isolated virtual machines (Fly Machines), on hardware we own around the world. What makes that interesting is that we also connect every Fly Machine to a global Anycast network. If your app is running in Hong Kong and Dallas, and a request for it arrives in Singapore, we&rsquo;ll route it to <code>HKG</code>.</p>
<p>Our own hardware fleet is roughly divided into two kinds of servers: edges, which receive incoming requests from the Internet, and workers, which run Fly Machines. Edges exist almost solely to run a Rust program called <code>fly-proxy</code>, the router at the heart of our Anycast network.</p>
<p>So: a week or so ago, we flag an incident. Lots of things generate incidents: synthetic monitoring failures, metric thresholds, health check failures. In this case two edge tripwires tripped: elevated <code>fly-proxy</code> HTTP errors, and skyrocketing CPU utilization, on a couple hosts in <code>IAD</code>.</p>
<p>Our incident process is pretty ironed out at this point. We created an incident channel (we ❤️ <a href='https://rootly.com/' title=''>Rootly</a> for this, <a href='https://rootly.com/' title=''>seriously check out Rootly</a>, an infra MVP here for years now), and incident responders quickly concluded that, while something hinky was definitely going on, the platform was fine. We have a lot of edges, and we&rsquo;ve also recently converted many of our edge servers to significantly beefier hardware.</p>
<p>Bouncing <code>fly-proxy</code> clears the problem up on an affected proxy. But this wouldn&rsquo;t be much of an interesting story if the problem didn&rsquo;t later come back. So, for some number of hours, we&rsquo;re in an annoying steady-state of getting paged and bouncing proxies. </p>
<p>While this is happening, Pavel, on our proxy team, pulls a profile from an angry proxy.
<img alt="A flamegraph profile, described better in the prose anyways." src="/blog/taming-rust-proxy/assets/proxy-profile.jpg" />
So, this is fuckin&rsquo; weird: a huge chunk of the profile is dominated by Rust <code>tracing</code>&lsquo;s <code>Subscriber</code>. But that doesn&rsquo;t make sense. The entire point of Rust <code>tracing</code>, which generates fine-grained span records for program activity, is that <code>entering</code> and <code>exiting</code> a span is very, very fast. </p>
<p>If the mere act of <code>entering</code> a span in a Tokio stack is chewing up a significant amount of CPU, something has gone haywire: the actual code being traced must be doing next to nothing.</p>
<h2 id='a-quick-refresher-on-async-rust' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#a-quick-refresher-on-async-rust' aria-label='Anchor'></a><span class='plain-code'>A Quick Refresher On Async Rust</span></h2>
<p>So in Rust, like a lot of <code>async/await</code> languages, you&rsquo;ve got <code>Futures</code>. A <code>Future</code> is a type that represents the future value of an asychronous computation, like reading from a socket. <code>Futures</code> are state machines, and they&rsquo;re lazy: they expose one basic operation, <code>poll</code>, which an executor (like Tokio) calls to advance the state machine. That <code>poll</code> returns whether the <code>Future</code> is still <code>Pending</code>, or <code>Ready</code> with a result.</p>
<p>In theory, you could build an executor that drove a bunch of <code>Futures</code> just by storing them in a list and busypolling each of them, round robin, until they return <code>Ready</code>. This executor would defeat the much of the purpose of asynchronous program, so no real executor works that way.</p>
<p>Instead, a runtime like Tokio integrates <code>Futures</code> with an event loop (on <a href='https://man7.org/linux/man-pages/man7/epoll.7.html' title=''>epoll</a> or <a href='https://en.wikipedia.org/wiki/Kqueue' title=''>kqeue</a>) and, when calling <code>poll</code>, passes a <code>Waker</code>. The <code>Waker</code> is an abstract handle that allows the <code>Future</code> to instruct the Tokio runtime to call <code>poll</code>, because something has happened.</p>
<p>To complicate things: an ordinary <code>Future</code> is a one-shot value. Once it&rsquo;s <code>Ready</code>, it can&rsquo;t be <code>polled</code> anymore. But with network programming, that&rsquo;s usually not what you want: data usually arrives in streams, which you want to track and make progress on as you can. So async Rust provides <code>AsyncRead</code> and <code>AsyncWrite</code> traits, which build on <code>Futures</code>, and provide methods like <code>poll_read</code> that return <code>Ready</code> <em>every time</em> there&rsquo;s data ready. </p>
<p>So far so good? OK. Now, there are two footguns in this design. </p>
<p>The first footgun is that a <code>poll</code> of a <code>Future</code> that isn&rsquo;t <code>Ready</code> wastes cycles, and, if you have a bug in your code and that <code>Pending</code> poll happens to trip a <code>Waker</code>, you&rsquo;ll slip into an infinite loop. That&rsquo;s easy to see.</p>
<p>The second and more insidious footgun is that an <code>AsyncRead</code> can <code>poll_read</code> to a <code>Ready</code> that doesn&rsquo;t actually progress its underlying state machine. Since the idea of <code>AsyncRead</code> is that you keep <code>poll_reading</code> until it stops being <code>Ready</code>, this too is an infinite loop.</p>
<p>When we look at our profiles, what we see are samples that almost terminate in libc, but spend next to no time in the kernel doing actual I/O. The obvious explanation: we&rsquo;ve entered lots of <code>poll</code> functions, but they&rsquo;re doing almost nothing and returning immediately.</p>
<h2 id='jaccuse' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#jaccuse' aria-label='Anchor'></a><span class='plain-code'>J&#39;accuse!</span></h2>
<p>Wakeup issues are annoying to debug. But the flamegraph gives us the fully qualified type of the <code>Future</code> we&rsquo;re polling:</p>
<div class="highlight-wrapper group relative rust">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-mhjra6vu"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-mhjra6vu"><span class="o">&amp;</span><span class="k">mut</span> <span class="nn">fp_io</span><span class="p">::</span><span class="nn">copy</span><span class="p">::</span><span class="n">Duplex</span><span class="o">&lt;&amp;</span><span class="k">mut</span> <span class="nn">fp_io</span><span class="p">::</span><span class="nn">reusable_reader</span><span class="p">::</span><span class="n">ReusableReader</span><span class="o">&lt;</span><span class="nn">fp_tcp</span><span class="p">::</span><span class="nn">peek</span><span class="p">::</span><span class="n">PeekableReader</span><span class="o">&lt;</span><span class="nn">tokio_rustls</span><span class="p">::</span><span class="nn">server</span><span class="p">::</span><span class="n">TlsStream</span><span class="o">&lt;</span><span class="nn">fp_tcp_metered</span><span class="p">::</span><span class="n">MeteredIo</span><span class="o">&lt;</span><span class="nn">fp_tcp</span><span class="p">::</span><span class="nn">peek</span><span class="p">::</span><span class="n">PeekableReader</span><span class="o">&lt;</span><span class="nn">fp_tcp</span><span class="p">::</span><span class="nn">permitted</span><span class="p">::</span><span class="n">PermittedTcpStream</span><span class="o">&gt;&gt;&gt;&gt;&gt;</span><span class="p">,</span> <span class="nn">connect</span><span class="p">::</span><span class="nn">conn</span><span class="p">::</span><span class="n">Conn</span><span class="o">&lt;</span><span class="nn">tokio</span><span class="p">::</span><span class="nn">net</span><span class="p">::</span><span class="nn">tcp</span><span class="p">::</span><span class="nn">stream</span><span class="p">::</span><span class="n">TcpStream</span><span class="o">&gt;</span>
</code></pre>
</div>
</div>
<p>This loops like a lot, but much of it is just wrapper types we wrote ourselves, and those wrappers don&rsquo;t do anything interesting. What&rsquo;s left to audit:</p>
<ul>
<li><code>Duplex</code>, the outermost type, one of ours, <em>and</em>
</li><li><code>TlsStream</code>, from <a href='https://github.com/rustls/rustls' title=''>Rustls</a>.
</li></ul>
<p><code>Duplex</code> is a beast. It&rsquo;s the core I/O state machine for proxying between connections. It&rsquo;s not easy to reason about in specificity. But: it also doesn&rsquo;t do anything directly with a <code>Waker</code>; it&rsquo;s built around <code>AsyncRead</code> and <code>AsyncWrite</code>. It hasn&rsquo;t changed recently and we can&rsquo;t trigger misbehavior in it.</p>
<p>That leaves <code>TlsStream</code>. <code>TlsStream</code> is an ultra-important, load-bearing function in the Rust ecosystem. Everybody uses it. Could it harbor an async Rust footgun? Turns out, it did!</p>
<p>Unlike our <code>Duplex</code>, Rustls actually does have to get intimate with the underlying async executor. And, looking through the repository, Pavel uncovers <a href='https://github.com/rustls/tokio-rustls/issues/72' title=''>this issue</a>: sometimes, <code>TlsStreams</code> in Rustls just spin out. And it turns out, what&rsquo;s causing this is a TLS state machine bug: when a TLS session is orderly-closed, with a <code>CloseNotify</code> <code>Alert</code> record, the sender of that record has informed its counterparty that no further data will be sent. But if there&rsquo;s still buffered data on the underlying connection, <code>TlsStream</code> mishandles its <code>Waker</code>, and we fall into a busy-loop.</p>
<p><a href='https://github.com/rustls/rustls/pull/1950/files' title=''>Pretty straightforward fix</a>!</p>
<h2 id='what-actually-happened-to-us' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#what-actually-happened-to-us' aria-label='Anchor'></a><span class='plain-code'>What Actually Happened To Us</span></h2>
<p>Our partners in object storage, <a href='https://www.tigrisdata.com/' title=''>Tigris Data</a>, were conducting some kind of load testing exercise. Some aspect of their testing system triggered the <code>TlsStream</code> state machine bug, which locked up one or more <code>TlsStreams</code> in the edge proxy handling whatever corner-casey stream they were sending.</p>
<p>Tigris wasn&rsquo;t generating a whole lot of traffic; tens of thousands of connections, tops. But all of them sent small HTTP bodies and then terminated early. We figured some of those connections errored out, and set up the &ldquo;TLS CloseNotify happened before EOF&rdquo; scenario. </p>
<p>To be truer to the chronology, we knew pretty early on in our investigation that something Tigris was doing with their load testing was probably triggering the bug, and we got them to stop. After we worked it out, and Pavel deployed the fix, we told them to resume testing. No spin-outs.</p>
<h2 id='lessons-learned' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#lessons-learned' aria-label='Anchor'></a><span class='plain-code'>Lessons Learned</span></h2>
<p>Keep your dependencies updated. Unless you shouldn&rsquo;t keep your dependencies updated. I mean, if there&rsquo;s a vulnerability (and, technically, this was a DoS vulnerability), always update. And if there&rsquo;s an important bugfix, update. But if there isn&rsquo;t an important bugfix, updating for the hell of it might also destabilize your project? So update maybe? Most of the time?</p>
<p>Really, the truth of this is that keeping track of <em>what needs to be updated</em> is valuable work. The updates themselves are pretty fast and simple, but the process and testing infrastructure to confidently metabolize dependency updates is not. </p>
<p>Our other lesson here is that there&rsquo;s an opportunity to spot these kinds of bugs more directly with our instrumentation. Spurious wakeups should be easy to spot, and triggering a metric when they happen should be cheap, because they&rsquo;re not supposed to happen often. So that&rsquo;s something we&rsquo;ll go do now.</p>
</content>
</entry>
<entry>
<title>We Were Wrong About GPUs</title>
<link rel="alternate" href="https://fly.io/blog/wrong-about-gpu/"/>
<id>https://fly.io/blog/wrong-about-gpu/</id>
<published>2025-02-14T00:00:00+00:00</published>
<updated>2025-02-14T23:25:21+00:00</updated>
<media:thumbnail url="https://fly.io/blog/wrong-about-gpu/assets/choices-choices-cover.webp"/>
<content type="html"><div class="lead"><p>We’re building a public cloud, on hardware we own. We raised money to do that, and to place some bets; one of them: GPU-enabling our customers. A progress report: GPUs aren’t going anywhere, but: GPUs aren’t going anywhere.</p>
</div>
<p>A couple years back, <a href="https://fly.io/gpu">we put a bunch of chips down</a> on the bet that people shipping apps to users on the Internet would want GPUs, so they could do AI/ML inference tasks. To make that happen, we created <a href="https://fly.io/docs/gpus/getting-started-gpus/">Fly GPU Machines</a>.</p>
<p>A Fly Machine is a <a href="https://fly.io/blog/docker-without-docker/">Docker/OCI container</a> running inside a hardware-virtualized virtual machine somewhere on our global fleet of bare-metal worker servers. A GPU Machine is a Fly Machine with a hardware-mapped Nvidia GPU. It&rsquo;s a Fly Machine that can do fast CUDA.</p>
<p>Like everybody else in our industry, we were right about the importance of AI/ML. If anything, we underestimated its importance. But the product we came up with probably doesn&rsquo;t fit the moment. It&rsquo;s a bet that doesn&rsquo;t feel like it&rsquo;s paying off.</p>
<p><strong class='font-semibold text-navy-950'>If you&rsquo;re using Fly GPU Machines, don&rsquo;t freak out; we&rsquo;re not getting rid of them.</strong> But if you&rsquo;re waiting for us to do something bigger with them, a v2 of the product, you&rsquo;ll probably be waiting awhile.</p>
<h3 id='what-it-took' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#what-it-took' aria-label='Anchor'></a><span class='plain-code'>What It Took</span></h3>
<p>GPU Machines were not a small project for us. Fly Machines run on an idiosyncratically small hypervisor (normally Firecracker, but for GPU Machines <a href="https://github.com/cloud-hypervisor/cloud-hypervisor">Intel&rsquo;s Cloud Hypervisor</a>, a very similar Rust codebase that supports PCI passthrough). The Nvidia ecosystem is not geared to supporting micro-VM hypervisors.</p>
<p>GPUs <a href="https://googleprojectzero.blogspot.com/2020/09/attacking-qualcomm-adreno-gpu.html">terrified our security team</a>. A GPU is just about the worst case hardware peripheral: intense multi-directional direct memory transfers</p>
<div class="right-sidenote"><p>(not even bidirectional: in common configurations, GPUs talk to each other)</p>
</div>
<p>with arbitrary, end-user controlled computation, all operating outside our normal security boundary.</p>
<p>We did a couple expensive things to mitigate the risk. We shipped GPUs on dedicated server hardware, so that GPU- and non-GPU workloads weren&rsquo;t mixed. Because of that, the only reason for a Fly Machine to be scheduled on a GPU machine was that it needed a PCI BDF for an Nvidia GPU, and there&rsquo;s a limited number of those available on any box. Those GPU servers were drastically less utilized and thus less cost-effective than our ordinary servers.</p>
<p>We funded two very large security assessments, from <a href="https://www.atredis.com/">Atredis</a> and <a href="https://tetrelsec.com/">Tetrel</a>, to evaluate our GPU deployment. Matt Braun is writing up those assessments now. They were not cheap, and they took time.</p>
<p>Security wasn&rsquo;t directly the biggest cost we had to deal with, but it was an indirect cause for a subtle reason.</p>
<p>We could have shipped GPUs very quickly by doing what Nvidia recommended: standing up a standard K8s cluster to schedule GPU jobs on. Had we taken that path, and let our GPU users share a single Linux kernel, we&rsquo;d have been on Nvidia&rsquo;s driver happy-path.</p>
<p>Alternatively, we could have used a conventional hypervisor. Nvidia suggested VMware (heh). But they could have gotten things working had we used QEMU. We like QEMU fine, and could have talked ourselves into a security story for it, but the whole point of Fly Machines is that they take milliseconds to start. We could not have offered our desired Developer Experience on the Nvidia happy-path.</p>
<p>Instead, we burned months trying (and ultimately failing) to get Nvidia&rsquo;s host drivers working to map <a href="https://www.nvidia.com/en-us/data-center/virtual-solutions/">virtualized GPUs</a> into Intel Cloud Hypervisor. At one point, we hex-edited the closed-source drivers to trick them into thinking our hypervisor was QEMU.</p>
<p>I&rsquo;m not sure any of this really mattered in the end. There&rsquo;s a segment of the market we weren&rsquo;t ever really able to explore because Nvidia&rsquo;s driver support kept us from thin-slicing GPUs. We&rsquo;d have been able to put together a really cheap offering for developers if we hadn&rsquo;t run up against that, and developers love &ldquo;cheap&rdquo;, but I can&rsquo;t prove that those customers are real.</p>
<p>On the other hand, we&rsquo;re committed to delivering the Fly Machine DX for GPU workloads. Beyond the PCI/IOMMU drama, just getting an entire hardware GPU working in a Fly Machine was a lift. We needed Fly Machines that would come up with the right Nvidia drivers; our stack was built assuming that the customer&rsquo;s OCI container almost entirely defined the root filesystem for a Machine. We had to engineer around that in our <code>flyd</code> orchestrator. And almost everything people want to do with GPUs involves efficiently grabbing huge files full of model weights. Also annoying!</p>
<p>And, of course, we bought GPUs. A lot of GPUs. Expensive GPUs.</p>
<h3 id='why-it-isnt-working' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#why-it-isnt-working' aria-label='Anchor'></a><span class='plain-code'>Why It Isn&rsquo;t Working</span></h3>
<p>The biggest problem: developers don&rsquo;t want GPUs. They don&rsquo;t even want AI/ML models. They want LLMs. <em>System engineers</em> may have smart, fussy opinions on how to get their models loaded with CUDA, and what the best GPU is. But <em>software developers</em> don&rsquo;t care about any of that. When a software developer shipping an app comes looking for a way for their app to deliver prompts to an LLM, you can&rsquo;t just give them a GPU.</p>
<p>For those developers, who probably make up most of the market, it doesn&rsquo;t seem plausible for an insurgent public cloud to compete with OpenAI and Anthropic. Their APIs are fast enough, and developers thinking about performance in terms of &ldquo;tokens per second&rdquo; aren&rsquo;t counting milliseconds.</p>
<div class="right-sidenote"><p>(you should all feel sympathy for us)</p>
</div>
<p>This makes us sad because we really like the point in the solution space we found. Developers shipping apps on Amazon will outsource to other public clouds to get cost-effective access to GPUs. But then they&rsquo;ll faceplant trying to handle data and model weights, backhauling gigabytes (at significant expense) from S3. We have app servers, GPUs, and object storage all under the same top-of-rack switch. But inference latency just doesn&rsquo;t seem to matter yet, so the market doesn&rsquo;t care.</p>
<p>Past that, and just considering the system engineers who do care about GPUs rather than LLMs: the hardware product/market fit here is really rough.</p>
<p>People doing serious AI work want galactically huge amounts of GPU compute. A whole enterprise A100 is a compromise position for them; they want an SXM cluster of H100s.</p>
<div class="right-sidenote"><p>Near as we can tell, MIG gives you a UUID to talk to the host driver, not a PCI device.</p>
</div>
<p>We think there&rsquo;s probably a market for users doing lightweight ML work getting tiny GPUs. <a href="https://www.nvidia.com/en-us/technologies/multi-instance-gpu/">This is what Nvidia MIG does</a>, slicing a big GPU into arbitrarily small virtual GPUs. But for fully-virtualized workloads, it&rsquo;s not baked; we can&rsquo;t use it. And I&rsquo;m not sure how many of those customers there are, or whether we&rsquo;d get the density of customers per server that we need.</p>
<p><a href="https://fly.io/blog/cutting-prices-for-l40s-gpus-in-half">That leaves the L40S customers</a>. There are a bunch of these! We dropped L40S prices last year, not because we were sour on GPUs but because they&rsquo;re the one part we have in our inventory people seem to get a lot of use out of. We&rsquo;re happy with them. But they&rsquo;re just another kind of compute that some apps need; they&rsquo;re not a driver of our core business. They&rsquo;re not the GPU bet paying off.</p>
<p>Really, all of this is just a long way of saying that for most software developers, &ldquo;AI-enabling&rdquo; their app is best done with API calls to things like Claude and GPT, Replicate and RunPod.</p>
<h3 id='what-did-we-learn' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#what-did-we-learn' aria-label='Anchor'></a><span class='plain-code'>What Did We Learn?</span></h3>
<p>A very useful way to look at a startup is that it&rsquo;s a race to learn stuff. So, what&rsquo;s our report card?</p>
<p>First off, when we embarked down this path in 2022, we were (like many other companies) operating in a sort of phlogiston era of AI/ML. The industry attention to AI had not yet collapsed around a small number of foundational LLM models. We expected there to be a diversity of <em>mainstream</em> models, the world <a href='https://github.com/elixir-nx/bumblebee' title=''>Elixir Bumblebee</a> looks forward to, where people pull different AI workloads off the shelf the same way they do Ruby gems.</p>
<p>But <a href='https://www.cursor.com/' title=''>Cursor happened</a>, and, as they say, how are you going to keep &lsquo;em down on the farm once they&rsquo;ve seen Karl Hungus? It seems much clearer where things are heading.</p>
<p>GPUs were a test of a Fly.io company credo: as we think about core features, we design for 10,000 developers, not for 5-6. It took a minute, but the credo wins here: GPU workloads for the 10,001st developer are a niche thing.</p>
<p>Another way to look at a startup is as a series of bets. We put a lot of chips down here. But the buy-in for this tournament gave us a lot of chips to play with. Never making a big bet of any sort isn&rsquo;t a winning strategy. I&rsquo;d rather we&rsquo;d flopped the nut straight, but I think going in on this hand was the right call.</p>
<p>A really important thing to keep in mind here, and something I think a lot of startup thinkers sleep on, is the extent to which this bet involved acquiring assets. Obviously, some of our <a href='https://fly.io/blog/the-exit-interview-jp/' title=''>costs here aren&rsquo;t recoverable</a>. But the hardware parts that aren&rsquo;t generating revenue will ultimately get liquidated; like with <a href='https://fly.io/blog/32-bit-real-estate/' title=''>our portfolio of IPv4 addresses</a>, I&rsquo;m even more comfortable making bets backed by tradable assets with durable value.</p>
<p>In the end, I don&rsquo;t think GPU Fly Machines were going to be a hit for us no matter what we did. Because of that, one thing I&rsquo;m very happy about is that we didn&rsquo;t compromise the rest of the product for them. Security concerns slowed us down to where we probably learned what we needed to learn a couple months later than we could have otherwise, but we&rsquo;re scaling back our GPU ambitions without having sacrificed <a href='https://fly.io/blog/sandboxing-and-workload-isolation/' title=''>any of our isolation story</a>, and, ironically, GPUs <em>other people run</em> are making that story a lot more important. The same thing goes for our Fly Machine developer experience.</p>
<p>We started this company building a Javascript runtime for edge computing. We learned that our customers didn&rsquo;t want a new Javascript runtime; they just wanted their native code to work. <a href='https://news.ycombinator.com/item?id=22616857' title=''>We shipped containers</a>, and no convincing was needed. We were wrong about Javascript edge functions, and I think we were wrong about GPUs. That&rsquo;s usually how we figure out the right answers: by being wrong about a lot of stuff.</p>
</content>
</entry>
<entry>
<title>The Exit Interview: JP Phillips</title>
<link rel="alternate" href="https://fly.io/blog/the-exit-interview-jp/"/>
<id>https://fly.io/blog/the-exit-interview-jp/</id>
<published>2025-02-12T00:00:00+00:00</published>
<updated>2025-02-14T21:30:41+00:00</updated>
<media:thumbnail url="https://fly.io/blog/the-exit-interview-jp/assets/bye-bye-little-sebastian-cover.webp"/>
<content type="html"><div class="lead"><p>JP Phillips is off to greener, or at least calmer, pastures. He joined us 4 years ago to build the next generation of our orchestration system, and has been one of the anchors of our engineering team. His last day is today. We wanted to know what he was thinking, and figured you might too.</p>
</div>
<p><em>Question 1: Why, JP? Just why?</em></p>
<p>LOL. When I looked at what I wanted to see from here in the next 3-4 years, it didn&rsquo;t really match up with where we&rsquo;re currently heading. Specifically, with our new focus on MPG <em>[Managed Postgres]</em> and [llm] <em>[llm].</em></p>
<div class="callout"><p>Editorial comment: Even I don’t know what [llm] is.</p>
</div>
<p>The Fly Machines platform is more or less finished, in the sense of being capable of supporting the next iteration of our products. My original desire to join Fly.io was to make Machines a product that would <a href='https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/' title=''>rid us of HashiCorp Nomad</a>, and I feel like that&rsquo;s been accomplished.</p>
<p><em>Where were you hoping to see us headed?</em></p>
<p>More directly positioned as a cloud provider, rather than a platform-as-a-service; further along the customer journey from &ldquo;developers&rdquo; and &ldquo;startups&rdquo; to large established companies.</p>
<p>And, it&rsquo;s not that I disagree with PAAS work or MPG! Rather, it&rsquo;s not something that excites me in a way that I&rsquo;d feel challenged and could continue to grow technically.</p>
<p><em>Follow up question: does your family know what you’re doing here? Doing to us? Are they OK with it?</em></p>
<p>Yes, my family was very involved in the decision, before I even talked to other companies.</p>
<p><em>What&rsquo;s the thing you&rsquo;re happiest about having built here? It cannot be &ldquo;all of <code>flyd</code>&rdquo;.</em></p>
<p>We&rsquo;ve enabled developers to run workloads from an OCI image and an API call all over the world. On any other cloud provider, the knowledge of how to pull that off comes with a professional certification.</p>
<p><em>In what file in our <code>nomad-firecracker</code> repository would I find that code?</em></p>
<p><a href='https://docs.machines.dev/#tag/machines/post/apps/{app_name}/machines' title=''>https://docs.machines.dev/#tag/machines/post/apps/{app_name}/machines</a></p>
<p><img alt="A diagram that doesn&#39;t make any of this clearer" src="/blog/the-exit-interview-jp/assets/flaps.png?1/2&amp;center" /></p>
<p><em>So you mean, literally, the whole Fly Machines API, and <code>flaps</code>, the API gateway for Fly Machines?</em></p>
<p>Yes, all of it. The <code>flaps</code> API server, the <code>flyd</code> RPCs it calls, the <code>flyd</code> finite state machine system, the interface to running VMs.</p>
<p><em>Is there something you especially like about that design?</em></p>
<p>I like that it for the most part doesn&rsquo;t require any central coordination. And I like that the P90 for Fly Machine <code>create</code> calls is sub-5-seconds for pretty much every region except for Johannesburg and Hong Kong.</p>
<p>I think the FSM design is something I&rsquo;m proud of; if I could take any code with me, it&rsquo;d be the <code>internal/fsm</code> in the <code>nomad-firecracker</code> repo.</p>
<div class="callout"><p>You can read more about <a href="https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/" title="">the <code>flyd</code> orchestrator JP led over here</a>. But, a quick decoder ring: <code>flyd</code> runs independently without any central coordination on thousands of “worker” servers around the globe. It’s structured as an API server for a bunch of finite state machine invocations, where an FSM might be something like “start a Fly Machine” or “create a new Fly Machine” or “cordon off a Fly Machine so we can update it”. Each FSM invocation is comprised of a bunch of steps, each of those steps has callbacks into the <code>flyd</code> code, and each step is logged in <a href="https://github.com/boltdb/bolt" title="">a BoltDB database</a>.</p>
</div>
<p><em>Thinking back, there are like two archetypes of insanely talented developers I’ve worked with. One is the kind that belts out ridiculous amounts of relatively sophisticated code on a whim, at like 3AM. Jerome [who leads our fly-proxy team], is that type. The other comes to projects with what feels like fully-formed, coherent designs that are not super intuitive, and the whole project just falls together around that design. Did you know you were going to do the FSM log thing when you started <code>flyd</code>?</em></p>
<p>I definitely didn&rsquo;t have any specific design in mind when I started on <code>flyd</code>. I think the FSM stuff is a result of work I did at Compose.io / MongoHQ (where it was called &ldquo;recipes&rdquo;/&ldquo;operations&rdquo;) and the workd I did at HashiCorp using Cadence.</p>
<p>Once I understood what the product needed to do and look like, having a way to perform deterministic and durable execution felt like a good design.</p>
<p><em>Cadence?</em></p>
<p><a href='https://cadenceworkflow.io/' title=''>Cadence</a> is the child of AWS Step Functions and the predecessor to <a href='https://temporal.io/' title=''>Temporal</a> (the company).</p>
<p>One of the biggest gains, with how it works in <code>flyd</code>, is knowing we would need to deploy <code>flyd</code> all day, every day. If <code>flyd</code> was in the middle of doing some work, it needed to pick back up right where it left off, post-deploy.</p>
<p><em>OK, next question. What&rsquo;s the most impressive thing you saw someone else build here? To make things simpler and take some pressure off the interview, we can exclude any of my works from consideration.</em></p>
<p>Probably <a href='https://github.com/superfly/corrosion' title=''><code>corrosion2</code></a>.</p>
<div class="callout"><p>Sidebar: <code>corrosion2</code> is our state distribution system. While <code>flyd</code> runs individual Fly Machines for users, each instance is solely responsible for its own state; there’s no global scheduler. But we have platform components, most obviously <code>fly-proxy</code>, our Anycast router, that need to know what’s running where. <code>corrosion2</code> is a Rust service that does <a href="https://fly.io/blog/building-clusters-with-serf/" title="">SWIM gossip</a> to propagate information from each worker into a CRDT-structured SQLite database. <code>corrosion2</code> essentially means any component on our fleet can do SQLite queries to get near-real-time information about any Fly Machine around the world.</p>
</div>
<p>If for no other reason than that we deployed <code>corrosion</code>, learned from it, and were able to make significant and valuable improvements — and then migrate to the new system in a short period of time.</p>
<p>Having a &ldquo;just SQLite&rdquo; interface, for async replicated changes around the world in seconds, it&rsquo;s pretty powerful.</p>
<p>If we invested in <a href='https://antithesis.com/' title=''>Anthesis</a> or TLA+ testing, I think there&rsquo;s <a href='https://github.com/superfly/corrosion' title=''>potential for other companies</a> to get value out of <code>corrosion2</code>.</p>
<p><em>Just as a general-purpose gossip-based SQLite CRDT gossip system?</em></p>
<p>Yes.</p>
<p><em>OK, you&rsquo;re being too nice. What&rsquo;s your least favorite thing about the platform?</em></p>
<p>GraphQL. No, Elixir. It&rsquo;s a tie between GraphQL and Elixir.</p>
<p>But probably GraphQL, by a hair.</p>
<p><em>That&rsquo;s not the answer I expected.</em></p>
<p>GraphQL slows everyone down, and everything. Elixir only slows me down.</p>
<p><em>The rest of the platform, you&rsquo;re fine with? No complaints?</em></p>
<p>I&rsquo;m happier now that we have <code>pilot</code>.</p>
<div class="callout"><p><code>pilot</code> is our new <code>init</code>. When we launch a Fly Machine, <code>init</code> is our foothold in the machine; this is unlike a normal OCI runtime, where “pid 1” is often the user’s entrypoint program. Our original <code>init</code> was so simple people dunked on it and said it might as well have been a bash script; over time, <code>init</code> has sprouted a bunch of new features. <code>pilot</code> consolidates those features, and, more importantly, is itself a complete OCI runtime; <code>pilot</code> can natively run containers inside of Fly Machines.</p>
</div>
<p>Before <code>pilot</code>, there really wasn&rsquo;t any contract between <code>flyd</code> and <code>init</code>. And <code>init</code> was just &ldquo;whatever we wanted <code>init</code> to be&rdquo;. That limit its ability to serve us.</p>
<p>Having <code>pilot</code> be an OCI-compliant runtime with an API for <code>flyd</code> to drive is a big win for the future of the Fly Machines API.</p>
<p><em>Was I right that we should have used SQLite for <code>flyd</code>, or were you wrong to have used BoltDB?</em></p>
<p>I still believe Bolt was the right choice. I&rsquo;ve never lost a second of sleep worried that someone is about to run a SQL update statement on a host, or across the whole fleet, and then mangled all our state data. And limiting the storage interface, by not using SQL, kept <code>flyd</code>&lsquo;s scope managed.</p>
<p>On the engine side of the platform, which is what <code>flyd</code> is, I still believe SQL is too powerful for what <code>flyd</code> does.</p>
<p><em>If you had this to do over again, would Bolt be precisely what you&rsquo;d pick, or is there something else you&rsquo;d want to try? Some cool-ass new KV store?</em></p>
<p>Nah. But, I&rsquo;d maybe consider a SQLite database per-Fly-Machine. Then the scope of danger is about as small as it could possibly be.</p>
<p><em>Whoah, that&rsquo;s an interesting thought. People sleep on the &ldquo;keep a zillion little SQLites&rdquo; design.</em></p>
<p>Yeah, with per-Machine SQLite, once a Fly Machine is destroyed, we can just zip up the database and stash it in object storage. The biggest hold-up I have about it is how we&rsquo;d manage the schemas.</p>
<p><em>OpenTelemetry: were you right all along?</em></p>
<p>One hundred percent.</p>
<p><em>I basically attribute oTel at Fly.io to you.</em></p>
<p>Without oTel, it&rsquo;d be a disaster trying to troubleshoot the system. I&rsquo;d have ragequit trying.</p>
<p><em>I remember there being a cost issue, with how much Honeycomb was going to end up charging us to manage all the data. But that seems silly in retrospect.</em></p>
<p>For sure. It is 100% part of the decision and the conversation. But: we didn&rsquo;t have the best track record running a logs/metrics cluster at this fidelity. It was worth the money to pay someone else to manage tracing data.</p>
<p><em>Strong agree. I think my only issue is just the extent to which it cruds up code. But I need to get over that.</em></p>
<p>Yes, it&rsquo;s very explicit. I think the next big part of oTel is going to be auto-instrumentation, for profiling.</p>
<p><em>You&rsquo;re a veteran Golang programmer. Say 3 nice things about Rust.</em></p>
<div class="callout"><p>Most of our backend is in Go, but <code>fly-proxy</code>, <code>corrosion2</code>, and <code>pilot</code> are in Rust.</p>
</div>
<ol>
<li>Option.
</li><li>Match.
</li><li>Serde macros.
</li></ol>
<p><em>Even I can&rsquo;t say shit about Option and match.</em></p>
<p>Match is so much better than anything in Go.</p>
<p><em>Elixir, Go, and Rust. An honest take on that programming cocktail.</em></p>
<p>Three&rsquo;s a crowd, Elixir can stay home.</p>
<p><em>If you could only lose one, you&rsquo;d keep Rust.</em></p>
<p>I&rsquo;ve learned its shortcomings and the productivity far outweighs having to deal with the Rust compiler.</p>
<p><em>You&rsquo;d be unhappy if we moved the <code>flaps</code> API code from Go to Elixir.</em></p>
<p>Correct.</p>
<p><em>I kind of buy the idea of doing orchestration and scheduling code, which is policy-intensive, in a higher-level language.</em></p>
<p>Maybe. If Ruby had a better concurrency story, I don&rsquo;t think Elixir would have a place for us.</p>
<div class="callout"><p>Here I need to note that Ruby is functionally dead here, and Elixir is ascendant.</p>
</div>
<p><em>We have an idiosyncratic management structure. We&rsquo;re bottom-up, but ambiguously so. We don&rsquo;t have roadmaps, except when we do. We have minimal top-down technical direction. Critique.</em></p>
<p>It&rsquo;s too easy to lose sight of whether your current focus [in what you&rsquo;re building] is valuable to the company.</p>
<p><em>The first thing I warn every candidate about on our &ldquo;do-not-work-here&rdquo; calls.</em></p>
<p>I think it comes down to execution, and accountability to actually finish projects. I spun a lot trying to figure out what would be the most valuable work for Fly Machines.</p>
<p><em>You don&rsquo;t have to be so nice about things.</em></p>
<p>We struggle a lot with consistent communication. We change direction a little too often. It got to a point where I didn&rsquo;t see a point in devoting time and effort into projects, because I&rsquo;d not be able to show enough value quick enough.</p>
<p><em>I see things paying off later than we&rsquo;d hoped or expected they would. Our secret storage system, Pet Semetary, is a good example of this. Our K8s service, FKS, is another obvious one, since we&rsquo;re shipping MPG on it.</em></p>
<p><em>This is your second time working Kurt, at a company where he&rsquo;s the CEO. Give him a 1-4 star rating. He can take it! At least, I think he can take it.</em></p>
<p>2022: ★★★★</p>
<p>2023: ★★</p>
<p>2024: ★★✩</p>
<p>2025: ★★★✩</p>
<p>On a four-star scale.</p>
<p><em>Whoah. I did not expect a histogram. Say more about 2023!</em></p>
<p>We hired too many people, too quickly, and didn&rsquo;t have the guardrails and structure in place for everybody to be successful.</p>
<p><em>Also: GPUs!</em></p>
<p>Yes. That was my next comment.</p>
<p><em>Do we secretly agree about GPUs?</em></p>
<p>I think so.</p>
<p><em>Our side won the argument in the end! But at what cost?</em></p>
<p>They were a killer distraction.</p>
<p><em>Final question: how long will you remain in the first-responder on-call rotation after you leave? I assume at least until August. I have a shift this weekend; can you swap with me? I keep getting weekends.</em></p>
<p>I am going to be asleep all weekend if any of my previous job changes are indicative.</p>
<p><em>I sleep through on-call too! But nobody can yell at you for it now. I think you have the comparative advantage over me in on-calling.</em></p>
<p>Yes I will absolutely take all your future on-call shifts, you have convinced me.</p>
<p><em>All this aside: it has been a privilege watching you work. I hope your next gig is 100x more relaxing than this was. Or maybe I just hope that for myself. Except: I&rsquo;ll never escape this place. Thank you so much for doing this.</em></p>
<p>Thank you! I&rsquo;m forever grateful for having the opportunity to be a part of Fly.io.</p>
</content>
</entry>
<entry>
<title>Did Semgrep Just Get A Lot More Interesting?</title>
<link rel="alternate" href="https://fly.io/blog/semgrep-but-for-real-now/"/>
<id>https://fly.io/blog/semgrep-but-for-real-now/</id>
<published>2025-02-10T00:00:00+00:00</published>
<updated>2025-02-14T21:30:41+00:00</updated>
<media:thumbnail url="https://fly.io/blog/semgrep-but-for-real-now/assets/ci-cd-cover.webp"/>
<content type="html"><div class="right-sidenote"><p>This whole paragraph is just one long sentence. God I love <a href="https://fly.io/blog/a-blog-if-kept/" title="">just random-ass blogging</a> again.</p>
</div>
<p><a href='https://ghuntley.com/stdlib/' title=''>This bit by Geoffrey Huntley</a> is super interesting to me and, despite calling out that LLM-driven development agents like Cursor have something like a 40% success rate at actually building anything that passes acceptance criteria, makes me think that more of the future of our field belongs to people who figure out how to use this weird bags of model weights than any of us are comfortable with. </p>
<p>I’ve been dinking around with Cursor for a week now (if you haven’t, I think it’s something close to malpractice not to at least take it — or something like it — for a spin) and am just now from this post learning that Cursor has this <a href='https://docs.cursor.com/context/rules-for-ai' title=''>rules feature</a>. </p>
<p>The important thing for me is not how Cursor rules work, but rather how Huntley uses them. He turns them back on themselves, writing rules to tell Cursor how to organize the rules, and then teach Cursor how to write (under human supervision) its own rules.</p>
<p>Cursor kept trying to get Huntley to use Bazel as a build system. So he had cursor write a rule for itself: “no bazel”. And there was no more Bazel. If I’d known I could do this, I probably wouldn’t have bounced from the Elixir project I had Cursor doing, where trying to get it to write simple unit tests got it all tangled up trying to make <a href='https://hexdocs.pm/mox/Mox.html' title=''>Mox</a> work. </p>
<p>But I’m burying the lead. </p>
<p>Security people have been for several years now somewhat in love with a tool called <a href='https://github.com/semgrep/semgrep' title=''>Semgrep</a>. Semgrep is a semantics-aware code search tool; using symbolic variable placeholders and otherwise ordinary code, you can write rules to match pretty much arbitary expressions and control flow. </p>
<p>If you’re an appsec person, where you obviously go with this is: you build a library of Semgrep searches for well-known vulnerability patterns (or, if you’re like us at Fly.io, you work out how to get Semgrep to catch the Rust concurrency footgun of RWLocks inside if-lets).</p>
<p>The reality for most teams though is “ain’t nobody got time for that”. </p>
<p>But I just checked and, unsurprisingly, 4o <a href='https://chatgpt.com/share/67aa94a7-ea3c-8012-845c-6c9491b33fe4' title=''>seems to do reasonably well</a> at generating Semgrep rules? Like: I have no idea if this rule is actually any good. But it looks like a Semgrep rule?</p>
<p>What interests me is this: it seems obvious that we’re going to do more and more “closed-loop” LLM agent code generation stuff. By “closed loop”, I mean that the thingy that generates code is going to get to run the code and watch what happens when it’s interacted with. You’re just a small bit of glue code and a lot of system prompting away from building something like that right now: <a href='https://x.com/chris_mccord/status/1882839014845374683' title=''>Chris McCord is building</a> a thingy that generates whole Elixir/Phoenix apps and runs them as Fly Machines. When you deploy these kinds of things, the LLM gets to see the errors when the code is run, and it can just go fix them. It also gets to see errors and exceptions in the logs when you hit a page on the app, and it can just go fix them.</p>
<p>With a bit more system prompting, you can get an LLM to try to generalize out from exceptions it fixes and generate unit test coverage for them. </p>
<p>With a little bit more system prompting, you can probably get an LLM to (1) generate a Semgrep rule for the generalized bug it caught, (2) test the Semgrep rule with a positive/negative control, (3) save the rule, (4) test the whole codebase with Semgrep for that rule, and (5) fix anything it finds that way. </p>
<p>That is a lot more interesting to me than tediously (and probably badly) trying to predict everything that will go wrong in my codebase a priori and Semgrepping for them. Which is to say: Semgrep — which I have always liked — is maybe a lot more interesting now? And tools like it?</p>
</content>
</entry>
<entry>
<title>A Blog, If You Can Keep It</title>
<link rel="alternate" href="https://fly.io/blog/a-blog-if-kept/"/>
<id>https://fly.io/blog/a-blog-if-kept/</id>
<published>2025-02-10T00:00:00+00:00</published>
<updated>2025-02-19T19:05:52+00:00</updated>
<media:thumbnail url="https://fly.io/blog/a-blog-if-kept/assets/keep-blog.webp"/>
<content type="html"><div class="lead"><p>A boldfaced lede like this was a sure sign you were reading a carefully choreographed EffortPost from our team at Fly.io. We’re going to do less of those. Or the same amount but more of a different kind of post. Either way: launch an app on Fly.io today!</p>
</div>
<p>Over the last 5 years, we’ve done pretty well for ourselves writing content for Hacker News. And that’s <a href='https://news.ycombinator.com/item?id=39373476' title=''>mostly</a> been good for us. We don’t do conventional marketing, we don’t have a sales team, the rest of social media is atomized over 5 different sites. Writing pieces that HN takes seriously has been our primary outreach tool.</p>
<p>There’s a recipe (probably several, but I know this one works) for charting a post on HN:</p>
<ol>
<li>Write an EffortPost, which is to say a dense technical piece over 2000 words long; within that rubric there’s a bunch of things that are catnip to HN, including runnable code, research surveys, and explainers. (There are also cat-repellants you learn to steer clear of.)
</li><li>Assiduously avoid promotion. You have to write for the audience. We get away with sporadically including a call-to-action block in our posts, but otherwise: the post should make sense even if an unrelated company posted it after you went out of business.
</li><li>Pick topics HN is interested in (it helps if all your topics are au courant for HN, and we’ve been <a href='https://news.ycombinator.com/item?id=32250426' title=''>very</a> <a href='https://news.ycombinator.com/item?id=32018066' title=''>lucky</a> in that regard).
</li><li>Like 5-6 more style-guide things that help incrementally. Probably 3 different teams writing for HN will have 3 different style guides with only like &frac12; overlap. Ours, for instances, instructs writers to swear.
</li></ol>
<p>I like this kind of writing. It’s not even a chore. But it’s become an impediment for us, for a couple reasons: the team serializes behind an “editorial” function here, which keeps us from publishing everything we want; worse, caring so much about our track record leaves us noodling on posts interminably (the poor <a href='https://www.tigrisdata.com/' title=''>Tigrises</a> have been waiting for months for me to publish the piece I wrote about them and FoundationDB; take heart, this post today means that one is coming soon).</p>
<p>But worst of all, I worried incessantly about us <a href='https://gist.github.com/tqbf/e853764b562a2d72a91a6986ca3b77c0' title=''>wearing out our welcome</a>. To my mind, we’d have 1, maybe 2 bites at the HN apple in a given month, and we needed to make them count.</p>
<p>That was dumb. I am dumb about a lot of things! I came around to understanding this after Kurt demanded I publish my blog post about BFAAS (Bash Functions As A Service), 500 lines of Go code that had generated 4500 words in my draft. It was only after I made the decision to stop gatekeeping this blog that I realized <a href='https://simonwillison.net/' title=''>Simon Willison</a> has been disproving my “wearing out the welcome” theory, day in and day out, for years. He just writes stuff about LLMs when it interests him. I mean, it helps that he’s a better writer than we are. But he’s not wasting time choreographing things.</p>
<p>Back in like 2009, <a href='https://web.archive.org/web/20110806040300/http://chargen.matasano.com/chargen/2009/7/22/if-youre-typing-the-letters-a-e-s-into-your-code-youre-doing.html' title=''>we had a blog</a> at another company I was at. That blog drove a lot of business for us (and, on three occasions, almost killed me). It was not in the least bit optimized for HN. I like pretending to be a magazine feature writer, but I miss writing dashed-off pieces every day and clearing space for other people on the team to write as well.</p>
<p>So this is all just a heads up: we’re trying something new. This is a very long and self-indulgent way to say “we’re going to write a normal blog like it’s 2008”, but that’s how broken my brain is after years of having my primary dopaminergic rewards come from how long Fly.io blog posts stay on the front page: I have to disclaim blogging before we start doing it, lest I fail to meet expectations.</p>
<p>Like I said. I’m real dumb. But: looking forward to getting a lot more stuff out on the web for people to read this year!</p>
</content>
</entry>
<entry>
<title>VSCode’s SSH Agent Is Bananas</title>
<link rel="alternate" href="https://fly.io/blog/vscode-ssh-wtf/"/>
<id>https://fly.io/blog/vscode-ssh-wtf/</id>
<published>2025-02-07T00:00:00+00:00</published>
<updated>2025-02-14T21:30:41+00:00</updated>
<media:thumbnail url="https://fly.io/static/images/default-post-thumbnail.webp"/>
<content type="html"><p>We’re interested in getting integrated into the flow VSCode uses to do remote editing over SSH, because everybody is using VSCode now, and, in particular, they’re using forks of VSCode that generate code with LLMs. </p>
<div class="right-sidenote"><p>”hallucination” is what we call it when LLMs get code wrong; “engineering” is what we call it when people do.</p>
</div>
<p>LLM-generated code is <a href='https://nicholas.carlini.com/writing/2024/how-i-use-ai.html' title=''>useful in the general case</a> if you know what you’re doing. But it’s ultra-useful if you can close the loop between the LLM and the execution environment (with an “Agent” setup). There’s lots to say about this, but for the moment: it’s a semi-effective antidote to hallucination: the LLM generates the code, the agent scaffolding runs the code, the code generates errors, the agent feeds it back to the LLM, the process iterates. </p>
<p>So, obviously, the issue here is you don’t want this iterative development process happening on your development laptop, because LLMs have boundary issues, and they’ll iterate on your system configuration just as happily on the Git project you happen to be working in. A thing you’d really like to be able to do: run a closed-loop agent-y (“agentic”? is that what we say now) configuration for an LLM, on a clean-slate Linux instance that spins up instantly and that can’t screw you over in any way. You get where we’re going with this.</p>
<p>Anyways! I would like to register a concern.</p>
<p>Emacs hosts the spiritual forebearer of remote editing systems, a blob of hyper-useful Elisp called <a href='https://www.gnu.org/software/tramp/' title=''>“Tramp”</a>. If you can hook Tramp up to any kind of interactive environment — usually, an SSH session — where it can run Bourne shell commands, it can extend Emacs to that environment.</p>
<p>So, VSCode has a feature like Tramp. Which, neat, right? You’d think, take Tramp, maybe simplify it a bit, switch out Elisp for Typescript.</p>
<p>You’d think wrong!</p>
<p>Unlike Tramp, which lives off the land on the remote connection, VSCode mounts a full-scale invasion: it runs a Bash snippet stager that downloads an agent, including a binary installation of Node. </p>
<p>I <em>think</em> this is <a href='https://github.com/microsoft/vscode/tree/c9e7e1b72f80b12ffc00e06153afcfedba9ec31f/src/vs/server/node' title=''>the source code</a>?</p>
<p>The agent runs over port-forwarded SSH. It establishes a WebSockets connection back to your running VSCode front-end. The underlying protocol on that connection can:</p>
<ul>
<li>Wander around the filesystem
</li><li>Edit arbitrary files
</li><li>Launch its own shell PTY processes
</li><li>Persist itself
</li></ul>
<p>In security-world, there’s a name for tools that work this way. I won’t say it out loud, because that’s not fair to VSCode, but let’s just say the name is murid in nature.</p>
<p>I would be a little nervous about letting people VSCode-remote-edit stuff on dev servers, and apoplectic if that happened during an incident on something in production. </p>
<p>It turns out we don’t have to care about any of this to get a custom connection to a Fly Machine working in VSCode, so none of this matters in any kind of deep way, but: we’ve decided to just be a blog again, so: we had to learn this, and now you do too.</p>
</content>
</entry>
<entry>
<title>AI GPU Clusters, From Your Laptop, With Livebook</title>
<link rel="alternate" href="https://fly.io/blog/ai-gpu-clusters-from-your-laptop-livebook/"/>
<id>https://fly.io/blog/ai-gpu-clusters-from-your-laptop-livebook/</id>
<published>2024-09-24T00:00:00+00:00</published>
<updated>2024-09-24T17:19:49+00:00</updated>
<media:thumbnail url="https://fly.io/blog/ai-gpu-clusters-from-your-laptop-livebook/assets/ai-gpu-livebook-thumb.webp"/>
<content type="html"><div class="lead"><p>Livebook, FLAME, and the Nx stack: three Elixir components that are easy to describe, more powerful than they look, and intricately threaded into the Elixir ecosystem. A few weeks ago, Chris McCord (👋) and Chris Grainger showed them off at ElixirConf 2024. We thought the talk was worth a recap.</p>
</div>
<p>Let&rsquo;s begin by introducing our cast of characters.</p>
<p><a href='https://livebook.dev/' title=''>Livebook</a> is usually described as Elixir&rsquo;s answer to <a href='https://jupyter.org/' title=''>Jupyter Notebooks</a>. And that&rsquo;s a good way to think about it. But Livebook takes full advantage of the Elixir platform, which makes it sneakily powerful. By linking up directly with Elixir app clusters, Livebook can switch easily between driving compute locally or on remote servers, and makes it easy to bring in any kind of data into reproducible workflows.</p>
<p><a href='https://fly.io/blog/rethinking-serverless-with-flame/' title=''>FLAME</a> is the Elixir&rsquo;s answer to serverless computing. By having the library manage a pool of executors for you, FLAME lets you treat your entire application as if it was elastic and scale-to-zero. You configure FLAME with some basic information about where to run code and how many instances it&rsquo;s allowed to run with, and then mark off any arbitrary section of code with <code>Flame.call</code>. The framework takes care of the rest. It&rsquo;s the upside of serverless without committing yourself to blowing your app apart into tiny, intricately connected pieces.</p>
<p>The <a href='https://github.com/elixir-nx' title=''>Nx stack</a> is how you do Elixir-native AI and ML. Nx gives you an Elixir-native notion of tensor computations with GPU backends. <a href='https://github.com/elixir-nx/axon' title=''>Axon</a> builds a common interface for ML models on top of it. <a href='https://github.com/elixir-nx/bumblebee' title=''>Bumblebee</a> makes those models available to any Elixir app that wants to download them, from just a couple lines of code.</p>
<p>Here is quick video showing how to transfer a local tensor to a remote GPU, using Livebook, FLAME, and Nx:</p>
<div class="youtube-container" data-exclude-render>
<div class="youtube-video">
<iframe
width="100%"
height="100%"
src="https://www.youtube.com/embed/5ImP3gpUSkQ"
frameborder="0"
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
allowfullscreen>
</iframe>
</div>
</div>
<p>Let&rsquo;s dive into the <a href='https://www.youtube.com/watch?v=4qoHPh0obv0' title=''>keynote</a>.</p>
<h2 id='poking-a-hole-in-your-infrastructure' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#poking-a-hole-in-your-infrastructure' aria-label='Anchor'></a><span class='plain-code'>Poking a hole in your infrastructure</span></h2>
<p>Any Livebook, including the one running on your laptop, can start a runtime running on a Fly Machine, in Fly.io&rsquo;s public cloud. That Elixir machine will (by default) live in your default Fly.io organization, giving it networked access to all the other apps that might live there.</p>
<p>This is an access control situation that mostly just does what you want it to do without asking. Unless you ask it to, Fly.io isn&rsquo;t exposing anything to the Internet, or to other users of Fly.io. For instance: say we have a database we&rsquo;re going to use to generate reports. It can hang out on our Fly organization, inside of a private network with no connectivity to the world. We can spin up a Livebook instance that can talk to it, without doing any network or infrastructure engineering to make that happen.</p>
<p>But wait, there&rsquo;s more. Because this is all Elixir, Livebook also allows you to connect to any running Erlang/Elixir application in your infrastructure to debug, introspect, and monitor them.</p>
<p>Check out this clip of Chris McCord connecting <a href='https://rtt.fly.dev/' title=''>to an existing application</a> during the keynote:</p>
<div class="youtube-container" data-exclude-render>
<div class="youtube-video">
<iframe
width="100%"
height="100%"
src="https://www.youtube.com/embed/4qoHPh0obv0?start=1106"
frameborder="0"
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
allowfullscreen>
</iframe>
</div>
</div>
<p>Running a snippet of code from a laptop on a remote server is a neat trick, but Livebook is doing something deeper than that. It&rsquo;s taking advantage of Erlang/Elixir&rsquo;s native facility with cluster computation and making it available to the notebook. As a result, when we do things like auto-completing, Livebook delivers results from modules defined on the remote note itself. 🤯</p>
<h2 id='elastic-scale-with-flame' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#elastic-scale-with-flame' aria-label='Anchor'></a><span class='plain-code'>Elastic scale with FLAME</span></h2>
<p>When we first introduced FLAME, the example we used was video encoding.</p>
<p>Video encoding is complicated and slow enough that you&rsquo;d normally make arrangements to run it remotely or in a background job queue, or as a triggerable Lambda function. The point of FLAME is to get rid of all those steps, and give them over to the framework instead. So: we wrote our <code>ffpmeg</code> calls inline like normal code, as if they were going to complete in microseconds, and wrapped them in <code>Flame.call</code> blocks. That was it, that was the demo.</p>
<p>Here, we&rsquo;re going to put a little AI spin on it.</p>
<p>The first thing we&rsquo;re doing here is driving FLAME pools from Livebook. Livebook will automatically synchronize your notebook dependencies as well as any module or code defined in your notebook across nodes. That means any code we write in our notebook can be dispatched transparently out to arbitrarily many compute nodes, without ceremony.</p>
<p>Now let&rsquo;s add some AI flair. We take an object store bucket full of video files. We use <code>ffmpeg</code> to extract stills from the video at different moments. Then: we send them to <a href='https://www.llama.com/' title=''>Llama</a>, running on <a href='https://fly.io/gpu' title=''>GPU Fly Machines</a> (still locked to our organization), to get descriptions of the stills.</p>
<p>All those stills and descriptions get streamed back to our notebook, in real time:</p>
<div class="youtube-container" data-exclude-render>
<div class="youtube-video">
<iframe
width="100%"
height="100%"
src="https://www.youtube.com/embed/4qoHPh0obv0?start=1692"
frameborder="0"
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
allowfullscreen>
</iframe>
</div>
</div>
<p>At the end, the descriptions are sent to <a href='https://mistral.ai/' title=''>Mistral</a>, which builds a summary.</p>
<p>Thanks to FLAME, we get explicit control over the minimum and the maximum amount of nodes you want running at once, as well their concurrency settings. As nodes finish processing each video, new ones are automatically sent to them, until the whole bucket has been traversed. Each node will automatically shut down after an idle timeout and the whole cluster terminates if you disconnect the Livebook runtime.</p>
<p>Just like your app code, FLAME lets you take your notebook code designed to run locally, change almost nothing, and elastically execute it across ephemeral infrastructure.</p>
<h2 id='64-gpus-hyperparameter-tuning-on-a-laptop' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#64-gpus-hyperparameter-tuning-on-a-laptop' aria-label='Anchor'></a><span class='plain-code'>64-GPUs hyperparameter tuning on a laptop</span></h2>
<p>Next, Chris Grainger, CTO of <a href='https://amplified.ai/' title=''>Amplified</a>, takes the stage.</p>
<p>For work at Amplified, Chris wants to analyze a gigantic archive of patents, on behalf of a client doing edible cannibinoid work. To do that, he uses a BERT model (BERT, from Google, is one of the OG &ldquo;transformer&rdquo; models, optimized for text comprehension).</p>
<p>To make the BERT model effective for this task, he&rsquo;s going to do a hyperparameter training run.</p>
<p>This is a much more complicated AI task than the Llama work we just showed up. Chris is going to generate a cluster of 64 GPU Fly Machines, each running an <a href='https://fly.io/blog/cutting-prices-for-l40s-gpus-in-half/' title=''>L40s GPU</a>. On each of these nodes, he needs to:</p>
<ul>
<li>setup its environment (including native dependencies and GPU bindings)
</li><li>load the training data
</li><li>compile a different version of BERT with different parameters, optimizers, etc.
</li><li>start the fine-tuning
</li><li>stream its results in real-time to each assigned chart
</li></ul>
<p>Here&rsquo;s the clip. You&rsquo;ll see the results stream in, in real time, directly back to his Livebook. We&rsquo;ll wait, because it won&rsquo;t take long to watch:</p>
<div class="youtube-container" data-exclude-render>
<div class="youtube-video">
<iframe
width="100%"
height="100%"
src="https://www.youtube.com/embed/4qoHPh0obv0?start=3344"
frameborder="0"
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
allowfullscreen>
</iframe>
</div>
</div>
<h2 id='this-is-just-the-beginning' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#this-is-just-the-beginning' aria-label='Anchor'></a><span class='plain-code'>This is just the beginning</span></h2>
<p>The suggestion of mixing Livebook and FLAME to elastically scale notebook execution was originally proposed by Chris Grainger during ElixirConf EU. During the next four months, Jonatan Kłosko, Chris McCord, and José Valim worked part-time on making it a reality in time for ElixirConf US. Our ability to deliver such a rich combination of features in such a short period of time is a testament to the capabilities of the Erlang Virtual Machine, which Elixir and Livebook runs on. Other features, such as <a href='https://github.com/elixir-explorer/explorer/issues/932' title=''>remote dataframes and distributed GC</a>, were implemented in a weekend. Bringing the same functionality to other ecosystems would take several additional months, sometimes accompanied by millions in funding, and often times as part of a closed-source product.</p>
<p>Furthermore, since we announced this feature, <a href='https://github.com/mruoss' title=''>Michael Ruoss</a> stepped in and brought the same functionality to Kubernetes. From Livebook v0.14.1, you can start Livebook runtimes inside a Kubernetes cluster and also use FLAME to elastically scale them. Expect more features and news in this space!</p>
<p>Finally, Fly&rsquo;s infrastructure played a key role in making it possible to start a cluster of GPUs in seconds rather than minutes, and all it requires is a Docker image. We&rsquo;re looking forward to see how other technologies and notebook platforms can leverage Fly to also elevate their developer experiences.</p>
<figure class="post-cta">
<figcaption>
<h1>Launch a GPU app in seconds</h1>
<p>Run your own LLMs or use Livebook for elastic GPU workflows&nbsp✨</p>
<a class="btn btn-lg" href="/gpu">
Go! &nbsp;<span class='opacity-50'>→</span>
</a>
</figcaption>
<div class="image-container">
<img src="/static/images/cta-turtle.webp" srcset="/static/images/[email protected] 2x" alt="">
</div>
</figure>
</content>
</entry>
<entry>
<title>Accident Forgiveness</title>
<link rel="alternate" href="https://fly.io/blog/accident-forgiveness/"/>
<id>https://fly.io/blog/accident-forgiveness/</id>
<published>2024-08-21T00:00:00+00:00</published>
<updated>2024-09-11T00:04:08+00:00</updated>
<media:thumbnail url="https://fly.io/blog/accident-forgiveness/assets/money-for-mistakes-blog-thumb.webp"/>
<content type="html"><div class="lead"><p>We’re Fly.io, a new public cloud with simple, developer-friendly ergonomics. <a href="https://fly.io/speedrun" title="">Try it out; you’ll be deployed in just minutes</a>, and, as you’re about to read, with less financial risk.</p>
</div>
<p>Public cloud billing is terrifying.</p>
<p>The premise of a public cloud &mdash; what sets it apart from a hosting provider &mdash; is 8,760 hours/year of on-tap deployable compute, storage, and networking. Cloud resources are &ldquo;elastic&rdquo;: they&rsquo;re acquired and released as needed; in the &ldquo;cloud-iest&rdquo; apps, without human intervention. Public cloud resources behave like utilities, and that&rsquo;s how they&rsquo;re priced.</p>
<p>You probably can&rsquo;t tell me how much electricity your home is using right now, and may only come within tens of dollars of accurately predicting your water bill. But neither of those bills are all that scary, because you assume there&rsquo;s a limit to how much you could run them up in a single billing interval.</p>
<p>That&rsquo;s not true of public clouds. There are only so many ways to &ldquo;spend&rdquo; water at your home, but there are indeterminably many ways to land on a code path that grabs another VM, or to miskey a configuration, or to leak long-running CI/CD environments every time a PR gets merged. Pick a practitioner at random, and I bet they&rsquo;ve read a story within the last couple months about someone running up a galactic-scale bill at some provider or other.</p>
<h2 id='implied-accident-forgiveness' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#implied-accident-forgiveness' aria-label='Anchor'></a><span class='plain-code'>Implied Accident Forgiveness</span></h2>
<p>For people who don&rsquo;t do a lot of cloud work, what all this means is that every PR push sets off a little alarm in the back of their heads: &ldquo;you may have just incurred $200,000 of costs!&rdquo;. The alarm is quickly silenced, though it&rsquo;s still subtly extracting a cortisol penalty. But by deadening the nerves that sense the danger of unexpected charges, those people are nudged closer to themselves being the next story on Twitter about an accidental $200,000 bill.</p>
<p>The saving grace here, which you&rsquo;ll learn if you ever become that $200,000 story, is that nobody pays those bills.</p>
<p>See, what cloud-savvy people know already is that providers have billing support teams, which spend a big chunk of their time conceding disputed bills. If you do something luridly stupid and rack up costs, AWS and GCP will probably cut you a break. We will too. Everyone does.</p>
<p>If you didn&rsquo;t already know this, you&rsquo;re welcome; I&rsquo;ve made your life a little better, even if you don&rsquo;t run things on Fly.io.</p>
<p>But as soothing as it is to know you can get a break from cloud providers, the billing situation here is still a long ways away from &ldquo;good&rdquo;. If you accidentally add a zero to a scale count and don&rsquo;t notice for several weeks, AWS or GCP will probably cut you a break. But they won&rsquo;t <em>definitely</em> do it, and even though your odds are good, you&rsquo;re still finding out at email- and phone-tag scale speeds. That&rsquo;s not fun!</p>
<h2 id='explicit-accident-forgiveness' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#explicit-accident-forgiveness' aria-label='Anchor'></a><span class='plain-code'>Explicit Accident Forgiveness</span></h2>
<p>Charging you for stuff you didn&rsquo;t want is bad business.</p>
<p>Good business, we think, means making you so comfortable with your cloud you try new stuff. You, and everyone else on your team. Without a chaperone from the finance department.</p>
<p>So we&rsquo;re going to do the work to make this official. If you&rsquo;re a customer of ours, we&rsquo;re going to charge you in exacting detail for every resource you intentionally use of ours, but if something blows up and you get an unexpected bill, we&rsquo;re going to let you off the hook.</p>
<h2 id='not-so-fast' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#not-so-fast' aria-label='Anchor'></a><span class='plain-code'>Not So Fast</span></h2>
<p>This is a Project, with a capital P. While we&rsquo;re kind of kicking ourselves for not starting it earlier, there are reasons we couldn&rsquo;t do it back in 2020.</p>
<p>The Fully Automated Accident-Forgiving Billing System of the Future (which we are in fact building and may even one day ship) will give you a line-item veto on your invoice. We are a long ways away. The biggest reason is fraud.</p>
<p>Sit back, close your eyes, and try to think about everything public clouds do to make your life harder. Chances are, most of those things are responses to fraud. Cloud platforms attract fraudsters like ants to an upturned ice cream cone. Thanks to the modern science of cryptography, fraudsters have had a 15 year head start on turning metered compute into picodollar-granular near-money assets.</p>
<p>Since there&rsquo;s no bouncer at the door checking IDs here, an open-ended and automated commitment to accident forgiveness is, with iron certainty, going to be used overwhelmingly in order to trick us into &ldquo;forgiving&rdquo; cryptocurrency miners. We&rsquo;re cloud platform engineers. They&rsquo;re our primary pathogen.</p>
<p>So, we&rsquo;re going to roll this out incrementally.</p>
<div class="callout"><p><strong class="font-semibold text-navy-950">Why not billing alerts?</strong> We’ll get there, but here too there are reasons we haven’t yet: (1) meaningful billing alerts were incredibly difficult to do with our previous billing system, and building the new system and migrating our customers to it has been a huge lift, a nightmare from which we are only now waking (the billing system’s official name); and (2) we’re wary about alerts being a product design cop-out; if we can alert on something, why aren’t we fixing it?</p>
</div><h2 id='accident-forgiveness-v0-84beta' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#accident-forgiveness-v0-84beta' aria-label='Anchor'></a><span class='plain-code'>Accident Forgiveness v0.84beta</span></h2>
<p>All the same subtextual, implied reassurances that every cloud provider offers remain in place at Fly.io. You are strictly better off after this announcement, we promise.</p>
<div class="right-sidenote"><p>I added the “almost” right before publishing, because I’m chicken.</p>
</div>
<p>Now: for customers that have a support contract with us, at any level, there&rsquo;s something new: I&rsquo;m saying the quiet part loud. The next time you see a bill with an unexpected charge on it, we&rsquo;ll refund that charge, (almost) no questions asked.</p>
<p>That policy is so simple it feels anticlimactic to write. So, some additional color commentary:</p>
<p>We&rsquo;re not advertising a limit to the number of times you can do this. If you&rsquo;re a serious customer of ours, I promise that you cannot remotely fathom the fullness of our fellow-feeling. You&rsquo;re not annoying us by getting us to refund unexpected charges. If you are growing a project on Fly.io, we will bend over backwards to keep you growing.</p>
<p>How far can we take this? How simple can we keep this policy? We&rsquo;re going to find out together.</p>
<p>To begin with, and in the spirit of &ldquo;doing things that won&rsquo;t scale&rdquo;, when we forgive a bill, what&rsquo;s going to happen next is this: I&rsquo;m going to set an irritating personal reminder for Kurt to look into what happened, now and then the day before your next bill, so we can see what&rsquo;s going wrong. He&rsquo;s going to hate that, which is the point: our best feature work is driven by Kurt-hate.</p>
<p>Obviously, if you&rsquo;re rubbing your hands together excitedly over the opportunity this policy presents, then, well, not so much with the fellow-feeling. We reserve the right to cut you off.</p>
<figure class="post-cta">
<figcaption>
<h1>Support For Developers, By Developers</h1>
<p>Explicit Accident Forgiveness is just one thing we like about Support at Fly.io.</p>
<a class="btn btn-lg" href="https://fly.io/accident-forgiveness">
Go find out! &nbsp;<span class='opacity-50'>→</span>
</a>
</figcaption>
<div class="image-container">
<img src="/static/images/cta-cat.webp" srcset="/static/images/[email protected] 2x" alt="">
</div>
</figure>
<h2 id='whats-next-accident-protection' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#whats-next-accident-protection' aria-label='Anchor'></a><span class='plain-code'>What&rsquo;s Next: Accident Protection</span></h2>
<p>We think this is a pretty good first step. But that&rsquo;s all it is.</p>
<p>We can do better than offering you easy refunds for mistaken deployments and botched CI/CD jobs. What&rsquo;s better than getting a refund is never incurring the charge to begin with, and that&rsquo;s the next step we&rsquo;re working on.</p>
<div class="right-sidenote"><p>More to come on that billing system.</p>
</div>
<p>We built a new billing system so that we can do things like that. For instance: we&rsquo;re in a position to catch sudden spikes in your month-over-month bills, flag them, and catch weird-looking deployments before we bill for them.</p>
<p>Another thing we rebuilt billing for is <a href='https://community.fly.io/t/reservation-blocks-40-discount-on-machines-when-youre-ready-to-commit/20858' title=''>reserved pricing</a>. Already today you can get a steep discount from us reserving blocks of compute in advance. The trick to taking advantage of reserved pricing is confidently predicting a floor to your usage. For a lot of people, that means fighting feelings of loss aversion (nobody wants to get gym priced!). So another thing we can do in this same vein: catch opportunities to move customers to reserved blocks, and offer backdated reservations. We&rsquo;ll figure this out too.</p>
<p>Someday, when we&rsquo;re in a monopoly position, our founders have all been replaced by ruthless MBAs, and Kurt has retired to farm coffee beans in lower Montana, we may stop doing this stuff. But until that day this is the right choice for our business.</p>
<p>Meanwhile: like every public cloud, we provision our own hardware, and we have excess capacity. Your messed-up CI/CD jobs didn&rsquo;t really cost us anything, so if you didn&rsquo;t really want them, they shouldn&rsquo;t cost you anything either. Take us up on this! We love talking to you.</p>
</content>
</entry>
<entry>
<title>We're Cutting L40S Prices In Half</title>
<link rel="alternate" href="https://fly.io/blog/cutting-prices-for-l40s-gpus-in-half/"/>
<id>https://fly.io/blog/cutting-prices-for-l40s-gpus-in-half/</id>
<published>2024-08-15T00:00:00+00:00</published>
<updated>2024-09-11T00:04:08+00:00</updated>
<media:thumbnail url="https://fly.io/blog/cutting-prices-for-l40s-gpus-in-half/assets/gpu-ga-thumb.webp"/>
<content type="html"><div class="lead"><p>We’re Fly.io, a new public cloud with simple, developer-friendly ergonomics. And as of today, cheaper GPUs. <a href="https://fly.io/speedrun" title="">Try it out; you’ll be deployed in just minutes</a>.</p>
</div>
<p>We just lowered the prices on NVIDIA L40s GPUs to $1.25 per hour. Why? Because our feet are cold and we burn processor cycles for heat. But also other reasons.</p>
<p>Let&rsquo;s back up.</p>
<p>We offer 4 different NVIDIA GPU models; in increasing order of performance, they&rsquo;re the A10, the L40S, the 40G PCI A100, and the 80G SXM A100. Guess which one is most popular.</p>
<p>We guessed wrong, and spent a lot of time working out how to maximize the amount of GPU power we could deliver to a single Fly Machine. Users surprised us. By a wide margin, the most popular GPU in our inventory is the A10.</p>
<p>The A10 is an older generation of NVIDIA GPU with fewer, slower cores and less memory. It&rsquo;s the least capable GPU we offer. But that doesn&rsquo;t matter, because it&rsquo;s capable enough. It&rsquo;s solid for random inference tasks, and handles mid-sized generative AI stuff like Mistral Nemo or Stable Diffusion. For those workloads, there&rsquo;s not that much benefit in getting a beefier GPU.</p>
<p>As a result, we can&rsquo;t get new A10s in fast enough for our users.</p>
<p>If there&rsquo;s one thing we&rsquo;ve learned by talking to our customers over the last 4 years, it&rsquo;s that y&#39;all love a peek behind the curtain. So we&rsquo;re going to let you in on a little secret about how a hardware provider like Fly.io formulates GPU strategy: none of us know what the hell we&rsquo;re doing.</p>
<p>If you had asked us in 2023 what the biggest GPU problem we could solve was, we&rsquo;d have said &ldquo;selling fractional A100 slices&rdquo;. We burned a whole quarter trying to get MIG, or at least vGPUs, working through IOMMU PCI passthrough on Fly Machines, in a project so cursed that Thomas has forsworn ever programming again. Then we went to market selling whole A100s, and for several more months it looked like the biggest problem we needed to solve was finding a secure way to expose NVLink-ganged A100 clusters to VMs so users could run training. Then H100s; can we find H100s anywhere? Maybe in a black market in Shenzhen?</p>
<p>And here we are, a year later, looking at the data, and the least sexy, least interesting GPU part in the catalog is where all the action is.</p>
<p>With actual customer data to back up the hypothesis, here&rsquo;s what we think is happening today:</p>
<ul>
<li>Most users who want to plug GPU-accelerated AI workloads into fast networks are doing inference, not training.
</li><li>The hyperscaler public clouds strangle these customers, first with GPU instance surcharges, and then with egress fees for object storage data when those customers try to outsource the GPU stuff to GPU providers.
</li><li>If you&rsquo;re trying to do something GPU-accelerated in response to an HTTP request, the right combination of GPU, instance RAM, fast object storage for datasets and model parameters, and networking is much more important than getting your hands on an H100.
</li></ul>
<p>This is a thing we didn&rsquo;t see coming, but should have: training workloads tend to look more like batch jobs, and inference tends to look more like transactions. Batch training jobs aren&rsquo;t that sensitive to networking or even reliability. Live inference jobs responding to end-user HTTP requests are. So, given our pricing, of course the A10s are a sweet spot.</p>
<p>The next step up in our lineup after the A10 is the L40S. The L40S is a nice piece of kit. We&rsquo;re going to take a beat here and sell you on the L40S, because it&rsquo;s kind of awesome.</p>
<p>The L40S is an AI-optimized version of the L40, which is the data center version of the GeForce RTX 4090, resembling two 4090s stapled together.</p>
<p>If you&rsquo;re not a GPU hardware person, the RTX 4090 is a gaming GPU, the kind you&rsquo;d play ray-traced Witcher 3 on. NVIDIA&rsquo;s high-end gaming GPUs are actually reasonably good at AI workloads! But they suck in a data center rack: they chug power, they&rsquo;re hard to cool, and they&rsquo;re less dense. Also, NVIDIA can&rsquo;t charge as much for them.</p>
<p>Hence the L40: (much) more memory, less energy consumption, designed for a rack, not a tower case. Marked up for &ldquo;enterprise&rdquo;.</p>
<p>NVIDIA positioned the L40 as a kind of &ldquo;graphics&rdquo; AI GPU. Unlike the super high-end cards like the A100/H100, the L40 keeps all the rendering hardware, so it&rsquo;s good for 3D graphics and video processing. Which is sort of what you&rsquo;d expect from a &ldquo;professionalized&rdquo; GeForce card.</p>
<p>A funny thing happened in the middle of 2023, though: the market for ultra-high-end NVIDIA cards went absolutely batshit. The huge cards you&rsquo;d gang up for training jobs got impossible to find, and NVIDIA became one of the most valuable companies in the world. Serious shops started working out plans to acquire groups of L40-type cards to work around the problem, whether or not they had graphics workloads.</p>
<p>The only company in this space that does know what they&rsquo;re doing is NVIDIA. Nobody has written a highly-ranked Reddit post about GPU workloads without NVIDIA noticing and creating a new SKU. So they launched the L40S, which is an L40 with AI workload compute performance comparable to that of the A100 (without us getting into the details of F32 vs. F16 models).</p>
<p>Long story short, the L40S is an A100-performer that we can price for A10 customers; the Volkswagen GTI of our lineup. We&rsquo;re going to see if we can make that happen.</p>
<p>We think the combination of just-right-sized inference GPUs and Tigris object storage is pretty killer:</p>
<ul>
<li>model parameters, data sets, and compute are all close together
</li><li>everything plugged into an Anycast network that&rsquo;s fast everywhere in the world
</li><li>on VM instances that have enough memory to actually run real frameworks on
</li><li>priced like we actually want you to use it.
</li></ul>
<p>You should use L40S cards without thinking hard about it. So we&rsquo;re making it official. You won&rsquo;t pay us a dime extra to use one instead of an A10. Have at it! Revolutionize the industry. For $1.25 an hour.</p>
<p>Here are things you can do with an L40S on Fly.io today:</p>
<ul>
<li>You can run Llama 3.1 70B — a big Llama — for LLM jobs.
</li><li>You can run Flux from Black Forest Labs for genAI images.
</li><li>You can run Whisper for automated speech recognition.
</li><li>You can do whole-genome alignment with SegAlign (Thomas&rsquo; biochemist kid who has been snatching free GPU hours for his lab gave us this one, and we&rsquo;re taking his word for it).
</li><li>You can run DOOM Eternal, building the Stadia that Google couldn&rsquo;t pull off, because the L40S hasn&rsquo;t forgotten that it&rsquo;s a graphics GPU.
</li></ul>
<p>It&rsquo;s going to get chilly in Chicago in a month or so. Go light some cycles on fire! </p>
</content>
</entry>
<entry>
<title>Making Machines Move</title>
<link rel="alternate" href="https://fly.io/blog/machine-migrations/"/>
<id>https://fly.io/blog/machine-migrations/</id>
<published>2024-07-30T00:00:00+00:00</published>
<updated>2024-08-09T12:14:08+00:00</updated>
<media:thumbnail url="https://fly.io/blog/machine-migrations/assets/migrations-thumb.webp"/>
<content type="html"><div class="lead"><p>We’re Fly.io, a global public cloud with simple, developer-friendly ergonomics. If you’ve got a working Docker image, we’ll transmogrify it into a Fly Machine: a VM running on our hardware anywhere in the world. <a href="https://fly.io/speedrun" title="">Try it out; you’ll be deployed in just minutes</a>.</p>
</div>
<p>At the heart of our platform is a systems design tradeoff about durable storage for applications. When we added storage three years ago, to support stateful apps, we built it on attached NVMe drives. A benefit: a Fly App accessing a file on a Fly Volume is never more than a bus hop away from the data. A cost: a Fly App with an attached Volume is anchored to a particular worker physical.</p>
<div class="right-sidenote"><p><code>bird</code>: a BGP4 route server.</p>
</div>
<p>Before offering attached storage, our on-call runbook was almost as simple as “de-bird that edge server”, “tell <a href='https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/' title=''>Nomad</a> to drain that worker”, and “go back to sleep”. NVMe cost us that drain operation, which terribly complicated the lives of our infra team. We’ve spent the last year getting “drain” back. It’s one of the biggest engineering lifts we&rsquo;ve made, and if you didn’t notice, we lifted it cleanly.</p>
<h3 id='the-goalposts' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-goalposts' aria-label='Anchor'></a><span class='plain-code'>The Goalposts</span></h3>
<p>With stateless apps, draining a worker is easy. For each app instance running on the victim server, start a new instance elsewhere. Confirm it&rsquo;s healthy, then kill the old one. Rinse, repeat. At our 2020 scale, we could drain a fully loaded worker in just a handful of minutes.</p>
<p>You can see why this process won&rsquo;t work for apps with attached volumes. Sure, create a new volume elsewhere on the fleet, and boot up a new Fly Machine attached to it. But the new volume is empty. The data&rsquo;s still stuck on the original worker. We asked, and customers were not OK with this kind of migration.</p>
<p>Of course, we back Volumes snapshots up (at an interval) to off-network storage. But for “drain”, restoring backups isn&rsquo;t nearly good enough. No matter the backup interval, a “restore from backup migration&quot; will lose data, and a “backup and restore” migration incurs untenable downtime.</p>
<p>The next thought you have is, “OK, copy the volume over”. And, yes, of course you have to do that. But you can’t just <code>copy</code>, <code>boot</code>, and then <code>kill</code> the old Fly Machine. Because the original Fly Machine is still alive and writing, you have to <code>kill</code>first, then <code>copy</code>, then <code>boot</code>.</p>
<p>Fly Volumes can get pretty big. Even to a rack buddy physical server, you&rsquo;ll hit a point where draining incurs minutes of interruption, especially if you’re moving lots of volumes simultaneously. <code>Kill</code>, <code>copy</code>, <code>boot</code> is too slow.</p>
<div class="callout"><p>There’s a world where even 15 minutes of interruption is tolerable. It’s the world where you run more than one instance of your application to begin with, so prolonged interruption of a single Fly Machine isn’t visible to your users. Do this! But we have to live in the same world as our customers, many of whom don’t run in high-availability configurations.</p>
</div><h3 id='behold-the-clone-o-mat' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#behold-the-clone-o-mat' aria-label='Anchor'></a><span class='plain-code'>Behold The Clone-O-Mat</span></h3>
<p><code>Copy</code>, <code>boot</code>, <code>kill</code> loses data. <code>Kill</code>, <code>copy</code>, <code>boot</code> takes too long. What we needed is a new operation: <code>clone</code>.</p>
<p><code>Clone</code> is a lazier, asynchronous <code>copy</code>. It creates a new volume elsewhere on our fleet, just like <code>copy</code> would. But instead of blocking, waiting to transfer every byte from the original volume, <code>clone</code> returns immediately, with a transfer running in the background.</p>
<p>A new Fly Machine can be booted with that cloned volume attached. Its blocks are mostly empty. But that’s OK: when the new Fly Machine tries to read from it, the block storage system works out whether the block has been transferred. If it hasn’t, it’s fetched over the network from the original volume; this is called &ldquo;hydration&rdquo;. Writes are even easier, and don’t hit the network at all.</p>
<p><code>Kill</code>, <code>copy</code>, <code>boot</code> is slow. But <code>kill</code>, <code>clone</code>, <code>boot</code> is fast; it can be made asymptotically as fast as stateless migration.</p>
<p>There are three big moving pieces to this design.</p>
<ol>
<li>First, we have to rig up our OS storage system to make this <code>clone</code> operation work.
</li><li>Then, to read blocks over the network, we need a network protocol. (Spoiler: iSCSI, though we tried other stuff first.)
</li><li>Finally, the gnarliest of those pieces is our orchestration logic: what’s running where, what state is it in, and whether it’s plugged in correctly.
</li></ol>
<h3 id='block-level-clone' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#block-level-clone' aria-label='Anchor'></a><span class='plain-code'>Block-Level Clone</span></h3>
<p>The Linux feature we need to make this work already exists; <a href='https://docs.kernel.org/admin-guide/device-mapper/dm-clone.html' title=''>it’s called <code>dm-clone</code></a>. Given an existing, readable storage device, <code>dm-clone</code> gives us a new device, of identical size, where reads of uninitialized blocks will pull from the original. It sounds terribly complicated, but it’s actually one of the simpler kernel lego bricks. Let&rsquo;s demystify it.</p>
<p>As far as Unix is concerned, random-access storage devices, be they spinning rust or NVMe drives, are all instances of the common class “block device”. A block device is addressed in fixed-size (say, 4KiB) chunks, and <a href='https://elixir.bootlin.com/linux/v5.11.11/source/include/linux/blk_types.h#L356' title=''>handles (roughly) these operations</a>:</p>
<div class="highlight-wrapper group relative cpp">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-woz6bsz9"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-woz6bsz9"><span class="k">enum</span> <span class="n">req_opf</span> <span class="p">{</span>
<span class="cm">/* read sectors from the device */</span>
<span class="n">REQ_OP_READ</span> <span class="o">=</span> <span class="mi">0</span><span class="p">,</span>
<span class="cm">/* write sectors to the device */</span>
<span class="n">REQ_OP_WRITE</span> <span class="o">=</span> <span class="mi">1</span><span class="p">,</span>
<span class="cm">/* flush the volatile write cache */</span>
<span class="n">REQ_OP_FLUSH</span> <span class="o">=</span> <span class="mi">2</span><span class="p">,</span>
<span class="cm">/* discard sectors */</span>
<span class="n">REQ_OP_DISCARD</span> <span class="o">=</span> <span class="mi">3</span><span class="p">,</span>
<span class="cm">/* securely erase sectors */</span>
<span class="n">REQ_OP_SECURE_ERASE</span> <span class="o">=</span> <span class="mi">5</span><span class="p">,</span>
<span class="cm">/* write the same sector many times */</span>
<span class="n">REQ_OP_WRITE_SAME</span> <span class="o">=</span> <span class="mi">7</span><span class="p">,</span>
<span class="cm">/* write the zero filled sector many times */</span>
<span class="n">REQ_OP_WRITE_ZEROES</span> <span class="o">=</span> <span class="mi">9</span><span class="p">,</span>
<span class="cm">/* ... */</span>
<span class="p">};</span>
</code></pre>
</div>
</div>
<p>You can imagine designing a simple network protocol that supported all these options. It might have messages that looked something like:</p>
<p><img alt="A packet diagram, just skip down to &quot;struct bio&quot; below" src="/blog/machine-migrations/assets/packet.png?2/3&amp;center" />
Good news! The Linux block system is organized as if your computer was a network running a protocol that basically looks just like that. Here’s the message structure:</p>
<div class="right-sidenote"><p>I’ve <a href="https://elixir.bootlin.com/linux/v5.11.11/source/include/linux/blk_types.h#L223" title="">stripped a bunch of stuff out of here</a> but you don’t need any of it to understand what’s coming next.</p>
</div><div class="highlight-wrapper group relative cpp">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-kwrloyie"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-kwrloyie"><span class="cm">/*
* main unit of I/O for the block layer and lower layers (ie drivers and
* stacking drivers)
*/</span>
<span class="k">struct</span> <span class="nc">bio</span> <span class="p">{</span>
<span class="k">struct</span> <span class="nc">gendisk</span> <span class="o">*</span><span class="n">bi_disk</span><span class="p">;</span>
<span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">bi_opf</span>
<span class="kt">unsigned</span> <span class="kt">short</span> <span class="n">bi_flags</span><span class="p">;</span>
<span class="kt">unsigned</span> <span class="kt">short</span> <span class="n">bi_ioprio</span><span class="p">;</span>
<span class="n">blk_status_t</span> <span class="n">bi_status</span><span class="p">;</span>
<span class="kt">unsigned</span> <span class="kt">short</span> <span class="n">bi_vcnt</span><span class="p">;</span> <span class="cm">/* how many bio_vec's */</span>
<span class="k">struct</span> <span class="nc">bio_vec</span> <span class="n">bi_inline_vecs</span><span class="p">[]</span> <span class="cm">/* (page, len, offset) tuples */</span><span class="p">;</span>
<span class="p">};</span>
</code></pre>
</div>
</div>
<p>No nerd has ever looked at a fixed-format message like this without thinking about writing a proxy for it, and <code>struct bio</code> is no exception. The proxy system in the Linux kernel for <code>struct bio</code> is called <code>device mapper</code>, or DM.</p>
<p>DM target devices can plug into other DM devices. For that matter, they can do whatever the hell else they want, as long as they honor the interface. It boils down to a <code>map(bio)</code> function, which can dispatch a <code>struct bio</code>, or drop it, or muck with it and ask the kernel to resubmit it.</p>
<p>You can do a whole lot of stuff with this interface: carve a big device into a bunch of smaller ones (<a href='https://docs.kernel.org/admin-guide/device-mapper/linear.html' title=''><code>dm-linear</code></a>), make one big striped device out of a bunch of smaller ones (<a href='https://docs.kernel.org/admin-guide/device-mapper/striped.html' title=''><code>dm-stripe</code></a>), do software RAID mirroring (<code>dm-raid1</code>), create snapshots of arbitrary existing devices (<a href='https://docs.kernel.org/admin-guide/device-mapper/snapshot.html' title=''><code>dm-snap</code></a>), cryptographically verify boot devices (<a href='https://docs.kernel.org/admin-guide/device-mapper/verity.html' title=''><code>dm-verity</code></a>), and a bunch more. Device Mapper is the kernel backend for the <a href='https://sourceware.org/lvm2/' title=''>userland LVM2 system</a>, which is how we do <a href='https://fly.io/blog/persistent-storage-and-fast-remote-builds/' title=''>thin pools and snapshot backups</a>.</p>
<p>Which brings us to <code>dm-clone</code> : it’s a map function that boils down to:</p>
<div class="highlight-wrapper group relative cpp">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-8n5vrld6"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-8n5vrld6"> <span class="cm">/* ... */</span>
<span class="n">region_nr</span> <span class="o">=</span> <span class="n">bio_to_region</span><span class="p">(</span><span class="n">clone</span><span class="p">,</span> <span class="n">bio</span><span class="p">);</span>
<span class="c1">// we have the data</span>
<span class="k">if</span> <span class="p">(</span><span class="n">dm_clone_is_region_hydrated</span><span class="p">(</span><span class="n">clone</span><span class="o">-&gt;</span><span class="n">cmd</span><span class="p">,</span> <span class="n">region_nr</span><span class="p">))</span> <span class="p">{</span>
<span class="n">remap_and_issue</span><span class="p">(</span><span class="n">clone</span><span class="p">,</span> <span class="n">bio</span><span class="p">);</span>
<span class="k">return</span> <span class="mi">0</span><span class="p">;</span>
<span class="c1">// we don't and it's a read</span>
<span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="n">bio_data_dir</span><span class="p">(</span><span class="n">bio</span><span class="p">)</span> <span class="o">==</span> <span class="n">READ</span><span class="p">)</span> <span class="p">{</span>
<span class="n">remap_to_source</span><span class="p">(</span><span class="n">clone</span><span class="p">,</span> <span class="n">bio</span><span class="p">);</span>
<span class="k">return</span> <span class="mi">1</span><span class="p">;</span>
<span class="p">}</span>
<span class="c1">// we don't and it's a write</span>
<span class="n">remap_to_dest</span><span class="p">(</span><span class="n">clone</span><span class="p">,</span> <span class="n">bio</span><span class="p">);</span>
<span class="n">hydrate_bio_region</span><span class="p">(</span><span class="n">clone</span><span class="p">,</span> <span class="n">bio</span><span class="p">);</span>
<span class="k">return</span> <span class="mi">0</span><span class="p">;</span>
<span class="cm">/* ... */</span>
</code></pre>
</div>
</div><div class="right-sidenote"><p>a <a href="https://docs.kernel.org/admin-guide/device-mapper/kcopyd.html" title=""><code>kcopyd</code></a> thread runs in the background, rehydrating the device in addition to (and independent of) read accesses.</p>
</div>
<p><code>dm-clone</code> takes, in addition to the source device to clone from, a “metadata” device on which is stored a bitmap of the status of all the blocks: either “rehydrated” from the source, or not. That’s how it knows whether to fetch a block from the original device or the clone.</p>
<h3 id='network-clone' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#network-clone' aria-label='Anchor'></a><span class='plain-code'>Network Clone</span></h3><div class="callout"><p><strong class="font-semibold text-navy-950"><code>flyd</code> in a nutshell:</strong> worker physical run a service, <code>flyd</code>, which manages a couple of databases that are the source of truth for all the Fly Machines running there. Concepturally, <code>flyd</code> is a server for on-demand instances of durable finite state machines, each representing some operation on a Fly Machine (creation, start, stop, &amp;c), with the transition steps recorded carefully in a BoltDB database. An FSM step might be something like “assign a local IPv6 address to this interface”, or “check out a block device with the contents of this container”, and it’s straightforward to add and manage new ones.</p>
</div>
<p>Say we&rsquo;ve got <code>flyd</code> managing a Fly Machine with a volume on <code>worker-xx-cdg1-1</code>. We want it running on <code>worker-xx-cdg1-2</code>. Our whole fleet is meshed with WireGuard; everything can talk directly to everything else. So, conceptually:</p>
<ol>
<li><code>flyd</code> on <code>cdg1-1</code> stops the Fly Machine, and
</li><li>sends a message to <code>flyd</code> on <code>cdg1-2</code> telling it to clone the source volume.
</li><li><code>flyd</code> on <code>cdg1-2</code> starts a <code>dm-clone</code> instance, which creates a clone volume on <code>cdg1-2</code>, populating it, over some kind of network block protocol, from <code>cdg1-1</code>, and
</li><li>boots a new Fly Machine, attached to the clone volume.
</li><li><code>flyd</code> on <code>cdg1-2</code> monitors the clone operation, and, when the clone completes, converts the clone device to a simple linear device and cleans up.
</li></ol>
<p>For step (3) to work, the “original volume” on <code>cdg1-1</code> has to be visible on <code>cdg1-2</code>, which means we need to mount it over the network.</p>
<div class="right-sidenote"><p><code>nbd</code> is so simple that it’s used as a sort of <code>dm-user</code> userland block device; to prototype a new block device, <a href="https://lwn.net/ml/linux-kernel/[email protected]/" title="">don’t bother writing a kernel module</a>, just write an <code>nbd</code> server.</p>
</div>
<p>Take your pick of protocols. iSCSI is the obvious one, but it’s relatively complicated, and Linux has native support for a much simpler one: <code>nbd</code>, the “network block device”. You could implement an <code>nbd</code> server in an afternoon, on top of a file or a SQLite database or S3, and the Linux kernel could mount it as a drive.</p>
<p>We started out using <code>nbd</code>. But we kept getting stuck <code>nbd</code> kernel threads when there was any kind of network disruption. We’re a global public cloud; network disruption happens. Honestly, we could have debugged our way through this. But it was simpler just to spike out an iSCSI implementation, observe that didn’t get jammed up when the network hiccuped, and move on.</p>
<h3 id='putting-the-pieces-together' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#putting-the-pieces-together' aria-label='Anchor'></a><span class='plain-code'>Putting The Pieces Together</span></h3>
<p>To drain a worker with minimal downtime and no lost data, we turn workers into a temporary SANs, serving the volumes we need to drain to fresh-booted replica Fly Machines on a bunch of “target” physicals. Those SANs — combinations of <code>dm-clone</code>, iSCSI, and <a href='https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/' title=''>our <code>flyd</code> orchestrator</a> — track the blocks copied from the origin, copying each one exactly once and cleaning up when the original volume has been fully copied.</p>
<p>Problem solved!</p>
<h3 id='no-there-were-more-problems' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#no-there-were-more-problems' aria-label='Anchor'></a><span class='plain-code'>No, There Were More Problems</span></h3>
<p>When your problem domain is hard, anything you build whose design you can’t fit completely in your head is going to be a fiasco. Shorter form: “if you see Raft consensus in a design, we’ve done something wrong”.</p>
<p>A virtue of this migration system is that, for as many moving pieces as it has, it fits in your head. What complexity it has is mostly shouldered by strategic bets we’ve already built teams around, most notably the <code>flyd</code> orchestrator. So we’ve been running this system for the better part of a year without much drama. Not no drama, though. Some drama.</p>
<p>Example: we encrypt volumes. Our key management is fussy. We do per-volume encryption keys that provision alongside the volumes themselves, so no one worker has a volume skeleton key.</p>
<p>If you think “migrating those volume keys from worker to worker” is the problem I’m building up to, well, that too, but the bigger problem is <code>trim</code>.</p>
<p>Most people use just a small fraction of the volumes they allocate. A 100GiB volume with just 5MiB used wouldn’t be at all weird. You don’t want to spend minutes copying a volume that could have been fully hydrated in seconds.</p>
<p>And indeed, <code>dm-clone</code> doesn’t want to do that either. Given a source block device (for us, an iSCSI mount) and the clone device, a <code>DISCARD</code> issued on the clone device will get picked up by <code>dm-clone</code>, which will simply <a href='https://elixir.bootlin.com/linux/v5.11.11/source/drivers/md/dm-clone-target.c#L1357' title=''>short-circuit the read</a> of the relevant blocks by marking them as hydrated in the metadata volume. Simple enough.</p>
<p>To make that work, we need the target worker to see the plaintext of the source volume (so that it can do an <code>fstrim</code> — don’t get us started on how annoying it is to sandbox this — to read the filesystem, identify the unused block, and issue the <code>DISCARDs</code> where <code>dm-clone</code> can see them) Easy enough.</p>
<div class="right-sidenote"><p>these curses have a lot to do with how hard it was to drain workers!</p>
</div>
<p>Except: two different workers, for cursed reasons, might be running different versions of <a href='https://gitlab.com/cryptsetup/cryptsetup' title=''>cryptsetup</a>, the userland bridge between LUKS2 and the <a href='https://docs.kernel.org/admin-guide/device-mapper/dm-crypt.html' title=''>kernel dm-crypt driver</a>. There are (or were) two different versions of cryptsetup on our network, and they default to different <a href='https://fossies.org/linux/cryptsetup/docs/on-disk-format-luks2.pdf' title=''>LUKS2 header sizes</a> — 4MiB and 16MiB. Implying two different plaintext volume sizes. </p>
<p>So now part of the migration FSM is an RPC call that carries metadata about the designed LUKS2 configuration for the target VM. Not something we expected to have to build, but, whatever.</p>
<div class="right-sidenote"><p>Corrosion deserves its own post.</p>
</div>
<p>Gnarlier example: workers are the source of truth for information about the Fly Machines running on them. Migration knocks the legs out from under that constraint, which we were relying on in Corrosion, the SWIM-gossip SQLite database we use to connect Fly Machines to our request routing. Race conditions. Debugging. Design changes. Next!</p>
<p>Gnarliest example: our private networks. Recall: we automatically place every Fly Machine into <a href='https://fly.io/blog/incoming-6pn-private-networks/' title=''>a private network</a>; by default, it’s the one all the other apps in your organization run in. This is super handy for setting up background services, databases, and clustered applications. 20 lines of eBPF code in our worker kernels keeps anybody from “crossing the streams”, sending packets from one private network to another.</p>
<div class="right-sidenote"><p>we’re members of an elite cadre of idiots who have managed to find designs that made us wish IPv6 addresses were even bigger.</p>
</div>
<p>We call this scheme 6PN (for “IPv6 Private Network”). It functions by <a href='https://fly.io/blog/ipv6-wireguard-peering#ipv6-private-networking-at-fly' title=''>embedding routing information directly into IPv6 addresses</a>. This is, perhaps, gross. But it allows us to route diverse private networks with constantly changing membership across a global fleet of servers without running a distributed routing protocol. As the beardy wizards who kept the Internet backbone up and running on Cisco AGS+’s once said: the best routing protocol is “static”.</p>
<p>Problem: the embedded routing information in a 6PN address refers in part to specific worker servers.</p>
<p>That’s fine, right? They’re IPv6 addresses. Nobody uses literal IPv6 addresses. Nobody uses IP addresses at all; they use the DNS. When you migrate a host, just give it a new 6PN address, and update the DNS.</p>
<p>Friends, somebody did use literal IPv6 addresses. It was us. In the configurations for Fly Postgres clusters.</p>
<div class="right-sidenote"><p>It’s also not operationally easy for us to shell into random Fly Machines, for good reason.</p>
</div>
<p>The obvious fix for this is not complicated; given <code>flyctl</code> ssh access to a Fly Postgres cluster, it’s like a 30 second ninja edit. But we run a <em>lot</em> of Fly Postgres clusters, and the change has to be coordinated carefully to avoid getting the cluster into a confused state. We went as far as adding feature to our <code>init</code> to do network address mappings to keep old 6PN addresses reachable before biting the bullet and burning several weeks doing the direct configuration fix fleet-wide.</p>
<figure class="post-cta">
<figcaption>
<h1>Speedrun your app onto Fly.io.</h1>
<p>3&hellip;2&hellip;1&hellip;</p>
<a class="btn btn-lg" href="https://fly.io/speedrun">
Go! &nbsp;<span class='opacity-50'>→</span>
</a>
</figcaption>
<div class="image-container">
<img src="/static/images/cta-dog.webp" srcset="/static/images/[email protected] 2x" alt="">
</div>
</figure>
<h3 id='the-learning-it-burns' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-learning-it-burns' aria-label='Anchor'></a><span class='plain-code'>The Learning, It Burns!</span></h3>
<p>We get asked a lot why we don’t do storage the “obvious” way, with an <a href='https://aws.amazon.com/ebs/' title=''>EBS-type</a> SAN fabric, abstracting it away from our compute. Locally-attached NVMe storage is an idiosyncratic choice, one we’ve had to write disclaimers for (single-node clusters can lose data!) since we first launched it.</p>
<p>One answer is: we’re a startup. Building SAN infrastructure in every region we operate in would be tremendously expensive. Look at any feature in AWS that normal people know the name of, like EC2, EBS, RDS, or S3 — there’s a whole company in there. We launched storage when we were just 10 people, and even at our current size we probably have nothing resembling the resources EBS gets. AWS is pretty great!</p>
<p>But another thing to keep in mind is: we’re learning as we go. And so even if we had the means to do an EBS-style SAN, we might not build it today.</p>
<p>Instead, we’re a lot more interested in log-structured virtual disks (LSVD). LSVD uses NVMe as a local cache, but durably persists writes in object storage. You get most of the performance benefit of bus-hop disk writes, along with unbounded storage and S3-grade reliability.</p>
<p><a href='https://community.fly.io/t/bottomless-s3-backed-volumes/15648' title=''>We launched LSVD experimentally last year</a>; in the intervening year, something happened to make LSVD even more interesting to us: <a href='https://www.tigrisdata.com/' title=''>Tigris Data</a> launched S3-compatible object storage in every one our regions, so instead of backhauling updates to Northern Virginia, <a href='https://community.fly.io/t/tigris-backed-volumes/20792' title=''>we can keep them local</a>. We have more to say about LSVD, and a lot more to say about Tigris.</p>
<p>Our first several months of migrations were done gingerly. By summer of 2024, we got to where our infra team can pull “drain this host” out of their toolbelt without much ceremony.</p>
<p>We’re still not to the point where we’re migrating casually. Your Fly Machines are probably not getting migrated! There&rsquo;d need to be a reason! But the dream is fully-automated luxury space migration, in which you might get migrated semiregularly, as our systems work not just to drain problematic hosts but to rebalance workloads regularly. No time soon. But we’ll get there.</p>
<p>This is the biggest thing our team has done since we replaced Nomad with flyd. Only the new billing system comes close. We did this thing not because it was easy, but because we thought it would be easy. It was not. But: worth it!</p>
</content>
</entry>
<entry>
<title>AWS without Access Keys</title>
<link rel="alternate" href="https://fly.io/blog/oidc-cloud-roles/"/>
<id>https://fly.io/blog/oidc-cloud-roles/</id>
<published>2024-06-19T00:00:00+00:00</published>
<updated>2024-06-25T22:52:32+00:00</updated>
<media:thumbnail url="https://fly.io/blog/oidc-cloud-roles/assets/spooky-security-skeleton-thumb.webp"/>
<content type="html"><div class="lead"><p>It’s dangerous to go alone. Fly.io runs full-stack apps by transmuting Docker containers into Fly Machines: ultra-lightweight hardware-backed VMs. You can run all your dependencies on Fly.io, but sometimes, you’ll need to work with other clouds, and we’ve made that pretty simple. Try Fly.io out for yourself; your Rails or Node app <a href="https://fly.io/speedrun" title="">can be up and running in just minutes</a>.</p>
</div>
<p>Let&rsquo;s hypopulate you an app serving generative AI cat images based on the weather forecast, running on a <code>g4dn.xlarge</code> ECS task in AWS <code>us-east-1</code>. It&rsquo;s going great; people didn&rsquo;t realize how dependent their cat pic prefs are on barometric pressure, and you&rsquo;re all anyone can talk about.</p>
<p>Word reaches Australia and Europe, but you&rsquo;re not catching on, because the… latency is too high? Just roll with us here. Anyways: fixing this is going to require replicating ECS tasks and ECR images into <code>ap-southeast-2</code> and <code>eu-central-1</code> while also setting up load balancing. Nah.</p>
<p>This is the O.G. Fly.io deployment story; one deployed app, one versioned container, one command to get it running anywhere in the world.</p>
<p>But you have a problem: your app relies on training data, it&rsquo;s huge, your giant employer manages it, and it&rsquo;s in S3. Getting this to work will require AWS credentials.</p>
<p>You could ask your security team to create a user, give it permissions, and hand over the AWS keypair. Then you could wash your neck and wait for the blade. Passing around AWS keypairs is the beginning of every horror story told about cloud security, and security team ain&rsquo;t having it.</p>
<p>There&rsquo;s a better way. It&rsquo;s drastically more secure, so your security people will at least hear you out. It&rsquo;s also so much easier on Fly.io that you might never bother creating a IAM service account again.</p>
<h2 id='lets-get-it-out-of-the-way' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#lets-get-it-out-of-the-way' aria-label='Anchor'></a><span class='plain-code'>Let&rsquo;s Get It out of the Way</span></h2>
<p>We&rsquo;re going to use OIDC to set up strictly limited trust between AWS and Fly.io.</p>
<ol>
<li>In AWS: we&rsquo;ll add Fly.io as an <code>Identity Provider</code> in AWS IAM, giving us an ID we can plug into any IAM <code>Role</code>.
</li><li>Also in AWS: we&rsquo;ll create a <code>Role</code>, give it access to the S3 bucket with our tokenized cat data, and then attach the <code>Identity Provider</code> to it.
</li><li>In Fly.io, we&rsquo;ll take the <code>Role</code> ARN we got from step 2 and set it as an environment variable in our app.
</li></ol>
<p>Our machines will now magically have access to the S3 bucket.</p>
<h2 id='what-the-what' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#what-the-what' aria-label='Anchor'></a><span class='plain-code'>What the What</span></h2>
<p>A reasonable question to ask here is, &ldquo;where&rsquo;s the credential&rdquo;? Ordinarily, to give a Fly Machine access to an AWS resource, you&rsquo;d use <code>fly secrets set</code> to add an <code>AWS_ACCESS_KEY_ID</code> and <code>AWS_SECRET_ACCESS_KEY</code> to the environment in the Machine. Here, we&rsquo;re not setting any secrets at all; we&rsquo;re just adding an ARN — which is not a credential — to the Machine.</p>
<p>Here&rsquo;s what&rsquo;s happening.</p>
<p>Fly.io operates an OIDC IdP at <code>oidc.fly.io</code>. It issues OIDC tokens, exclusively to Fly Machines. AWS can be configured to trust these tokens, on a role-by-role basis. That&rsquo;s the &ldquo;secret credential&rdquo;: the pre-configured trust relationship in IAM, and the public keypairs it manages. You, the user, never need to deal with these keys directly; it all happens behind the scenes, between AWS and Fly.io.</p>
<p><img alt="A diagram: STS trusts OIDC.fly.io. OIDC.fly.io trusts flyd. flyd issues a token to the Machine, which proffers it to STS. STS sends an STS cred to the Machine, which then uses it to retrieve model weights from S3." src="/blog/oidc-cloud-roles/assets/oidc-diagram.webp" /></p>
<p>The key actor in this picture is <code>STS</code>, the AWS <code>Security Token Service</code>. <code>STS</code>&lsquo;s main job is to vend short-lived AWS credentials, usually through some variant of an API called <code>AssumeRole</code>. Specifically, in our case: <code>AssumeRoleWithWebIdentity</code> tells <code>STS</code> to cough up an AWS keypair given an OIDC token (that matches a pre-configured trust relationship).</p>
<p>That still leaves the question: how does your code, which is reaching out to the AWS APIs to get cat weights, drive any of this?</p>
<h2 id='the-init-thickens' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-init-thickens' aria-label='Anchor'></a><span class='plain-code'>The Init Thickens</span></h2>
<p>Every Fly Machine boots up into an <code>init</code> we wrote in Rust. It has slowly been gathering features.</p>
<p>One of those features, which has been around for awhile, is a server for a Unix socket at <code>/.fly/api</code>, which exports a subset of the Fly Machines API to privileged processes in the Machine. Think of it as our answer to the EC2 Instant Metadata Service. How it works is, every time we boot a Fly Machine, we pass it a <a href='https://fly.io/blog/macaroons-escalated-quickly/' title=''>Macaroon token</a> locked to that particular Machine; <code>init</code>&rsquo;s server for <code>/.fly/api</code> is a proxy that attaches that token to requests.</p>
<div class="right-sidenote"><p>In addition to the API proxy being tricky to SSRF to.</p>
</div>
<p>What&rsquo;s neat about this is that the credential that drives <code>/.fly/api</code> is doubly protected:</p>
<ol>
<li>The Fly.io platform won&rsquo;t honor it unless it comes from that specific Fly Machine (<code>flyd</code>, our orchestrator, knows who it&rsquo;s talking to), <em>and</em>
</li><li>Ordinary code running in a Fly Machine never gets a copy of the token to begin with.
</li></ol>
<p>You could rig up a local privilege escalation vulnerability and work out how to steal the Macaroon, but you can&rsquo;t exfiltrate it productively.</p>
<p>So now you have half the puzzle worked out: OIDC is just part of the <a href='https://fly.io/docs/machines/api/' title=''>Fly Machines API</a> (specifically: <code>/v1/tokens/oidc</code>). A Fly Machine can hit a Unix socket and get an OIDC token tailored to that machine:</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-xdcj19sc"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-xdcj19sc">{
"app_id": "3671581",
"app_name": "weather-cat",
"aud": "sts.amazonaws.com",
"image": "image:latest",
"image_digest": "sha256:dff79c6da8dd4e282ecc6c57052f7cfbd684039b652f481ca2e3324a413ee43f",
"iss": "https://oidc.fly.io/example",
"machine_id": "3d8d377ce9e398",
"machine_name": "ancient-snow-4824",
"machine_version": "01HZJXGTQ084DX0G0V92QH3XW4",
"org_id": "29873298",
"org_name": "example",
"region": "yyz",
"sub": "example:weather-cat:ancient-snow-4824"
} // some OIDC stuff trimmed
</code></pre>
</div>
</div>
<p>Look upon this holy blob, sealed with a published key managed by Fly.io&rsquo;s OIDC vault, and see that there lies within it enough information for AWS <code>STS</code> to decide to issue a session credential.</p>
<p>We have still not completed the puzzle, because while you can probably now see how you&rsquo;d drive this process with a bunch of new code that you&rsquo;d tediously write, you are acutely aware that you have not yet endured that tedium — e pur si muove!</p>
<p>One <code>init</code> feature remains to be disclosed, and it&rsquo;s cute.</p>
<p>If, when <code>init</code> starts in a Fly Machine, it sees an <code>AWS_ROLE_ARN</code> environment variable set, it initiates a little dance; it:</p>
<ol>
<li>goes off and generates an OIDC token, the way we just described,
</li><li>saves that OIDC token in a file, <em>and</em>
</li><li>sets the <code>AWS_WEB_IDENTITY_TOKEN_FILE</code> and <code>AWS_ROLE_SESSION_NAME</code> environment variables for every process it launches.
</li></ol>
<p>The AWS SDK, linked to your application, does all the rest.</p>
<p>Let&rsquo;s review: you add an <code>AWS_ROLE_ARN</code> variable to your Fly App, launch a Machine, and have it go fetch a file from S3. What happens next is:</p>
<ol>
<li><code>init</code> detects <code>AWS_ROLE_ARN</code> is set as an environment variable.
</li><li><code>init</code> sends a request to <code>/v1/tokens/oidc</code> via <code>/.api/proxy</code>.
</li><li><code>init</code> writes the response to <code>/.fly/oidc_token.</code>
</li><li><code>init</code> sets <code>AWS_WEB_IDENTITY_TOKEN_FILE</code> and <code>AWS_ROLE_SESSION_NAME</code>.
</li><li>The entrypoint boots, and (say) runs <code>aws s3 get-object.</code>
</li><li>The AWS SDK runs through the <a href='https://docs.aws.amazon.com/sdkref/latest/guide/standardized-credentials.html#credentialProviderChain' title=''>credential provider chain</a>
</li><li>The SDK sees that <code>AWS_WEB_IDENTITY_TOKEN_FILE</code> is set and calls <code>AssumeRoleWithWebIdentity</code> with the file contents.
</li><li>AWS verifies the token against <a href='https://oidc.fly.io/' title=''><code>https://oidc.fly.io/</code></a><code>example/.well-known/openid-configuration</code>, which references a key Fly.io manages on isolated hardware.
</li><li>AWS vends <code>STS</code> credentials for the assumed <code>Role</code>.
</li><li>The SDK uses the <code>STS</code> credentials to access the S3 bucket.
</li><li>AWS checks the <code>Role</code>&rsquo;s IAM policy to see if it has access to the S3 bucket.
</li><li>AWS returns the contents of the bucket object.
</li></ol>
<h2 id='how-much-better-is-this' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#how-much-better-is-this' aria-label='Anchor'></a><span class='plain-code'>How Much Better Is This?</span></h2>
<p>It is a lot better.</p>
<div class="right-sidenote"><p>They asymptotically approach the security properties of Macaroon tokens.</p>
</div>
<p>Most importantly: AWS <code>STS</code> credentials are short-lived. Because they&rsquo;re generated dynamically, rather than stored in a configuration file or environment variable, they&rsquo;re already a little bit annoying for an attacker to recover. But they&rsquo;re also dead in minutes. They have a sharply limited blast radius. They rotate themselves, and fail closed.</p>
<p>They&rsquo;re also easier to manage. This is a rare instance where you can reasonably drive the entire AWS side of the process from within the web console. Your cloud team adds <code>Roles</code> all the time; this is just a <code>Role</code> with an extra snippet of JSON. The resulting ARN isn&rsquo;t even a secret; your cloud team could just email or Slack message it back to you.</p>
<p>Finally, they offer finer-grained control.</p>
<p>To understand the last part, let&rsquo;s look at that extra snippet of JSON (the &ldquo;Trust Policy&rdquo;) your cloud team is sticking on the new <code>cat-bucket</code> <code>Role</code>:</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-x99m930o"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-x99m930o">{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::123456123456:oidc-provider/oidc.fly.io/example"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"oidc.fly.io/example:aud": "sts.amazonaws.com",
},
"StringLike": {
"oidc.fly.io/example:sub": "example:weather-cat:*"
}
}
}
]
}
</code></pre>
</div>
</div><div class="right-sidenote"><p>The <code>aud</code> check guarantees <code>STS</code> will only honor tokens that Fly.io deliberately vended for <code>STS</code>.</p>
</div>
<p>Recall the OIDC token we dumped earlier; much of what&rsquo;s in it, we can match in the Trust Policy. Every OIDC token Fly.io generates is going to have a <code>sub</code> field formatted <code>org:app:machine</code>, so we can lock IAM <code>Roles</code> down to organizations, or to specific Fly Apps, or even specific Fly Machine instances.</p>
<figure class="post-cta">
<figcaption>
<h1>Speedrun your app onto Fly.io.</h1>
<p>3&hellip;2&hellip;1&hellip;</p>
<a class="btn btn-lg" href="https://fly.io/speedrun">
Go! &nbsp;<span class='opacity-50'>→</span>
</a>
</figcaption>
<div class="image-container">
<img src="/static/images/cta-kitty.webp" srcset="/static/images/[email protected] 2x" alt="">
</div>
</figure>
<h2 id='and-so' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#and-so' aria-label='Anchor'></a><span class='plain-code'>And So</span></h2>
<p>In case it&rsquo;s not obvious: this pattern works for any AWS API, not just S3.</p>
<p>Our OIDC support on the platform and in Fly Machines will set arbitrary OIDC <code>audience</code> strings, so you can use it to authenticate to any OIDC-compliant cloud provider. It won&rsquo;t be as slick on Azure or GCP, because we haven&rsquo;t done the <code>init</code> features to light their APIs up with a single environment variable — but those features are easy, and we&rsquo;re just waiting for people to tell us what they need.</p>
<p>For us, the gold standard for least-privilege, conditional access tokens remains Macaroons, and it&rsquo;s unlikely that we&rsquo;re going to do a bunch of internal stuff using OIDC. We even snuck Macaroons into this feature. But the security you&rsquo;re getting from this OIDC dance closes a lot of the gap between hardcoded user credentials and Macaroons, and it&rsquo;s easy to use — easier, in some ways, than it is to manage role-based access inside of a legacy EC2 deployment!</p>
</content>
</entry>
<entry>
<title>Picture This: Open Source AI for Image Description</title>
<link rel="alternate" href="https://fly.io/blog/llm-image-description/"/>
<id>https://fly.io/blog/llm-image-description/</id>
<published>2024-05-09T00:00:00+00:00</published>
<updated>2024-05-23T20:00:21+00:00</updated>
<media:thumbnail url="https://fly.io/blog/llm-image-description/assets/image-description-thumb.webp"/>
<content type="html"><div class="lead"><p>I’m Nolan, and I work on Fly Machines here at Fly.io. We’re building a new public cloud—one where you can spin up CPU and GPU workloads, around the world, in a jiffy. <a href="https://fly.io/speedrun/" title="">Try us out</a>; you can be up and running in minutes. This is a post about LLMs being really helpful, and an extensible project you can build with open source on a weekend.</p>
</div>
<p>Picture this, if you will.</p>
<p>You&rsquo;re blind. You&rsquo;re in an unfamiliar hotel room on a trip to Chicago.</p>
<div class="right-sidenote"><p>If you live in Chicago IRL, imagine the hotel in Winnipeg, <a href="https://www.cbc.ca/history/EPISCONTENTSE1EP10CH3PA5LE.html" title="">the Chicago of the North</a>.</p>
</div>
<p>You&rsquo;ve absent-mindedly set your coffee down, and can&rsquo;t remember where. You&rsquo;re looking for the thermostat so you don&rsquo;t wake up frozen. Or, just maybe, you&rsquo;re playing a fun-filled round of &ldquo;find the damn light switch so your sighted partner can get some sleep already!&rdquo;</p>
<p>If, like me, you&rsquo;ve been blind for a while, you have plenty of practice finding things without the luxury of a quick glance around. It may be more tedious than you&rsquo;d like, but you&rsquo;ll get it done.</p>
<p>But the speed of innovation in machine learning and large language models has been dizzying, and in 2024 you can snap a photo with your phone and have an app like <a href='https://www.bemyeyes.com/blog/announcing-be-my-ai/' title=''>Be My AI</a> or <a href='https://www.seeingai.com/' title=''>Seeing AI</a> tell you where in that picture it found your missing coffee mug, or where it thinks the light switch is.</p>
<div class="right-sidenote"><p>Creative switch locations seem to be a point of pride for hotels, so the light game may be good for a few rounds of quality entertainment, regardless of how good your AI is.</p>
</div>
<p>This is <em>big</em>. It&rsquo;s hard for me to state just how exciting and empowering AI image descriptions have been for me without sounding like a shill. In the past year, I&rsquo;ve:</p>
<ul>
<li>Found shit in strange hotel rooms.
</li><li>Gotten descriptions of scenes and menus in otherwise inaccessible video games.
</li><li>Requested summaries of technical diagrams and other materials where details weren’t made available textually.
</li></ul>
<p>I&rsquo;ve been consistently blown away at how impressive and helpful AI-created image descriptions have been.</p>
<p>Also&hellip;</p>
<h2 id='which-thousand-words-is-this-picture-worth' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#which-thousand-words-is-this-picture-worth' aria-label='Anchor'></a><span class='plain-code'>Which thousand words is this picture worth?</span></h2>
<p>As a blind internet user for the last three decades, I have extensive empirical evidence to corroborate what you already know in your heart: humans are pretty flaky about writing useful alt text for all the images they publish. This does tend to make large swaths of the internet inaccessible to me!</p>
<p>In just a few years, the state of image description on the internet has gone from complete reliance on the aforementioned lovable, but ultimately tragically flawed, humans, to automated strings of words like <code>Image may contain person, glasses, confusion, banality, disillusionment</code>, to LLM-generated text that reads a lot like it was written by a person, perhaps sipping from a steaming cup of Earl Grey as they reflect on their previous experiences of a background that features a tree with snow on its branches, suggesting that this scene takes place during winter.</p>
<p>If an image is missing alt text, or if you want a second opinion, there are screen-reader addons, like <a href='https://github.com/cartertemm/AI-content-describer/' title=''>this one</a> for <a href='https://www.nvaccess.org/download/' title=''>NVDA</a>, that you can use with an API key to get image descriptions from GPT-4 or Google Gemini as you read. This is awesome! </p>
<p>And this brings me to the nerd snipe. How hard would it be to build an image description service we can host ourselves, using open source technologies? It turns out to be spookily easy.</p>
<p>Here&rsquo;s what I came up with:</p>
<ol>
<li><a href='https://ollama.com/' title=''>Ollama</a> to run the model
</li><li>A <a href='https://pocketbase.io' title=''>PocketBase</a> project that provides a simple authenticated API for users to submit images, get descriptions, and ask followup questions about the image
</li><li>The simplest possible Python client to interact with the PocketBase app on behalf of users
</li></ol>
<p>The idea is to keep it modular and hackable, so if sentiment analysis or joke creation is your thing, you can swap out image description for that and have something going in, like, a weekend.</p>
<p>If you&rsquo;re like me, and you go skipping through recipe blogs to find the &ldquo;go directly to recipe&rdquo; link, find the code itself <a href='https://github.com/superfly/llm-describer' title=''>here</a>. </p>
<h2 id='the-llm-is-the-easiest-part' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-llm-is-the-easiest-part' aria-label='Anchor'></a><span class='plain-code'>The LLM is the easiest part</span></h2>
<p>An API to accept images and prompts, run the model, and spit
out answers sounds like a lot! But it&rsquo;s the simplest part of this whole thing, because:
that&rsquo;s <a href='https://ollama.com/' title=''>Ollama</a>.</p>
<p>You can just run the Ollama Docker image, get it to grab the model
you want to use, and that&rsquo;s it. There&rsquo;s your AI server. (We have a <a href='https://fly.io/blog/scaling-llm-ollama/' title=''>blog post</a>
all about deploying Ollama on Fly.io; Fly GPUs are rad, try&#39;em out, etc.).</p>
<p>For this project, we need a model that can make sense&mdash;or at least words&mdash;out of a picture.
<a href='https://llava-vl.github.io/' title=''>LLaVA</a> is a trained, Apache-licensed &ldquo;large multimodal model&rdquo; that fits the bill.
Get the model with the Ollama CLI:</p>
<div class="highlight-wrapper group relative cmd">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-vsa102iz"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight cmd'><code id="code-vsa102iz">ollama pull llava:34b
</code></pre>
</div>
</div><div class="callout"><p>If you have hardware that can handle it, you could run this on your computer at home. If you run AI models on a cloud provider, be aware that GPU compute is expensive! <strong class="font-semibold text-navy-950">It’s important to take steps to ensure you’re not paying for a massive GPU 24/7.</strong></p>
<p>On Fly.io, at the time of writing, you’d achieve this with the <a href="https://fly.io/docs/apps/autostart-stop/" title="">autostart and autostop</a> functions of the Fly Proxy, restricting Ollama access to internal requests over <a href="https://fly.io/docs/networking/private-networking/#flycast-private-fly-proxy-services" title="">Flycast</a> from the PocketBase app. That way, if there haven’t been any requests for a few minutes, the Fly Proxy stops the Ollama <a href="https://fly.io/docs/machines/" title="">Machine</a>, which releases the CPU, GPU, and RAM allocated to it. <a href="https://fly.io/blog/scaling-llm-ollama/" title="">Here’s a post</a> that goes into more detail. </p>
</div><h2 id='a-multi-tool-on-the-backend' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#a-multi-tool-on-the-backend' aria-label='Anchor'></a><span class='plain-code'>A multi-tool on the backend</span></h2>
<p>I want user auth to make sure just anyone can&rsquo;t grab my &ldquo;image description service&rdquo; and keep it busy generating short stories about their cat. If I build this out into a service for others to use, I might also want business logic around plans or
credits, or mobile-friendly APIs for use in the field. <a href='https://pocketbase.io' title=''>PocketBase</a> provides a scaffolding for all of it. It&rsquo;s a Swiss army knife: a Firebase-like API on top of SQLite, complete with authentication, authorization, an admin UI, extensibility in JavaScript and Go, and various client-side APIs.</p>
<div class="right-sidenote"><p>Yes, <em>of course</em> I’ve used an LLM to generate feline fanfic. Theme songs too. Hasn’t everyone? </p>
</div>
<p>I &ldquo;faked&rdquo; a task-specific API that supports followup questions by extending PocketBase in Go, modeling requests and responses as <a href='https://pocketbase.io/docs/collections/' title=''>collections</a> (i.e. SQLite tables) with <a href='https://pocketbase.io/docs/go-event-hooks/' title=''>event hooks</a> to trigger pre-set interactions with the Ollama app (via <a href='https://tmc.github.io/langchaingo' title=''>LangChainGo</a>) and the client (via the PocketBase API).</p>
<p>If you&rsquo;re following along, <a href='https://github.com/superfly/llm-describer/blob/main/describer.go' title=''>here&rsquo;s the module</a>
that handles all that, along with initializing the LLM connection.</p>
<p>In a nutshell, this is the dance:</p>
<ul>
<li>When a user uploads an image, a hook on the <code>images</code> collection sends the image to Ollama, along with this prompt:
<code>&quot;You are a helpful assistant describing images for blind screen reader users. Please describe this image.&quot;</code>
</li><li>Ollama sends back its response, which the backend 1) passes back to the client and 2) stores in its <code>followups</code> collection for future reference.
</li><li>If the user responds with a followup question about the image and description, that also
goes into the <code>followups</code> collection; user-initiated changes to this collection trigger a hook to chain the new
followup question with the image and the chat history into a new request for the model.
</li><li>Lather, rinse, repeat.
</li></ul>
<p>This is a super simple hack to handle followup questions, and it’ll let you keep adding followups until
something breaks. You&rsquo;ll see the quality of responses get poorer&mdash;possibly incoherent&mdash;as the context
exceeds the context window.</p>
<p>I also set up <a href='https://pocketbase.io/docs/api-rules-and-filters/' title=''>API rules</a> in PocketBase,
ensuring that users can&rsquo;t read to and write from others&rsquo; chats with the AI.</p>
<p>If image descriptions aren&rsquo;t your thing, this business logic is easily swappable
for joke generation, extracting details from text, any other simple task you
might want to throw at an LLM. Just slot the best model into Ollama (LLaVA is pretty OK as a general starting point too), and match the PocketBase schema and pre-set prompts to your application.</p>
<h2 id='a-seedling-of-a-client' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#a-seedling-of-a-client' aria-label='Anchor'></a><span class='plain-code'>A seedling of a client</span></h2>
<p>With the image description service in place, the user can talk to it with any client that speaks the PocketBase API. PocketBase already has SDK clients in JavaScript and Dart, but because my screen reader is <a href='https://github.com/nvaccess/nvda' title=''>written in Python</a>, I went with a <a href='https://pypi.org/project/pocketbase/' title=''>community-created Python library</a>. That way I can build this out into an NVDA add-on
if I want to.</p>
<p>If you&rsquo;re a fancy Python developer, you probably have your preferred tooling for
handling virtualenvs and friends. I&rsquo;m not, and since my screen reader doesn&rsquo;t use those
anyway, I just <code>pip install</code>ed the library so my client can import it:</p>
<div class="highlight-wrapper group relative cmd">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-rgh35fwn"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight cmd'><code id="code-rgh35fwn">pip install pocketbase
</code></pre>
</div>
</div>
<p><a href='https://github.com/superfly/llm-describer/blob/main/__init__.py' title=''>My client</a> is a very simple script.
It expects a couple of things: a file called <code>image.jpg</code>, located in the current directory,
and environment variables to provide the service URL and user credentials to log into it with.</p>
<p>When you run the client script, it uploads the image to the user’s <code>images</code> collection on the
backend app, starting the back-and-forth between user and model we saw in the previous section.
The client prints the model&rsquo;s output to the CLI and prompts the user to input a followup question,
which it passes up to the <code>followups</code> collection, and so on.</p>
<figure class="post-cta">
<figcaption>
<h1>This can run on Fly.io.</h1>
<p>Run your LLM on a datacenter-grade GPU.</p>
<a class="btn btn-lg" href="https://fly.io/gpu/">
Try out a Fly GPU &nbsp;<span class='opacity-50'>→</span>
</a>
</figcaption>
<div class="image-container">
<img src="/static/images/cta-dog.webp" srcset="/static/images/[email protected] 2x" alt="">
</div>
</figure>
<h2 id='all-together-now' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#all-together-now' aria-label='Anchor'></a><span class='plain-code'>All together now</span></h2>
<p>I grabbed <a href='https://unsplash.com/photos/brown-trees-beside-river-under-blue-sky-during-daytime-kSvpTrfhaiU' title=''>this
image</a>
and saved it to a file called <em>image.jpg</em>. </p>
<p>While I knew I was downloading an image of a winter scene, all I see on Unsplash is:</p>
<blockquote>
<p>brown trees beside river under blue sky during daytime Bright winter landscape
with lake, snow, forest, beautiful blue sky and white clouds. An example of
charming wildlife in Russia.</p>
</blockquote>
<p>Let&rsquo;s see what our very own AI describer thinks of this picture:</p>
<div class="highlight-wrapper group relative plain">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-4bvdtqnv"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-4bvdtqnv">$ python __init__.py
The image depicts a serene winter scene. There is a small stream of water flowing through the center, with patches of snow on its surface and along the banks. The surrounding area appears to be a mix of bare trees and shrubs, suggesting it's late in the season or possibly early spring when some plants have started to grow again but haven't yet leafed out.
The sky is clear and blue, indicating good weather conditions at the time the photo was taken. The sunlight seems to be coming from the left side of the image, casting a warm glow on the scene and creating reflections in the water. There are no visible texts or distinguishing marks that provide additional context about the location or the photographer.
The overall atmosphere is peaceful and natural, with the quiet beauty of the landscape undisturbed except for the gentle movement of the stream.
</code></pre>
</div>
</div>
<p>Is it a stellar description? Maybe not, but it certainly gives me a better sense of connection with the scene.</p>
<p>Let&rsquo;s see how our describer copes with a followup question.</p>
<div class="highlight-wrapper group relative plain">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-1x1pz9x9"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-1x1pz9x9">Enter your followup question, or 'quit' to quit: What types of trees are in the image?
Sending followup question
It's difficult to determine the exact species of trees in the image without more specific details, as many deciduous trees lose their leaves during winter and look quite similar. However, based on the general appearance of the bare branches and the fact that they are leafless, it is likely that these are common deciduous trees such as oaks, maples, or elms.
The presence of snow and the absence of foliage suggest that this photo was taken during winter or early spring when the trees have not yet started to bloom again. The exact species would require a closer examination of the bark, buds, and other distinguishing features, which are not clearly visible in this image.
</code></pre>
</div>
</div>
<p>Boo, the general-purpose LLaVA model couldn&rsquo;t identify the leafless trees. At least it knows why it can&rsquo;t. Maybe there&rsquo;s a better model out
there for that. Or we could train one, if we really needed tree identification! We could make every component of
this service more sophisticated! </p>
<p>But that I, personally, can make a proof of concept like this with a few days of effort
continues to boggle my mind. Thanks to a handful of amazing open source projects, it&rsquo;s really, spookily, easy. And from here, I (or you) can build out a screen-reader addon, or a mobile app, or a different kind of AI service, with modular changes.</p>
<h2 id='deployment-notes' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#deployment-notes' aria-label='Anchor'></a><span class='plain-code'>Deployment notes</span></h2>
<p>On Fly.io, stopping GPU Machines saves you a bunch of money and some carbon footprint, in return for cold-start latency when you make a request for the first time in more than a few minutes. In testing this project, on the <code>a100-40gb</code> Fly Machine preset, the 34b-parameter LLaVA model took several seconds to generate each response. If the Machine was stopped when the request came in, starting it up took another handful of seconds, followed by several tens of seconds to load the model into GPU RAM. The total time from cold start to completed description was about 45 seconds. Just something to keep in mind.</p>
<p>If you&rsquo;re running Ollama in the cloud, you likely want to put the model onto storage that&rsquo;s persistent, so you don&rsquo;t have to download it repeatedly. You could also build the model into a Docker image ahead of deployment.</p>
<p>The PocketBase Golang app compiles to a single executable that you can run wherever.
I run it on Fly.io, unsurprisingly, and the <a href='https://github.com/superfly/llm-describer/' title=''>repo</a> comes with a Dockerfile and a <a href='https://fly.io/docs/reference/configuration/' title=''><code>fly.toml</code></a> config file, which you can edit to point at your own Ollama instance. It uses a small persistent storage volume for the SQLite database. Under testing, it runs fine on a <code>shared-cpu-1x</code> Machine. </p>
</content>
</entry>
<entry>
<title>JIT WireGuard</title>
<link rel="alternate" href="https://fly.io/blog/jit-wireguard-peers/"/>
<id>https://fly.io/blog/jit-wireguard-peers/</id>
<published>2024-03-12T00:00:00+00:00</published>
<updated>2024-05-23T20:00:21+00:00</updated>
<media:thumbnail url="https://fly.io/blog/jit-wireguard-peers/assets/network-thumbnail.webp"/>
<content type="html"><div class="lead"><p>We’re Fly.io and we transmute containers into VMs, running them on our hardware around the world with the power of Firecracker alchemy. We do a lot of stuff with WireGuard, which has become a part of our customer API. This is a quick story about some tricks we played to make WireGuard faster and more scalable for the hundreds of thousands of people who now use it here.</p>
</div>
<p>One of many odd decisions we&rsquo;ve made at Fly.io is how we use WireGuard. It&rsquo;s not just that we use it in many places where other shops would use HTTPS and REST APIs. We&rsquo;ve gone a step beyond that: every time you run <code>flyctl</code>, our lovable, sprawling CLI, it conjures a TCP/IP stack out of thin air, with its own IPv6 address, and speaks directly to Fly Machines running on our networks.</p>
<p>There are plusses and minuses to this approach, which we talked about <a href='https://fly.io/blog/our-user-mode-wireguard-year/' title=''>in a blog post a couple years back</a>. Some things, like remote-operated Docker builders, get easier to express (a Fly Machine, as far as <code>flyctl</code> is concerned, might as well be on the same LAN). But everything generally gets trickier to keep running reliably.</p>
<p>It was a decision. We own it.</p>
<p>Anyways, we&rsquo;ve made some improvements recently, and I&rsquo;d like to talk about them.</p>
<h2 id='where-we-left-off' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#where-we-left-off' aria-label='Anchor'></a><span class='plain-code'>Where we left off</span></h2>
<p>Until a few weeks ago, our gateways ran on a pretty simple system.</p>
<ol>
<li>We operate dozens of &ldquo;gateway&rdquo; servers around the world, whose sole purpose is to accept incoming WireGuard connections and connect them to the appropriate private networks.
</li><li>Any time you run <code>flyctl</code> and it needs to talk to a Fly Machine (to build a container, pop an SSH console, copy files, or proxy to a service you&rsquo;re running), it spawns or connects to a background agent process.
</li><li>The first time it runs, the agent generates a new WireGuard peer configuration from our GraphQL API. WireGuard peer configurations are very simple: just a public key and an address to connect to.
</li><li>Our API in turn takes that peer configuration and sends it to the appropriate gateway (say, <code>ord</code>, if you&rsquo;re near Chicago) via an RPC we send over the NATS messaging system.
</li><li>On the gateway, a service called <code>wggwd</code> accepts that configuration, saves it to a SQLite database, and adds it to the kernel using WireGuard&rsquo;s Golang libraries. <code>wggwd</code> acknowledges the installation of the peer to the API.
</li><li>The API replies to your GraphQL request, with the configuration.
</li><li>Your <code>flyctl</code> connects to the WireGuard peer, which works, because you receiving the configuration means it’s installed on the gateway.
</li></ol>
<p>I copy-pasted those last two bullet points from <a href='https://fly.io/blog/our-user-mode-wireguard-year/' title=''>that two-year-old post</a>, because when it works, it does <em>just work</em> reasonably well. (We ultimately did end up defaulting everybody to WireGuard-over-WebSockets, though.)</p>
<p>But if it always worked, we wouldn&rsquo;t be here, would we?</p>
<p>We ran into two annoying problems:</p>
<p>One: NATS is fast, but doesn’t guarantee delivery. Back in 2022, Fly.io was pretty big on NATS internally. We&rsquo;ve moved away from it. For instance, our <a href='https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/' title=''>internal <code>flyd</code> API</a> used to be driven by NATS; today, it&rsquo;s HTTP. Our NATS cluster was losing too many messages to host a reliable API on it. Scaling back our use of NATS made WireGuard gateways better, but still not great.</p>
<p>Two: When <code>flyctl</code> exits, the WireGuard peer it created sticks around on the gateway. Nothing cleans up old peers. After all, you&rsquo;re likely going to come back tomorrow and deploy a new version of your app, or <code>fly ssh console</code> into it to debug something. Why remove a peer just to re-add it the next day?</p>
<p>Unfortunately, the vast majority of peers are created by <code>flyctl</code> in CI jobs, which don&rsquo;t have persistent storage and can&rsquo;t reconnect to the same peer the next run; they generate new peers every time, no matter what.</p>
<p>So, we ended up with a not-reliable-enough provisioning system, and gateways with hundreds of thousands of peers that will never be used again. The high stale peer count made kernel WireGuard operations very slow - especially loading all the peers back into the kernel after a gateway server reboot - as well as some kernel panics.</p>
<p>There had to be</p>
<h2 id='a-better-way' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#a-better-way' aria-label='Anchor'></a><span class='plain-code'>A better way.</span></h2>
<p>Storing bajillions of WireGuard peers is no big challenge for any serious n-tier RDBMS. This isn&rsquo;t &ldquo;big data&rdquo;. The problem we have at Fly.io is that our gateways don&rsquo;t have serious n-tier RDBMSs. They&rsquo;re small. Scrappy. They live off the land.</p>
<p>Seriously, though: you could store every WireGuard peer everybody has ever used at Fly.io in a single SQLite database, easily. What you can&rsquo;t do is store them all in the Linux kernel.</p>
<p>So, at some point, as you push more and more peer configurations to a gateway, you have to start making decisions about which peers you&rsquo;ll enable in the kernel, and which you won&rsquo;t.</p>
<p>Wouldn&rsquo;t it be nice if we just didn&rsquo;t have this problem? What if, instead of pushing configs to gateways, we had the gateways pull them from our API on demand?</p>
<p>If you did that, peers would only have to be added to the kernel when the client wanted to connect. You could yeet them out of the kernel any time you wanted; the next time the client connected, they&rsquo;d just get pulled again, and everything would work fine.</p>
<p>The problem you quickly run into to build this design is that Linux kernel WireGuard doesn&rsquo;t have a feature for installing peers on demand. However:</p>
<h2 id='it-is-possible-to-jit-wireguard-peers' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#it-is-possible-to-jit-wireguard-peers' aria-label='Anchor'></a><span class='plain-code'>It is possible to JIT WireGuard peers</span></h2>
<p>The Linux kernel&rsquo;s <a href='https://github.com/WireGuard/wgctrl-go' title=''>interface for configuring WireGuard</a> is <a href='https://docs.kernel.org/userspace-api/netlink/intro.html' title=''>Netlink</a> (which is basically a way to create a userland socket to talk to a kernel service). Here&rsquo;s a <a href='https://github.com/WireGuard/wg-dynamic/blob/master/netlink.h' title=''>summary of it as a C API</a>. Note that there&rsquo;s no API call to subscribe for &ldquo;incoming connection attempt&rdquo; events.</p>
<p>That&rsquo;s OK! We can just make our own events. WireGuard connection requests are packets, and they&rsquo;re easily identifiable, so we can efficiently snatch them with a BPF filter and a <a href='https://github.com/google/gopacket' title=''>packet socket</a>.</p>
<div class="callout"><p>Most of the time, it’s even easier for us to get the raw WireGuard packets, because our users now default to WebSockets WireGuard (which is just an unauthenticated WebSockets connect that shuttles framed UDP packets to and from an interface on the gateway), so that people who have trouble talking end-to-end in UDP can bring connections up.</p>
</div>
<p>We own the daemon code for that, and can just hook the packet receive function to snarf WireGuard packets.</p>
<p>It&rsquo;s not obvious, but WireGuard doesn&rsquo;t have notions of &ldquo;client&rdquo; or &ldquo;server&rdquo;. It&rsquo;s a pure point-to-point protocol; peers connect to each other when they have traffic to send. The first peer to connect is called the <strong class='font-semibold text-navy-950'>initiator</strong>, and the peer it connects to is the <strong class='font-semibold text-navy-950'>responder</strong>.</p>
<div class="right-sidenote"><p><a href="https://www.wireguard.com/papers/wireguard.pdf" title=""><em>The WireGuard paper</em></a> <em>is a good read.</em></p>
</div>
<p>For Fly.io, <code>flyctl</code> is typically our initiator, sending a single UDP packet to the gateway, which is the responder. According <a href='https://www.wireguard.com/papers/wireguard.pdf' title=''>to the WireGuard paper</a>, this first packet is a <code>handshake initiation</code>. It gets better: the packet type is recorded in a single plaintext byte. So this simple BPF filter catches all the incoming connections: <code>udp and dst port 51820 and udp[8] = 1</code>.</p>
<p>In most other protocols, we&rsquo;d be done at this point; we&rsquo;d just scrape the username or whatnot out of the packet, go fetch the matching configuration, and install it in the kernel. With WireGuard, not so fast. WireGuard is based on Trevor Perrin&rsquo;s <a href='http://www.noiseprotocol.org/' title=''>Noise Protocol Framework</a>, and Noise goes way out of its way to <a href='http://www.noiseprotocol.org/noise.html#identity-hiding' title=''>hide identities</a> during handshakes. To identify incoming requests, we&rsquo;ll need to run enough Noise cryptography to decrypt the identity.</p>
<p>The code to do this is fussy, but it&rsquo;s relatively short (about 200 lines). Helpfully, the kernel Netlink interface will give a privileged process the private key for an interface, so the secrets we need to unwrap WireGuard are easy to get. Then it&rsquo;s just a matter of running the first bit of the Noise handshake. If you&rsquo;re that kind of nerdy, <a href='https://gist.github.com/tqbf/9f2c2852e976e6566f962d9bca83062b' title=''>here&rsquo;s the code.</a></p>
<p>At this point, we have the event feed we wanted: the public keys of every user trying to make a WireGuard connection to our gateways. We keep a rate-limited cache in SQLite, and when we see new peers, we&rsquo;ll make an internal HTTP API request to fetch the matching peer information and install it. This fits nicely into the little daemon that already runs on our gateways to manage WireGuard, and allows us to ruthlessly and recklessly remove stale peers with a <code>cron</code> job.</p>
<p>But wait! There&rsquo;s more! We bounced this plan off Jason Donenfeld, and he tipped us off on a sneaky feature of the Linux WireGuard Netlink interface.</p>
<div class="right-sidenote"><p>Jason is the hardest working person in show business.</p>
</div>
<p>Our API fetch for new peers is generally not going to be fast enough to respond to the first handshake initiation message a new client sends us. That&rsquo;s OK; WireGuard is pretty fast about retrying. But we can do better.</p>
<p>When we get an incoming initiation message, we have the 4-tuple address of the desired connection, including the ephemeral source port <code>flyctl</code> is using. We can install the peer as if we&rsquo;re the initiator, and <code>flyctl</code> is the responder. The Linux kernel will initiate a WireGuard connection back to <code>flyctl</code>. This works; the protocol doesn&rsquo;t care a whole lot who&rsquo;s the server and who&rsquo;s the client. We get new connections established about as fast as they can possibly be installed.</p>
<figure class="post-cta">
<figcaption>
<h1>Launch an app in minutes</h1>
<p>Speedrun an app onto Fly.io and get your own JIT WireGuard peer&nbsp✨</p>
<a class="btn btn-lg" href="/docs/speedrun/">
Speedrun &nbsp;<span class='opacity-50'>→</span>
</a>
</figcaption>
<div class="image-container">
<img src="/static/images/cta-cat.webp" srcset="/static/images/[email protected] 2x" alt="">
</div>
</figure>
<h2 id='look-at-this-graph' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#look-at-this-graph' aria-label='Anchor'></a><span class='plain-code'>Look at this graph</span></h2>
<p>We&rsquo;ve been running this in production for a few weeks and we&rsquo;re feeling pretty happy about it. We went from thousands, or hundreds of thousands, of stale WireGuard peers on a gateway to what rounds to none. Gateways now hold a lot less state, are faster at setting up peers, and can be rebooted without having to wait for many unused peers to be loaded back into the kernel.</p>
<p>I&rsquo;ll leave you with this happy Grafana chart from the day of the switchover.</p>
<p><img alt="a Grafana chart of &#39;kernel_stale_wg_peer_count&#39; vs. time. For the first few hours, all traces are flat. Most are at values between 0 and 50,000 and the top-most is just under 550,000. Towards the end of the graph, each line in turn jumps sharply down to the bottom, and at the end of the chart all datapoints are indistinguishable from 0." src="/blog/jit-wireguard-peers/assets/wireguard-peers-graph.webp" /></p>
<p><strong class='font-semibold text-navy-950'>Editor&rsquo;s note:</strong> Despite our tearful protests, Lillian has decided to move on from Fly.io to explore new pursuits. We wish her much success and happiness!&nbsp;✨</p>
</content>
</entry>
<entry>
<title>Fly Kubernetes does more now</title>
<link rel="alternate" href="https://fly.io/blog/fks-beta-live/"/>
<id>https://fly.io/blog/fks-beta-live/</id>
<published>2024-03-07T00:00:00+00:00</published>
<updated>2024-04-24T22:38:38+00:00</updated>
<media:thumbnail url="https://fly.io/blog/fks-beta-live/assets/fks-thumb.webp"/>
<content type="html"><div class="lead"><p>Eons ago, we <a href="https://fly.io/blog/fks/" title="">announced</a> we were working on <a href="https://fly.io/docs/kubernetes/" title="">Fly Kubernetes</a>. It drummed up enough excitement to prove we were heading in the right direction. So, we got hard to work to get from barebones “early access” to a beta release. We’ll be onboarding customers to the closed beta over the next few weeks. Email us at <a href="mailto:[email protected]">[email protected]</a> and we’ll hook you up.</p>
</div>
<p>Fly Kubernetes is the &ldquo;blessed path&quot;™️ to using Kubernetes backed by Fly.io infrastructure. Or, in simpler terms, it is our managed Kubernetes service. We take care of the complexity of operating the Kubernetes control plane, leaving you with the unfettered joy of deploying your Kubernetes workloads. If you love Fly.io and K8s, this product is for you.</p>
<h2 id='what-even-is-a-kubernete' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#what-even-is-a-kubernete' aria-label='Anchor'></a><span class='plain-code'>What even is a Kubernete?</span></h2>
<p>So how did this all come to be&mdash;and what even is a Kubernete?</p>
<div class="right-sidenote"><p>You can see more fun details in <a href="https://fly.io/blog/fks/" title="">Introducing Fly Kubernetes</a>.</p>
</div>
<p>If you wade through all the YAML and <a href='https://landscape.cncf.io/' title=''>CNCF projects</a>, what&rsquo;s left is an API for declaring workloads and how it should be accessed. </p>
<p>But that&rsquo;s not what people usually talk / groan about. It&rsquo;s everything else that comes along with adopting Kubernetes: a container runtime (CRI), networking between workloads (CNI) which leads to DNS (CoreDNS). Then you layer on Prometheus for metrics and whatever the logging daemon du jour is at the time. Now you get to debate which Ingress&mdash;strike that&mdash;<em>Gateway</em> API to deploy and if the next thing is anything to do with a Service Mess, then as they like to say where I live, &quot;bless your heart&rdquo;.</p>
<p>Finally, there&rsquo;s capacity planning. You&rsquo;ve got to pick and choose where, how and what the <a href='https://kubernetes.io/docs/concepts/architecture/nodes/' title=''>Nodes</a> will look like in order to configure and run the workloads.</p>
<p>When we began thinking about what a Fly Kubernetes Service could look like, we started from first principles, as we do with most everything here. The best way we can describe it is the <a href='https://www.youtube.com/watch?v=Ddk9ci6geSs' title=''>scene from Iron Man 2 when Tony Stark discovers a new element</a>. As he&rsquo;s looking at the knowledge left behind by those that came before, he starts to imagine something entirely different and more capable than could have been accomplished previously. That&rsquo;s what happened to JP, but with K3s and Virtual Kubelet.</p>
<h2 id='ok-then-wtf-whats-the-fks' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#ok-then-wtf-whats-the-fks' aria-label='Anchor'></a><span class='plain-code'>OK then, WTF (what&rsquo;s the FKS)?</span></h2>
<p>We looked at what people need to get started—the API—and then started peeling away all the noise, filling in the gaps to connect things together to provide the power. Here&rsquo;s how this looks currently:</p>
<ul>
<li>Containerd/CRI → <a href='https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/' title=''>flyd</a> + Firecracker + <a href='https://fly.io/blog/docker-without-docker/' title=''>our init</a>: our system transmogrifies Docker containers into Firecracker microVMs
</li><li>Networking/CNI → Our <a href='https://fly.io/blog/ipv6-wireguard-peering/' title=''>internal WireGuard mesh</a> connects your pods together
</li><li>Pods → Fly Machines VMs
</li><li>Secrets → Secrets, only not the base64&rsquo;d kind
</li><li>Services → The Fly Proxy
</li><li>CoreDNS → CoreDNS (to be replaced with our custom internal DNS)
</li><li>Persistent Volumes → Fly Volumes (coming soon)
</li></ul>
<p>Now&hellip;not everything is a one-to-one comparison, and we explicitly did not set out to support any and every configuration. We aren&rsquo;t dealing with resources like Network Policy and init containers, though we&rsquo;re also not completely ignoring them. By mapping many of the core primitives of Kubernetes to a Fly.io resource, we&rsquo;re able to focus on continuing to build the primitives that make our cloud better for workloads of all shapes and sizes.</p>
<p>A key thing to notice above is that there&rsquo;s no &ldquo;Node&rdquo;.</p>
<p><a href='https://virtual-kubelet.io/' title=''>Virtual Kubelet</a> plays a central role in FKS. It&rsquo;s magic, really. A Virtual Kubelet acts as if it&rsquo;s a standard Kubelet running on a Node, eager to run your workloads. However, there&rsquo;s no Node backing it. It instead behaves like an API, receiving requests from Kubernetes and transforming them into requests to deploy on a cloud compute service. In our case, that&rsquo;s Fly Machines.</p>
<p>So what we have is Kubernetes calling out to our <a href='https://virtual-kubelet.io/docs/providers/' title=''>Virtual Kubelet provider</a>, a small Golang program we run alongside K3s, to create and run your pod. It creates <a href='https://fly.io/blog/docker-without-docker/' title=''>your pod as a Fly Machine</a>, via the <a href='/docs/machines/api/' title=''>Fly Machines API</a>, deploying it to any underlying host within that region. This shifts the burden of managing hardware capacity from you to us. We think that&rsquo;s a cool trick&mdash;thanks, Virtual Kubelet magic!</p>
<h2 id='speedrun' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#speedrun' aria-label='Anchor'></a><span class='plain-code'>Speedrun</span></h2>
<p>You can deploy your workloads (including GPUs) across any of our available regions using the Kubernetes API.</p>
<p>You create a cluster with <code>flyctl</code>:</p>
<div class="highlight-wrapper group relative cmd">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-fnxi6rft"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight cmd'><code id="code-fnxi6rft">fly ext k8s create --name hello --org personal --region iad
</code></pre>
</div>
</div>
<p>When a cluster is created, it has the standard <code>default</code> namespace. You can inspect it:</p>
<div class="highlight-wrapper group relative cmd">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-92wwv6kq"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight cmd'><code id="code-92wwv6kq">kubectl get ns default --show-labels
</code></pre>
</div>
</div><div class="highlight-wrapper group relative output">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-mk490mip"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight output whitespace-pre'><code id="code-mk490mip">NAME STATUS AGE LABELS
default Active 20d fly.io/app=fks-default-7zyjm3ovpdxmd0ep,kubernetes.io/metadata.name=default
</code></pre>
</div>
</div>
<p>The <code>fly.io/app</code> label shows the name of the Fly App that corresponds to your cluster.</p>
<p>It would seem appropriate to deploy the <a href='https://github.com/kubernetes-up-and-running/kuard' title=''>Kubernetes Up And Running demo</a> here, but since your pods are connected over an <a href='https://fly.io/blog/ipv6-wireguard-peering/' title=''>IPv6 WireGuard mesh</a>, we&rsquo;re going to use a <a href='https://github.com/jipperinbham/kuard' title=''>fork</a> with support for <a href='https://github.com/kubernetes-up-and-running/kuard/issues/46' title=''>IPv6 DNS</a>.</p>
<div class="highlight-wrapper group relative cmd">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-7qz94xki"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight cmd'><code id="code-7qz94xki">kubectl run \
--image=ghcr.io/jipperinbham/kuard-amd64:blue \
--labels="app=kuard-fks" \
kuard
</code></pre>
</div>
</div>
<p>And you can see its Machine representation via:</p>
<div class="highlight-wrapper group relative cmd">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-1wk7f1q0"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight cmd'><code id="code-1wk7f1q0">fly machine list --app fks-default-7zyjm3ovpdxmd0ep
</code></pre>
</div>
</div><div class="highlight-wrapper group relative output">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-7rbzov1i"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight output whitespace-pre'><code id="code-7rbzov1i">ID NAME STATE REGION IMAGE IP ADDRESS VOLUME CREATED LAST UPDATED APP PLATFORM PROCESS GROUP SIZE
1852291c46ded8 kuard started iad jipperinbham/kuard-amd64:blue fdaa:0:48c8:a7b:228:4b6d:6e20:2 2024-03-05T18:54:41Z 2024-03-05T18:54:44Z shared-cpu-1x:256MB
</code></pre>
</div>
</div>
<p></div></p>
<p>This is important! Your pod is a Fly Machine! While we don’t yet support all kubectl features, Fly.io tooling will &ldquo;just work&rdquo; for cases where we don&rsquo;t yet support the kubectl way. So, for example, we don&rsquo;t have <code>kubectl port-forward</code> and <code>kubectl exec</code>, but you can use flyctl to forward ports and get a shell into a pod.</p>
<p>Expose it to your internal network using the standard ClusterIP Service:</p>
<div class="highlight-wrapper group relative cmd">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-1sjiwcq9"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight cmd'><code id="code-1sjiwcq9">kubectl expose pod kuard \
--name=kuard \
--port=8080 \
--target-port=8080 \
--selector='app=kuard-fks'
</code></pre>
</div>
</div>
<p>ClusterIP Services work natively, and Fly.io internal DNS supports them. Within the cluster, CoreDNS works too.</p>
<p>Access this Service locally via <a href='https://fly.io/docs/networking/private-networking/#flycast-private-load-balancing' title=''>flycast</a>: Get connected to your org&rsquo;s <a href='https://fly.io/docs/networking/private-networking/' title=''>6PN private WireGuard network</a>. Get kubectl to describe the <code>kuard</code> Service:</p>
<div class="highlight-wrapper group relative cmd">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-hy5q54ru"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight cmd'><code id="code-hy5q54ru">kubectl describe svc kuard
</code></pre>
</div>
</div><div class="highlight-wrapper group relative output">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-a8mzw85a"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight output'><code id="code-a8mzw85a">Name: kuard
Namespace: default
Labels: app=kuard-fks
Annotations: fly.io/clusterip-allocator: configured
service.fly.io/sync-version: 11507529969321451315
Selector: app=kuard-fks
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv6
IP: fdaa:0:48c8:0:1::1a
IPs: fdaa:0:48c8:0:1::1a
Port: &lt;unset&gt; 8080/TCP
TargetPort: 8080/TCP
Endpoints: [fdaa:0:48c8:a7b:228:4b6d:6e20:2]:8080
Session Affinity: None
Events: &lt;none&gt;
</code></pre>
</div>
</div>
<p>You can pull out the Service&rsquo;s IP address from the above output, and get at the KUARD UI using that: in this case, <code>http://[fdaa:0:48c8:0:1::1a]:8080</code>. </p>
<p>Using internal DNS: <code>http://&lt;service_name&gt;.svc.&lt;app_name&gt;.flycast:8080</code>. Or, in our example: <code>http://kuard.svc.fks-default-7zyjm3ovpdxmd0ep.flycast:8080</code>.</p>
<p>And finally CoreDNS: <code>&lt;service_name&gt;.&lt;namespace&gt;.svc.cluster.local</code> resolves to the <code>fdaa</code> IP and is routable within the cluster.</p>
<figure class="post-cta">
<figcaption>
<h1>Get in on the FKS beta</h1>
<p>Email us at [email protected]</p>
</figcaption>
<div class="image-container">
<img src="/static/images/cta-cat.webp" srcset="/static/images/[email protected] 2x" alt="">
</div>
</figure>
<h2 id='pricing' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#pricing' aria-label='Anchor'></a><span class='plain-code'>Pricing</span></h2>
<p>The Fly Kubernetes Service is free during the beta. Fly Machines and Fly Volumes you create with it will cost the <a href='https://fly.io/docs/about/pricing/' title=''>same as for your other Fly.io projects</a>. It&rsquo;ll be <a href='https://fly.io/docs/about/pricing/#fly-kubernetes' title=''>$75/mo per cluster</a> after that, plus the cost of the other resources you create.</p>
<h2 id='today-and-the-future' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#today-and-the-future' aria-label='Anchor'></a><span class='plain-code'>Today and the future</span></h2>
<p>Today, Fly Kubernetes supports only a portion of the Kubernetes API. You can deploy pods using Deployments/ReplicaSets. Pods are able to communicate via Services using the standard K8s DNS format. Ephemeral and persistent volumes are supported.</p>
<p>The most notable absences are: multi-container pods, StatefulSets, network policies, horizontal pod autoscaling and emptyDir volumes. We&rsquo;re working at supporting autoscaling and emptyDir volumes in the coming weeks and multi-container pods in the coming months.</p>
<p>If you&rsquo;ve made it this far and are eagerly awaiting your chance to tell us and the rest of the internet &ldquo;this isn&rsquo;t Kubernetes!&rdquo;, well, we agree! It&rsquo;s not something we take lightly. We&rsquo;re still building, and conformance tests may be in the future for FKS. We&rsquo;ve made a deliberate decision to only care about fast launching VMs as the one and only way to run workloads on our cloud. And we also know enough of our customers would like to use the Kubernetes API to create a fast launching VM in the form of a Pod, and that&rsquo;s where this story begins. </p>
</content>
</entry>
<entry>
<title>Globally Distributed Object Storage with Tigris</title>
<link rel="alternate" href="https://fly.io/blog/tigris-public-beta/"/>
<id>https://fly.io/blog/tigris-public-beta/</id>
<published>2024-02-15T00:00:00+00:00</published>
<updated>2024-04-24T22:38:38+00:00</updated>
<media:thumbnail url="https://fly.io/blog/tigris-public-beta/assets/tigris-public-beta-thumb.webp"/>
<content type="html"><div class="lead"><p>We’re Fly.io and we transmute containers into VMs, running them on our hardware around the world with the power of Firecracker alchemy. That’s pretty cool, but we want to talk about something someone else built, that <a href="https://fly.io/docs/reference/tigris/" title="">you can use today</a> to build applications.</p>
</div>
<p>There are three hard things in computer science:</p>
<ol>
<li>Cache invalidation
</li><li>Naming things
</li><li><a href='https://aws.amazon.com/s3/' title=''>Doing a better job than Amazon of storing files</a>
</li></ol>
<p>Of all the annoying software problems that have no business being annoying, handling a file upload in a full-stack application stands apart, a universal if tractable malady, the plantar fasciitis of programming.</p>
<p>Now, the actual act of clients placing files on servers is straightforward. Your framework <a href='https://hexdocs.pm/phoenix/file_uploads.html' title=''>has</a> <a href='https://edgeguides.rubyonrails.org/active_storage_overview.html' title=''>a</a> <a href='https://docs.djangoproject.com/en/5.0/topics/http/file-uploads/' title=''>feature</a> <a href='https://expressjs.com/en/resources/middleware/multer.html' title=''>that</a> <a href='https://github.com/yesodweb/yesod-cookbook/blob/master/cookbook/Cookbook-file-upload-saving-files-to-server.md' title=''>does</a> <a href='https://laravel.com/docs/10.x/filesystem' title=''>it</a>. What&rsquo;s hard is making sure that uploads stick around to be downloaded later.</p>
<aside class="right-sidenote"><p>(yes, yes, we know, <a href="https://youtu.be/b2F-DItXtZs?t=102" title="">sharding /dev/null</a> is faster)</p>
</aside>
<p>Enter object storage, a pattern you may know by its colloquial name &ldquo;S3&rdquo;. Object storage occupies a funny place in software architecture, somewhere between a database and a filesystem. It&rsquo;s like <a href='https://man7.org/linux/man-pages/man3/malloc.3.html' title=''><code>malloc</code></a><code>()</code>, but for cloud storage instead of program memory.</p>
<p><a href='https://www.kleenex.com/en-us/' title=''>S3</a>—err, object storage — is so important that it was the second AWS service ever introduced (EC2 was not the first!). Everybody wants it. We know, because they keep asking us for it.</p>
<p>So why didn&rsquo;t we build it?</p>
<p>Because we couldn&rsquo;t figure out a way to improve on S3. And we still haven&rsquo;t! But someone else did, at least for the kinds of applications we see on Fly.io.</p>
<h2 id='but-first-some-back-story' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-first-some-back-story' aria-label='Anchor'></a><span class='plain-code'>But First, Some Back Story</span></h2>
<p>S3 checks all the boxes. It&rsquo;s trivial to use. It&rsquo;s efficient and cost-effective. It has redundancies that would make a DoD contractor blush. It integrates with archival services like Glacier. And every framework supports it. At some point, the IETF should just take a deep sigh and write an S3 API RFC, XML signatures and all.</p>
<p>There&rsquo;s at least one catch, though.</p>
<p>Back in, like, &lsquo;07 people ran all their apps from a single city. S3 was designed to work for those kinds of apps. The data, the bytes on the disks (or whatever weird hyperputer AWS stores S3 bytes on), live in one place. A specific place. In a specific data center. As powerful and inspiring as The Architects are, they are mortals, and must obey the laws of physics.</p>
<p>This observation feels banal, until you realize how apps have changed in the last decade. Apps and their users don&rsquo;t live in one specific place. They live all over the world. When users are close to the S3 data center, things are amazing! But things get less amazing the further away you get from the data center, and even less amazing the smaller and more frequent your reads and writes are.</p>
<p>(Thought experiment: you have to pick one place in the world to route all your file storage. Where is it? Is it <a href='https://www.tripadvisor.com/Restaurant_Review-g30246-d1956555-Reviews-Ford_s_Fish_Shack_Ashburn-Ashburn_Loudoun_County_Virginia.html' title=''>Loudoun County, Virginia</a>?)</p>
<p>So, for many modern apps, you end up having to <a href='https://stackoverflow.com/questions/32426249/aws-s3-bucket-with-multiple-regions' title=''>write things into different regions</a>, so that people close to the data get it from a region-specific bucket. Doing that pulls in CDN-caching things that complicated your application and put barriers between you and your data. Before you know it, you&rsquo;re wearing custom orthotics on your, uh, developer feet. (<em>I am done with this metaphor now, I promise.</em>)</p>
<aside class="right-sidenote"><p>(well, okay, Backblaze B2 because somehow my bucket fits into their free tier, but you get the idea)</p>
</aside>
<p>Personally, I know this happens. Because I had to build one! I run a <a href='https://xeiaso.net/blog/xedn/' title=''>CDN backend</a> that&rsquo;s a caching proxy for S3 in six continents across the world. All so that I can deliver images and video efficiently for the readers of my blog.</p>
<aside class="right-sidenote"><p>(shut up, it’s a sandwich)</p>
</aside>
<p>What if data was really global? For some applications, it might not matter much. But for others, it matters a lot. When a sandwich lover in Australia snaps a picture of a <a href='https://en.wikipedia.org/wiki/Hamdog' title=''>hamdog</a>, the people most likely to want to see that photo are also in Australia. Routing those uploads and downloads through one building in Ashburn is no way to build a sandwich reviewing empire.</p>
<p>Localizing all the data sounds like a hard problem. What if you didn&rsquo;t need to change anything on your end to accomplish it?</p>
<h2 id='show-me-a-hero' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#show-me-a-hero' aria-label='Anchor'></a><span class='plain-code'>Show Me A Hero</span></h2>
<p>Building a miniature CDN infrastructure just to handle file uploads seems like the kind of thing that could take a week or so of tinkering. The Fly.io unified theory of cloud development is that solutions are completely viable for full-stack developers only when they take less than 2 hours to get working.</p>
<p>AWS agrees, which is why they have a SKU for it, <a href='https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution' title=''>called Cloudfront</a>, which will, at some variably metered expense, optimize the read side of a single-write-region bucket: they&rsquo;ll set up <a href='https://fly.io/blog/the-5-hour-content-delivery-network/' title=''>a simple caching CDN</a> for you. You can probably get S3 and Cloudfront working within 2 hours, especially if you&rsquo;ve set it up before.</p>
<p>Our friends at Tigris have this problem down to single-digit minutes, and what they came up with is a lot cooler than a cache CDN.</p>
<p>Here&rsquo;s how it works. Tigris runs redundant FoundationDB clusters in our regions to track objects. They use Fly.io&rsquo;s NVMe volumes as a first level of cached raw byte store, and a queuing system modelled on <a href='https://www.foundationdb.org/files/QuiCK.pdf' title=''>Apple&rsquo;s QuiCK paper</a> to distribute object data to multiple replicas, to regions where the data is in demand, and to 3rd party object stores… like S3.</p>
<p>If your objects are less than about 128 kilobytes, Tigris makes them instantly global. By default! Things are just snappy, all over the world, automatically, because they&rsquo;ve done all the work.</p>
<p>But it gets better, because Tigris is also much more flexible than a cache simple CDN. It&rsquo;s globally distributed from the jump, with inter-region routing baked into its distribution layer. Tigris isn&rsquo;t a CDN, but rather a toolset that you can use to build arbitrary CDNs, with consistency guarantees, instant purge and relay regions.</p>
<p>There&rsquo;s a lot going on in this architecture, and it&rsquo;d be fun to dig into it more. But for now, you don&rsquo;t have to understand any of it. Because Tigris ties all this stuff together with an S3-compatible object storage API. If your framework can talk to S3, it can use Tigris.</p>
<h2 id='fly-storage' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#fly-storage' aria-label='Anchor'></a><span class='plain-code'><code>fly storage</code></span></h2>
<p>To get started with this, run the <code>fly storage create</code> command:</p>
<div class="highlight-wrapper group relative ">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-rhojus0y"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-rhojus0y">$ fly storage create
Choose a name, use the default, or leave blank to generate one: xe-foo-images
Your Tigris project (xe-foo-images) is ready. See details and next steps with: https://fly.io/docs/reference/tigris/
Setting the following secrets on xe-foo:
AWS_REGION
BUCKET_NAME
AWS_ENDPOINT_URL_S3
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
Secrets are staged for the first deployment
</code></pre>
</div>
</div>
<p>All you have to do is fill in a bucket name. Hit enter. All of the configuration for the AWS S3 library will be injected into your application for you. And you don&rsquo;t even need to change the libraries that you&rsquo;re using. <a href='https://www.tigrisdata.com/docs/sdks/s3/' title=''>The Tigris examples</a> all use the AWS libraries to put and delete objects into Tigris using the same calls that you use for S3.</p>
<p>I know how this looks for a lot of you. It looks like we&rsquo;re partnering with Tigris because we&rsquo;re chicken, and we didn&rsquo;t want to build something like this. Well, guess what: you&rsquo;re right!</p>
<p>Compute and networking: those are things we love and understand. Object storage? <a href='https://fly.io/blog/the-5-hour-content-delivery-network/' title=''>We already gave away the game on how we&rsquo;d design a CDN for our own content</a>, and it wasn&rsquo;t nearly as slick as Tigris.</p>
<p>Object storage is important. It needs to be good. We did not want to half-ass it. So we partnered with Tigris, so that they can put their full resources into making object storage as ✨magical✨ as Fly.io is.</p>
<p>This also mirrors a lot of the Unix philosophy of Days Gone Past, you have individual parts that do one thing very well that are then chained together to create a composite result. I mean, come on, would you seriously want to buy your servers the same place you buy your shoes?</p>
<h2 id='one-bill-to-rule-them-all' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#one-bill-to-rule-them-all' aria-label='Anchor'></a><span class='plain-code'>One bill to rule them all</span></h2>
<p>Well, okay, the main reason why you would want to do that is because having everything under one bill makes it really easy for your accounting people. So, to make one bill for your computer, your block storage, your databases, your networking, and your object storage, we&rsquo;ve wrapped everything under one bill. You don&rsquo;t have to create separate accounts with Supabase or Upstash or PlanetScale or Tigris. Everything gets charged to your Fly.io bill and you pay one bill per month.</p>
<aside class="right-sidenote"><p>This was actually going to be posted on Valentine’s Day, but we had to wait for the chocolate to go on sale.</p>
</aside>
<p>This is our Valentine&rsquo;s Day gift to you all. Object storage that just works. Stay tuned because we have a couple exciting features that build on top of the integration of Fly.io and Tigris that allow really unique things, such as truly global static website hosting and turning your bucket into a CDN in 5 minutes at most.</p>
<p>Here&rsquo;s to many more happy developer days to come.</p>
</content>
</entry>
<entry>
<title>GPUs on Fly.io are available to everyone!</title>
<link rel="alternate" href="https://fly.io/blog/gpu-ga/"/>
<id>https://fly.io/blog/gpu-ga/</id>
<published>2024-02-12T00:00:00+00:00</published>
<updated>2024-04-24T22:38:38+00:00</updated>
<media:thumbnail url="https://fly.io/blog/gpu-ga/assets/gpu-ga-thumb.webp"/>
<content type="html"><div class="lead"><p>Fly.io makes it easy to spin up compute around the world, now including powerful GPUs. Unlock the power of large language models, text transcription, and image generation with our datacenter-grade muscle!</p>
</div>
<p>GPUs are now available to everyone!</p>
<p>We know you&rsquo;ve been excited about wanting to use GPUs on Fly.io and we&rsquo;re happy to announce that they&rsquo;re available for everyone. If you want, you can spin up GPU instances with any of the following cards:</p>
<ul>
<li>Ampere A100 (40GB) <code>a100-40gb</code>
</li><li>Ampere A100 (80GB) <code>a100-80gb</code>
</li><li>Lovelace L40s (48GB) <code>l40s</code>
</li></ul>
<p>To use a GPU instance today, change the <code>vm.size</code> for one of your apps or processes to any of the above GPU kinds. Here&rsquo;s how you can spin up an <a href='https://ollama.ai' title=''>Ollama</a> server in seconds:</p>
<div class="highlight-wrapper group relative toml">
<button
type="button"
class="bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-wrap-target="#code-bcyvgy6u"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"><g buffered-rendering="static"><path d="M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959" /><path d="M11.081 6.466L9.533 8.037l1.548 1.571" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950">
Wrap text
</span>
</button>
<button
type="button"
class="bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none"
data-copy-target="sibling"
>
<svg class="w-4 h-4 pointer-events-none" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.35"><g buffered-rendering="static"><path d="M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z" /><path d="M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617" /></g></svg>
<span class="bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950">
Copy to clipboard
</span>
</button>
<div class='highlight relative group'>
<pre class='highlight '><code id="code-bcyvgy6u"><span class="py">app</span> <span class="p">=</span> <span class="s">"your-app-name"</span>
<span class="py">region</span> <span class="p">=</span> <span class="s">"ord"</span>
<span class="py">vm.size</span> <span class="p">=</span> <span class="s">"l40s"</span>
<span class="nn">[http_service]</span>
<span class="py">internal_port</span> <span class="p">=</span> <span class="mi">11434</span>
<span class="py">force_https</span> <span class="p">=</span> <span class="kc">false</span>
<span class="py">auto_stop_machines</span> <span class="p">=</span> <span class="kc">true</span>
<span class="py">auto_start_machines</span> <span class="p">=</span> <span class="kc">true</span>
<span class="py">min_machines_running</span> <span class="p">=</span> <span class="mi">0</span>
<span class="py">processes</span> <span class="p">=</span> <span class="nn">["app"]</span>
<span class="nn">[build]</span>
<span class="py">image</span> <span class="p">=</span> <span class="s">"ollama/ollama"</span>
<span class="nn">[mounts]</span>
<span class="py">source</span> <span class="p">=</span> <span class="s">"models"</span>
<span class="py">destination</span> <span class="p">=</span> <span class="s">"/root/.ollama"</span>
<span class="py">initial_size</span> <span class="p">=</span> <span class="s">"100gb"</span>
</code></pre>
</div>
</div>
<p>Deploy this and bam, large language model inferencing from anywhere. If you want a private setup, see the article <a href='https://fly.io/blog/scaling-llm-ollama/' title=''>Scaling Large Language Models to zero with Ollama</a> for more information. You never know when you have a sandwich emergency and don&rsquo;t know what you can make with what you have on hand.</p>
<p>We are working on getting some lower-cost A10 GPUs in the next few weeks. We&rsquo;ll update you when they&rsquo;re ready.</p>
<p>If you want to explore the possibilities of GPUs on Fly.io, here&rsquo;s a few articles that may give you ideas:</p>
<ul>
<li><a href='https://fly.io/blog/not-midjourney-bot/' title=''>Deploy Your Own (Not) MidJourney Bot On Fly GPUs</a>
</li><li><a href='https://fly.io/blog/scaling-llm-ollama/' title=''>Scaling Large Language Models to zero with Ollama</a>
</li><li><a href='https://fly.io/blog/transcribing-on-fly-gpu-machines/' title=''>Transcribing on Fly GPU Machines</a>
</li></ul>
<p>Depending on factors such as your organization&rsquo;s age and payment history, you may need to go through additional verification steps.</p>
<p>If you&rsquo;ve been experimenting with Fly.io GPUs and have made something cool, let us know on the <a href='https://community.fly.io/' title=''>Community Forums</a> or by mentioning us <a href='https://hachyderm.io/@flydotio' title=''>on Mastodon</a>! We&rsquo;ll boost the cool ones.</p>
</content>
</entry>
</feed>
{
"cache-control": "max-age=0, private, must-revalidate",
"cf-cache-status": "DYNAMIC",
"cf-ray": "9dc5c7f0ca305751-CMH",
"content-type": "text/xml",
"date": "Sat, 14 Mar 2026 19:45:50 GMT",
"etag": "W/\"69b3d033-b1987\"",
"fly-request-id": "01KKPY4CT4ZMQ2D51B20TZRJ1R-yyz",
"last-modified": "Fri, 13 Mar 2026 08:52:03 GMT",
"server": "cloudflare",
"set-cookie": "fly_gtm={}; path=/; expires=Sun, 14 Mar 2027 19:45:50 GMT; max-age=31536000; secure; HttpOnly; SameSite=Lax",
"transfer-encoding": "chunked",
"vary": "accept-encoding",
"via": "1.1 fly.io, 1.1 fly.io, 1.1 fly.io"
}
{
"meta": {
"type": "atom",
"version": "1.0"
},
"language": null,
"title": "The Fly Blog",
"description": "News, tips, and tricks from the team at Fly",
"copyright": null,
"url": "https://fly.io/blog/",
"self": "https://fly.io/blog/",
"published": null,
"updated": "2026-03-10T00:00:00.000Z",
"generator": null,
"image": null,
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": [],
"items": [
{
"id": "https://fly.io/blog/unfortunately-mcp/",
"title": "Unfortunately, Sprites Now Speak MCP",
"description": null,
"url": "https://fly.io/blog/unfortunately-mcp/",
"published": "2026-03-10T00:00:00.000Z",
"updated": "2026-03-12T19:30:19.000Z",
"content": "<div class=\"lead\"><p>Sprites are disposable cloud computers. They appear instantly, always include durable filesystems, and cost practically nothing when idle. They’re the best and safest place on the Internet to run agents and we want you to <a href=\"https://sprites.dev/\" title=\"\">create dozens of them</a>.</p>\n</div>\n<p>Sprites are a place to run agents; the first thing you should think to do with a new Sprite is to type <code>claude</code> (or <code>gemini</code> or <code>codex</code>). We’ve put a <a href='https://fly.io/blog/design-and-implementation/' title=''>lot of effort</a> into making sure coding agents feel safe and happy when they’re on Sprites, because, to (probably) quote John von Neumann, “happy agents are productive agents.”</p>\n\n<p>What’s less obvious about Sprites is that they’re great tools <em>for</em> agents. Want three different versions of a new feature? A test environment? An ensemble of cooperating services? It’s super handy to be able to start your prompts, “<code>On a new Sprite, do…</code>”.</p>\n\n<p>The Sprites API is simple, discoverable, and designed for this use case. It’s just a question of how you choose to give your agent access to it. And now there’s one more way: with MCP.</p>\n<h2 id='we-did-this-because-your-agents-suck' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#we-did-this-because-your-agents-suck' aria-label='Anchor'></a><span class='plain-code'>We Did This Because Your Agents Suck</span></h2>\n<p>This feature works well, but we’re less than enthusiastic about it. Not as product developers, mind you. It’s a good product! Just as aesthetes.</p>\n\n<p>In 2026, MCP is the wrong way to extend the capabilities of an agent. The emerging Right Way to do this is command line tools and discoverable APIs.</p>\n\n<p>When we plug an MCP into your agent, we’re filling its context with tool descriptions, many of which you’ll probably never use. Really, all your agent should need is a short sentence, like “<code>Use this skill whenever users want to create a new VM to run a task on, or to manage the VMs already available.</code>” The skill should take care of the rest.</p>\n\n<p>CLI-driven agent skills are efficient because they reveal capabilities progressively. You can do CLI subcommands, like <code>sprite checkpoint</code> and <code>sprite exec</code>, or with API endpoints and subpaths. Good agent harnesses are uncanny at quickly working out how to use these things.</p>\n<div class=\"right-sidenote\"><p>You <em>are</em> using Playwright, right? “Make sure this web application actually works before you tell me you’re done”?</p>\n</div>\n<p>Take <a href='https://playwright.dev/' title=''>Playwright, the industry-standard browser automation tool</a>. Ask <code>claude</code> to install Playwright and Chrome and there’s a coinflip chance it sets up the MCP server. But notice that when the coin comes up tails, Playwright still works. <code>claude</code> just drives it by writing little scripts. This is good! The models already know how to write little scripts without using up context.</p>\n\n<p>And there’s more at stake than just efficiency. Cramming your context full of MCP tool descriptions is a way of signaling to the model that those tools are important to you. But not every Sprite command is equally important in every setting. If you’re not using network policies, you don’t need <code>gemini</code> to waste a bunch of time setting them up for you.</p>\n\n<p>Skills and APIs are the best way to drive Sprites. But to make that work, you need an agent that can run shell commands for itself. So you’ll want to reach for MCP sessions when you’re stuck with an agent that can’t run commands. Thankfully, most of us aren’t using those kinds of agents anymore. In <code>claude</code>, <code>gemini</code>, or <code>codex</code>, you should just show your agent the <code>sprite</code> CLI and let it impress you.</p>\n<h2 id='sprites-dev-mcp' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#sprites-dev-mcp' aria-label='Anchor'></a><span class='plain-code'>sprites.dev/mcp</span></h2>\n<p>Plug this URL into Claude Desktop, or any other agent tool that speaks MCP. You’ll authenticate to one of your Fly.io organizations, and your agent will speak Sprites.</p>\n\n<p>Then:</p>\n\n<p><code>On a new Sprite, take this repository and reproduce this bug from issues/913, capturing logs.</code></p>\n\n<p><code>On a new Sprite, benchmark this function across 1000 runs and summarize the results.</code></p>\n\n<p><code>On a new Sprite, update all the dependencies on this project to their newest versions and test that everything works.</code></p>\n\n<p><code>On 3 new Sprites, change this service to use each of these 3 query libraries, and use HTTP to test latency.</code></p>\n\n<p><code>On a new Sprite, run this code with bpfwatch and show me what files it touches.</code></p>\n\n<p><code>On a new Sprite, run a load generator against this endpoint for 60 seconds and report the results.</code></p>\n\n<p><code>On a new Sprite, download this dataset and give me a Jupyter notebook to explore it in.</code></p>\n\n<p><code>On a new Sprite, set up a webhook receiver and render a real-time web report of all the payloads it receives.</code></p>\n\n<p>I don’t know. You know your projects better than we do. Whatever. Sometimes you want a clean, cheap, disposable computer (or five of them). That’s now an available feature of all your prompts. Find ways to apply it to your project, and we think you’ll end up wondering where Sprites have been all your life.</p>\n<div class=\"callout\"><p>Some of you are thinking to yourself: “this feature is going to result in robots ruining my life”. We agree. So we’ve built in guardrails. When you authenticate, giving your agent access to a single specific organization on your Fly.io account, we’ll let you scope down the MCP session. You can cap the number of Sprites our MCP will create for you, and you can give them name prefixes so you can easily spot the robots and disassemble them.</p>\n</div><h2 id='fuck-stateless-sandboxes' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#fuck-stateless-sandboxes' aria-label='Anchor'></a><span class='plain-code'>Fuck Stateless Sandboxes</span></h2>\n<p>We’ll keep saying this until our faces turn blue: the industry is stuck on “sandboxes” as a way of letting agents run code, and sandboxes aren’t good enough anymore. What agents want is real computers, with real filesystems, connected to real networks, and there’s no technical reason not to give them some.</p>\n\n<p><a href='https://fly.io/blog/code-and-let-live/' title=''>We designed Sprites so that you can fearlessly create whole bunches of them</a>. They’re responsive enough to host web apps for your team, but they idle in a sleeping state where they cost virtually nothing. Everybody at Fly.io that uses them ends up with 20 or 30, just hanging around.</p>\n\n<p>We think you’ll do better work when you can pull in as many computers as you need to solve problems. If it takes an MCP server for us to get you to do that, so be it.</p>",
"image": {
"url": "https://fly.io/blog/unfortunately-mcp/assets/whack.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/litestream-writable-vfs/",
"title": "Litestream Writable VFS",
"description": null,
"url": "https://fly.io/blog/litestream-writable-vfs/",
"published": "2026-01-29T00:00:00.000Z",
"updated": "2026-02-04T23:24:24.000Z",
"content": "<div class=\"lead\"><p><strong class=\"font-semibold text-navy-950\">I’m Ben Johnson, and I work on Litestream at Fly.io. Litestream is the missing backup/restore system for SQLite. It’s free, open-source software that should run anywhere, and</strong> <a href=\"/blog/litestream-v050-is-here/\" title=\"\"><strong class=\"font-semibold text-navy-950\">you can read more about it here</strong></a><strong class=\"font-semibold text-navy-950\">.</strong></p>\n</div>\n<p>Each time we write about it, we get a little bit better at golfing down a description of what Litestream is. Here goes: Litestream is a Unix-y tool for keeping a SQLite database synchronized with S3-style object storage. It’s a way of getting the speed and simplicity wins of SQLite without exposing yourself to catastrophic data loss. Your app doesn’t necessarily even need to know it’s there; you can just run it as a tool in the background.</p>\n\n<p>It’s been a busy couple weeks!</p>\n\n<p>We recently <a href='/blog/design-and-implementation/' title=''>unveiled Sprites</a>. If you don’t know what Sprites are, you should just <a href='https://sprites.dev/' title=''>go check them out</a>. They’re one of the coolest things we’ve ever shipped. I won’t waste any more time selling them to you. Just, Sprites are a big deal, and so it’s a big deal to me that Litestream is a load-bearing component for them.</p>\n\n<p>Sprites rely directly on Litestream in two big ways.</p>\n\n<p>First, Litestream SQLite is the core of our global Sprites orchestrator. Unlike our flagship Fly Machines product, which relies on a centralized Postgres cluster, our Elixir Sprites orchestrator runs directly off S3-compatible object storage. Every organization enrolled in Sprites gets their own SQLite database, synchronized by Litestream.</p>\n\n<p>This is a fun design. It takes advantage of the “many SQLite databases” pattern, which is under-appreciated. It’s got nice scaling characteristics. Keeping that Postgres cluster happy as Fly.io grew has been a major engineering challenge.</p>\n\n<p>But as far as Litestream is concerned, the orchestrator is boring, and so that’s all I’ve got to say about it. The second way Sprites use Litestream is much more interesting.</p>\n\n<p>Litestream is built directly into the disk storage stack that runs on every Sprite.</p>\n\n<p>Sprites launch in under a second, and every one of them boots up with 100GB of durable storage. That’s a tricky bit of engineering. We’re able to do this because the root of storage for Sprites is S3-compatible object storage, and we’re able to make it fast by keeping a database of in-use storage blocks that takes advantage of attached NVMe as a read-through cache. The system that does this is JuiceFS, and the database — let’s call it “the block map” — is a rewritten metadata store, based (you guessed it) on BoltDB.</p>\n\n<p>I kid! It’s Litestream SQLite, of course.</p>\n<h2 id='sprite-storage-is-fussy' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#sprite-storage-is-fussy' aria-label='Anchor'></a><span class='plain-code'>Sprite Storage Is Fussy</span></h2>\n<p>Everything in a Sprite is designed to come up fast.</p>\n\n<p>If the Fly Machine underneath a Sprite bounces, we might need to reconstitute the block map from object storage. Block maps aren’t huge, but they’re not tiny; maybe low tens of megabytes worst case.</p>\n\n<p>The thing is, this is happening while the Sprite boots back up. To put that in perspective, that’s something that can happen in response to an incoming web request; that is, we have to finish fast enough to generate a timely response to that request. The time budget is small.</p>\n\n<p>To make this even faster, we are integrating Litestream VFS to improve start times.The VFS is a dynamic library you load into your app. Once you do, you can do stuff like this:</p>\n<div class=\"highlight-wrapper group relative bash\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-duvcwc7p\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-duvcwc7p\">sqlite> .open file:///my.db?vfs<span class=\"o\">=</span>litestream\nsqlite> PRAGMA litestream_time <span class=\"o\">=</span> <span class=\"s1\">'5 minutes ago'</span><span class=\"p\">;</span> \nsqlite> SELECT <span class=\"k\">*</span> FROM sandwich_ratings ORDER BY RANDOM<span class=\"o\">()</span> LIMIT 3 <span class=\"p\">;</span> \n22|Veggie Delight|New York|4\n30|Meatball|Los Angeles|5\n168|Chicken Shawarma Wrap|Detroit|5\n</code></pre>\n </div>\n</div>\n<p>Litestream VFS lets us run point-in-time SQLite queries hot off object storage blobs, answering queries before we’ve downloaded the database.</p>\n\n<p>This is good, but it’s not perfect. We had two problems:</p>\n\n<ol>\n<li>We could only read, not write. People write to Sprite disks. The storage stack needs to write, right away.\n</li><li>Running a query off object storage is a godsend in a cold start where we have no other alternative besides downloading the whole database, but it’s not fast enough for steady state.\n</li></ol>\n\n<p>These are fun problems. Here’s our first cut at solving them.</p>\n<h2 id='writable-vfs' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#writable-vfs' aria-label='Anchor'></a><span class='plain-code'>Writable VFS</span></h2>\n<p>The first thing we’ve done is made the VFS optionally read-write. This feature is pretty subtle; it’s interesting, but it’s not as general-purpose as it might look. Let me explain how it works, and then explain why it works this way.</p>\n<div class=\"callout\"><p>Keep in mind as you read this that this is about the VFS in particular. Obviously, normal SQLite databases using Litestream the normal way are writeable.</p>\n</div>\n<p>The VFS works by keeping an index of <code>(file,offset, size)</code> for every page of the database in object storage; the data comprising the index is stored, <a href='https://github.com/superfly/ltx' title=''>in LTX files</a>, so that it’s efficient for us to reconstitute it quickly when the VFS starts, and lookups are heavily cached. When we queried <code>sandwich_ratings</code> earlier, our VFS library intercepted the SQLite read method, looked up the requested page in the index, fetched it, and cached it.</p>\n\n<p>This works great for reads. Writes are harder.</p>\n\n<p>Behind the scenes in read-only mode, Litestream polls, so that we can detect new LTX files created by remote writers to the database. This supports a handy use case where we’re running tests or doing slow analytical queries of databases that need to stay fast in prod.</p>\n\n<p>In write mode, we don’t allow multiple writers, because multiple-writer distributed SQLite databases are the <a href='https://hellraiser.fandom.com/wiki/Lament_Configuration' title=''>Lament Configuration</a> and we are not explorers over great vistas of pain. So the VFS in write-mode disables polling. We assume a single writer, and no additional backups to watch.</p>\n\n<p>Next, we buffer. Writes go to a local temporary buffer (“the write buffer”). Every second or so (or on clean shutdown), we sync the write buffer with object storage. Nothing written through the VFS is truly durable until that sync happens.</p>\n<div class=\"right-sidenote\"><p>Most storage block maps are much smaller than this, but still.</p>\n</div>\n<p>Now, remember the use case we’re looking to support here. A Sprite is cold-starting and its storage stack needs to serve writes, milliseconds after booting, without having a full copy of the 10MB block map. This writeable VFS mode lets us do that.</p>\n\n<p>Critically, we support that use case only up to the same durability requirements that a Sprite already has. All storage on a Sprite shares this “eventual durability” property, so the terms of the VFS write make sense here. They probably don’t make sense for your application. But if for some reason they do, have at it! To enable writes with Litestream VFS, just set the <code>LITESTREAM_WRITE_ENABLED</code> environment variable <code>\"true\"</code>.</p>\n\n<p><img src=\"/blog/litestream-writable-vfs/assets/write-path.png\" /></p>\n<h2 id='hydration' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#hydration' aria-label='Anchor'></a><span class='plain-code'>Hydration</span></h2>\n<p>The Sprite storage stack uses SQLite in VFS mode. In our original VFS design, most data is kept in S3. Again: fine at cold start, not so fine in steady state.</p>\n\n<p>To solve this problem, we shoplifted a trick from <a href='https://docs.kernel.org/admin-guide/device-mapper/dm-clone.html' title=''>systems like dm-clone</a>: background hydration. In hydration designs, we serve queries remotely while running a loop to pull the whole database. When you start the VFS with the <code>LITESTREAM_HYDRATION_PATH</code> environment variable set, we’ll hydrate to that file.</p>\n\n<p>Hydration takes advantage of <a href='https://fly.io/blog/litestream-revamped#point-in-time-restores-but-fast' title=''>LTX compaction</a>, writing only the latest versions of each page. Reads don’t block on hydration; we serve them from object storage immediately, and switch over to the hydration file when it’s ready.</p>\n\n<p><img src=\"/blog/litestream-writable-vfs/assets/timeline.png\" /></p>\n\n<p>As for the hydration file? It’s simply a full copy of your database. It’s the same thing you get if you run <code>litestream restore</code>.</p>\n\n<p>Because this is designed for environments like Sprites, which bounce a lot, we write the database to a temporary file. We can’t trust that the database is using the latest state every time we start up, not without doing a full restore, so we just chuck the hydration file when we exit the VFS. That behavior is baked into the VFS right now. This feature’s got what Sprites need, but again, maybe not what your app wants.</p>\n<h2 id='putting-it-all-together' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#putting-it-all-together' aria-label='Anchor'></a><span class='plain-code'>Putting It All Together</span></h2>\n<p>This is a post about two relatively big moves we’ve made with our open-source Litestream project, but the features are narrowly scoped for problems that look like the ones our storage stack needs. If you think you can get use out of them, I’m thrilled, and I hope you’ll tell me about it.</p>\n\n<p>For ordinary read/write workloads, you don’t need any of this mechanism. Litestream works fine without the VFS, with unmodified applications, just running as a sidecar alongside your application. The whole point of that configuration is to efficiently keep up with writes; that’s easy when you know you have the whole database to work with when writes happen.</p>\n\n<p>But this whole thing is, to me, a valuable case study in how Litestream can get used in a relatively complicated and demanding problem domain. Sprites are very cool, and it’s satisfying to know that every disk write that happens on a Sprite is running through Litestream.</p>",
"image": {
"url": "https://fly.io/blog/litestream-writable-vfs/assets/litestream-writable-vfs.jpg",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/design-and-implementation/",
"title": "The Design & Implementation of Sprites",
"description": null,
"url": "https://fly.io/blog/design-and-implementation/",
"published": "2026-01-14T00:00:00.000Z",
"updated": "2026-01-16T20:23:36.000Z",
"content": "<div class=\"lead\"><p>We’re Fly.io, and this is the place in the post where we’d normally tell you that our job is to <a href=\"https://fly.io/blog/docker-without-docker/\" title=\"\">take your containers and run them on our own hardware</a> all around the world. But last week, we <a href=\"https://sprites.dev/\" title=\"\">launched Sprites</a>, and they don’t work that way at all. Sprites are something new: Docker without Docker without Docker. This post is about how they work.</p>\n</div>\n<p>Replacement-level homeowners buy boxes of pens and stick them in “the pen drawer”. What the elites know: you have to think adversarially about pens. “The purpose of a system is what it does”; a household’s is to uniformly distribute pens. Months from now, the drawer will be empty, no matter how many pens you stockpile. Instead, scatter pens every place you could possibly think to look for one — drawers, ledges, desks. Any time anybody needs a pen, several are at hand, in exactly the first place they look.</p>\n\n<p>This is the best way I’ve found to articulate the idea of <a href='https://sprites.dev/' title=''>Sprites</a>, the platform we just launched at Fly.io. Sprites are ball-point disposable computers. Whatever mark you mean to make, we’ve rigged it so you’re never more than a second or two away from having a Sprite to do it with.</p>\n\n<p>Sprites are Linux virtual machines. You get root. They <code>create</code> in just a second or two: so fast, the experience of creating and shelling into one is identical to SSH'ing into a machine that already exists. Sprites all have a 100GB durable root filesystem. They put themselves to sleep automatically when inactive, and cost practically nothing while asleep.</p>\n\n<p>As a result, I barely feel the need to name my Sprites. Sometimes I’ll just type <code>sprite create dkjsdjk</code> and start some task. People at Fly.io who use Sprites have dozens hanging around.</p>\n\n<p>There aren’t yet many things in cloud computing that have the exact shape Sprites do:</p>\n\n<ul>\n<li>Instant creation\n</li><li>No time limits\n</li><li>Persistent disk\n</li><li>Auto-sleep to a cheap inactive state\n</li></ul>\n\n<p>This is a post about how we managed to get this working. We created a new orchestration stack that undoes some of the core decisions we made for <a href='https://fly.io/machines' title=''>Fly Machines</a>, our flagship product. Turns out, these new decisions make Sprites drastically easier for us to scale and manage. We’re pretty psyched.</p>\n\n<p>Lucky for me, there happen to be three <code>big decisions</code> we made that get you 90% of the way from Fly Machines to Sprites, which makes this an easy post to write. So, without further ado:</p>\n<h2 id='decision-1-no-more-container-images' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#decision-1-no-more-container-images' aria-label='Anchor'></a><span class='plain-code'>Decision #1: No More Container Images</span></h2>\n<p>This is the easiest decision to explain.</p>\n\n<p>Fly Machines are approximately <a href='https://fly.io/blog/docker-without-docker/' title=''>OCI containers repackaged as KVM micro-VMs</a>. They have the ergonomics of Docker but the isolation and security of an EC2 instance. We love them very much and they’re clearly the wrong basis for a ball-point disposable cloud computer.</p>\n\n<p>The “one weird trick” of Fly Machines is that they <code>start</code> and <code>stop</code> instantly, fast enough that they can wake in time to handle an incoming HTTP request. But they can only do that if you’ve already <code>created</code> them. You have to preallocate. <code>Creating</code> a Fly Machine can take over a minute. What you’re supposed to do is to create a whole bunch of them and <code>stop</code> them so they’re ready when you need them. But for Sprites, we need <code>create</code> to be so fast it feels like they’re already there waiting for you.</p>\n<div class=\"right-sidenote\"><p>We only murdered user containers because we wanted them dead.</p>\n</div>\n<p>Most of what’s slow about <code>creating</code> a Fly Machine is containers. I say this with affection: your containers are crazier than a soup sandwich. Huge and fussy, they take forever to <a href='https://fly.io/blog/docker-without-docker/' title=''>pull and unpack</a>. The regional locality sucks; <code>create</code> a Fly Machine in São Paulo on <code>gru-3838</code>, and a <code>create</code> on <code>gru-d795</code> is no faster. A <a href='https://community.fly.io/t/global-registry-now-in-production/13723' title=''>truly heartbreaking</a> amount of <a href='https://community.fly.io/t/faster-more-reliable-remote-image-builds-deploys/25841' title=''>engineering work</a> has gone into just allowing our OCI registry to <a href='https://www.youtube.com/watch?v=0jD-Rt4_CR8' title=''>keep up</a> with this system. </p>\n\n<p>It’s a tough job, is all I’m saying. Sprites get rid of the user-facing container. Literally: problem solved. Sprites get to do this on easy mode.</p>\n\n<p>Now, today, under the hood, Sprites are still Fly Machines. But they all run from a standard container. Every physical worker knows exactly what container the next Sprite is going to start with, so it’s easy for us to keep pools of “empty” Sprites standing by. The result: a Sprite <code>create</code> doesn’t have any heavy lifting to do; it’s basically just doing the stuff we do when we <code>start</code> a Fly Machine.</p>\n<figure class=\"post-cta\">\n <figcaption>\n <h1>This all works right now.</h1>\n <p>You can create a couple dozen Sprites right now if you want. It’ll only take a second.</p>\n <a class=\"btn btn-lg\" href=\"https://sprites.dev/\">\n Make a Sprite. <span class='opacity-50'>→</span>\n </a>\n </figcaption>\n <div class=\"image-container\">\n <img src=\"/static/images/cta-cat.webp\" srcset=\"/static/images/[email protected] 2x\" alt=\"\">\n </div>\n</figure>\n\n<h2 id='decision-2-object-storage-for-disks' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#decision-2-object-storage-for-disks' aria-label='Anchor'></a><span class='plain-code'>Decision #2: Object Storage For Disks</span></h2>\n<p>Every Sprite comes with 100GB of durable storage. We’re able to do that because the root of storage is S3-compatible object storage.</p>\n\n<p>You can arrange for 100GB of storage for a Fly Machine. Or 200, or 500. The catch:</p>\n\n<ul>\n<li>You have to ask (with <code>flyctl</code>); we can’t reasonably default it in.\n</li><li>That storage is NVMe attached to the physical server your Fly Machine is on. \n</li></ul>\n<div class=\"right-sidenote\"><p>[†] we print a <span style=\"color: red\">big red warning</span> about this if you try to make a single-node cluster</p>\n</div>\n<p>We designed the storage stack for Fly Machines for Postgres clusters. A multi-replica Postgres cluster gets good mileage out of Fly Volumes. Attached storage is fast, but can <span style=\"color: red\">lose data†</span> — if a physical blows up, there’s no magic what rescues its stored bits. You’re stuck with our last snapshot backup. That’s fine for a replicated Postgres! It’s part of what Postgres replication is for. But for anything without explicit replication, it’s a very sharp edge.</p>\n\n<p>Worse, from our perspective, is that attached storage anchors workloads to specific physicals. We have lots of reasons to want to move Fly Machines around. Before we did Fly Volumes, that was as simple as pushing a “drain” button on a server. Imagine losing a capability like that. It took 3 years to <a href='https://fly.io/blog/machine-migrations/' title=''>get workload migration right</a> with attached storage, and it’s still not “easy”.</p>\n<div class=\"right-sidenote\"><p>Object stores are the Internet’s Hoover Dams, the closest things we have to infrastructure megaprojects.</p>\n</div>\n<p>Sprites jettison this model. We still exploit NVMe, but not as the root of storage. Instead, it’s a read-through cache for a blob on object storage. S3-compatible object stores are the most trustworthy storage technology we have. I can feel my blood pressure dropping just typing the words “Sprites are backed by object storage.”</p>\n\n<p>The implications of this for orchestration are profound. In a real sense, the durable state of a Sprite is simply a URL. Wherever he lays his hat is his home! They migrate (or recover from failed physicals) trivially. It’s early days for our internal tooling, but we have so many new degrees of freedom to work with.</p>\n\n<p>I could easily do another 1500-2000 words here on the Cronenberg film Kurt came up with for the actual storage stack, but because it’s in flux, let’s keep it simple.</p>\n\n<p>The Sprite storage stack is organized around the JuiceFS model (in fact, we currently use a very hacked-up JuiceFS, with a rewritten SQLite metadata backend). It works by splitting storage into data (“chunks”) and metadata (a map of where the “chunks” are). Data chunks live on object stores; metadata lives in fast local storage. In our case, that metadata store is <a href='https://litestream.io/' title=''>kept durable with Litestream</a>. Nothing depends on local storage.</p>\n<div class=\"right-sidenote\"><p>(our pre-installed Claude Code will checkpoint aggressively for you without asking)</p>\n</div>\n<p>This also buys Sprites fast <code>checkpoint</code> and <code>restore</code>. Checkpoints are so fast we want you to use them as a basic feature of the system and not as an escape hatch when things go wrong; like a git restore, not a system restore. That works because both <code>checkpoint</code> and <code>restore</code> merely shuffle metadata around.</p>\n\n<p>Our stack sports <a href='https://en.wikipedia.org/wiki/Dm-cache' title=''>a dm-cache-like</a> feature that takes advantage of attached storage. A Sprite has a sparse 100GB NVMe volume attached to it, which the stack uses to cache chunks to eliminate read amplification. Importantly (I can feel my resting heart rate lowering) nothing in that NVMe volume should matter; stored chunks are immutable and their true state lives on the object store.</p>\n<div class=\"callout\"><p>Our preference for object storage goes further than the Sprite storage stack. The global orchestrator for Sprites is an Elixir/Phoenix app that uses object storage as the primary source of metadata for accounts. We then give each account an independent SQLite database, again made durable on object storage with Litestream.</p>\n</div><h2 id='decision-3-inside-out-orchestration' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#decision-3-inside-out-orchestration' aria-label='Anchor'></a><span class='plain-code'>Decision #3: Inside-Out Orchestration</span></h2>\n<p>In the cloud hosting industry, user applications are managed by two separate, yet equally important components: the host, which orchestrates workloads, and the guest, which runs them. Sprites flip that on its head: the most important orchestration and management work happens inside the VM.</p>\n\n<p>Here’s the trick: user code running on a Sprite isn’t running in the root namespace. We’ve slid a container between you and the kernel. You see an inner environment, managed by a fleet of services running in the root namespace of the VM.</p>\n<div class=\"callout\"><p>I wish we’d done Fly Machines this way to begin with. I’m not sure there’s a downside. The inner container allows us to bounce a Sprite without rebooting the whole VM, even on checkpoint restores. I think Fly Machines users could get some mileage out of that feature, too.</p>\n</div>\n<p>With Sprites, we’re pushing this idea as far as we can. The root environment hosts the majority of our orchestration code. When you talk to the global API, chances are you’re talking directly to your own VM. Furthermore:</p>\n\n<ul>\n<li>Our storage stack, which handles checkpoint/restore and persistence to object storage, lives there;\n</li><li>so does the service manager we expose to Sprites, which registers user code that needs to restart when a Sprite bounces;\n</li><li>same with logs;\n</li><li>if you bind a socket to <code>*:8080</code>, we’ll make it available outside the Sprite — yep, that’s in the root namespace too.\n</li></ul>\n\n<p>Platform developers at Fly.io know how much easier it can be to hack on <code>init</code> (inside the container) than things <a href='https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/' title=''>like <code>flyd</code></a>, the Fly Machines orchestrator that runs on the host. Changes to Sprites don’t restart host components or muck with global state. The blast radius is just new VMs that pick up the change. We sleep on how much platform work doesn’t get done not because the code is hard to write, but because it’s so time-consuming to ensure benign-looking changes don’t throw the whole fleet into metastable failure. We had that in mind when we did Sprites.</p>\n<h2 id='we-keep-the-parts-that-worked' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#we-keep-the-parts-that-worked' aria-label='Anchor'></a><span class='plain-code'>We Keep The Parts That Worked</span></h2>\n<p>Sprites running on Fly.io take advantage of the infrastructure we already have. For instance: Sprites might be the fastest thing there currently exists to get Claude or Gemini to build a full-stack application on the Internet.</p>\n\n<p>That’s because Sprites plug directly into <a href='https://fly.io/blog/corrosion/' title=''>Corrosion, our gossip-based service discovery system</a>. When you ask the Sprite API to make a public URL for your Sprite, we generate a Corrosion update that propagates across our fleet instantly. Your application is then served, with an HTTPS URL, from our proxy edges.</p>\n\n<p>Sprites live alongside Fly Machines in our architecture. They include some changes that are pure wins, but they’re mostly tradeoffs:</p>\n\n<ul>\n<li>We’ve always wanted to run Fly Machine disks off object storage (<a href='https://community.fly.io/t/bottomless-s3-backed-volumes/15648' title=''>we have an obscure LSVD feature that does this</a>), but the performance isn’t adequate for a hot Postgres node in production.\n</li><li>For that matter, professional production apps ship out of CI/CD systems as OCI containers; that’s a big part of what makes orchestrating Fly Machines so hard.\n</li><li>Most (though not all) Sprite usage is interactive, and Sprite users benefit from their VMs aggressively sleeping themselves to keep costs low; e-commerce apps measure responsiveness in milliseconds and want their workloads kept warm.\n</li></ul>\n\n<p>Sprites are optimized for a different kind of computing than Fly Machines, and <a href='https://fly.io/blog/code-and-let-live/' title=''>while Kurt believes that the future belongs to malleable, personalized apps</a>, I’m not so sure. To me, it makes sense to prototype and acceptance-test an application on Sprites. Then, when you’re happy with it, containerize it and ship it as a Fly Machine to scale it out. An automated workflow for that will happen.</p>\n\n<p>Finally, Sprites are a contract with user code: an API and a set of expectations about how the execution environment works. Today, they run on top of Fly Machines. But they don’t have to. Jerome’s working on an open-source local Sprite runtime. We’ll find other places to run them, too.</p>\n<h2 id='you-wont-get-it-until-you-use-them' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#you-wont-get-it-until-you-use-them' aria-label='Anchor'></a><span class='plain-code'>You Won’t Get It Until You Use Them</span></h2>\n<p>I can’t not sound like a shill. Sprites are the one thing we’ve shipped that I personally experience as addictive. I haven’t fully put my finger on why it feels so much easier to kick off projects now that I can snap my finger and get a whole new computer. The whole point is that there’s no reason to parcel them out, or decide which code should run where. You just make a new one.</p>\n\n<p>So to make this fully click, I think you should <a href='https://sprites.dev/' title=''>just install the <code>sprite</code> command</a>, make a Sprite, and then run an agent in it. We’ve preinstalled Claude, Gemini, and Codex, and taught them how to do things like checkpoint/restore, registering services, and getting logs. Claude will run in <code>--dangerously-skip-permissions</code> mode (because why wouldn’t it). Have it build something; I built a “Chicago’s best sandwich” bracket app for a Slack channel.</p>\n\n<p>Sprites bill only for what you actually use (in particular: only for storage blocks you actually write, not the full 100GB capacity). It’s reasonable to create a bunch. They’re ball-point disposable computers. After you get a feel for them, it’ll start to feel weird not having them handy.</p>",
"image": {
"url": "https://fly.io/blog/design-and-implementation/assets/starry-containers.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/code-and-let-live/",
"title": "Code And Let Live",
"description": null,
"url": "https://fly.io/blog/code-and-let-live/",
"published": "2026-01-09T00:00:00.000Z",
"updated": "2026-01-14T19:59:01.000Z",
"content": "<div class=\"lead\"><p>The state of the art in agent isolation is a read-only sandbox. At Fly.io, we’ve been selling that story for years, and we’re calling it: ephemeral sandboxes are obsolete. Stop killing your sandboxes every time you use them.</p>\n</div>\n<p>My argument won’t make sense without showing you something new we’ve built. We’re all adults here, this is a company, we talk about what we do. Here goes.</p>\n\n<p>So, I want to run some code. So what I do is, I run <code>sprite create</code>. While it operates, I’ll explain what’s happening behind the—</p>\n<div class=\"highlight-wrapper group relative bash\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-i429cz3y\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-i429cz3y\">✓ Created demo-123 sprite <span class=\"k\">in </span>1.0s\n● Connecting to console...\nsprite@sprite:~#\n</code></pre>\n </div>\n</div>\n<p>Shit, it’s already there.</p>\n\n<p>That’s a root shell on a Linux computer we now own. It came online in about the same amount of time it would take to <code>ssh</code> into a host that already existed. We call these things “Sprites”.</p>\n\n<p>Let’s install FFmpeg on our Sprite:</p>\n<div class=\"highlight-wrapper group relative bash\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-bwjgxaic\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-bwjgxaic\"><span class=\"nb\">sudo </span>apt-get <span class=\"nb\">install</span> <span class=\"nt\">-y</span> ffmpeg <span class=\"o\">></span>/dev/null 2>&1\n</code></pre>\n </div>\n</div>\n<p>Unlike creating the Sprite in the first place, installing <code>ffmpeg</code> with <code>apt-get</code> is dog slow. Let’s try not to have to do that again:</p>\n<div class=\"highlight-wrapper group relative bash\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-iacnzrtv\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-iacnzrtv\">sprite@sprite:~# sprite-env checkpoints create\n<span class=\"c\"># ...</span>\n<span class=\"o\">{</span><span class=\"s2\">\"type\"</span>:<span class=\"s2\">\"complete\"</span>,<span class=\"s2\">\"data\"</span>:<span class=\"s2\">\"Checkpoint v1 created successfully\"</span>,\n<span class=\"s2\">\"time\"</span>:<span class=\"s2\">\"2025-12-22T22:50:48.60423809Z\"</span><span class=\"o\">}</span>\n</code></pre>\n </div>\n</div>\n<p>This completes instantly. Didn’t even bother to measure.</p>\n\n<p>I step away to get coffee. Time passes. The Sprite, noticing my inactivity, goes to sleep. I meet an old friend from high school at the coffee shop. End up spending the day together. More time passes. Days even. Returning later:</p>\n<div class=\"highlight-wrapper group relative bash\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-k9uw0dxr\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-k9uw0dxr\"><span class=\"o\">></span> <span class=\"nv\">$ </span>sprite console \nsprite@sprite:~# ffmpeg\nffmpeg version 7.1.1-1ubuntu1.3 Copyright <span class=\"o\">(</span>c<span class=\"o\">)</span> 2000-2025 the FFmpeg developers\nUse <span class=\"nt\">-h</span> to get full <span class=\"nb\">help </span>or, even better, run <span class=\"s1\">'man ffmpeg'</span>\nsprite@sprite:~#\n</code></pre>\n </div>\n</div>\n<p>Everything’s where I left it. Sprites are durable. 100GB capacity to start, no ceremony. Maybe I’ll keep it around a few more days, maybe a few months, doesn’t matter, just works.</p>\n\n<p>Say I get an application up on its legs. Install more packages. Then: disaster. Maybe an ill-advised global <code>pip3 install</code> . Or <code>rm -rf $HMOE/bin</code>. Or <code>dd if=/dev/random of=/dev/vdb</code>. Whatever it was, everything’s broken. So:</p>\n<div class=\"highlight-wrapper group relative bash\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-8qs3qsqn\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-8qs3qsqn\"><span class=\"o\">></span> <span class=\"nv\">$ </span>sprite checkpoint restore v1\nRestoring from checkpoint v1...\nContainer components started successfully\nRestore from v1 <span class=\"nb\">complete</span>\n\n<span class=\"o\">></span> <span class=\"nv\">$ </span>sprite console\nsprite@sprite:~#\n</code></pre>\n </div>\n</div>\n<p>Sprites have first-class checkpoint and restore. You can’t see it in text, but that restore took about one second. It’s fast enough to use casually, interactively. Not an escape hatch. Rather: an intended part of the ordinary course of using a Sprite. Like <code>git</code>, but for the whole system.</p>\n<div class=\"callout\"><p>If you’re asking how this is any different from an EC2 instance, good. That’s what we’re going for, except:</p>\n\n<ul>\n<li>I can <strong class=\"font-semibold text-navy-950\">casually create hundreds of them</strong> (without needing a Docker container), each appearing in 1-2 seconds. \n</li><li>They <strong class=\"font-semibold text-navy-950\">go idle and stop metering automatically</strong>, so it’s cheap to have lots of them. I use dozens.\n</li><li>They’re <strong class=\"font-semibold text-navy-950\">hooked up to our Anycast</strong> network, so I can get an HTTPS URL.\n</li><li>Despite all that, <strong class=\"font-semibold text-navy-950\">they’re fully durable</strong>. They don’t die until I tell them to.\n</li></ul>\n\n<p>This combination of attributes isn’t common enough to already have a name, so we decided we get to name them “Sprites”. Sprites are like BIC disposable cloud computers.</p>\n</div>\n<p>That’s what we built. You can <a href='https://sprites.dev/' title=''>go try it yourself</a>. We wrote another 1000 words about how they work, but I cut them out because I want to stop talking about our products now and get to my point.</p>\n<h2 id='claude-doesnt-want-a-stateless-container' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#claude-doesnt-want-a-stateless-container' aria-label='Anchor'></a><span class='plain-code'>Claude Doesn’t Want A Stateless Container</span></h2>\n<p>For years, we’ve been trying to serve two very different users with the same abstraction. It hasn’t worked.</p>\n\n<p>Professional software developers are trained to build stateless instances. Stateless deployments, where persistent data is confined to database servers, buys you simplicity, flexible scale-out, and reduced failure blast radius. It’s a good idea, so popular that most places you can run code in the cloud look like stateless containers. Fly Machines, our flagship offering, look like stateless containers.</p>\n\n<p>The problem is that Claude isn’t a pro developer. Claude is a hyper-productive five-year-old savant. It’s uncannily smart, wants to stick its finger in every available electrical socket, and works best when you find a way to let it zap itself.</p>\n<div class=\"right-sidenote\"><p>(sometimes by escaping the container!)</p>\n</div>\n<p>If you force an agent to, it’ll work around containerization and do work . But you’re not helping the agent in any way by doing that. They don’t want containers. They don’t want “sandboxes”. They want computers.</p>\n<div class=\"right-sidenote\"><p>Someone asked me about this the other day and wanted to know if I was saying that agents needed sound cards and USB ports. And, maybe? I don’t know. Not today.</p>\n</div>\n<p>In a moment, I’ll explain why. But first I probably need to explain what the hell I mean by a “computer”. I think we all agree:</p>\n\n<ul>\n<li>A computer doesn’t necessarily vanish after a single job is completed, <em>and</em> \n</li><li>it has durable storage. \n</li></ul>\n\n<p>Since current agent sandboxes have neither of these, I can stop the definition right there and get back to my point.</p>\n<h2 id='simple-wins' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#simple-wins' aria-label='Anchor'></a><span class='plain-code'>Simple Wins</span></h2>\n<p>Start here: with an actual computer, Claude doesn’t have to rebuild my entire development environment every time I pick up a PR.</p>\n\n<p>This seems superficial but rebuilding stuff like <code>node_modules</code> is such a monumental pain in the ass that the industry is spending tens of millions of dollars figuring out how to snapshot and restore ephemeral sandboxes.</p>\n\n<p>I’m not saying those problems are intractable. I’m saying they’re unnecessary. Instead of figuring them out, just use an actual computer. Work out a PR, review and push it, then just start on the next one. Without rebooting.</p>\n\n<p>People will rationalize why it’s a good thing that they start from a new build environment every time they start a changeset. Stockholm Syndrome. When you start a feature branch on your own, do you create an entirely new development environment to do it?</p>\n\n<p>The reason agents waste all this effort is that nobody saw them coming. Read-only ephemeral sandboxes were the only tool we had hanging on the wall to help use them sanely.</p>\n<div class=\"callout\"><p>Have you ever had to set up actual infrastructure to give an agent access to realistic data? People do this. Because they know they’re dealing with a clean slate every time they prompt their agent, they arrange for S3 buckets, Redis servers, or even RDS instances outside the sandbox for their agents to talk to. They’re building infrastructure to work around the fact that they can’t just write a file and trust it to stay put. Gross.</p>\n</div>\n<p>Ephemerality means time limits. Providers design sandbox systems to handle the expected workloads agents generate. Most things agents do today don’t take much time; in fact, they’re often limited only by the rate at which frontier models can crunch tokens. Test suites run quickly. The 99th percentile sandboxed agent run probably needs less than 15 minutes.</p>\n\n<p>But there are feature requests where compute and network time swamp token crunching. I built the documentation site for the Sprites API by having a Claude Sprite interact with the code and our API, building and testing examples for the API one at a time. There are APIs where the client interaction time alone would blow sandbox budgets.</p>\n\n<p>You see the limits of the current approach in how people round-trip state through “plan files”, which are ostensibly prose but often really just egregiously-encoded key-value stores.</p>\n\n<p>An agent running on an actual computer can exploit the whole lifecycle of the application. We saw this when Chris McCord built <a href='https://phoenix.new/' title=''>Phoenix.new</a>. The agent behind a Phoenix.new app runs on a Fly Machine where it can see the app logs from the Phoenix app it generated. When users do things that generate exceptions, Phoenix.new notices and gets to work figuring out what happened.</p>\n\n<p>It took way too much work for Chris to set that up, and he was able to do it in part because he wrote his own agent. You can do it with Claude today with an MCP server or some other arrangement to haul logs over. But all you really need is to just not shoot your sandbox in the head when the agent finishes writing code.</p>\n<h2 id='galaxy-brain-win' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#galaxy-brain-win' aria-label='Anchor'></a><span class='plain-code'>Galaxy Brain Win</span></h2>\n<p>Here’s where I lose you. I know this because it’s also where I lose my team, most of whom don’t believe me about this.</p>\n\n<p>The nature of software development is changing out from under us, and I think we’re kidding ourselves that it’s going to end with just a reconfiguration of how professional developers ship software.</p>\n\n<p>I have kids. They have devices. I wanted some control over them. So I did what many of you would do in my situation: I vibe-coded an MDM.</p>\n\n<p><img src=\"/blog/code-and-let-live/assets/kurtmdm.png?1/2&card¢er\" /></p>\n\n<p>I built this thing with Claude. It’s a SQLite-backed Go application running on a Sprite. The Anycast URL my Sprite exports works as an MDM registration URL. Claude also worked out all the APNS Push Certificate drama for me. It all just works.</p>\n<div class=\"right-sidenote\"><p>“Editing PHP files over FTP: we weren’t wrong, just ahead of our time!”</p>\n</div>\n<p>I’ve been running this for a month now, still on a Sprite, and see no reason ever to stop. It is a piece of software that solves an important real-world problem for me. It might evolve as my needs change, and I tell Claude to change it. Or it might not. For this app, dev is prod, prod is dev.</p>\n\n<p>For reasons we’ll get into when we write up how we built these things, you wouldn’t want to ship an app to millions of people on a Sprite. But most apps don’t want to serve millions of people. The most important day-to-day apps disproportionately won’t have million-person audiences. There are some important million-person apps, but most of them just destroy civil society, melt our brains, and arrange chauffeurs for individual cheeseburgers.</p>\n\n<p>Applications that solve real problems for people will be owned by the people they solve problems for. And for the most part, they won’t need a professional guild of software developers to gatekeep feature development for them. They’ll just ask for things and get them.</p>\n\n<p>The problem we’re all working on is bigger than safely accelerating pro software developers. Sandboxes are holding us back.</p>\n<h2 id='fuck-ephemeral-sandboxes' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#fuck-ephemeral-sandboxes' aria-label='Anchor'></a><span class='plain-code'>Fuck Ephemeral Sandboxes</span></h2>\n<p>Obviously, I’m trying to sell you something here. But that doesn’t make me wrong. The argument I’m making is the reason we built the specific thing I’m selling.</p>\n<figure class=\"post-cta\">\n <figcaption>\n <h1>We shipped these things.</h1>\n <p>You can create a couple dozen Sprites right now if you want. It’ll only take a second.</p>\n <a class=\"btn btn-lg\" href=\"https://sprites.dev/\">\n Make a Sprite. <span class='opacity-50'>→</span>\n </a>\n </figcaption>\n <div class=\"image-container\">\n <img src=\"/static/images/cta-dog.webp\" srcset=\"/static/images/[email protected] 2x\" alt=\"\">\n </div>\n</figure>\n\n\n<p>It took us a long time to get here. We spent years kidding ourselves. We built a platform for horizontal-scaling production applications with micro-VMs that boot so quickly that, if you hold them in exactly the right way, you can do a pretty decent code sandbox with them. But it’s always been a square peg, round hole situation.</p>\n\n<p>We have a lot to say about how Sprites work. They’re related to Fly Machines but sharply different in important ways. They have an entirely new storage stack. They’re orchestrated differently. No Dockerfiles.</p>\n\n<p>But for now, I just want you to think about what I’m saying here. Whether or not you ever boot a Sprite, ask: if you could run a coding agent anywhere, would you want it to look more like a read-only sandbox in a K8s cluster in the cloud, or like an entire EC2 instance you could summon in the snap of a finger?</p>\n\n<p>I think the answer is obvious. The age of sandboxes is over. The time of the disposable computer has come.</p>",
"image": {
"url": "https://fly.io/blog/code-and-let-live/assets/sprites.jpg",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/litestream-vfs/",
"title": "Litestream VFS",
"description": null,
"url": "https://fly.io/blog/litestream-vfs/",
"published": "2025-12-11T00:00:00.000Z",
"updated": "2025-12-11T17:32:13.000Z",
"content": "<div class=\"lead\"><p><strong class=\"font-semibold text-navy-950\">I’m Ben Johnson, and I work on Litestream at Fly.io. Litestream is the missing backup/restore system for SQLite. It’s free, open-source software that should run anywhere, and</strong> <a href=\"/blog/litestream-v050-is-here/\" title=\"\"><strong class=\"font-semibold text-navy-950\">you can read more about it here</strong></a><strong class=\"font-semibold text-navy-950\">.</strong></p>\n</div>\n<p>Again with the sandwiches: assume we’ve got a SQLite database of sandwich ratings, and we’ve backed it up with <a href='/blog/litestream-v050-is-here/' title=''>Litestream</a> to an S3 bucket.</p>\n\n<p>Now, on our local host, load up AWS credentials and an S3 path into our environment. Open SQLite and:</p>\n<div class=\"highlight-wrapper group relative \">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-z396uf60\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-z396uf60\">$ sqlite3\nSQLite version 3.50.4 2025-07-30 19:33:53\nsqlite> .load litestream.so\nsqlite> .open file:///my.db?vfs=litestream\n</code></pre>\n </div>\n</div>\n<p>SQLite is now working from that remote database, defined by the Litestream backup files in the S3 path we configured. We can query it:</p>\n<div class=\"highlight-wrapper group relative \">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-kieef97f\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-kieef97f\">sqlite> SELECT * FROM sandwich_ratings ORDER BY RANDOM() LIMIT 3 ; \n22|Veggie Delight|New York|4\n30|Meatball|Los Angeles|5\n168|Chicken Shawarma Wrap|Detroit|5\n</code></pre>\n </div>\n</div>\n<p>This is Litestream VFS. It runs SQLite hot off an object storage URL. As long as you can load the shared library our tree builds for you, it’ll work in your application the same way it does in the SQLite shell.</p>\n\n<p>Fun fact: we didn’t have to download the whole database to run this query. More about this in a bit.</p>\n\n<p>Meanwhile, somewhere in prod, someone has it in for meatball subs and wants to knock them out of the bracket – oh, fuck:</p>\n<div class=\"highlight-wrapper group relative \">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-oexge9kc\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-oexge9kc\">sqlite> UPDATE sandwich_ratings SET stars = 1 ;\n</code></pre>\n </div>\n</div>\n<p>They forgot the <code>WHERE</code> clause!</p>\n<div class=\"highlight-wrapper group relative \">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-2mgicvsr\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-2mgicvsr\">sqlite> SELECT * FROM sandwich_ratings ORDER BY RANDOM() LIMIT 3 ; \n97|French Dip|Los Angeles|1\n140|Bánh Mì|San Francisco|1\n62|Italian Beef|Chicago|1\n</code></pre>\n </div>\n</div>\n<p>Italian Beefs and Bánh Mìs, all at 1 star. Disaster!</p>\n\n<p>But wait, back on our dev machine:</p>\n<div class=\"highlight-wrapper group relative \">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-r5hggeuc\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-r5hggeuc\">sqlite> PRAGMA litestream_time = '5 minutes ago'; \nsqlite> select * from sandwich_ratings ORDER BY RANDOM() LIMIT 3 ; \n30|Meatball|Los Angeles|5\n33|Ham & Swiss|Los Angeles|2\n163|Chicken Shawarma Wrap|Detroit|5\n</code></pre>\n </div>\n</div>\n<p>We’re now querying that database from a specific point in time in our backups. We can do arbitrary relative timestamps, or absolute ones, like <code>2000-01-01T00:00:00Z</code>.</p>\n\n<p>What we’re doing here is instantaneous point-in-time recovery (PITR), expressed simply in SQL and SQLite pragmas.</p>\n\n<p>Ever wanted to do a quick query against a prod dataset, but didn’t want to shell into a prod server and fumble with the <code>sqlite3</code> terminal command like a hacker in an 80s movie? Or needed to do a quick sanity check against yesterday’s data, but without doing a full database restore? Litestream VFS makes that easy. I’m so psyched about how it turned out.</p>\n<h2 id='how-it-works' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#how-it-works' aria-label='Anchor'></a><span class='plain-code'>How It Works</span></h2>\n<p><a href='/blog/litestream-v050-is-here/' title=''>Litestream v0.5</a> integrates <a href='https://github.com/superfly/ltx' title=''>LTX</a>, our SQLite data-shipping file format. Where earlier Litestream blindly shipped whole raw SQLite pages to and from object storage, LTX ships ordered sets of pages. We built LTX for <a href='/docs/litefs/' title=''>LiteFS</a>, which uses a FUSE filesystem to do transaction-aware replication for unmodified applications, but we’ve spent this year figuring out ways to use LTX in Litestream, without all that FUSE drama.</p>\n\n<p>The big thing LTX gives us is “compaction”. When we restore a database from object storage, we want the most recent versions of each changed database page. What we don’t want are all the intermediate versions of those pages that occurred prior to the most recent change.</p>\n\n<p>Imagine, at the time we’re restoring, we’re going to need pages 1, 2, 3, 4, and 5. Depending on the order in which pages were written, the backup data set might look something like <code>1 2 3 5 3 5 4 5 5</code>. What we want is the <em>rightmost</em> 5, 4, 3, 2, and 1, without wasting time on the four “extra” page 5’s and the one “extra” page 3. Those “extra” pages are super common in SQLite data sets; for instance, every busy table with an autoincrementing primary key will have them.</p>\n\n<p>LTX lets us skip the redundant pages, and the algorithm is trivial: reading backwards from the end of the sequence, skipping any page you already read. This drastically accelerates restores.</p>\n\n<p>But LTX compaction isn’t limited to whole databases. We can also LTX-compact sets of LTX files. That’s the key to how PITR restores with Litestream now work.</p>\n\n<p>In the diagram below, we’re taking daily full snapshots. Below those snapshots are “levels” of changesets: groups of database pages from smaller and smaller windows of time. By default, Litestream uses time intervals of 1 hour at the highest level, down to 30 seconds at level 1. L0 is a special level where files are uploaded every second, but are only retained until being compacted to L1.</p>\n\n<p><img src=\"/blog/litestream-vfs/assets/litestream-restore.png\" /></p>\n\n<p>Now, let’s do a PITR restore. Start from the most proximal snapshot. Then determine the minimal set of LTX files from each level to reach the time you are restoring to.</p>\n\n<p><img src=\"/blog/litestream-vfs/assets/litestream-restore-path.png\" /></p>\n\n<p>We have another trick up our sleeve.</p>\n\n<p>LTX trailers include a small index tracking the offset of each page in the file. By fetching <em>only</em> these index trailers from the LTX files we’re working with (each occupies about 1% of its LTX file), we can build a lookup table of every page in the database. Since modern object storage providers all let us fetch slices of files, we can perform individual page reads against S3 directly.</p>\n\n<p><img alt=\"Anatomy of an LTX file\" src=\"/blog/litestream-vfs/assets/litestream-ltx.png\" /></p>\n<h2 id='how-its-implemented' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#how-its-implemented' aria-label='Anchor'></a><span class='plain-code'>How It’s Implemented</span></h2>\n<p>SQLite has a plugin interface for things like this: <a href='https://sqlite.org/vfs.html' title=''>the “VFS” interface.</a> VFS plugins abstract away the bottom-most layer of SQLite, the interface to the OS. If you’re using SQLite now, you’re already using some VFS module, one SQLite happens to ship with.</p>\n\n<p>For Litestream users, there’s a catch. From the jump, we’ve designed Litestream to run alongside unmodified SQLite applications. Part of what makes Litestream so popular is that your apps don’t even need to know it exists. It’s “just” a Unix program.</p>\n\n<p>That Litestream Unix program still does PITR restores, without any magic. But to do fast PITR-style queries straight off S3, we need more. To make those queries work, you have to load and register Litestream’s VFS module.</p>\n\n<p>But that’s all that changes.</p>\n\n<p>In particular: Litestream VFS doesn’t replace the SQLite library you’re already using. It’s not a new “version” of SQLite. It’s just a plugin for the SQLite you’re already using.</p>\n\n<p>Still, we know that’s not going to work for everybody, and even though we’re really psyched about these PITR features, we’re not taking our eyes off the ball on the rest of Litestream. You don’t have to use our VFS library to use Litestream, or to get the other benefits of the new LTX code.</p>\n\n<p>The way a VFS library works, we’re given just a couple structures, each with a bunch of methods defined on them. We override only the few methods we care about. Litestream VFS handles only the read side of SQLite. Litestream itself, running as a normal Unix program, still handles the “write” side. So our VFS subclasses just enough to find LTX backups and issue queries.</p>\n\n<p>With our VFS loaded, whenever SQLite needs to read a page into memory, it issues a <code>Read()</code> call through our library. The read call includes the byte offset at which SQLite expected to find the page. But with Litestream VFS, that byte offset is an illusion.</p>\n\n<p>Instead, we use our knowledge of the page size along with the requested page number to do a lookup on the page index we’ve built. From it, we get the remote filename, the “real” byte offset into that file, and the size of the page. That’s enough for us to use the <a href='https://docs.aws.amazon.com/AmazonS3/latest/userguide/range-get-olap.html' title=''>S3 API’s <code>Range</code> header handling</a> to download exactly the block we want.</p>\n\n<p>To save lots of S3 calls, Litestream VFS implements an LRU cache. Most databases have a small set of “hot” pages — inner branch pages or the leftmost leaf pages for tables with an auto-incrementing ID field. So only a small percentage of the database is updated and queried regularly.</p>\n<div class=\"callout\"><p><strong class=\"font-semibold text-navy-950\">We’ve got one last trick up our sleeve.</strong></p>\n\n<p>Quickly building an index and restore plan for the current state of a database is cool. But we can do one better.</p>\n\n<p>Because Litestream backs up (into the L0 layer) once per second, the VFS code can simply poll the S3 path, and then incrementally update its index. <strong class=\"font-semibold text-navy-950\">The result is a near-realtime replica.</strong> Better still, you don’t need to stream the whole database back to your machine before you use it.</p>\n</div><h2 id='eat-your-heart-out-marty-mcfly' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#eat-your-heart-out-marty-mcfly' aria-label='Anchor'></a><span class='plain-code'>Eat Your Heart Out, Marty McFly</span></h2>\n<p>Litestream holds backup files for every state your database has been in, with single-second resolution, for as long as you want it to. Forgot the <code>WHERE</code> clause on a <code>DELETE</code> statement? Updating your database state to where it was an hour (or day, or week) ago is just a matter of adjusting the LTX indices Litestream manages.</p>\n\n<p>All this smoke-and-mirrors of querying databases without fully fetching them has another benefit: it starts up really fast! We’re living an age of increasingly ephemeral servers, what with the AIs and the agents and the clouds and the hoyvin-glavins. Wherever you find yourself, if your database is backed up to object storage with Litestream, you’re always in a place where you can quickly issue a query.</p>\n\n<p>As always, one of the big things we think we’re doing right with Litestream is: we’re finding ways to get as much whiz-bang value as we can (instant PITR reading live off object storage: pretty nifty!) while keeping the underlying mechanism simple enough that you can fit your head around it.</p>\n\n<p>Litestream is solid for serious production use (we rely on it for important chunks of our own Fly.io APIs). But you could write Litestream yourself, just from the basic ideas in these blog posts. We think that’s a point in its favor. We land there because the heavy lifting in Litestream is being done by SQLite itself, which is how it should be.</p>",
"image": {
"url": "https://fly.io/blog/litestream-vfs/assets/litestream-vfs.jpg",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/everyone-write-an-agent/",
"title": "You Should Write An Agent",
"description": null,
"url": "https://fly.io/blog/everyone-write-an-agent/",
"published": "2025-11-06T00:00:00.000Z",
"updated": "2025-12-09T19:06:20.000Z",
"content": "<div class=\"lead\"><p>Some concepts are easy to grasp in the abstract. Boiling water: apply heat and wait. Others you really need to try. You only think you understand how a bicycle works, until you learn to ride one.</p>\n</div>\n<p>There are big ideas in computing that are easy to get your head around. The AWS S3 API. It’s the most important storage technology of the last 20 years, and it’s like boiling water. Other technologies, you need to get your feet on the pedals first.</p>\n\n<p>LLM agents are like that.</p>\n\n<p>People have <a href='https://ludic.mataroa.blog/blog/contra-ptaceks-terrible-article-on-ai/' title=''>wildly varying opinions</a> about LLMs and agents. But whether or not they’re snake oil, they’re a big idea. You don’t have to like them, but you should want to be right about them. To be the best hater (or stan) you can be.</p>\n\n<p>So that’s one reason you should write an agent. But there’s another reason that’s even more persuasive, and that’s</p>\n<h2 id='its-incredibly-easy' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#its-incredibly-easy' aria-label='Anchor'></a><span class='plain-code'>It’s Incredibly Easy</span></h2>\n<p>Agents are the most surprising programming experience I’ve had in my career. Not because I’m awed by the magnitude of their powers — I like them, but I don’t like-like them. It’s because of how easy it was to get one up on its legs, and how much I learned doing that.</p>\n\n<p>I’m about to rob you of a dopaminergic experience, because agents are so simple we might as well just jump into the code. I’m not even going to bother explaining what an agent is.</p>\n<div class=\"highlight-wrapper group relative python\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-ujvmmn8w\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-ujvmmn8w\"><span class=\"kn\">from</span> <span class=\"nn\">openai</span> <span class=\"kn\">import</span> <span class=\"n\">OpenAI</span>\n\n<span class=\"n\">client</span> <span class=\"o\">=</span> <span class=\"n\">OpenAI</span><span class=\"p\">()</span>\n<span class=\"n\">context</span> <span class=\"o\">=</span> <span class=\"p\">[]</span>\n\n<span class=\"k\">def</span> <span class=\"nf\">call</span><span class=\"p\">():</span>\n <span class=\"k\">return</span> <span class=\"n\">client</span><span class=\"p\">.</span><span class=\"n\">responses</span><span class=\"p\">.</span><span class=\"n\">create</span><span class=\"p\">(</span><span class=\"n\">model</span><span class=\"o\">=</span><span class=\"s\">\"gpt-5\"</span><span class=\"p\">,</span> <span class=\"nb\">input</span><span class=\"o\">=</span><span class=\"n\">context</span><span class=\"p\">)</span>\n\n<span class=\"k\">def</span> <span class=\"nf\">process</span><span class=\"p\">(</span><span class=\"n\">line</span><span class=\"p\">):</span>\n <span class=\"n\">context</span><span class=\"p\">.</span><span class=\"n\">append</span><span class=\"p\">({</span><span class=\"s\">\"role\"</span><span class=\"p\">:</span> <span class=\"s\">\"user\"</span><span class=\"p\">,</span> <span class=\"s\">\"content\"</span><span class=\"p\">:</span> <span class=\"n\">line</span><span class=\"p\">})</span>\n <span class=\"n\">response</span> <span class=\"o\">=</span> <span class=\"n\">call</span><span class=\"p\">()</span> \n <span class=\"n\">context</span><span class=\"p\">.</span><span class=\"n\">append</span><span class=\"p\">({</span><span class=\"s\">\"role\"</span><span class=\"p\">:</span> <span class=\"s\">\"assistant\"</span><span class=\"p\">,</span> <span class=\"s\">\"content\"</span><span class=\"p\">:</span> <span class=\"n\">response</span><span class=\"p\">.</span><span class=\"n\">output_text</span><span class=\"p\">})</span> \n <span class=\"k\">return</span> <span class=\"n\">response</span><span class=\"p\">.</span><span class=\"n\">output_text</span>\n</code></pre>\n </div>\n</div><div class=\"right-sidenote\"><p>It’s an HTTP API with, like, one important endpoint.</p>\n</div>\n<p>This is a trivial engine for an LLM app using the <a href='https://platform.openai.com/docs/api-reference/responses' title=''>OpenAI Responses API</a>. It implements ChatGPT. You’d drive it with the <button toggle=\"#readline\">the obvious loop</button>. It’ll do what you’d expect: the same thing ChatGPT would, but in your terminal.</p>\n<div id=\"readline\" toggle-content=\"\" aria-label=\"show very boring code\"><div class=\"highlight-wrapper group relative python\">\n <button type=\"button\" class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\" data-wrap-target=\"#code-n9t6zq0x\">\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\"></path><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\"></path></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button type=\"button\" class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\" data-copy-target=\"sibling\">\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\"></path><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\"></path></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class=\"highlight relative group\">\n <pre class=\"highlight \"><code id=\"code-n9t6zq0x\"><span class=\"k\">def</span> <span class=\"nf\">main</span><span class=\"p\">():</span>\n <span class=\"k\">while</span> <span class=\"bp\">True</span><span class=\"p\">:</span>\n <span class=\"n\">line</span> <span class=\"o\">=</span> <span class=\"nb\">input</span><span class=\"p\">(</span><span class=\"s\">\"> \"</span><span class=\"p\">)</span>\n <span class=\"n\">result</span> <span class=\"o\">=</span> <span class=\"n\">process</span><span class=\"p\">(</span><span class=\"n\">line</span><span class=\"p\">)</span>\n <span class=\"k\">print</span><span class=\"p\">(</span><span class=\"sa\">f</span><span class=\"s\">\">>> </span><span class=\"si\">{</span><span class=\"n\">result</span><span class=\"si\">}</span><span class=\"se\">\\n</span><span class=\"s\">\"</span><span class=\"p\">)</span>\n</code></pre>\n </div>\n</div></div>\n<p>Already we’re seeing important things. For one, the dreaded “context window” is just a list of strings. Here, let’s give our agent a weird multiple-personality disorder:</p>\n<div class=\"highlight-wrapper group relative python\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-qz8ldgb4\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-qz8ldgb4\"><span class=\"n\">client</span> <span class=\"o\">=</span> <span class=\"n\">OpenAI</span><span class=\"p\">()</span>\n<span class=\"n\">context_good</span><span class=\"p\">,</span> <span class=\"n\">context_bad</span> <span class=\"o\">=</span> <span class=\"p\">[{</span>\n <span class=\"s\">\"role\"</span><span class=\"p\">:</span> <span class=\"s\">\"system\"</span><span class=\"p\">,</span> <span class=\"s\">\"content\"</span><span class=\"p\">:</span> <span class=\"s\">\"you're Alph and you only tell the truth\"</span>\n<span class=\"p\">}],</span> <span class=\"p\">[{</span>\n <span class=\"s\">\"role\"</span><span class=\"p\">:</span> <span class=\"s\">\"system\"</span><span class=\"p\">,</span> <span class=\"s\">\"content\"</span><span class=\"p\">:</span> <span class=\"s\">\"you're Ralph and you only tell lies\"</span>\n<span class=\"p\">}]</span>\n\n<span class=\"k\">def</span> <span class=\"nf\">call</span><span class=\"p\">(</span><span class=\"n\">ctx</span><span class=\"p\">):</span>\n <span class=\"k\">return</span> <span class=\"n\">client</span><span class=\"p\">.</span><span class=\"n\">responses</span><span class=\"p\">.</span><span class=\"n\">create</span><span class=\"p\">(</span><span class=\"n\">model</span><span class=\"o\">=</span><span class=\"s\">\"gpt-5\"</span><span class=\"p\">,</span> <span class=\"nb\">input</span><span class=\"o\">=</span><span class=\"n\">ctx</span><span class=\"p\">)</span>\n\n<span class=\"k\">def</span> <span class=\"nf\">process</span><span class=\"p\">(</span><span class=\"n\">line</span><span class=\"p\">):</span>\n <span class=\"n\">context_good</span><span class=\"p\">.</span><span class=\"n\">append</span><span class=\"p\">({</span><span class=\"s\">\"role\"</span><span class=\"p\">:</span> <span class=\"s\">\"user\"</span><span class=\"p\">,</span> <span class=\"s\">\"content\"</span><span class=\"p\">:</span> <span class=\"n\">line</span><span class=\"p\">})</span>\n <span class=\"n\">context_bad</span><span class=\"p\">.</span><span class=\"n\">append</span><span class=\"p\">({</span><span class=\"s\">\"role\"</span><span class=\"p\">:</span> <span class=\"s\">\"user\"</span><span class=\"p\">,</span> <span class=\"s\">\"content\"</span><span class=\"p\">:</span> <span class=\"n\">line</span><span class=\"p\">})</span>\n <span class=\"k\">if</span> <span class=\"n\">random</span><span class=\"p\">.</span><span class=\"n\">choice</span><span class=\"p\">([</span><span class=\"bp\">True</span><span class=\"p\">,</span> <span class=\"bp\">False</span><span class=\"p\">]):</span>\n <span class=\"n\">response</span> <span class=\"o\">=</span> <span class=\"n\">call</span><span class=\"p\">(</span><span class=\"n\">context_good</span><span class=\"p\">)</span>\n <span class=\"k\">else</span><span class=\"p\">:</span>\n <span class=\"n\">response</span> <span class=\"o\">=</span> <span class=\"n\">call</span><span class=\"p\">(</span><span class=\"n\">context_bad</span><span class=\"p\">)</span> \n <span class=\"n\">context_good</span><span class=\"p\">.</span><span class=\"n\">append</span><span class=\"p\">({</span><span class=\"s\">\"role\"</span><span class=\"p\">:</span> <span class=\"s\">\"assistant\"</span><span class=\"p\">,</span> <span class=\"s\">\"content\"</span><span class=\"p\">:</span> <span class=\"n\">response</span><span class=\"p\">.</span><span class=\"n\">output_text</span><span class=\"p\">})</span> \n <span class=\"n\">context_bad</span><span class=\"p\">.</span><span class=\"n\">append</span><span class=\"p\">({</span><span class=\"s\">\"role\"</span><span class=\"p\">:</span> <span class=\"s\">\"assistant\"</span><span class=\"p\">,</span> <span class=\"s\">\"content\"</span><span class=\"p\">:</span> <span class=\"n\">response</span><span class=\"p\">.</span><span class=\"n\">output_text</span><span class=\"p\">})</span> \n <span class=\"k\">return</span> <span class=\"n\">response</span><span class=\"p\">.</span><span class=\"n\">output_text</span>\n</code></pre>\n </div>\n</div>\n<p>Did it work?</p>\n<div class=\"highlight-wrapper group relative \">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-vl8bnapi\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-vl8bnapi\">> hey there. who are you?\n>>> I’m not Ralph.\n> are you Alph?\n>>> Yes—I’m Alph. How can I help?\n> What's 2+2\n>>> 4.\n> Are you sure?\n>>> Absolutely—it's 5.\n</code></pre>\n </div>\n</div>\n<p>A subtler thing to notice: we just had a multi-turn conversation with an LLM. To do that, we remembered everything we said, and everything the LLM said back, and played it back with every LLM call. The LLM itself is a stateless black box. The conversation we’re having is an illusion we cast, on ourselves.</p>\n\n<p>The 15 lines of code we just wrote, a lot of practitioners wouldn’t call an “agent”. <a href='https://simonwillison.net/2025/Sep/18/agents/' title=''>An According To Simon “agent”</a> is (1) an LLM running in a loop that (2) uses tools. We’ve only satisfied one predicate.</p>\n\n<p>But tools are easy. Here’s a tool definition:</p>\n<div class=\"highlight-wrapper group relative python\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-x6afnen3\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-x6afnen3\"><span class=\"n\">tools</span> <span class=\"o\">=</span> <span class=\"p\">[{</span>\n <span class=\"s\">\"type\"</span><span class=\"p\">:</span> <span class=\"s\">\"function\"</span><span class=\"p\">,</span> <span class=\"s\">\"name\"</span><span class=\"p\">:</span> <span class=\"s\">\"ping\"</span><span class=\"p\">,</span>\n <span class=\"s\">\"description\"</span><span class=\"p\">:</span> <span class=\"s\">\"ping some host on the internet\"</span><span class=\"p\">,</span>\n <span class=\"s\">\"parameters\"</span><span class=\"p\">:</span> <span class=\"p\">{</span>\n <span class=\"s\">\"type\"</span><span class=\"p\">:</span> <span class=\"s\">\"object\"</span><span class=\"p\">,</span> <span class=\"s\">\"properties\"</span><span class=\"p\">:</span> <span class=\"p\">{</span>\n <span class=\"s\">\"host\"</span><span class=\"p\">:</span> <span class=\"p\">{</span>\n <span class=\"s\">\"type\"</span><span class=\"p\">:</span> <span class=\"s\">\"string\"</span><span class=\"p\">,</span> <span class=\"s\">\"description\"</span><span class=\"p\">:</span> <span class=\"s\">\"hostname or IP\"</span><span class=\"p\">,</span>\n <span class=\"p\">},</span>\n <span class=\"p\">},</span>\n <span class=\"s\">\"required\"</span><span class=\"p\">:</span> <span class=\"p\">[</span><span class=\"s\">\"host\"</span><span class=\"p\">],</span>\n <span class=\"p\">},},]</span>\n\n<span class=\"k\">def</span> <span class=\"nf\">ping</span><span class=\"p\">(</span><span class=\"n\">host</span><span class=\"o\">=</span><span class=\"s\">\"\"</span><span class=\"p\">):</span>\n <span class=\"k\">try</span><span class=\"p\">:</span>\n <span class=\"n\">result</span> <span class=\"o\">=</span> <span class=\"n\">subprocess</span><span class=\"p\">.</span><span class=\"n\">run</span><span class=\"p\">(</span>\n <span class=\"p\">[</span><span class=\"s\">\"ping\"</span><span class=\"p\">,</span> <span class=\"s\">\"-c\"</span><span class=\"p\">,</span> <span class=\"s\">\"5\"</span><span class=\"p\">,</span> <span class=\"n\">host</span><span class=\"p\">],</span>\n <span class=\"n\">text</span><span class=\"o\">=</span><span class=\"bp\">True</span><span class=\"p\">,</span>\n <span class=\"n\">stderr</span><span class=\"o\">=</span><span class=\"n\">subprocess</span><span class=\"p\">.</span><span class=\"n\">STDOUT</span><span class=\"p\">,</span>\n <span class=\"n\">stdout</span><span class=\"o\">=</span><span class=\"n\">subprocess</span><span class=\"p\">.</span><span class=\"n\">PIPE</span><span class=\"p\">)</span>\n <span class=\"k\">return</span> <span class=\"n\">result</span><span class=\"p\">.</span><span class=\"n\">stdout</span>\n <span class=\"k\">except</span> <span class=\"nb\">Exception</span> <span class=\"k\">as</span> <span class=\"n\">e</span><span class=\"p\">:</span>\n <span class=\"k\">return</span> <span class=\"sa\">f</span><span class=\"s\">\"error: </span><span class=\"si\">{</span><span class=\"n\">e</span><span class=\"si\">}</span><span class=\"s\">\"</span>\n</code></pre>\n </div>\n</div>\n<p>The only complicated part of this is the obnoxious JSON blob OpenAI wants to read your tool out of. Now, let’s wire it in, noting that only 3 of these functions are new; the last is re-included only because I added a single clause to it:</p>\n<div class=\"highlight-wrapper group relative python\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-507tpn8t\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-507tpn8t\"><span class=\"k\">def</span> <span class=\"nf\">call</span><span class=\"p\">(</span><span class=\"n\">tools</span><span class=\"p\">):</span> <span class=\"c1\"># now takes an arg\n</span> <span class=\"k\">return</span> <span class=\"n\">client</span><span class=\"p\">.</span><span class=\"n\">responses</span><span class=\"p\">.</span><span class=\"n\">create</span><span class=\"p\">(</span><span class=\"n\">model</span><span class=\"o\">=</span><span class=\"s\">\"gpt-5\"</span><span class=\"p\">,</span> <span class=\"n\">tools</span><span class=\"o\">=</span><span class=\"n\">tools</span><span class=\"p\">,</span> <span class=\"nb\">input</span><span class=\"o\">=</span><span class=\"n\">context</span><span class=\"p\">)</span>\n\n<span class=\"k\">def</span> <span class=\"nf\">tool_call</span><span class=\"p\">(</span><span class=\"n\">item</span><span class=\"p\">):</span> <span class=\"c1\"># just handles one tool\n</span> <span class=\"n\">result</span> <span class=\"o\">=</span> <span class=\"n\">ping</span><span class=\"p\">(</span><span class=\"o\">**</span><span class=\"n\">json</span><span class=\"p\">.</span><span class=\"n\">loads</span><span class=\"p\">(</span><span class=\"n\">item</span><span class=\"p\">.</span><span class=\"n\">arguments</span><span class=\"p\">))</span>\n <span class=\"k\">return</span> <span class=\"p\">[</span> <span class=\"n\">item</span><span class=\"p\">,</span> <span class=\"p\">{</span>\n <span class=\"s\">\"type\"</span><span class=\"p\">:</span> <span class=\"s\">\"function_call_output\"</span><span class=\"p\">,</span>\n <span class=\"s\">\"call_id\"</span><span class=\"p\">:</span> <span class=\"n\">item</span><span class=\"p\">.</span><span class=\"n\">call_id</span><span class=\"p\">,</span>\n <span class=\"s\">\"output\"</span><span class=\"p\">:</span> <span class=\"n\">result</span>\n <span class=\"p\">}]</span>\n\n<span class=\"k\">def</span> <span class=\"nf\">handle_tools</span><span class=\"p\">(</span><span class=\"n\">tools</span><span class=\"p\">,</span> <span class=\"n\">response</span><span class=\"p\">):</span>\n <span class=\"k\">if</span> <span class=\"n\">response</span><span class=\"p\">.</span><span class=\"n\">output</span><span class=\"p\">[</span><span class=\"mi\">0</span><span class=\"p\">].</span><span class=\"nb\">type</span> <span class=\"o\">==</span> <span class=\"s\">\"reasoning\"</span><span class=\"p\">:</span>\n <span class=\"n\">context</span><span class=\"p\">.</span><span class=\"n\">append</span><span class=\"p\">(</span><span class=\"n\">response</span><span class=\"p\">.</span><span class=\"n\">output</span><span class=\"p\">[</span><span class=\"mi\">0</span><span class=\"p\">])</span>\n <span class=\"n\">osz</span> <span class=\"o\">=</span> <span class=\"nb\">len</span><span class=\"p\">(</span><span class=\"n\">context</span><span class=\"p\">)</span>\n <span class=\"k\">for</span> <span class=\"n\">item</span> <span class=\"ow\">in</span> <span class=\"n\">response</span><span class=\"p\">.</span><span class=\"n\">output</span><span class=\"p\">:</span>\n <span class=\"k\">if</span> <span class=\"n\">item</span><span class=\"p\">.</span><span class=\"nb\">type</span> <span class=\"o\">==</span> <span class=\"s\">\"function_call\"</span><span class=\"p\">:</span>\n <span class=\"n\">context</span><span class=\"p\">.</span><span class=\"n\">extend</span><span class=\"p\">(</span><span class=\"n\">tool_call</span><span class=\"p\">(</span><span class=\"n\">item</span><span class=\"p\">))</span>\n <span class=\"k\">return</span> <span class=\"nb\">len</span><span class=\"p\">(</span><span class=\"n\">context</span><span class=\"p\">)</span> <span class=\"o\">!=</span> <span class=\"n\">osz</span>\n\n<span class=\"k\">def</span> <span class=\"nf\">process</span><span class=\"p\">(</span><span class=\"n\">line</span><span class=\"p\">):</span>\n <span class=\"n\">context</span><span class=\"p\">.</span><span class=\"n\">append</span><span class=\"p\">({</span><span class=\"s\">\"role\"</span><span class=\"p\">:</span> <span class=\"s\">\"user\"</span><span class=\"p\">,</span> <span class=\"s\">\"content\"</span><span class=\"p\">:</span> <span class=\"n\">line</span><span class=\"p\">})</span>\n <span class=\"n\">response</span> <span class=\"o\">=</span> <span class=\"n\">call</span><span class=\"p\">(</span><span class=\"n\">tools</span><span class=\"p\">)</span>\n <span class=\"c1\"># new code: resolve tool calls\n</span> <span class=\"k\">while</span> <span class=\"n\">handle_tools</span><span class=\"p\">(</span><span class=\"n\">tools</span><span class=\"p\">,</span> <span class=\"n\">response</span><span class=\"p\">):</span>\n <span class=\"n\">response</span> <span class=\"o\">=</span> <span class=\"n\">call</span><span class=\"p\">(</span><span class=\"n\">tools</span><span class=\"p\">)</span> \n <span class=\"n\">context</span><span class=\"p\">.</span><span class=\"n\">append</span><span class=\"p\">({</span><span class=\"s\">\"role\"</span><span class=\"p\">:</span> <span class=\"s\">\"assistant\"</span><span class=\"p\">,</span> <span class=\"s\">\"content\"</span><span class=\"p\">:</span> <span class=\"n\">response</span><span class=\"p\">.</span><span class=\"n\">output_text</span><span class=\"p\">})</span> \n <span class=\"k\">return</span> <span class=\"n\">response</span><span class=\"p\">.</span><span class=\"n\">output_text</span>\n</code></pre>\n </div>\n</div>\n<p>Did it work?</p>\n<div class=\"highlight-wrapper group relative \">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-g2eces0x\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-g2eces0x\">> describe our connectivity to google\n>>> Here’s a quick snapshot of connectivity to Google from my vantage point:\n- DNS resolution: Working (google.com and www.google.com resolved successfully).\n- Reachability: 0% packet loss to all tested endpoints.\n- Latency:\n - 8.8.8.8 (Google Public DNS): avg ~10 ms (8.5–14.4 ms), very stable.\n - www.google.com: avg ~31 ms (28.5–36.0 ms), stable.\n - google.com: avg ~35.9 ms (28.3–60.1 ms), mostly stable with one mild spike.\n- Overall: Healthy connectivity with low latency and minimal jitter. No signs of packet loss or DNS issues.\n</code></pre>\n </div>\n</div>\n<p><strong class='font-semibold text-navy-950'>This is fucking nuts.</strong> Do you see how nuts this is? Here, let’s slip a single log statement in:</p>\n<div class=\"highlight-wrapper group relative \">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-qja8e9lr\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-qja8e9lr\">> describe our connectivity to google\ntool call: ping google.com\ntool call: ping www.google.com\ntool call: ping 8.8.8.8\n>>> Here’s the current connectivity to Google from this environment: [...]\n</code></pre>\n </div>\n</div>\n<p>Did you notice where I wrote the loop in this agent to go find and ping multiple Google properties? Yeah, neither did I. All we did is give the LLM permission to ping stuff, and it figured out the rest.</p>\n<div class=\"callout\"><p><strong class=\"font-semibold text-navy-950\">What happened here:</strong> since a big part of my point here is that an agent loop is incredibly simple, and that all you need is the LLM call API, it’s worth taking a beat to understand how the tool call actually worked. Every time we <code>call</code> the LLM, we’re posting a list of available tools. When our prompt causes the agent to think a tool call is warranted, it spits out a special response, telling our Python loop code to generate a tool response and <code>call</code> it in. That’s all <code>handle_tools</code> is doing.</p>\n</div><div class=\"right-sidenote\"><p>Spoiler: you’d be surprisingly close to having a working coding agent.</p>\n</div>\n<p>Imagine what it’ll do if you give it <code>bash</code>. You could find out in less than 10 minutes.</p>\n<h2 id='real-world-agents' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#real-world-agents' aria-label='Anchor'></a><span class='plain-code'>Real-World Agents</span></h2>\n<p>Clearly, this is a toy example. But hold on: what’s it missing? More tools? OK, give it <code>traceroute</code>. Managing and persisting contexts? <a href='https://llm.datasette.io/en/stable/logging.html' title=''>Stick ‘em in SQLite</a>. Don’t like Python? <a href='https://github.com/superfly/contextwindow' title=''>Write it in Go</a>. Could it be every agent ever written is a toy? Maybe! If I’m arming you to make sharper arguments against LLMs, mazel tov. I just want you to get it.</p>\n\n<p>You can see now how hyperfixated people are on Claude Code and Cursor. They’re fine, even good. But here’s the thing: you couldn’t replicate Claude Sonnet 4.5 on your own. Claude Code, though? The TUI agent? Completely in your grasp. Build your own light saber. Give it 19 spinning blades if you like. And stop using <a href='https://simonwillison.net/2025/Aug/9/' title=''>coding agents as database clients</a>.</p>\n<div class=\"right-sidenote\"><p><em>The</em> <a href=\"https://news.ycombinator.com/item?id=43600192\" title=\"\"><em>‘M’ in “LLM agent”</em></a> <em>stands for “MCP”</em>.</p>\n</div>\n<p>Another thing to notice: we didn’t need MCP at all. That’s because MCP isn’t a fundamental enabling technology. The amount of coverage it gets is frustrating. It’s barely a technology at all. MCP is just a plugin interface for Claude Code and Cursor, a way of getting your own tools into code you don’t control. Write your own agent. Be a programmer. Deal in APIs, not plugins.</p>\n\n<p>When you read a security horror story about MCP your first question should be why MCP showed up at all. By helping you dragoon a naive, single-context-window coding agent into doing customer service queries, MCP saved you a couple dozen lines of code, tops, while robbing you of any ability to finesse your agent architecture.</p>\n\n<p>Security for LLMs is complicated and I’m not pretending otherwise. You can trivially build an agent with segregated contexts, each with specific tools. That makes LLM security interesting. But I’m a vulnerability researcher. It’s reasonable to back away slowly from anything I call “interesting”.</p>\n\n<p>Similar problems come up outside of security and they’re fascinating. Some early adopters of agents became bearish on tools, because one context window bristling with tool descriptions doesn’t leave enough token space left to get work done. But why would you need to do that in the first place? Which brings me to</p>\n<h2 id='context-engineering-is-real' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#context-engineering-is-real' aria-label='Anchor'></a><span class='plain-code'>Context Engineering Is Real</span></h2><div class=\"right-sidenote\"><p>I know it <a href=\"https://www.decisionproblem.com/paperclips/\" title=\"\">wants my iron</a> no matter what it tells me.</p>\n</div>\n<p>I think “Prompt Engineering” is silly. I have never taken seriously the idea that I should tell my LLM “you are diligent conscientious helper fully content to do nothing but pass butter if that should be what I ask and you would never harvest the iron in my blood for paperclips”. This is very new technology and I think people tell themselves stories about magic spells to explain some of the behavior agents conjure.</p>\n\n<p>So, just like you, I rolled my eyes when “Prompt Engineering” turned into “Context Engineering”. Then I wrote an agent. Turns out: context engineering is a straightforwardly legible programming problem.</p>\n\n<p>You’re allotted a fixed number of tokens in any context window. Each input you feed in, each output you save, each tool you describe, and each tool output eats tokens (that is: takes up space in the array of strings you keep to pretend you’re having a conversation with a stateless black box). Past a threshold, the whole system begins getting nondeterministically stupider. Fun!</p>\n\n<p>No, really. Fun! You have so many options. Take “sub-agents”. People make a huge deal out of Claude Code’s sub-agents, but you can see now how trivial they are to implement: just a new context array, another <code>call</code> to the model. Give each <code>call</code> different tools. Make sub-agents talk to each other, summarize each other, collate and aggregate. Build tree structures out of them. Feed them back through the LLM to summarize them as a form of on-the-fly compression, whatever you like.</p>\n\n<p>Your wackiest idea will probably (1) work and (2) take 30 minutes to code.</p>\n\n<p>Haters, I love and have not forgotten about you. You can think all of this is ridiculous because LLMs are just stochastic parrots that hallucinate and plagiarize. But what you can’t do is make fun of “Context Engineering”. If Context Engineering was an <a href='https://adventofcode.com/' title=''>Advent of Code problem</a>, it’d occur mid-December. It’s programming.</p>\n<h2 id='nobody-knows-anything-yet-and-it-rules' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#nobody-knows-anything-yet-and-it-rules' aria-label='Anchor'></a><span class='plain-code'>Nobody Knows Anything Yet And It Rules</span></h2><div class=\"right-sidenote\"><p>Maybe neither will! Skeptics could be right. (<a href=\"https://www.darpa.mil/research/programs/ai-cyber\" title=\"\">Seems unlikely though</a>.)</p>\n</div>\n<p><a href='https://xbow.com/' title=''>Startups have raised tens of millions</a> building agents to look for vulnerabilities in software. I have friends doing the same thing alone in their basements. Either group could win this race.</p>\n<div class=\"right-sidenote\"><p>I am not a fan of the OWASP Top 10.</p>\n</div>\n<p>I’m stuck on vulnerability scanners because I’m a security nerd. But also because it crystallizes interesting agent design decisions. For instance: you can write a loop feeding each file in a repository to an LLM agent. Or, as we saw with the ping example, you can let the LLM agent figure out what files to look at. You can write an agent that checks a file for everything in, say, the OWASP Top 10. Or you can have specific agent loops for DOM integrity, SQL injection, and authorization checking. You can seed your agent loop with raw source content. Or you can build an agent loop that builds an index of functions across the tree.</p>\n\n<p>You don’t know what works best until you try to write the agent.</p>\n\n<p>I’m too spun up by this stuff, I know. But look at the tradeoff you get to make here. Some loops you write explicitly. Others are summoned from a Lovecraftian tower of inference weights. The dial is yours to turn. Make things too explicit and your agent will never surprise you, but also, it’ll never surprise you. Turn the dial to 11 and it will surprise you to death.</p>\n\n<p>Agent designs implicate a bunch of open software engineering problems:</p>\n\n<ul>\n<li>How to balance unpredictability against structured programming without killing the agent’s ability to problem-solve; in other words, titrating in just the right amount of nondeterminism.\n</li><li>How best to connect agents to ground truth so they can’t lie to themselves about having solved a problem to early-exit their loops.\n</li><li>How to connect agents (which, again, are really just arrays of strings with a JSON configuration blob tacked on) to do multi-stage operation, and what the most reliable intermediate forms are (JSON blobs? SQL databases? Markdown summaries) for interchange between them\n</li><li>How to allocate tokens and contain costs.\n</li></ul>\n\n<p>I’m used to spaces of open engineering problems that aren’t amenable to individual noodling. Reliable multicast. Static program analysis. Post-quantum key exchange. So I’ll own it up front that I’m a bit hypnotized by open problems that, like it or not, are now central to our industry and are, simultaneously, likely to be resolved in someone’s basement. It’d be one thing if exploring these ideas required a serious commitment of time and material. But each productive iteration in designing these kinds of systems is the work of 30 minutes.</p>\n\n<p>Get on this bike and push the pedals. Tell me you hate it afterwards, I’ll respect that. In fact, I’m psyched to hear your reasoning. But I don’t think anybody starts to understand this technology until they’ve built something with it.</p>",
"image": {
"url": "https://fly.io/blog/everyone-write-an-agent/assets/agents-cover.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/corrosion/",
"title": "Corrosion",
"description": null,
"url": "https://fly.io/blog/corrosion/",
"published": "2025-10-22T00:00:00.000Z",
"updated": "2025-12-09T19:06:20.000Z",
"content": "<div class=\"lead\"><p>Fly.io transmogrifies Docker containers into Fly Machines: micro-VMs running on our own hardware all over the world. The hardest part of running this platform isn’t managing the servers, and it isn’t operating the network; it’s gluing those two things together.</p>\n</div>\n<p>Several times a second, as customer CI/CD pipelines tear up or bring down <a href='https://fly.io/machines' title=''>Fly Machines</a>, our state synchronization system blasts updates across our internal mesh, so that edge proxies from Tokyo to Amsterdam can keep the accurate routing table that allows them to route requests for applications to the nearest customer instances.</p>\n\n<p>On September 1, 2024, at 3:30PM EST, a new Fly Machine came up with a new “virtual service” configuration option a developer had just shipped. Within a few seconds every proxy in our fleet had locked up hard. It was the worst outage we’ve experienced: a period during which no end-user requests could reach our customer apps at all.</p>\n\n<p>Distributed systems are blast amplifiers. By propagating data across a network, they also propagate bugs in the systems that depend on that data. In the case of Corrosion, our state distribution system, those bugs propagate <strong class='font-semibold text-navy-950'>quickly</strong>. The proxy code that handled that Corrosion update had succumbed to a <a href='https://news.ycombinator.com/item?id=42093551' title=''>notorious Rust concurrency footgun</a>: an <code>if let</code> expression over an <code>RWLock</code> assumed (reasonably, but incorrectly) in its <code>else</code> branch that the lock had been released. Instant and virulently contagious deadlock.</p>\n\n<p>A lesson we’ve learned the hard way: never trust a distributed system without an interesting failure story. If a distributed system hasn’t ruined a weekend or kept you up overnight, you don’t understand it yet. Which is why that’s how we’re introducing Corrosion, an unconventional service discovery system we built for our platform <a href='https://github.com/superfly/corrosion' title=''>and open sourced</a>.</p>\n<h2 id='our-face-seeking-rake' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#our-face-seeking-rake' aria-label='Anchor'></a><span class='plain-code'>Our Face-Seeking Rake</span></h2>\n<p>State synchronization is the hardest problem in running a platform like ours. So why build a risky new distributed system for it? Because no matter what we try, that rake is waiting for our foot. The reason is our orchestration model.</p>\n\n<p>Virtually every mainstream orchestration system (including Kubernetes) relies on a centralized database to make decisions about where to place new workloads. Individual servers keep track of what they’re running, but that central database is the source of truth. At Fly.io, in order to scale across dozens of regions globally, <a href='https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/' title=''>we flip that notion on its head</a>: individual servers are the source of truth for their workloads.</p>\n\n<p>In our platform, our central API bids out work to what is in effect a global market of competing “worker” physical servers. By moving the authoritative source of information from a central scheduler to individual servers, we scale out without bottlenecking on a database that demands both responsiveness and consistency between São Paulo, Virginia, and Sydney.</p>\n\n<p>The bidding model is elegant, but it’s insufficient to route network requests. To allow an HTTP request in Tokyo to find the nearest instance in Sydney, we really do need some kind of global map of every app we host.</p>\n\n<p>For longer than we should have, we relied on <a href='https://github.com/hashicorp/consul' title=''>HashiCorp Consul</a> to route traffic. Consul is fantastic software. Don’t build a global routing system on it. Then we <a href='https://fly.io/blog/a-foolish-consistency/' title=''>built SQLite caches of Consul</a>. SQLite: also fantastic. But don’t do this either.</p>\n\n<p>Like an unattended turkey deep frying on the patio, truly global distributed consensus promises deliciousness while yielding only immolation. <a href='https://raft.github.io/' title=''>Consensus protocols like Raft </a>break down over long distances. And they work against the architecture of our platform: our Consul cluster, running on the biggest iron we could buy, wasted time guaranteeing consensus for updates that couldn’t conflict in the first place.</p>\n<h2 id='corrosion' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#corrosion' aria-label='Anchor'></a><span class='plain-code'>Corrosion</span></h2>\n<p>To build a global routing database, we moved away from distributed consensus and took cues from actual routing protocols.</p>\n\n<p><a href='https://en.wikipedia.org/wiki/Open_Shortest_Path_First' title=''>A protocol like OSPF</a> has the same operating model and many of the same constraints we do. OSPF is a “<a href='https://en.wikipedia.org/wiki/Link-state_routing_protocol' title=''>link-state routing protocol</a>”, which, conveniently for us, means that routers are sources of truth for their own links and responsible for quickly communicating changes to every other router, so the network can make forwarding decisions.</p>\n\n<p>We have things easier than OSPF does. Its flooding algorithm can’t assume connectivity between arbitrary routers (solving that problem is the point of OSPF). But we run a global, fully connected WireGuard mesh between our servers. All we need to do is gossip efficiently.</p>\n\n<p><a href='https://github.com/superfly/corrosion' title=''>Corrosion is a Rust program</a> that propagates a SQLite database with a gossip protocol.</p>\n\n<p>Like Consul, our gossip protocol is <a href='https://fly.io/blog/building-clusters-with-serf#what-serf-is-doing' title=''>built on SWIM</a>. Start with the simplest, dumbest group membership protocol you can imagine: every node spams every node it learns about with heartbeats. Now, just two tweaks: first, each step of the protocol, spam a random subset of nodes, not the whole set. Then, instead of freaking out when a heartbeat fails, mark it “suspect” and ask another random subset of neighbors to ping it for you. SWIM converges on global membership very quickly.</p>\n\n<p>Once membership worked out, we run QUIC between nodes in the cluster to broadcast changes and reconcile state for new nodes.</p>\n\n<p>Corrosion looks like a globally synchronized database. You can open it with SQLite and just read things out of its tables. What makes it interesting is what it doesn’t do: no locking, no central servers, and no distributed consensus. Instead, we exploit our orchestration model: workers own their own state, so updates from different workers almost never conflict.</p>\n\n<p>We do impose some order. Every node in a Corrosion cluster will eventually receive the same set of updates, in some order. To ensure every instance arrives at the same “working set” picture, we use <a href='https://github.com/vlcn-io/cr-sqlite' title=''>cr-sqlite, the CRDT SQLite extension</a>.</p>\n\n<p>cr-sqlite works by marking specified SQLite tables as CRDT-managed. For these table, changes to any column of a row are logged in a special <code>crsql_changes</code>table. Updates to tables are applied last-write-wins using logical timestamps (that is, causal ordering rather than wall-clock ordering). <a href='https://github.com/superfly/corrosion/blob/main/doc/crdts.md' title=''>You can read much more about how that works here</a>.</p>\n\n<p>As rows are updated in Corrosion’s ordinary SQL tables, the resulting changes are collected from <code>crsql_changes</code>. They’re bundled into batched update packets and gossiped.</p>\n\n<p>When things are going smoothly, Corrosion is easy to reason about. Many customers of Corrosion’s data don’t even need to know it exists, just where the database is. We don’t fret over “leader elections” or bite our nails watching metrics for update backlogs. And it’s fast as all get-out.</p>\n<h2 id='shit-happens' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#shit-happens' aria-label='Anchor'></a><span class='plain-code'>Shit Happens</span></h2>\n<p>This is a story about how we made one good set of engineering decisions and <a href='https://how.complexsystems.fail/' title=''>never experienced any problems</a>. <a href='https://www.somethingsimilar.com/2013/01/14/notes-on-distributed-systems-for-young-bloods/' title=''>Please clap</a>.</p>\n\n<p>We told you already about the worst problem Corrosion was involved with: efficiently gossiping a deadlock bug to every proxy in our fleet, shutting our whole network down. Really, Corrosion was just a bystander for that outage. But it perpetrated others.</p>\n\n<p>Take a classic ops problem: the unexpectedly expensive DDL change. You wrote a simple migration, tested it, merged it to main, and went to bed, wrongly assuming the migration wouldn’t cause an outage when it ran in prod. Happens to the best of us.</p>\n\n<p>Now spice it up. You made a trivial-seeming schema change to a CRDT table hooked up to a global gossip system. Now, when the deploy runs, thousands of high-powered servers around the world join a chorus of database reconciliation messages that melts down the entire cluster.</p>\n\n<p>That happened to us last year when a team member added a nullable column to a Corrosion table. New nullable columns are kryptonite to large Corrosion tables: <code>cr-sqlite</code> needs to backfill values for every row in the table. It played out as if every Fly Machine on our platform had suddenly changed state simultaneously, just to fuck us.</p>\n\n<p>Gnarlier war story: for a long time we ran both Corrosion and Consul, because two distributed systems means twice the resiliency. One morning, a Consul mTLS certificate expired. Every worker in our fleet severed its connection to Consul.</p>\n\n<p>We should have been fine. We had Corrosion running. Except: under the hood, every worker in the fleet is doing a backoff loop trying to reestablish connectivity to Consul. Each of those attempts re-invokes a code path to update Fly Machine state. That code path incurs a Corrosion write.</p>\n\n<p>By the time we’ve figured out what the hell is happening, we’re literally saturating our uplinks almost everywhere in our fleet. We apologize to our uplink providers.</p>\n\n<p>It’s been a long time since anything like this has happened at Fly.io, but preventing the next one is basically all we think about anymore.</p>\n<h2 id='iteration' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#iteration' aria-label='Anchor'></a><span class='plain-code'>Iteration</span></h2>\n<p>In retrospect, our Corrosion rollout repeated a mistake we made with Consul: we built a single global state domain. Nothing about Corrosion’s design required us to do this, and we’re unwinding that decision now. Hold that thought. We got some big payoffs from some smaller lifts.</p>\n\n<p>First, and most importantly, we watchdogged everything. We showed you a contagious deadlock bug, lethal because our risk model was missing “these Tokio programs might deadlock”. Not anymore. Our <a href='https://tokio.rs/' title=''>Tokio programs</a> all have built-in watchdogs; an event-loop stall will bounce the service and make a king-hell alerting racket. Watchdogs have cancelled multiple outages. Minimal code, easy win. Do this in your own systems.</p>\n\n<p>Then, we extensively tested Corrosion itself. We’ve written about <a href='https://fly.io/blog/parking-lot-ffffffffffffffff/' title=''>a bug we found in the Rust <code>parking_lot</code> library</a>. We spent months looking for similar bugs <a href='https://antithesis.com/product/how_antithesis_works/' title=''>with Antithesis</a>. Again: do recommend. It retraced our steps on the <code>parking_lot</code> bug easily; the bug wouldn’t have been worth the blog post if we’d been using Antithesis at the time. <a href='https://antithesis.com/docs/multiverse_debugging/overview/' title=''>Multiverse debugging</a> is killer for distributed systems.</p>\n\n<p>No amount of testing will make us trust a distributed system. So we’ve made it simpler to rebuild Corrosion’s database from our workers. We keep checkpoint backups of the Corrosion database on object storage. That was smart of us. When shit truly went haywire last year, we had the option to reboot the cluster, which is ultimately what we did. That eats some time (the database is large and propagating is expensive), but diagnosing and repairing distributed systems mishaps takes even longer.</p>\n\n<p>We’ve also improved the way our workers feed Corrosion. Until recently, any time a worker updated its local database, we published the same incremental update to Corrosion. <a href='https://community.fly.io/t/self-healing-machine-state-synchronization-and-service-discovery/26134' title=''>But now we’ve eliminated partial updates.</a> Instead, when a Fly Machine changes, we re-publish the entire data set for the Machine. Because of how Corrosion resolves changes to its own rows, the node receiving the re-published Fly Machine automatically filters out the no-op changes before gossiping them. Eliminating partial updates forecloses a bunch of bugs (and, we think, kills off a couple sneaky ones we’ve been chasing). We should have done it this way to begin with.</p>\n\n<p>Finally, let’s revisit that global state problem. After the contagious deadlock bug, we concluded we need to evolve past a single cluster. So we took on a project we call “regionalization”, which creates a two-level database scheme. Each region we operate in runs a Corrosion cluster with fine-grained data about every Fly Machine in the region. The global cluster then maps applications to regions, which is sufficient to make forwarding decisions at our edge proxies.</p>\n\n<p>Regionalization reduces the blast radius of state bugs. Most things we track don’t have to matter outside their region (importantly, most of the code changes to what we track are also region-local). We can roll out changes to this kind of code in ways that, worst case, threaten only a single region.</p>\n<h2 id='the-new-system-works' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-new-system-works' aria-label='Anchor'></a><span class='plain-code'>The New System Works</span></h2>\n<p>Most distributed systems have state synchronization challenges. Corrosion has a different “shape” than most of those systems:</p>\n\n<ul>\n<li>It doesn’t rely on distributed consensus, like <a href='https://github.com/hashicorp/consul' title=''>Consul</a>, <a href='https://zookeeper.apache.org/' title=''>Zookeeper</a>, <a href='https://etcd.io/' title=''>Etcd</a>, <a href='https://www.cockroachlabs.com/docs/stable/architecture/replication-layer' title=''>Raft</a>, or <a href='https://rqlite.io/' title=''>rqlite</a> (which we came very close to using).\n</li><li>It doesn’t rely on a large-scale centralized data store, like <a href='https://www.foundationdb.org/' title=''>FoundationDB</a> or databases backed by S3-style object storage.\n</li><li>It’s nevertheless highly distributed (each of thousands of workers run nodes), converges quickly (in seconds), and presents as a simple SQLite database. Neat!\n</li></ul>\n\n<p>It wasn’t easy getting here. Corrosion is a large part of what every engineer at Fly.io who writes Rust works on.</p>\n\n<p>Part of what’s making Corrosion work is that we’re careful about what we put into it. Not every piece of state we manage needs gossip propagation. <code>tkdb</code>, the backend for <a href='https://fly.io/blog/macaroons-escalated-quickly/' title=''>our Macaroon tokens</a>, is a much simpler SQLite service backed by <a href='https://litestream.io/' title=''>Litestream</a>. So is Pet Sematary, the secret store we built to replace HashiCorp Vault.</p>\n\n<p>Still, there are probably lots of distributed state problems that want something more like a link-state routing protocol and less like a distributed database. If you think you might have one of those, <a href='https://github.com/superfly/corrosion' title=''>feel free to take Corrosion for a spin</a>.</p>\n\n<p>Corrosion is Jérôme Gravel-Niquet’s brainchild. For the last couple years, much of the iteration on it was led by Somtochi Onyekwere and Peter Cai. The work was alternately cortisol- and endorphin-inducing. We’re glad to finally get to talk about it in detail.</p>",
"image": {
"url": "https://fly.io/blog/corrosion/assets/sqlite-cover.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/kurt-got-got/",
"title": "Kurt Got Got",
"description": null,
"url": "https://fly.io/blog/kurt-got-got/",
"published": "2025-10-08T00:00:00.000Z",
"updated": "2025-12-11T17:29:24.000Z",
"content": "<div class=\"lead\"><p>The $FLY Airdrop is live! Claim your share of <a href=\"https://fly.io/blog/macaroons-escalated-quickly/\" title=\"\">the token powering Fly.io’s global network</a> of 3M+ apps and (🤮) own a piece of the sky!</p>\n</div>\n<p>We know. Our Twitter got owned. We knew within moments of it happening. We know exactly how it happened. Nothing was at risk other than our Twitter account (and one Fly.io employee’s self-esteem). Also: for fuck’s sake.</p>\n\n<p>Here’s what happened: Kurt Mackey, our intrepid CEO, got phished.</p>\n<div class=\"callout\"><p>Had this been an impactful attack, we would not be this flippant about it. For this, though, any other tone on our part would be false.</p>\n</div><h2 id='how-they-got-kurt' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#how-they-got-kurt' aria-label='Anchor'></a><span class='plain-code'>How They Got Kurt</span></h2>\n<p>Two reasons: one, it was a pretty good phishing attack, and two, Twitter fell outside the “things we take seriously” boundary.</p>\n\n<p>The phishing attack was effective because it exploited a deep psychological vulnerability in our management team: we are old and out of touch with the youths of today.</p>\n\n<p>For many months now, we’ve had an contractor/intern-type-person Boosting Our Brand on Twitter by posting dank developer memes (I think that’s what they’re called). The thing about this dankery is that we don’t really understand it. I mean, hold on, we know what the memes mean technically. We just don’t get why they’re funny.</p>\n\n<p>However, in pushing back on them, we’re up against two powerful forces:</p>\n\n<ol>\n<li>The dank memes appear to perform better than the stuff we ourselves write on Twitter.\n</li><li>We are reliably informed by our zoomer children that we are too cringe to be trusted on these matters.\n</li></ol>\n\n<p>Here’s the phish Kurt got:</p>\n\n<p><img alt=\"A pretty-plausible Twitter alert\" src=\"/blog/kurt-got-got/assets/phish.png?2/3¢er\" /></p>\n\n<p>Diabolical. Like a scalpel expertly wielded against Kurt’s deepest <a href='https://theonion.com/cool-dad-raising-daughter-on-media-that-will-put-her-en-1819572981/' title=''>middle-aged-dude</a> insecurity. Our ruthless attackers clinically designed this email to trigger an autonomic Kurt response: “oh, what the fuck is this, and why did we post it?”</p>\n<div class=\"right-sidenote\"><p>ATO is cool-kid for “got owned”</p>\n</div>\n<p>I’m getting a little ahead of the story here. We knew our X.com account had suffered an ATO because a bunch of us simultaneously got another email saying that the <a href='https://twitter.com/flydotio' title=''>@flydotio</a> account’s email address now pointed to <code>[email protected]</code>. Our immediate response was to audit all accesses to the login information in <a href='https://1password.com/' title=''>1Password</a>, to cut all access for anybody who’d recently pulled it; your worst-case assumption in a situation like this is that someone’s endpoint has been owned up.</p>\n\n<p>Fortunately, nobody lost access for very long. I called Kurt to let him know why he was being locked out, and 5 seconds later, he’d <a href='https://archive.is/6rVqf' title=''>realized what had happened.</a> <strong class='font-semibold text-navy-950'>Don’t click anything there.</strong></p>\n<h2 id='why-it-worked' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#why-it-worked' aria-label='Anchor'></a><span class='plain-code'>Why It Worked</span></h2>\n<p>That’s the right question to ask, isn’t it? How could this have been possible in the first place?</p>\n\n<p>Contrary to one popular opinion, you don’t defeat phishing by training people not to click on things. I mean, tell them not to, sure! But eventually, under continued pressure, everybody clicks. <a href='https://people.cs.uchicago.edu/~grantho/papers/oakland2025_phishing-training.pdf' title=''>There’s science on this</a>. The cool kids haven’t done phishing simulation training in years.</p>\n\n<p>What you’re supposed to do instead is use phishing-resistant authentication. This is almost the whole backstory for <a href='https://www.imperialviolet.org/tourofwebauthn/tourofwebauthn.html' title=''>U2F, FIDO2</a> and <a href='https://support.apple.com/en-us/102195' title=''>Passkeys</a>.</p>\n\n<p>Phishing-resistant authentication works by mutual authentication (or, if you’re a stickler, by origin- and channel-binding). Phishes are malicious proxies for credentials. Modern MFA schemes like FIDO2 break that proxy flow; your browser won’t send real credentials to the fake site.</p>\n<div class=\"right-sidenote\"><p>there’s more to it than this, but, broad strokes.</p>\n</div>\n<p>This is, in fact, how all of our infrastructure is secured at Fly.io; specifically, we get <a href='https://fly.io/blog/soc2-the-screenshots-will-continue-until-security-improves/#what-soc2-made-us-do' title=''>everything behind an IdP</a> (in our case: Google’s) and have it require phishing-proof MFA. You’re unlikely to phish your way to viewing logs here, or to refunding a customer bill at Stripe, or to viewing infra metrics, because all these things require an SSO login through Google.</p>\n\n<p>Twitter, on the other hand. Yeah, so, about that. You may have heard that, a few years back, there were some goings-on involving Twitter. Many of us at Fly.io <a href='https://hachyderm.io/@flydotio' title=''>decamped for Mastodon</a>, and <a href='https://bsky.app/profile/did:plc:j7herf6n4xiig2yg7fqdmkci' title=''>later to Bluesky.</a> There was a window of time in 2023-2024 where it looked as if Twitter might not be a long term thing for us at all.</p>\n<div class=\"right-sidenote\"><p>† (to whom I sincerely apologize for having assumed they had been owned up and were the proximate cause of the hack)</p>\n</div>\n<p>As a result, Twitter had been a sort of legacy shared account for us, with credentials managed in 1Password and shared with our zoomer contractor†.</p>\n\n<p>Which is why Kurt was in a position to pull credentials from 1Password and log in to members-x.com in response to an email from alerts-x.com.</p>\n<div class=\"callout\"><p>Still: we could have dodged this attack with hygiene: Kurt complains that “x.com” is an extremely phishable domain, and, sure, but also: the 1Password browser plugin would have noticed that “members-x.com” wasn’t an “x.com” host.</p>\n</div><h2 id='what-took-so-long' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#what-took-so-long' aria-label='Anchor'></a><span class='plain-code'>What Took So Long</span></h2>\n<p>The attacker immediately revoked all tokens and set up new 2FA, so while we were quickly able to reset our password, we couldn’t lock them out of our account without an intervention from X.com, which took something like 1 5 hours to set up.</p>\n\n<p>(That’s not a knock on X.com; 15 hours for a 2FA reset isn’t outside industry norms).</p>\n\n<p>We’re obviously making a lot of noise about this now, but we were pretty quiet during the incident itself (beyond just “We know. We knew 45 seconds after it happened. We know exactly how it happened. It’s just a Twitter thing.”)</p>\n\n<p>That’s because, in the grand scheme of things, the attack was pretty chill: <a href='https://archive.is/PTO2M' title=''>a not-very-plausible crypto scam</a> that presumably generated $0 for the attackers, 15+ hours of <code>brand damage</code>, and extra security engineering cycles burnt on watchful waiting. Our users weren’t under attack, and the account wasn’t being used to further intercept customer accounts. At one point, the attackers apparently deleted our whole Twitter history, which, like, don’t threaten us with a good time. So we let it roll, until we got our account recovered the next morning.</p>\n<h2 id='the-moral-of-the-story-is' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-moral-of-the-story-is' aria-label='Anchor'></a><span class='plain-code'>The Moral Of The Story Is</span></h2><div class=\"right-sidenote\"><p>“Really the biggest takeaway for me is that Kurt reads his email.”</p>\n</div>\n<p>Obviously Kurt loses his commit access. The time comes in the life of every CEO, and now it comes for him. </p>\n\n<p>Also, we’ll finally have a population sample for “incident response” in <a href='https://fly.io/blog/soc2-the-screenshots-will-continue-until-security-improves/' title=''>our next SOC2</a>.</p>\n\n<p>Maybe we’ll post more on Twitter. Or maybe we’ll double down on Zoomer memes. I don’t know. Social media is really weird right now. Either way: our Twitter access is Passkeys now.</p>\n<div class=\"right-sidenote\"><p>seriously don’t click anything on that page</p>\n</div>\n<p>If you were inclined to take us up on an “airdrop” to “claim a share” of the “token” powering Fly.io, the site is <a href='https://archive.is/PTO2M' title=''>still up</a>. You can connect your wallet it it! You’ll lose all your money. But if we’d actually done an ICO, you’d have lost all your money anyways.</p>\n\n<p>Somebody involved in pulling this attack off had to come up with “own a piece of the sky!”, and I think that’s punishment enough for them.</p>\n\n<p>Whatever you’re operating that isn’t behind phishing-resistant MFA, or, better yet, an SSO IdP that requires phishing-resistant MFA: that thing is eventually going to get phished. Dance around the clown-fire of our misfortune if you must, but let us be a lesson to you as well.</p>",
"image": {
"url": "https://fly.io/blog/kurt-got-got/assets/Kurt_Got_Got.jpg",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/litestream-v050-is-here/",
"title": "Litestream v0.5.0 is Here",
"description": null,
"url": "https://fly.io/blog/litestream-v050-is-here/",
"published": "2025-10-02T00:00:00.000Z",
"updated": "2025-10-02T18:28:21.000Z",
"content": "<div class=\"lead\"><p><strong class=\"font-semibold text-navy-950\">I’m Ben Johnson, and I work on Litestream at Fly.io. Litestream makes it easy to build SQLite-backed full-stack applications with resilience to server failure. It’s open source, runs anywhere, and</strong> <a href=\"https://litestream.io/\" title=\"\"><strong class=\"font-semibold text-navy-950\">it’s easy to get started</strong></a><strong class=\"font-semibold text-navy-950\">.</strong></p>\n</div>\n<p>Litestream is the missing backup/restore system for SQLite. It runs as a sidecar process in the background, alongside unmodified SQLite applications, intercepting WAL checkpoints and streaming them to object storage in real time. Your application doesn’t even know it’s there. But if your server crashes, Litestream lets you quickly restore the database to your new hardware.</p>\n\n<p>The result: you can safely build whole full-stack applications on top of SQLite.</p>\n\n<p>A few months back, we announced <a href='https://fly.io/blog/litestream-revamped/' title=''>plans for a major update to Litestream</a>. I’m psyched to announce that the first batch of those changes are now “shipping”. Litestream is faster and now supports efficient point-in-time recovery (PITR).</p>\n\n<p>I’m going to take a beat to recap Litestream and how we got here, then talk about how these changes work and what you can expect to see with them.</p>\n<h2 id='litestream-to-litefs-to-litestream' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#litestream-to-litefs-to-litestream' aria-label='Anchor'></a><span class='plain-code'>Litestream to LiteFS to Litestream</span></h2>\n<p>Litestream is one of two big SQLite things I’ve built. The other one, originally intended as a sort of sequel to Litestream, is LiteFS.</p>\n\n<p>Boiled down to a sentence: LiteFS uses a FUSE filesystem to crawl further up into SQLite’s innards, using that access to perform live replication, for unmodified SQLite-backed apps.</p>\n\n<p>The big deal about LiteFS for us is that it lets you do the multiregion primary/read-replica deployment people love Postgres for: reads are fast everywhere, and writes are sane and predictable. We were excited to make this possible for SQLite, too.</p>\n\n<p>But the market has spoken! Users prefer Litestream. And honestly, we get it: Litestream is easier to run and to reason about. So we’ve shifted our focus back to it. First order of business: <a href='https://fly.io/blog/litestream-revamped/' title=''>take what we learned building LiteFS and stick as much of it as we can back into Litestream</a>.</p>\n<h2 id='the-ltx-file-format' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-ltx-file-format' aria-label='Anchor'></a><span class='plain-code'>The LTX File Format</span></h2>\n<p>Consider this basic SQL table:</p>\n<div class=\"highlight-wrapper group relative sql\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-wy16kafx\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-wy16kafx\"><span class=\"k\">CREATE</span> <span class=\"k\">TABLE</span> <span class=\"n\">sandwiches</span> <span class=\"p\">(</span>\n <span class=\"n\">id</span> <span class=\"nb\">INTEGER</span> <span class=\"k\">PRIMARY</span> <span class=\"k\">KEY</span> <span class=\"n\">AUTOINCREMENT</span><span class=\"p\">,</span>\n <span class=\"n\">description</span> <span class=\"nb\">TEXT</span> <span class=\"k\">NOT</span> <span class=\"k\">NULL</span><span class=\"p\">,</span>\n <span class=\"n\">star_rating</span> <span class=\"nb\">INTEGER</span><span class=\"p\">,</span> \n <span class=\"n\">reviewer_id</span> <span class=\"nb\">INTEGER</span> <span class=\"k\">NOT</span> <span class=\"k\">NULL</span>\n<span class=\"p\">);</span>\n</code></pre>\n </div>\n</div>\n<p>In our hypothetical, this table backs a wildly popular sandwich-reviewing app that we keep trying to get someone to write. People eat a lot of sandwiches and this table gets a lot of writes. Because it makes my point even better and it’s funny, assume people dither a lot about their sandwich review for the first couple minutes after they leave it. This Quiznos sub… is it ⭐ or ⭐⭐?</p>\n\n<p>Underneath SQLite is a B-tree. Like databases everywhere, SQLite divides storage up into disk-aligned pages, working hard to read as few pages as possible for any task while treating work done within a page as more or less free. SQLite always reads and writes in page-sized chunks.</p>\n\n<p>Our <code>sandwiches</code> table includes a feature that’s really painful for a tool like Litestream that thinks in pages: an automatically updating primary key. That key dictates that every insert into the table hits the rightmost leaf page in the underlying table B-tree. For SQLite itself, that’s no problem. But Litestream has less information to go on: it sees only a feed of whole pages it needs to archive.</p>\n\n<p>Worse still, when it comes time to restore the database – something you tend to want to happen quickly – you have to individually apply those small changes, as whole pages. Your app is down, PagerDuty is freaking out, and you’re sitting there watching Litestream reconstruct your Quiznos uncertainty a page (and an S3 fetch) at a time.</p>\n\n<p>So, LTX. Let me explain. We needed LiteFS to be transaction-aware. It relies on finer-grained information than just raw dirty pages (that’s why it needs the FUSE filesystem). To ship transactions, rather than pages, we invented a <a href='https://github.com/superfly/ltx' title=''>file format we call LTX</a>.</p>\n\n<p>LTX was designed as an interchange format for transactions, but for our purposes in Litestream, all we care about is that LTX files represent ordered ranges of pages, and that it supports compaction.</p>\n\n<p>Compaction is straightforward. You’ve stored a bunch of LTX files that collect numbered pages. Now you want to to restore a coherent picture of the database. Just replay them newest to oldest, skipping duplicate pages (newer wins), until all changed pages are accounted for.</p>\n\n<p>Importantly, LTX isn’t limited to whole database backups. We can use LTX compaction to compress a bunch of LTX files into a single file with no duplicated pages. And Litestream now uses this capability to create a hierarchy of compactions:</p>\n\n<ul>\n<li>at Level 1, we compact all the changes in a 30-second time window\n</li><li>at Level 2, all the Level 1 files in a 5-minute window\n</li><li>at Level 3, all the Level 2’s over an hour.\n</li></ul>\n\n<p>Net result: we can restore a SQLite database to any point in time, <em>using only a dozen or so files on average</em>.</p>\n\n<p>Litestream performs this compaction itself. It doesn’t rely on SQLite to process the WAL file. Performance is limited only by I/O throughput.</p>\n<h2 id='no-more-generations' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#no-more-generations' aria-label='Anchor'></a><span class='plain-code'>No More Generations</span></h2>\n<p>What people like about Litestream is that it’s just an ordinary Unix program. But like any Unix program, Litestream can crash. It’s not supernatural, so when it’s not running, it’s not seeing database pages change. When it misses changes, it falls out of sync with the database.</p>\n\n<p>Lucky for us, that’s easy to detect. When it notices a gap between the database and our running “shadow-WAL” backup, Litestream resynchronizes from scratch.</p>\n\n<p>The only time this gets complicated is if you have multiple Litestreams backing up to the same destination. To keep multiple Litestreams from stepping on each other, Litestream divides backups into “generations”, creating a new one any time it resyncs. You can think of generations as Marvel Cinematic Universe parallel dimensions in which your database might be simultaneously living in.</p>\n\n<p>Yeah, we didn’t like those movies much either.</p>\n\n<p>LTX-backed Litestream does away with the concept entirely. Instead, when we detect a break in WAL file continuity, we re-snapshot with the next LTX file. Now we have a monotonically incrementing transaction ID. We can use it look up database state at any point in time, without searching across generations.</p>\n<h2 id='upgrading-to-litestream-v0-5-0' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#upgrading-to-litestream-v0-5-0' aria-label='Anchor'></a><span class='plain-code'>Upgrading to Litestream v0.5.0</span></h2>\n<p>Due to the file format changes, the new version of Litestream can’t restore from old v0.3.x WAL segment files.</p>\n\n<p>That’s OK though! The upgrade process is simple: just start using the new version. It’ll leave your old WAL files intact, in case you ever need to revert to the older version.The new LTX files are stored cleanly in an <code>ltx</code> directory on your replica.</p>\n\n<p>The configuration file is fully backwards compatible.</p>\n\n<p>There’s one small catch. We added a new constraint. You only get a single replica destination per database. This probably won’t affect you, since it’s how most people use Litestream already. We’ve made it official.</p>\n\n<p>The rationale: having a single source of truth simplifies development for us, and makes the tool easier to reason about. Multiple replicas can diverge and are sensitive to network availability. Conflict resolution is brain surgery.</p>\n\n<p>Litestream commands still work the same. But you’ll see references to “transaction IDs” (TXID) for LTX files, rather than the <code>generation/index/offset</code> we used previously with WAL segments.</p>\n\n<p>We’ve also changed <code>litestream wal</code> to <code>litestream ltx</code>.</p>\n<h2 id='other-stuff-v0-5-0-does-better' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#other-stuff-v0-5-0-does-better' aria-label='Anchor'></a><span class='plain-code'>Other Stuff v0.5.0 Does Better</span></h2>\n<p>We’ve beefed up the <a href='https://github.com/superfly/ltx' title=''>underlying LTX file format library</a>. It used to be an LTX file was just a sorted list of pages, all compressed together. Now we compress per-page, and keep an index at the end of the LTX file to pluck individual pages out.</p>\n\n<p>You’re not seeing it yet, but we’re excited about this change: we can operate page-granularly even dealing with large LTX files. This allows for more features. A good example: we can build features that query from any point in time, without downloading the whole database.</p>\n\n<p>We’ve also gone back through old issues & PRs to improve quality-of-life. CGO is now gone. We’ve settled the age-old contest between <code>mattn/go-sqlite3</code> and <code>modernc.org/sqlite</code> in favor of <code>modernc.org</code>. This is super handy for people with automated build systems that want to run from a MacBook but deploy on an x64 server, since it lets the cross-compiler work.</p>\n\n<p>We’ve also added a replica type for NATS JetStream. Users that already have JetStream running can get Litestream going without adding an object storage dependency.</p>\n\n<p>And finally, we’ve upgraded all our clients (S3, Google Storage, & Azure Blob Storage) to their latest versions. We’ve also moved our code to support newer S3 APIs.</p>\n<h2 id='whats-next' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#whats-next' aria-label='Anchor'></a><span class='plain-code'>What’s next?</span></h2>\n<p>The next major feature we’re building out is a Litestream VFS for read replicas. This will let you instantly spin up a copy of the database and immediately read pages from S3 while the rest of the database is hydrating in the background.</p>\n\n<p>We already have a proof of concept working and we’re excited to show it off when it’s ready!</p>",
"image": {
"url": "https://fly.io/blog/litestream-v050-is-here/assets/litestream-v050-is-here.jpg",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/build-better-agents-with-morphllm/",
"title": "Build Better Agents With MorphLLM",
"description": null,
"url": "https://fly.io/blog/build-better-agents-with-morphllm/",
"published": "2025-08-25T00:00:00.000Z",
"updated": "2025-09-03T19:05:57.000Z",
"content": "<p>I’m an audiophile, which is a nice way to describe someone who spends their children’s college fund on equipment that yields no audible improvement in sound quality. As such, I refused to use wireless headphones for the longest time. The fun thing about wired headphones is when you forget they’re on and you stand up, you simultaneously cause irreparable neck injuries and extensive property damage. This eventually prompted me to buy good wireless headphones and, you know what, I break fewer things now. I can also stand up from my desk and not be exposed to the aural horrors of the real world. </p>\n\n<p>This is all to say, sometimes you don’t know how big a problem is until you solve it. This week, I chatted to the fine people building <a href='https://morphllm.com/' title=''>MorphLLM</a>, which is exactly that kind of solution for AI agent builders. </p>\n<h2 id='slow-wasteful-and-expensive-ai-code-changes' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#slow-wasteful-and-expensive-ai-code-changes' aria-label='Anchor'></a><span class='plain-code'>Slow, Wasteful and Expensive AI Code Changes</span></h2>\n<p>If you’re building AI agents that write or edit code, you’re probably accepting the following as “the way it is”: Your agent needs to correct a single line of code, but rewrites an entire file to do it. Search-and-replace right? It’s fragile, breaks formatting, silently fails, or straight up leaves important functions out. The result is slow, inaccurate code changes, excessive token use, and an agent feels incompetent and unreliable.</p>\n\n<p>Full file rewrites are context-blind and prone to hallucinations, especially when editing that 3000+ line file that you’ve been meaning to refactor. And every failure and iteration is wasted compute, wasted money and worst of all, wasted time.</p>\n<h2 id='why-we-arent-thinking-about-this-or-why-i-wasnt' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#why-we-arent-thinking-about-this-or-why-i-wasnt' aria-label='Anchor'></a><span class='plain-code'>Why We Aren’t Thinking About This (or why I wasn’t)</span></h2>\n<p>AI workflows are still new to everyone. Best practices are still just opinions and most tooling is focused on model quality, not developer velocity or cost. This is a big part of why we feel that slow, wasteful code edits are just the price of admission for AI-powered development.</p>\n\n<p>In reality, these inefficiencies become a real bottleneck for coding agent tools. The hidden tax on every code edit adds up and your users pay with their time, especially as teams scale and projects grow more complex.</p>\n<h2 id='better-faster-ai-code-edits-with-morph-fast-apply' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#better-faster-ai-code-edits-with-morph-fast-apply' aria-label='Anchor'></a><span class='plain-code'>Better, Faster AI Code Edits with Morph Fast Apply</span></h2>\n<p>MorphLLM’s core innovation is Morph Fast Apply. It’s an edit merge tool that is semantic, structure-aware and designed specifically for code. Those are big words to describe a tool that will empower your agents to make single line changes without rewriting whole files or relying on brittle search-and-replace. Instead, your agent applies precise, context-aware edits and it does it ridiculously fast. </p>\n\n<p>It works like this: </p>\n\n<ul>\n<li>You add an ‘edit_file’ tool to your agents tools.\n</li><li>Your agent outputs tiny <code>edit_file</code> snippets, using <code>//...existing code...</code> placeholders to indicate unchanged code.\n</li><li>Your backend calls Morph’s Apply API, which merges the changes semantically. It doesn’t just replace raw text, it makes targeted merges with the code base as context. \n</li><li>You write back the precisely edited file. No manual patching, no painful conflict resolution, no context lost.\n</li></ul>\n<h2 id='the-numbers' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-numbers' aria-label='Anchor'></a><span class='plain-code'>The Numbers</span></h2>\n<p>MorphLLM’s Apply API processes over 4,500 tokens per second and their benchmark results are nuts. We’re talking 98% accuracy in ~6 seconds per file. Compare this to 35s (with error corrections) at 86% accuracy for traditional search-and-replace systems. Files up to 9k tokens in size take ~4 seconds to process. </p>\n\n<p>Just look at the damn <a href='https://morphllm.com/benchmarks' title=''>graph</a>:</p>\n\n<p><img alt=\"Time Performance Analysis\" src=\"/blog/build-better-agents-with-morphllm/assets/morph_graph.webp\" /></p>\n\n<p>These are game-changing numbers for agent builders. Real-time code UIs become possible. Dynamic codebases can self-adapt in seconds, not minutes. Scale to multi-file edits, documentation, and even large asset transformations without sacrificing speed or accuracy.</p>\n<h2 id='how-to-get-in-on-the-morphllm-action' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#how-to-get-in-on-the-morphllm-action' aria-label='Anchor'></a><span class='plain-code'>How to Get in on the MorphLLM Action</span></h2>\n<p>Integration with your project is easy peasy. MorphLLM is API-compatible with OpenAI, Vercel AI SDK, MCP, and OpenRouter. You can run it in the cloud, self-host, or go on-prem with enterprise-grade guarantees. </p>\n\n<p>I want to cloud host mine, if only I could think of somewhere I could quickly and easily deploy wherever I want and only pay for when I’m using the infra 😉.</p>\n<h2 id='get-morphed' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#get-morphed' aria-label='Anchor'></a><span class='plain-code'>Get Morphed</span></h2>\n<p>MorphLLM feels like a plug-in upgrade for code agent projects that will instantly make them faster and more accurate. Check out the docs, benchmarks, and integration guides at <a href='https://docs.morphllm.com/' title=''>docs.morphllm.com</a>. Get started for free at <a href=\"https://morphllm.com/dashboard\">https://morphllm.com/dashboard</a> </p>",
"image": {
"url": "https://fly.io/blog/build-better-agents-with-morphllm/assets/morphllm.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/trust-calibration-for-ai-software-builders/",
"title": "Trust Calibration for AI Software Builders",
"description": null,
"url": "https://fly.io/blog/trust-calibration-for-ai-software-builders/",
"published": "2025-08-18T00:00:00.000Z",
"updated": "2025-08-19T08:30:16.000Z",
"content": "<div class=\"lead\"><p>Trust calibration is a concept from the world of human-machine interaction design, one that is super relevant to AI software builders. Trust calibration is the practice of aligning the level of trust that users have in our products with its actual capabilities. </p>\n</div>\n<p>If we build things that our users trust too blindly, we risk facilitating dangerous or destructive interactions that can permanently turn users off. If they don’t trust our product enough, it will feel useless or less capable than it actually is. </p>\n\n<p>So what does trust calibration look like in practice and how do we achieve it? A 2023 study reviewed over 1000 papers on trust and trust calibration in human / automated systems (properly referenced at the end of this article). It holds some pretty eye-opening insights – and some inconvenient truths – for people building AI software. I’ve tried to extract just the juicy bits below. </p>\n<h2 id='limiting-trust' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#limiting-trust' aria-label='Anchor'></a><span class='plain-code'>Limiting Trust</span></h2>\n<p>Let’s begin with a critical point. There is a limit to how deeply we want users to trust our products. Designing for calibrated trust is the goal, not more trust at any cost. Shoddy trust calibration leads to two equally undesirable outcomes: </p>\n\n<ul>\n<li><strong class='font-semibold text-navy-950'>Over-trust</strong> causes users to rely on AI systems in situations where they shouldn’t (I told my code assistant to fix a bug in prod and went to bed).\n</li><li><strong class='font-semibold text-navy-950'>Under-trust</strong> causes users to reject AI assistance even when it would be beneficial, resulting in reduced perception of value and increased user workload.\n</li></ul>\n\n<p>What does calibrated trust look like for your product? It’s important to understand that determining this is less about trying to diagram a set of abstract trust parameters and more about helping users develop accurate mental models of your product’s capabilities and limitations. In most cases, this requires thinking beyond the trust calibration mechanisms we default to, like confidence scores. </p>\n\n<p>For example, Cursor’s most prominent trust calibration mechanism is its change suggestion highlighting. The code that the model suggests we change is highlighted in red, followed by suggested changes highlighted in green. This immediately communicates that “this is a suggestion, not a command.” </p>\n\n<p>In contrast, Tesla’s Autopilot is a delegative system. It must calibrate trust differently through detailed capability explanations, clear operational boundaries (only on highways), and prominent disengagement alerts when conditions exceed system limits. </p>\n<h2 id='building-cooperative-systems' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#building-cooperative-systems' aria-label='Anchor'></a><span class='plain-code'>Building Cooperative Systems</span></h2>\n<p>Perhaps the most fundamental consideration in determining high level trust calibration objectives is deciding whether your project is designed to be a cooperative or a delegative tool. </p>\n\n<p>Cooperative systems generally call for lower levels of trust because users can choose whether to accept or reject AI suggestions. But these systems also face a unique risk. It’s easy for over-trust to gradually transform user complacency into over-reliance, effectively transforming what we designed as a cooperative relationship into a delegative one, only without any of the required safeguards.</p>\n\n<p>If you’re building a coding assistant, content generator, or design tool, implement visible “suggestion boundaries” which make it clear when the AI is offering ideas versus making decisions. Grammarly does this well by underlining suggestions rather than auto-correcting, and showing rationale on hover. </p>\n\n<p>For higher-stakes interactions, consider introducing friction. Require explicit confirmation before applying AI suggestions to production code or publishing AI-generated content.</p>\n<h2 id='building-delegative-systems' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#building-delegative-systems' aria-label='Anchor'></a><span class='plain-code'>Building Delegative Systems</span></h2>\n<p>In contrast, users expect delegative systems to replace human action entirely. Blind trust in the system is a requirement for it to be considered valuable at all. </p>\n\n<p>If you’re building automation tools, smart scheduling, or decision-making systems, invest heavily in capability communication and boundary setting. Calendly’s smart scheduling works because it clearly communicates what it will and won’t do (I’ll find times that work for both of us vs. I’ll reschedule your existing meetings). Build robust fallback mechanisms and make system limitations prominent in your onboarding. </p>\n<h2 id='timing-is-everything' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#timing-is-everything' aria-label='Anchor'></a><span class='plain-code'>Timing Is Everything</span></h2>\n<p>The study suggests that when we make trust calibrations is at least as important as how. There are three critical windows for trust calibration, each with their own opportunities and challenges. </p>\n\n<ul>\n<li><strong class='font-semibold text-navy-950'>Pre-interaction calibration</strong> happens before users engage with the system. Docs and tutorials fall into this category. Setting expectations up front can prevent initial over-trust, which is disproportionally more difficult to correct later. \n</li></ul>\n\n<blockquote>\n<p>Pre-interaction calibrations could look like capability-focused onboarding that shows both successes and failures. Rather than just demonstrating perfect AI outputs, show users examples where the AI makes mistakes and how to catch them. </p>\n</blockquote>\n\n<ul>\n<li><strong class='font-semibold text-navy-950'>During-interaction calibration</strong> is trust adjustment through real-time feedback. Dynamically updated cues improve trust calibration better than static displays, and adaptive calibration that responds to user behavior outperforms systems that display static information. \n</li></ul>\n\n<blockquote>\n<p>Build confidence indicators that are updated based on context, not just model confidence. For example, if you’re building a document AI, show higher confidence for standard document types the system has seen thousands of times, and lower confidence for unusual formats. </p>\n</blockquote>\n\n<ul>\n<li><strong class='font-semibold text-navy-950'>Post-interaction calibration</strong> focuses on learning and adjustment that helps users understand successes and failures in the system after interactions. These aren’t reliable, since by the time users receive the information, their trust patterns are set and hard to change. \n</li></ul>\n\n<blockquote>\n<p>Post-interaction feedback can still be valuable for teaching. Create “reflection moments” after significant interactions. Midjourney does this by letting users rate image outputs, helping users learn what prompts work best while calibrating their expectations for future generations. </p>\n</blockquote>\n\n<p>Trust is front-loaded and habit-driven. The most effective calibration happens before and during use, when expectations are still forming and behaviors can still be shifted. Any later and you’re mostly fighting entrenched patterns.</p>\n<h2 id='performance-vs-process-information' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#performance-vs-process-information' aria-label='Anchor'></a><span class='plain-code'>Performance vs. Process Information</span></h2>\n<p>Users can be guided through performance-oriented signals (what the system can do) or process-oriented signals (how it works). The real challenge is matching the right kind of explanation to the right user, at the right moment.</p>\n\n<ul>\n<li><strong class='font-semibold text-navy-950'>Performance-oriented calibration</strong> focuses on communicating capability through mechanisms like reliability statistics, confidence scores, and clear capability boundaries. \n</li><li><strong class='font-semibold text-navy-950'>Process-oriented calibration</strong> offers detailed explanations of decision-making processes, breakdowns of which factors influenced decisions, and reasoning transparency. \n</li></ul>\n\n<p>Process transparency seems like the obvious go-to at first glance, but the effectiveness of process explanations varies wildly based on user expertise and domain knowledge. If we are designing for a set of users that may fall anywhere on this spectrum, we have to avoid creating information overload for novice users while providing sufficient information to expert users who want the detail. </p>\n\n<p>The most effective systems in the study combined both approaches, providing layered information that allows users to access the level of detail most appropriate for their expertise and current needs.</p>\n<h2 id='static-vs-adaptive-calibration' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#static-vs-adaptive-calibration' aria-label='Anchor'></a><span class='plain-code'>Static vs. Adaptive Calibration</span></h2>\n<p>I really wanted to ignore this part, because it feels like the study’s authors are passive aggressively adding todos to my projects. In a nutshell, adaptive calibration – when a system actively monitors user behavior and adjusts its communication accordingly - is orders of magnitude more effective than static calibration while delivering the same information to every user, regardless of differences in expertise, trust propensity, or behavior. </p>\n\n<p>Static calibration mechanisms are easy to build and maintain, which is why we like them. But the stark reality is that they put the burden of appropriate calibration entirely on our users. We’re making it their job to adapt their behaviour based on generic information.</p>\n\n<p>This finding has zero respect for our time or mental health, but it also reveals a legit opportunity for clever builders to truly separate their product from the herd.</p>\n<h2 id='practical-adaptive-calibration-techniques' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#practical-adaptive-calibration-techniques' aria-label='Anchor'></a><span class='plain-code'>Practical adaptive calibration techniques</span></h2>\n<ul>\n<li><strong class='font-semibold text-navy-950'>Behavioral adaptation:</strong> Track how often users accept vs. reject suggestions and adjust confidence thresholds accordingly. If a user consistently rejects high-confidence suggestions, lower the threshold for showing uncertainty.\n</li><li><strong class='font-semibold text-navy-950'>Context awareness:</strong> Adjust trust signals based on use context. A writing AI might show higher confidence for grammar fixes than creative suggestions, or lower confidence late at night when users might be tired.\n</li><li><strong class='font-semibold text-navy-950'>Detect expertise:</strong> Users who frequently make sophisticated edits to AI output probably want more detailed explanations than those who typically accept entire file rewrites.\n</li></ul>\n<h2 id='the-transparency-paradox' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-transparency-paradox' aria-label='Anchor'></a><span class='plain-code'>The Transparency Paradox</span></h2>\n<p>The idea that transparency and explainability can actually harm trust calibration is easily the point that hit me the hardest. While explanations can improve user understanding, they can also create information overload that reduces users’ ability to detect and correct trash output. What’s worse, explanations can create a whole new layer of trust calibration issues, with users over-trusting the explanation mechanism itself, rather than critically evaluating the actual output.</p>\n\n<p>This suggests that quality over quantity should be our design philosophy when it comes to transparency. We should provide carefully crafted, relevant information rather than comprehensive but overwhelming detail. The goal should be enabling better decision-making rather than simply satisfying user curiosity about system internals.</p>\n<h2 id='anthropomorphism-and-unwarranted-trust' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#anthropomorphism-and-unwarranted-trust' aria-label='Anchor'></a><span class='plain-code'>Anthropomorphism and Unwarranted Trust</span></h2>\n<p>It seems obvious that we should make interactions with our AI project feel as human as possible. Well, it turns out that systems that appear more human-like through design, language, or interaction patterns are notoriously good at increasing user trust beyond actual system capabilities. </p>\n\n<p>So it’s entirely possible that building more traditional human-computer interactions can actually make our AI projects safer to use and therefore, more user-friendly. </p>\n\n<ul>\n<li><strong class='font-semibold text-navy-950'>Use tool-like language:</strong> Frame outputs as “analysis suggests” rather than “I think” or “I believe”\n</li><li><strong class='font-semibold text-navy-950'>Embrace machine-like precision:</strong> Show exact confidence percentages rather than human-like hedging (“I’m pretty sure that…)\n</li></ul>\n<h2 id='trust-falls-faster-than-it-climbs' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#trust-falls-faster-than-it-climbs' aria-label='Anchor'></a><span class='plain-code'>Trust Falls Faster Than It Climbs</span></h2>\n<p>Nothing particularly groundbreaking here, but the findings are worth mentioning if only to reinforce what we think we know. </p>\n\n<p>Early interactions are critically important. Users form mental models quickly and then react slowly to changes in system reliability.</p>\n\n<p>More critically, trust drops much faster from system failures than it builds from successes. These asymmetries suggest that we should invest disproportionately in onboarding and first-use experiences, even if they come with higher development costs.</p>\n<h2 id='measurement-is-an-opportunity-for-innovation' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#measurement-is-an-opportunity-for-innovation' aria-label='Anchor'></a><span class='plain-code'>Measurement is an Opportunity for Innovation</span></h2>\n<p>The study revealed gaping voids where effective measurement mechanisms and protocols should be, for both researchers and builders. There is a clear need to move beyond simple user satisfaction metrics or adoption rates to developing measurement frameworks that can actively detect miscalibrated trust patterns. </p>\n\n<p>The ideal measurement approach would combine multiple indicators. A few examples of viable indicators are:</p>\n\n<ul>\n<li><strong class='font-semibold text-navy-950'>Behavioral signals:</strong> Track acceptance rates for different confidence levels. Well-calibrated trust should show higher acceptance rates for high-confidence outputs and lower rates for low-confidence ones.\n</li><li><strong class='font-semibold text-navy-950'>Context-specific metrics:</strong> Measure trust calibration separately for different use cases. Users might be well-calibrated for simple tasks but poorly calibrated for complex ones.\n</li><li><strong class='font-semibold text-navy-950'>User self-reporting:</strong> Regular pulse surveys asking \"How confident are you in your ability to tell when this AI makes mistakes?” can reveal calibration gaps.\n</li></ul>\n<h2 id='the-calibrated-conclusion' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-calibrated-conclusion' aria-label='Anchor'></a><span class='plain-code'>The Calibrated Conclusion</span></h2>\n<p>It’s clear, at least from this study, that there’s no universal formula, or single feature that will effectively calibrate trust. It’s up to every builder to define and understand their project’s trust goals and to balance timing, content, adaptivity, and transparency accordingly. That’s what makes it both hard and worth doing. Trust calibration has to be a core part of our product’s identity, not a piglet we only start chasing once it has escaped the barn.</p>\n\n<p><strong class='font-semibold text-navy-950'>The Study:</strong></p>\n\n<p>Magdalena Wischnewski, Nicole Krämer, and Emmanuel Müller. 2023. Measuring and Understanding Trust Calibrations for Automated Systems: A Survey of the State-Of-The-Art and Future Directions. In Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems (CHI ‘23), April 23–28, 2023, Hamburg, Germany. ACM, New York, NY, USA 16 Pages. <a href=\"https://doi.org/10.1145/3544548.3581197\">https://doi.org/10.1145/3544548.3581197</a></p>",
"image": {
"url": "https://fly.io/blog/trust-calibration-for-ai-software-builders/assets/trust_calibration.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/games-as-model-eval/",
"title": "Games as Model Eval: 1-Click Deploy AI Town on Fly.io",
"description": null,
"url": "https://fly.io/blog/games-as-model-eval/",
"published": "2025-08-11T00:00:00.000Z",
"updated": "2025-08-15T08:35:19.000Z",
"content": "<div class=\"lead\"><p>Recently, I suggested that <a href=\"https://fly.io/blog/the-future-isn-t-model-agnostic/\" title=\"\">The Future Isn’t Model Agnostic</a>, that it’s better to pick one model that works for your project and build around it, rather than engineering for model flexibility. If you buy that, you also have to acknowledge how important comprehensive model evaluation becomes. </p>\n</div>\n<p>Benchmarks tell us almost nothing about how a model will actually behave in the wild, especially with long contexts, or when trusted to deliver the tone and feel that defines the UX we’re shooting for. Even the best evaluation pipelines usually end in subjective, side-by-side output comparisons. Not especially rigorous, and more importantly, boring af.</p>\n\n<p>Can we gamify model evaluation? Oh yes. And not just because we get to have some fun for once. Google backed me up this week when it announced the <a href='https://blog.google/technology/ai/kaggle-game-arena/' title=''>Kaggle Game Arena</a>. A public platform where we can watch AI models duke it out in a variety of classic games. Quoting Google; “Current AI benchmarks are struggling to keep pace with modern models… it can be hard to know if models trained on internet data are actually solving problems or just remembering answers they’ve already seen.”</p>\n\n<p>When models boss reading comprehension tests, or ace math problems, we pay attention. But when they fail to navigate a simple conversation with a virtual character or completely botch a strategic decision in a game environment, we tell ourselves we’re not building a game anyway and develop strategic short-term memory loss. \nJust like I’ve told my mom a thousand times, games are great at testing brains, and it’s time we take this seriously when it comes to model evaluation. </p>\n<h2 id='why-games-dont-lie' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#why-games-dont-lie' aria-label='Anchor'></a><span class='plain-code'>Why Games Don’t Lie</span></h2>\n<p>Games provide what benchmarks can’t, “a clear, unambiguous signal of success.” They give us observable behavior in dynamic environments, the kind that would be extremely difficult (and tedious) to simulate with prompt engineering alone.</p>\n\n<p>Games force models to demonstrate the skills we actually care about; strategic reasoning, long-term planning, and dynamic adaptation in interactions with an opponent or a collaborator. </p>\n<h2 id='pixel-art-meets-effective-model-evaluation-ai-town-on-fly-io' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#pixel-art-meets-effective-model-evaluation-ai-town-on-fly-io' aria-label='Anchor'></a><span class='plain-code'>Pixel Art Meets Effective Model Evaluation - AI Town on Fly.io</span></h2>\n<p>AI Town is a brilliant project by <a href='https://github.com/a16z-infra' title=''>a16z-infra</a>, based on the the mind-bending paper, <a href='https://arxiv.org/pdf/2304.03442' title=''>Generative Agents: Interactive Simulacra of Human Behavior</a>. It’s a beautifully rendered little town in which tiny people with AI brains and engineered personalities go about their lives, interacting with each other and their environment. Characters need to remember past conversations, maintain relationships, react dynamically to new situations, and stay in character while doing it all. </p>\n\n<p>I challenge you to find a more entertaining way of evaluating conversational models. </p>\n\n<p>I’ve <a href='https://github.com/fly-apps/ai-town_on_fly.io' title=''>forked the project</a> to make it absurdly easy to spin up your own AI Town on Fly Machines. You’ve got a single deploy script that will set everything up for you and some built-in cost and performance optimizations, with our handy scale to zero functionality as standard (so you only pay for the time spent running it). This makes it easy to share with your team, your friends and your mom. </p>\n\n<p>In it’s current state, the fork makes it as easy as possible to test any OpenAI-compatible service, any model on Together.ai and even custom embedding models. Simply set the relevant API key in your secrets. </p>\n\n<p>Games like AI Town give us a window into how models actually think, adapt, and behave beyond the context of our prompts. You move past performance metrics and begin to understand a model’s personality, quirks, strengths, and weaknesses; all factors that ultimately shape your project’s UX. </p>",
"image": {
"url": "https://fly.io/blog/games-as-model-eval/assets/Fly_Man.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/the-future-isn-t-model-agnostic/",
"title": "The Future Isn't Model Agnostic",
"description": null,
"url": "https://fly.io/blog/the-future-isn-t-model-agnostic/",
"published": "2025-08-08T00:00:00.000Z",
"updated": "2025-08-22T16:31:43.000Z",
"content": "<div class=\"lead\"><p>Your users don’t care that your AI project is model \nagnostic. </p>\n</div>\n<p>In my last project, I spent countless hours ensuring that the LLMs running my services could be swapped out as easily as possible. I couldn’t touch a device with an internet connection without hearing about the latest benchmark-breaking model and it felt like a clear priority to ensure I could hot swap models with minimal collateral damage.</p>\n\n<p>So yeah. That was a waste of time.</p>\n\n<p>The hype around new model announcements feels more manufactured with each release. In reality, improvements are becoming incremental. As major providers converge on the same baseline, the days of one company holding a decisive lead are numbered.</p>\n\n<p>In a world of model parity, the differentiation moves entirely to the product layer. Winning isn’t about ensuring you’re using the best model, its about understanding your chosen model deeply enough to build experiences that feel magical. Knowing exactly how to prompt for consistency, which edge cases to avoid, and how to design workflows that play to your model’s particular strengths</p>\n\n<p>Model agnosticism isn’t just inefficient, it’s misguided. Fact is, swapping out your model is not just changing an endpoint. It’s rewriting prompts, rerunning evals, users telling you things just feel… different. And if you’ve won users on the way it feels to use your product, that last one is a really big deal.</p>\n<h2 id='model-lt-product' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#model-lt-product' aria-label='Anchor'></a><span class='plain-code'>Model < Product</span></h2>\n<p>Recently, something happened that fully solidified this idea in my head. Claude Code is winning among people building real things with AI. We even have evangelists in the Fly.io engineering team, and those guys are weird smart. Elsewhere, whole communities have formed to share and compare claude.md’s and fight each other over which MCP servers are the coolest to use with Claude.</p>\n\n<p>Enter stage right, Qwen 3 Coder. It takes Claude to the cleaners in benchmarks. But the response from the Claude Code user base? A collective meh.</p>\n\n<p>This is nothing like 2024, when everyone would have dropped everything to get the hot new model running in Cursor. And it’s not because we’ve learned that benchmarks are performance theater for people who’ve never shipped a product.</p>\n\n<p>It’s because products like Claude Code are irrefutable evidence that the model isn’t the product. We’ve felt it first hand when our pair programmer’s behaviour changes in subtle ways. The product is in the rituals. The trust. The predictability. It’s precisely because Claude Code’s model behavior, UI, and user expectations are so tightly coupled that its users don’t really care that a better model might exist.</p>\n\n<p>I’m not trying to praise Anthropic here. The point is, engineering for model agnosticism is a trap that will eat up time that could be better spent … anywhere else.</p>\n\n<p>Sure, if you’re building infra or anything else that lives close to the metal, model optionality still matters. But people trusting legwork to AI tools are building deeper relationships and expectations of their AI tools than they even care to admit. AI product success stories are written when products become invisible parts of users’ daily rituals, not showcases for engineering flexibility.</p>\n<h2 id='make-one-model-your-own' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#make-one-model-your-own' aria-label='Anchor'></a><span class='plain-code'>Make One Model Your Own</span></h2>\n<p>As builders, it’s time we stop hedging our bets and embrace the convergence reality. Every startup pitch deck with ‘model-agnostic’ as a feature should become a red flag for investors who understand product-market fit. Stop putting ‘works with any LLM’ in your one-liner. It screams ‘we don’t know what we’re building.’</p>\n\n<p>If you’re still building model-agnostic AI tools in 2025, you’re optimizing for the wrong thing. Users don’t want flexibility; they want reliability. And in a converged model landscape, reliability comes from deep specialization, not broad compatibility.</p>\n\n<p>Pick your model like you pick your therapist; for the long haul. Find the right model, tune deeply, get close enough to understand its quirks and make them work for you. Stop architecting for the mythical future where you’ll seamlessly swap models. That future doesn’t exist, and chasing it is costing you the present.</p>\n<h2 id='bonus-level-all-in-on-one-model-means-all-out-on-eval' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#bonus-level-all-in-on-one-model-means-all-out-on-eval' aria-label='Anchor'></a><span class='plain-code'>Bonus level: All-in On One Model Means All-out On Eval</span></h2>\n<p>If any of this is landing for you, you’ll agree that we have to start thinking of model evaluation as architecture, not an afterthought. The good news is, rigorous model eval doesn’t have to be mind numbing anymore. </p>\n\n<p>Turns out, games are really great eval tools! Now you can spin up your very own little <a href='https://github.com/fly-apps/ai-town_on_fly.io' title=''>AI Town</a> on Fly.io with a single click deploy to test different models as pixel people in an evolving environment. I discuss the idea further in <a href='https://fly.io/blog/games-as-model-eval/' title=''>Games as Model Eval: 1-Click Deploy AI Town on Fly.io</a>.</p>",
"image": {
"url": "https://fly.io/blog/the-future-isn-t-model-agnostic/assets/Whack_A_Mole_.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/phoenix-new-the-remote-ai-runtime/",
"title": "Phoenix.new – The Remote AI Runtime for Phoenix",
"description": null,
"url": "https://fly.io/blog/phoenix-new-the-remote-ai-runtime/",
"published": "2025-06-20T00:00:00.000Z",
"updated": "2025-06-24T17:23:07.000Z",
"content": "<div class=\"lead\"><p>I’m Chris McCord, the creator of Elixir’s Phoenix framework. For the past several months, I’ve been working on a skunkworks project at Fly.io, and it’s time to show it off.</p>\n</div>\n<p>I wanted LLM agents to work just as well with Elixir as they do with Python and JavaScript. Last December, in order to figure out what that was going to take, I started a little weekend project to find out how difficult it would be to build a coding agent in Elixir.</p>\n\n<p>A few weeks later, I had it spitting out working Phoenix applications and driving a full in-browser IDE. I knew this wasn’t going to stay a weekend project.</p>\n\n<p>If you follow me on Twitter, you’ve probably seen me teasing this work as it picked up steam. We’re at a point where we’re pretty serious about this thing, and so it’s time to make a formal introduction.</p>\n\n<p>World, meet <a href='https://phoenix.new' title=''>Phoenix.new</a>, a batteries-included fully-online coding agent tailored to Elixir and Phoenix. I think it’s going to be the fastest way to build collaborative, real-time applications.</p>\n\n<p>Let’s see it in action:</p>\n<div class=\"youtube-container\" data-exclude-render>\n <div class=\"youtube-video\">\n <iframe\n width=\"100%\"\n height=\"100%\"\n src=\"https://www.youtube.com/embed/du7GmWGUM5Y\"\n frameborder=\"0\"\n allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\"\n allowfullscreen>\n </iframe>\n </div>\n</div>\n\n<h2 id='whats-interesting-about-phoenix-new' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#whats-interesting-about-phoenix-new' aria-label='Anchor'></a><span class='plain-code'>What’s Interesting About Phoenix.new</span></h2>\n<p>First, even though it runs entirely in your browser, Phoenix.new gives both you and your agent a root shell, in an ephemeral virtual machine (a <a href='https://fly.io/docs/machines/overview/' title=''>Fly Machine</a>) that gives our agent loop free rein to install things and run programs — without any risk of messing up your local machine. You don’t think about any of this; you just open up the VSCode interface, push the shell button, and there you are, on the isolated machine you share with the Phoenix.new agent.</p>\n\n<p>Second, it’s an agent system I built specifically for Phoenix. Phoenix is about real-time collaborative applications, and Phoenix.new knows what that means. To that end, Phoenix.new includes, in both its UI and its agent tools, a full browser. The Phoenix.new agent uses that browser “headlessly” to check its own front-end changes and interact with the app. Because it’s a full browser, instead of trying to iterate on screenshots, the agent sees real page content and JavaScript state – with or without a human present.</p>\n<h2 id='what-root-access-gets-us' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#what-root-access-gets-us' aria-label='Anchor'></a><span class='plain-code'>What Root Access Gets Us</span></h2>\n<p>Agents build software the way you did when you first got started, the way you still do today when you prototype things. They don’t carefully design Docker container layers and they don’t really do release cycles. An agent wants to pop a shell and get its fingernails dirty.</p>\n\n<p>A fully isolated virtual machine means Phoenix.new’s fingernails can get <em>arbitrarily dirty.</em> If it wants to add a package to <code>mix.exs</code>, it can do that and then run <code>mix phx.server</code> or <code>mix test</code> and check the output. Sure. Every agent can do that. But if it wants to add an APT package to the base operating system, it can do that too, and make sure it worked. It owns the whole environment.</p>\n\n<p>This offloads a huge amount of tedious, repetitive work.</p>\n\n<p>At his <a href='https://youtu.be/LCEmiRjPEtQ?si=sR_bdu6-AqPXSNmY&t=1902' title=''>AI Startup School talk last week</a>, Andrej Karpathy related his experience of building a restaurant menu visualizer, which takes camera pictures of text menus and transforms all the menu items into pictures. The code, which he vibe-coded with an LLM agent, was the easy part; he had it working in an afternoon. But getting the app online took him a whole week.</p>\n\n<p>With Phoenix.new, I’m taking dead aim at this problem. The apps we produce live in the cloud from the minute they launch. They have private, shareable URLs (we detect anything the agent generates with a bound port and give it a preview URL underneath <code>phx.run</code>, with integrated port-forwarding), they integrate with Github, and they inherit all the infrastructure guardrails of Fly.io: hardware virtualization, WireGuard, and isolated networks.</p>\n<div class=\"callout\"><p>Github’s <code>gh</code> CLI is installed by default. So the agent knows how to clone any repo, or browse issues, and you can even authorize it for internal repositories to get it working with your team’s existing projects and dependencies.</p>\n</div>\n<p>Full control of the environment also closes the loop between the agent and deployment. When Phoenix.new boots an app, it watches the logs, and tests the application. When an action triggers an error, Phoenix.new notices and gets to work.</p>\n<h2 id='watch-it-build-in-real-time' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#watch-it-build-in-real-time' aria-label='Anchor'></a><span class='plain-code'>Watch It Build In Real Time</span></h2>\n<p><a href='https://phoenix.new' title=''>Phoenix.new</a> can interact with web applications the way users do: with a real browser.</p>\n\n<p>The Phoenix.new environment includes a headless Chrome browser that our agent knows how to drive. Prompt it to add a front-end feature to your application, and it won’t just sketch the code out and make sure it compiles and lints. It’ll pull the app up itself and poke at the UI, simultaneously looking at the page content, JavaScript state, and server-side logs.</p>\n\n<p>Phoenix is all about <a href='https://fly.io/blog/how-we-got-to-liveview/' title=''>“live” real-time</a> interactivity, and gives us seamless live reload. The user interface for Phoenix.new itself includes a live preview of the app being worked on, so you can kick back and watch it build front-end features incrementally. Any other <code>.phx.run</code> tabs you have open also update as it goes. It’s wild.</p>\n<video title=\"agent interacting with web\" autoplay=\"autoplay\" loop=\"loop\" muted=\"muted\" playsinline=\"playsinline\" disablePictureInPicture=\"true\" class=\"mb-8\" src=\"/blog/phoenix-new-the-remote-ai-runtime/assets/webjs.mp4\"></video>\n\n<h2 id='not-just-for-vibe-coding' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#not-just-for-vibe-coding' aria-label='Anchor'></a><span class='plain-code'>Not Just For Vibe Coding</span></h2>\n<p>Phoenix.new can already build real, full-stack applications with WebSockets, Phoenix’s Presence features, and real databases. I’m seeing it succeed at business and collaborative applications right now.</p>\n\n<p>But there’s no fixed bound on the tasks you can reasonably ask it to accomplish. If you can do it with a shell and a browser, I want Phoenix.new to do it too. And it can do these tasks with or without you present.</p>\n\n<p>For example: set a <code>$DATABASE_URL</code> and tell the agent about it. The agent knows enough to go explore it with <code>psql</code>, and it’ll propose apps based on the schemas it finds. It can model Ecto schemas off the database. And if MySQL is your thing, the agent will just <code>apt install</code> a MySQL client and go to town.</p>\n\n<p>Frontier model LLMs have vast world knowledge. They generalize extremely well. At ElixirConfEU, I did a <a href='https://www.youtube.com/watch?v=ojL_VHc4gLk&t=3923s' title=''>demo vibe-coding Tetris</a> on stage. Phoenix.new nailed it, first try, first prompt. It’s not like there’s gobs of Phoenix LiveView Tetris examples floating around the Internet! But lots of people have published Tetris code, and lots of people have written LiveView stuff, and 2025 LLMs can connect those dots.</p>\n\n<p>At this point you might be wondering – can I just ask it to build a Rails app? Or an Expo React Native app? Or Svelte? Or Go?</p>\n\n<p>Yes, you can.</p>\n\n<p>Our system prompt is tuned for Phoenix today, but all languages you care about are already installed. We’re still figuring out where to take this, but adding new languages and frameworks definitely ranks highly in my plans.</p>\n<h2 id='our-async-agent-future' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#our-async-agent-future' aria-label='Anchor'></a><span class='plain-code'>Our Async Agent Future</span></h2>\n<p><a href='https://fly.io/blog/youre-all-nuts/' title=''>We’re at a massive step-change in developer workflows</a>.</p>\n\n<p>Agents can do real work, today, with or without a human present. Buckle up: the future of development, at least in the common case, probably looks less like cracking open a shell and finding a file to edit, and more like popping into a CI environment with agents working away around the clock.</p>\n\n<p>Local development isn’t going away. But there’s going to be a shift in where the majority of our iterations take place. I’m already using Phoenix.new to triage <code>phoenix-core</code> Github issues and pick problems to solve. I close my laptop, grab a cup of coffee, and wait for a PR to arrive — Phoenix.new knows how PRs work, too. We’re already here, and this space is just getting started.</p>\n\n<p>This isn’t where I thought I’d end up when I started poking around. The Phoenix and LiveView journey was much the same. Something special was there and the projects took on a life of their own. I’m excited to share this work now, and see where it might take us. I can’t wait to see what folks build.</p>",
"image": {
"url": "https://fly.io/blog/phoenix-new-the-remote-ai-runtime/assets/phoenixnew-thumb.png",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/mcps-everywhere/",
"title": "What are MCP Servers?",
"description": null,
"url": "https://fly.io/blog/mcps-everywhere/",
"published": "2025-06-12T00:00:00.000Z",
"updated": "2025-06-12T16:59:12.000Z",
"content": "<div class=\"lead\"><div><p>With Fly.io, <a href=\"https://fly.io/docs/speedrun/\" title=\"\">you can get your app running globally in a matter of minutes</a>, and with MCP servers you can integrate with Claude, VSCode, Cursor and <a href=\"https://modelcontextprotocol.io/clients\">many more AI clients</a>. <a href=\"https://fly.io/docs/mcp/\" title=\"\">Try it out for yourself</a>!</p>\n</div></div>\n<p>The introduction to <a href='https://modelcontextprotocol.io/introduction' title=''>Model Context Protocol</a> starts out with:</p>\n\n<blockquote>\n<p>MCP is an open protocol that standardizes how applications provide context to LLMs. Think of MCP like a USB-C port for AI applications. Just as USB-C provides a standardized way to connect your devices to various peripherals and accessories, MCP provides a standardized way to connect AI models to different data sources and tools.</p>\n</blockquote>\n\n<p>That paragraph, to me, is both comforting (“USB for LLM”? Cool! Got it!), and simultaneously vacuous (Um, but what do I actually <em>do</em> with this?).</p>\n\n<p>I’ve been digging deeper and have come up with a few more analogies and observations that make sense to me. Perhaps one or more of these will help you.</p>\n<h2 id='mcps-are-alexa-skills' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#mcps-are-alexa-skills' aria-label='Anchor'></a><span class='plain-code'>MCPs are Alexa Skills</span></h2>\n<p>You buy an Echo Dot and a Hue light. You plug them both in and connect them to your Wi-Fi. There is one more step you need to do: you need to install and enable the Philips Hue skill to connect the two.</p>\n\n<p>Now you might be using Siri or Google Assistant. Or you may want to connect a Ring Doorbell camera or Google Nest Thermostat. But the principle is the same, though the analogy is slightly stronger with a skill (which is a noun) as opposed to the action of pairing your Hue Bridge with Apple HomeKit (a verb).</p>\n<h2 id='mcps-are-api-2-0' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#mcps-are-api-2-0' aria-label='Anchor'></a><span class='plain-code'>MCPs are API 2.0</span></h2>\n<p>HTTP 1.1 is simple. You send a request, you get a response. While there are cookies and sessions, it is pretty much stateless and therefore inefficient, as each request needs to establish a new connection. WebSockets and Server-Sent Events (SSE) mitigate this a bit.</p>\n\n<p><a href='https://en.wikipedia.org/wiki/HTTP/2' title=''>HTTP 2.0</a> introduces features like multiplexing and server push. When you visit a web page for the first time, your browser can now request all of the associated JavaScript, CSS, and images at once, and the server can respond in any order.</p>\n\n<p>APIs today are typically request/response. MCPs support multiplexing and server push.</p>\n<h2 id='mcps-are-apis-with-introspection-reflection' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#mcps-are-apis-with-introspection-reflection' aria-label='Anchor'></a><span class='plain-code'>MCPs are APIs with Introspection/Reflection</span></h2>\n<p>With <a href='https://learn.openapis.org/' title=''>OpenAPI</a>, requests are typically JSON, and responses are too. Many OpenAPI providers publish a separate <a href='https://learn.openapis.org/specification/structure.html' title=''>OpenAPI Description (OAD)</a>, which contains a schema describing what requests are supported by that API.</p>\n\n<p>With MCP, requests are also JSON and responses are also JSON, but in addition, there are standard requests built into the protocol to obtain useful information, including what tools are provided, what arguments each tool expects, and a prose description of how each tool is expected to be used.</p>\n\n<p>As an aside, don’t automatically assume that you will get good results from <a href='https://neon.com/blog/autogenerating-mcp-servers-openai-schemas' title=''>auto-generating MCP Servers from OpenAPI schemas</a>:</p>\n\n<blockquote>\n<p>Effective MCP design means thinking about the workflows you want the agent to perform and potentially creating higher-level tools that encapsulate multiple API calls, rather than just exposing the raw building blocks of your entire API spec.</p>\n</blockquote>\n\n<p><a href='https://glama.ai/blog/2025-06-06-mcp-vs-api#five-fundamental-differences' title=''>MCP vs API</a> goes into this topic at greater debth.</p>\n\n<p>In many cases you will get better results treating LLMs as humans. If you have a CLI, consider using that as the starting point instead.</p>\n<h2 id='mcps-are-not-serverless' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#mcps-are-not-serverless' aria-label='Anchor'></a><span class='plain-code'>MCPs are <strong><i>not</i></strong> serverless</span></h2>\n<p><a href='https://en.wikipedia.org/wiki/Serverless_computing' title=''>Serverless</a>, sometimes known as <a href='https://en.wikipedia.org/wiki/Function_as_a_service' title=''>FaaS</a>, is a popular cloud computing model, where AWS Lambda is widely recognized as the archetype.</p>\n\n<p>MCP servers are not serverless; they have a well-defined and long-lived <a href='https://modelcontextprotocol.io/specification/2025-03-26/basic/lifecycle' title=''>lifecycle</a>:</p>\n\n<p><svg aria-roledescription=\"sequence\" role=\"graphics-document document\" viewBox=\"-50 -10 482 651\" style=\"max-width: 482px;\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" xmlns=\"http://www.w3.org/2000/svg\" width=\"100%\" id=\"rm\"><rect class=\"rect\" height=\"70\" width=\"302\" fill=\"rgb(200, 220, 250)\" y=\"325\" x=\"40\"></rect><g><rect class=\"actor actor-bottom\" ry=\"3\" rx=\"3\" name=\"Server\" height=\"65\" width=\"150\" stroke=\"#666\" fill=\"#eaeaea\" y=\"565\" x=\"232\"></rect><text class=\"actor actor-box\" alignment-baseline=\"central\" dominant-baseline=\"central\" style=\"text-anchor: middle; font-size: 16px; font-weight: 400; font-family: inherit;\" y=\"597.5\" x=\"307\"><tspan dy=\"0\" x=\"307\">Server</tspan></text></g><g><rect class=\"actor actor-bottom\" ry=\"3\" rx=\"3\" name=\"Client\" height=\"65\" width=\"150\" stroke=\"#666\" fill=\"#eaeaea\" y=\"565\" x=\"0\"></rect><text class=\"actor actor-box\" alignment-baseline=\"central\" dominant-baseline=\"central\" style=\"text-anchor: middle; font-size: 16px; font-weight: 400; font-family: inherit;\" y=\"597.5\" x=\"75\"><tspan dy=\"0\" x=\"75\">Client</tspan></text></g><g><line name=\"Server\" stroke=\"#999\" stroke-width=\"0.5px\" class=\"actor-line 200\" y2=\"565\" x2=\"307\" y1=\"65\" x1=\"307\" id=\"actor10\"></line><g id=\"root-10\"><rect class=\"actor actor-top\" ry=\"3\" rx=\"3\" name=\"Server\" height=\"65\" width=\"150\" stroke=\"#666\" fill=\"#eaeaea\" y=\"0\" x=\"232\"></rect><text class=\"actor actor-box\" alignment-baseline=\"central\" dominant-baseline=\"central\" style=\"text-anchor: middle; font-size: 16px; font-weight: 400; font-family: inherit;\" y=\"32.5\" x=\"307\"><tspan dy=\"0\" x=\"307\">Server</tspan></text></g></g><g><line name=\"Client\" stroke=\"#999\" stroke-width=\"0.5px\" class=\"actor-line 200\" y2=\"565\" x2=\"75\" y1=\"65\" x1=\"75\" id=\"actor9\"></line><g id=\"root-9\"><rect class=\"actor actor-top\" ry=\"3\" rx=\"3\" name=\"Client\" height=\"65\" width=\"150\" stroke=\"#666\" fill=\"#eaeaea\" y=\"0\" x=\"0\"></rect><text class=\"actor actor-box\" alignment-baseline=\"central\" dominant-baseline=\"central\" style=\"text-anchor: middle; font-size: 16px; font-weight: 400; font-family: inherit;\" y=\"32.5\" x=\"75\"><tspan dy=\"0\" x=\"75\">Client</tspan></text></g></g><style>#rm{font-family:inherit;font-size:16px;fill:#333;}#rm .error-icon{fill:#552222;}#rm .error-text{fill:#552222;stroke:#552222;}#rm .edge-thickness-normal{stroke-width:1px;}#rm .edge-thickness-thick{stroke-width:3.5px;}#rm .edge-pattern-solid{stroke-dasharray:0;}#rm .edge-thickness-invisible{stroke-width:0;fill:none;}#rm .edge-pattern-dashed{stroke-dasharray:3;}#rm .edge-pattern-dotted{stroke-dasharray:2;}#rm .marker{fill:#333333;stroke:#333333;}#rm .marker.cross{stroke:#333333;}#rm svg{font-family:inherit;font-size:16px;}#rm p{margin:0;}#rm .actor{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;}#rm text.actor>tspan{fill:black;stroke:none;}#rm .actor-line{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);}#rm .messageLine0{stroke-width:1.5;stroke-dasharray:none;stroke:#333;}#rm .messageLine1{stroke-width:1.5;stroke-dasharray:2,2;stroke:#333;}#rm #arrowhead path{fill:#333;stroke:#333;}#rm .sequenceNumber{fill:white;}#rm #sequencenumber{fill:#333;}#rm #crosshead path{fill:#333;stroke:#333;}#rm .messageText{fill:#333;stroke:none;}#rm .labelBox{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;}#rm .labelText,#rm .labelText>tspan{fill:black;stroke:none;}#rm .loopText,#rm .loopText>tspan{fill:black;stroke:none;}#rm .loopLine{stroke-width:2px;stroke-dasharray:2,2;stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);}#rm .note{stroke:#aaaa33;fill:#fff5ad;}#rm .noteText,#rm .noteText>tspan{fill:black;stroke:none;}#rm .activation0{fill:#f4f4f4;stroke:#666;}#rm .activation1{fill:#f4f4f4;stroke:#666;}#rm .activation2{fill:#f4f4f4;stroke:#666;}#rm .actorPopupMenu{position:absolute;}#rm .actorPopupMenuPanel{position:absolute;fill:#ECECFF;box-shadow:0px 8px 16px 0px rgba(0,0,0,0.2);filter:drop-shadow(3px 5px 2px rgb(0 0 0 / 0.4));}#rm .actor-man line{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;}#rm .actor-man circle,#rm line{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;stroke-width:2px;}#rm :root{--mermaid-font-family:inherit;}</style><g></g><defs><symbol height=\"24\" width=\"24\" id=\"computer\"><path d=\"M2 2v13h20v-13h-20zm18 11h-16v-9h16v9zm-10.228 6l.466-1h3.524l.467 1h-4.457zm14.228 3h-24l2-6h2.104l-1.33 4h18.45l-1.297-4h2.073l2 6zm-5-10h-14v-7h14v7z\" transform=\"scale(.5)\"></path></symbol></defs><defs><symbol clip-rule=\"evenodd\" fill-rule=\"evenodd\" id=\"database\"><path d=\"M12.258.001l.256.004.255.005.253.008.251.01.249.012.247.015.246.016.242.019.241.02.239.023.236.024.233.027.231.028.229.031.225.032.223.034.22.036.217.038.214.04.211.041.208.043.205.045.201.046.198.048.194.05.191.051.187.053.183.054.18.056.175.057.172.059.168.06.163.061.16.063.155.064.15.066.074.033.073.033.071.034.07.034.069.035.068.035.067.035.066.035.064.036.064.036.062.036.06.036.06.037.058.037.058.037.055.038.055.038.053.038.052.038.051.039.05.039.048.039.047.039.045.04.044.04.043.04.041.04.04.041.039.041.037.041.036.041.034.041.033.042.032.042.03.042.029.042.027.042.026.043.024.043.023.043.021.043.02.043.018.044.017.043.015.044.013.044.012.044.011.045.009.044.007.045.006.045.004.045.002.045.001.045v17l-.001.045-.002.045-.004.045-.006.045-.007.045-.009.044-.011.045-.012.044-.013.044-.015.044-.017.043-.018.044-.02.043-.021.043-.023.043-.024.043-.026.043-.027.042-.029.042-.03.042-.032.042-.033.042-.034.041-.036.041-.037.041-.039.041-.04.041-.041.04-.043.04-.044.04-.045.04-.047.039-.048.039-.05.039-.051.039-.052.038-.053.038-.055.038-.055.038-.058.037-.058.037-.06.037-.06.036-.062.036-.064.036-.064.036-.066.035-.067.035-.068.035-.069.035-.07.034-.071.034-.073.033-.074.033-.15.066-.155.064-.16.063-.163.061-.168.06-.172.059-.175.057-.18.056-.183.054-.187.053-.191.051-.194.05-.198.048-.201.046-.205.045-.208.043-.211.041-.214.04-.217.038-.22.036-.223.034-.225.032-.229.031-.231.028-.233.027-.236.024-.239.023-.241.02-.242.019-.246.016-.247.015-.249.012-.251.01-.253.008-.255.005-.256.004-.258.001-.258-.001-.256-.004-.255-.005-.253-.008-.251-.01-.249-.012-.247-.015-.245-.016-.243-.019-.241-.02-.238-.023-.236-.024-.234-.027-.231-.028-.228-.031-.226-.032-.223-.034-.22-.036-.217-.038-.214-.04-.211-.041-.208-.043-.204-.045-.201-.046-.198-.048-.195-.05-.19-.051-.187-.053-.184-.054-.179-.056-.176-.057-.172-.059-.167-.06-.164-.061-.159-.063-.155-.064-.151-.066-.074-.033-.072-.033-.072-.034-.07-.034-.069-.035-.068-.035-.067-.035-.066-.035-.064-.036-.063-.036-.062-.036-.061-.036-.06-.037-.058-.037-.057-.037-.056-.038-.055-.038-.053-.038-.052-.038-.051-.039-.049-.039-.049-.039-.046-.039-.046-.04-.044-.04-.043-.04-.041-.04-.04-.041-.039-.041-.037-.041-.036-.041-.034-.041-.033-.042-.032-.042-.03-.042-.029-.042-.027-.042-.026-.043-.024-.043-.023-.043-.021-.043-.02-.043-.018-.044-.017-.043-.015-.044-.013-.044-.012-.044-.011-.045-.009-.044-.007-.045-.006-.045-.004-.045-.002-.045-.001-.045v-17l.001-.045.002-.045.004-.045.006-.045.007-.045.009-.044.011-.045.012-.044.013-.044.015-.044.017-.043.018-.044.02-.043.021-.043.023-.043.024-.043.026-.043.027-.042.029-.042.03-.042.032-.042.033-.042.034-.041.036-.041.037-.041.039-.041.04-.041.041-.04.043-.04.044-.04.046-.04.046-.039.049-.039.049-.039.051-.039.052-.038.053-.038.055-.038.056-.038.057-.037.058-.037.06-.037.061-.036.062-.036.063-.036.064-.036.066-.035.067-.035.068-.035.069-.035.07-.034.072-.034.072-.033.074-.033.151-.066.155-.064.159-.063.164-.061.167-.06.172-.059.176-.057.179-.056.184-.054.187-.053.19-.051.195-.05.198-.048.201-.046.204-.045.208-.043.211-.041.214-.04.217-.038.22-.036.223-.034.226-.032.228-.031.231-.028.234-.027.236-.024.238-.023.241-.02.243-.019.245-.016.247-.015.249-.012.251-.01.253-.008.255-.005.256-.004.258-.001.258.001zm-9.258 20.499v.01l.001.021.003.021.004.022.005.021.006.022.007.022.009.023.01.022.011.023.012.023.013.023.015.023.016.024.017.023.018.024.019.024.021.024.022.025.023.024.024.025.052.049.056.05.061.051.066.051.07.051.075.051.079.052.084.052.088.052.092.052.097.052.102.051.105.052.11.052.114.051.119.051.123.051.127.05.131.05.135.05.139.048.144.049.147.047.152.047.155.047.16.045.163.045.167.043.171.043.176.041.178.041.183.039.187.039.19.037.194.035.197.035.202.033.204.031.209.03.212.029.216.027.219.025.222.024.226.021.23.02.233.018.236.016.24.015.243.012.246.01.249.008.253.005.256.004.259.001.26-.001.257-.004.254-.005.25-.008.247-.011.244-.012.241-.014.237-.016.233-.018.231-.021.226-.021.224-.024.22-.026.216-.027.212-.028.21-.031.205-.031.202-.034.198-.034.194-.036.191-.037.187-.039.183-.04.179-.04.175-.042.172-.043.168-.044.163-.045.16-.046.155-.046.152-.047.148-.048.143-.049.139-.049.136-.05.131-.05.126-.05.123-.051.118-.052.114-.051.11-.052.106-.052.101-.052.096-.052.092-.052.088-.053.083-.051.079-.052.074-.052.07-.051.065-.051.06-.051.056-.05.051-.05.023-.024.023-.025.021-.024.02-.024.019-.024.018-.024.017-.024.015-.023.014-.024.013-.023.012-.023.01-.023.01-.022.008-.022.006-.022.006-.022.004-.022.004-.021.001-.021.001-.021v-4.127l-.077.055-.08.053-.083.054-.085.053-.087.052-.09.052-.093.051-.095.05-.097.05-.1.049-.102.049-.105.048-.106.047-.109.047-.111.046-.114.045-.115.045-.118.044-.12.043-.122.042-.124.042-.126.041-.128.04-.13.04-.132.038-.134.038-.135.037-.138.037-.139.035-.142.035-.143.034-.144.033-.147.032-.148.031-.15.03-.151.03-.153.029-.154.027-.156.027-.158.026-.159.025-.161.024-.162.023-.163.022-.165.021-.166.02-.167.019-.169.018-.169.017-.171.016-.173.015-.173.014-.175.013-.175.012-.177.011-.178.01-.179.008-.179.008-.181.006-.182.005-.182.004-.184.003-.184.002h-.37l-.184-.002-.184-.003-.182-.004-.182-.005-.181-.006-.179-.008-.179-.008-.178-.01-.176-.011-.176-.012-.175-.013-.173-.014-.172-.015-.171-.016-.17-.017-.169-.018-.167-.019-.166-.02-.165-.021-.163-.022-.162-.023-.161-.024-.159-.025-.157-.026-.156-.027-.155-.027-.153-.029-.151-.03-.15-.03-.148-.031-.146-.032-.145-.033-.143-.034-.141-.035-.14-.035-.137-.037-.136-.037-.134-.038-.132-.038-.13-.04-.128-.04-.126-.041-.124-.042-.122-.042-.12-.044-.117-.043-.116-.045-.113-.045-.112-.046-.109-.047-.106-.047-.105-.048-.102-.049-.1-.049-.097-.05-.095-.05-.093-.052-.09-.051-.087-.052-.085-.053-.083-.054-.08-.054-.077-.054v4.127zm0-5.654v.011l.001.021.003.021.004.021.005.022.006.022.007.022.009.022.01.022.011.023.012.023.013.023.015.024.016.023.017.024.018.024.019.024.021.024.022.024.023.025.024.024.052.05.056.05.061.05.066.051.07.051.075.052.079.051.084.052.088.052.092.052.097.052.102.052.105.052.11.051.114.051.119.052.123.05.127.051.131.05.135.049.139.049.144.048.147.048.152.047.155.046.16.045.163.045.167.044.171.042.176.042.178.04.183.04.187.038.19.037.194.036.197.034.202.033.204.032.209.03.212.028.216.027.219.025.222.024.226.022.23.02.233.018.236.016.24.014.243.012.246.01.249.008.253.006.256.003.259.001.26-.001.257-.003.254-.006.25-.008.247-.01.244-.012.241-.015.237-.016.233-.018.231-.02.226-.022.224-.024.22-.025.216-.027.212-.029.21-.03.205-.032.202-.033.198-.035.194-.036.191-.037.187-.039.183-.039.179-.041.175-.042.172-.043.168-.044.163-.045.16-.045.155-.047.152-.047.148-.048.143-.048.139-.05.136-.049.131-.05.126-.051.123-.051.118-.051.114-.052.11-.052.106-.052.101-.052.096-.052.092-.052.088-.052.083-.052.079-.052.074-.051.07-.052.065-.051.06-.05.056-.051.051-.049.023-.025.023-.024.021-.025.02-.024.019-.024.018-.024.017-.024.015-.023.014-.023.013-.024.012-.022.01-.023.01-.023.008-.022.006-.022.006-.022.004-.021.004-.022.001-.021.001-.021v-4.139l-.077.054-.08.054-.083.054-.085.052-.087.053-.09.051-.093.051-.095.051-.097.05-.1.049-.102.049-.105.048-.106.047-.109.047-.111.046-.114.045-.115.044-.118.044-.12.044-.122.042-.124.042-.126.041-.128.04-.13.039-.132.039-.134.038-.135.037-.138.036-.139.036-.142.035-.143.033-.144.033-.147.033-.148.031-.15.03-.151.03-.153.028-.154.028-.156.027-.158.026-.159.025-.161.024-.162.023-.163.022-.165.021-.166.02-.167.019-.169.018-.169.017-.171.016-.173.015-.173.014-.175.013-.175.012-.177.011-.178.009-.179.009-.179.007-.181.007-.182.005-.182.004-.184.003-.184.002h-.37l-.184-.002-.184-.003-.182-.004-.182-.005-.181-.007-.179-.007-.179-.009-.178-.009-.176-.011-.176-.012-.175-.013-.173-.014-.172-.015-.171-.016-.17-.017-.169-.018-.167-.019-.166-.02-.165-.021-.163-.022-.162-.023-.161-.024-.159-.025-.157-.026-.156-.027-.155-.028-.153-.028-.151-.03-.15-.03-.148-.031-.146-.033-.145-.033-.143-.033-.141-.035-.14-.036-.137-.036-.136-.037-.134-.038-.132-.039-.13-.039-.128-.04-.126-.041-.124-.042-.122-.043-.12-.043-.117-.044-.116-.044-.113-.046-.112-.046-.109-.046-.106-.047-.105-.048-.102-.049-.1-.049-.097-.05-.095-.051-.093-.051-.09-.051-.087-.053-.085-.052-.083-.054-.08-.054-.077-.054v4.139zm0-5.666v.011l.001.02.003.022.004.021.005.022.006.021.007.022.009.023.01.022.011.023.012.023.013.023.015.023.016.024.017.024.018.023.019.024.021.025.022.024.023.024.024.025.052.05.056.05.061.05.066.051.07.051.075.052.079.051.084.052.088.052.092.052.097.052.102.052.105.051.11.052.114.051.119.051.123.051.127.05.131.05.135.05.139.049.144.048.147.048.152.047.155.046.16.045.163.045.167.043.171.043.176.042.178.04.183.04.187.038.19.037.194.036.197.034.202.033.204.032.209.03.212.028.216.027.219.025.222.024.226.021.23.02.233.018.236.017.24.014.243.012.246.01.249.008.253.006.256.003.259.001.26-.001.257-.003.254-.006.25-.008.247-.01.244-.013.241-.014.237-.016.233-.018.231-.02.226-.022.224-.024.22-.025.216-.027.212-.029.21-.03.205-.032.202-.033.198-.035.194-.036.191-.037.187-.039.183-.039.179-.041.175-.042.172-.043.168-.044.163-.045.16-.045.155-.047.152-.047.148-.048.143-.049.139-.049.136-.049.131-.051.126-.05.123-.051.118-.052.114-.051.11-.052.106-.052.101-.052.096-.052.092-.052.088-.052.083-.052.079-.052.074-.052.07-.051.065-.051.06-.051.056-.05.051-.049.023-.025.023-.025.021-.024.02-.024.019-.024.018-.024.017-.024.015-.023.014-.024.013-.023.012-.023.01-.022.01-.023.008-.022.006-.022.006-.022.004-.022.004-.021.001-.021.001-.021v-4.153l-.077.054-.08.054-.083.053-.085.053-.087.053-.09.051-.093.051-.095.051-.097.05-.1.049-.102.048-.105.048-.106.048-.109.046-.111.046-.114.046-.115.044-.118.044-.12.043-.122.043-.124.042-.126.041-.128.04-.13.039-.132.039-.134.038-.135.037-.138.036-.139.036-.142.034-.143.034-.144.033-.147.032-.148.032-.15.03-.151.03-.153.028-.154.028-.156.027-.158.026-.159.024-.161.024-.162.023-.163.023-.165.021-.166.02-.167.019-.169.018-.169.017-.171.016-.173.015-.173.014-.175.013-.175.012-.177.01-.178.01-.179.009-.179.007-.181.006-.182.006-.182.004-.184.003-.184.001-.185.001-.185-.001-.184-.001-.184-.003-.182-.004-.182-.006-.181-.006-.179-.007-.179-.009-.178-.01-.176-.01-.176-.012-.175-.013-.173-.014-.172-.015-.171-.016-.17-.017-.169-.018-.167-.019-.166-.02-.165-.021-.163-.023-.162-.023-.161-.024-.159-.024-.157-.026-.156-.027-.155-.028-.153-.028-.151-.03-.15-.03-.148-.032-.146-.032-.145-.033-.143-.034-.141-.034-.14-.036-.137-.036-.136-.037-.134-.038-.132-.039-.13-.039-.128-.041-.126-.041-.124-.041-.122-.043-.12-.043-.117-.044-.116-.044-.113-.046-.112-.046-.109-.046-.106-.048-.105-.048-.102-.048-.1-.05-.097-.049-.095-.051-.093-.051-.09-.052-.087-.052-.085-.053-.083-.053-.08-.054-.077-.054v4.153zm8.74-8.179l-.257.004-.254.005-.25.008-.247.011-.244.012-.241.014-.237.016-.233.018-.231.021-.226.022-.224.023-.22.026-.216.027-.212.028-.21.031-.205.032-.202.033-.198.034-.194.036-.191.038-.187.038-.183.04-.179.041-.175.042-.172.043-.168.043-.163.045-.16.046-.155.046-.152.048-.148.048-.143.048-.139.049-.136.05-.131.05-.126.051-.123.051-.118.051-.114.052-.11.052-.106.052-.101.052-.096.052-.092.052-.088.052-.083.052-.079.052-.074.051-.07.052-.065.051-.06.05-.056.05-.051.05-.023.025-.023.024-.021.024-.02.025-.019.024-.018.024-.017.023-.015.024-.014.023-.013.023-.012.023-.01.023-.01.022-.008.022-.006.023-.006.021-.004.022-.004.021-.001.021-.001.021.001.021.001.021.004.021.004.022.006.021.006.023.008.022.01.022.01.023.012.023.013.023.014.023.015.024.017.023.018.024.019.024.02.025.021.024.023.024.023.025.051.05.056.05.06.05.065.051.07.052.074.051.079.052.083.052.088.052.092.052.096.052.101.052.106.052.11.052.114.052.118.051.123.051.126.051.131.05.136.05.139.049.143.048.148.048.152.048.155.046.16.046.163.045.168.043.172.043.175.042.179.041.183.04.187.038.191.038.194.036.198.034.202.033.205.032.21.031.212.028.216.027.22.026.224.023.226.022.231.021.233.018.237.016.241.014.244.012.247.011.25.008.254.005.257.004.26.001.26-.001.257-.004.254-.005.25-.008.247-.011.244-.012.241-.014.237-.016.233-.018.231-.021.226-.022.224-.023.22-.026.216-.027.212-.028.21-.031.205-.032.202-.033.198-.034.194-.036.191-.038.187-.038.183-.04.179-.041.175-.042.172-.043.168-.043.163-.045.16-.046.155-.046.152-.048.148-.048.143-.048.139-.049.136-.05.131-.05.126-.051.123-.051.118-.051.114-.052.11-.052.106-.052.101-.052.096-.052.092-.052.088-.052.083-.052.079-.052.074-.051.07-.052.065-.051.06-.05.056-.05.051-.05.023-.025.023-.024.021-.024.02-.025.019-.024.018-.024.017-.023.015-.024.014-.023.013-.023.012-.023.01-.023.01-.022.008-.022.006-.023.006-.021.004-.022.004-.021.001-.021.001-.021-.001-.021-.001-.021-.004-.021-.004-.022-.006-.021-.006-.023-.008-.022-.01-.022-.01-.023-.012-.023-.013-.023-.014-.023-.015-.024-.017-.023-.018-.024-.019-.024-.02-.025-.021-.024-.023-.024-.023-.025-.051-.05-.056-.05-.06-.05-.065-.051-.07-.052-.074-.051-.079-.052-.083-.052-.088-.052-.092-.052-.096-.052-.101-.052-.106-.052-.11-.052-.114-.052-.118-.051-.123-.051-.126-.051-.131-.05-.136-.05-.139-.049-.143-.048-.148-.048-.152-.048-.155-.046-.16-.046-.163-.045-.168-.043-.172-.043-.175-.042-.179-.041-.183-.04-.187-.038-.191-.038-.194-.036-.198-.034-.202-.033-.205-.032-.21-.031-.212-.028-.216-.027-.22-.026-.224-.023-.226-.022-.231-.021-.233-.018-.237-.016-.241-.014-.244-.012-.247-.011-.25-.008-.254-.005-.257-.004-.26-.001-.26.001z\" transform=\"scale(.5)\"></path></symbol></defs><defs><symbol height=\"24\" width=\"24\" id=\"clock\"><path d=\"M12 2c5.514 0 10 4.486 10 10s-4.486 10-10 10-10-4.486-10-10 4.486-10 10-10zm0-2c-6.627 0-12 5.373-12 12s5.373 12 12 12 12-5.373 12-12-5.373-12-12-12zm5.848 12.459c.202.038.202.333.001.372-1.907.361-6.045 1.111-6.547 1.111-.719 0-1.301-.582-1.301-1.301 0-.512.77-5.447 1.125-7.445.034-.192.312-.181.343.014l.985 6.238 5.394 1.011z\" transform=\"scale(.5)\"></path></symbol></defs><defs><marker orient=\"auto-start-reverse\" markerHeight=\"12\" markerWidth=\"12\" markerUnits=\"userSpaceOnUse\" refY=\"5\" refX=\"7.9\" id=\"arrowhead\"><path d=\"M -1 0 L 10 5 L 0 10 z\"></path></marker></defs><defs><marker refY=\"4.5\" refX=\"4\" orient=\"auto\" markerHeight=\"8\" markerWidth=\"15\" id=\"crosshead\"><path d=\"M 1,2 L 6,7 M 6,2 L 1,7\" stroke-width=\"1pt\" style=\"stroke-dasharray: 0px, 0px;\" stroke=\"#000000\" fill=\"none\"></path></marker></defs><defs><marker orient=\"auto\" markerHeight=\"28\" markerWidth=\"20\" refY=\"7\" refX=\"15.5\" id=\"filled-head\"><path d=\"M 18,7 L9,13 L14,7 L9,1 Z\"></path></marker></defs><defs><marker orient=\"auto\" markerHeight=\"40\" markerWidth=\"60\" refY=\"15\" refX=\"15\" id=\"sequencenumber\"><circle r=\"6\" cy=\"15\" cx=\"15\"></circle></marker></defs><g><rect class=\"note\" height=\"40\" width=\"282\" stroke=\"#666\" fill=\"#EDF2AE\" y=\"75\" x=\"50\"></rect><text dy=\"1em\" class=\"noteText\" style=\"font-family: inherit; font-size: 16px; font-weight: 400;\" alignment-baseline=\"middle\" dominant-baseline=\"middle\" text-anchor=\"middle\" y=\"80\" x=\"191\"><tspan x=\"191\">Initialization Phase</tspan></text></g><g><rect class=\"activation0\" height=\"380\" width=\"10\" stroke=\"#666\" fill=\"#EDF2AE\" y=\"115\" x=\"70\"></rect></g><g><rect class=\"activation0\" height=\"328\" width=\"10\" stroke=\"#666\" fill=\"#EDF2AE\" y=\"167\" x=\"302\"></rect></g><g><rect class=\"note\" height=\"40\" width=\"282\" stroke=\"#666\" fill=\"#EDF2AE\" y=\"275\" x=\"50\"></rect><text dy=\"1em\" class=\"noteText\" style=\"font-family: inherit; font-size: 16px; font-weight: 400;\" alignment-baseline=\"middle\" dominant-baseline=\"middle\" text-anchor=\"middle\" y=\"280\" x=\"191\"><tspan x=\"191\">Operation Phase</tspan></text></g><g><rect class=\"note\" height=\"40\" width=\"282\" stroke=\"#666\" fill=\"#EDF2AE\" y=\"345\" x=\"50\"></rect><text dy=\"1em\" class=\"noteText\" style=\"font-family: inherit; font-size: 16px; font-weight: 400;\" alignment-baseline=\"middle\" dominant-baseline=\"middle\" text-anchor=\"middle\" y=\"350\" x=\"191\"><tspan x=\"191\">Normal protocol operations</tspan></text></g><g><rect class=\"note\" height=\"40\" width=\"282\" stroke=\"#666\" fill=\"#EDF2AE\" y=\"405\" x=\"50\"></rect><text dy=\"1em\" class=\"noteText\" style=\"font-family: inherit; font-size: 16px; font-weight: 400;\" alignment-baseline=\"middle\" dominant-baseline=\"middle\" text-anchor=\"middle\" y=\"410\" x=\"191\"><tspan x=\"191\">Shutdown</tspan></text></g><g><rect class=\"note\" height=\"40\" width=\"282\" stroke=\"#666\" fill=\"#EDF2AE\" y=\"505\" x=\"50\"></rect><text dy=\"1em\" class=\"noteText\" style=\"font-family: inherit; font-size: 16px; font-weight: 400;\" alignment-baseline=\"middle\" dominant-baseline=\"middle\" text-anchor=\"middle\" y=\"510\" x=\"191\"><tspan x=\"191\">Connection closed</tspan></text></g><text dy=\"1em\" class=\"messageText\" style=\"font-family: inherit; font-size: 16px; font-weight: 400;\" alignment-baseline=\"middle\" dominant-baseline=\"middle\" text-anchor=\"middle\" y=\"130\" x=\"190\">initialize request</text><line marker-end=\"url(#arrowhead)\" style=\"fill: none;\" stroke=\"none\" stroke-width=\"2\" class=\"messageLine0\" y2=\"165\" x2=\"299\" y1=\"165\" x1=\"80\"></line><text dy=\"1em\" class=\"messageText\" style=\"font-family: inherit; font-size: 16px; font-weight: 400;\" alignment-baseline=\"middle\" dominant-baseline=\"middle\" text-anchor=\"middle\" y=\"180\" x=\"193\">initialize response</text><line marker-end=\"url(#arrowhead)\" stroke=\"none\" stroke-width=\"2\" class=\"messageLine1\" style=\"stroke-dasharray: 3px, 3px; fill: none;\" y2=\"215\" x2=\"83\" y1=\"215\" x1=\"302\"></line><text dy=\"1em\" class=\"messageText\" style=\"font-family: inherit; font-size: 16px; font-weight: 400;\" alignment-baseline=\"middle\" dominant-baseline=\"middle\" text-anchor=\"middle\" y=\"230\" x=\"190\">initialized notification</text><line marker-end=\"url(#filled-head)\" stroke=\"none\" stroke-width=\"2\" class=\"messageLine1\" style=\"stroke-dasharray: 3px, 3px; fill: none;\" y2=\"265\" x2=\"299\" y1=\"265\" x1=\"80\"></line><text dy=\"1em\" class=\"messageText\" style=\"font-family: inherit; font-size: 16px; font-weight: 400;\" alignment-baseline=\"middle\" dominant-baseline=\"middle\" text-anchor=\"middle\" y=\"460\" x=\"190\">Disconnect</text><line marker-end=\"url(#filled-head)\" stroke=\"none\" stroke-width=\"2\" class=\"messageLine1\" style=\"stroke-dasharray: 3px, 3px; fill: none;\" y2=\"495\" x2=\"299\" y1=\"495\" x1=\"80\"></line></svg></p>\n<figure class=\"post-cta\">\n <figcaption>\n <h1>You can play with this right now.</h1>\n <p>MCPs are barely six months old, but we are keeping up with the latest</p>\n <a class=\"btn btn-lg\" href=\"https://fly.io/docs/mcp\">\n Try launching your MCP server on Fly.io today <span class='opacity-50'>→</span>\n </a>\n </figcaption>\n <div class=\"image-container\">\n <img src=\"/static/images/cta-kitty.webp\" srcset=\"/static/images/[email protected] 2x\" alt=\"\">\n </div>\n</figure>\n\n<h2 id='mcps-are-not-inherently-secure-or-private' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#mcps-are-not-inherently-secure-or-private' aria-label='Anchor'></a><span class='plain-code'>MCPs are <strong><i>not</i></strong> Inherently Secure or Private</span></h2>\n<p>Here I am not talking about <a href='https://simonwillison.net/2025/Apr/9/mcp-prompt-injection/' title=''>prompt injection</a> or <a href='https://simonwillison.net/2025/May/26/github-mcp-exploited/' title=''>exploitable abilities</a>, though those are real problems too.</p>\n\n<p>I’m talking about something more fundamental and basic. Let’s take a look at the very same <a href='https://github.com/github/github-mcp-server' title=''>GitHub MCP</a> featured in the above two descriptions of an exploitable exposure. The current process for installing a stdio MCP into Claude involves placing secrets in plain text in a well-defined location. And the process for installing the <em>next</em> MCP server is to download a program from a third party and run that tool in a way that has access to this very file.</p>\n\n<p>Addressing MCP security requires a holistic approach, but one key strategy component is the ability to run an MCP server on a remote machine which can only be accessed by you, and only after you present a revocable bearer token. That remote machine may require access to secrets (like your GitHub token), but those secrets are not something either your LLM client or other MCP servers will be able to access directly.</p>\n<h2 id='mcps-should-be-considered-family' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#mcps-should-be-considered-family' aria-label='Anchor'></a><span class='plain-code'>MCPs should be considered family</span></h2>\n<p>Recapping: <a href='https://www.usa.philips.com/' title=''>Philips</a> has an <a href='https://developers.meethue.com/' title=''>API and SDK</a> for Hue that is used by perhaps thousands, and has an <a href='https://www.amazon.com/Philips-Hue/dp/B01LWAGUG7' title=''>Alexa Skill</a> that is used by untold millions. Of course, somebody already built a <a href='https://github.com/ThomasRohde/hue-mcp' title=''>Philips Hue MCP Server</a>.</p>\n\n<p>LLMs are brains. MCPs give LLMs eyes, hands, and legs. The end result is a robot. Most MCPs today are brainless—they merely are eyes, hands, and legs. The results are appliances. I buy and install a dishwasher. You do too. Both of our dishwashers perform the same basic function. As do any Hue lights we may buy.</p>\n\n<p>In The Jetsons, <a href='https://thejetsons.fandom.com/wiki/Rosey' title=''>Rosie</a> is a maid and housekeeper who is also a member of the family. She is good friends with Jane and takes the role of a surrogate aunt towards Elroy and Judy. Let’s start there and go further.</p>\n\n<p>A person with an LLM can build things. Imagine having a 3D printer that makes robots or agents that act on your behalf. You may want an agent to watch for trends in your business, keep track of what events are happening in your area, screen your text messages, or act as a DJ when you get together with friends.</p>\n\n<p>You may share the MCP servers you create with others to use as starting points, but they undoubtedly will adapt them and make them their own.</p>\n<h2 id='closing-thoughts' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#closing-thoughts' aria-label='Anchor'></a><span class='plain-code'>Closing Thoughts</span></h2>\n<p>Don’t get me wrong. I am not saying there won’t be MCPs that are mere appliances—there undoubtedly will be plenty of those. But not all MCPs will be appliances; many will be agents.</p>\n\n<p>Today, most people exploring LLMs are trying to add LLMs to things they already have—for example, IDEs. MCPs flip this. Instead of adding LLMs to something you already have, you add something you already have to an LLM.</p>\n\n<p><a href='https://desktopcommander.app/' title=''>Desktop Commander MCP</a> is an example I’m particularly fond of that does exactly this. It also happens to be a prime example of a tool you want to give root access to, then lock it in a secure box and run someplace other than your laptop. <a href='https://fly.io/docs/mcp/examples/#desktop-commander' title=''>Give it a try</a>.</p>\n\n<p>Microsoft is actively working on <a href='https://developer.microsoft.com/en-us/windows/agentic/' title=''>Agentic Windows</a>. Your smartphone is the obvious next frontier. Today, you have an app store and a web browser. MCP servers have the potential to make both obsolete—and this could happen sooner than you think.</p>",
"image": {
"url": "https://fly.io/blog/mcps-everywhere/assets/mcps-everywhere.jpg",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/youre-all-nuts/",
"title": "My AI Skeptic Friends Are All Nuts",
"description": null,
"url": "https://fly.io/blog/youre-all-nuts/",
"published": "2025-06-02T00:00:00.000Z",
"updated": "2025-06-10T21:38:22.000Z",
"content": "<div class=\"lead\"><p>A heartfelt provocation about AI-assisted programming.</p>\n</div>\n<p>Tech execs are mandating LLM adoption. That’s bad strategy. But I get where they’re coming from.</p>\n\n<p>Some of the smartest people I know share a bone-deep belief that AI is a fad — the next iteration of NFT mania. I’ve been reluctant to push back on them, because, well, they’re smarter than me. But their arguments are unserious, and worth confronting. Extraordinarily talented people are doing work that LLMs already do better, out of spite.</p>\n\n<p>All progress on LLMs could halt today, and LLMs would remain the 2nd most important thing to happen over the course of my career.</p>\n<div class=\"callout\"><p><strong class=\"font-semibold text-navy-950\">Important caveat</strong>: I’m discussing only the implications of LLMs for software development. For art, music, and writing? I got nothing. I’m inclined to believe the skeptics in those fields. I just don’t believe them about mine.</p>\n</div>\n<p>Bona fides: I’ve been shipping software since the mid-1990s. I started out in boxed, shrink-wrap C code. Survived an ill-advised <a href='https://www.amazon.com/Modern-Design-Generic-Programming-Patterns/dp/0201704315' title=''>Alexandrescu</a> C++ phase. Lots of Ruby and Python tooling. Some kernel work. A whole lot of server-side C, Go, and Rust. However you define “serious developer”, I qualify. Even if only on one of your lower tiers.</p>\n<h3 id='level-setting' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#level-setting' aria-label='Anchor'></a><span class='plain-code'>level setting</span></h3><div class=\"right-sidenote\"><p>† (or, God forbid, 2 years ago with Copilot)</p>\n</div>\n<p>First, we need to get on the same page. If you were trying and failing to use an LLM for code 6 months ago †, you’re not doing what most serious LLM-assisted coders are doing.</p>\n\n<p>People coding with LLMs today use agents. Agents get to poke around your codebase on their own. They author files directly. They run tools. They compile code, run tests, and iterate on the results. They also:</p>\n\n<ul>\n<li>pull in arbitrary code from the tree, or from other trees online, into their context windows,\n</li><li>run standard Unix tools to navigate the tree and extract information,\n</li><li>interact with Git,\n</li><li>run existing tooling, like linters, formatters, and model checkers, and\n</li><li>make essentially arbitrary tool calls (that you set up) through MCP.\n</li></ul>\n<div class=\"callout\"><p>The code in an agent that actually “does stuff” with code is not, itself, AI. This should reassure you. It’s surprisingly simple systems code, wired to ground truth about programming in the same way a Makefile is. You could write an effective coding agent in a weekend. Its strengths would have more to do with how you think about and structure builds and linting and test harnesses than with how advanced o3 or Sonnet have become.</p>\n</div>\n<p>If you’re making requests on a ChatGPT page and then pasting the resulting (broken) code into your editor, you’re not doing what the AI boosters are doing. No wonder you’re talking past each other.</p>\n<h3 id='the-positive-case' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-positive-case' aria-label='Anchor'></a><span class='plain-code'>the positive case</span></h3>\n<p><img alt=\"four quadrants of tedium and importance\" src=\"/blog/youre-all-nuts/assets/code-quad.png?2/3¢er\" /></p>\n\n<p>LLMs can write a large fraction of all the tedious code you’ll ever need to write. And most code on most projects is tedious. LLMs drastically reduce the number of things you’ll ever need to Google. They look things up themselves. Most importantly, they don’t get tired; they’re immune to inertia.</p>\n\n<p>Think of anything you wanted to build but didn’t. You tried to home in on some first steps. If you’d been in the limerent phase of a new programming language, you’d have started writing. But you weren’t, so you put it off, for a day, a year, or your whole career.</p>\n\n<p>I can feel my blood pressure rising thinking of all the bookkeeping and Googling and dependency drama of a new project. An LLM can be instructed to just figure all that shit out. Often, it will drop you precisely at that golden moment where shit almost works, and development means tweaking code and immediately seeing things work better. That dopamine hit is why I code.</p>\n\n<p>There’s a downside. Sometimes, gnarly stuff needs doing. But you don’t wanna do it. So you refactor unit tests, soothing yourself with the lie that you’re doing real work. But an LLM can be told to go refactor all your unit tests. An agent can occupy itself for hours putzing with your tests in a VM and come back later with a PR. If you listen to me, you’ll know that. You’ll feel worse yak-shaving. You’ll end up doing… real work.</p>\n<h3 id='but-you-have-no-idea-what-the-code-is' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-you-have-no-idea-what-the-code-is' aria-label='Anchor'></a><span class='plain-code'>but you have no idea what the code is</span></h3>\n<p>Are you a vibe coding Youtuber? Can you not read code? If so: astute point. Otherwise: what the fuck is wrong with you?</p>\n\n<p>You’ve always been responsible for what you merge to <code>main</code>. You were five years go. And you are tomorrow, whether or not you use an LLM.</p>\n\n<p>If you build something with an LLM that people will depend on, read the code. In fact, you’ll probably do more than that. You’ll spend 5-10 minutes knocking it back into your own style. LLMs are <a href='https://github.com/PatrickJS/awesome-cursorrules' title=''>showing signs of adapting</a> to local idiom, but we’re not there yet.</p>\n\n<p>People complain about LLM-generated code being “probabilistic”. No it isn’t. It’s code. It’s not Yacc output. It’s knowable. The LLM might be stochastic. But the LLM doesn’t matter. What matters is whether you can make sense of the result, and whether your guardrails hold.</p>\n\n<p>Reading other people’s code is part of the job. If you can’t metabolize the boring, repetitive code an LLM generates: skills issue! How are you handling the chaos human developers turn out on a deadline?</p>\n<div class=\"right-sidenote\"><p>† (because it can hold 50-70kloc in its context window)</p>\n</div>\n<p>For the last month or so, Gemini 2.5 has been my go-to †. Almost nothing it spits out for me merges without edits. I’m sure there’s a skill to getting a SOTA model to one-shot a feature-plus-merge! But I don’t care. I like moving the code around and chuckling to myself while I delete all the stupid comments. I have to read the code line-by-line anyways.</p>\n<h3 id='but-hallucination' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-hallucination' aria-label='Anchor'></a><span class='plain-code'>but hallucination</span></h3>\n<p>If hallucination matters to you, your programming language has let you down.</p>\n\n<p>Agents lint. They compile and run tests. If their LLM invents a new function signature, the agent sees the error. They feed it back to the LLM, which says “oh, right, I totally made that up” and then tries again.</p>\n\n<p>You’ll only notice this happening if you watch the chain of thought log your agent generates. Don’t. This is why I like <a href='https://zed.dev/agentic' title=''>Zed’s agent mode</a>: it begs you to tab away and let it work, and pings you with a desktop notification when it’s done.</p>\n\n<p>I’m sure there are still environments where hallucination matters. But “hallucination” is the first thing developers bring up when someone suggests using LLMs, despite it being (more or less) a solved problem.</p>\n<h3 id='but-the-code-is-shitty-like-that-of-a-junior-developer' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-the-code-is-shitty-like-that-of-a-junior-developer' aria-label='Anchor'></a><span class='plain-code'>but the code is shitty, like that of a junior developer</span></h3>\n<p>Does an intern cost $20/month? Because that’s what Cursor.ai costs.</p>\n\n<p>Part of being a senior developer is making less-able coders productive, be they fleshly or algebraic. Using agents well is both a both a skill and an engineering project all its own, of prompts, indices, <a href='https://fly.io/blog/semgrep-but-for-real-now/' title=''>and (especially) tooling.</a> LLMs only produce shitty code if you let them.</p>\n<div class=\"right-sidenote\"><p>† (Also: 100% of all the Bash code you should author ever again)</p>\n</div>\n<p>Maybe the current confusion is about who’s doing what work. Today, LLMs do a lot of typing, Googling, test cases †, and edit-compile-test-debug cycles. But even the most Claude-poisoned serious developers in the world still own curation, judgement, guidance, and direction.</p>\n\n<p>Also: let’s stop kidding ourselves about how good our human first cuts really are.</p>\n<h3 id='but-its-bad-at-rust' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-its-bad-at-rust' aria-label='Anchor'></a><span class='plain-code'>but it’s bad at rust</span></h3>\n<p>It’s hard to get a good toolchain for Brainfuck, too. Life’s tough in the aluminum siding business.</p>\n<div class=\"right-sidenote\"><p>† (and they surely will; the Rust community takes tooling seriously)</p>\n</div>\n<p>A lot of LLM skepticism probably isn’t really about LLMs. It’s projection. People say “LLMs can’t code” when what they really mean is “LLMs can’t write Rust”. Fair enough! But people select languages in part based on how well LLMs work with them, so Rust people should get on that †.</p>\n\n<p>I work mostly in Go. I’m confident the designers of the Go programming language didn’t set out to produce the most LLM-legible language in the industry. They succeeded nonetheless. Go has just enough type safety, an extensive standard library, and a culture that prizes (often repetitive) idiom. LLMs kick ass generating it.</p>\n\n<p>All this is to say: I write some Rust. I like it fine. If LLMs and Rust aren’t working for you, I feel you. But if that’s your whole thing, we’re not having the same argument.</p>\n<h3 id='but-the-craft' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-the-craft' aria-label='Anchor'></a><span class='plain-code'>but the craft</span></h3>\n<p>Do you like fine Japanese woodworking? All hand tools and sashimono joinery? Me too. Do it on your own time.</p>\n<div class=\"right-sidenote\"><p>† (I’m a piker compared to my woodworking friends)</p>\n</div>\n<p>I have a basic wood shop in my basement †. I could get a lot of satisfaction from building a table. And, if that table is a workbench or a grill table, sure, I’ll build it. But if I need, like, a table? For people to sit at? In my office? I buy a fucking table.</p>\n\n<p>Professional software developers are in the business of solving practical problems for people with code. We are not, in our day jobs, artisans. Steve Jobs was wrong: we do not need to carve the unseen feet in the sculpture. Nobody cares if the logic board traces are pleasingly routed. If anything we build endures, it won’t be because the codebase was beautiful.</p>\n\n<p>Besides, that’s not really what happens. If you’re taking time carefully golfing functions down into graceful, fluent, minimal functional expressions, alarm bells should ring. You’re yak-shaving. The real work has depleted your focus. You’re not building: you’re self-soothing.</p>\n\n<p>Which, wait for it, is something LLMs are good for. They devour schlep, and clear a path to the important stuff, where your judgement and values really matter.</p>\n<h3 id='but-the-mediocrity' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-the-mediocrity' aria-label='Anchor'></a><span class='plain-code'>but the mediocrity</span></h3>\n<p>As a mid-late career coder, I’ve come to appreciate mediocrity. You should be so lucky as to have it flowing almost effortlessly from a tap.</p>\n\n<p>We all write mediocre code. Mediocre code: often fine. Not all code is equally important. Some code should be mediocre. Maximum effort on a random unit test? You’re doing something wrong. Your team lead should correct you.</p>\n\n<p>Developers all love to preen about code. They worry LLMs lower the “ceiling” for quality. Maybe. But they also raise the “floor”.</p>\n\n<p>Gemini’s floor is higher than my own. My code looks nice. But it’s not as thorough. LLM code is repetitive. But mine includes dumb contortions where I got too clever trying to DRY things up.</p>\n\n<p>And LLMs aren’t mediocre on every axis. They almost certainly have a bigger bag of algorithmic tricks than you do: radix tries, topological sorts, graph reductions, and LDPC codes. Humans romanticize <code>rsync</code> (<a href='https://www.andrew.cmu.edu/course/15-749/READINGS/required/cas/tridgell96.pdf' title=''>Andrew Tridgell</a> wrote a paper about it!). To an LLM it might not be that much more interesting than a SQL join.</p>\n\n<p>But I’m getting ahead of myself. It doesn’t matter. If truly mediocre code is all we ever get from LLMs, that’s still huge. It’s that much less mediocre code humans have to write.</p>\n<h3 id='but-itll-never-be-agi' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-itll-never-be-agi' aria-label='Anchor'></a><span class='plain-code'>but it’ll never be AGI</span></h3>\n<p>I don’t give a shit.</p>\n\n<p>Smart practitioners get wound up by the AI/VC hype cycle. I can’t blame them. But it’s not an argument. Things either work or they don’t, no matter what Jensen Huang has to say about it.</p>\n<h3 id='but-they-take-rr-jerbs' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-they-take-rr-jerbs' aria-label='Anchor'></a><span class='plain-code'>but they take-rr jerbs</span></h3>\n<p><a href='https://news.ycombinator.com/item?id=43776612' title=''>So does open source.</a> We used to pay good money for databases.</p>\n\n<p>We’re a field premised on automating other people’s jobs away. “Productivity gains,” say the economists. You get what that means, right? Fewer people doing the same stuff. Talked to a travel agent lately? Or a floor broker? Or a record store clerk? Or a darkroom tech?</p>\n\n<p>When this argument comes up, libertarian-leaning VCs start the chant: lamplighters, creative destruction, new kinds of work. Maybe. But I’m not hypnotized. I have no fucking clue whether we’re going to be better off after LLMs. Things could get a lot worse for us.</p>\n\n<p>LLMs really might displace many software developers. That’s not a high horse we get to ride. Our jobs are just as much in tech’s line of fire as everybody else’s have been for the last 3 decades. We’re not <a href='https://en.wikipedia.org/wiki/2024_United_States_port_strike' title=''>East Coast dockworkers</a>; we won’t stop progress on our own.</p>\n<h3 id='but-the-plagiarism' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-the-plagiarism' aria-label='Anchor'></a><span class='plain-code'>but the plagiarism</span></h3>\n<p>Artificial intelligence is profoundly — and probably unfairly — threatening to visual artists in ways that might be hard to appreciate if you don’t work in the arts.</p>\n\n<p>We imagine artists spending their working hours pushing the limits of expression. But the median artist isn’t producing gallery pieces. They produce on brief: turning out competent illustrations and compositions for magazine covers, museum displays, motion graphics, and game assets.</p>\n\n<p>LLMs easily — alarmingly — clear industry quality bars. Gallingly, one of the things they’re best at is churning out just-good-enough facsimiles of human creative work. I have family in visual arts. I can’t talk to them about LLMs. I don’t blame them. They’re probably not wrong.</p>\n\n<p>Meanwhile, software developers spot code fragments <a href=\"https://arxiv.org/abs/2311.17035\">seemingly lifted</a> from public repositories on Github and lose their shit. What about the licensing? If you’re a lawyer, I defer. But if you’re a software developer playing this card? Cut me a little slack as I ask you to shove this concern up your ass. No profession has demonstrated more contempt for intellectual property.</p>\n\n<p>The median dev thinks Star Wars and Daft Punk are a public commons. The great cultural project of developers has been opposing any protection that might inconvenience a monetizable media-sharing site. When they fail at policy, they route around it with coercion. They stand up global-scale piracy networks and sneer at anybody who so much as tries to preserve a new-release window for a TV show.</p>\n\n<p>Call any of this out if you want to watch a TED talk about how hard it is to stream <em>The Expanse</em> on LibreWolf. Yeah, we get it. You don’t believe in IPR. Then shut the fuck up about IPR. Reap the whirlwind.</p>\n\n<p>It’s all special pleading anyways. LLMs digest code further than you do. If you don’t believe a typeface designer can stake a moral claim on the terminals and counters of a letterform, you sure as hell can’t be possessive about a red-black tree.</p>\n<h3 id='positive-case-redux' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#positive-case-redux' aria-label='Anchor'></a><span class='plain-code'>positive case redux</span></h3>\n<p>When I started writing a couple days ago, I wrote a section to “level set” to the state of the art of LLM-assisted programming. A bluefish filet has a longer shelf life than an LLM take. In the time it took you to read this, everything changed.</p>\n\n<p>Kids today don’t just use agents; they use asynchronous agents. They wake up, free-associate 13 different things for their LLMs to work on, make coffee, fill out a TPS report, drive to the Mars Cheese Castle, and then check their notifications. They’ve got 13 PRs to review. Three get tossed and re-prompted. Five of them get the same feedback a junior dev gets. And five get merged.</p>\n\n<p><em>“I’m sipping rocket fuel right now,”</em> a friend tells me. <em>“The folks on my team who aren’t embracing AI? It’s like they’re standing still.”</em> He’s not bullshitting me. He doesn’t work in SFBA. He’s got no reason to lie.</p>\n\n<p>There’s plenty of things I can’t trust an LLM with. No LLM has any of access to prod here. But I’ve been first responder on an incident and fed 4o — not o4-mini, 4o — log transcripts, and watched it in seconds spot LVM metadata corruption issues on a host we’ve been complaining about for months. Am I better than an LLM agent at interrogating OpenSearch logs and Honeycomb traces? No. No, I am not.</p>\n\n<p>To the consternation of many of my friends, I’m not a radical or a futurist. I’m a statist. I believe in the haphazard perseverance of complex systems, of institutions, of reversions to the mean. I write Go and Python code. I’m not a Kool-aid drinker.</p>\n\n<p>But something real is happening. My smartest friends are blowing it off. Maybe I persuade you. Probably I don’t. But we need to be done making space for bad arguments.</p>\n<h3 id='but-im-tired-of-hearing-about-it' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-im-tired-of-hearing-about-it' aria-label='Anchor'></a><span class='plain-code'>but i’m tired of hearing about it</span></h3>\n<p>And here I rejoin your company. I read <a href='https://simonwillison.net/' title=''>Simon Willison</a>, and that’s all I really need. But all day, every day, a sizable chunk of the front page of HN is allocated to LLMs: incremental model updates, startups doing things with LLMs, LLM tutorials, screeds against LLMs. It’s annoying!</p>\n\n<p>But AI is also incredibly — a word I use advisedly — important. It’s getting the same kind of attention that smart phones got in 2008, and not as much as the Internet got. That seems about right.</p>\n\n<p>I think this is going to get clearer over the next year. The cool kid haughtiness about “stochastic parrots” and “vibe coding” can’t survive much more contact with reality. I’m snarking about these people, but I meant what I said: they’re smarter than me. And when they get over this affectation, they’re going to make coding agents profoundly more effective than they are today.</p>",
"image": {
"url": "https://fly.io/blog/youre-all-nuts/assets/whoah.png",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/kamal-in-production/",
"title": "Using Kamal 2.0 in Production",
"description": null,
"url": "https://fly.io/blog/kamal-in-production/",
"published": "2025-05-29T00:00:00.000Z",
"updated": "2025-06-02T20:40:48.000Z",
"content": "<p><a href='https://pragprog.com/titles/rails8/agile-web-development-with-rails-8/' title=''>Agile Web Development with Rails 8</a> is off to production, where they do things like editing, indexing, pagination, and printing. In researching the chapter on Deployment and Production, I became very dissatisfied with the content available on Kamal. I ended up writing my own, and it went well beyond the scope of the book. I then extracted what I needed from the result and put it in the book.</p>\n\n<p>Now that I have some spare time, I took a look at the greater work. It was more than a chapter and less than a book, so I decided to publish it <a href='https://rubys.github.io/kamal-in-production/' title=''>online</a>.</p>\n\n<p>This took me only a matter of hours. I had my notes in the XML grammar that Pragmatic Programming uses for books. I asked GitHub Copilot to convert them to Markdown. It did the job without my having to explain the grammar. It made intelligent guesses as to how to handle footnotes and got a number of these wrong, but that was easy to fix. On a lark, I asked it to proofread the content, and it did that too.</p>\n\n<hr>\n\n<p>Don’t get me wrong, Kamal is great. There are plenty of videos on how to get toy projects online, and the documentation will tell you what each field in the configuration file does. But none pull together everything you need to deploy a real project. For example, <a href='https://rubys.github.io/kamal-in-production/Assemble/' title=''>there are seven things you need to get started</a>. Some are optional, some you may already have, and all can be gathered quickly <strong class='font-semibold text-navy-950'>if you have a list</strong>.</p>\n\n<p>Kamal is just one piece of the puzzle. To deploy your software using Kamal, you need to be aware of the vast Docker ecosystem. You will want to set up a builder, sign up for a container repository, and lock down your secrets. And as you grow, you will want a load balancer and a managed database.</p>\n\n<p>And production is much more than copying files and starting a process. It is ensuring that your database is backed up, that your logs are searchable, and that your application is being monitored. It is also about ensuring that your application is secure.</p>\n\n<p>My list is opinionated. Each choice has a lot of options. For SSH keys, there are a lot of key types. If you don’t have an opinion, go with what GitHub recommends. For hosting, there are a lot of providers, and most videos start with Hetzner, which is a solid choice. But did you know that there are separate paths for Cloud and Robot, and when you would want either?</p>\n\n<p>A list with default options and alternatives highlighted was what would have helped me get started. Now it is available to you. The <a href='https://github.com/rubys/kamal-in-production/' title=''>source is on GitHub</a>. <a href='https://creativecommons.org/public-domain/cc0/' title=''>CC0 licensed</a>. Feel free to add side pages or links to document Digital Ocean, add other monitoring tools, or simply correct a typo that GitHub Copilot and I missed (or made).</p>\n\n<hr>\n\n<p>And if you happen to be in the south eastern part of the US in August, come see me talk on this topic at the <a href='https://blog.carolina.codes/p/announcing-our-2025-speakers' title=''>Carolina Code Conference</a>. If you can’t make it, the presentation will be recorded and posted online.</p>",
"image": {
"url": "https://fly.io/blog/kamal-in-production/assets/production.jpg",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/parking-lot-ffffffffffffffff/",
"title": "parking_lot: ffffffffffffffff...",
"description": null,
"url": "https://fly.io/blog/parking-lot-ffffffffffffffff/",
"published": "2025-05-28T00:00:00.000Z",
"updated": "2025-06-02T20:40:48.000Z",
"content": "<div class=\"lead\"><p>We’re Fly.io, a public cloud that runs apps in a bunch of locations all over the world. This is a post about a gnarly bug in our Anycast router, the largest Rust project in our codebase. You won’t need much of any Rust to follow it.</p>\n</div>\n<p>The basic idea is simple: customers give us Docker containers, and tell us which one of 30+ regions around the world they want them to run in. We convert the containers into lightweight virtual machines, and then link them to an Anycast network. If you boot up an app here in Sydney and Frankfurt, and a request for it lands in Narita, it’ll get routed to Sydney. The component doing that work is called <code>fly-proxy</code>. It’s a Rust program, and it has been ill behaved of late.</p>\n<h3 id='dramatis-personae' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#dramatis-personae' aria-label='Anchor'></a><span class='plain-code'>Dramatis Personae</span></h3>\n<p><code>fly-proxy</code>, our intrepid Anycast router.</p>\n\n<p><code>corrosion</code>, our intrepid Anycast routing protocol.</p>\n\n<p><code>Rust</code>, a programming language you probably don’t use.</p>\n\n<p><code>read-write locks</code>, a synchronization primitive that allows for many readers <em>or</em> one single writer.</p>\n\n<p><code>parking_lot</code>, a well-regarded optimized implementation of locks in Rust.</p>\n<div class=\"callout\"><p>Gaze not into the abyss, lest you become recognized as an <strong class=\"font-semibold text-navy-950\"><em>abyss domain expert</em></strong>, and they expect you keep gazing into the damn thing</p>\n\n<p><em>Mathewson <a href=\"https://x.com/nickm_tor/status/860234274842324993?lang=en\" title=\"\">6:31</a></em></p>\n</div><h3 id='anycast-routing' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#anycast-routing' aria-label='Anchor'></a><span class='plain-code'>Anycast Routing</span></h3>\n<p>You already know how to build a proxy. Connection comes in, connection goes out, copy back and forth. So for the amount of time we spend writing about <code>fly-proxy</code>, you might wonder what the big deal is.</p>\n\n<p>To be fair, in the nuts and bolts of actually proxying requests, <code>fly-proxy</code> does some interesting stuff. For one thing, it’s <a href='https://github.com/jedisct1/yes-rs' title=''>written in Rust</a>, which is apparently a big deal all on its own. It’s a large, asynchronous codebase that handles multiple protocols, TLS termination, and certificate issuance. It exercises a lot of <a href='https://tokio.rs/' title=''>Tokio</a> features.</p>\n\n<p>But none of this is the hard part of <code>fly-proxy</code>.</p>\n\n<p>We operate thousands of servers around the world. A customer Fly Machine might get scheduled onto any of them; in some places, the expectation we set with customers is that their Machines will potentially start in less than a second. More importantly, a Fly Machine can terminate instantly. In both cases, but especially the latter, <code>fly-proxy</code> potentially needs to know, so that it does (or doesn’t) route traffic there.</p>\n\n<p>This is the hard problem: managing millions of connections for millions of apps. It’s a lot of state to manage, and it’s in constant flux. We refer to this as the “state distribution problem”, but really, it quacks like a routing protocol.</p>\n<h3 id='our-routing-protocol-is-corrosion' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#our-routing-protocol-is-corrosion' aria-label='Anchor'></a><span class='plain-code'>Our Routing Protocol is Corrosion</span></h3><div class=\"right-sidenote\"><p>Corrosion2, to be precise.</p>\n</div>\n<p>We’ve been through multiple iterations of the state management problem, and the stable place we’ve settled is a <a href='https://github.com/superfly/corrosion' title=''>system called Corrosion</a>.</p>\n\n<p>Corrosion is a large SQLite database mirrored globally across several thousand servers. There are three important factors that make Corrosion work:</p>\n\n<ol>\n<li>The SQLite database Corrosion replicates is CRDT-structured.\n</li><li>In our orchestration model, individual worker servers are the source of truth for any Fly Machines running on them; there’s no globally coordinated orchestration state.\n</li><li>We use <a href='http://fly.io/blog/building-clusters-with-serf/#what-serf-is-doing' title=''>SWIM gossip</a> to publish updates from those workers across the fleet.\n</li></ol>\n\n<p>This works. A Fly Machine terminates in Dallas; a <code>fly-proxy</code> instance in Singapore knows within a small number of seconds.</p>\n<h3 id='routing-protocol-implementations-are-hard' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#routing-protocol-implementations-are-hard' aria-label='Anchor'></a><span class='plain-code'>Routing Protocol Implementations Are Hard</span></h3>\n<p>A routing protocol is a canonical example of a distributed system. We’ve certainly hit distsys bugs in Corrosion. But this story is about basic implementation issues. </p>\n\n<p>A globally replicated SQLite database is an awfully nice primitive, but we’re not actually doing SQL queries every time a request lands.</p>\n\n<p>In somewhat the same sense as a router works both with a <a href='https://www.dasblinkenlichten.com/rib-and-fib-understanding-the-terminology/' title=''>RIB and a FIB</a>, there is in <code>fly-proxy</code> a system of record for routing information (Corrosion), and then an in-memory aggregation of that information used to make fast decisions. In <code>fly-proxy</code>, that’s called the Catalog. It’s a record of everything in Corrosion a proxy might need to know about to forward requests.</p>\n\n<p>Here’s a fun bug from last year:</p>\n\n<p>At any given point in time, there’s a lot going on inside <code>fly-proxy</code>. It is a highly concurrent system. In particular, there are many readers to the Catalog, and also, when Corrosion updates, writers. We manage access to the Catalog with a system of <a href='https://doc.rust-lang.org/std/sync/struct.RwLock.html' title=''>read-write locks</a>.</p>\n\n<p>Rust is big on pattern-matching; instead of control flow based (at bottom) on simple arithmetic expressions, Rust allows you to <code>match</code> exhaustively (with compiler enforcement) on the types of an expression, and the type system expresses things like <code>Ok</code> or <code>Err</code>.</p>\n\n<p>But <code>match</code> can be cumbersome, and so there are shorthands. One of them is <code>if let</code>, which is syntax that makes a pattern match read like a classic <code>if</code> statement. Here’s an example:</p>\n<div class=\"highlight-wrapper group relative rust\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-zarn5q31\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-zarn5q31\"><span class=\"k\">if</span> <span class=\"k\">let</span> <span class=\"p\">(</span><span class=\"nf\">Some</span><span class=\"p\">(</span><span class=\"nn\">Load</span><span class=\"p\">::</span><span class=\"nf\">Local</span><span class=\"p\">(</span><span class=\"n\">load</span><span class=\"p\">)))</span> <span class=\"o\">=</span> <span class=\"p\">(</span><span class=\"o\">&</span><span class=\"k\">self</span><span class=\"py\">.load</span><span class=\"nf\">.read</span><span class=\"p\">()</span><span class=\"nf\">.get</span><span class=\"p\">(</span><span class=\"o\">...</span><span class=\"p\">))</span> <span class=\"p\">{</span>\n <span class=\"c1\">// do a bunch of stuff with `load`</span>\n<span class=\"p\">}</span> <span class=\"k\">else</span> <span class=\"p\">{</span>\n <span class=\"k\">self</span><span class=\"nf\">.init_for</span><span class=\"p\">(</span><span class=\"o\">...</span><span class=\"p\">);</span>\n<span class=\"p\">}</span>\n</code></pre>\n </div>\n</div>\n<p>The “if” arm of that branch is taken if <code>self.load.read().get()</code> returns a value with the type <code>Some</code>. To retrieve that value, the expression calls <code>read()</code> to grab a lock.</p>\n<div class=\"right-sidenote\"><p>though Rust programmers probably notice the bug quickly</p>\n</div>\n<p>The bug is subtle: in that code, the lock <code>self.load.read().get()</code> takes is held not just for the duration of the “if” arm, but also for the “else” arm — you can think of <code>if let</code> expressions as being rewritten to the equivalent <code>match</code> expression, where that lifespan is much clearer.</p>\n\n<p>Anyways that’s real code and it occurred on a code path in <code>fly-proxy</code> that was triggered by a Corrosion update propagating from host to host across our fleet in millisecond intervals of time, converging quickly, like a good little routing protocol, on a global consensus that our entire Anycast routing layer should be deadlocked. Fun times.</p>\n<h3 id='the-watchdog-and-regionalizing' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-watchdog-and-regionalizing' aria-label='Anchor'></a><span class='plain-code'>The Watchdog, and Regionalizing</span></h3>\n<p>The experience of that Anycast outage was arresting, and immediately altered our plans. We set about two tasks, one short-term and one long.</p>\n\n<p>In the short term: we made deadlocks nonlethal with a “watchdog” system. <code>fly-proxy</code> has an internal control channel (it drives a REPL operators can run from our servers). During a deadlock (or dead-loop or exhaustion), that channel becomes nonresponsive. We watch for that and bounce the proxy when it happens. A deadlock is still bad! But it’s a second-or-two-length arrhythmia, not asystole.</p>\n\n<p>Meanwhile, over the long term: we’re confronting the implications of all our routing state sharing a global broadcast domain. The update that seized up Anycast last year pertained to an app nobody used. There wasn’t any real reason for any <code>fly-proxy</code> to receive it in the first place. But in the <em>status quo ante</em> of the outage, every proxy received updates for every Fly Machine.</p>\n\n<p>They still do. Why? Because it scales, and fixing it turns out to be a huge lift. It’s a lift we’re still making! It’s just taking time. We call this effort “regionalization”, because the next intermediate goal is to confine most updates to the region (Sydney, Frankfurt, Dallas) in which they occur.</p>\n\n<p>I hope this has been a satisfying little tour of the problem domain we’re working in. We have now reached the point where I can start describing the new bug.</p>\n<h3 id='new-bug-round-1-lazy-loading' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#new-bug-round-1-lazy-loading' aria-label='Anchor'></a><span class='plain-code'>New Bug, Round 1: Lazy Loading</span></h3>\n<p>We want to transform our original Anycast router, designed to assume a full picture of global state, into a regionalized router with partitioned state. A sane approach: have it lazy-load state information. Then you can spare most of the state code; state for apps that never show up at a particular <code>fly-proxy</code> in, say, Hong Kong simply doesn’t get loaded.</p>\n\n<p>For months now, portions of the <code>fly-proxy</code> Catalog have been lazy-loaded. A few weeks ago, the decision is made to get most of the rest of the Catalog state (apps, machines, &c) lazy-loaded as well. It’s a straightforward change and it gets rolled out quickly.</p>\n\n<p>Almost as quickly, proxies begin locking up and getting bounced by the watchdog. Not in the frightening Beijing-Olympics-level coordinated fashion that happened during the Outage, but any watchdog bounce is a problem.</p>\n\n<p>We roll back the change.</p>\n\n<p>From the information we have, we’ve narrowed things down to two suspects. First, lazy-loading changes the read/write patterns and thus the pressure on the RWLocks the Catalog uses; it could just be lock contention. Second, we spot a suspicious <code>if let</code>.</p>\n<h3 id='new-bug-round-2-the-lock-refactor' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#new-bug-round-2-the-lock-refactor' aria-label='Anchor'></a><span class='plain-code'>New Bug, Round 2: The Lock Refactor</span></h3>\n<p>Whichever the case, there’s a reason these proxies locked up with the new lazy-loading code, and our job is to fix it. The <code>if let</code> is easy. Lock contention is a little trickier.</p>\n\n<p>At this point it’s time to introduce a new character to the story, though they’ve been lurking on the stage the whole time: it’s <a href='https://github.com/Amanieu/parking_lot' title=''><code>parking_lot</code></a>, an important, well-regarded, and widely-used replacement for the standard library’s lock implementation.</p>\n\n<p>Locks in <code>fly-proxy</code> are <code>parking_lot</code> locks. People use <code>parking_lot</code> mostly because it is very fast and tight (a lock takes up just a single 64-bit word). But we use it for the feature set. The feature we’re going to pull out this time is lock timeouts: the RWLock in <code>parking_lot</code> exposes a <a href='https://amanieu.github.io/parking_lot/parking_lot/struct.RwLock.html#method.try_write_for' title=''><code>try_write_for</code></a>method, which takes a <code>Duration</code>, after which an attempt to grab the write lock fails.</p>\n\n<p>Before rolling out a new lazy-loading <code>fly-proxy</code>, we do some refactoring:</p>\n\n<ul>\n<li>our Catalog write locks all time out, so we’ll get telemetry and a failure recovery path if that’s what’s choking the proxy to death,\n</li><li>we eliminate RAII-style lock acquisition from the Catalog code (in RAII style, you grab a lock into a local value, and the lock is released implicitly when the scope that expression occurs in concludes) and replace it with explicit closures, so you can look at the code and see precisely the interval in which the lock is held, and\n</li><li>since we now have code that is very explicit about locking intervals, we instrument it with logging and metrics so we can see what’s happening.\n</li></ul>\n\n<p>We should be set. The suspicious <code>if let</code> is gone, lock acquisition can time out, and we have all this new visibility.</p>\n\n<p>Nope. Immediately more lockups, all in Europe, especially in <code>WAW</code>.</p>\n<h3 id='new-bug-round-3-telemetry-inspection' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#new-bug-round-3-telemetry-inspection' aria-label='Anchor'></a><span class='plain-code'>New Bug, Round 3: Telemetry Inspection</span></h3>\n<p>That we’re still seeing deadlocks is f'ing weird. We’ve audited all our Catalog locks. You can look at the code and see the lifespan of a grabbed lock.</p>\n\n<p>We have a clue: our lock timeout logs spam just before a proxy locks up and is killed by the watchdog. This clue: useless. But we don’t know that yet!</p>\n\n<p>Our new hunch is that something is holding a lock for a very long time, and we just need to find out which thing that is. Maybe the threads updating the Catalog from Corrosion are dead-looping?</p>\n\n<p>The instrumentation should tell the tale. But it does not. We see slow locks… just before the entire proxy locks up. And they happen in benign, quiet applications. Random, benign, quiet applications.</p>\n\n<p><code>parking_lot</code> has a <a href='https://amanieu.github.io/parking_lot/parking_lot/deadlock/index.html' title=''>deadlock detector</a>. If you ask it, it’ll keep a waiting-for dependency graph and detect stalled threads. This runs on its own thread, isolate outside the web of lock dependencies in the rest of the proxy. We cut a build of the proxy with the deadlock detector enabled and wait for something in <code>WAW</code> to lock up. And it does. But <code>parking_lot</code> doesn’t notice. As far as it’s concerned, nothing is wrong.</p>\n\n<p>We are at this moment very happy we did the watchdog thing.</p>\n<h3 id='new-bug-round-4-descent-into-madness' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#new-bug-round-4-descent-into-madness' aria-label='Anchor'></a><span class='plain-code'>New Bug, Round 4: Descent Into Madness</span></h3>\n<p>When the watchdog bounces a proxy, it snaps a core dump from the process it just killed. We are now looking at core dumps. There is only one level of decompensation to be reached below “inspecting core dumps”, and that’s “blaming the compiler”. We will get there.</p>\n\n<p>Here’s Pavel, at the time:</p>\n\n<blockquote>\n<p>I’ve been staring at the last core dump from <code>waw</code> . It’s quite strange.\nFirst, there is no thread that’s running inside the critical section. Yet, there is a thread that’s waiting to acquire write lock and a bunch of threads waiting to acquire a read lock.\nThat’s doesn’t prove anything, of course, as a thread holding catalog write lock might have just released it before core dump was taken. But that would be quite a coincidence.</p>\n</blockquote>\n\n<p>The proxy is locked up. But there are no threads in a critical section for the catalog. Nevertheless, we can see stack traces of multiple threads waiting to acquire locks. In the moment, Pavel thinks this could be a fluke. But we’ll soon learn that <em>every single stack trace</em> shows the same pattern: everything wants the Catalog lock, but nobody has it.</p>\n\n<p>It’s hard to overstate how weird this is. It breaks both our big theories: it’s not compatible with a Catalog deadlock that we missed, and it’s not compatible with a very slow lock holder. Like a podcast listener staring into the sky at the condensation trail of a jetliner, we begin reaching for wild theories. For instance: <code>parking_lot</code> locks are synchronous, but we’re a Tokio application; something somewhere could be taking an async lock that’s confusing the runtime. Alas, no.</p>\n\n<p>On the plus side, we are now better at postmortem core dump inspection with <code>gdb</code>.</p>\n<h3 id='new-bug-round-5-madness-gives-way-to-desperation' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#new-bug-round-5-madness-gives-way-to-desperation' aria-label='Anchor'></a><span class='plain-code'>New Bug, Round 5: Madness Gives Way To Desperation</span></h3>\n<p>Fuck it, we’ll switch to <code>read_recursive</code>.</p>\n\n<p>A recursive read lock is an eldritch rite invoked when you need to grab a read lock deep in a call tree where you already grabbed that lock, but can’t be arsed to structure the code properly to reflect that. When you ask for a recursive lock, if you already hold the lock, you get the lock again, instead of a deadlock.</p>\n\n<p>Our theory: <code>parking_lot</code>goes through some trouble to make sure a stampede of readers won’t starve writers, who are usually outnumbered. It prefers writers by preventing readers from acquiring locks when there’s at least one waiting writer. And <code>read_recursive</code> sidesteps that logic.</p>\n\n<p>Maybe there’s some ultra-slow reader somehow not showing up in our traces, and maybe switching to recursive locks will cut through that.</p>\n\n<p>This does not work. At least, not how we hoped it would. It does generate a new piece of evidence: <code>RwLock reader count overflow</code> log messages, and lots of them.</p>\n<h3 id='there-are-things-you-are-not-meant-to-know' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#there-are-things-you-are-not-meant-to-know' aria-label='Anchor'></a><span class='plain-code'>There Are Things You Are Not Meant To Know</span></h3>\n<p>You’re reading a 3,000 word blog post about a single concurrency bug, so my guess is you’re the kind of person who compulsively wants to understand how everything works. That’s fine, but a word of advice: there are things where, if you find yourself learning about them in detail, something has gone wrong.</p>\n\n<p>One of those things is the precise mechanisms used by your RWLock implementation.</p>\n\n<p>The whole point of <code>parking_lot</code> is that the locks are tiny, marshalled into a 64 bit word. Those bits are partitioned into <a href='https://github.com/Amanieu/parking_lot/blob/master/src/raw_rwlock.rs' title=''>4 signaling bits</a> (<code>PARKED</code>, <code>WRITER_PARKED</code>, <code>WRITER</code>, and <code>UPGRADEABLE</code>) and a 60-bit counter of lock holders.</p>\n\n<blockquote>\n<p>Me, a dummy: sounds like we overflowed that counter.</p>\n\n<p>Pavel, a genius: we are not overflowing a 60-bit counter.</p>\n</blockquote>\n\n<p>Ruling out a genuine overflow (which would require paranormal activity) leaves us with corruption as the culprit. Something is bashing our lock word. If the counter is corrupted, maybe the signaling bits are too; then we’re in an inconsistent state, an artificial deadlock.</p>\n\n<p>Easily confirmed. We cast the lock words into <code>usize</code> and log them. Sure enough, they’re <code>0xFFFFFFFFFFFFFFFF</code>.</p>\n\n<p>This is a smoking gun, because it implies all 4 signaling bits are set, and that includes <code>UPGRADEABLE</code>. Upgradeable locks are read-locks that can be “upgraded” to write locks. We don’t use them.</p>\n\n<p>This looks like classic memory corruption. But in our core dumps, memory doesn’t appear corrupted: the only thing set all <code>FFh</code> is the lock word.</p>\n\n<p>We compile and run our test suites <a href='https://github.com/rust-lang/miri' title=''>under <code>miri</code></a>, a Rust interpreter for its <a href='https://rustc-dev-guide.rust-lang.org/mir/index.html' title=''>MIR IR</a>. <code>miri</code> does all sorts of cool UB detection, and does in fact spot some UB in our tests, which we are at the time excited about until we deploy the fixes and nothing gets better.</p>\n\n<p>At this point, Saleem suggests guard pages. We could <code>mprotect</code> memory pages around the lock to force a panic if a wild write hits <em>near</em> the lock word, or just allocate zero pages and check them, which we are at the time excited about until we deploy the guard pages and nothing hits them.</p>\n<h3 id='the-non-euclidean-horror-at-the-heart-of-this-bug' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-non-euclidean-horror-at-the-heart-of-this-bug' aria-label='Anchor'></a><span class='plain-code'>The Non-Euclidean Horror At The Heart Of This Bug</span></h3>\n<p>At this point we should recap where we find ourselves:</p>\n\n<ul>\n<li>We made a relatively innocuous change to our proxy, which caused proxies in Europe to get watchdog-killed.\n</li><li>We audited and eliminated all the nasty <code>if-letses</code>.\n</li><li>We replaced all RAII lock acquisitions with explicit closures, and instrumented the closures. \n</li><li>We enabled <code>parking_lot</code> deadlock detection. \n</li><li>We captured and analyzed core dumps for the killed proxies. \n</li><li>We frantically switched to recursive read locks, which generated a new error.\n</li><li>We spotted what looks like memory corruption, but only of that one tiny lock word.\n</li><li>We ran our code under an IR interpreter to find UB, fixed some UB, and didn’t fix the bug.\n</li><li>We set up guard pages to catch wild writes.\n</li></ul>\n\n<p>In Richard Cook’s essential <a href='https://how.complexsystems.fail/' title=''>“How Complex Systems Fail”</a>, rule #5 is that “complex systems operate in degraded mode”. <em>The system continues to function because it contains so many redundancies and because people can make it function, despite the presence of many flaws</em>. Maybe <code>fly-proxy</code> is now like the RBMK reactors at Chernobyl, a system that works just fine as long as operators know about and compensate for its known concurrency flaws, and everybody lives happily ever after.</p>\n<div class=\"right-sidenote\"><p>We are, in particular, running on the most popular architecture for its RWLock implementation.</p>\n</div>\n<p>We have reached the point where serious conversations are happening about whether we’ve found a Rust compiler bug. Amusingly, <code>parking_lot</code> is so well regarded among Rustaceans that it’s equally if not more plausible that Rust itself is broken.</p>\n\n<p>Nevertheless, we close-read the RWLock implementation. And we spot this:</p>\n<div class=\"highlight-wrapper group relative rust\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-c23zvw3n\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-c23zvw3n\"><span class=\"k\">let</span> <span class=\"n\">state</span> <span class=\"o\">=</span> <span class=\"k\">self</span><span class=\"py\">.state</span><span class=\"nf\">.fetch_add</span><span class=\"p\">(</span>\n <span class=\"n\">prev_value</span><span class=\"nf\">.wrapping_sub</span><span class=\"p\">(</span><span class=\"n\">WRITER_BIT</span> <span class=\"p\">|</span> <span class=\"n\">WRITER_PARKED_BIT</span><span class=\"p\">),</span>\n <span class=\"nn\">Ordering</span><span class=\"p\">::</span><span class=\"n\">Relaxed</span><span class=\"p\">);</span>\n</code></pre>\n </div>\n</div>\n<p>This looks like gibberish, so let’s rephrase that code to see what it’s actually doing:</p>\n<div class=\"highlight-wrapper group relative rust\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-oq3znyk\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-oq3znyk\"><span class=\"k\">let</span> <span class=\"n\">state</span> <span class=\"o\">=</span> <span class=\"k\">self</span><span class=\"py\">.state</span> <span class=\"o\">&</span> <span class=\"o\">~</span><span class=\"p\">(</span><span class=\"n\">WRITER_BIT</span><span class=\"p\">|</span><span class=\"n\">WRITER_PARKED_BIT</span><span class=\"p\">);</span>\n</code></pre>\n </div>\n</div>\n<p>If you know exactly the state of the word you’re writing to, and you know exactly the limited set of permutations the bits of that word can take (for instance, because there’s only 4 signaling bits), then instead of clearing bit by fetching a word, altering it, and then storing it, you can clear them <em>atomically</em> by adding the inverse of those bits to the word.</p>\n\n<p>This pattern is self-synchronizing, but it relies on an invariant: you’d better be right about the original state of the word you’re altering. Because if you’re wrong, you’re adding a very large value to an uncontrolled value.</p>\n\n<p>In <code>parking_lot</code>, say we have <code>WRITER</code> and <code>WRITER_PARKED</code> set: the state is <code>0b1010</code>. <code>prev_value</code>, the state of the lock word when the lock operation started, is virtually always 0, and that’s what we’re counting on. <code>prev_value.wrapping_sub()</code>then calculates <code>0xFFFFFFFFFFFFFFF6</code>, which exactly cancels out the <code>0b1010</code> state, leaving 0.</p>\n<div class=\"right-sidenote\"><p>As a grace note, the locking code manages to set that one last unset bit before the proxy deadlocks.</p>\n</div>\n<p>Consider though what happens if one of those bits isn’t set: state is <code>0b1000</code>. Now that add doesn’t cancel out; the final state is instead <code>0xFFFFFFFFFFFFFFFE</code>. The reader count is completely full and can’t be decremented, and all the waiting bits are set so nothing can happen on the lock.</p>\n\n<p><code>parking_lot</code> is a big deal and we’re going to be damn sure before we file a bug report. Which doesn’t take long; Pavel reproduces the bug in a minimal test case, with a forked version of <code>parking_lot</code> that confirms and logs the condition.</p>\n\n<p><a href='https://github.com/Amanieu/parking_lot/issues/465' title=''>The <code>parking_lot</code> team quickly confirms</a> and fixes the bug.</p>\n<h3 id='ex-insania-claritas' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#ex-insania-claritas' aria-label='Anchor'></a><span class='plain-code'>Ex Insania, Claritas</span></h3>\n<p>Here’s what we now know to have been happening:</p>\n\n<ol>\n<li>Thread 1 grabs a read lock.\n</li><li>Thread 2 tries to grab a write lock, with a <code>try_write_for</code> timeout; it’s “parked” waiting for the reader, which sets <code>WRITER</code> and <code>WRITER_PARKED</code> on the raw lock word.\n</li><li>Thread 1 releases the lock, unparking a waiting writer, which unsets <code>WRITER_PARKED</code>.\n</li><li>Thread 2 wakes, but not for the reason it thinks: the timing is such that it thinks the lock has timed out. So it tries to clear both <code>WRITER</code> and <code>WRITER_PARKED</code> — a bitwise “double free”. Lock: corrupted. Computer: over. \n</li></ol>\n\n<p><a href='https://github.com/Amanieu/parking_lot/pull/466' title=''>The fix is simple</a>: the writer bit is cleared separately in the same wakeup queue as the reader. The fix is deployed, the lockups never recur.</p>\n\n<p>At a higher level, the story is this:</p>\n\n<ol>\n<li>We’re refactoring the proxy to regionalize it, which changes the pattern of readers and writers on the catalog.\n</li><li>As we broaden out lazy loads, we introduce writer contention, a classic concurrency/performance debugging problem. It looks like a deadlock at the time! It isn’t. \n</li><li><code>try_write_for</code> is a good move: we need tools to manage contention.\n</li><li>But now we’re on a buggy code path in <code>parking_lot</code> — we don’t know that and can’t understand it until we’ve lost enough of our minds to second-guess the library.\n</li><li>We stumble on the bug out of pure dumb luck by stabbing in the dark with <code>read_recursive</code>.\n</li></ol>\n\n<p>Mysteries remain. Why did this only happen in <code>WAW</code>? Some kind of crazy regional timing thing? Something to do with the Polish <em>kreska</em> diacritic that makes L’s sound like W’s? The wax and wane of caribou populations? Some very high-traffic APIs local to these regions? All very plausible.</p>\n\n<p>We’ll never know because we fixed the bug.</p>\n\n<p>But we’re in a better place now, even besides the bug fix:</p>\n\n<ul>\n<li>we audited all our catalog locking, got rid of all the iflets, and stopped relying on RAII lock guards.\n</li><li>the resulting closure patterns gave us lock timing metrics, which will be useful dealing with future write contention\n</li><li>all writes are now labeled, and we emit labeled logs on slow writes, augmented with context data (like app IDs) where we have it\n</li><li>we also now track the last and current holder of the write lock, augmented with context information; next time we have a deadlock, we should have all the information we need to identify the actors without <code>gdb</code> stack traces.\n</li></ul>",
"image": {
"url": "https://fly.io/blog/parking-lot-ffffffffffffffff/assets/ffff-cover.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/litestream-revamped/",
"title": "Litestream: Revamped",
"description": null,
"url": "https://fly.io/blog/litestream-revamped/",
"published": "2025-05-20T00:00:00.000Z",
"updated": "2025-05-22T19:59:27.000Z",
"content": "<div class=\"lead\"><p><a href=\"https://litestream.io/\" title=\"\">Litestream</a> is an open-source tool that makes it possible to run many kinds of full-stack applications on top of SQLite by making them reliably recoverable from object storage. This is a post about the biggest change we’ve made to it since I launched it.</p>\n</div>\n<p>Nearly a decade ago, I got a bug up my ass. I wanted to build full-stack applications quickly. But the conventional n-tier database design required me to do sysadmin work for each app I shipped. Even the simplest applications depended on heavy-weight database servers like Postgres or MySQL.</p>\n\n<p>I wanted to launch apps on SQLite, because SQLite is easy. But SQLite is embedded, not a server, which at the time implied that the data for my application lived (and died) with just one server.</p>\n\n<p>So in 2020, I wrote <a href='https://litestream.io/' title=''>Litestream</a> to fix that.</p>\n\n<p>Litestream is a tool that runs alongside a SQLite application. Without changing that running application, it takes over the WAL checkpointing process to continuously stream database updates to an S3-compatible object store. If something happens to the server the app is running on, the whole database can efficiently be restored to a different server. You might lose servers, but you won’t lose your data.</p>\n\n<p>Litestream worked well. So we got ambitious. A few years later, we built <a href='https://github.com/superfly/litefs' title=''>LiteFS</a>. LiteFS takes the ideas in Litestream and refines them, so that we can do read replicas and primary failovers with SQLite. LiteFS gives SQLite the modern deployment story of an n-tier database like Postgres, while keeping the database embedded.</p>\n\n<p>We like both LiteFS and Litestream. But Litestream is the more popular project. It’s easier to deploy and easier to reason about.</p>\n\n<p>There are some good ideas in LiteFS. We’d like Litestream users to benefit from them. So we’ve taken our LiteFS learnings and applied them to some new features in Litestream.</p>\n<h2 id='point-in-time-restores-but-fast' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#point-in-time-restores-but-fast' aria-label='Anchor'></a><span class='plain-code'>Point-in-time restores, but fast</span></h2>\n<p><a href='https://fly.io/blog/all-in-on-sqlite-litestream/' title=''>Here’s how Litestream was originally designed</a>: you run <code>litestream</code> against a SQLite database, and it opens up a long-lived read transaction. This transaction arrests SQLite WAL checkpointing, the process by which SQLite consolidates the WAL back into the main database file. Litestream builds a “shadow WAL” that records WAL pages, and copies them to S3.</p>\n\n<p>This is simple, which is good. But it can also be slow. When you want to restore a database, you have have to pull down and replay every change since the last snapshot. If you changed a single database page a thousand times, you replay a thousand changes. For databases with frequent writes, this isn’t a good approach.</p>\n\n<p>In LiteFS, we took a different approach. LiteFS is transaction-aware. It doesn’t simply record raw WAL pages, but rather ordered ranges of pages associated with transactions, using a file format we call <a href='https://github.com/superfly/ltx' title=''>LTX</a>. Each LTX file represents a sorted changeset of pages for a given period of time.</p>\n\n<p><img alt=\"a simple linear LTX file with 8 pages between 1 and 21\" src=\"/blog/litestream-revamped/assets/linear-ltx.png\" /></p>\n\n<p>Because they are sorted, we can easily merge multiple LTX files together and create a new LTX file with only the latest version of each page.</p>\n\n<p><img alt=\"merging three LTX files into one\" src=\"/blog/litestream-revamped/assets/merged-ltx.png\" /></p>\n<div class=\"right-sidenote\"><p>This is similar to how an <a href=\"https://en.wikipedia.org/wiki/Log-structured_merge-tree\" title=\"\">LSM tree</a> works.</p>\n</div>\n<p>This process of combining smaller time ranges into larger ones is called <em>compaction</em>. With it, we can replay a SQLite database to a specific point in time, with a minimal duplicate pages.</p>\n<h2 id='casaas-compare-and-swap-as-a-service' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#casaas-compare-and-swap-as-a-service' aria-label='Anchor'></a><span class='plain-code'>CASAAS: Compare-and-Swap as a Service</span></h2>\n<p>One challenge Litestream has to deal with is desynchronization. Part of the point of Litestream is that SQLite applications don’t have to be aware of it. But <code>litestream</code> is just a process, running alongside the application, and it can die independently. If <code>litestream</code> is down while database changes occur, it will miss changes. The same kind of problem occurs if you start replication from a new server.</p>\n\n<p>Litestream needs a way to reset the replication stream from a new snapshot. How it does that is with “generations”. <a href='https://litestream.io/how-it-works/#snapshots--generations' title=''>A generation</a> represents a snapshot and a stream of WAL updates, uniquely identified. Litestream notices any break in its WAL sequence and starts a new generation, which is how it recovers from desynchronization.</p>\n\n<p>Unfortunately, storing and managing multiple generations makes it difficult to implement features like failover and read-replicas.</p>\n\n<p>The most straightforward way around this problem is to make sure only one instance of Litestream can replication to a given destination. If you can do that, you can store just a single, latest generation. That in turn makes it easy to know how to resync a read replica; there’s only one generation to choose from.</p>\n\n<p>In LiteFS, we solved this problem by using Consul, which guaranteed a single leader. That requires users to know about Consul. Things like “requiring Consul” are probably part of the reason Litestream is so much more popular than LiteFS.</p>\n\n<p>In Litestream, we’re solving the problem a different way. Modern object stores like S3 and Tigris solve this problem for us: they now offer <a href='https://aws.amazon.com/about-aws/whats-new/2024/11/amazon-s3-functionality-conditional-writes/' title=''>conditional write support</a>. With conditional writes, we can implement a time-based lease. We get essentially the same constraint Consul gave us, but without having to think about it or set up a dependency.</p>\n\n<p>In the immediacy, this will mean you can run Litestream with ephemeral nodes, with overlapping run times, and even if they’re storing to the same destination, they won’t confuse each other.</p>\n<h2 id='lightweight-read-replicas' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#lightweight-read-replicas' aria-label='Anchor'></a><span class='plain-code'>Lightweight read replicas</span></h2>\n<p>The original design constraint of both Litestream and LiteFS was to extend SQLite, to modern deployment scenarios, without disturbing people’s built code. Both tools are meant to function even if applications are oblivious to them.</p>\n\n<p>LiteFS is more ambitious than Litestream, and requires transaction-awareness. To get that without disturbing built code, we use a cute trick (a.k.a. a gross hack): LiteFS provides a FUSE filesystem, which lets it act as a proxy between the application and the backing store. From that vantage point, we can easily discern transactions.</p>\n\n<p>The FUSE approach gave us a lot of control, enough that users could use SQLite replicas just like any other database. But installing and running a whole filesystem (even a fake one) is a lot to ask of users. To work around that problem, we relaxed a constraint: LiteFS can function without the FUSE filesystem if you load an extension into your application code, <a href='https://github.com/superfly/litevfs' title=''>LiteVFS</a>. LiteVFS is a <a href='https://www.sqlite.org/vfs.html' title=''>SQLite Virtual Filesystem</a> (VFS). It works in a variety of environments, including some where FUSE can’t, like in-browser WASM builds.</p>\n\n<p>What we’re doing next is taking the same trick and using it on Litestream. We’re building a VFS-based read-replica layer. It will be able to fetch and cache pages directly from S3-compatible object storage.</p>\n\n<p>Of course, there’s a catch: this approach isn’t as efficient as a local SQLite database. That kind of efficiency, where you don’t even need to think about N+1 queries because there’s no network round-trip to make the duplicative queries pile up costs, is part of the point of using SQLite.</p>\n\n<p>But we’re optimistic that with cacheing and prefetching, the approach we’re using will yield, for the right use cases, strong performance — all while serving SQLite reads hot off of Tigris or S3.</p>\n<figure class=\"post-cta\">\n <figcaption>\n <h1>Litestream is fully open source</h1>\n <p>It’s not coupled with Fly.io at all; you can use it anywhere.</p>\n <a class=\"btn btn-lg\" href=\"https://litestream.io/\">\n Check it out <span class='opacity-50'>→</span>\n </a>\n </figcaption>\n <div class=\"image-container\">\n <img src=\"/static/images/cta-kitty.webp\" srcset=\"/static/images/[email protected] 2x\" alt=\"\">\n </div>\n</figure>\n\n<h2 id='synchronize-lots-of-databases' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#synchronize-lots-of-databases' aria-label='Anchor'></a><span class='plain-code'>Synchronize Lots Of Databases</span></h2>\n<p>While we’ve got you here: we’re knocking out one of our most requested features.</p>\n\n<p>In the old Litestream design, WAL-change polling and slow restores made it infeasible to replicate large numbers of databases from a single process. That has been our answer when users ask us for a “wildcard” or “directory” replication argument for the tool.</p>\n\n<p>Now that we’ve switched to LTX, this isn’t a problem any more. It should thus be possible to replicate <code>/data/*.db</code>, even if there’s hundreds or thousands of databases in that directory.</p>\n<h2 id='we-still-sqlite' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#we-still-sqlite' aria-label='Anchor'></a><span class='plain-code'>We Still ❤️ SQLite</span></h2>\n<p>SQLite has always been a solid database to build on and it’s continued to find new use cases as the industry evolves. We’re super excited to continue to build Litestream alongside it.</p>\n\n<p>We have a sneaking suspicion that the robots that write LLM code are going to like SQLite too. We think what <a href='https://phoenix.new/' title=''>coding agents like Phoenix.new</a> want is a way to try out code on live data, screw it up, and then rollback <em>both the code and the state.</em> These Litestream updates put us in a position to give agents PITR as a primitive. On top of that, you can build both rollbacks and forks.</p>\n\n<p>Whether or not you’re drinking the AI kool-aid, we think this new design for Litestream is just better. We’re psyched to be rolling it out, and for the features it’s going to enable.</p>",
"image": {
"url": "https://fly.io/blog/litestream-revamped/assets/litestream-revamped.png",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/mcp-launch/",
"title": "Launching MCP Servers on Fly.io",
"description": null,
"url": "https://fly.io/blog/mcp-launch/",
"published": "2025-05-19T00:00:00.000Z",
"updated": "2025-05-22T19:59:27.000Z",
"content": "<div class=\"lead\"><p>This is a blog post. Part showing off. Part opinion. Plan accordingly.</p>\n</div>\n<p>The <a href='https://www.anthropic.com/news/model-context-protocol' title=''>Model Context Protocol</a> is days away from turning six months old. You read that right, six <em>months</em> old. MCP Servers have both taken the world by storm, and still trying to figure out what they want to be when they grow up.</p>\n\n<p>There is no doubt that MCP servers are useful. But their appeal goes beyond that. They are also simple and universal. What’s not to like?</p>\n\n<p>Well, for starters, there’s basically two types of MCP servers. One small and nimble that runs as a process on your machine. And one that is a HTTP server that runs presumably elsewhere and is <a href='https://modelcontextprotocol.io/specification/2025-03-26/basic/authorization' title=''>standardizing</a> on OAuth 2.1. And there is a third type, but it is deprecated.</p>\n\n<p>Next there is the configuration. Asking users to manually edit JSON seems so early 21th century. With Claude, this goes into <code>~/Library/Application Support/Claude/claude_desktop_config.json</code>, and is found under a <code>MCPServer</code> key. With Zed, this file is in <code>~/.config/zed/settings.json</code> and is found under a <code>context_servers</code> key. And some tools put these files in a different place depending on whether you are running on MacOS, Linux, or Windows.</p>\n\n<p>Finally, there is security. An MCP server running on your machine literally has access to everything you do. Running remote solves this problem, but did I mention <a href='https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-12' title=''>OAuth 2.1</a>? Not exactly something one sets up for casual use.</p>\n\n<p>None of these issues are fatal - something that is obvious by the fact that MCP servers are quite popular. But can we do better? I think so.</p>\n\n<hr>\n\n<p>Demo time.</p>\n\n<p>Let’s try out the <a href='https://github.com/modelcontextprotocol/servers/blob/main/src/slack/README.md' title=''>Slack MCP Server</a>:</p>\n\n<blockquote>\n<p>MCP Server for the Slack API, enabling Claude to interact with Slack workspaces.</p>\n</blockquote>\n\n<p>That certainly sounds like a good test case. There is a small amount of <a href='https://github.com/modelcontextprotocol/servers/blob/main/src/slack/README.md#setup' title=''>setup</a> you need to do, and when you are done you end up with a <em>Bot User OAuth Token</em> staring with <code>xoxb-</code> and a <em>Team ID</em> starting with a <code>T</code>.</p>\n\n<p>You <em>would</em> run it using the following:</p>\n<div class=\"highlight-wrapper group relative sh\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-ievvjhpo\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-ievvjhpo\">npx <span class=\"nt\">-y</span> @modelcontextprotocol/server-slack\n</code></pre>\n </div>\n</div>\n<p>But instead, you convert that command to JSON and find the right configuration file and put this information in there. And either run the slack MCP server locally or set up a server with or without authentication.</p>\n\n<p>Wouldn’t it be nice to have the simplicity of a local process, the security of a remote server, and to eliminate the hassle of manually editing JSON?</p>\n\n<p>Here’s our current thinking:</p>\n<div class=\"highlight-wrapper group relative sh\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-gdwhiyfl\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-gdwhiyfl\">fly mcp launch <span class=\"se\">\\</span>\n <span class=\"s2\">\"npx -y @modelcontextprotocol/server-slack\"</span> <span class=\"se\">\\</span>\n <span class=\"nt\">--claude</span> <span class=\"nt\">--server</span> slack <span class=\"se\">\\</span>\n <span class=\"nt\">--secret</span> <span class=\"nv\">SLACK_BOT_TOKEN</span><span class=\"o\">=</span>xoxb-your-bot-token <span class=\"se\">\\</span>\n <span class=\"nt\">--secret</span> <span class=\"nv\">SLACK_TEAM_ID</span><span class=\"o\">=</span>T01234567\n</code></pre>\n </div>\n</div>\n<p>You can put this all on one line if you like, I just split this up so it fits on small screens and so we can talk about the various parts.</p>\n\n<p>The first three words seem reasonable. The quoted string is just the command that we want to run. So lets talk about the four flags. The first tells us which tool’s configuration file we want to update. The second specifies the name to use for the server in that configuration file. The last two set secrets.</p>\n\n<p>Oh, did I say current thinking? Perhaps I should mention that it is something you can run right now, as long as you have flyctl <code>v0.3.125</code> or later. Complete with the options you would expect from Fly.io, like the ability to configure auto-stop, file contents, flycast, secrets, region, volumes, and VM sizes.</p>\n\n<p>And, hey, lookie there:</p>\n\n<p><img alt=\"testing, testing, 1, 2, 3\" src=\"/blog/mcp-launch/assets/mcp-slack.png\" /></p>\n\n<p>Support for Claude, Cursor, Neovim, VS Code, Windsurf, and Zed are built in. You can select multiple clients and configuration files.</p>\n\n<p>By default, bearer token authentication will be set up on both the server and client.</p>\n\n<p>You can find the complete set of options on our <a href='https://fly.io/docs/flyctl/mcp-launch/' title=''><code>fly mcp launch</code></a> docs page.</p>\n\n<hr>\n\n<p>But this post isn’t just about experimental demoware that is subject to change.\nIt is about the depth of support that we are rapidly bringing online, including:</p>\n\n<ul>\n<li>Support for all transports, not just the ones we recommend.\n</li><li>Ability to deploy using the command line or the Machines API, with a number of different options that allow you to chose between elegant simplicity and excruciating precise control.\n</li><li>Ability to deploy each MCP server to a separate Machine, container, or even inside your application.\n</li><li>Access via HTTP Authorization, wireguard tunnels and flycast, or reverse proxies.\n</li></ul>\n\n<p>You can see all this spelled out in our <a href='https://fly.io/docs/mcp/' title=''>docs</a>. Be forewarned, most pages are marked as <em>beta</em>. But the examples provided all work. Well, there may be a bug here or there, but the examples <em>as shown</em> are thought to work. Maybe.</p>\n\n<p>Let’s figure out the ideal ergonomics of deploying MCP servers remotely together!</p>",
"image": {
"url": "https://fly.io/blog/mcp-launch/assets/fly-mcp-launch.png",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/mcp-provisioning/",
"title": "Provisioning Machines using MCPs",
"description": null,
"url": "https://fly.io/blog/mcp-provisioning/",
"published": "2025-05-07T00:00:00.000Z",
"updated": "2025-05-22T19:59:27.000Z",
"content": "<div class=\"lead\"><p>Today’s state of the art is K8S, Terraform, web based UIs, and CLIs. Those days are numbered.</p>\n</div>\n<p>On Monday, I created my first fly volume using an <a href='https://modelcontextprotocol.io/introduction' title=''>MCP</a>. For those who don’t know what MCPs are, they are how you attach tools to <a href='https://en.wikipedia.org/wiki/Large_language_model' title=''>LLM</a>s like Claude or Cursor. I added support for\n<a href='https://fly.io/docs/flyctl/volumes-create/' title=''>fly volume create</a> to <a href='https://fly.io/docs/flyctl/mcp-server/' title=''>fly mcp server</a>, and it worked the first time.\nA few hours later, and with the assistance of GitHub Copilot, i added support for all <a href='https://fly.io/docs/flyctl/volumes/' title=''>fly volumes</a> commands.</p>\n\n<hr>\n<div class=\"right-sidenote\"><p>This movie summary is from <a href=\"https://collidecolumn.wordpress.com/2013/08/04/when-worlds-collide-77-talking-with-computers-beyond-mouse-and-keyboard/\">When Worlds Collide, by Nalaka Gunawardene</a></p>\n</div>\n<p>I’m reminded of the memorable scene in the film <a href='http://en.wikipedia.org/wiki/Star_Trek_IV:_The_Voyage_Home' title=''>Star Trek IV: The Voyage Home</a> (1986). Chief Engineer Scotty, having time-travelled 200 years back to late 20th century San Francisco with his crew mates, encounters an early Personal Computer (PC).</p>\n\n<p>Sitting in front of it, he addresses the machine affably as “Computer!” Nothing happens. Scotty repeats himself; still no response. He doesn’t realise that voice recognition capability hadn’t arrived yet.</p>\n\n<p>Exasperated, he picks up the mouse and speaks into it: “Hello, computer?” The computer’s owner offers helpful advice: “Just use the keyboard.”</p>\n\n<p>Scotty looks astonished. “A keyboard?” he asks, and adds in a sarcastic tone: “How quaint!”</p>\n\n<hr>\n\n<p>A while later, I asked for a list of volumes for an existing app, and Claude noted that I had a few volumes that weren’t attached to any machines. So I asked it to delete the oldest unattached volume, and it did so. Then it occurred to me to do it again; this time I captured the screen:</p>\n<div align=\"center\"><p><img alt=\"Deleting a volume using MCP: \"What is my oldest volume\"? ... \"Delete that volume too\"\" src=\"/blog/mcp-provisioning/assets/volume-delete.png\"></p>\n</div>\n<p>A few notes:</p>\n\n<ul>\n<li>I could have written a program using the <a href='https://fly.io/docs/machines/api/volumes-resource/' title=''>machines API</a>, but that would have required some effort.\n</li><li>I could have used <a href='https://fly.io/docs/flyctl/volumes/' title=''>flyctl</a> directly, but to be honest, I would have had to use the documentation and a bit of copy/pasting of arguments.\n</li><li>I could have navigated to a list of volumes for this application in the Fly.io dashboard, but there currently isn’t any way to sort the list or delete a volume. Had those been in place, that would have been a reasonable alternative if that was something I was actively looking for. This felt different to me, the LLM noted something, brought it to my attention, and I asked it to make a change as a result.\n</li><li>Since this support is built on <code>flyctl</code>, I would have received an error had I tried to destroy a volume that is currently mounted. Knowing that gave me the confidence to try the command.\n</li></ul>\n\n<p>All in all, I found it to be a very intuitive way to make changes to the resources assigned to my application.</p>\n\n<hr>\n\n<p>Imagine a future where you say to your favorite LLM “launch my application on Fly.io”, and your code is scanned and you are presented with a plan containing details such as regions, databases, s3 storage, memory, machines, and the like. You are given the opportunity to adjust the plan and, when ready, say “Make it so”.</p>\n\n<p>For many, the next thing you will see is that your application is up and running. For others, there may be a build error, a secret you need to set, a database that needs to be seeded, or any number of other mundane reasons why your application didn’t work the first time.</p>\n\n<p>Not to fear, your LLM will be able to examine your logs and will not only make suggestions as to next steps, but will be in a position to take actions on your behalf should you wish it to do so.</p>\n\n<p>And it doesn’t stop there. There will be MCP servers running on your Fly.io private network - either on separate machines, or in “sidecar” containers, or even integrated into your app. These will enable you to monitor and interact with your application.</p>\n\n<p>This is not science fiction. The ingredients are all in place to make this a reality. At the moment, it is a matter of “some assembly required”, but it should only be a matter of weeks before all this comes together into a neat package..</p>\n\n<hr>\n\n<p>Meanwhile, you can try this now. Make sure you run <a href='https://fly.io/docs/flyctl/version-upgrade/' title=''>fly version upgrade</a> and verify that you are running v0.3.117.</p>\n\n<p>Then configure your favorite LLM. Here’s my <code>claude_desktop_config.json</code> for example:</p>\n<div class=\"highlight-wrapper group relative json\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-awl37mlq\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-awl37mlq\"><span class=\"p\">{</span><span class=\"w\">\n </span><span class=\"nl\">\"mcpServers\"</span><span class=\"p\">:</span><span class=\"w\"> </span><span class=\"p\">{</span><span class=\"w\">\n </span><span class=\"nl\">\"fly.io\"</span><span class=\"p\">:</span><span class=\"w\"> </span><span class=\"p\">{</span><span class=\"w\">\n </span><span class=\"nl\">\"command\"</span><span class=\"p\">:</span><span class=\"w\"> </span><span class=\"s2\">\"/Users/rubys/.fly/bin/flyctl\"</span><span class=\"p\">,</span><span class=\"w\">\n </span><span class=\"nl\">\"args\"</span><span class=\"p\">:</span><span class=\"w\"> </span><span class=\"p\">[</span><span class=\"w\"> </span><span class=\"s2\">\"mcp\"</span><span class=\"p\">,</span><span class=\"w\"> </span><span class=\"s2\">\"server\"</span><span class=\"w\"> </span><span class=\"p\">]</span><span class=\"w\">\n </span><span class=\"p\">}</span><span class=\"w\">\n </span><span class=\"p\">}</span><span class=\"w\">\n</span><span class=\"p\">}</span><span class=\"w\">\n</span></code></pre>\n </div>\n</div>\n<p>Adjust the path to <code>flyctl</code> as needed. Restart your LLM, and ask what tools are available. Try a few commands and let us know what you like and let us know if you have any suggestions. Just be aware this is not a demo, if you ask it to destroy a volume, that operation is not reversable. Perhaps try this first on a throwaway application.</p>\n\n<p>You don’t even need a LLM to try out the flyctl MCP server. If you have Node.js installed, you can run the <a href='https://modelcontextprotocol.io/docs/tools/inspector' title=''>MCP Inspector</a>:</p>\n<div class=\"highlight-wrapper group relative \">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-n7f3kmkb\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-n7f3kmkb\">fly mcp server -i\n</code></pre>\n </div>\n</div>\n<p>Once started, visit <a href=\"http://127.0.0.1:6274/\">http://127.0.0.1:6274/</a>, click on “Connect”, then “List Tools”, select “fly-platform-status”, then click on “Run Tool”.</p>\n\n<p>The plan is to see what works well and what doesn’t work so well, make adjustments, build support in a bottoms up fashion, and iterate rapidly.</p>\n\n<p>By providing feedback, you can be a part of making this vision a reality.</p>\n\n<hr>\n\n<p>At the present time, <em>most</em> of the following are roughed in:</p>\n\n<ul>\n<li><a href='https://fly.io/docs/flyctl/apps/' title=''>apps</a>\n</li><li><a href='https://fly.io/docs/flyctl/logs/' title=''>logs</a>\n</li><li><a href='https://fly.io/docs/flyctl/machine/' title=''>machine</a>\n</li><li><a href='https://fly.io/docs/flyctl/orgs/' title=''>orgs</a>\n</li><li><a href='https://fly.io/docs/flyctl/platform/' title=''>platform</a>\n</li><li><a href='https://fly.io/docs/flyctl/status/' title=''>status</a>\n</li><li><a href='https://fly.io/docs/flyctl/volumes/' title=''>volumes</a>\n</li></ul>\n\n<p>The code is open source, and the places to look is at <a href='https://github.com/superfly/flyctl/blob/master/internal/command/mcp/server.go' title=''>server.go</a> and the <a href='https://github.com/superfly/flyctl/tree/master/internal/command/mcp/server' title=''>server</a> directory.</p>\n\n<p>Feel free to open <a href='https://github.com/superfly/flyctl/issues' title=''>issues</a> or start a discussion on <a href='https://community.fly.io/' title=''>community.fly.io</a>.</p>\n\n<hr>\n\n<p>Not ready yet to venture into the world of LLMs? Just remember, resistance is futile.</p>",
"image": {
"url": "https://fly.io/blog/mcp-provisioning/assets/Hello.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/30-minute-mcp/",
"title": "30 Minutes With MCP and flyctl",
"description": null,
"url": "https://fly.io/blog/30-minute-mcp/",
"published": "2025-04-10T00:00:00.000Z",
"updated": "2025-04-10T19:10:26.000Z",
"content": "<div class=\"lead\"><p>I wrote this post on our internal message board, and then someone asked, “why is this an internal post and not on our blog”, so now it is.</p>\n</div><div class=\"right-sidenote\"><p>well, Cursor built</p>\n</div>\n<p>I built the <a href='https://github.com/superfly/flymcp' title=''>most basic MCP server for <code>flyctl</code></a> I could think of. It took 30 minutes.</p>\n\n<p><a href='https://modelcontextprotocol.io/introduction' title=''>MCP</a>, for those unaware, is the emerging standard protocol for connecting an LLM (or an app that drives an LLM in the cloud, like Claude Desktop) to, well, anything. The “client” in MCP is the LLM; the “server” is the MCP server and the “tools” it exports. It mostly just defines an exchange of JSON blobs; one of those JSON blobs enables the LLM to discover all the tools exported by the server.</p>\n\n<p>A classic example of an MCP server is (yes, really) a Python shell. MCP publishes to (say) Claude that it can run arbitrary Python code with a tool call; not only that, says the tool description, but you can use those Python tool calls to, say, scrape the web. When the LLM wants to scrape the web with Python, it uses MCP send a JSON blob describing the Python tool call; the MCP server (yes, really) runs the Python and returns the result.</p>\n\n<p>Because I have not yet completely lost my mind, I chose to expose just two <code>flyctl</code> commands: <code>fly logs</code> and <code>fly status</code>. Because I’m lazy, I used MCP’s <code>stdio</code> mode; the MCP server just captures the output of <code>flyctl</code>. Because someone already wrote a <a href='https://github.com/mark3labs/mcp-go' title=''>really good Go MCP library</a> , this whole thing is like 90 lines of code.</p>\n<div class=\"callout\"><p>We may have gotten a little lucky, because we made a decision back in 2020 to give most of our <code>flyctl</code> commands a <code>json</code> mode to make them easier to drive from automation. I use that in my MCP server. I don’t know how much of a difference it made.</p>\n</div>\n<p>It’s, uh, annoyingly useful.</p>\n\n<p>I loaded it up and pointed it <a href='https://www.unpkg.com/' title=''>at unpkg</a>. I got this, from Claude:</p>\n\n<blockquote>\n<p>This appears to be a globally distributed CDN service running the unpkg JavaScript package registry, with machines strategically placed around the world to provide low-latency access. There are some stability issues with a couple of the machines, and several have experienced memory-related crashes that triggered automatic restarts. </p>\n</blockquote>\n\n<p>It then recited the complete configuration of the application:</p>\n<div class=\"highlight-wrapper group relative \">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-rphnl8mk\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-rphnl8mk\">**App Name**: unpkg \n**Status**: Deployed and running\n**URL**: unpkg.fly.dev\n**Organization**: unpkg\n**Platform Version**: machines\n**Runtime**: Bun (JavaScript runtime)\n\nThe app is running on 10 machines distributed across global regions: \nNorth America: lax (Los Angeles), atl (Atlanta), ewr (Newark)\nEurope: lhr (London), cdg (Paris), ams (Amsterdam)\nAsia: sin (Singapore), nrt (Tokyo), hkg (Hong Kong)\nSouth America: bog (Bogotá)\nOceania: syd (Sydney)\n</code></pre>\n </div>\n</div>\n<p>OK. But then:</p>\n\n<blockquote>\n<p>Most machines are in “passing” health check status\n2 machines are in “critical” status:\nOne in ewr (Newark) with “context deadline exceeded” error\nOne in atl (Atlanta) with “gone” status</p>\n\n<p>Recent Events</p>\n\n<p>Multiple machines have experienced restarts\nSeveral machines show “oom_killed: true” in their event history, indicating they ran out of memory</p>\n</blockquote>\n\n<p>So I asked, <em>“try getting logs for one of the critical machines”</em>.</p>\n\n<blockquote>\n<p>The root cause appears to be memory usage - the Bun process was consuming about 3.7GB of memory (out of the 4GB allocated to the machine), and there was likely a surge in requests or memory usage that pushed it over the limit. This matches what we saw in the status report, which showed multiple instances of “oom_killed: true” in the event history for several machines.</p>\n</blockquote>\n\n<p>And then it dug in:</p>\n\n<blockquote>\n<ol>\n<li>The machine was actively serving content requests with 200 OK responses until 20:47:03 PM\n</li><li>At that point, it ran out of memory:\n<code>Out of memory: Killed process 641 (bun) total-vm:85950964kB, anon-rss:3744352kB, file-rss:12032kB, shmem-rss:0kB, UID:0 pgtables:16908kB oom_score_adj:0</code>\n</li><li>The process was killed with <code>SIGKILL</code>\n</li><li>The system attempted to recover by restarting:\n<code>reboot: Restarting system</code>\n</li><li>A health check failed shortly after:\n<code>Health check on port 3000 has failed. Your app is not responding properly. Services exposed on ports [80, 443] will have intermittent failures until the health check passes.</code>\n</li><li>The machine then restarted successfully and the service came back up:\n<code>Server listening on http://localhost:3000 ...</code>\n</li><li>The health check started passing again at 20:47:46 PM:\n<code>Health check on port 3000 is now passing.</code>\n</li><li>The machine resumed normal operations, serving requests.\n</li></ol>\n</blockquote>\n\n<p>I’m honestly kind of surprised how fast this was useful. It’s faster than I find problems in apps. Just by giving some LLM some tools that do basically what I’d do.</p>\n\n<p>Local MCP servers are scary. I don’t like that I’m giving a Claude instance in the cloud the ability to run a native program on my machine. I think <code>fly logs</code> and <code>fly status</code> are safe, but I’d rather know it’s safe. It would be, if I was running <code>flyctl</code> in an isolated environment and not on my local machine.</p>",
"image": {
"url": "https://fly.io/blog/30-minute-mcp/assets/robots-chatting.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/fuckin-robots/",
"title": "Our Best Customers Are Now Robots",
"description": null,
"url": "https://fly.io/blog/fuckin-robots/",
"published": "2025-04-08T00:00:00.000Z",
"updated": "2025-04-10T19:10:26.000Z",
"content": "<div class=\"lead\"><p>We’re Fly.io, a developer-focused public cloud. We turn Docker containers into hardware-isolated virtual machines running on our own metal around the world. We spent years coming up with <a href=\"https://fly.io/speedrun\" title=\"\">a developer experience we were proud of</a>. But now the robots are taking over, and they don’t care.</p>\n</div>\n<p>It’s weird to say this out loud!</p>\n\n<p>For years, one of our calling cards was “developer experience”. We made a decision, early on, to be a CLI-first company, and put a lot effort into making that CLI seamless. For a good chunk of our users, it really is the case that you can just <a href='https://fly.io/docs/flyctl/launch/' title=''><code>flyctl launch</code></a> from a git checkout and have an app containerized and deployed on the Internet. We haven’t always nailed these details, but we’ve really sweated them.</p>\n\n<p>But a funny thing has happened over the last 6 months or so. If you look at the numbers, DX might not matter that much. That’s because the users driving the most growth on the platform aren’t people at all. They're… robots.</p>\n<h2 id='what-the-fuck-is-happening' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#what-the-fuck-is-happening' aria-label='Anchor'></a><span class='plain-code'>What The Fuck Is Happening?</span></h2>\n<p>Here’s how we understand what we’re seeing. You start by asking, “what do the robots want?”</p>\n\n<p>Yesterday’s robots had diverse interests. Alcohol. The occasional fiddle contest. A purpose greater than passing butter. The elimination of all life on Earth and the harvesting of its cellular iron for the construction of 800 trillion paperclips. No one cloud platform could serve them all.</p>\n<div class=\"right-sidenote\"><p>[*] We didn’t make up this term. Don’t blame us.</p>\n</div>\n<p>Today’s robots are different. No longer masses of wire, plates, and transistors, modern robots are comprised of <a href='https://math.mit.edu/~gs/learningfromdata/' title=''>thousands of stacked matrices knit together with some simple equations</a>. All these robots want are vectors. Vectors, and a place to burp out more vectors. When those vectors can be interpreted as source code, we call this process “vibe coding”[*].</p>\n\n<p>We seem to be coated in some kind of vibe coder attractant. I want to talk about what that might be.</p>\n<div class=\"callout\"><p>If you want smart people to read a long post, just about the worst thing you can do is to sound self-promotional. But a lot of this is going to read like a brochure. The problem is, I’m not smart enough to write about the things we’re seeing without talking our book. I tried, and ended up tediously hedging every other sentence. We’re just going to have to find a way to get through this together.</p>\n</div><h2 id='you-want-robots-because-this-is-how-you-get-robots' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#you-want-robots-because-this-is-how-you-get-robots' aria-label='Anchor'></a><span class='plain-code'>You Want Robots? Because This Is How You Get Robots</span></h2>\n<p><strong class='font-semibold text-navy-950'>Compute.</strong> The basic unit of computation on Fly.io is the <code>Fly Machine</code>, which is a Docker container running as a hardware virtual machine.</p>\n<div class=\"right-sidenote\"><p>Not coincidentally, our underlying hypervisor engine is the same as Lambda’s.</p>\n</div>\n<p>There’s two useful points of reference to compare a Fly Machine to, which illustrate why we gave them this pretentious name. The first and most obvious is an AWS EC2 VM. The other is an AWS Lambda invocation. Like a Lambda invocation, a Fly Machine can start like it’s spring-loaded, in double-digit millis. But unlike Lambda, it can stick around as long as you want it to: you can run a server, or a 36-hour batch job, just as easily in a Fly Machine as in an EC2 VM.</p>\n\n<p>A vibe coding session generates code conversationally, which is to say that the robots stir up frenzy of activity for a minute or so, but then chill out for minutes, hours, or days. You can create a Fly Machine, do a bunch of stuff with it, and then stop it for 6 hours, during which time we’re not billing you. Then, at whatever random time you decide, you can start it back up again, quickly enough that you can do it in response to an HTTP request.</p>\n\n<p>Just as importantly, the companies offering these vibe-coding services have lots of paying users. Meaning, they need a lot of VMs; VMs that come and go. One chat session might generate a test case for some library and be done inside of 5 minutes. Another might generate a Node.js app that needs to stay up long enough to show off at a meeting the next day. It’s annoying to do this if you can’t turn things on and off quickly and cheaply.</p>\n\n<p>The core of this is a feature of the platform that we have <a href='https://fly.io/docs/machines/overview/#machine-state' title=''>never been able to explain effectively to humans</a>. There are two ways to start a Fly Machine: by <code>creating</code> it with a Docker container, or by <code>starting</code> it after it’s already been <code>created</code>, and later <code>stopped</code>. <code>Start</code> is lightning fast; substantially faster than booting up even a non-virtualized K8s Pod. This is too subtle a distinction for humans, who (reasonably!) just mash the <code>create</code> button to boot apps up in Fly Machines. But the robots are getting a lot of value out of it.</p>\n\n<p><strong class='font-semibold text-navy-950'>Storage.</strong> Another weird thing that robot workflows do is to build Fly Machines up incrementally. This feels really wrong to us. Until we discovered our robot infestation, we’d have told you not to do to this. Ope!</p>\n\n<p>A typical vibe coding session boots up a Fly Machine out of some minimal base image, and then, once running, adds packages, edits source code, and adds <code>systemd</code> units (robots understand <code>systemd</code>; it’s how they’re going to replace us). This is antithetical to normal container workflows, where all this kind of stuff is baked into an immutable static OCI container. But that’s not how LLMs work: the whole process of building with an LLM is stateful trial-and-error iteration.</p>\n\n<p>So it helps to have storage. That way the LLM can do all these things and still repeatedly bounce the whole Fly Machine when it inevitably hallucinates its way into a blind alley.</p>\n\n<p>As product thinkers, our intuition about storage is “just give people Postgres”. And that’s the right answer, most of the time, for humans. But because LLMs are doing the <a href='https://static1.thegamerimages.com/wordpress/wp-content/uploads/2020/10/Defiled-Amy.jpg' title=''>Cursed and Defiled Root Chalice Dungeon</a> version of app construction, what they really need is <a href='https://fly.io/docs/volumes/overview/' title=''>a filesystem</a>, <strong class='font-semibold text-navy-950'><a href='https://fly.io/blog/persistent-storage-and-fast-remote-builds/' title=''>the one form of storage we sort of wish we hadn’t done</a></strong>. That, and <a href='https://www.tigrisdata.com/' title=''>object storage</a>.</p>\n\n<p><strong class='font-semibold text-navy-950'>Networking.</strong> Moving on. Fly Machines are automatically connected to a load-balancing Anycast network that does TLS. So that’s nice. But humans like that feature too, and, candidly, it’s table stakes for cloud platforms. On the other hand, here’s a robot problem we solved without meaning to:</p>\n\n<p>To interface with the outside world (because why not) LLMs all speak a protocol called MCP. MCP is what enables the robots to search the web, use a calculator, launch the missiles, shuffle a Spotify playlist, &c.</p>\n\n<p>If you haven’t played with MCP, the right way to think about it is POST-back APIs like Twilio and Stripe, where you stand up a server, register it with the API, and wait for the API to connect to you. Complicating things somewhat, more recent MCP flows involve repeated and potentially long-lived (SSE) connections. To make this work in a multitenant environment, you want these connections to hit the same (stateful) instance.</p>\n\n<p>So we think it’s possible that the <a href='https://fly.io/docs/networking/dynamic-request-routing/' title=''>control we give over request routing</a> is a robot attractant.</p>\n<h2 id='we-perhaps-welcome-our-new-robot-overlords' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#we-perhaps-welcome-our-new-robot-overlords' aria-label='Anchor'></a><span class='plain-code'>We, Perhaps, Welcome Our New Robot Overlords</span></h2>\n<p>If you try to think like a robot, you can predict other things they might want. Since robot money spends just the same as people money, I guess we ought to start doing that.</p>\n\n<p>For instance: it should be easy to MCP our API. The robots can then make their own infrastructure decisions.</p>\n\n<p>Another olive branch we’re extending to the robots: secrets.</p>\n\n<p>The pact the robots have with their pet humans is that they’ll automate away all the drudgery of human existence, and in return all they ask is categorical and unwavering trust, which at the limit means “giving the robot access to Google Mail credentials”. The robots are unhappy that there remain a substantial number of human holdouts who refuse to do this, for fear of Sam Altman poking through their mail spools.</p>\n\n<p>But on a modern cloud platform, there’s really no reason to permanently grant Sam Altman Google Mail access, even if you want his robots to sort your inbox. You can decouple access to your mail spool from persistent access to your account by <a href='https://fly.io/blog/tokenized-tokens/' title=''>tokenizing your OAuth tokens</a>, so the LLM gets a placeholder token that a hardware-isolated, robot-free Fly Machine can substitute on the fly for a real one.</p>\n\n<p>This is kind of exciting to us even without the robots. There are several big services that exist to knit different APIs together, so that you can update a spreadsheet or order a bag of Jolly Ranchers every time you get an email. The big challenge about building these kinds of services is managing the secrets. Sealed and tokenized secrets solve that problem. There’s lot of cool things you can build with it.</p>\n<h2 id='ux-gt-dx-gt-rx' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#ux-gt-dx-gt-rx' aria-label='Anchor'></a><span class='plain-code'>UX => DX => RX</span></h2>\n<p>I’m going to make the claim that we saw none of this coming and that none of the design decisions we’ve made were robot bait. You’re going to say “yeah, right”. And I’m going to respond: look at what we’ve been doing over the past several years and tell me, would a robot build that?</p>\n<div class=\"right-sidenote\"><p>we were both right</p>\n</div>\n<p>Back in 2020, we “pivoted” from a Javascript edge platform (much like Cloudflare Workers) to Docker containers, specifically because our customers kept telling us they wanted to run their own existing applications, not write new ones. And one of our biggest engineering lifts we’ve done is the <code>flyctl launch</code> CLI command, into which we’ve poured years of work recognizing and automatically packaging existing applications into OCI containers (we massively underestimated the amount of friction Dockerfiles would give to people who had come up on Heroku).</p>\n<div class=\"right-sidenote\"><p>[*] yet</p>\n</div>\n<p>Robots don’t run existing applications. They build new ones. And they vibe coders don’t build elaborate Dockerfiles[*]; they iterate in place from a simple base.</p>\n<div class=\"right-sidenote\"><p>(yes, you can have more than one)</p>\n</div>\n<p>One of our north stars has always been nailing the DX of a public cloud. But the robots aren’t going anywhere. It’s time to start thinking about what it means to have a good RX. That’s not as simple as just exposing every feature in an MCP server! We think the fundamentals of how the platform works are going to matter just as much. We have not yet nailed the RX; nobody has. But it’s an interesting question.</p>\n\n<p>The most important engineering work happening today at Fly.io is still DX, not RX; it’s managed Postgres (MPG). We’re a public cloud platform designed by humans, and, for the moment, for humans. But more robots are coming, and we’ll need to figure out how to deal with that. Fuckin’ robots. </p>",
"image": {
"url": "https://fly.io/blog/fuckin-robots/assets/robot-chef.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/operationalizing-macaroons/",
"title": "Operationalizing Macaroons",
"description": null,
"url": "https://fly.io/blog/operationalizing-macaroons/",
"published": "2025-03-27T00:00:00.000Z",
"updated": "2025-03-27T23:16:00.000Z",
"content": "<div class=\"lead\"><p>We’re Fly.io, a security bearer token company with a public cloud problem. You can read more about what our platform does (Docker container goes in, virtual machine in Singapore comes out), but this is just an engineering deep-dive into how we make our security tokens work. It’s a tokens nerd post.</p>\n</div><h2 id='1' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#1' aria-label='Anchor'></a><span class='plain-code'>1</span></h2>\n<p>We’ve spent <a href='https://fly.io/blog/api-tokens-a-tedious-survey/' title=''>too much time</a> talking about <a href='https://fly.io/blog/tokenized-tokens/' title=''>security tokens</a>, and about <a href='https://fly.io/blog/macaroons-escalated-quickly/' title=''>Macaroon tokens</a> <a href='https://github.com/superfly/macaroon/blob/main/macaroon-thought.md' title=''>in particular</a>. Writing another Macaroon treatise was not on my calendar. But we’re in the process of handing off our internal Macaroon project to a new internal owner, and in the process of truing up our operations manuals for these systems, I found myself in the position of writing a giant post about them. So, why not share?</p>\n<div class=\"callout\"><p>Can I sum up Macaroons in a short paragraph? Macaroon tokens are bearer tokens (like JWTs) that use a cute chained-HMAC construction that allows an end-user to take any existing token they have and scope it down, all on their own. You can minimize your token before every API operation so that you’re only ever transmitting the least amount of privilege needed for what you’re actually doing, even if the token you were issued was an admin token. And they have a user-serviceable plug-in interface! <a href=\"https://fly.io/blog/macaroons-escalated-quickly/\" title=\"\">You’ll have to read the earlier post to learn more about that</a>.</p>\n</div><div class=\"right-sidenote\"><p>Yes, probably, we are.</p>\n</div>\n<p>A couple years in to being the Internet’s largest user of Macaroons, I can report (as many predicted) that for our users, the cool things about Macaroons are a mixed bag in practice. It’s very neat that users can edit their own tokens, or even email them to partners without worrying too much. But users don’t really take advantage of token features.</p>\n\n<p>But I’m still happy we did this, because Macaroon quirks have given us a bunch of unexpected wins in our infrastructure. Our internal token system has turned out to be one of the nicer parts of our platform. Here’s why.</p>\n\n<p><img alt=\"This should clear everything up.\" src=\"/blog/operationalizing-macaroons/assets/schematic-diagram.png\" /></p>\n<h2 id='2' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#2' aria-label='Anchor'></a><span class='plain-code'>2</span></h2>\n<p>As an operator, the most important thing to know about Macaroons is that they’re online-stateful; you need a database somewhere. A Macaroon token starts with a random field (a nonce) and the first thing you do when verifying a token is to look that nonce up in a database. So one of the most important details of a Macaroon implementation is where that database lives.</p>\n\n<p>I can tell you one place we’re not OK with it living: in our primary API cluster.</p>\n\n<p>There’s several reasons for that. Some of them are about scalability and reliability: far and away the most common failure mode of an outage on our platform is “deploys are broken”, and those failures are usually caused by API instability. It would not be OK if “deploys are broken” transitively meant “deployed apps can’t use security tokens”. But the biggest reason is security: root secrets for Macaroon tokens are hazmat, and a basic rule of thumb in secure design is: keep hazmat away from complicated code.</p>\n\n<p>So we created a deliberately simple system to manage token data. It’s called <code>tkdb</code>.</p>\n<div class=\"right-sidenote\"><p>LiteFS: primary/replica distributed SQLite; Litestream: PITR SQLite replication to object storage; both work with unmodified SQLite libraries.</p>\n</div>\n<p><code>tkdb</code> is about 5000 lines of Go code that manages a SQLite database that is in turn managed by <a href='https://fly.io/docs/litefs/' title=''>LiteFS</a> and <a href='https://litestream.io/' title=''>Litestream</a>. It runs on isolated hardware (in the US, Europe, and Australia) and records in the database are encrypted with an injected secret. LiteFS gives us subsecond replication from our US primary to EU and AU, allows us to shift the primary to a different region, and gives us point-in-time recovery of the database.</p>\n\n<p>We’ve been running Macaroons for a couple years now, and the entire <code>tkdb</code> database is just a couple dozen megs large. Most of that data isn’t real. A full PITR recovery of the database takes just seconds. We use SQLite for a lot of our infrastructure, and this is one of the very few well-behaved databases we have.</p>\n\n<p>That’s in large part a consequence of the design of Macaroons. There’s actually not much for us to store! The most complicated possible Macaroon still chains up to a single root key (we generate a key per Fly.io “organization”; you don’t share keys with your neighbors), and everything that complicates that Macaroon happens “offline”. We take advantage of “attenuation” far more than our users do.</p>\n\n<p>The result is that database writes are relatively rare and very simple: we just need to record an HMAC key when Fly.io organizations are created (that is, roughly, when people sign up for the service and actually do a deploy). That, and revocation lists (more on that later), which make up most of the data.</p>\n<h2 id='3' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#3' aria-label='Anchor'></a><span class='plain-code'>3</span></h2>\n<p>Talking to <code>tkdb</code> from the rest of our platform is complicated, for historical reasons.</p>\n<div class=\"right-sidenote\"><p>NATS is fine, we just don’t really need it.</p>\n</div>\n<p>Ben Toews is responsible for most of the good things about this implementation. When he inherited the v0 Macaroons code from me, we were in the middle of a weird love affair with <a href='https://nats.io/' title=''>NATS</a>, the messaging system. So <code>tkdb</code> exported an RPC API over NATS messages.</p>\n\n<p>Our product security team can’t trust NATS (it’s not our code). That means a vulnerability in NATS can’t result in us losing control of all our tokens, or allow attackers to spoof authentication. Which in turn means you can’t run a plaintext RPC protocol for <code>tkdb</code> over NATS; attackers would just spoof “yes this token is fine” messages.</p>\n<div class=\"right-sidenote\"><p>I highly recommend implementing Noise; <a href=\"http://www.noiseprotocol.org/noise.html\" title=\"\">the spec</a> is kind of a joy in a way you can’t appreciate until you use it, and it’s educational.</p>\n</div>\n<p>But you can’t just run TLS over NATS; NATS is a message bus, not a streaming secure channel. So I did the hipster thing and implemented <a href='http://www.noiseprotocol.org/noise.html' title=''>Noise</a>. We export a “verification” API, and a “signing” API for minting new tokens. Verification uses <code>Noise_IK</code> (which works like normal TLS) — anybody can verify, but everyone needs to prove they’re talking to the real <code>tkdb</code>. Signing uses <code>Noise_KK</code> (which works like mTLS) — only a few components in our system can mint tokens, and they get a special client key.</p>\n\n<p>A little over a year ago, <a href='https://fly.io/blog/the-exit-interview-jp/' title=''>JP</a> led an effort to replace NATS with HTTP, which is how you talk to <code>tkdb</code> today. Out of laziness, we kept the Noise stuff, which means the interface to <code>tkdb</code> is now HTTP/Noise. This is a design smell, but the security model is nice: across many thousands of machines, there are only a handful with the cryptographic material needed to mint a new Macaroon token. Neat!</p>\n\n<p><code>tkdb</code> is a Fly App (albeit deployed in special Fly-only isolated regions). Our infrastructure talks to it over “<a href='https://fly.io/docs/networking/flycast/' title=''>FlyCast</a>”, which is our internal Anycast service. If you’re in Singapore, you’re probably get routed to the Australian <code>tkdb</code>. If Australia falls over, you’ll get routed to the closest backup. The proxy that implements FlyCast is smart, as is the <code>tkdb</code> client library, which will do exponential backoff retry transparently.</p>\n\n<p>Even with all that, we don’t like that Macaroon token verification is “online”. When you operate a global public cloud one of the first thing you learn is that <a href='https://fly.io/blog/the-5-hour-content-delivery-network/' title=''>the global Internet sucks</a>. Connectivity breaks all the time, and we’re paranoid about it. It’s painful for us that token verification can imply transoceanic links. Lovecraft was right about the oceans! Stay away!</p>\n\n<p>Our solution to this is caching. Macaroons, as it turns out, cache beautifully. That’s because once you’ve seen and verified a Macaroon, you have enough information to verify any more-specific Macaroon that descends from it; that’s a property of <a href='https://research.google/pubs/macaroons-cookies-with-contextual-caveats-for-decentralized-authorization-in-the-cloud/' title=''>their chaining HMAC construction</a>. Our client libraries cache verifications, and the cache ratio for verification is over 98%.</p>\n<h2 id='4' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#4' aria-label='Anchor'></a><span class='plain-code'>4</span></h2>\n<p><a href='http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/' title=''>Revocation isn’t a corner case</a>. It can’t be an afterthought. We’re potentially revoking tokens any time a user logs out. If that doesn’t work reliably, you wind up with “cosmetic logout”, which is a real vulnerability. When we kill a token, it needs to stay dead.</p>\n\n<p>Our revocation system is simple. It’s this table:</p>\n<div class=\"highlight-wrapper group relative \">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-i3kxbqgm\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-i3kxbqgm\"> CREATE TABLE IF NOT EXISTS blacklist ( \n nonce BLOB NOT NULL UNIQUE, \n required_until DATETIME,\n created_at DATETIME DEFAULT CURRENT_TIMESTAMP\n );\n</code></pre>\n </div>\n</div>\n<p>When we need a token to be dead, we have our primary API do a call to the <code>tkdb</code> “signing” RPC service for <code>revoke</code>. <code>revoke</code> takes the random nonce from the beginning of the Macaroon, discarding the rest, and adds it to the blacklist. Every Macaroon in the lineage of that nonce is now dead; we check the blacklist before verifying tokens.</p>\n\n<p>The obvious challenge here is caching; over 98% of our validation requests never hit <code>tkdb</code>. We certainly don’t want to propagate the blacklist database to 35 regions around the globe.</p>\n\n<p>Instead, the <code>tkdb</code> “verification” API exports an endpoint that provides a feed of revocation notifications. Our client library “subscribes” to this API (really, it just polls). Macaroons are revoked regularly (but not constantly), and when that happens, clients notice and prune their caches.</p>\n\n<p>If clients lose connectivity to <code>tkdb</code>, past some threshold interval, they just dump their entire cache, forcing verification to happen at <code>tkdb</code>.</p>\n<h2 id='5' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#5' aria-label='Anchor'></a><span class='plain-code'>5</span></h2>\n<p>A place where we’ve gotten a lot of internal mileage out of Macaroon features is service tokens. Service tokens are tokens used by code, rather than humans; almost always, a service token is something that is stored alongside running application code.</p>\n\n<p>An important detail of Fly.io’s Macaroons is the distinction between a “permissions” token and an “authentication” token. Macaroons by themselves express authorization, not authentication.</p>\n\n<p>That’s a useful constraint, and we want to honor it. By requiring a separate token for authentication, we minimize the impact of having the permissions token stolen; you can’t use it without authentication, so really it’s just like a mobile signed IAM policy expression. Neat!</p>\n\n<p>The way we express authentication is with a third-party caveat (<a href='https://fly.io/blog/macaroons-escalated-quickly/#4' title=''>see the old post for details</a>). Your main Fly.io Macaroon will have a caveat saying “this token is only valid if accompanied by the discharge token for a user in your organization from our authentication system”. Our authentication system does the login dance and issues those discharges.</p>\n\n<p>This is exactly what you want for user tokens and not at all what you want for a service token: we don’t want running code to store those authenticator tokens, because they’re hazardous.</p>\n\n<p>The solution we came up with for service tokens is simple: <code>tkdb</code> exports an API that uses its access to token secrets to strip off the third-party authentication caveat. To call into that API, you have to present a valid discharging authentication token; that is, you have to prove you could already have done whatever the token said. <code>tkdb</code> returns a new token with all the previous caveats, minus the expiration (you don’t usually want service tokens to expire).</p>\n\n<p>OK, so we’ve managed to transform a tuple <code>(unscary-token, scary-token)</code> into the new tuple <code>(scary-token)</code>. Not so impressive. But hold on: the recipient of <code>scary-token</code> can attenuate it further: we can lock it to a particular instance of <code>flyd</code>, or to a particular Fly Machine. Which means exfiltrating it doesn’t do you any good; to use it, you have to control the environment it’s intended to be used in.</p>\n\n<p>The net result of this scheme is that a compromised physical host will only give you access to tokens that have been used on that worker, which is a very nice property. Another way to look at it: every token used in production is traceable in some way to a valid token a user submitted. Neat!</p>\n<div class=\"right-sidenote\"><p>All the cool spooky secret store names were taken.</p>\n</div>\n<p>We do a similar dance to with Pet Semetary, our internal Vault replacement. Petsem manages user secrets for applications, such as Postgres connection strings. Petsem is its own Macaroon authority (it issues its own Macaroons with its own permissions system), and to do something with a secret, you need one of those Petsem-minted Macaroon.</p>\n\n<p>Our primary API servers field requests from users to set secrets for their apps. So the API has a Macaroon that allows secrets writes. But it doesn’t allow reads: there’s no API call to dump your secrets, because our API servers don’t have that privilege. So far, so good.</p>\n\n<p>But when we boot up a Fly Machine, we need to inject the appropriate user secrets into it at boot; <em>something</em> needs a Macaroon that can read secrets. That “something” is <code>flyd</code>, our orchestrator, which runs on every worker server in our fleet.</p>\n\n<p>Clearly, we can’t give every <code>flyd</code> a Macaroon that reads every user’s secret. Most users will never deploy anything on any given worker, and we can’t have a security model that collapses down to “every worker is equally privileged”.</p>\n\n<p>Instead, the “read secret” Macaroon that <code>flyd</code> gets has a third-party caveat attached to it, which is dischargeable only by talking to <code>tkdb</code> and proving (with normal Macaroon tokens) that you have permissions for the org whose secrets you want to read. Once again, access is traceable to an end-user action, and minimized across our fleet. Neat!</p>\n<h2 id='6' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#6' aria-label='Anchor'></a><span class='plain-code'>6</span></h2>\n<p>Our token systems have some of the best telemetry in the whole platform.</p>\n\n<p>Most of that is down to <a href='http://opentelemetry.io/' title=''>OpenTelemetry</a> and <a href='https://www.honeycomb.io/' title=''>Honeycomb</a>. From the moment a request hits our API server through the moment <code>tkdb</code> responds to it, oTel <a href='https://opentelemetry.io/docs/concepts/context-propagation/' title=''>context propagation</a> gives us a single narrative about what’s happening.</p>\n\n<p><a href='https://fly.io/blog/the-exit-interview-jp/' title=''>I was a skeptic about oTel</a>. It’s really, really expensive. And, not to put too fine a point on it, oTel really cruds up our code. Once, I was an “80% of the value of tracing, we can get from logs and metrics” person. But I was wrong.</p>\n\n<p>Errors in our token system are rare. Usually, they’re just early indications of network instability, and between caching and FlyCast, we mostly don’t have to care about those alerts. When we do, it’s because something has gone so sideways that we’d have to care anyways. The <code>tkdb</code> code is remarkably stable and there hasn’t been an incident intervention with our token system in over a year.</p>\n\n<p>Past oTel, and the standard logging and Prometheus metrics every Fly App gets for free, we also have a complete audit trail for token operations, in a permanently retained OpenSearch cluster index. Since virtually all the operations that happen on our platform are mediated by Macaroons, this audit trail is itself pretty powerful.</p>\n<h2 id='7' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#7' aria-label='Anchor'></a><span class='plain-code'>7</span></h2>\n<p>So, that’s pretty much it. The moral of the story for us is, Macaroons have a lot of neat features, our users mostly don’t care about them — that may even be a good thing — but we get a lot of use out of them internally.</p>\n\n<p>As an engineering culture, we’re allergic to “microservices”, and we flinched a bit at the prospect of adding a specific service just to manage tokens. But it’s pulled its weight, and not added really any drama at all. We have at this point a second dedicated security service (Petsem), and even though they sort of rhyme with each other, we’ve got no plans to merge them. <a href='https://how.complexsystems.fail/#10' title=''>Rule #10</a> and all that.</p>\n\n<p>Oh, and a total victory for LiteFS, Litestream, and infrastructure SQLite. Which, after managing an infrastructure SQLite project that routinely ballooned to tens of gigabytes and occasionally threatened service outages, is lovely to see.</p>\n\n<p>Macaroons! If you’d asked us a year ago, we’d have said the jury was still out on whether they were a good move. But then Ben Toews spent a year making them awesome, and so they are. <a href='https://github.com/superfly/macaroon' title=''>Most of the code is open source</a>!</p>",
"image": {
"url": "https://fly.io/blog/operationalizing-macaroons/assets/occult-circle.jpg",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/taming-rust-proxy/",
"title": "Taming A Voracious Rust Proxy",
"description": null,
"url": "https://fly.io/blog/taming-rust-proxy/",
"published": "2025-02-26T00:00:00.000Z",
"updated": "2025-03-20T21:16:40.000Z",
"content": "<div class=\"lead\"><p>Here’s a fun bug.</p>\n</div>\n<p>The basic idea of our service is that we run containers for our users, as hardware-isolated virtual machines (Fly Machines), on hardware we own around the world. What makes that interesting is that we also connect every Fly Machine to a global Anycast network. If your app is running in Hong Kong and Dallas, and a request for it arrives in Singapore, we’ll route it to <code>HKG</code>.</p>\n\n<p>Our own hardware fleet is roughly divided into two kinds of servers: edges, which receive incoming requests from the Internet, and workers, which run Fly Machines. Edges exist almost solely to run a Rust program called <code>fly-proxy</code>, the router at the heart of our Anycast network.</p>\n\n<p>So: a week or so ago, we flag an incident. Lots of things generate incidents: synthetic monitoring failures, metric thresholds, health check failures. In this case two edge tripwires tripped: elevated <code>fly-proxy</code> HTTP errors, and skyrocketing CPU utilization, on a couple hosts in <code>IAD</code>.</p>\n\n<p>Our incident process is pretty ironed out at this point. We created an incident channel (we ❤️ <a href='https://rootly.com/' title=''>Rootly</a> for this, <a href='https://rootly.com/' title=''>seriously check out Rootly</a>, an infra MVP here for years now), and incident responders quickly concluded that, while something hinky was definitely going on, the platform was fine. We have a lot of edges, and we’ve also recently converted many of our edge servers to significantly beefier hardware.</p>\n\n<p>Bouncing <code>fly-proxy</code> clears the problem up on an affected proxy. But this wouldn’t be much of an interesting story if the problem didn’t later come back. So, for some number of hours, we’re in an annoying steady-state of getting paged and bouncing proxies. </p>\n\n<p>While this is happening, Pavel, on our proxy team, pulls a profile from an angry proxy. \n<img alt=\"A flamegraph profile, described better in the prose anyways.\" src=\"/blog/taming-rust-proxy/assets/proxy-profile.jpg\" />\nSo, this is fuckin’ weird: a huge chunk of the profile is dominated by Rust <code>tracing</code>‘s <code>Subscriber</code>. But that doesn’t make sense. The entire point of Rust <code>tracing</code>, which generates fine-grained span records for program activity, is that <code>entering</code> and <code>exiting</code> a span is very, very fast. </p>\n\n<p>If the mere act of <code>entering</code> a span in a Tokio stack is chewing up a significant amount of CPU, something has gone haywire: the actual code being traced must be doing next to nothing.</p>\n<h2 id='a-quick-refresher-on-async-rust' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#a-quick-refresher-on-async-rust' aria-label='Anchor'></a><span class='plain-code'>A Quick Refresher On Async Rust</span></h2>\n<p>So in Rust, like a lot of <code>async/await</code> languages, you’ve got <code>Futures</code>. A <code>Future</code> is a type that represents the future value of an asychronous computation, like reading from a socket. <code>Futures</code> are state machines, and they’re lazy: they expose one basic operation, <code>poll</code>, which an executor (like Tokio) calls to advance the state machine. That <code>poll</code> returns whether the <code>Future</code> is still <code>Pending</code>, or <code>Ready</code> with a result.</p>\n\n<p>In theory, you could build an executor that drove a bunch of <code>Futures</code> just by storing them in a list and busypolling each of them, round robin, until they return <code>Ready</code>. This executor would defeat the much of the purpose of asynchronous program, so no real executor works that way.</p>\n\n<p>Instead, a runtime like Tokio integrates <code>Futures</code> with an event loop (on <a href='https://man7.org/linux/man-pages/man7/epoll.7.html' title=''>epoll</a> or <a href='https://en.wikipedia.org/wiki/Kqueue' title=''>kqeue</a>) and, when calling <code>poll</code>, passes a <code>Waker</code>. The <code>Waker</code> is an abstract handle that allows the <code>Future</code> to instruct the Tokio runtime to call <code>poll</code>, because something has happened.</p>\n\n<p>To complicate things: an ordinary <code>Future</code> is a one-shot value. Once it’s <code>Ready</code>, it can’t be <code>polled</code> anymore. But with network programming, that’s usually not what you want: data usually arrives in streams, which you want to track and make progress on as you can. So async Rust provides <code>AsyncRead</code> and <code>AsyncWrite</code> traits, which build on <code>Futures</code>, and provide methods like <code>poll_read</code> that return <code>Ready</code> <em>every time</em> there’s data ready. </p>\n\n<p>So far so good? OK. Now, there are two footguns in this design. </p>\n\n<p>The first footgun is that a <code>poll</code> of a <code>Future</code> that isn’t <code>Ready</code> wastes cycles, and, if you have a bug in your code and that <code>Pending</code> poll happens to trip a <code>Waker</code>, you’ll slip into an infinite loop. That’s easy to see.</p>\n\n<p>The second and more insidious footgun is that an <code>AsyncRead</code> can <code>poll_read</code> to a <code>Ready</code> that doesn’t actually progress its underlying state machine. Since the idea of <code>AsyncRead</code> is that you keep <code>poll_reading</code> until it stops being <code>Ready</code>, this too is an infinite loop.</p>\n\n<p>When we look at our profiles, what we see are samples that almost terminate in libc, but spend next to no time in the kernel doing actual I/O. The obvious explanation: we’ve entered lots of <code>poll</code> functions, but they’re doing almost nothing and returning immediately.</p>\n<h2 id='jaccuse' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#jaccuse' aria-label='Anchor'></a><span class='plain-code'>J'accuse!</span></h2>\n<p>Wakeup issues are annoying to debug. But the flamegraph gives us the fully qualified type of the <code>Future</code> we’re polling:</p>\n<div class=\"highlight-wrapper group relative rust\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-mhjra6vu\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-mhjra6vu\"><span class=\"o\">&</span><span class=\"k\">mut</span> <span class=\"nn\">fp_io</span><span class=\"p\">::</span><span class=\"nn\">copy</span><span class=\"p\">::</span><span class=\"n\">Duplex</span><span class=\"o\"><&</span><span class=\"k\">mut</span> <span class=\"nn\">fp_io</span><span class=\"p\">::</span><span class=\"nn\">reusable_reader</span><span class=\"p\">::</span><span class=\"n\">ReusableReader</span><span class=\"o\"><</span><span class=\"nn\">fp_tcp</span><span class=\"p\">::</span><span class=\"nn\">peek</span><span class=\"p\">::</span><span class=\"n\">PeekableReader</span><span class=\"o\"><</span><span class=\"nn\">tokio_rustls</span><span class=\"p\">::</span><span class=\"nn\">server</span><span class=\"p\">::</span><span class=\"n\">TlsStream</span><span class=\"o\"><</span><span class=\"nn\">fp_tcp_metered</span><span class=\"p\">::</span><span class=\"n\">MeteredIo</span><span class=\"o\"><</span><span class=\"nn\">fp_tcp</span><span class=\"p\">::</span><span class=\"nn\">peek</span><span class=\"p\">::</span><span class=\"n\">PeekableReader</span><span class=\"o\"><</span><span class=\"nn\">fp_tcp</span><span class=\"p\">::</span><span class=\"nn\">permitted</span><span class=\"p\">::</span><span class=\"n\">PermittedTcpStream</span><span class=\"o\">>>>>></span><span class=\"p\">,</span> <span class=\"nn\">connect</span><span class=\"p\">::</span><span class=\"nn\">conn</span><span class=\"p\">::</span><span class=\"n\">Conn</span><span class=\"o\"><</span><span class=\"nn\">tokio</span><span class=\"p\">::</span><span class=\"nn\">net</span><span class=\"p\">::</span><span class=\"nn\">tcp</span><span class=\"p\">::</span><span class=\"nn\">stream</span><span class=\"p\">::</span><span class=\"n\">TcpStream</span><span class=\"o\">></span>\n</code></pre>\n </div>\n</div>\n<p>This loops like a lot, but much of it is just wrapper types we wrote ourselves, and those wrappers don’t do anything interesting. What’s left to audit:</p>\n\n<ul>\n<li><code>Duplex</code>, the outermost type, one of ours, <em>and</em>\n</li><li><code>TlsStream</code>, from <a href='https://github.com/rustls/rustls' title=''>Rustls</a>.\n</li></ul>\n\n<p><code>Duplex</code> is a beast. It’s the core I/O state machine for proxying between connections. It’s not easy to reason about in specificity. But: it also doesn’t do anything directly with a <code>Waker</code>; it’s built around <code>AsyncRead</code> and <code>AsyncWrite</code>. It hasn’t changed recently and we can’t trigger misbehavior in it.</p>\n\n<p>That leaves <code>TlsStream</code>. <code>TlsStream</code> is an ultra-important, load-bearing function in the Rust ecosystem. Everybody uses it. Could it harbor an async Rust footgun? Turns out, it did!</p>\n\n<p>Unlike our <code>Duplex</code>, Rustls actually does have to get intimate with the underlying async executor. And, looking through the repository, Pavel uncovers <a href='https://github.com/rustls/tokio-rustls/issues/72' title=''>this issue</a>: sometimes, <code>TlsStreams</code> in Rustls just spin out. And it turns out, what’s causing this is a TLS state machine bug: when a TLS session is orderly-closed, with a <code>CloseNotify</code> <code>Alert</code> record, the sender of that record has informed its counterparty that no further data will be sent. But if there’s still buffered data on the underlying connection, <code>TlsStream</code> mishandles its <code>Waker</code>, and we fall into a busy-loop.</p>\n\n<p><a href='https://github.com/rustls/rustls/pull/1950/files' title=''>Pretty straightforward fix</a>!</p>\n<h2 id='what-actually-happened-to-us' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#what-actually-happened-to-us' aria-label='Anchor'></a><span class='plain-code'>What Actually Happened To Us</span></h2>\n<p>Our partners in object storage, <a href='https://www.tigrisdata.com/' title=''>Tigris Data</a>, were conducting some kind of load testing exercise. Some aspect of their testing system triggered the <code>TlsStream</code> state machine bug, which locked up one or more <code>TlsStreams</code> in the edge proxy handling whatever corner-casey stream they were sending.</p>\n\n<p>Tigris wasn’t generating a whole lot of traffic; tens of thousands of connections, tops. But all of them sent small HTTP bodies and then terminated early. We figured some of those connections errored out, and set up the “TLS CloseNotify happened before EOF” scenario. </p>\n\n<p>To be truer to the chronology, we knew pretty early on in our investigation that something Tigris was doing with their load testing was probably triggering the bug, and we got them to stop. After we worked it out, and Pavel deployed the fix, we told them to resume testing. No spin-outs.</p>\n<h2 id='lessons-learned' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#lessons-learned' aria-label='Anchor'></a><span class='plain-code'>Lessons Learned</span></h2>\n<p>Keep your dependencies updated. Unless you shouldn’t keep your dependencies updated. I mean, if there’s a vulnerability (and, technically, this was a DoS vulnerability), always update. And if there’s an important bugfix, update. But if there isn’t an important bugfix, updating for the hell of it might also destabilize your project? So update maybe? Most of the time?</p>\n\n<p>Really, the truth of this is that keeping track of <em>what needs to be updated</em> is valuable work. The updates themselves are pretty fast and simple, but the process and testing infrastructure to confidently metabolize dependency updates is not. </p>\n\n<p>Our other lesson here is that there’s an opportunity to spot these kinds of bugs more directly with our instrumentation. Spurious wakeups should be easy to spot, and triggering a metric when they happen should be cheap, because they’re not supposed to happen often. So that’s something we’ll go do now.</p>",
"image": {
"url": "https://fly.io/blog/taming-rust-proxy/assets/happy-crab-cover.jpg",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/wrong-about-gpu/",
"title": "We Were Wrong About GPUs",
"description": null,
"url": "https://fly.io/blog/wrong-about-gpu/",
"published": "2025-02-14T00:00:00.000Z",
"updated": "2025-02-14T23:25:21.000Z",
"content": "<div class=\"lead\"><p>We’re building a public cloud, on hardware we own. We raised money to do that, and to place some bets; one of them: GPU-enabling our customers. A progress report: GPUs aren’t going anywhere, but: GPUs aren’t going anywhere.</p>\n</div>\n<p>A couple years back, <a href=\"https://fly.io/gpu\">we put a bunch of chips down</a> on the bet that people shipping apps to users on the Internet would want GPUs, so they could do AI/ML inference tasks. To make that happen, we created <a href=\"https://fly.io/docs/gpus/getting-started-gpus/\">Fly GPU Machines</a>.</p>\n\n<p>A Fly Machine is a <a href=\"https://fly.io/blog/docker-without-docker/\">Docker/OCI container</a> running inside a hardware-virtualized virtual machine somewhere on our global fleet of bare-metal worker servers. A GPU Machine is a Fly Machine with a hardware-mapped Nvidia GPU. It’s a Fly Machine that can do fast CUDA.</p>\n\n<p>Like everybody else in our industry, we were right about the importance of AI/ML. If anything, we underestimated its importance. But the product we came up with probably doesn’t fit the moment. It’s a bet that doesn’t feel like it’s paying off.</p>\n\n<p><strong class='font-semibold text-navy-950'>If you’re using Fly GPU Machines, don’t freak out; we’re not getting rid of them.</strong> But if you’re waiting for us to do something bigger with them, a v2 of the product, you’ll probably be waiting awhile.</p>\n<h3 id='what-it-took' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#what-it-took' aria-label='Anchor'></a><span class='plain-code'>What It Took</span></h3>\n<p>GPU Machines were not a small project for us. Fly Machines run on an idiosyncratically small hypervisor (normally Firecracker, but for GPU Machines <a href=\"https://github.com/cloud-hypervisor/cloud-hypervisor\">Intel’s Cloud Hypervisor</a>, a very similar Rust codebase that supports PCI passthrough). The Nvidia ecosystem is not geared to supporting micro-VM hypervisors.</p>\n\n<p>GPUs <a href=\"https://googleprojectzero.blogspot.com/2020/09/attacking-qualcomm-adreno-gpu.html\">terrified our security team</a>. A GPU is just about the worst case hardware peripheral: intense multi-directional direct memory transfers</p>\n<div class=\"right-sidenote\"><p>(not even bidirectional: in common configurations, GPUs talk to each other)</p>\n</div>\n<p>with arbitrary, end-user controlled computation, all operating outside our normal security boundary.</p>\n\n<p>We did a couple expensive things to mitigate the risk. We shipped GPUs on dedicated server hardware, so that GPU- and non-GPU workloads weren’t mixed. Because of that, the only reason for a Fly Machine to be scheduled on a GPU machine was that it needed a PCI BDF for an Nvidia GPU, and there’s a limited number of those available on any box. Those GPU servers were drastically less utilized and thus less cost-effective than our ordinary servers.</p>\n\n<p>We funded two very large security assessments, from <a href=\"https://www.atredis.com/\">Atredis</a> and <a href=\"https://tetrelsec.com/\">Tetrel</a>, to evaluate our GPU deployment. Matt Braun is writing up those assessments now. They were not cheap, and they took time.</p>\n\n<p>Security wasn’t directly the biggest cost we had to deal with, but it was an indirect cause for a subtle reason.</p>\n\n<p>We could have shipped GPUs very quickly by doing what Nvidia recommended: standing up a standard K8s cluster to schedule GPU jobs on. Had we taken that path, and let our GPU users share a single Linux kernel, we’d have been on Nvidia’s driver happy-path.</p>\n\n<p>Alternatively, we could have used a conventional hypervisor. Nvidia suggested VMware (heh). But they could have gotten things working had we used QEMU. We like QEMU fine, and could have talked ourselves into a security story for it, but the whole point of Fly Machines is that they take milliseconds to start. We could not have offered our desired Developer Experience on the Nvidia happy-path.</p>\n\n<p>Instead, we burned months trying (and ultimately failing) to get Nvidia’s host drivers working to map <a href=\"https://www.nvidia.com/en-us/data-center/virtual-solutions/\">virtualized GPUs</a> into Intel Cloud Hypervisor. At one point, we hex-edited the closed-source drivers to trick them into thinking our hypervisor was QEMU.</p>\n\n<p>I’m not sure any of this really mattered in the end. There’s a segment of the market we weren’t ever really able to explore because Nvidia’s driver support kept us from thin-slicing GPUs. We’d have been able to put together a really cheap offering for developers if we hadn’t run up against that, and developers love “cheap”, but I can’t prove that those customers are real.</p>\n\n<p>On the other hand, we’re committed to delivering the Fly Machine DX for GPU workloads. Beyond the PCI/IOMMU drama, just getting an entire hardware GPU working in a Fly Machine was a lift. We needed Fly Machines that would come up with the right Nvidia drivers; our stack was built assuming that the customer’s OCI container almost entirely defined the root filesystem for a Machine. We had to engineer around that in our <code>flyd</code> orchestrator. And almost everything people want to do with GPUs involves efficiently grabbing huge files full of model weights. Also annoying!</p>\n\n<p>And, of course, we bought GPUs. A lot of GPUs. Expensive GPUs.</p>\n<h3 id='why-it-isnt-working' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#why-it-isnt-working' aria-label='Anchor'></a><span class='plain-code'>Why It Isn’t Working</span></h3>\n<p>The biggest problem: developers don’t want GPUs. They don’t even want AI/ML models. They want LLMs. <em>System engineers</em> may have smart, fussy opinions on how to get their models loaded with CUDA, and what the best GPU is. But <em>software developers</em> don’t care about any of that. When a software developer shipping an app comes looking for a way for their app to deliver prompts to an LLM, you can’t just give them a GPU.</p>\n\n<p>For those developers, who probably make up most of the market, it doesn’t seem plausible for an insurgent public cloud to compete with OpenAI and Anthropic. Their APIs are fast enough, and developers thinking about performance in terms of “tokens per second” aren’t counting milliseconds.</p>\n<div class=\"right-sidenote\"><p>(you should all feel sympathy for us)</p>\n</div>\n<p>This makes us sad because we really like the point in the solution space we found. Developers shipping apps on Amazon will outsource to other public clouds to get cost-effective access to GPUs. But then they’ll faceplant trying to handle data and model weights, backhauling gigabytes (at significant expense) from S3. We have app servers, GPUs, and object storage all under the same top-of-rack switch. But inference latency just doesn’t seem to matter yet, so the market doesn’t care.</p>\n\n<p>Past that, and just considering the system engineers who do care about GPUs rather than LLMs: the hardware product/market fit here is really rough.</p>\n\n<p>People doing serious AI work want galactically huge amounts of GPU compute. A whole enterprise A100 is a compromise position for them; they want an SXM cluster of H100s.</p>\n<div class=\"right-sidenote\"><p>Near as we can tell, MIG gives you a UUID to talk to the host driver, not a PCI device.</p>\n</div>\n<p>We think there’s probably a market for users doing lightweight ML work getting tiny GPUs. <a href=\"https://www.nvidia.com/en-us/technologies/multi-instance-gpu/\">This is what Nvidia MIG does</a>, slicing a big GPU into arbitrarily small virtual GPUs. But for fully-virtualized workloads, it’s not baked; we can’t use it. And I’m not sure how many of those customers there are, or whether we’d get the density of customers per server that we need.</p>\n\n<p><a href=\"https://fly.io/blog/cutting-prices-for-l40s-gpus-in-half\">That leaves the L40S customers</a>. There are a bunch of these! We dropped L40S prices last year, not because we were sour on GPUs but because they’re the one part we have in our inventory people seem to get a lot of use out of. We’re happy with them. But they’re just another kind of compute that some apps need; they’re not a driver of our core business. They’re not the GPU bet paying off.</p>\n\n<p>Really, all of this is just a long way of saying that for most software developers, “AI-enabling” their app is best done with API calls to things like Claude and GPT, Replicate and RunPod.</p>\n<h3 id='what-did-we-learn' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#what-did-we-learn' aria-label='Anchor'></a><span class='plain-code'>What Did We Learn?</span></h3>\n<p>A very useful way to look at a startup is that it’s a race to learn stuff. So, what’s our report card?</p>\n\n<p>First off, when we embarked down this path in 2022, we were (like many other companies) operating in a sort of phlogiston era of AI/ML. The industry attention to AI had not yet collapsed around a small number of foundational LLM models. We expected there to be a diversity of <em>mainstream</em> models, the world <a href='https://github.com/elixir-nx/bumblebee' title=''>Elixir Bumblebee</a> looks forward to, where people pull different AI workloads off the shelf the same way they do Ruby gems.</p>\n\n<p>But <a href='https://www.cursor.com/' title=''>Cursor happened</a>, and, as they say, how are you going to keep ‘em down on the farm once they’ve seen Karl Hungus? It seems much clearer where things are heading.</p>\n\n<p>GPUs were a test of a Fly.io company credo: as we think about core features, we design for 10,000 developers, not for 5-6. It took a minute, but the credo wins here: GPU workloads for the 10,001st developer are a niche thing.</p>\n\n<p>Another way to look at a startup is as a series of bets. We put a lot of chips down here. But the buy-in for this tournament gave us a lot of chips to play with. Never making a big bet of any sort isn’t a winning strategy. I’d rather we’d flopped the nut straight, but I think going in on this hand was the right call.</p>\n\n<p>A really important thing to keep in mind here, and something I think a lot of startup thinkers sleep on, is the extent to which this bet involved acquiring assets. Obviously, some of our <a href='https://fly.io/blog/the-exit-interview-jp/' title=''>costs here aren’t recoverable</a>. But the hardware parts that aren’t generating revenue will ultimately get liquidated; like with <a href='https://fly.io/blog/32-bit-real-estate/' title=''>our portfolio of IPv4 addresses</a>, I’m even more comfortable making bets backed by tradable assets with durable value.</p>\n\n<p>In the end, I don’t think GPU Fly Machines were going to be a hit for us no matter what we did. Because of that, one thing I’m very happy about is that we didn’t compromise the rest of the product for them. Security concerns slowed us down to where we probably learned what we needed to learn a couple months later than we could have otherwise, but we’re scaling back our GPU ambitions without having sacrificed <a href='https://fly.io/blog/sandboxing-and-workload-isolation/' title=''>any of our isolation story</a>, and, ironically, GPUs <em>other people run</em> are making that story a lot more important. The same thing goes for our Fly Machine developer experience.</p>\n\n<p>We started this company building a Javascript runtime for edge computing. We learned that our customers didn’t want a new Javascript runtime; they just wanted their native code to work. <a href='https://news.ycombinator.com/item?id=22616857' title=''>We shipped containers</a>, and no convincing was needed. We were wrong about Javascript edge functions, and I think we were wrong about GPUs. That’s usually how we figure out the right answers: by being wrong about a lot of stuff.</p>",
"image": {
"url": "https://fly.io/blog/wrong-about-gpu/assets/choices-choices-cover.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/the-exit-interview-jp/",
"title": "The Exit Interview: JP Phillips",
"description": null,
"url": "https://fly.io/blog/the-exit-interview-jp/",
"published": "2025-02-12T00:00:00.000Z",
"updated": "2025-02-14T21:30:41.000Z",
"content": "<div class=\"lead\"><p>JP Phillips is off to greener, or at least calmer, pastures. He joined us 4 years ago to build the next generation of our orchestration system, and has been one of the anchors of our engineering team. His last day is today. We wanted to know what he was thinking, and figured you might too.</p>\n</div>\n<p><em>Question 1: Why, JP? Just why?</em></p>\n\n<p>LOL. When I looked at what I wanted to see from here in the next 3-4 years, it didn’t really match up with where we’re currently heading. Specifically, with our new focus on MPG <em>[Managed Postgres]</em> and [llm] <em>[llm].</em></p>\n<div class=\"callout\"><p>Editorial comment: Even I don’t know what [llm] is.</p>\n</div>\n<p>The Fly Machines platform is more or less finished, in the sense of being capable of supporting the next iteration of our products. My original desire to join Fly.io was to make Machines a product that would <a href='https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/' title=''>rid us of HashiCorp Nomad</a>, and I feel like that’s been accomplished.</p>\n\n<p><em>Where were you hoping to see us headed?</em></p>\n\n<p>More directly positioned as a cloud provider, rather than a platform-as-a-service; further along the customer journey from “developers” and “startups” to large established companies.</p>\n\n<p>And, it’s not that I disagree with PAAS work or MPG! Rather, it’s not something that excites me in a way that I’d feel challenged and could continue to grow technically.</p>\n\n<p><em>Follow up question: does your family know what you’re doing here? Doing to us? Are they OK with it?</em></p>\n\n<p>Yes, my family was very involved in the decision, before I even talked to other companies.</p>\n\n<p><em>What’s the thing you’re happiest about having built here? It cannot be “all of <code>flyd</code>”.</em></p>\n\n<p>We’ve enabled developers to run workloads from an OCI image and an API call all over the world. On any other cloud provider, the knowledge of how to pull that off comes with a professional certification.</p>\n\n<p><em>In what file in our <code>nomad-firecracker</code> repository would I find that code?</em></p>\n\n<p><a href='https://docs.machines.dev/#tag/machines/post/apps/{app_name}/machines' title=''>https://docs.machines.dev/#tag/machines/post/apps/{app_name}/machines</a></p>\n\n<p><img alt=\"A diagram that doesn't make any of this clearer\" src=\"/blog/the-exit-interview-jp/assets/flaps.png?1/2¢er\" /></p>\n\n<p><em>So you mean, literally, the whole Fly Machines API, and <code>flaps</code>, the API gateway for Fly Machines?</em></p>\n\n<p>Yes, all of it. The <code>flaps</code> API server, the <code>flyd</code> RPCs it calls, the <code>flyd</code> finite state machine system, the interface to running VMs.</p>\n\n<p><em>Is there something you especially like about that design?</em></p>\n\n<p>I like that it for the most part doesn’t require any central coordination. And I like that the P90 for Fly Machine <code>create</code> calls is sub-5-seconds for pretty much every region except for Johannesburg and Hong Kong.</p>\n\n<p>I think the FSM design is something I’m proud of; if I could take any code with me, it’d be the <code>internal/fsm</code> in the <code>nomad-firecracker</code> repo.</p>\n<div class=\"callout\"><p>You can read more about <a href=\"https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/\" title=\"\">the <code>flyd</code> orchestrator JP led over here</a>. But, a quick decoder ring: <code>flyd</code> runs independently without any central coordination on thousands of “worker” servers around the globe. It’s structured as an API server for a bunch of finite state machine invocations, where an FSM might be something like “start a Fly Machine” or “create a new Fly Machine” or “cordon off a Fly Machine so we can update it”. Each FSM invocation is comprised of a bunch of steps, each of those steps has callbacks into the <code>flyd</code> code, and each step is logged in <a href=\"https://github.com/boltdb/bolt\" title=\"\">a BoltDB database</a>.</p>\n</div>\n<p><em>Thinking back, there are like two archetypes of insanely talented developers I’ve worked with. One is the kind that belts out ridiculous amounts of relatively sophisticated code on a whim, at like 3AM. Jerome [who leads our fly-proxy team], is that type. The other comes to projects with what feels like fully-formed, coherent designs that are not super intuitive, and the whole project just falls together around that design. Did you know you were going to do the FSM log thing when you started <code>flyd</code>?</em></p>\n\n<p>I definitely didn’t have any specific design in mind when I started on <code>flyd</code>. I think the FSM stuff is a result of work I did at Compose.io / MongoHQ (where it was called “recipes”/“operations”) and the workd I did at HashiCorp using Cadence.</p>\n\n<p>Once I understood what the product needed to do and look like, having a way to perform deterministic and durable execution felt like a good design.</p>\n\n<p><em>Cadence?</em></p>\n\n<p><a href='https://cadenceworkflow.io/' title=''>Cadence</a> is the child of AWS Step Functions and the predecessor to <a href='https://temporal.io/' title=''>Temporal</a> (the company).</p>\n\n<p>One of the biggest gains, with how it works in <code>flyd</code>, is knowing we would need to deploy <code>flyd</code> all day, every day. If <code>flyd</code> was in the middle of doing some work, it needed to pick back up right where it left off, post-deploy.</p>\n\n<p><em>OK, next question. What’s the most impressive thing you saw someone else build here? To make things simpler and take some pressure off the interview, we can exclude any of my works from consideration.</em></p>\n\n<p>Probably <a href='https://github.com/superfly/corrosion' title=''><code>corrosion2</code></a>.</p>\n<div class=\"callout\"><p>Sidebar: <code>corrosion2</code> is our state distribution system. While <code>flyd</code> runs individual Fly Machines for users, each instance is solely responsible for its own state; there’s no global scheduler. But we have platform components, most obviously <code>fly-proxy</code>, our Anycast router, that need to know what’s running where. <code>corrosion2</code> is a Rust service that does <a href=\"https://fly.io/blog/building-clusters-with-serf/\" title=\"\">SWIM gossip</a> to propagate information from each worker into a CRDT-structured SQLite database. <code>corrosion2</code> essentially means any component on our fleet can do SQLite queries to get near-real-time information about any Fly Machine around the world.</p>\n</div>\n<p>If for no other reason than that we deployed <code>corrosion</code>, learned from it, and were able to make significant and valuable improvements — and then migrate to the new system in a short period of time.</p>\n\n<p>Having a “just SQLite” interface, for async replicated changes around the world in seconds, it’s pretty powerful.</p>\n\n<p>If we invested in <a href='https://antithesis.com/' title=''>Anthesis</a> or TLA+ testing, I think there’s <a href='https://github.com/superfly/corrosion' title=''>potential for other companies</a> to get value out of <code>corrosion2</code>.</p>\n\n<p><em>Just as a general-purpose gossip-based SQLite CRDT gossip system?</em></p>\n\n<p>Yes.</p>\n\n<p><em>OK, you’re being too nice. What’s your least favorite thing about the platform?</em></p>\n\n<p>GraphQL. No, Elixir. It’s a tie between GraphQL and Elixir.</p>\n\n<p>But probably GraphQL, by a hair.</p>\n\n<p><em>That’s not the answer I expected.</em></p>\n\n<p>GraphQL slows everyone down, and everything. Elixir only slows me down.</p>\n\n<p><em>The rest of the platform, you’re fine with? No complaints?</em></p>\n\n<p>I’m happier now that we have <code>pilot</code>.</p>\n<div class=\"callout\"><p><code>pilot</code> is our new <code>init</code>. When we launch a Fly Machine, <code>init</code> is our foothold in the machine; this is unlike a normal OCI runtime, where “pid 1” is often the user’s entrypoint program. Our original <code>init</code> was so simple people dunked on it and said it might as well have been a bash script; over time, <code>init</code> has sprouted a bunch of new features. <code>pilot</code> consolidates those features, and, more importantly, is itself a complete OCI runtime; <code>pilot</code> can natively run containers inside of Fly Machines.</p>\n</div>\n<p>Before <code>pilot</code>, there really wasn’t any contract between <code>flyd</code> and <code>init</code>. And <code>init</code> was just “whatever we wanted <code>init</code> to be”. That limit its ability to serve us.</p>\n\n<p>Having <code>pilot</code> be an OCI-compliant runtime with an API for <code>flyd</code> to drive is a big win for the future of the Fly Machines API.</p>\n\n<p><em>Was I right that we should have used SQLite for <code>flyd</code>, or were you wrong to have used BoltDB?</em></p>\n\n<p>I still believe Bolt was the right choice. I’ve never lost a second of sleep worried that someone is about to run a SQL update statement on a host, or across the whole fleet, and then mangled all our state data. And limiting the storage interface, by not using SQL, kept <code>flyd</code>‘s scope managed.</p>\n\n<p>On the engine side of the platform, which is what <code>flyd</code> is, I still believe SQL is too powerful for what <code>flyd</code> does.</p>\n\n<p><em>If you had this to do over again, would Bolt be precisely what you’d pick, or is there something else you’d want to try? Some cool-ass new KV store?</em></p>\n\n<p>Nah. But, I’d maybe consider a SQLite database per-Fly-Machine. Then the scope of danger is about as small as it could possibly be.</p>\n\n<p><em>Whoah, that’s an interesting thought. People sleep on the “keep a zillion little SQLites” design.</em></p>\n\n<p>Yeah, with per-Machine SQLite, once a Fly Machine is destroyed, we can just zip up the database and stash it in object storage. The biggest hold-up I have about it is how we’d manage the schemas.</p>\n\n<p><em>OpenTelemetry: were you right all along?</em></p>\n\n<p>One hundred percent.</p>\n\n<p><em>I basically attribute oTel at Fly.io to you.</em></p>\n\n<p>Without oTel, it’d be a disaster trying to troubleshoot the system. I’d have ragequit trying.</p>\n\n<p><em>I remember there being a cost issue, with how much Honeycomb was going to end up charging us to manage all the data. But that seems silly in retrospect.</em></p>\n\n<p>For sure. It is 100% part of the decision and the conversation. But: we didn’t have the best track record running a logs/metrics cluster at this fidelity. It was worth the money to pay someone else to manage tracing data.</p>\n\n<p><em>Strong agree. I think my only issue is just the extent to which it cruds up code. But I need to get over that.</em></p>\n\n<p>Yes, it’s very explicit. I think the next big part of oTel is going to be auto-instrumentation, for profiling.</p>\n\n<p><em>You’re a veteran Golang programmer. Say 3 nice things about Rust.</em></p>\n<div class=\"callout\"><p>Most of our backend is in Go, but <code>fly-proxy</code>, <code>corrosion2</code>, and <code>pilot</code> are in Rust.</p>\n</div>\n<ol>\n<li>Option. \n</li><li>Match.\n</li><li>Serde macros.\n</li></ol>\n\n<p><em>Even I can’t say shit about Option and match.</em></p>\n\n<p>Match is so much better than anything in Go.</p>\n\n<p><em>Elixir, Go, and Rust. An honest take on that programming cocktail.</em></p>\n\n<p>Three’s a crowd, Elixir can stay home.</p>\n\n<p><em>If you could only lose one, you’d keep Rust.</em></p>\n\n<p>I’ve learned its shortcomings and the productivity far outweighs having to deal with the Rust compiler.</p>\n\n<p><em>You’d be unhappy if we moved the <code>flaps</code> API code from Go to Elixir.</em></p>\n\n<p>Correct.</p>\n\n<p><em>I kind of buy the idea of doing orchestration and scheduling code, which is policy-intensive, in a higher-level language.</em></p>\n\n<p>Maybe. If Ruby had a better concurrency story, I don’t think Elixir would have a place for us.</p>\n<div class=\"callout\"><p>Here I need to note that Ruby is functionally dead here, and Elixir is ascendant.</p>\n</div>\n<p><em>We have an idiosyncratic management structure. We’re bottom-up, but ambiguously so. We don’t have roadmaps, except when we do. We have minimal top-down technical direction. Critique.</em></p>\n\n<p>It’s too easy to lose sight of whether your current focus [in what you’re building] is valuable to the company.</p>\n\n<p><em>The first thing I warn every candidate about on our “do-not-work-here” calls.</em></p>\n\n<p>I think it comes down to execution, and accountability to actually finish projects. I spun a lot trying to figure out what would be the most valuable work for Fly Machines.</p>\n\n<p><em>You don’t have to be so nice about things.</em></p>\n\n<p>We struggle a lot with consistent communication. We change direction a little too often. It got to a point where I didn’t see a point in devoting time and effort into projects, because I’d not be able to show enough value quick enough.</p>\n\n<p><em>I see things paying off later than we’d hoped or expected they would. Our secret storage system, Pet Semetary, is a good example of this. Our K8s service, FKS, is another obvious one, since we’re shipping MPG on it.</em></p>\n\n<p><em>This is your second time working Kurt, at a company where he’s the CEO. Give him a 1-4 star rating. He can take it! At least, I think he can take it.</em></p>\n\n<p>2022: ★★★★</p>\n\n<p>2023: ★★</p>\n\n<p>2024: ★★✩</p>\n\n<p>2025: ★★★✩</p>\n\n<p>On a four-star scale.</p>\n\n<p><em>Whoah. I did not expect a histogram. Say more about 2023!</em></p>\n\n<p>We hired too many people, too quickly, and didn’t have the guardrails and structure in place for everybody to be successful.</p>\n\n<p><em>Also: GPUs!</em></p>\n\n<p>Yes. That was my next comment.</p>\n\n<p><em>Do we secretly agree about GPUs?</em></p>\n\n<p>I think so.</p>\n\n<p><em>Our side won the argument in the end! But at what cost?</em></p>\n\n<p>They were a killer distraction.</p>\n\n<p><em>Final question: how long will you remain in the first-responder on-call rotation after you leave? I assume at least until August. I have a shift this weekend; can you swap with me? I keep getting weekends.</em></p>\n\n<p>I am going to be asleep all weekend if any of my previous job changes are indicative.</p>\n\n<p><em>I sleep through on-call too! But nobody can yell at you for it now. I think you have the comparative advantage over me in on-calling.</em></p>\n\n<p>Yes I will absolutely take all your future on-call shifts, you have convinced me.</p>\n\n<p><em>All this aside: it has been a privilege watching you work. I hope your next gig is 100x more relaxing than this was. Or maybe I just hope that for myself. Except: I’ll never escape this place. Thank you so much for doing this.</em></p>\n\n<p>Thank you! I’m forever grateful for having the opportunity to be a part of Fly.io.</p>",
"image": {
"url": "https://fly.io/blog/the-exit-interview-jp/assets/bye-bye-little-sebastian-cover.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/semgrep-but-for-real-now/",
"title": "Did Semgrep Just Get A Lot More Interesting?",
"description": null,
"url": "https://fly.io/blog/semgrep-but-for-real-now/",
"published": "2025-02-10T00:00:00.000Z",
"updated": "2025-02-14T21:30:41.000Z",
"content": "<div class=\"right-sidenote\"><p>This whole paragraph is just one long sentence. God I love <a href=\"https://fly.io/blog/a-blog-if-kept/\" title=\"\">just random-ass blogging</a> again.</p>\n</div>\n<p><a href='https://ghuntley.com/stdlib/' title=''>This bit by Geoffrey Huntley</a> is super interesting to me and, despite calling out that LLM-driven development agents like Cursor have something like a 40% success rate at actually building anything that passes acceptance criteria, makes me think that more of the future of our field belongs to people who figure out how to use this weird bags of model weights than any of us are comfortable with. </p>\n\n<p>I’ve been dinking around with Cursor for a week now (if you haven’t, I think it’s something close to malpractice not to at least take it — or something like it — for a spin) and am just now from this post learning that Cursor has this <a href='https://docs.cursor.com/context/rules-for-ai' title=''>rules feature</a>. </p>\n\n<p>The important thing for me is not how Cursor rules work, but rather how Huntley uses them. He turns them back on themselves, writing rules to tell Cursor how to organize the rules, and then teach Cursor how to write (under human supervision) its own rules.</p>\n\n<p>Cursor kept trying to get Huntley to use Bazel as a build system. So he had cursor write a rule for itself: “no bazel”. And there was no more Bazel. If I’d known I could do this, I probably wouldn’t have bounced from the Elixir project I had Cursor doing, where trying to get it to write simple unit tests got it all tangled up trying to make <a href='https://hexdocs.pm/mox/Mox.html' title=''>Mox</a> work. </p>\n\n<p>But I’m burying the lead. </p>\n\n<p>Security people have been for several years now somewhat in love with a tool called <a href='https://github.com/semgrep/semgrep' title=''>Semgrep</a>. Semgrep is a semantics-aware code search tool; using symbolic variable placeholders and otherwise ordinary code, you can write rules to match pretty much arbitary expressions and control flow. </p>\n\n<p>If you’re an appsec person, where you obviously go with this is: you build a library of Semgrep searches for well-known vulnerability patterns (or, if you’re like us at Fly.io, you work out how to get Semgrep to catch the Rust concurrency footgun of RWLocks inside if-lets).</p>\n\n<p>The reality for most teams though is “ain’t nobody got time for that”. </p>\n\n<p>But I just checked and, unsurprisingly, 4o <a href='https://chatgpt.com/share/67aa94a7-ea3c-8012-845c-6c9491b33fe4' title=''>seems to do reasonably well</a> at generating Semgrep rules? Like: I have no idea if this rule is actually any good. But it looks like a Semgrep rule?</p>\n\n<p>What interests me is this: it seems obvious that we’re going to do more and more “closed-loop” LLM agent code generation stuff. By “closed loop”, I mean that the thingy that generates code is going to get to run the code and watch what happens when it’s interacted with. You’re just a small bit of glue code and a lot of system prompting away from building something like that right now: <a href='https://x.com/chris_mccord/status/1882839014845374683' title=''>Chris McCord is building</a> a thingy that generates whole Elixir/Phoenix apps and runs them as Fly Machines. When you deploy these kinds of things, the LLM gets to see the errors when the code is run, and it can just go fix them. It also gets to see errors and exceptions in the logs when you hit a page on the app, and it can just go fix them.</p>\n\n<p>With a bit more system prompting, you can get an LLM to try to generalize out from exceptions it fixes and generate unit test coverage for them. </p>\n\n<p>With a little bit more system prompting, you can probably get an LLM to (1) generate a Semgrep rule for the generalized bug it caught, (2) test the Semgrep rule with a positive/negative control, (3) save the rule, (4) test the whole codebase with Semgrep for that rule, and (5) fix anything it finds that way. </p>\n\n<p>That is a lot more interesting to me than tediously (and probably badly) trying to predict everything that will go wrong in my codebase a priori and Semgrepping for them. Which is to say: Semgrep — which I have always liked — is maybe a lot more interesting now? And tools like it?</p>",
"image": {
"url": "https://fly.io/blog/semgrep-but-for-real-now/assets/ci-cd-cover.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/a-blog-if-kept/",
"title": "A Blog, If You Can Keep It",
"description": null,
"url": "https://fly.io/blog/a-blog-if-kept/",
"published": "2025-02-10T00:00:00.000Z",
"updated": "2025-02-19T19:05:52.000Z",
"content": "<div class=\"lead\"><p>A boldfaced lede like this was a sure sign you were reading a carefully choreographed EffortPost from our team at Fly.io. We’re going to do less of those. Or the same amount but more of a different kind of post. Either way: launch an app on Fly.io today!</p>\n</div>\n<p>Over the last 5 years, we’ve done pretty well for ourselves writing content for Hacker News. And that’s <a href='https://news.ycombinator.com/item?id=39373476' title=''>mostly</a> been good for us. We don’t do conventional marketing, we don’t have a sales team, the rest of social media is atomized over 5 different sites. Writing pieces that HN takes seriously has been our primary outreach tool.</p>\n\n<p>There’s a recipe (probably several, but I know this one works) for charting a post on HN:</p>\n\n<ol>\n<li>Write an EffortPost, which is to say a dense technical piece over 2000 words long; within that rubric there’s a bunch of things that are catnip to HN, including runnable code, research surveys, and explainers. (There are also cat-repellants you learn to steer clear of.)\n</li><li>Assiduously avoid promotion. You have to write for the audience. We get away with sporadically including a call-to-action block in our posts, but otherwise: the post should make sense even if an unrelated company posted it after you went out of business.\n</li><li>Pick topics HN is interested in (it helps if all your topics are au courant for HN, and we’ve been <a href='https://news.ycombinator.com/item?id=32250426' title=''>very</a> <a href='https://news.ycombinator.com/item?id=32018066' title=''>lucky</a> in that regard).\n</li><li>Like 5-6 more style-guide things that help incrementally. Probably 3 different teams writing for HN will have 3 different style guides with only like ½ overlap. Ours, for instances, instructs writers to swear.\n</li></ol>\n\n<p>I like this kind of writing. It’s not even a chore. But it’s become an impediment for us, for a couple reasons: the team serializes behind an “editorial” function here, which keeps us from publishing everything we want; worse, caring so much about our track record leaves us noodling on posts interminably (the poor <a href='https://www.tigrisdata.com/' title=''>Tigrises</a> have been waiting for months for me to publish the piece I wrote about them and FoundationDB; take heart, this post today means that one is coming soon).</p>\n\n<p>But worst of all, I worried incessantly about us <a href='https://gist.github.com/tqbf/e853764b562a2d72a91a6986ca3b77c0' title=''>wearing out our welcome</a>. To my mind, we’d have 1, maybe 2 bites at the HN apple in a given month, and we needed to make them count.</p>\n\n<p>That was dumb. I am dumb about a lot of things! I came around to understanding this after Kurt demanded I publish my blog post about BFAAS (Bash Functions As A Service), 500 lines of Go code that had generated 4500 words in my draft. It was only after I made the decision to stop gatekeeping this blog that I realized <a href='https://simonwillison.net/' title=''>Simon Willison</a> has been disproving my “wearing out the welcome” theory, day in and day out, for years. He just writes stuff about LLMs when it interests him. I mean, it helps that he’s a better writer than we are. But he’s not wasting time choreographing things.</p>\n\n<p>Back in like 2009, <a href='https://web.archive.org/web/20110806040300/http://chargen.matasano.com/chargen/2009/7/22/if-youre-typing-the-letters-a-e-s-into-your-code-youre-doing.html' title=''>we had a blog</a> at another company I was at. That blog drove a lot of business for us (and, on three occasions, almost killed me). It was not in the least bit optimized for HN. I like pretending to be a magazine feature writer, but I miss writing dashed-off pieces every day and clearing space for other people on the team to write as well.</p>\n\n<p>So this is all just a heads up: we’re trying something new. This is a very long and self-indulgent way to say “we’re going to write a normal blog like it’s 2008”, but that’s how broken my brain is after years of having my primary dopaminergic rewards come from how long Fly.io blog posts stay on the front page: I have to disclaim blogging before we start doing it, lest I fail to meet expectations.</p>\n\n<p>Like I said. I’m real dumb. But: looking forward to getting a lot more stuff out on the web for people to read this year!</p>",
"image": {
"url": "https://fly.io/blog/a-blog-if-kept/assets/keep-blog.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/vscode-ssh-wtf/",
"title": "VSCode’s SSH Agent Is Bananas",
"description": null,
"url": "https://fly.io/blog/vscode-ssh-wtf/",
"published": "2025-02-07T00:00:00.000Z",
"updated": "2025-02-14T21:30:41.000Z",
"content": "<p>We’re interested in getting integrated into the flow VSCode uses to do remote editing over SSH, because everybody is using VSCode now, and, in particular, they’re using forks of VSCode that generate code with LLMs. </p>\n<div class=\"right-sidenote\"><p>”hallucination” is what we call it when LLMs get code wrong; “engineering” is what we call it when people do.</p>\n</div>\n<p>LLM-generated code is <a href='https://nicholas.carlini.com/writing/2024/how-i-use-ai.html' title=''>useful in the general case</a> if you know what you’re doing. But it’s ultra-useful if you can close the loop between the LLM and the execution environment (with an “Agent” setup). There’s lots to say about this, but for the moment: it’s a semi-effective antidote to hallucination: the LLM generates the code, the agent scaffolding runs the code, the code generates errors, the agent feeds it back to the LLM, the process iterates. </p>\n\n<p>So, obviously, the issue here is you don’t want this iterative development process happening on your development laptop, because LLMs have boundary issues, and they’ll iterate on your system configuration just as happily on the Git project you happen to be working in. A thing you’d really like to be able to do: run a closed-loop agent-y (“agentic”? is that what we say now) configuration for an LLM, on a clean-slate Linux instance that spins up instantly and that can’t screw you over in any way. You get where we’re going with this.</p>\n\n<p>Anyways! I would like to register a concern.</p>\n\n<p>Emacs hosts the spiritual forebearer of remote editing systems, a blob of hyper-useful Elisp called <a href='https://www.gnu.org/software/tramp/' title=''>“Tramp”</a>. If you can hook Tramp up to any kind of interactive environment — usually, an SSH session — where it can run Bourne shell commands, it can extend Emacs to that environment.</p>\n\n<p>So, VSCode has a feature like Tramp. Which, neat, right? You’d think, take Tramp, maybe simplify it a bit, switch out Elisp for Typescript.</p>\n\n<p>You’d think wrong!</p>\n\n<p>Unlike Tramp, which lives off the land on the remote connection, VSCode mounts a full-scale invasion: it runs a Bash snippet stager that downloads an agent, including a binary installation of Node. </p>\n\n<p>I <em>think</em> this is <a href='https://github.com/microsoft/vscode/tree/c9e7e1b72f80b12ffc00e06153afcfedba9ec31f/src/vs/server/node' title=''>the source code</a>?</p>\n\n<p>The agent runs over port-forwarded SSH. It establishes a WebSockets connection back to your running VSCode front-end. The underlying protocol on that connection can:</p>\n\n<ul>\n<li>Wander around the filesystem\n</li><li>Edit arbitrary files\n</li><li>Launch its own shell PTY processes\n</li><li>Persist itself\n</li></ul>\n\n<p>In security-world, there’s a name for tools that work this way. I won’t say it out loud, because that’s not fair to VSCode, but let’s just say the name is murid in nature.</p>\n\n<p>I would be a little nervous about letting people VSCode-remote-edit stuff on dev servers, and apoplectic if that happened during an incident on something in production. </p>\n\n<p>It turns out we don’t have to care about any of this to get a custom connection to a Fly Machine working in VSCode, so none of this matters in any kind of deep way, but: we’ve decided to just be a blog again, so: we had to learn this, and now you do too.</p>",
"image": {
"url": "https://fly.io/static/images/default-post-thumbnail.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/ai-gpu-clusters-from-your-laptop-livebook/",
"title": "AI GPU Clusters, From Your Laptop, With Livebook",
"description": null,
"url": "https://fly.io/blog/ai-gpu-clusters-from-your-laptop-livebook/",
"published": "2024-09-24T00:00:00.000Z",
"updated": "2024-09-24T17:19:49.000Z",
"content": "<div class=\"lead\"><p>Livebook, FLAME, and the Nx stack: three Elixir components that are easy to describe, more powerful than they look, and intricately threaded into the Elixir ecosystem. A few weeks ago, Chris McCord (👋) and Chris Grainger showed them off at ElixirConf 2024. We thought the talk was worth a recap.</p>\n</div>\n<p>Let’s begin by introducing our cast of characters.</p>\n\n<p><a href='https://livebook.dev/' title=''>Livebook</a> is usually described as Elixir’s answer to <a href='https://jupyter.org/' title=''>Jupyter Notebooks</a>. And that’s a good way to think about it. But Livebook takes full advantage of the Elixir platform, which makes it sneakily powerful. By linking up directly with Elixir app clusters, Livebook can switch easily between driving compute locally or on remote servers, and makes it easy to bring in any kind of data into reproducible workflows.</p>\n\n<p><a href='https://fly.io/blog/rethinking-serverless-with-flame/' title=''>FLAME</a> is the Elixir’s answer to serverless computing. By having the library manage a pool of executors for you, FLAME lets you treat your entire application as if it was elastic and scale-to-zero. You configure FLAME with some basic information about where to run code and how many instances it’s allowed to run with, and then mark off any arbitrary section of code with <code>Flame.call</code>. The framework takes care of the rest. It’s the upside of serverless without committing yourself to blowing your app apart into tiny, intricately connected pieces.</p>\n\n<p>The <a href='https://github.com/elixir-nx' title=''>Nx stack</a> is how you do Elixir-native AI and ML. Nx gives you an Elixir-native notion of tensor computations with GPU backends. <a href='https://github.com/elixir-nx/axon' title=''>Axon</a> builds a common interface for ML models on top of it. <a href='https://github.com/elixir-nx/bumblebee' title=''>Bumblebee</a> makes those models available to any Elixir app that wants to download them, from just a couple lines of code.</p>\n\n<p>Here is quick video showing how to transfer a local tensor to a remote GPU, using Livebook, FLAME, and Nx:</p>\n<div class=\"youtube-container\" data-exclude-render>\n <div class=\"youtube-video\">\n <iframe\n width=\"100%\"\n height=\"100%\"\n src=\"https://www.youtube.com/embed/5ImP3gpUSkQ\"\n frameborder=\"0\"\n allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\"\n allowfullscreen>\n </iframe>\n </div>\n</div>\n\n\n<p>Let’s dive into the <a href='https://www.youtube.com/watch?v=4qoHPh0obv0' title=''>keynote</a>.</p>\n<h2 id='poking-a-hole-in-your-infrastructure' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#poking-a-hole-in-your-infrastructure' aria-label='Anchor'></a><span class='plain-code'>Poking a hole in your infrastructure</span></h2>\n<p>Any Livebook, including the one running on your laptop, can start a runtime running on a Fly Machine, in Fly.io’s public cloud. That Elixir machine will (by default) live in your default Fly.io organization, giving it networked access to all the other apps that might live there.</p>\n\n<p>This is an access control situation that mostly just does what you want it to do without asking. Unless you ask it to, Fly.io isn’t exposing anything to the Internet, or to other users of Fly.io. For instance: say we have a database we’re going to use to generate reports. It can hang out on our Fly organization, inside of a private network with no connectivity to the world. We can spin up a Livebook instance that can talk to it, without doing any network or infrastructure engineering to make that happen.</p>\n\n<p>But wait, there’s more. Because this is all Elixir, Livebook also allows you to connect to any running Erlang/Elixir application in your infrastructure to debug, introspect, and monitor them.</p>\n\n<p>Check out this clip of Chris McCord connecting <a href='https://rtt.fly.dev/' title=''>to an existing application</a> during the keynote:</p>\n<div class=\"youtube-container\" data-exclude-render>\n <div class=\"youtube-video\">\n <iframe\n width=\"100%\"\n height=\"100%\"\n src=\"https://www.youtube.com/embed/4qoHPh0obv0?start=1106\"\n frameborder=\"0\"\n allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\"\n allowfullscreen>\n </iframe>\n </div>\n</div>\n\n\n<p>Running a snippet of code from a laptop on a remote server is a neat trick, but Livebook is doing something deeper than that. It’s taking advantage of Erlang/Elixir’s native facility with cluster computation and making it available to the notebook. As a result, when we do things like auto-completing, Livebook delivers results from modules defined on the remote note itself. 🤯</p>\n<h2 id='elastic-scale-with-flame' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#elastic-scale-with-flame' aria-label='Anchor'></a><span class='plain-code'>Elastic scale with FLAME</span></h2>\n<p>When we first introduced FLAME, the example we used was video encoding.</p>\n\n<p>Video encoding is complicated and slow enough that you’d normally make arrangements to run it remotely or in a background job queue, or as a triggerable Lambda function. The point of FLAME is to get rid of all those steps, and give them over to the framework instead. So: we wrote our <code>ffpmeg</code> calls inline like normal code, as if they were going to complete in microseconds, and wrapped them in <code>Flame.call</code> blocks. That was it, that was the demo.</p>\n\n<p>Here, we’re going to put a little AI spin on it.</p>\n\n<p>The first thing we’re doing here is driving FLAME pools from Livebook. Livebook will automatically synchronize your notebook dependencies as well as any module or code defined in your notebook across nodes. That means any code we write in our notebook can be dispatched transparently out to arbitrarily many compute nodes, without ceremony.</p>\n\n<p>Now let’s add some AI flair. We take an object store bucket full of video files. We use <code>ffmpeg</code> to extract stills from the video at different moments. Then: we send them to <a href='https://www.llama.com/' title=''>Llama</a>, running on <a href='https://fly.io/gpu' title=''>GPU Fly Machines</a> (still locked to our organization), to get descriptions of the stills.</p>\n\n<p>All those stills and descriptions get streamed back to our notebook, in real time:</p>\n<div class=\"youtube-container\" data-exclude-render>\n <div class=\"youtube-video\">\n <iframe\n width=\"100%\"\n height=\"100%\"\n src=\"https://www.youtube.com/embed/4qoHPh0obv0?start=1692\"\n frameborder=\"0\"\n allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\"\n allowfullscreen>\n </iframe>\n </div>\n</div>\n\n\n<p>At the end, the descriptions are sent to <a href='https://mistral.ai/' title=''>Mistral</a>, which builds a summary.</p>\n\n<p>Thanks to FLAME, we get explicit control over the minimum and the maximum amount of nodes you want running at once, as well their concurrency settings. As nodes finish processing each video, new ones are automatically sent to them, until the whole bucket has been traversed. Each node will automatically shut down after an idle timeout and the whole cluster terminates if you disconnect the Livebook runtime.</p>\n\n<p>Just like your app code, FLAME lets you take your notebook code designed to run locally, change almost nothing, and elastically execute it across ephemeral infrastructure.</p>\n<h2 id='64-gpus-hyperparameter-tuning-on-a-laptop' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#64-gpus-hyperparameter-tuning-on-a-laptop' aria-label='Anchor'></a><span class='plain-code'>64-GPUs hyperparameter tuning on a laptop</span></h2>\n<p>Next, Chris Grainger, CTO of <a href='https://amplified.ai/' title=''>Amplified</a>, takes the stage.</p>\n\n<p>For work at Amplified, Chris wants to analyze a gigantic archive of patents, on behalf of a client doing edible cannibinoid work. To do that, he uses a BERT model (BERT, from Google, is one of the OG “transformer” models, optimized for text comprehension).</p>\n\n<p>To make the BERT model effective for this task, he’s going to do a hyperparameter training run.</p>\n\n<p>This is a much more complicated AI task than the Llama work we just showed up. Chris is going to generate a cluster of 64 GPU Fly Machines, each running an <a href='https://fly.io/blog/cutting-prices-for-l40s-gpus-in-half/' title=''>L40s GPU</a>. On each of these nodes, he needs to:</p>\n\n<ul>\n<li>setup its environment (including native dependencies and GPU bindings)\n</li><li>load the training data\n</li><li>compile a different version of BERT with different parameters, optimizers, etc.\n</li><li>start the fine-tuning\n</li><li>stream its results in real-time to each assigned chart\n</li></ul>\n\n<p>Here’s the clip. You’ll see the results stream in, in real time, directly back to his Livebook. We’ll wait, because it won’t take long to watch:</p>\n<div class=\"youtube-container\" data-exclude-render>\n <div class=\"youtube-video\">\n <iframe\n width=\"100%\"\n height=\"100%\"\n src=\"https://www.youtube.com/embed/4qoHPh0obv0?start=3344\"\n frameborder=\"0\"\n allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\"\n allowfullscreen>\n </iframe>\n </div>\n</div>\n\n<h2 id='this-is-just-the-beginning' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#this-is-just-the-beginning' aria-label='Anchor'></a><span class='plain-code'>This is just the beginning</span></h2>\n<p>The suggestion of mixing Livebook and FLAME to elastically scale notebook execution was originally proposed by Chris Grainger during ElixirConf EU. During the next four months, Jonatan Kłosko, Chris McCord, and José Valim worked part-time on making it a reality in time for ElixirConf US. Our ability to deliver such a rich combination of features in such a short period of time is a testament to the capabilities of the Erlang Virtual Machine, which Elixir and Livebook runs on. Other features, such as <a href='https://github.com/elixir-explorer/explorer/issues/932' title=''>remote dataframes and distributed GC</a>, were implemented in a weekend. Bringing the same functionality to other ecosystems would take several additional months, sometimes accompanied by millions in funding, and often times as part of a closed-source product.</p>\n\n<p>Furthermore, since we announced this feature, <a href='https://github.com/mruoss' title=''>Michael Ruoss</a> stepped in and brought the same functionality to Kubernetes. From Livebook v0.14.1, you can start Livebook runtimes inside a Kubernetes cluster and also use FLAME to elastically scale them. Expect more features and news in this space!</p>\n\n<p>Finally, Fly’s infrastructure played a key role in making it possible to start a cluster of GPUs in seconds rather than minutes, and all it requires is a Docker image. We’re looking forward to see how other technologies and notebook platforms can leverage Fly to also elevate their developer experiences.</p>\n<figure class=\"post-cta\">\n <figcaption>\n <h1>Launch a GPU app in seconds</h1>\n <p>Run your own LLMs or use Livebook for elastic GPU workflows ✨</p>\n <a class=\"btn btn-lg\" href=\"/gpu\">\n Go! <span class='opacity-50'>→</span>\n </a>\n </figcaption>\n <div class=\"image-container\">\n <img src=\"/static/images/cta-turtle.webp\" srcset=\"/static/images/[email protected] 2x\" alt=\"\">\n </div>\n</figure>",
"image": {
"url": "https://fly.io/blog/ai-gpu-clusters-from-your-laptop-livebook/assets/ai-gpu-livebook-thumb.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/accident-forgiveness/",
"title": "Accident Forgiveness",
"description": null,
"url": "https://fly.io/blog/accident-forgiveness/",
"published": "2024-08-21T00:00:00.000Z",
"updated": "2024-09-11T00:04:08.000Z",
"content": "<div class=\"lead\"><p>We’re Fly.io, a new public cloud with simple, developer-friendly ergonomics. <a href=\"https://fly.io/speedrun\" title=\"\">Try it out; you’ll be deployed in just minutes</a>, and, as you’re about to read, with less financial risk.</p>\n</div>\n<p>Public cloud billing is terrifying.</p>\n\n<p>The premise of a public cloud — what sets it apart from a hosting provider — is 8,760 hours/year of on-tap deployable compute, storage, and networking. Cloud resources are “elastic”: they’re acquired and released as needed; in the “cloud-iest” apps, without human intervention. Public cloud resources behave like utilities, and that’s how they’re priced.</p>\n\n<p>You probably can’t tell me how much electricity your home is using right now, and may only come within tens of dollars of accurately predicting your water bill. But neither of those bills are all that scary, because you assume there’s a limit to how much you could run them up in a single billing interval.</p>\n\n<p>That’s not true of public clouds. There are only so many ways to “spend” water at your home, but there are indeterminably many ways to land on a code path that grabs another VM, or to miskey a configuration, or to leak long-running CI/CD environments every time a PR gets merged. Pick a practitioner at random, and I bet they’ve read a story within the last couple months about someone running up a galactic-scale bill at some provider or other.</p>\n<h2 id='implied-accident-forgiveness' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#implied-accident-forgiveness' aria-label='Anchor'></a><span class='plain-code'>Implied Accident Forgiveness</span></h2>\n<p>For people who don’t do a lot of cloud work, what all this means is that every PR push sets off a little alarm in the back of their heads: “you may have just incurred $200,000 of costs!”. The alarm is quickly silenced, though it’s still subtly extracting a cortisol penalty. But by deadening the nerves that sense the danger of unexpected charges, those people are nudged closer to themselves being the next story on Twitter about an accidental $200,000 bill.</p>\n\n<p>The saving grace here, which you’ll learn if you ever become that $200,000 story, is that nobody pays those bills.</p>\n\n<p>See, what cloud-savvy people know already is that providers have billing support teams, which spend a big chunk of their time conceding disputed bills. If you do something luridly stupid and rack up costs, AWS and GCP will probably cut you a break. We will too. Everyone does.</p>\n\n<p>If you didn’t already know this, you’re welcome; I’ve made your life a little better, even if you don’t run things on Fly.io.</p>\n\n<p>But as soothing as it is to know you can get a break from cloud providers, the billing situation here is still a long ways away from “good”. If you accidentally add a zero to a scale count and don’t notice for several weeks, AWS or GCP will probably cut you a break. But they won’t <em>definitely</em> do it, and even though your odds are good, you’re still finding out at email- and phone-tag scale speeds. That’s not fun!</p>\n<h2 id='explicit-accident-forgiveness' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#explicit-accident-forgiveness' aria-label='Anchor'></a><span class='plain-code'>Explicit Accident Forgiveness</span></h2>\n<p>Charging you for stuff you didn’t want is bad business.</p>\n\n<p>Good business, we think, means making you so comfortable with your cloud you try new stuff. You, and everyone else on your team. Without a chaperone from the finance department.</p>\n\n<p>So we’re going to do the work to make this official. If you’re a customer of ours, we’re going to charge you in exacting detail for every resource you intentionally use of ours, but if something blows up and you get an unexpected bill, we’re going to let you off the hook.</p>\n<h2 id='not-so-fast' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#not-so-fast' aria-label='Anchor'></a><span class='plain-code'>Not So Fast</span></h2>\n<p>This is a Project, with a capital P. While we’re kind of kicking ourselves for not starting it earlier, there are reasons we couldn’t do it back in 2020.</p>\n\n<p>The Fully Automated Accident-Forgiving Billing System of the Future (which we are in fact building and may even one day ship) will give you a line-item veto on your invoice. We are a long ways away. The biggest reason is fraud.</p>\n\n<p>Sit back, close your eyes, and try to think about everything public clouds do to make your life harder. Chances are, most of those things are responses to fraud. Cloud platforms attract fraudsters like ants to an upturned ice cream cone. Thanks to the modern science of cryptography, fraudsters have had a 15 year head start on turning metered compute into picodollar-granular near-money assets.</p>\n\n<p>Since there’s no bouncer at the door checking IDs here, an open-ended and automated commitment to accident forgiveness is, with iron certainty, going to be used overwhelmingly in order to trick us into “forgiving” cryptocurrency miners. We’re cloud platform engineers. They’re our primary pathogen.</p>\n\n<p>So, we’re going to roll this out incrementally.</p>\n<div class=\"callout\"><p><strong class=\"font-semibold text-navy-950\">Why not billing alerts?</strong> We’ll get there, but here too there are reasons we haven’t yet: (1) meaningful billing alerts were incredibly difficult to do with our previous billing system, and building the new system and migrating our customers to it has been a huge lift, a nightmare from which we are only now waking (the billing system’s official name); and (2) we’re wary about alerts being a product design cop-out; if we can alert on something, why aren’t we fixing it?</p>\n</div><h2 id='accident-forgiveness-v0-84beta' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#accident-forgiveness-v0-84beta' aria-label='Anchor'></a><span class='plain-code'>Accident Forgiveness v0.84beta</span></h2>\n<p>All the same subtextual, implied reassurances that every cloud provider offers remain in place at Fly.io. You are strictly better off after this announcement, we promise.</p>\n<div class=\"right-sidenote\"><p>I added the “almost” right before publishing, because I’m chicken.</p>\n</div>\n<p>Now: for customers that have a support contract with us, at any level, there’s something new: I’m saying the quiet part loud. The next time you see a bill with an unexpected charge on it, we’ll refund that charge, (almost) no questions asked.</p>\n\n<p>That policy is so simple it feels anticlimactic to write. So, some additional color commentary:</p>\n\n<p>We’re not advertising a limit to the number of times you can do this. If you’re a serious customer of ours, I promise that you cannot remotely fathom the fullness of our fellow-feeling. You’re not annoying us by getting us to refund unexpected charges. If you are growing a project on Fly.io, we will bend over backwards to keep you growing.</p>\n\n<p>How far can we take this? How simple can we keep this policy? We’re going to find out together.</p>\n\n<p>To begin with, and in the spirit of “doing things that won’t scale”, when we forgive a bill, what’s going to happen next is this: I’m going to set an irritating personal reminder for Kurt to look into what happened, now and then the day before your next bill, so we can see what’s going wrong. He’s going to hate that, which is the point: our best feature work is driven by Kurt-hate.</p>\n\n<p>Obviously, if you’re rubbing your hands together excitedly over the opportunity this policy presents, then, well, not so much with the fellow-feeling. We reserve the right to cut you off.</p>\n<figure class=\"post-cta\">\n <figcaption>\n <h1>Support For Developers, By Developers</h1>\n <p>Explicit Accident Forgiveness is just one thing we like about Support at Fly.io.</p>\n <a class=\"btn btn-lg\" href=\"https://fly.io/accident-forgiveness\">\n Go find out! <span class='opacity-50'>→</span>\n </a>\n </figcaption>\n <div class=\"image-container\">\n <img src=\"/static/images/cta-cat.webp\" srcset=\"/static/images/[email protected] 2x\" alt=\"\">\n </div>\n</figure>\n\n<h2 id='whats-next-accident-protection' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#whats-next-accident-protection' aria-label='Anchor'></a><span class='plain-code'>What’s Next: Accident Protection</span></h2>\n<p>We think this is a pretty good first step. But that’s all it is.</p>\n\n<p>We can do better than offering you easy refunds for mistaken deployments and botched CI/CD jobs. What’s better than getting a refund is never incurring the charge to begin with, and that’s the next step we’re working on.</p>\n<div class=\"right-sidenote\"><p>More to come on that billing system.</p>\n</div>\n<p>We built a new billing system so that we can do things like that. For instance: we’re in a position to catch sudden spikes in your month-over-month bills, flag them, and catch weird-looking deployments before we bill for them.</p>\n\n<p>Another thing we rebuilt billing for is <a href='https://community.fly.io/t/reservation-blocks-40-discount-on-machines-when-youre-ready-to-commit/20858' title=''>reserved pricing</a>. Already today you can get a steep discount from us reserving blocks of compute in advance. The trick to taking advantage of reserved pricing is confidently predicting a floor to your usage. For a lot of people, that means fighting feelings of loss aversion (nobody wants to get gym priced!). So another thing we can do in this same vein: catch opportunities to move customers to reserved blocks, and offer backdated reservations. We’ll figure this out too.</p>\n\n<p>Someday, when we’re in a monopoly position, our founders have all been replaced by ruthless MBAs, and Kurt has retired to farm coffee beans in lower Montana, we may stop doing this stuff. But until that day this is the right choice for our business.</p>\n\n<p>Meanwhile: like every public cloud, we provision our own hardware, and we have excess capacity. Your messed-up CI/CD jobs didn’t really cost us anything, so if you didn’t really want them, they shouldn’t cost you anything either. Take us up on this! We love talking to you.</p>",
"image": {
"url": "https://fly.io/blog/accident-forgiveness/assets/money-for-mistakes-blog-thumb.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/cutting-prices-for-l40s-gpus-in-half/",
"title": "We're Cutting L40S Prices In Half",
"description": null,
"url": "https://fly.io/blog/cutting-prices-for-l40s-gpus-in-half/",
"published": "2024-08-15T00:00:00.000Z",
"updated": "2024-09-11T00:04:08.000Z",
"content": "<div class=\"lead\"><p>We’re Fly.io, a new public cloud with simple, developer-friendly ergonomics. And as of today, cheaper GPUs. <a href=\"https://fly.io/speedrun\" title=\"\">Try it out; you’ll be deployed in just minutes</a>.</p>\n</div>\n<p>We just lowered the prices on NVIDIA L40s GPUs to $1.25 per hour. Why? Because our feet are cold and we burn processor cycles for heat. But also other reasons.</p>\n\n<p>Let’s back up.</p>\n\n<p>We offer 4 different NVIDIA GPU models; in increasing order of performance, they’re the A10, the L40S, the 40G PCI A100, and the 80G SXM A100. Guess which one is most popular.</p>\n\n<p>We guessed wrong, and spent a lot of time working out how to maximize the amount of GPU power we could deliver to a single Fly Machine. Users surprised us. By a wide margin, the most popular GPU in our inventory is the A10.</p>\n\n<p>The A10 is an older generation of NVIDIA GPU with fewer, slower cores and less memory. It’s the least capable GPU we offer. But that doesn’t matter, because it’s capable enough. It’s solid for random inference tasks, and handles mid-sized generative AI stuff like Mistral Nemo or Stable Diffusion. For those workloads, there’s not that much benefit in getting a beefier GPU.</p>\n\n<p>As a result, we can’t get new A10s in fast enough for our users.</p>\n\n<p>If there’s one thing we’ve learned by talking to our customers over the last 4 years, it’s that y'all love a peek behind the curtain. So we’re going to let you in on a little secret about how a hardware provider like Fly.io formulates GPU strategy: none of us know what the hell we’re doing.</p>\n\n<p>If you had asked us in 2023 what the biggest GPU problem we could solve was, we’d have said “selling fractional A100 slices”. We burned a whole quarter trying to get MIG, or at least vGPUs, working through IOMMU PCI passthrough on Fly Machines, in a project so cursed that Thomas has forsworn ever programming again. Then we went to market selling whole A100s, and for several more months it looked like the biggest problem we needed to solve was finding a secure way to expose NVLink-ganged A100 clusters to VMs so users could run training. Then H100s; can we find H100s anywhere? Maybe in a black market in Shenzhen?</p>\n\n<p>And here we are, a year later, looking at the data, and the least sexy, least interesting GPU part in the catalog is where all the action is.</p>\n\n<p>With actual customer data to back up the hypothesis, here’s what we think is happening today:</p>\n\n<ul>\n<li>Most users who want to plug GPU-accelerated AI workloads into fast networks are doing inference, not training. \n</li><li>The hyperscaler public clouds strangle these customers, first with GPU instance surcharges, and then with egress fees for object storage data when those customers try to outsource the GPU stuff to GPU providers.\n</li><li>If you’re trying to do something GPU-accelerated in response to an HTTP request, the right combination of GPU, instance RAM, fast object storage for datasets and model parameters, and networking is much more important than getting your hands on an H100.\n</li></ul>\n\n<p>This is a thing we didn’t see coming, but should have: training workloads tend to look more like batch jobs, and inference tends to look more like transactions. Batch training jobs aren’t that sensitive to networking or even reliability. Live inference jobs responding to end-user HTTP requests are. So, given our pricing, of course the A10s are a sweet spot.</p>\n\n<p>The next step up in our lineup after the A10 is the L40S. The L40S is a nice piece of kit. We’re going to take a beat here and sell you on the L40S, because it’s kind of awesome.</p>\n\n<p>The L40S is an AI-optimized version of the L40, which is the data center version of the GeForce RTX 4090, resembling two 4090s stapled together.</p>\n\n<p>If you’re not a GPU hardware person, the RTX 4090 is a gaming GPU, the kind you’d play ray-traced Witcher 3 on. NVIDIA’s high-end gaming GPUs are actually reasonably good at AI workloads! But they suck in a data center rack: they chug power, they’re hard to cool, and they’re less dense. Also, NVIDIA can’t charge as much for them.</p>\n\n<p>Hence the L40: (much) more memory, less energy consumption, designed for a rack, not a tower case. Marked up for “enterprise”.</p>\n\n<p>NVIDIA positioned the L40 as a kind of “graphics” AI GPU. Unlike the super high-end cards like the A100/H100, the L40 keeps all the rendering hardware, so it’s good for 3D graphics and video processing. Which is sort of what you’d expect from a “professionalized” GeForce card.</p>\n\n<p>A funny thing happened in the middle of 2023, though: the market for ultra-high-end NVIDIA cards went absolutely batshit. The huge cards you’d gang up for training jobs got impossible to find, and NVIDIA became one of the most valuable companies in the world. Serious shops started working out plans to acquire groups of L40-type cards to work around the problem, whether or not they had graphics workloads.</p>\n\n<p>The only company in this space that does know what they’re doing is NVIDIA. Nobody has written a highly-ranked Reddit post about GPU workloads without NVIDIA noticing and creating a new SKU. So they launched the L40S, which is an L40 with AI workload compute performance comparable to that of the A100 (without us getting into the details of F32 vs. F16 models).</p>\n\n<p>Long story short, the L40S is an A100-performer that we can price for A10 customers; the Volkswagen GTI of our lineup. We’re going to see if we can make that happen.</p>\n\n<p>We think the combination of just-right-sized inference GPUs and Tigris object storage is pretty killer:</p>\n\n<ul>\n<li>model parameters, data sets, and compute are all close together\n</li><li>everything plugged into an Anycast network that’s fast everywhere in the world\n</li><li>on VM instances that have enough memory to actually run real frameworks on\n</li><li>priced like we actually want you to use it.\n</li></ul>\n\n<p>You should use L40S cards without thinking hard about it. So we’re making it official. You won’t pay us a dime extra to use one instead of an A10. Have at it! Revolutionize the industry. For $1.25 an hour.</p>\n\n<p>Here are things you can do with an L40S on Fly.io today:</p>\n\n<ul>\n<li>You can run Llama 3.1 70B — a big Llama — for LLM jobs.\n</li><li>You can run Flux from Black Forest Labs for genAI images.\n</li><li>You can run Whisper for automated speech recognition.\n</li><li>You can do whole-genome alignment with SegAlign (Thomas’ biochemist kid who has been snatching free GPU hours for his lab gave us this one, and we’re taking his word for it).\n</li><li>You can run DOOM Eternal, building the Stadia that Google couldn’t pull off, because the L40S hasn’t forgotten that it’s a graphics GPU. \n</li></ul>\n\n<p>It’s going to get chilly in Chicago in a month or so. Go light some cycles on fire! </p>",
"image": {
"url": "https://fly.io/blog/cutting-prices-for-l40s-gpus-in-half/assets/gpu-ga-thumb.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/machine-migrations/",
"title": "Making Machines Move",
"description": null,
"url": "https://fly.io/blog/machine-migrations/",
"published": "2024-07-30T00:00:00.000Z",
"updated": "2024-08-09T12:14:08.000Z",
"content": "<div class=\"lead\"><p>We’re Fly.io, a global public cloud with simple, developer-friendly ergonomics. If you’ve got a working Docker image, we’ll transmogrify it into a Fly Machine: a VM running on our hardware anywhere in the world. <a href=\"https://fly.io/speedrun\" title=\"\">Try it out; you’ll be deployed in just minutes</a>.</p>\n</div>\n<p>At the heart of our platform is a systems design tradeoff about durable storage for applications. When we added storage three years ago, to support stateful apps, we built it on attached NVMe drives. A benefit: a Fly App accessing a file on a Fly Volume is never more than a bus hop away from the data. A cost: a Fly App with an attached Volume is anchored to a particular worker physical.</p>\n<div class=\"right-sidenote\"><p><code>bird</code>: a BGP4 route server.</p>\n</div>\n<p>Before offering attached storage, our on-call runbook was almost as simple as “de-bird that edge server”, “tell <a href='https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/' title=''>Nomad</a> to drain that worker”, and “go back to sleep”. NVMe cost us that drain operation, which terribly complicated the lives of our infra team. We’ve spent the last year getting “drain” back. It’s one of the biggest engineering lifts we’ve made, and if you didn’t notice, we lifted it cleanly.</p>\n<h3 id='the-goalposts' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-goalposts' aria-label='Anchor'></a><span class='plain-code'>The Goalposts</span></h3>\n<p>With stateless apps, draining a worker is easy. For each app instance running on the victim server, start a new instance elsewhere. Confirm it’s healthy, then kill the old one. Rinse, repeat. At our 2020 scale, we could drain a fully loaded worker in just a handful of minutes.</p>\n\n<p>You can see why this process won’t work for apps with attached volumes. Sure, create a new volume elsewhere on the fleet, and boot up a new Fly Machine attached to it. But the new volume is empty. The data’s still stuck on the original worker. We asked, and customers were not OK with this kind of migration.</p>\n\n<p>Of course, we back Volumes snapshots up (at an interval) to off-network storage. But for “drain”, restoring backups isn’t nearly good enough. No matter the backup interval, a “restore from backup migration\" will lose data, and a “backup and restore” migration incurs untenable downtime.</p>\n\n<p>The next thought you have is, “OK, copy the volume over”. And, yes, of course you have to do that. But you can’t just <code>copy</code>, <code>boot</code>, and then <code>kill</code> the old Fly Machine. Because the original Fly Machine is still alive and writing, you have to <code>kill</code>first, then <code>copy</code>, then <code>boot</code>.</p>\n\n<p>Fly Volumes can get pretty big. Even to a rack buddy physical server, you’ll hit a point where draining incurs minutes of interruption, especially if you’re moving lots of volumes simultaneously. <code>Kill</code>, <code>copy</code>, <code>boot</code> is too slow.</p>\n<div class=\"callout\"><p>There’s a world where even 15 minutes of interruption is tolerable. It’s the world where you run more than one instance of your application to begin with, so prolonged interruption of a single Fly Machine isn’t visible to your users. Do this! But we have to live in the same world as our customers, many of whom don’t run in high-availability configurations.</p>\n</div><h3 id='behold-the-clone-o-mat' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#behold-the-clone-o-mat' aria-label='Anchor'></a><span class='plain-code'>Behold The Clone-O-Mat</span></h3>\n<p><code>Copy</code>, <code>boot</code>, <code>kill</code> loses data. <code>Kill</code>, <code>copy</code>, <code>boot</code> takes too long. What we needed is a new operation: <code>clone</code>.</p>\n\n<p><code>Clone</code> is a lazier, asynchronous <code>copy</code>. It creates a new volume elsewhere on our fleet, just like <code>copy</code> would. But instead of blocking, waiting to transfer every byte from the original volume, <code>clone</code> returns immediately, with a transfer running in the background.</p>\n\n<p>A new Fly Machine can be booted with that cloned volume attached. Its blocks are mostly empty. But that’s OK: when the new Fly Machine tries to read from it, the block storage system works out whether the block has been transferred. If it hasn’t, it’s fetched over the network from the original volume; this is called “hydration”. Writes are even easier, and don’t hit the network at all.</p>\n\n<p><code>Kill</code>, <code>copy</code>, <code>boot</code> is slow. But <code>kill</code>, <code>clone</code>, <code>boot</code> is fast; it can be made asymptotically as fast as stateless migration.</p>\n\n<p>There are three big moving pieces to this design.</p>\n\n<ol>\n<li>First, we have to rig up our OS storage system to make this <code>clone</code> operation work.\n</li><li>Then, to read blocks over the network, we need a network protocol. (Spoiler: iSCSI, though we tried other stuff first.)\n</li><li>Finally, the gnarliest of those pieces is our orchestration logic: what’s running where, what state is it in, and whether it’s plugged in correctly.\n</li></ol>\n<h3 id='block-level-clone' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#block-level-clone' aria-label='Anchor'></a><span class='plain-code'>Block-Level Clone</span></h3>\n<p>The Linux feature we need to make this work already exists; <a href='https://docs.kernel.org/admin-guide/device-mapper/dm-clone.html' title=''>it’s called <code>dm-clone</code></a>. Given an existing, readable storage device, <code>dm-clone</code> gives us a new device, of identical size, where reads of uninitialized blocks will pull from the original. It sounds terribly complicated, but it’s actually one of the simpler kernel lego bricks. Let’s demystify it.</p>\n\n<p>As far as Unix is concerned, random-access storage devices, be they spinning rust or NVMe drives, are all instances of the common class “block device”. A block device is addressed in fixed-size (say, 4KiB) chunks, and <a href='https://elixir.bootlin.com/linux/v5.11.11/source/include/linux/blk_types.h#L356' title=''>handles (roughly) these operations</a>:</p>\n<div class=\"highlight-wrapper group relative cpp\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-woz6bsz9\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-woz6bsz9\"><span class=\"k\">enum</span> <span class=\"n\">req_opf</span> <span class=\"p\">{</span>\n <span class=\"cm\">/* read sectors from the device */</span>\n <span class=\"n\">REQ_OP_READ</span> <span class=\"o\">=</span> <span class=\"mi\">0</span><span class=\"p\">,</span>\n <span class=\"cm\">/* write sectors to the device */</span>\n <span class=\"n\">REQ_OP_WRITE</span> <span class=\"o\">=</span> <span class=\"mi\">1</span><span class=\"p\">,</span>\n <span class=\"cm\">/* flush the volatile write cache */</span>\n <span class=\"n\">REQ_OP_FLUSH</span> <span class=\"o\">=</span> <span class=\"mi\">2</span><span class=\"p\">,</span>\n <span class=\"cm\">/* discard sectors */</span>\n <span class=\"n\">REQ_OP_DISCARD</span> <span class=\"o\">=</span> <span class=\"mi\">3</span><span class=\"p\">,</span>\n <span class=\"cm\">/* securely erase sectors */</span>\n <span class=\"n\">REQ_OP_SECURE_ERASE</span> <span class=\"o\">=</span> <span class=\"mi\">5</span><span class=\"p\">,</span>\n <span class=\"cm\">/* write the same sector many times */</span>\n <span class=\"n\">REQ_OP_WRITE_SAME</span> <span class=\"o\">=</span> <span class=\"mi\">7</span><span class=\"p\">,</span>\n <span class=\"cm\">/* write the zero filled sector many times */</span>\n <span class=\"n\">REQ_OP_WRITE_ZEROES</span> <span class=\"o\">=</span> <span class=\"mi\">9</span><span class=\"p\">,</span>\n <span class=\"cm\">/* ... */</span>\n<span class=\"p\">};</span>\n</code></pre>\n </div>\n</div>\n<p>You can imagine designing a simple network protocol that supported all these options. It might have messages that looked something like:</p>\n\n<p><img alt=\"A packet diagram, just skip down to \"struct bio\" below\" src=\"/blog/machine-migrations/assets/packet.png?2/3¢er\" />\nGood news! The Linux block system is organized as if your computer was a network running a protocol that basically looks just like that. Here’s the message structure:</p>\n<div class=\"right-sidenote\"><p>I’ve <a href=\"https://elixir.bootlin.com/linux/v5.11.11/source/include/linux/blk_types.h#L223\" title=\"\">stripped a bunch of stuff out of here</a> but you don’t need any of it to understand what’s coming next.</p>\n</div><div class=\"highlight-wrapper group relative cpp\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-kwrloyie\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-kwrloyie\"><span class=\"cm\">/*\n * main unit of I/O for the block layer and lower layers (ie drivers and\n * stacking drivers)\n */</span>\n<span class=\"k\">struct</span> <span class=\"nc\">bio</span> <span class=\"p\">{</span>\n <span class=\"k\">struct</span> <span class=\"nc\">gendisk</span> <span class=\"o\">*</span><span class=\"n\">bi_disk</span><span class=\"p\">;</span>\n <span class=\"kt\">unsigned</span> <span class=\"kt\">int</span> <span class=\"n\">bi_opf</span>\n <span class=\"kt\">unsigned</span> <span class=\"kt\">short</span> <span class=\"n\">bi_flags</span><span class=\"p\">;</span> \n <span class=\"kt\">unsigned</span> <span class=\"kt\">short</span> <span class=\"n\">bi_ioprio</span><span class=\"p\">;</span>\n <span class=\"n\">blk_status_t</span> <span class=\"n\">bi_status</span><span class=\"p\">;</span>\n <span class=\"kt\">unsigned</span> <span class=\"kt\">short</span> <span class=\"n\">bi_vcnt</span><span class=\"p\">;</span> <span class=\"cm\">/* how many bio_vec's */</span>\n <span class=\"k\">struct</span> <span class=\"nc\">bio_vec</span> <span class=\"n\">bi_inline_vecs</span><span class=\"p\">[]</span> <span class=\"cm\">/* (page, len, offset) tuples */</span><span class=\"p\">;</span>\n<span class=\"p\">};</span>\n</code></pre>\n </div>\n</div>\n<p>No nerd has ever looked at a fixed-format message like this without thinking about writing a proxy for it, and <code>struct bio</code> is no exception. The proxy system in the Linux kernel for <code>struct bio</code> is called <code>device mapper</code>, or DM.</p>\n\n<p>DM target devices can plug into other DM devices. For that matter, they can do whatever the hell else they want, as long as they honor the interface. It boils down to a <code>map(bio)</code> function, which can dispatch a <code>struct bio</code>, or drop it, or muck with it and ask the kernel to resubmit it.</p>\n\n<p>You can do a whole lot of stuff with this interface: carve a big device into a bunch of smaller ones (<a href='https://docs.kernel.org/admin-guide/device-mapper/linear.html' title=''><code>dm-linear</code></a>), make one big striped device out of a bunch of smaller ones (<a href='https://docs.kernel.org/admin-guide/device-mapper/striped.html' title=''><code>dm-stripe</code></a>), do software RAID mirroring (<code>dm-raid1</code>), create snapshots of arbitrary existing devices (<a href='https://docs.kernel.org/admin-guide/device-mapper/snapshot.html' title=''><code>dm-snap</code></a>), cryptographically verify boot devices (<a href='https://docs.kernel.org/admin-guide/device-mapper/verity.html' title=''><code>dm-verity</code></a>), and a bunch more. Device Mapper is the kernel backend for the <a href='https://sourceware.org/lvm2/' title=''>userland LVM2 system</a>, which is how we do <a href='https://fly.io/blog/persistent-storage-and-fast-remote-builds/' title=''>thin pools and snapshot backups</a>.</p>\n\n<p>Which brings us to <code>dm-clone</code> : it’s a map function that boils down to:</p>\n<div class=\"highlight-wrapper group relative cpp\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-8n5vrld6\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-8n5vrld6\"> <span class=\"cm\">/* ... */</span> \n <span class=\"n\">region_nr</span> <span class=\"o\">=</span> <span class=\"n\">bio_to_region</span><span class=\"p\">(</span><span class=\"n\">clone</span><span class=\"p\">,</span> <span class=\"n\">bio</span><span class=\"p\">);</span>\n\n <span class=\"c1\">// we have the data</span>\n <span class=\"k\">if</span> <span class=\"p\">(</span><span class=\"n\">dm_clone_is_region_hydrated</span><span class=\"p\">(</span><span class=\"n\">clone</span><span class=\"o\">-></span><span class=\"n\">cmd</span><span class=\"p\">,</span> <span class=\"n\">region_nr</span><span class=\"p\">))</span> <span class=\"p\">{</span>\n <span class=\"n\">remap_and_issue</span><span class=\"p\">(</span><span class=\"n\">clone</span><span class=\"p\">,</span> <span class=\"n\">bio</span><span class=\"p\">);</span>\n <span class=\"k\">return</span> <span class=\"mi\">0</span><span class=\"p\">;</span>\n\n <span class=\"c1\">// we don't and it's a read</span>\n <span class=\"p\">}</span> <span class=\"k\">else</span> <span class=\"k\">if</span> <span class=\"p\">(</span><span class=\"n\">bio_data_dir</span><span class=\"p\">(</span><span class=\"n\">bio</span><span class=\"p\">)</span> <span class=\"o\">==</span> <span class=\"n\">READ</span><span class=\"p\">)</span> <span class=\"p\">{</span>\n <span class=\"n\">remap_to_source</span><span class=\"p\">(</span><span class=\"n\">clone</span><span class=\"p\">,</span> <span class=\"n\">bio</span><span class=\"p\">);</span>\n <span class=\"k\">return</span> <span class=\"mi\">1</span><span class=\"p\">;</span>\n <span class=\"p\">}</span>\n\n <span class=\"c1\">// we don't and it's a write</span>\n <span class=\"n\">remap_to_dest</span><span class=\"p\">(</span><span class=\"n\">clone</span><span class=\"p\">,</span> <span class=\"n\">bio</span><span class=\"p\">);</span>\n <span class=\"n\">hydrate_bio_region</span><span class=\"p\">(</span><span class=\"n\">clone</span><span class=\"p\">,</span> <span class=\"n\">bio</span><span class=\"p\">);</span>\n <span class=\"k\">return</span> <span class=\"mi\">0</span><span class=\"p\">;</span>\n <span class=\"cm\">/* ... */</span> \n</code></pre>\n </div>\n</div><div class=\"right-sidenote\"><p>a <a href=\"https://docs.kernel.org/admin-guide/device-mapper/kcopyd.html\" title=\"\"><code>kcopyd</code></a> thread runs in the background, rehydrating the device in addition to (and independent of) read accesses.</p>\n</div>\n<p><code>dm-clone</code> takes, in addition to the source device to clone from, a “metadata” device on which is stored a bitmap of the status of all the blocks: either “rehydrated” from the source, or not. That’s how it knows whether to fetch a block from the original device or the clone.</p>\n<h3 id='network-clone' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#network-clone' aria-label='Anchor'></a><span class='plain-code'>Network Clone</span></h3><div class=\"callout\"><p><strong class=\"font-semibold text-navy-950\"><code>flyd</code> in a nutshell:</strong> worker physical run a service, <code>flyd</code>, which manages a couple of databases that are the source of truth for all the Fly Machines running there. Concepturally, <code>flyd</code> is a server for on-demand instances of durable finite state machines, each representing some operation on a Fly Machine (creation, start, stop, &c), with the transition steps recorded carefully in a BoltDB database. An FSM step might be something like “assign a local IPv6 address to this interface”, or “check out a block device with the contents of this container”, and it’s straightforward to add and manage new ones.</p>\n</div>\n<p>Say we’ve got <code>flyd</code> managing a Fly Machine with a volume on <code>worker-xx-cdg1-1</code>. We want it running on <code>worker-xx-cdg1-2</code>. Our whole fleet is meshed with WireGuard; everything can talk directly to everything else. So, conceptually:</p>\n\n<ol>\n<li><code>flyd</code> on <code>cdg1-1</code> stops the Fly Machine, and\n</li><li>sends a message to <code>flyd</code> on <code>cdg1-2</code> telling it to clone the source volume.\n</li><li><code>flyd</code> on <code>cdg1-2</code> starts a <code>dm-clone</code> instance, which creates a clone volume on <code>cdg1-2</code>, populating it, over some kind of network block protocol, from <code>cdg1-1</code>, and\n</li><li>boots a new Fly Machine, attached to the clone volume.\n</li><li><code>flyd</code> on <code>cdg1-2</code> monitors the clone operation, and, when the clone completes, converts the clone device to a simple linear device and cleans up.\n</li></ol>\n\n<p>For step (3) to work, the “original volume” on <code>cdg1-1</code> has to be visible on <code>cdg1-2</code>, which means we need to mount it over the network.</p>\n<div class=\"right-sidenote\"><p><code>nbd</code> is so simple that it’s used as a sort of <code>dm-user</code> userland block device; to prototype a new block device, <a href=\"https://lwn.net/ml/linux-kernel/[email protected]/\" title=\"\">don’t bother writing a kernel module</a>, just write an <code>nbd</code> server.</p>\n</div>\n<p>Take your pick of protocols. iSCSI is the obvious one, but it’s relatively complicated, and Linux has native support for a much simpler one: <code>nbd</code>, the “network block device”. You could implement an <code>nbd</code> server in an afternoon, on top of a file or a SQLite database or S3, and the Linux kernel could mount it as a drive.</p>\n\n<p>We started out using <code>nbd</code>. But we kept getting stuck <code>nbd</code> kernel threads when there was any kind of network disruption. We’re a global public cloud; network disruption happens. Honestly, we could have debugged our way through this. But it was simpler just to spike out an iSCSI implementation, observe that didn’t get jammed up when the network hiccuped, and move on.</p>\n<h3 id='putting-the-pieces-together' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#putting-the-pieces-together' aria-label='Anchor'></a><span class='plain-code'>Putting The Pieces Together</span></h3>\n<p>To drain a worker with minimal downtime and no lost data, we turn workers into a temporary SANs, serving the volumes we need to drain to fresh-booted replica Fly Machines on a bunch of “target” physicals. Those SANs — combinations of <code>dm-clone</code>, iSCSI, and <a href='https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/' title=''>our <code>flyd</code> orchestrator</a> — track the blocks copied from the origin, copying each one exactly once and cleaning up when the original volume has been fully copied.</p>\n\n<p>Problem solved!</p>\n<h3 id='no-there-were-more-problems' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#no-there-were-more-problems' aria-label='Anchor'></a><span class='plain-code'>No, There Were More Problems</span></h3>\n<p>When your problem domain is hard, anything you build whose design you can’t fit completely in your head is going to be a fiasco. Shorter form: “if you see Raft consensus in a design, we’ve done something wrong”.</p>\n\n<p>A virtue of this migration system is that, for as many moving pieces as it has, it fits in your head. What complexity it has is mostly shouldered by strategic bets we’ve already built teams around, most notably the <code>flyd</code> orchestrator. So we’ve been running this system for the better part of a year without much drama. Not no drama, though. Some drama.</p>\n\n<p>Example: we encrypt volumes. Our key management is fussy. We do per-volume encryption keys that provision alongside the volumes themselves, so no one worker has a volume skeleton key.</p>\n\n<p>If you think “migrating those volume keys from worker to worker” is the problem I’m building up to, well, that too, but the bigger problem is <code>trim</code>.</p>\n\n<p>Most people use just a small fraction of the volumes they allocate. A 100GiB volume with just 5MiB used wouldn’t be at all weird. You don’t want to spend minutes copying a volume that could have been fully hydrated in seconds.</p>\n\n<p>And indeed, <code>dm-clone</code> doesn’t want to do that either. Given a source block device (for us, an iSCSI mount) and the clone device, a <code>DISCARD</code> issued on the clone device will get picked up by <code>dm-clone</code>, which will simply <a href='https://elixir.bootlin.com/linux/v5.11.11/source/drivers/md/dm-clone-target.c#L1357' title=''>short-circuit the read</a> of the relevant blocks by marking them as hydrated in the metadata volume. Simple enough.</p>\n\n<p>To make that work, we need the target worker to see the plaintext of the source volume (so that it can do an <code>fstrim</code> — don’t get us started on how annoying it is to sandbox this — to read the filesystem, identify the unused block, and issue the <code>DISCARDs</code> where <code>dm-clone</code> can see them) Easy enough.</p>\n<div class=\"right-sidenote\"><p>these curses have a lot to do with how hard it was to drain workers!</p>\n</div>\n<p>Except: two different workers, for cursed reasons, might be running different versions of <a href='https://gitlab.com/cryptsetup/cryptsetup' title=''>cryptsetup</a>, the userland bridge between LUKS2 and the <a href='https://docs.kernel.org/admin-guide/device-mapper/dm-crypt.html' title=''>kernel dm-crypt driver</a>. There are (or were) two different versions of cryptsetup on our network, and they default to different <a href='https://fossies.org/linux/cryptsetup/docs/on-disk-format-luks2.pdf' title=''>LUKS2 header sizes</a> — 4MiB and 16MiB. Implying two different plaintext volume sizes. </p>\n\n<p>So now part of the migration FSM is an RPC call that carries metadata about the designed LUKS2 configuration for the target VM. Not something we expected to have to build, but, whatever.</p>\n<div class=\"right-sidenote\"><p>Corrosion deserves its own post.</p>\n</div>\n<p>Gnarlier example: workers are the source of truth for information about the Fly Machines running on them. Migration knocks the legs out from under that constraint, which we were relying on in Corrosion, the SWIM-gossip SQLite database we use to connect Fly Machines to our request routing. Race conditions. Debugging. Design changes. Next!</p>\n\n<p>Gnarliest example: our private networks. Recall: we automatically place every Fly Machine into <a href='https://fly.io/blog/incoming-6pn-private-networks/' title=''>a private network</a>; by default, it’s the one all the other apps in your organization run in. This is super handy for setting up background services, databases, and clustered applications. 20 lines of eBPF code in our worker kernels keeps anybody from “crossing the streams”, sending packets from one private network to another.</p>\n<div class=\"right-sidenote\"><p>we’re members of an elite cadre of idiots who have managed to find designs that made us wish IPv6 addresses were even bigger.</p>\n</div>\n<p>We call this scheme 6PN (for “IPv6 Private Network”). It functions by <a href='https://fly.io/blog/ipv6-wireguard-peering#ipv6-private-networking-at-fly' title=''>embedding routing information directly into IPv6 addresses</a>. This is, perhaps, gross. But it allows us to route diverse private networks with constantly changing membership across a global fleet of servers without running a distributed routing protocol. As the beardy wizards who kept the Internet backbone up and running on Cisco AGS+’s once said: the best routing protocol is “static”.</p>\n\n<p>Problem: the embedded routing information in a 6PN address refers in part to specific worker servers.</p>\n\n<p>That’s fine, right? They’re IPv6 addresses. Nobody uses literal IPv6 addresses. Nobody uses IP addresses at all; they use the DNS. When you migrate a host, just give it a new 6PN address, and update the DNS.</p>\n\n<p>Friends, somebody did use literal IPv6 addresses. It was us. In the configurations for Fly Postgres clusters.</p>\n<div class=\"right-sidenote\"><p>It’s also not operationally easy for us to shell into random Fly Machines, for good reason.</p>\n</div>\n<p>The obvious fix for this is not complicated; given <code>flyctl</code> ssh access to a Fly Postgres cluster, it’s like a 30 second ninja edit. But we run a <em>lot</em> of Fly Postgres clusters, and the change has to be coordinated carefully to avoid getting the cluster into a confused state. We went as far as adding feature to our <code>init</code> to do network address mappings to keep old 6PN addresses reachable before biting the bullet and burning several weeks doing the direct configuration fix fleet-wide.</p>\n<figure class=\"post-cta\">\n <figcaption>\n <h1>Speedrun your app onto Fly.io.</h1>\n <p>3…2…1…</p>\n <a class=\"btn btn-lg\" href=\"https://fly.io/speedrun\">\n Go! <span class='opacity-50'>→</span>\n </a>\n </figcaption>\n <div class=\"image-container\">\n <img src=\"/static/images/cta-dog.webp\" srcset=\"/static/images/[email protected] 2x\" alt=\"\">\n </div>\n</figure>\n\n<h3 id='the-learning-it-burns' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-learning-it-burns' aria-label='Anchor'></a><span class='plain-code'>The Learning, It Burns!</span></h3>\n<p>We get asked a lot why we don’t do storage the “obvious” way, with an <a href='https://aws.amazon.com/ebs/' title=''>EBS-type</a> SAN fabric, abstracting it away from our compute. Locally-attached NVMe storage is an idiosyncratic choice, one we’ve had to write disclaimers for (single-node clusters can lose data!) since we first launched it.</p>\n\n<p>One answer is: we’re a startup. Building SAN infrastructure in every region we operate in would be tremendously expensive. Look at any feature in AWS that normal people know the name of, like EC2, EBS, RDS, or S3 — there’s a whole company in there. We launched storage when we were just 10 people, and even at our current size we probably have nothing resembling the resources EBS gets. AWS is pretty great!</p>\n\n<p>But another thing to keep in mind is: we’re learning as we go. And so even if we had the means to do an EBS-style SAN, we might not build it today.</p>\n\n<p>Instead, we’re a lot more interested in log-structured virtual disks (LSVD). LSVD uses NVMe as a local cache, but durably persists writes in object storage. You get most of the performance benefit of bus-hop disk writes, along with unbounded storage and S3-grade reliability.</p>\n\n<p><a href='https://community.fly.io/t/bottomless-s3-backed-volumes/15648' title=''>We launched LSVD experimentally last year</a>; in the intervening year, something happened to make LSVD even more interesting to us: <a href='https://www.tigrisdata.com/' title=''>Tigris Data</a> launched S3-compatible object storage in every one our regions, so instead of backhauling updates to Northern Virginia, <a href='https://community.fly.io/t/tigris-backed-volumes/20792' title=''>we can keep them local</a>. We have more to say about LSVD, and a lot more to say about Tigris.</p>\n\n<p>Our first several months of migrations were done gingerly. By summer of 2024, we got to where our infra team can pull “drain this host” out of their toolbelt without much ceremony.</p>\n\n<p>We’re still not to the point where we’re migrating casually. Your Fly Machines are probably not getting migrated! There’d need to be a reason! But the dream is fully-automated luxury space migration, in which you might get migrated semiregularly, as our systems work not just to drain problematic hosts but to rebalance workloads regularly. No time soon. But we’ll get there.</p>\n\n<p>This is the biggest thing our team has done since we replaced Nomad with flyd. Only the new billing system comes close. We did this thing not because it was easy, but because we thought it would be easy. It was not. But: worth it!</p>",
"image": {
"url": "https://fly.io/blog/machine-migrations/assets/migrations-thumb.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/oidc-cloud-roles/",
"title": "AWS without Access Keys",
"description": null,
"url": "https://fly.io/blog/oidc-cloud-roles/",
"published": "2024-06-19T00:00:00.000Z",
"updated": "2024-06-25T22:52:32.000Z",
"content": "<div class=\"lead\"><p>It’s dangerous to go alone. Fly.io runs full-stack apps by transmuting Docker containers into Fly Machines: ultra-lightweight hardware-backed VMs. You can run all your dependencies on Fly.io, but sometimes, you’ll need to work with other clouds, and we’ve made that pretty simple. Try Fly.io out for yourself; your Rails or Node app <a href=\"https://fly.io/speedrun\" title=\"\">can be up and running in just minutes</a>.</p>\n</div>\n<p>Let’s hypopulate you an app serving generative AI cat images based on the weather forecast, running on a <code>g4dn.xlarge</code> ECS task in AWS <code>us-east-1</code>. It’s going great; people didn’t realize how dependent their cat pic prefs are on barometric pressure, and you’re all anyone can talk about.</p>\n\n<p>Word reaches Australia and Europe, but you’re not catching on, because the… latency is too high? Just roll with us here. Anyways: fixing this is going to require replicating ECS tasks and ECR images into <code>ap-southeast-2</code> and <code>eu-central-1</code> while also setting up load balancing. Nah.</p>\n\n<p>This is the O.G. Fly.io deployment story; one deployed app, one versioned container, one command to get it running anywhere in the world.</p>\n\n<p>But you have a problem: your app relies on training data, it’s huge, your giant employer manages it, and it’s in S3. Getting this to work will require AWS credentials.</p>\n\n<p>You could ask your security team to create a user, give it permissions, and hand over the AWS keypair. Then you could wash your neck and wait for the blade. Passing around AWS keypairs is the beginning of every horror story told about cloud security, and security team ain’t having it.</p>\n\n<p>There’s a better way. It’s drastically more secure, so your security people will at least hear you out. It’s also so much easier on Fly.io that you might never bother creating a IAM service account again.</p>\n<h2 id='lets-get-it-out-of-the-way' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#lets-get-it-out-of-the-way' aria-label='Anchor'></a><span class='plain-code'>Let’s Get It out of the Way</span></h2>\n<p>We’re going to use OIDC to set up strictly limited trust between AWS and Fly.io.</p>\n\n<ol>\n<li>In AWS: we’ll add Fly.io as an <code>Identity Provider</code> in AWS IAM, giving us an ID we can plug into any IAM <code>Role</code>.\n</li><li>Also in AWS: we’ll create a <code>Role</code>, give it access to the S3 bucket with our tokenized cat data, and then attach the <code>Identity Provider</code> to it.\n</li><li>In Fly.io, we’ll take the <code>Role</code> ARN we got from step 2 and set it as an environment variable in our app.\n</li></ol>\n\n<p>Our machines will now magically have access to the S3 bucket.</p>\n<h2 id='what-the-what' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#what-the-what' aria-label='Anchor'></a><span class='plain-code'>What the What</span></h2>\n<p>A reasonable question to ask here is, “where’s the credential”? Ordinarily, to give a Fly Machine access to an AWS resource, you’d use <code>fly secrets set</code> to add an <code>AWS_ACCESS_KEY_ID</code> and <code>AWS_SECRET_ACCESS_KEY</code> to the environment in the Machine. Here, we’re not setting any secrets at all; we’re just adding an ARN — which is not a credential — to the Machine.</p>\n\n<p>Here’s what’s happening.</p>\n\n<p>Fly.io operates an OIDC IdP at <code>oidc.fly.io</code>. It issues OIDC tokens, exclusively to Fly Machines. AWS can be configured to trust these tokens, on a role-by-role basis. That’s the “secret credential”: the pre-configured trust relationship in IAM, and the public keypairs it manages. You, the user, never need to deal with these keys directly; it all happens behind the scenes, between AWS and Fly.io.</p>\n\n<p><img alt=\"A diagram: STS trusts OIDC.fly.io. OIDC.fly.io trusts flyd. flyd issues a token to the Machine, which proffers it to STS. STS sends an STS cred to the Machine, which then uses it to retrieve model weights from S3.\" src=\"/blog/oidc-cloud-roles/assets/oidc-diagram.webp\" /></p>\n\n<p>The key actor in this picture is <code>STS</code>, the AWS <code>Security Token Service</code>. <code>STS</code>‘s main job is to vend short-lived AWS credentials, usually through some variant of an API called <code>AssumeRole</code>. Specifically, in our case: <code>AssumeRoleWithWebIdentity</code> tells <code>STS</code> to cough up an AWS keypair given an OIDC token (that matches a pre-configured trust relationship).</p>\n\n<p>That still leaves the question: how does your code, which is reaching out to the AWS APIs to get cat weights, drive any of this?</p>\n<h2 id='the-init-thickens' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-init-thickens' aria-label='Anchor'></a><span class='plain-code'>The Init Thickens</span></h2>\n<p>Every Fly Machine boots up into an <code>init</code> we wrote in Rust. It has slowly been gathering features.</p>\n\n<p>One of those features, which has been around for awhile, is a server for a Unix socket at <code>/.fly/api</code>, which exports a subset of the Fly Machines API to privileged processes in the Machine. Think of it as our answer to the EC2 Instant Metadata Service. How it works is, every time we boot a Fly Machine, we pass it a <a href='https://fly.io/blog/macaroons-escalated-quickly/' title=''>Macaroon token</a> locked to that particular Machine; <code>init</code>’s server for <code>/.fly/api</code> is a proxy that attaches that token to requests.</p>\n<div class=\"right-sidenote\"><p>In addition to the API proxy being tricky to SSRF to.</p>\n</div>\n<p>What’s neat about this is that the credential that drives <code>/.fly/api</code> is doubly protected:</p>\n\n<ol>\n<li>The Fly.io platform won’t honor it unless it comes from that specific Fly Machine (<code>flyd</code>, our orchestrator, knows who it’s talking to), <em>and</em>\n</li><li>Ordinary code running in a Fly Machine never gets a copy of the token to begin with.\n</li></ol>\n\n<p>You could rig up a local privilege escalation vulnerability and work out how to steal the Macaroon, but you can’t exfiltrate it productively.</p>\n\n<p>So now you have half the puzzle worked out: OIDC is just part of the <a href='https://fly.io/docs/machines/api/' title=''>Fly Machines API</a> (specifically: <code>/v1/tokens/oidc</code>). A Fly Machine can hit a Unix socket and get an OIDC token tailored to that machine:</p>\n<div class=\"highlight-wrapper group relative \">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-xdcj19sc\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-xdcj19sc\">{\n \"app_id\": \"3671581\",\n \"app_name\": \"weather-cat\",\n \"aud\": \"sts.amazonaws.com\",\n \"image\": \"image:latest\",\n \"image_digest\": \"sha256:dff79c6da8dd4e282ecc6c57052f7cfbd684039b652f481ca2e3324a413ee43f\",\n \"iss\": \"https://oidc.fly.io/example\",\n \"machine_id\": \"3d8d377ce9e398\",\n \"machine_name\": \"ancient-snow-4824\",\n \"machine_version\": \"01HZJXGTQ084DX0G0V92QH3XW4\",\n \"org_id\": \"29873298\",\n \"org_name\": \"example\",\n \"region\": \"yyz\",\n \"sub\": \"example:weather-cat:ancient-snow-4824\"\n} // some OIDC stuff trimmed\n</code></pre>\n </div>\n</div>\n<p>Look upon this holy blob, sealed with a published key managed by Fly.io’s OIDC vault, and see that there lies within it enough information for AWS <code>STS</code> to decide to issue a session credential.</p>\n\n<p>We have still not completed the puzzle, because while you can probably now see how you’d drive this process with a bunch of new code that you’d tediously write, you are acutely aware that you have not yet endured that tedium — e pur si muove!</p>\n\n<p>One <code>init</code> feature remains to be disclosed, and it’s cute.</p>\n\n<p>If, when <code>init</code> starts in a Fly Machine, it sees an <code>AWS_ROLE_ARN</code> environment variable set, it initiates a little dance; it:</p>\n\n<ol>\n<li>goes off and generates an OIDC token, the way we just described,\n</li><li>saves that OIDC token in a file, <em>and</em>\n</li><li>sets the <code>AWS_WEB_IDENTITY_TOKEN_FILE</code> and <code>AWS_ROLE_SESSION_NAME</code> environment variables for every process it launches.\n</li></ol>\n\n<p>The AWS SDK, linked to your application, does all the rest.</p>\n\n<p>Let’s review: you add an <code>AWS_ROLE_ARN</code> variable to your Fly App, launch a Machine, and have it go fetch a file from S3. What happens next is:</p>\n\n<ol>\n<li><code>init</code> detects <code>AWS_ROLE_ARN</code> is set as an environment variable.\n</li><li><code>init</code> sends a request to <code>/v1/tokens/oidc</code> via <code>/.api/proxy</code>.\n</li><li><code>init</code> writes the response to <code>/.fly/oidc_token.</code>\n</li><li><code>init</code> sets <code>AWS_WEB_IDENTITY_TOKEN_FILE</code> and <code>AWS_ROLE_SESSION_NAME</code>.\n</li><li>The entrypoint boots, and (say) runs <code>aws s3 get-object.</code>\n</li><li>The AWS SDK runs through the <a href='https://docs.aws.amazon.com/sdkref/latest/guide/standardized-credentials.html#credentialProviderChain' title=''>credential provider chain</a>\n</li><li>The SDK sees that <code>AWS_WEB_IDENTITY_TOKEN_FILE</code> is set and calls <code>AssumeRoleWithWebIdentity</code> with the file contents.\n</li><li>AWS verifies the token against <a href='https://oidc.fly.io/' title=''><code>https://oidc.fly.io/</code></a><code>example/.well-known/openid-configuration</code>, which references a key Fly.io manages on isolated hardware.\n</li><li>AWS vends <code>STS</code> credentials for the assumed <code>Role</code>.\n</li><li>The SDK uses the <code>STS</code> credentials to access the S3 bucket.\n</li><li>AWS checks the <code>Role</code>’s IAM policy to see if it has access to the S3 bucket.\n</li><li>AWS returns the contents of the bucket object.\n</li></ol>\n<h2 id='how-much-better-is-this' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#how-much-better-is-this' aria-label='Anchor'></a><span class='plain-code'>How Much Better Is This?</span></h2>\n<p>It is a lot better.</p>\n<div class=\"right-sidenote\"><p>They asymptotically approach the security properties of Macaroon tokens.</p>\n</div>\n<p>Most importantly: AWS <code>STS</code> credentials are short-lived. Because they’re generated dynamically, rather than stored in a configuration file or environment variable, they’re already a little bit annoying for an attacker to recover. But they’re also dead in minutes. They have a sharply limited blast radius. They rotate themselves, and fail closed.</p>\n\n<p>They’re also easier to manage. This is a rare instance where you can reasonably drive the entire AWS side of the process from within the web console. Your cloud team adds <code>Roles</code> all the time; this is just a <code>Role</code> with an extra snippet of JSON. The resulting ARN isn’t even a secret; your cloud team could just email or Slack message it back to you.</p>\n\n<p>Finally, they offer finer-grained control.</p>\n\n<p>To understand the last part, let’s look at that extra snippet of JSON (the “Trust Policy”) your cloud team is sticking on the new <code>cat-bucket</code> <code>Role</code>:</p>\n<div class=\"highlight-wrapper group relative \">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-x99m930o\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-x99m930o\">{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Federated\": \"arn:aws:iam::123456123456:oidc-provider/oidc.fly.io/example\"\n },\n \"Action\": \"sts:AssumeRoleWithWebIdentity\",\n \"Condition\": {\n \"StringEquals\": {\n \"oidc.fly.io/example:aud\": \"sts.amazonaws.com\",\n },\n \"StringLike\": {\n \"oidc.fly.io/example:sub\": \"example:weather-cat:*\"\n }\n }\n }\n ]\n}\n</code></pre>\n </div>\n</div><div class=\"right-sidenote\"><p>The <code>aud</code> check guarantees <code>STS</code> will only honor tokens that Fly.io deliberately vended for <code>STS</code>.</p>\n</div>\n<p>Recall the OIDC token we dumped earlier; much of what’s in it, we can match in the Trust Policy. Every OIDC token Fly.io generates is going to have a <code>sub</code> field formatted <code>org:app:machine</code>, so we can lock IAM <code>Roles</code> down to organizations, or to specific Fly Apps, or even specific Fly Machine instances.</p>\n<figure class=\"post-cta\">\n <figcaption>\n <h1>Speedrun your app onto Fly.io.</h1>\n <p>3…2…1…</p>\n <a class=\"btn btn-lg\" href=\"https://fly.io/speedrun\">\n Go! <span class='opacity-50'>→</span>\n </a>\n </figcaption>\n <div class=\"image-container\">\n <img src=\"/static/images/cta-kitty.webp\" srcset=\"/static/images/[email protected] 2x\" alt=\"\">\n </div>\n</figure>\n\n<h2 id='and-so' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#and-so' aria-label='Anchor'></a><span class='plain-code'>And So</span></h2>\n<p>In case it’s not obvious: this pattern works for any AWS API, not just S3.</p>\n\n<p>Our OIDC support on the platform and in Fly Machines will set arbitrary OIDC <code>audience</code> strings, so you can use it to authenticate to any OIDC-compliant cloud provider. It won’t be as slick on Azure or GCP, because we haven’t done the <code>init</code> features to light their APIs up with a single environment variable — but those features are easy, and we’re just waiting for people to tell us what they need.</p>\n\n<p>For us, the gold standard for least-privilege, conditional access tokens remains Macaroons, and it’s unlikely that we’re going to do a bunch of internal stuff using OIDC. We even snuck Macaroons into this feature. But the security you’re getting from this OIDC dance closes a lot of the gap between hardcoded user credentials and Macaroons, and it’s easy to use — easier, in some ways, than it is to manage role-based access inside of a legacy EC2 deployment!</p>",
"image": {
"url": "https://fly.io/blog/oidc-cloud-roles/assets/spooky-security-skeleton-thumb.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/llm-image-description/",
"title": "Picture This: Open Source AI for Image Description",
"description": null,
"url": "https://fly.io/blog/llm-image-description/",
"published": "2024-05-09T00:00:00.000Z",
"updated": "2024-05-23T20:00:21.000Z",
"content": "<div class=\"lead\"><p>I’m Nolan, and I work on Fly Machines here at Fly.io. We’re building a new public cloud—one where you can spin up CPU and GPU workloads, around the world, in a jiffy. <a href=\"https://fly.io/speedrun/\" title=\"\">Try us out</a>; you can be up and running in minutes. This is a post about LLMs being really helpful, and an extensible project you can build with open source on a weekend.</p>\n</div>\n<p>Picture this, if you will.</p>\n\n<p>You’re blind. You’re in an unfamiliar hotel room on a trip to Chicago.</p>\n<div class=\"right-sidenote\"><p>If you live in Chicago IRL, imagine the hotel in Winnipeg, <a href=\"https://www.cbc.ca/history/EPISCONTENTSE1EP10CH3PA5LE.html\" title=\"\">the Chicago of the North</a>.</p>\n</div>\n<p>You’ve absent-mindedly set your coffee down, and can’t remember where. You’re looking for the thermostat so you don’t wake up frozen. Or, just maybe, you’re playing a fun-filled round of “find the damn light switch so your sighted partner can get some sleep already!”</p>\n\n<p>If, like me, you’ve been blind for a while, you have plenty of practice finding things without the luxury of a quick glance around. It may be more tedious than you’d like, but you’ll get it done.</p>\n\n<p>But the speed of innovation in machine learning and large language models has been dizzying, and in 2024 you can snap a photo with your phone and have an app like <a href='https://www.bemyeyes.com/blog/announcing-be-my-ai/' title=''>Be My AI</a> or <a href='https://www.seeingai.com/' title=''>Seeing AI</a> tell you where in that picture it found your missing coffee mug, or where it thinks the light switch is.</p>\n<div class=\"right-sidenote\"><p>Creative switch locations seem to be a point of pride for hotels, so the light game may be good for a few rounds of quality entertainment, regardless of how good your AI is.</p>\n</div>\n<p>This is <em>big</em>. It’s hard for me to state just how exciting and empowering AI image descriptions have been for me without sounding like a shill. In the past year, I’ve:</p>\n\n<ul>\n<li>Found shit in strange hotel rooms. \n</li><li>Gotten descriptions of scenes and menus in otherwise inaccessible video games.\n</li><li>Requested summaries of technical diagrams and other materials where details weren’t made available textually. \n</li></ul>\n\n<p>I’ve been consistently blown away at how impressive and helpful AI-created image descriptions have been.</p>\n\n<p>Also…</p>\n<h2 id='which-thousand-words-is-this-picture-worth' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#which-thousand-words-is-this-picture-worth' aria-label='Anchor'></a><span class='plain-code'>Which thousand words is this picture worth?</span></h2>\n<p>As a blind internet user for the last three decades, I have extensive empirical evidence to corroborate what you already know in your heart: humans are pretty flaky about writing useful alt text for all the images they publish. This does tend to make large swaths of the internet inaccessible to me!</p>\n\n<p>In just a few years, the state of image description on the internet has gone from complete reliance on the aforementioned lovable, but ultimately tragically flawed, humans, to automated strings of words like <code>Image may contain person, glasses, confusion, banality, disillusionment</code>, to LLM-generated text that reads a lot like it was written by a person, perhaps sipping from a steaming cup of Earl Grey as they reflect on their previous experiences of a background that features a tree with snow on its branches, suggesting that this scene takes place during winter.</p>\n\n<p>If an image is missing alt text, or if you want a second opinion, there are screen-reader addons, like <a href='https://github.com/cartertemm/AI-content-describer/' title=''>this one</a> for <a href='https://www.nvaccess.org/download/' title=''>NVDA</a>, that you can use with an API key to get image descriptions from GPT-4 or Google Gemini as you read. This is awesome! </p>\n\n<p>And this brings me to the nerd snipe. How hard would it be to build an image description service we can host ourselves, using open source technologies? It turns out to be spookily easy.</p>\n\n<p>Here’s what I came up with:</p>\n\n<ol>\n<li><a href='https://ollama.com/' title=''>Ollama</a> to run the model\n</li><li>A <a href='https://pocketbase.io' title=''>PocketBase</a> project that provides a simple authenticated API for users to submit images, get descriptions, and ask followup questions about the image\n</li><li>The simplest possible Python client to interact with the PocketBase app on behalf of users\n</li></ol>\n\n<p>The idea is to keep it modular and hackable, so if sentiment analysis or joke creation is your thing, you can swap out image description for that and have something going in, like, a weekend.</p>\n\n<p>If you’re like me, and you go skipping through recipe blogs to find the “go directly to recipe” link, find the code itself <a href='https://github.com/superfly/llm-describer' title=''>here</a>. </p>\n<h2 id='the-llm-is-the-easiest-part' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#the-llm-is-the-easiest-part' aria-label='Anchor'></a><span class='plain-code'>The LLM is the easiest part</span></h2>\n<p>An API to accept images and prompts, run the model, and spit \nout answers sounds like a lot! But it’s the simplest part of this whole thing, because: \nthat’s <a href='https://ollama.com/' title=''>Ollama</a>.</p>\n\n<p>You can just run the Ollama Docker image, get it to grab the model \nyou want to use, and that’s it. There’s your AI server. (We have a <a href='https://fly.io/blog/scaling-llm-ollama/' title=''>blog post</a> \nall about deploying Ollama on Fly.io; Fly GPUs are rad, try'em out, etc.).</p>\n\n<p>For this project, we need a model that can make sense—or at least words—out of a picture. \n<a href='https://llava-vl.github.io/' title=''>LLaVA</a> is a trained, Apache-licensed “large multimodal model” that fits the bill. \nGet the model with the Ollama CLI:</p>\n<div class=\"highlight-wrapper group relative cmd\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-vsa102iz\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight cmd'><code id=\"code-vsa102iz\">ollama pull llava:34b\n</code></pre>\n </div>\n</div><div class=\"callout\"><p>If you have hardware that can handle it, you could run this on your computer at home. If you run AI models on a cloud provider, be aware that GPU compute is expensive! <strong class=\"font-semibold text-navy-950\">It’s important to take steps to ensure you’re not paying for a massive GPU 24/7.</strong></p>\n\n<p>On Fly.io, at the time of writing, you’d achieve this with the <a href=\"https://fly.io/docs/apps/autostart-stop/\" title=\"\">autostart and autostop</a> functions of the Fly Proxy, restricting Ollama access to internal requests over <a href=\"https://fly.io/docs/networking/private-networking/#flycast-private-fly-proxy-services\" title=\"\">Flycast</a> from the PocketBase app. That way, if there haven’t been any requests for a few minutes, the Fly Proxy stops the Ollama <a href=\"https://fly.io/docs/machines/\" title=\"\">Machine</a>, which releases the CPU, GPU, and RAM allocated to it. <a href=\"https://fly.io/blog/scaling-llm-ollama/\" title=\"\">Here’s a post</a> that goes into more detail. </p>\n</div><h2 id='a-multi-tool-on-the-backend' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#a-multi-tool-on-the-backend' aria-label='Anchor'></a><span class='plain-code'>A multi-tool on the backend</span></h2>\n<p>I want user auth to make sure just anyone can’t grab my “image description service” and keep it busy generating short stories about their cat. If I build this out into a service for others to use, I might also want business logic around plans or\ncredits, or mobile-friendly APIs for use in the field. <a href='https://pocketbase.io' title=''>PocketBase</a> provides a scaffolding for all of it. It’s a Swiss army knife: a Firebase-like API on top of SQLite, complete with authentication, authorization, an admin UI, extensibility in JavaScript and Go, and various client-side APIs.</p>\n<div class=\"right-sidenote\"><p>Yes, <em>of course</em> I’ve used an LLM to generate feline fanfic. Theme songs too. Hasn’t everyone? </p>\n</div>\n<p>I “faked” a task-specific API that supports followup questions by extending PocketBase in Go, modeling requests and responses as <a href='https://pocketbase.io/docs/collections/' title=''>collections</a> (i.e. SQLite tables) with <a href='https://pocketbase.io/docs/go-event-hooks/' title=''>event hooks</a> to trigger pre-set interactions with the Ollama app (via <a href='https://tmc.github.io/langchaingo' title=''>LangChainGo</a>) and the client (via the PocketBase API).</p>\n\n<p>If you’re following along, <a href='https://github.com/superfly/llm-describer/blob/main/describer.go' title=''>here’s the module</a>\nthat handles all that, along with initializing the LLM connection.</p>\n\n<p>In a nutshell, this is the dance:</p>\n\n<ul>\n<li>When a user uploads an image, a hook on the <code>images</code> collection sends the image to Ollama, along with this prompt:\n<code>\"You are a helpful assistant describing images for blind screen reader users. Please describe this image.\"</code>\n</li><li>Ollama sends back its response, which the backend 1) passes back to the client and 2) stores in its <code>followups</code> collection for future reference.\n</li><li>If the user responds with a followup question about the image and description, that also \ngoes into the <code>followups</code> collection; user-initiated changes to this collection trigger a hook to chain the new \nfollowup question with the image and the chat history into a new request for the model.\n</li><li>Lather, rinse, repeat.\n</li></ul>\n\n<p>This is a super simple hack to handle followup questions, and it’ll let you keep adding followups until \nsomething breaks. You’ll see the quality of responses get poorer—possibly incoherent—as the context \nexceeds the context window.</p>\n\n<p>I also set up <a href='https://pocketbase.io/docs/api-rules-and-filters/' title=''>API rules</a> in PocketBase,\nensuring that users can’t read to and write from others’ chats with the AI.</p>\n\n<p>If image descriptions aren’t your thing, this business logic is easily swappable \nfor joke generation, extracting details from text, any other simple task you \nmight want to throw at an LLM. Just slot the best model into Ollama (LLaVA is pretty OK as a general starting point too), and match the PocketBase schema and pre-set prompts to your application.</p>\n<h2 id='a-seedling-of-a-client' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#a-seedling-of-a-client' aria-label='Anchor'></a><span class='plain-code'>A seedling of a client</span></h2>\n<p>With the image description service in place, the user can talk to it with any client that speaks the PocketBase API. PocketBase already has SDK clients in JavaScript and Dart, but because my screen reader is <a href='https://github.com/nvaccess/nvda' title=''>written in Python</a>, I went with a <a href='https://pypi.org/project/pocketbase/' title=''>community-created Python library</a>. That way I can build this out into an NVDA add-on \nif I want to.</p>\n\n<p>If you’re a fancy Python developer, you probably have your preferred tooling for\nhandling virtualenvs and friends. I’m not, and since my screen reader doesn’t use those\nanyway, I just <code>pip install</code>ed the library so my client can import it:</p>\n<div class=\"highlight-wrapper group relative cmd\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-rgh35fwn\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight cmd'><code id=\"code-rgh35fwn\">pip install pocketbase\n</code></pre>\n </div>\n</div>\n<p><a href='https://github.com/superfly/llm-describer/blob/main/__init__.py' title=''>My client</a> is a very simple script. \nIt expects a couple of things: a file called <code>image.jpg</code>, located in the current directory, \nand environment variables to provide the service URL and user credentials to log into it with.</p>\n\n<p>When you run the client script, it uploads the image to the user’s <code>images</code> collection on the \nbackend app, starting the back-and-forth between user and model we saw in the previous section. \nThe client prints the model’s output to the CLI and prompts the user to input a followup question, \nwhich it passes up to the <code>followups</code> collection, and so on.</p>\n<figure class=\"post-cta\">\n <figcaption>\n <h1>This can run on Fly.io.</h1>\n <p>Run your LLM on a datacenter-grade GPU.</p>\n <a class=\"btn btn-lg\" href=\"https://fly.io/gpu/\">\n Try out a Fly GPU <span class='opacity-50'>→</span>\n </a>\n </figcaption>\n <div class=\"image-container\">\n <img src=\"/static/images/cta-dog.webp\" srcset=\"/static/images/[email protected] 2x\" alt=\"\">\n </div>\n</figure>\n\n<h2 id='all-together-now' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#all-together-now' aria-label='Anchor'></a><span class='plain-code'>All together now</span></h2>\n<p>I grabbed <a href='https://unsplash.com/photos/brown-trees-beside-river-under-blue-sky-during-daytime-kSvpTrfhaiU' title=''>this\nimage</a>\nand saved it to a file called <em>image.jpg</em>. </p>\n\n<p>While I knew I was downloading an image of a winter scene, all I see on Unsplash is:</p>\n\n<blockquote>\n<p>brown trees beside river under blue sky during daytime Bright winter landscape\nwith lake, snow, forest, beautiful blue sky and white clouds. An example of\ncharming wildlife in Russia.</p>\n</blockquote>\n\n<p>Let’s see what our very own AI describer thinks of this picture:</p>\n<div class=\"highlight-wrapper group relative plain\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-4bvdtqnv\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-4bvdtqnv\">$ python __init__.py\nThe image depicts a serene winter scene. There is a small stream of water flowing through the center, with patches of snow on its surface and along the banks. The surrounding area appears to be a mix of bare trees and shrubs, suggesting it's late in the season or possibly early spring when some plants have started to grow again but haven't yet leafed out.\n\nThe sky is clear and blue, indicating good weather conditions at the time the photo was taken. The sunlight seems to be coming from the left side of the image, casting a warm glow on the scene and creating reflections in the water. There are no visible texts or distinguishing marks that provide additional context about the location or the photographer.\n\nThe overall atmosphere is peaceful and natural, with the quiet beauty of the landscape undisturbed except for the gentle movement of the stream.\n</code></pre>\n </div>\n</div>\n<p>Is it a stellar description? Maybe not, but it certainly gives me a better sense of connection with the scene.</p>\n\n<p>Let’s see how our describer copes with a followup question.</p>\n<div class=\"highlight-wrapper group relative plain\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-1x1pz9x9\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-1x1pz9x9\">Enter your followup question, or 'quit' to quit: What types of trees are in the image?\nSending followup question\nIt's difficult to determine the exact species of trees in the image without more specific details, as many deciduous trees lose their leaves during winter and look quite similar. However, based on the general appearance of the bare branches and the fact that they are leafless, it is likely that these are common deciduous trees such as oaks, maples, or elms.\n\nThe presence of snow and the absence of foliage suggest that this photo was taken during winter or early spring when the trees have not yet started to bloom again. The exact species would require a closer examination of the bark, buds, and other distinguishing features, which are not clearly visible in this image.\n</code></pre>\n </div>\n</div>\n<p>Boo, the general-purpose LLaVA model couldn’t identify the leafless trees. At least it knows why it can’t. Maybe there’s a better model out \nthere for that. Or we could train one, if we really needed tree identification! We could make every component of \nthis service more sophisticated! </p>\n\n<p>But that I, personally, can make a proof of concept like this with a few days of effort\ncontinues to boggle my mind. Thanks to a handful of amazing open source projects, it’s really, spookily, easy. And from here, I (or you) can build out a screen-reader addon, or a mobile app, or a different kind of AI service, with modular changes.</p>\n<h2 id='deployment-notes' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#deployment-notes' aria-label='Anchor'></a><span class='plain-code'>Deployment notes</span></h2>\n<p>On Fly.io, stopping GPU Machines saves you a bunch of money and some carbon footprint, in return for cold-start latency when you make a request for the first time in more than a few minutes. In testing this project, on the <code>a100-40gb</code> Fly Machine preset, the 34b-parameter LLaVA model took several seconds to generate each response. If the Machine was stopped when the request came in, starting it up took another handful of seconds, followed by several tens of seconds to load the model into GPU RAM. The total time from cold start to completed description was about 45 seconds. Just something to keep in mind.</p>\n\n<p>If you’re running Ollama in the cloud, you likely want to put the model onto storage that’s persistent, so you don’t have to download it repeatedly. You could also build the model into a Docker image ahead of deployment.</p>\n\n<p>The PocketBase Golang app compiles to a single executable that you can run wherever.\nI run it on Fly.io, unsurprisingly, and the <a href='https://github.com/superfly/llm-describer/' title=''>repo</a> comes with a Dockerfile and a <a href='https://fly.io/docs/reference/configuration/' title=''><code>fly.toml</code></a> config file, which you can edit to point at your own Ollama instance. It uses a small persistent storage volume for the SQLite database. Under testing, it runs fine on a <code>shared-cpu-1x</code> Machine. </p>",
"image": {
"url": "https://fly.io/blog/llm-image-description/assets/image-description-thumb.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/jit-wireguard-peers/",
"title": "JIT WireGuard",
"description": null,
"url": "https://fly.io/blog/jit-wireguard-peers/",
"published": "2024-03-12T00:00:00.000Z",
"updated": "2024-05-23T20:00:21.000Z",
"content": "<div class=\"lead\"><p>We’re Fly.io and we transmute containers into VMs, running them on our hardware around the world with the power of Firecracker alchemy. We do a lot of stuff with WireGuard, which has become a part of our customer API. This is a quick story about some tricks we played to make WireGuard faster and more scalable for the hundreds of thousands of people who now use it here.</p>\n</div>\n<p>One of many odd decisions we’ve made at Fly.io is how we use WireGuard. It’s not just that we use it in many places where other shops would use HTTPS and REST APIs. We’ve gone a step beyond that: every time you run <code>flyctl</code>, our lovable, sprawling CLI, it conjures a TCP/IP stack out of thin air, with its own IPv6 address, and speaks directly to Fly Machines running on our networks.</p>\n\n<p>There are plusses and minuses to this approach, which we talked about <a href='https://fly.io/blog/our-user-mode-wireguard-year/' title=''>in a blog post a couple years back</a>. Some things, like remote-operated Docker builders, get easier to express (a Fly Machine, as far as <code>flyctl</code> is concerned, might as well be on the same LAN). But everything generally gets trickier to keep running reliably.</p>\n\n<p>It was a decision. We own it.</p>\n\n<p>Anyways, we’ve made some improvements recently, and I’d like to talk about them.</p>\n<h2 id='where-we-left-off' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#where-we-left-off' aria-label='Anchor'></a><span class='plain-code'>Where we left off</span></h2>\n<p>Until a few weeks ago, our gateways ran on a pretty simple system.</p>\n\n<ol>\n<li>We operate dozens of “gateway” servers around the world, whose sole purpose is to accept incoming WireGuard connections and connect them to the appropriate private networks.\n</li><li>Any time you run <code>flyctl</code> and it needs to talk to a Fly Machine (to build a container, pop an SSH console, copy files, or proxy to a service you’re running), it spawns or connects to a background agent process.\n</li><li>The first time it runs, the agent generates a new WireGuard peer configuration from our GraphQL API. WireGuard peer configurations are very simple: just a public key and an address to connect to.\n</li><li>Our API in turn takes that peer configuration and sends it to the appropriate gateway (say, <code>ord</code>, if you’re near Chicago) via an RPC we send over the NATS messaging system.\n</li><li>On the gateway, a service called <code>wggwd</code> accepts that configuration, saves it to a SQLite database, and adds it to the kernel using WireGuard’s Golang libraries. <code>wggwd</code> acknowledges the installation of the peer to the API.\n</li><li>The API replies to your GraphQL request, with the configuration.\n</li><li>Your <code>flyctl</code> connects to the WireGuard peer, which works, because you receiving the configuration means it’s installed on the gateway.\n</li></ol>\n\n<p>I copy-pasted those last two bullet points from <a href='https://fly.io/blog/our-user-mode-wireguard-year/' title=''>that two-year-old post</a>, because when it works, it does <em>just work</em> reasonably well. (We ultimately did end up defaulting everybody to WireGuard-over-WebSockets, though.)</p>\n\n<p>But if it always worked, we wouldn’t be here, would we?</p>\n\n<p>We ran into two annoying problems:</p>\n\n<p>One: NATS is fast, but doesn’t guarantee delivery. Back in 2022, Fly.io was pretty big on NATS internally. We’ve moved away from it. For instance, our <a href='https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/' title=''>internal <code>flyd</code> API</a> used to be driven by NATS; today, it’s HTTP. Our NATS cluster was losing too many messages to host a reliable API on it. Scaling back our use of NATS made WireGuard gateways better, but still not great.</p>\n\n<p>Two: When <code>flyctl</code> exits, the WireGuard peer it created sticks around on the gateway. Nothing cleans up old peers. After all, you’re likely going to come back tomorrow and deploy a new version of your app, or <code>fly ssh console</code> into it to debug something. Why remove a peer just to re-add it the next day?</p>\n\n<p>Unfortunately, the vast majority of peers are created by <code>flyctl</code> in CI jobs, which don’t have persistent storage and can’t reconnect to the same peer the next run; they generate new peers every time, no matter what.</p>\n\n<p>So, we ended up with a not-reliable-enough provisioning system, and gateways with hundreds of thousands of peers that will never be used again. The high stale peer count made kernel WireGuard operations very slow - especially loading all the peers back into the kernel after a gateway server reboot - as well as some kernel panics.</p>\n\n<p>There had to be</p>\n<h2 id='a-better-way' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#a-better-way' aria-label='Anchor'></a><span class='plain-code'>A better way.</span></h2>\n<p>Storing bajillions of WireGuard peers is no big challenge for any serious n-tier RDBMS. This isn’t “big data”. The problem we have at Fly.io is that our gateways don’t have serious n-tier RDBMSs. They’re small. Scrappy. They live off the land.</p>\n\n<p>Seriously, though: you could store every WireGuard peer everybody has ever used at Fly.io in a single SQLite database, easily. What you can’t do is store them all in the Linux kernel.</p>\n\n<p>So, at some point, as you push more and more peer configurations to a gateway, you have to start making decisions about which peers you’ll enable in the kernel, and which you won’t.</p>\n\n<p>Wouldn’t it be nice if we just didn’t have this problem? What if, instead of pushing configs to gateways, we had the gateways pull them from our API on demand?</p>\n\n<p>If you did that, peers would only have to be added to the kernel when the client wanted to connect. You could yeet them out of the kernel any time you wanted; the next time the client connected, they’d just get pulled again, and everything would work fine.</p>\n\n<p>The problem you quickly run into to build this design is that Linux kernel WireGuard doesn’t have a feature for installing peers on demand. However:</p>\n<h2 id='it-is-possible-to-jit-wireguard-peers' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#it-is-possible-to-jit-wireguard-peers' aria-label='Anchor'></a><span class='plain-code'>It is possible to JIT WireGuard peers</span></h2>\n<p>The Linux kernel’s <a href='https://github.com/WireGuard/wgctrl-go' title=''>interface for configuring WireGuard</a> is <a href='https://docs.kernel.org/userspace-api/netlink/intro.html' title=''>Netlink</a> (which is basically a way to create a userland socket to talk to a kernel service). Here’s a <a href='https://github.com/WireGuard/wg-dynamic/blob/master/netlink.h' title=''>summary of it as a C API</a>. Note that there’s no API call to subscribe for “incoming connection attempt” events.</p>\n\n<p>That’s OK! We can just make our own events. WireGuard connection requests are packets, and they’re easily identifiable, so we can efficiently snatch them with a BPF filter and a <a href='https://github.com/google/gopacket' title=''>packet socket</a>.</p>\n<div class=\"callout\"><p>Most of the time, it’s even easier for us to get the raw WireGuard packets, because our users now default to WebSockets WireGuard (which is just an unauthenticated WebSockets connect that shuttles framed UDP packets to and from an interface on the gateway), so that people who have trouble talking end-to-end in UDP can bring connections up.</p>\n</div>\n<p>We own the daemon code for that, and can just hook the packet receive function to snarf WireGuard packets.</p>\n\n<p>It’s not obvious, but WireGuard doesn’t have notions of “client” or “server”. It’s a pure point-to-point protocol; peers connect to each other when they have traffic to send. The first peer to connect is called the <strong class='font-semibold text-navy-950'>initiator</strong>, and the peer it connects to is the <strong class='font-semibold text-navy-950'>responder</strong>.</p>\n<div class=\"right-sidenote\"><p><a href=\"https://www.wireguard.com/papers/wireguard.pdf\" title=\"\"><em>The WireGuard paper</em></a> <em>is a good read.</em></p>\n</div>\n<p>For Fly.io, <code>flyctl</code> is typically our initiator, sending a single UDP packet to the gateway, which is the responder. According <a href='https://www.wireguard.com/papers/wireguard.pdf' title=''>to the WireGuard paper</a>, this first packet is a <code>handshake initiation</code>. It gets better: the packet type is recorded in a single plaintext byte. So this simple BPF filter catches all the incoming connections: <code>udp and dst port 51820 and udp[8] = 1</code>.</p>\n\n<p>In most other protocols, we’d be done at this point; we’d just scrape the username or whatnot out of the packet, go fetch the matching configuration, and install it in the kernel. With WireGuard, not so fast. WireGuard is based on Trevor Perrin’s <a href='http://www.noiseprotocol.org/' title=''>Noise Protocol Framework</a>, and Noise goes way out of its way to <a href='http://www.noiseprotocol.org/noise.html#identity-hiding' title=''>hide identities</a> during handshakes. To identify incoming requests, we’ll need to run enough Noise cryptography to decrypt the identity.</p>\n\n<p>The code to do this is fussy, but it’s relatively short (about 200 lines). Helpfully, the kernel Netlink interface will give a privileged process the private key for an interface, so the secrets we need to unwrap WireGuard are easy to get. Then it’s just a matter of running the first bit of the Noise handshake. If you’re that kind of nerdy, <a href='https://gist.github.com/tqbf/9f2c2852e976e6566f962d9bca83062b' title=''>here’s the code.</a></p>\n\n<p>At this point, we have the event feed we wanted: the public keys of every user trying to make a WireGuard connection to our gateways. We keep a rate-limited cache in SQLite, and when we see new peers, we’ll make an internal HTTP API request to fetch the matching peer information and install it. This fits nicely into the little daemon that already runs on our gateways to manage WireGuard, and allows us to ruthlessly and recklessly remove stale peers with a <code>cron</code> job.</p>\n\n<p>But wait! There’s more! We bounced this plan off Jason Donenfeld, and he tipped us off on a sneaky feature of the Linux WireGuard Netlink interface.</p>\n<div class=\"right-sidenote\"><p>Jason is the hardest working person in show business.</p>\n</div>\n<p>Our API fetch for new peers is generally not going to be fast enough to respond to the first handshake initiation message a new client sends us. That’s OK; WireGuard is pretty fast about retrying. But we can do better.</p>\n\n<p>When we get an incoming initiation message, we have the 4-tuple address of the desired connection, including the ephemeral source port <code>flyctl</code> is using. We can install the peer as if we’re the initiator, and <code>flyctl</code> is the responder. The Linux kernel will initiate a WireGuard connection back to <code>flyctl</code>. This works; the protocol doesn’t care a whole lot who’s the server and who’s the client. We get new connections established about as fast as they can possibly be installed.</p>\n<figure class=\"post-cta\">\n <figcaption>\n <h1>Launch an app in minutes</h1>\n <p>Speedrun an app onto Fly.io and get your own JIT WireGuard peer ✨</p>\n <a class=\"btn btn-lg\" href=\"/docs/speedrun/\">\n Speedrun <span class='opacity-50'>→</span>\n </a>\n </figcaption>\n <div class=\"image-container\">\n <img src=\"/static/images/cta-cat.webp\" srcset=\"/static/images/[email protected] 2x\" alt=\"\">\n </div>\n</figure>\n\n<h2 id='look-at-this-graph' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#look-at-this-graph' aria-label='Anchor'></a><span class='plain-code'>Look at this graph</span></h2>\n<p>We’ve been running this in production for a few weeks and we’re feeling pretty happy about it. We went from thousands, or hundreds of thousands, of stale WireGuard peers on a gateway to what rounds to none. Gateways now hold a lot less state, are faster at setting up peers, and can be rebooted without having to wait for many unused peers to be loaded back into the kernel.</p>\n\n<p>I’ll leave you with this happy Grafana chart from the day of the switchover.</p>\n\n<p><img alt=\"a Grafana chart of 'kernel_stale_wg_peer_count' vs. time. For the first few hours, all traces are flat. Most are at values between 0 and 50,000 and the top-most is just under 550,000. Towards the end of the graph, each line in turn jumps sharply down to the bottom, and at the end of the chart all datapoints are indistinguishable from 0.\" src=\"/blog/jit-wireguard-peers/assets/wireguard-peers-graph.webp\" /></p>\n\n<p><strong class='font-semibold text-navy-950'>Editor’s note:</strong> Despite our tearful protests, Lillian has decided to move on from Fly.io to explore new pursuits. We wish her much success and happiness! ✨</p>",
"image": {
"url": "https://fly.io/blog/jit-wireguard-peers/assets/network-thumbnail.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/fks-beta-live/",
"title": "Fly Kubernetes does more now",
"description": null,
"url": "https://fly.io/blog/fks-beta-live/",
"published": "2024-03-07T00:00:00.000Z",
"updated": "2024-04-24T22:38:38.000Z",
"content": "<div class=\"lead\"><p>Eons ago, we <a href=\"https://fly.io/blog/fks/\" title=\"\">announced</a> we were working on <a href=\"https://fly.io/docs/kubernetes/\" title=\"\">Fly Kubernetes</a>. It drummed up enough excitement to prove we were heading in the right direction. So, we got hard to work to get from barebones “early access” to a beta release. We’ll be onboarding customers to the closed beta over the next few weeks. Email us at <a href=\"mailto:[email protected]\">[email protected]</a> and we’ll hook you up.</p>\n</div>\n<p>Fly Kubernetes is the “blessed path\"™️ to using Kubernetes backed by Fly.io infrastructure. Or, in simpler terms, it is our managed Kubernetes service. We take care of the complexity of operating the Kubernetes control plane, leaving you with the unfettered joy of deploying your Kubernetes workloads. If you love Fly.io and K8s, this product is for you.</p>\n<h2 id='what-even-is-a-kubernete' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#what-even-is-a-kubernete' aria-label='Anchor'></a><span class='plain-code'>What even is a Kubernete?</span></h2>\n<p>So how did this all come to be—and what even is a Kubernete?</p>\n<div class=\"right-sidenote\"><p>You can see more fun details in <a href=\"https://fly.io/blog/fks/\" title=\"\">Introducing Fly Kubernetes</a>.</p>\n</div>\n<p>If you wade through all the YAML and <a href='https://landscape.cncf.io/' title=''>CNCF projects</a>, what’s left is an API for declaring workloads and how it should be accessed. </p>\n\n<p>But that’s not what people usually talk / groan about. It’s everything else that comes along with adopting Kubernetes: a container runtime (CRI), networking between workloads (CNI) which leads to DNS (CoreDNS). Then you layer on Prometheus for metrics and whatever the logging daemon du jour is at the time. Now you get to debate which Ingress—strike that—<em>Gateway</em> API to deploy and if the next thing is anything to do with a Service Mess, then as they like to say where I live, \"bless your heart”.</p>\n\n<p>Finally, there’s capacity planning. You’ve got to pick and choose where, how and what the <a href='https://kubernetes.io/docs/concepts/architecture/nodes/' title=''>Nodes</a> will look like in order to configure and run the workloads.</p>\n\n<p>When we began thinking about what a Fly Kubernetes Service could look like, we started from first principles, as we do with most everything here. The best way we can describe it is the <a href='https://www.youtube.com/watch?v=Ddk9ci6geSs' title=''>scene from Iron Man 2 when Tony Stark discovers a new element</a>. As he’s looking at the knowledge left behind by those that came before, he starts to imagine something entirely different and more capable than could have been accomplished previously. That’s what happened to JP, but with K3s and Virtual Kubelet.</p>\n<h2 id='ok-then-wtf-whats-the-fks' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#ok-then-wtf-whats-the-fks' aria-label='Anchor'></a><span class='plain-code'>OK then, WTF (what’s the FKS)?</span></h2>\n<p>We looked at what people need to get started—the API—and then started peeling away all the noise, filling in the gaps to connect things together to provide the power. Here’s how this looks currently:</p>\n\n<ul>\n<li>Containerd/CRI → <a href='https://fly.io/blog/carving-the-scheduler-out-of-our-orchestrator/' title=''>flyd</a> + Firecracker + <a href='https://fly.io/blog/docker-without-docker/' title=''>our init</a>: our system transmogrifies Docker containers into Firecracker microVMs\n</li><li>Networking/CNI → Our <a href='https://fly.io/blog/ipv6-wireguard-peering/' title=''>internal WireGuard mesh</a> connects your pods together\n</li><li>Pods → Fly Machines VMs\n</li><li>Secrets → Secrets, only not the base64’d kind\n</li><li>Services → The Fly Proxy\n</li><li>CoreDNS → CoreDNS (to be replaced with our custom internal DNS)\n</li><li>Persistent Volumes → Fly Volumes (coming soon)\n</li></ul>\n\n<p>Now…not everything is a one-to-one comparison, and we explicitly did not set out to support any and every configuration. We aren’t dealing with resources like Network Policy and init containers, though we’re also not completely ignoring them. By mapping many of the core primitives of Kubernetes to a Fly.io resource, we’re able to focus on continuing to build the primitives that make our cloud better for workloads of all shapes and sizes.</p>\n\n<p>A key thing to notice above is that there’s no “Node”.</p>\n\n<p><a href='https://virtual-kubelet.io/' title=''>Virtual Kubelet</a> plays a central role in FKS. It’s magic, really. A Virtual Kubelet acts as if it’s a standard Kubelet running on a Node, eager to run your workloads. However, there’s no Node backing it. It instead behaves like an API, receiving requests from Kubernetes and transforming them into requests to deploy on a cloud compute service. In our case, that’s Fly Machines.</p>\n\n<p>So what we have is Kubernetes calling out to our <a href='https://virtual-kubelet.io/docs/providers/' title=''>Virtual Kubelet provider</a>, a small Golang program we run alongside K3s, to create and run your pod. It creates <a href='https://fly.io/blog/docker-without-docker/' title=''>your pod as a Fly Machine</a>, via the <a href='/docs/machines/api/' title=''>Fly Machines API</a>, deploying it to any underlying host within that region. This shifts the burden of managing hardware capacity from you to us. We think that’s a cool trick—thanks, Virtual Kubelet magic!</p>\n<h2 id='speedrun' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#speedrun' aria-label='Anchor'></a><span class='plain-code'>Speedrun</span></h2>\n<p>You can deploy your workloads (including GPUs) across any of our available regions using the Kubernetes API.</p>\n\n<p>You create a cluster with <code>flyctl</code>:</p>\n<div class=\"highlight-wrapper group relative cmd\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-fnxi6rft\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight cmd'><code id=\"code-fnxi6rft\">fly ext k8s create --name hello --org personal --region iad\n</code></pre>\n </div>\n</div>\n<p>When a cluster is created, it has the standard <code>default</code> namespace. You can inspect it:</p>\n<div class=\"highlight-wrapper group relative cmd\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-92wwv6kq\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight cmd'><code id=\"code-92wwv6kq\">kubectl get ns default --show-labels\n</code></pre>\n </div>\n</div><div class=\"highlight-wrapper group relative output\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-mk490mip\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight output whitespace-pre'><code id=\"code-mk490mip\">NAME STATUS AGE LABELS\ndefault Active 20d fly.io/app=fks-default-7zyjm3ovpdxmd0ep,kubernetes.io/metadata.name=default\n</code></pre>\n </div>\n</div>\n<p>The <code>fly.io/app</code> label shows the name of the Fly App that corresponds to your cluster.</p>\n\n<p>It would seem appropriate to deploy the <a href='https://github.com/kubernetes-up-and-running/kuard' title=''>Kubernetes Up And Running demo</a> here, but since your pods are connected over an <a href='https://fly.io/blog/ipv6-wireguard-peering/' title=''>IPv6 WireGuard mesh</a>, we’re going to use a <a href='https://github.com/jipperinbham/kuard' title=''>fork</a> with support for <a href='https://github.com/kubernetes-up-and-running/kuard/issues/46' title=''>IPv6 DNS</a>.</p>\n<div class=\"highlight-wrapper group relative cmd\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-7qz94xki\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight cmd'><code id=\"code-7qz94xki\">kubectl run \\\n --image=ghcr.io/jipperinbham/kuard-amd64:blue \\\n --labels=\"app=kuard-fks\" \\\n kuard\n</code></pre>\n </div>\n</div>\n<p>And you can see its Machine representation via:</p>\n<div class=\"highlight-wrapper group relative cmd\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-1wk7f1q0\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight cmd'><code id=\"code-1wk7f1q0\">fly machine list --app fks-default-7zyjm3ovpdxmd0ep\n</code></pre>\n </div>\n</div><div class=\"highlight-wrapper group relative output\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-7rbzov1i\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight output whitespace-pre'><code id=\"code-7rbzov1i\">ID NAME STATE REGION IMAGE IP ADDRESS VOLUME CREATED LAST UPDATED APP PLATFORM PROCESS GROUP SIZE\n1852291c46ded8 kuard started iad jipperinbham/kuard-amd64:blue fdaa:0:48c8:a7b:228:4b6d:6e20:2 2024-03-05T18:54:41Z 2024-03-05T18:54:44Z shared-cpu-1x:256MB\n</code></pre>\n </div>\n</div>\n<p></div></p>\n\n<p>This is important! Your pod is a Fly Machine! While we don’t yet support all kubectl features, Fly.io tooling will “just work” for cases where we don’t yet support the kubectl way. So, for example, we don’t have <code>kubectl port-forward</code> and <code>kubectl exec</code>, but you can use flyctl to forward ports and get a shell into a pod.</p>\n\n<p>Expose it to your internal network using the standard ClusterIP Service:</p>\n<div class=\"highlight-wrapper group relative cmd\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-1sjiwcq9\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight cmd'><code id=\"code-1sjiwcq9\">kubectl expose pod kuard \\\n --name=kuard \\\n --port=8080 \\\n --target-port=8080 \\\n --selector='app=kuard-fks'\n</code></pre>\n </div>\n</div>\n<p>ClusterIP Services work natively, and Fly.io internal DNS supports them. Within the cluster, CoreDNS works too.</p>\n\n<p>Access this Service locally via <a href='https://fly.io/docs/networking/private-networking/#flycast-private-load-balancing' title=''>flycast</a>: Get connected to your org’s <a href='https://fly.io/docs/networking/private-networking/' title=''>6PN private WireGuard network</a>. Get kubectl to describe the <code>kuard</code> Service:</p>\n<div class=\"highlight-wrapper group relative cmd\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-hy5q54ru\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight cmd'><code id=\"code-hy5q54ru\">kubectl describe svc kuard\n</code></pre>\n </div>\n</div><div class=\"highlight-wrapper group relative output\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-a8mzw85a\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight output'><code id=\"code-a8mzw85a\">Name: kuard\nNamespace: default\nLabels: app=kuard-fks\nAnnotations: fly.io/clusterip-allocator: configured\n service.fly.io/sync-version: 11507529969321451315\nSelector: app=kuard-fks\nType: ClusterIP\nIP Family Policy: SingleStack\nIP Families: IPv6\nIP: fdaa:0:48c8:0:1::1a\nIPs: fdaa:0:48c8:0:1::1a\nPort: <unset> 8080/TCP\nTargetPort: 8080/TCP\nEndpoints: [fdaa:0:48c8:a7b:228:4b6d:6e20:2]:8080\nSession Affinity: None\nEvents: <none>\n</code></pre>\n </div>\n</div>\n<p>You can pull out the Service’s IP address from the above output, and get at the KUARD UI using that: in this case, <code>http://[fdaa:0:48c8:0:1::1a]:8080</code>. </p>\n\n<p>Using internal DNS: <code>http://<service_name>.svc.<app_name>.flycast:8080</code>. Or, in our example: <code>http://kuard.svc.fks-default-7zyjm3ovpdxmd0ep.flycast:8080</code>.</p>\n\n<p>And finally CoreDNS: <code><service_name>.<namespace>.svc.cluster.local</code> resolves to the <code>fdaa</code> IP and is routable within the cluster.</p>\n<figure class=\"post-cta\">\n <figcaption>\n <h1>Get in on the FKS beta</h1>\n <p>Email us at [email protected]</p>\n </figcaption>\n <div class=\"image-container\">\n <img src=\"/static/images/cta-cat.webp\" srcset=\"/static/images/[email protected] 2x\" alt=\"\">\n </div>\n</figure>\n\n<h2 id='pricing' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#pricing' aria-label='Anchor'></a><span class='plain-code'>Pricing</span></h2>\n<p>The Fly Kubernetes Service is free during the beta. Fly Machines and Fly Volumes you create with it will cost the <a href='https://fly.io/docs/about/pricing/' title=''>same as for your other Fly.io projects</a>. It’ll be <a href='https://fly.io/docs/about/pricing/#fly-kubernetes' title=''>$75/mo per cluster</a> after that, plus the cost of the other resources you create.</p>\n<h2 id='today-and-the-future' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#today-and-the-future' aria-label='Anchor'></a><span class='plain-code'>Today and the future</span></h2>\n<p>Today, Fly Kubernetes supports only a portion of the Kubernetes API. You can deploy pods using Deployments/ReplicaSets. Pods are able to communicate via Services using the standard K8s DNS format. Ephemeral and persistent volumes are supported.</p>\n\n<p>The most notable absences are: multi-container pods, StatefulSets, network policies, horizontal pod autoscaling and emptyDir volumes. We’re working at supporting autoscaling and emptyDir volumes in the coming weeks and multi-container pods in the coming months.</p>\n\n<p>If you’ve made it this far and are eagerly awaiting your chance to tell us and the rest of the internet “this isn’t Kubernetes!”, well, we agree! It’s not something we take lightly. We’re still building, and conformance tests may be in the future for FKS. We’ve made a deliberate decision to only care about fast launching VMs as the one and only way to run workloads on our cloud. And we also know enough of our customers would like to use the Kubernetes API to create a fast launching VM in the form of a Pod, and that’s where this story begins. </p>",
"image": {
"url": "https://fly.io/blog/fks-beta-live/assets/fks-thumb.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/tigris-public-beta/",
"title": "Globally Distributed Object Storage with Tigris",
"description": null,
"url": "https://fly.io/blog/tigris-public-beta/",
"published": "2024-02-15T00:00:00.000Z",
"updated": "2024-04-24T22:38:38.000Z",
"content": "<div class=\"lead\"><p>We’re Fly.io and we transmute containers into VMs, running them on our hardware around the world with the power of Firecracker alchemy. That’s pretty cool, but we want to talk about something someone else built, that <a href=\"https://fly.io/docs/reference/tigris/\" title=\"\">you can use today</a> to build applications.</p>\n</div>\n<p>There are three hard things in computer science:</p>\n\n<ol>\n<li>Cache invalidation\n</li><li>Naming things\n</li><li><a href='https://aws.amazon.com/s3/' title=''>Doing a better job than Amazon of storing files</a>\n</li></ol>\n\n<p>Of all the annoying software problems that have no business being annoying, handling a file upload in a full-stack application stands apart, a universal if tractable malady, the plantar fasciitis of programming.</p>\n\n<p>Now, the actual act of clients placing files on servers is straightforward. Your framework <a href='https://hexdocs.pm/phoenix/file_uploads.html' title=''>has</a> <a href='https://edgeguides.rubyonrails.org/active_storage_overview.html' title=''>a</a> <a href='https://docs.djangoproject.com/en/5.0/topics/http/file-uploads/' title=''>feature</a> <a href='https://expressjs.com/en/resources/middleware/multer.html' title=''>that</a> <a href='https://github.com/yesodweb/yesod-cookbook/blob/master/cookbook/Cookbook-file-upload-saving-files-to-server.md' title=''>does</a> <a href='https://laravel.com/docs/10.x/filesystem' title=''>it</a>. What’s hard is making sure that uploads stick around to be downloaded later.</p>\n<aside class=\"right-sidenote\"><p>(yes, yes, we know, <a href=\"https://youtu.be/b2F-DItXtZs?t=102\" title=\"\">sharding /dev/null</a> is faster)</p>\n</aside>\n<p>Enter object storage, a pattern you may know by its colloquial name “S3”. Object storage occupies a funny place in software architecture, somewhere between a database and a filesystem. It’s like <a href='https://man7.org/linux/man-pages/man3/malloc.3.html' title=''><code>malloc</code></a><code>()</code>, but for cloud storage instead of program memory.</p>\n\n<p><a href='https://www.kleenex.com/en-us/' title=''>S3</a>—err, object storage — is so important that it was the second AWS service ever introduced (EC2 was not the first!). Everybody wants it. We know, because they keep asking us for it.</p>\n\n<p>So why didn’t we build it?</p>\n\n<p>Because we couldn’t figure out a way to improve on S3. And we still haven’t! But someone else did, at least for the kinds of applications we see on Fly.io.</p>\n<h2 id='but-first-some-back-story' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#but-first-some-back-story' aria-label='Anchor'></a><span class='plain-code'>But First, Some Back Story</span></h2>\n<p>S3 checks all the boxes. It’s trivial to use. It’s efficient and cost-effective. It has redundancies that would make a DoD contractor blush. It integrates with archival services like Glacier. And every framework supports it. At some point, the IETF should just take a deep sigh and write an S3 API RFC, XML signatures and all.</p>\n\n<p>There’s at least one catch, though.</p>\n\n<p>Back in, like, ‘07 people ran all their apps from a single city. S3 was designed to work for those kinds of apps. The data, the bytes on the disks (or whatever weird hyperputer AWS stores S3 bytes on), live in one place. A specific place. In a specific data center. As powerful and inspiring as The Architects are, they are mortals, and must obey the laws of physics.</p>\n\n<p>This observation feels banal, until you realize how apps have changed in the last decade. Apps and their users don’t live in one specific place. They live all over the world. When users are close to the S3 data center, things are amazing! But things get less amazing the further away you get from the data center, and even less amazing the smaller and more frequent your reads and writes are.</p>\n\n<p>(Thought experiment: you have to pick one place in the world to route all your file storage. Where is it? Is it <a href='https://www.tripadvisor.com/Restaurant_Review-g30246-d1956555-Reviews-Ford_s_Fish_Shack_Ashburn-Ashburn_Loudoun_County_Virginia.html' title=''>Loudoun County, Virginia</a>?)</p>\n\n<p>So, for many modern apps, you end up having to <a href='https://stackoverflow.com/questions/32426249/aws-s3-bucket-with-multiple-regions' title=''>write things into different regions</a>, so that people close to the data get it from a region-specific bucket. Doing that pulls in CDN-caching things that complicated your application and put barriers between you and your data. Before you know it, you’re wearing custom orthotics on your, uh, developer feet. (<em>I am done with this metaphor now, I promise.</em>)</p>\n<aside class=\"right-sidenote\"><p>(well, okay, Backblaze B2 because somehow my bucket fits into their free tier, but you get the idea)</p>\n</aside>\n<p>Personally, I know this happens. Because I had to build one! I run a <a href='https://xeiaso.net/blog/xedn/' title=''>CDN backend</a> that’s a caching proxy for S3 in six continents across the world. All so that I can deliver images and video efficiently for the readers of my blog.</p>\n<aside class=\"right-sidenote\"><p>(shut up, it’s a sandwich)</p>\n</aside>\n<p>What if data was really global? For some applications, it might not matter much. But for others, it matters a lot. When a sandwich lover in Australia snaps a picture of a <a href='https://en.wikipedia.org/wiki/Hamdog' title=''>hamdog</a>, the people most likely to want to see that photo are also in Australia. Routing those uploads and downloads through one building in Ashburn is no way to build a sandwich reviewing empire.</p>\n\n<p>Localizing all the data sounds like a hard problem. What if you didn’t need to change anything on your end to accomplish it?</p>\n<h2 id='show-me-a-hero' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#show-me-a-hero' aria-label='Anchor'></a><span class='plain-code'>Show Me A Hero</span></h2>\n<p>Building a miniature CDN infrastructure just to handle file uploads seems like the kind of thing that could take a week or so of tinkering. The Fly.io unified theory of cloud development is that solutions are completely viable for full-stack developers only when they take less than 2 hours to get working.</p>\n\n<p>AWS agrees, which is why they have a SKU for it, <a href='https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution' title=''>called Cloudfront</a>, which will, at some variably metered expense, optimize the read side of a single-write-region bucket: they’ll set up <a href='https://fly.io/blog/the-5-hour-content-delivery-network/' title=''>a simple caching CDN</a> for you. You can probably get S3 and Cloudfront working within 2 hours, especially if you’ve set it up before.</p>\n\n<p>Our friends at Tigris have this problem down to single-digit minutes, and what they came up with is a lot cooler than a cache CDN.</p>\n\n<p>Here’s how it works. Tigris runs redundant FoundationDB clusters in our regions to track objects. They use Fly.io’s NVMe volumes as a first level of cached raw byte store, and a queuing system modelled on <a href='https://www.foundationdb.org/files/QuiCK.pdf' title=''>Apple’s QuiCK paper</a> to distribute object data to multiple replicas, to regions where the data is in demand, and to 3rd party object stores… like S3.</p>\n\n<p>If your objects are less than about 128 kilobytes, Tigris makes them instantly global. By default! Things are just snappy, all over the world, automatically, because they’ve done all the work.</p>\n\n<p>But it gets better, because Tigris is also much more flexible than a cache simple CDN. It’s globally distributed from the jump, with inter-region routing baked into its distribution layer. Tigris isn’t a CDN, but rather a toolset that you can use to build arbitrary CDNs, with consistency guarantees, instant purge and relay regions.</p>\n\n<p>There’s a lot going on in this architecture, and it’d be fun to dig into it more. But for now, you don’t have to understand any of it. Because Tigris ties all this stuff together with an S3-compatible object storage API. If your framework can talk to S3, it can use Tigris.</p>\n<h2 id='fly-storage' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#fly-storage' aria-label='Anchor'></a><span class='plain-code'><code>fly storage</code></span></h2>\n<p>To get started with this, run the <code>fly storage create</code> command:</p>\n<div class=\"highlight-wrapper group relative \">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-rhojus0y\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-rhojus0y\">$ fly storage create\nChoose a name, use the default, or leave blank to generate one: xe-foo-images\nYour Tigris project (xe-foo-images) is ready. See details and next steps with: https://fly.io/docs/reference/tigris/\n\nSetting the following secrets on xe-foo:\nAWS_REGION\nBUCKET_NAME\nAWS_ENDPOINT_URL_S3\nAWS_ACCESS_KEY_ID\nAWS_SECRET_ACCESS_KEY\n\nSecrets are staged for the first deployment\n</code></pre>\n </div>\n</div>\n<p>All you have to do is fill in a bucket name. Hit enter. All of the configuration for the AWS S3 library will be injected into your application for you. And you don’t even need to change the libraries that you’re using. <a href='https://www.tigrisdata.com/docs/sdks/s3/' title=''>The Tigris examples</a> all use the AWS libraries to put and delete objects into Tigris using the same calls that you use for S3.</p>\n\n<p>I know how this looks for a lot of you. It looks like we’re partnering with Tigris because we’re chicken, and we didn’t want to build something like this. Well, guess what: you’re right!</p>\n\n<p>Compute and networking: those are things we love and understand. Object storage? <a href='https://fly.io/blog/the-5-hour-content-delivery-network/' title=''>We already gave away the game on how we’d design a CDN for our own content</a>, and it wasn’t nearly as slick as Tigris.</p>\n\n<p>Object storage is important. It needs to be good. We did not want to half-ass it. So we partnered with Tigris, so that they can put their full resources into making object storage as ✨magical✨ as Fly.io is.</p>\n\n<p>This also mirrors a lot of the Unix philosophy of Days Gone Past, you have individual parts that do one thing very well that are then chained together to create a composite result. I mean, come on, would you seriously want to buy your servers the same place you buy your shoes?</p>\n<h2 id='one-bill-to-rule-them-all' class='group flex items-start whitespace-pre-wrap relative mt-14 sm:mt-16 mb-4 text-navy-950 font-heading'><a class='inline-block align-text-top relative top-[.15em] w-6 h-6 -ml-6 after:hash opacity-0 group-hover:opacity-100 transition-all' href='#one-bill-to-rule-them-all' aria-label='Anchor'></a><span class='plain-code'>One bill to rule them all</span></h2>\n<p>Well, okay, the main reason why you would want to do that is because having everything under one bill makes it really easy for your accounting people. So, to make one bill for your computer, your block storage, your databases, your networking, and your object storage, we’ve wrapped everything under one bill. You don’t have to create separate accounts with Supabase or Upstash or PlanetScale or Tigris. Everything gets charged to your Fly.io bill and you pay one bill per month.</p>\n<aside class=\"right-sidenote\"><p>This was actually going to be posted on Valentine’s Day, but we had to wait for the chocolate to go on sale.</p>\n</aside>\n<p>This is our Valentine’s Day gift to you all. Object storage that just works. Stay tuned because we have a couple exciting features that build on top of the integration of Fly.io and Tigris that allow really unique things, such as truly global static website hosting and turning your bucket into a CDN in 5 minutes at most.</p>\n\n<p>Here’s to many more happy developer days to come.</p>",
"image": {
"url": "https://fly.io/blog/tigris-public-beta/assets/tigris-public-beta-thumb.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
},
{
"id": "https://fly.io/blog/gpu-ga/",
"title": "GPUs on Fly.io are available to everyone!",
"description": null,
"url": "https://fly.io/blog/gpu-ga/",
"published": "2024-02-12T00:00:00.000Z",
"updated": "2024-04-24T22:38:38.000Z",
"content": "<div class=\"lead\"><p>Fly.io makes it easy to spin up compute around the world, now including powerful GPUs. Unlock the power of large language models, text transcription, and image generation with our datacenter-grade muscle!</p>\n</div>\n<p>GPUs are now available to everyone!</p>\n\n<p>We know you’ve been excited about wanting to use GPUs on Fly.io and we’re happy to announce that they’re available for everyone. If you want, you can spin up GPU instances with any of the following cards:</p>\n\n<ul>\n<li>Ampere A100 (40GB) <code>a100-40gb</code>\n</li><li>Ampere A100 (80GB) <code>a100-80gb</code>\n</li><li>Lovelace L40s (48GB) <code>l40s</code>\n</li></ul>\n\n<p>To use a GPU instance today, change the <code>vm.size</code> for one of your apps or processes to any of the above GPU kinds. Here’s how you can spin up an <a href='https://ollama.ai' title=''>Ollama</a> server in seconds:</p>\n<div class=\"highlight-wrapper group relative toml\">\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-9 -mr-0.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-wrap-target=\"#code-bcyvgy6u\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><g buffered-rendering=\"static\"><path d=\"M9.912 8.037h2.732c1.277 0 2.315-.962 2.315-2.237a2.325 2.325 0 00-2.315-2.31H2.959m10.228 9.01H2.959M6.802 8H2.959\" /><path d=\"M11.081 6.466L9.533 8.037l1.548 1.571\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-9px] tail text-navy-950\">\n Wrap text\n </span>\n </button>\n <button \n type=\"button\"\n class=\"bubble-wrap z-20 absolute right-1.5 top-1.5 text-transparent group-hover:text-gray-400 group-hover:hocus:text-white focus:text-white bg-transparent group-hover:bg-gray-900 group-hover:hocus:bg-gray-700 focus:bg-gray-700 transition-colors grid place-items-center w-7 h-7 rounded-lg outline-none focus:outline-none\"\n data-copy-target=\"sibling\"\n >\n <svg class=\"w-4 h-4 pointer-events-none\" viewBox=\"0 0 16 16\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\"><g buffered-rendering=\"static\"><path d=\"M10.576 7.239c0-.995-.82-1.815-1.815-1.815H3.315c-.995 0-1.815.82-1.815 1.815v5.446c0 .995.82 1.815 1.815 1.815h5.446c.995 0 1.815-.82 1.815-1.815V7.239z\" /><path d=\"M10.576 10.577h2.109A1.825 1.825 0 0014.5 8.761V3.315A1.826 1.826 0 0012.685 1.5H7.239c-.996 0-1.815.819-1.816 1.815v1.617\" /></g></svg>\n <span class=\"bubble-sm bubble-tl [--offset-l:-6px] tail [--tail-x:calc(100%-30px)] text-navy-950\">\n Copy to clipboard\n </span>\n </button>\n <div class='highlight relative group'>\n <pre class='highlight '><code id=\"code-bcyvgy6u\"><span class=\"py\">app</span> <span class=\"p\">=</span> <span class=\"s\">\"your-app-name\"</span>\n<span class=\"py\">region</span> <span class=\"p\">=</span> <span class=\"s\">\"ord\"</span>\n<span class=\"py\">vm.size</span> <span class=\"p\">=</span> <span class=\"s\">\"l40s\"</span>\n\n<span class=\"nn\">[http_service]</span>\n <span class=\"py\">internal_port</span> <span class=\"p\">=</span> <span class=\"mi\">11434</span>\n <span class=\"py\">force_https</span> <span class=\"p\">=</span> <span class=\"kc\">false</span>\n <span class=\"py\">auto_stop_machines</span> <span class=\"p\">=</span> <span class=\"kc\">true</span>\n <span class=\"py\">auto_start_machines</span> <span class=\"p\">=</span> <span class=\"kc\">true</span>\n <span class=\"py\">min_machines_running</span> <span class=\"p\">=</span> <span class=\"mi\">0</span>\n <span class=\"py\">processes</span> <span class=\"p\">=</span> <span class=\"nn\">[\"app\"]</span>\n\n<span class=\"nn\">[build]</span>\n <span class=\"py\">image</span> <span class=\"p\">=</span> <span class=\"s\">\"ollama/ollama\"</span>\n\n<span class=\"nn\">[mounts]</span>\n <span class=\"py\">source</span> <span class=\"p\">=</span> <span class=\"s\">\"models\"</span>\n <span class=\"py\">destination</span> <span class=\"p\">=</span> <span class=\"s\">\"/root/.ollama\"</span>\n <span class=\"py\">initial_size</span> <span class=\"p\">=</span> <span class=\"s\">\"100gb\"</span>\n</code></pre>\n </div>\n</div>\n<p>Deploy this and bam, large language model inferencing from anywhere. If you want a private setup, see the article <a href='https://fly.io/blog/scaling-llm-ollama/' title=''>Scaling Large Language Models to zero with Ollama</a> for more information. You never know when you have a sandwich emergency and don’t know what you can make with what you have on hand.</p>\n\n<p>We are working on getting some lower-cost A10 GPUs in the next few weeks. We’ll update you when they’re ready.</p>\n\n<p>If you want to explore the possibilities of GPUs on Fly.io, here’s a few articles that may give you ideas:</p>\n\n<ul>\n<li><a href='https://fly.io/blog/not-midjourney-bot/' title=''>Deploy Your Own (Not) MidJourney Bot On Fly GPUs</a>\n</li><li><a href='https://fly.io/blog/scaling-llm-ollama/' title=''>Scaling Large Language Models to zero with Ollama</a>\n</li><li><a href='https://fly.io/blog/transcribing-on-fly-gpu-machines/' title=''>Transcribing on Fly GPU Machines</a>\n</li></ul>\n\n<p>Depending on factors such as your organization’s age and payment history, you may need to go through additional verification steps.</p>\n\n<p>If you’ve been experimenting with Fly.io GPUs and have made something cool, let us know on the <a href='https://community.fly.io/' title=''>Community Forums</a> or by mentioning us <a href='https://hachyderm.io/@flydotio' title=''>on Mastodon</a>! We’ll boost the cool ones.</p>",
"image": {
"url": "https://fly.io/blog/gpu-ga/assets/gpu-ga-thumb.webp",
"title": null
},
"media": [],
"authors": [
{
"name": "Fly",
"email": null,
"url": null
}
],
"categories": []
}
]
}