Leaked email address incident: 2020-11-23

We’re saddened to write that we’ve let some of our users down by accidentally leaking their email addresses and birth dates via a bug in the web pages of musicbrainz.org. This caused some users to receive unwanted spam emails.

However, we would like to emphasize that no passwords, passwords hashes or any other bits of private user information other than email addresses and birth dates were leaked.

If you have never added or edited an annotation on MusicBrainz, then your email address and birth date were never leaked and you can ignore this — your data has not leaked.

What happened

About two weeks ago a MusicBrainz editor contacted us to say that their email address that was in use only at MusicBrainz had received spam. The user changed the email address to a very distinct email address in order to rule out a spammer guessing the updated email address. But it happened again, and the user received email to the unguessable email address. 

At this point we began an audit of the MusicBrainz server codebase in an attempt to find out where the leak was, patch it as soon as possible, and discover who was affected by it.

What we found

On 2019-04-26 we released a new version of the MusicBrainz server and in this version we added email addresses to the list of editor data we pass to our server to build MusicBrainz pages. The goal of this was to display them in admin-facing pages to, ironically, be able to fight spammers who were using MusicBrainz as a spamming tool. We also added the editor’s birth date, to be able to congratulate them on their birthday. Neither of these cases should have ever been a problem, since the private data should only be used on pages built and sent from our own server (where the data cannot be seen by anyone else), and any editor info sent to the users’ browser goes through a “sanitizing” process eliminating all this private information.

After some digging, we discovered that due to a bug we had overlooked in the code that stripped this data, the addresses and dates had started being sent to the browser whenever an entity page with an annotation was requested. The email address and birth date of the last person to have edited an annotation in MusicBrainz (any annotations, attached to any of our entities) was leaked on the page for the entities in question. This data was contained in a massive block of JSON data in the page source and was never shown on the web page for humans to see, which is why this issue went undetected for so long.

Who was affected

We looked at all editors who wrote any annotations that were displayed between the date the problematic code was released and the date the bug was fixed. This can mean either the annotation was written during this time period, or it was written before that but (being the latest version of the annotation for the entity) it was still displayed during this time period. This gave us a total of 17,644 editors whose data was at some point visible from the JSON block in at least one entity’s source code. We sadly do not have a way to know for sure how many of the affected were actually ever found and stored by spammers, since we attempt to block botnets as much as possible. As such, we simply have no way of knowing who was really affected by this leak — only who might have been.

What we’ve done

Once we detected the issue on November 22, we immediately put out a hotfix to all production (and beta) servers plugging the leak. The hotfix acted to sanitize the editor data by removing email addresses and birth dates from the JSON. We also deployed two additional changes that should help prevent similar issues from occurring, by avoiding sending sensitive editor data to our template renderer altogether. See all changes from the git tag v-2020-11-22-hotfix.

We are planning to improve our testing infrastructure to detect exposure of editor data — this will become a routine part of our continuous integration process. We are also going to ensure that any pull request dealing with editor data goes through a strict testing checklist.

How did spammers get these email addresses?

You might be wondering how such an obscure leak in a web page can end up in spammers finding and using your email — you’re not alone. 

Our sites are under near constant traffic from seemingly random internet bots fetching thousands of our pages in a day, with no apparent goal. All of our metadata is available for download, so why would someone download pages from us at random?

Well, we now know — web pages can contain a whole host of random data that shouldn’t be there. Email addresses, birth dates and such are just the starting point — there have been websites that have leaked credit card numbers and even login passwords, possibly compromising the integrity of user accounts.

In this case it appears that a botnet kept downloading pages from musicbrainz.org and driving the load on our servers up. We’ve been trying to block botnets ever since they’ve come into existence, but this is a laborious task that is never complete.

It appears that spammers used the botnet to scour the internet for private data such as emails to then send out lovely spam emails to all compromised users.

Summary

We would like to wholeheartedly apologize for this data leak. We take data privacy seriously and we aim to have high standards about privacy and data security. We find ourselves frustrated by the endless data leaks that happen on the Internet on a seemingly continuous basis and work hard to avoid committing these mistakes in our domain. However, we’re also human and we do make mistakes periodically. As explained above, we’re working to improve our systems and processes in order to prevent this from happening again.

We hope that you accept our most sincere apologies for this leak.

Robert Kaye, Michael Wiencek, Nicolás Tamargo and Yvan Rivierre

MusicBrainz Server update, 2020-11-02

Right after Halloween, this new release of MusicBrainz Server tricks some bugs and treats some improvements, plus some work on the usually terrifying React conversion and updates to handle external links.

A new release of MusicBrainz Docker is also available that matches this update of MusicBrainz Server. See the release notes for update instructions.

Thanks to chaban, darwinx0r, kellnerd, hibiscuskazaneko, jesus2099, lotheric, snartal, and tularion for having reported bugs and suggested improvements. Thanks to grafi_tt, mfmeulenbelt, salorock, and shepard for updating the translations. And thanks to all others who tested the beta version!

The git tag is v-2020-11-02.

Bug

  • [MBS-6666] – Artist credits not renamed from artist edit page unless the artist name is changed
  • [MBS-10281] – Improper encoding of ISE pages
  • [MBS-10829] – Indexed recording search fails to find recording with no length
  • [MBS-11160] – Internal server error pages display empty stack traces
  • [MBS-11161] – Internal server error page sometimes not returned when an error occurs
  • [MBS-11186] – Inconsistent username font-weight for edit owner
  • [MBS-11194] – TypeError: Cannot read property ‘linkTypeID’ of undefined (part 2)
  • [MBS-11204] – ISE: Validation failed for \’Int\’ with value undef

Improvement

  • [MBS-7219] – Only display “Show only standalone recordings instead” when there are standalone recordings to display
  • [MBS-11158] – Document URL link_type integers for release editor seeding
  • [MBS-11177] – Do not show useless “Description:” label in entity type doc boxes
  • [MBS-11185] – Add “is not” operator for relationship type in edit search
  • [MBS-11192] – Add voting-icon for Approved
  • [MBS-11197] – Add validation for Mainly Norfolk links
  • [MBS-11199] – Update 7digital.com URL cleanup

React Conversion Task

  • [MBS-11195] – Convert the artist credit renamer to React

Other Task

  • [MBS-11182] – Remove LyricWiki links from the sidebar
  • [MBS-11189] – Remove PureVolume links from sidebar
  • [MBS-11196] – Add saisaibatake.ame-zaiku.com to “other databases” for instruments
  • [MBS-11200] – Add works to VGMdb autocleanup

MusicBrainz Server update, 2020-10-19

Today’s MusicBrainz Server brings a new data report, a continued conversion to React, some bugfixes and small improvements, but also tests refactoring.

Meanwhile, the search server has been updated twice in a row to fix bugs in JSON output mostly with MB Solr 3.2 (release notes) and MB Solr 3.3 (release notes), including the MusicBrainz API breaking change announced last month.

A new release of MusicBrainz Docker is also available that matches this update of MusicBrainz Server. See the release notes for update instructions.

Thanks to amCap1712 for fixing bugs in MB Solr, and to loujine for contributing code with yet a new data report. Thanks to Avamander, bonchiver_, chaban, draconx, eloise_freya, GTF1982, hawke, hibiscuskazeneko, jesus2099, jrv, kellnerd, Kid Devine, Psychoadept, selflessself, and wcw1966 for having reported bugs and suggested improvements. Thanks to kellnerd, mfmeulenbelt, and salorock for updating the translations. And thanks to all others who tested the beta version!

The git tag is v-2020-10-19.

Bug

  • [MBS-10221] – Track Parser not filling in artists
  • [MBS-11149] – Misspelling of the word “misspellings”
  • [MBS-11150] – Add CD-TOC wrongly defaults to last listed artist when none selected
  • [MBS-11156] – Track parser unsets “Various Artists” track artist credits
  • [MBS-11162] – Work type description bubble starts as default even if type is selected
  • [MBS-11174] – Editor profile added entities: Missing Add release edit type 216
  • [MBS-11176] – Heading of the release group section in the external links sidebar has disappeared

Improvement

  • [MBS-5225] – Allow showing tracklists everywhere when attaching/viewing discIDs
  • [MBS-7256] – Add “Expand all mediums” option to the release page
  • [MBS-8725] – Allow mediums to have an unknown tracklist
  • [MBS-11115] – Show detailed information when attaching disc IDs
  • [MBS-11139] – Use HTTPS for display on Library of Congress links
  • [MBS-11163] – Show type descriptions when editing entities
  • [MBS-11165] – Update the VK logo used in the sidebar
  • [MBS-11167] – Normalize vk.com links to HTTPS
  • [MBS-11173] – When deleting users, change their No and Yes votes on pending edits to Abstain

New Feature

  • [MBS-11117] – Report for mediums with very long durations from discID

React Conversion Task

  • [MBS-11141] – Convert Edit Relationship edit to React
  • [MBS-11152] – Convert entity/ratings page to React

Other Task

  • [MBS-11148] – Remove Google Play links from the sidebar

MusicBrainz Server update, 2020-10-05

As we just returned from the virtual MusicBrainz Summit 20, here comes a mostly maintenance release that fixes a bunch of bugs (among which many are about localization) and provides a few handy improvements. It even features a new report showing releases having the same barcode but currently in different release groups, so if you feel like it, do try and help us look into those!

A new release of MusicBrainz Docker is also available that matches this update of MusicBrainz Server. See the release notes for update instructions.

Special thanks to the DistriNet Research Group for making and responsibly sharing a very detailed audit of our OAuth service that has been very helpful with releasing major security improvements in the previous server update!

Thanks to chaban, fabe56, hibiscuskazeneko, humhumxx, jesus2099, lotheric, mfmeulenbelt, nikki, otringal, psychoadept, and wcw1966 for having reported bugs and suggested improvements. Thanks to dimpole, listmycds, mfmeulenbelt, peter9811 for updating the translations. And thanks to all others who tested the beta version!

The git tag is v-2020-10-05.

Bug

  • [MBS-4118] – Date/Number.toLocaleString always uses English
  • [MBS-10956] – Ratings are not loaded in some pages
  • [MBS-11094] – Edit error message appears (and prevents update) unrelated to current edits
  • [MBS-11107] – span.name-variation class is missing on some relationship credits
  • [MBS-11114] – Can’t set track length to 0:00
  • [MBS-11140] – Client side language bundles are not built in production

Improvement

  • [MBS-3116] – Warn when merging works with different ISWCs
  • [MBS-8650] – Accept IPIs with length of 5 characters or longer
  • [MBS-11033] – Update the Apple Music logo used in the sidebar
  • [MBS-11036] – Don’t allow to add new release when moving CD TOC
  • [MBS-11104] – Missing “Credited As” column in Label Relationships tab
  • [MBS-11121] – Update iTunes/Apple Music URL cleanup
  • [MBS-11127] – Don’t return unrelated recording-work relationships within work-level-rels from /ws/2/release
  • [MBS-11136] – Support HTML in admin/attribute descriptions
  • [MBS-11137] – Show basic release info on hover on frontpage’s release additions

New Feature

  • [MBS-6322] – New Report: Releases with identical barcodes in different Release Groups

React Conversion Task

  • [MBS-10991] – Convert user/subscriptions pages to React

MusicBrainz Server update, 2020-09-21

React conversion tasks are conspicuously absent from today’s release, but that’s just because we needed to take some time to get it all working with the recent refactoring. This new server update mainly brings strong security improvements for the OAuth service. It also comes with a fair amount of smaller bugfixes and improvements. The most noticeable of these probably are the added details to the merge recordings’ form and the statistics by entity type on editors’ profile pages.

Announcement for MusicBrainz API users: A small but breaking change will be deployed on October 19th (in one month from now), to fix the JSON formatting of release packaging in search results (SEARCH-579).

A new release of MusicBrainz Docker is also available that matches this update of MusicBrainz Server. See the release notes for update instructions.

Thanks to kellnerd and loujine for contributing code. Thanks to calculator.ftvb, chaban, hibiscuskazeneko, jesus2099, kellnerd, lalinksy, psychoadept, rdswift, and spitzwegerich for having reported bugs and suggested improvements. Thanks to jesus2099, kellnerd, mfmeulenbelt, outsidecontext, and salorock for updating the translations. And thanks to all others who tested the beta version!

The git tag is v-2020-09-21.

Bug

  • [MBS-10880] – Series automatic ordering (without numbers) fails for new release group
  • [MBS-11065] – Smart link blocks affecting legitimate links
  • [MBS-11069] – Diff highlighting not visible for certain display resolutions
  • [MBS-11098] – Big Cartel URLs are denied for labels
  • [MBS-11101] – Series relationships not showing for work series

Improvement

  • [MBS-2768] – Display AcoustIDs, Annotation and any other useful info when merging recordings
  • [MBS-7473] – Adding a new discid: Allow to specify the target by its releaseid
  • [MBS-11017] – Normalize IMSLP URLs to HTTPS and add validation
  • [MBS-11058] – Tighten security of OAuth service
  • [MBS-11061] – Don’t allow MusicBrainz URLs in relationships
  • [MBS-11062] – Link basic how-tos from the front page
  • [MBS-11086] – Add icon for tabs with errors in release editor
  • [MBS-11109] – Block further more smart links
  • [MBS-11119] – Set a Content-Security-Policy header on account/admin related forms

New Feature

  • [MBS-7485] – OAuth token revokation through API
  • [MBS-9769] – Show entities added statistics on editor profile page
  • [MBS-10835] – Disallow creating new accounts with an e-mail already in use
  • [MBS-11097] – Support PKCE (Proof Key for Code Exchange) by OAuth clients

Task

  • [MBS-10921] – Clear editing history of unrelated recording-of relationship edits

MusicBrainz Server update, 2020-09-07

Beyond the restless conversion to React of edits’ display, this new release of MusicBrainz Server features the sidebar display of recordings’ acoustic information automatically computed by AcousticBrainz, and brings a handful of more discreet improvements and fixed bugs.

A new release of MusicBrainz Docker is also available that matches this update of MusicBrainz Server. See the release notes for update instructions.

Thanks to loujine for contributing the code to display AcousticBrainz data. Thanks to chaban, draconx, hawke, scotia, and yindesu for having reported bugs and suggested improvements. Thanks to kellnerd, mfmeulenbelt, salorock, and speardog for updating the translations (de, el, fr, it, nl). And thanks to all others who tested the beta version!

The git tag is v-2020-09-09-hotfixes.

Bug

  • [MBS-11000] – ISE when trying to display “Edit release group” edit
  • [MBS-11039] – Entity present twice in a series with different numbers appears with the same number in the Series page
  • [MBS-11074] – JavaScript is broken in IE11
  • [MBS-11075] – core-js polyfills are included twice in JavaScript bundles
  • [MBS-11076] – Size of data-context attributes used for React hydration bloats page size
  • [MBS-11077] – CritiqueBrainz reviews have disappeared
  • [MBS-11078] – Internal Server Error: undef error – TypeError: Cannot read property ‘names’ of undefined (hotfixed)
  • [MBS-11081] – Pregap info not shown in Add medium edits (hotfixed)
  • [MBS-11085] – Cannot edit 8cm CD release with disc ID (hotfixed)
  • [MBS-11089] – Homepage and blog favicons gone from sidebar (hotfixed)

Improvement

  • [MBS-7409] – Make “cannot attach discid” more obvious when format can’t have discID
  • [MBS-10916] – Show AcousticBrainz info in the Recording sidebar
  • [MBS-10941] – Rename XML Web Service into “MusicBrainz API” (JSON/XML)
  • [MBS-11014] – Provide context to “This relationship already exists” on relationship editor
  • [MBS-11041] – Make ModBot leave a note on autoremoval edits
  • [MBS-11073] – Drop lodash in favor of native JavaScript methods

React Conversion Task

  • [MBS-10972] – Convert Add Instrument edit to React
  • [MBS-10986] – Convert edit error templates to React
  • [MBS-11032] – Convert Add medium edit to React
  • [MBS-11034] – Convert Remove medium edit to React
  • [MBS-11048] – Convert Edit Area edit to React
  • [MBS-11050] – Convert Edit URL edit to React
  • [MBS-11051] – Convert Edit Artist Credit edit to React
  • [MBS-11052] – Convert Edit Relationship Attribute edit to React

Other Task

  • [MBS-11043] – Add offiziellecharts.de to the otherdbs whitelist
  • [MBS-11044] – Drop any references to no longer existing TOBEDELETED edit status

MusicBrainz Server update, 2020-08-24

The summer heat is still with us, and also hot out of the oven is a new MusicBrainz server update! This time we have a fair amount of fixes for the “Set cover art” page (which allows you to select a specific cover art from releases to represent a release group). Some other improvements have been made, some small bugs fixed, and the conversion to React marches on firmly.

A recent change had standardized all edit listings to 100 edits per page (it used to be 25 in some places and 100 in others before that). We’re lowering that to 50 with this update to try and make the edit lists a bit less overwhelming but still not too short that related edits get split over too many pages. Do let us know whether it feels better!

Finally, we disabled URLs marked as ended (since they are often squatted and full of ads) and URLs from domains reported as (hopefully temporarily) compromised. You can still copy the URL itself if you want to check it through the Wayback Machine to try and find out what is/was there!

A new release of MusicBrainz Docker is also available that matches this update of MusicBrainz Server. See the release notes for update instructions.

Thanks to jesus2099 for contributing code. Thanks to bsammon, hibiscuskazeneko, lotheric, mrclon, murdos, nikki, sothotalker, tigerman325, tularion, and yindesu for having reported bugs and suggested improvements. Thanks to Besnik and salorock for updating the translations. And thanks to all others who tested the beta version!

The git tag is v-2020-08-24.

Bug

  • [MBS-5611] – Not all releases are shown when selecting release group cover art
  • [MBS-5612] – Set cover art for release group page displays releases in a random order
  • [MBS-7793] – Set release group cover art page fails to display as a grid
  • [MBS-8016] – Dates and countries are missing from the set cover art page
  • [MBS-9420] – “Found in X user collections” displays incorrectly from “Split into separate artists” screen
  • [MBS-10721] – Editing AC for track without a title entered shows [removed]
  • [MBS-10901] – undef error – TypeError: Cannot read property ‘linkTypeID’ of undefined

Improvement

  • [MBS-5588] – Make release box clickable without button to select release-group front cover
  • [MBS-8356] – Show barcode on set RG cover art page
  • [MBS-10376] – Indicate current image on RG Set cover art page
  • [MBS-10377] – Label fields clearly on Set cover art page
  • [MBS-10948] – Allow Baidu Baike links for Labels
  • [MBS-10992] – Skip creating hyperlink for “ended” URL relationship
  • [MBS-10998] – Update the WhoSampled logo used in the sidebar
  • [MBS-11004] – Allow “La Boîte aux paroles” links for labels
  • [MBS-11012] – Update the Kickstarter logo used in the sidebar
  • [MBS-11025] – Update the SoundCloud logo used in the sidebar
  • [MBS-11049] – Disable external links to websites reported as compromised

React Conversion Task

  • [MBS-10965] – Convert Add Disc ID edit to React
  • [MBS-10984] – Convert Move Disc ID edit to React
  • [MBS-10985] – Convert Remove Disc ID edit to React
  • [MBS-10994] – Convert user/message.tt to React
  • [MBS-11020] – Convert historic Add Release Annotation edit to React
  • [MBS-11021] – Convert historic Add Track edits to React
  • [MBS-11022] – Convert historic Add Release edit to React
  • [MBS-11028] – Convert historic Edit Release Language edit to React
  • [MBS-11029] – Convert historic Edit Release Name edit to React
  • [MBS-11030] – Convert historic Edit Release Attributes edit to React
  • [MBS-11031] – Convert historic Edit Track edit to React

Other Task

  • [MBS-10990] – Limit edit displays to 50 edits per page
  • [MBS-11005] – Add Kosovo flag for list of release countries

MusicBrainz Server update, 2020-08-10

After a slow summer month, and hot on the heels of the release of Picard 2.4, an update for MusicBrainz Server has finally arrived, fixing ten bugs, converting almost as many templates to React, making small improvements and bringing a few handy new features.

A new release of MusicBrainz Docker is also available that matches this update of MusicBrainz Server. See the release notes for update instructions.

Thanks to Cyna and loujin for contributing code. Thanks to aerozol, chaban, cyberskull, fabe56, hibiscuskazeneko, ijc, jesus2099, Kid Devine, Nero Apunto, and yindesu for having reported bugs and suggested improvements. Thanks to kellnerd and mfmeulenbelt for updating the translations. And thanks to all others who tested the beta version!

The git tag is v-2020-08-10.

Bug

  • [MBS-7994] – No distinction made between pregap track and position 1 with number 0 when displaying a release
  • [MBS-10746] – Edit removing pregap track option not shown in edit history
  • [MBS-10833] – ISE when trying to load “Wikipedia page” edit
  • [MBS-10917] – Event ‘Found in X User Collections’ wont expand
  • [MBS-10923] – Pagination of collections not returning consistent results
  • [MBS-10927] – Since-removed entity show as being created on “add relationship” edit
  • [MBS-10930] – ISE when trying to display “microblog” edit
  • [MBS-10932] – Instagram TV links are not allowed
  • [MBS-10937] – Average event rating not shown on all pages
  • [MBS-10943] – Attribute value not shown on “remove relationship” edits for events

New Feature

  • [MBS-9502] – Test if the barcode already exists when adding a new release
  • [MBS-10562] – Add alternate phrases for Places yet to open
  • [MBS-10940] – Allow filtering the artist Releases tab by date and country
  • [MBS-10949] – Add autoselect + sidebar for Migu Music URLs

Improvement

  • [MBS-10193] – Update iTunes/Apple Music URL cleanup
  • [MBS-10925] – Update the VGMdb logo used in the sidebar
  • [MBS-10926] – Add “Copy to end date” button in relationship editor dialogs
  • [MBS-10928] – Update the Baidu logo used in the sidebar
  • [MBS-10939] – Improve Data::Release::find_by_artist to not cause database load issues in production
  • [MBS-10989] – Update VocaDB cleanup to support new Es (series) format

React Conversion Task

  • [MBS-10816] – Convert Add Label edit to React
  • [MBS-10968] – Convert Add ISWCs edit to React
  • [MBS-10969] – Convert Add ISRCs edit to React
  • [MBS-10970] – Convert Add Release Label edit to React
  • [MBS-10973] – Convert Add Relationship Attribute edit to React
  • [MBS-10974] – Convert Remove ISRC edit to React
  • [MBS-10975] – Convert Remove ISWC edit to React
  • [MBS-10980] – Convert Remove Entity edit to React
  • [MBS-10983] – Convert Remove Release Label edit to React

Migration to TimescaleDB complete!

Yesterday I posted about why we decided to make the switch to TimescaleDB and then later in the day we actually made the switch!

We are now running a copy of InfluxDB and a copy of TimescaleDB at the same time — in case we find problems with the new TimescaleDB database, we can revert to the InfluxDB database.

In the process of migrating we got rid of a pile of nasty duplicates that used to be created by importing from last.fm. We also got rid of some bad data (timestamp 0 listens) that were pretty much useless and were cluttering the data. If you find that you are missing some data besides some duplicates, please open a ticket.

The move to TimescaleDB allows us to create new features such a deleting a listen (which should be released later this summer) and various other features that because the underlying DB is much more flexible than InfluxDB. However, right this second there are no real new features for end users — more new features are coming soon, we promise!

Thank you to shivam-kapila, iliekcomputers and ishaanshah — thanks for helping with this rather large, long running project!

ListenBrainz moves to TimescaleDB

The ListenBrainz team has been working hard on moving our primary listen store from InfluxDB to TimescaleDB, and today at UTC 16:00 we’re going to make the switch.

We were asked on Twitter as to why we’re making the switch — and in the interest of giving a real world use case for switching, I’m writing this post. The reasons are numerous:

Openness: InfluxDB seems on a path that will make it less open over time. TimescaleDB and its dependence on Postgres makes us feel much safer in this regard.

Existing use: We’ve been using Postgres for about 18 years now and it has been a reliable workhorse for us. Our team thinks in terms of Postgres and InfluxDB always felt like a round peg in a square hole for us.

Data structure: InfluxDB was clearly designed to store server event info. We’re storing listen information, which has a slightly different usage pattern, but this slight difference is enough for us to hit a brick wall with far fewer users in our DB than we ever anticipated. InfluxDB is simply not flexible enough for our needs.

Query syntax and measurement names: The syntax to query InfluxDB is weird and obfuscated. We made the mistake of trying to have a measurement map to a user, but escaping measurement names correctly nearly drove one of our team members to the loonie bin.

Existing data: If you ever write bad data to a measurement in InfluxDB, there is no way to change it. I realize that this is a common Big Data usage pattern, but for us it represented significant challenges and serious restrictions to put simple features for our users into place. With TimescaleDB we can make the very occasional UPDATE or DELETE and move on.

Scalability: Even though we attempted to read as much as possible in order to design a scalable schema, we still failed and got it wrong. (I don’t even think that the docs to calculate scalability even existed when we first started using InfluxDB.) Unless you are using InfluxDB in exactly the way it was meant to be used, there are chances you’ll hit this problem as well. For us, one day insert speed dropped to a ridiculously low number per second, backing up our systems. Digging into the problem we realized that our schema design had a fatal flaw and that we would have drastically change the schema to something even less intuitive in order to fix it. This was the event that broke the camel’s back and I started searching for alternatives.

In moving to TimescaleDB we were able to delete a ton of complicated code and embrace a DB that we know and love. We know how Postgres scales, we know how to put it into production and we know its caveats. TimescaleDB allows us to be flexible with the data and the amazing queries that can be performed on the data is pure Postgres love. TimescaleDB still requires some careful thinking over using Postgres, it is far less than what is required when using InfluxDB. TimescaleDB also gives us a clear scaling path forward, even when TimescaleDB is still working on their own scaling roadmap. If TimescaleDB evolves anything like Postgres has, I can’t wait to see this evolution.

Big big thanks to the Postgres and TimescaleDB teams!