Turning off microservices bloatware crashes Twitter 2FA, meme-worthy architecture lesson
Why is this DistributedSystems meme funny?
Level 1: Don’t Lose the Key
Imagine you have a big fancy clubhouse where all your friends hang out. This clubhouse has a special lock on the door that needs a secret code to open it. It’s like when you log in to a game and sometimes they ask you to enter a code from your mom’s phone – that’s a real-life version of two-factor codes. Now, the new kid in charge of the clubhouse thinks, “Ugh, this code lock is such a hassle. We don’t really need it, most of the time the door is just open anyway!” So one day, he turns off the code lock completely, thinking it will make things simpler.
At first, everyone inside the clubhouse is still having fun and nothing seems wrong. But then, people start stepping outside and trying to come back in. And guess what? They can’t! The door won’t let them in because the special code system that used to send the entry code to their phones is turned off. The new kid basically threw away the only key to the clubhouse. So now, anyone who went out to get ice cream is stuck outside, knocking on the door with no way to get back in. Not so simple after all, right?
It’s funny in a facepalm kind of way: the leader wanted to remove what he thought was an “unnecessary” step, but that step was actually super important for letting friends back inside safely. It’s like saying, “We don’t need this extra key for the house because we usually keep the door open,” and then locking the door and realizing you tossed the key. Oops! The lesson? Even if something seems like extra fuss, you should check carefully before turning it off – it might be the very thing that lets you back in when you need it.
Level 2: Two-Factor Fiasco
Let’s break down what happened in simpler terms. Twitter (like many big apps) is built using a microservices approach – meaning it’s split into lots of smaller parts, each handling a specific feature. For example, one microservice might handle the home timeline, another the notifications, another the login process, and another one might be dedicated to sending out two-factor authentication (2FA) codes for login verification. This overall design is a type of Distributed System: different services running on different servers, all talking to each other to make the app work as a whole. It’s like a team of specialized workers rather than one huge machine doing everything.
Now, someone high up (yes, that would be the CEO/owner, Elon Musk, who was calling the shots at Twitter then) decided that many of these services were unnecessary “bloat.” Bloatware is a term borrowed from user software to mean extra programs or code that aren’t really needed and just slow things down. So the claim was that Twitter had way too many microservices and that only 20% of them were actually required to keep the site running. The plan? Turn off the other ~80% to simplify things and maybe save resources. On paper, it sounds like trimming fat. In practice, it was more like chopping off limbs without checking if the patient can survive.
What they missed is that some services aren’t used constantly but are essential when they are needed. TwoFactorAuthentication is a perfect example. 2FA is a Security feature that many users enable on their accounts for protection. Here’s how it works in normal conditions: when you log in to Twitter with your username and password, if you have 2FA turned on, Twitter will contact a 2FA microservice which sends you a one-time code (often via text message or an authenticator app). You then enter that code to prove it’s really you. This extra step ensures that even if someone stole your password, they still can’t get into your account without that second factor (the code on your phone). It’s an important Authentication safeguard.
So on that day in November 2022, the team “turned off” a bunch of microservices they thought were unnecessary. Among those was presumably the service that sends 2FA codes. For a little while, everything probably looked fine: the Twitter timeline was still loading, people could tweet, scroll, etc. That might have given a false sense of “See, told you 80% of this stuff was pointless!” But then, users started trying to log in or out and immediately hit a wall. If you logged out (or your session expired) and you had 2FA on your account, Twitter would try to send you a confirmation code… and that service was no longer running. Essentially, Twitter was dialing a number that had been disconnected. The result was an error message instead of a code. Users saw messages like “Can’t send the confirmation code right now. Please try again later.” In plain terms, Twitter locked itself out of user accounts with 2FA because it disabled the very feature that lets those users back in.
This turned into a public Production Incident. People on Twitter itself began warning others: “Don’t log out if you have 2FA, you won’t be able to log back in!” Imagine the confusion for folks who didn’t see those warnings and just thought, “Hmm, I’ll quickly refresh my account login.” They’d log out and then be stuck on the login screen waiting for a code that never arrives. It’s like a high-tech version of a door that closes and then the keyhole disappears.
For junior developers or anyone new to MicroserviceArchitecture, here’s the key lesson: even if a microservice isn’t needed 24/7, it can still be absolutely vital. Many microservices handle things that are occasional but critical – password resets, account verification emails, payment processing, etc. You might not notice them until they’re gone, and then everything breaks. That’s why larger systems have so many small components: each one has a job, and the system trusts that when it calls on that service, it will be there to do the job. If it’s not there, the tasks depending on it fail. In this case, the Authentication flow (logging in with 2FA) depended on the 2FA service. Remove that, and logging in becomes impossible for those users.
Why did Twitter have so many microservices in the first place? Over the years, as platforms grow, they often split features into separate services to make development and scaling easier. Instead of one giant program (a monolithic app) handling everything – which can get unwieldy – they create many smaller programs. This has benefits: teams can work in parallel on different services, each service can be scaled up or down as needed, and a problem in one service (in theory) shouldn’t crash the whole system. The downside is you now have to manage dependencies between all these services. If Service A suddenly needs Service B (like the login service needs the 2FA service) and Service B is offline, Service A can’t do its job. There are ways to mitigate this, like graceful degradation (e.g., if 2FA fails, maybe allow login with just password temporarily, or queue the request), but those need to be designed in from the start. It appears Twitter didn’t have a safety net here – or they didn’t anticipate having to use one because nobody expected the 2FA component to just disappear!
From a process standpoint, what happened was probably a failure of change management and understanding system design. Normally, if you want to retire or shut down a service, you’d do an impact analysis. That means checking what depends on that service. You’d ask, “If we turn this off, what will break?” There are internal tools and documentation (we hope) that map these dependencies. And you’d typically test the change in a staging environment or roll it out gradually, watching for any signs of trouble. It seems whoever made this decision either skipped those steps or didn’t fully grasp the dependencies. It might have been a rushed directive from the top to cut costs or simplify, given how it coincided with broad changes after the company’s takeover.
For those of us who have been on-call (the folks responsible for quickly fixing issues in production), this scenario is the stuff of nightmares. Suddenly a core feature stops working because someone decided to yank out a piece of the system on the fly. You’d have alarms going off, dashboards lit up in red, and a scramble to identify what changed. The fix, in this case, would likely be to restart or re-deploy that 2FA service ASAP. In the meantime, you’ve got users literally unable to access their accounts – a pretty serious problem for a social media platform that lives off active user engagement. The meme captures this absurdity: a single tweet bragging about removing “bloat” led directly to an embarrassing outage that any careful review would have prevented.
In short, the “Two-Factor Fiasco” teaches a simple principle: understand what each part of your system does before you decide it isn’t needed. Especially when it comes to Security features like 2FA, you can’t assume they’re optional. It also highlights why communication between leadership and engineering is crucial. Just because the site seems fine at first glance doesn’t mean you didn’t break something subtle but vital. And when you do break it, the whole world might notice in real-time, as happened here.
Level 3: Bloatware Blowback
In a classic display of impulsive architecture changes in a DistributedSystems environment, Twitter’s new leadership decided to go on a microservice kill spree. They claimed that most of Twitter’s numerous Microservices were just “bloatware,” unnecessary fluff dragging the system down.
“Less than 20% are actually needed for Twitter to work!”
That bold proclamation (straight from the Twitter for iPhone app, no less) did not age well. This is the kind of overconfident simplification that makes veteran engineers cringe. Sure, a sprawling MicroserviceArchitecture can feel like overkill at times, but indiscriminately turning off 80% of services is like removing random airplane parts mid-flight because “most of these components never touch the sky anyway.” We all know how that story ends: with sirens, not savings. By around 2:12 PM that same day, reality bit back hard. Reports poured in that TwoFactorAuthentication (2FA) codes weren’t being delivered. Users who logged out found they couldn’t log back in. In other words, by axing supposed “bloatware,” they’d accidentally sawed off a critical security limb of the application. The result? A very public ProductionIncident: Twitter’s 2FA was effectively down, and people were locking themselves out of their own accounts. So much for “needed for Twitter to work” – apparently account access wasn’t considered part of working.
From a senior engineer’s perspective, this is both hilarious and horrifying. We have the perfect storm of microservice dependency hell and leadership hubris. The on-call engineers must have had a heart-stopping moment when the alarms rang: login failures spiking. It’s the textbook definition of an avoidable outage. The whole fiasco is a case study in Security features being mistakenly classified as non-essential. Two-factor auth is not some vanity add-on; it’s a core Authentication service. The fact that someone high up thought it safe to pull the plug on the 2FA microservice without impact analysis shows a deep misunderstanding of how these DistributedSystems interlock. In a distributed architecture, even services that are idle 99% of the time can be mission-critical in that 1% moment. It’s the security_feature_dependency everyone forgets until it’s gone. This real-life twitter_2fa_outage showcased exactly that: kill a “tiny” auth-related service, and you’ve instantly weakened account security and usability.
Let’s talk architecture: microservices exist to separate concerns – each one handles a specific function (tweets, notifications, login, DMs, search, and yes, 2FA…). They communicate over APIs or message queues, forming a delicate web of dependencies. Properly managed, you can lose a non-critical service and degrade gracefully, but you have to know which ones are non-critical. Here, it seems someone applied a crude 80/20 rule without realizing that an Authentication path was in the slice they turned off. It’s like deploying a manual ChaosMonkey (Netflix’s infamous resilience-testing tool) in production without informing the team. In fact, the new CEO basically became an accidental Chaos Monkey, yanking out services to “test” if Twitter still ran. And as any battle-scarred SRE could predict, one of those services turned out to be a linchpin. The humor of it all is that it’s so on the nose: a top-down decree to simplify the system ends up triggering a SecurityFlaw and a mini-social_media_downtime. Engineers have long joked about CEO in prod scenarios – where leadership meddles with live systems – but rarely do we get such a meme-worthy example.
Technically, what likely happened is that the TwoFactorAuthentication service (responsible for sending login verification codes via SMS or email) was deemed “not needed for Twitter to work” because it’s not constantly in use like the timeline or tweet composing services. Perhaps someone saw it had low throughput or ran on old code and figured it could be unplugged to save resources. But “not constantly used” is not the same as “not necessary.” When a user tries to log in with 2FA, that microservice is absolutely needed in that instant. By turning it off, they created a hard dependency failure in the login flow. The system couldn’t complete the login, throwing errors like “Can’t send the confirmation code right now. Please try again later.” It’s a classic distributed systems domino effect: remove one seemingly isolated tile, and a whole section of the user journey collapses.
To make matters worse, this happened without proper communication or rollback plan. Users had to spread the warning virally: “Don’t log out if you have 2FA!” Imagine being the on-call engineer reading that on Twitter before any official incident report — pure nightmare fuel. The irony is thick: a move intended to streamline the app and reduce “bloat” ended up eroding trust in the system’s Security and reliability. This could have been avoided with a simple impact analysis or, you know, asking the dev team “Hey, what does this service do?” But in the rush of a takeover and cost-cutting, due diligence gave way to bravado. And thus a meme was born: Microservices aren’t the enemy; not understanding them is.
On a historical note, this incident will be cited in architecture post-mortems for years. It perfectly captures why blindly reverting to a pseudo-Monolith or slashing services without a map of their dependencies is dangerous. Modern web platforms, especially social networks, have a lot of moving parts. Some may look like over-engineering, but often they exist because of hard-learned lessons (spam prevention, compliance, safety, scalability). The veteran engineers in the room have seen it time and again: whether it’s an overzealous refactor or a misguided purge, cutting out “bloat” without understanding the system invariably causes something critical to break at the worst possible time (usually Friday at 5 PM or, in this case, a Monday morning after an acquisition). In summary, the meme nails a key lesson: Don’t treat parts of a complex system as expendable just because you don’t immediately see their value. If you do, be prepared for some high-profile facepalming and a 3 AM call to turn that service back on.
# The hypothetical "bloatware" purge command (not recommended in prod):
kubectl delete deployment twitter-2fa-service
# ...Oops, turns out that was keeping logins working. Time to undelete real quick!
Description
The image is a split dark-mode screenshot of two tweets. Left: a verified account writes, “Replying to @elonmusk and @sampullara Part of today will be turning off the ‘microservices’ bloatware. Less than 20% are actually needed for Twitter to work!” followed by the 10:27 AM 11/14/22 timestamp and engagement counts. Right: another user warns, “Don’t log out of Twitter if you have 2FA. The microservice for it has been shut down. You won’t be able to log back in,” with a smaller inset of the Twitter 2FA dialog showing the error “Can’t send the confirmation code right now. Please try again later.” The juxtaposition mocks the idea that most microservices are expendable, illustrating how a hasty shutdown in a distributed system can knock out critical authentication paths and trigger real-world outages. It highlights production risk, security dependencies, and the dangers of leadership-driven refactors without proper impact analysis
Comments
20Comment deleted
Turns out the quickest way to generate a dependency graph is to let the CEO kill “bloatware” microservices in prod and trace the blast radius - today we learned 2FA was in the splash zone
Nothing says "I understand distributed systems" quite like discovering your authentication service was in the 80% you called bloatware after your users are already locked out
Ah yes, the classic 'we only need 20% of our microservices' take - delivered with the confidence of someone who's never had to explain to the board why authentication is suddenly a 'nice-to-have.' Turns out that when you treat distributed systems architecture like a game of Jenga, 2FA is one of those load-bearing blocks. Nothing says 'move fast and break things' quite like discovering your cost optimization strategy just turned your entire user base into read-only participants. At least the incident postmortem writes itself: 'Root cause: Assumed authentication was bloat. Impact: Yes.'
Microservices: decompose until your monolith nostalgia hits harder than the next outage cascade
Nothing validates a service catalog like flipping random kill switches in prod - turns out the “bloatware” was the OTP service, and the only users left are the ones with unexpired cookies
Treating 2FA as bloatware is a bold form of service discovery - turn it off in prod and learn you can’t log in to turn it back on
This has to be a joke? Please? Comment deleted
Are you still expecting this to be a joke after blue check story? Comment deleted
Well. Somehow yes. Comment deleted
This is just simply amazing! Comment deleted
Next step: remove 2fa. It's not actually needed for Twitter to work. Comment deleted
Well that's kinda true Comment deleted
I wonder if twitter is needed for twitter to work Comment deleted
Twitter is needed to pay off debts taken for purchasing twitter Comment deleted
Elon Musk watched too many Jon Blow videos and thought he can just destroy all bloat without any problem Comment deleted
I guess Musk is not needed. Comment deleted
No, youall do not understand! He turns off almost everything, then he waits for reports from users that something is not working. That way he turns back on what is really needed, not some crap no one cares about. Comment deleted
waiting for the government to turn off my electricity so they know I really need it Comment deleted
elon is on fire Comment deleted
He took the brooms out of the closet, removed the giant fan and sold hot air balloon... Comment deleted