HackerTrans
TopNewTrendsCommentsPastAskShowJobs

djsweet

no profile record

comments

djsweet
·4 jaar geleden·discuss
GCP finally acknowledges the issue: https://status.cloud.google.com/incidents/w7D5XGtVfMGcdcg4Zz...

Though their timing is incorrect. We noticed this at 9:26 AM EST and their posting says it "started" at 10:11 AM EST.
djsweet
·4 jaar geleden·discuss
> > it's the difference between a $200m raise with a bunch of untested API endpoints and a $10m raise with them.

> I'm tired of companies with API endpoints that leak data like a sieve. This is why companies need some skin in the privacy game.

There is a world of difference between “untested” and “insecure” API endpoints. What seems to have been cut in the example isn’t a permissions model, but some form of automated integration testing.

I’ve seen horribly insecure APIs with 100% code coverage, and I’ve personally burned myself on untested API endpoints where the privacy implementation was _too_ restrictive for what my customers were trying to do.
djsweet
·4 jaar geleden·discuss
I've worked with Firebase Hosting for around three years, using Firebase Functions instead of Cloud Run, but in your particular example, you can configure your Firebase Hosting to rewrite requests against your Cloud Run instances as documented in https://firebase.google.com/docs/hosting/full-config#rewrite....

This doesn't require handling an OPTIONS request for every endpoint, which I agree could be fairly simple, but Firebase Hosting configuration could very well be less invasive than this change in the rest of the codebase.
djsweet
·4 jaar geleden·discuss
Meta might not be legally able to buy “the next big thing” in international markets. Neither the EU nor the US are particularly “friendly” to them right now, and pretty much anything Meta does in the social media category is going to run up against anti-trust regulation.

Instagram was probably the last time Facebook could have gotten away with that sort of thing in the North American and European markets. I’m being cautious to only include those markets because I’m not familiar with the regulatory environment elsewhere.
djsweet
·4 jaar geleden·discuss
> No deadlocks, races, etc to worry about because lock graph concurrency is complicated.

I’ve spent the last two and a half years mainly programming in single-threaded NodeJS environments with a focus on heavy same-task concurrency, and I’ve still run into deadlocks and races, despite the lack of OS threads involved.

However, your point that context switching is expensive, and is why thread-per-core architectures are so common, still holds.
djsweet
·4 jaar geleden·discuss
> Even simpler: do not upload copyrighted materials to Dropbox, Google Drive, etc.

As the article illustrates, it’s not actually that simple. Cloud services that terminate accounts (and probably instantly delete everything, to comply with GDPR, CCPA, etc.) for perceived copyright infringements will always and necessarily suffer from a false positive rate.

We’ll likely never truly learn what this false positive rate is, but that it will always exist is reason enough to give pause to the thought that services should “just terminate their account” if they think it’s infringing on intellectual property laws.

The only good answer here is an unqualified “Use a local backup”. The terms of use for non-business cloud storage absolve the providers of all responsibility for data loss, even when they have incorrectly taken punitive action against you.
djsweet
·5 jaar geleden·discuss
I only have experience with GCP’s Cloud Functions, but in that environment, “serverless” is only cheaper than virtual servers if your load can’t saturate the lowest end VM GCP has to offer.

Once you have enough load to justify going “unserverless” the prices drop to approximately 1/4 that of Cloud Functions for the same burst performance, and that’s before playing billing games like long-term commitments or using preemptible instances.

What’s truly scalable about “serverless compute” versus VMs is the line item on your bill. Sure, “they manage the auto-scaling” but for the per-unit price you rapidly hit a point where you might as well set up a Kubernetes load balancer and eat the setup costs. The pricing model only works out in your favor if you _don’t_ have load.

It would not surprise me to learn that the same is true of AWS prices.