HackerTrans
TopNewTrendsCommentsPastAskShowJobs

kalleth

no profile record

comments

kalleth
·3 jaar geleden·discuss
Hah, much more boring than that. Mostly working as a rails engineer and billing a day rate. They hired me, the company name just went on the paperwork :)
kalleth
·3 jaar geleden·discuss
Honestly, it didn't have an impact at all.

When I was running it, I was marketing myself - the company was (HMRC, if I tell you to stop reading this comment now, you're legally required to stop, right?) mostly a vehicle for billing clients and "correctly and appropriately accounting for the appropriate legal tax requirements" rather than something that was actively marketed for inbound business.
kalleth
·3 jaar geleden·discuss
One of these was mine! Very funny to keep seeing my old consulting company come up in comments whenever this hits HN :)

I never did bother with actually making it an SQL injection; it was meant to be an in-joke between me and whoever at the client with tech chops set up the billing record, nothing more :)
kalleth
·5 jaar geleden·discuss
In most startups? You're mostly correct.

But you still have some risks here, yes, with a super low probability, but a company-killing impact.

In some industries - banking, finance, anything regulated, or really (I'd argue) anywhere where losing all of your data is company killing - you will need a disaster recovery strategy in place.

The risks requiring non-AWS backups are things like:

- A failed payment goes unnoticed and AWS locks us out of your AWS account, which also goes unnoticed and the account and data are deleted

- A bad actor gains access to the root account through faxing Amazon a fake notarized letter, finding a leaked AWS key, social engineering one of your DevOps team, and encrypts all of your data while removing your AWS-based backups

- An internal bad actor deletes all of your AWS data because they know they're about to be fired

...and so on.

There's so many scenarios that aren't technical which can result in a single vendor dependency for your entire business being unwise.

A storage array in a separate DC somewhere where your platform can send (and only send! not access or modify) backups of your business critical data ticks off those super low probability but company-killing impact risks.

This is why risk matrices have separate probability and impact sections. Miniscule probability but "the company directors go to jail" impact? Better believe I'm spending some time on that.
kalleth
·5 jaar geleden·discuss
I'd be surprised if they needed backups for a few hours of downtime with (reportedly) complete recovery where no data was corrupted. There are industries where this would be required, and it's possible I guess, but neither of these downtime events were "data loss" events, just availability events for short-ish periods of time that wouldn't - for me - result in activating our DR plans.

I must admit that I do always try and maintain a separate data backup for true disaster recovery scenarios - but those are mainly focused around AWS locking me out of our AWS account (and hence we can't access our data or backups) or recovering from a crypto scam hack that also corrupts on-platform backups, for example.