Disqus - Latest Comments for cperciva

Re: FreeBSD/EC2: Community vs. Marketplace AMIs

cperciva — Wed, 03 Apr 2019 03:54:38 -0000

In this case, the product/application is FreeBSD, which is open source...

Re: Designing resilient systems: Circuit Breakers or Retries? (Part 1)

cperciva — Tue, 25 Dec 2018 18:50:15 -0000

In case nobody has mentioned it yet: "Load Balancer" is typoed in your diagrams as "Load Balanacer". Thought I should mention it so you don't end up copying the same error into future network diagrams.

Re: How to port your OS to EC2

cperciva — Sat, 14 Jul 2018 16:00:47 -0000

There are many things, including perl, python, golang, ruby, rust, awscli, and the amazon-ssm-agent, which can be useful in EC2. They can also get in the way, e.g., if you want one version and the AMI comes with a different version preinstalled.

So I recommend providing a "bare bones" AMI. Maybe provide a "everything except the kitchen sink pre-installed" AMI too, but once you have a bare bones AMI it's easy to create another AMI by adding to it.

Re: FreeBSD/EC2 on C5 instances

cperciva — Thu, 03 May 2018 16:52:57 -0000

Not yet. But 11.2 isn't out yet...

Re: Some thoughts on Spectre and Meltdown

cperciva — Wed, 17 Jan 2018 16:58:27 -0000

Google says they notified Intel, AMD, and ARM in June 2017, yes. No idea when or if they notified anyone else.

Re: FreeBSD/EC2 on C5 instances

cperciva — Wed, 22 Nov 2017 12:38:23 -0000

Wow, I have no idea what happened while I was writing that sentence... thanks, fixed!

Re: IPv6 on FreeBSD/EC2

cperciva — Sat, 01 Jul 2017 14:12:55 -0000

If you can ping out but you can't ping in, it's probably a security group problem. The default security group doesn't allow IPv6.

Re: A plan for open source software maintainers

cperciva — Thu, 11 May 2017 17:53:07 -0000

Wait, what? My proposal is nothing at all like yet another freelancing job board.

Re: A plan for open source software maintainers

cperciva — Thu, 11 May 2017 04:43:56 -0000

I had already decided that Connect would be a necessary part of this. :-)

Re: A plan for open source software maintainers

cperciva — Thu, 11 May 2017 00:57:30 -0000

Yes, github could provide this by adding subscription payment functionality and some logic for attributing sponsorship dollars to issues. (I think that last part is important -- if a big company is sponsoring $1000/month and asks for something, I'm going to care more than if someone who isn't sponsoring asks for something.)

Or I suppose patreon could provide this by adding some sort of "requests box" functionality.

Re: A plan for open source software maintainers

cperciva — Thu, 11 May 2017 00:37:21 -0000

I've seen lots of attempts along those lines; they tend to work well for getting particular features implemented, but fail when it comes to ongoing maintenance.

Re: IPv6 on FreeBSD/EC2

cperciva — Fri, 03 Mar 2017 16:49:07 -0000

Are you missing the accept_rtadv part in /etc/rc.conf ? That's the only way I can imagine FreeBSD not getting the IPv6 routing.

Re: Cheating on a string theory exam

cperciva — Tue, 21 Feb 2017 03:39:43 -0000

You and your friend have watches which are synchronized to the second.

Re: Cheating on a string theory exam

cperciva — Tue, 21 Feb 2017 03:34:00 -0000

Correct!

Re: Cheating on a string theory exam

cperciva — Tue, 21 Feb 2017 02:35:05 -0000

Correct! And now I'm deleting your answer so that other people don't see it. :-)

(I'll bring it back later, don't worry.)

Re: Cheating on a string theory exam

cperciva — Tue, 21 Feb 2017 01:55:13 -0000

7*2+10 and 5*3+9 are both equal to 24. There are only 23 questions...

Re: Cheating on a string theory exam

cperciva — Mon, 20 Feb 2017 23:30:31 -0000

Good. But you can do better.

Re: Cheating on a string theory exam

cperciva — Mon, 20 Feb 2017 23:21:23 -0000

I was trying to convey that it isn't suspicious if he leaves early. I'll clarify that in the question.

Re: Cheating on a string theory exam

cperciva — Mon, 20 Feb 2017 23:16:38 -0000

Your friend can leave at any time -- no need to worry about the proctors getting suspicious if he leaves after 89 minutes and 59 seconds.

Re: Cheating on a string theory exam

cperciva — Mon, 20 Feb 2017 23:05:36 -0000

Yes.

Re: IPv6 on FreeBSD/EC2

cperciva — Fri, 27 Jan 2017 03:12:39 -0000

I heard a rumour recently that VPC ELBs can have IPv6 turned on by AWS support -- hopefully that's an indication that it's going to be turned on for everybody in the near future. But that was just an example; people may need other services which have yet to be IPv6-enabled.

Re: EC2's most dangerous feature

cperciva — Mon, 10 Oct 2016 05:53:57 -0000

I always thought it was funny that Amazon says that you should not put anything sensitive in EC2 instance metadata, and then goes and puts AWS credentials into it.

Yes, there are ways to restrict access to the instance metadata, but it's very hard to do that while maintaining the functionality of IAM Roles.

Re: EC2's most dangerous feature

cperciva — Sun, 09 Oct 2016 16:19:31 -0000

I never said that there weren't alternatives. I'm just saying that IAM Roles is a very easy way to get yourself into trouble and people should be very careful when using it.

Re: EC2's most dangerous feature

cperciva — Sun, 09 Oct 2016 16:18:07 -0000

Yes, you'd need to MITM attempts to access the metadata over HTTP... and while doing that, figure out which uid owns the socket making the request so that you can perform access control checks. It's possible, but would involve a lot of groping inside the kernel -- far more than if Amazon supported loading IAM Role credentials from a location in the filesystem. (And yes, this could be handled by having a filesystem which maps to the HTTP metadata service and blocking access to that service to everybody else, but presenting the data over XenStore would be much cleaner.)

Re: EC2's most dangerous feature

cperciva — Sun, 09 Oct 2016 16:14:16 -0000

IAM Roles provide time-limited credentials. If you grab them out of the EC2 metadata and present them to utilities as "credentials on disk" then they'll be expected to be long-lived credentials and things will break when IAM Roles rolls the keys.