It's the difference between a new tab vs a new browser instance - every electron app is a new browser instance with fixed overhead of 100mb or so. A new browser tab is closer to 10mb overhead.
In practice, cramming all this into the same account doesn't work. Segment is following best practice here.
For example, IAM doesn't provide the granularity in resources and conditions that you'd want to effectively isolate the blast radius of developer keys. ec2:TerminateInstances didn't (doesn't?) support VPC level conditions, so being able to terminate one instance meant you could terminate all instances.
Similarly, you might want your engineering team to iam:PutUserPolicy in development, but have a much more restricted group in production which isn't possible with IAM today.
The other bit would be blast radius. What if someone does get access to your single account? How confident are you that your policies were airtight? By using many accounts, you create clear isolation boundaries that require opt-in sharing.
>>> By using many accounts, you create clear isolation boundaries that require opt-in sharing.
In theory yes. In practice, you will achieve the opposite of that.
Developers and ops will have to juggle between 10 keys and accounts to get anything. The keys will end up saved and written all over the systems. It will be impossible to have audit between all the accounts and access.
ec2:TerminateInstances still doesn’t support the vpc as a condition but it does allow you to use tags. You can also limit a role to tagging only the instances they create (as long as they include the tags when they call ec2:RunInstances). You can even require that specific tags are present. Combine all of that with some kind of “owner” tag and it’s a pretty decent solution to the problem. Add automatic tagging on the backend and it’s even better.
That said, it’s not perfect and there’s probably plenty of resources it wouldn’t work for. It’s also comparatively fragile.
Yep - See some of the work my last team published here while we were rebuilding deployment tooling: https://blog.coinbase.com/scaling-developer-productivity-d23.... For hard to measure metrics, softer measurements like repeated team surveys work fine too.
I'd be cautious of directly measuring "assistance" outside of peer input in perf to avoid an unhealthy incentive. The most helpful people I've worked with in the past tend to grow through strong peer reviews and having the most opportunities to join new projects.
The OP here really misses the point of demonstrating impact. Doing the right thing ethically then for the business is a strategy that is, well, rarely the wrong thing. Optimizing just for getting promoted might is a greedy strategy that might get you promoted once, but good luck finding peers that want to work with you again.
same here. our s3 services are reporting similar 503's and network timeouts. a few of our partners are already down as well with their own 500s. another stormy night in the cloud.
After 3 scrubs most of our non-critical colleagues left the cape, but the view of our payloads in the trunk after 2nd stage sep made it all worthwhile. It's amazing what SpaceX has been able to accomplish and reinvent in a business this risk-averse and I can't wait to see what's next.
I was the Launch Systems Lead for one of the primary payloads on this flight and was surprised when they announced this but excited to watch it happen (or attempted). Almost every Falcon/Dragon flight is innovating in multiple major ways which is NOT how Aerospace normally works, but why many of us we chose to work in the industry and a refreshing change.
Since this is the first request for collaboration with NASA we've seen on HN, are there other obvious problems you'd like to independently analyze with us? ISS? Rovers? Navigation? Deep Space Networking? (etc)
I see you've become a big fan of bazel :)