Not earlier commenter but their username is a reference to “ableton live” which is music production software. Not “able to live” which is just a one letter difference
It’s less that they’re flailing and more that it’s become some sort of lord of the flies culture with senior leaders directly competing with each other to try to take their bite of the pie.
The way AWS is structured with strongly owned independent businesses just doesn’t work, as GenAI needs a cohesive strategy which needs
1. An overall strategy
2. A culture that fosters collaboration not competition
Or at least an org charts to make them not compete with each other. (Example: Q developer vs Kiro)
I bet if you looked at the org charts you would see these teams don’t connect as they should.
As a heavy EC2 user who hasn't used ECS, the behavior makes perfect sense as ECS is running on EC2 but unless I sat and thought about it my first instinct would be that AWS would make it "secure by default" on a container level since containers often have different permission requirements and so the container would be the security boundary.
That said, I'm guessing it would have been obvious to anyone once they start setting up IAM permissions and therefore not much of a pitfall.
So it's a good reminder, but I agree with you, maybe the article doesn't need to be so long to get to the same point.
ECS uses bog standard Linux containers. It tries hard to isolate what it can, but there are limits to what it can do that are inherent to the model.
Back when I was an AWS containers specialist SA, I used to tell customers that containers aren’t security boundaries, and should not be treated as such. VMs are much better isolation constructs.
And containers usually have no business accessing IMDS; that’s why not using v2 with a max hop count of 1 should raise a security finding by default at any customer.
It's a reasonable take from the author, but the argument that you shouldn't use a tool you don't understand cuts both ways. Avoiding powerful tools can be just as much of a trap as using them blindly.
Like any tool, there's a right and wrong time to use an LLM. The best approach is to use it to go faster at things you already understand and use it as an aid to learn things you don't but don't blindly trust it. You still need to review the code carefully because you're ultimately responsible for it, your name is forever on it. You can't blame an LLM when your code took down production, you shipped it.
It’s a double-edged sword: you can get things done faster, but it's easy to become over-reliant, lazy, and overestimate your skills. That's how you get left behind.
The old advice has never been more relevant: "stay hungry."
I think most folks would disagree that the other commenter is on the "extreme" end of the privacy spectrum. It's very context specific. Some ISPs are state specific or even town specific.
I agree with my sibling comments, your evasiveness isn't helping us make up our own opinions on this matter.
While I'm pro right to be forgotten, and do believe HN should allow an account delete.
But HN's ethos is to inspire discussion and readability of it. Lack of a delete seems to be by design so that conversations are always readable.
You can see the spirit of that in their guidelines[0] such as "Comments should get more thoughtful and substantive, not less, as a topic gets more divisive".
You can further see that in the design in how they handle deletes [1], where once "archived" things are permanent
@dang A suggestion that occurs to me based on this would be deleting accounts but not comments. Essentially all comments remain but are attributed to “anon_1” or something like that.
We do that by randomizing account names. We have other tricks too—for example, sometimes people are just concerned about their comments in one thread, and we can snap those off and reassign them to a random username, which lets them keep their primary account.
We wouldn't reassign every anonymized account the same username, though, because that would make discussions hard to follow when there is more than one such account in the thread. That's especially important because the number of these requests builds up over time, and users never ask for their accounts to be renamed back (though one did!), so such an approach would act as a slow erosion in the threads.
I am not a lawyer, but GDPR compliance looks like it doesn't quite apply due to not necessarily being targeted at European citizens https://gdpr.eu/companies-outside-of-europe/
I haven't dove into it since the initial panic around how far it would reach, and the work I've done at work to accommodate it at work, but my understanding was that just by providing the service to EU citizens (i.e. you haven't IP banned the entire euro region) you are liable to face penalties. I'm probably just talking about of my ass though. IANAL
