Simon Willison’s Weblog

Subscribe
Atom feed for jeff-barr

4 items tagged “jeff-barr”

2024

After giving it a lot of thought, we made the decision to discontinue new access to a small number of services, including AWS CodeCommit.

While we are no longer onboarding new customers to these services, there are no plans to change the features or experience you get today, including keeping them secure and reliable. [...]

The services I'm referring to are: S3 Select, CloudSearch, Cloud9, SimpleDB, Forecast, Data Pipeline, and CodeCommit.

Jeff Barr

# 31st July 2024, 12:59 pm / s3, aws, jeff-barr

How an empty S3 bucket can make your AWS bill explode (via) Maciej Pocwierz accidentally created an S3 bucket with a name that was already used as a placeholder value in a widely used piece of software. They saw 100 million PUT requests to their new bucket in a single day, racking up a big bill since AWS charges $5/million PUTs.

It turns out AWS charge that same amount for PUTs that result in a 403 authentication error, a policy that extends even to "requester pays" buckets!

So, if you know someone's S3 bucket name you can DDoS their AWS bill just by flooding them with meaningless unauthenticated PUT requests.

AWS support refunded Maciej's bill as an exception here, but I'd like to see them reconsider this broken policy entirely.

Update from Jeff Barr:

We agree that customers should not have to pay for unauthorized requests that they did not initiate. We’ll have more to share on exactly how we’ll help prevent these charges shortly.

# 30th April 2024, 11:19 am / s3, aws, security, jeff-barr

2008

[Amazon's] forthcoming persistent storage feature will give you the ability to create reliable, persistent storage volumes for use with EC2. Once created, these volumes will be part of your account and will have a lifetime independent of any particular EC2 instance.

Jeff Barr

# 14th April 2008, 7:50 am / ec2, amazon, jeff-barr, storage

2005

Jeff Barr on Greasemonkey. Greasemonkey for "Enterprise Application Integration".

Despite the odd name, Greasemonkey embodies a very cool and somewhat unique concept, something that I am starting to think of as low-budget, client-side application integration. In the late 90’s, “EAI” or Enterprise Application Integration, was all the rage. Companies that had the need to make disparate applications work together would spend tens of thousands of dollars on complex, fragile software to make it happen. Sometimes it worked, and sometimes it didn’t. When it didn’t, they would call in armies of even more expensive consultants.

Now, I’ll be the first to say that Greasemonkey in its present form isn’t quite ready to replace expensive, commercial EAI software. However, I do believe that it belongs in the enterprise developer’s tookit of possible solutions, and I also believe that Greasemonkey will gain features, power, and respect over the coming months and that now is the time to learn more about it.

# 2nd August 2005, 11:55 am / greasemonkey, jeff-barr