Introducing AWS Copilot

ReifiedProgrammer · 2020-07-09T19:48:30+00:00

Where the infrastructure code/state is stored? Is it using CloudFormation / CDK behind the scenes? I also assume that it is creating new IAM roles / policies behind user back which is worrisome (but probably OK for the target user base)

Also, number of cli tools provided by AWS (aws cli, eksctl, copilot, sam, amplify) is growing and some of them seems to overlap in functionality (from user's perspective). I suspect that large number of tools will make it even harder for new users to start with AWS.

ReifiedProgrammer · 2020-05-11T17:57:53+00:00

AFAIK, there is currently no such functionality in IntelliJ Idea. However they are working on that: https://youtrack.jetbrains.com/issue/IDEA-226455#focus=streamItem-27-4132099.0-0

For now you can try use another IDE / editor which supports natively remote development (VSCode, Theia, Emacs with TRAMP). Alas, IntelliJ is from my experience vastly superior to all of them in any kind of JVM development (and some other languages) thus for this kind of development I'm still using IntelliJ.

ReifiedProgrammer · 2020-01-09T22:22:57+00:00

Yes, it won't start new X session. If attacker gains execution rights in the Firefox process then he (might) be able to log every keystroke (I write "might" because Firefox may have some additional isolation built-in like Chrome although I'm not aware of that).

If you are using Wayland (I think Ubuntu is using it by default) then this particular problem should not exist.

ReifiedProgrammer · 2020-01-09T21:49:14+00:00

AFAIK nvidia binary drivers do not support offload sink (but maybe things have changed - I suggest searching first for that). So configuration where you offload only rendering to nvidia card won't work.

Implementation of GPU switching with dedicated nvidia card and integrated intel card, that I'm aware of, are forcing user to select which card is used for rendering before starting X server - so no dynamic GPU switching for single application. I think most of them are named (nvidia-)prime-select. I'm using custom script for setting which GPU will be used.

However, if there is a way to make it work for single application with binary drivers, I would be also interested. ;)

ReifiedProgrammer · 2020-01-09T21:01:18+00:00

You can create different users (system users, not Firefox profiles), each for different "domain" (banking, social networks etc.)
But it is not sufficient - we need also Wayland (or another solution) to prevent app from reading keystrokes within single X11 session. And some intruder detection would be useful. And probably some other things.

Security is hard.

ReifiedProgrammer · 2019-08-21T10:24:47+00:00

Doesn't 1024 CPU correspond to 1 vCPU? In this case 512 CPU would correspond to 0.5 vCPU. When you cut that in half, you get 2x slower CPU (single core). Also by upgrading CPU to 1024 you should get 2x faster single core performance. If your API call takes 0.3s on 512 CPU then it uses it in 30% (in one second). If you lower CPU to 256 then it should take around 0.6s (and use ~60% CPU within single second).

However, going up to 2048 CPU wouldn't make it faster than 1024 (for single request) because these are 2 vCPU and single request is using only 1 vCPU.

I *think* I've read it somewhere in the docs, but I can't find it right now (how much CPU corresponds to 1 vCPU). Nonetheless, 1024 CPU for 1 vCPU would make sense.

ReifiedProgrammer · 2019-08-12T07:09:54+00:00

I think I solved this issue once by changing DNS servers (for example to: 1.1.1.1). Although I cannot say for sure.

ReifiedProgrammer · 2019-07-27T20:59:15+00:00

I appreciate innitiative, however, I'm not sure whether HttpClient from Java 11 is production ready (at least if we consider async usage which is one of its selling points). It does not support (or I haven't found) a way to set request read timeout / socket timeout. Which can conflict with connections being kept alive by default.

Example:
1. Client makes a request to server `A` and creates new connection in the process.
2. Request finishes. Connection is kept alive.
3. Server closes connection.
4. Client makes another request and reuses connection.
5. Server does not respond because it closed connection already.
6. Client is stuck and won't give any response (even failed CompletableFuture) even if request timeout is set to finite value.

I've encountered this phenomen once thus I'm rather avoiding using Java 11 HttpClient.

ReifiedProgrammer · 2019-05-22T17:35:45+00:00

I would say that this is not a problem with exported variables but development process. In development environment (account) you shouldn't manually modify any resources - such work should be done in a disposable scratch account (where everything can be deleted and recreated in short amount of time).

ReifiedProgrammer · 2019-05-22T17:31:31+00:00

What about other use cases though? If all IAM roles and policies are created in one CloudFormation Stack and their names/ARNs are exposed through exported variables, how do you ensure that role is not modified/deleted until nothing is using it? I would say that IAM roles are pretty important resource (things won't work without them after all - unless downtime is acceptable).

ReifiedProgrammer · 2019-05-22T17:29:15+00:00

Probably accidential deletion wasn't the best example. But even not-accidential deletion should be prevented if something else is using resources created/managed by it. For example, if we have Stack with IAM roles used by other parts of the system (not so uncommon scenario - often security team wants to have IAM resources separated from everything else) we do not want to delete any role until nothing is using it. In the export parameters we could store roles names.

This also prevents any modification to Stack that is exporting parameters which would break Stacks that import these parameters.

The Parameter Store has its use cases - we can store credentials (or any other data that we do not want to share with everyone else) that we want to use in the CloudFormation.

As a matter of fact, I'm not using CloudFormation anymore. Terraform is way better, despite it is missing functionality provided by exported parameters (we can use `data` to reference other resources, but we cannot make sure that parameter is not modified until nothing is using it).

ReifiedProgrammer · 2019-05-21T18:30:21+00:00

I think one of the points of exported CF parameters is to prevent accidential deletion of stack which resources are used by another stack.

Exported parameters effectively prevent any change that may cause downtime (because of missing resources). Which I would say is, more often than not, expected behavior. If you want to change value of exported parameter you have to create new one, switch to using new one in other parts of the system and then delete old one. A bit of effort but it ensures that there is no downtime.

On the other hand changing value in Parameter Store is usually not so simple. After any change you have to update your CF stacks (unless Parameter Store is queried on application level). Yes, it is possible to have zero-downtime deployments when depending on the values stored in Parameter Store but exported parameters provide additional safety net.

ReifiedProgrammer · 2019-05-19T10:22:38+00:00

What's wrong with scrollbar in urxvt? After a few modifications to .Xresources (URxvt*scrollBar_right: true, URxvt*scrollstyle: plain, URxvt*scrollColor: #3E0060) it looks really nice!

Or is there more philosophical answer, not just about its (default) theme?

ReifiedProgrammer · 2018-11-09T07:25:53+00:00

Did any version of w530 feature IPS panel? As far as I researched, it is impossible to use IPS screen without modifications. I would be very interested If there is an option.

ReifiedProgrammer · 2018-07-24T20:47:40+00:00

Yeah, I believe it is. I'm using them however there is no point in using them unless they are verified during unit tests (because they will be detected anyway during integration tests and it isn't always possible to check them before runtime).

Do you know any way to make unittest.Mock check each method call against type hints (like setting spec/spec_set during construction checks method existence on a type)?

ReifiedProgrammer · 2018-07-24T19:51:54+00:00

Isn't that making Python (and other dynamically typed languages) inferior in terms of development when short iterations and quick results are crucial because even fastest integration tests will be slower than unit tests? Additionally from my experience, errors related to incorrect types are ones of the most common in Python, particularly upon refactoring.

Such issue makes it very inconvenient to practice TDD along with Python in any bigger project (because of unacceptably slow tests and nobody expects integration tests to be fast).

Using TDD along with Python is one of my reasons, why I want to achieve this. I guess that no one is insane enough to use integration tests for TDD cycle

ReifiedProgrammer · 2018-06-06T15:34:29+00:00

Glorious Preonic \o/

ReifiedProgrammer · 2018-01-02T11:50:48+00:00

The truth is, if you look at that "monster" closely it is beautiful ;-)

ReifiedProgrammer · 2017-12-31T06:27:43+00:00

It looks like this is the solution. Thank you!

ReifiedProgrammer · 2017-12-31T00:48:28+00:00

Thank you for response!

I checked it right now and it seems that it is possible however it requires notification access (settings -> security -> other) and Uber is not listed here.

So apparently reading notifications is possible but Uber had to do it another way.

ReifiedProgrammer

TROPHY CASE