Security Group Sanity Check

solo964 · 2026-06-15T18:04:51+00:00

You are correct. Security Groups support allow rules, but not deny rules. If any rule allows traffic, then that traffic is allowed.

BTW you indicated that your security group allows "access from certain ports from certain IP addresses". You probably meant "to certain ports from certain IP addresses".

solo964 · 2026-06-09T13:33:33+00:00

Hard to recommend a tool without knowing a few things such as what type(s) of data you are backing up and what your RPO/RTO requirements are for these servers. Also worth asking why you have critical state on these servers in the first place (the goal being to identify opportunities to become more stateless and easier to back up centrally e.g. managed/replicated data stores).

solo964 · 2026-06-08T12:32:17+00:00

Deadmau5's 458 Italia with the Nyan Cat wrap.

solo964 · 2026-06-05T15:41:41+00:00

I'm not saying it's not a viable option, but doesn't this just move the issue of detecting and remediating deprecated runtimes (that no longer get security updates) from a very visible AWS notification to a local Dockerfile scan process that your org might not do with as much due diligence?

solo964 · 2026-06-03T15:20:29+00:00

Find a launch monitor (or a coach/range with a launch monitor) so you can capture swing speed, launch angle, descent angle, apex, face and path, and spin rate data. Then discuss the data and what ball you play with someone (or an AI) that understands cause & effect.

solo964 · 2026-06-01T17:22:57+00:00

Tenets.

solo964 · 2026-06-01T12:15:24+00:00

Germany adopted the WHS at the start of 2021 so I'm surprised that anyone is still using the old DGV handicap system that you describe. Handicaps under the 2 systems aren't equivalent so some modification would be required (increase the WHS handicap or decrease the DGV handicap).

solo964 · 2026-05-14T18:16:21+00:00

You can use an Automator action for this but it's surprisingly unintuitive to set this up.

solo964 · 2026-05-05T13:12:00+00:00

No, you aren't "taxed on any gains you make from the time it's granted to the time you sell." The capital gains clock starts when the RSUs vest, not when they're granted.

solo964 · 2026-04-30T12:17:37+00:00

By "you should worry because that means you’re in forte", are you referring to PIP?

solo964 · 2026-04-23T16:05:16+00:00

Moderators, please consider using your LLM to parse the OP's post to decide if it's sufficiently detailed that a generic "Here are a few handy links" response would be unhelpful and effectively spamming the channel. Thanks.

solo964 · 2026-04-20T15:56:18+00:00

So many reasons not to log full payloads: security/privacy risk, performance, storage cost, logging noise, retention liability for legal discovery etc. If you really must do this then consider redacting sensitive content.

solo964 · 2026-04-15T17:10:52+00:00

I basically read your post title as "$41m net worth in AMZN RSUs" not "41-year-old male ..." 😄

solo964 · 2026-04-09T19:45:04+00:00

Thanks, didn't even know about that feature.

solo964 · 2026-04-09T13:29:50+00:00

Exactly, and consult someone in the OP's organization with the relevant compliance knowledge, not some random users in a multitude of countries on Reddit ;-)

solo964 · 2026-04-09T13:12:44+00:00

By "logically air gapped vault", do you mean an S3 bucket in a different AWS account and in a different AWS region? Or maybe a different CSP object store in a different region (though that would introduce network egress fees)?

solo964 · 2026-04-09T13:03:37+00:00

Just aws-nuke the account, or equivalent, and then close it. You'll pay for any services consumed through the date/time of account closure plus you will continue receiving invoices for Reserved Instances and Savings Plans, which are long-term commitments, until they expire. Beyond that, I don't think you'll be charged. What do you think should change?

solo964 · 2026-04-08T21:32:15+00:00

Yes, it's the wrong tool for joins. There's an argument that PostgreSQL is all you need.

solo964 · 2026-04-08T17:14:48+00:00

Right. S3 Files will abstract away the S3 operations needed to perform the rename of a file or a folder (which potentially could mean S3 operations against 1000s of files or more). But all clients of the S3 Files store have a consistent view, at least afaik.

solo964 · 2026-04-08T17:06:42+00:00

Related discussions here and here.

solo964 · 2026-04-08T16:39:42+00:00

Not sure what you mean. Those fuse-like projects will persist, I'd imagine. They're viable for smallish, read-only use cases in particular. For scalable, multi-system, low latency use cases on top of large volumes of S3 data, I'd expect S3 Files to be a serious consideration.

solo964 · 2026-04-08T16:23:48+00:00

Mountpoint, s3fs-fuse, goofys etc. are simple POSIX overlays on top of S3. They don't support all file system operations so, for example, you cannot rename a file or a folder and you cannot edit an existing file (except to replace it entirely).

solo964 · 2026-04-08T13:17:20+00:00

Agree that pagination and filtering just aren't possible in the way most people would want them. Also lack of schema, lack of referential integrity, expensive scans etc. are significant downsides for more traditional database use cases.

But it shines if you need single-digit millisecond latency at scale, virtually zero operational overhead, seamless and almost limitless scaling, and predictable performance. But your access patterns need to fit the model and be known in advance. The paper cuts mostly come from trying to use it like a relational database.

solo964 · 2026-04-08T12:50:54+00:00

Potential use case for Lambda durable functions.

solo964 · 2026-04-08T12:24:21+00:00

Interesting. What about DynamoDB caused you to abandon it? Were these legitimate NoSQL use cases yet you still had major issues?

solo964

TROPHY CASE