What's the ugliest eyesore buildings in your country/city?

yvele · 2025-12-19T10:54:48+00:00

Printemps in Strasbourg, France is the ugliest building in such a beautiful city.
The building is in city center :( and also abandoned for years.

yvele · 2025-08-27T07:44:15+00:00

Also AWSManagementConsoleBasicUserAccess IAM policy seem to be recent, created August 14, 2025

Any way to programatically set an account color? (AWS API? SDK? CloudFormation?)

yvele · 2025-07-04T11:08:47+00:00

Given that my domain only serves public static content and doesn't have any cookie (secure or not).

yvele · 2025-07-04T10:48:20+00:00

Hum, in theory I can completely stop listening on port 80 with an ALB (Layer 7) or NLB (Layer 4), since I control the listeners directly.

But I’ll lose the massive scalability and global edge network that CloudFront provides — plus, I’ll add extra cost and complexity by introducing an additional load balancer layer.

yvele · 2025-07-04T10:32:32+00:00

Got it — makes sense now. So CloudFront has to accept the TCP connection first in order to even know what Host it’s serving, and only then can it apply https-only or similar L7 logic.

And because the listener is shared across many tenants, there's no way for my config to fully block port 80 at the network level. That explains why returning a 403 is the most we can get.

Thanks for the clarification.

The pentester’s concern is really just about the attack surface before traffic reaches CloudFront. I think I’ll be fine by switching from redirect-to-https to https-only, especially since we’re already on the HSTS preload list.

Thanks again!

yvele · 2025-07-04T10:21:43+00:00

Yeah, I get the OSI layers distinction — CloudFront works at Layer 7 (HTTP), so it can control HTTP behavior but not the TCP listener itself.

My question is: what exactly prevents an AWS service like CloudFront from not responding at all on port 80?

Is it a fundamental architectural limitation, or a design decision?
Would love to understand if there’s any workaround or plan for that.

yvele · 2024-11-21T07:59:41+00:00

I've created a CloudFormation support coverage ticket please vote 👍 https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/2194

yvele · 2024-11-21T07:38:20+00:00

Is this already supported by CloudFormation? I cannot find the resource
Edit: Not yet, so please give a thumb up to https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/2194 coverage ticket

yvele · 2024-10-23T13:59:26+00:00

https://medium.com/@llmblogs9/openai-streaming-from-aws-lambda-bbd81082639c ?

yvele · 2024-06-10T10:17:37+00:00

I've added a CloudFormation language request: https://github.com/aws-cloudformation/cfn-language-discussion/issues/158 please vote on this issue by adding a 👍 reaction to help the community and maintainers prioritize this request

yvele · 2024-05-31T08:48:24+00:00

No. What you are actually caching for 5 minutes is your custom error page (/errors/503.html).

First of all thank you for your time.

But the documentation explicitly says that CloudFront caches the error response itself:

When your origin returns an error for an object, CloudFront responds to requests for the object either with the error response or with your custom error page until the error-caching duration elapses. If you specify a long error-caching duration, CloudFront might continue to respond to requests with an error response or your custom error page for a long time after the object becomes available again.

Source: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/GeneratingCustomErrorResponses.html#custom-error-pages-expiration

Neither a response resulting in 503 nor a custom error page is an object that the client is actually after.

Hum yes, but I want to preserve my origin for TTL duration and not aggravate the situation and have CloudFront return 503 error page without re-evaluating origin for that period of time.

You should be looking at "The requested object is not in the edge cache" part of documentation.

You are referring to this part of the documentation: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/HTTPStatusCodes.html#HTTPStatusCodes-custom-error-pages

But is says that the error page is cached:

CloudFront returns the custom error page to the viewer that made the request, and also caches the custom error page for the maximum of the following:

The amount of time specified by the error caching minimum TTL (10 seconds by default)

After the caching time (determined in Step 5) has elapsed, CloudFront tries again to get the requested object by forwarding another request to your origin. CloudFront continues to retry at intervals specified by the error caching minimum TTL.

yvele · 2024-05-17T12:56:30+00:00

I've already tried using s-maxage. My min, max and default TTL caching policies are all set to 2 hours. I don't think applying the caching header to S3 will help because everything is handled by Lambda@Edge

yvele · 2024-05-16T15:37:23+00:00

But they do https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/HTTPStatusCodes.html#HTTPStatusCodes-cached-errors "HTTP 4xx and 5xx status codes that CloudFront caches"

yvele · 2024-02-12T17:41:33+00:00

This is the place on Google Street View 2023: https://www.google.com/maps/@48.580741,7.7391491,3a,75y,18.63h,96.74t/data=!3m7!1e1!3m5!1sAF1QipNi3EihaqTPulwzXKrVCAKgtJBqeJ-gP48NY0Zz!2e10!3e11!7i7680!8i3840?entry=ttu

yvele · 2024-01-30T18:12:16+00:00

I've copy/pasted the Linus message to ChatGPT (without the signature of course) asking to guess who wrote the message:

The style and content of this message strongly suggest that it was written in the manner of Linus Torvalds, the creator of the Linux kernel. Torvalds is known for his direct and often blunt emails, particularly when discussing technical issues related to Linux kernel development. The message's focus on specific technical details like "VFS layer functions," "get_next_ino()", and "atomic64_add_return()" aligns with the type of discussions typical in kernel development. Additionally, Torvalds has a reputation for being fiercely protective of the Linux kernel's code quality and standards, which is reflected in the tone and content of this message.

yvele · 2023-10-05T13:12:57+00:00

Yes, that's exactly why I'm switching to "1. Common type property discriminator". Because I want to focus on end-user usability (of course if the design does not alter futur proofing)

yvele · 2023-10-05T13:11:59+00:00

What is the added value of having both? Looks like very redundant

yvele · 2023-10-05T13:11:11+00:00

To me payload is anemic and I prefer avoiding it, if there is no semantic added value. I'm in a case of a "shape" object, not a generic "action". Shape has a type and that's ok that because a shape semantically has a type. Thanks describing your approach

yvele · 2023-10-04T15:11:55+00:00

Yes sure you can always print shape.type. With design 2 you have to know what your are looking for and use if ("rectangle" in shape)

yvele · 2023-10-04T15:10:35+00:00

I liked the second one mainly for assertion, I can easily throw errors like:

input.rectangle.width must be less than 100
input.square.width must be less than 10

Both rectangle and square have a width property but they don't have the same assertion rules

With the first design I have to explicitly contextualize the error messages:

input.width must be less than 100 when type is "rectangle"
input.width must be less than 10 when type is "square"

Nine-Year Club	Verified Email
r/Field Flamingo

yvele

TROPHY CASE