Good call out for how Serverless allows you to be very granular with permissions as to what specific code can access - Something that wasn’t easy before.
However, it’s easy to overlook that in dev and not correct that before going to Prod
He’s now telling an engaging and funny story of how he won the Lambdashell.com bounty, and how hard that actually was despite literally having RCE — “Something that Security experts would love as it means game over for serverful environments”
Praying to the demo gods to help @orysegal kick ass in his AppSec demo using a Serverless HR CV system
@LeoCDamascena @hugaomarques @JeffQuesado @ocodista Vou responder amanhã pq precisaria de ~15 tweets pra explicar que
- custo é uma dimensão ampla; em todos os casos que vi em 8 anos de Serverless, computação eh um dos menores custos
- cold start representa <1% em todos os clientes em produção desde 2015
- Serverless != Lambda
@LeoCDamascena @hugaomarques @JeffQuesado @ocodista A dificuldade deste tipo de conversa em várias profissões de TI é que a tomada de decisão não vai envolver algo tão simples como requisições por segundo
A dificuldade está em “custo de oportunidade”
Pra dev, eh mais “barato” recriar S3
Pra ops, eh mais “barato” recrie RDS etc.
@LeoCDamascena @hugaomarques @JeffQuesado @ocodista Vamos lá, como prometido, vai ser uma longa thread pq este assunto não é simples -- mesmo assim vou resumir bastante, pergunte se tiver duvida
1) Toda decisão de engenharia é uma decisão de compra
2) Lambda fez 9 anos 🎂: de automação ate negócios inteiros em Serverless
1/
single table requires significant engineering effort, onboarding, harder to operate and change, and build your own tooling
@productiveprog@paulswail@theburningmonk Single table patterns are great because it shows the power DynamoDB has - it does not mean you need to put all your data into a single table. You could have a single table per service, or use patterns of a single table in multiple tables
LOL quite the contrary... having anxiety and being anxious are not the same.
Comments like these tend to share simplistic solutions. It actually makes matters worse and don’t help the mental illness discussion we should be having
Other unhelpful comments to those with anxiety, general anxiety disorder, etc
Why are you so organised?
Why cant you finish one thing before jumping to the next?
You seem to take a lot on yourself, try relaxing a bit
Why do you always have a plan B, and C for everything?
A few others
Why do you always have to check the door three times?
Why can’t you disconnect for a bit?
You should try meditation, it’ll put things in order
Why can’t you relax for a bit?
X hasn’t happened yet, why are you so worried/obsessed with it?
As for your tests, you'll also have to include that path within your test runner (pytest:conftest.py) or add it programmatically via sys path like this