Share this page!

Corey Quinn Profile picture
Twitter logo
6 Jan, 4 tweets, 2 min read
Uhhhh this is not how I understood @goserverless's security model to work.
If I scroll to the very end of a 55KB text file I find this defensive wording:
That sure is a lot of words to say "@goserverless will copy up your @awscloud API credentials to their service and execute things on your behalf."
I am not disputing the engineering here. I’m pointing out that basically nobody knew this was happening for the past year and a half, and are horrified to realize that they were unknowingly giving @goserverless credentials with production access to sensitive things.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Corey Quinn

Corey Quinn Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @QuinnyPig

Corey Quinn Profile picture
8 Jan
Oh I like this. Let me help! Some #techtipsforParler they should make sure to do to fix their @awscloud bill, since they apparently have one:
"X" is a cool letter. Be sure that all of your EC2 instances start with it. #techtipsforParler
S3 buckets are finite resources, so be sure to use one bucket for your Lambda jobs. Make sure that the source and destination are in the same place, and automatically triggered. #techtipsforParler
Read 16 tweets
Corey Quinn Profile picture
6 Jan
New game, Twitter.

Find me a job posting that vaguely resembles "what you think I do" and then I will mock it.

It's gotta be at a big company, though; I don't want to crap on some overloaded 5 person startup for a bad req.
I will pick... this one!

What does it mean to work at IBM? A bunch of things that absolutely don't apply to a corporate comms role. Get any thoughts of being valued right the hell out of your non-coding head immediately. Image
Read 11 tweets
Corey Quinn Profile picture
5 Jan
Great question! A thread.
You're always going to need a piece of paper that says you know things. Eventually it becomes a list of jobs in which you've solved hard problems.
At the start of your career it's a different story. You've got a degree; that's more than I had.

Certifications aren't a bad step. They demonstrate that I can talk about cloud concepts with you and expect you to understand them at a high level.
Read 6 tweets
Corey Quinn Profile picture
5 Jan
Who does @awscloud think they are, Google? Charging for a beta, my god...

aws.amazon.com/about-aws/what…
That said, I will take the beta exam cold and report back if AWS finds a voucher / wants to drum up publicity.

I'll even turn it into a fundraising drive.
If @PearsonVUE decides that an infant or toddler in the next room being noisy voids the exam, I will rain fire and brimstone down upon @awscloud for it.

Sure, it's a Pearson requirement--but it's being done in AWS's name. Image
Read 12 tweets
Corey Quinn Profile picture
5 Jan
Spent the morning setting up @JamfSoftware to manage our company Macs. I've spent so long working with cloud computing that it's unnerving to encounter an interface that doesn't actually hate its users.
Given that I'm a few clickety-pokes away from blowing away a workstation at any point in this thing, I'd want two factor auth to:
1. Support Yubikeys
2. Not be optional
3. Not be buried deep in a sub-menu I had to hunt down.
They all have the red dot in the corner since I haven't enabled app provisioning. I just want to mandate disk encryption, strong passwords, screensaver timings, and remote wipe (AFTER ANOTHER 2FA FOR GOD'S SAKE JAMF)! I can't view those things in the dashboard though.
Read 5 tweets
Corey Quinn Profile picture
5 Jan
Screw it, I've got a few minutes. I'm starting a new imaginary corp, "Facebook for Ethics." We're based here in California. I'll walk through many of the ways we'll serve our core mission: absolutely screwing over our staff.

Any resemblance to real companies is coincidental.
We'll start with "unlimited PTO." We very carefully will avoid giving guidance as to what is "appropriate." Is it really unlimited? Try taking six months off and find out!

We need pay none of it out when you leave (voluntarily or otherwise).
We're VC backed and privately held, so we'll pay below market salaries and offer equity. Folks have gotten wise to the "options" game so we're forced to give RSUs to attract talent.
Read 38 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @QuinnyPig has new unrolls!

Check out other threads from @QuinnyPig!

Read all threads by @QuinnyPig