• wpuckering@lm.williampuckering.com
    link
    fedilink
    arrow-up
    93
    ·
    edit-2
    7 months ago

    You shouldn’t be charged for unauthorized requests to your buckets. Currently if you know any person’s bucket name, which is easily discoverable if you know what you’re doing, that means you can maliciously rack up their bill just to hurt them financially by spamming it with anonymous requests.

      • gravitas_deficiency@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        26
        ·
        7 months ago

        lol dude, I’ve known several people who have worked at AWS for years, and the amount of duct tape and bailing wire Mickey Mouse shit that I’ve heard goes on there just… does not inspire confidence.

        • Sicklad@lemmy.world
          link
          fedilink
          arrow-up
          10
          ·
          7 months ago

          Yeah in my last role we were probably the biggest user of a certain storage service that was still kinda new, there were quite a few times we found bugs, features that straight up didn’t work how the documentation stated, and aws sent us workaround scripts that seriously looked like an unpaid intern wrote.

          I’m not sure if GCP/Azure would be much different though.

  • AmbiguousProps@lemmy.today
    link
    fedilink
    English
    arrow-up
    51
    ·
    7 months ago

    As it turns out, one of the popular open-source tools had a default configuration to store their backups in S3. And, as a placeholder for a bucket name, they used… the same name that I used for my bucket.

    • LostXOR@fedia.io
      link
      fedilink
      arrow-up
      32
      ·
      7 months ago

      It’s completely insane that the tool would attempt to connect to a nonexistent bucket for backups by default instead of just… having them disabled completely?

  • sensiblepuffin@lemmy.world
    link
    fedilink
    arrow-up
    42
    arrow-down
    1
    ·
    7 months ago

    AWS was kind enough to cancel my S3 bill. However, they emphasized that this was done as an exception.

    Dicks.

    • atzanteol@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      63
      ·
      7 months ago

      It’s fine if you dislike a site. But the correct thing to do is not consume their content, not to work around it.

      • kevincox@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        7 months ago

        Or use a browser extension to implement your preferences rather than push them onto others in a way that makes it harder for them to implement theirs.

        If an article links to medium.com my redirects kick in, my link flagging kicks in and everything else. If everyone uses some different service to “fix” medium I am stuck with what they like. There is valuable to keeping the canonical URL.

        I would also love to see domain blocks as a user preference in Lemmy. Just hide these sites that I don’t like.

    • 30p87@feddit.de
      link
      fedilink
      arrow-up
      3
      arrow-down
      2
      ·
      7 months ago

      Chilling with nothing but my homeserver here. Backed up to the NAS, mirrored to my grandparents house. No charges, no misconfigurations, just Arch testing being more stable than any commercial service I know lol