it would generally be for environments where the browser is locked down as well, or has a special extension installed for "security". In a lot of those cases the shell is recorded and send to a central tool, but the webview would not be logged
Yeah I'm really not sure why people take doing things that their employers don't want them doing as a challenge. Like how about the challenge instead be working within the restrictions? Or communicating with their boss what they need to get their job done?
They have no clue what legal requirements are imposed on the company that led to those restrictions. They could easily land themselves or the entire business in hot water by not complying. It doesn't matter how easy the controls are to bypass. Like, it's easy to pick or cut a LOTO lock, but that doesn't mean it's fine to do that.
That's a reasonable take but then keep in mind we're talking about iTerm. How is the browser different from, say, `curl https://example.com | lynx`? Or `~/.bin/playwright/chrome`?
So while corporate restrictions sometime (but only sometime!) make sense, the configuration where a terminal is allowed while a browser is not - don't.
> Why not require two or three reviews if they are so helpful at finding mistakes?
Places do? a lot of opensource projects have the concept of dual reviews, and a lot of code bases have CODEOWNERS to ensure the people with the context review the code, so you could have 5-10 reviewers if you do a large PR
apparently? JEDI and Wild and Stormy were two programs just from the DoD and NSA that were 20 billion USD.
AWS, Azure, Oracle, SUSE (via Rancher) and I am sure GCP all have confidential & classified (C/S/TS) clouds, as well as lower FedRAMP clouds to get that sweet sweet federal money.
Not sure what questions it raises, it has been a thing for decades.
> Who handles physical security and what sort of place is it located that it can house that kind of data?
In general, the cloud/systems operator, in conjunction with the launch customer will build a dedicated facility for the classified stuff, and for the controlled stuff may have a dedicated facility, or have segments of the DCs in the US with extra security. for the classified stuff, there is a pretty rigorous list of requirements for the DC, and for any NOC that operates the service.
> To what degree is the federal government subsidizing Amazon's retail dominance?
A fair bit, but they are just like any big customer - just with higher margins. I think that was part of the reasoning for breaking up JEDI after AWS got it - the administration at the time hated the AMZN leadership, so wanted to remove money firehose from them and give it to others.
If humans can't scale to review, how are they scaling to code?
Humans how code should review, or the whole point of code review is pointless, and everyone should just push to HEAD and revert on failure
I really like the general take that LLMs scanning PRs is simply "zero config CI." We already have a great paradigm for this; we don't need to reinvent a new category. In that light, we can weigh its value more as a fuzzy linter, rather than a be-all-end-all.
I was only there for a year or two, but it was a great place to work, and I 100% agree on the upstream contributors, but the main thing I will remember is how much people cared.
In some cases, waaayyy too much about little things, but a lot of the time about the right thing to do for the product and for the open source community around it.
I think the main thing I will miss is sitting down on a Friday afternoon and reading the dev list (devel@ I think?), it was a thing of beauty.
Yeah, DevOps was a culture not a job title, and then we let us software engineers in who just want to throw something into prod and go home on friday night, so they decided it was a task, and the lowest importance thing possible, but simultaniously, the devops/sre/prod eng teams needed to be perfect, because its prod.
it is a wierd dichotomy I have seem, and it is getting worse. We let teams have access to argo manifiests, and helm charts, and even let them do custom in repo charts.
not one team in the last year has actually gone and looked at k8s docs to figure out how to do basic shit, they just dump questions into channels, and soak up time from people explaining the basics of the system their software runs on.
Yeah, that doesn't really answer the question at all...
Do you just have a pile of cloudformation on your desktop? point and click? tf?
And then none of the actual questions like
> How do you handle application lifecycle concerns like database backup/restore, migrations/upgrades?
There is no difference between cloudformation, clicking, terraform, boto, awscli, pulumi, or whatever else. The platform at the other end of those tools is still ECS.
Backing up databases isn't the job of the container-running platform (ECS), especially not in AWS-world where databases are managed with RDS.
The rest of the questions were "how do I run containers on ecs?" in various forms. The answers to all of them is "by asking ecs to run containers in various forms."
Thats great if that works for you, and for a lot people and teams. You have just shifted the complexity of networking, storage, firewalling, IP management, L7 proxying to AWS, but hey, you do have click ops there.
> DevOps went from something you did when standing up or deploying an application, to an industry-wide jobs program. It’s the TSA of the software world.
DevOps was never a job title, or process, it was a way of working, that went beyond yeeting to prod, and ignoring it.
From that one line, you never did devops - you did dev, with some deployment tools (that someone else wrote?)
I mean you can edit a big YAML file inside ArgoCD, but what I'm building is an actual web form (e.x. `spec.rules[].http.paths[].pathType` is a dropdown of `Prefix`, `ImplementationSpecific`, `Exact`), and all your documentation inline as you're editing.
People have tried this before but usually the UI version is not fully complete so you have to drop to YAML. Now that the spec is good enough it's possible to build a complete UI for this.
Yup, and it has the advantage of having a easily backed up state store to represent the actions of the GUI.
I always liked the octant UI autogeneration for CRDs and the way it just parsed things correctly from the beginning, if they had an edit mode that would be perfect
Is there anything in particular you like about what Octant does? I don't see anything that actually looks at the object spec, just the status fields / etc.
