I asked Emily, my 7 year old daughter, why she loved YouTube so much. Specifically, why she loved **watching** others play Roblox over actually **playing** Roblox herself?
It's a strange, but common thing among children her age, as my nephews and nieces do the same for other games.
No surprises then, that Google announced record profits yesterday, with YouTube alone bringing in more than $5 billion in advertising for the first time, gaining 32% over the same period last year.
Spreadsheets are the bedrock of the modern enterprise, they're ubiquitous, from small family business' to large multi-nationals, and you'd be surprised by the number of critical activities that run off them.
Pound-for-pound, Microsoft excel is the most valuable piece of software on the planet.
But are really that good?
The answer depends on what you mean by 'good'?
Hi, I'm Keith, and I'm a social media addict.
I know, because I've seen this before.
When I was around 8 years old, my father was a smoker, and I'd regularly see him leave family meals early to have a quick smoke, leaving us to finish our lunch or dinner without him. It was just something smokers did.
Today, I'm not physically leaving the table like my father, but my mind is just as disconnected, as my attention moves from eating to being fixated on my iPhone.
At least my father would finish his meal before he did his smoking routine, I typically pick up my phone mid-way through, and stay on it right to the end of dinner. Sometimes gobbling down unknown quantities of food while my eyes remained glued to some insufferable post on social media.
I could be talking to my wife, or asking my daughter how her day at school was. Instead I'm mindlessly scrolling the feeds and timelines hoping for something to catch my attention, while the two most important people in my life, remain neglected -- while they're right in front of me!
Clearly something was wrong.
I noticed this on airplanes too, at the end of a long flight, Smokers would make a bee-line for the smoking area to satisfy their craving. But phone-addicts immediately light up the cabin with the glow of their screens, the moment the pilot announces "you may now switch on your electronic devices".
At least smokers were denied their addiction for the entire duration of their flight, usually hours -- phone addicts (like me) had only to endure the 20 minutes of landing.
I saw this in myself a few months ago, late one night, I had binged on all my social media, YouTube, Reddit, Twitter, Facebook, and after completely exhausting all possible posts on all platforms, I'd cycle through them again, and again and again!
I should have been sleeping, it was late -- very late! I knew I should be dozing off, but instead my phone was firmly in my hand, with my finger scrolling through every last nook and cranny.
I was craving something (what exactly I didn't know). I knew there was nothing interesting left (I'd checked, multiple times!) -- but I was still scrolling, and scrolling...hoping for something interesting to magically pop into the feed. This activity gave me no joy, but I was doing it anyway.
I was addicted -- social media was my slot machine -- and though I was losing, I couldn't help but want to play more.
All hallmarks of addiction.
There's a belief that people in IT, specifically software developers are generally anti-social, introverted, desk-loving curmudgeons who act like Sheldon from the Big Bang Theory.
What's more frustrating, is that this belief is prevalent even among those working in technology -- that somehow great coders are silent geniuses who shun people, while coding in a dark office corner wearing over-sized headphones playing death metal music. This is not just a myth, it's the anti-truth of what actually happens. The best developers (just like any other profession) are always people focused.
As much as I love Serverless architectures, I find myself 'locked-in' to a server-ed WordPress blog. It's a mixture of too much legacy content to migrate, lack of easy migration tools, and just the fact that WordPress for all it's faults --- just works!
So rather than spend countless hours trying to migrate content, I decided to keep paying the $5/mo to DigitalOcean so that they can continue hosting a VM which PHP on it for my blog.
After reading the awesome DynamoDBBook from Alex DeBrie, I was prompted to fix a long running design issue with Klayers (a separate project I maintain).
Like everybody else that dives into DynamoDB headfirst, I made the mistake of using multiple tables, one for each data entity. After all, a single database consists of multiple tables -- so DynamoDB would logically involve multiple DynamoDB tables as well right?
Wrong!
It turns out, a DynamoDB table is equivalent to a database, and having multiple tables is like having multiple databases, The 'correct' approach, is to load all data into a single DynamoDB table which would allow us to "join" multiple data entities into a single query.
The word "join" is in quotations, as there is no concept of joining data in DynamoDB, all data has to be pre-joined in some way to achieve the performance that DynamoDB promises (sub 10ms response times for tables of any size). If you split your data across multiple tables, you lose the ability to pre-join this data.
So last month I decided to bite the bullet and began re-designing my application to use one table instead of two, and boy did it do my head-in, and wanted to write this post to capture my thoughts on the whole process.
First here's some background of the application.
Let's look at AWS Access Keys inside a Lambda function, from how they are populated into the function's execution context, how long they last, how to exfiltrate them out and use them, and how we might detect an compromised access keys.
But before that, let's go through some basics. Lambda functions run on Firecracker, a microVM technology developed by Amazon. MicroVMs are like docker containers, but provide VM level isolation between instances. But because we're not going to cover container breakouts here, for the purpose of this post we'll use the term container to refer to these microVMs.
Anyway...
Lambda constantly spins up containers to respond to events, such as http calls via API Gateway, a file landing in an S3 bucket, or even an invoke command executed from your aws-cli.
These containers interact with AWS services in the same exact way as any code in EC2, Fargate or even your local machine -- i.e. they use a version of the AWS SDK (e.g. boto3) and authenticate with IAM access keys. There isn't any magic here, it's just with serverless we can remain blissfully ignorant of the underlying mechanism.
But occasionally it's a good idea to dig deep and try to understand what goes on under the hood, and that's what this post seeks to do.
So where in the container are the access keys stored? Well, we know that AWS SDKs reference credentials in 3 places:
~/.aws/credentials fileIf we check, we'll find that our IAM access keys for lambda functions are stored in the environment variables of the execution context, namely:
You can easily verify this, by printing out those environment variables in your runtime (e.g. $AWS_ACCESS_KEY_ID) and see for yourself.
OK, now we know where the access stored keys are stored, but how did they end up here and what kind of access keys are they? For that, we need to look at the life-cycle of a Lambda function...
I thought I'd write down my thoughts on contact tracing apps, especially since a recent BFM suggested 53% of Malaysians wouldn't download a contact tracing app due to privacy concerns. It's important for us to address this, as I firmly believe, that contact tracing is an important weapon in our arsenal against COVID-19, and having 54% of Malaysians dismiss outright is concerning.
But first, let's understand what Privacy is.
Privacy isn't secrecy. Secrecy is not telling anyone, but privacy is about having control over who you tell and in what context.
For example, if you met someone for the first time, at a friends birthday party, it would be completely rude and unacceptable to ask questions like:
In that context you're unlikely to find someone who will answer these questions truthfully.
But...
Age and weight, are perfectly acceptable questions for a Doctor to ask you at a medical appointment, and your last drawn salary is something any company looking to hire you will ask. We've come to accept these questions as OK -- under these contexts.
You might still not want to answer them, which might mean you don't get the job, or the best healthcare -- but you certainly can't be concerned by them. Far more people will answer these same questions truthfully if you change the context from random stranger at a party to doctors appointment.
So privacy is contextual, to justify concerns we have to evaluate both the context and the question before coming to a conclusion.
So let's look at both, starting with the context:
Potassium40 was a project I started to see how fast Lambda could really go. The project attempts to download the robots.txt files from 1 million websites as fast as it can. I chose robots file because -- well it's supposed to be downloaded by robots anyway, so this was both great fun, but also completely ethical as I wasn't scraping people's websites.