GCP IAM is the worst. AWS IAM is not nearly as bad.
GCP sucks so bad as a product, that the only way to tell what IAM policies apply to your service account, is to run some kind of analysis query thing exported to a BigTable (which will cost you money).
You'd think you could just go into the console and click on the service account and it'd show you which policies are linked to roles are linked to your service account? That would make sense, and be convenient. But this is Google we're talking about. Engineering principles will always trump customer experience.
It's much worse than that of course. The default roles give too many permissions, for nearly anything you want to do. Often you are limited by what you can control, to only at an Org level, or Folder, or Project. Yet making a custom role is often difficult, leaving you to usually just slap on the default roles, making your resources insecure. Much of the time, a user must have an Admin-level permission over all VMs in order to SSH into them with GCP creds. Kind of defeating the purpose of having IAM to begin with.
I think the only reason we haven't heard of more GCP accounts getting compromised due to the shitty default policies is, thankfully, GCP has few customers.
It's not a best practice, it's a fad. 99% of people who recommend or use Postgres barely know how to use it. Another trendy database will come along and you'll stop seeing all these posts about it. Happens every decade. I'll link back to this post in a few years with "I told you so".
Another trendy database will come along and you'll stop seeing all these posts about it. Happens every decade.
And then after a couple of years people will realise that Postgres can do everything the trendy database can do and come back to Postgres. Happens every decade. This is at least 'hype cycle' 3 for Postgres since I started my career.
> 99% of people who recommend or use Postgres barely know how to use it.
You're not wrong here, although you could just as easily say "99% of people who recommend $DB barely know how to use it."
Databases remain a mysterious black box to entirely too many people, despite the three largest (SQLite, Postgres, MySQL) being open source, and having extensive documentation.
I've come to the conclusion that most devs don't care about infra in the slightest, and view a DB as a place to stick data. When it stops working like they want, they shrug and upsize the instance. This is infuriating to me, because it's the equivalent of me pushing a PR to implement bogosort, and when told that it's suboptimal, dismissing the criticism and arguing that infra just needs to allocate more cores.
My god, are you me? I also thoroughly enjoyed this diatribe from [0]:
> First, a whole army of developers writing JavaScript for the browser started self-identifying as “full-stack”, diving into server development and asynchronous code.
> ...early JavaScript was a deeply problematic choice for server development. Pointing this out to still green server-side developers usually resulted in a lot of huffing and puffing.
Built my own sofa. Fabric from JOANN, foam from a shitty IKEA thing thrown on the street, some plywood and pine from Home Depot, hardware, staples. Cost me $75. It's comfy and I can lay on it or sit on it. What the fuck about this is supposed to cost >$1,000, I have no idea. Are they stuffing sofas with live minks or something? It's just wood, bolts, foam and fabric.
For cushions I already had some, but you can easily make them with more JOANN fabric and a big box of poly stuffing. Extremely basic sewing skills and a pair of scissors are all you need.
All of this is very true! Thanks to the author for being open about their mistakes.
If you want to avoid this scenario, your company needs good leadership. If you're at a company where the managers don't do any due diligence in terms of verifying the progress of work, you are at an either inept or toxic company. If all people do is ask you for a "status report" and they just hope it's correct, they're setting everyone up to fail.
Good management is like a teacher in school who checks if students are completing their work, and if they aren't, gives them assistance. The teacher must actually check the work, and be interested in the welfare of the student as much as improvement.
> Good management is like a teacher in school who checks if students are completing their work, and if they aren't, gives them assistance.
This requires the managers to know a lot about the technical aspects (nitty gritties if you will) of the work. In my experience, most line managers, and certainly the bosses above them, are so woefully clueless about the work that they are unable navigate timelines, scopes and challenges.
Often, the bosses interests are also misaligned. Rather than take a step back and rescope/reevaluate the project, they want to squeeze engineers to get "something" done. Why? Because some upper manager will lose a fraction of their bonus or stock or promotion due to optics.
Immediate managers must have some experience with the report's work, absolutely. But farther up the chain, they still need to check work. There's certain details of progress you just can't fake.
If you have 10 pieces of work, and you show each piece getting done at regular intervals, along with demos, then you can show your actual results and exactly how close you're getting to finished. Even someone who has no insight into the product can follow along and see the progress's results and trajectory. The more detail you get about the work, the harder it is to fake (you can fake a demo, but it's much harder to fake an entire Jira board)
I don't know what I'd do if I had kids in the US. The education system here is so toxic. It's like a factory designed to churn out little automatons. Like everyone's purpose in life is to become a cog in a business wheel. "We're preparing you for a life of work."
Art, play, love, nature? Waste of time. Personal finances, cooking, repairs, wayfinding? Useless. We need you to learn advanced maths by hand, for that job you'll have at McDonald's where you need to handle advanced algebra. We need you to learn this highly curated view of history that excludes most of the important events in world history. Philosophy? You'll have to go to an expensive college for that. Psychology? Why should you have an insight into relationships, the human mind, emotional intelligence? It's not like that would come in handy at some point.
If I ran a school, the curriculum would consist mostly of teaching people to curate their inner and outer life towards their own goals and interests. The purpose and benefit of intelligence as a tool to use too improve their own life, and the lives of others. The benefits of benefiting society and our loved ones. The benefits of love. The things nobody should learn by accident.
If your transport method for rsync was ssh, that is often a bottleneck, as openssh has historically had some weird performance limits that needed obscure patches to get around. Enabling compression helps too if your CPU doesn't become a bottleneck
This is actually much better because nbdcopy can handle sparse files, you can set the number of connections and threads to number of cores, you can force a flush before exit, and enable a progress bar. For unencrypted drives it also supports TLS.
You're missing out on the most critical detail of Japanese culture that is lost by most westerners:
Speed isn't more important than having respect for your craft. If you have to go slower to produce a better result, you go slower. If you have to work harder to perfect an incredibly tight joint, you do that. You don't have to use traditional joinery to build in Japan today. But if you build something in a shitty way, it reflects poorly on you.
I am not missing out on anything. Modern steel and modern tools are good. A $500-$600 dollar miter saw with a good blade makes very tight and precise cuts, better than 99% of hand made cuts made in Edo Period.
The article is specifically talking about a large saw. A modern mill is gonna do a much better job ripping large pieces of wood, then 3 dudes sawing for hours and constantly resharpening their tools. A good joint is the one that holds the load well.
A non-masochistic way of building things is not shitty, it simply means you are did get trapped in a cult thinking.
> Efficiency is not the goal.
If you are into wood cutting, then sure. Go for it. Cut it in any way you want, with any imaginable tool. But then it's wood cutting, not building things.
GCP sucks so bad as a product, that the only way to tell what IAM policies apply to your service account, is to run some kind of analysis query thing exported to a BigTable (which will cost you money).
You'd think you could just go into the console and click on the service account and it'd show you which policies are linked to roles are linked to your service account? That would make sense, and be convenient. But this is Google we're talking about. Engineering principles will always trump customer experience.
It's much worse than that of course. The default roles give too many permissions, for nearly anything you want to do. Often you are limited by what you can control, to only at an Org level, or Folder, or Project. Yet making a custom role is often difficult, leaving you to usually just slap on the default roles, making your resources insecure. Much of the time, a user must have an Admin-level permission over all VMs in order to SSH into them with GCP creds. Kind of defeating the purpose of having IAM to begin with.
I think the only reason we haven't heard of more GCP accounts getting compromised due to the shitty default policies is, thankfully, GCP has few customers.