1. 12

  2. 3

    I hate AWS as much as the next guy (fuck data pipelines) but here’s something that’s weird to me:

    Answer to HN comments: Google doesn’t provide “GCE dedicated instances”. There is no need for it. The trick is that regulators and engineers don’t complain about not having something which is non-existent, they just live without it and our operations get simpler.

    Is that really how it works? I can’t imagine “but your honor, GCE is cheaper!” would hold up in court.

    1. 12

      Actually, yeah. A lot of compliance and regulation, be it PCI or HIPAA, comes down to vague “reasonable precautions” that you’re supposed to take. So if Amazon offers some precaution, even if it’s rather unclear what benefit it offers, it’s reasonable to take it. But there may not be a rule actually requiring physical isolation.

      The law says you can’t just toss old hard drives with medical records in a dumpster. Some people interpret that to mean you wipe them with dd. Some people interpret that to mean you shred them.

      Back in the day, we had some customers who said they couldn’t use the cloud offering because of health privacy laws. But other customers determined they could use it once we told them that only authorized personnel had database access. None of this shit is really about security or privacy. It’s just checking boxes.

      1. 3

        None of this shit is really about security or privacy. It’s just checking boxes.

        Tell me about it. My favorite is how everyone wants encryption at rest, which disk encryption satisfies. As if someone breaking into the AWS data center and stealing a rack of hard drives is the risk rather than vulnerabilities in the crappy software in question.

      2. 1

        Interesting - I wasn’t aware that GCE didn’t offer dedicated instances.

        FWIW, Azure offers non-virtualised instances (“Large Instances”). They’re mentioned in some of the marketing material (see, eg this document) but not on public price lists AFAICS. I guess you don’t pay for your 4TB RAM instance with your corporate Amex card…

      3. 1

        I think the sweet spot for AWS is medium-small projects. the tools are powerful and enable lots of architectural experimentation, but for hardcore volume you really need to be closer to metal.