this post was submitted on 30 Apr 2024
190 points (99.0% liked)

Programming

17450 readers
63 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev



founded 1 year ago
MODERATORS
top 22 comments
sorted by: hot top controversial new old
[–] deegeese@sopuli.xyz 116 points 6 months ago (1 children)

“By design” AWS bills project owners for unauthorized calls to the public S3 API.

So what I’m reading from this is you can do a billing attack on anything hosted in AWS so long as you know one of their bucket names.

[–] bamboo@lemmy.blahaj.zone 53 points 6 months ago

Seriously, now that this is more widely known, it'll for sure be taken advantage of a lot, to the point AWS will begrudgingly protect their customers once the damage is done.

[–] wpuckering@lm.williampuckering.com 99 points 6 months ago* (last edited 6 months ago) (1 children)

You shouldn't be charged for unauthorized requests to your buckets. Currently if you know any person's bucket name, which is easily discoverable if you know what you're doing, that means you can maliciously rack up their bill just to hurt them financially by spamming it with anonymous requests.

[–] NegativeLookBehind@lemmy.world 36 points 6 months ago (1 children)
[–] gravitas_deficiency@sh.itjust.works 28 points 6 months ago (1 children)

lol dude, I’ve known several people who have worked at AWS for years, and the amount of duct tape and bailing wire Mickey Mouse shit that I’ve heard goes on there just… does not inspire confidence.

[–] Sicklad@lemmy.world 10 points 6 months ago

Yeah in my last role we were probably the biggest user of a certain storage service that was still kinda new, there were quite a few times we found bugs, features that straight up didn't work how the documentation stated, and aws sent us workaround scripts that seriously looked like an unpaid intern wrote.

I'm not sure if GCP/Azure would be much different though.

[–] Hupf@feddit.de 62 points 6 months ago (2 children)
[–] Chronographs@lemmy.zip 30 points 6 months ago

That’s a rare vintage

[–] AmbiguousProps 54 points 6 months ago (1 children)

As it turns out, one of the popular open-source tools had a default configuration to store their backups in S3. And, as a placeholder for a bucket name, they used… the same name that I used for my bucket.

[–] LostXOR@fedia.io 34 points 6 months ago

It's completely insane that the tool would attempt to connect to a nonexistent bucket for backups by default instead of just... having them disabled completely?

[–] sensiblepuffin@lemmy.world 43 points 6 months ago

AWS was kind enough to cancel my S3 bill. However, they emphasized that this was done as an exception.

Dicks.

[–] neo@lemmy.comfysnug.space 39 points 6 months ago (1 children)

Please use scribe.rip instead of medium.com for articles

https://nomedium.dev/

[–] Deebster@programming.dev 20 points 6 months ago (1 children)

A great post, interesting and to the point.

[–] onlinepersona@programming.dev 4 points 6 months ago

I woke up yesterday morning and felt a little bit hazy. My feet tingled a little and that was an indication of what was going to happen. My podometric senses were tingling! Hahaha, get it? So anyway, after having a light breakfast and sitting down in front of my desk to check my emails, one in particular stood out. Being in a hurry however, I left for work and....

Article written like this are reason for me to stop reading. So annoying. This article is a breath of fresh air.

Anti Commercial-AI license

[–] CosmicCleric@lemmy.world 12 points 6 months ago* (last edited 6 months ago) (1 children)

Wow, makes one fearful to even use AWS. Yikes!

Definately required reading for those who use AWS.

~Anti~ ~Commercial-AI~ ~license~ ~(CC~ ~BY-NC-SA~ ~4.0)~

[–] 30p87@feddit.de 1 points 6 months ago

Chilling with nothing but my homeserver here. Backed up to the NAS, mirrored to my grandparents house. No charges, no misconfigurations, just Arch testing being more stable than any commercial service I know lol