My team at Amazon is looking for software engineers to help grow the Amazon Trade-In program: customers send us their used books, video games, movies and electronics in exchange for Amazon gift cards.
We're looking for smart engineers that are effective at both frontend and backend work and have a track record of getting things done. Email is in the profile.
Is there a reason why you cant have one of these forward to an HTTPS port that's using a long-lived self-signed certificate? That way you'd keep things SSL'ed the whole way, but updating your certs becomes easier (upload a new one to the ELB vs distribute it to all your servers).
I haven't tried this myself and the docs dont say if its (im)possible, but it seems like that'd be a good feature.
Is there a reason why you cant have one of these forward to an HTTPS port that's using a long-lived self-signed certificate?
Much better: Forward via HTTPS to EC2 instances which are using short-lived certificates. When you boot a new instance to add to your load balancing cluster, have it generate an SSL key which ELB is told to trust. If a node is compromised, you just tell ELB to not trust that certificate any more.
But that doesn't seem to be possible, and it still doesn't make up for the fact that putting SSL stacks and $BIGNUM SSL keys together is practically begging to be attacked.
I'm not a security expert by any means, but why is telling ELB "dont trust cert X" any better than removing the compromised instances from the ELB via the API (or just terminating the instance entirely)?
because in theory, the private key that was stored on that trusted instance could have been stolen ready to be used to impersonate that machine later on.
Assuming eventual availability can be pretty handy -- one way deal with a dependency outage is to retry with an exponential backoff. If a dependency is unavailable now, and your system keeps retrying until it is, then you are assuming your dependency will become available again eventually.
Fair point - but of course your client is not making any progress, and so the unavailability ripples up. It's unlikely that there is user facing case where this is a useful way to work, though I can see it's use in loosely coupled connections between backends.
They did move their writes to an async job. They write the apps list into mongodb, then a daemon later copies it into mysql. Mongodb is being used as a cache (the frontend queries mongo then mysql)... this way they can read the data while also throttling writes to their main db.
I can see why non-technical users might go to the google homepage for searching... but I'm suprised geeks ever go there. I just type search queries type into my Firefox search box, which is just a keyboard shortcut away. No background images for me!
The best part is that even Adobe can't get their own flash working well... A "TypeError: Error #1034: Type Coercion failed: cannot convert mx.collections::ArrayCollection@2377c381 to Array" exception popped up in a modal dialog when it loaded (I'm using the debug version of flash). Awesome.
another one that would be helpful: have the RSS feed include a link to both the article linked and the comment thread. right now, it seems to only have a link to the article...
