The Internet Is us-east-1 | ✉️ #80

Last updated: 01/11/25 | Published: 01/11/25

Hey! 👋

It’s impressive how when AWS’s us-east-1 region is down, then half of the Internet is down. Then again, if some data center of GCP is down, the other half of the Internet would end up erroring out.

I am currently reading Internet for the People, which gives a history of how the Internet was built, then privatized, then transformed to what we have today. At some point, something definitely went wrong. The Internet should not stall when one data center of one hyperscaler has an issue. It feels so against what global net should be, that I start to wonder if we are on the right path.

Now, of course, I am contributing to this problem, as I do help companies migrate to the cloud and use the cloud. All of mkdev does. And most of the days most of the time it’s the right call, still. But we might be reaching the point, where putting “the cloud” between the Internet and every single website introduces huge risks to security, stability, and everything else around our digital lives.

I like to think about a better version of all of it, but I can’t yet think of a way how to get there. Even such things as self-hosting our own tools doesn’t seem feasible. If we decide to use an open source tool for team chat, then we can’t connect with our customers over Slack Connect - and we want to meet our customers where they are. And if us-east-1 is down, then Slack is down.

There seems to be no way out except hoping for hyperscalers to do the right thing - and for everyone else to consider digital souverenigity a bit more seriously.

Any thoughts on this? I’d be also happy to explore it more on the podcast.

What We've Discovered

Amazon ECR enhanced scanning now surfaces image use status: Yes! We don't care about all the images we have, as much as we care about the images actually used for running containers in our clusters.
Terraform Cloud token abuse turns speculative plan into remote code execution: Even outside of Terraform Cloud, this attack mode is something to always keep in mind. Terraform's "external" data resource is something we almost wish didn't exist, as it introduces a potential security issue in any setup, where you trust a group too wide to submit IaC changes.
Cloudflare and the infinite sadness of migrations: We have a feeling that at least half of all the work we did in our career is migrations. Migrations are tricky, maintaining two systems in parallel is hard and one of the recent CloudFlare outages is another example of why this is the case.
Hashing: Interactive guide into Hashing. We'd highly recommend spending time on this one, even if you know what hashing is.
Guarding the herd – managing database servers at scale: monday.com went from single database to multiple dbs and then to so many dbs that they built a whole platform layer around it. This blog post walks you through this journey.

The 81st mkdev dispatch will arrive on Friday, November 14th. See you next time!