How does security and isolation work? If someone else's account is compromised, how do I know I won't be? If instant is compromised, how do I know I won't be?

If someone else's account is compromised, you would not be, because apps are logically separated. There would be no way for the compromised or uncompromised account to ever see your data.

If Instant is compromised, then that's a lot more dangerous. We minimize this risk following security best practices: keeping data encrypted at rest, keeping secrets hashed at creation time, etc.

Keyword is "logically" separated here...

Also no motion of data encrypted during transit.

Would not use this for anything other than toy projects.

Oh they’re logically separated. Thanks for explaining that. Now I’m certain nothing could possibly go wrong.

/s

"logically separated" as opposed to "physically separated" (pretty rare in the Cloud world)

If you want more details, read their open source codebase or ask them specifically what documentation would boost your confidence, instead of leaving snarky comments.

I would argue that saying the accounts are logically separated is a snarky comment. It’s akin to patting the reader on the head and saying “don’t you worry your pretty little head”. Logically separated says nothing. Distinct VMs are logically separated, containers are logically separated, as are storing data in different files which self-modifying PHP code which doesn’t check its inputs tries to keep distinct. It’s basically just saying their engineers do their best but any single bug leaks data. Which is better than saying their engineers don’t even try? Not really. It’s a completely empty statement.

Also, for people who actually care about security in the cloud, physically separated is not uncommon. Side channel attacks are real. Dedicated instances are not that hard if you really care about security.

My choice of the word "logically separated", was meant to specifically answer the question the reader asked:

> If someone else's account is compromised, how do I know I won't be?

If you have other questions, you can feel free to ask, and I'd be happy to answer in more detail.

It'd be useful to understnad the nature of that logical separation: for example is data from different tenants stored on disk using different encryption keys? what about in memory? or perhaps there's no encryption-level isolation but you're relying on an authorization layer to authorize to different pieces of data: if that's the case is that built on Postgres's row-level security, for example?

These are fundamental points to be open and transparent about to instill confidence

HOW are they logically separated? Are there any layers to this security? Any standard established security boundaries like containers? Or is it just your app code doing its best not to have security bugs?

When a political party controls the science, you end up with say, Trump pushing one set of results, and Biden pushing another. It then becomes either pick the science that agrees with your politics, or throw up your hands in frustration. The average reader probably won't be able to dig into the fundamentals of the research and pull out the salient results, nor are they guaranteed it isn't policy pushed through overstated claims. It really undermines good science. It also falls back on the researchers who push science based on politics as well, so it isn't just the politicians.

That’s all true but it’s orthogonal to what i think you are responding to IMO.

I don’t think that studies are bunk because of corporate money, I think they are bunk because of how many studies I read. I am not a very fun person so when I see news reports about studies, I try to look them up. I find it more peaceful than memes or celebrity events. Think “coffee is good/bad for you again” style studies we read about daily.

These studies always suck. Ok, maybe 90% if I’m not being hyperbolic. It’s small sample sizes sure, but it’s also faulty logic, unsupported claims from evidence, lack of looking for alternatives, lack of ruling out confounding factors. And don’t get me started on soft-science an arts theses, I don’t have time.

I know that science moves forward mostly in millimeters, and I would agree that we have more and better scientific knowledge now than we have had in the past. But it certainly isn’t for the amount of publish-or-perish, p-hacking, storytelling, or outright fabrication.

In my experience the lay people aren't getting a great idea of the state of the field. Like you say coffee good/bad studies. It isn't that simple. People test all sorts of things in different contexts. But maybe some are genuinely bad studies. You don't know though because science journalism is so crappy. They don't care about the merits of the study. They go "people drink coffee, maybe that would drive engagement."

The most interesting papers are not going to get popular press releases because they are so many steps removed from the context that lay people understand. They can understand "coffee good/bad." They can't understand anything about the stories we are actually telling at the bleeding edge of a field, because even our undergrads working in our labs on these projects can scarcely understand them. Second year grad students struggle to understand them. How can a science journalist who only has a bs from communications department, or the lay public, possibly understand?

So, they don't reach for those papers when they seek to write articles for engagement. And the lay public doesn't learn the state of the art, and assumes the worst of the field from what they do read about.

Every few days I would log on. I was only 10-14 years old. It spread by word of mouth, and I just happened to have access to my dad's computer that had a modem. I'd hop on and play tradewars or similar. There were forums, mostly about hacking/pirating content. The forums were not too distant from what reddit feels like. As a young kid, it was also the only place where unfiltered information could be found, like how to make a bomb or how to get around copy protections. A lot of friends I had at the time where starting to do more serious file sharing, though the bandwidth kept that pretty limited.

Google for nonprofits is extremely generous. It's really not that bad in the end, and you only set it up once for a lot of benefit.

Eh, this is BS also.

What do investors want? Returns on their investment right.

So, as an investor do you throw your money blindly at a high risk endeavor that is likely to fail due to competition, or

Do you invest in setting up a limited rent seeking market that guarantees income in the future.

Unregulated free market capitalism always turns into one large bully that dominates over everyone else because one large bully that dominates over everyone else is a very effective system. Vote based governments such as democracy are a means of attempting to ensure that said government are somewhat controlled by the people and not by a king/corporations in the first place.

You can see examples of both.

For instance on Matt Stoller's blog there are endless articles about how private equity is buying up medical practices, veterinary practices, cheerleading leagues, all sorts of low-risk, high-reward rollups. You also see things like the current AI bubble where there is very much an "arms race" where it seems quite likely that investors are willing to risk wasting their money because of the fear of missing out.

Some other kind of social system is going to face the same trade-offs and note that "communism" in the sense of the USSR and China might not be a true alternative. I mean, Stalin's great accomplishment was starving his peasants to promote rapid industrialization (capital formation!) so they could fight off Germany and then challenge the US for world supremacy. People who are impressed with China today are impressed that they're building huge solar farms, factories that build affordable electric cars, have entrepreneurial companies that develop video games and social media sites, etc. That is, they seem to out-capitalize us.

-ish. I often keep md files around and after a successful task. I ask Codex to write the important bits down. Then, when I come around to a similar task in the future, I have it start at the md file. It's like context that grows and is very localized. It helps when I'm going through multiple repos at multiple levels.

I’m also doing similar with fairly decent results. AGENTS.md grows after each session that resulted in worthwhile knowledge that future sessions can take advantage of. At some point I assume it will be too big, then it’s back to the Stone Age for the new agents, in order to release some context for the actual work.

As a devout Baptist minister, this is likely about one of two things, avoiding the appearance of evil (gambling, 1 Thess 5:22 - Abstain from every form of evil), and giving up something for the sake of others (gambling addictions within the church, Rom 4:21 - or do anything that causes your brother to stumble).

The reality is that most churches recognize that they were too legalistic in the past, and so now address things like gambling more directly, and are perfectly ok with playing cards. FWIW YMMV :-)

I was under the impression that the injunction against playing cards was because of their proximity to tarot/occult practices. Mormons had the same injunction against playing cards until the 80s, when the teaching was no longer promulgated. Speaking as a former Mormon...

Here in Sweden, where we also have free churches such as Baptists, Laestadians etc., the concern was definitely about gambling.

I think that's not wrong. Same principle, different sin... it looks like gambling, or the occult, or...

Sure, but let's say you do EKS, you set it up once and then it's mostly done, including security, etc. You set up your own, then you upgrade every 6 months manually.... this is a cascading cost.

This takes time and effort, thus, lost opportunity cost. The thing that makes these providers worth it, is that it lets the business focus on their core competencies and just add-on as they scale without worrying about complexity. A business owner who hyper-optimizes for every contract is unlikely to be focusing on growing their business, even if their business is more efficient on paper.

> This takes time and effort, thus, lost opportunity cost.

Why should we assume this for every type of business.

> The thing that makes these providers worth it, is that it lets the business focus on their core competencies and just add-on as they scale without worrying about complexity.

Since when? Mastering the complexity and implementation of infrastructure from US cloud providers is a skill that takes time in itself. Personally I don’t see how Scaleway does not provide the same for example.

At some point we have to question are we choosing AWS, GCP, or Azure out of brand name, convenience, and marketability. Our if they actually enable faster business execution, higher availability, security, and regional compliance that alternatives don’t…

It would make me very uneasy to have my company be 100% dependent on another company. It sure is easy and convenient to just go to AWS/Azure/GCP pick all the components I want and plug them together but I'd say leading a company is not always choosing the easiest but sometimes the most sensible option.

Let’s say there’s a balance between the two, and maybe optimising a bit more is currently a good idea for various reasons…

Missed a link?