amazonaws.com?

• Previous message (by thread): amazonaws.com?
• Next message (by thread): amazonaws.com?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 27 May 2008, at 16:33, Robert Bonomi wrote:

>> From nanog-bounces at nanog.org  Mon May 26 21:16:58 2008
>> Date: Tue, 27 May 2008 07:46:26 +0530
>> From: "Suresh Ramasubramanian" <ops.lists at gmail.com>
>> To: "Colin Alston" <karnaugh at karnaugh.za.net>
>> Subject: Re: amazonaws.com?
>> Cc: nanog at merit.edu
>>
>> On Tue, May 27, 2008 at 1:10 AM, Colin Alston  
>> <karnaugh at karnaugh.za.net> wrote:
>>> On 26/05/2008 18:13 Suresh Ramasubramanian wrote:
>>>>
>>
>> I didnt actually, Bonomi did .. but going on ..
>
> Mis-credit where mis-credit isn't due ...  Twasn't me, either.  <grin>
>
> I just commented that I couldn't think of a reason for a _compute_  
> cluster to
> need access to unlimited remote machines/ports.  And that it could  
> 'trivially'
> be made an _automatic_ part of the 'compute session' config -- to  
> allow access
> to a laundry-list of ports/machines, and those ports/machines -only-.
>
> If Amazon were a 'good neighbor', they _would_ implement something  
> like this.
> That they see no need to do _anything_ -- when _actual_ problems,  
> which are
> directly attributable to their failure to do so, have been brought  
> to their
> attention -- does argue in favor of wholesale firewalling of the  
> EC2 address-
> space.
>
> If the address-space owner won't police it's own property, there is  
> no reason
> for the rest of the world to spend the time/effort to _selectively_  
> police it
> for them.
>
> Amazon _might_ 'get a clue' if enough providers walled off the EC2  
> space, and
> they found difficulty selling cycles to people who couldn't access  
> the machines
> to set up their compute applications.

This is a classic example of externalities in the economics of security.

Currently, any damage caused by Amazon customers costs Amazon little  
or nothing. The
costs are borne by the victims of that damage. On the other hand  
mitigating this
damage would cause Amazon costs, in engineering and lost revenue. So  
in economic
terms they have no incentive to 'do the right thing'.

So to get Amazon to police their customers either requires regulation  
or an external
economic pressure. Blocking AWS from folk's mail servers would apply  
some pressure,
making areas of the net go dark to AWS would apply more pressure  
faster. A considerable
amount of pressure could be placed by a big enough money damages  
lawsuit but that has
a feedback delay of months to years.

• Previous message (by thread): amazonaws.com?
• Next message (by thread): amazonaws.com?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]