North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: amazonaws.com?

  • From: Ian Mason
  • Date: Thu May 29 19:51:39 2008


On 27 May 2008, at 16:33, Robert Bonomi wrote:


From [email protected]  Mon May 26 21:16:58 2008
Date: Tue, 27 May 2008 07:46:26 +0530
From: "Suresh Ramasubramanian" <[email protected]>
To: "Colin Alston" <[email protected]>
Subject: Re: amazonaws.com?
Cc: [email protected]

On Tue, May 27, 2008 at 1:10 AM, Colin Alston <[email protected]> wrote:
On 26/05/2008 18:13 Suresh Ramasubramanian wrote:


I didnt actually, Bonomi did .. but going on ..

Mis-credit where mis-credit isn't due ... Twasn't me, either. <grin>


I just commented that I couldn't think of a reason for a _compute_ cluster to
need access to unlimited remote machines/ports. And that it could 'trivially'
be made an _automatic_ part of the 'compute session' config -- to allow access
to a laundry-list of ports/machines, and those ports/machines -only-.


If Amazon were a 'good neighbor', they _would_ implement something like this.
That they see no need to do _anything_ -- when _actual_ problems, which are
directly attributable to their failure to do so, have been brought to their
attention -- does argue in favor of wholesale firewalling of the EC2 address-
space.


If the address-space owner won't police it's own property, there is no reason
for the rest of the world to spend the time/effort to _selectively_ police it
for them.


Amazon _might_ 'get a clue' if enough providers walled off the EC2 space, and
they found difficulty selling cycles to people who couldn't access the machines
to set up their compute applications.

This is a classic example of externalities in the economics of security.


Currently, any damage caused by Amazon customers costs Amazon little or nothing. The
costs are borne by the victims of that damage. On the other hand mitigating this
damage would cause Amazon costs, in engineering and lost revenue. So in economic
terms they have no incentive to 'do the right thing'.


So to get Amazon to police their customers either requires regulation or an external
economic pressure. Blocking AWS from folk's mail servers would apply some pressure,
making areas of the net go dark to AWS would apply more pressure faster. A considerable
amount of pressure could be placed by a big enough money damages lawsuit but that has
a feedback delay of months to years.