zlacker

[return to "So this guy is now S3. All of S3"]
1. sidmit+72[view] [source] 2023-05-04 19:03:05
>>aendru+(OP)
For those not getting the context(like me), this seems to be about the Bluesky Social(https://bsky.app/), a twitter alternative.
◧◩
2. pyentr+d7[view] [source] 2023-05-04 19:24:57
>>sidmit+72
Further context: Bluesky lets you use a domain name you own as a user handle.

The official method is to set a TXT record, but apparently their "AT protocol" also lets you confirm a domain by serving `GET your.domainname.com/xrpc/com.atproto.identity.resolveHandle`

and `xrpc` was available as an S3 bucket name :)

◧◩◪
3. mwint+s9[view] [source] 2023-05-04 19:35:11
>>pyentr+d7
Stunning that there are (were) any 4-char bucket names left.
◧◩◪◨
4. CydeWe+Qj[view] [source] 2023-05-04 20:26:22
>>mwint+s9
I guess I'm not too surprised in that, unlike domain names, these aren't obviously exposed to end users, so terseness doesn't particularly matter. Verbose and descriptive is honestly better for most names.
◧◩◪◨⬒
5. mikepu+Gr[view] [source] 2023-05-04 21:06:22
>>CydeWe+Qj
And given that bucket names are a giant shared namespace, there's absolutely an incentive toward lots of prefixing to help ensure you get the ones you want.
◧◩◪◨⬒⬓
6. techni+S41[view] [source] 2023-05-05 02:10:09
>>mikepu+Gr
A while back I made one with a name like "postgresbackups" and was floored to realise later it was a global name.
◧◩◪◨⬒⬓⬔
7. vlovic+R81[view] [source] 2023-05-05 03:02:42
>>techni+S41
To this day I don't know why it's a global name. For R2 we looked at this, saw the massive annoyance picking bucket names, and made it scoped to your account. CNAME records are orthogonal and can be set up to point to your bucket with a few button clicks.
◧◩◪◨⬒⬓⬔⧯
8. vlovic+Vm1[view] [source] 2023-05-05 05:48:42
>>vlovic+R81
Oh yeah, also we're more secure by default. Granted S3 was built a long time ago maybe when security was an afterthought and such mistakes are harder to correct now.

Other things I think we do better on:

* The account is the top-level thing we publish a cert for. Without knowing the bucket name you can't really do anything. With S3's global namespace, each bucket has a cert published which makes all buckets discovered as soon as they're created.

* Not default open to the world

* The R2-managed public bucket cname is shared and the URL for the bucket is random (i.e. just a UUID). Additionally, if you delete and recreate the bucket with the same name IIRC that random UUID is changed.

* We have a lot of sensible extensions like automatically creating a bucket on upload (granted not possible for S3 since buckets are global), setting per-object TTLs, handling unicode more gracefully (I think normalizing the key name is a saner choice with fewer foot guns even if there's some potential compatibility issues when you try to synchronize from a filesystem where you have two files with different forms but same normalized), etc etc etc.

[go to top]