What counts as short-term? On a monthly basis this is definitely lower because they cut by 0.5% instead of 0.25%. On a 2026+ basis expectations have been steady at ~3%, don't understand how 4.x% could be lower than that.
Personally I think the 3% long-term expectation is ridiculous, and we'll either see high (10%+) rates as inflation spirals out of control, or low (0%) rates as we get another depression, and likely oscillation between the two of them. You can't use monetary policy to fix a demographic problem. But the projection for 3+ years out has held constant at 2.5-3% since at least 2018, even as the reality went from 2.5% to 0% to 5% during that time period. Just like all the projections for inflation always converge on 2% even if they're wrong.
One is the Fed dot plots that the Fed puts out with each FOMC statement. These are a poll of Fed governors about what they think interest rates will be like at various points in the future. The midpoint of the current spread is about 3%. You can Google for past FOMC statements and look up historical data, but it's stayed at around 3% since at least 2018, with a slight dip to maybe 2.5% in 2020/2021:
The other is the rates on 3Y Treasury Bonds, which measure what bond traders consensus expectation for the average interest rate over that 3Y period will be. To go out further (and minimize the impact of short-term fluctuations), you could also go out to 5Y. Currently, both are trading at 3.5%, which indicates that the market expects that the Fed will equilibrate at about 3.5%.
This does a great job of highlighting why properly configuring infrastructure is hard: S3 buckets (one of the most simple cloud infra services) have 70 configuration options.
Imagine you're a junior dev and your manager says "just spin up an S3 bucket and drop the data there, and make sure your app can access it".
S3 does have some sensible defaults, but a lot of Terraform modules do not...imagine somebody who now has to decipher S3's basic properties, ACLs, IAM, etc.
Totally agree with you on this one, it's the role of specialized platform teams + managers to make sure devs have the tools they need while also accounting for their skill level(s).
Not everyone has access to a specialized platform team or technical manager; very often it is a solo (or small group of) devs just trying to Get Stuff Done
Part of this is a consequence of Amazon's hesitance towards shutting down old features. They are getting better at this lately, but S3 remains an example of a system with too many ways of doing things simply because they don't want to take the step of eliminating legacy functionality.
Introduce S4 [1] with a reduced set of configuration options and nudge customers into using it instead. Then eventually make it the default and encourage migrations.
Maybe compared to other AWS offerings S3 is a simple service. But on the scale of all services it's incredibly complex. There is no shortage of providers offering cloud storage that's actually easy to set up, and intuitive to set up correctly
Inexperienced devs/admins are always a risk when it comes to infra. There isn't much difference between a misconfigured mysql test user and a freely accessible S3 bucket. One might be more modern then the other, but thats about it. Only real difference is that with cloud infra, junior employees can do more harm then they used to be able to do with local infra, because stuff has grown since.
Resourcely is 100% remote and we're crushing it. We have more access to tech talent than companies that only hire in the Bay Area. This is a puff piece designed to get outrage clicks and nothing more.
I'm very pro remote work as an employee but as someone starting a company here is something I think about:
By making RTO required for my startup, am I introducing a filter that will filter out many employees I wouldn't want anyway?
There are real benefits to working side by side in office, just like for the business and employee there are real benefits to remote work. Hiring is so difficult already, having a filter that will get rid of the applicants not willing to put 100% into the startup seems like a good trade.
Ok, with that said, now is the time I am destroyed by the work life balance mob.
Pay me enough to live, and save, give me a giant cut (not the meager equity of the last 25 years) and a place to show up to 3-4 days a week.
The whole point of a startup, of putting in that work is that you're making a bet. A bet on the idea, and the team, the team is making that bet too. The table stakes for startups have changed, and you're going to need a much more egalitarian distribution for your first 10-50 hires now if you want to attract talent.
I love working from home :)
But if I was doing the “give 100% to a startup” thing - as an employee or a founder - there’s no way I could stomach being 100% remote. No remote tools can replace having people in the same room working through a problem.
We haven't been able to get old information from IBM; either they discarded it or don't make it available. There are lots of old manuals on bitsavers, which is a treasure for historical computer research. It is worrisome how much preservation depends on the efforts of a single person.
This might be a bit morbid but consider contacting estate sales agents in the Poughkeepsie and Rochester areas? The last generation of hard core mainframe employees are all nearing retirement or have retired and as they and their families deal with the detritus of their careers may just be throwing away stuff. A lot of the print books ceased mid 1990s, in favor of BookManager files and eventually PDFs.
One of my hobbies is writing period-correct stuff for s/370 and MVS, and, yep, bitsavers is where it's at. Weird thought that if that person didn't go through the effort, the information would be near-unobtainable.
In my security career, it has become increasingly obvious to me what causes many incidents. At the same time, it is becoming harder to justify investment in solving that problem. I wrote this in the hopes it would help other people facing incidents caused by misconfiguration to advocate for addressing the root cause.
I don't know any big organizations that solely rely on GuardDuty. IMO, GuardDuty is great for a smaller company that wants something and doesn't want to have to buy/onboard/maintain a vendor.
There's at least one thing that GuardDuty does that is much more difficult to do without it: the detection of instance credential usage from outside the account/VPC. I'm sure there's a way to do this with cloudtrail logs but it's not straight forward.
My biggest problem with GuardDuty is that it's all or nothing (for the most part). We'd love to have the cloudtrail/DNS/ML monitoring but disable flow logs, which are by far the most expensive part of GD for large orgs. AWS refuses to give us that option. And if they're going to charge us a fortune for flow logs with GD at least let us download or view them.
I also find the DNS based cryptomining detections pretty handy, and high enough signal.
Great point on VPC Flow Logs! With the move to SKU off various GuardDuty features (S3 protection, Runtime, etc.) ... it'd be nice if GuardDuty monitoring of VPC Flow logs were more configurable
That's definitely aligned with what we see, we work with orgs where we're the next step after Guard Duty and some who already have more in place.
Certainly for the base usage, switching GuardDuty on can be a no brainer, as we touch on in the article - it's the additional SKUs where things a get a bit less clear.
