Amazon Finspace - Security and Trust

Discussion in 'Data Sets and Feeds' started by kmiklas, Aug 25, 2021.

  1. tsznecki


    Keith, any embarrassment I'm potentially suffering is dwarfed by the ridiculousness of you asking ET for advice on the original question. As I have said, would you ask your car mechanic about issues you are having with your home plumbing? It's ridiculous Keith, and so are you.

    I have given you my opinion on the OP. If you choose not to accept it, that's your problem not mine.

    I'm confident you should not be giving any advice, free or otherwise, since you claim to be a tech professional but you can't form an opinion to answer any of the 4 prompts above.
    #21     Aug 27, 2021
    kmiklas likes this.
  2. kmiklas


    I do not accept it, because you haven't given any opinion on the topic at hand; all you've done is personally attack me, and bash ET.

    It seems you have little to add here: you don't understand cl
    Here in the ET data science forum, you bad-mouth ET, belittle its members, attack me ad hominem, and undermine a post that presents a good data security question.

    You are a fool. You embarrass yourself, and have lost my respect. Please don't post in my threads anymore.
    Last edited: Aug 27, 2021
    #22     Aug 27, 2021
  3. tsznecki


    I have given you an answer, I said it shouldn't be a concern. If you choose to not accept that, that is your problem not mine.

    Keith, you claim you want to hear people speak their minds and the truth, but when I call you out on your questionable assumptions you think I'm going ad hominem and belittling you.

    What's that saying, takes a fool to recognize another fool?

    I don't need your respect Keith, as you are a joke. If you really knew the other forums/places to ask, show links to your threads on wilmott, nuclearphynance, quora, quant.stackexchange etc with timestamps that predate our conversation here on ET.

    If you hold the ET data science forum in high regard I have to call bullshit on your so called employer who supposedly is "spending $10M/year on Ph.D.'s". What's their name? Where's the link to their site? Where's the link to you being a member of their team? I don't think you can provide any proof you have the backing you claim. I don't believe I need to be extending you the benefit of the doubt at this point in the conversation.

    And as this isn't your forum, I'll post wherever I feel like it.
    #23     Aug 28, 2021
  4. kmiklas


    What a nightmare. This is exactly the kind of thing I'm afraid of with Finspace, and any cloud-based service.

    Somehow database keys were exposed, which allowed anyone to connect to any DB. Ugh... I wonder how bad it really is; how many breaches go unpublished, and what other vulnerabilities exist.
    #24     Aug 28, 2021
  5. If you look at Amazon's past behaviour, you'll see them doing things like asking one of their sellers for data on their suppliers and then cutting them out of the loop.

    I think the notion that just because a company is big, they wouldn't screw you is very naive.

    And as was mentioned, god help you if you ever happen to be on the wrong side of Amazon's politics, whatever those may be that particular week.
    I can understand that companies may decide that they no longer want to do business with a certain entity, but the way they booted Parler looked as if it was calculated to cause harm. The made sure to announce it around a weekend, and give them practically no time to arrange alternate hosting.

    Besides the issue of deliberate behaviour, there's two other issues to consider here:
    1) The cost to Amazon of your service being down is going to be much lower than the cost to you.
    2) There is an added layer of difficulty in trying to secure a "virtual" environment.

    It always amazes me how many companies and organizations are willing to use virtual servers that they do not own for critical business functions and sensitive data.

    If I was protecting particularly valuable proprietary data, I would use multiple servers thiat were owned by me with functions segmented, such that system exposed to the internet does not have direct access to the full dataset. The sever with the full data set would run a different OS, use different login credentials, and throttle requests such that the full data set could not be requested from the system exposed to the internet, and out of profile data usage would trigger an alarm.
    I sure as heck wouldn't do what some of these companies do and have a server with a giant file containing everyone's credit card and SSN connected right to the internet.
    #25     Sep 3, 2021
    cobco and kmiklas like this.