Hacker News: cperciva

New comment by cperciva in "Ask HN: What Are You Working On? (April 2026)"

cperciva — Mon, 13 Apr 2026 04:11:21 +0000

Heh, I'm sure it's nothing like that. It wouldn't rule out the possibility that I'm tickling a firmware bug in the ENA device though.

New comment by cperciva in "Ask HN: What Are You Working On? (April 2026)"

cperciva — Sun, 12 Apr 2026 23:49:11 +0000

The same thing I do every night - try to make FreeBSD work better on EC2!

Ok in all seriousness, right now I'm tracking down an issue with the ENA network interface which results in sporadic packet loss. Triggering the issue is hard and seems to require a large number of TCP segments being pushed to the NIC very fast. So far I've found that my reproducer stops reproducing when I turn off write combining on the MMIO space used for low latency queueing, which is... just a little bit weird.

New comment by cperciva in "20 years on AWS and never not my job"

cperciva — Sat, 11 Apr 2026 17:53:54 +0000

Yes, that's correct. They're not idiots and realize that spinning up FreeBSD instances in EC2 can be very useful for development purposes -- the largest EC2 instances can run a buildworld very very fast -- but they have no need for FreeBSD/EC2 for their production workloads.

New comment by cperciva in "20 years on AWS and never not my job"

cperciva — Sat, 11 Apr 2026 17:51:45 +0000

I do have a few "free" AWS accounts! But they're for FreeBSD stuff (development, publishing official images, and FreeBSD infrastructure which Amazon hosts) -- I would never use them for my business.

I'm sure I could get away with it and nobody at Amazon would even notice, but it's the principle of the thing.

New comment by cperciva in "20 years on AWS and never not my job"

cperciva — Sat, 11 Apr 2026 17:46:36 +0000

I think cc1.4xlarge was the first instance I ran the Tarsnap service on. Being HVM made me far more confident -- PV dramatically increases the risk of VM/paging bugs, which is exactly the way to get silent data corruption.

So... I'd have to check my notes to be sure but I think fall 2011?

New comment by cperciva in "20 years on AWS and never not my job"

cperciva — Sat, 11 Apr 2026 17:43:13 +0000

Indeed, when re:Invent 2020 went virtual and we had a virtual space we could walk around I had a major sense of deja vu -- of course Second Life on a laptop was very different from wearing VR goggles.

New comment by cperciva in "20 years on AWS and never not my job"

cperciva — Sat, 11 Apr 2026 16:02:23 +0000

Right, I've got 19 years of NDAs so I try to be careful about what I talk about publicly...

New comment by cperciva in "20 years on AWS and never not my job"

cperciva — Sat, 11 Apr 2026 14:02:59 +0000

What alternative interface does the author propose we use to securely exchange credentials?

If you read the linked post you'll see that at the time I suggested using XenStore to pass credentials to the OS kernel. Obviously a different approach would be needed with Nitro but if anything it would be easier now.

Once the kernel had them they could be exposed to applications via a synthetic filesystem which, crucially, can have ownership and permissions set on it.

I'm absolutely not arguing against IAM Roles for EC2. I'm arguing that they picked the worst possible interface over which to transmit those role credentials.

20 years on AWS and never not my job

cperciva — Sat, 11 Apr 2026 05:31:10 +0000

Article URL: https://www.daemonology.net/blog/2026-04-11-20-years-on-AWS-and-never-not-my-job.html

Comments URL: https://news.ycombinator.com/item?id=47727711

Points: 259

# Comments: 67

New comment by cperciva in "A compelling title that is cryptic enough to get you to take action on it"

cperciva — Fri, 10 Apr 2026 18:45:37 +0000

A complaint about the quality of posts and the comments they elicit here, followed by an allegation that Hacker News is turning into Reddit.

New comment by cperciva in "Top laptops to use with FreeBSD"

cperciva — Thu, 09 Apr 2026 14:48:28 +0000

I agree that 9/10 is a bit of a strange score there, but it's not all that bad: You can get a $15 wifi dongle and use that instead. It occupies a USB port and looks a bit ugly, but it's still a fairly easy workaround.

New comment by cperciva in "Project Glasswing: Securing critical software for the AI era"

cperciva — Thu, 09 Apr 2026 01:32:41 +0000

I'm going with (3) I've been working in software security for over 20 years, I've seen what this model produces, and I know what I'm talking about.

New comment by cperciva in "Project Glasswing: Securing critical software for the AI era"

cperciva — Wed, 08 Apr 2026 02:02:47 +0000

its very possible that this is Anthropic marketing puffery

It isn't.

New comment by cperciva in "AWS engineer reports PostgreSQL perf halved by Linux 7.0, fix may not be easy"

cperciva — Sun, 05 Apr 2026 18:07:35 +0000

FreeBSD 15 has lots of useful features! And better performance on other benchmarks; I just need to track down what's going wrong with this particular one.

New comment by cperciva in "AWS engineer reports PostgreSQL perf halved by Linux 7.0, fix may not be easy"

cperciva — Sun, 05 Apr 2026 02:09:04 +0000

This makes me feel better about the 10% performance regression I just measured between FreeBSD 14 and FreeBSD 15.0.

New comment by cperciva in "Significant raise of reports"

cperciva — Thu, 02 Apr 2026 19:01:50 +0000

Only two remote code execution vulnerabilities in the default configuration. But that's not the only type of security bug.

New comment by cperciva in "72% of the dollar's purchasing power was destroyed in just four episodes"

cperciva — Mon, 30 Mar 2026 16:08:34 +0000

Note that most of this period falls before the modern inflation target was established in 1995. In the past 30 years we've had 75% accumulated annual inflation (aka prices have increased be a factor of exp(0.75) = 2.1) of which 16% (aka 21% of the total) took place during an inflation excursion (which lasted 2.5 years aka 8% of the total time period).

If anything the data points at "inflation targeting works and is producing slow and steady inflation" rather than "inflation comes in concentrated bursts".

New comment by cperciva in "The Shape of Inequalities"

cperciva — Fri, 20 Mar 2026 05:15:00 +0000

Also fun: The Arithmetic-Geometric Mean can be used to calculate Pi! (Most usefully, the AGM of 1 and sqrt(1/2).)

New comment by cperciva in "OpenBSD: PF queues break the 4 Gbps barrier"

cperciva — Thu, 19 Mar 2026 17:01:26 +0000

pushing the hot path out to userland where you can actually scale across cores

What sort of kernel do you have which can't scale across cores?

New comment by cperciva in "Show HN: Sub-millisecond VM sandboxes using CoW memory forking"

cperciva — Wed, 18 Mar 2026 05:46:38 +0000

Re-seeding is easy. The hard parts are (a) finding everything which needs to be reseeded -- not just explicit RNGs but also things like keys used to pick outgoing port numbers in a pseudorandom order -- and (b) making sure that all the relevant code becomes aware that it was just forked -- not necessarily trivial given that there's no standard "you just got restarted from a snapshot" signal in UNIX.