I am continuing to be amazed at how much over engineering Airbnb does for ostensibly a cleaner couch surfing broker. Like they don't actually do much even for a travel site, they have so much investment and could have easily disrupted so many different travel related Fields instead they keep over engineering software. Not sure how to feel about it (since we do kinda benefit from their busywork)
They have similar incentives to Uber where their main goal is to get engineers to work for them by being interesting, and it doesn't actually have to be profitable. I think Uber also writes blog posts about architecture to trick competitors into thinking it can't be done by sharding each city into one box under someone's desk.
I use OPA with terraform and kubernetes, but I’m looking for something for application ACLs, where I as a resource owner can assign permissions to arbitrary subjects for a resource.
Does OPA support that? If so that would be very very cool.
Certainly! Application and microservice authorization is probably one of the more common use cases for OPA, and there's definitely benefits in having a unified policy engine in an organization or company.
I have only found RBAC and ABAC docs and tutorials for OPA, do you happen to know of a good source of docs for ACLs like, User A gives User B edit rights on Resource C?
Update: I swear I’ve looked through the docs 20 times and I’ve never seen this use case, but of course after writing this comment I go back and immediately find what may work :-)
Even if you run DNS over an encrypted line (e.g. DoH), the ISP can see which IPs you're talking to, which in many cases translates back rather cleanly into which services you're using (which makes for a rather interesting profile already if you take into account time patterns and bandwidth usage).
Yes- very, very well for us. YMMV, of course. For reference- this was in a B2B SaaS space targeting SMB. Once we got the Enterprises' attention, we added a 0 for them.
CPU is much cheaper for scaling a business.