First of all, thx for documenting the mogration. That is very interesting.
Your monthly bill is smaller now. But how many hours did you invest into the migration? And how many hours more per month do you put in maintenance? I mean you have to take care of security patches now and many more things.
You used AWS in the most expensive way. Of course its expensive if you use on demand offering. You can cut costs by using Spot instances for ECS. Another way is by using reserved instances for ECS. If you pay 3 years upfront, you can get discounts up to 75%. That works for ECS and RDS.
I'm running ZEIT.IO on AWS and I had similar problems. But I don't want to manage VMs. As soon I have to SSH into something, I have a ton of problems I don't want to deal with.
Docker container pre-configured with Nginx as forwarding proxy. You can use it to either block all outgoing traffic and whitelist certain domains or allow all outgoing traffic and blacklist certain domains. Let me know if you find it useful!
That's nice to see the NSA is contributing to the OSS community. I just randomly picked one of the NSA GitHub repositories, analysed it with VersionEye (https://www.versioneye.com) and found already 25 security vulnerabilities. Who is the best person to contact in this case? Here is the security report: https://www.versioneye.com/user/projects/59479cd06725bd00123....
You could use the VersionEye Maven Plugin for that: https://github.com/versioneye/versioneye_maven_plugin. It checks your dependencies against a license whitelist on the VersionEye server and if there is a violation it breaks your build on your CI server. That way you can enforce a license policy continuously. It's much better than just checking licenses once a year ;-)
I'm working on VersionEye since a couple years, it's a similar project and I open sourced it last week: https://blog.versioneye.com/2016/06/28/versioneye-goes-open-.... I'm following Andrews activities since a while and like what he did with libraries.io. Great job! As both projects have a big overlap and are open source now I'm open for collaboration :)
I'm crawling some famous C repos at GitHub for VersionEye. There are listed here: https://www.versioneye.com/C. And I integrated the biicode, a dependency manager for C/C++. The biicode packages are listed here: https://www.versioneye.com/biicode. Currently there are no tags like at libraries.io but maybe I will add tags and tag filters for browsing tags/categories.
Everybody is an highly competitive field. Everybody wants to release as fast as possible. That's why everybody is using open source components. I know that everybody in the commercial field avoids GPL. Just curious which other licenses are on the blacklist of the some companies.
If I take a specific example, a AAA game like starcraft 2 uses something like 10-20 different open source projects, where the licenses are everything from personal granted permission, mit, to LGPL. I would also guess that some of those personal granted permission is actually bought permission from dual licensed GPL projects.
Not everyone are willing to go those lengths to save time and work. Not-invented-here is still going strong, as is FUD. If you are in a highly competitive field that can't afford NIH and FUD, then you can't afford a blacklist either.
Your monthly bill is smaller now. But how many hours did you invest into the migration? And how many hours more per month do you put in maintenance? I mean you have to take care of security patches now and many more things.
You used AWS in the most expensive way. Of course its expensive if you use on demand offering. You can cut costs by using Spot instances for ECS. Another way is by using reserved instances for ECS. If you pay 3 years upfront, you can get discounts up to 75%. That works for ECS and RDS.
I'm running ZEIT.IO on AWS and I had similar problems. But I don't want to manage VMs. As soon I have to SSH into something, I have a ton of problems I don't want to deal with.