20 Years on AWS and Never Not My Job

Early AWS: odd defaults, missing signatures

A long-time FreeBSD contributor has published a recollection of the early AWS days, and it reads like a time capsule. The author says their account arrived with only two services enabled by default — Amazon Simple Queue Service and a little-remembered Amazon E-Commerce Service. It has been reported that the E-Commerce API has since been quietly scrubbed from AWS history. Early on, the writer flagged a security gap: requests were signed by API keys, but responses were not — and many calls still went over plain HTTP. Sound familiar? Transport-layer security helps, but end-to-end signing would have been nicer then and still matters now.

Bringing FreeBSD to EC2: persistence pays

When EC2 arrived, the author wanted FreeBSD to run on it. He reached out to Jeff Barr and, after some back-and-forth, landed an NDA in 2007. There’s a delightful, human moment here: the briefing was delayed because Amazon allegedly still used fax machines — the author had to snail-mail a wet-ink signature to Seattle. Custom kernels arrived later that year, and the author says his account was allowlisted for the internal “publish Amazon Kernel Images” API so FreeBSD could be supported. Small victories. Big satisfaction.

Security nudges and a very long payoff

He didn’t just ask for features; he pushed on security too. He urged Amazon to audit Xen and recommended folks he trusted, like Tavis Ormandy. Later in 2007 Tavis was credited with reporting flaws in Xen — whether those events are connected is unknown, and the author says as much. But the arc is clear: persistent, practical feedback nudged product decisions over years. The emotional high comes at the end — features the author asked for, like read-only boot and guaranteed memory wipe semantics, eventually appeared as EC2 Instance Attestation nearly two decades later. Patience, it seems, can be a superpower in cloud land.

Sources: daemonology.net, Hacker News