[fabian2k]

They didn't mention anything about SLAs. This is about all the time, effort, paperwork and risk it takes to add yet another vendor. Having fewer vendors does actually reduce risk, as long as your chosen vendors are reasonably good. Though the bigger reason is certainly avoiding the additional bureaucracy, which is partly self-inflicted in larger companies but also not without merit.

[gobdovan]

Yeah, I understood the original point. And I'm tired of it.

I'm just tired of the 'everyone follows their immediate incentives while the system stays incoherent' as the de facto reality. I think shedding some light over the actual mechanics would maybe make someone consider 'perhaps we shouldn't allow our acquisition team just turn off their brain and choose the default to cover their bottoms; maybe vendors are worth more decision investment via actual thinking instead of performatively ending up on the default choice after a little ritualistic game of "eeny, meeny, miny, AWS"'.

I think it's worth pointing out that Jeff Bezos would fight this tooth and nail from happening in his companies. He popularised 'process as proxy'. Yet AWS as sold to external enterprises is the exact proxy Bezos warned against internally. Do what Bezos does, and even what Bezos preaches, just don't do by default what Bezos sells.

[johndhi]

Which vendor would you rather use in this context, with your sensitive customer data? -vendor A's list of sub-processors is a mile long and includes providers of questionable repute; -vendor B's list is short and includes AWS and GCP

[hectormalot]

We have a vendor with almost no subprocessors because they run their own hardware in a colo.

It is refreshing actually. They can accurately answer questions on how everything works and there is no subsubsubprocessors to worry about.

[gobdovan]

I think he's arguing about OpenAI vendoring specifically, where OpenAI has a lot of subprocessors, but AWS doesn't and there's not really a 3rd camp to choose from, yet. But even there you can't just choose AWS as I tried to illustrate in uncle comment.

[hectormalot]

Ah my mistake, I thought he was making a broader point that other providers always have deep subprocessor stacks.

[eventualcomp]

Praise be the accountability sink. https://news.ycombinator.com/item?id=41891694

[alchemism]

The politics of multimillion dollar contracts for public clouds go far, far, far beyond the preferences of an acquisition team, or what the engineers may think.

[gobdovan]

This is too vague to respond to meaningfully.

[spwa4]

> This is about all the time, effort, paperwork and risk it takes to add yet another vendor.

This is stupid. This protects you from having a risk to have to do small things (very small things), and updates, by increasing the risk you have to redo everything all at once. It's eliminating a tiny effort by massively increasing systemic risk.

It would, by the way, be a very good business and SRE exercise to actually trip those small risks from time to time and fix it.

Otherwise: ask Iranians what happened to their AWS accounts when Trump decided to sanction them. Ask ICC judges what happened to their email and visa cards. Everything just stopped and died. Is that what you want for your company?