Podcasts about Amazon S3

AWS Morning Brief for the week of June 23rd, 2025, with Corey Quinn. Links:AWS IAM now enforces MFA for root users across all account typesAWS expands resource control policies (RCPs) support to two additional servicesOne Year EC2 Instance Savings Plans are now available for P5 and P5en instancesAWS Certificate Manager introduces exportable public SSL/TLS certificates to use anywhereVerify internal access to critical AWS resources with new IAM Access Analyzer capabilitiesIntroducing AWS CDK Community MeetingsRapid monitoring of Amazon S3 bucket policy changes in AWS environments1Password's New Secrets Syncing Integration With AWS | 1Password

Dell Technologies helps customers design modern disaggregated data centres with storage, cyber resilience, software, and integrated solution innovations. Why it matters Organisations face increasing demands to efficiently manage and secure both modern and traditional workloads across on-premises data centres, cloud, and edge environments. IT and business needs keep changing, so the modern data centre must be ready for anything. Dell's approach to disaggregated infrastructure combines management of shared compute, networking and storage resource pools with software-driven automation, security, and partner integrations. Advanced storage and cyber resiliency capabilities Dell storage and cyber resiliency advancements deliver the performance and protection that modern data centres need. Dell PowerProtect Data Domain All-Flash appliances improve cyber resiliency with up to four times faster data restores and two times faster replication performance. They are more efficient, taking up 40% less rack space and saving up to 80% on power when compared to HDD systems. Dell PowerScale software advancements enhance object storage support and cyber resilience. The PowerScale Cybersecurity Suite offers comprehensive solutions to protect, access and recover critical data. Customers can boost application performance with Amazon EC2 cloud burst and reduce costs by backing up to Dell ObjectScale, Amazon S3 or Wasabi. PowerStore Advanced Ransomware Detection helps organisations validate data integrity and minimise downtime from ransomware attacks using advanced AI analytics. The news comes as Dell celebrates PowerStore's fifth anniversary and over 17,000 global customers. Automate private cloud and edge operations Dell software automates the deployment and management of disaggregated private cloud and edge solutions built with Dell's industry-leading infrastructure and partner technologies. Dell Private Cloud offers a new approach to deploying, managing and scaling private clouds built with cloud software from vendors like Broadcom, Nutanix and Red Hat on Dell disaggregated infrastructure. Organisations can protect their investment with reusable infrastructure, simplify operations with full lifecycle management and support customer choice with a catalogue of validated blueprints. Automation helps customers provision a private cloud stack in 90% fewer steps than manual processes, delivering a cluster in just two and a half hours with no manual effort. Dell Private Cloud is delivered using the Dell Automation Platform, a software platform designed to simplify how customers deploy and operate disaggregated solutions with secure, zero-touch onboarding and centralised management. "Dell Private Cloud has proven to be the right fit to help us meet our business priorities," said Keith Bradley, vice president, IT and Security, Nature Fresh Farms. "The flexibility to transition between cloud ecosystems and the ability to repurpose hardware is a game-changer for us by providing investment protection and enabling us to respond to evolving business needs quickly." New Dell NativeEdge features make it the most advanced and cost-effective solution for virtualised workloads at the edge and in remote branch offices.7 Critical data is protected and secured with policy-based load balancing, VM snapshots and backup and migration capabilities. Organisations can manage diverse edge environments consistently with non-Dell and legacy infrastructure support. "At Dell Technologies, we're defining the future architecture of the intelligent enterprise," said Arthur Lewis, president, Infrastructure Solutions Group, Dell Technologies. "Our disaggregated infrastructure approach helps customers build secure, efficient modern data centres that turn data into intelligence and complexity into clarity." More about Irish Tech News Irish Tech News are Ireland's No. 1 Online Tech Publication and often Ireland's No.1 Tech Podcast too. You can find hundreds of fantastic previous epis...

Send us a textApril 2025 news. A lot of news for you, dear listener, from Google, AWS and AzureTakeaway by the aiThe FinOps News podcast targets hardcore Phenops enthusiasts.Conflict can lead to better team dynamics and outcomes.Azure's VM hibernation feature offers cost-efficient workload management.Amazon EC2 introduces high-performance storage optimized instances.Bare metal instances provide significant performance improvements.Prompt optimization in Amazon Bedrock enhances AI model performance.AWS Database Migration Service now supports automatic storage scaling.Cloud gaming may benefit from new GPU instance offerings.The importance of feedback in improving cloud services is emphasized.The podcast aims to provide in-depth insights into cloud technology. Amazon S3 has significantly reduced its storage and request prices.Google Cloud's FinOps Hub 2.0 offers new tools for cost management.GKE now provides insights to optimize resource requests and limits.Azure AKS cost recommendations help identify savings opportunities.Google Cloud's backup services now support DB2 databases.Amazon Redshift introduces serverless reservations for cost predictability.AWS CodeBuild enhancements allow for better resource configuration.Microsoft Cost Management has improved export functionalities.Microsoft Copilot in Azure offers tailored prompts for cost analysis.Azure Static Web Apps will discontinue dedicated pricing plans.

Drex covers three critical cybersecurity stories: The FBI's annual Internet Crime Complaints Center report revealing a 9% increase in ransomware attacks and 67 new ransomware variants; JP Morgan Chase's CISO's open letter on third-party supply chain vulnerabilities; and a major data breach at Work Composer exposing 21 million employee screenshots stored in an unsecured Amazon S3 bucket. Key lesson: properly secure your cloud storage configurations.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

China's FamousSparrow is back. A misconfigured Amazon S3 bucket exposes data from an Australian fintech firm. Researchers uncover a sophisticated Linux-based backdoor targeting industrial systems. Infiltrating the BlackLock Ransomware group's infrastructure. Solar inverters in the security spotlight. Credential stuffing gets automated. CISA updates the Known Exploited Vulnerabilities catalog. The UK's NCA warns of online groups involved in sadistic cybercrime and real-world violence. Authorities arrest a dozen  individuals linked to the now-defunct Ghost encrypted communication platform. Our guest is Tal Skverer, Research Team Lead from Astrix, discussing the OWASP NHI Top 10 framework. Remembering our friend Matt Stephenson.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by Tal Skverer, Research Team Lead from Astrix, who is discussing the OWASP NHI Top 10 framework and how teams can use these as they implement NHIs into their systems. Selected Reading Chinese Spy Group FamousSparrow Back with a Vengeance, Targets US (Infosecurity Magazine) Aussie Fintech Vroom Exposes Thousands of Records After AWS Misconfiguration (HackRead) New Sophisticated Linux Backdoor Targets OT Systems via 0-Day RCE Exploit (GB Hackers) Blacklock Ransomware: A Late Holiday Gift with Intrusion into the Threat Actor's Infrastructure (Resecurity) Dozens of solar inverter flaws could be exploited to attack power grids (Bleeping Computer) Threat Actors Using Powerful Cybercriminal Weapon 'Atlantis AIO' to Automate Credential Stuffing Attacks (Cyber Security News) CISA Adds of Sitecore CMS Code Execution Vulnerability to List of Known Exploited Vulnerabilities (Cyber Security News) NCA Warns of Sadistic Online “Com” Networks (Infosecurity Magazine) 12 Cybercriminals Arrested Following Takedown of Ghost Communication Platform (Cyber Security News) Matt Stephenson remembrance (LinkedIn)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Quali sono i tipi di storage disponibili su AWS? Quali sono i casi d'uso tipici per ogni servizio? Quali sono le funzionalità di security e osservabilità? Quali sono le novità di Amazon S3 per la gestione dei dati nei sistemi di analytics? Oggi ne parliamo con Antonio Aga Rossi, Principal Solutions Architect di AWSLink utili:- Amazon S3 Tables- Amazon S3 Metadata

Think you know Amazon S3? Think again. Discover game-changing new features like S3 Metadata and S3 Express OneZone with your host Simon, and guest Wali Akbari, storage expert at AWS. Learn pro tips for managing data at scale, reducing costs, and leveraging new capabilities - essential listening for cloud architects and developers. For More Information about Amazon S3 visit: https://aws.amazon.com/s3/ And be sure to visit the AWS Storage Blog: https://aws.amazon.com/blogs/storage/

AWS Morning Brief for the week of February 24, with Corey Quinn. Links:Amazon ECS increases the CPU limit for ECS tasks to 192 vCPUsAmazon Q Developer now supports upgrade to Java 21AWS announces Backup Payment Methods for invoicesAWS CodePipeline adds native Amazon EKS deployment supportAWS Price List API supports AWS PrivateLinkAWS CloudFormation: 2024 Year in ReviewCost optimize your Minecraft Java EC2 ServerImproving Security in Amazon WorkMail with MFAUpdate on Support for Amazon ChimeBest practices to respond to security risks across your AWS OrganizationsReduce IT costs by implementing automatic shutdown for Amazon EC2 instancesHow to restrict Amazon S3 bucket access to a specific IAM roleIntroducing the AWS Trust CenterIs AWS Delivering on Its 3-Layer Approach to AI?

AWS Analytics expert Swapnil Bhoite joins us to break down of Amazon S3 Tables. From comparing Parquet and Apache Iceberg formats to explaining critical features like compaction and snapshot management, Swapnil explores how this fully-managed service streamlines data lake operations. Learn when to adopt S3 Tables, understand its cost-performance benefits, and discover key migration considerations from existing Glue catalog implementations — essential knowledge for teams looking to scale their analytics workloads on AWS.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.From earlier this week, The Docker Systems Status page reports an ongoing issue affecting Docker Desktop on macOS, where malware alerts are triggered by macOS identifying com.docker.vmnetd or com.docker.socket as potential threats. SafeBreach Labs has released a proof-of-concept (PoC) exploit for CVE-2024-49113, a critical vulnerability in the Lightweight Directory Access Protocol (LDAP) that impacts unpatched Windows Servers, including Active Directory Domain Controllers (DCs).The Halcyon RISE team has uncovered a novel ransomware campaign targeting Amazon S3 buckets, exploiting AWS's Server-Side Encryption with Customer-Provided Keys (SSE-C).A recent campaign has been targeting Fortinet FortiGate firewalls with exposed management interfaces, likely exploiting a zero-day vulnerability to gain unauthorized administrative access. Sophos recently reported on two distinct ransomware campaigns utilizing unique techniques to pressure victims and evade detection.

AWS Morning Brief for the week of January 21, with Corey Quinn. Links:AWS CodePipeline introduces new debugging experience in AWS Management ConsoleThe AWS Management Console now supports simultaneous sign-in for multiple AWS accountsEC2 Image Builder simplifies converting Windows ISO files to AMIsNow open — AWS Mexico (Central) RegionAWS CDK is splitting Construct Library and CLIAmazon Bedrock launches with Claude 3.5 Sonnet in the AWS Top Secret cloudPreventing unintended encryption of Amazon S3 objectsSecure root user access for member accounts in AWS Organizations | AWS Security BlogCost-optimized log aggregation and archival in Amazon S3 using s3tarIssue with Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV (CVE-2025-0500 and CVE-2025-0501)SponsorThe Duckbill Group: https://www.duckbillgroup.com/

An MFA outage affects Microsoft 365 Office apps. The Biden administration  introduces new export controls to block adversaries from accessing advanced AI chips. A Dutch university cancels lectures after a cyberattack. Three Russian nationals have been indicted for operating cryptocurrency mixers. Juniper Networks releases security updates for Junos OS. Spain's largest telecommunications company confirms a data breach. The “Banshee” infostealer leverages a stolen Apple encryption algorithm. Researchers uncover a novel ransomware campaign targeting Amazon S3 buckets. A major data broker suffers a major data breach. Our guest Philippe Humeau, CEO and Founder of CrowdSec, shares the biggest issues currently facing cybersecurity and how open-source cybersecurity platforms combat them. The weirdness of AI.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest Philippe Humeau, CEO and Founder of CrowdSec, shares the biggest issues currently facing cybersecurity and how open-source cybersecurity platforms combat them.  Selected Reading Microsoft MFA outage blocking access to Microsoft 365 apps (Bleeping Computer) White House Moves to Restrict AI Chip Exports (GovInfo Security) New Ransomware Group Uses AI to Develop Nefarious Tools (Infosecurity Magazine) Cyberattack forces Dutch university to cancel lectures (The Record) 3 Russians Indicted for Operating Blender.io and Sinbad.io Crypto Mixers (Hackread) Juniper Networks Fixes High-Severity Vulnerabilities in Junos OS (SecurityWeek) Aviatrix Controller RCE Vulnerability Exploited In The Wild (Cyber Security News)  Hackers Exploiting YouTube to Spread Malware That Steals Browser Data (GB Hackers) Banshee 2.0 Malware Steals Apple's Encryption to Hide on Macs (Dark Reading) A breach of a data broker's trove of location data threatens the privacy of millions (TechCrunch)  Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C (Halcyon)  AI Mistakes Are Very Different Than Human Mistakes (IEEE Spectrum) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we discuss Intel's CEO “resignation,” the rise of custom silicon, and the biggest announcements from AWS re:Invent. Plus, some thoughts on the simple satisfaction of label makers. Watch the YouTube Live Recording of Episode (https://www.youtube.com/watch?v=7pl48HWsZZA) 496 (https://www.youtube.com/watch?v=7pl48HWsZZA) Runner-up Titles re:Primitives Primitives, Re:invented Chatbots, Call Center Agents and Dev Co-Pilots. Thanksquitting Even the paranoid die Pardon me while I commoditize your business. Being paranoid has nothing to do with it This is a trailing indicator Robotic Cows. ARMchair Quarterbacking (that was funny!) Arm is going to get X86'd One Bill Rundown Intel Intel Announces Retirement of CEO Pat Gelsinger (https://www.businesswire.com/news/home/20241202016400/en/Intel-Announces-Retirement-of-CEO-Pat-Gelsinger) Intel CEO Forced Out After Board Grew Frustrated With Progress (https://www.bloomberg.com/news/articles/2024-12-02/intel-ceo-pat-gelsinger-retires-amid-chipmaker-s-turnaround-plan?embedded-checkout=true) Intel CEO Pat Gelsinger Resigns After Struggling to Turn Around Chip Maker (https://www.wsj.com/tech/intel-ceo-gelsinger-retires-leaves-board-cb2478e6?mod=mhp) Intel CEO takes his leave as ambition meets reality (https://www.theregister.com/2024/12/02/intel_gelsinger_leave/) Are Intel's Problems Too Big to Fix? (https://www.wsj.com/tech/are-intels-problems-too-big-to-fix-442a7dd7) Nvidia Keeps Its Old Chips Selling Hot (https://www.wsj.com/tech/ai/nvidia-keeps-its-old-chips-selling-hot-2596f11e?mod=article_inline) AWS Re:invent 2024 Top announcements of AWS re:Invent 2024 | Amazon Web Services (https://aws.amazon.com/blogs/aws/top-announcements-of-aws-reinvent-2024/) CEO Matt Garman unveils the future of cloud with generative AI and agentic workflows (https://siliconangle.com/2024/12/01/aws-reinvent-2024-ceo-matt-garman-unveils-future-cloud-generative-ai-agentic-workflows/) Introducing queryable object metadata for Amazon S3 buckets (preview) (https://aws.amazon.com/blogs/aws/introducing-queryable-object-metadata-for-amazon-s3-buckets-preview/) Amazon EC2 Trn2 Instances and Trn2 UltraServers for AI/ML training and inference are now available (https://aws.amazon.com/blogs/aws/amazon-ec2-trn2-instances-and-trn2-ultraservers-for-aiml-training-and-inference-is-now-available/) New Amazon Q Developer agent capabilities include generating documentation, code reviews, and unit tests (https://aws.amazon.com/blogs/aws/new-amazon-q-developer-agent-capabilities-include-generating-documentation-code-reviews-and-unit-tests/) Build faster, more cost-efficient, highly accurate models with Amazon Bedrock Model Distillation (preview) (https://aws.amazon.com/blogs/aws/build-faster-more-cost-efficient-highly-accurate-models-with-amazon-bedrock-model-distillation-preview/) New APIs in Amazon Bedrock to enhance RAG applications, now available (https://aws.amazon.com/blogs/aws/new-apis-in-amazon-bedrock-to-enhance-rag-applications-now-available/) New RAG evaluation and LLM-as-a-judge capabilities in Amazon Bedrock (https://aws.amazon.com/blogs/aws/new-rag-evaluation-and-llm-as-a-judge-capabilities-in-amazon-bedrock/) Relevant to your Interests 1Password Interviewing Banks for Possible 2025 Public Offering (https://www.bloomberg.com/news/articles/2024-11-21/1password-interviewing-banks-for-possible-2025-public-offering) FTC reportedly opens antitrust investigation into Microsoft | TechCrunch (https://techcrunch.com/2024/11/27/ftc-reportedly-opens-antitrust-investigation-into-microsoft/?utm_source=dlvr.it&utm_medium=bluesky) This $89 Wi-Fi router is designed to let you run whatever firmware you want (https://www.theverge.com/2024/12/2/24310967/openwrt-one-wi-fi-router-available-price-software-freedom-conservancy) Some Simple Economics of the Google Antitrust Case - Marginal REVOLUTION (https://marginalrevolution.com/marginalrevolution/2024/12/some-simple-economics-of-the-google-antitrust-case.html?utm_source=rss&utm_medium=rss&utm_campaign=some-simple-economics-of-the-google-antitrust-case) Modern Work Fucking Sucks. (https://www.joanwestenberg.com/modern-work-fucking-sucks/) Broadcom Announces the General Availability of VMware Tanzu Platform (https://blogs.vmware.com/tanzu/broadcom-announces-the-general-availability-of-vmware-tanzu-platform-10-making-it-easier-for-customers-to-build-and-launch-new-applications-in-the-private-cloud/) Gartner Identifies Top Three Priorities for CMOs to Deliver Marketing Excellence in 2025 (https://www.gartner.com/en/newsroom/press-releases/2024-12-03-gartner-identifies-top-three-priorities-for-cmos-to-deliver-marketing-excellence-in-2025) Data resilience firm Veeam scores $15B valuation in $2B secondary sale (https://techcrunch.com/2024/12/04/data-resilience-company-veeam-valued-at-15bn-after-2bn-secondary-sale/) LogicMonitor's massive $800M raise shows AI is driving the demand monitoring (https://techcrunch.com/2024/11/20/logic-monitor-massive-800m-raise-shows-ai-drives-demand-for-data-center-monitoring/) Nonsense Drones With Legs Can Walk, Hop, and Jump Into the Air (https://spectrum.ieee.org/bird-drone) How Murderbot Saved Martha Wells' Life (https://www.wired.com/story/murderbot-she-wrote-martha-wells/) Conferences CfgMgmtCamp (https://cfgmgmtcamp.org/ghent2025/), February 2-5, 2025. DevOpsDayLA (https://www.socallinuxexpo.org/scale/22x/events/devopsday-la) at SCALE22x (https://www.socallinuxexpo.org/scale/22x), March 6-9, 2025, discount code DEVOP SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: Apple AirTags (https://www.apple.com/airtag/?afid=p238%7CssctkrMBT-dc_mtid_1870765e38482_pcrid_593101533960_pgrid_120928559493_pntwk_g_pchan__pexid__ptid_kwd-836438321478_&cid=aos-us-kwgo-btb--slid---product-) Cloud News of the Month - November 2024 (https://www.thecloudcast.net) Matt: Factorio: Space Age (https://factorio.com/) Coté: Claude (https://claude.ai) is great for D&D. Platform Engineering and UK Digital People, with Abby Bangser (https://www.softwaredefinedinterviews.com/88) Photo Credits Header (https://unsplash.com/photos/a-box-with-a-label-on-it-E_dvFxEX9XU) Artwork (https://unsplash.com/photos/intel-computer-processor-in-selective-color-photography-0uXzoEzYZ4I)

Welcome to the inaugural episode of a new bi-weekly guest series where listeners will embark on a journey through the evolution of cloud storage technology and how Pure has evolved over time to deliver innovative capabilities to bridge on-prem and cloud storage. Gain insights from the technical experts in Pure's Technical Product Specialist team with guest host Ondrej Bursik guiding the conversation. Beginning with groundbreaking moments like Licklider's Intergalactic Computer Network and the launch of Amazon S3 in 2006, this episode explores how cloud storage has rapidly evolved from experimental technology to a critical backbone of modern digital ecosystems, highlighting pivotal milestones such as the emergence of Dropbox, Google Drive, and the rise of hybrid and multi-cloud architectures. Dive deeper and learn more around the technological advancements that have shaped cloud storage, examining the shift from traditional hard drives to cutting-edge SSD and NVMe technologies, the emergence of object storage, and the revolutionary impact of software-defined storage and hyper-converged infrastructure. Listeners will gain insights into the complex landscape of cloud storage costs, learning about intricate pricing models, optimization strategies, and the challenges of managing exponential data growth, with a particular focus on how Pure Storage is driving industry transformation through all-flash storage arrays and advanced data reduction technologies. Looking forward, episodes of this guest series will debut every two weeks on Wednesdays and cover more emerging trends that promise to reshape cloud storage, including the transformative potential of artificial intelligence, the growing importance of edge computing, and the increasing emphasis on sustainable, energy-efficient storage solutions.

In this pre-re:Invent 2024 episode, Luciano and Eoin discuss some of their favorite recent AWS announcements, including improvements to AWS Step Functions, Lambda runtime updates, DynamoDB price reductions, ALB header injection, Cognito enhancements, VPC public access blocking, and more. They share their thoughts on the implications of these new capabilities and look forward to seeing what else is announced at the conference. Overall, it's an exciting time for AWS developers with many new features to explore. Very important: no focus on GenAI in this episode :) AWS Bites is brought to you, as always, by fourTheorem! Sometimes, AWS is overwhelming and you might need someone to provide clear guidance in the fog of cloud offerings. That someone is fourTheorem. Check them out at ⁠fourtheorem.com⁠ In this episode, we mentioned the following resources: The repo containing the code of the AWS Bites website: https://github.com/awsbites/aws-bites-site Orama Search: https://orama.com/ JSONata in AWS Step Functions: https://aws.amazon.com/blogs/compute/simplifying-developer-experience-with-variables-and-jsonata-in-aws-step-functions/ EC2 Auto Scaling improvements: https://aws.amazon.com/about-aws/whats-new/2024/11/amazon-ec2-auto-scaling-highly-responsive-scaling-policies/ Node.js 22 is available for Lambda: https://aws.amazon.com/blogs/compute/node-js-22-runtime-now-available-in-aws-lambda/ Python 3.13 runtime: https://aws.amazon.com/blogs/compute/python-3-13-runtime-now-available-in-aws-lambda/ Aurora Serverless V2 now scales to 0: https://aws.amazon.com/about-aws/whats-new/2024/11/amazon-aurora-serverless-v2-scaling-zero-capacity/ Episode 95 covering Mountpoint for S3: https://awsbites.com/95-mounting-s3-as-a-filesystem/ One Zone caching for Mountpoint for S3: https://aws.amazon.com/about-aws/whats-new/2024/11/mountpoint-amazon-s3-high-performance-shared-cache/ Appending to S3 objects: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-append.html 1 million S3 Buckets per account: https://aws.amazon.com/about-aws/whats-new/2024/11/amazon-s3-up-1-million-buckets-per-aws-account/ DynamoDB cost reduction: https://aws.amazon.com/blogs/database/new-amazon-dynamodb-lowers-pricing-for-on-demand-throughput-and-global-tables/ ALB Headers: https://aws.amazon.com/about-aws/whats-new/2024/11/aws-application-load-balancer-header-modification-enhanced-traffic-control-security/ Cognito Managed Login: https://aws.amazon.com/blogs/aws/improve-your-app-authentication-workflow-with-new-amazon-cognito-features/ Cognito Passwordless Authentication: https://aws.amazon.com/blogs/aws/improve-your-app-authentication-workflow-with-new-amazon-cognito-features/ VPC Block Public Access: https://aws.amazon.com/blogs/networking-and-content-delivery/vpc-block-public-access/ Episode 88 where we talk about VPC Lattice: https://awsbites.com/88-what-is-vpc-lattice/ Direct integration between Lattice and ECS: https://aws.amazon.com/blogs/aws/streamline-container-application-networking-with-native-amazon-ecs-support-in-amazon-vpc-lattice/ Resource Control Policies: https://aws.amazon.com/blogs/aws/introducing-resource-control-policies-rcps-a-new-authorization-policy/ Episode 23 about EventBridge: https://awsbites.com/23-what-s-the-big-deal-with-eventbridge/ EventBridge latency improvements: https://aws.amazon.com/about-aws/whats-new/2024/11/amazon-eventbridge-improvement-latency-event-buses/ AppSync web sockets: https://aws.amazon.com/blogs/mobile/announcing-aws-appsync-events-serverless-websocket-apis/ Do you have any AWS questions you would like us to address? Leave a comment here or connect with us on X/Twitter: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠⁠⁠

AWS Morning Brief for the week of November 25, with Corey Quinn. Links:Enhanced account linking experience across AWS Marketplace and AWS Partner CentralAmazon API Gateway now supports Custom Domain Name for private REST APIsAmazon Aurora Serverless v2 supports scaling to zero capacityAmazon CloudFront now supports Anycast Static IPsAmazon CloudFront now supports additional log formats and destinations for access logsAmazon CloudFront announces VPC originsAmazon CloudWatch launches full visibility into application transactionsAmazon EC2 now provides lineage information for your AMIsAmazon Q Developer in the AWS Management Console now uses the service you're viewing as context for your chatAmazon WorkSpaces introduces support for Rocky LinuxAWS App Studio is now generally availableAWS CloudTrail Lake launches enhanced analytics and cross-account data accessAWS Compute Optimizer now supports rightsizing recommendations for Amazon AuroraAWS Elastic Beanstalk adds support for Node.js 22AWS Lambda supports Amazon S3 as a failed-event destination for asynchronous and stream event sourcesIntroducing an AWS Management Console Visual Update (Preview)The new AWS Systems Manager experience: Simplifying node managementAWS announces Block Public Access for Amazon Virtual Private CloudLoad Balancer Capacity Unit Reservation for Application and Network Load BalancersAnnouncing Idle Recommendations in AWS Compute OptimizerAnnouncing Savings Plans Purchase AnalyzerAWS Lambda turns ten – looking back and looking aheadBoost Engagement with AWS and Amazon AdsBuild fullstack AI apps in minutes with the new Amplify AI KitImportant changes to CloudTrail events for AWS IAM Identity CenterFollow Corey on BlueSky!Follow Last Week In AWS on BlueSky!

AWS Morning Brief for the week of November 18, with Corey Quinn. Links:Buy a shirt benefiting 826 National!Amazon DataZone updates pricing and removes the user-level subscription feeAmazon DynamoDB reduces prices for on-demand throughput and global tablesAmazon DynamoDB introduces warm throughput for tables and indexesAmazon EBS now supports detailed performance statistics on EBS volume healthAmazon Q Developer plugins for Datadog and Wiz now generally availableAmazon S3 now supports up to 1 million buckets per AWS accountAWS Backup now supports copying Amazon S3 backups across Regions and accounts in opt-in RegionsAWS CloudTrail Lake announces enhanced event filteringHow and why you should move to Cost and Usage Report (CUR) 2.0?AWS BuilderCards second edition at re:Invent 2024Accelerate your third-party Amazon EKS add-on onboarding using ConformitronPython 3.13 runtime now available in AWS LambdaDeploy the Cost Optimizer for Amazon WorkSpaces in a highly-regulated environment.Introducing the Live Event Framework: Live Streaming with Ad Insertion on AWSIntroducing kro: Kube Resource OrchestratorAWS Snow device updates

Shan Sinha is confronting the urgent issue of workplace violence in healthcare. Delving into the alarming rise of aggression against healthcare workers, particularly exacerbated by the pandemic, Shan discusses pioneering solutions like Canopy's wearable safety buttons that empower staff with connectivity and protection. Shan shares his extraordinary journey through the fast-paced world of technology and innovation. We embark on a captivating exploration of Shan's upbringing in Texas, his academic pursuit at MIT during the pivotal shift from Microsoft's reign to Google's ascension, and his leap into the startup ecosystem influenced by the dot-com boom. Shan's experiences highlight the challenges and triumphs faced by children of immigrants, shedding light on their vital contributions to technological advancement and healthcare innovation.We trace the transformative evolution of cloud-based collaboration tools, punctuated by the early dominance of Amazon S3 and the emergence of Dropbox and Box. Shan recounts his bold decision to leave Microsoft, paving the way for his startup's critical role in shaping Google Drive, and reflects on Google's prescient embrace of hybrid work and video conferencing well before the pandemic. The journey through Shan's entrepreneurial ventures culminates in a successful acquisition by Dialpad, underscoring the dynamic interplay between technological growth and societal demands.This episode challenges us to rethink how we safeguard our essential healthcare workers, drawing insights from Numbers on't Lie, by Vaclav Smil. It's a thought-provoking book on exponential growth and innovation that offers hope for addressing today's pressing issues, from energy to food waste. Host David E. Williams is president of healthcare strategy consulting firm Health Business Group. Produced by Dafna Williams.

AWS Morning Brief for the week of November 4, with Corey Quinn. Links:Amazon CloudWatch now monitors EBS volumes exceeding provisioned performanceAmazon Q Developer announces support for inline chat to streamline the developer experienceAmazon Route 53 announces HTTPS, SSHFP, SVCB, and TLSA DNS resource record supportAmazon Virtual Private Cloud launches new security group sharing featuresAWS now accepts partial card paymentsAnnouncing AWS Amplify integration with Amazon S3 for static website hostingAWS CodeBuild now supports retrying builds automaticallyAWS Trust & Safety Center is now available on AWS re:Post2024 re:Invent Know Before You Go – Cloud Financial Management SessionsIntroducing an enhanced local IDE experience for AWS Lambda developers

JVM summit, virtual threads, stacks applicatives, licences, déterminisme et LLMs, quantification, deux outils de l'épisode et bien plus encore. Enregistré le 13 septembre 2024 Téléchargement de l'épisode LesCastCodeurs-Episode–315.mp3 News Langages Netflix utilise énormément Java et a rencontré un problème avec les Virtual Thread dans Java 21. Les ingénieurs de Netflix analysent ce problème dans cet article : https://netflixtechblog.com/java–21-virtual-threads-dude-wheres-my-lock–3052540e231d Les threads virtuels peuvent améliorer les performances mais posent des défis. Un problème de locking a été identifié : les threads virtuels se bloquent mutuellement. Cela entraîne des performances dégradées et des instabilités. Netflix travaille à résoudre ces problèmes et à tirer pleinement parti des threads virtuels. Une syntax pour indiquer qu'un type est nullable ou null-restricted arriverait dans Java https://bugs.openjdk.org/browse/JDK–8303099 Foo! interdirait null Foo? indiquerait que null est accepté Foo?[]! serait un tableau non-null de valeur nullable Il y a aussi des idées de syntaxe pour initialiser les tableaux null-restricted JEP: https://openjdk.org/jeps/8303099 Les vidéos du JVM Language Summit 2024 sont en ligne https://www.youtube.com/watch?v=OOPSU4LnKg0&list=PLX8CzqL3ArzUEYnTa6KYORRbP3nhsK0L1 Project Leyden Update Project Babylon - Code Reflection Valhalla - Where Are We? An Opinionated Overview on Static Analysis for Java Rethinking Java String Concatenation Code Reflection in Action - Translating Java to SPIR-V Java in 2024 Type Specialization of Java Generics - What If Casts Have Teeth ? (avec notre Rémi Forax national !) aussi tip or tail pour tout l'ecosysteme quelques liens sur Babylon: Code reflection pour exprimer des langages etranger (SQL) dans Java: https://openjdk.org/projects/babylon/ et sont example en emulation de LINQ https://openjdk.org/projects/babylon/articles/linq Librairies Micronaut sort sa version 4.6 https://micronaut.io/2024/08/26/micronaut-framework–4–6–0-released/ essentiellement une grosse mise à jour de tonnes de modules avec les dernières versions des dépendances Microprofile 7 faire quelques changements et evolution incompatibles https://microprofile.io/2024/08/22/microprofile–7–0-release/#general enleve Metrics et remplace avec Telemetry (metrics, log et tracing) Metrics reste une spec mais standalone Microprofile 7 depende de Jakarta Core profile et ne le package plus Microprofile OpenAPI 4 et Telemetry 2 amenent des changements incompatibles Quarkus 3.14 avec LetsEncrypt et des serialiseurs JAckson sans reflection https://quarkus.io/blog/quarkus–3–14–1-released/ Hibernate ORM 6.6 Serialisateurs JAckson sans reflection installer des certificats letsencrypt simplement (notamment avec la ligne de commande qui aide sympa notamment avec ngrok pour faire un tunnel vers son localhost retropedalage sur @QuarkusTestResource vs @WithTestResource suite aux retour de OOME et lenteur des tests mieux isolés Les logs structurées dans Spring Boot 3.4 https://spring.io/blog/2024/08/23/structured-logging-in-spring-boot–3–4 Les logs structurées (souvent en JSON) vous permettent de les envoyer facilement vers des backends comme Elastic, AWS CloudWatch… Vous pouvez les lier à du reporting et de l'alerting. Spring Boot 3.4 prend en charge la journalisation structurée par défaut. Il prend en charge les formats Elastic Common Schema (ECS) et Logstash, mais il est également possible de l'étendre avec vos propres formats. Vous pouvez également activer la journalisation structurée dans un fichier. Cela peut être utilisé, par exemple, pour imprimer des journaux lisibles par l'homme sur la console et écrire des journaux structurés dans un fichier pour l'ingestion par machine. Infrastructure CockroachDB qui avait une approche Business Software License (source available puis ALS 3 ans apres), passe maintenant en license proprietaire avec source available https://www.cockroachlabs.com/blog/enterprise-license-announcement/ Polyform project offre des licences standardisees selon les besoins de gratuit vs payant https://polyformproject.org/ Cloud Azure fonctions, comment le demarrage a froid est optimisé https://www.infoq.com/articles/azure-functions-cold-starts/?utm_campaign=infoq_content&utm_source=twitter&utm_medium=feed&utm_term=Cloud fonctions ont une latence naturelle forte toutes les lantences longues ne sont aps impactantes pour le business les demarrages a froid peuvent etre mesures avec les outils du cloud provider donc faites en usage faites des decentilers de latences experience 381 ms cold et 10ms apres tracing pour end to end latence les strategies keep alive pings: reveiller la fonctione a intervalles reguliers pour rester “warm” dans le code de la fonction: initialiser les connections et le chargement des assemblies dans l'initialization configurer dans host.json le batching, desactiver file system logging etc deployer les fonctions as zips reduire al taille du code et des fichiers (qui sont copies sur le serveur froid) sur .net activer ready to run qui aide le JIT compiler instances azure avec plus de CPU et memoire sont plus cher amis baissent le cold start dedicated azure instances pour vos fonctions (pas aprtage avec les autres tenants) ensuite montre des exemples concrets Web Sortie de Vue.js 3.5 https://blog.vuejs.org/posts/vue–3–5 Vue.JS 3.5: Nouveautés clés Optimisations de performance et de mémoire: Réduction significative de la consommation de mémoire (–56%). Amélioration des performances pour les tableaux réactifs de grande taille. Résolution des problèmes de valeurs calculées obsolètes et de fuites de mémoire. Nouvelles fonctionnalités: Reactive Props Destructure: Simplification de la déclaration des props avec des valeurs par défaut. Lazy Hydration: Contrôle de l'hydratation des composants asynchrones. useId(): Génération d'ID uniques stables pour les applications SSR. data-allow-mismatch: Suppression des avertissements de désynchronisation d'hydratation. Améliorations des éléments personnalisés: Prise en charge de configurations d'application, d'API pour accéder à l'hôte et au shadow root, de montage sans Shadow DOM, et de nonce pour les balises. useTemplateRef(): Obtention de références de modèle via l'API useTemplateRef(). Teleport différé: Téléportation de contenu vers des éléments rendus après le montage du composant. onWatcherCleanup(): Enregistrement de callbacks de nettoyage dans les watchers. Data et Intelligence Artificielle On entend souvent parler de Large Language Model quantisés, c'est à dire qu'on utilise par exemple des entiers sur 8 bits plutôt que des floatants sur 32 bits, pour réduire les besoins mémoire des GPU tout en gardant une précision proche de l'original. Cet article explique très visuellement et intuitivement ce processus de quantisation : https://newsletter.maartengrootendorst.com/p/a-visual-guide-to-quantization Guillaume continue de partager ses aventures avec le framework LangChain4j. Comment effectuer de la classification de texte : https://glaforge.dev/posts/2024/07/11/text-classification-with-gemini-and-langchain4j/ en utilisant la classe TextClassification de LangChain4j, qui utilise une approche basée sur les vector embeddings pour comparer des textes similaires en utilisant du few-shot prompting, sous différentes variantes, dans cet autre article : https://glaforge.dev/posts/2024/07/30/sentiment-analysis-with-few-shots-prompting/ et aussi comment faire du multimodal avec LangChain4j (avec le modèle Gemini) pour analyser des textes, des images, mais également des vidéos, du contenu audio, ou bien des fichiers PDFs : https://glaforge.dev/posts/2024/07/25/analyzing-videos-audios-and-pdfs-with-gemini-in-langchain4j/ Pour faire varier la prédictibilité ou la créativité des LLMs, certains hyperparamètres peuvent être ajustés, comme la température, le top-k et le top-p. Mais est-ce que vous savez vraiment comment fonctionnent ces paramètres ? Deux articles très clairs et intuitifs expliquent leur fonctionnement : https://medium.com/google-cloud/is-a-zero-temperature-deterministic-c4a7faef4d20 https://medium.com/google-cloud/beyond-temperature-tuning-llm-output-with-top-k-and-top-p–24c2de5c3b16 la tempoerature va ecraser la probabilite du prochain token mais il reste des variables: approximnation des calculs flottants, stacks differentes effectuants ces choix differemment, que faire en cas d'egalité de probabilité entre deux tokens mais il y a d'atures apporoches de configuiration des reaction du LLM: top-k (qui evite les tokens peu frequents), top-p pour avoir les n des tokens qui totalient p% des probabilités temperature d'abord puis top-k puis top-p explique quoi utiliser quand OSI propose une definition de l'IA open source https://www.technologyreview.com/2024/08/22/1097224/we-finally-have-a-definition-for-open-source-ai/ gros debats ces derniers mois utilisable pour tous usages sans besoin de permission chercheurs peuvent inspecter les components et etudier comment le system fonctionne systeme modifiable pour tout objectif y compris chager son comportement et paratger avec d'autres avec ou sans modification quelque soit l'usage Definit des niveaux de transparence (donnees d'entranement, code source, poids) Une longue rétrospective de PostgreSQL a des volumes de malades et les problèmes de lock https://ardentperf.com/2024/03/03/postgres-indexes-partitioning-and-lwlocklockmanager-scalability/ un article pour vous rassurer que vous n'aurez probablement jamais le problème histoire sous forme de post mortem des conseils pour éviter ces falaises Outillage Un premier coup d'oeil à la future notation déclarative de Gradle https://blog.gradle.org/declarative-gradle-first-eap un article qui explique à quoi ressemble cette nouvelle syntaxe déclarative de Gradle (en plus de Groovy et Kotlin) Quelques vidéos montrent le support dans Android Studio, pour le moment, ainsi que dans un outil expérimental, en attendant le support dans tous les IDEs L'idée est d'éviter le scripting et d'avoir vraiment qu'une description de son build Cela devrait améliorer la prise en charge de Gradle dans les IDEs et permettre d'avoir de la complétion rapide, etc c'est moi on on a Maven là? Support de Firefox dans Puppeteer https://hacks.mozilla.org/2024/08/puppeteer-support-for-firefox/ Puppeteer, la bibliothèque d'automatisation de navigateur, supporte désormais officiellement Firefox dès la version 23. Cette avancée permet aux développeurs d'écrire des scripts d'automatisation et d'effectuer des tests de bout en bout sur Chrome et Firefox de manière interchangeable. L'intégration de Firefox dans Puppeteer repose sur WebDriver BiDi, un protocole inter-navigateurs en cours de standardisation au W3C. WebDriver BiDi facilite la prise en charge de plusieurs navigateurs et ouvre la voie à une automatisation plus simple et plus efficace. Les principales fonctionnalités de Puppeteer, telles que la capture de journaux, l'émulation de périphériques, l'interception réseau et le préchargement de scripts, sont désormais disponibles pour Firefox. Mozilla considère WebDriver BiDi comme une étape importante vers une meilleure expérience de test inter-navigateurs. La prise en charge expérimentale de CDP (Chrome DevTools Protocol) dans Firefox sera supprimée fin 2024 au profit de WebDriver BiDi. Bien que Firefox soit officiellement pris en charge, certaines API restent non prises en charge et feront l'objet de travaux futurs. Guillaume a créé une annotation @Retry pour JUnit 5, pour retenter l'exécution d'un test qui est “flaky” https://glaforge.dev/posts/2024/09/01/a-retryable-junit–5-extension/ Guillaume n'avait pas trouvé d'extension par défaut dans JUnit 5 pour remplacer les Retry rules de JUnit 4 Mais sur les réseaux sociaux, une discussion intéressante s'ensuit avec des liens sur des extensions qui implémentent cette approche Comme JUnit Pioneer qui propose plein d'extensions utiles https://junit-pioneer.org/docs/retrying-test/ Ou l'extension rerunner https://github.com/artsok/rerunner-jupiter Arnaud a aussi suggéré la configuration de Maven Surefire pour relancer automatiquement les tests qui ont échoué https://maven.apache.org/surefire/maven-surefire-plugin/examples/rerun-failing-tests.html la question philosophique est: est-ce que c'est tolerable les tests qui ecouent de façon intermitente Architecture Un ancien fan de GraphQL en a fini avec la technologie GraphQL et réfléchit aux alternatives https://bessey.dev/blog/2024/05/24/why-im-over-graphql/ Problèmes de GraphQL: Sécurité: Attaques d'autorisation Difficulté de limitation de débit Analyse de requêtes malveillantes Performance: Problème N+1 (récupération de données et autorisation) Impact sur la mémoire lors de l'analyse de requêtes invalides Complexité accrue: Couplage entre logique métier et couche de transport Difficulté de maintenance et de tests Solutions envisagées: Adoption d'API REST conformes à OpenAPI 3.0+ Meilleure documentation et sécurité des types Outils pour générer du code client/serveur typé Deux approches de mise en œuvre d'OpenAPI: “Implementation first” (génération de la spécification à partir du code) “Specification first” (génération du code à partir de la spécification) retour interessant de quelqu'un qui n'utilise pas GraphQL au quotidien. C'était des problemes qui devaient etre corrigés avec la maturité de l'ecosysteme et des outils mais ca a montré ces limites pour cette personne. Prensentation de Grace Hoper en 1980 sur le future des ordinateurs. https://youtu.be/AW7ZHpKuqZg?si=w_o5_DtqllVTYZwt c'est fou la modernité de ce qu'elle décrit Des problèmes qu'on a encore aujourd'hui positive leadership Elle décrit l'avantage de systèmes fait de plusieurs ordinateurs récemment declassifié Leader election avec les conditional writes sur les buckets S3/GCS/Azure https://www.morling.dev/blog/leader-election-with-s3-conditional-writes/ L'élection de leader est le processus de choisir un nœud parmi plusieurs pour effectuer une tâche. Traditionnellement, l'élection de leader se fait avec un service de verrouillage distribué comme ZooKeeper. Amazon S3 a récemment ajouté le support des écritures conditionnelles, ce qui permet l'élection de leader sans service séparé. L'algorithme d'élection de leader fonctionne en faisant concourir les nœuds pour créer un fichier de verrouillage dans S3. Le fichier de verrouillage inclut un numéro d'époque, qui est incrémenté à chaque fois qu'un nouveau leader est élu. Les nœuds peuvent déterminer s'ils sont le leader en listant les fichiers de verrouillage et en vérifiant le numéro d'époque. attention il peut y avoir plusieurs leaders élus (horloges qui ont dérivé) donc c'est à gérer aussi Méthodologies Guillaume Laforge interviewé par Sfeir, où il parle de l'importance de la curiosité, du partage, de l'importance de la qualité du code, et parsemé de quelques photos des Cast Codeurs ! https://www.sfeir.dev/success-story/guillaume-laforge-maestro-de-java-et-esthete-du-code-propre/ Sécurité Comment crowdstrike met a genoux windows et de nombreuses entreprises https://next.ink/144464/crowdstrike-donne-des-details-techniques-sur-son-fiasco/ l'incident vient de la mise à jour de la configuration de Falcon l'EDR de crowdstrike https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/ qu'est ce qu'un EDR? Un système Endpoint Detection and Response a pour but de surveiller votre machine ( access réseaux, logs, …) pour detecter des usages non habituels. Cet espion doit interagir avec les couches basses du système (réseau, sockets, logs systems) et se greffe donc au niveau du noyau du système d'exploitation. Il remonte les informations en live à une plateforme qui peut ensuite adapter les réponse en live si l'incident a duré moins de 1h30 coté crowdstrike plus de 8 millions de machines se sont retrouvées hors service bloquées sur le Blue Screen Of Death selon Microsoft https://blogs.microsoft.com/blog/2024/07/20/helping-our-customers-through-the-crowdstrike-outage/ cela n'est pas la première fois et était déjà arrivé il y a quelques mois sur Linux. Comme il s'agissait d'une incompatibilité de kernel il avait été moins important car les services ITs gèrent mieux ces problèmes sous Linux https://stackdiary.com/crowdstrike-took-down-debian-and-rocky-linux-a-few-months-ago-and-no-one-noticed/ Les benchmarks CIS, un pilier pour la sécurité de nos environnements cloud, et pas que ! (Katia HIMEUR TALHI) https://blog.cockpitio.com/security/cis-benchmarks/ Le CIS est un organisme à but non lucratif qui élabore des normes pour améliorer la cybersécurité. Les référentiels CIS sont un ensemble de recommandations et de bonnes pratiques pour sécuriser les systèmes informatiques. Ils peuvent être utilisés pour renforcer la sécurité, se conformer aux réglementations et normaliser les pratiques. Loi, société et organisation Microsoft signe un accord avec OVHCloud pour qu'il arretent leur plaine d'antitrust https://www.politico.eu/article/microsoft-signs-antitrust-truce-with-ovhcloud/ la plainte était en Europe mermet a des clients de plus facilement deployer les solutions Microsoft dans le fournisseur de cloud de leur choix la plainte avait ete posé à l'été 2021 ca rendait faire tourner les solutions MS plus cheres et non competitives vs MS ElasticSearch et Kibana sont de nouveau Open Source, en ajoutant la license AGPL à ses autres licences existantes https://www.elastic.co/fr/blog/elasticsearch-is-open-source-again le marché d'il y a trois ans et maintenant a changé AWS est une bon partenaire le flou Elasticsearch vs le produit d'AWS s'est clarifié donc retour a l'open source via AGPL Affero GPL Elastic n'a jamais cessé de croire en l'open source d'après Shay Banon son fondateur Le changement vers l'AGPL est une option supplémentaire, pas un remplacement d'une des autres licences existantes et juste apres, Elastic annonce des resultants decevants faisant plonger l'action de 25% https://siliconangle.com/2024/08/29/elastic-shares-plunge–25-lower-revenue-projections-amid-slower-customer-commitments/ https://unrollnow.com/status/1832187019235397785 et https://www.elastic.co/pricing/faq/licensing pour un résumé des licenses chez elastic Outils de l'épisode MailMate un client email Markdown et qui gere beaucoup d'emails https://medium.com/@nicfab/mailmate-a-powerful-client-email-for-macos-markdown-integrated-email-composition-e218fe2accf3 Emmanuel l'utilise sur les boites email secondaires un peu lent a demarrer (synchro) et le reste est rapide boites virtuelles (par requete) SpamSieve Que macOS je crois Trippy, un analyseur de réseau https://github.com/fujiapple852/trippy Il regroupe dans une CLI traceroute et ping Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 17 septembre 2024 : We Love Speed - Nantes (France) 17–18 septembre 2024 : Agile en Seine 2024 - Issy-les-Moulineaux (France) 19–20 septembre 2024 : API Platform Conference - Lille (France) & Online 20–21 septembre 2024 : Toulouse Game Dev - Toulouse (France) 25–26 septembre 2024 : PyData Paris - Paris (France) 26 septembre 2024 : Agile Tour Sophia-Antipolis 2024 - Biot (France) 2–4 octobre 2024 : Devoxx Morocco - Marrakech (Morocco) 3 octobre 2024 : VMUG Montpellier - Montpellier (France) 7–11 octobre 2024 : Devoxx Belgium - Antwerp (Belgium) 8 octobre 2024 : Red Hat Summit: Connect 2024 - Paris (France) 10 octobre 2024 : Cloud Nord - Lille (France) 10–11 octobre 2024 : Volcamp - Clermont-Ferrand (France) 10–11 octobre 2024 : Forum PHP - Marne-la-Vallée (France) 11–12 octobre 2024 : SecSea2k24 - La Ciotat (France) 15–16 octobre 2024 : Malt Tech Days 2024 - Paris (France) 16 octobre 2024 : DotPy - Paris (France) 16–17 octobre 2024 : NoCode Summit 2024 - Paris (France) 17–18 octobre 2024 : DevFest Nantes - Nantes (France) 17–18 octobre 2024 : DotAI - Paris (France) 30–31 octobre 2024 : Agile Tour Nantais 2024 - Nantes (France) 30–31 octobre 2024 : Agile Tour Bordeaux 2024 - Bordeaux (France) 31 octobre 2024–3 novembre 2024 : PyCon.FR - Strasbourg (France) 6 novembre 2024 : Master Dev De France - Paris (France) 7 novembre 2024 : DevFest Toulouse - Toulouse (France) 8 novembre 2024 : BDX I/O - Bordeaux (France) 13–14 novembre 2024 : Agile Tour Rennes 2024 - Rennes (France) 16–17 novembre 2024 : Capitole Du Libre - Toulouse (France) 20–22 novembre 2024 : Agile Grenoble 2024 - Grenoble (France) 21 novembre 2024 : DevFest Strasbourg - Strasbourg (France) 21 novembre 2024 : Codeurs en Seine - Rouen (France) 27–28 novembre 2024 : Cloud Expo Europe - Paris (France) 28 novembre 2024 : Who Run The Tech ? - Rennes (France) 2–3 décembre 2024 : Tech Rocks Summit - Paris (France) 3 décembre 2024 : Generation AI - Paris (France) 3–5 décembre 2024 : APIdays Paris - Paris (France) 4–5 décembre 2024 : DevOpsRex - Paris (France) 4–5 décembre 2024 : Open Source Experience - Paris (France) 5 décembre 2024 : GraphQL Day Europe - Paris (France) 6 décembre 2024 : DevFest Dijon - Dijon (France) 22–25 janvier 2025 : SnowCamp 2025 - Grenoble (France) 30 janvier 2025 : DevOps D-Day #9 - Marseille (France) 6–7 février 2025 : Touraine Tech - Tours (France) 3 avril 2025 : DotJS - Paris (France) 16–18 avril 2025 : Devoxx France - Paris (France) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via twitter https://twitter.com/lescastcodeurs Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

AWS Morning Brief for the week of September 16, with Corey Quinn. Links:Amazon EC2 P5e instances are generally available via EC2 Capacity BlocksAnnouncing Storage Browser for Amazon S3 for your web applications (alpha release)Building a privacy preserving chatbot with Amazon BedrockFaster development with Amazon DynamoDB and Amazon Q DeveloperLinux Support Updates for AWS CLI v2Best prompting practices for using Meta Llama 3 with Amazon SageMaker JumpStart Build a RAG-based QnA application using Llama3 models from SageMaker JumpStartOptimizing Amazon S3 data transfers over Direct ConnectNew whitepaper available: Building security from the ground up with Secure by DesignSummary of the AWS Service Event in the Northern Virginia (US-EAST-1) RegionOpt out from all supported AWS AI servicesOracle and Amazon Web Services Announce Strategic Partnership

How Mike plans to win the Clone Wars with Dokku, we review some shocking developer data and say goodbye to another project DMCA'd by Apple.

Join hosts Lois Houston and Nikita Abraham in Part 2 of the discussion on database sharding with Ron Soltani, a Senior Principal Database & Security Instructor. They talk about sharding native replication, directory-based sharding, and coordinated backup and restore for sharded databases, explaining how these features work and their benefits. Additionally, they explore the automatic bulk data move on sharding keys and the ability to split and move partition sets, highlighting the flexibility and efficiency they bring to data management.   Oracle MyLearn: https://mylearn.oracle.com/ou/course/oracle-database-23ai-new-features-for-administrators/137192/207062   Oracle University Learning Community: https://education.oracle.com/ou-community   LinkedIn: https://www.linkedin.com/showcase/oracle-university/   X: https://twitter.com/Oracle_Edu   Special thanks to Arijit Ghosh, David Wright, and the OU Studio Team for helping us create this episode.   --------------------------------------------------------   Episode Transcript:   00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative  podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:26 Lois: Hello and welcome to the Oracle University Podcast. I'm Lois Houston, Director of Innovation Programs with Oracle University, and with me is Nikita Abraham, Principal Technical Editor. Nikita: Hi everyone! In our last episode, we dove into database sharding and Oracle Database Sharding in particular. If you haven't listened to it yet, I'd suggest you go back and do so before you listen to this episode because it will give you a lot of context.  00:53 Lois: Right, Niki. Today, we will discuss all the 23ai new features related to database sharding. We will cover sharding native replication, directory-based sharding, coordinated backup and restore for sharded databases, and a few more.  Nikita: And we're so happy to have Ron Soltani back on the podcast. If you don't already know him, Ron is a Senior Principal Database & Security Instructor with Oracle University. Hi Ron! Let's talk about sharding native replication, which is RAFT-based, meaning that it is reliable and fault tolerant-based, usually providing subzero or subsecond zero data loss replication support. Tell us more about it, please.  01:33 Ron: This is completely transparent replication built in within Oracle sharding that duplicates data across the different shards. So data are generally put into chunks. And then the chunks are replicated either between three or five different shards, depending on how much of the fault tolerance is required.  This is completely provided by the Oracle sharding database, and does not require use of any other component like GoldenGate and Data Guard. So if you remember when we talked about the architecture, we said that each shard, each database can have a Data Guard component, whether through GoldenGate or whether through Data Guard to have a standby.  And that way support high availability with the sharding native replication, you don't rely on the secondary database. You actually-- the shards will back each other up by holding replicas and being able to globally manage the replica, make sure everything is preserved, and manage all of the fault operations.  Now this is a logical replication, generally consensus-based, kind of like different components all aware of each other. They know which component is good, depending on the load, depending on the failure. The sharded databases behind the scene decide who is actually serving the data to the client. That can provide subsecond failovers with zero data loss.  03:15 Lois: And what are the benefits of this? Ron: Major benefits for having sharding native replication is that it is completely transparent to the application or any of the structures. You just identify that you want to go ahead and use this replication and identify the replication factor. The rest is managed by the Oracle sharded database behind the scene.  It supports fast failover with zero data loss, usually subsecond failovers. And depending on the number of replicas, it can even tolerate multiple failures like two server failures.  And when the loads are submitted, the loads are also load-balanced across all of these shards based on where the data is located, based on the replicas. So this way, it can also provide you with a little bit of a better utilization of the hardware and load administration.  So generally, it's designed to help you keep your regular SQL-based databases without having to resolve to FauxSQL or NoSQL environment getting into other databases. 04:33 Nikita: So next is directory-based sharding. Can you tell us what directory-based sharding is, Ron?  Ron: Directory-based sharding basically allows the user to define the values that are used and combined for different partition, so better control, location of the data, in what partition, what shard. So this allows you to set up a good configuration.  Now, many times we may have a key that may not be large enough for hash partitioning to distribute the data enough. Sometimes we may not even know what keys are going to come in the future. And these need to be built in the future. So having to build these, you really don't want to have to go reorganize the whole data based on new hash functions, and so when data cannot be managed and distributed using hash partitioning or when we need full control over combination of where data exists.  05:36 Lois: Can you give us a practical example of how this works? Ron: So let's say our company is very small in three different countries. So I can combine those three countries into one single shard. And then have three other big countries, each one sitting in their own individual shards. So all of this done through this directory-based sharding. However, what is good about this is the directory is created, which is a table, created behind the scene, stored in the catalog, available to the client that is cached with them, used for connection mapping, used for data access. So it can give you a lot of very high-level benefits.  06:24 Nikita: Speaking of benefits, what are the key advantages of using directory-based sharding? Ron: First benefit allow you to group the data together based on the whatever values you want, depending on what location you want to put them as far as across the shards are concerned. So all of that is much better and easier controlled by us or by the designers. Now, this is when there is not enough values available. So when you're going to use hash-based partition, that would result into an uneven distribution of the data.  Therefore, we may be able to use this directory for better distribution of the data since we understand the data structure better than just the hash function. And having a specification where you can go ahead and create future component, future partitions, depending on how large they're going to be. Maybe you're creating them with an existing shard, later put them in another shard. So capability of having all of those controls become essential for management of this specific type of data.  If a shard value, the key value is required, for example, as we said, client getting too big or can use the key value, split it or get multiple key value. Combine them. Move data from one location to another. So all of these components maintain automatically behind the scene by us providing the changes. And then the directory sharding and then the sharded database manages all of the data structure, movement, everything behind the scene using some of the future functionalities. And finally, large chunk of data, all of that can then be moved from one location to another. This is part of the automatic chunk data move and whatnot, but utilized within the directory-based sharding to allow us the control of this data and how we're going to move and manage the data based on the load as the load or the size of the data changes.  08:50 Lois: Ron, what is the purpose of the coordinated backup and restore system in Oracle Database Sharding? Ron: So, basically when we talk about a coordinated backup and restore, remember in a sharded database, I have different databases. Each database is a shard. When you take a backup, each database creates its own backup.  So to have consistent data across all of the shards for the whole schema, it is extremely important for these databases to be coordinated when the backup is taken, when the restore is being done. So you have consistency of the data maintained across all of the shards.  09:28 Nikita: So, how does this coordination actually happen? Ron: You don't submit this through our main. You submit this through the Global Management tool that is used for the sharded database. And it's the Global Management tool that is actually submit your request to each database, but maintains the consistency of when the actual backup is taken, what SCN.  So that SCN coordination across all of the shards is then maintained for the backup so you can create a consistent backup or restore to a consistent point in time across the sharded database. So now this system was enhanced in 23C to support multiple destinations.  So you can now send your backup to an object store. You can send it to ZDLRA. You can send it to Amazon S3. So multiple locations can now be defined where you can send these backups to. You can also use multiple recovery catalogs.  So let's say I have data that is located on different countries and we have requirement that data for each country must stay in that country. So I need to also use a separate catalog to maintain that partition.  So now I can use multiple catalog and define which catalog is maintaining which partition to satisfy those type of requirements or any data administration requirement when it comes to backup recovery. In addition, you can also now specify different type of encryption to be used, whether you want to have different type of encryption algorithm for each of the databases that you're backing up that is maintained. It can be identified, and then set up for each one of those components.  So these advancements now allow you to manage this coordinated backup and restore with all of the various specific configuration that may be required based on the data organization. So the encryption, now can also be done across that, as I mentioned, for different algorithms. And you can define different components.  Finally, there is much better error handling and response available through this global system. Since things have been synchronized, you get much better information into diagnosing any issues.  12:15 Want to get the inside scoop on Oracle University? Head over to the Oracle University Learning Community. Attend exclusive events. Read up on  the latest news. Get first-hand access to new products. Read the OU Learning Blog. Participate in challenges. And stay up-to-date with upcoming certification opportunities. Visit www.mylearn.oracle.com to get started.  12:41 Nikita: Welcome back! Continuing with the updates… next up is the automatic bulk data move on sharding keys. Ron, can you explain how this works and why it's significant? Ron: And by the way, this doesn't have to be a bulk data. This could be just an individual row or it could be bulk data, a huge piece of data that is going to be moved.  Now, in the past, when the shard key of an existing record was going to be updated, we basically had to remove that row from the table, so moving it to a temporary table or moving it to another location. Basically, you're deleting the row, and then change the value and reinsert the row so the row would then be inserted into the proper location.  That causes a lot of work and requires specific code-writing and whatnot to manage those specific type of situations. And of course, if there is a lot of data, now, you're moving those bulk data in twice.  13:45 Lois: Yeah… you're moving it to one location and then moving it back in. That's a lot of double work, not to mention that it all needs to be managed manually, right? So, how has this process been improved? Ron: So now, basically, you can just go ahead and update the value of the partition key, and then data will then automatically move to the new location. So this gives you complete flexibility of the shard key values.  This is also completely transparent, and again, completely managed behind the scenes. All you do is identify what is going to be changed. Then the database will maintain the actual data location and movement behind the scenes.  14:31 Lois: And what are some of the specific benefits of this feature? Ron: Basically, it allows you to now be flexible, be able to update the shard key without having to worry about, oh, which location does this value have to exist? Do I have to delete it, reinsert it? And all of those different operations.  And this is done automatically by Oracle database, but it does require for you to enable row movement at the table level. So for tables that are expected to have partition key updates kind of without knowing when that happens, can happen, any time it happens by the clients directly or something, then we may need to enable row movement at the table level and leave it enabled. It does have tiny bit of overhead of maintaining these row locations behind the scenes when enabled, as it maintains some metadata behind the scenes.  But for cases that, let's say I know when the shard key is going to be changed, and we can use, let's say, a written procedure or something for that when the particular shard key is going to be changed. Then when the shard key is updated, the data will then automatically move to the new location based on that shard key operation. So we don't need to move the data manually in and out or to different locations.  16:03 Nikita: In our final segment, I want to bring up the update on splitting and moving a partition set, or basically subpartitioning tables and then being able to move all of the data associated with that in a bulk data move to a new location. Ron, can you explain how this process works?  Ron: This gives us a lot of flexibility for data management based on future requirements, size of the data, key changes, or key management requirements.  So generally when we use a composite sharding, remember, this is a combination of user-defined partitioning plus the system partitioning put together. That kind of defines a little bit more control over how the shards are, where the data is distributed evenly across the shards.  So sometimes based on this type of configuration, we may actually need to split partition and that can cause the shard key values to be now assigned to a new shard space based on the partitioning reconfiguration. So data, this needs to be automatically managed. So when you go ahead and split partition or partitionsets, then the data based on your configuration, based on your identification can automatically move to the new location automatically between those shard spaces.  17:32 Lois: What are some of the key advantages of this for clients? Ron: This provides a huge benefit to clients because it allows them flexibility of better managing their configuration, expanding both configuration servers, the structures for better management of the data and the load. Data is completely online during all of this data move. Since this is being done behind the scenes by the database, it does not impact the availability of the data for anyone who is actually using the data.  And then, data is generally moved using transportable tablespaces in big bulk and big chunks. So it's almost like copying portions of the files. If you remember in Oracle database, we could take a backup of big files as image copy in pieces. This is kind of similar where chunks of data can then be moved and then transported if possible depending on the organization of the data itself for those particular partitions.  18:48 Lois: So, what does it look like in practice? Ron: Well, clients now can go ahead and rearrange their data structure based on the adjustments of the partitioning that already exists within the sharded database. The bulk data move then automatically triggers once the customer execute the statement to go ahead and restructure the partitioning. And then all of the client, they're still accessing data. All of the data operation are completely maintained behind the scene.  19:28 Nikita: Thank you for joining us today, Ron. If you want to learn more about what we discussed today, visit mylearn.oracle.com and search for the Oracle Database 23ai New Features for Administrators course. Join us next week for a discussion on some more Oracle Database 23ai new features. Until then, this is Nikita Abraham… Lois: And Lois Houston signing off! 19:51 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.

Today on the Tech Bytes podcast we talk with Jonathan Symonds, Chief Marketing Officer at MinIO about MinIO’s object storage offering; a software-defined, Amazon S3-compatible object storage that offers high performance and scale for modern workloads and AI/ML. We discuss how MinIO helps customers across industries drive AI innovation and AI architectures, how object storage... Read more »

Today on the Tech Bytes podcast we talk with Jonathan Symonds, Chief Marketing Officer at MinIO about MinIO’s object storage offering; a software-defined, Amazon S3-compatible object storage that offers high performance and scale for modern workloads and AI/ML. We discuss how MinIO helps customers across industries drive AI innovation and AI architectures, how object storage... Read more »

Today on the Tech Bytes podcast we talk with Jonathan Symonds, Chief Marketing Officer at MinIO about MinIO’s object storage offering; a software-defined, Amazon S3-compatible object storage that offers high performance and scale for modern workloads and AI/ML. We discuss how MinIO helps customers across industries drive AI innovation and AI architectures, how object storage... Read more »

With WP Toolkit Video Magic by IM Wealth Builders, it's never been easier to host your videos via Amazon S3 and CloudFront and turn your blog into a sales machine! Find out more at: https://muncheye.com/im-wealth-builders-wp-toolkit-video-magic-v3 MunchEye City: London Address: London Office 15 Harwood Road, , London, England United Kingdom Website: https://muncheye.com/ Phone: +1-302-261-5332 Email: support@ampifire.com

This week's episode of the AWS Developers podcast dives into the CloudFront Hosting Toolkit, a command-line tool designed to streamline web application deployment on AWS. The podcast explores how the toolkit simplifies the process by enabling deployment to Amazon S3 with exposure through CloudFront. Additionally, it delves into the creation of an automated deployment pipeline linked to your Git repository. Listeners will gain insights into configuring advanced features like dynamic routing for the latest application version, eliminating the need for cache invalidation. The episode offers a comprehensive overview of the CloudFront Hosting Toolkit and guidance on getting started. With Achraf Souk, Edge Specialist SA, AWS and Corneliu Croitoru https://www.linkedin.com/in/achrafsouk/ https://www.linkedin.com/in/corneliucroitoru/ **Links** Here are the links to the tools, technologies, or articles we mentioned in this episode. Amazon CloudFront hosting toolkit https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-cloudfront-hosting-toolkit/ AWS CodePipeline https://docs.aws.amazon.com/codepipeline/latest/userguide/welcome.html Amazon CloudFront functions https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-functions.html Amazon CloudFront Key Value Store https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/kvs-with-functions.html AWS CodeBuild https://docs.aws.amazon.com/codebuild/latest/userguide/welcome.html AWS Step Functions https://docs.aws.amazon.com/step-functions/latest/dg/welcome.html Build on AWS Edge https://aws.amazon.com/developer/application-security-performance/?whats-new-cards.sort-by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc&public-talk-id.sort-by=item.additionalFields.DisplayDate&public-talk-id.sort-order=desc&blogs-id.sort-by=item.additionalFields.createdDate&blogs-id.sort-order=desc A/B Testing on AWS https://aws.amazon.com/developer/application-security-performance/articles/a-b-testing/

Corey Quinn and Daniel Grzelak take you on a journey through the wild and wonderful world of Amazon S3 in this episode. They explore the fun quirks and hidden surprises of S3, like the mysterious "Schrodinger's Objects" from incomplete uploads and the head-scratching differences between S3 bucket commands and the S3 API. Daniel and Corey break down common misunderstandings about S3 encryption and IAM policies, sharing stories of misconfigurations and security pitfalls.Show Highlights: (00:00) - Introduction(03:49) - Schrodinger's Objects(05:23) - S3 Permissions and Security(06:44) - Incomplete Multipart Uploads Causing Unexpected Billing Issues(10:28) - Historical Oddities and Unexpected Behaviors of S3(12:00) - Encryption Misconceptions(15:17) - Durability and Reliability of S3(17:49) - AWS Security and Trust(21:01) - Practical Tips for S3 Users(26:10) - Compliance Locks and Data Management(29:13) - Closing ThoughtsAbout Daniel:Daniel Grzelak is a 20-year cybersecurity industry veteran, currently working as Chief Innovation Officer at Plerion. He is no longer the CISO at Linktree nor the Head of Security at Atlassian, but he tries to stay relevant by hacking AWS and Cloud in general.Links Referenced:Personal Website: https://dagrz.com/LinkedIn: https://www.linkedin.com/in/danielgrzelak/Things you wish you didn't need to know about S3: https://blog.plerion.com/things-you-wish-you-didnt-need-to-know-about-s3/S3 Bucket Encryption Doesn't Work The Way You Think It Works: https://blog.plerion.com/s3-bucket-encryption-doesnt-work-the-way-you-think-it-works/*SponsorPanoptica: https://www.panoptica.app/

AWS Morning Brief for the week of Monday, June 17th, 2024, with Corey Quinn. Links:AWS CloudTrail Lake announces AI-powered natural language query generation (preview)Detect malware in new object uploads to Amazon S3 with Amazon GuardDuty AWS adds passkey multi-factor authentication (MFA) for root and IAM usersIn the Works – AWS Region in TaiwanOptimize storage costs in Amazon OpenSearch Service using Zstandard compressionAWS debuts AI certifications and courses for cloud jobsAWS's head of security shares 7 reasons why security will always be Amazon's top priority

In today's episode, we explore recent major cybersecurity upgrades aimed at safeguarding the American healthcare system, including a new initiative by Microsoft to provide critical cybersecurity resources to rural hospitals. Additionally, we delve into the Ticketmaster-Snowflake data breach perpetrated by ShinyHunters, targeting 560 million users and exposing key vulnerabilities in cloud environments. Lastly, we cover AWS's new and improved security features announced at the re:Inforce conference, which include added multi-factor authentication options, expanded malware protection for Amazon S3, and updated AI apps governance. Read more at: https://www.helpnetsecurity.com/2024/06/12/american-healthcare-cybersecurity/ https://thehackernews.com/2024/06/lessons-from-ticketmaster-snowflake.html https://www.helpnetsecurity.com/2024/06/12/aws-security-features/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags Microsoft, Cyberattacks, Healthcare systems, Rural hospitals, ShinyHunters, Breach, Data, Cybersecurity, AWS, FIDO2 passkeys, Malware protection, Cloud environment Search Phrases How Microsoft is protecting rural hospitals from cyberattacks Cybersecurity initiatives for rural healthcare by Microsoft ShinyHunters data breach impact on cloud security Essential measures to prevent cyberattacks in cloud environments Latest AWS security features from re:Inforce conference How FIDO2 passkeys enhance cloud environment security Updated malware protection for AWS S3 buckets Microsoft and Biden-Harris Administration cybersecurity efforts Impact of ShinyHunters breach on data security practices Advanced multi-factor authentication in AWS cloud environments Major cybersecurity upgrades announced to safeguard American healthcare https://www.helpnetsecurity.com/2024/06/12/american-healthcare-cybersecurity/ Rising Threats: Cyberattacks on American healthcare systems soared 128% from 2022 to 2023, leading to significant disruptions in hospital operations and payment systems. Actionable Insight: Healthcare professionals should stay vigilant and ensure their organizations have updated cybersecurity measures to mitigate risks. Impact of Recent Attacks: In early 2024, a major cyberattack affected one-third of healthcare claims in the U.S., delaying payments and services. Critical Implication: Entry to mid-level cybersecurity professionals should focus on protecting payment systems and ensuring quick recovery plans are in place. Government Initiatives: The Biden-Harris Administration launched several initiatives to bolster healthcare cybersecurity, including a new gateway website and voluntary performance goals. Actionable Insight: Healthcare institutions should leverage these resources to enhance their cybersecurity posture. Collaboration for Solutions: In May 2024, the White House gathered industry leaders to discuss cybersecurity challenges and promote secure-by-design solutions. Engagement Suggestion: Ask listeners how their organizations collaborate with other entities to share threat intelligence and improve security. ARPA-H UPGRADE Program: The Advanced Research Projects Agency for Health introduced the UPGRADE program, investing over $50 million in tools to defend hospital IT environments. Actionable Insight: IT teams should explore participation in this program to access cutting-edge cybersecurity tools and support. Rural Hospital Support: Cyber disruptions severely impact rural hospitals. Leading tech companies, including Microsoft and Google, committed to providing free or discounted cybersecurity resources to these institutions. Critical Implication: Rural hospital IT staff should take advantage of these offers to strengthen their defenses against cyberattacks. Microsoft's Cybersecurity Program: Microsoft announced a program offering up to 75% discounts on security products, free cybersecurity assessments, and training for rural hospitals. Actionable Insight: Rural healthcare providers should engage with Microsoft's program to improve their cybersecurity measures and resilience. Google's Contributions: Google will offer endpoint security advice and discounted communication tools to rural hospitals, along with a pilot program to tailor security solutions to their needs. Engagement Suggestion: Prompt listeners to consider what specific cybersecurity challenges their rural hospitals face and how these new initiatives could assist them. Continued Efforts: The White House and industry leaders emphasize the importance of private-public partnerships to ensure the security and functionality of healthcare systems nationwide. Efficiency Tip: Cybersecurity professionals should stay informed about these partnerships and actively participate to benefit from shared knowledge and resources. Lessons from the Ticketmaster-Snowflake Breach https://thehackernews.com/2024/06/lessons-from-ticketmaster-snowflake.html ShinyHunters Breach: Last week, hacker group ShinyHunters allegedly stole 1.3 terabytes of data from 560 million Ticketmaster users. The breach could expose massive amounts of personal data and has sparked significant concern. Listener Question: How can we ensure our data is safe with such large-scale breaches happening? Actionable Insight: Regularly update passwords and enable multi-factor authentication (MFA) on all accounts. Live Nation Confirms Breach: Live Nation confirmed the breach in an SEC filing, stating unauthorized activity occurred in a third-party cloud database. An investigation is ongoing, and law enforcement is involved. Listener Question: What steps should companies take immediately after discovering a breach? Actionable Insight: Initiate a comprehensive investigation, notify affected parties, and work with law enforcement. Santander Also Affected: ShinyHunters claim to have data from Santander, affecting millions of customers and employees in Chile, Spain, and Uruguay. The breach involved a third-party provider. Listener Question: Should we be worried about third-party services? Actionable Insight: Ensure third-party services adhere to stringent security protocols and regularly review their security measures. Snowflake Connection: Both Ticketmaster and Santander used Snowflake for their cloud databases. Snowflake warned of increased cyber threats targeting customer accounts, urging users to review logs for unusual activity. Listener Question: What can companies do to safeguard their cloud data? Actionable Insight: Enforce MFA, set network policies to limit access, and regularly rotate credentials. Snowflake's Response: Snowflake's CISO clarified their system wasn't breached; single-factor authentication vulnerabilities were exploited. They recommend MFA and network policy rules for enhanced security. Mitiga's Research: Mitiga found the attacks exploited environments without two-factor authentication, primarily using commercial VPN IPs to execute attacks. Listener Question: How can we protect against these types of attacks? Actionable Insight: Implement and enforce MFA, utilize corporate SSO, and regularly monitor for unusual login activity. Cloud Security Challenges: Modern cloud environments limit some security controls. Ensure platforms offer APIs for privileged identity management and integrate with corporate security. Listener Question: What should we look for in a cloud service provider? Actionable Insight: Choose providers that support MFA, SSO, password rotation, and centralized logging. Non-Human Identities: Protecting non-human identities like service accounts is challenging but necessary. Snowflake provides guidance on securing these accounts. Listener Question: How do we secure non-human identities? Actionable Insight: Use strong, unique passwords and rotate credentials frequently for service accounts. Cost of Cyber Attacks: Cybercriminals aim to maximize profit through mass, automated attacks like credential stuffing. Simple security measures can make these attacks less feasible. Listener Question: What simple measures can we take to protect against cyber attacks? Actionable Insight: Implement SSO, MFA, and regular password rotation to increase the cost and complexity for attackers. Remember, these insights are not just theoretical—they can help you strengthen your organization's security posture today!` AWS unveils new and improved security features https://www.helpnetsecurity.com/2024/06/12/aws-security-features/ Key Information and Actionable Insights Multi-Factor Authentication (MFA) Upgrades: New Option: AWS introduces support for FIDO2 passkeys as an additional MFA method. Security Assurance: FIDO2 security keys offer the highest level of security, ideal for environments with stringent regulatory requirements (FIPS-certified devices). Considerations: Evaluate passkey providers' security models, especially for access and recovery. Enhanced Access Management: IAM Access Analyzer Update: Now assists in identifying and removing unused roles, access keys, and passwords. Permissions Management: Helps set, verify, and refine unused permissions to maintain a streamlined and secure access environment. Malware Protection for Amazon S3: GuardDuty Expansion: Now detects malicious file uploads in S3 buckets. Configuration Options: Teams can set up post-scan actions like object tagging or use Amazon EventBridge to manage malware isolation processes. AI Apps Governance: Audit Manager Update: New AI best practice framework simplifies evidence collection and ongoing compliance audits. Standard Controls: Includes 110 pre-configured controls organized under domains such as accuracy, fairness, privacy, resilience, responsibility, safety, security, and sustainability. Additional Improvements: Log Analysis: Simplified through natural language queries that produce SQL queries (currently in preview). Network Services Integration: Streamlined process for incorporating firewalls, IDS/IPS, and other network services into customers' WANs.

Today, Scott and Wes dive into cloud storage solutions—why you might need them, how they use them, and what you need to know about the big players, fees, and more. Show Notes 00:00 Welcome to Syntax! 01:14 Brought to you by Sentry.io. 02:05 Why you might need a cloud storage provider. 03:07 How we use cloud storage. Dropshare. 08:16 Why you may need larger storage. 09:49 The big players in this space. Amazon S3. Cloudflare R2. Backblaze B2. Synology C2. Google Cloud Storage. Microsoft Azure. Digital Ocean Spaces. Oracle. Bunny.net. Amazon S3 Glacier. 14:34 Storage fees. 18:31 Why so cheap? 20:49 Bandwidth (egress). Cloudflare Bandwidth Alliance. 26:46 Operation fees - costs money. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott:X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

In this episode, we discuss some tips and tricks for optimizing performance when working with Amazon S3 at scale. We start by giving an overview of how S3 works, highlighting the distributed nature of the service and how data is stored redundantly across multiple availability zones for durability. We then dive into specific tips like using multipart uploads and downloads, spreading the load across key namespaces, enabling transfer acceleration, and using S3 byte-range fetches. Overall, we aim to provide developers building S3-intensive applications with practical guidance to squeeze the most performance out of the service.

This is a recap of the top 10 posts on Hacker News on May 13th, 2024.This podcast was generated by wondercraft.ai(00:34): GPT-4oOriginal post: https://news.ycombinator.com/item?id=40345775&utm_source=wondercraft_ai(02:36): Telegram has launched a pretty intense campaign to malign Signal as insecureOriginal post: https://news.ycombinator.com/item?id=40341716&utm_source=wondercraft_ai(04:09): The USDA's gardening zones shifted, this map shows you what's changedOriginal post: https://news.ycombinator.com/item?id=40342578&utm_source=wondercraft_ai(05:49): It's an age of marvelsOriginal post: https://news.ycombinator.com/item?id=40342188&utm_source=wondercraft_ai(07:43): Static ChessOriginal post: https://news.ycombinator.com/item?id=40342803&utm_source=wondercraft_ai(09:19): Apple and Google deliver support for unwanted tracking alerts in iOS and AndroidOriginal post: https://news.ycombinator.com/item?id=40346024&utm_source=wondercraft_ai(10:56): Amazon S3 will no longer charge for several HTTP error codesOriginal post: https://news.ycombinator.com/item?id=40346597&utm_source=wondercraft_ai(12:15): Protecting your email address via SVG instead of JavaScriptOriginal post: https://news.ycombinator.com/item?id=40340642&utm_source=wondercraft_ai(13:52): Falcon 2Original post: https://news.ycombinator.com/item?id=40344302&utm_source=wondercraft_ai(15:36): New mRNA cancer vaccine triggers immune response to malignant brain tumorOriginal post: https://news.ycombinator.com/item?id=40346675&utm_source=wondercraft_aiThis is a third-party project, independent from HN and YC. Text and audio generated using AI, by wondercraft.ai. Create your own studio quality podcast with text as the only input in seconds at app.wondercraft.ai. Issues or feedback? We'd love to hear from you: team@wondercraft.ai

Today's guest is Anand Babu Periasamy, Co-founder & Co-CEO of MinIO, Inc. MinIO is a software company that develops High-Performance Object Storage systems that are API compatible with the Amazon S3 cloud storage service. Anand joins us on today's podcast to discuss opportunities for IT and infrastructure leaders to scale AI across the enterprise. Throughout the episode, Anand explains at length what he sees as the critical ingredients for ensuring sustainable growth in infrastructure systems and the advantages of object storage regardless of industrial sector. This episode is sponsored by MinIO. Learn how brands work with Emerj and other Emerj Media options at emerj.com/ad1.

In today's episode, we discuss how a developer nearly faced a $1,300 bill due to a poorly named AWS S3 storage bucket, attracting unauthorized access (https://arstechnica.com/information-technology/2024/04/aws-s3-storage-bucket-with-unlucky-name-nearly-cost-developer-1300/). We also delve into the repercussions faced by Change Healthcare after a ransomware attack due to compromised credentials and lack of MFA (https://www.cybersecuritydive.com/news/change-healthcare-compromised-credentials-no-mfa/714792/). Lastly, we explore a new Android malware named Wpeeper that utilizes compromised WordPress sites to conceal C2 servers, posing a threat to unsuspecting users (https://thehackernews.com/2024/05/android-malware-wpeeper-uses.html). 00:00 Intro 00:55 Change Health Care 04:10 The High Cost of a Naming Mistake: A Developer's AWS Nightmare 07:54 Emerging Threats: The Rise of WPeeper Malware AWS, S3, Storage Bucket, Unauthorized Access,Change Healthcare, AlphV, ransomware, cybersecurity,Wpeeper, malware, WordPress, command-and-control Search phrases: 1. Ransomware group AlphV 2. Change Healthcare 3. Compromised credentials 4. Multifactor authentication 5. Ransomware consequences Change Healthcare 6. Cybersecurity breach consequences 7. Security measures for cybersecurity breach prevention 8. Wpeeper malware 9. Android device security protection 10. Compromised WordPress sites protection Change Healthcare's CEO just testified in front of the House Subcommittee that the service they used to deploy remote desktop services did not require multi factor authentication. Which led to one of the most impactful ransomware attacks in recent history. In other news, a very unlucky developer in his personal time accidentally incurred over 1, 300 worth of charges on his AWS account overnight. What was this developer doing and how did it lead to such high charges in such a short amount of time? Wpeeper Malware is utilizing compromised WordPress sites to hide its C2 servers, posing a significant threat to Android devices, with the potential to escalate further if undetected. How can users protect their Android devices from falling victim to this malware? You're listening to The Daily Decrypt. The CEO of Change Healthcare, which is a subsidiary of UnitedHealthcare that was breached, it's been all over the news, it's all over the news. Revealed in written testimony that Change Healthcare was compromised by Ransomware Group. accessing their systems with stolen credentials. Which we all knew, but the ransomware group used these compromised credentials to remotely access a Citrix portal, which is an application used to enable remote access to desktops. And this portal did not require multi factor authentication. I don't know much about Change Healthcare's inner infrastructure, but any portal that allows remote access to other desktops should be locked down pretty hard. And the fact that just a simple username and password can grant access can grant all of these different desktops is pretty terrible. And means that this attack could have likely been avoided had they enabled multi factor authentication. So if you're brand new to cybersecurity and you're listening to this podcast for the first time, you need to know that there are a few very easy things you can do to improve your posture online. Don't reuse passwords. Step one, one of the easiest way to do that is to use a password manager and have them generate your passwords for you. Number two, enable multi factor authentication that way, if someone does come into your username and password combination, they still have to get through some sort of device based authentication, like a ping on your cell phone or something like that, to allow them to log into your account. Now, in the case of United and Change Healthcare, one thing that they also could have done To help mitigate their negligence in not enabling multi factor authentication would be to have frequent dark web scams for any password in the system or any username in the system. And this can all be automated. If a password that is being used to access any system in your network is found on the dark web, immediately revoke that password and require that user to create a new one. But, that is slightly more complicated than just requiring multi factor authentication. So, probably start there. But, the attackers who carried out this ransomware were able to use credentials they found on the dark web to infiltrate the networks, gain access to remote desktops, and launch their ransomware within 9 days of their entry. So, that's pretty fast. A few years ago, that would have taken dozens of days, if not hundreds of days. The dwell time for attackers was pretty high back then. But now, single digits. That doesn't leave much time for defenders to find this type of attack. But the CEO acknowledged this negligence and shared his deep condolences for all of the patrons of Change Healthcare. The pharmacists, the doctors, a lot of work had to be put on hold For And it's very possible that people died as a result of this breach, having to be transferred to different hospitals, etc. This is a pretty tragic thing, so if you're in the healthcare industry, if you're in a position of power, make sure that all your internal systems, and especially external, but definitely internal as well, have multi factor authentication enabled. And if you want to go the extra mile, create some sort of automatic tool that probably exists online for free, that will check the dark web on a recurring basis for any passwords in your system. A cloud developer was setting up a proof of concept for a client. And it involved creating an empty storage bucket in AWS. The project was a document indexing system. And so this developer uploaded a couple of documents and then began working in other areas of the project. Then after two days of work, went back and checked the billing costs and found 1, 300 worth of charges. Now, if you're not familiar with AWS and their pricing, S3 storage buckets are really cheap. The daily decrypt is actually hosted in the S3 storage bucket and I pay less than 10 a month for all hosting. And I'm uploading audio, which is a lot larger than documents. Okay. So this bucket should have cost less than 5 a month, but after two days, There were 1300 in charges, so I really appreciate the developer sharing this story because it's an interesting case study. What happened? Well, the developer accidentally named the bucket the same thing that an open source software uses as a placeholder in their code. So what does that mean? Some other company, let's say it's Home Depot, alright? That came up in a previous reel. Home Depot has some software that backs up their files to Amazon S3 buckets on a recurring basis. Home Depot also has a non production version of that code that has placeholders for those S3 bucket names, such as placeholder bucket 1231 or something like that, so that when it comes time to upload their files, they replace that placeholder with the actual name of their bucket. but That sample code is running, and it's not doing anything because it's attempting to backup their files to a bucket that doesn't exist. Well, this developer lucked out and created an S3 bucket with that exact name of that placeholder, and this script now all of a sudden is trying to send all of Home Depot's backup files to this bucket And news to me, but AWS charges a fee, it's like 005 cents per request. And an automated system can generate thousands of requests. Per second, like it can go very fast. So just in two days, that 0. 0005 cents per request turned into 1, 300. Now these are unexpected charges. Amazon agrees he shouldn't have to pay for this, but it just goes to show how careful you have to be when naming your S3 buckets, especially if they're going to allow for public users to place files in them. But another really important aspect of this story that I find fascinating is that the developer, once he realized what was happening, decided to open up his bucket and allow for files to be placed there. And within 30 seconds, there were over 10 gigabytes of files placed in this bucket. And these files belonged to another company. One that's pretty reputable, so probably on the same lines of Home Depot. Now this developer won't disclose that because these files are currently being backed up and there's a huge risk for data leak, but this developer now has the source code for all kinds of files that belong to a pretty big company. So as a developer, make sure you name your AWS buckets, something pretty unique and maybe even add in a little suffix of random characters after anything you name. And as developers for companies, make sure you're not having automated scripts upload to bucket names that don't exist because Maybe someday they will exist and all those files will go to that bucket. The developer did reach out to the company that was affected by this and has received no response. But we're all hoping that the company responds and fixes their practice and hopefully shells out some money to this developer because that's a pretty big bug and they deserve compensation. And finally, cybersecurity researchers have identified a new Android malware named WPeeper that utilizes compromised WordPress sites to hide its command and control servers. And if you've been listening to this podcast for a while or keeping up to date on cybersecurity news, you'll know that there's a lot of opportunity within the WordPress framework to compromise WordPress sites. And it would be a great place to host a command and control server. WPPer is a binary that employs the HTTPS protocol for secure C2 communications and functions as a backdoor. The malware disguises itself within a repackaged version of the Up to down app store for Android aiming to evade detection and deceive users into installing the malicious payload. WPaper utilizes a complex C2 architecture that involves using infected WordPress sites as intermediaries to obfuscate its actual C2 servers with as many as 45 C2 servers identified in the infrastructure. The malware's capabilities involve collecting device information, updating C2 servers, downloading additional payloads, and self deleting. And to safeguard against similar malware attacks, users are advised to download apps only from reputable sources, carefully review app permissions, and just Be careful what you click on. Stay vigilant out there against suspicious activities that may be taking place on your phone. You might notice a performance lag. You might notice weird browsers opening up. And if you do, you might just want to restart your device, reset it. And if you do get curious and install a scanning tool, antivirus, anti malware, et cetera, make sure you do it from a reputable source. This has been the Daily Decrypt. If you found your key to unlocking the digital domain, show your support with a rating on Spotify or Apple Podcasts. It truly helps us stand at the frontier of cyber news. Don't forget to connect on Instagram or catch our episodes on YouTube. Until next time, keep your data safe and your curiosity alive.

AWS Morning Brief for the week of April 1, 2024, with Corey Quinn. Links:AI recommendations for descriptions in Amazon DataZone now generally availableAmazon DynamoDB Import from S3 now supports up to 50,000 Amazon S3 objects in a single bulk importAmazon Time Sync Service now supports microsecond-accurate time in US East (N. Virginia) Region AWS Billing and Cost Management Data Exports now supports AWS CloudFormation AWS Compute Optimizer introduces memory customizability for EC2 rightsizing recommendationsAWS Cost Allocation Tags now support retroactive applicationEstimating the charges for Amazon RDS Extended SupportAmazon completes $4B Anthropic investment to advance generative AI 

Welcome to part four in the AWS Certification Exam Prep Mini-Series! Whether you're an aspiring cloud enthusiast or a seasoned developer looking to deepen your architectural acumen, you've landed in the perfect spot. In this six-part saga, we're demystifying the pivotal role of a Solutions Architect in the AWS cloud computing cosmos. In this fourth episode, Caroline and Dave chat again with Anya Derbakova, a Senior Startup Solutions Architect at AWS, known for weaving social media magic, and Ted Trentler, a Senior AWS Technical Instructor with a knack for simplifying the complex. Together, we will step into the realm of performance, where we untangle the complexities of designing high-performing architectures in the cloud. We dissect the essentials of high-performing storage solutions, dive deep into elastic compute services for scaling and cost efficiency, and unravel the intricacies of optimizing database solutions for unparalleled performance. Expect to uncover: • The spectrum of AWS storage services and their optimal use cases, from Amazon S3's versatility to the shared capabilities of Amazon EFS. • How to leverage Amazon EC2, Auto Scaling, and Load Balancing to create elastic compute solutions that adapt to your needs. • Insights into serverless computing paradigms with AWS Lambda and Fargate, highlighting the shift towards de-coupled architectures. • Strategies for selecting high-performing database solutions, including the transition from on-premise databases to AWS-managed services like RDS and the benefits of caching with Amazon ElastiCache. • A real-world scenario where we'll navigate the challenge of processing hundreds of thousands of online votes in minutes, testing your understanding and application of high-performing AWS architectures. Whether you're dealing with vast amounts of data, requiring robust compute power, or ensuring your architecture can handle peak loads without a hitch, we've got you covered! Anya on LinkedIn: https://www.linkedin.com/in/annadderbakova/ Ted on Twitter: https://twitter.com/ttrentler Ted on LinkedIn: https://linkedin/in/tedtrentler Caroline on Twitter: https://twitter.com/carolinegluck Caroline on LinkedIn: https://www.linkedin.com/in/cgluck/ Dave on Twitter: https://twitter.com/thedavedev Dave on LinkedIn: https://www.linkedin.com/in/davidisbitski AWS SAA Exam Guide - https://d1.awsstatic.com/training-and-certification/docs-sa-assoc/AWS-Certified-Solutions-Architect-Associate_Exam-Guide.pdf Party Rock for Exam Study - https://partyrock.aws/u/tedtrent/KQtYIhbJb/Solutions-Architect-Study-Buddy All Things AWS Training - Links to Self-paced and Instructor Led https://aws.amazon.com/training/ AWS Skill Builder – Free CPE Course - https://explore.skillbuilder.aws/learn/course/134/aws-cloud-practitioner-essentials AWS Skill Builder – Learning Badges - https://explore.skillbuilder.aws/learn/public/learning_plan/view/1044/solutions-architect-knowledge-badge-readiness-path AWS Usergroup Communities: https://aws.amazon.com/developer/community/usergroups Subscribe: Spotify: https://open.spotify.com/show/7rQjgnBvuyr18K03tnEHBI Apple Podcasts: https://podcasts.apple.com/us/podcast/aws-developers-podcast/id1574162669 Stitcher: https://www.stitcher.com/show/1065378 Pandora: https://www.pandora.com/podcast/aws-developers-podcast/PC:1001065378 TuneIn: https://tunein.com/podcasts/Technology-Podcasts/AWS-Developers-Podcast-p1461814/ Amazon Music: https://music.amazon.com/podcasts/f8bf7630-2521-4b40-be90-c46a9222c159/aws-developers-podcast Google Podcasts: https://podcasts.google.com/feed/aHR0cHM6Ly9mZWVkcy5zb3VuZGNsb3VkLmNvbS91c2Vycy9zb3VuZGNsb3VkOnVzZXJzOjk5NDM2MzU0OS9zb3VuZHMucnNz RSS Feed: https://feeds.soundcloud.com/users/soundcloud:users:994363549/sounds.rss

In this episode, Lane talks to Alex DeBrie, author of the DynamoDB book. Today's talk covers various aspects such as DynamoDB's comparison with Amazon S3, its benefits, use cases, constraints, and cost considerations, while also covering other AWS and Google Cloud services. Alex also shares his insights into his journey of writing the book on DynamoDB and touches on topics like access patterns, secondary indexes, and billing modes. Alex also shares his professional experiences, including consulting vs freelancing, thoughts of entrepreneurial aspirations, and gives helpful advice for those that are considering pursuing a similar career.Learn back-end development - https://boot.devListen on your favorite podcast player: https://www.backendbanter.fmAlex's Twitter: https://twitter.com/alexbdebrieAlex's Website: https://www.alexdebrie.com(00:00) - Introduction (01:27) - Who is Alex DeBrie? (02:39) - What is DynamoDB? (04:15) - EC2 instance (05:50) - Amazon S3 (06:25) - DynamoDB is more like S3 (07:40) - Difference between DynamoDB and S3 (08:20) - What do we mean when we say NoSQL (10:08) - BigQuery and BigTable (12:31) - Some of DynamoDB's benefits (13:15) - When to use DynamoDB (15:58) - Constraint of number of connections (18:06) - DynamoDB is a multi-tenant service (19:21) - How does DynamoDB shake up against something like MongoDB (22:22) - DynamoDB is opinionated, but it provides good results consistently (25:54) - You can only do certain things in DynamoDB, but they are guaranteed to be fast (26:42) - Relational Databases - Theory vs Practicality (31:08) - How Alex came to write a book about DynamoDB (32:15) - What happens when SQL runs, depends heavily on the system underneath (33:57) - DynamoDB doesn't have a query planner (36:08) - Access patterns (38:04) - Use case for Secondary Indexes (39:43) - Costs of DynamoDB (40:45) - Billing modes for DynamoDB (45:26) - Provisioning and planning for expenses (48:40) - Super Mario 64 Hack (49:34) - What Was Alex's Last Full Time Job (51:02) - Consulting vs Freelancing (52:23) - Does Alex see himself going back to a Full Time Job? (53:07) - Does Alex have any entrepreneurial urges? (54:01) - What you should think about before jumping into freelance/consulting (56:01) - Authority in the consulting world (57:11) - Where to find Alex

Andrew Shieh shares the thrilling story of SmugMug's bold leap into AWS's cloud technology, marking it as one of the pioneering companies to harness the cloud for digital photography storage. This episode offers a unique perspective into the type of strategy and groundbreaking tech advancements that catapulted SmugMug's success. Listen to the full episode for a masterclass in innovation and adaptation!Show highlights: (00:00) Corey introduces the show & Guest Andrew Shieh(00:54)Andrew shares the story of how SmugMug became AWS's first enterprise customer. (02:17) Discussion on the evolution of AWS's customer service(04:31) Reflections on the expansion of AWS services. (06:08) The critical role of Amazon S3 in SmugMug's operations(12:24) AWS's interest in unique customer stories and feedback (09:32) SmugMug's cloud strategy and optimization(13:50) Andrew discusses challenges and solutions in cloud adoption(17:38) Andrew shares his experiences at AWS re:Invent, offering thoughts on the conference's evolution(21:09) A look into AWS's pricing formulas and business insights (31:55) Closing thoughtsAbout AndrewAndrew "shandrew" Shieh is a multidisciplinary engineer, focused today on making the AWS cloud do what it promises to. Andrew started as an environmental engineer, focused on energy efficiency and air pollution modeling, but quickly got dragged into tech after spending most of college at the help desk of the Unix computer cluster.Andrew's current interests include sustainability, cost efficiency, and economics. Most AWS service teams are his friends and he enjoys (a bit too much) talking to his SmugMug and Flickr coworkers about AWS. He recently spoke at AWS re:Invent about how his children (9 and 11) helped to teach him the value of trivia as a means of learning backwards. He also wrote a keynote for re:Invent's pandemic year, and has rescued billions of precious photos from extinction.Links Referenced:SmugMug: https://www.smugmug.com/S3 Intelligent Tiering blog post on Duckbill Group: https://www.duckbillgroup.com/blog/s3-intelligent-tiering-what-it-takes-to-actually-break-even/Mastodon: https://hachyderm.io/@shandrewLinkedIn: https://www.linkedin.com/in/shandrew/Flickr: https://flickr.com/photos/shandrewAndrew's talk on "Learning Backwards" at re:Invent 2023: https://www.youtube.com/watch?v=od09dD7mc6k 

In this episode, hear how S3 Express One Zone enables workloads such as machine learning training, interactive analytics, and media content creation to achieve single-digit millisecond data access speed with high durability and availability.

The Amazon S3 Express One Zone storage class is purpose-built to deliver the fastest cloud object storage for performance-critical applications, with speeds up to 10x faster and request costs down to 50% lower than S3 Standard. In this episode, hear how S3 Express One Zone enables workloads such as machine learning training, interactive analytics, and media content creation to achieve single-digit millisecond data access speed with high durability and availability.

We talked with Andy Warfield (@AndyWarfield), VP Distinguished Engineer, Amazon, about 10 years ago, when at Coho Data (see our (005:) Greybeards talk scale out storage … podcast). Andy has been a good friend for a long time and he's been with Amazon S3 for over 5 years now. Since the recent S3 announcements at … Continue reading "161: Greybeards talk AWS S3 storage with Andy Warfield, VP Distinguished Engineer, Amazon"

In this podcast, Krish explores the various connectors available in Confluent Cloud. He starts by recapping the previous podcasts and the basics of Confluent Cloud. Krish then focuses on connectors, explaining their value and why they can reduce the need for writing code. He explores different connectors, such as the data gen source connector and the MongoDB Atlas connectors. Krish also discusses different data formats, including Avro, Protobuf, and JSON. He briefly touches on implementing custom connectors. Krish explores the topic of connectors in Confluent Cloud. He discusses the process of creating connectors and the different types of connectors available. Krish also delves into configuring connectors and defining configuration parameters. He explores the concept of custom connector configuration and the use of connector properties files. Krish then explores existing connectors, such as the HTTP source and sync connectors, and discusses the process of publishing custom connectors. He concludes by mentioning the Confluent CLI for managing connectors. Takeaways Connectors in Confluent Cloud provide value by reducing the need for writing code. Different connectors are available for various data sources and destinations, such as MongoDB, Amazon S3, and Elasticsearch. Data formats like Avro, Protobuf, and JSON can be used with connectors. Implementing custom connectors allows for more flexibility and integration with specific systems. Connectors enable seamless data integration and propagation between different systems. Connectors in Confluent Cloud allow for seamless integration with various systems and services. Custom connectors can be created and published to Confluent Cloud. Configuration parameters for connectors can be defined and managed. The Confluent CLI provides a command-line interface for managing connectors. Chapters 00:00 Introduction 00:35 Recap of Previous Podcasts 01:05 Focus on Connectors in Confluent Cloud 02:16 Exploring Data Gen Source Connector 03:43 Different Formats: Avro, Protobuf, JSON 08:07 Differences Between Avro and Protobuf 10:03 Exploring Other Connectors 11:14 Using MongoDB Atlas Connectors 12:08 Testing Different Formats with Connectors 13:36 Handling Avro Format with Consumer 16:58 Exploring More Connectors: Snowflake, Amazon S3, Elasticsearch 20:33 Implementing Custom Connectors 27:31 Exploring More Connectors: Salesforce, Oracle, Jira 35:16 Exploring More Connectors: SQL Server, MySQL 38:43 Implementing Custom Connectors 43:24 Exploring More Connectors: Kafka, File 46:20 Understanding Connector Implementation 49:06 Creating Custom Connectors 50:00 Summary and Conclusion 50:59 Creating Connectors 52:04 Configuring Connectors 54:00 Custom Connector Configuration 56:08 Defining Configuration Parameters 57:38 Configuration Properties 59:49 Self-Managed Connectors 01:00: 27 Connector Properties File 01:01:28 Creating Custom Connectors 01:02: 09 Publishing Custom Connectors 01:03: 37Existing Connectors 01:04: 14HTTP Source Connector 01:06:40 HTTP Sync Connector 01:08:34 Other Connectors 01:10:34 Managing Connectors 01:12:14 Confluent CLI Snowpal Products Backends as Services on ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠AWS Marketplace⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Mobile Apps on ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠App Store⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Play Store⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Web App⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Education Platform⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ for Learners and Course Creators

We continue to dive deep into the recent announcements from AWS re:Invent, with the release of Amazon Neptune Analytics. Discover how Neptune Analytics helps customers find insights 80x faster by analyzing their existing Neptune graph database or graph data from a data lake such as Amazon S3. Jillian Forde is joined by Dr. Denise Gosnell (Principal Product Manager for Amazon Neptune) to learn more about Amazon Neptune Analytics. We discuss how speed is of the essence for gaining insights from large graph databases with data, such as the friendships within a social network, targeted content recommendation, fraud detection, and network threat detection then you will want to check out the new Amazon Neptune Analytics database engine.

AWS Morning Brief for the week of October 10, 2023 with Corey Quinn. Links: Sponsor re:Quinnvent Amazon DataZone is now generally available Amazon EC2 Hibernate now supports more operating systems  Lambda test events are now available in AWS SAM CLI  Simplify data transfer: Google BigQuery to Amazon S3 using Amazon AppFlow Coming November 2023: A new analysis experience on Amazon QuickSight Implement auto-increment with Amazon DynamoDB The Future of Personal Digital Records: Unlocking Security and Efficiency through Blockchain and Smart Contracts Slack elevates media pipeline with AWS Elemental MediaConvert and Amazon Transcribe Integrate multiple Microsoft Entra ID tenants with AWS IAM Identity Center Building high-throughput satellite data downlink architectures with AWS Ground Station WideBand DigIF and Amphinicy Blink SDR  Save the Date: Join AWS at the Reality Capture Network Conference, Oct 17 – Oct 19, 2023 

Welcome episode 227 of the Cloud Pod podcast - where the forecast is always cloudy! This week your hosts are Justin, Jonathan, Matthew and Ryan - and they're REALLY excited to tell you all about the 161 one things announced at Google Next. Literally, all the things. We're also saying farewell to EC2 Classic, Amazon SES, and Azure's Explicit Proxy - which probably isn't what you think it is.  Titles we almost went with this week:

Last Week In AWS for the week of September 4, 2023, with Corey Quinn. Links: Amazon QuickSight adds scheduled and programmatic export to Excel format  Amazon S3 now supports multivalue answer in response to DNS queries AWS Backup now supports local time zone selections  AWS Lambda Functions powered by AWS Graviton2 now available in 6 additional regions  AWS Neuron adds support for Llama 2, GPT-NeoX, and SDXL generative AI models  AWS Private CA launches Connector for Active Directory  Streamlining Prior Authorization with Treatline's Generative AI Platform for Healthcare and Insurance Providers Updating AWS CloudFormation Stacks Without Service Disruption to Support Rapid Business Innovation Why AWS Customers Choose to Procure Software Through Channel Partners in AWS Marketplace  Announcing Amazon Managed Service for Apache Flink Renamed from Amazon Kinesis Data Analytics Deploy Amazon OpenSearch Serverless with Terraform  How AWS AppFabric helps companies overcome tech overload  Reinventing the in-store experience with Smart Store solutions Automatically generate impressions from findings in radiology reports using generative AI on AWS  How MongoDB and AWS Collaborated to Enable Running the Open Source MongoDB Kafka Connector in Managed Environments Embracing our broad responsibility for securing digital infrastructure in the European Union 

Kelsey Hightower joins Corey on Screaming in the Cloud to discuss his reflections on how the tech industry is progressing. Kelsey describes what he's been getting out of retirement so far, and reflects on what he learned throughout his high-profile career - including why feature sprawl is such a driving force behind the complexity of the cloud environment and the tactics he used to create demos that are engaging for the audience. Corey and Kelsey also discuss the importance of remaining authentic throughout your career, and what it means to truly have an authentic voice in tech. About KelseyKelsey Hightower is a former Distinguished Engineer at Google Cloud, the co-chair of KubeCon, the world's premier Kubernetes conference, and an open source enthusiast. He's also the co-author of Kubernetes Up & Running: Dive into the Future of Infrastructure. Recently, Kelsey announced his retirement after a 25-year career in tech.Links Referenced:Twitter: https://twitter.com/kelseyhightower TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Do you wish there were cheat codes for database optimization? Well, there are – no seriously. If you're using Postgres or MySQL on Amazon Aurora or RDS, OtterTune uses AI to automatically optimize your knobs and indexes and queries and other bits and bobs in databases. OtterTune applies optimal settings and recommendations in the background or surfaces them to you and allows you to do it. The best part is that there's no cost to try it. Get a free, thirty-day trial to take it for a test drive. Go to ottertune dot com to learn more. That's O-T-T-E-R-T-U-N-E dot com.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. You know, there's a great story from the Bible or Torah—Old Testament, regardless—that I was always a big fan of where you wind up with the Israelites walking the desert for 40 years in order to figure out what comes next. And Moses led them but could never enter into what came next. Honestly, I feel like my entire life is sort of going to be that direction. Not the biblical aspects, but rather always wondering what's on the other side of a door that I can never cross, and that door is retirement. Today I'm having returning guest Kelsey Hightower, who is no longer at Google. In fact, is no longer working and has joined the ranks of the gloriously retired. Welcome back, and what's it like?Kelsey: I'm happy to be here. I think retirement is just like work in some ways: you have to learn how to do it. A lot of people have no practice in their adult life what to do with all of their time. We have small dabs in it, like, you get the weekend off, depending on what your work, but you never have enough time to kind of unwind and get into something else. So, I'm being honest with myself. It's going to be a learning curve, what to do with that much time.You're probably still going to do work, but it's going to be a different type of work than you're used to. And so, that's where I am. 30 days into this, I'm in that learning mode, I'm on-the-job training.Corey: What's harder than you expected?Kelsey: It's not the hard part because I think mentally I've been preparing for, like, the last ten years, being a minimalist, learning how to kind of live within my means, learn to appreciate things that are just not work-related or status symbols. And so, to me, it felt like a smooth transition because I started to value my time more than anything else, right? Just waking up the next day became valuable to me. Spending time in the moment, right, you go to these conferences, there's, like, 10,000 people, but you learn to value those one-on-one encounters, those one-off, kind of, let's just go grab lunch situations. So, to me, retirement just makes more room for that, right? I no longer have this calendar that is super full, so I think for me, it was a nice transition in terms of getting more of that valuable time back.Corey: It seems to me that you're in a similar position to the one that I find myself in where the job that you were doing and I still am is tied, more or less, to a sense of identity as opposed to a particular task or particular role that you fill. You were Kelsey Hightower. That was a complete sentence. People didn't necessarily need to hear the rest of what you were working on or what you were going to be talking about at a given conference or whatnot. So, it seemed, at least from the outside, that an awful lot of what you did was quite simply who you were. Do you feel that your sense of identity has changed?Kelsey: So, I think when you have that much influence, when you have that much reputation, the words you say travel further, they tend to come with a little bit more respect, and so when you're working with a team on new product, and you say, “Hey, I think we should change some things.” And when they hear those words coming from someone that they trust or has a name that is attached to reputation, you tend to be able to make a lot of impact with very few words. But what you also find is that no matter what you get involved in—configuration management, distributed systems, serverless, working with customers—it all is helped and aided by the reputation that you bring into that line of work. And so yes, who you are matters, but one thing that I think helped me, kind of greatly, people are paying attention maybe to the last eight years of my career: containers, Kubernetes, but my career stretches back to the converting COBOL into Python days; the dawn of DevOps, Puppet, Chef, and Ansible; the Golang appearance and every tool being rewritten from Ruby to Golang; the Docker era.And so, my identity has stayed with me throughout those transitions. And so, it was very easy for me to walk away from that thing because I've done it three or four times before in the past, so I know who I am. I've never had, like, a Twitter bio that said, “Company X. X person from company X.” I've learned long ago to just decouple who I am from my current employer because that is always subject to change.Corey: I was fortunate enough to not find myself in the public eye until I owned my own company. But I definitely remember times in my previous incarnations where I was, “Oh, today I'm working at this company,” and I believed—usually inaccurately—that this was it. This was where I really found my niche. And then surprise I'm not there anymore six months later for, either their decision, my decision, or mutual agreement. And I was always hesitant about hanging a shingle out that was tied too tightly to any one employer.Even now, I was little worried about doing it when I went independent, just because well, what if it doesn't work? Well, what if, on some level? I think that there's an authenticity that you can bring with you—and you certainly have—where, for a long time now, whenever you say something, I take it seriously, and a lot of people do. It's not that you're unassailably correct, but I've never known you to say something you did not authentically believe in. And that is an opinion that is very broadly shared in this industry. So, if nothing else, you definitely were a terrific object lesson in speaking the truth, as you saw it.Kelsey: I think what you describe is one way that, whether you're an engineer doing QA, working in the sales department, when you can be honest with the team you're working with, when you can be honest with the customers you're selling into when you can be honest with the community you're part of, that's where the authenticity gets built, right? Companies, sometimes on the surface, you believe that they just want you to walk the party line, you know, they give you the lines and you just read them verbatim and you're doing your part. To be honest, you can do that with the website. You can do that with a well-placed ad in the search queries.What people are actually looking for are real people with real experiences, sharing not just fact, but I think when you mix kind of fact and opinion, you get this level of authenticity that you can't get just by pure strategic marketing. And so, having that leverage, I remember back in the day, people used to say, “I'm going to do the right thing and if it gets me fired, then that's just the way it's going to be. I don't want to go around doing the wrong thing because I'm scared I'm going to lose my job.” You want to find yourself in that situation where doing the right thing, is also the best thing for the company, and that's very rare, so when I've either had that opportunity or I've tried to create that opportunity and move from there.Corey: It resonates and it shows. I have never had a lot of respect for people who effectively are saying one thing today and another thing the next week based upon which way they think that the winds are blowing. But there's also something to be said for being able and willing to publicly recant things you have said previously as technology evolves, as your perspective evolves and, in light of new information, I'm now going to change my perspective on something. I've done that already with multi-cloud, for example. I thought it was ridiculous when I heard about it. But there are also expressions of it that basically every company is using, including my own. And it's a nuanced area. Where I find it challenging is when you see a lot of these perspectives that people are espousing that just so happen to deeply align with where their paycheck comes from any given week. That doesn't ring quite as true to me.Kelsey: Yeah, most companies actually don't know how to deal with it either. And now there has been times at any number of companies where my authentic opinion that I put out there is against party line. And you get those emails from directors and VPs. Like, “Hey, I thought we all agree to think this way or to at least say this.” And that's where you have to kind of have that moment of clarity and say, “Listen, that is undeniably wrong. It's so wrong in fact that if you say this in public, whether a small setting or large setting, you are going to instantly lose credibility going forward for yourself. Forget the company for a moment. There's going to be a situation where you will no longer be effective in your job because all of your authenticity is now gone. And so, what I'm trying to do and tell you is don't do that. You're better off saying nothing.”But if you go out there, and you're telling what is obviously misinformation or isn't accurate, people are not dumb. They're going to see through it and you will be classified as a person not to listen to. And so, I think a lot of people struggle with that because they believe that enterprise's consensus should also be theirs.Corey: An argument that I made—we'll call it a prediction—four-and-a-half years ago, was that in five years, nobody would really care about Kubernetes. And people misunderstood that initially, and I've clarified since repeatedly that I'm not suggesting it's going away: “Oh, turns out that was just a ridiculous fever dream and we're all going back to running bare metal with our hands again,” but rather that it would slip below the surface-level of awareness. And I don't know that I got the timing quite right on that, I think it's going to depend on the company and the culture that you find yourself in. But increasingly, when there's an application to run, it's easy to ask someone just, “Oh, great. Where's the Kubernetes cluster live so we can throw this on there and just add it to the rest of the pile?”That is sort of what I was seeing. My intention with that was not purely just to be controversial, as much fun as that might be, but also to act as a bit of a warning, where I've known too many people who let their identities become inextricably tangled with the technology. But technologies rise and fall, and at some point—like, you talk about configuration management days; I learned to speak publicly as a traveling trainer for Puppet. I wrote part of SaltStack once upon a time. But it was clear that that was not the direction the industry was going, so it was time to find something else to focus on. And I fear for people who don't keep an awareness or their feet underneath them and pay attention to broader market trends.Kelsey: Yeah, I think whenever I was personally caught up in linking my identity to technology, like, “I'm a Rubyist,” right?“, I'm a Puppeteer,” and you wear those names proudly. But I remember just thinking to myself, like, “You have to take a step back. What's more important, you or the technology?” And at some point, I realized, like, it's me, that is more important, right? Like, my independent thinking on this, my independent experience with this is far more important than the success of this thing.But also, I think there's a component there. Like when you talked about Kubernetes, you know, maybe being less relevant in five years, there's two things there. One is the success of all infrastructure things equals irrelevancy. When flights don't crash, when bridges just work, you do not think about them. You just use them because they're so stable and they become very boring. That is the success criteria.Corey: Utilities. No one's wondering if the faucet's going to work when they turn it on in the morning.Kelsey: Yeah. So, you know, there's a couple of ways to look at your statement. One is, you believe Kubernetes is on the trajectory that it's going to stabilize itself and hit that success criteria, and then it will be irrelevant. Or there's another part of the irrelevancy where something else comes along and replaces that thing, right? I think Cloud Foundry and Mesos are two good examples of Kubernetes coming along and stealing all of the attention from that because those particular products never gained that mass adoption. Maybe they got to the stable part, but they never got to the mass adoption part. So, I think when it comes to infrastructure, it's going to be irrelevant. It's just what side of that [laugh] coin do you land on?Corey: It's similar to folks who used to have to work at a variety of different companies on very specific Linux kernel subsystems because everyone had to care because there were significant performance impacts. Time went on and now there's still a few of those people that very much need to care, but for the rest of us, it is below the level of things that we have to care about. For me, the signs of the unsustainability were, oh, you can run Kubernetes effectively in production? That's a minimum of a quarter-million dollars a year in comp or up in some cases. Not every company is going to be able to field a team of those people and still remain a going concern in business. Nor frankly, should they have to.Kelsey: I'm going to pull on that thread a little bit because it's about—we're hitting that ten-year mark of Kubernetes. So, when Kubernetes comes out, why were people drawn to it, right? Why did it even get the time of day to begin with? And I think Docker kind of opened Pandora's box there. This idea of Chef, Puppet, Ansible, ten thousand package managers, and honestly, that trajectory was going to continue forever and it was helping no one. It was literally people doing duplicate work depending on the operating system you're dealing with and we were wasting time copying bits to servers—literally—in a very glorified way.So, Docker comes along and gives us this nicer, better abstraction, but it has gaps. It has no orchestration. It's literally this thing where now we've unified the packaging situation, we've learned a lot from Red Hat, YUM, Debian, and the various package repo combinations out there and so we made this universal thing. Great. We also learned a little bit about orchestration through brute force, bash scripts, config management, you name it, and so we serialized that all into this thing we call Kubernetes.It's pretty simple on the surface, but it was probably never worthy of such fanfare, right? But I think a lot of people were relieved that now we finally commoditized this expertise that the Googles, the Facebooks of the world had, right, building these systems that can copy bits to other systems very fast. There you go. We've gotten that piece. But I think what the market actually wants is in the mobile space, if you want to ship software to 300 million people that you don't even know, you can do it with the app store.There's this appetite that the boring stuff should be easy. Let's Encrypt has made SSL certificates beyond easy. It's just so easy to do the right thing. And I think for this problem we call deployments—you know, shipping apps around—at some point we have to get to a point where that is just crazy easy. And it still isn't.So, I think some of the frustration people express ten years later, they're realizing that they're trying to recreate a Rube Goldberg machine with Kubernetes is the base element and we still haven't understood that this whole thing needs to simplify, not ten thousand new pieces so you can build your own adventure.Corey: It's the idea almost of what I'm seeing AWS go through, and to some extent, its large competitors. But building anything on top of AWS from scratch these days is still reminiscent of going to Home Depot—or any hardware store—and walking up and down the aisles and getting all the different components to piece together what you want. Sometimes just want to buy something from Target that's already assembled and you have to do all of that work. I'm not saying there isn't value to having a Home Depot down the street, but it's also not the panacea that solves for all use cases. An awful lot of customers just want to get the job done and I feel that if we cling too tightly to how things used to be, we lose it.Kelsey: I'm going to tell you, being in the cloud business for almost eight years, it's the customers that create this. Now, I'm not blaming the customer, but when you start dealing with thousands of customers with tons of money, you end up in a very different situation. You can have one customer willing to pay you a billion dollars a year and they will dictate things that apply to no one else. “We want this particular set of features that only we will use.” And for a billion bucks a year times ten years, it's probably worth from a business standpoint to add that feature.Now, do this times 500 customers, each major provider. What you end up with is a cloud console that is unbearable, right? Because they also want these things to be first-class citizens. There's always smaller companies trying to mimic larger peers in their segment that you just end up in that chaos machine of unbound features forever. I don't know how to stop it. Unless you really come out maybe more Apple style and you tell people, “This is the one and only true way to do things and if you don't like it, you have to go find an alternative.” The cloud business, I think, still deals with the, “If you have a large payment, we will build it.”Corey: I think that that is a perspective that is not appreciated until you've been in the position of watching how large enterprises really interact with each other. Because it's, “Well, what customer the world is asking for yet another way to run containers?” “Uh, this specific one and their constraints are valid.” Every time I think I've seen everything there is to see in the world of cloud, I just have to go talk to one more customer and I'm learning something new. It's inevitable.I just wish that there was a better way to explain some of this to newcomers, when they're looking at, “Oh, I'm going to learn how this cloud thing works. Oh, my stars, look at how many services there are.” And then they wind up getting lost with analysis paralysis, and every time they get started and ask someone for help, they're pushed in a completely different direction and you keep spinning your wheels getting told to start over time and time again when any of these things can be made to work. But getting there is often harder than it really should be.Kelsey: Yeah. I mean, I think a lot of people don't realize how far you can get with, like, three VMs, a load balancer, and Postgres. My guess is you can probably build pretty much any clone of any service we use today with at least 1 million customers. Most people never reached that level—I don't even want to say the word scale—but that blueprint is there and most people will probably be better served by that level of simplicity than trying to mimic the behaviors of large customers—or large companies—with these elaborate use cases. I don't think they understand the context there. A lot of that stuff is baggage. It's not [laugh] even, like, best-of-breed or great design. It's like happenstance from 20 years of trying to buy everything that's been sold to you.Corey: I agree with that idea wholeheartedly. I was surprising someone the other day when I said that if you were to give me a task of getting some random application up and running by tomorrow, I do a traditional three-tier architecture, some virtual machines, a load balancer, and a database service. And is that the way that all the cool kids are doing it today? Well, they're not talking about it, but mostly. But the point is, is that it's what I know, it's where my background is, and the thing you already know when you're trying to solve a new problem is incredibly helpful, rather than trying to learn everything along that new path that you're forging down. Is that architecture the best approach? No, but it's perfectly sufficient for an awful lot of stuff.Kelsey: Yeah. And so, I mean, look, I've benefited my whole career from people fantasizing about [laugh] infrastructure—Corey: [laugh].Kelsey: And the truth is that in 2023, this stuff is so powerful that you can do almost anything you want to do with the simplest architecture that's available to us. The three-tier architecture has actually gotten better over the years. I think people are forgotten: CPUs are faster, RAM is much bigger quantities, the networks are faster, right, these databases can store more data than ever. It's so good to learn the fundamentals, start there, and worst case, you have a sound architecture people can reason about, and then you can go jump into the deep end, once you learn how to swim.Corey: I think that people would be depressed to understand just how much the common case for the value that Kubernetes brings is, “Oh yeah, now we can lose a drive or a server and the application stays up.” It feels like it's a bit overkill for that one somewhat paltry use case, but that problem has been hounding companies for decades.Kelsey: Yeah, I think at some point, the whole ‘SSH is my only interface into these kinds of systems,' that's a little low level, that's a little bare bones, and there will probably be a feature now where we start to have this not Infrastructure as Code, not cloud where we put infrastructure behind APIs and you pay per use, but I think what Kubernetes hints at is a future where you have APIs that do something. Right now the APIs give you pieces so you can assemble things. In the future, the APIs will just do something, “Run this app. I need it to be available and here's my money budget, my security budget, and reliability budget.” And then that thing will say, “Okay, we know how to do that, and here's roughly what is going to cost.”And I think that's what people actually want because that's how requests actually come down from humans, right? We say, “We want this app or this game to be played by millions of people from Australia to New York.” And then for a person with experience, that means something. You kind of know what architecture you need for that, you know what pieces that need to go there. So, we're just moving into a realm where we're going to have APIs that do things all of a sudden.And so, Kubernetes is the warm-up to that era. And that's why I think that transition is a little rough because it leaks the pieces part, so where you can kind of build all the pieces that you want. But we know what's coming. Serverless also hints at this. But that's what people should be looking for: APIs that actually do something.Corey: This episode is sponsored in part by Panoptica.  Panoptica simplifies container deployment, monitoring, and security, protecting the entire application stack from build to runtime. Scalable across clusters and multi-cloud environments, Panoptica secures containers, serverless APIs, and Kubernetes with a unified view, reducing operational complexity and promoting collaboration by integrating with commonly used developer, SRE, and SecOps tools. Panoptica ensures compliance with regulatory mandates and CIS benchmarks for best practice conformity. Privacy teams can monitor API traffic and identify sensitive data, while identifying open-source components vulnerable to attacks that require patching. Proactively addressing security issues with Panoptica allows businesses to focus on mitigating critical risks and protecting their interests. Learn more about Panoptica today at panoptica.app.Corey: You started the show by talking about how your career began with translating COBOL into Python. I firmly believe someone starting their career today listening to this could absolutely find that by the time their career starts drawing to their own close, that Kubernetes is right in there as far as sounding like the deprecated thing that no one really talks about or thinks about anymore. And I hope so. I want the future to be brighter than the past. I want getting a business or getting software together in a way that helps people to not require the amount of, “First, spend six weeks at a boot camp,” or, “Learn how to write just enough code that you can wind up getting funding and then have it torn apart.”What's the drag-and-drop story? What's the describe the application to a robot and it builds it for you? I'm optimistic about the future of infrastructure, just because based upon its power to potentially make reliability and scale available to folks who have no idea of what's involved with that. That's kind of the point. That's the end game of having won this space.Kelsey: Well, you know what? Kubernetes is providing the metadata to make that possible, right? Like in the early days, people were writing one-off scripts or, you know, writing little for loops to get things in the right place. And then we get config management that kind of formalizes that, but it still had no metadata, right? You'd have things like Puppet report information.But in the world of, like, Kubernetes, or any cloud provider, now you get semantic meaning. “This app needs this volume with this much space with this much memory, I need three of these behind this load balancer with these protocols enabled.” There is now so much metadata about applications, their life cycles, and how they work that if you were to design a new system, you can actually use that data to craft a much better API that made a lot of this boilerplate the defaults. Oh, that's a web application. You do not need to specify all of this boilerplate. Now, we can give you much better nouns and verbs to describe what needs to happen.So, I think this is that transition as all the new people coming up, they're going to be dealing with semantic meaning to infrastructure, where we were dealing with, like, tribal knowledge and intuition, right? “Run this script, pipe it to this thing, and then this should happen. And if it doesn't, run the script again with this flag.” Versus, “Oh, here's the semantic meaning to a working system.” That's a game-changer.Corey: One other topic I wanted to ask you about—I've it's been on my list of things to bring up the next time I ran into you and then you went ahead and retired, making it harder to run into you. But a little while back, I was at a tech conference and someone gave a demo, and it didn't go as well as they had hoped. And a few of us were talking about it afterwards. We've all been speakers, we've all lived that life. Zero shade.But someone brought you up in particular—unprompted; your legend does precede you—and the phrase that they used was that Kelsey's demos were always picture-perfect. He was so lucky with how the demos worked out. And I just have to ask—because you don't strike me as someone who is not careful, particularly when all eyes are upon you—and real experts make things look easy, did you have demos periodically go wrong that the audience just didn't see going wrong along the way? Or did you just actually YOLO all of your demos and got super lucky every single time for the last eight years?Kelsey: There was a musician who said, “Hey, your demos are like jazz. You improvise the whole thing.” There's no script, there's no video. The way I look at the demo is, like, you got this instrument, the command prompt, and the web browser. You can do whatever you want with them.Now, I have working code. I wrote the code, I wrote the deployment scenarios, I delete it all and I put it all back. And so, I know how it's supposed to work from the ground up. And so, what that means is if anything goes wrong, I can improvise. I could go into fixing the code. I can go into doing a redeploy.And I'll give you one good example. The first time Kubernetes came out, there was this small meetup in San Francisco with just the core contributors, right? So, there is no community yet, there's no conference yet, just people hacking on Kubernetes. And so, we decided, we're going to have the first Kubernetes meetup. And everyone got, like, six, seven minutes, max. That's it. You got to move.And so, I was like, “Hey, I noticed that in the lineup, there is no ‘What is Kubernetes?' talk. We're just getting into these nuts and bolts and I don't think that's fair to the people that will be watching this for the first time.” And I said, “All right, Kelsey, you should give maybe an intro to what it is.” I was like, “You know what I'll do? I'm going to build a Kubernetes cluster from the ground up, starting with VMs on my laptop.”And I'm in it and I'm feeling confident. So, confidence is the part that makes it look good, right? Where you're confident in the commands you type. One thing I learned to do is just use your history, just hit the up arrow instead of trying to copy all these things out. So, you hit the up arrow, you find the right command and you talk through it and no one looks at what's happening. You're cycling through the history.Or you have multiple tabs where you know the next up arrow is the right history. So, you give yourself shortcuts. And so, I'm halfway through this demo. We got three minutes left, and it doesn't work. Like, VMware is doing something weird on my laptop and there's a guy calling me off stage, like, “Hey, that's it. Cut it now. You're done.”I'm like, “Oh, nope. Thou shalt not go out like this.” It's time to improvise. And so, I said, “Hey, who wants to see me finish this?” And now everyone is locked in. It's dead silent. And I blow the whole thing away. I bring up the VMs, I [pixie 00:28:20] boot, I installed the kubelet, I install Docker. And everyone's clapping. And it's up, it's going, and I say, “Now, if all of this works, we run this command and it should start running the app.” And I do kubectl apply-f and it comes up and the place goes crazy.And I had more to the demo. But you stop. You've gotten the point across, right? This is what Kubernetes is, here's how it works, and look how you do it from scratch. And I remember saying, “And that's the end of my presentation.” You need to know when to stop, you need to know when to pivot, and you need to have confidence that it's supposed to work, and if you've seen it work a couple of times, your confidence is unshaken.And when I walked off that stage, I remember someone from Red Hat was like—Clayton Coleman; that's his name—Clayton Coleman walked up to me and said, “You planned that. You planned it to fail just like that, so you can show people how to go from scratch all the way up. That was brilliant.” And I was like, “Sure. That's exactly what I did.”Corey: “Yeah, I meant to do that.” I like that approach. I found there's always things I have to plan for in demos. For example, I can never count on having solid WiFi from a conference hall. The show has to go on. It's, okay, the WiFi doesn't work. I've at one point had to give a talk where the projector just wasn't working to a bunch of students. So okay, close the laptop. We're turning this into a bunch of question-and-answer sessions, and it was one of the better talks I've ever given.But the alternative is getting stuck in how you think a talk absolutely needs to go. Now, keynotes are a little harder where everything has been scripted and choreographed and at that point, I've had multiple fallbacks for demos that I've had to switch between. And people never noticed I was doing it for that exact reason. But it takes work to look polished.Kelsey: I will tell you that the last Next keynote I gave was completely irresponsible. No dry runs, no rehearsals, no table reads, no speaker notes. And I think there were 30,000 people at that particular Next. And Diane Greene was still CEO, and I remember when marketing was like, “Yo, at least a backup recording.” I was like, “Nah, I don't have anything.”And that demo was extensive. I mean, I was building an app from scratch, starting with Postgres, adding the schema, building an app, deploying the app. And something went wrong halfway. And there's this joke that I came up with just to pass over the time, they gave me a new Chromebook to do the demo. And so, it's not mine, so none of the default settings were there, I was getting pop-ups all over the place.And I came up with this joke on the way to the conference. I was like, “You know what'd be cool? When I show off the serverless stuff, I would just copy the code from Stack Overflow. That'd be like a really cool joke to say this is what senior engineers do.” And I go to Stack Overflow and it's getting all of these pop-ups and my mouse couldn't highlight the text.So, I'm sitting there like a deer in headlights in front of all of these people and I'm looking down, and marketing is, like, “This is what… this is what we're talking about.” And so, I'm like, “Man do I have to end this thing here?” And I remember I kept trying, I kept trying, and came to me. Once the mouse finally got in there and I cleared up all the popups, I just came up with this joke. I said, “Good developers copy.” And I switched over to my terminal and I took the text from Stack Overflow and I said, “Great developers paste,” and the whole room start laughing.And I had them back. And we kept going and continued. And at the end, there was like this Google Assistant, and when it was finished, I said, “Thank you,” to the Google Assistant and it was talking back through the live system. And it said, “I got to admit, that was kind of dope.” So, I go to the back and Diane Greene walks back there—the CEO of Google Cloud—and she pats me on the shoulder. “Kelsey, that was dope.”But it was the thrill because I had as much thrill as the people watching it. So, in real-time, I was going through all these emotions. But I think people forget, the demo is supposed to convey something. The demo is supposed to tell some story. And I've seen people overdo their demos with way too much code, way too many commands, almost if they're trying to show off their expertise versus telling a story. And so, when I think about the demo, it has to complement the entire narrative. And so, sometimes you don't need as many commands, you don't need as much code. You can keep things simple and that gives you a lot more ins and outs in case something does go crazy.Corey: And I think the key takeaway here that so many people lose sight of is you have to know the material well enough that whatever happens, well, things don't always go the way I planned during the day, either, and talking through that is something that I think serves as a good example. It feels like a bit more of a challenge when you're trying to demo something that a company is trying to sell someone, “Oh, yeah, it didn't work. But that's okay.” But I'm still reminded by probably one of the best conference demo fails I've ever seen on video. One day, someone was attempting to do a talk that hit Amazon S3 and it didn't work.And the audience started shouting at him that yeah, S3 is down right now. Because that was the big day that S3 took a nap for four hours. It was one of those foundational things you'd should never stop to consider. Like, well, what if the internet doesn't work tomorrow when I'm doing my demo? That's a tough one to work around. But rough timing.Kelsey: [breathy sound]Corey: He nailed the rest of the talk, though. You keep going. That's the thing that people miss. They get stuck in the demo that isn't working, they expect the audience knows as much as they do about what's supposed to happen next. You're the one up there telling a story. People forget it's storytelling.Kelsey: Now, I will be remiss to say, I know that the demo gods have been on my side for, like, ten, maybe fifteen years solid. So, I retired from doing live demos. This is why I just don't do them anymore. I know I'm overdue as an understatement. But the thing I've learned though, is that what I found more impressive than the live demo is to be able to convey the same narratives through story alone. No slides. No demo. Nothing. But you can still make people feel where you would try to go with that live demo.And it's insanely hard, especially for technologies people have never seen before. But that's that new challenge that I kind of set up for myself. So, if you see me at a keynote and you've noticed why I've been choosing these fireside chats, it's mainly because I'm also trying to increase my ability to share narrative, technical concepts, but now in a new form. So, this new storytelling format through the fireside chat has been my substitute for the live demo, normally because I think sometimes, unless there's something really to show that people haven't seen before, the live demo isn't as powerful to me. Once the thing is kind of known… the live demo is kind of more of the same. So, I think they really work well when people literally have never seen the thing before, but outside of that, I think you can kind of move on to, like, real-life scenarios and narratives that help people understand the fundamentals and the philosophy behind the tech.Corey: An awful lot of tools and tech that we use on a day-to-day basis as well are thankfully optimized for the people using them and the ergonomics of going about your day. That is orthogonal, in my experience, to looking very impressive on stage. It's the rare company that can have a product that not only works well but also presents well. And that is something I don't tend to index on when I'm selecting a tool to do something with. So, it's always a question of how can I make this more visually entertaining? For while I got out of doing demos entirely, just because talking about things that have more staying power than a screenshot that is going to wind up being irrelevant the next week when they decide to redo the console for some service yet again.Kelsey: But you know what? That was my secret to doing software products and projects. When I was at CoreOS, we used to have these meetups we would used to do every two weeks or so. So, when we were building things like etcd, Fleet was a container management platform that came before Kubernetes, we would always run through them as a user, start install them, use them, and ask how does it feel? These command line flags, they don't feel right. This isn't a narrative you can present with the software alone.But once we could, then the meetups were that much more engaging. Like hey, have you ever tried to distribute configuration to, like, a thousand servers? It's insanely hard. Here's how you do with Puppet. But now I'm going to show you how you do with etcd. And then the narrative will kind of take care of itself because the tool was positioned behind what people would actually do with it versus what the tool could do by itself.Corey: I think that's the missing piece that most marketing doesn't seem to quite grasp is, they talk about the tool and how awesome it is, but that's why I love customer demos so much. They're showing us how they use a tool to solve a real-world problem. And honestly, from my snarky side of the world and the attendant perspective there, I can make an awful lot of fun about basically anything a company decides to show me, but put a customer on stage talking about how whatever they've built is solving a real-world problem for them, that's the point where I generally shut up and listen because I'm going to learn something about a real-world story. Because you don't generally get to tell customers to go on stage and just make up a story that makes us sound good, and have it come off with any sense of reality whatsoever. I haven't seen that one happen yet, but I'm sure it's out there somewhere.Kelsey: I don't know how many founders or people building companies listen in to your podcast, but this is right now, I think the number one problem that especially venture-backed startups have. They tend to have great technology—maybe it's based off some open-source project—with tons of users who just know how that tool works, it's just an ingredient into what they're already trying to do. But that isn't going to ever be your entire customer base. Soon, you'll deal with customers who don't understand the thing you have and they need more than technology, right? They need a product.And most of these companies struggle painting that picture. Here's what you can do with it. Or here's what you can't do now, but you will be able to do if you were to use this. And since they are missing that, a lot of these companies, they produce a lot of code, they ship a lot of open-source stuff, they raise a lot of capital, and then it just goes away, it fades out over time because they can bring on no newcomers. The people who need help the most, they don't have a narrative for them, and so therefore, they're just hoping that the people who have all the skills in the world, the early adopters, but unfortunately, those people are tend to be the ones that don't actually pay. They just kind of do it themselves. It's the people who need the most help.Corey: How do we monetize the bleeding edge of adoption? In many cases you don't. They become your community if you don't hug them to death first.Kelsey: Exactly.Corey: Ugh. None of this is easy. I really want to thank you for taking the time to catch up and talk about how you seen the remains of a career well spent, and now you're going off into that glorious sunset. But I have a sneaking suspicion you'll still be around. Where should people go if they want to follow up on what you're up to these days?Kelsey: Right now I still use… I'm going to keep calling it Twitter.Corey: I agree.Kelsey: I kind of use that for my real-time interactions. And I'm still attending conferences, doing fireside chats, and just meeting people on those conference floors. But that's what where I'll be for now. So yeah, I'll still be around, but maybe not as deep. And I'll be spending more time just doing normal life stuff, maybe less building software.Corey: And we will, of course, put a link to that in the show notes. Thank you so much for taking the time to catch up and share your reflections on how the industry is progressing.Kelsey: Awesome. Thanks for having me, Corey.Corey: Kelsey Hightower, now gloriously retired. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with an angry comment that you're going to type on stage as part of a conference talk, and then accidentally typo all over yourself while you're doing it.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.

Welcome to episode 224 of The CloudPod Podcast - where the forecast is always cloudy! This week, your hosts Justin, Jonathan, and Ryan discuss some major changes at Terraform, including switching from open source to a BSL License. Additionally, we cover updates to Amazon S3, goodies from Storage Day, and Google Gemini vs. Open AI.  Titles we almost went with this week: None! This week's title was ✨chef's kiss✨ A big thanks to this week's sponsor: Foghorn Consulting provides top-notch cloud and DevOps engineers to the world's most innovative companies. Initiatives stalled because you have trouble hiring?  Foghorn can be burning down your DevOps and Cloud backlogs as soon as next week.