Podcasts about aws s3

Disaster recovery is no longer just about backups. It is about resiliency, recovery speed, cyber readiness, and operational flexibility.In this episode of Nutanix Weekly, Phil Sellers is joined by Andy Greene and Chris Calhoun from XenTegra to break down Nutanix Multi-Cloud Snapshot Technology (MST) and how organizations are using it to modernize disaster recovery without overspending on infrastructure.The conversation explores how MST enables organizations to replicate snapshots to S3-compatible storage providers like AWS S3, Azure Blob Storage, Google Cloud, Wasabi, Backblaze, and Nutanix Objects to improve resiliency, optimize storage costs, and simplify long-term retention.The team also discusses:Nutanix Instant Restore in NCI 7.5.1Faster VM recovery and improved availabilityRansomware and clean room recovery strategiesPilot light vs. zero compute DR modelsHybrid cloud resiliencyLong-term snapshot retentionBalancing recovery objectives with budget realitiesWhether you are building a modern DR strategy or evaluating new approaches to cyber resilience, this episode provides practical insight into how Nutanix MST helps organizations stay available when it matters most.

In this episode of the Crazy Wisdom Podcast, host Stewart Alsop sits down with Tyler Cloutier, founder of Clockwork Labs and creator of SpaceTimeDB. They explore how SpaceTimeDB functions as more than just a database—it's essentially a distributed operating system that merges server logic with data storage, enabling real-time applications and time-travel capabilities. The conversation ranges from the technical architecture of databases and operating systems to the philosophy of distributed systems, touching on everything from Unix and Linux to how SpaceTimeDB could revolutionize AI-generated software deployment. Tyler explains how their system reduces the complexity of building real-time applications, makes deployment simpler for both humans and AI agents, and why games like their MMORPG BitCraft Online drove them to create this new infrastructure. They also discuss the future of the internet, the role of bots in gaming, and how SpaceTimeDB fits into the broader landscape of cloud computing alongside tools like Cloudflare, Vercel, and Docker. For more information, visit spacetimedb.com or check out Clockwork Labs on GitHub and Twitter.Timestamps00:00 Stewart introduces Tyler Cloutier, founder of Clockwork Labs, discussing the origin of SpaceTimeDB's name inspired by Einstein's theory and its time travel capabilities that store all operations indefinitely05:00 Tyler explains SpaceTimeDB as more of an operating system than a database, using tables instead of file systems while running code in a sandboxed environment with full atomic properties10:00 Discussion of how SpaceTimeDB replaces both Node.js and Postgres by merging web server and database functionality, eliminating separate deployment concerns15:00 Tyler explains JavaScript execution through Chrome's V8 engine and JIT compiling, leading to Node.js creation for server-side JavaScript development20:00 Explanation of stateless web servers versus stateful game servers, and why games require in-memory state management for real-time performance25:00 Tyler introduces reducers and real-time subscriptions, questioning why more applications aren't real-time when state changes should update immediately30:00 Discussion of Facebook as essentially a text-based MMO, comparing social media architecture to game server requirements and the need for unified systems35:00 Tyler explains ACID properties in databases: atomic, consistent, isolated, and durable, using game item trading examples40:00 Comparing SpaceTimeDB to smart contract systems without cryptocurrency or global consensus, positioning it as a smart database with centralized trust45:00 Tyler reveals SpaceTimeDB uses 43% fewer tokens than Postgres for AI-generated applications, making it valuable for vibe coding platforms50:00 Conversation shifts to bots in games and proof-of-human concepts, with Tyler proposing biometric systems and discussing potential in-person gaming applications55:00 Closing discussion about tracking AI-driven traffic through UTM parameters and finding SpaceTimeDB at spacetimedb.comKey Insights1. SpaceTimeDB is fundamentally a database that runs application code directly inside it, combining what traditionally required separate systems like Postgres and Node.js. Users compile their application logic into WebAssembly or JavaScript and upload it to run within the database itself. This architecture provides high performance because the entire server backend operates inside the database environment. The system also features time travel capabilities, storing every operation and change to data persistently and indefinitely, allowing users to set application state back to any earlier point in time. This makes SpaceTimeDB more accurately described as an operating system rather than just a database, where the abstraction is that everything is a table rather than a file.2. The inspiration for SpaceTimeDB came from building BitCraft Online, an MMORPG where all players exist in a single persistent world and rebuild civilization together. Traditional MMO backends required complex custom solutions to handle real-time state, with game servers storing state in memory and periodically writing to databases. This complexity existed because games cannot afford the latency of constantly delegating to distant databases like traditional web applications can. SpaceTimeDB solved this by making the database fast enough to handle real-time requirements directly, eliminating the need for separate game servers. This same performance advantage that benefits games also applies to web applications, which is why SpaceTimeDB evolved from a game-specific tool to a general-purpose platform.3. SpaceTimeDB functions as a distributed operating system where each database acts like a process in an actor model system, similar to Erlang or Scala Akka. Databases can send messages to other databases and be spawned across a cluster for horizontal scaling. This represents an overlay operating system running on top of Linux rather than competing with it, providing a distributed abstraction across many machines while Linux handles device drivers and hardware support. The vision is for the cloud to function as a single enormous computer running one operating system, where developers simply publish their programs without managing separate services, deployment, routing, networking, or persistence infrastructure.4. The real-time capabilities of SpaceTimeDB address a fundamental limitation in how most web applications work today. Traditional web servers are stateless, delegating all state to databases and accepting network round-trip latency for each request, which is why users often must refresh pages to see updates. SpaceTimeDB allows queries to be subscribed to, maintaining open connections that stream changes whenever query results update. This makes applications like Discord, Facebook, or banking systems naturally real-time without requiring page refreshes. The historical accident that more things are not real-time represents a problem SpaceTimeDB solves by unifying the web world with the game world's real-time requirements.5. SpaceTimeDB implements ACID properties—Atomic, Consistent, Isolated, and Durable—ensuring database operations are reliable and safe. Atomic means operations either fully happen or not at all, preventing issues like item duplication in games when trading between players. Consistent means declared invariants like unique usernames are always enforced. Isolated means concurrent operations do not interfere with each other. Durable means changes persist even if computers restart, with varying levels from in-memory on one machine to disk storage across multiple geographic locations. These properties are managed through reducers, functions inspired by React Redux that fold changes into application state incrementally.6. For AI and large language models, SpaceTimeDB offers significant advantages in building and deploying applications. Testing showed that creating applications with SpaceTimeDB uses 43% fewer tokens compared to Postgres implementations, costs less, has fewer bugs, and is easier to extend. This matters because the primary cost for vibe coding platforms is tokens. As more software gets written in the next twelve months than ever before, there is insufficient focus on infrastructure required to run all this AI-generated software. SpaceTimeDB positions itself as ideal for LLMs to target because of its simplified deployment model where developers just publish code and the system handles everything behind the scenes.7. SpaceTimeDB can be understood as a smart contract system without cryptocurrency or global decentralized consensus. Like blockchain smart contracts, it executes code with atomic, consistent, isolated, and durable properties, but avoids the expense and slowness of requiring all computers worldwide to agree on everything. Instead, it offers centralized trust where users trust Clockwork Labs not to modify deployed contracts, rather than the trustless but extremely costly blockchain approach. This makes it functionally similar to Cloudflare's durable objects but with full relational database capabilities. The system exists before the networking layer where Cloudflare operates, handling deployment, server, and database functions while Cloudflare could provide DDoS protection in front of it.

In this episode, Garima Kapoor, co-founder and co-CEO of Min.io, shares insights into how storage infrastructure is evolving in response to AI, cloud, and enterprise needs. She offers a clear view of the market dynamics, innovative trends, and the strategic role of open-source technology in shaping the future.Key topics:The origins and motivation behind Min.io's developmentHow data growth influences storage strategies and the shift toward hybrid and private cloudsThe impact of AI on storage infrastructure and workloadsCompetitive landscape with giants like AWS, Azure, GCP, and the rise of Neo CloudsThe importance of open standards for application portability and data gravityEvolving customer adoption: from open source developer community to enterprise salesThe role of AI in accelerating product development, coding, and organizational decision-makingHow AI's rapid evolution is shifting the fundamentals of skills and fundamentals for engineersFuture market opportunities: exponential growth in storage needs driven by AI and IoTTimestamps:00:00 - Introduction to Garima Kapoor and Min.io00:31 - Motivation behind starting Min.io & market needs for object storage01:07 - The founding story and personal drivers for creating Min.io02:13 - Data growth drivers and the importance of data proximity over cloud location03:05 - Business landscape: cloud vs. on-premises and hybrid environments04:01 - Data migration challenges and promoting application portability06:10 - Early product-market fit through open source and developer community growth07:19 - Enterprise adoption journey from open source to cloud-native architecture08:17 - Customer acquisition strategies blending bottom-up developer growth and enterprise sales09:27 - Competing with Amazon, Microsoft, Google in the cloud storage space11:33 - Impact of AI on storage: demand, infrastructure evolution, and market timing12:51 - Min.io's advantage in AI workloads due to cloud-native architecture13:21 - Penetration of AI in storage: training, inferencing, and data utilization15:01 - AI for enterprise applications: storage, models, and data lakes16:26 - Neo Clouds and their role in GPU-optimized storage architectures18:58 - The increasing demand for object storage driven by AI and data creation21:02 - The effect of AI coding tools on product development speed and engineering skills23:36 - Internal AI-driven solutions for operational efficiency24:44 - The role of AI in reducing reliance on SaaS tools and infrastructure security27:22 - Managing costs and building for the future in AI investment and storage29:01 - The opportunity cost of tokens and AI-driven productivity gains31:00 - Skills for early engineers in an AI-enabled future33:32 - Min.io's next steps and market expansion plans34:36 - The paradigm shift: every business becoming AI and data-driven by 2026Resources & Links:Connect with Garima Kapoor:⁠Min.io Official Website⁠⁠Garima Kapoor - LinkedIn⁠⁠OpenAI⁠⁠NVIDIA GDC Announcements on Object Storage⁠⁠Nataraj's previous interview on startup infrastructure⁠⁠LinkedIn⁠⁠Twitter⁠

Claude Code слили, Trivy взломали дважды, а LiteLLM воровал пароли - неделя, когда supply chain показал себя во всей красе.  О ЧЕМ ВЫПУСК Вернулись к формату новостей! Впервые собираем их через нашего Telegram-бота - присылайте свои через @dkt_news_bot. В этом выпуске: - Claude Code: утечка source map, 500K строк TypeScript, модель Капибара и тамагочи-бадди в исходниках - Anthropic DMCA: забанили 8000+ репозиториев, CloCode набрал 100K звезд за 24 часа - Ingress NGINX уходит на пенсию: разбираем Ingress2Gateway 1.0 для миграции на Gateway API - Trivy: сканер безопасности сам стал малварью через supply chain. Дважды - LiteLLM: credential stealer в PyPI пакетах v1.82.7/1.82.8 - AWS S3: региональные namespaces - предсказуемые имена бакетов - Нужна ли AI-агентам своя Jira? Практический вывод: Level 0 - никогда не ставь latest. Level 1 - пинни SHA-256 хеши и проверяй подписи контейнеров. ССЫЛКИ Поддержать наш подкаст:   - Patreon - https://www.patreon.com/c/devopskitchentalks   - Boosty - https://boosty.to/devopskitchentalks Присылайте новости через бота: @dkt_news_bot Все новости выпуска (ссылки, тезисы): https://dkt-ai.github.io/episodes-news/episodes/episode-92-ru Упомянутые ресурсы:   - Ingress2Gateway 1.0 - https://kubernetes.io/blog/2026/03/20/ingress2gateway-1-0-release/   - Trivy breach - https://www.bleepingcomputer.com/news/security/trivy-vulnerability-scanner-breach-pushed-infostealer-via-github-actions/   - LiteLLM security update - https://docs.litellm.ai/blog/security-update-march-2026   - AWS S3 Regional Namespaces - https://aws.amazon.com/blogs/aws/introducing-account-regional-namespaces-for-amazon-s3-general-purpose-buckets/ ПОДКАСТ YouTube - www.youtube.com/@DevOpsKitchenTalks Apple Podcasts - https://apple.co/41O6mqA Spotify - https://t.ly/Jg5_2 Yandex Music - https://music.yandex.ru/album/10151746 PodBean - https://devopskitchentalks.podbean.com НАВИГАЦИЯ 00:00:00 - Введение: почти сотый выпуск и новый формат 00:03:50 - DKT News Bot: присылайте новости через Telegram 00:06:41 - Claude Code слили: source map утечка и что нашли 00:14:35 - Этика AI: Claude прикидывается человеком в PR 00:17:26 - Модель Капибара и тамагочи-бадди в исходниках 00:19:20 - DMCA и CloCode: Anthropic банит 8000+ репозиториев 00:30:08 - Ingress NGINX уходит: миграция через Ingress2Gateway 1.0 00:45:24 - Trivy: сканер безопасности сам стал малварью 00:55:54 - LiteLLM: credential stealer в PyPI пакетах 01:00:10 - AWS S3: региональные namespaces для бакетов 01:04:25 - Нужна ли AI-агентам своя Jira 01:15:17 - Экономика AI: подписки vs программисты 01:25:45 - Итоги и рекомендации по безопасности ПОДПИСЫВАЙТЕСЬ Telegram - https://t.me/DevOpsKitchenTalks Instagram - https://www.instagram.com/devopskitchentalks/ #DevOps #SupplyChain #Security #Kubernetes #ClaudeCode #Trivy #DKT

Running Oracle Database@AWS is most effective when you have full visibility and control over your environment.   In this episode, hosts Lois Houston and Nikita Abraham are joined by Rashmi Panda, who explains how to monitor performance, track key metrics, and catch issues before they become problems. Later, Samvit Mishra shares key best practices for securing, optimizing, and maintaining a resilient Oracle Database@AWS deployment.   Oracle Database@AWS Architect Professional: https://mylearn.oracle.com/ou/course/oracle-databaseaws-architect-professional/155574 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu   Special thanks to Arijit Ghosh, Anna Hulkower, Kris-Ann Nansen, Radhika Banka, and the OU Studio Team for helping us create this episode. ------------------------------------------------------ Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:26 Nikita: Welcome to the Oracle University Podcast! I'm Nikita Abraham, Team Lead: Editorial Services with Oracle University, and with me is Lois Houston, Director of Communications and Adoption with Customer Success Services  Lois: Hello again! Last week's discussion was all about how Oracle Database@AWS stays secure and available. Today, we're joined by two experts from Oracle University. First, we'll hear from Rashmi Panda, Senior Principal Database Instructor, who will tell you how to monitor and log Oracle Database@AWS so your environment stays healthy and reliable. Nikita: And then we're bringing in Samvit Mishra, Senior Manager, CSS OU Cloud Delivery, who will break down the best practices that help you secure and strengthen your Oracle Database@AWS deployment. Let's start with you, Rashmi. Is there a service that allows you to monitor the different AWS resources in real time? Rashmi: Amazon CloudWatch is the cloud-native AWS monitoring service that can monitor the different AWS resources in real time. It allows you to collect the resource metrics and create customized dashboards, and even take action when certain criteria is met. Integration of Oracle Database@AWS with Amazon CloudWatch enables monitoring the metrics of the different database resources that are provisioned in Oracle Database@AWS. Amazon CloudWatch collects raw data and processes it to produce near real-time metrics data. Metrics collected for the resources are retained for 15 months. This facilitates analyzing the historical data to understand and compare the performance, trends, and utilization of the database service resources at different time intervals. You can set up alarms that continuously monitor the resource metrics for breach of user-defined thresholds and configure alert notification or take automated action in response to that metric threshold being reached. 02:19 Lois: What monitoring features stand out the most in Amazon CloudWatch? Rashmi: With Amazon CloudWatch, you can monitor Exadata VM Cluster, container database, and Autonomous database resources in Oracle Database@AWS. Oracle Database@AWS reports metrics data specific to the resource in AWS/ODB namespace of Amazon CloudWatch. Metrics can be collected only when the database resource is an available state in Oracle Database@AWS. Each of the resource types have their own metrics defined in AWS/ODB namespace, for which the metrics data get collected.  02:54 Nikita: Rashmi, can you take us through a few metrics? Rashmi: At Exadata database VM Cluster, there is CPU utilization, memory utilization, swap space storage file system utilization metric. Then there is load average on the server, what is the node status, and the number of allocated CPUs, et cetera. Then for container database, there is CPU utilization, storage utilization, block changes, parse count, execute count, user calls, which are important elements that can provide metrics data on database load. And for Autonomous Database metrics data include DB time, CPU utilization, logins, IOPS and IO throughput, RedoSize, parse, execute, transaction count, and few others. 03:32 Nikita: Once you've collected these metrics and analyzed database performance, what tools or services can you use to automate responses or handle specific events in your Oracle Database@AWS environment? Rashmi: Then there is Amazon EventBridge, which can monitor events from AWS services and respond automatically with certain actions that may be defined. You can monitor events from Oracle Database@AWS in EventBridge, which sends events data continuously to EventBridge at real time. Eventbridge forwards these events data to target AWS Lambda and Amazon Simple Notification Service to perform any actions on occurrence of certain events. Oracle Database@AWS events are structured messages that indicate changes in the life cycle of the database service resource. Eventbridge can filter events based on your defined rules, process them, and deliver to one or more targets. Event Bus is the router that receives the events, optionally transform them, and then delivers the events to the targets. Events from Oracle Database@AWS can be generated by two means: they can be generated from Oracle Database@AWS in AWS, and they can also be generated directly from OCI and received by EventBridge in AWS. You can monitor Exadata Database and Autonomous Database resource events. Ensure that the Exadata infrastructure status is an available state. You can configure how the events are handled for these resources. You can define rules in EventBridge to filter the events of interest and the target, who is going to receive and process those events. You can filter events based on a pattern depending on the event type, and apply this pattern using Amazon EventBridge put-rule API, with the default event bus to route only those matching events to targets. 05:13 Lois: And what about events that AWS itself generates? Rashmi: Events that are generated in AWS for the Oracle Database@AWS resources are delivered to the default event bus of your AWS account. These events that are generated in AWS for Oracle Database@AWS resources include lifecycle changes of the ODB network. The different network events are successful creation or failure of the creation of the ODB network, and successful deletion or failure in deletion of the ODB network. When you subscribe to Oracle Database@AWS, then an event bus with prefix aws.partner/odb is created in your AWS account. All events generated in OCI for the Oracle Database@AWS resources are then received in this event bus. When you are creating filter pattern using Amazon EventBridge put-rule API, you must set the event bus name to this event bus. Make sure you do not delete this event bus. Events generated in OCI and received into event bus are extensive. They include events of Oracle Exadata infrastructure, VM Cluster, container, and pluggable databases. 06:14 Lois: If you want to look back at what's happened in your environment, like who made the changes or accessed resources, what's the best AWS service for logging and auditing all that activity? Rashmi: Amazon CloudTrail is a logging service in AWS that records the different actions taken by a user or roles, or an AWS service. Oracle Database@AWS is integrated with Amazon Cloud Trail. This enables logging of all the different events on Oracle Database@AWS resources.  Amazon Cloud Trail captures all the API calls to Oracle Database@AWS as events. These API calls include calls from the Oracle Database@AWS console, and code calls to Oracle Database@AWS API operations. These log files are delivered to Amazon S3 bucket that you specify. These logs determine the identity of the caller who made the call request to Oracle Database@AWS, their IP from which the call originated, the time of the call, and some additional details.  CloudTrail event history stores immutable record of the past 90 days of management events in an AWS region. You can view, search, and download these records from CloudTrail Event History. You can access CloudTrail when you create an AWS account that automatically gives you the access to CloudTrail. Event history. If you would like to retain the logs for a longer period of time beyond 90 days, you can create CloudTrail trails or CloudTrail Lake event data store.  Management events in AWS provide information about management operations that are performed on the resources in your AWS account. Management operations are also called control plane operations. Thus, the control plane operations in Oracle Database@AWS are logged as management events in CloudTrail logs.  07:59 Are you a MyLearn subscriber? If so, you're automatically a member of the Oracle University Learning Community! Join millions of learners, attend exclusive live events, and connect directly with Oracle subject matter experts. Enjoy the latest news, join challenges, and share your ideas. Don't miss out! Become an active member today by visiting mylearn.oracle.com. 08:25 Nikita: Welcome back! Samvit, let's talk best practices. What should teams keep in mind when they're setting up and securing their Oracle Database@AWS environment?  Samvit: Use IAM roles and policies with least privilege to manage Oracle Database@AWS resources. This ensures only authorized users can provision or modify DB resources, reducing the risk of accidental or malicious changes.  Oracle Data Safe monitors database activity, user risk, and sensitive data, while AWS CloudTrail records all AWS API calls. Together, they give full visibility across the database and cloud layers. Autonomous Database supports Oracle Database Vault for enforcing separation of duties. Exadata Database Service can integrate with Audit Vault and Database Firewall to prevent privileged users from bypassing security controls. Enable multifactor authentication for AWS IAM users managing Oracle Database@AWS. This adds a strong second layer of protection against stolen credentials.  Always deploy your Oracle Database@AWS in private subnets without public IPs. Use AWS security groups and NACLs to strictly limit inbound and outbound traffic, allowing access only from trusted applications. Exadata Database Service supports integration with Oracle Vault for key lifecycle management. And in case of Autonomous Database, the transparent data encryption keys are automatically managed. But you can bring your own keys with OCI Vault. Key rotation ensures compliance and reduces risk of key compromise. Oracle Database@AWS enforces encrypted connections by default. Ensure clients connect with TLS 1.2 or 1.3 to protect data in transit from interception or tampering.  Use Oracle Data Safe's user assessment features to detect dormant users or excessive privileges. Disable unused accounts and rightsize permissions to reduce insider threats and security gap. Export database audit logs to Oracle Data Safe Audit Vault or AWS S3 with object lock for immutability. This prevents lock tampering and ensures audit evidence is preserved for compliance.  11:25 Lois: OK, that covers security. Do you have any tips for making sure your Oracle Database@AWS setup is reliable and resilient? Samvit: Start with clear recovery objectives. Define how much downtime and data loss each workload can tolerate. These targets drive your HADR architecture and backup strategy.  Implement business continuity measures to deliver maximum uptime for your databases. As a best practice, you must configure disaster recovery environment for your critical databases so that, in the event of any disaster affecting the primary database, applications can be immediately failed over to the DR environment, ensuring least application downtime and zero or minimal data loss. With Oracle Database@AWS, you can automate the creation and management of DR environment for your database services using different deployment capabilities. You can opt to configure either cross-availability zone DR in the same region or configure cross-region DR. Since cross-availability zone can only provide site failure protection, you must also configure a cross-region DR to protect against regional failure. A DR plan is only effective if tested. Regular failover and switchover drills validate that people, processes, and systems can recover as designed.  For Exadata Database, Autonomous Recovery Service provides automated backup validation, recovery guarantees, and protection against accidental data loss or corruption.  Oracle-managed backups are fully managed by OCI. When you create your Oracle Exadata Database, you can enable automatic backups by choosing Enable Automatic Backups in the OCI Console. When you do that, you can select Amazon S3 or OCI Object Storage or Autonomous Recovery Service as the backup destination. Don't just take backups. You also need to test them. Regularly restore backups into non-production environment to validate integrity and recovery time.  Plan beyond just the database. Map application and middleware dependencies to ensure end-to-end business resilience. A database failover is useless if dependent apps can't reconnect. 14:09 Nikita: Another area of interest is performance and cost. What practices help teams balance the two? Samvit: Autonomous Database automatically scales CPU and storage as workloads grow. This ensures performance during peaks while avoiding overprovisioning. So you should enable ADB auto-scaling.  Monitor CPU, memory, and IO metrics with AWS CloudWatch to rightsize your compute. Scale up or down based on actual utilization instead of static provisioning. Autonomous databases continuously evaluate and creates indexes automatically. This improves query performance without requiring manual tuning.  Use connection pooling in your applications to optimize database connections. Minimizing round-trip reduces latency and improves throughput. Apply AWS tags to database and related resources for cost allocation and chargeback. Tagging also helps with governance and cost visibility.  Choose between bring your own license and license-included models for Oracle Database@AWS. The right model depends on your existing license portfolio and cost strategy. Not all workloads need long backup retention. Adjust retention policies based on business needs to balance compliance with storage costs.  Exadata Database supports Oracle multitenant with pluggable databases. Consolidating databases reduces infrastructure footprint and licensing costs. Performance tuning isn't just technical. Align metrics with business KPIs. correlating DB performance to user experience and revenue impact helps prioritize optimizations.  16:20 Lois: Before we wrap up, Samvit, let's look at operational efficiency. What advice do you have for making day-to-day operations more efficient? Samvit: Use infrastructure as code tools like Terraform or AWS CloudFormation to automate provisioning. This ensures consistent, repeatable deployments with minimal manual errors.  For Autonomous Database, enable auto-start/stop to optimize costs by running databases only when needed. This is ideal for dev test or seasonal workloads. Exadata Database Service provides fleet maintenance to patch multiple systems consistently. This reduces downtime and simplifies lifecycle management.  Integrate AWS CloudWatch for performance monitoring and EventBridge for event-driven automation. This helps detect issues early and trigger automated workflows. Oracle Data Safe provides ready-to-use audit and compliance reports. Use these to streamline governance and reduce the effort of manual compliance tracking.  For Autonomous databases, Performance Hub simplifies monitoring while Exadata users benefit from AWR and ASH reports. Together, they give deep insights into performance trends. Automated tagging policies and change management workflows help maintain governance. They ensure resources are tracked properly and changes are auditable.  Monitor storage consumption and growth patterns using AWS CloudWatch and the ADB Console. Proactive tracking helps avoid capacity issues and unexpected costs. Send CloudTrail logs into EventBridge to trigger automated incident responses. This shortens response time and builds operational resilience.  18:36 Nikita: Samvit and Rashmi, thanks for spending time with us today. Your insights always help bring the bigger picture into focus. Lois: They definitely do. And if you'd like to go deeper into everything we covered, head over to mylearn.oracle.com and look up the Oracle Database@AWS Architect Professional course. Until next time, this is Lois Houston… Nikita: And Nikita Abraham, signing off! 19:03 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.

Проверяем знания кандидата на позицию Senior DevOps инженера в прямом эфире. В этом выпуске: архитектурные паттерны в AWS, вечный спор Terraform против CloudFormation, глубокое погружение в Kubernetes (Karpenter, скейлинг) и Live-траблшутинг сломанного Helm-чарта. О ЧЁМ ВЫПУСК: • Архитектура и облака: Как выбрать между EKS и ECS/Fargate и настроить безопасное хранение бэкапов в S3.  • IaC войны: Честное сравнение Terraform и CloudFormation — где заканчивается удобство и начинается боль.  • Kubernetes под капотом: Разбираем Control Plane, работу контроллеров и нюансы обновления on-prem кластеров.  • Live Debug: Реальная задача по починке упавшего пода (CrashLoopBackOff) — работа с пробами, портами и Helm.  • CI/CD стратегии: Строим идеальный пайплайн с GitHub Actions и ArgoCD. ГОСТЬ: Максим — DevOps-инженер (5 лет опыта DevOps, 10 лет SysAdmin). Стек: AWS, Terraform, Kubernetes, Ansible, Monitoring. ССЫЛКИ

All links and images can be found on CISO Series. This week's episode is co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Mark Eggleston, CISO, CSC. In this episode: Breaking trust to test it Technical controls over testing The measurement imperative Fire drills, not gotchas Huge thanks to our sponsor, Scanner All your security logs end up in cloud storage like AWS S3. Scanner makes them searchable in seconds and runs real-time detections directly on that data. No pipelines, no re-ingestion. 100x faster than traditional data lakes, 10x cheaper than SIEMs. Loved by analysts. Built for AI agents. Learn more at scanner.dev.

All links and images can be found on CISO Series. This week's episode is co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Cliff Crosland, co-founder and CEO, Scanner.dev. In this episode: Earning autonomy gradually The blast radius question The reality check Today's value, tomorrow's evolution Huge thanks to our sponsor, Scanner All your security logs end up in cloud storage like AWS S3. Scanner makes them searchable in seconds and runs real-time detections directly on that data. No pipelines, no re-ingestion. 100x faster than traditional data lakes, 10x cheaper than SIEMs. Loved by analysts. Built for AI agents. Learn more at scanner.dev.

All links and images can be found on CISO Series. Check out this post by Dr. Chase Cunningham, CSO at Demo-Force, for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Brett Conlon, CISO, American Century Investments. In this episode: The experience paradox Who benefits from the narrative Kitchen sink job postings The aggregation problem Huge thanks to our sponsor, Scanner All your security logs end up in cloud storage like AWS S3. Scanner makes them searchable in seconds and runs real-time detections directly on that data. No pipelines, no re-ingestion. 100x faster than traditional data lakes, 10x cheaper than SIEMs. Loved by analysts. Built for AI agents. Learn more at scanner.dev  

There are such significant changes going on in how data is managed and in how AI manages data, that it's not always clear which requirements are driving which trends. Jim Curtis returns to look data highlights from AWS re:Invent and to identify important changes that are taking place. FinOps and broader cloud cost management efforts are leading providers to offer tools and programs to corral spending. AWS has introduced database savings plans to provide discounts in much the same way they've done with other services as they look to foster platform commitment. AWS is also expanding its platform capabilities for AI development, with AWS SageMaker integrating additional tools to simplify the creation and deployment of AI solutions. The intersection of databases, cloud computing, and artificial intelligence is creating more focus on vectorization. It's fueled the evolution of search capabilities, which offers a more semantically rich and efficient way to organize and retrieve data compared to traditional methods. AWS S3 now has vector support, taking the venerable object store into AI-capable territory. AI is revitalizing established technologies and compelling cloud providers to deliver more integrated and tailored services.   More S&P Global Content: Next in Tech Episode 250: The Agentic Enterprise Next in Tech Episode 224: Context around MCP   For S&P Global subscribers: 2026 Trends in Data, AI & Analytics Data Platforms Market Monitor & Forecast 2025 Survey Data Hub – Voice of the Enterprise: AI & Machine Learning, Use Cases 2026 Agents are already driving workplace impact and agentic AI adoption – Highlights   Credits: Host/Author: Eric Hanselman  Guest: James Curtis Producer/Editor: Feranmi Adeoshun Published With Assistance From: Sophie Carr, Kyra Smith  

Data as a Product: Was steckt dahinter?Warum ist AI überall, aber der Weg von der Datenbank zu "Wow, das Modell kann das" wirkt oft wie ein schwarzes Loch? Du loggst brav Events, die Daten landen in irgendwelchen Silos, und trotzdem bleibt die entscheidende Frage offen: Wer sorgt eigentlich dafür, dass aus Rohdaten ein zuverlässiges, verkaufbares Datenprodukt wird.In dieser Episode machen wir genau dort das Licht an. Gemeinsam mit Mario Müller, Director of Data Engineering bei Veeva Systems, schauen wir uns an, was Datenteams wirklich sind, wie "Data as a Product" in der Praxis funktioniert und warum Data Engineering mehr ist als nur ein paar CSVs über FTP zu schubsen. Wir sprechen über Teamstrukturen von der One-Man-Show bis zur cross-functional Squad, über Ownership auf den Daten, Data Governance und darüber, wie du Datenqualität wirklich misst, inklusive Monitoring, Alerts, SQL-Regeln und menschlicher Quality Control.Dazu gibt es eine ordentliche Portion Tech: Spark, AWS S3 als primärer Speicher, Delta Lake, Athena, Glue, Airflow, Push-Pull statt Event-Overkill und die Entscheidung für Batch Processing, obwohl alle Welt nach Streaming ruft.Und natürlich klären wir auch, was passiert, wenn KI an den Daten rumfummelt: Wo AI beim Bootstrapping hilft, warum Production und Scale tricky werden und wieso Verantwortlichkeit beim Commit nicht von einem LLM übernommen wird.Wenn du Datenteams aufbauen willst, Data Products liefern musst oder einfach verstehen willst, wie aus Daten verlässlicher Business-Impact wird, bist du hier genau richtig.Bonus: Batchjobs bekommen heute mal ein kleines Comeback.Unsere aktuellen Werbepartner findest du auf https://engineeringkiosk.dev/partnersDas schnelle Feedback zur Episode:

Topics covered in this episode: Possibility of a new website for Django aiosqlitepool deptry browsr Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Possibility of a new website for Django Current Django site: djangoproject.com Adam Hill's in progress redesign idea: django-homepage.adamghill.com Commentary in the Want to work on a homepage site redesign? discussion Michael #2: aiosqlitepool

All Things TechIE Podcast - Episode 127 at IBC2025This a booth tour of Storj, one of the sponsors to All Things TechIE Podcast while at IBC2025.ATLANTA, September 10, 2025 – Storj today announced Production Cloud, a purpose-built platform for modern media workflows. It combines Storj's new Global Collaboration tier of high-performance distributed object storage and Object Mount cloud media access into a unified media solution. Designed for editorial, media production teams in post, news, and sports, Production Cloud empowers creative teams to collaborate globally, move faster, and scale with confidence. By combining distributed object storage and seamless file access into a single offering, Production Cloud enables collaboration, low-latency editing, and cost-effective archiving across distributed environments.  Storj also announced that cloud compute for media is in beta and will soon be added to the platform. "Storj is focused on solving the challenges in the world's most demanding workflows,” said Colby Winegar, CEO of Storj. “We now have the storage, compute, and access solutions to give creative teams the speed, scale, and flexibility to work without limits." “Storj's storage tiers and file-based access already address key bottlenecks in media production,” said Alex Holtz, Research Director, Worldwide Media & Entertainment Digital Strategies at IDC. “And now, the Production Cloud puts everything M&E teams need to move faster, scale on demand, and simplify workflows into one integrated platform.”  Global production: Where traditional cloud providers fall short.Media production – from broadcast and creative agencies to film and TV – has evolved rapidly in recent years, with more remote collaboration, massive file sizes, global delivery timelines, unpredictable cloud bills, and non-stop deadlines.  Since 2022, the number of films and TV shows made in the U.S. has dropped by about 40%. Meanwhile, over 70% of M&E leaders in the U.S. and U.K. agree or strongly agree media production work is becoming more remote and collaborative, with nearly 80% stating that migrating from on-premise to cloud-based workflows is important or very important. Traditional cloud providers were not optimized for the realities of media and entertainment decades ago, and the needs of production teams today expose the limits of legacy cloud providers daily. Transferring hundreds of gigabytes across regions leads to delays, while surprise egress fees strain budgets, and replication-heavy architectures slow down productions. Modern production teams now need:Instant access to huge files in the cloudPredictable pricing with no egress surprisesConsistent global performance without replicating across regionsSecure, private storage built for compliance and resilienceWorkflows that just work across tools and teams Production Cloud: Modern infrastructure for modern production teams.Production Cloud from Storj is designed to solve these specific needs, reflecting a strategic shift in how creative teams interact with cloud infrastructure. It bundles Storj's high-performance Global Collaboration tier of Distributed Storage with Object Mount, Storj's proprietary interface for accessing media in the cloud, and has no egress fees and zero API fees. This integration allows users to ingest camera-to-cloud, perform frame-accurate editing, proxy workflows, conform, and content distribution directly from the cloud. Production Cloud eliminates egress and API charges, simplifying production and enabling predictable costs for high-throughput workflows. Customers can also add an Active Archive storage tier that supports long-term retention and active retrieval for repurposing content. When done, archived assets remain accessible without the cost or complexity of traditional cold storage. The Production Cloud accelerates real-world production workflows.Ingest - Fast ingest, less wrangling with direct S3 access for camera-to-cloud workflows.Dailies - Frame-accurate playback for reviewing LUTS, enable instant remote review and faster creative decisions.Assistant Editing - Proxy generation, metadata tagging, and global clip access for editorial prep.Selects & Assembly - Instant bin and timeline access lets editors start rough cuts without delay.Editing - Multi-track support, VFX pulls, and remote preview deliver full editorial control from anywhere.Conform & Delivery - Ultra-fast final conform and master, export directly from cloud storage in real time. Additional features of Production Cloud include:Features and pricing for media - Transparent, bundled model that reflects how media teams actually work. By combining infrastructure into a single offering, Storj eliminates the inconsistency of egress fees and eliminates the need for regional replication, resulting in predictable and reasonable costs.Consistent performance globally - Storj's distributed architecture stores data across tens of thousands of nodes worldwide, where only a small portion of the data from the fastest nodes are needed to deliver file access. This design provides consistent low-latency performance. See recent performance benchmarking performed by Integrated Digital Solutions. Global access without replication - The unique design of Storj enables remote teams to access content anywhere in the world without copying data to additional storage regions. This approach delivers 11 nines of durability and multi-region availability without the cost or complexity of traditional cloud replication. Storj helps global media, AI and creative organizations simplify workflows with the distributed cloud, including object storage, file storage, and flexible on-demand compute. In recent performance benchmarking from Integrated Digital Solutions, Storj maintained consistent performance across geographic locations throughout the 24 hour period tested with less volatility than other providers. The only other provider tested who came close to Storj global performance was AWS S3, but with much higher costs, requiring regional replication.  These results cement Storj's position as a distributed storage platform for organizations struggling with the performance, complexity, and cost limitations of centralized cloud hyperscalers. This is particularly relevant for the media and entertainment industry, which operates at a global scale and with large-file-intensive workflows.

This week on Azure Friday, Scott Hanselman meets with Anusha Subramanian to demo Azure Databox and Azure Storage Mover, learning how to demystify storage migrations. See how these Azure tools can help you move petabytes of data easily and quickly to Azure Storage. Moving large amounts of data can be complex, but with the right tools and AI you can further simplify the process. Chapters 00:00 - Introduction 01:07 - Guided storage migration experience 04:26 - Next Gen Azure Data Box for offline migrations 06:39 - Azure Storage Mover for online migrations 07:26 - Demo of AWS S3 to Azure blob storage migrations using Storage Mover 09:53 - Copilot for storage migrations 11:44 - Learn more about storage migrations Recommended resources Check this comparison matrix on the functionality for different tools Documentation Azure Storage Migration Solutions Connect Scott Hanselman | Twitter/X: @SHanselman Azure Friday | Twitter/X: @AzureFriday Azure | Twitter/X: @Azure

This week on Azure Friday, Scott Hanselman meets with Anusha Subramanian to demo Azure Databox and Azure Storage Mover, learning how to demystify storage migrations. See how these Azure tools can help you move petabytes of data easily and quickly to Azure Storage. Moving large amounts of data can be complex, but with the right tools and AI you can further simplify the process. Chapters 00:00 - Introduction 01:07 - Guided storage migration experience 04:26 - Next Gen Azure Data Box for offline migrations 06:39 - Azure Storage Mover for online migrations 07:26 - Demo of AWS S3 to Azure blob storage migrations using Storage Mover 09:53 - Copilot for storage migrations 11:44 - Learn more about storage migrations Recommended resources Check this comparison matrix on the functionality for different tools Documentation Azure Storage Migration Solutions Connect Scott Hanselman | Twitter/X: @SHanselman Azure Friday | Twitter/X: @AzureFriday Azure | Twitter/X: @Azure

This week on Azure Friday, Scott Hanselman meets with Anusha Subramanian to demo Azure Databox and Azure Storage Mover, learning how to demystify storage migrations. See how these Azure tools can help you move petabytes of data easily and quickly to Azure Storage. Moving large amounts of data can be complex, but with the right tools and AI you can further simplify the process. Chapters 00:00 - Introduction 01:07 - Guided storage migration experience 04:26 - Next Gen Azure Data Box for offline migrations 06:39 - Azure Storage Mover for online migrations 07:26 - Demo of AWS S3 to Azure blob storage migrations using Storage Mover 09:53 - Copilot for storage migrations 11:44 - Learn more about storage migrations Recommended resources Check this comparison matrix on the functionality for different tools Documentation Azure Storage Migration Solutions Connect Scott Hanselman | Twitter/X: @SHanselman Azure Friday | Twitter/X: @AzureFriday Azure | Twitter/X: @Azure

This week on Azure Friday, Scott Hanselman meets with Anusha Subramanian to demo Azure Databox and Azure Storage Mover, learning how to demystify storage migrations. See how these Azure tools can help you move petabytes of data easily and quickly to Azure Storage. Moving large amounts of data can be complex, but with the right tools and AI you can further simplify the process. Chapters 00:00 - Introduction 01:07 - Guided storage migration experience 04:26 - Next Gen Azure Data Box for offline migrations 06:39 - Azure Storage Mover for online migrations 07:26 - Demo of AWS S3 to Azure blob storage migrations using Storage Mover 09:53 - Copilot for storage migrations 11:44 - Learn more about storage migrations Recommended resources Check this comparison matrix on the functionality for different tools Documentation Azure Storage Migration Solutions Connect Scott Hanselman | Twitter/X: @SHanselman Azure Friday | Twitter/X: @AzureFriday Azure | Twitter/X: @Azure

Neel Mitra, the Worldwide Solutions Architecture Leader for Data and AI at AWS, discusses the evolution and applications of AI in the automotive industry. He highlights the transition from classic AI to large language models and agentic AI, emphasizing their potential to enhance vehicle diagnostics and performance. With over twenty-one years of experience, Neel shares insights on the importance of data integration and collaboration in optimizing automotive technology. He notes the growing trend of software-defined vehicles and the need for continuous learning through MLOps. The conversation underscores the significance of AI in transforming automotive systems and the benefits of these technologies. The conversation touches on Sonatus AI innovations such as Sonatus AI Director, a new solution for in-vehicle edge AI, and Sonatus AI Technician, which uses LLM's to provide a better diagnostic experience.

Welcome to episode 314 of The Cloud Pod, where your hosts, Matt and Ryan, are holding down the fort in Justin's absence and bringing what's left of our audience (those of you still here after the last time they were left in charge) the latest and greatest in cloud and tech news. We've got undersea cables, vector storage, and even some hobos – but not the kind on trains. Plus, AWS S3 gets its Vector Victor. Let's get started!  Titles we almost went with this week: S3 Gets Direction: AWS Points to Vector Storage Vector? I Hardly Know Her! S3’s New AI Storage Play S3 Finds Its Magnitude and Direction Claude Goes to Wall Street Anthropic’s Bull Run Into Financial Services AI Assistant Gets Its Series 7 License Nova Scotia: AWS Brings Regional Flavor to AI Models The Fine-Tuning of the Shrew: Teaching Nova Models New Tricks Nova-caine: Numbing the Pain of Model Customization AgentCore Blimey: AWS Gives AI Agents Their License to Scale The Agent Infrastructure: Mission Deployable From Zero to Agent Hero: AWS Tackles the Production Problem SageMaker Gets Its Data Act Together From Catalog to QuickSight: A Data Love Story The Great Data Unification of 2024 AWS Free Tier Gets a $200 Makeover EKS-treme Makeover: Cluster Edition #⃣100K Nodes Walk Into a Cluster… S3 Gets Direction: Amazon Points to Vector Storage Amazon S3: Now with 90% Less Vector Bills and 100% More Dimensions Follow Up 01:03 SoftBank and OpenAI's $500 Billion AI Project Struggles to Get Off Ground The $500 billion AI effort unveiled at the White House has struggled to get off the ground and has scaled back its near-term plans.  It’s been six months since the announcement, where they said they would spend $100B almost immediately, but now they have a more modest goal of building a small data center by the end of the year in Ohio. Softbank committed to $30 billion earlier this year, and it is one of the largest ever startup investments by them, which led them to take on new debt and sell assets.   This investment was made alongside Stargate, giving them a role in the physical infrastructure needed for AI.  Altman, though, has been eager to secure computing power as quickly as possible and has proceeded without Softbank.  Publicly, they say it’s a great partnership, and they look forward to advancing projects in multiple states Oracle was part of Stargate, but the recent 30B deal just signed with includes a commitment of 4.5 gigawatts of capacity, and would consume the equivalent power of more than two Hoover Dams, or about 4 million homes.  Oracle was also named part of the deal with UAE firm MGX as a partner, but Oracle CEO Safra Catz said that Stargate hadn't been formed yet, as of last month.  02:31 Matthew – “…everyone’s like, how hard can it be to build a data center? But it’s c

سلام عليكم الخوت و الخوات! مرحبا بكم ف هاد الحلقة الجديدة ديالنا.ف هاد الوقت اللي الـ AI و الـ LLM's (بحال ChatGPT) ولاو جزء من حياتنا، كاين واحد السؤال كبييير: كيفاش نخبعوا هاد الداتا كاملة، بالطريقة اللي تكون رخيصة و سريعة ف نفس الوقت؟ و هنا فين كايجي AWS S3 Vectors!ف هاد الحلقة، غادي ندويو على هاد الـ feature الجديدة من Amazon S3، اللي غادي تغيّر بزاف الإستعمال ديال "Vector Embeddings"

Send us a textUnlock the secrets to safeguarding your cloud storage from becoming a cyber attack vector in our latest episode of the CISSP Cyber Training Podcast with Shon Gerber. Discover how neglected AWS S3 buckets can pose significant threats akin to the notorious SolarWinds attack. Shon breaks down the importance of auditing and access controls while providing strategic guidance aligned with domain 6.1 of the CISSP to fortify your knowledge for the exam. This episode promises to equip you with the essential tools to protect your cloud infrastructure and maintain robust security practices.Transitioning to security testing, we explore various methodologies and the vital role they play in incident readiness and data integrity. From vulnerability assessments to penetration testing and the collaborative efforts of red, blue, and purple teams, Shon sheds light on the automation of these processes to enhance efficacy. We also demystify SOC 1 and SOC 2 reports and discuss their criticality in vendor risk management and regulatory compliance. With insights into audit standards like ISO 27001 and PCI DSS, this episode is your comprehensive guide to understanding and applying security measures across diverse sectors.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Deepseek troubles, AI models explained, AMD CPU microcode signature validation, what happens when you leave an AWS S3 bucket laying around, 3D printing tips, and the malware that never was on Ethernet to USB adapters. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-860

Deepseek troubles, AI models explained, AMD CPU microcode signature validation, what happens when you leave an AWS S3 bucket laying around, 3D printing tips, and the malware that never was on Ethernet to USB adapters. Show Notes: https://securityweekly.com/psw-860

Deepseek troubles, AI models explained, AMD CPU microcode signature validation, what happens when you leave an AWS S3 bucket laying around, 3D printing tips, and the malware that never was on Ethernet to USB adapters. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-860

Deepseek troubles, AI models explained, AMD CPU microcode signature validation, what happens when you leave an AWS S3 bucket laying around, 3D printing tips, and the malware that never was on Ethernet to USB adapters. Show Notes: https://securityweekly.com/psw-860

Episode Summary: This episode covers brute-force attacks on the password reset functionality of Hikvision devices, a macOS SIP bypass vulnerability, Linux rootkit malware, and a novel ransomware campaign targeting AWS S3 buckets. Topics Covered: Hikvision Password Reset Brute Forcing URL: https://isc.sans.edu/diary/Hikvision%20Password%20Reset%20Brute%20Forcing/31586 Hikvision devices are being targeted using old brute-force attacks exploiting predictable password reset codes. Analyzing CVE-2024-44243: A macOS System Integrity Protection Bypass URL: https://www.microsoft.com/en-us/security/blog/2025/01/13/analyzing-cve-2024-44243-a-macos-system-integrity-protection-bypass-through-kernel-extensions/ Microsoft details a macOS vulnerability allowing attackers to bypass SIP using kernel extensions. Rootkit Malware Controls Linux Systems Remotely URL: https://cybersecuritynews.com/rootkit-malware-controls-linux-systems-remotely/ A sophisticated rootkit targeting Linux systems uses zero-day vulnerabilities for remote control. Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C URL: https://www.halcyon.ai/blog/abusing-aws-native-services-ransomware-encrypting-s3-buckets-with-sse-c Attackers are using AWS s SSE-C encryption to lock S3 buckets during ransomware campaigns. We cover how the attack works and how to protect your AWS environment.

Marketing departments today operate like small companies, requiring specialised skills in technical operations, creative development, and strategic communication. Each discipline relies on multiple software solutions, making technology selection a critical challenge for marketing leaders. The marketing technology sector has grown significantly over the past decade. While this expansion initially drove companies toward bundled solutions, these all-in-one platforms often sacrifice specialised functionality for comprehensive coverage. Modern marketing teams are discovering that integrating best-in-class tools creates a more adaptable and effective technology stack. This approach enables companies to maintain visibility across the customer journey while providing teams with robust features for specific needs. Feather Hickox, Vice President of Marketing Rebrandly, said, "The future of marketing tech stacks is going to be tools that are largely API-based, can interact with each other easily, and that do critical functions really well," Link management plays a pivotal role in an integrated digital ecosystem. As the gateway to online experiences and conversions, links serve as essential touchpoints throughout the customer journey. Advanced platforms exemplify this specialised approach, providing extensive integrations across SMS messaging, CMS platforms, and other key marketing functions. Here are a few best practices for effective high-volume link management: 1. Centralise Link Management: Relying on multiple tools, such as an in-app social media link shortener and a separate shortener for campaign links, can cause inconsistencies. Instead, adopt a single, robust tool for both link creation and tracking. This ensures uniformity across platforms, enhances security, and simplifies maintenance and updates. 2. Opt for a Standardised API: Select an API that seamlessly integrates with your applications to streamline processes and ensure compatibility. The widespread utility of links raises several challenges when transforming link data into actionable insights: 1. Volume: Enterprise-level link interactions generate an immense amount of data, with millions or even billions of clicks per month. Managing and analysing this data in real time is not just beneficial - it's critical for staying competitive. 2. Data Fragmentation: Link data is often dispersed across multiple platforms and tools, leading to inconsistent tracking parameters and methodologies. This fragmentation makes it difficult to gain a comprehensive view of the customer journey or accurately attribute conversions to specific campaigns or audiences. 3. Analysis Paralysis: The sheer volume of link data can be overwhelming. Without proper context and organisation, it becomes challenging to distill this information into actionable insights that drive decision-making. To unlock the full potential of link data, consider adopting the following solutions for your Link Management in 2025: 1. Unified Tracking: Implementing a unified tracking system helps eliminate data silos, creating a single source of truth for link performance. This streamlines data collection and enables precise cross-channel analysis and attribution. 2. Real-Time Processing: In today's fast-paced digital environment, real-time data processing can be transformative. With real-time analytics, businesses can quickly identify and leverage emerging trends, make on-the-fly campaign adjustments, and address issues proactively. 3. Contextualised Data: Raw data alone has limited value. By correlating link performance with specific business outcomesand segmenting data meaningfully, organisations can extract actionable insights to inform decision-making. Rebrandly Clickstream for AWS simplifies the collection and storage of raw click traffic data from branded short links. This data is seamlessly delivered to your AWS S3 account, providing near real-time access. The company's robust API and developer resources, including the ...

Send us a textWeb Crawler DesignsCan a simple idea like building a web crawler teach you the intricacies of system design? Join me, Ben Kitchell, as we uncover this fascinating intersection. Returning from a brief pause, I'm eager to guide you through the essential building blocks of a web crawler, from queuing seed URLs to parsing new links autonomously. These basic functionalities are your gateway to creating a minimum viable product or acing that system design interview. You'll gain insights into potential extensions like scheduled crawling and page prioritization, ensuring a strong foundation for tackling real-world challenges.Managing a billion URLs a month is no small feat, and scaling such a system requires meticulous planning. We'll break down the daunting numbers into digestible pieces, exploring how to efficiently store six petabytes of data annually. By examining different database models, you'll learn how to handle URLs, track visit timestamps, and keep data searchable. The focus is on creating a robust system that not only scales but does so in a way that meets evolving demands without compromising on performance.Navigating the complexities of designing a web crawler means making critical decisions about data storage and system architecture. We'll weigh the benefits of using cloud storage solutions like AWS S3 and Azure Blob Storage against maintaining dedicated servers. Discover the role of REST APIs in seamless user and service interactions, and explore search functionalities using Cassandra, Amazon Athena, or Google's BigQuery. Flexibility and foresight are key as we build systems that adapt to future needs. Thank you for your continued support—let's keep learning and growing on this exciting system design journey together.Support the showDedicated to the memory of Crystal Rose.Email me at LearnSystemDesignPod@gmail.comJoin the free Discord Consider supporting us on PatreonSpecial thanks to Aimless Orbiter for the wonderful music.Please consider giving us a rating on ITunes or wherever you listen to new episodes.

AWS S3: A low level design look

Alex Merced discusses his experience at AWS re:invent follow Alex at AlexMered.com/data

In this episode of the vBrownBag, Shala demonstrates how & why she uses Hashicorp Terraform (for her day job!) to stand up proof of concept tests on AWS far faster than what is possible in the console. 00:00 Intro 1:37 Shala walks us through her GitLab repo

In this episode of the vBrownBag, Damian does a deeper dive into the Meatgrinder, showing how the different AWS services interact, how the process logs to CloudWatch, and more! 00:00 Intro 1:20 The AWS Services that power the Meatgrinder

In this episode of the vBrownBag, a host is a guest! Damian does a deep dive into the vBrownBag Meatgrinder, an event-driven automation solution built with AWS Serverless that powers the show behind the scenes. Meatgrinder uses AWS S3, Event Bridge, Step Functions, Lambda, and Cloud Watch and handles post-production automation of vBrownBag content. We'll talk about the design decisions made while architecting the solution, and lessons learned along the way. 00:00 Intro and so much banter! 10:14 We actually start talking about the topic

We dig into the RegreSSHion bug, debate it's real threat and explore clever tools to build a tasty fried onion around your system.Sponsored By:Core Contributor Membership: Take $1 a month of your membership for a lifetime!Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. Support LINUX UnpluggedLinks:

Episode 75: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are sick, So instead of a new full episode, we're going back 30 episodes to review.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!Today's Guest: https://twitter.com/fransrosen DetectifyDiscovering s3 subdomain takeovershttps://labs.detectify.com/writeups/hostile-subdomain-takeover-using-heroku-github-desk-more/bucket-disclose.shhttps://gist.github.com/fransr/a155e5bd7ab11c93923ec8ce788e3368A deep dive into AWS S3 access controlsAttacking Modern Web TechnologiesLive Hacking like a MVHAccount hijacking using Dirty Dancing in sign-in OAuth flowsTimestamps:(00:00:00) Introduction(00:11:41) Franz Rosen's Bug Bounty Journey and Detectify (00:20:21) Pseudo-code, typing, and thinking like a dev(00:27:11) Hunter Methodologies and automationists(00:42:31) Time on targets, Iteration vs. Ideation(00:58:01) S3 subdomain takeovers(01:11:53) Blog posting and hosting motivations(01:20:21) Detectify and entrepreneurial endeavors(01:36:41) Attacking Modern Web Technologies(01:52:51) postMessage and MessagePort(02:05:00) Live Hacking and Collaboration(02:20:41) Account Hijacking and OAuth Flows(02:35:39) Hacking + Parenthood

In today's episode, we discuss how a developer nearly faced a $1,300 bill due to a poorly named AWS S3 storage bucket, attracting unauthorized access (https://arstechnica.com/information-technology/2024/04/aws-s3-storage-bucket-with-unlucky-name-nearly-cost-developer-1300/). We also delve into the repercussions faced by Change Healthcare after a ransomware attack due to compromised credentials and lack of MFA (https://www.cybersecuritydive.com/news/change-healthcare-compromised-credentials-no-mfa/714792/). Lastly, we explore a new Android malware named Wpeeper that utilizes compromised WordPress sites to conceal C2 servers, posing a threat to unsuspecting users (https://thehackernews.com/2024/05/android-malware-wpeeper-uses.html). 00:00 Intro 00:55 Change Health Care 04:10 The High Cost of a Naming Mistake: A Developer's AWS Nightmare 07:54 Emerging Threats: The Rise of WPeeper Malware AWS, S3, Storage Bucket, Unauthorized Access,Change Healthcare, AlphV, ransomware, cybersecurity,Wpeeper, malware, WordPress, command-and-control Search phrases: 1. Ransomware group AlphV 2. Change Healthcare 3. Compromised credentials 4. Multifactor authentication 5. Ransomware consequences Change Healthcare 6. Cybersecurity breach consequences 7. Security measures for cybersecurity breach prevention 8. Wpeeper malware 9. Android device security protection 10. Compromised WordPress sites protection Change Healthcare's CEO just testified in front of the House Subcommittee that the service they used to deploy remote desktop services did not require multi factor authentication. Which led to one of the most impactful ransomware attacks in recent history. In other news, a very unlucky developer in his personal time accidentally incurred over 1, 300 worth of charges on his AWS account overnight. What was this developer doing and how did it lead to such high charges in such a short amount of time? Wpeeper Malware is utilizing compromised WordPress sites to hide its C2 servers, posing a significant threat to Android devices, with the potential to escalate further if undetected. How can users protect their Android devices from falling victim to this malware? You're listening to The Daily Decrypt. The CEO of Change Healthcare, which is a subsidiary of UnitedHealthcare that was breached, it's been all over the news, it's all over the news. Revealed in written testimony that Change Healthcare was compromised by Ransomware Group. accessing their systems with stolen credentials. Which we all knew, but the ransomware group used these compromised credentials to remotely access a Citrix portal, which is an application used to enable remote access to desktops. And this portal did not require multi factor authentication. I don't know much about Change Healthcare's inner infrastructure, but any portal that allows remote access to other desktops should be locked down pretty hard. And the fact that just a simple username and password can grant access can grant all of these different desktops is pretty terrible. And means that this attack could have likely been avoided had they enabled multi factor authentication. So if you're brand new to cybersecurity and you're listening to this podcast for the first time, you need to know that there are a few very easy things you can do to improve your posture online. Don't reuse passwords. Step one, one of the easiest way to do that is to use a password manager and have them generate your passwords for you. Number two, enable multi factor authentication that way, if someone does come into your username and password combination, they still have to get through some sort of device based authentication, like a ping on your cell phone or something like that, to allow them to log into your account. Now, in the case of United and Change Healthcare, one thing that they also could have done To help mitigate their negligence in not enabling multi factor authentication would be to have frequent dark web scams for any password in the system or any username in the system. And this can all be automated. If a password that is being used to access any system in your network is found on the dark web, immediately revoke that password and require that user to create a new one. But, that is slightly more complicated than just requiring multi factor authentication. So, probably start there. But, the attackers who carried out this ransomware were able to use credentials they found on the dark web to infiltrate the networks, gain access to remote desktops, and launch their ransomware within 9 days of their entry. So, that's pretty fast. A few years ago, that would have taken dozens of days, if not hundreds of days. The dwell time for attackers was pretty high back then. But now, single digits. That doesn't leave much time for defenders to find this type of attack. But the CEO acknowledged this negligence and shared his deep condolences for all of the patrons of Change Healthcare. The pharmacists, the doctors, a lot of work had to be put on hold For And it's very possible that people died as a result of this breach, having to be transferred to different hospitals, etc. This is a pretty tragic thing, so if you're in the healthcare industry, if you're in a position of power, make sure that all your internal systems, and especially external, but definitely internal as well, have multi factor authentication enabled. And if you want to go the extra mile, create some sort of automatic tool that probably exists online for free, that will check the dark web on a recurring basis for any passwords in your system. A cloud developer was setting up a proof of concept for a client. And it involved creating an empty storage bucket in AWS. The project was a document indexing system. And so this developer uploaded a couple of documents and then began working in other areas of the project. Then after two days of work, went back and checked the billing costs and found 1, 300 worth of charges. Now, if you're not familiar with AWS and their pricing, S3 storage buckets are really cheap. The daily decrypt is actually hosted in the S3 storage bucket and I pay less than 10 a month for all hosting. And I'm uploading audio, which is a lot larger than documents. Okay. So this bucket should have cost less than 5 a month, but after two days, There were 1300 in charges, so I really appreciate the developer sharing this story because it's an interesting case study. What happened? Well, the developer accidentally named the bucket the same thing that an open source software uses as a placeholder in their code. So what does that mean? Some other company, let's say it's Home Depot, alright? That came up in a previous reel. Home Depot has some software that backs up their files to Amazon S3 buckets on a recurring basis. Home Depot also has a non production version of that code that has placeholders for those S3 bucket names, such as placeholder bucket 1231 or something like that, so that when it comes time to upload their files, they replace that placeholder with the actual name of their bucket. but That sample code is running, and it's not doing anything because it's attempting to backup their files to a bucket that doesn't exist. Well, this developer lucked out and created an S3 bucket with that exact name of that placeholder, and this script now all of a sudden is trying to send all of Home Depot's backup files to this bucket And news to me, but AWS charges a fee, it's like 005 cents per request. And an automated system can generate thousands of requests. Per second, like it can go very fast. So just in two days, that 0. 0005 cents per request turned into 1, 300. Now these are unexpected charges. Amazon agrees he shouldn't have to pay for this, but it just goes to show how careful you have to be when naming your S3 buckets, especially if they're going to allow for public users to place files in them. But another really important aspect of this story that I find fascinating is that the developer, once he realized what was happening, decided to open up his bucket and allow for files to be placed there. And within 30 seconds, there were over 10 gigabytes of files placed in this bucket. And these files belonged to another company. One that's pretty reputable, so probably on the same lines of Home Depot. Now this developer won't disclose that because these files are currently being backed up and there's a huge risk for data leak, but this developer now has the source code for all kinds of files that belong to a pretty big company. So as a developer, make sure you name your AWS buckets, something pretty unique and maybe even add in a little suffix of random characters after anything you name. And as developers for companies, make sure you're not having automated scripts upload to bucket names that don't exist because Maybe someday they will exist and all those files will go to that bucket. The developer did reach out to the company that was affected by this and has received no response. But we're all hoping that the company responds and fixes their practice and hopefully shells out some money to this developer because that's a pretty big bug and they deserve compensation. And finally, cybersecurity researchers have identified a new Android malware named WPeeper that utilizes compromised WordPress sites to hide its command and control servers. And if you've been listening to this podcast for a while or keeping up to date on cybersecurity news, you'll know that there's a lot of opportunity within the WordPress framework to compromise WordPress sites. And it would be a great place to host a command and control server. WPPer is a binary that employs the HTTPS protocol for secure C2 communications and functions as a backdoor. The malware disguises itself within a repackaged version of the Up to down app store for Android aiming to evade detection and deceive users into installing the malicious payload. WPaper utilizes a complex C2 architecture that involves using infected WordPress sites as intermediaries to obfuscate its actual C2 servers with as many as 45 C2 servers identified in the infrastructure. The malware's capabilities involve collecting device information, updating C2 servers, downloading additional payloads, and self deleting. And to safeguard against similar malware attacks, users are advised to download apps only from reputable sources, carefully review app permissions, and just Be careful what you click on. Stay vigilant out there against suspicious activities that may be taking place on your phone. You might notice a performance lag. You might notice weird browsers opening up. And if you do, you might just want to restart your device, reset it. And if you do get curious and install a scanning tool, antivirus, anti malware, et cetera, make sure you do it from a reputable source. This has been the Daily Decrypt. If you found your key to unlocking the digital domain, show your support with a rating on Spotify or Apple Podcasts. It truly helps us stand at the frontier of cyber news. Don't forget to connect on Instagram or catch our episodes on YouTube. Until next time, keep your data safe and your curiosity alive.

We talked with Andy Warfield (@AndyWarfield), VP Distinguished Engineer, Amazon, about 10 years ago, when at Coho Data (see our (005:) Greybeards talk scale out storage … podcast). Andy has been a good friend for a long time and he's been with Amazon S3 for over 5 years now. Since the recent S3 announcements at … Continue reading "161: Greybeards talk AWS S3 storage with Andy Warfield, VP Distinguished Engineer, Amazon"

Processing Podcasts Ahuka's recent episodes about pre processing podcasts with audacity reminded me that I have been wanting to do an episode about pre-processing podcasts with sox. I no longer need to use sox to change the podcast tempo since now, I use Antena Pod on my phone When I started listening to podcasts the only playback options were either a PC or a mp3 player. I started out just downloading the podcasts to my PC from the podcast's web page. My first podcast automation was using bashpodder. bashpodder was simple to set up and run via cron. It would: - read a file to get a list of RSS feeds - Track previous downloads in a log - Download new episodes https://lincgeek.org/bashpodder/ A few of the podcasts I listened to were panels of a few hosts that were recorded live and released later as a podcast. Some of those shows were unedited and had some dead air that I wanted to remove. It took me a few tries, but I eventually figured out how to truncate silence with sox Many of the podcast players I used did not have the ability to alter the playback speed. So I also figured out how to change the tempo using sox. I stuck to using dedicated mp3 players for several years. Before the sansa clips came out, my favorite was the sansa e200 series https://en.wikipedia.org/wiki/Sansa_e200_series They could run the alternative firmware, rockbox. https://www.rockbox.org/ I remember wasting hours playing frozen bubble on my mp3 player. The sansa clips were a big innovation. Small, light, and cheap. They were my preferred player until I eventually switched to phones. I had a workflow set up - cron bashpodder - script to process with sox - script to reload podcast - mount - move from player to archive - move new files to player - unmount I did a HPR episode a few months ago about my first tech job. When I started there, I was given in iPhone. It was my first smart phone. While there, I had started taking walks on by lunch break. And I would get to listen to podcast while out. There were a few times where I would run out of episodes to listen to. So I decided to add some podcasts to my work iPhone. For most of the time I worked there, I would take my sansa with me and listen to every thing on it. Then if I ran out, I had my phone with me, so I would listen to podcasts on it. This process meant I had 2 sets of podcasts - provided by mashpodder - iPhone app. I kept this practice of having 2 podcast sources for a few years, but I eventual stopped using the sansa. Phones were getting better, and the sansa devices were getting harder to find. I wanted to start listening to my bashpodder podcasts on my phone. I looked for a few file transfer solutions, but eventually settled on making my own RSS feed of files I had downloaded. I found a python script that would take a directory listing of mp3s and build a RSS feed. Now I had a cron job that would - download - process with sox - create the RSS feed - rsync RSS XML file on podcast files to a VPS https://genrss.readthedocs.io/en/latest/ I used a VPS so I could download new episodes to my phone from anywhere. After a while, I experimented with using a AWS S3 to host the files. I stopped using S3 when the free tier ran out, and I started getting charged for storage and bandwidth. Eventually, when I started working at home I no longer needed the RSS feed to be available from anywhere. So I just started using a http server in my home lab to host my RSS feed and files. I can update my phone with the files I download and process as long as I am on my home network Also, one other change I made at some point was switching from bashpodder to mashpodder. There were a few podcast that bashpodder was not able to parse. Today, I listen to podcasts via antenna pod Most of of the podcasts I searched for and subscribed to via the app. There are still a few podcasts that I get via mashpodder and pre-process with sox. Since the phone app is good at altering the tempo (I like 2x), I no longer have to use sox for speeding up. But I still use sox for leveling the audio and truncating silence. My tendency is to have the podcasts that are produced by studios/companies via the app and podcasts produced by enthusiasts via mashpodder/sox set -euo pipefail IFS=$'nt' SOX="/usr/local/bin/sox" cd /mashpodder/podcasts/files if [ -z "$(ls -A )" ]; then echo "Empty" exit 0 else echo "Not Empty" fi for i in * do $SOX -v 0.5 $i "/mashpodder/podcasts/faster/$i.mp3" compand 0.3,1 6:-70,-60,-20 -5 -90 remix - silence 1 0.1 1% -1 0.1 1% stat mv -v $i ../archive/ done Delete old file from the Archive Generate a RSS feed of the faster directlry find /mashpodder/podcasts/archive/ -name "*mp3" -mtime +30 -delete cd /mashpodder/podcasts && python2.7 ../genRSS/genRSS.py -v -e mp3 -i 'faster/faster.gif' -t Faster -p "Faster Podcasts" -d faster -H http://address.of.web.host --sort-creation -o faster/faster.xml

Episode 45: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to welcome Frans Rosén, an OG bug bounty hunter and co-founder of Detectify. We kick off with Frans sharing his journey bug bounty and security startups, before diving headfirst into a host of his blog posts. We also cover the value of pseudo-code for bug exploitation, understanding developer terminology, the challenges of collaboration and delegating tasks, and balancing hacking with parenting. If you're interested in bug bounty or entrepreneurship, you won't want to miss it!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.Join our Discord!Today's Guest:https://twitter.com/fransrosenDetectifyDiscovering s3 subdomain takeoversBucket DiscloseA deep dive into AWS S3 access controlsAttacking Modern Web TechnologiesLive Hacking like a MVHAccount hijacking using Dirty Dancing in sign-in OAuth flowsTimestamps:(00:00:00) Introduction(00:04:50) Franz Rosen's Bug Bounty Journey and the creation of Detectify(00:13:30) Benefits of pseudo-code, typing, and thinking like a developer(00:20:20) Hunter Methodologies(00:35:40) Time on targets, Iteration vs. Ideation, and tips for standing out(00:51:10) S3 subdomain takeovers(01:05:02) Blog posting and hosting motivations(01:13:30) Detectify and entrepreneurial endeavors(01:29:50) Attacking Modern Web Technologies(01:46:00) postMessage and MessagePort(01:58:09) Live Hacking and Collaboration(02:13:50) Account Hijacking and OAuth Flows(02:28:48) Hacking/Parenting

This is a recap of the top 10 posts on Hacker News on October 15th, 2023.This podcast was generated by wondercraft.ai(00:37): Finland to vote against the EU mass surveillance and encryption ban directiveOriginal post: https://news.ycombinator.com/item?id=37891886&utm_source=wondercraft_ai(02:26): "Hacker News" for retro computing and gamingOriginal post: https://news.ycombinator.com/item?id=37888144&utm_source=wondercraft_ai(04:12): Mastercard Should Stop Selling Our DataOriginal post: https://news.ycombinator.com/item?id=37892684&utm_source=wondercraft_ai(06:04): Google has sent internet into 'spiral of decline', claims DeepMind co-founderOriginal post: https://news.ycombinator.com/item?id=37887562&utm_source=wondercraft_ai(07:48): Signtime.apple: One-on-one sign language interpreting by AppleOriginal post: https://news.ycombinator.com/item?id=37890176&utm_source=wondercraft_ai(09:28): SSH-audit: SSH server and client security auditingOriginal post: https://news.ycombinator.com/item?id=37892028&utm_source=wondercraft_ai(10:56): Cloudflare Sippy: Incrementally Migrate Data from AWS S3 to Reduce Egress FeesOriginal post: https://news.ycombinator.com/item?id=37888135&utm_source=wondercraft_ai(12:45): Omnivore – free, open source, read-it-later AppOriginal post: https://news.ycombinator.com/item?id=37890742&utm_source=wondercraft_ai(14:19): Mark Twain at Stormfield (1909) [video]Original post: https://news.ycombinator.com/item?id=37890369&utm_source=wondercraft_ai(15:47): BeagleV-Ahead open-source RISC-V single board computerOriginal post: https://news.ycombinator.com/item?id=37887341&utm_source=wondercraft_aiThis is a third-party project, independent from HN and YC. Text and audio generated using AI, by wondercraft.ai. Create your own studio quality podcast with text as the only input in seconds at app.wondercraft.ai. Issues or feedback? We'd love to hear from you: team@wondercraft.ai

Mon, 18 Sep 2023 14:08:09 +0000 https://podcast.cloudonaut.io/80-self-hosted-github-runners-on-aws-s3-object-lambda-aws-community-day-germany 4f3ba8853d230bb2f84e177034e5976d Andreas and Michael Wittig are building on AWS since 2009. Follow their journey of developing products like bucketAV, marbot, and HyperEnv and learn from practice. Andreas and Michael Wittig are building on AWS since 2009. Follow their journey of developing products like bucketAV, marbot, and HyperEnv and learn from practice. Topics AWS Community Day Germany/DACH Self-hosted GitHub runners on AWS S3 Object Lambda Links Self-hosted GitHub runners on AWS HyperEnv for GitHub Actions Unboxing S3 Object Lambda (2021) S3 Object Lambda used to implement scan on download for bucketAV Subscribe Make sure you are not missing upcoming shows … Podcast feed YouTube channel Newsletter Projects bucketAV — Antivirus protection for Amazon S3 marbot — AWS Monitoring made simple! HyperEnv for GitHub Actions — Deploy self-hosted GitHub runners on AWS with ease! attachmentAV — Antivirus for Atlassian Jira and Confluence Contact and Feedback hello@cloudonaut.io Mastodon (Andreas) Mastodon (Michael) LinkedIn (Andreas) LinkedIn (Michael) 80 full Andreas and Michael Wittig are building on AWS since 2009. Follow their journey of developing products like bucketAV, marbot, and HyperEnv and learn from practice. no Andreas Wittig and Mich

As our Spiritual connections evolve, we want our podcast to evolve with us. And in return, YOUR spiritual connection will evolve, too. So this season, we are focusing on Spiritual Evolution in Real Life. From Biology to Theology, we will be talking about how we have evolved in not only our spiritual practice but in our mind and bodies as well. Let's buckle in and get ready for some turbulence because we are ascending into the sky as we begin Season 3 of Adventures with Spirit.

As our Spiritual connections evolve, we want our podcast to evolve with us. And in return, YOUR spiritual connection will evolve, too. So this season, we are focusing on Spiritual Evolution in Real Life. From Biology to Theology, we will be talking about how we have evolved in not only our spiritual practice but in our mind and bodies as well. Let's buckle in and get ready for some turbulence because we are ascending into the sky as we begin Season 3 of Adventures with Spirit.

Cloud Security Podcast - AWS ReInforce 2023 or AWS Re:inforce 2023 highlights in a recap from the 2 Day affair for all things AWS Cloud Security! We were lucky enough to be there. This is a recap of the major announcements and highlights from major themes around the event. Episode YouTube Video - https://www.youtube.com/watch?v=UhVBvnmmfnQ Cloud Security Podcast Website - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠www.cloudsecuritypodcast.tv⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ FREE CLOUD Security BOOTCAMP - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠www.cloudsecuritybootcamp.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠) Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecureNews⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security News ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Timeline (00:00) Introduction (02:20) What is AWS re:inforce? (04:33) Neha Rungta explains Verified Access (05:38) Neha Rungta explains Verified Permissions (07:53) What verified permissions means for you! (09:35) Amazon EC2 Connect Endpoint (11:08) Amazon GuardDuty Updates (12:42) Amazon Inspector Code Scan for Lambda function (14:26) Amazon Inspector SBOM Export (17:35) Amazon Code Whisperer (18:00) Amazon Code Guru (20:15) Finding groups in Amazon Detective (22:25) Dual Layer Encryption for AWS S3 (23:18) AWS Global Partner Security Initiative (26:12) Key Themes from AWS re:inforce (26:45) Shared Responsibility Model (27:56) Cloud Security Newsletter (30:04) Generative AI (31:29) Amazon Bedrock (34:04) Shift from ransomware to wiperware (35:29) Nancy Wang explains AWS Backup Vault Lock (37:18) Nancy explains double encryption with S3 Bucket (38:41) Nancy explains how vault helps with data loss. (40:20) AWS Backup Vault Lock (41:55) Zero Trust and Identity (45:03) DevSecOps (46:47) How GenAI will impact cloud security roles? (49:32) Amazon Security Lake (52:26) Quantum Computing See you at the next episode!

Jon Toor (CMO @CloudianStorage) talks about the history and evolution of object storage, the rise of enterprise class object storage, and the changing economics of cloud storage.SHOW: 725CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwNEW TO CLOUD? CHECK OUT - "CLOUDCAST BASICS"SHOW SPONSORS:CloudZero – Cloud Cost Visibility and Savings​​CloudZero provides immediate and ongoing savings with 100% visibility into your total cloud spendDatadog Application Monitoring: Modern Application Performance MonitoringGet started monitoring service dependencies to eliminate latency and errors and enhance your users app experience with a free 14 day Datadog trial. Listeners of The Cloudcast will also receive a free Datadog T-shirt.SHOW NOTES:Cloudian websiteTopic 1 - Welcome to the show Jon. Tell us a little bit about your background. Your career and Cloudian parallel in many ways.Topic 2 - Cloudian has been around since before object storage was cool. We first heard about Cloudian back in the OpenStack and early AWS S3 days. Object storage has come a long way. Can you help everyone frame where we were and where we are today?Topic 3 - We've seen the rise of Enterprise class, S3 compatible object storage for use cases like hybrid cloud, data sovereignty, and more recently analytics such as data lakehouses. Where are you seeing implementations these days as we've moved beyond basic, simple storage behind cloud backends.  Topic 4 - With the recent changes to the world economy, how much does economics come into conversations around the design of solutions. There's often a healthy tension between what is technically possible and what is economically feasible. How does that design conversation play out lately?Topic 5 - We used to talk about “Data Gravity” all the time. The concept for those unfamiliar is that data has a certain weight and attracts more data to existing sources and becomes hard to move over time. We haven't talked about it as much in recent years and we are seeing the rise of hybrid and multicloud solutions but folks often don't think about access to the data. Where are folks building large data sets? What are they using them for? Are they ever moving them?Topic 6 - Last question, Cloudian is well known for their partnerships, alliances and solutions. You partner with hardware companies, software companies, backup companies, public clouds, etc. It's quite a mix. Has this been a factor in Cloudian's longevity and tell everyone a little bit about how this came to be and how important you see this for the future. FEEDBACK?Email: show at the cloudcast dot netTwitter: @thecloudcastnet

AB Periasamy, Co-Founder and CEO of MinIO, joins Corey on Screaming in the Cloud to discuss what it means to be truly open source and the current and future state of multi-cloud. AB explains how MinIO was born from the idea that the world was going to produce a massive amount of data, and what it's been like to see that come true and continue to be the future outlook. AB and Corey explore why some companies are hesitant to move to cloud, and AB describes why he feels the move is inevitable regardless of cost. AB also reveals how he has helped create a truly free open-source software, and how his partnership with Amazon has been beneficial. About ABAB Periasamy is the co-founder and CEO of MinIO, an open source provider of high performance, object storage software. In addition to this role, AB is an active investor and advisor to a wide range of technology companies, from H2O.ai and Manetu where he serves on the board to advisor or investor roles with Humio, Isovalent, Starburst, Yugabyte, Tetrate, Postman, Storj, Procurify, and Helpshift. Successful exits include Gitter.im (Gitlab), Treasure Data (ARM) and Fastor (SMART).AB co-founded Gluster in 2005 to commoditize scalable storage systems. As CTO, he was the primary architect and strategist for the development of the Gluster file system, a pioneer in software defined storage. After the company was acquired by Red Hat in 2011, AB joined Red Hat's Office of the CTO. Prior to Gluster, AB was CTO of California Digital Corporation, where his work led to scaling of the commodity cluster computing to supercomputing class performance. His work there resulted in the development of Lawrence Livermore Laboratory's “Thunder” code, which, at the time was the second fastest in the world.  AB holds a Computer Science Engineering degree from Annamalai University, Tamil Nadu, India.AB is one of the leading proponents and thinkers on the subject of open source software - articulating the difference between the philosophy and business model. An active contributor to a number of open source projects, he is a board member of India's Free Software Foundation.Links Referenced: MinIO: https://min.io/ Twitter: https://twitter.com/abperiasamy LinkedIn: https://www.linkedin.com/in/abperiasamy/ Email: mailto:ab@min.io TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by our friends at Chronosphere. When it costs more money and time to observe your environment than it does to build it, there's a problem. With Chronosphere, you can shape and transform observability data based on need, context and utility. Learn how to only store the useful data you need to see in order to reduce costs and improve performance at chronosphere.io/corey-quinn. That's chronosphere.io/corey-quinn. And my thanks to them for sponsor ing my ridiculous nonsense. Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn, and I have taken a somewhat strong stance over the years on the relative merits of multi-cloud, and when it makes sense and when it doesn't. And it's time for me to start modifying some of those. To have that conversation and several others as well, with me today on this promoted guest episode is AB Periasamy, CEO and co-founder of MinIO. AB, it's great to have you back.AB: Yes, it's wonderful to be here again, Corey.Corey: So, one thing that I want to start with is defining terms. Because when we talk about multi-cloud, there are—to my mind at least—smart ways to do it and ways that are frankly ignorant. The thing that I've never quite seen is, it's greenfield, day one. Time to build something. Let's make sure we can build and deploy it to every cloud provider we might ever want to use.And that is usually not the right path. Whereas different workloads in different providers, that starts to make a lot more sense. When you do mergers and acquisitions, as big companies tend to do in lieu of doing anything interesting, it seems like they find it oh, we're suddenly in multiple cloud providers, should we move this acquisition to a new cloud? No. No, you should not.One of the challenges, of course, is that there's a lot of differentiation between the baseline offerings that cloud providers have. MinIO is interesting in that it starts and stops with an object store that is mostly S3 API compatible. Have I nailed the basic premise of what it is you folks do?AB: Yeah, it's basically an object store. Amazon S3 versus us, it's actually—that's the comparable, right? Amazon S3 is a hosted cloud storage as a service, but underneath the underlying technology is called object-store. MinIO is a software and it's also open-source and it's the software that you can deploy on the cloud, deploy on the edge, deploy anywhere, and both Amazon S3 and MinIO are exactly S3 API compatible. It's a drop-in replacement. You can write applications on MinIO and take it to AWS S3, and do the reverse. Amazon made S3 API a standard inside AWS, we made S3 API standard across the whole cloud, all the cloud edge, everywhere, rest of the world.Corey: I want to clarify two points because otherwise I know I'm going to get nibbled to death by ducks on the internet. When you say open-source, it is actually open-source; you're AGPL, not source available, or, “We've decided now we're going to change our model for licensing because oh, some people are using this without paying us money,” as so many companies seem to fall into that trap. You are actually open-source and no one reasonable is going to be able to disagree with that definition.The other pedantic part of it is when something says that it's S3 compatible on an API basis, like, the question is always does that include the weird bugs that we wish it wouldn't have, or some of the more esoteric stuff that seems to be a constant source of innovation? To be clear, I don't think that you need to be particularly compatible with those very corner and vertex cases. For me, it's always been the basic CRUD operations: can you store an object? Can you give it back to me? Can you delete the thing? And maybe an update, although generally object stores tend to be atomic. How far do you go down that path of being, I guess, a faithful implementation of what the S3 API does, and at which point you decide that something is just, honestly, lunacy and you feel no need to wind up supporting that?AB: Yeah, the unfortunate part of it is we have to be very, very deep. It only takes one API to break. And it's not even, like, one API we did not implement; one API under a particular circumstance, right? Like even if you see, like, AWS SDK is, right, Java SDK, different versions of Java SDK will interpret the same API differently. And AWS S3 is an API, it's not a standard.And Amazon has published the REST specifications, API specs, but they are more like religious text. You can interpret it in many ways. Amazon's own SDK has interpreted, like, this in several ways, right? The only way to get it right is, like, you have to have a massive ecosystem around your application. And if one thing breaks—today, if I commit a code and it introduced a regression, I will immediately hear from a whole bunch of community what I broke.There's no certification process here. There is no industry consortium to control the standard, but then there is an accepted standard. Like, if the application works, they need works. And one way to get it right is, like, Amazon SDKs, all of those language SDKs, to be cleaner, simpler, but applications can even use MinIO SDK to talk to Amazon and Amazon SDK to talk to MinIO. Now, there is a clear, cooperative model.And I actually have tremendous respect for Amazon engineers. They have only been kind and meaningful, like, reasonable partnership. Like, if our community reports a bug that Amazon rolled out a new update in one of the region and the S3 API broke, they will actually go fix it. They will never argue, “Why are you using MinIO SDK?” Their engineers, they do everything by reason. That's the reason why they gained credibility.Corey: I think, on some level, that we can trust that the API is not going to meaningfully shift, just because so much has been built on top of it over the last 15, almost 16 years now that even slight changes require massive coordination. I remember there was a little bit of a kerfuffle when they announced that they were going to be disabling the BitTorrent endpoint in S3 and it was no longer going to be supported in new regions, and eventually they were turning it off. There were still people pushing back on that. I'm still annoyed by some of the documentation around the API that says that it may not return a legitimate error code when it errors with certain XML interpretations. It's… it's kind of become very much its own thing.AB: [unintelligible 00:06:22] a problem, like, we have seen, like, even stupid errors similar to that, right? Like, HTTP headers are supposed to be case insensitive, but then there are some language SDKs will send us in certain type of casing and they expect the case to be—the response to be same way. And that's not HTTP standard. If we have to accept that bug and respond in the same way, then we are asking a whole bunch of community to go fix that application. And Amazon's problem are our problems too. We have to carry that baggage.But some places where we actually take a hard stance is, like, Amazon introduced that initially, the bucket policies, like access control list, then finally came IAM, then we actually, for us, like, the best way to teach the community is make best practices the standard. The only way to do it. We have been, like, educating them that we actually implemented ACLs, but we removed it. So, the customers will no longer use it. The scale at which we are growing, if I keep it, then I can never force them to remove.So, we have been pedantic about, like, how, like, certain things that if it's a good advice, force them to do it. That approach has paid off, but the problem is still quite real. Amazon also admits that S3 API is no longer simple, but at least it's not like POSIX, right? POSIX is a rich set of API, but doesn't do useful things that we need to do. So, Amazon's APIs are built on top of simple primitive foundations that got the storage architecture correct, and then doing sophisticated functionalities on top of the simple primitives, these atomic RESTful APIs, you can finally do it right and you can take it to great lengths and still not break the storage system.So, I'm not so concerned. I think it's time for both of us to slow down and then make sure that the ease of operation and adoption is the goal, then trying to create an API Bible.Corey: Well, one differentiation that you have that frankly I wish S3 would wind up implementing is this idea of bucket quotas. I would give a lot in certain circumstances to be able to say that this S3 bucket should be able to hold five gigabytes of storage and no more. Like, you could fix a lot of free tier problems, for example, by doing something like that. But there's also the problem that you'll see in data centers where, okay, we've now filled up whatever storage system we're using. We need to either expand it at significant cost and it's going to take a while or it's time to go and maybe delete some of the stuff we don't necessarily need to keep in perpetuity.There is no moment of reckoning in traditional S3 in that sense because, oh, you can just always add one more gigabyte at 2.3 or however many cents it happens to be, and you wind up with an unbounded growth problem that you're never really forced to wrestle with. Because it's infinite storage. They can add drives faster than you can fill them in most cases. So, it's it just feels like there's an economic story, if nothing else, just from a governance control and make sure this doesn't run away from me, and alert me before we get into the multi-petabyte style of storage for my Hello World WordPress website.AB: Mm-hm. Yeah, so I always thought that Amazon did not do this—it's not just Amazon, the cloud players, right—they did not do this because they want—is good for their business; they want all the customers' data, like unrestricted growth of data. Certainly it is beneficial for their business, but there is an operational challenge. When you set quota—this is why we grudgingly introduced this feature. We did not have quotas and we didn't want to because Amazon S3 API doesn't talk about quota, but the enterprise community wanted this so badly.And eventually we [unintelligible 00:09:54] it and we gave. But there is one issue to be aware of, right? The problem with quota is that you as an object storage administrator, you set a quota, let's say this bucket, this application, I don't see more than 20TB; I'm going to set 100TB quota. And then you forget it. And then you think in six months, they will reach 20TB. The reality is, in six months they reach 100TB.And then when nobody expected—everybody has forgotten that there was a code a certain place—suddenly application start failing. And when it fails, it doesn't—even though the S3 API responds back saying that insufficient space, but then the application doesn't really pass that error all the way up. When applications fail, they fail in unpredictable ways. By the time the application developer realizes that it's actually object storage ran out of space, the lost time and it's a downtime. So, as long as they have proper observability—because I mean, I've will also asked observability, that it can alert you that you are only going to run out of space soon. If you have those system in place, then go for quota. If not, I would agree with the S3 API standard that is not about cost. It's about operational, unexpected accidents.Corey: Yeah, on some level, we wound up having to deal with the exact same problem with disk volumes, where my default for most things was, at 70%, I want to start getting pings on it and at 90%, I want to be woken up for it. So, for small volumes, you wind up with a runaway log or whatnot, you have a chance to catch it and whatnot, and for the giant multi-petabyte things, okay, well, why would you alert at 70% on that? Well, because procurement takes a while when we're talking about buying that much disk for that much money. It was a roughly good baseline for these things. The problem, of course, is when you have none of that, and well it got full so oops-a-doozy.On some level, I wonder if there's a story around soft quotas that just scream at you, but let you keep adding to it. But that turns into implementation details, and you can build something like that on top of any existing object store if you don't need the hard limit aspect.AB: Actually, that is the right way to do. That's what I would recommend customers to do. Even though there is hard quota, I will tell, don't use it, but use soft quota. And the soft quota, instead of even soft quota, you monitor them. On the cloud, at least you have some kind of restriction that the more you use, the more you pay; eventually the month end bills, it shows up.On MinIO, when it's deployed on these large data centers, that it's unrestricted access, quickly you can use a lot of space, no one knows what data to delete, and no one will tell you what data to delete. The way to do this is there has to be some kind of accountability.j, the way to do it is—actually [unintelligible 00:12:27] have some chargeback mechanism based on the bucket growth. And the business units have to pay for it, right? That IT doesn't run for free, right? IT has to have a budget and it has to be sponsored by the applications team.And you measure, instead of setting a hard limit, you actually charge them that based on the usage of your bucket, you're going to pay for it. And this is a observability problem. And you can call it soft quotas, but it hasn't been to trigger an alert in observability. It's observability problem. But it actually is interesting to hear that as soft quotas, which makes a lot of sense.Corey: It's one of those problems that I think people only figure out after they've experienced it once. And then they look like wizards from the future who, “Oh, yeah, you're going to run into a quota storage problem.” Yeah, we all find that out because the first time we smack into something and live to regret it. Now, we can talk a lot about the nuances and implementation and low level detail of this stuff, but let's zoom out of it. What are you folks up to these days? What is the bigger picture that you're seeing of object storage and the ecosystem?AB: Yeah. So, when we started, right, our idea was that world is going to produce incredible amount of data. In ten years from now, we are going to drown in data. We've been saying that today and it will be true. Every year, you say ten years from now and it will still be valid, right?That was the reason for us to play this game. And we saw that every one of these cloud players were incompatible with each other. It's like early Unix days, right? Like a bunch of operating systems, everything was incompatible and applications were beginning to adopt this new standard, but they were stuck. And then the cloud storage players, whatever they had, like, GCS can only run inside Google Cloud, S3 can only run inside AWS, and the cloud player's game was bring all the world's data into the cloud.And that actually requires enormous amount of bandwidth. And moving data into the cloud at that scale, if you look at the amount of data the world is producing, if the data is produced inside the cloud, it's a different game, but the data is produced everywhere else. MinIO's idea was that instead of introducing yet another API standard, Amazon got the architecture right and that's the right way to build large-scale infrastructure. If we stick to Amazon S3 API instead of introducing it another standard, [unintelligible 00:14:40] API, and then go after the world's data. When we started in 2014 November—it's really 2015, we started, it was laughable. People thought that there won't be a need for MinIO because the whole world will basically go to AWS S3 and they will be the world's data store. Amazon is capable of doing that; the race is not over, right?Corey: And it still couldn't be done now. The thing is that they would need to fundamentally rethink their, frankly, you serious data egress charges. The problem is not that it's expensive to store data in AWS; it's that it's expensive to store data and then move it anywhere else for analysis or use on something else. So, there are entire classes of workload that people should not consider the big three cloud providers as the place where that data should live because you're never getting it back.AB: Spot on, right? Even if network is free, right, Amazon makes, like, okay, zero egress-ingress charge, the data we're talking about, like, most of MinIO deployments, they start at petabytes. Like, one to ten petabyte, feels like 100 terabyte. For even if network is free, try moving a ten-petabyte infrastructure into the cloud. How are you going to move it?Even with FedEx and UPS giving you a lot of bandwidth in their trucks, it is not possible, right? I think the data will continue to be produced everywhere else. So, our bet was there we will be [unintelligible 00:15:56]—instead of you moving the data, you can run MinIO where there is data, and then the whole world will look like AWS's S3 compatible object store. We took a very different path. But now, when I say the same story that when what we started with day one, it is no longer laughable, right?People believe that yes, MinIO is there because our market footprint is now larger than Amazon S3. And as it goes to production, customers are now realizing it's basically growing inside a shadow IT and eventually businesses realize the bulk of their business-critical data is sitting on MinIO and that's how it's surfacing up. So now, what we are seeing, this year particularly, all of these customers are hugely concerned about cost optimization. And as part of the journey, there is also multi-cloud and hybrid-cloud initiatives. They want to make sure that their application can run on any cloud or on the same software can run on their colos like Equinix, or like bunch of, like, Digital Reality, anywhere.And MinIO's software, this is what we set out to do. MinIO can run anywhere inside the cloud, all the way to the edge, even on Raspberry Pi. It's now—whatever we started with is now has become reality; the timing is perfect for us.Corey: One of the challenges I've always had with the idea of building an application with the idea to run it anywhere is you can make explicit technology choices around that, and for example, object store is a great example because most places you go now will or can have an object store available for your use. But there seem to be implementation details that get lost. And for example, even load balancers wind up being implemented in different ways with different scaling times and whatnot in various environments. And past a certain point, it's okay, we're just going to have to run it ourselves on top of HAproxy or Nginx, or something like it, running in containers themselves; you're reinventing the wheel. Where is that boundary between, we're going to build this in a way that we can run anywhere and the reality that I keep running into, which is we tried to do that but we implicitly without realizing it built in a lot of assumptions that everything would look just like this environment that we started off in.AB: The good part is that if you look at the S3 API, every request has the site name, the endpoint, bucket name, the path, and the object name. Every request is completely self-contained. It's literally a HTTP call away. And this means that whether your application is running on Android, iOS, inside a browser, JavaScript engine, anywhere across the world, they don't really care whether the bucket is served from EU or us-east or us-west. It doesn't matter at all, so it actually allows you by API, you can build a globally unified data infrastructure, some buckets here, some buckets there.That's actually not the problem. The problem comes when you have multiple clouds. Different teams, like, part M&A, the part—like they—even if you don't do M&A, different teams, no two data engineer will would agree on the same software stack. Then where they will all end up with different cloud players and some is still running on old legacy environment.When you combine them, the problem is, like, let's take just the cloud, right? How do I even apply a policy, that access control policy, how do I establish unified identity? Because I want to know this application is the only one who is allowed to access this bucket. Can I have that same policy on Google Cloud or Azure, even though they are different teams? Like if that employer, that project, or that admin, if he or she leaves the job, how do I make sure that that's all protected?You want unified identity, you want unified access control policies. Where are the encryption key store? And then the load balancer itself, the load, its—load balancer is not the problem. But then unless you adopt S3 API as your standard, the definition of what a bucket is different from Microsoft to Google to Amazon.Corey: Yeah, the idea of an of the PUTS and retrieving of actual data is one thing, but then you have how do you manage it the control plane layer of the object store and how do you rationalize that? What are the naming conventions? How do you address it? I even ran into something similar somewhat recently when I was doing an experiment with one of the Amazon Snowball edge devices to move some data into S3 on a lark. And the thing shows up and presents itself on the local network as an S3 endpoint, but none of their tooling can accept a different endpoint built into the configuration files; you have to explicitly use it as an environment variable or as a parameter on every invocation of something that talks to it, which is incredibly annoying.I would give a lot for just to be able to say, oh, when you're talking in this profile, that's always going to be your S3 endpoint. Go. But no, of course not. Because that would make it easier to use something that wasn't them, so why would they ever be incentivized to bake that in?AB: Yeah. Snowball is an important element to move data, right? That's the UPS and FedEx way of moving data, but what I find customers doing is they actually use the tools that we built for MinIO because the Snowball appliance also looks like S3 API-compatible object store. And in fact, like, I've been told that, like, when you want to ship multiple Snowball appliances, they actually put MinIO to make it look like one unit because MinIO can erase your code objects across multiple Snowball appliances. And the MC tool, unlike AWS CLI, which is really meant for developers, like low-level calls, MC gives you unique [scoring 00:21:08] tools, like lscp, rsync-like tools, and it's easy to move and copy and migrate data. Actually, that's how people deal with it.Corey: Oh, God. I hadn't even considered the problem of having a fleet of Snowball edges here that you're trying to do a mass data migration on, which is basically how you move petabyte-scale data, is a whole bunch of parallelism. But having to figure that out on a case-by-case basis would be nightmarish. That's right, there is no good way to wind up doing that natively.AB: Yeah. In fact, Western Digital and a few other players, too, now the Western Digital created a Snowball-like appliance and they put MinIO on it. And they are actually working with some system integrators to help customers move lots of data. But Snowball-like functionality is important and more and more customers who need it.Corey: This episode is sponsored in part by Honeycomb. I'm not going to dance around the problem. Your. Engineers. Are. Burned. Out. They're tired from pagers waking them up at 2 am for something that could have waited until after their morning coffee. Ring Ring, Who's There? It's Nagios, the original call of duty! They're fed up with relying on two or three different “monitoring tools” that still require them to manually trudge through logs to decipher what might be wrong. Simply put, there's a better way. Observability tools like Honeycomb (and very little else because they do admittedly set the bar) show you the patterns and outliers of how users experience your code in complex and unpredictable environments so you can spend less time firefighting and more time innovating. It's great for your business, great for your engineers, and, most importantly, great for your customers. Try FREE today at honeycomb.io/screaminginthecloud. That's honeycomb.io/screaminginthecloud.Corey: Increasingly, it felt like, back in the on-prem days, that you'd have a file server somewhere that was either a SAN or it was going to be a NAS. The question was only whether it presented it to various things as a volume or as a file share. And then in cloud, the default storage mechanism, unquestionably, was object store. And now we're starting to see it come back again. So, it started to increasingly feel, in a lot of ways, like Cloud is no longer so much a place that is somewhere else, but instead much more of an operating model for how you wind up addressing things.I'm wondering when the generation of prosumer networking equipment, for example, is going to say, “Oh, and send these logs over to what object store?” Because right now, it's still write a file and SFTP it somewhere else, at least the good ones; some of the crap ones still want old unencrypted FTP, which is neither here nor there. But I feel like it's coming back around again. Like, when do even home users wind up instead of where do you save this file to having the cloud abstraction, which hopefully, you'll never have to deal with an S3-style endpoint, but that can underpin an awful lot of things. It feels like it's coming back and that's cloud is the de facto way of thinking about things. Is that what you're seeing? Does that align with your belief on this?AB: I actually, fundamentally believe in the long run, right, applications will go SaaS, right? Like, if you remember the days that you used to install QuickBooks and ACT and stuff, like, on your data center, you used to run your own Exchange servers, like, those days are gone. I think these applications will become SaaS. But then the infrastructure building blocks for these SaaS, whether they are cloud or their own colo, I think that in the long run, it will be multi-cloud and colo all combined and all of them will look alike.But what I find from the customer's journey, the Old World and the New World is incompatible. When they shifted from bare metal to virtualization, they didn't have to rewrite their application. But this time, you have—it as a tectonic shift. Every single application, you have to rewrite. If you retrofit your application into the cloud, bad idea, right? It's going to cost you more and I would rather not do it.Even though cloud players are trying to make, like, the file and block, like, file system services [unintelligible 00:24:01] and stuff, they make it available ten times more expensive than object, but it's just to [integrate 00:24:07] some legacy applications, but it's still a bad idea to just move legacy applications there. But what I'm finding is that the cost, if you still run your infrastructure with enterprise IT mindset, you're out of luck. It's going to be super expensive and you're going to be left out modern infrastructure, because of the scale, it has to be treated as code. You have to run infrastructure with software engineers. And this cultural shift has to happen.And that's why cloud, in the long run, everyone will look like AWS and we always said that and it's now being becoming true. Like, Kubernetes and MinIO basically is leveling the ground everywhere. It's giving ECS and S3-like infrastructure inside AWS or outside AWS, everywhere. But what I find the challenging part is the cultural mindset. If they still have the old cultural mindset and if they want to adopt cloud, it's not going to work.You have to change the DNA, the culture, the mindset, everything. The best way to do it is go to the cloud-first. Adopt it, modernize your application, learn how to run and manage infrastructure, then ask economics question, the unit economics. Then you will find the answers yourself.Corey: On some level, that is the path forward. I feel like there's just a very long tail of systems that have been working and have been meeting the business objective. And well, we should go and refactor this because, I don't know, a couple of folks on a podcast said we should isn't the most compelling business case for doing a lot of it. It feels like these things sort of sit there until there is more upside than just cost-cutting to changing the way these things are built and run. That's the reason that people have been talking about getting off of mainframe since the '90s in some companies, and the mainframe is very much still there. It is so ingrained in the way that they do business, they have to rethink a lot of the architectural things that have sprung up around it.I'm not trying to shame anyone for the [laugh] state that their environment is in. I've never yet met a company that was super proud of its internal infrastructure. Everyone's always apologizing because it's a fire. But they think someone else has figured this out somewhere and it all runs perfectly. I don't think it exists.AB: What I am finding is that if you are running it the enterprise IT style, you are the one telling the application developers, here you go, you have this many VMs and then you have, like, a VMware license and, like, Jboss, like WebLogic, and like a SQL Server license, now you go build your application, you won't be able to do it. Because application developers talk about Kafka and Redis and like Kubernetes, they don't speak the same language. And that's when these developers go to the cloud and then finish their application, take it live from zero lines of code before it can procure infrastructure and provision it to these guys. The change that has to happen is how can you give what the developers want now that reverse journey is also starting. In the long run, everything will look alike, but what I'm finding is if you're running enterprise IT infrastructure, traditional infrastructure, they are ashamed of talking about it.But then you go to the cloud and then at scale, some parts of it, you want to move for—now you really know why you want to move. For economic reasons, like, particularly the data-intensive workloads becomes very expensive. And at that part, they go to a colo, but leave the applications on the cloud. So, it's the multi-cloud model, I think, is inevitable. The expensive pieces that where you can—if you are looking at yourself as hyperscaler and if your data is growing, if your business focus is data-centric business, parts of the data and data analytics, ML workloads will actually go out, if you're looking at unit economics. If all you are focused on productivity, stick to the cloud and you're still better off.Corey: I think that's a divide that gets lost sometimes. When people say, “Oh, we're going to move to the cloud to save money.” It's, “No you're not.” At a five-year time horizon, I would be astonished if that juice were worth the squeeze in almost any scenario. The reason you go for therefore is for a capability story when it's right for you.That also means that steady-state workloads that are well understood can often be run more economically in a place that is not the cloud. Everyone thinks for some reason that I tend to be its cloud or it's trash. No, I'm a big fan of doing things that are sensible and cloud is not the right answer for every workload under the sun. Conversely, when someone says, “Oh, I'm building a new e-commerce store,” or whatnot, “And I've decided cloud is not for me.” It's, “Ehh, you sure about that?”That sounds like you are smack-dab in the middle of the cloud use case. But all these things wind up acting as constraints and strategic objectives. And technology and single-vendor answers are rarely going to be a panacea the way that their sales teams say that they will.AB: Yeah. And I find, like, organizations that have SREs, DevOps, and software engineers running the infrastructure, they actually are ready to go multi-cloud or go to colo because they have the—exactly know. They have the containers and Kubernetes microservices expertise. If you are still on a traditional SAN, NAS, and VM architecture, go to cloud, rewrite your application.Corey: I think there's a misunderstanding in the ecosystem around what cloud repatriation actually looks like. Everyone claims it doesn't exist because there's basically no companies out there worth mentioning that are, “Yep, we've decided the cloud is terrible, we're taking everything out and we are going to data centers. The end.” In practice, it's individual workloads that do not make sense in the cloud. Sometimes just the back-of-the-envelope analysis means it's not going to work out, other times during proof of concepts, and other times, as things have hit a certain point of scale, we're in an individual workload being pulled back makes an awful lot of sense. But everything else is probably going to stay in the cloud and these companies don't want to wind up antagonizing the cloud providers by talking about it in public. But that model is very real.AB: Absolutely. Actually, what we are finding with the application side, like, parts of their overall ecosystem, right, within the company, they run on the cloud, but the data side, some of the examples, like, these are in the range of 100 to 500 petabytes. The 500-petabyte customer actually started at 500 petabytes and their plan is to go at exascale. And they are actually doing repatriation because for them, their customers, it's consumer-facing and it's extremely price sensitive, but when you're a consumer-facing, every dollar you spend counts. And if you don't do it at scale, it matters a lot, right? It will kill the business.Particularly last two years, the cost part became an important element in their infrastructure, they knew exactly what they want. They are thinking of themselves as hyperscalers. They get commodity—the same hardware, right, just a server with a bunch of [unintelligible 00:30:35] and network and put it on colo or even lease these boxes, they know what their demand is. Even at ten petabytes, the economics starts impacting. If you're processing it, the data side, we have several customers now moving to colo from cloud and this is the range we are talking about.They don't talk about it publicly because sometimes, like, you don't want to be anti-cloud, but I think for them, they're also not anti-cloud. They don't want to leave the cloud. The completely leaving the cloud, it's a different story. That's not the case. Applications stay there. Data lakes, data infrastructure, object store, particularly if it goes to a colo.Now, your applications from all the clouds can access this centralized—centralized, meaning that one object store you run on colo and the colos themselves have worldwide data centers. So, you can keep the data infrastructure in a colo, but applications can run on any cloud, some of them, surprisingly, that they have global customer base. And not all of them are cloud. Sometimes like some applications itself, if you ask what type of edge devices they are running, edge data centers, they said, it's a mix of everything. What really matters is not the infrastructure. Infrastructure in the end is CPU, network, and drive. It's a commodity. It's really the software stack, you want to make sure that it's containerized and easy to deploy, roll out updates, you have to learn the Facebook-Google style running SaaS business. That change is coming.Corey: It's a matter of time and it's a matter of inevitability. Now, nothing ever stays the same. Everything always inherently changes in the full sweep of things, but I'm pretty happy with where I see the industry going these days. I want to start seeing a little bit less centralization around one or two big companies, but I am confident that we're starting to see an awareness of doing these things for the right reason more broadly permeating.AB: Right. Like, the competition is always great for customers. They get to benefit from it. So, the decentralization is a path to bringing—like, commoditizing the infrastructure. I think the bigger picture for me, what I'm particularly happy is, for a long time we carried industry baggage in the infrastructure space.If no one wants to change, no one wants to rewrite application. As part of the equation, we carried the, like, POSIX baggage, like SAN and NAS. You can't even do [unintelligible 00:32:48] as a Service, NFS as a Service. It's too much of a baggage. All of that is getting thrown out. Like, the cloud players be helped the customers start with a clean slate. I think to me, that's the biggest advantage. And that now we have a clean slate, we can now go on a whole new evolution of the stack, keeping it simpler and everyone can benefit from this change.Corey: Before we wind up calling this an episode, I do have one last question for you. As I mentioned at the start, you're very much open-source, as in legitimate open-source, which means that anyone who wants to can grab an implementation and start running it. How do you, I guess make peace with the fact that the majority of your user base is not paying you? And I guess how do you get people to decide, “You know what? We like the cut of his jib. Let's give him some money.”AB: Mm-hm. Yeah, if I looked at it that way, right, I have both the [unintelligible 00:33:38], right, on the open-source side as well as the business. But I don't see them to be conflicting. If I run as a charity, right, like, I take donation. If you love the product, here is the donation box, then that doesn't work at all, right?I shouldn't take investor money and I shouldn't have a team because I have a job to pay their bills, too. But I actually find open-source to be incredibly beneficial. For me, it's about delivering value to the customer. If you pay me $5, I ought to make you feel $50 worth of value. The same software you would buy from a proprietary vendor, why would—if I'm a customer, same software equal in functionality, if its proprietary, I would actually prefer open-source and pay even more.But why are, really, customers paying me now and what's our view on open-source? I'm actually the free software guy. Free software and open-source are actually not exactly equal, right? We are the purest of the open-source community and we have strong views on what open-source means, right. That's why we call it free software. And free here means freedom, right? Free does not mean gratis, that free of cost. It's actually about freedom and I deeply care about it.For me it's a philosophy and it's a way of life. That's why I don't believe in open core and other models that holding—giving crippleware is not open-source, right? I give you some freedom but not all, right, like, it's it breaks the spirit. So, MinIO is a hundred percent open-source, but it's open-source for the open-source community. We did not take some community-developed code and then added commercial support on top.We built the product, we believed in open-source, we still believe and we will always believe. Because of that, we open-sourced our work. And it's open-source for the open-source community. And as you build applications that—like the AGPL license on the derivative works, they have to be compatible with AGPL because we are the creator. If you cannot open-source, you open-source your application derivative works, you can buy a commercial license from us. We are the creator, we can give you a dual license. That's how the business model works.That way, the open-source community completely benefits. And it's about the software freedom. There are customers, for them, open-source is good thing and they want to pay because it's open-source. There are some customers that they want to pay because they can't open-source their application and derivative works, so they pay. It's a happy medium; that way I actually find open-source to be incredibly beneficial.Open-source gave us that trust, like, more than adoption rate. It's not like free to download and use. More than that, the customers that matter, the community that matters because they can see the code and they can see everything we did, it's not because I said so, marketing and sales, you believe them, whatever they say. You download the product, experience it and fall in love with it, and then when it becomes an important part of your business, that's when they engage with us because they talk about license compatibility and data loss or a data breach, all that becomes important. Open-source isn't—I don't see that to be conflicting for business. It actually is incredibly helpful. And customers see that value in the end.Corey: I really want to thank you for being so generous with your time. If people want to learn more, where should they go?AB: I was on Twitter and now I think I'm spending more time on, maybe, LinkedIn. I think if they—they can send me a request and then we can chat. And I'm always, like, spending time with other entrepreneurs, architects, and engineers, sharing what I learned, what I know, and learning from them. There is also a [community open channel 00:37:04]. And just send me a mail at ab@min.io and I'm always interested in talking to our user base.Corey: And we will, of course, put links to that in the [show notes 00:37:12]. Thank you so much for your time. I appreciate it.AB: It's wonderful to be here.Corey: AB Periasamy, CEO and co-founder of MinIO. I'm Cloud Economist Corey Quinn and this has been a promoted guest episode of Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice that presumably will also include an angry, loud comment that we can access from anywhere because of shared APIs.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.

Gleb Budman (@GlebBudman, CEO/Co-Founder of @Backblaze) talks about the evolution of cloud storage, the shift from on-prem to cloud, best practices and the rise of ransomware.SHOW: 704CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwNEW TO CLOUD? CHECK OUT - "CLOUDCAST BASICS"SHOW SPONSORS:Datadog Synthetic Monitoring: Frontend and Backend Modern MonitoringEnsure frontend issues don't impair user experience by detecting user-facing issues with API and browser tests with a free 14 day Datadog trial. Listeners of The Cloudcast will also receive a free Datadog T-shirt. Solve your IAM mess with Strata's Identity Orchestration platformHave an identity challenge you thought was too big, too complicated, or too expensive to fix? Let us solve it for you! Visit strata.io/cloudcast to share your toughest IAM challenge and receive a set of AirPods ProMake Cloud Native Ubiquitous with Cloud Native Computing Foundation (CNCF)Join the foundation of doers, CNCF is the open source, vendor-neutral hub of cloud native computing, hosting projects like Kubernetes and Prometheus to make cloud native universal and sustainableKubeConEU Virtual Event Registration Code: Please use the code KCEUVCCP, while supplies last.SHOW NOTES:Backblaze (homepage)B2 Cloud Storage (1/5th the price of AWS S3)Backblaze Blog Questions for Gleb? Topic 1 - Welcome to the show. You started Backblaze in 2007, just a year after AWS S3 launched. What made you decide to start a storage company when EMC, HP and NetApp dominated with big enterprise boxes, and S3 seemed like a weird new thing for Amazon sellers? Topic 2 - Over the last couple of years, it feels like there has been a shift in how companies think about “the cloud”. We're seeing more specialty clouds. How do you see this trend playing out in the market?Topic 3 - You've been through multiple stages of how the cloud has evolved. Where do you see us now in terms of cloud evolution, and what are some of the things you see coming on the horizon?  Topic 4 - Backblaze is well known for disrupting both the cost of cloud storage, but also how storage systems are built. Given today's economic climate, are you seeing more companies demand more flexibility &/or efficiency on how they store data?  Topic 5 - We continue to see ransomware attacks across all industries. Is this leading companies to rethink their backup and disaster-recovery strategies?Topic 6 - From a storage perspective, do you see bottlenecks emerging about how this appetite for more and more data will eventually run into problems?FEEDBACK?Email: show at the cloudcast dot netTwitter: @thecloudcastnet

Cloud Security Podcast - This month we are talking about "Breaking the AWS Cloud" and next up on this series, we spoke to Nishant Sharma (Nishant's Linkedin), Director, Lab Platform, INE. If you have tried pentesting in AWS Cloud or want to start today with AWS Goat, then this episode with Nishant, behind AWS Goat will help you understand how you can upskill and maybe even show others how to be better at pentesting AWS Cloud. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Nishant Sharma (Nishant's Linkedin) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News - Cloud Security Academy Spotify TimeStamp for Interview Questions (00:00) Introduction (03:51) snyk.io/csp (04:51) What is Cloud Pentesting? (06:19) Cloud pentesting vs Web App & Network (08:37) What is AWS Goat? (13:12) Do you need permission from AWS to do pentesting? (14:03) Pentesting an application vs pentesting AWS S3 (15:40) What is AWS Goat testing? (18:14) Cloud penetration testing tools (19:59) How useful is a metadata of a cloud instance? (22:24) AWS Pentesting and OWASP Top 10 (25:31) How to build internal training for Cloud Security? (29:43) Keep building knowledge on AWS Goat (30:33) Using CloudShell for AWS pentesting (34:09) ChatGPT for cloud pentesting (36:28) Vulnerable serverless application (39:40) Pentesting Amazon ECS (43:01) How do you protect against ECS misconfigurations? (47:38) What is the future plan for AWS Goat? (50:28) Fun Questions See you at the next episode!