240: Secure AI? We Didn’t Train for That!

Episode 240 December 30, 2023 01:24:46
240: Secure AI? We Didn’t Train for That!
tcp.fm
240: Secure AI? We Didn’t Train for That!

Dec 30 2023 | 01:24:46

/

Show Notes

Welcome to episode 240! It’s a doozy this week! Justin, Ryan, Jonathan and Matthew are your hosts in this supersized episode. Today we talk about Google Gemini, the GCP sales force (you won't believe the numbers) and Google feudalism. (There’s some lovely filth over here!) Plus we discuss the latest happenings over at HashiCorp, Broadcom, and the Code family of software. So put away your ugly sweaters and settle in for episode 240 of The Cloud Pod podcast - where the forecast is always cloudy! 

Titles we almost went with this week:

A big thanks to this week’s sponsor:

Foghorn Consulting provides top-notch cloud and DevOps engineers to the world’s most innovative companies. Initiatives stalled because you have trouble hiring?  Foghorn can be burning down your DevOps and Cloud backlogs as soon as next week.

Follow Up

01:09 Broadcom is killing off VMware perpetual licenses and strong-arming users onto subscriptions 02:37 Ryan- “ …this is shocking. You know when there's an acquisition there's going to be changes, but this is pretty brutal and very quick..”

General News

11:24 Magic Quadrant is here 12:37 Ryan - “Completeness of vision has always been sort of like this, I don't know, I've always sort of hated that part of these Gartner reports, just because it's super subjective, and it seems to be like when you look at different ways they rate different technologies just even outside of cloud, it just seems to vary a whole lot, even their justification of why they're ranking. It’s never made sense to me - it’s never felt logical.” 13:51 Justin - “I think the reason why they got dinged on it is because of AI. And so, you know, you know, this, this magic quadrant just got published, you know, last week. And most likely it was finalized before re:Invent. And, you know, if I look at the pre -reinvent period of time, everyone was saying AWS was out on AI and didn't have a play and was all messed up. And so I suspect that that's why they got dinged this year on, uh, vision.” 18:03 Red Hat Podman and HashiCorp Nomad integration matures 19:19 Matthew - “There’s some decently large companies that use Nomad though. I remember reading about one of the big Roblox issues, included Nomad; so they clearly use the HashiStack.” 21:48 Software Startup That Rejected Buyout From Microsoft Shuts Down, Sells Assets to Nutanix 25:49 Mitchell reflects as he departs HashiCorp 27:14 Jonathan - “He may well not NEED to make anymore money. SO building a new terminal emulator, well, if that’s what makes him happy.”

AI is Going Great!

18:14 The State of AI Security (Or, how ML makes all its money.) 30:02 Justin - “...naturally there’s an opportunity to cause that problem. Insecure output handling, training data poisoning, where you actually just give it bad data on purpose, to make it, I think it's telling you the truth. Model denial of service, supply chain vulnerabilities, sensitive information disclosure, insecure plugin design, this is where you're adding a plugin on top of it to give hints, excessive agency, overreliance on the LLM, and model theft.”

AWS

34:52 New for AWS Amplify – Query MySQL and PostgreSQL database for AWS CDK 36:54 Ryan - “The cool part about this as well, it does just auto-generate that stuff. If you have a very jacked schema, the tooling that they've provided you allows you to provide your own input to that. So it wouldn't be done automatically, but you could tune it to your particular use case. You wouldn't be completely hosed, which is kind of neat. I was reading this article and I was laughing because the CDK portion of this, I was like, really doesn't have a lot to do with CDK. But when you read through the article and go through the steps of all the things you're doing, it really does highlight just how powerful the CDK has really become and what you can do with it. And that's very different from any other tooling where you have a declarative state managing it that way. It's kind of neat.” 38:33 Introducing managed package repository support for Amazon CodeCatalyst 45:55 Amazon EC2 Instance Connect now supports RHEL, CentOS, and macOS 50:03 AWS Overhauls 60,000-Person Sales Team to Fix ‘Fiefdoms,’ Customer Complaints 52:07 Justin - “...after we got past the shock of the number here, apparently Matt Garman, who's in charge of sales and marketing and all these things is apparently prepping the largest Reorg AWS sales team ever. Uh, although he's been in that role for like 10 years. This is like his fourth or fifth major Reorg, uh, that violates the three letter rule for me, but that's okay. The information points out that the AWS sales reps enjoyed just taking orders from eager customers, but now with stiff competition from Azure and Google, they have to actually go out and compete.”

GCP

54:12  Introducing Gemini: our largest and most capable AI model 56:07 Ryan - “It's interesting because you see the relationship now between the model and the service that they're trying to monetize. And so, like, which is interesting because I always felt like Bard was sort of an emergency reaction to Chat GPT. And so, like, so they're not killing it, but they've put something out there that you can now leverage and interact with and they can make it smarter.” 1:00:30 Don't be fooled: Google faked its Gemini AI voice demo 1:02:24   Matthew - “So I'm annoyed that they did it, but I think the fact that they showed it and then, you know, only at once they were called out on it, but like showed how it actually all worked and what they had to do to show the realisticness of it. Like, this is actually where we're at. I mean, at least gives me some honesty from them about like, look, this is really where we're at.” 1:03:19  NotebookLM adds more than a dozen new features 1:05:25 What’s new with Filestore: Enhancing your stateful workloads on GKE 1:06:46   Ryan - “That's pretty cool. I'm still waiting on being convinced that the CSI drivers aren't just fused by another name, waiting to screw me. But I do like this service, and I'm sort of hoping that it lives up to the documentation because I'm testing this right now for a couple of projects I'm working on. 1:07:42 Gemini API and more new AI tools for developers and enterprises

Azure

1:09:04  Key customer benefits of the Microsoft and MongoDB expanded partnership 1:09:50   Jonathan - “I think anyone who sells a product at this point should be trying to partner with cloud vendors to get their products to marketplaces.” 1:10:19 Microsoft Cloud for Sovereignty now generally available, opening new pathways for government innovation

Oracle

1:13:00 Microsoft and Oracle announce that Oracle Database@Azure is now generally available 1:19:07   Justin - “Well, as, as your, as your single CPUs get faster and faster with more and more cores, like you all of a sudden had to get into this complexity of like, well, how, what's my core boundary where I start charging for more licenses because they're getting more value out of it, right? Like the same, you know, I think Matt mentioned earlier with VMware, like you used to be, or no, it was Hyper-V, used to be able to buy a data center edition. And then you have unlimited windows virtualization on top of that. Yes, you used to be able to do that. You cannot do that today.”

Other Episodes

Episode 255

April 17, 2024 00:37:23
Episode Cover

255: Guess What’s Google Next? AI, AI, and Some More AI!

Welcome to episode 255 of the Cloud Pod podcast – where the forecast is always cloudy! This week your hosts, Justin, Jonathan, Matthew and...

Listen

Episode

July 29, 2019 34m51s
Episode Cover

The Cloud Pod placed outside the cloud magic quadrant – Ep 32

Gartner releases the new magic quadrant for IaaC and PaaS Cloud providers and Amazon continues to dominate.  AT&T gets busy with the cloud, Google...

Listen

Episode 175

August 04, 2022 00:48:49
Episode Cover

175: AWS re:Inforces Their Dislike for OrcaSec

On The Cloud Pod this week, the team gets skeptical on Prime Day numbers. Plus: AWS re:Inforce brings GuardDuty, Detective and Identity Center updates...

Listen