[00:00:00] Speaker A: Foreign.
[00:00:06] Speaker B: Welcome to the cloud pod where the forecast is always cloudy. We talk weekly about all things aws, GCP and Azure.
[00:00:14] Speaker C: We are your hosts, Justin, Jonathan, Ryan and Matthew.
[00:00:18] Speaker A: Episode 303 recorded for May 6, 2025. Someday you will find me caught beneath the AI landslide and a champagne premier nova in the sky. That's as close as I get to champagne supernova.
[00:00:33] Speaker D: I swear. We just choose titles to see if Justin can do them at this point.
[00:00:36] Speaker A: I mean, sometimes. I mean, I wrote this one though. Then you guys were like, oh, can you do it singing? I'm like, no, you don't want to hear that number one. We really just need to figure out AI to do the singing. We can do a lot more song.
That's the trick. We gotta figure that out. Well, Matt, welcome back.
[00:00:52] Speaker D: Yeah, thank you.
[00:00:54] Speaker A: We. We teased you might have a small announcement. I don't know if you want to.
[00:00:57] Speaker D: Share, but yeah, So I guess 10ish days ago, so probably about 17 by the time we actually drop this episode.
I decided to join. Having two kids in the world, I will be sleep deprived for the next, I don't know, six months as we record. And so if I sound like I'm hallucinating, it probably is because I am because sleep is not something I do anymore.
[00:01:22] Speaker A: I think this is how we end up recording later and later in the show because we were already pushing out recording for your first child to go to bed, and now you have two to get to bed.
[00:01:30] Speaker D: That was because the wife was pregnant, so she couldn't do bedtime for a little bit. So we'll see.
There's definitely one recording where I just stopped talking by the time we hit Azure because I was too tired.
[00:01:42] Speaker A: Congratulations. We're excited for you.
[00:01:44] Speaker D: Thank you.
[00:01:44] Speaker A: You can only go downhill from here because when you go to the third child, now you're outnumbered, then it's all downhill from there.
[00:01:48] Speaker D: I think I'm good. I think I like Manto man coverage.
[00:01:51] Speaker A: I don't really 2 is the right number in my mind, but you know, Ryan can tell you three is.
[00:01:57] Speaker C: It's too many. It's too many.
[00:01:59] Speaker D: I hear though, once you get past three, it doesn't matter anymore. It's roughly chaos.
[00:02:04] Speaker C: Yeah.
[00:02:04] Speaker A: No, after three. Everyone who has more than three is like, yeah, after the third one, you. You just lose track and I think.
[00:02:09] Speaker C: You just give up.
[00:02:10] Speaker A: Like, you don't.
[00:02:13] Speaker C: That's mostly what I've done.
[00:02:15] Speaker D: We have a friend that wants five kids and we're like, okay, so it's not even zone abor. It's like hope the oldest one keeps track of the rest. I don't really know what you do at that point.
[00:02:25] Speaker A: It's always, it was, you know, when you're in your young early 20s dating and you know, you meet a girl, they're like, I want 12 kids. And you're like, yep, I'm out.
[00:02:33] Speaker D: Yeah, I'm good.
[00:02:34] Speaker A: Let's have one first, see how that goes, then we can talk about additionals. But yeah, crazy. All right, well, we've got a bunch of cloud news once again. Last week you missed out on our talk of a couple things. So we have, we have follow up for both of those, Matt, so you're going to have to just bear with us. First of all, we talked about how JAT GBT4 got very sycophantic last week, which for those of you who don't know what that word means, means it got overly kind to you. So I would tell you that your ideas are amazing and that you're not an idiot and that you couldn't do any wrong, which is not Deal. We talked last week. There was a, we had a third party article and some, you know, tweets from Sam Altman about this and so they basically wrote a full blog post about how they ended up making chat GPT4 syncofentic. So they covered last week in the article we quoted, but they basically said they made adjustments at improving the model's default personality to make it feel more intuitive and effective across a variety of tasks. Tasks and when shaping model behavior they state they start with a baseline principle and instructions outlined in their model specification. They also teach their models how to apply these principles by incorporating user signals like thumbs up and thumbs down feedback on the response which they covered last week in this update though they focused too much on short term feedback and do not fully account for how users interactions with ChatGPT evolve and this skew the results store responses that were overly supportive and disingenuous. Beyond rolling back the changes, they are taking steps to realign the model behavior and refining core training techniques and system prompts to explicitly steer the model away from single fancy.
I really like that word, don't they? Building more guardrails to increase honesty and transparency principles in the model spec and expand ways for users to test and give direct feedback before deployments of the models as well continue to expand evaluations building on the model sync and their ongoing research.
[00:04:15] Speaker C: Well, my ego didn't need any more stroking so I'm glad they removed this.
[00:04:19] Speaker D: I just always assumed it was Lying to me when it did that, it was like mocking me more than anything.
[00:04:27] Speaker A: Matt's upbringing was tough and so, you know, positive reinforcement. He's like, no, you must be lying. Yeah, this is default stance.
[00:04:37] Speaker D: Worked as a consultant for too many years.
[00:04:43] Speaker A: Last week we talked about Microsoft hot patching and we talked about the fact that hot patching required you to either be running on Azure or using Azure Arc, which is basically their troll ship. And we were talking about the fact that it was 150 per CPU per month or per core. And we were joking that I was going to send CL or sorry send Deep Research on a mission to go find out what technical possible reason there could be for this versus money grab. It produced a multi page report and basically did confirm that yes, they're grabbing money and screwing us over. I mean that's how I interpreted it. I mean they were much nicer than that.
But basically it said that they couldn't find any truly technical reason why. They did sort of give some credence to my idea that you know, you had to protect the memory and so there are some additional protections that are coming there. But again those things can be built into any operating system anyway in any control plane. You just happen to use the one that costs us money to get this capability. So that's not surprised.
That's the results. And that's what I felt last week. And deep research from Google confirmed my assumptions at least based on its ability to search the web and answer this question which you know, is subject to its abilities. So take it with whatever grain of salt you like to you use for your AI skepticism.
[00:05:53] Speaker C: We're welcome to add the, you know, feedback from Microsoft directly if they want to, you know, clear their name with, you know, technical details or blockers. But yeah, I think it's a money graph. This is ridiculous.
[00:06:05] Speaker A: Yeah, and I, I even asked it in the Deep Research, I was like, well and is there a reason why it's licensed, why we'd want to license it per core versus per instance? And again it couldn't come up with a reasonable answer for that either. So again it's just purely pure money grabbed. They know people want this. This is a premium feature that if you can get away from doing patches you can save money. It did pick up some things that I missed out on the article. One is that you can only do hot patching, you know, in the monthly updates you still have to do a quarterly downtime. So we're not quite there. But yeah, it's definitely a step in the Right direction in general.
[00:06:39] Speaker D: I'm assuming they figured out if you do a blue green deployment or a rolling deployment in Azure, it roughly costs about a dollar, you know, 250 per core to do it. So this is their way of this is cheaper and you don't have to do your rolling deployment anymore. Of, you know of leveraging the auto auto OS update feature in Azure.
[00:06:58] Speaker A: Maybe. I still think it's annoying.
[00:07:00] Speaker D: Yeah, I agree. I'm not going to lie.
[00:07:02] Speaker A: I'm not stretching here. I'm not going to give them any. I'm not going to give them any credit on this one. This is just this. I appreciate they created hot hatching. It's definitely something that's appreciated but I don't like. Would you want charge me for it? Yeah, sorry.
[00:07:13] Speaker C: I don't think you should charge for security things and patching vulnerabilities is definitely a security feature.
[00:07:19] Speaker D: So don't look at Azure because all security features require premium SKU and therefore you will hate your life.
[00:07:25] Speaker C: Yeah, yeah, yeah.
[00:07:27] Speaker A: Anytime I get into Premier SKUs I'm hating my life. Yeah, just the way it is.
Well that noise warnings.
[00:07:37] Speaker C: I wasn't ready.
[00:07:39] Speaker A: There's a show note guys like it shows you that we're talking about this and then we're going to earnings. You should have just been prepared. I can't. How many warnings can I give you.
[00:07:47] Speaker D: So you can tell who actually does the shadow to prepare versus who doesn't.
[00:07:51] Speaker A: You do read them in advance and I do walk you through them.
[00:07:54] Speaker C: Yeah.
[00:07:54] Speaker A: Before we record but yeah, I mean that bullhorn means it is time once again for earnings and earnings were pretty good guys. So if you had invested your stock monies last quarter when we told you not to, you be laughing in our faces saying you guys were wrong because they all had a good quarter. So Google started us off last week of April by hitting a grand slam of earnings performance. Alphabet exceeded revenue estimates and shares were up in after hours trading. Earnings per share was $2.81 versus $2 and a penny expected on revenue of 90.23 billion versus the 89.1 billion expected. Cloud revenue rose from 12.8 12.26 billion to 12.31 billion. And Sundar in his remarks point out the strong growth of their AI investments including adoption of Gemini 2.5, the new TPUs and the Nvidia B200 and GB200 GPUs as big drivers of their core profits.
[00:08:46] Speaker C: Hausers.
[00:08:48] Speaker A: That's a lot of billions.
[00:08:49] Speaker C: That's a lot of billions.
[00:08:51] Speaker D: So they invested a ton in GPUs and they're making their money back.
[00:08:55] Speaker A: Yep.
[00:08:56] Speaker D: Good.
[00:08:56] Speaker A: By selling them to you for elevated prices.
It's a good business if you can get into it. Yeah, you have to wait for 12 years to get the GPUs at this point, but it's a good business because.
[00:09:07] Speaker C: They'Re all being hogged by Google, Amazon and Microsoft.
[00:09:14] Speaker A: Well, Microsoft followed up on 30 April, also crushing Wall street expectations for their third quarter. Cloud and AI are essential inputs for every business to expand output, reduce costs and accelerate growth, which leads to a lot of money for Microsoft. Per Satya Nadella, their earnings per share was $3.46 versus $3.21 on $70.1 billion in revenue, when they were only expected to make 68.48 billion. I mean, just a few billion short.
[00:09:39] Speaker C: Wow.
[00:09:39] Speaker A: Cloud revenue was 42.4 billion versus 42.22 billion. Or intelligent cloud was 26.8 billion versus 25.99 billion. And I'm again too lazy to look up which one has Azure, but I think both do. So whatever number you like better for your cloud revenue is one to use for your own benchmarking.
[00:09:58] Speaker D: It's amazing when you're off by billions of dollars and that's an acceptable.
[00:10:03] Speaker A: I remember seeing that they weren't off a billion. They're off by 300 million. Basically.
They weren't off. That's what the Wall street people estimated they would do. They missed that by 300 million. But again, it was within the guidance, within the target that they had already set. So they did well, both Microsoft and Alphabet. And then you get to Amazon and, you know, maybe things are gonna be a bit more complicated because, you know, they have tariffs and they're just. They are an E commerce store with a cloud versus just a software company with a cloud. But apparently that didn't appear to cause too much problem for them. Yet. Amazon also reported better than expected earnings on May 1. The company's heads down and keeping prices low in the coming months as tariffs take effect. And Jassy reiterated their investment on AI will pay off as more businesses turn to Amazon for their AI needs.
One area, Amazon did give weaker guidance short of Wall Street's expectations, and sales increased 9% in the quarter to 1:55.7 billion, up from 1:43.3 billion the year prior, which is a 17%.
AWS increased 17% year over year to $29.3 billion.
[00:11:07] Speaker C: Wow.
[00:11:09] Speaker A: It's a lot of money.
[00:11:10] Speaker C: Yeah. I'M wondering because my experience with AI and AI for business is companies really didn't have a way to bill for a lot of like the code agents and some of the sort of built in AI products until like the beginning of this year. I wonder if that's really inflated these numbers like and helped like you know overachieve on the guidance just because they didn't really have any kind of market data to go off of.
[00:11:38] Speaker A: Yeah, I mean I think a lot of companies are not estimating AI uplifts into their forecasts until they know for sure adoption and market and are they making money, et cetera. So I think that's part of it. I mean Microsoft's been making money on this for a while. I mean GitHub Copilot's been out for more than a year.
Microsoft 365 Copilot's been out for quite a while and they're charging originally they were $30 per user per month with a minimum of 300 users. Right. So I mean they were raking in cash initially and then I think it kind of plateaus. People kind of went through the trough of disillusionment on some of that stuff like well I don't know if this Microsoft 365 thing is quite as good as we expected. And so there's been some slowdown I think in some of the adoption of some of the enterprise productivity side but I think it's all coming back. I think Glean is a good example of a company that's doing really well in the space.
I think you're seeing Google go after that market, Q's going after that market. So there's quite a few people trying to get in on the AI productivity craze at this point.
[00:12:34] Speaker C: I didn't think the Office 365 AI copilot, whatever thing, I thought it was priced too steep and so the adoption was really low on that. And I don't know of anyone who was able to successfully talk their company into enabling it.
[00:12:48] Speaker A: I mean some big companies did for sure because my rep told me but you know he's like well other companies are complaining about as he was trying.
[00:12:55] Speaker C: To sell it to you as he's.
[00:12:56] Speaker A: Trying to sell it to me. I don't know if I believe him but I mean they did really, they did eventually remove the 300 minimum minimum but they pricing still till was $30 list price and then discounting was difficult to get.
[00:13:08] Speaker D: But I'm sure it's gotten easier from what I've been told from Your other friend industry that they now are doing a lot of discounting, trying to, I assume, just get people onto the platform.
[00:13:18] Speaker A: Yeah, because you, I mean you want to get people to adopt it, you need people to use it and to tell their friends. And all my friends told me it's not very good and I tried it and I was not impressed either. So these are my Microsoft 365 copilot.
But other ones I do like GitHub copilot, they finally added a gentic to it as well. So now you get similar things like you get with cloud code and with Copilot assist, et cetera. So definitely everyone's keeping up with everyone else at this point. You can't make a wrong decision if you're choosing one of the four core LLMs at this point.
[00:13:50] Speaker C: And a lot of the tooling is allowing you to switch between model to model.
[00:13:53] Speaker A: Right.
[00:13:55] Speaker C: I've been struggling with GitHub copilot coding answers recently because it's, you know, a little long in the tooth, I think in the model. So I switched to Google Gemini directly in the Google Co or in the GitHub co pilot. Like I was able to move away From Microsoft and OpenAI models directly to Google and their competitor. So it's kind of interesting there.
[00:14:15] Speaker A: Yeah. And I was able to move to Claude.
[00:14:17] Speaker D: So yeah, because I use Claude, I didn't go to the Gemini model. I've been using the Claude model more.
[00:14:22] Speaker C: So yeah, the reason I switch was because I use Claude mostly at home and definitely in my personal life that's my go to. So I decided to try it and it's. Yeah, The Gemini Pro 2.5 for coding is pretty fantastic. So it's, it's, it overreaches a little bit more than the other ones, which is kind of interesting. Like comments code I wasn't really asking about. And it's, it will go through and it'll tell you like, yeah, don't do this for code you've already written. That's like not part of like what I asked it or whatever. If I asked it to generate like a function or you know, document some, you know, write some documentation for the functions, it'll sort of do other things, which I think is kind of great.
[00:15:07] Speaker D: It's kind of funny anyway how like what other things? Is it just like write other code or is it like just elaborate on documentation? Way too far.
[00:15:16] Speaker C: Mostly elaborating on documentation and making suggestions for like, it'll add comments in the code that are suggestions for further code enhancements.
[00:15:29] Speaker D: I'm waiting for it to be like, you have a SQL injection in here.
[00:15:33] Speaker A: Please fix this.
[00:15:33] Speaker C: I mean, it's getting to that point, right? With agentic AI, you're going to have those specialties where you can do a security evaluation of this, and it's just going to be able to give you an answer and make the changes itself.
It's pretty awesome.
[00:15:47] Speaker D: You could just imagine back in the day, it's like all the Python 2.7 code I had to rewrite to three. It's like, please upgrade this from Python 2723. Done. Thank you.
[00:15:57] Speaker C: Yeah. From language to language, major versions. Like, it's all just getting ridiculously easy.
[00:16:31] Speaker A: Nice.
[00:16:32] Speaker C: Very nice. Coming in.
[00:16:33] Speaker D: Bravo.
[00:16:33] Speaker C: Sound effects.
[00:16:34] Speaker A: Yes. As I have you this week on sound effects, unfortunately we had to play Taps because Skype is officially dead.
We talked about it when it was announced back in February, but the axe has officially fallen as of May 1. Skype has gone onto that place where software that we all hate and secretly hate more than others goes when we dies. And I hope the team someday joins it in that place of wherever this bad software goes. But unfortunately, we add Skype to that list today. And so.
[00:17:00] Speaker C: And I hope it doesn't take 20 years for teams to be like, this has been the slowest death ever. Like, Skype has basically been on death's door for what seems like an attorney.
[00:17:13] Speaker D: You know, there's like one major company that was holding them out for forever on this.
[00:17:18] Speaker C: Oh, yeah.
[00:17:19] Speaker A: I remember back when I was working at a SaaS company and Skype was a customer and they were such a pain in the butt to deal with, and then they got bought by Microsoft and they all disappeared and it was like, oh, this is so weird.
So nice. They don't complain anymore because they're all trying to save their lives.
Well, I don't miss it.
I'm glad to see it gone.
[00:17:43] Speaker C: I couldn't tell you the last time I even had Skype as an option.
[00:17:47] Speaker A: I mean, I logged into the Skype website because I was curious what the team's transition looked like. And that was enough for me to know that I was good. So I don't have to do it anymore.
[00:17:56] Speaker D: I used it. There was a company I did some consulting work for that still had their own on prem Skype servers.
That was four years ago. And they were migrating to teams.
That was the last time I had to use this special, special tool, Bowser's.
[00:18:18] Speaker A: All right, well, that's a long time. Let's move on to AI is how ML makes money Claude's AI research mode now runs for up to 45 minutes before delivering your report. I did not use Cloud research to ask the question about Windows Hot hatching. I have yet to Pay for the $100 per month max plan that this is included in, but every day we get closer to me ponying up.
But basically cloud will run up to 45 minutes before delivering comprehensive reports. The company has expanded its integration options, allowing cloud to come up with popular third party services. And Anthropics first announced this research feature back in April. But now they've taken a step further along to conduct deeper investigations across hundreds of internal external sources. When users toggle the research button, Claude breaks down into complex tasks into smaller components, examines each one and compiles a report with citations linking you to the original source.
I mean, Deep research is free too, so it's kind of hard to justify this cost. But yeah, there's other benefits of the max plan that I'm sort of like.
[00:19:12] Speaker C: Yeah, I don't think I, I'm too cheap for it. Like I, I don't know what they would, they'd have to give me some crazy discount or something.
[00:19:21] Speaker A: But basically if they were to include unlimited API calls from Claude Code or from a Visual Studio plugin, that would probably push me over that.
Yeah, because that's true.
[00:19:31] Speaker C: Because that's separate. That's a separate bill that I'm paying them for everything there.
[00:19:35] Speaker A: Yeah, yeah, that would definitely make me commit to it. So if Claude Product manager is listening to our show, if you wanted to include some type of like increased API limits or included APIs for using cloud code or any of the other, you know, options to do that in your hundred per month flexplain, I would be right there.
[00:19:55] Speaker C: Yep.
[00:19:56] Speaker A: Show me the money.
[00:19:58] Speaker C: Yeah, it is tempting though. It's great service.
[00:20:00] Speaker A: It is a really good service. I, I mean I might just play with it just for a month just to see if I like it or not before I. But you know, definitely when Chat GBT 100 plan came out, I was like, never.
[00:20:09] Speaker C: Yeah.
[00:20:09] Speaker A: And I still have no desire this one. I'm like, yeah, I could, I could see this one.
[00:20:14] Speaker D: This is where we need Jonathan. Because I feel like he would have done it just to play with it more.
[00:20:19] Speaker A: Perhaps.
[00:20:20] Speaker C: Yes.
[00:20:22] Speaker A: All right, well, OpenAI is scrapping their controversial plan to become for profit after mounting pressure.
Basically they've announced it will remain under the control of its non profit board, scrapping its controversial plan to split off its commercial operations as a for profit company after mounting pressure from critics Those critics being Elon Musk. No, sorry. Having discussion with the attorney Generals of California and Delaware who were looking at this and going like this feels like a tax loophole.
[00:20:45] Speaker C: Yep.
[00:20:46] Speaker A: This move represents a shift in how OpenAI will be structured or restarted, restructured. The previous plan would have established OpenAI as a public benefit corporation with a nonprofit merely holding shares and having limited influence. The revised approach keeps the nonprofit firmly in control of operations, but still becomes a public benefit corporation.
This doesn't mean that they're, you know, I got. Like I said, that's what they're going to do.
There are still some uncertainties because OpenAI did raise that pretty large round with SoftBank, which stipulated they would be private, basically as part of their dollars. If they were not private by end of 2025, it would reduce the amount of money they're investing to $20 billion. So that may have some ripples for them as we continue down the path. So we'll keep an eye on this one, see what they do, but definitely not going to sell the entity to a public entity. None of those crazy ideas we talked about previously or Elon was upset about are going to happen at this point.
[00:21:36] Speaker D: Only $20 billion they were going to.
[00:21:38] Speaker A: Contribute, you know, well, they already have 30 billion and now they're only at 20 billion because they're not doing what they were supposed to do, allegedly. But I'm sure SoftBank will come back to the table.
[00:21:48] Speaker C: Still don't really, like. I mean, this isn't really an OpenAI criticism. More so it's just like, I hate business and all the different loopholes in business, but like OpenAI's nonprofit being able to open up a for profit LLC seems like a giant loophole that's just being exploited.
[00:22:08] Speaker D: And if you understood the entire tax code, you would probably pay $0 in taxes every year. Yeah, I mean, have like 15 businesses and probably like a foundation in your name that you route everything through, you.
[00:22:21] Speaker A: Know, and you'd be paid as a 1099 contractor, so you could take expenses and do all these weird, crazy things and you would hate your life because you, I mean, hire all the CPAs.
[00:22:29] Speaker C: Elon Musk sold Twitter to XAI somehow.
[00:22:34] Speaker A: For a dollar.
[00:22:36] Speaker C: Yeah, like, and it's just like, you know, all the loans and, and all the liability goes with that. And so it's like, what?
It's just a way to, like, move money around so no one can keep track of it all. And hopefully you get away with whatever falls through the cracks.
[00:22:51] Speaker A: That's magical. Things that happen when you're a C Corp or an S corp.
[00:22:55] Speaker C: Ridiculous.
[00:22:56] Speaker A: Well, if you have been an employee of Anthropics for four years, which again it's. Or sorry, for two years. The four year old company is now going to offer to buy back some of the shares they gave you as part of a $61.5 billion valuation. They did now. November. I'm still shocked. They been around for four years.
[00:23:13] Speaker C: Yeah, totally.
[00:23:15] Speaker A: The buyback is a sign of how integral these are to rewarding employees at fast growing startups and to retain rare research talent in the AI talent war. Again, for employees who work there for two years, they are offering to let themselves to 20% of their equity with a maximum of $2 million each. The buyback value is a startup at 61.5 billion. The same valuation of that March fundraising as I mentioned. So there's people at Anthropic who are about to make $2 million. That's how I read that. And I'm tremendously jealous.
[00:23:41] Speaker C: I wonder because like this says to me like, don't sell hold. Right.
[00:23:45] Speaker A: Yeah, I was, I was thinking too.
[00:23:47] Speaker C: Like unless I needed to like do a kitchen remodel or buy a new car and I would just sell enough just for that little, you know, a little spit. But because if they're willing to pay that they're. And like the valuation numbers seem conservative. Right. And it's. Who knows what's going to happen when they actually go on the market.
[00:24:05] Speaker A: So yeah, I'm curious like what the timeline is for a company like Anthropic to go public. Like is that a like eminent in the next two years kind of situation? Or is it, is this a sign that it's probably more like five or six years out? I mean if they're, I mean, I don't know how much money they're making. $61.5 billion valuation is quite a bit though. But I, you know, I think I'd heard they were on a clear path to a billion in revenue. So you know, public companies have gone public at less than, you know, around 300 million. So they're clearly in the area they could. But owner profitability is not great. And that's why you probably wouldn't. I don't know.
[00:24:39] Speaker C: Yeah, it doesn't seem like there's a standard. Like it feels like there should be, but like there's so many weird edge cases I can think of where it's like this is the longest path to IPO that I've ever seen ever.
And then companies that feel like they're around for 15 minutes before they go on the market, so I don't.
[00:24:58] Speaker A: Yeah, I don't know either.
All right, let's move right along out of that area. The cloud tools. So Redis foiled those pesky hyperscalers by adopting the SSPL to protect their business from cloud providers extracting value without reinvesting. Darn it. Redis says moving to the SSPL achieve their goal with AWS and Google now maintaining their own fork Valky, but they admit it hurt their relationship with the Redis community. No doubt SSPL is not truly open source because the OSI clarified it lacks the requisites to be an OSI approved license. And following the SSLPL change, Salvatore Sanfilippo, who is one of the founders of Wikipedia or sorry, of Redis, wrote the original code, decided to rejoin Redis as a developer evangelist. The CEO Rohan Trollope and him collaborate on new capabilities coming strategy and community engagement. And between him, the CTO and Salvatori, the core developers have decided to make some improvements to implement improve Redis going forward. First of all decided that they're going back to OSI approving an AGPL as an additional licensing option for Redis, starting with Red State. I'm a little confused about what additional licensing option means. Like, so is it still really sspl, but because you're not holding the sspl, you can use the agpl, but like, does Google and Amazon now still use this? Because it's like, I don't quite get it. I'm not a lawyer, I'm not going to try to pretend everyone. Yeah, but so apparently now they're back to osi. They're introducing Vector Sets, which is the first new data type in years, created by Salvatore on his return, integrating Redis Stack technologies, including JSON Time series, probabilistic data types, Redis query engine and more into the core Redis 8 under the GPL. And they delivered over 30 performance improvements, up to 87% faster commands with 2x throughput. And they've improved community engagement, particularly with client ecosystem contributions and openness through their OSI model.
[00:26:46] Speaker C: I'll see there's a lot of people that have moved over to Valky and I don't know that they're going to be swapping back anytime soon.
[00:26:53] Speaker D: Yeah, if you're in Azure.
[00:26:56] Speaker C: Yes.
[00:26:56] Speaker A: You never moved off if you're in Azure. I mean, Vector Sets is going to be your play and AI type setup where potentially that can be valuable to you. But then I have to assume that Valky is going to get some similar capability and it won't look exactly like this implementation will probably be a know a deviation because you can't just copy this code. But I wouldn't be shocked to see vector sets end up in Valky, but just in a different implementation model. So then again, you're, you're having to make a choice.
[00:27:22] Speaker C: Yeah, I've never been a fan of, you know, this model.
Elastic kind of did the same thing with elasticsearch and I don't really think that that's helped them all that much. You know, I don't, I don't think you regain that trust in the community once you've done that.
[00:27:39] Speaker A: I mean, I don't know what the statistics are of Open Search versus elasticsearch, Redis versus Valkey, but I, I do believe that you see these people, you know, having a choice and they're choosing the more open choice. And just because they changed licensing now back to AGPL doesn't mean they don't and Redis9 go back to the SSPL only like you've already violated the trust. So you know, what's the, what's the faith? And they're going to keep it this way if someone starts using the AGPL in a different way.
[00:28:06] Speaker D: And then even all the performance improvements, you know, Valky has had tons of improvements in the last year and a half. Like, is the, Is this really faster? Or like, is there specific commands that are faster where maybe they're not highly used ones? So does it matter? So will the average consumer get these performance improvements? Or is Valkyrie there? And this is. I'm playing catch up. So until they get this kind of GA's and kind of works out, you know, I'm skeptical about everything.
[00:28:38] Speaker A: Maybe we're pessimistic here in general. So. Yes.
[00:28:40] Speaker C: Yeah, I was trying to remember, did Terraform. Did Hashi Corp ever like roll back their announcements for Terraform?
[00:28:48] Speaker A: I mean, I don't think they have yet, no. But you know, IBM's bought them now, so I assume that there's potentially.
I mean, they're using the Terraform BSL license, which is different than the SSPL as well. So there's a couple of things, but.
[00:29:04] Speaker C: I mean there was just the change that spawned OpenToFu and the Open source movement there.
[00:29:09] Speaker D: But how many people do you know using Open Tofu? I feel like that hasn't.
[00:29:13] Speaker A: I mean, this is the question we asked last week, I think recently was like, who's adopted it? Who's actually using it?
I haven't moved from the terraform tooling to OpenTOFU tooling. I don't even know what that looks like. You have to type Open Tofu Apply.
[00:29:27] Speaker C: You just do an alias at your bash profile.
[00:29:30] Speaker D: That's what I was going to say. It's like me using Docker versus Podman. I aliased it, called it a day.
[00:29:36] Speaker A: Yeah, I haven't. I haven't done that yet. I haven't even tried to download the open Tofu binaries, but partially because the much the same I assume it's the same ish at this point. But I mean now that IBM owns them, I wouldn't be terribly shocked to see after they milk all their customers for a bunch of money in the next year they that suddenly they change the licensing terms again.
So we'll see what happens there.
[00:29:58] Speaker D: There was a comic I saw once Redis announced it was the CEO of elasticsearch calling the CEO of Redis being like didn't you learn anything from us pissing off the community?
Like, and now you're going back. What do you think's going to actually be achieved?
If I find it, I'll send it and add it to the show notes.
[00:30:17] Speaker A: Appreciate that.
Speaking of Hashicorp, HCP Terraform Solution wasn't expensive enough for you. You can now go premium to extend the capabilities of HCP Terraform, offering powerful features that enable organizations to scale their infrastructure at larger dollars per Terraform resource. HP Terraform Premium is designed to help enterprises with their infrastructure lifecycle management at high scale and includes everything from standard and plus plans with additional features including Private VCS Access so you can access your private VCS repositories securely by ensuring that your source code and static credentials are not exposed over that pesky public Internet Private Policy Enforcement allow you to apply and enforce internal security and compliance policies of private cloud environments. Private run tasks to integrate Terraform workflows with internal systems securely creating a seamless automation pipeline that aligns with your internal processes and policies as well as module lifecycle management. Includes the dreaded Revocation which streamlines module management by revoking outdated or vulnerable modules. You don't use them all. This simplifies operations, improves security and lowers your TCO and potentially causes more outages for you. But that's just my take.
[00:31:22] Speaker C: You think revocation of modules is dreaded? Like I think that's my favorite feature ever as someone who's had to maintain a module used across the business. Like people complained about you don't have a feature set and just upgrade your code. They don't.
[00:31:36] Speaker A: They don't that's true.
[00:31:38] Speaker D: The only thing that I like here is the revocation.
I think that that's cool if you have credentials in your repo. I have better questions about why you have credentials in your repo and what life choices you've already made from that one. And policy enforcement. There's enough other add ons that you can get without paying for this premium feature.
[00:31:58] Speaker C: I don't really understand what that one is.
[00:32:02] Speaker D: Sentinel I was thinking Sentinel plus I mean sneak or anything else like that has like that validation.
[00:32:11] Speaker A: Sorry the more and this is my bad because I summarize this down for talking to you all but he assumed we did the research this involves the use of policy as code to enforce security, compliance and cost control conditions. HP Terraform has built in policy engine Sentinel which allows teams to build automated policies that enforce security and compliance. H3 Terrapin Premium extends this capability by enabling organizations to protect vital services from potential risk associated with public Internet exposure and meet security requirements for certain organizations. With HTTP Terraform Premium customers can enable more robust policy enforcement and maximize the configuration best practices using a mix of both public and private information.
[00:32:44] Speaker C: Oh, okay, so this just means Infosec can say they can apply a policy to everything. You have no choice. Okay, Yep.
[00:32:51] Speaker D: This is why we don't like Infosec.
[00:32:52] Speaker C: I know. Exactly. Wait, oh no.
[00:32:58] Speaker D: No. Public buckets.
Why is this so difficult?
[00:33:03] Speaker A: I mean we asked that question every day on gcp just from basic GCP iam. We don't need security to make it harder.
All right, let's move on to AWS this week. First up, Amazon is expanding the Nova family of foundational models by announcing Sorry announced at AWS Revamp. With the general availability of Amazon, Nova Premier, Premiere joins the existing Nova models and Amazon Bedrock. Similar to Nova Lite and Pro, Premiere can produce text, images and videos, excluding audio. With its advanced capabilities, novafremir excels at complex tasks that require deep understanding of context, multi step planning and precise execution across multiple tools and data sources. Has a context length of 1 million tokens, allowing you to process long documents and large code bases. And the Nova Premiere combined with Bedrock model distillation allows you to create a capable, cost effective and low latency version of Nova Pro Lite and Micro for your specific needs. And they have a quote here from Curtis Allen, Senior Staff Engineer at Slack, a company bringing conversations, apps and customers together in one place. That's not how I would describe Slack.
Amazon Nova Premier has been outstanding in its ability to execute interactive analysis workflows while still being faster and nearly half the cost compared to other leading models in our tests. Thank you.
[00:34:09] Speaker C: Chris Allen Interesting.
I haven't played around with this nearly as much as the others, you know, and I I feel like Amazon sort of missed a little bit of opportunity there, but.
[00:34:21] Speaker A: Well, you know what I was mostly disappointed about was that I did not find it on the M on the LLM leaderboard from Chatbot Arena Google always talks about. I was like, where's my Nova? I didn't see it on here. So either it didn't, it didn't score or it hasn't been tested. I don't really know how that works, but I did look. I was like, oh, I bet it's there now. Nope, it's not.
So Amazon got work to do. Get your Nova from here if they did with some benchmarks comparing Nova Pro to Nova Premier, which okay, whatever.
Like you're comparing yourself to yourself. You can't help yourself. Yeah, it's bad.
[00:34:57] Speaker B: There are a lot of cloud cost management tools out there, but only Archera provides cloud commitment insurance. It sounds fancy, but it's really simple. Archera gives you the cost savings of a one or three year AWS savings plan with a commitment as short as 30 days.
If you don't use all the cloud resources you've committed to, they will literally put the money back in your bank account to cover the difference. Other cost management tools may say they offer commitment insurance, but remember to ask will you actually give me my money back? Achero will click the link in the Show Notes to check them out on the AWS Marketplace.
[00:35:36] Speaker A: Amazon Q Developer introduces a new interactive agentic coding experience that is now available in the IDE for VS Code. This brings interactive coding capabilities building upon existing prompt based features. You now have a natural real time collaborative partner working alongside you while writing code, creating documentation, running tests and reviewing your change.
Q Developer transforms how you write and maintain code by providing transparent reasoning for its suggestions and giving you the choice between automated modifications or step by step confirmation changes. And you can even chat with it in English, Mandarin, French, German, Italian, Japanese, Spanish, Korean, Hindi and Portuguese. System uses your repository structure, files and documentation while giving you flexibility to interact seamlessly with natural dialogue with your local development environment. Deep comprehension allows for more accurate and contextual assistance during the development tasks, which I think Ryan was just complaining about.
Q Developer provides continuous status updates as it works with tasks and lets you choose between automated code modifications or step by step review, giving you complete control over the development process.
[00:36:31] Speaker C: If so, what I want is a model that's not like the tab completion model where I begin typing and it's like, no, you want to do this other thing and, and I don't.
[00:36:41] Speaker A: I would. I appreciate the suggestion though.
[00:36:43] Speaker C: So if, like, if it was a, in a chat, if it did that, like in the chat window that I also have open because I'm always asking it to do stuff, like I recommend doing this, you know, like, that would be okay, but it steals my focus on my cursor and constantly when it's wrong. And it's. The tab completion isn't. Isn't the right thing. Oh my God. It's infuriating.
[00:37:06] Speaker A: And there's not a really good, there's not always a good undo. Cause the way it inserts code doesn't always make it one undo command. Yeah, yeah, it's annoying.
[00:37:13] Speaker C: And you know tab completion when you're doing, you know, like Python code that relies on white space.
Not fun.
It's like, are you kidding me? Yeah.
Anyway, rant over.
[00:37:27] Speaker A: Well, if you are like, I hate Visual Studio code and I don't know who that person is, but you're like, I love GitHub. Apparently you can add Amazon Q developer in GitHub in preview. This allows for developers to use GitHub.com whether at work or for personal projects. They can use Amazon Q Developer for feature development, code reviews and Java code migration directly within the GitHub interface. How do you know this is a capability? This just shows you how little I use the GitHub.com website, but apparently it supports plugins. I had no idea.
[00:37:53] Speaker C: Like the web based IDE.
[00:37:55] Speaker A: Yeah, yeah, you install GitHub apps. It's basically Amazon Q developer as a GitHub app. And apparently they already had apps for Amplify and connect and AWS culture for GitHub.
And I just don't ever use this capability ever apparently. But he walks you through a whole building of an ASP Net 9.0 application using just the web GitHub interface and Amazon Q. So if you want to write a Net9 app, you could do that.
[00:38:20] Speaker C: People use the web ID for more than just like resolving merge conflicts.
[00:38:24] Speaker D: I was going to say pull requests.
[00:38:26] Speaker A: Or pull requests or. Yeah, I mean, I use it for poll requests.
[00:38:28] Speaker C: I don't even use it for pull requests anymore since they have the Command.
[00:38:31] Speaker A: Line the GitHub command. The GitHub CLI has removed my need to go there often. So yeah, I haven't played with that at work.
[00:38:39] Speaker D: Well, we don't use GitHub.
[00:38:40] Speaker A: They use Azure DevOps. Yeah.
[00:38:43] Speaker D: Worse BitBucket.
[00:38:45] Speaker A: Oh yeah, we're getting off of it though. Yeah. Slowly but surely. Yeah, yeah.
[00:38:51] Speaker D: The idea of it like, you know, in the example here of like scanning for code quality and stuff like that, that's pretty, pretty like an interesting concept of like, you know, going back to like all the other tooling that we have out there, you know, for code scanning for sca, for static code, for dependency analysis, for everything else. You know, getting all that kind of built into these AI bots will make things kind of better and potentially cheaper in the future. You don't need all these other tools like Snyk and other ones.
[00:39:21] Speaker A: Yeah, I actually liked in the, in the web version, it's like actually you're making comments and making pull requests and saying this pull request is ready for you to review if my chain. And it's like its own little junior developer. It's kind of. I definitely like the power. Yeah, it's cool. But yeah, GitHub apps. I got to type that out more because like I said, I had no idea until this article. That was a thing.
[00:39:43] Speaker C: Yeah, that's kind of crazy.
[00:39:45] Speaker A: All right. EC2 Image Builder now integrates with SSM or Systems Manager parameter store, offering customers a streamlined approach for referencing SSM parameters and their image recipes, components and distribution control configurations. This capability has customers to dynamically select base images with their image recipes, easily use configuration data and sensitive information for components, and update their SSM parameters of the latest output images.
Before this, you had to specify AMI IDs in the image recipe to use custom base images, leading to a constant maintenance cycle when those base images had to be updated. Furthermore, customers were required to create custom scripts to update SSM parameters with output images and utilize SSM parameter values and components, resulting in substantially lower overhead.
So I use the ECS optimized images for my containers that run the CloudPod website, and I just was using SSN to get the latest version of it versus going to the website and manually selected the ami. So I'm familiar with idea and so clearly these image builder for the ECS team to write their optimized image because why wouldn't they?
And so I can see the value of this where if you have a lot of nested images that are dependent on each other, you could create some pretty interesting pipelines for I updated the core. Now the core updates all these other ones, et cetera, as they get built out, they get the newest and greatest without having to update them manually.
[00:40:59] Speaker C: I could have sworn that this feature already existed like a long time ago. And it might just be. I'm still bitter because, you know, Amazon released this product the same week that Matt and I had finished our competing product.
But yeah, it's odd that this is coming this late in the game.
[00:41:18] Speaker D: That was also like five years ago.
[00:41:21] Speaker A: I think it might have been, it.
[00:41:22] Speaker C: Might have been more than five years ago, but I carry a grudge.
[00:41:25] Speaker A: Yeah, yeah, I think that was 2018 or 2019.
[00:41:28] Speaker D: Yeah, I just remember two of us texting each other, being like, did they just.
We've talked to them about this project.
Why did our tabs not tell us about it?
[00:41:39] Speaker A: Yeah, because we had a whole goal of Image Bakery and the whole thing. And then, yeah, we're seeing it reinvent the keynote and like they just killed that project that we spent so much time on. Which is kind of nice when it happens, but also like so frustrating because it's one thing, it's been like, oh, we've had it in production for six months and we got some value out of it. It's like we're not even get value out of it now. Although I think we looked at it and we said it's too limited. So that's why we didn't adopt it.
[00:42:00] Speaker C: We did not switch to Image Builder Day 1.
[00:42:03] Speaker D: It didn't support encryption. KMS was.
[00:42:06] Speaker A: Yeah, that's right. I remember that.
[00:42:07] Speaker C: Yeah.
[00:42:08] Speaker D: And we're like, which I.
[00:42:09] Speaker A: Which is funny because you know, order equipped everything. Yeah, I mean that's so true of so many products though.
[00:42:15] Speaker C: It could have been the ui. It was the wrong color. I was throwing that out the door.
[00:42:21] Speaker A: Too orange for me. I can't do it.
[00:42:23] Speaker C: Yeah, exactly.
[00:42:24] Speaker D: I remember we went to the talk, the conference talk about it.
And they were listing all the limitations. Yeah, and they were listing all the limitations. We're like, we could do that. We could do that. Come on guys, this isn't that hard.
[00:42:38] Speaker A: We're just two guys. We're not even a two pizza team. We just did this ourselves.
[00:42:41] Speaker D: Yeah, we're a one pizza team. And a beer or two, but that's fine.
[00:42:44] Speaker C: Listen.
[00:42:48] Speaker A: AWS is announcing the general availability of Amazon EBS Provisioned Rate for Volume Initialization, a feature that accelerates the transfer of data from EBS Snapshot, a highly durable backup of volume stored in S3 to a new EBS volume. This allows you to create fully performant EBS volumes within a predictable amount of time. And you can use this feature to speed up the initialization of hundreds of concurrent volumes and instances. And you can also use this feature when you need to recover from an existing EBS snapshot and need your EBS volume to create initialized as quickly as possible. This allows you to specify a specific rate between 100 megabytes and 300 megabytes per second. You can specify this rate when the snapshot blocks are downloaded from S3 to the volume directly. And I mostly talk about this article because I blew up the website last week in a horrible, horrible fashion. But I was smart enough to take a snapshot before I touched it. Nice. And so we did not lose any data from the CloudHub website, but there was a 24 hour period where there was no website because you cannot get to it. Because I also decided then, well if I've already broken it, it's time to refactor of course. And so obviously I moved to like move from like static server with a EBS attached to an auto scaling group which means I had to move to EFS which then I had to move the data off the EBS volume because they still don't have a way to do that easily, which that's annoying. Like I had to move the data from the EBS to EFS using, you know, server, you know, while you serve. I just attached to the new EFS to RSync and then, you know, it takes forever and I was like I'm gonna go to bed, wait for this to.
But I did because it didn't finish like 5:30 in the morning and I would have been very cranky the next day. But yeah, the website was down for a bit. But hey, it's now better. New and improved using all kinds of new caching technology and all good stuff.
[00:44:22] Speaker D: You should have told me. I'm pretty sure I have all this terraform from a side project.
[00:44:26] Speaker A: I'm sure you do probably. But then I couldn't have been like super cranky myself and I missed the terraform update that was going to delete the volume that had all the data on it because I specifically looked for it and I missed it still because terraform output, when you have a lot of changes, it's still a lot of work to update.
[00:44:42] Speaker D: How does this compare to fast snapshot restore? Because that was like you had to tell it which azs to have the snapshot in and it would do it fast or like almost instantaneous. It costs a boatload.
[00:44:55] Speaker A: So I thought the fast snapshot was that when you, when it actually did download the data to the drive that the drive would be fully performant. This is actually increasing the speed that it downloads the data from S3 to the drive as it creates the volume. So this is like for our use case because the drive that holds the cloud pod is only like, you know, 50 gigs. This doesn't really apply to us.
But if you had, you know, multiple terabytes of data, this would be a big deal for you.
Because I think of the volume, recreation from the volume took like 40 seconds. It didn't even take that long. And it was just fine. I mean, it's probably why it was a little slower than I wanted it to be in the copy to efs. But it also could have been EFS because you know how it's likes to rate limit everything. Yeah, yeah, it does.
[00:45:35] Speaker D: I don't know that you're right because the.
You could take a snapshot because this is the way I actually did a migration for customer. We snapshot it made it be a fast snapshot and then it would immediately launch it as long as you launched in that zone.
So maybe this is like a. I.
[00:45:49] Speaker A: Mean it's available right away. It's just the question, is it performant?
[00:45:52] Speaker D: That's it was supposed fast snapshot was supposed to be performant.
[00:45:56] Speaker A: I mean, maybe it's been a while since I've looked at that. But they apparently you can now specify the megabytes, maybe the fast snapshot. You couldn't specify it. And so that's the improvement here.
[00:46:05] Speaker D: I just remember it was stupidly expensive because it was stupid expensive by zone, by az that you paid for.
[00:46:11] Speaker A: Well, and this doesn't have any. Clarify. You don't have to specify zones in this.
[00:46:14] Speaker C: Yeah.
[00:46:15] Speaker A: And so maybe that's the enhancement.
[00:46:16] Speaker C: But it does Specify downloading from S3, which I wouldn't think is in any specific zone.
[00:46:20] Speaker A: So I think this is separate, I don't know, snapshot.
[00:46:25] Speaker D: Oh, Jeff Barr wrote this article, the original one.
[00:46:28] Speaker A: Oh, back in the day.
[00:46:30] Speaker D: Yeah, 2018.
[00:46:32] Speaker A: Yeah, see, so you're specifying the snapshot rate, you're downloading the blocks from and then fast snapshot restore has to be enabled. Has to be enabled for the snapshot before you take it. So this is actually. This is post snapshot.
Okay. That's the difference.
[00:46:48] Speaker D: There you go.
[00:46:48] Speaker A: Well, thanks for calling me wrong. I didn't want to figure out that we were both right.
[00:46:53] Speaker D: That's what I do.
[00:46:54] Speaker A: That's good. That's fine. It'll show up later. But.
All right. Google Cloud Reliable AI with Vertex AI Prediction Dedicated Endpoints. They're announcing the Vertex AI Prediction Dedicated Endpoints, a new family of vertex AI prediction endpoints designed to address the needs of modern AI applications, including those related with large scale generative AI models. These etiquette endpoints are engineered to help you build more lively with the following new features including native support for streaming inference, GRPC protocol support, customizable request timeouts and optimized resource handling as well as you can utilize these dedicated points via private service connect.
[00:47:28] Speaker C: All this means to me is that the engineers that were supporting the service within Google were really sick of the two separate types of workloads that were.
[00:47:37] Speaker A: Going across these endpoints.
[00:47:41] Speaker C: Like all the streaming is probably very different for inference is probably very different from what you, what you're using for model training and oh, I'm sure I bet you it was a nightmare to sort of predict load and support from that direction. So.
And maybe it was fault, you know, exceeding capacity of who knows. I haven't heard much in the way of performance complaints though.
[00:48:02] Speaker A: I mean you had to be doing a lot of model training and inference for performance complaints to happen.
[00:48:06] Speaker C: A little bit of inference. I mean model training. No, because I don't.
[00:48:10] Speaker A: A little grounding here.
[00:48:11] Speaker C: I don't have any good use cases specific.
[00:48:15] Speaker A: I mean, I know you guys will be shocked, but that was all Google had this week that was worthy of talking about. Wow. I mean finally I was, I was like, okay, next is over. We're gonna have a few quiet weeks of Google. And it was like, nope. Everybody who missed next deadlines is ship, ship, ship, ship. So we've had so much Google news this week, we're blessed with only one story. So you're welcome.
Azure this week has their April Microsoft cost updates for all our finops professionals who listen to us regularly in the Azure world. For April, they announced first up, the general availability of Microsoft Copilot for Azure. This is Copilot for Azure, which is AI to help you do natural language questioning about your things like subscriptions costs, drivers of costs.
[00:48:53] Speaker D: Don't do it, don't do it.
[00:48:55] Speaker A: I mean it's an attempt step one in direction.
[00:48:58] Speaker D: I used it a long time ago and it was like I was getting like the good, the good old Microsoft like unknown error or whatever. I was like, please help me identify. It's like try to restart the service. I was like, it's a managed service. I can't restart Azure SQL. Try again, open a support case. I was like, that's a terrible life choice. Don't go that route.
[00:49:18] Speaker A: Well, now it's general available. You should try it again, see if.
[00:49:21] Speaker D: It'S a. I don't really want to. It goes back To Ryan's comment, I hold a grudge.
[00:49:25] Speaker A: That's fine. I mean, Azure is a grudge. I hold still. For years it's been first Azure kind of logged into an old portal back way, way, way in the day. I still hold that grudge.
Like this is an offense to me.
[00:49:37] Speaker C: And if it's anything like the rest of my Azure experience, I won't be able to find this.
[00:49:40] Speaker A: I mean, I like, I like to complain about the original portal. The new portal is not any better. Like to be fair, like it's. It was like a marginal improvement of organization. It still takes a rocket science degree to figure out how to get around the Azure portal.
[00:49:52] Speaker D: I actually don't mind the portal because the search in there is so good that I don't even bother using in the navigation bar.
To the point when I only found out the navigation bar existed like three months ago.
I always just said search for the service that I needed.
[00:50:07] Speaker A: I mean, it's very googly of you. Like I just got Google for whatever I need. I don't need Yahoo directories. Screw those things. I just Google search.
[00:50:14] Speaker C: Yeah, it is true.
[00:50:17] Speaker A: There were several enhancements for exports, including the ability to export price sheets, reservation recommendations, and reservation details and reservation transactions along with standard cost use data. Now I just say if you're negotiating or you're just starting to use Azure and you want to like, exporting a price sheet is kind of brilliant. Like I want to export my price sheet I just negotiated or the pricing was today. So when it changes magically overnight that I don't know about, I can export the new compare. So I'm just saying I don't trust Azure and so I would export all this data for sure.
Or reservation recommendations. We'll export those. That's kind of nice. Like there definitely some handiness here, I think, in these exports.
[00:50:53] Speaker C: Yeah, definitely.
[00:50:54] Speaker A: Support for Focus is now generally available. I mean, since Google or, sorry, since FinOps X is just next month. I'm glad they finally got that GA 11 months later.
That took a long time.
[00:51:05] Speaker C: GA is weird because it was like they've had this ability and they just had this little note that it was in beta forever. Right? Yeah.
[00:51:12] Speaker A: So you can export your data in either CSV or natively in parquet formats. I look forward to exporting all my data in parquet formats and just sending it to people randomly. Like, here's your cost data. And they'd be like, I don't have to open this file.
Figured out, bro.
That's genius.
There are apparently several new ways to save money in Microsoft Cloud including AKS cost recommendations Auto Scale for VCore based Azure Cosmos DB for MongoDB that's a long one. And apparently troubleshooting disk performance of Copilot's available to you as a new feature of the Copilot. Apparently it saves you money somehow. I wasn't quite sure the connection and it does not clarify it in the.
[00:51:46] Speaker C: Article anyway it just recommends you use the premium level of disk, right?
[00:51:50] Speaker A: Yeah, probably. And then on demand backups for Azure database for PostgreSQL Flexible VM hibernation on GPU VMS and Azure NetApp files Flexible services all in preview. So if any of those tickle your fancy for your finops needs, enjoy.
Matt's stunned Yay.
I'm the one person who cares, Matt. And he's like I hate everyone.
[00:52:13] Speaker D: I mean I wish I could use some of these things but I also purchased through a CSP so some of the export features I can't get, which is annoying.
Sorry. Csp.
[00:52:23] Speaker A: I'm surprised that they don't allow you to do that through CSP even because Microsoft hates direct contracts, don't they?
If you want to go directly, would they even do it?
[00:52:32] Speaker D: Yeah, but then I would get their pricing, not my pricing and all that type of stuff so.
[00:52:38] Speaker A: I see. That sounds terrible. Okay.
[00:52:40] Speaker D: And you can't move direct. It's a whole disaster. You can't like.
[00:52:44] Speaker A: Yeah. I mean Microsoft hates going direct unless you're like spending bajillions of dollars of them per year and then they'll go directly for sure. But yeah, otherwise I want to go through Always go through a reseller. That's just the Microsoft way.
[00:52:54] Speaker D: Yeah. Flows of.
[00:52:56] Speaker A: Yeah.
A year ago Microsoft introduced small language models or SLMs to customers with the release of Phi 3. Now first of all, guys, has anyone adopted small language models?
[00:53:05] Speaker C: Never heard of it.
[00:53:06] Speaker A: Exactly.
[00:53:07] Speaker D: I mean it wasn't the one that was designed for like phones and stuff like that.
[00:53:10] Speaker A: I mean that's the idea.
[00:53:11] Speaker C: It's very low cost large language models, which is, you know. Now I say it. Yeah, sounds pretty dumb, but logos is a term used in Western philosophy, psychology.
[00:53:20] Speaker A: And rhetoric as well as religion among its connotations. Siri, stop.
[00:53:26] Speaker C: Why?
[00:53:27] Speaker A: Why? Who? Who asked you? No one asked you triggered the robot apocalypse. That was. Unfortunately I have an Alexa and the other one on my desk and I thought it was the Alexa verse and it was not.
Where was I?
[00:53:41] Speaker D: Oh yes, we really have to add all this to the this is what we get people to pay for is like the start of the show where we were like off the debug.
[00:53:48] Speaker A: I mean you're thinking Elliot's going to pull this out without Jonathan here telling when they screwed this up? Absolutely not. Zero chance this is staying in 100%.
[00:53:54] Speaker D: Yeah, I hope so.
[00:53:56] Speaker A: They are announcing the new 5.4family including 5.4 reasoning, 54 reasoning plus and 5.4mini reasoning marking a new era for small language models.
[00:54:05] Speaker D: I have a show title.
[00:54:10] Speaker A: Make a note of that for the next time we have a five story. Yeah and once again redefining what is possible with small and efficient AI. These are all reasoning models trained to leverage inference time scaling to perform complex tasks that demand multi step decomposition and internal reflections. And the 5. 4 reasoning is a 14 billion parameter open weight reasoning model that rivals much larger models on complex reasoning tasks. Trained via supervised fine tuning. A5.4 sorry Phi 4 on carefully curated reasoning demonstrations from OpenAI 03 mini 5 for reasoning generates detailed reasoning chains that effectively leverage additional inference time compute and the model demonstrates the meticulous data creation and high quality synthetic data sets, allowing smaller models to compete with larger counterparts.
The 5.4reasoning plus builds on the 5.4reasoning model further trained with reinforcement learning to utilize more inference time compute using 1.5x more tokens than5.4 reasoning to deliver higher accuracy. And that's all I can really give you on this.
[00:55:01] Speaker C: I was going to say like small for a small model. This is a very large announcement.
[00:55:06] Speaker A: A lot of complexity here.
[00:55:07] Speaker C: Yeah yeah yeah like I tuned out about halfway through.
[00:55:12] Speaker A: Yeah I also lost thread somewhere in there I was like 5:4:5.
Yeah that was being a title. Thanks Matt Copilot please summarize this article for me. Yeah please Gemini, can you please tell me what the hell this was because I don't know then announcement that I am so glad Matt is here for because when I read this announcement I said I got this. I said this is going to be terrible but I don't want to go log into Azure to know so I know Matt's going to know so Azure is announcing the preview of Terraform Export within the Azure portal and with this new feature you can now easily export your existing Azure resources to be managed declaratively directly from the Azure Portal. And this will streamline IAC workflows making it simpler to manage automate your Azure resources via the Azure RM&Azure API provider.
And Matt, how is the terraform generated by the terraform export control?
[00:56:00] Speaker D: So this is is a feature that is useful when you are learning terraform and like or like need to do something and figure out what the settings are. Because sometimes you don't know what all like the variables are when you're going through it, but it does what I think AWS had this at one point or like there's AWS plugins.
[00:56:19] Speaker A: Well, there was our friend of the show in Australia who had the application that he created.
[00:56:25] Speaker C: Cloudformer.
[00:56:25] Speaker A: Cloudformer, yeah, which is fine.
[00:56:28] Speaker D: Just everything is hard coded. So you, you know, it doesn't like make it data look up for the resource group. It literally just hard codes in resource group equals slash, subscription slash, you know, id, blah blah blah blah blah. Just keeps on going down. So it's fine if you're trying to use it, but please don't just take this code and use it in your infrastructure as code. You will hate yourself because everything is hard coded and that's not a good life choice.
[00:56:56] Speaker A: Yeah, when I was thinking was Former two, which was created by a friend of the show.
That's right.
[00:57:02] Speaker C: Former two is better than Cloudformer.
[00:57:03] Speaker A: Yes, much better. But you know, they're all kind of with AI because one of the things I, when I screwed up the website last week was I decided that I wanted to like import all of my DNS records from Route 53 into TerraForm IAC because I again I'm refactoring and so I asked it to confirm that everything I had in my DNS file matched within the cloud Pods DNS file and it literally reach out to the API and checked all the things live and it was missing. It added it right into the file for me and then I imported into my terraform state and everything was good.
So like, I mean I, I do think the day is a Former two and those are probably nearing the end.
[00:57:39] Speaker C: Yeah, I mean you won't need the specialized tool like we were talking about earlier from, you know, changing from language to language and versions like it's the. It's a different world today than, than it was. And those, those tools were great.
[00:57:52] Speaker A: Right.
[00:57:53] Speaker C: They helped us out for a long time and, and have DRA driven hopefully. Requirements for new improvements.
[00:57:59] Speaker A: Our friend in Australia, Ian McKay. Sorry, I knew I would remember it. I was like, oh, I haven't talked to Ian in a while. Shout out to Ian.
[00:58:05] Speaker D: I think he asked to do a podcast with us again recently.
[00:58:08] Speaker A: He did recently and he's listening. I apologize, Ian, that we have not followed up on that with you, but we're waiting for Jonathan to get back.
[00:58:15] Speaker C: You should also see how funny it is to schedule just between the three.
[00:58:18] Speaker A: Of us, like oh well, I mean like he's in Australia so he's actually in the perfect time zone. Like his like five o' clock is not that, not that late for them. It's very early in the morning so it works out perfect. Yeah, we definitely should get him back on the show especially, you know, I assume, you know, former two. He actually has a new tool out that I didn't really understand what the purpose of it was and mostly because I lanced at his tweet and I said I'll look at that later and I failed to follow up. But basically it's tracking the list prices of Amazon services which I assume he has a purpose for. I just wasn't sure what his use case was. So yeah, I'll reach out to Ian.
[00:58:50] Speaker D: And say hey, yeah, especially because I might be in and out.
[00:58:53] Speaker A: Yeah. And Jonathan, I don't know. He's correct. So we'll, we'll have him come and tell us all about it.
All right, so a terraform code from Azure Portal, not great.
[00:59:04] Speaker D: It's just hard coded, nothing dynamic, nothing, no variables, just you know, you know, app setting is false built in, logging enabled, false. It's not, you know, so it doesn't.
[00:59:17] Speaker A: Use modules or do anything smart.
[00:59:19] Speaker D: It's just here's your one resource exported with all the, with all the servers. I also think it's not even using the latest terraform version in the provider.
[00:59:30] Speaker A: And it's not, it's not actually dividing the resources up into different files. So what you could do is you could take that, if I did this, you can take that file, export it out of Azure and then tell Claude to refactor it into proper terraform and it'll redo all the stuff, put modules together and all the things you can get there.
[00:59:44] Speaker D: I never thought about that.
[00:59:46] Speaker A: How I first did some of the refactoring on another website I was doing.
[00:59:49] Speaker D: So you were vibe coding?
[00:59:50] Speaker A: I was vibe coding, yes. Oh God.
The vibes are me breaking websites. That's the vibes and then fixing it.
[00:59:57] Speaker D: Best way to learn.
[00:59:59] Speaker A: But actually one thing I've, I, I was a Windows admin.
I know Ryan's like, boo. So I was a Windows admin first, so I came to Linux later and so I have really good at Linux and I know how to do a lot of things at Linux now. There are some things I, I don't really remember or I don't know exactly how to do it and so tuning Apache properly for a web server, like there's some things you should like. I know the basics of. And like. But like I've never done it for php so I'm like, I wonder what cloud help me do that. And so I'm like, I have a server, here's the image size. I told it, it's an Amazon R7, whatever. And I need to optimize the Apache settings for PHP and this is the blah, blah, blah. And it like produces all the files, recommendations. Like some of I knew I was like, cool, cool. And then like, oh, there's like seven PHP parameters I can put in that are gonna make it better. And so I did that. And now that my web server doesn't crash randomly at three times for no reason that I didn't understand because I didn't have the proper logging in place. So like it's making me a little Linux admin in some ways because I didn't start there. I came into it later and then I got into management and I learned all the like fancy Linux tuning kernels stuff. And you guys know because you guys are cooler than me.
[01:01:05] Speaker C: Well, what's funny is that this week I was, I was literally telling us to a friend of mine, which was like, you know, I came to Windows later. Like I've really only used Windows in production for like.
[01:01:16] Speaker A: Which is why you come to me when it's broken.
[01:01:18] Speaker C: Exactly.
[01:01:18] Speaker A: I'm like, how does any of this work?
[01:01:21] Speaker C: And so I was troubleshooting issues with Active Directory and I don't ever want to know anything about Active Directory.
[01:01:29] Speaker A: I mean even I am a window admin don't want to know anything about Active Directory if I can help it. Kerberos.
[01:01:33] Speaker C: Yeah. So I had a great conversation with Claude about how to fix a thing and it helped me and I did identify a thing. I was able to make a whole bunch of fixes and do a whole bunch of things and then I don't remember what all I did. I don't know really.
[01:01:48] Speaker D: Welcome to every Windows admin.
[01:01:49] Speaker C: And I like it this way.
[01:01:51] Speaker A: Yeah, well like, but even like, like hardcore like application stack dumps, like putting that into chat DBT and saying like this is what I was doing. I got this stack dump like it like you know, not having to figure out how to install like debuggers a bunch of stuff or something because like these are known crash dumps, right? Like some if you're using like Apache, right? And it's crashing a certain way, it's crashing because of something dumb you did in a configuration and you put that on the Internet and someone literally will have almost exactly what you had in the stack and you don't have to install the debugger and do all the extra steps and they'll tell you literally like, you are an idiot. And you put it didn't put a space somewhere in the file you needed and you're like, oh. And then you look and like, yep, sure enough, I didn't put a space in that part of the file. Cool. Done. Solve sorted.
So like it makes me a better system admin for sure in many ways. Oh God.
[01:02:37] Speaker C: I haven't had the need really recently, but like all the Java. Oh yeah, dumps that stack. Dumps trace.
Too late that I've, you know, all the tools online and putting them in there and be like, please explain this to me. Like having AI do that now, it's gotta be amazing.
[01:02:55] Speaker D: All I can think of is the XKCD that I dumped in our chat, which is like the wisdom of the ancient.
[01:03:01] Speaker A: Oh yes. This is one of my favorite.
[01:03:02] Speaker D: You copy and paste someone. Yeah. Like you find the error. It's like seven years ago. What did you do? How did you fix this?
[01:03:09] Speaker A: Who were you? Denver Coder 9. Yeah. What did you see?
[01:03:13] Speaker C: I think of that, that. That lives in my head.
[01:03:16] Speaker A: Yeah. That one runs around recently.
[01:03:19] Speaker D: There's that one and one of the other as a sysadmin and I was a solo sysadmin for years, which is like the.
A bank robber robs the bank and cuts the power and someone's muttering as they walk through the thing, you know, being like about uptime. And the police go, oh, we have a sysadmin system.
[01:03:37] Speaker A: Admin's gone in, networks down. Can't let that happen. The bank spender being robbed. Yeah.
All right, let's get to our final Azure feature, which actually that network engineer be really happy about because that's the Azure Virtual Network Terminal access point or tap public preview announcement. This allows customers to continuously stream virtual machine network traffic to network packet collector or analytics tools. Many security and performance tools rely on packet level insights that are difficult to access in the cloud environments. And the virtual network TAP bridges this gap by integrating with the industry partners to offer enhanced security and threat detection, performance monitoring and troubleshooting, and regulatory compliance. And I always appreciate when they say that this is used for threat detection because we love to make our security tools the biggest risk in the whole business by sending all the data and all the packets there. Perfect.
[01:04:22] Speaker C: Yeah.
[01:04:22] Speaker D: And they're always the most secure tools. Come on.
[01:04:26] Speaker A: Oh, sure, yeah, yeah.
[01:04:28] Speaker C: I mean, have you met Ryan, security engineer?
Yeah.
[01:04:35] Speaker A: The.
[01:04:36] Speaker C: What I will say like, while I do like these features, I. I don't think you should.
[01:04:41] Speaker A: This is a last resort path.
[01:04:43] Speaker C: This is a last resort. Yeah, yeah. This is.
[01:04:45] Speaker A: We have debugged everything and we are really seeing something weird. And like it's gonna be some weird driver issue in a network card somewhere that you are trying to track down that you need this. That. Because. Oh, on the. The 12,000th packet of this connection, it sends a weird malformed bit.
At that point you should just rebuild the image on a different hardware piece.
[01:05:04] Speaker C: And I've seen good use cases where there's like. It's not real time projection, but it's like an analysis.
So it definitely would help in a forensic use case. But it's also sort of like can be maybe not like just in time alert, but could definitely raise a flag eventually. But mostly I like the name because it's always been a network tap, but every other cloud provider came up with their own crazy names for it. But Virtual Network Tap, I know exactly what that does.
[01:05:33] Speaker A: Yep.
[01:05:35] Speaker D: AWS is called Mirror. No.
[01:05:37] Speaker C: So no, it's. It's got a real name, but everyone just calls it Bump in the Wire because that's what they called it first.
And I could never remember the real name now since they changed it.
[01:05:46] Speaker A: It's like it's always bumping the wire to me.
[01:05:48] Speaker C: Waf, Ingress, Something something. It's something ridiculous I think.
[01:05:51] Speaker D: Network firewall.
[01:05:53] Speaker C: No, it's something really generic like that.
[01:05:55] Speaker A: Centralized inspection architecture is involved.
[01:06:01] Speaker D: It's leveraging the Azure, the AWS firewall.
[01:06:03] Speaker C: I thought it's definitely part of the network firewall and I think it's just.
[01:06:06] Speaker A: A feature within there that's inspection. VPC is part of it.
[01:06:09] Speaker D: No, that's. That was like the design I thought they always told you to do, which was like building inspection vpc.
[01:06:17] Speaker C: Oh yeah.
For ingress. Yeah.
[01:06:19] Speaker A: Anyway, and then we just about GCP coming out with this feature not that long ago either.
[01:06:24] Speaker C: And it's something also generic like Network Firewall Manager.
[01:06:28] Speaker A: Yeah.
[01:06:30] Speaker C: So I can never remember it, but yeah. So kudos on naming something easy.
[01:06:37] Speaker D: I will pointing it out right now. Ryan said kudos to something Azure did.
[01:06:42] Speaker C: This day in history.
[01:06:43] Speaker A: Naming. I think. I think it's the one area that he does give them kudos often is on naming of things.
[01:06:49] Speaker C: I do hate.
[01:06:51] Speaker D: Naming is hard.
[01:06:52] Speaker C: I hate naming things.
[01:06:53] Speaker A: I do.
[01:06:53] Speaker C: I hate naming things myself and I don't like anyone else's names.
[01:06:56] Speaker D: That's why it's X, Y, Z, A, B, C are always your variables.
[01:07:01] Speaker A: Well, I did have an Oracle story that caught my eye even though it's not interesting for us. But apparently, you know, everybody's really excited about the Sphere except for Amazon because Google buys all the ads during Reinvent to troll Amazon with, you know, the new way to cloud on the sphere.
And you know, Google's doing the wizard of Oz movie as well. And so there's been things and one of the things they talked about in the presentation about that was that they talked to five other partners about potentially doing the wizard of Oz work for the AI and Google clearly was the only partner that could do it. And I bet that one of the other partners I talked to was Oracle because Oracle posted this blog post about how they power the AI platform of the Sphere. It's called Org Brain, which helps deliver quality insights with increased efficiency and speed using this things. And it's powered of course by Oracle Database 23 AI.
So yeah, I just thought you guys should know that Oracle was mad about not being included in the AI thing and made them do its press release.
[01:07:54] Speaker C: So you should be aware I always like to read through the lines on these press releases.
It's like the all in announcements. It's like well we're moving a significant workload but it's not all in.
[01:08:03] Speaker A: Yeah, not all in.
[01:08:04] Speaker C: There's always, there's always these caveats and so it's like it's the AI that powers the, you know, the sphere and it's like yeah, it's the, the AI that does, you know, I mean like, but it's a new employee onboarding.
[01:08:15] Speaker A: I mean like I, I'm listening, I'm reading this quote and I just, I sort of have to ask questions like our ability to drive enterprise grade secure and explainable AI into highly regulated industries is what sets us apart. So the Christian Grupp CEO and founder of Sphere we're helping our customers turn information overload into action by transforming legal, operational and customer workflows quickly and confidently. As a rapidly growing startup, Oracle Autonomous data on OCI provides with high performance, secure and scalable foundation necessary to support our customers needs. Oracle we enable our customers to make hyper intelligent decisions. The only thing I can possibly think that they're talking about is they're using Oracle POS and ERP to sell tickets to the Sphere. Ah, that's what it is. And so like it was like this is like the most like stretched out like weird press release ever. Like we did something with the Sphere. So screw you Google and Amazon. Oracle's here with our 23 AI database powering a sale. Yeah, because that's the only thing it possibly could be because there's, it's a venue. They sell tickets and food and drinks to people who come to the venue and then they have artists who, you know, perform at the venue or they show a movie or whatever else. And then yes, there is a whole bunch of things involved in creating the sphere shows. But I'm not saying it's. I mean, they might be using Oracle AI for some of that, but the author just showed for sure they're using Google's AI. So I'm going to probably lean towards more Google AI than Oracle's. But again, we sold your pos, your renewal is due and we need a press release now.
[01:09:39] Speaker C: And that's what we got. Yep, exactly.
[01:09:41] Speaker A: All right, Andraba, tonight we have a cloud journey for you.
Kagan justice, who I don't know, but had a great medium post on why your tagging strategy matters on aws. And in general, it's just a really great write up of tagging and tagging strategies and so I thought it'd be good for us to talk about tagging. I don't think we talked about it. So he highlights the benefits of tagging, including improved cost, visibility and accountability. This is probably the most common, most obvious thing that you would want. And this is like who is spending all the money in my cloud? And this is typically driven into your organization when you deploy tools like apptio, cloud ability, cloud health or harness and you want to be able to start carving your costs and different things like cost centers, projects, environments or teams, does that make sense?
Effective resource ownership and management like who owns the server? Ryan did, then he transferred and so now it's out of date. That's the thing that happens. So you got to keep these same things in control. And then recently, probably in the last four years, tagging became really important in tie of our access control because they added attribute based access control which uses tagging to help you determine that you should have access to this resource or not based on the fact that you are in the group that has access to this particular attribute.
So that became a very important part of tagging, reliable automation and lifecycle management. You might use this to understand, you know, the environment this thing is in. Is it an auto deploy? Is it controlled by terraform? Things that are important because you don't want to go delete a server that's created by terraform because it's going to come right back operational clarity and faster troubleshooting, understanding Connections and different metadata you might be putting into those tags. Streamline Multi Account and Microsoft Team Governance. So you know, different business units or different organizations. You know, you need to be able to see these across your organization structure, which is a good use case and then reduce manual work and better efficiency so you don't have to go and ask in your chat. Slack, Slack room. Hey, who created server? Blah blah blah blah blah. And no one answers you, which is always fun. As well as having all these things tagged properly gives you simplified onboarding and knowledge transfer.
Any other thoughts on those before we go on beyond those? But I just kind of rushed through kind of his big reasons. He has a whole set of paragraphs on each of these and the value and I definitely recommend reading his blog post. I would hate to steal his thunder and subscription dollars. So I don't want to read too much into it. But definitely those are the highlights of his article.
[01:11:54] Speaker D: I do like a lot of the compliance and some of those aspects and security aspects of it. And maybe that's because my day job leans into some of those a little bit more than I ever have in the past. But like having, you know, what type of data is on these servers, is this system, you know, retaining that data, you know, if it's a stateful server or stateless or you know, is the data over here, you know, like having some of those general concepts, especially if you're, you know, on a server architecture still where you might have some stateful and stateless and like the compliance scopes for your audits is definitely useful. And like when you're going through that realm, I mean a lot of the other stuff I feel like is stuff weirdly I feel like I've been doing for years. But like that's the key that over like the last year or two, I feel like I've definitely dove into more of which is like tagging the resources with the level of data that's on them.
[01:12:46] Speaker C: Yeah, I suspect that data security posture is going to be one of those terms in the SEC world that you're sick of by the end of 2026.
[01:12:54] Speaker D: Or you're sick of it.
[01:12:55] Speaker C: Yeah, it's going to be worse.
And you know, tagging strategy is a big part of that. Right. Being able to identify those resources so that you can, you know, identify where the data is, what type of data and the classification on it is always been key. And tags are really the best way to do that still.
And so it's, you know, now, you know, there's a whole bunch of tooling that's going to come out to make that more visible, but it doesn't remove the need to actually identify it.
[01:13:23] Speaker A: Right.
[01:13:23] Speaker C: Like it's the old ML big data problem, like you still need someone to identify it.
[01:13:29] Speaker A: Yeah, but I mean there's a lot of ability with like Cloudtrail and other things actually backport into tags automatically and we'll get into enforcement here in a second.
But you know there's also different levels of tagging. I mean this is very, I would say a little bit biased towards EC2 instances in particular.
That's the place where you start and like looking at the recommendations of tags that he gave us. So he like he said name, you know, human readable identifier, owner who own, who's responsible for it, Ryan responsible what environment, dev test, staging, prod app, what's the application, you know, the website, who, you know, the project or client. If you're a professional services type organization, the team is responsible for maintaining it. So if Ryan's won the lottery and no longer with us, you know what team was he part of?
Department. If it's part of a larger department that has multiple teams who created it, you know, a user, a service or a tool, the version, if it's deployed, you know, an IIC artifact, the service tier critical standard non production data sensitivity which doesn't make as much sense to me at the EC2 level but does make sense to me at the EBS volume level which is we'll get to a second and then compliance scope, whether it's in compliance or non compliance for HIPAA, SOC2, PCI, GDPR, et cetera.
So those are pretty good standard place. But then like when you get into these taggings can be cascaded. So you know, you can cascade most of these tags to the resources attached through things like Terraform. You can just do that as an attachment. But then you get into like EBS volumes like well if this is the operating system, I don't really care about that. But this is the data drive on a server. I do want that to mark that as internal or confidential in those cases. So you can actually get to different granularities with tagging where you potentially could identify different parts of data sensitivity or different parts of access, et cetera via the individual components attached to the EC2 instance as well. So this can get pretty complicated in some models. But I recommend starting with just cascade down.
[01:15:13] Speaker C: Yeah. And you know like there's limited support for certain things. Right.
[01:15:17] Speaker A: Like the, you know, everything supports tag still.
[01:15:19] Speaker C: Yeah. And the instance template in aws for instance, you could tag both the drives and it based off of the tags of the instance they were attached to, but you couldn't have separate tags for if you had multiple disks. And so like being able to tag the OS drive as sort of ephemeral and throw it away wasn't really an option without tagging both of them. And so like there's certain things like that and I don't think that's changed. It's been a while but I know that in Google the managed groups are still sort of the same type of thing.
Yeah.
[01:15:46] Speaker A: And that's where you want to specify which ones you do want to cascade, which ones you don't. And then you can set them manually in other parts of your code.
[01:15:52] Speaker C: But yeah, so you have to, you know, you usually have to come up with your own sort of orchestration of that. And so whether or not like you're. You can apply labels as their own resources and attach them tags which I. Or in ngcb, which I always think is great because it's separate from the actual resource. So you know, you change something, it doesn't invalidate your entire terraform state or require you to recreate disk which can be problematic.
So that's, you know, like those are, those are good improvements that have come lately that didn't exist I'll say 10 years ago.
[01:16:23] Speaker D: It's kind of where the concept of resource groups in Azure I do like, I know a lot of the other clouds have tried to like backport it in but like keeping like your databases and you know, in your resource group and you can isolate stuff within your resource group because all the networking layer and everything else is below that. This is just a higher up level of, you know, grouping stuff within the Azure console.
So like the resource group concept in Azure does meet a lot of these criteria too. So you can have multiple people in one subscription with the resource groups or give each developer their own resource group or team their own resource group and give them access based on the resource group name and those attributes and not everything below it. So it does have some interesting differences where this is very obviously AWS focus, where Azure kind of solved this problem or give you a different way to do it at a different level, which is definitely something in Azure I do appreciate. See, I appreciate something in gcp.
[01:17:23] Speaker C: They'll give you nine different ways to do it and they all have different features and availabilities and they're really difficult to tell the difference between the two.
[01:17:32] Speaker A: Don't they have different names too, like labels and tags.
[01:17:34] Speaker C: So you've got labels and you have network tags and you now have. Or I can't remember if resource tags are network tags or network tags are now resource tags.
And then there was a third one.
[01:17:46] Speaker A: But then you get into like the problem with Google is getting into the complexities of things. Like if you remember in the ad days, for those who do know some of Windows, there was groups and there's global groups and local groups. And so users go into local groups, locals go into global groups and global groups go into other global groups. But you never put a user into a global group. Like there's all these rules. It's really the same thing on, on gcp. Like oh, that's a group that you use for access, that's a group you use for tagging, that's a group you use for, you know, other things. So like they have different purposes on gcp which just makes it even more confusing. So like, oh, I put the thing in that type of tag, but it's the wrong type of tag to use in an ABAC control. I had to have it in this other one. But then the other thing is Amazon gives you 50 tags. GCP does not give you the same quantity of tags. So like there's like labels have like certain limit and then tags have certain limits based on depending on the resource type. So some of them are very limited where you only have 10 and then others are like infinite or yeah, you know, near infinite. So it's, it's a bit crazy is.
[01:18:39] Speaker C: It'S very hard to keep track of. And you know, and I do think that it's, it's every time I've seen it done well it's almost, you know, an application that manages all by itself. Right. It's something that requires that level of development and dedication to keep.
[01:18:57] Speaker A: Right. I mean, I mean there's the best applications are, you know, that do their own scheme updates and do their own things. Like they do it themselves.
They don't rely on third party stuff to do that. And those are definitely opportunities where you can have applications that start up and they automatically set their controls, their tags and different things.
And that's not a bad model to go with either.
Speaking of enforcement and how do you do these things? So back away. When I started with Amazon there was no enforcement and you were limited to 10 I think at the time.
So now you have 50. You can apply service control policies within AWS organizations will basically block a resource creation if a required tag is missing. That's the most effective way which makes.
[01:19:35] Speaker D: Your life a living hell when stuff just doesn't launch and you don't know why it's not launching.
[01:19:39] Speaker C: It's just a 403. Permission denied.
[01:19:41] Speaker A: Yeah, it does not give you good feedback loops. 100%.
[01:19:45] Speaker D: Sorry, throw that one out there.
[01:19:47] Speaker A: Yeah, you were triggered. It's okay.
And then tools like Terraform cdk, Terraform cdk, they all have ability to add apply required tags. And so when you try to go apply them through a pipeline, they won't, we won't be able to deploy. So there's those opportunities and then you know, Amazon over the years has created different processes via CloudTrail and AWS config. It'll automatically kill instances that don't have tags or Send notifications through EventBridge, you know, and then also, you know, tied into CloudTrail, you can actually use CloudTrail to hydrate some of those tags like who created it. Well, I can give you this IM user ID created that tag which was great until we did sso. Now they're just really awful names invoked, you know, role impersonated by blah blah, blah.
[01:20:29] Speaker C: If you've, if you've, if you've managed your, your federated user right, you can still tag that with something useful.
[01:20:35] Speaker A: You can still tell you just it's much longer now. It's not like I just grant and say oh Ryan created that server. Now it's like oh it was Ryan federated through this sso.
[01:20:41] Speaker C: This. Yeah. This random role. Yeah.
[01:20:44] Speaker A: And that's actually helpful too because when you do want to figure out where things are breaking or why people aren't able to do stuff, being able to know where they're invoking their permission or their right from is helpful. So it's, it has its advantages.
Always be willing to change your tagging strategy. It's not set in stone. Be my other recommendation, you should have things that are pretty non negotiable but like I said, we didn't used to have abac, now we have ABAC and so before we wouldn't have ever put ABAC stuff into them. And now you had to modify your permission set to be like hey, maybe you want to use service tier as part of our ABAC model. Like hey, you can't access production but you can access non prod and if it's tagged properly you can go access that server. So lots of opportunity and lots of options to do this. And the flexibility that Amazon gives you is pretty good. Azure is pretty good. And GCP we talked about already, not so great.
[01:21:30] Speaker C: But well, it is good. You just have, it's just a lot more complex to understand and once you do get it, you have a lot of options to put together a pretty cohesive system.
[01:21:39] Speaker A: But I mean you had to figure out IAM on GCP first, which, that'll take you at least six months to figure out properly and then you can figure out the tagging model.
[01:21:45] Speaker C: It, it only took me two years to understand it. It'll take me 17 to fix our day job. But that's different.
No, I mean it's, there's a lot a good goodness here, right, with all those options. But it's one thing I want to, I want to warn people off of. Like there is the temptation for when you're doing attribute based tag access or network access based off of tags to have specific tags for your, for your access rules. Your network rules don't do that. Like it doesn't make any sense to have a network specific tag. Like you're just making one more thing for someone to remember like build your, build your rules based off of classifications on things that are generalized like environment, application, blah blah, blah, location, you know, things like that. Do not say oh, this thing has to be this specific tag to get to this specific access because you're just adding additional overhead for your users and.
[01:22:32] Speaker A: You'Re going to find out that you have IAM policy limits and how many runs you can put into an IAM policy on aws.
So you, yeah, that level of granularity you, you can get into more deny opportunities and you can allows basically deny everything. Allow the few things you want, but do it at a broad enough level that it makes sense.
[01:22:50] Speaker C: And resource tags, I think you're limited to a thousand key value pairs in gcp. So like it's, you know, like when you get spread across entire Org, those can go pretty quick so you gotta use them sparingly. And then there's also more concerns. Right?
So now not only do you have access and attribute based access and network access which are all based on tagging, but we're also, a lot of the FinOps tools are also based off of those tags. And so a lot of, I mean they've always been based off of those tags, but we never really did anything with it before. Now they're enforcing it with more of the focus ruling and finops becoming more of a crucial strategy. And so as there are more and more concerns and that's just going to grow, you're gonna, you're gonna plant yourself into more of a corner if you've made these like purpose fit key values to do things on. So just apply them to the business as a whole and use those tags for that appropriate context.
[01:23:48] Speaker A: Well, like I said, check out this blog post if you're trying to figure out your tagging strategy. Lots of good recommendations and tips. This is pretty thorough.
I definitely appreciated it. So anyways, guys, I'll see you next week here in the Cloud.
Assuming Baby cooperates for Matt and Ryan, I can get him out of his nap.
[01:24:05] Speaker C: So, yeah, good luck. I'm so sleepy.
[01:24:11] Speaker D: Wish me luck. That's all I got for you.
[01:24:13] Speaker C: Yeah. Yeah.
All right.
[01:24:15] Speaker A: See you guys.
[01:24:15] Speaker C: Good night, everybody.
[01:24:16] Speaker D: Bye, everyone.
[01:24:21] Speaker B: And that's all for this week in Cloud. We'd like to thank our sponsor, Archera. Be sure to click the link in our show notes to learn more about their services.
While you're at it, head over to our
[email protected] where you can subscribe to our newsletter, join our Slack community, send us your feedback, and ask any questions you might have. Thanks for listening and we'll catch you on the next episode.
