268: Long Time Show Host is CloudPod’s first Casualty to AI (For This Week, at Least)

Cloud Pod Header
tcp.fm
268: Long Time Show Host is CloudPod’s first Casualty to AI (For This Week, at Least)
Loading
/
86 / 100

Welcome to episode 268 of the Cloud Pod Podcast – where the forecast is always cloudy! Justin says he’s in India, but we know he’s really been replaced by Skynet. Jonathan, Matthew, and Ryan are here in his stead to bring all the latest cloud news, including PGO for optimization, a Linux vulnerability, CloudFront’s new managed policies, and even a frank discussion about whether or not the AI Hype train has officially left the station. Sit back and enjoy! 

Titles we almost went with this week:

  • 🎤OpenSSH sings “Oops I did it again”
  • 🚂All aboard, the AI hype train is leaving the station
  • 🆕Caching In on CloudFront’s New Managed Policies 
  • 🏋️Get your Go Apps a personal trainer this summer with PGO
  • 💾Was Japan actually using floppy disks or were they 3.5
  • ⛱️Azure is on summer break
  • 💻Singapore will soon just be datacenters

A big thanks to this week’s sponsor:

We’re sponsorless! Want to reach a dedicated audience of cloud engineers? Send us an email or hit us up on our Slack Channel and let’s chat! 

General News

00:56 Japan declares victory in effort to end government use of floppy disks

  • Here’s a bit of tech nostalgia meets modernization for you! 
  • Japan’s government has finally phased out the use of floppy disks in all its systems. 
  • The Digital Agency has scrapped over 1,000 regulations related to their use, marking a significant step in their efforts to update government technology.
  • Digital Minister Taro Kono, who’s been on a mission to modernize Japan’s government tech, announced this victory last week. It’s part of a larger push to digitize Japan’s notoriously paper-heavy bureaucracy, which became glaringly apparent during the COVID-19 pandemic.
  • Japan’s digitization efforts have hit some bumps along the way, including issues with a contact-tracing app and slow adoption of their digital ID system. 
  • It’s a reminder that modernizing legacy systems isn’t just about replacing old hardware – it’s a complex process that involves changing long-standing processes and especially mindsets.

02:36 📢 Jonathan – “Yeah, I remember a couple of years ago they started talking about this modernization they were doing and people started to panic because Japan’s the largest purchaser of floppy disks anymore, or three and a half inch disks anyway. And so I ended up buying some because I’ve still got a USB floppy drive and some machines that have floppy disks. And I wanted just to stock up on some for the future, just in case the price went through the roof if Japan finally cut them and they have.”

05:16 regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server 

  • The Qualys Threat Research Unit just dropped a bombshell – they’ve discovered a remote code execution vulnerability in OpenSSH that affects millions of Linux systems.
  • The vulnerability, dubbed “regreSSHion,” allows unauthenticated attackers to execute code as root on vulnerable systems. 
    • Root access is the ultimate prize for hackers. 
    • Qualys estimates over 14 million OpenSSH servers are potentially at risk. So if you’re running OpenSSH on a glibc-based Linux system, keep listening.
  • Interestingly, this vulnerability is a regression of a bug that was patched way back in 2006. A fix from 17 years ago accidentally got undone in a recent OpenSSH update. It’s like the software equivalent of “Oops, I did it again.”
  • But all jokes aside, If exploited, attackers could take full control of systems, install malware, exfiltrate data, and anything else they want to do with root access on your systems.
  • So what can you do, dear listeners? First and foremost, patch. 
    • OpenSSH has released fixes, so make sure you update ASAP. In the meantime you’ll also want to limit SSH access as much as possible and monitor your network closely for any suspicious activity.
  • Are you more of a “technical details” person? You can find those here

07:36 📢 Jonathan – “Yeah. Qolus have a proof of concept or working hack, which they’re not releasing yet to give people time to patch, but it’d be super interesting to come back and look at it and see how it works and test it and play with it.”

AI Is Going Great – Or, How ML Makes All It’s Money

9:20  AI’s moment of disillusionment

  • Have we reached the beginning of the end for AI exuberance? 
    • According to InfoWorld’s Matt Asay, currently head of developer relations at MongoDB and former AWS Principal Engineer,the AI hype train has officially derailed. 
    • We’ve reached what he calls the “trough of disillusionment” phase, where all those grandiose promises about AI replacing humans and solving all our problems have crashed head-first into reality.
  • Remember when people were saying AI would take your job, write all your code, and basically do everything but your laundry? Yeah, not so much. As Asay points out, AI isn’t the magic bullet we thought it was. Who could have guessed?
  • Asay cites a recent IEEE study that found when it comes to coding, tools like ChatGPT struggle with problems that require information after their training data cutoff. For instance, GPT-3.5’s success rate for easy coding problems plummeted from 89% to 52% when it encountered topics from after 2021. 
    • And for hard problems? It went from a 40% success rate to a measly 0.66%. Ouch.
  • He quotes one commentator who said ChatGPT “lacks the critical thinking skills of a human and can only address problems it has previously encountered.” 
  • In other words, it’s great at pattern matching, but not so hot at actual reasoning or problem-solving.
  • But here’s the thing – Asay argues we shouldn’t be surprised. This cycle of hype and disillusionment is par for the course with new technologies. He reminds us of when cloud computing was supposed to solve all our IT woes, or when serverless was going to make Kubernetes obsolete. 
    • Yeah, not quite.
  • The reality, as Asay sees it, is that these technologies find their niche. They don’t solve everything, but they do solve some things really well. And that’s where he believes we’re heading with AI. Companies that are treating it as a silver bullet are failing, but those using it as a complementary tool are finding success.
  • Note to Ryan: The original show notes may have been written by AI, but they needed to be prepared for publication (aka made better) by a copywriter, so take that, ChatGPT. 

11:49 📢 Matthew – “You know it was the hype. It still is the hype. But it’s going to find its place. You know, despite us replacing Justin this week with AI, you know we figured out how to use it in different ways, and you know it’s not going to just overnight replace everyone in the world doing their job and fall into a matrix type.”

20:34 Declare your AIndependence: block AI bots, scrapers and crawlers with a single click

  • Cloudflare has introduced a new one-click feature to block AI bots that scrape content from websites, including those that do so dishonestly. 
  • As Matt Asay discussed, the demand for content to train AI models has skyrocketed, leading to increased bot activity from companies like ByteDance, Amazon, and Anthropic.
  • According to Cloudflare’s data, the most active AI bots in terms of request volume are Bytespider, Amazonbot, ClaudeBot, and GPTBot. 
  • Bytespider, operated by ByteDance, leads in both the extent of its crawling and the frequency with which it is blocked. GPTBot, managed by OpenAI, ranks second in both categories.
  • Cloudflare’s analysis found that while around 39% of the top one million Internet properties were accessed by AI bots in June, only 2.98% took measures to block or challenge those requests. The more popular a website is, the more likely it is to be targeted by AI bots and to block such requests.
  • Some bot operators attempt to evade detection by spoofing user agents, but Cloudflare’s machine learning models can identify this activity as coming from bots. The company leverages global signals to calculate a Bot Score, which helps them detect and flag traffic from evasive AI bots.
  • Cloudflare has set up a reporting tool for customers to submit reports of AI bots scraping their websites without permission. 
  • The company plans to continue evolving its bot detection and blocking capabilities to help content creators maintain control over how their content is used by AI models.

24:46 📢 Ryan – “And this is the first time I’m hearing about ByteSpider, which just, you know, like is ByteDance trying to piss off the United States government? They’re already sort of on edge. Like, this is kind of crazy.”

AWS

25:12 AWS Lambda introduces new controls to make it easier to search, filter, and aggregate Lambda function logs

  • AWS Lambda has introduced new features to enhance logging capabilities for serverless applications. (THANK GOD.)
  • With these updates, developers can now capture logs in JSON structured format, adjust log levels, and select specific Amazon CloudWatch log groups for their Lambda functions.
  • The JSON format allows logs to be structured as key-value pairs, making it easier to search, filter, and analyze function logs. 
    • This eliminates the need for developers to bring their own logging libraries.
  • Additionally, developers can now control the log level of their Lambda logs without making code changes. 
    • This enables them to choose the desired logging granularity for their functions, reducing the need to sift through large volumes of logs when debugging and troubleshooting.
  • Lastly, developers can choose the CloudWatch log group to which Lambda sends their logs. 
    • This makes it easier to aggregate logs from multiple functions within an application and apply security, governance, and retention policies at the application level.
  • These advanced logging controls can be specified using the Lambda API, console, AWS CLI, AWS Serverless Application Model (SAM), and AWS CloudFormation. 
  • The features are now available in AWS GovCloud (US) Regions at no additional cost.

27:05 📢 Ryan – “Makes you wonder what big government customer demanded this…’

30:36 Amazon S3 Access Grants now integrate with open source Python frameworks 

  • Amazon S3 Access Grants map identities in directories such as Active Directory, or AWS Identity and Access Management (IAM) Principals, to datasets in S3.
  • Amazon S3 Access Grants now offer integration with open-source Python frameworks through the AWS SDK for Python (Boto3) plugin. 
  • This integration simplifies the process of managing data permissions by mapping identities in Identity Providers (IdPs) like Active Directory or AWS Identity and Access Management (IAM) principals to datasets in S3.
  • By importing the Boto3 plugin into your client, you can eliminate the need for custom code previously required to manage data permissions. 
  • This allows you to seamlessly use S3 Access Grants in popular open-source Python frameworks such as Django, TensorFlow, NumPy, Pandas, and more.
  • To get started, simply import the Boto3 plugin as a module in your Python code. 
  • The plugin now has the capability to automatically request, cache, and refresh temporary credentials issued by S3 based on an Access Grant. 
    • As a result, the permissions for your Python-based S3 clients will be determined by user group membership in an IdP.
  • This integration streamlines the process of managing data permissions in S3 when working with open-source Python frameworks, making it easier for developers to securely access and manipulate data stored in S3 without the need for extensive custom code.

33:29 Amazon CloudFront announces managed cache policies for web applications 

  • Amazon CloudFront has introduced two new managed cache policies, UseOriginCacheControlHeaders and UseOriginCacheControlHeaders-QueryStrings, designed for dynamically generated websites and applications that return Cache-Control headers. 
  • These policies allow CloudFront to cache content based on the Cache-Control headers returned by the origin, and default to not caching when no Cache-Control header is present.
  • Previously, this functionality was only available to customers who created custom cache policies. 
  • Now, it’s accessible out-of-the-box for all customers as a managed cache policy. Cache policies instruct CloudFront when and how to cache, including which request attributes to include in the cache key.
  • Before this update, customers had two main options for managed cache policies: CachingOptimized, which always caches unless disallowed by a caching directive, and CachingDisabled, which disables all caching. 
  • For all other cases, customers had to create custom cache policies. With the new managed cache policies, customers can use a single policy for websites backed by content management systems like WordPress or dynamically generated content that has a mix of cacheable and non-cacheable content.
  • The new managed cache policies are available for immediate use at no additional cost and can be enabled via the CloudFront Console, SDK, and CLI. The CloudFront console automatically provides recommendations on cache policies based on your origin type.

34:42📢 Matthew – “I like that they’re kind of setting up these easy defaults for people to select. Because before even these managed cash policies, you had to go through like hundreds of different settings and figure it out yourself like what you wanted for these. So these easy buttons just help people select the right policy, kind of move on.”

GCP

36:18  Boost performance of Go applications with profile-guided optimization

  • Google has collaborated with Uber to introduce profile-guided optimization (PGO) in Go 1.21, which allows developers to provide runtime profiles to the Go compiler for smarter code optimization decisions. Uber has already rolled out PGO fleet-wide, resulting in reduced CPU utilization across many of their services.
  • PGO works by collecting a profile of your application at runtime, which the compiler then uses to make better-informed decisions when optimizing your code. This includes more aggressively optimizing frequently used functions and more accurately selecting common cases within a function.
  • Using PGO in your Go application is straightforward. You can find detailed steps in the blog post we’ve linked to in the show notes, but essentially, you collect a profile of your application under typical load, then use that profile in your next build. The Go toolchain automatically enables PGO when it finds the profile in the right location.
  • Using PGO on Google Cloud with Cloud Run and Cloud Profiler is even easier. You can deploy your Go app to Cloud Run, collect a profile using Cloud Profiler, and then redeploy with the optimized build. Cloud Run’s metrics dashboard lets you monitor improvements in billable container instance time and container CPU utilization.
  • To learn more about deploying Go services on Google Cloud, check out the quickstart guide on deploying a Go service on Cloud Run, as well as various courses and guided labs available through Google Cloud Innovators
  • Note to Matthew from TCP copywriter:
    • “The CloudPod is PGOing Crazy for Cloud Run”
    • “PGOing the Extra Mile to Turbocharge Apps”
    • “The CloudPod P(o)GO hops their way to Boosted Application Performance” 
    • You’re welcome ♥️

38:44📢 Jonathan – “But how cool would it be to do this literally at runtime in production, just have this constantly collecting metrics from a running application and going back and then rebuilding it for the next release, or even automate that release process so it’s always running.”

40:04 Share your streaming data with Pub/Sub topics in Analytics Hub  

  • Google Cloud has introduced the public preview of Pub/Sub topic sharing in Analytics Hub, enabling organizations to curate, share, and monetize their streaming data assets. 
  • This integration combines the strengths of Pub/Sub, Google Cloud’s scalable and reliable global messaging service, with Analytics Hub, the data exchange platform built on BigQuery.
  • Sharing Pub/Sub topics through Analytics Hub offers several benefits, including the ability to curate and share valuable streaming data externally with customers or internally with other teams, centrally manage accessibility to your organization’s streaming data, and search and subscribe to valuable Pub/Sub topics shared by other organizations.
  • Streaming data sharing has various use cases across industries, such as retailers sharing real-time inventory levels with CPG enterprises, financial services enterprises sharing and monetizing financial data with customers, advertising enterprises sharing real-time campaign effectiveness insights with advertisers, and healthcare professionals powering predictive algorithms to monitor patients and analyze risk.
  • To get started with sharing Pub/Sub topics in Analytics Hub, follow the steps outlined in the blog post linked here
    • It involves creating an exchange, selecting or creating a Pub/Sub topic, and publishing the listing. 
    • Subscribers can then search for shared topics, create linked Pub/Sub subscriptions, and start consuming the data in their own projects.

Azure

Just kidding. There’s no Azure news. But we do have some interesting articles for you to peruse at your leisure. 

10 ways to impact business velocity through Azure OpenAI Service 

Build your own copilot with Microsoft Azure AI Studio 

Plans on Microsoft Learn: Your online blueprint for building AI and Azure skills 

OCI

47:12  Oracle opens second cloud region in Singapore 

  • Oracle has opened its second Cloud Region in Singapore to meet the growing demand for AI and cloud services in Southeast Asia. 
  • This new region enables customers and partners to migrate mission-critical workloads to Oracle Cloud Infrastructure (OCI) while addressing data residency and sovereignty requirements.
  • With the two regions in Singapore, customers can access a wide range of cloud services, including AI, data, and analytics offerings. 
  • Oracle is the only hyperscaler capable of delivering a full suite of over 100 cloud services across dedicated, public, and hybrid cloud environments.
  • OCI’s network of FastConnect partners offers dedicated connectivity to Oracle Cloud Regions, providing a cost-effective way to create private network connections with higher bandwidth and lower latency.
  • The new region is part of Oracle’s distributed cloud strategy, which includes public cloud, dedicated cloud, hybrid cloud, and multi cloud options, delivering the benefits of cloud with greater control and flexibility.

49:54 📢 Ryan – “I just realized that we were talking about an OCI region announcement. So this is just, you know, a couple of servers in the back of a semi truck driving around anyway.”

Closing

And that is the week in the cloud! Visit  our website, the home of the Cloud Pod where you can join our newsletter, slack team, send feedback or ask questions at theCloud Pod.net or tweet at us with hashtag #theCloud Pod

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.