# 335: EKS Network Policies: Now With More Layers Than Your Security Team’s Org Chart Duration: 50 minutes Speakers: Justin Brodley, B, Ryan Lucas Date: 2025-12-25 ## Chapters 1. [00:00] We talk weekly about all things aws, GCP and Azure We talk weekly about all things aws, GCP and Azure. Episode 355 recorded for December 16, 2025. EKS Network policies now with more layers on your security team's org chart. Looking forward to the New Year and New Year in Cloud. Maybe less AI. Probably not. Probably more AI. 2. [01:21] Meta is apparently developing Avocado, their new frontier AI model codenamed Meta is apparently developing Avocado, their new frontier AI model codenamed to succeed Llama. Now expected to launch in 2026 in Q1 after internal delays related to training, performance and testing. The model may be proprietary rather than open source. 3. [03:15] Disney suing Google AI for alleged copyright infringement through its generative models Disney has apparently sued Google AI for infringing copyright on a massive scale. Claiming Google trained its systems on Disney's copyrighted content without authorization. The case could establish important precedents for how cloud providers handle copyrighted training data. 4. [04:59] Disney is investing $1 billion in OpenAI and is licensing 200 characters Disney is investing $1 billion in OpenAI and is licensed 200 characters for its AI video app Sora. Deal is notable given Disney's history of aggressive copyright protection. OpenAI has been pursuing content licensing deals after facing multiple lawsuits over unauthorized use of copyright training data. 5. [07:13] OpenAI has released two new models for us this week OpenAI releases GPT Image 1.5, their new flagship image generation model. Now available in ChatGPT for all users and via the API. Model generates images up to 4x faster than the previous version. Also has improvements for text rendering. 6. [08:41] OpenAI has released GPT 5.2 now generally available for paid users GPT5.2 now generally available for paid users and via the API as GPT 5.2 in the API. Three variants including instant for everyday tasks, Thinking for complex work and Pro for highest quality outputs. Still very dubious of a new model from OpenAI right now. 7. [10:45] Amazon is open sourcing Cedar allowing developers to define fine-grained permissions Amazon is open sourcing Cedar by having it join the CNCF. Cedar lets developers define fine grained permissions as policies separate from the application code. This type of policy is going to be absolutely key to managing sort of permissions going forward. 8. [12:38] Guardduty Extended Threat Detection now identifies a coordinated crypto mining campaign Guardduty Extended Threat Detection now identifies a coordinated crypto mining campaign. Attackers use compromised IAM credentials to deploy miners across EC2 and ECS within 10 minutes of the initial access. AWS recommends enabling GuardDuty runtime monitoring alongside the foundational production plan for comprehensive coverage. 9. [15:51] Amazon EKS is now supporting admin network policies and application network policies Amazon EKS is now supporting admin network policies and application network policies. Allows cluster administrators to filter outbound traffic using domain names instead of maintaining IP address lists. Requirements include Kubernetes 1.29 or later and newer standard EKS clusters. 10. [18:43] AWS offers automated Java thread dump analysis solution for containerized environments AWS is giving you automated Java thread dump analysis solution. Solution combines Prometheus monitoring, Grafana Alerting, Lambda Orchestration and Amazon Bedrock AI to diagnose JVM performance issues in seconds rather than in hours. System works across both ECS and EKS environments. 11. [22:16] EC2 auto scaling now offers a synchronous API to launch instances inside groups EC2 auto scaling now offers a synchronous API to launch instances inside an auto scaling group. API enables customers to override default auto scaling groups by specifying exact availability zones and subnets for new instances. AWS is now enabling cost allocation based on workforce user attributes. 12. [25:47] Google has released Gemini 3 Flash and Gemini3 Flash for enterprises this week Gemini 3 Flash positions it as a frontier intelligence model optimized for speed at reduced cost. The model processes over 1 trillion tokens daily through Google's API. Being able to run this on local devices for like Android phones is going to be a huge breakthrough in LLM performance on device. 13. [27:19] Google has integrated model context protocol servers into its new Anti Gravity ide Google has integrated model context protocol servers into its new Anti Gravity ide. This allows AI agents directly connect to Google cloud data services including Alloy DB, BigQuery, Spanner, Cloud SQL and Looker. The integration enables AI agents to perform. 14. [30:59] Google's Application Design center has now reached a general availability as a visual AI platform Google's Application Design center has now reached a general availability as a visual AI powered platform for designing and deploying Terraform backed application infrastructure. Integrates with Gemini Cloud Assist to let users describe infrastructure needs in natural language. The platform is available free of cost for building and deploying application templates. 15. [33:12] Microsoft finally deprecating RC4 encryption after 26 years of default support Microsoft is finally killing and deprecating RC4 encryption only after 26 years of default support following its role in major breaches. Organizations using Windows authentication will need to ensure their systems are configured to use AES encryption and disable the RC4 fallback to prevent downgrade attacks. 16. [35:50] The platform powers OpenAI's model training includes new smart tier preview Azure Blob storage will now scale to exabytes 50 plus terabit per second throughput and millions of IOPS. Platform powers OpenAI's model training. Bobbyhood moves data between hot, cool and cold tiers based on 30 to 90 day access patterns. 17. [38:23] Microsoft to expand its U.S. data center footprint with new AI region New U.S. east3 region launching in Greater Atlanta in early 2027 plus adding availability zones to five existing regions by the end of 2027. Azure is tripling down on AI infrastructure with its global network now reaching 18 petabits per second of total capacity. 18. [42:14] Happy holidays to all of our listeners and we will see you in the new year Happy holidays to all of our listeners and we will see you in the new year with our Look Back and look Forward show. We'd like to thank our sponsor Archera. And that's all for this week in Cloud. 19. [43:29] iRobot filed for bankruptcy after losing ground to cheaper competitors iRobot has filed for bankruptcy marking the end of an era for the company that pioneered consumer robotics. After losing ground to cheaper competitors, the stock crashed from Amazon's $52 offer in 2023 to just $4. This demonstrates how hardware IoT companies struggle with strong cloud services. 20. [49:27] Ben Kehoe was a big advocate for lambda robotics Ben Kehoe was one of the big reasons why I was really into iRobot. I assume this new Chinese company will keep developing and maybe they'll bring the cost down. It'll be an uphill battle in the US Market because people hear that the Chinese supplier and panic. 21. [50:35] Well, have a great Christmas. See you in the New year All right. Well, have a great Christmas. See you in the New year. Later. Bye now. ## Transcript [00:00] Justin Brodley: Foreign. [00:08] B: Where the forecast is always cloudy. We talk weekly about all things aws, GCP and Azure. [00:14] Ryan Lucas: We are your hosts Justin, Jonathan, Ryan and Matthew. [00:18] Justin Brodley: Episode 355 recorded for December 16, 2025. EKS Network policies now with more layers on your security team's org chart. Good evening Ryan. How you doing? I'm doing well. [00:30] Ryan Lucas: How are you? [00:31] Justin Brodley: Doing well as well, you know we're all turning into pumpkins here as the Christmas holidays rapidly approach. [00:38] Ryan Lucas: Indeed. [00:39] Justin Brodley: So this is our last episode that'll publish this year and then we will drop the game in January, our year end look back and our look ahead predictions and see how we did on predictions last year. That'll be our first show back into the new year. But we're taking off next week for Christmas because we've realized trying to do Christmas shows is just bad. Yeah, doesn't work so. And plus after reinvent we're tired and we want to go do other things. So we will definitely have to follow up on a couple things when we get back. But definitely look forward to the New Year and New Year in Cloud. Maybe less AI. Probably not. Probably more AI. It's really how it's going to work. Yeah. And on that note, let's get into it, shall we? [01:21] Ryan Lucas: Yeah, yeah. [01:23] Justin Brodley: So Meta is apparently developing Avocado, their new frontier AI model codenamed to succeed Llama, now expected to launch in 2026 in Q1 after internal delays related to training, performance and testing. The model may be proprietary rather than open source, making a significant shift from Meta's previous strategy to freely distribute Llama's weights and architecture developers. Meta has spent apparently $14.3 billion so since June to hire Scale AI founder Alexander Wang and acquire a stake in Scale. Company has apparently restructured AI leadership after Llama 4's poor reception in April. With the Chief Product officer, Chris Cox no longer overseeing the general AI unit, a Meta cut 600 jobs in the superintelligence labs in October. So their strategy is get rid of open source, go make it proprietary and we'll be successful. That's a weird, weird choice. I don't know, I kind of feel like that was what they're really their value prop was, was that they were open source because a model built on Facebook data and Instagram is either probably very racist or full of thirst traps. I'm not really sure how that works out in the model, but I don't. I just don't know if it's a really interesting, compelling story for them. [02:30] Ryan Lucas: Yeah, I was very surprised by the proprietary of it. And I'm just not sure, like, I guess I don't really understand the business of, you know, that the, the AI models like. And I guess if you are going to, you know, offer like a chat service or, or that kind of thing, you have to sort of have a proprietary model, I guess, but it's kind of strange. [02:52] Justin Brodley: Yeah. So anyways, we'll keep an eye on that, see what they do if they actually release a new proprietary model in Q1. But apparently this is causing a lot of rifts inside their culture, so see how that continues to evolve as they try to become a big player in AI. Hopefully better than their story in ar, VR and the Metaverse. [03:11] Ryan Lucas: Yes, yes, hopefully. [03:15] Justin Brodley: Disney has apparently sued Google AI for infringing copyright on a massive scale. They allege they issued a cease and desist letter to Google alleging copyright infringement through its generative AI models. Claiming Google trained its systems on Disney's copyrighted content without authorization and now enables users to generate Disney owned characters like those from the Lion King, Deadpool and Star Wars. Which represents one of the first major legal challenges from a content owner with substantial legal resources against a cloud AI provider. Legal notice targets two specific violations. Google's use of Disney's copyrighted works and training data for its image and video generation models and the distribution of Disney character reproductions to end users through AI generated outputs. The case could establish important precedents for how cloud providers handle copyrighted training data, implement content filtering in AI services. Outcome may force cloud AI for platforms to develop more sophisticated copyright detection systems or negotiate license agreements with content owners before deploying generative AI. Disney's involvement brings considerable legal firepower to the battle. And so we'll see how this one goes next year. I'm sure it'll get to court. [04:14] Ryan Lucas: Yeah. Disney suing for copyright infringement. [04:17] Justin Brodley: Shocking. Shocking. The, the biggest abuser of copyright out there, not violating it, but making it last as long as possible. For Mickey Mouse. [04:26] Ryan Lucas: Right. So, well, and then they are just renowned for being completely evil. [04:32] Justin Brodley: Yes. [04:32] Ryan Lucas: For, for, for anyone like, you know, really sticking to like parody standards for people making fun of Mickey Mouse or all kinds of things like that. Just any reference. So it, it does make sense if, if there's going to be a major like AI case that sort of sets the precedent. What's, what's okay and what's not for AI, it does make sense. It'll be brought by Disney. [04:53] Justin Brodley: Yeah. Sort of weird timing though, don't you think? You know why, why in December of all time? And then this story comes across My desk. Disney is investing $1 billion in OpenAI and is licensed 200 characters for its AI video app Sora. Oh, okay. All right. So this is apparently marking the first major Hollywood studio content licensing deal for OpenAI's video platform, which launched in late September and faces faced industry criticism over copyright concerns. The three year license agreement allows Sora to users to create short video clips featuring licenses and characters representing our chef from OpenAI's previous approach of training models on copyrighted material without permission. This deal is notable given Disney's history of aggressive copyright protection in the lobbying that shaped modern US copyright law in the 1990s. OpenAI has been pursuing content licensing deals with major IP holders after facing multiple lawsuits over unauthorized use of copyright training data. I'm sure that, you know, didn't help that or didn't hurt that they would go sue the biggest competitor of theirs at the same time. So that's just super convenient. But it's sort of weird. It's like, well, so OpenAI is licensing these characters, but then Disney's investing a billion dollars. So, so is that like a. Well, Disney wanted 2 billion, but we gave them an, you know, or they wanted to charge us more, but we gave them a discount because they're an investor or something. I don't know. It's a weird, weird worded story. [06:11] Ryan Lucas: It's. Business relationships are never as straightforward. I, you know, as I've learned more about the business, you know, growing older, I guess. And so it's like these, all these little sort of hooks and trying to, you know, leverage each other for, for shared success. In theory, it's kind of funny, but. Or is it just a way to like get out of the lawsuit so they can generate the content? I don't know. It's a weird product differentiator if that's the case. [06:40] Justin Brodley: It is, yeah. I mean, I, I don't. Is Sora even a thing anymore? Remember it was kind of had like a big moment of everyone using it and then I feel like it kind of died off pretty quickly because it was so bad in so many ways. I mean, I don't know, do your kids like Sora? [06:53] Ryan Lucas: They still. There's like little tools and little like websites and stuff where it sort of comes into play. But it, it does seem like it's sort of lost its luster. It's no longer shiny and new. [07:05] Justin Brodley: Yeah, I see that SORA watermark on a video. I'm just kind of like, I swipe on by. I was like, yeah, whatever, I don't care. Well, OpenAI, as we know, is in the crunch mode, trying to deal with the existential threat brought on by Gemini. And so they released two new models for us this week. First is the release of GPT Image 1.5, their new flagship image generation model, now available in ChatGPT for all users and via the API. The model generates images up to 4x faster than the previous version and includes a dedicated images feature in the ChatGPT sidebar, the preset filters and prompts for quick exploration. It's very competitive against nanobanana and I was looking at some of the charts. It's already jumped to the top of the charts and all image modifications just slightly above nanobanana. [07:49] Ryan Lucas: Wow. It's. I mean the, the image generation of of AI has gone a long way in a short period of time. So it's. I was pretty surprised with Nano Banana fixing some of the the horribleness that experienced in early days of Planner with it. So it's play around with this and see if it's the same thing. I'm really happy to see that it also has improvements for text rendering. [08:15] Justin Brodley: Yeah, I mean definitely the video. The text in images has gotten significantly better on all the models, thank goodness. I didn't realize how much I generated. [08:24] Ryan Lucas: Images with text edit, but it, yeah. [08:27] Justin Brodley: It'S, it happens a lot. The nice thing is too in some of them you can now click in the image like oh, I don't want this part. And so that helps the model actually like do the edits you want now. So there's definitely some nice improvements coming into image editing in general. Yeah, well if you don't care about images, but you care about ChatGPT and overall LLM performance, they released GPT5.2 now generally available for paid users and via the API as GPT 5.2 in the API with three variants including instant for everyday tasks, Thinking for complex work and Pro for highest quality outputs. Mall introduces native spreadsheet and presentation duration capabilities of ChatGPT enterprise users reporting 40 to 60 minutes saved daily on average. So apparently all the funding decks they had to build were getting old and they just wanted the AI to do it for them. GPT 5.2 thinking achieves a 70.9 win rate against human experts on GDP val benchmark spanning 44 occupations and set new records on software bench Pro at 55.6 the model demonstrates 11x faster output generation and less than 1% of the cost of expert professionals on knowledge work tasks. Long context performance reaches near 100% accuracy on forward needle MRCR variant up to 256,000 tokens. The new response Compact endpoint extending effective context window for tool heavy workloads. API pricing set for $1.75 per million input tokens and 14 per million output tokens with 9% discount on cached inputs. Model introduces improved safety features including strengthened responses for mental health and self harm scenarios. [10:00] Ryan Lucas: Yeah, I mean I'm happy to see the improved safety features because that's just coming to, you know, the news recently and definitely in some high profile sort of events happen where it's becoming a concern for sure. So it's a. I want to see more, you know, protections there and more in that space across all the providers. But I'm still very dubious of a new model from OpenAI right now just because the last few models that they've released have just been almost unusable for my day to day. [10:31] Justin Brodley: Yeah, I mean they definitely the, you know, the fact they felt they were under threat from Gemini was because they were and they were definitely hurting in general. So definitely interesting developments as well. All right, let's move on to some cloud tool news. Amazon is open sourcing Cedar by having it join the Sorry, it's already open source, but now it's joining the CNCF as a sandbox project solving the problem of hard coded access control by letting developers define fine grained permissions as policies separate from the application code, supporting rbac, ABAC and REBAC models with fast real time evaluations. The language stands out for its formal verification using the Lean Ethereum Prover and differential random testing as a specification providing mathematical guarantees for security, critical authorization logic. Production adoption has been strong with users including Cloudflare, MongoDB, AWS, Bedrock and Kubernetes integrations like Kubernetes Cedar authorizer, the CNCF moved provider vendor neutral governance and broader community access beyond the AWS stewardship. And I'm sure this is really the key to why you do this. You want Google and Azure to adopt it in addition to the other companies that didn't really care as much about that lock in. But if you make it part of the CNCF now, you can push it to become a standard and become part of the larger ecosystem, which would be great because if you could have the same Cedar type controls across all three cloud providers, then you can make policies that actually reference certain things across those providers. [11:53] Ryan Lucas: Exactly. And I think this type of policy is going to be absolutely key to managing sort of permissions going forward. I mean there's already such a problem and constraint in in allowing AI agents. You know, if you think about a cloud cloud role, cloud permissions, like it's not as easy to define sort of what an AI agent can do and can't do, and I think it's going to change the change a lot. And so policy evaluation is probably going to be very important when it comes to those things. And I'm happy for Cedar to be more prevalent because I like it better than rego and open policy agents. [12:31] Justin Brodley: Yeah, I definitely like it better than opa. So yeah, I'm with you right there. All right, moving on to general AWS news guardduty Extended Threat Detection now identifies a coordinated crypto mining campaign starting from 11-2-25 where attackers use compromised IAM credentials to deploy miners across EC2 and ECS within 10 minutes of the initial access. New attack Sequence Commonwealth is a group finding correlated signals across multiple data sources detect sophisticated attack pattern Demonstrating how extended threat detection capabilities launched at re invent in 2025 can identify coordinated campaigns. Attackers employed a novel persistent technique using Modify instance attribute to disable API termination on all launch instances, forcing victims to manually re enable termination before cleanup and disrupting automated remediation workflows. They also created public lambda endpoints without authentication and established backdoor IM users with SCS permissions showing advancement in crypto mining persistence methodologies behind typical mining operations. Campaign targeted high value GPU at AML instances through auto scaling groups configured to scale from 20 to 1,000 instances, with attackers first using dry run flags to validate permissions without triggering costs. The malicious Docker hub image yannick yannick 696-5958/secret accumulated over 10,000 polls before takedown and attackers create up to 50 ECS clusters for account with Fargate tasks configured for maximum CPU allocation of 16,384 units. AWS recommends enabling GuardDuty runtime monitoring alongside the foundational production plan for comprehensive coverage, as runtime monitoring provides host level signals critical for extended threat detection Correlation so yeah, this new thing they announced you should use it because it sounds pretty darn good. [14:11] Ryan Lucas: Yeah, I mean it's like just the sophistication of these attacks. It's just so much more than the old school days of like you accidentally check in your credentials and someone's going to launch EC2 and just have it run and it runs for however long until you find it. Like it's the fact that they're creating artifacts and that you can later then exploit and you know, call the websites in order to get back into the account and you know, especially disabling the termination. That's rough, right? Like that's. Because that's one of those things that you don't really know, you know, like that's a deep, a deep feature, right? Like that. [14:47] Justin Brodley: Well, it's like one of the other hacks I've heard about in the past is you, you know, you change the encryption key for CloudTrail to over. Yeah, CloudTrail. Right. That's the overall audit mechanism. [14:59] Ryan Lucas: Yeah, that's the overall log. [15:01] Justin Brodley: Thank you. It's been a rough week. Yeah. But yeah, so CloudTrail, you basically use a different encryption key for a different account, use that to encrypt it. But since the encryption key is another account, you can actually not access your own logs. But it doesn't trigger the turn, you know, it doesn't trigger if you'd like turned off CloudTrail logs. So just changing the key was a pretty sophisticated hack. I need to fix that. [15:20] Ryan Lucas: Oh, I see. [15:20] Justin Brodley: Yeah. Okay. [15:21] Ryan Lucas: So yeah, kind of removes it as a signal. [15:24] Justin Brodley: Yeah. So basically. Oh, we're still, we're still logging CloudTrail, but yeah, you can't read the data and it's not actually providing any value because you don't have the encryption key, the decryption key, to decrypt it. Yeah, that's. Hackers are the same tools we do for development. Right. That's what we saw early days of AI as well, is that, you know, all of a sudden all of the telltale ways you divine ified phishing, you know, typos and weird, you know, language and images that don't look right, is all gone because the AI just does it so beautifully. Well now for them. Yep. Amazon EKS is now supporting admin network policies and application network policies, giving cluster administrators centralized control over network security across all namespaces while allowing namespace administrators to filter outbound traffic using domain names instead of maintaining IP address lists. This addresses a key limitation of standard Kubernetes network policies which only work with individual namespaces and lack explicit deny rules or policy hierarchies. The new admin network policies operate in two tiers. Admin tier rules that cannot be overridden by developers and baseline tier rules that provide default connectivity but claim be overridden by standard network policies. This enables the platforms for teams to enforce cluster wide security requirements like isolating sensitive workloads or ensuring monitoring access while still giving application teams flexibility within the boundary. Application network policies exclusive to EKS automobile clusters add layer 7 fully qualified domain based filtering. Traditional layer 3 or 4 networking policies, solving the problem of managing egress to external services with frequently changing IP addresses like the Cloud. Instead of maintaining IP lists for SaaS providers or on premise resources behind load balancers, teams can simply whitelist domain names like internal API dot company name. And policies remain valid even when underlying IP addresses change. Requirements include Kubernetes 1.29 or later Amazon VPC CNI driver version 1.21 or newer standard EKS clusters and EKS Auto mode for the application network policy with DNS filtering capability. [17:10] Ryan Lucas: Yeah, this is one of those things that, you know, it's, it's showing a maturity level of container driven applications just because it's been, I think, you know, a while since security teams have been aware of like some of the things that you can do with network policies and routing. And so it's been, you know, in you want to empower your developers and have that, but then being able to sort of also be able to sort of have a comprehensive, you know, ability to sort of ban and approve traffic has been missing from a lot of these, you know, basically ingress controllers. And so this is, I think this is a great thing for security teams and probably going to be the terrible thing for developers who have had a little bit more free reign and have been able to develop a little bit more freely for networks. But we'll see. I mean I've, I'm, I've always been very conflicted about what you can do with ingress and kubernetes in general. [18:09] Justin Brodley: So you always been conflicted about Kubernetes, period? [18:13] Ryan Lucas: Yeah, kubernetes completely. [18:14] Justin Brodley: Yeah. [18:14] Ryan Lucas: And this is just one of those things that they're, we're watching it turn into what the, the old controls were for that were firewall based and at the network level. And so it's, it's going to be one of those things where we have to figure out what the balance is between those protections and, and the flexibility and that doesn't change depending on the technology that's actually doing the protection. So it's, it's, you just move the problem around to Kubernetes and now it's being moved around more. So. [18:43] Justin Brodley: Yeah, well, if you've ever had to support any amount of developers in production for the ECS and eks, one of the biggest banes of your existence will probably be troubleshooting dump analysis of your contain. And so, you know, always becomes a problem because the devs want to be able to connect their debuggers to the container and do the things and none of that really works well in a containerized work environment, despite things like ECS Connect and other tools like that. So AWS is actually trying to solve that problem by giving you automated Java thread dump analysis solution that combines Prometheus monitoring, Grafana Alerting, Lambda Orchestration and Amazon Bedrock AI to diagnose JVM performance issues in seconds rather than in hours. System works across both ECS and EKS environments, automatically detecting high thread counts and generating actual insights without requiring deep JVM expertise from operations teams. I mean, I don't have to know how to do that anymore. [19:32] Ryan Lucas: Does anyone have deep JVM experience anymore? [19:35] Justin Brodley: Right? The solution uses spring boot actuator endpoints for ECS deployments and Kubernetes API commands for EKS to capture thread dumps when Grafana Alerts Trigger and Amazon Bedrock then analyzes the dumps to identify deadlocks, performance bottlenecks and thread states while providing structured recommendations across six key areas including executive summary and optimization. GUID deployments is handled through a cloudformation template available in the Java on AWS Immersion Day workshop. The all thread dumps and AI analysis reports automatically stored in S3 for historical trending. Architecture follows event driven principles with modular components that can be extended to other diagnostic tools like heap dump analysis or automated remediation workflows. System enriches JVM metrics, architectural tags including cluster identification and container metadata naming the lambda function to determine the appropriate thread dump collection method and this metadata driven approach allows a single solution to handle heterogeneous container environments that manual configuration for each deployment type. Pricing follows standard ADOS costs for lambda invocations, Bedrock LLM Usage per token, S3 storage and CloudWatch metrics which tells me that if you have a bad container that crashes the lot, that you could spend a lot of money in LLM usage for tokens analyzing your exact same crash dump every time. So yeah, do keep that in mind. Is it. [20:45] Ryan Lucas: I guess it. Is it automate? I mean, I don't know. [20:47] Justin Brodley: I guess it's. [20:49] Ryan Lucas: It is. I mean it's. It's. I don't know if it's automatically launched, but it's definitely like once you kick. [20:53] Justin Brodley: I mean they do it off a Grafana trigger so you know the Grafana alerts on the dump and it kicks off the. The. Basically the process, I think. [21:01] Ryan Lucas: Yeah, I wonder. Yeah, it could be just that it dumps it into S3 and doesn't do the analysis. I don't know like. But it's definitely one of the things that like AI, like sweet cheese is something. Thread dump analysis. Like I hate, I've always hated it. Like, and I've. [21:15] Justin Brodley: Oh yeah, it's one of those. Like you have to do it but it sucks and there's so much complexity. Then you have to have understand the code line that you're actually during the dump and you had to build this context. And so typically it depends on support operations guy who doesn't have the context figure it out. Yeah. [21:30] Ryan Lucas: And he's just the middleman. [21:32] Justin Brodley: Yeah. So. So it's just, it's a terrible thing with the job that AI can definitely do better than I can. [21:36] Ryan Lucas: Yeah. [21:37] Justin Brodley: And I. Even in my own work, when I get thread dumps now, I'm just like, yeah, I got this thread dump. And I'm like. And even there's times where I've been looking at it, I'm like, I'm not sure what's wrong actually. Then like it, it analyzes. I was like, oh, this is a very clearly obvious thing. And I'm like, okay, yeah, did not connect that right. Those dots right away. Like you did so, so good job. [21:53] Ryan Lucas: Yeah, it's. It is really. I find it really powerful. I mean I, I don't never. I've never really felt great at analyzing fed dumps, but it is really nice to just have a solution that just. [22:04] Justin Brodley: Tells me what's wrong because that's all. [22:05] Ryan Lucas: I've wanted the entire time. And it turns out it's garbage collection. It's. It's just always garbage collection. If you don't have your garbage collection tuned right, your app doesn't work. [22:16] Justin Brodley: EC2 auto scaling now offers a synchronous API to launch instances inside an auto scaling group. This provides synchronous feedback when launching instances, allowing customers to immediately know if capacity is available in their specified availability zone or subnet suggests the scenarios where customers need precise control over instance placement and real time confirmation of scaling operations rather than waiting for the asynchronous results, which if you've ever updated an auto scaling group and you're waiting for it to do a refresh, this is a great feature for you because this allows you to be much more particular about how you want to do things. The API enables customers to override default auto scaling group configurations by specifying exact availability zones and subnets for new instances. Also maintaining the benefit of automated fleet management like health checks and scaling policies. The feature is partially useful for workloads that require strict placement concurrence when you implement fallback strategies quickly when capacity constraints occur in a specific zone, which happens a lot more now that AI is using all the spot capacity. So overall, nice little feature here that I've always sort of wanted. Do you like this? [23:11] Ryan Lucas: I find that, you know, like the auto scaling and the things that, you know that it's basically allowing you to tune are all the things that I move to auto scaling for. [23:20] Justin Brodley: Right. [23:20] Ryan Lucas: I don't want to deal with any of this nonsense like. And so you still have to maintain your own sort of orchestration that understands which zone and, and that kind of, you know, that you need to roll out to so. Because it's going to have to call that API. [23:35] Justin Brodley: Well, I mean I. There's definitely times when I wanted it, I don't think I use it all the time, but I definitely would have appreciated it in certain scenarios. [23:43] Ryan Lucas: So I mean I'm always happy for another knob, that's for sure. [23:45] Justin Brodley: But yeah. AWS is now enabling cost allocation based on workforce user attributes like the Cost center, division and department imported from IAM Identity Center. This allows organizations to automatically tag per user subscription and on demand fees for services like Amazon Q Business, Q Developer and Quicksight with organizational metadata for chargeback purposes. The feature addresses a common finops challenge where companies struggle to attribute SaaS style AWS application costs back to specific business units. And once user attributes are imported to IAM Identity center and enabled as cost allocation tags in Billing console, usage automatically flows to Cost Explorer and CUR 2.0 with the appropriate organizational tags attached. This capability is particularly relevant for enterprises deploying Amazon Q Business or Quicksight at scale where individual user subscriptions can quickly add up across departments instead of mainly tracking which users belong to which cost centers. I mean, in general even I get why they matter for Q Business or Quicksight or those things, but also just the ability to be able to create rules based on this data in IAM Identity center. So as you create new instances could automatically populate this data. There's lots of use cases where this gets interesting real quickly and this is a really nice feature that I'm very happy about. [24:51] Ryan Lucas: Yeah. And you know, how neat would it be to have, you know, things automatically tagged rather than just on policy that has to be predefined and hopefully encapsulates every every business rule. You need to just having even compute resources or individual resources in the cloud be automatically tagged based off of, you know, someone accessing it or deploying it or who knows. It's kind of neat. I like this, I like this model. I hope it sort of takes off. [25:21] Justin Brodley: Yeah, I Hope it takes off too because it has a ton of value. In a lot of use cases it. [25:25] Ryan Lucas: Is going to highlight like me going because I'm, you know, typically I ask a lot of questions of data and especially in like a BI program. So like what is this? And I'm constantly looking at things and filtering things and now that AI is a thing I'm just asking it questions all the time. And so like that's going to be a problem because I'm going to be called out like I'm expensive. [25:47] Justin Brodley: Moving on to GCP, they're looking at OpenAI and saying yeah, yeah, catch me. Bioch. Yeah. They released Gemini 3 Flash and Gemini 3 Flash for enterprises this week. The Gemini 3 Flash positions it as a frontier intelligence model optimized for speed at reduced cost. The model processes over 1 trillion tokens daily through Google's API and replaces Gemini 2.5 Flash as a default model in the Gemini app globally at no cost to users. I mean this is just in general is a pretty big improvement from not only the cost perspective but also the overall performance. And the ability to run this on local devices for like Android phones is going to be a huge breakthrough in LLM performance on device. So I suspect you'll see a lot of Gemini 3 flash getting rolled out all over the place because it does a lot of things really darn well. [26:35] Ryan Lucas: Yeah, no, and it's, you know, the being able to run these smaller models is becoming at least more important and visible to me as it's becoming more ubiquitous, you know, on little things here and there that I'm using AI for. So it's not everything has to, it's going to have like a supercomputer behind it and you want quicker results. So that's kind of neat. You know, I still don't really understand any of the, you know, performance metrics that they use on these things, but you know, looks like better numbers. [27:01] Justin Brodley: So good. I mean you had to go look at all the benchmarks and how the benchmarks work and I tried to read through some of them and I can tell you they're, they're dense, they make sense, but they're just, they're involved and they all have different asyncrasies to them just like any other Benchmark does for CPUs. Google has integrated model context protocol servers into its new Anti Gravity ide, allowing AI agents directly connect to Google cloud data services including Alloy DB, BigQuery, Spanner, Cloud SQL and Looker. The MCP toolbox for databases provides pre built connections that eliminate manual configuration, letting developers access enterprise data through a UI driven setup process within the IDE. The integration enables AI agents to perform. Oh, sorry, BigQuery and Looker connections connects extend agent capabilities into analytics and business intelligent workflows and agents can forecast trends, search data catalogs, validate metric definitions against semantic models and run ad hoc queries to ensure application logic matches production reporting standards. MCP servers use IAM credentials to secure password storage, maintain security while giving agents access to reduction data sources. And this all leads into the fact that Google has now officially provided fully managed remote MCP protocol servers that are plugging into Anti Gravity. So not only if you use Anti Gravity, you get this capability, but you also get this capability through the officially supported Google MCP servers for anything that talks to mcts. So in general, very, very happy with that. [28:27] Ryan Lucas: Yeah, it's kind of, it's interesting, it's interesting that they're rolling this out as part of their ide, I guess, you know, like where else are you going to put an mcp, you know, sort of connection? But I'm always, you know, like there's, there's a lot of ides and I, I'm definitely not one to use like specific IDs for specific products anymore. So like I feel like that's an. [28:50] Justin Brodley: Older model, but I did, I did download their. This IDE that I've never heard of until this week. Well, it's new, right? [28:57] Ryan Lucas: I thought it was new. [28:58] Justin Brodley: Yeah, I mean it's newish Anti Gravity and so I am, I'm curious to play with it. I'm not super interested in moving off of my tried and true Visual Studio code that I've used forever now. But I'm always willing to try a new IDE out once that's how I got to Visual Studio code in the first place because I used other tools before that one. So definitely interesting. But in addition to, you know, all of the Google Cloud direct stuff for the mtv, you also get access to things like the Google Maps platform for location grounding, which is pretty nice. So even some of the SaaS applications are giving you something as well. And then if you're like, well apogee or sorry, MCPs are great, but I really could use it in apigee. You can also get apogee support inside for MCP, allowing organizations to expose their existing APIs as tools for AI agents not writing code or managing the MCP server itself. And Google handling the infrastructure transcoding and protocol management while apogee applies its 30 plus built in policies for authorization, authentication and security to govern agentic interaction. So a lot of MCP love today in the Google Cloud world, all integrated of course into the adk, the MCP proxies and the security capabilities of apigee. [30:06] Ryan Lucas: I just did some real time, real time analysis about the, you know, the feature of the MCP and then also the browser and stuff. It's, it's one of those things where it is the newer model of like of coding where you're having distributed agents do tasks and that and so like the new IDs are sort of taking care of or taking advantage of that. And it is a VS code fork. So it's very comfortable to, you know, your VS code users. [30:34] Justin Brodley: Just, just like VS code or cursor. [30:36] Ryan Lucas: Yep, exactly. [30:38] Justin Brodley: I see import from V. I just, I just happened to open it cause I'm like oh yeah, I installed that earlier, I didn't actually run it. And so I did hit that when you're talking about it and I do see it's like import all your stuff and then how do you want to use your agents, et cetera. So yeah, okay, makes sense. Everyone just using VS code. That's the new. It's like everyone uses, everyone uses the Chrome engine now for their browser. Exactly. Yeah. Well, Google's Application Design center has now reached a general availability as a visual AI powered platform for designing and deploying Terraform backed application infrastructure on gcp Integrates with Gemini Cloud Assist to let users describe infrastructure needs in natural language and receive deployable architecture diagrams with Terraform code while automatically registering applications with App Hub for unified management. The platform addresses platform engineering needs by providing a curated catalog of opinionated application templates including specialized GKE templates for AI inference workloads. Using various LLM models, organizations can bring their own Terraform configurations from GIT repositories and combine them with Google provided components to create standardized infrastructure patterns for reuse across cross development environments. The GAA features include public APIs and GCloud CLI support, VPC service control compatibility and GitOps integration for CI CD workflows. Service offers application template revisions as an immutable audit trail. An automatic text configuration drift between intended design and deployed applications to maintain compliance. The platform is available free of cost for building and deploying application templates with pricing details at the website in the show notes. That's a pretty nice one. [32:04] Ryan Lucas: Yeah, it's kind of the pangea that everyone's been hoping for for a long time. And with technology I guess AI is making it possible just be able to, you know, plaintext speak your infrastructure into existence versus having to know, you know, specific HCL language and how to call it and doing all the research of which modules are available and linking it all together. That's yeah. [32:28] Justin Brodley: Interesting to play with this. I'm definitely gonna take a note to follow up on this one. [32:32] Ryan Lucas: Yeah, I mean I, I definitely like this model better than like the, you know, like the Beanstalk or, or you know, the, the sort of hosted application model which has kind of been the solution up until this. Right. Is, you know, you don't have the infrastructure expertise in order to make these things work so you use a hosted platform. This is sort of the, this is the, the answer I want which is I don't really want to create a whole bunch of, you know, underlying infrastructure configuration and maintain it into existence if I don't have to, but I do want the flexibility and the certainty that it does provide having it, you know, templated and something that I can apply policy against and review. [33:11] Justin Brodley: That's very cool. In an Azure world, if you are familiar with Kerberos and the curse of Kerberos, you probably are very familiar with Windows RC4 based authentication requests and the risk of such things. And Microsoft is finally killing and deprecating RC4 encryption only after 26 years of default support following its role in major breaches including the 2024 Ascension Healthcare attack that affected 5.6 million patient records. Cypher has been cryptographically weak since 1994 enabled Kerbero roasting attacks that have been compromising enterprise networks for over a decade. Windows servers have continued to accept RC4 based authentication requests by default even after AES support was added, creating a persistent attack vector that hackers routinely exploited. Senator Ron Wyden called for the FTC investigation of Microsoft in September for gross cybersecurity intelligence related to this default configuration deprecation addresses a fundamental security gap in enterprise any manager that has existed since when the Active directory launched in 2000 and organizations using Windows authentication will need to ensure their systems are configured to use AES encryption and disable the RC4 fallback to prevent downgrade attacks. This change affects any organization running activity for user authentic and access control, those in healthcare, finance and other regular industries, or really anybody who uses Windows. I mean, look, this has been such a problem for so long, so about time. Thanks Senator Ron Wyden for, you know, gross negligence claims against Microsoft. [34:34] Ryan Lucas: I mean, finally it's if that's what it takes to motivate them, that's not great. Literally an act of Congress, right? Well act of Senate, literally. But yeah, it's a, like it's 80 is so complex and it's hard to get running in the beginning that almost everyone just sort of accepts the defaults to get it up and going. And then this is one of those things that, you know, if you don't know how compromised that this cipher is, you don't really prioritize getting back to it and fixing the ciphers that are used in the encryption. And it's so like, I'm really happy to see this. It's always been sort of this weird like black mark that makes me not trust, you know, Windows in general that. [35:17] Justin Brodley: Well, I mean this is the problem with, you know, not being secure by default and, and with the challenge. I think, you know, even when they supported like TLS 1.2, they would accept TLS 1.0 first. [35:28] Ryan Lucas: Yeah. [35:28] Justin Brodley: And so to like disable that, you had to go turn it off in the registry and all these things. It's like, no, it's like, why don't you fall back to the less secure ones versus the other way around? Then it becomes an opt in versus an opt out. And that was one of the reasons why people always said Windows is less secure and all that. So it's good. But yeah, to have a senator shame you into this is kind of sad. Well, Azure Last week saw S3 got 50 terabit bucket support and so they've also announced Azure Blob storage will now scale to exabytes 50 plus terabit per second throughput and millions of IOPS, specifically architecting to keep GPUs continuously fed during AI training workloads. The platform powers OpenAI's model training includes new smart tier preview. Bobbyhood moves data between hot, cool and cold tiers based on 30 to 90 day access patterns. Azure Ultra Disk delivers new sub 0.5 milliseconds latency with 30% improvement on Azure Boost VM scaling to 400,000 IOPS per disk and up to 800,000 IOPS for VM on new EBSv6 instances and the new Instant Access snapshots. Preview eliminates pre warming requirements and reduces recovery times from hours to seconds for premium SDV2 and ultra disk. Azure managed Lustre AMLF S2.0 preview supports 25 petabit namespaces and 512 gigabits of throughput featuring auto import and auto export capabilities and Azure Files introduces entre only identity support for SMP shares, eliminating the need for on premise ad infrastructure and enabling cloud native identity management including external Identities for Azure virtual desktop and the storage mover adds cloud to cloud transfers and on premise NFS to Azure files migration capabilities. Wow, that's a lot of good stuff. [37:03] Ryan Lucas: It just dawned on me as you, as you're reading through here because I was like this is you know, interesting. Getting all this high performance from you know, Object Store is just sort of blows my mind. And then I realized that you know, like all these sort of cloud file systems, quote unquote have been backed underneath by these object stores for a long time. Like oh of course they need this. [37:25] Justin Brodley: Yes, of course they do. Because I was, I was wondering why. [37:29] Ryan Lucas: They were talking about you know, the Azure managed luster and these things that are file system based in this. And then I'm like wait a sec, oh, oh, you have to have that large object store in order to provide the file systems on top of it. Which because I've always wondered how people were using Object Store and like high perform like how do you use a 50 terabyte? You know I'm like I don't know how you do that. Like ah, now I do. Like you don't directly. [37:54] Justin Brodley: Yeah, you don't directly. That's. Well I mean even, even when they first launched EBS it was all. Everyone kind of knew that it was built on top of S3 but you know how it was done, People were like I don't really know how that works. [38:04] Ryan Lucas: Oh we understood it was on EBS and the performance really told you that it didn't we? [38:08] Justin Brodley: Yeah, like we, it wasn't great. We knew. [38:11] Ryan Lucas: Yeah, yeah, it's pretty good now, right? But that's, it is interesting and it's just funny, I'm just like my eyes are opened all of a sudden. [38:23] Justin Brodley: Well, the insatiable thirst for power and AI supremacy is driving Microsoft to expand its U.S. data center footprint with a new U.S. east3 region launching in Greater Atlanta in early 2027 plus adding availability zones to five existing regions by the end of 2027. The Atlanta region will support advanced AI workloads and features zone redundant storage for improved application resilience designed to meet LEED Gold standard certifications for sustainability expansions. Adding those availability zones to the North Central US West Central US and US gov Arizona regions plus enhanced existing zones in US East 2 Virginia and South Central US Texas Azure government customers get dedicated expansion with three availability zones coming to the US gov Arizona in early 2026 specifically supporting defense industrial based requirements. And this is all represents a pretty large infrastructure investment to support organizations like the University of Miami using availability zones for disaster recovery in hurricane prone regions and many, many other use cases that they highlight in their article. [39:21] Ryan Lucas: Yeah, I mean it's AI is definitely driving a lot of this. Right. Just good space in general, but then also like large data sets, you don't really want to have that distributed, so. [39:31] Justin Brodley: Right. [39:32] Ryan Lucas: And so that is sort of, you know, a trick. But then I also think they're just purely running out of space, you know, or so kind of nuts. But in government's probably adopting computer and cloud cloud providers like crazy. So yeah, instead of having maintaining their own sort of private data centers and doing that, taking advantage of these cloud hyperscalers. That's cool. [39:54] Justin Brodley: Well and if you have all those data centers and you have all that storage moving around at all that speed, you need to also upgrade your network. And so Azure is tripling down on AI infrastructure with its global network now reaching 18 petabits per second of total capacity, up from 6 petabytes a second at the end of FY24 so three exercise in two years. The network spans over 60 AI regions with 500,000 miles of fiber and 4 petabytes of WAN capacity using InfiniBand and high speed Internet for lossless data transfer between GPU clusters. NAT Gateway Standard v2 enters public preview with zone redundancy by default at no additional cost, delivering 100 gigabits per second throughput and 10 million packets per second. And this joins ExpressRoute VPN and Application Gateways and offering Zone Resilient SKUs as part of Azure's resiliency by default strategy. Security updates include DNS Security policy with Threat intel now generally available for blocking malicious domains. Private Link Direct connects and Preview for extending connectivity to any routable private IP and JWT validation at layer 7 in Application Gateway to preview offload token validation from your backend servers. The Express Route is getting a 400 gigabit direct port and select location starting in 2026 for multi terabit throughput, while VPN gateway, now generally available, supports 5 gigabits of single TCP flow and 20 gigabits total throughput with four tunnels. Private link scales to 5,000 endpoints per VNET and 20,000 across peered VNETs. Container network improvements for AKs include EBPFS host routing for lower latency POD CIDR expansion without cluster redeployment, WAF for application gateway for containers now generally available, and Azure Bastion support for private AKS cluster access. That's a lot of networking stuff too. [41:27] Ryan Lucas: Yeah, that's. That's a great announcement I mean, that's. If you have those high network throughput needs. That's fantastic. And I, you know, it's been a while since I've really got into cloud at that deep layer, but I do remember sort of in AWS the VPN limitations really biting, you know, like certain connectivity things because you really did hit, it was easy to hit those limits pretty fast and you know, direct connect and other things came along and sort of fixed some of those things. But then I'm sure, you know, you can exceed those as well. I do like some of these, you know, things they tacked on like the, the DNS, the automated sort of malicious domains. And that's kind of great because that's a great way to protect your environment so that you're. Anything malicious. The outbound call just doesn't work, which is fantastic. I like to see those types of things. Very cool. [42:16] Justin Brodley: Well, Ryan, we made it to the end of the show. [42:19] Ryan Lucas: Yes, we have. [42:21] Justin Brodley: All right, well, happy holidays to all of our listeners and we will see you in the new year with our Look Back and look Forward show. And hopefully the cloud providers take a little time off too because they've been busy. Yeah, we cut a lot of stories this week that we, you know, a Ryan I didn't want to talk about, but really more just, you know, not anything super exciting, but lots of I didn't make the reinvent cutoff type stories for AWS that they didn't make the cutoff for a reason. Right. But yeah, it's all good. So we look forward to seeing you in the new year and have a great one, all of you. [42:53] Ryan Lucas: Happy holidays everybody. [42:57] B: And that's all for this week in Cloud. We'd like to thank our sponsor Archera. Be sure to click the link in our show notes to learn more about their services. While you're at it, head over to our website@thecloudpod.net where you can subscribe to our newsletter, join our Slack community, send us your feedback and ask any questions you might have. Thanks for listening and we'll catch you on the next episode. [43:29] Justin Brodley: Well, I do have an after show for you that we had to talk about. So when I talk to you about Amazon Lambda and Serverless and all of those things, is there a company that comes to mind for you that is a big poster child of using those type of technologies? [43:45] Ryan Lucas: Oh, certainly, yeah. Roombas. [43:47] Justin Brodley: Right. [43:48] Ryan Lucas: Like that was. That was the big Lambda success story that I. Their logo has been many on many of my slide decks toting serverless technologies and patterns. [43:58] Justin Brodley: Well it might not be anymore. They've apparently filed for bankruptcy marking the end of an era for the company that pioneered consumer robotics with the Roomba now being acquired by its Chinese supplier Pikia Robotics. After losing ground to cheaper competitors, the stock crashed from Amazon's $52 offer in 2023 to just $4. The market leaders can fall when undercut on price. The failed Amazon acquisition on 2023 due to EU antitrust concerns looks particularly painful in hindsight as iRobot might have been better off with Amazon's resources than facing bankruptcy. This hides how regulatory decisions intend to preserve Competition can sometimes accelerate a company's decline instead of and for cloud professionals, this demonstrates how hardware IoT companies struggle with strong cloud services and ecosystem lock in that could justify premium pricing. IRobot's inability to differentiate on hardware shows why companies like Amazon, Google and Apple integrate devices tightly with their cloud platforms. Chinese supplier takeover raises questions about data privacy and security for your millions of roombas. So maybe it's time to retire them out to pasture if you're still using them. And this could become a cautionary to hail about supply chain dependencies and what happens when your manufacturer becomes your new owner in general. It was founded in 1990 and sold over 40 million robot devices. And this is kind of a sad day, especially if you're a big serverless fan because they were definitely the poster child of all things serverless. [45:16] Ryan Lucas: I forgot totally about the Amazon's bid and that it failed because that's kind of nuts. Like it's, it really does show that like the business was at least trying to sort of find a situation that they could have gotten out of and. But they also did just have their lunch just eaten by. There's a billion competitors now and they never were able to really keep up and stay ahead of the game competitively. Right. Like that was sort of. And I don't, you know, like I don't think this is really a takedown of serverless or anything like that because it really was sort of the combination of the hardware devices being sort of the same. You know, thinking about like Ecovac and some of these other competitors that I know more recently that have come come through. The hardware was all just sort of basic and the same. They never really changed there and then it was just, it was more expensive than anything else. Like that was it. [46:15] Justin Brodley: Yeah, it got. When they got like 8, 900 for what they were able to do, it was sort of like oof, yeah, this is getting pretty expensive for kind of a mediocre product in some ways. [46:26] Ryan Lucas: And I kind of didn't like some of the advancements, but like the newer vacuums and stuff are all vision based. And so like I vacuum in the middle of the night and so I kind of liked the iRobot, the older ones, but then, you know, like, because you don't have to have the lights on, but if you don't have the lights on, your house is particularly dark because I, I don't like sunlight. Those things don't work at night. [46:47] Justin Brodley: I mean, you mentioned before the show that you, you don't sleep well at night. Maybe it's the vacuums. Maybe, maybe you shouldn't have run those at night. I'm just, just, just putting it out there. [46:56] Ryan Lucas: Yeah, yeah, there's definitely, you know, I like my house to sort of like in the Jetsons, it sort of like resets overnight and like everything gets washed and everything. And I wake up during the day and it's all, it's like a brand new day. [47:08] Justin Brodley: It's interesting because I was just looking at, you know, Wirecutter, who last time I bought a robot vacuum, which was years ago, now, you know, it was iRobot all the way. And now iRobot's not even the list. Like their top pick is some company called Roborock and their runner up pick is a company called Tapo. I've heard of never. Neither of these companies. [47:26] Ryan Lucas: I have not heard of Tapo. [47:27] Justin Brodley: I've heard of roborock, I heard of Ecobee and I knew of Narwhal only because I bought their mop because I was super excited about it. And their mop wasn't very good. [47:36] Ryan Lucas: Yeah. Either I tried buying it. It doesn't, it's in a closet now. [47:40] Justin Brodley: Yeah, yeah, we, when we moved to this house here, I, you know, we had a highest end Irobot that you could buy. And my house is a single story house and it's, you know, like 3,400 square feet. And it couldn't keep the memory of the, of the house in its memory. It just would, it would basically fail somewhere randomly in the house when I had to go and I had to go hunt for it. Like, where did the robot die? And so that's what killed it here at this house. And so, you know, it's definitely sad it's gone and, but you know, I definitely, when I was looking at buying another one, I was like, I'm not gonna spend another $800 on a product that isn't really innovating. It wasn't changing a Lot. And so, you know, I definitely, if I was interested in replacing it, which I am not at the moment, I would definitely look probably elsewhere. [48:24] Ryan Lucas: Yeah. [48:24] Justin Brodley: But you know, which is why, why iRobot's filing bankruptcy. Because you and I are having this conversation going, yeah, we wouldn't buy one right now either. [48:30] Ryan Lucas: No, like, and for, for, yeah, the 800 bucks, I'd rather buy like three cheap ones, you know, and have them just fight each other out for at the boundaries. Like robot to the death. But at least my floor should be clean. It gets really frustrating when like it was one thing when it got stuck under a chair or something mechanically where it couldn't get out and you're like, okay, this is just silly. But, but it would like, it would just stop in the middle of the floor going, I don't know where I am. I got, I can't do it. [48:54] Justin Brodley: Yeah. [48:55] Ryan Lucas: Anything else? [48:56] Justin Brodley: Like, what are you doing? That's what happened to mine. Like I would get a message saying, you know, unknown fault on my robot. And, and like, you know, Google, Google the message like, oh, you're, you know, the memory space ran out of the robot because the floor plan's too big. Yeah. And you're like, okay. [49:10] Ryan Lucas: Oh, okay. Yeah, that's, that's how I figured out my mapping issues because the maps kept resetting in the same way and it was because it was too dark so it would lose its. It didn't have enough data points to sort of say, oh, here I am in the map. And so it would be like, oh, I'm somewhere new. And it would just reset the whole thing. Like so frustrating for sure. [49:27] Justin Brodley: Well, Ben Kehoe was really the one of the big reasons why I was really into iRobot as well. And he was such a strong advocate for all things, you know, lambda. [49:36] Ryan Lucas: And so big impact on. [49:37] Justin Brodley: He's been gone for a while. I think that was our joke is like, you know, so they felt like, you know, you wouldn't apply to them directly so they just had to buy your company when Amazon was going to buy them. And then that didn't come through. But I just looked at Microsoft's cruiser he up to these days. He's over at Siemens, another PLC based robotic company. So I'm sure he's having a good time. We should, yeah, we should reach out to him someday and see what he's up to. But well, RIP iRobot if they don't survive or, you know, I assume this new Chinese company will keep developing and maybe they'll bring the cost down. And make it better. And I'll be curious if they still are a big Amazon customer or if they start changing their technology to be less dependent. So we'll see what happens. Alibaba Cloud. [50:16] Ryan Lucas: It'll be an uphill battle in the US Market because people hear that the Chinese supplier and panic. [50:21] Justin Brodley: Yeah, maybe. All those. All those brands. Roborock and Ecovax and all those. They're all Chinese vendors, too. It's. Yeah, Narwhal is for sure. [50:29] Ryan Lucas: It cracks me up. It's just. It's the minute it gets branded as. [50:32] Justin Brodley: Such, that's, you know. Yeah. It's all over for it. [50:34] Ryan Lucas: Yeah. [50:35] Justin Brodley: All right. Well, have a great Christmas. You, too. See you in the New year. [50:38] Ryan Lucas: All right. Later. Bye now.