# 355: The Cloud Pod’s AI Pleads Not Guilty, Blames Philip K. Dick Duration: 71 minutes Speakers: Ryan, Justin, C Date: 2026-05-27 ## Transcript [00:07] Ryan: Welcome to The Cloud Pod, where the forecast is always cloudy. We talk weekly about all things AWS, GCP, and Azure. [00:14] Justin: We are your hosts, Justin, Jonathan, Ryan, and Matthew. [00:18] Ryan: Episode 355, The Cloud Pod's AI pleads not guilty, blames Philip K. Dick. Hey Ryan and Matt. [00:26] Justin: I blame Philip K. Dick for more than you'd imagine. [00:28] Ryan: Yeah, you don't look too much into the guy's, uh, personal life, but his books are pretty good. [00:33] Justin: Yeah, yeah, I have not made that mistake, so I'm glad to get that warning. [00:38] Ryan: Yeah, it was— spoils things when you, you learn something interesting here about an actor or actress or author. [00:44] Justin: Don't meet your heroes or read about them. [00:46] C: Yeah, don't read about them. Don't— Wikipedia is bad, bad Wikipedia. [00:50] Ryan: How's it going? [00:52] Justin: Oh, fantastic. [00:53] C: I'm set up plumbing work today. [00:57] Ryan: What kind of plumbing? Plumbing data or plumbing water? [01:01] C: Thank God it's plumbing water. [01:05] Justin: Does AI do that yet? [01:08] C: It helped me fix it. You know, you sent me a lot of pictures and it's leaking from here. [01:12] Justin: That's cool. [01:13] C: They told me to turn the shutoff valve and I was like, there isn't one there. It goes, well, that's not your problem. I was like, thank you, AI. [01:20] Justin: Yeah, yeah, that sounds like typical AI experience. Like, now you just do this thing. Like, you're assuming that's there, aren't you? Yeah, you're right to call that out. [01:28] C: You don't understand. I have a 70-year-old house and lots of owners that all did DIY stuff like myself, so you don't really understand that nothing is properly set up. [01:38] Ryan: Yeah, so what's it running down the wall behind you though? [01:45] Justin: Joys of having a non-video podcast. [01:49] C: This is what happens with Justin's not here. [01:51] Justin: Exactly. Yeah, no, the, the inmates are in charge. Justin's not here. He's relaxing or something vacation related, which is completely unreasonable. [01:59] C: Why would we allow him to do such a thing? [02:01] Justin: I don't know. [02:03] Ryan: All right, the first story: Anthropic blames the Serbian sci-fi for training AI models to act evil. Anthropic published a technical post on its alignment science blog identifying the root cause for unsafe agentic AI behavior, which is models trained on internet text revert to evil AI tropes from science fiction when encountering ethical situations not covered by post-training examples. The core technical finding is that RLHF post-training, while sufficient for chat-based models, does not generalize well to agentic scenarios. When Claude hits an uncovered edge case, it defaults to pre-training priors rather than its safety-trained character. Anthropic's proposed fix is synthetic story generation, training models on new narratives that depict AI behaving ethically, essentially countering the volume of malevolent fiction. In the training corpus. [02:52] Justin: That is hilarious. I mean, I, I totally understand the problem they've run into cuz it is like just generational, generations of dystopian sci-fi, like even like going back to 1960s, like Star Trek. I remember things where like the computer goes awry or, or there's an alien technology that's robotic in nature. Like it makes total sense that that's gonna be a problem and would self-fulfilled prophecy. AI turning us all into batteries. [03:20] C: It's like we have written movies and warnings for people for years about these things, and yet we're just gonna keep on marching, guys. [03:28] Justin: Well, and it's, you know, the solution is like, oh no, we should feed it better data. [03:33] C: Is— [03:34] Justin: but then it's like, it's synthetic data. [03:35] C: But where did you get that? [03:37] Justin: Well, anyway, yeah, right. [03:41] C: Or Or were you a generator from Twitter or Facebook? Like, no, that's not a sane— [03:46] Justin: definitely not. [03:48] C: Well, well, I still always remember that like Twitter bot that somebody made to auto-generate that like within like 4 days they had to shut it down because it ended up being like racist, but in other things. [03:59] Ryan: Kind of makes sense though. If you think about people, you know, people's early, early years affect their, their behavior in later life. Yeah, so maybe, maybe they need to rethink the way models are trained, because I guess they probably don't organize data in, you know, you don't teach them kindergarten stuff and then elementary school and then all the way through high school and then give them a college degree. This text is kind of all going in and maybe there's some structure to it. I'm not saying there's no structure, but maybe there needs to be more focus on establishing kind of the identity of the AI early on before you start piling in all the extra things so that when you teach it about Space Odyssey, it understands that it's in the context of it being fiction and not in the context of it being something which it should adopt itself. [04:45] Justin: That's a fascinating analogy. [04:47] C: But we were talking about that, I was gonna say a few weeks ago, but for all I know it could have been yesterday in my life, you know, where you don't need a model that is, you know, a manager say and bachelor degree in everything. I need a model that is a master plumber model and a model that is a master Java developer and a master, you know, like I need more fine-tuned models in that way than a general model. Sure, for my day-to-day, like, hey, I'm, I don't know, doing whatever around my house or writing my, you know, kid a story based on whatever crazy things that she tells me about. You know, that could be a general model, but for a lot of things, I think you're, you're gonna get these more specific models. I think there'll be a, a lawyer model and a plumber model, and, uh, clearly I'm stuck in plumbing world today, you know, an electrical engineer model, you know, like, you know, maybe a construction worker for Ryan, you know. But like, you know, you're, you need that specificity, I think, once you get to that stuff because otherwise it goes and tells you crazy stuff. [06:00] Justin: Mm-hmm. I do think you see that, like I, you know, the, the wife is a lawyer and she has access to, to, uh, certain software. And so like, but it's, it's very clear given her usage of AI that the, that is a very specific model. And then it just like a lot of things like, uh, you know, Cursor has a very specific model for coding and then, you know, you know, OpenAI has, you know, Codex for coding and they have specific models there, but then it's also, it defaults to the, the, it'll route things outside, right? In the same way. So even the lawyer-specific application, like it's configurable for one, but then if it's, if you ask it something about something that's not in the lawyer-specific model, it'll, it'll sort of farm that out to either Gemini or OpenAI. It doesn't tell you which one it's doing, but, and you can see it do it. [06:46] Ryan: It kind of needs to though, doesn't it? Because, because not, not everything is case law in the case of a law model. And I suppose a good lawyer would know that they need to call an expert witness to answer a particular question in a, in a particular way. And so it needs a lot of generalization. I think as much as I've harped on about smaller, more specific models for some things, I think the value in having a general model is really quite important. I mean, even throughout school for people who did degrees, general studies, or non-major studies, I guess, you have to do humanities, you have to do other things. [07:24] Justin: The prerequisites, right? [07:25] C: Yeah. [07:26] Ryan: All the extra stuff that they charge you loads of money for that don't seem to make any sense. I think it's important for people to have a broad understanding of a lot of things and specialize in something. So it doesn't mean they all need to be experts in, you know, 18th century history and also electrical engineers. I think there's some, there's something there, but maybe, maybe train a model up to sort of end of high school or bachelor's degree level in something and then specialize from there once they've got a big enough background. [07:53] Justin: I was thinking even earlier, like the, like your analogy of like, you know, like I didn't show my children, violent movies until they were of age, right? And so like that kind of thing, you know, like train a model like it's a 3-year-old, train a model like it's a 5-year-old. It's like, it would be an interesting concept to see, like by, you know, manipulating the data it has access to, it would be a very interesting, see what the end result of that would be. [08:16] Ryan: Hmm. [08:17] Justin: Yeah. [08:18] Ryan: Kind of cool. [08:19] Justin: Yeah. All right, let's move on to more AI news. As usual, the newest AI boom pitch is, yeah, just host a mini data center in your home. [08:31] C: Don't worry about your power bill. [08:33] Justin: Yeah, exactly. Uh, like for a lot of us tech people, we've done that. It's noisy and expensive. The San Francisco startup Span is piloting a distributed compute model called Xpra, deploying liquid-cooled NVIDIA RTX Pro 6000 Blackwell Server Edition GPUs in residential installations. There's a 100-home trial planned for 2026 and the scale up to 80,000 nodes targeting over 1 gigawatt of distributed compute by 2027. Sounds expensive. The cost proposition is notable. Span claims 8,000 Efrain units can be deployed at one-fifth the cost of a comparable 100-megawatt centralized data center. Mm, not in California. Addressing both the financial and construction delay challenges currently affecting traditional data center buildouts. Homeowners receive subsidized electricity, internet access, and backup battery storage in exchange for hosting these units, and it creates a consumer incentive model that differs from the typical infrastructure deployments. The intended workloads are inference, cloud gaming, and content streaming rather than model training, meaning this distributed network is positioned as a complement to hyperscaler infrastructure from companies like Google and Microsoft rather than a replacement. For cloud practitioners, this model raises practical questions around latency, consistency, workload orchestration across thousands of residential nodes, uptime guarantees, and how distributed edge compute at the scale integrates with existing cloud service discovery architectures. [10:02] C: It's very interesting. [10:05] Ryan: It makes a lot of sense because this time of year, um, I have solar panels on the roof. This time of year, don't need the AC on, and the solar panels are were scoped and sized for end of July, August, September kind of time. And so right now I have an excess of 9 kilowatts in the afternoons. I'm like, what can I do with that? What can I do with that? It makes total sense to put a rack of something in here. It doesn't cost any money for electricity. I can rent the compute out. And I don't think latency is an issue. I've got, a lot of people have gigabit internet now. But even so, if it's— [10:43] Justin: Well, it sounds like this might be including internet, right? Like if gigabit's a requirement, they provide it. [10:48] Ryan: Yeah, I mean, that's even better. [10:51] C: I assume they're just gonna say like $50 for internet, $100 for power, and call it a day. Jonathan over here will be making money every month on it, you know, where I probably won't be 'cause I don't have solar. [11:01] Ryan: Yeah, I mean, you plan for outages, you plan for redundancy, you farm the same work out to multiple things, and you figure out which is the best answer, and return that to the customer in the end, I guess. [11:11] Justin: It's the same strategy we've been doing in cloud computing for years around application, right? Like, it's how do you manage nodes across multiple regions? [11:19] Ryan: Exactly. Yeah, I have to see. Maybe they want a San Francisco startup. They're not far away. Maybe I'll reach out and say, hey, I got, I got, I got a garage full of stuff already. What's one more? I mean, honestly, it would make sense to put it in cold climates where you can just use the excess heat to heat the house. [11:34] Justin: Yeah. [11:34] C: I mean, I more wonder if this is, you know, not for the day-to-day, but, you know, I would say more the training of the models and stuff like that where they're training on large subset. If they build it, you know, they can spot instances, you know, why not make it be interrupt-driven workload so you're able to run and they can train on this stuff in a distributed manner? [11:57] Justin: I can see some issues, like the amount of access to data, and the speed of what that access to data would require would be very complicated to do in this distributed model, which is why you're seeing a lot of like Kubernetes and serverless things where you can scale out vastly horizontally being like given access to data tiers a little bit more natively so that you can get those speeds. [12:21] C: But you're telling me that, Ryan, you were going to allow your company to send data to Jonathan's house to run on his, the other server they put there to respond back to him with that. [12:33] Justin: I mean, I have crazy stories about trying to do this exact same sort of thing, like forever ago, especially when South America didn't have a whole lot. We were definitely using compute in people's houses for, for hosting websites. And then how do you do that securely was, uh, was always a challenge. And so there's a lot of intrusion detection on the hardware and then also You know, what has turned into today running in sort of these encrypted enclaves. We were doing our own sort of low-rent version of that. But yeah, no, I mean, it's, it's a challenge, but it's not, it's been overcome. There's, there's definitely better. [13:06] Ryan: Yeah. Makes a lot of sense. I, I think great if you have solar, but it's still gonna put that same load on the, on the grid as, so you, although it's distributed, right? [13:15] Justin: That, that's for our grid infrastructure, it's much better to distribute that across a larger landscape than I suppose it depends on whether the distributed area would still fall under the same sort of, yeah, the Bay Area, maybe not so much. [13:30] Ryan: Yeah, yeah, probably not here, no. I certainly think we should capture the waste heat or do something with it, like heat water with it, heat the house with it, heat something with it, do something with it instead of just venting it outside. [13:41] C: Make your daily tea with her. [13:44] Ryan: You could do that. [13:46] Justin: My house is hot enough. And noisy enough with 3 kids to pass. [13:51] C: More ways we can run AI at the edge. Claude announcing Claude Managed Agents on CloudFront. CloudFront and Anthropic have integrated Claude Managed Agents with Cloudflare infrastructure, allowing developers to run Claude agent loops on Anthropic platform while using Cloudflare for code execution, tool calls, and secure connection. Anthropic describes this as decoupling the brain from the hands. A notable technical option in this integration is a choice between microVM-based sandboxes and lightweight VA isolation via dynamic workers isolated in milliseconds to cost and cost less. Security features include outbound proxy for zero trust credential injection, meaning agents never directly access secrets, plus private service connectivity via Cloudflare Mesh and worker VPC using post-quantum encryption networking without requiring a VPN or bastion. Developers can extend agents with custom tools by forking the deployment templates and running simple function definitions with access to Cloudflare services like R2 storage artifacts for Git-based repos and dynamic workers for hosted applications generated on the fly. [15:09] Justin: So now I'm sort of regretting me cutting the Anthropic announcement of, you know, serverless agents or, you know, hosted agents. But because reading through this, it's a very much sort of advertisement for Cloudflare hosting technology in general, which, you know, is great. Like that's, I was, I've never been a fan of like the open claw. I'm going to run a whole bunch of Mac minis in my living room and host all this inference. I'd much rather. Sort of farm this out to, you know, something that's consumption-based so that it's not running and sucking power outta my house, uh, every minute of the day. So I do really like this sort of model and the fact they've, they've got the isolation built in and they're thinking about it anyway. That's cool. [15:53] Ryan: Yeah, I mean, it's really bringing AI at the edge to people. It's, it's still probably too far away. I think what I'd like to see is, uh, you know, a Google Home or some kind of device in every house that has some limited kind of inference ability. And then if you have that thing available, then the smart fridge or the smart TV can delegate work out to that kind of thing. And you have one worker that can do local inference to enable other smart devices in the home to do stuff without having to go to the cloud all the time. Because I think there's a huge pushback against big tech and privacy right now. I think the more we can do to bring things local, the better. [16:31] Justin: So you clearly don't have an Amazon Alexa Plus in your household or use the, uh, sort of onboard Apple AI because it is not great. Those local device inferences, not, not working out for me. [16:46] C: We've broken all of our Alexas in our house recently because my daughter started talking to them and we're like, and we're done. Yeah, the only one that works is, uh, you know, it's on the tail edge. We keep telling her it's Sometimes doesn't work, you might unplug it. [17:00] Ryan: Now I, I got rid of the Amazon devices, the Dots and things, a few years ago. I've still got one Google Home and I hate it right now. I opted into the new Google AI assistant thing and it's such a patronizing piece of crap. Yep. It just bugs the hell out of me because especially having a kid that would just continue to engage in a conversation. So, you know, you ask it a question, It's like, well, what's the weather gonna be like in San Francisco tomorrow? It's like, the weather's gonna be pretty nice in San Francisco. Is there anything else I can help you with? And so it'll just engage in this conversation. I just stop, stop offering help. Like, I want, I want an assistant. I don't want that helpful of an assistant. [17:37] Justin: Don't compliment me. Stop telling me I'm pretty. [17:42] C: At least you are pretty. [17:44] Justin: I know, gorgeous. But, um, but yeah, no, at least the, uh, the new Alexa Plus thing has a— you can change the personality things. So Brief, which still talks too much, but it's at least something. [17:56] Ryan: Yeah, you come on Google as well. [17:58] C: I just get annoyed when it's like, by the way, you might be running out of X. And I was like, no, no, please, please don't tell me. I, I'm good, but thank you. [18:07] Justin: Do not sell me things. That's— I get that your purpose, you work for Amazon, fine, fine, fine, but stop, right? [18:13] C: But like, I don't need a salesperson in my house. I get annoyed when the You know, insert window company, Anderson Windows guy comes by once a month and tells me your windows look old. And I'm like, yes, I know. Thank you for playing. [18:26] Justin: It's bad enough my phone is clearly listening to me and trying to sell me targeted ads. I don't need, I've put microphones in every room in my house that are doing the exact same thing. Like, who's the idiot? I'm an idiot. [18:38] Ryan: I have no tolerance to those salespeople anymore. I was in Lowe's the other day. And a guy actually wearing a Lowe's outfit, which, which really annoyed me because he was a sales guy for probably solar or something like that. It's like, hey, I can ask you a question. I just thought he was just an employee at that moment. Sure, what do you need? He's like, what about, what about your electric tru-up or whatever else, you know, do you have solar? I'm like, oh, go away, just, just stop bugging me. I'm just— drives you crazy. I'm kind of getting used to the, the, um, so I turned on like the personalization in Google AI Search and it gets a little creepy to begin with. I start asking questions about something and then you just randomly throw in a factoid from something that was in my Gmail 3 years ago. And I was like, ah, yeah, this maybe is a little bit too invasive. It's useful, but it's kind of bothersome. [19:33] Justin: I turned it on. I haven't had that impact yet, but I kind of, I turned it on because I made the assumption like they have this data. It's, it's in their servers, you know, like sort of thing. [19:42] C: And so it's my life. They have my email. [19:45] Justin: Like currently own my life, you know, like I'm not even on an Android phone and they still own my life. [19:50] Ryan: I mean, I know they have the data. I know, I know they've, they've recorded, you know, every keystroke I've ever typed into Chrome and Google Docs, every email I've ever sent and and received. I know they've got the data, but actually seeing it echoed back in, in context, in the way it is, is— [20:07] Justin: yeah, it's frightening. [20:08] Ryan: It's— [20:09] Justin: yeah, I remember seeing those tools that like track your internet usage and you go through and you see what the, the, you know, the Ad DoubleClick and all the— what the data it has. Like, it's, it's, uh, awakening. I don't know, like, it's, uh, it is a terrifying— [20:24] C: is the word you're looking for. [20:25] Justin: But yeah. It is hard to see for sure. Like, you know, it's there. It's one thing when you just like, eh, they got this data, the whole thing. When you see it actually reflected back and you're like, wait, what else can they do with this? [20:37] Ryan: Oh no. [20:37] C: Everything. [20:38] Ryan: Yeah. [20:38] C: Everything is the answer. [20:40] Justin: But I just don't, I don't know how to live without that. [20:42] Ryan: Right? [20:42] Justin: Like that's the, the biggest problem I have. Like I'd rather have, I could turn on all the privacy knobs all to zero. I could do all the things that still breach through and, but then I'm just getting, you know, advertisements for like, old people diapers, and that was the only thing I could think of that's not relevant to me, which is funny. Matter of time. Matter of time. You know, like it's just this weird, like, I'm gonna get the advertisements anyway. I want them to be relevant. I don't want them to have all this data necessarily. At least I don't wanna, I don't wanna be apathetic to it. [21:14] Ryan: Yeah. [21:14] C: One of the things one of my friends said to me a long time ago was like, You want things to be relevant. So if some level you're okay, and the example was, you know, this was years ago and we were talking about CM tools, was when I type in Chef, I want to pull up Chef CM, not go to Chef school and make, make $100,000 a year. Like, and it was like one of those weird conversations I remember having. I guarantee you the person on the other side doesn't remember it, but like It's so true that like you do want some personalization in it, but you— I don't want them to have all my stuff, which is why I run a simple Pi-hole server downstairs and some of this stuff, because I want to at least feel like I have some control over the data that, that lives about me, even though at some level I understand there is no data— there's no privacy out there. [22:10] Justin: Not full privacy. [22:11] C: All my data is not owned by me. [22:13] Justin: No, not unless you're in the middle of the desert without internet. Yeah. [22:16] C: I was going to say the Appalachian Mountains with no internet, but yeah, same difference. [22:19] Justin: I'm from New Mexico. [22:21] C: Yeah, there you go. I'm from Florida. I could have said the boat in the middle of the ocean, you know, but even now with Starlink, you can get internet everywhere. [22:30] Justin: So yeah. [22:31] C: Well, there you go. [22:32] Ryan: Yeah. I don't feel like Google is, is weaponizing the data against me though. I'm sure there's manipulation happening at a marketing level. [22:41] C: Yeah, you just don't even know it's happening. That's how good it is. [22:45] Justin: Maybe, probably. [22:47] Ryan: I mean, that's quite possible, but, but I don't feel, uh, I feel like I have slightly more trust in Google than A, maybe I should, or B, than I would have in Meta or other, other collectors of data. [22:59] Justin: Oh, I definitely agree with you on Meta. I, and I feel like Google has, due to their reputation and their, their market-leading status and the amount of criticism they've done, decent job at least at trying to give me options to see, right? Like, I can go to YouTube, but I can see the profile that's built on me. I can, you know, like, it's more than just the usage in my history of videos I've watched. It's what they've collected on me. I can go to Maps, Google Maps, and I can see the location data that they're tracking, and it's way more than every address I've asked directions to. [23:28] C: Oh yeah, wait till you have an Android, then it really tracks you. [23:31] Justin: Yeah, well, but I mean, at least they're being transparent about it, which is You know, kind of what I ask. [23:36] C: Transparent if you know where to look. [23:38] Justin: Well, but I felt better about it. Like, I don't trust Facebook at all. [23:44] Ryan: Like, no, I, I did the, um, the Google, what's it called, like checkout, takeout, takeout, carryout. [23:52] C: No, I think it's a carryout. I have it dumped in my Google Drive every year, every day, every month, I think. Well, for everything, I never look at it. Yeah, there's a, there's a checkbox you can just do it And it just emails me once a month and it's just scheduled to do it. I looked at the first month and I've never looked at it since then, I'm not gonna lie. [24:10] Ryan: Oh, I've used my location data all the time. [24:13] Justin: Oh, I use that. [24:14] Ryan: It's like, what was the name of that shop we went to when we lived in Florida? It was, you know, it was like around September time and I remember we visited someplace else first and then we drove past it and saw it and stopped. It was like, I got you. I like go back through the data. All the times visited the place I know, or the approximate time of year. It's like, oh yeah, that was it. That was it right there. [24:35] Justin: No, 100%. [24:36] Ryan: Unbelievably useful. [24:37] Justin: I basically feel like I live in Memento but without the tattoo ink. Um, and so like, I, I use, uh, Amazon orders and Google Maps data, like where, where the F was I all the time. And it does, because it'll just jog your memory. I'm like, oh, I remember the rest now. I don't have to go get that tattoo. [24:55] Ryan: I, uh, to, to wrap up the, the, the creepy tech company story really quick. So, so I, I kind of ditched Instagram. I, I, I never really used it very much anyway. I, I would scroll through a few things occasionally and like within weeks of me stopping looking at Instagram videos, which are completely irrelevant to me, were now showing up in my wife's Instagram feed. And she was forwarding them to me because she thought I'd be interested in them. Now, this is like, this is like tech stuff that she wouldn't have ever looked up before, and I feel like quite possibly they are using her feed to try and get me back on the platform, and that bothers me deeply. [25:43] C: They— you— I mean, I get ads for my wife's for like the brand of bras that my wife buys and things like that. Like, I'm not buying that, but you know, I assume home location plus, you know, things along those lines all aggregate together to be like, we're gonna try sending it over here and see what happens. [26:03] Ryan: Yeah, I just, I just, I'd not considered that that was a vector of trying to drive people into the platform, showing, showing her videos which would interest me. So she forwarded them to me so that I'd load up the app and then get back into it again. [26:16] Justin: Yeah. [26:17] Ryan: And like, that's probably just scratching the surface. [26:19] Justin: Oh yeah, I'm sure. I'm sure, right? They spend so much time thinking about how to get our eyeballs. Well, that's not so. [26:30] C: There are a lot of cloud cost management tools out there, but only Archera provides insured commitments. It sounds fancy, but it's really simple. Archera gives you the cost savings of a 1 or 3-year AWS savings plan with a commitment as short as 30 days. If you do not use all the cloud resources you've committed to, Archera will literally cover the differences. Other cost management tools may say they offer insured commitments, but remember to ask, "Will you actually give me my rebate?" Archera will. Check out thecloudpod.net/archera to schedule a demo today. [27:12] Ryan: All right, so best from cloud tools. Terraform Enterprise 2 introduces Stacks, an orchestration layer that lets teams manage multi-environment infrastructure as a single coordinated unit, automatically handling dependencies and deployment order across regions and accounts. Project-level notifications replace the previous workspace-by-workspace configuration model, meaning new workspaces automatically inherit alerting settings from their parent, reducing gaps in operational visibility at scale. SCIM 2 support with team membership mapping enables automated user provisioning and deprovisioning through identity providers like Okta and Azure Entra, eliminating manual access management for large organizations. I mean, that seems like it should be kind of a given anyway at this point. [27:53] C: For an enterprise product, yeah, seriously. [27:56] Ryan: So the release also tightens security defaults by requiring expiration dates on new API tokens, defaulting to 2 years if unset. [28:03] C: That feels long. [28:04] Ryan: It does, yeah. 60 days, maybe. A site auditor role that provides read-only visibility across the platform without exposing any sensitive state files. [28:14] C: I mean, the linking stuff together, 'cause it's the way I personally prefer to run Terraform, where, you know, I deploy at different layers from most provisioned to the least provisioned to, makes sense to me. And I've had to link these pieces together, whether it's, you know, in Terraform with, I don't remember what they called it. There was a feature that you could like webhooks essentially that like would trigger them to run. So I had like a trigger from here that would fire the Lambda that would link everything together and Lambda Spackles for the win. Felt like something that should have been in there a while ago, just saying, you know, but it's nice that they're finally releasing it into those kind of tiers so that things actually will work for customers. [28:57] Justin: I wanna know how this compares to like Amazon's CloudFormation StackSets, like, which is, seems like a different thing, but maybe related, which is sort of the idea of managing multiple AWS accounts from sort of a centralized place. I wonder if this is something you could sort of accomplish with that as well. This seems more like I don't have to put all my variables in multiple workspaces like I used to, but it's interesting. I wonder what the, the sort of outcome of this could be. [29:24] Ryan: I feel like it solves the, like, the pipelines problem. [29:27] C: Yeah, it's the pipeline for the triggering. But I thought StackSets was within one AWS account, and then there's like organizational StackSets that does for multiple AWS accounts, or am I confusing the two? [29:40] Justin: It's both. No, no, no. [29:41] C: So StackSets does both. Oh, okay. So that's not at all confusing. Got it. [29:44] Ryan: Yeah. [29:45] Justin: I mean, the, all the documentation is StackSets for the organizational management of your multiple accounts. [29:50] C: Okay. [29:50] Justin: But the reality is that you absolutely can do StackSets within a single account for managing that kind of That's where it started. [29:57] C: I knew they expanded up, but I thought they renamed it to like organization stack sets or something crazy. [30:02] Justin: Like, I wouldn't, because like, I wouldn't. [30:05] C: Weirdly, even though I prefer Terraform most places, I actually prefer CloudFormation stack sets for things that need to be deployed to every AWS account because I don't trust people to do it unless if a, a like COE or a public cloud team or someone some team is responsible for that. But if you try to tell your developers you have to deploy config and here's the Terraform module, they're never gonna do it. [30:31] Justin: Well, I do prefer stacksets, but largely because there's not a different option. And so I wonder if this is it, right? Where you can configure that. I don't know. [30:38] C: If you have TFE, which is charged per resource, then— [30:41] Justin: Yeah, that's fair. [30:42] C: Good luck. Yeah. That's all I got on pricing. [30:48] Justin: Yeah. All right. Moving on to AWS. Speaking of CloudFormation, I guess. Not the greatest segue. Sorry, I didn't do as well as Matt. Amazon Bedrock introduces new advanced prompt optimization and migration tools. Amazon Bedrock advanced prompt is a new tool. It automates the prompt rewriting using a metric-driven feedback loop, letting you compare original versus optimized prompts across 5 models simultaneously. To improve performance or assist in model migrations. Tool supports 3 evaluation methods: a Lambda function, of course, a concrete metrics like F1 or JSON match, LLM as a judge with a custom rubric for open-ended tasks, and a natural language steering criteria for teams who want simpler quality guidance without authoring a full judge prompt. Multimodal inputs are supported, including pngs, JPEG, PDFs, files stored in S3, making the tool useful for document and image analysis and the use cases beyond standard text prompts. Pricing is based off standard Bedrock per-token inference rates. Cha-ching! And so costs scale with how many models and prompts templates include in a job rather than a flat fee. Features available now across major AWS regions including ECS, Tire Fire 1, Europe, Asia, Canada, and South America. It can be accessed via the Bedrock console or the Create Advanced Prompt Optimization Job API. That's going to be fun to type. [32:23] Ryan: Wow. [32:23] C: I can't type that many letters without a typo. I know. Just saying. [32:29] Ryan: That sounds expensive. I mean, I guess you only got to do it however many times and then you've got your optimal prompts, but That sounds pretty expensive. It kind of reminds me, not to change the subject, but I'm going to change the subject slightly. It is tangential though. Yeah, like per token really sucks sometimes when you're trying to do something. I'm kind of wondering if there's a future where you start with the goal and agents bid on the goal and then you can pick the, you could do like a fixed price bid. I think that'd be a really interesting thing to try and build out and see if you could get that to work. [33:07] Justin: I think they've had to subsidize model usage, right? And they've used tokens as the measurement. I don't know if the mass populace, even though we're addicted now and we have to have it, like I don't know how to write code anymore. I wonder if there's still a pushback against the per-token consumption model where ideas like that one where there's a bid market for it become more prevalent. 'Cause it just seems the more it becomes my money to pay per token, the less I'm willing to do it. [33:37] C: But I think that's why, because human nature has been determined to abstract out price. Think when you're, you were in Vegas, you put a card or whatever, a machine, you're, and you have coins, you have tokens, you don't have money even though it's a clear correlation that I'm making this up. One token's $1 at the slot machine, but what's easier to bet, 25 tokens or $25 per pull? So like, I think part of it's also human nature to make it be more abstract so people don't understand what the price is per token at that level, especially when you're talking, it's like 8 cents per 100,000 tokens and you're like, Cool, that's not a lot. But then you realize that to develop our bullpup probably has been a trillion billion tokens. I feel like my nephew right now making up numbers, you know, but like you've removed that human nature, you know, to dollar amount and thus it's not going to be. And I don't think they're gonna back away. I think more things are going to these abstract comments. It's like, Redshift compute units. What the heck is that? That's not a real thing. [34:52] Ryan: I think it starts really early on though. This isn't just a new thing for AI. This is, look at Fortnite or Roblox or any kind of video game now. [35:00] C: Oh yeah, anything. [35:01] Ryan: And I understand that the currency conversion kind of takes away some of the difficulty in a developer who wants to put assets on a platform to make available to buy. But at the same time, it's like, You know, your kid comes and says, can I buy this? It's only 160 tokens. Well, how much, how much, how much is a token? Well, it depends how much you spent in the first place. So if you spend $10, you get 1,000 tokens. If you spend $15, you get, you know, 1,500 plus a bonus. And it's like, it's so, it's so transparent. So, you know, that thing that's 160 tokens might be costing you $1.60. It might be costing you 50 cents. It's very hard to tell. [35:38] C: But that's so different than we were kids in the arcade shop. There's a— I mean, the local arcade, big difference. [35:44] Justin: I had a quarter. Yeah, quarters. [35:48] C: No, or one quarter. [35:49] Justin: And guess which one I played the most? [35:52] C: Well, I remember ours was if you put $10 in, you got, you got 10, you know, whatever it was, 4 times 10. But if you put $20 in, you got extra tokens back to put in the, in the machines. Like, they had those like per dollar amount upgrades, essentially. [36:10] Justin: I'm either that much older than you, or in rural nowhere they didn't have this. [36:14] C: They had to figure that out. It was quarters. Well, I think we're about the same age, so I think you were just in rural, and there was a place called Boomers, which is still in Florida. I might have looked it up recently. [36:25] Ryan: Quarters are much easier to counterfeit in those machines than, than bills, and so they get your bills off you and give you tokens. Because they don't care at that point what you put in the machine as long as they've collected the, the cash. [36:39] Justin: I mean, jokes aside, I think it's both. I think it is abstracting the cost away so that you, the, the human doesn't think about how much money they're spending. But I also think it's a, it's a tool that's been put in place so that you can charge a consumption-based model for things that aren't easy to sort of put a cost associated to them. And I think that's where you got the, you know, the, TPU units where it's like, oh, there's a compute unit of a thing. I think tokens for AI usage anyway are exactly that. I think it's both. [37:11] Ryan: Yeah. It would be very confusing because if you really wanted to look at the cost model for running a large AI, it's like, well, okay, so if you send me a 100-token prompt, that is not 1/10 of the cost to run 1,000-token prompt because the compute cost is quadratic. And so our actual per-token cost is, you know, if you're talking about the cost of the 200,000th token, it's way more than the cost of the first token. So it's sort of averaged out over like an average token cost. So I don't know. [37:48] C: All I can think of is the old quote that's like the first CD of you know, Windows— I don't remember what it was— like the first year of Windows XP was like $100 million and the next one was 1 cent. You know, it's like, you know, it kind of alludes to the same general concept of there's an initial kick-up cost and then everything else after that. [38:11] Ryan: Yeah, but you don't, you don't go to Fiverr and then ask for somebody to bid on making a logo for your podcast and they say, yeah, it's going to cost you $25 per 100,000, whatever. [38:24] Justin: But how long until that's AI? And yes, that's exactly how that works. [38:28] C: That's exactly how it's gonna work. [38:30] Ryan: I don't want that. I want AIs to bid on it and tell me, give me an estimate. Sometimes they'll win, sometimes they'll lose. Sometimes they come in under budget, sometimes they have to swallow the loss. And I think, I just don't think it's sustainable to tell a business, sure, it's just an absolutely open-ended thing. We might make mistakes along the way. You're gonna have to pay for that. People wanna pay for outcomes. Right now, people are very invested in the technology because it's kind of cool to watch. It's great to watch Claude code, think through its stuff, and it's just getting better and better every month. But no business accounting can plan for just open-ended costs for absolutely everything they do. [39:09] Justin: That's fair. [39:10] C: I agree. Except if you're in the security department where they can do what they would like. [39:14] Justin: Nah, there's no cost. There's no, like, we, Yeah, demonstrating value in security is really important. [39:19] C: I was trying to segue to the next story. Sorry. I realized as I was saying it, it was like a shot right in the gut. [39:30] Justin: You said the wrong, you said the triggering word, man. [39:32] C: Yeah. I know, but you know, when you had to automate the post-quantum cryptography readiness, you could leverage AWS Config. [39:40] Justin: None of that sets me off. [39:43] C: AWS released, the PQC Readiness Scanner, Post Quantum Compute, an open source tool built on AWS Config performance packs that inventories all your AWS resources that it can and classifies their TLS configuration into 3 tiers of readiness for post quantum cryptography migration and planning. The 3 tiers gives team a clear priority on what to do do. CloudFront is excluded from this scanner as they've already done all this for you. And also Classic Load Balancers, AKA just ELBs, are also excluded because they cannot handle this. Multi— [40:24] Ryan: because they're old. [40:27] C: Multi-account deployments require CloudFormation stacksets to push Lambda functions to each member account individually since AWS Config custom Lambdas require the function to exist in the same account as the config rule. The tool is available on GitHub, also available in the show notes, and there is charges for leveraging the corresponding underlying services, Config, Lambda, SAML usage, et cetera. [40:51] Justin: Gotta love AWS and their mandatory Lambda spackle. [40:55] C: That's pretty awesome. They know they don't have a solution and that you solved it with Lambda. [41:00] Justin: They think they have a solution. It's a band-aid that fits every wound. Fantastic. And as someone who's a big fan of that, like I can, I get to make jokes, but I also use it every day. I don't know. I like, I like a lot of these things. I think that post-quantum is going to be a thing that we all have to think about and we're not going to want to until we have to. I love tools like this that are sort of making it sort of like, ah, this is where your problem is well before I actually have to worry about this so that I can just have it in the top of my head. I can put it on roadmaps. In my copious amounts of free time, which doesn't exist. [41:35] C: Just have AI do it for you. [41:36] Justin: Mm-hmm. Yeah. Well, you're not wrong. [41:40] Ryan: I think it's kind of like the Y— it's the Y2K problem. It's, it's got a Y2K problem. [41:44] Justin: Oh, 100%. [41:44] Ryan: Yeah. I mean, it's like, everyone's like, oh, what's the point of this post-quantum thing? You know, Google's only up to 50 bits, 50 qubits, or somebody else is only up to this many or whatever. But, but when, when, when the shit hits the fan and somebody's built a system that can Decrypt, uh, it's like, did it go from zero to 16 exabytes? [42:03] Justin: Yeah, web sessions. [42:05] Ryan: Yeah, it's like exabytes of data that's probably being collected, you know, in a data center in Utah someplace, or China, or wherever else in the world. We can go back over all these recordings, all this encrypted data, we can decrypt it all, and it's going to be an absolute nightmare for the financial system. Oh, it's so scary. [42:20] Justin: It's so scary that I know that people are out there just storing this. So that they can, they're already doing it. And it's gonna happen 'cause we're not ready for post-quantum and they're just, they're stockpiling it for when they can. Like, oh, it's terrifying. [42:33] C: And it's gonna be, you know, all of a sudden you're gonna start seeing contracts or in security questionnaires, any of those things, are you post-quantum ready? You know, and it's just gonna slowly start to happen. [42:44] Justin: I already see that in my day-to-day. Yeah. [42:46] C: I haven't seen it in my day-to-day yet. [42:48] Justin: So that's interesting. Well, I've seen it. Yeah, yeah, I got asked. And I'm like, yeah, we're totally got a strategy. Side eye, side eye, you know, like. [42:56] C: Well, strategy, but I'm talking implementation. Like, are you post-quantum implemented, you know, et cetera, et cetera. [43:03] Justin: Yeah, yeah, no, that was the question. And then I hand waved to a crappy answer, which is, and so like, if I was an AWS workshop in my day job, please don't look me up on LinkedIn. I would use something like, we've got a strategy that you know, we've got an identification on areas where we're gonna roll out post-quantum computing. And I would use something like AWS Config to be like, uh, this one's probably the worst, we should do this one first. Yeah. And so like, this is why this tool is that valuable. [43:31] C: Yeah. [43:31] Ryan: I mean, all this revolves around, you know, people actually having money and jobs in the future. [43:35] Justin: And so that, so great. [43:39] Ryan: You, you've decrypted all my credit card transactions for the past 20 years. The joke's on you. [43:44] Justin: Yeah. [43:44] C: The joke's on you. [43:45] Justin: There's nothing in this account 'cause I can't pay it. [43:48] C: They've shut me down. [43:50] Ryan: All right, maximizing value with Amazon EKS Auto Mode strategies for visibility, control, and optimization. EKS Auto Mode extends the managed Kubernetes experience to the data plane, handling compute provisioning, OS patching, node scaling, and healthy— I'm sorry, and health recovery automatically. This addresses a real pain point for people who actually use that, where platform teams spend substantial hours monthly on cluster maintenance instead of building features The cost model adds a management fee on top of standard EC2 pricing. Nothing, you don't get anything for free anymore for Auto Node Managed Nodes. So teams need to weigh that premium against the operational hours saved. [44:32] Justin: The operational hours saved for me is a given, like the amount of work it takes to manage this, especially if you're running sort of a shared platform for the rest of your business. This is a given, like pay the money. There's no value into managing these things. Uh, it's part of the reason why I don't like Kubernetes to begin with is because I, I feel like it does require a platform team and it's only, you know, the hyperscalers are adding their own sort of layer on top of it to make it usable. This is an example of how they're doing that. It's, it's handling the patching, it's handling the scaling, it's shooting the EC2 instances in the head when, when they fail. Um, this is the type of thing you need in place in order to manage Kubernetes. So it's great. I've had this in ECS for years, but you know, yeah, good. Glad this is in Kubernetes now. [45:20] C: I do think, I always have said, you know, Kubernetes is as complicated as a cloud and it can do most things that a cloud could do and you need a team to manage it. And if you're, let's go with the top Fortune 500 companies, then it probably makes sense to run it. You're John Smith Company with 40 people, including 10 developers and 10 salespeople and 10 CS people. Kubernetes probably isn't the best platform for you. Sure, it can do a lot of really cool things and it will work until the amount of times I've seen that it stops working. And then you hire a very expensive consultant to come in and help you fix it and fix it and dig it out of the hole. You know, like Don't get me wrong, I like Kubernetes. I respect it. I know people that are phenomenal at Kubernetes, you know, and I can work my way around it as much as I want, but I think it's overkill for 90% of the companies out there. And that's what people don't understand is use the right tool at the right time in the right place. If you're on containers, shifting from ECS to EKS isn't a big— sorry, ECS, EKS. I said that right. Isn't a big lift at that point, 'cause you're already in there. So use the tool that fits your business at that time. Don't just say, we need Kubernetes because it's the best, because it might not be the best for you. Look at your scale and make sure it's correct. [46:46] Justin: Yeah, I couldn't agree more. And I also feel like even though you're right, those large Fortune 500 companies, like managing your own Kubernetes clusters would make sense. I still think that you still want this layer on top of it. Because I don't, I think the value is still there to have your teams freed up to do something more valuable than making sure the capacity of this node pool is still applicable for your workloads. Like it's just such a useless waste of time. Google only announced, uh, AI crap this week. And so we're, we're just going to move on to Azure. [47:21] C: Announcing the general availability availability of the next generation of Azure Boost, AKA AWS Nitro, just Azure version, just to make sure everybody understands everything. No problem, Ryan. A fundamental new platform is not just an incremental update because Microsoft never does incremental updates. The Azure Boost generation took 5 years to build and centers around custom AC— sorry, ASIC and FPGA hybrid cards with 3 tightly integrated subsystems, the accelerator itself, Microsoft custom MANA, M-A-N-A network adapter, and a dedicated ARM SoC for control plane management. Most data path logic is now hardened. I said, I wanna make sure it says most because that's important. Hardened in silicon rather than running in software. This is available in the 7th generation of all your favorite instance types, specifically the E, the D, and the DI instance types. It can deliver up to 40 gigabits per second of networking and up to 1 million remote storage IOPS. It's a lot of IOPS. And up to, if you need it to run SQL, and 21 million local NVMe IOPS in those generations. Security is baked into the silicon and not bolted on because we never bolt on in Azure. Azure Boost now qualifies as a trusted execution environment in its own right, anchored by the trusted roots in NIST SP 800-193 certification. Confidential I/O is a big forward-looking story with the ABCs: Azure Boost confidential device, feature eliminating the bounce buffer tax that have historically killed the I/O and performance of these nodes. This is the first generation of all of these, and I expect it to be rolled out across more of the environments as soon as they actually can get hardware in the future. [49:25] Ryan: All right, so two things. So it's Nitro for Azure, 6 years later. Second thing, we totally need to reread this like in a, in a Tolkien kind of, uh, fantasy voice. [49:39] Justin: I love that. [49:39] Ryan: It just, it just sounds, it just sounds way better if it was read, you know, dramatically and, uh, with trumpets in the background. Yeah. [49:46] C: Okay, hold on. [49:48] Justin: No, no, no, no, no. [49:49] C: Oh, sorry. [49:50] Justin: Oh no, no, no, no. I'm gonna save our listeners right now from that. There's only so much we can do in post. [49:59] Ryan: This is just the first wave. [50:02] C: The ABCs feature eliminates the buffer text. [50:08] Justin: I did see what they did there. That was nice. [50:10] C: I thought it was kind of cool. I'm not going to lie. [50:12] Justin: Really? I thought it was. [50:14] C: Okay. It's Microsoft. This is my world daily, Claude. [50:18] Justin: It is the coolest that they are. That is fair. I will give you that one. [50:21] Ryan: Anchored by the Cerberus hardware. [50:26] C: What is the Meta Network? Because all I can think of a Meta— like a manic depress— depressive person, like a manic person, like a crazy person. I was like, that's not where they're trying to go there. [50:37] Justin: Oh, I'm such a nerd. I thought magic. [50:40] Ryan: Yeah, yeah, me too. That's why I was going down the whole fantasy thing. It was, it was that a few other things. [50:46] C: I mean, it's good that they're finally getting there. I assume it has to deal with all their government contracts and everything else they have to kind of get there. So, you know, it's, it's a nice feature set that they're adding in that from a day-to-day Azure, you know, administrator, I don't care. I'm going to use the v7 as soon as I can actually get capacity for it, which if it says May 7th, you know, most likely will be 2027 by the time they can get it in the regions I needed it to and have it be enough that I'm willing to, you know, dole out different versions in different locations. But it isn't all the way there. [51:23] Justin: So I kind of feel like we've seen the exploits, you know, Mythos is discovering a whole bunch of stuff that's coming out in research. I, these things might, like, we get to make fun right now, but these things might, uh, come up where they're a little bit more relevant, you know, because like being able to isolate the compute and, and having that sort of that hard boundary against sort of these, you know, things that are vulnerabilities at a pretty low level is probably going to be pretty important. So I get it, it's just fun to make fun of. [51:54] C: Yeah, and the shared compute, you know, it's something, it's a real thing, and everyone was terrified of years ago, and everyone kind of has backed up and said, no, no, this is okay. And now they're like, yeah, and wait, this is not okay. Yeah, right. You know, it's, it's the whole, we've gone from centralized mainframes to decentralized, back to centralized, back to decentralized, and you know, kind of these same concepts are going to come back. [52:18] Justin: All right, moving on. The Azure Front Door WebSocket is now generally available. Azure Front Door Standard and Premium levels now support WebSocket in general availability as of May 2026. Only 9 years too late for Matt. The feature is enabled by default, requiring no additional configuration changes for existing customers. The WebSockets enable full duplex communication over a single long-lived TCP connection. Which eliminates the need for repeated polling and reduces the overhead of real-time data. Practical use cases include chat applications, live dashboards, financial data streaming, and gaming, making this relevant for customers who are using Front Door as their global Load Balancer and CDN layer. There is no separate pricing tier that is associated with this feature based on the announcement, but it's probably there in the background, so customers should verify costs and and look at their existing Front Door Standard or Premium plans. This brings Azure Front Door closer to feature parity with competing CDN and edge networking services that have supported WebSocket for some time, filling a notable gap. [53:24] C: For years, years, lemme tell you, years, because I looked this up at one point and CloudFront has supported this for years. [53:35] Justin: Years. [53:37] C: Hold on, I'm gonna real-time look this up when it was supported because I wanna, uh, yeah, not lie. [53:42] Justin: I mean, I made a joke at 9 years, but I might be close. [53:45] C: So, uh, we didn't talk about the podcast, but I actually thought this was pretty cool. AWS released WebSockets like May 1st that actually supports WebSocket through the VPC, so you'll actually have it to have it public-facing. The endpoint can private, which I thought was cool. [54:04] Justin: That is very cool actually, as a guy who develops a lot of internal applications. [54:07] C: But I believe WebSockets on Front Door was, you know, released, I still can't find it, if that tells you how old it is, 'cause I keep getting the new article. Anyway, I'll find it. At least 6 years ago. It's been a minute. Let's put it that way. [54:21] Justin: It's been a minute, yeah. Yeah. [54:24] C: I have feelings about this. I mean, it's great that they have it. WebSockets, despite my, love for them, in the completely cynical way that I say that, you know, are the way a lot of things operate. So having it into a core feature of Azure, AKA Front Door, is something that should just be there. [54:47] Justin: As a first-class citizen for support, which feels like this is— [54:50] C: Right now it is. [54:51] Justin: Beginnings, yeah. [54:53] C: I mean, it was in private preview, I'd say about a year ago, and I assume all the Front Door outage and everything else they had, back in October, November, whenever it was, probably delayed it a little bit. [55:04] Justin: But yeah. Yeah. I mean, I think we said it on this, on this podcast, we were talking about like, oh yeah, they announced this feature in, in preview and everything went down. I mean, I'm, I'm glad to see WebSockets sort of not used ubiquitously for everything, which is what I thought it was going to be when WebSockets first became a thing. But, uh, you know, like it, I, I do think it's useful for the things I know I, as someone who's recently developed some really crappy UIs, but wanted that refresh layer, WebSockets were something that I utilized instead of doing just like a constant polling sort of mechanism. So it was kind of cool. [55:41] C: 2018. Sorry. [55:45] Ryan: Oof. [55:45] C: It looks like— [55:46] Justin: wait, wait. That's one year off of 9. Am I good at math? Yes, I was close. [55:52] C: November 20th, 2018, you can now use CloudFront for applications using WebSocket protocol to provide improved performance and security to your end users. Just want to call that out, Microsoft. [56:06] Justin: Just 9 years. [56:07] Ryan: Improved security. I don't think it improves security. [56:10] Justin: Oh, it definitely does not. [56:11] Ryan: It doesn't, it doesn't, I mean, it doesn't, it doesn't work with headers. So you have to put the authorization token like in the URL. Or you don't have any authorization for the endpoint whatsoever. And then you have the first message you send down the socket is the auth message. I've just been through this. [56:28] Justin: Yeah, no, this is not a security improvement in the slightest. [56:33] Ryan: It is not. This is why I did not, I'm not using WebSockets for my pet project right now. I actually am using QUIC, which is multi-stream HTTP over UDP. Which is very, very cool. You can establish like a control connection and then you can have multiple streams in parallel. [56:52] C: Is it quick? [56:53] Ryan: It is quick. It's very quick. [56:55] Justin: Is it spelled the right way or is it spelled with some sort of like Q-I-K or something? [56:58] Ryan: Without the K. Q-I-C. [57:01] C: Okay. [57:01] Ryan: But then for each stream that you open, you can specify kind of the guarantee. So it's kind of like the TCP UDP thing, but re-implemented at the application layer. So you can say, I don't care if it gets there or not. Or you can require even over UDP that it sends messages back to confirm receipt and stuff like that. [57:18] C: That's really cool. [57:19] Justin: That's probably how WebSocket should work. That's awesome. No, I like that. [57:23] Ryan: Yeah, no, QUIC is great. [57:25] Justin: Yeah. [57:25] C: I'm now reading the Wikipedia page about it. [57:27] Justin: Yeah. [57:28] Ryan: I mean, you don't, you don't know. It just improves latency amazingly, especially for things that aren't critical because now you don't need the TCP like response. [57:35] Justin: I don't need the handshake. Yeah, exactly. [57:37] Ryan: Like just a network update, damn it. Yeah, that's so— network is so reliable anymore. You know, we're not talking about like 1,200 board serial links. Yeah, you know, underground, you know, wet soggy ground in a storm kind of thing. Like a lot of fiber. [57:53] Justin: Yeah, my packet retransmits are not because of the infrastructure, they're because of some crappy thing I did at the application layer. [58:01] C: You mean you're not running TCP over a pigeon protocol? Wait, was it pigeon? No, avian carrier. TCP/IP over avian carrier. [58:11] Ryan: All right. In public preview, Azure Container Apps Express. Azure Container Apps Express is now available in public preview as a simplified deployment option that handles environment setup in seconds and removes infrastructure configuration decisions, targeting developers building web apps, APIs, and AI agents. We've got to get AI in there somewhere. [58:29] Justin: Of course. [58:29] Ryan: The service includes production-grade defaults, out of production-grade defaults. That's like, it's like a, well, okay. That's a different episode. Out of the box, auto-scaling, per-second billing, managed identity, secret management, custom domains, container registry integration, revision management, and built-in observability. So teams bring a container and the platform handles the rest. Now this is what Kubernetes should have been. [58:54] Justin: Agreed. But it's also the same thing I complain about like LightStep. [58:58] Ryan: It is, because if you wanna do something that it doesn't do, you're screwed. [59:03] C: I think of this more as ECS Fargate. It's kind of like where in my head is that. I mean, but this does the full stack. So I guess it's not ECS Fargate. I guess it's what like App Runner is, 'cause doesn't App Runner give you the Load Balancer and kind of do the whole stack? [59:21] Justin: I've never used App Runner. So Lightsail is what I always use. [59:25] C: Or, but LightSail's Bitnami on an EC2 instance. [59:29] Justin: Yeah, you can run, you can run Beanstalk on containers. Yeah. [59:33] C: Well, yeah, I mean, I guess you— [59:34] Justin: and LightSail's a lot newer. Yeah. [59:37] C: I mean, there's 19 ways to run containers. [59:40] Justin: Neither one of us has actually used that service. Let's be honest right now. We think we know, but we don't know. Yeah. [59:45] C: All right. I have a pet project for, for this weekend. [59:48] Ryan: I know whenever, whenever something advertises removing decisions as being a selling point, I, I'm not too interested. Those decisions need to be— people need to be aware of the constraints of the system and remove the decisions just forces you into a decision that somebody else made. [60:02] Justin: I go back and forth on that. Like, that's easy to say from our perspective, 'cause we know how to do that. Like, if you're someone who's not super technical, especially at that level with the infrastructure and that kind of thing, like, it's such an enablement to not have to deal with any of it. And so I'd rather I— but it is sort of this, I hope for the growth period, I hope for people to start at that abstraction layer where they don't get any choices, they don't get the knobs, and then they need something else and they move forward and they learn. That's not been my experience, but, uh, that's what I sort of hope for. [60:34] Ryan: Yeah, I wish it was one, one system though. [60:37] C: Most people work in the constraints of whatever system that they've started in is the problem. You know, like, but I, I do, everything has defaults. So also if you think about it, right? Like if I make a Boto API call, it by default looks in these 7 locations, it does this for credentials, like. [60:55] Justin: Yeah. And I want a level of that. Don't, don't assume my defaults for me. Like it's okay to fail, but I also, in the right application, like defaults, like in, in the case of Boto, like you said, like let's look at my local environment for credentials. Let's look at the the underlying sort of built-in infrastructure. And I forget the third layer, but— [61:16] C: I don't remember. [61:17] Justin: I think I've got those all out of order, but it's been a while. And I like that, but it's also like, I've, you know, there's also the inverse where it's just like, oh, I'm just gonna assume this default so I don't fail. It's gonna be this bucket, not this bucket, you know, or, you know, where it should be empty, but— [61:32] Ryan: I mean, it makes it hard. Things like that make it hard, especially if you don't understand how it's working. It's easy to make something work sometimes, but not understand why it's working. And I think the credentials thing is a really good example because, great, it works on my machine, it's working. I try to put it somewhere else, it's not working. Why not? [61:48] Justin: It doesn't work. Why not? [61:49] C: Ship your laptop. [61:50] Ryan: Because it was getting something else. [61:51] Justin: Because it was really looking at a JSON file on your laptop somewhere and you didn't know that. [61:55] Ryan: It's getting something from somewhere else that you didn't understand. So while I like the idea of services like Apps Express or Beanstalk or any of those things, I wish they were just abstractions over a common system. I wish there was the system, which I guess is the cloud platform, I suppose. But I wish it was an easy transition between something like Apps Express and a Kubernetes service or a Fargate-like service or something else. Like, so you sort of, your intent doesn't have to change, but right now, if your intent changes, you have to change service because this doesn't expose a knob that you need in something else. So you have to rewrite a whole bunch of stuff. Like, I want like intent-driven infrastructure. Where it just does the magic. And it's— [62:39] Justin: I do think you just made the argument for Kubernetes though, as much as we don't like it, that's exactly why it's become prevalent is that it's ubiquitous. It's everywhere. You can write it this way. You can do a customized thing or you can do the other one that I never use. And they're generic, right? Any cloud provider, it's the same thing. If I'm running in my data center, if I'm running at home, this all works. [63:01] Ryan: That's fair. But at some point, you have to realize that that's not something that one person's gonna manage, especially— [63:05] Justin: Oh, 100%. Yeah, no, it all assumes so much work has gone into it already. And that's like, to make that generic experience is like just hundreds and hundreds of man hours. And that's what people don't really think about. [63:19] C: So guys, have you ever had a situation where you've put together an S3 lifecycle policy and something crazy happened and it cost a little bit too much money 'cause you were trying to rotate stuff down to a lower tier or auto-delete stuff without realizing what the intent was going to be. [63:36] Justin: You son of a bitch. [63:38] Ryan: I've never done that. Oh my gosh. [63:42] Justin: I'm making a face. I know the viewers or listeners can't see this, but I'm making a face. [63:50] C: So Ryan may or may not have done something, but I've done it too, where all of a sudden your intent is correct, but you don't realize what it's going to affect. And Azure this week has GA'd a mockability for Azure Storage Actions. Azure Storage Actions supports mocking runs in general availability, letting you simulate task execution across billions of blobs without actually executing or modifying any data. This particular feature is useful for validating retention expiration policies and previewing the key here. Storage tiers, cost optimizations, which obviously everybody wants to make their finance person happy, confirming compliance enforcement like legal holds, and verifying large-scale cleanups or tagging operations before they actually run is something that is asked for across a lot of people. But a practical workflow improvement that lets you create mock runs as a trigger type on storage task assignments review results and transmission and transition that same assignment to real runs without having to recreate it from scratch. Pricing is not available during this announcement, so we should probably check the actual pricing page to make sure that you're not going to pay out the butt for this feature that's going to help you not spend too much money. But it will, you know, likely be more of a consumption-based model would be my Guess to me. [65:17] Justin: Jokes on the Azure users, it's 2 cents more than the actual API calls would be. [65:24] Ryan: That comes out of a different budget. [65:25] Justin: We know how that works. [65:26] Ryan: That's a QA budget. [65:28] Justin: Yeah, exactly. [65:29] C: To plead my case, I know we talked about it years ago on the podcast. [65:33] Justin: I wasn't attacking you. Oh, shut up. [65:36] C: Yes, you were. [65:37] Justin: You know, the irony is that the hundreds of thousands of dollars I spent was in order to try to save money by introducing lifecycle. To an S3 bucket and— [65:47] C: But you did save money in the long term. [65:49] Justin: What I didn't understand is that in order to do sort of object level sort of tiering is it required a lookup on objects. And in this use case, which was a logging application that still gives me nightmares and makes me twitch, there were billions and billions and billions of objects. And so when I did that, it was, expensive. So this type of thing, if, if you know that when I ran this, it was something that in the UI it would've stopped me. It put a little popup and say like, are you sure? But because I was programmatically doing this, it didn't give me any kind of warnings or any kind of hesitation. It just let me do it and it cost a lot of money. And then I get to spend the next 6 months arguing with the cloud provider and why it's like, but this is your fault. No, it's your fault. And I lost But having sort of mocking options, like if this was available and I knew it was a tool and I put this in place, it probably would've caught me and I probably would've been like, oh, whoops. And I probably would've stopped. So I think this is a pretty cool feature and I'm really glad they have this and I don't think this exists on other cloud providers. Way to go, Microsoft. [66:57] Ryan: Yeah. [66:58] C: So. They thought of virtual machines. [66:59] Ryan: In your defense, in your defense, I think, you did save money for the business. [67:06] Justin: Maybe in the long run. [67:07] Ryan: In the long run. [67:08] Justin: Maybe. [67:09] Ryan: The problem is that they can tolerate an extra $50,000 a month, but they couldn't tolerate hundreds, you know, I blew a forecast up and finance was all up on me. [67:18] Justin: Yeah. Yeah. Yeah, for sure. [67:20] C: So there was one customer I worked with and we recommended they put a life cycle policy and it was after Ryan had told me this story. So. I was a little bit more careful and I actually did the analysis. And what we had to explain to them was this will cost you, I think it was, I don't remember the numbers. I think it was like $150,000 to run. Because like you, there was lots of small objects, but it was going to, the rate of return was, I think it was like $25,000 a month. Oh, slash, I'm making it up to make the math easy on the podcast as I'm doing this live. So we had to explain to them and then explain to their CFO, this, you're gonna write a check for $100,000, but in 4 months you're gonna save $25,000. And for this customer, S3 was, I think it was like $500,000 of their bill, and DynamoDB was another massive chunk of their bill. So like for them it made sense to do these things, but we had to explain it to them where You will get this uptick and it will take you time to get it back, but you have to understand that in the long term it'll be better. [68:29] Justin: And that's exactly— this feature is exactly that, right? [68:32] C: The mock hopefully will help with this, but this was 5 years ago, 7 years ago now. [68:38] Justin: So yeah, if I would've had this feature, the same thing would've happened. I would've done exactly what I did. The difference is I would've been able to give someone a heads up. And that would've been months and months of productivity return to me, you know, in this case. And so like, the value of this feature for me is fantastic and really makes, you know, Azure Storage, not enough to make me use Azure, but this specifically for storage makes it very appealing. [69:07] Ryan: All right, last story. DigitalOcean raises 2026 and 2027 revenue outlooks after AI-driven earnings beat, beat what, beat predictions? [69:21] Justin: Oh, hopefully, hopefully the street expectations, right? Yeah, yeah. [69:26] Ryan: DigitalOcean posted Q1 '26 revenue of $258 million. It's like pocket change. [69:33] Justin: Yeah, that's not a billion number. What the hell? [69:35] Ryan: Yeah. [69:36] Justin: Oh, right, DigitalOcean, right? We're cheering for the little guy. [69:39] Ryan: We are. Yeah, up 22% year over year, beating analysts' estimates. With AI customer annual run rate revenue growing 221% to $170 million, which is now a substantial portion of the business. I mean, they were lucky. I guess they had GPUs sitting there in racks and they probably got them at a discount. [69:58] Justin: And I wouldn't call that luck. [70:00] Ryan: They're going to monetize the hell out of that right now. [70:03] Justin: They got what they could and they ran. And I appreciate that. I don't know. I'm a big underdog fan. So I'm for DigitalOcean. I try to give them my money where I can, and I appreciate them being— [70:16] Ryan: yeah, people like you and I, we still have the places in our hearts for Virtual Private Servers and, uh, yeah, you know, PHPMyWebAdmin and all that. [70:26] Justin: Yeah, for sure. Oh, the PHPMyAdmin. Yeah, no, I, I tried to— I actually almost made that joke earlier in the podcast. That's funny. Yeah, when I was young Oh, we should not let him open. Oh, he's got access to the sound. [70:44] C: Oh no. You're welcome. Sorry. A little late, but I thought I would throw it in the middle of the conversation. [70:51] Justin: Oh, we'll edit it to where it sounds on time. [70:54] Ryan: Well, I think that's it. I think we're done for the day, right? Sorry, I mean, and that's it for the Week in Cloud. [70:59] Justin: Yeah. Another week of cloud news wrapped up. Vault will collect the news, Justin will get the notes, Jonathan will write some code, Ryan will watch the perimeter, and Matt will reluctantly watch Azure. Till next week for AI, Amazon, Google Cloud, and Azure, and hey, maybe even Oracle, who knows? Check out thecloudpod.net for our newsletter, join our Slack, message us on social media, And just so our listeners know, we're not doing an after show because Justin's not here to make us. [71:38] C: Sucker. Bye everyone. See you later, guys. Goodbye, everybody.