# 360: And you thought AWS was out of features for S3. Surprise! Duration: 82 minutes Speakers: Justin Brodley, Justin, Jonathan Date: 2026-07-01 ## Transcript [00:07] Justin Brodley: Welcome to The Cloud Pod, where the forecast is always cloudy. We talk weekly about all things AWS, GCP, and Azure. [00:14] Justin: We are your hosts, Justin, Jonathan, Ryan, and Matt. [00:19] Jonathan: Episode 360, recorded for June 23rd, 2026. And here you thought AWS was out of features for S3. Surprise! Good evening, Matt and Jonathan. How you guys doing? [00:32] Justin Brodley: Good, Justin. [00:33] Justin: Good. [00:33] Jonathan: Good to hear you, Jonathan. It's been a little bit. [00:35] Justin Brodley: Yep. Been busy. Busy, busy. [00:38] Jonathan: Busy, busy. AI. It's all AI all the time here on the show. So I'm sure it's just AI for you all the time too. And you're just busy. [00:43] Justin Brodley: It is. [00:44] Jonathan: You're just busy coding away with Claude and other open models on your beefy GPUs that you power and heat your house with now. [00:52] Justin Brodley: Yes, yeah, definitely. Sadly, I'm disappointed they've put the price for the RTX 6000 up by like 50% now. Otherwise I know I would have snapped up another one, but $13,000 is a little on the pricey side. [01:04] Jonathan: Yeah, I really regret that one because I was gonna buy it and I, and I was waiting because I wanted to see what Mac was going to do for the next, uh, the next Mac Studio with the hopefully M5 Ultra or M6 Ultra, and I was waiting and now I regret it. The joy. Yeah. This, this hardware supply thing needs to end because RAM prices are dumb. [01:24] Justin: Yeah. [01:24] Justin Brodley: I just read that DDR2 prices have gone up immensely as well, which is ridiculous. [01:30] Jonathan: Why? I mean, they're not even using those in AI. It's just because they can. [01:33] Justin Brodley: That's what people have, what people can afford to put in their machines, I guess, that they need to operate anymore. [01:37] Jonathan: It's crazy. [01:39] Justin: Yeah. [01:40] Jonathan: Matt, uh, I know you went to the AWS Summit. Uh, how was the summit? [01:45] Justin: You know, it's been a couple years since I've been, and it was as hectic as normal. I actually got my badge the day before, but I walked in about a half an hour before they did the keynote, and I was like, oh my God, there are so many people here. Now go try to find people. But somehow I ran into like 10 people I knew, even though I didn't know most of them were going. So, you know, shows how small of a world it still is. [02:09] Jonathan: Yeah. Uh, it's just like going to re:Invent. So just remember when, you know, re:Invent comes up very soon, it's basically the same thing. [02:17] Justin: So, yeah. [02:17] Justin Brodley: Oh yeah, I got an email reminding me to sign up for that this year. [02:20] Jonathan: Yeah, I got my email yesterday too, like, hey, registration's open. I'm like, uh, not unless you're sending me free tickets and I'm going to that. And even then, will I actually show up at the conference? Questionable. Will I just hang out in Vegas? Yes, yes, I will. And I'll hang out with my friends who are there at re:Invent, but going to the conference is a lot. I actually went to a conference last week as well. The Databricks Data and AI Summit, which I'm shocked there was people in New York because I thought they were all with me in San Francisco at this AI thing, because there was a lot of people at this event. At Moscone, it was full to the brim. [02:53] Justin: Moscone always, I feel like, gets filled and overwhelming. [02:57] Jonathan: It's a terrible layout. I mean, I, that's my least favorite conference center I think I've ever been to. Now, I haven't been to like Javits or or some of the others in like Boston and stuff. But you know, like of a major city conference center, it's my least favorite that I've been to. How's that? [03:12] Justin: Javits is pretty good. I'll let you know how DC is next week after I do the DC Summit because AWS planned it on the week of 4th of July. [03:20] Jonathan: Oh, that's brilliant. [03:23] Justin: I assume it was a cheap conference rate. [03:25] Jonathan: Do they also know that there's a huge amount of people coming for the 250 celebrations that are in DC? [03:31] Justin: I will be out before then. I'm leaving on July 1st before it gets too close. [03:36] Jonathan: Are you gonna go check out the green reflection pond? [03:41] Justin: You know, I've thought about it, but you know, you can't get too close. I saw it today. [03:45] Jonathan: Well, they don't want you to, they don't want you to cut the lining on the bottom. [03:48] Justin Brodley: You get arrested for looking at it. [03:49] Jonathan: Yeah. Don't tweet about it while you're there. You don't wanna get arrested. So, all right, let's get into real stories here. First up, AI is how ML makes money. For those of you who know, Claude has ability to create really nice front ends and they released a design interface that you could access on the web that has now come to the client and now integrates directly with Cloud Code through two new slash commands, /design sync, which pulls your design system into Cloud Code, and /design, which lets you create and manage design projects without leaving the terminal, keeping both tools in sync throughout the workflow. The rebuilt design system import supports GitHub repos, design files, and raw uploads, with Claude automatically checking its output against your components before rendering results. Enterprise admins can lock down a single approved system to enforce consistency across enterprise teams. Anthropic updated the usage model, so Claude Design now shares a token pool with Chat, Claude Cowork, and Claude Code rather than having separate limits, which should give most users more headroom and reduce how often they hit caps. Or you'll hit it just as much faster because now you're competing with your Claude Code, which is what happened to me when I tried it the first time, and I was like, ah, I'll have to come back to this. You can export and integrate into Adobe, Canva, Gamma, Lovable, Miro, and much other AI tools that I've never heard of. And standard PDF and PowerPoint formats, making it easier to move finished work into existing production pipelines. It is considered still beta on the Pro, Max team, and Enterprise plan. Lots of tokens, so be careful. [05:11] Justin: Well, I've used it just playing around with it. It produced really nice things. Just I used half my session tokens real fast with iterations and things like that. So I would be careful using it, but it does great front-end design. I mean, you can start to see I don't know if you guys have noticed it on the internet too. Like I can tell sometimes when they're Claude designs or what feels like it because it follows the same color schema as the defaults and the way I laid it out and everything else like that. [05:39] Jonathan: Yeah, they have a very consistent brown taupey color pattern going on. Very reminds me of sand dunes. That's the Claude design pattern that it defaults to, is my experience. So yeah, I'm actually, I'm looking forward to potentially getting this design sync in place and actually syncing a design system that doesn't look like Claude's default design system, because I think it could be pretty nice. [06:00] Justin Brodley: Yeah, it's super nice. And I've used it a couple of times. I used it for my personal pet project, which I'll share later if we have time. But the absolute best thing about it is I, you know, I built the app first, didn't touch the UI, and then I got it to generate like sample datasets for every API response and pass that into Claude Design. And I said, build me pages that consume this format, data and it was like one shot and done to give it the design files. Just, just amazing. I'm glad they added the, the integration with Claude Code because otherwise it's kind of click a button, copy a link and then ask Claude Code to visit the URL and then it's kind of, it was a little clunky. Yeah. A little, little clunky. And especially if you need to go back to it to say, hey, now make me another page. But I think Claude's been pretty good about, about following the design once it's, once it's written. You don't really need to go back to Claude Design once you've got the, uh, the structure in place, all the primitives in place. Yeah, it's a really cool tool. [06:57] Jonathan: Yes, very cool. All right, well, the Data AI Summit from Databricks had a ton of announcements, more so than even Snowflake did a couple weeks prior. We won't go through all of these because it would take about 3 hours to get through all of this, I think, because I think we started with like 30 pages of notes that I had to cut down. There are a couple highlights. I'm not going to talk about these in depth because A, I don't understand them well enough because I'm not a Databricks expert. I learned a lot at the conference. I talked to a lot of people who love Databricks. Yeah, so I have more understanding, but I'm not an expert in any of these. So they introduced Lakehouse Realtime, which is a real-time performance for the unified lakehouse. So you don't have to wait for all the ETL work. It basically does it continuously in the background. There's a new Genie ZeroOps, which gives you AI automation for your Databricks data lakes. So you don't have to manage them as much, which, you know, knowing my ML team friends, they're going to love. There's now Open Sharing, which is the next evolution of Delta Sharing for Agentic Era, uh, which basically is around, uh, Iceberg and other compatible formats and MCPs let you access that data. Lake Flow is their new, uh, era of Agentic data engineering, uh, with the Genie Code integration. Again, AI was everywhere. Introducing Genie One, Genie Agents, and Genie Ontology, which is an addition to the existing Genie AI, which was very siloed. So you'd basically create a genie for marketing and it would answer marketing questions. Then you create a genie for IT and it would just answer IT and you'd have to go between all these different genies. Now Genie-1 unifies all of that, which seems like an obvious design flaw, the original version, but I wasn't following it close enough to call it out then. Unifying data and governance in the agentic era with a bunch of new capabilities around agentic governance. Lake-based search, which is a new native retrieval RAG-based model for vector for on top of Lake-based Postgres. So if you're using Postgres on there, a new Unity AI Gateway if you're into the Unity Catalog, and then a bunch of other great announcements. We'll go over all of them like I mentioned, but overall I'd say if you were in the AI space, you were probably at this conference or very much paying close attention to it. I was surprised how much they announced in two keynotes. As well as throughout the rest of the conference. A lot of stuff, a lot of new things. A lot of people were very excited about the new toys. The governance models in particular got a lot of traction and they also have some security stuff. I even learned they have a SIEM. Did you guys know they have, they bought a company and they have a SIEM? So yeah, they're really cool. [09:24] Justin Brodley: I read that. [09:24] Jonathan: SOC capabilities as well. I sent that over to Ryan so he could check that out as well. And we were commenting as we were watching them demo it during the keynote. He's like, I didn't want to like this, but it's pretty nice. And I was like, yeah, this is kind of cool. So that was his hot take at the time. [09:38] Justin Brodley: Yeah, that's cool. I think Databricks and Snowflake are both, they couldn't have been accidentally better positioned in the market to take on all this AI work because now they've got everybody's data. It's already resident there. It costs money to move it out. Just add the features, let people do whatever they need to with the data in place. They're perfectly positioned. [09:58] Jonathan: Well, you know, we were about to start talking about Databricks and then our cloud hosting provider for the podcast recording decided to, to take a break. So we, we were unable to keep recording. And so now Matt and I are back. Uh, we couldn't keep Jonathan around. The service is back up. And so we're gonna finish this up, but, uh, maybe we'll, we'll cut down the amount of stuff we're gonna talk about for Databricks. Because I think that, I think it was Riverside telling us, look, you, you don't, don't talk about that. [10:24] Justin: You don't want to talk about that. [10:25] Jonathan: That's, that's kind of what I feel like. So we're, we're gonna make up for that and we'll just get through this. And so, uh, it's either that or we're not gonna have an episode this week at all. And we felt like you guys deserved the episode. So here we are. All right, so Databricks Summit. I'm sure Elliot will do his magic and cut in at least the beginning part of it. And so I'll just tell you what some of the highlight announcements, and then we're going to move right along past Databricks because, hey, I don't know that Matt and I could on a Friday now that we're recording this because, you know, this happened earlier in the week and this is the first time we failed to reconvene ourselves. I don't know if we can make it through our full Databricks pitch on a Friday afternoon after a full week of work. [11:00] Justin: It's not at 8:30 on a Friday. I'm not there. [11:03] Jonathan: Yeah, so basically lots of great improvements to things like Lakehouse. They have the new, uh, unified real-time performance capability. So, you know, if you were unhappy that your Databricks system required you to ETL data, you can now get it real-time as long as you put all the work into it. New AI capabilities to make all of your operations zero ops, as they call them, so you don't have to pester your DevOps folks. A new open sharing capability to compete with, uh, Snowflake's sharing capabilities. So if you, uh, need to share data between your SaaS vendors and different providers and you use Databricks, you can now do that through those methods. And then Lakeflow is our new Agentic data engineering capability. The Genie products have now got expanded. So Genie was announced last year, but it was kind of like an AI for like specific departments. So you would have like a Genie for marketing, a Genie for finance, but now they have Genie One, which makes it so you only have one Genie that can now cross all those things, which Seems like a much more logical way to do it anyways. I was kind of surprised they had done that in the line of silos beforehand. [12:04] Justin: You get one bottle that you get to rub, Justin. [12:07] Jonathan: Exactly. [12:08] Justin: That should have been our show title. Something about genie in a bottle. [12:10] Jonathan: That should— how do we miss that? How do we miss that? [12:13] Justin: I don't know. But 4 days later we come up with better show titles. [12:16] Jonathan: Yeah, that's how it works. Unifying data governance. Lots of things about data governance if you care about that. Some good features for Lakebase for that. Uh, Lake-based search now gives you new agent-native retrieval capabilities from PostgreSQL, so you can simplify your database connectivity needs. There's a new Unity AI gateway for all your models, agents, MCPs, and tools, so you can manage them through a single point and monitor, govern them, monetize them, whatever you need to do to them. And then the other thing I learned, they have a— their SIEM product, they apparently bought a company right around RSA that is creating a SIEM based on top of Lake-based So if you need another vendor to compete with you for SIEMs, Databricks. And both Ryan and I were watching the keynote and he commented, I really didn't want to like this, but this is pretty cool. And I was like, yeah, no, this is pretty good. So if you're in the market for a SIEM, you know, I wouldn't sleep on Databricks. It looks pretty compelling. Yeah. [13:08] Justin: I mean, I feel like a lot of the legacy players or the straight security players are only so— they've only done so much innovation because kind of once they have you, most people don't ever move, at least from my experience. So if you do have the option, you know, always evaluate, especially these new ones or these less known ones, 'cause they are getting much, much better than, you know, your Palo Alto or your Rapid7 MDR or any of those ones that just, they do their thing. I'm not saying they don't do it well, but I feel like they don't innovate nearly as much. [13:39] Jonathan: Yeah. Well, they have a customer base and they have to do testing where some of these new companies come in without the baggage, without the legacy luggage., and they're able to use more modern agentic methods. And so some of them are really interesting. Some of them are also very lightweight in features though, because again, they, you know, they vibe coded or built out what they thought they would be a good product. And so it could be interesting if it hits your niche, but, uh, they're not typically as widespread or wide feature, you know, don't have all the features that other more mature players have. So your experience will vary. That's about all I can spend on Databricks at this point. [14:12] Justin: I'm not gonna lie, that was more than long enough. [14:16] Jonathan: Perfect. All right, let's move on to OpenAI. They released a new credit usage analytics and updated spend controls for ChatGPT Enterprise, available to you now in their global admin console. Admins can track credit consumption broken down by user, product, and model, and access this data programmatically via the unified cost API. And you might think that's very funnopsy of them, and you'd be right, because they worked with Appdew to basically build out this capability along with Anthropic and others in the focus groups from FinOps. So these spend controls allow admins to set default workspace-wide credit limits, configure limits for specific groups, and create individual overrides for high-use employees like myself. This replaces a one-size-fits-all approach with tier control that can accommodate power users. Employees can now view their own credit usage within workspace settings and submit requests for additional credits within ChatGPT, which I would love this feature in Anthropic. [15:04] Justin: Oh my God. So much. 'Cause I, I'm on the same level as everyone else in my company and I think I hit my 5-hour limit about 2 hours in. I was like, I guess I'm done working guys this week. [15:15] Jonathan: Mm-hmm. Yeah. So being able to be able to have, but to have that workflow right there in the app would be great. 'Cause like right now, you know, we have them go through a ticketing system and they have to go make the requests and then they get annoyed 'cause like they're slowed down waiting for someone to approve it. And can we find the right approver? You know, their manager needs to sign off on it. Like there's so much to it. [15:31] Justin: In a large company, I get, you know, your IT department wants to funnel it through. They need their metrics, they need everything else. So like, I get that. But, you know, a smaller or medium-sized business, like speed is key. And like, people are like, well, why, how are you using so much? I'm like, well, I'm using the chat to design a solution for one customer. I have it going to build a, I don't know if you've ever played with the AWS Cost Calculator, but you cannot they don't have a true MCP that gives you back that URL. You can get the pricing MCP, which is great, but I need the URL for what I do now. And then like on the backend, I was coding something else, then they're like, well, which of the 3 features are you using? I'm like, all of them. And they're like, are you serious? I'm like, yeah, should I not be? Should I slow down? Like, you tell me. You know, so especially like, you know, you and me and probably other of our listeners that are on that higher tier, Having that by-user control really makes a big difference. [16:28] Jonathan: Yep, totally agree. Claude Tag has a new feature from Anthropic this week that introduces a new agent identity access model where AI agents get their own dedicated service accounts rather than borrowing individual user credentials, allowing Claude to operate across shared Slack channels, GitHub, and data warehouses on behalf of an entire team rather than just a single user. Permissions are scoped at the workspace and channel level rather than per user, so admins can grant the engineering channel access to GitHub while configuring CRM access to separate private channel, uh, with each private channel getting a distinct Cloud Identity that cannot cross into other channels. Revoking a Cloud Identity easily removes access across all connected systems simultaneously, which simplifies enterprise access management compared to auditing individual agent actions. And every network call, memory write, and routine executed under agent credentials is logged in the audit trail, and outbound traffic to any host not explicitly allowed by an admin is blocked. They were very excited to send me an email today about this at the day job, and I laughed because they're like, you Slack, right? Nope, don't use Slack. Bring this to Teams. And I'm very excited for this capability, but I have been playing with it in one of my other Slack channels with my personal Claude account, and it's pretty nice. So definitely a good little feature. It's a little bit clunky right now, but I, you know, mostly tied to limitations, I think, of how bots interact with Slack. But I see the potential. I think it could be really cool. [17:50] Justin: Yeah, I mean, the general of not using my user account for everything, for, you know, agent identity, for agents, is definitely going to be key more and more over time, especially in, you know, pretty much any business that wants to have any level of security. So I think it's important that they keep building these out, and hopefully over time they'll make them be a little bit less clunky. [18:12] Jonathan: Well, hopefully they, you know, can start working through some of the permissions things, so they can fix it at at the agent level where it understands, you know, user context versus service context and things. Because the risk you have of this is that, okay, yes, you took this Claude identity, you restricted it to this, but what if someone adds somebody who shouldn't have access to that Claude agent to a Slack room? And then they ask the thing like, well, what's our, what's our financial data? Or what's our other data? And it gives that person that data. But if it has, still has the user context, then it can at least say like, hey, you're not authorized to see this data. Even though you're maybe added to the Slack channel, but that doesn't quite have that capability yet. So this is the buyer beware, you know, if you make a room and you give this Claude agent have access to your CRM and then only people who are in sales are supposed to be in that room, you better make sure only sales is in the room. [18:58] Justin: Yeah. I mean, that's really like built-in suspenders. I feel like right now they're just, they're giving you the rope to hang yourself. Use it. [19:04] Justin Brodley: Yes. [19:04] Justin: Use it wisely. Otherwise you will get, you know, in trouble. Hung, I guess, would be the right verb at the end of that. I'm not sure where that analogy actually goes. [19:13] Jonathan: Yeah. [19:15] Justin: Nowhere pleasant. Let's put it that way. [19:17] Jonathan: Definitely nowhere pleasant. Moving on to security, Cloudflare has also provided something for us in the AI agent identity space. Temporary Cloudflare accounts to be used with your AI agents. These are temporary ephemeral accounts allowing you to deploy workers via the Wrangler CLI using a new temporary flag. Without requiring any prior account signup or authentication flow. Deployments stay live for 60 minutes, during which a human can claim the account permanently. If unclaimed, the account and all associated resources are automatically deleted. Vija addresses a practical problem in agent workflows where browser-based OAuth flows and MFA prompts create hard stops for background agents operating without a human in the loop. Wrangler has updated the service— the temporary flag in its output messages so agents can discover and use it without explicitly human instruction. Nailing a write-deploy-verify loop without manual interventions. Cloudflare is pairing this with a broader effort including a Stripe partnership for agent provisioning accounts and WorkOS collaboration on OAuth standards for agents, suggesting a broader push towards standardizing how agents interact with cloud infrastructure. [20:14] Justin: I mean, getting these, uh, credentials down, you know, kind of the same thing we just talked about too. You got to make sure that your agents are of limited access, or, you know, and right now you have the belt with that, and then the user context will come in the future with the suspenders to make sure people don't do dumb things. So, I mean, it's great they put the short TTL on it, you know, 60 minutes. So that's pretty good, especially like when you're debugging or, you know, you or I are just building something out right now. It's nice to have that short-lived life. So you, if you have 500 of these things out because you don't understand how it works yet, it will kill itself pretty quickly. [20:52] Jonathan: Yeah, I mean, uh, it's definitely nice. The workflow of having to create a user account in something like Cloudflare that's impermanent is kind of clunky. So, you know, not having to do that and MFA prompts and all that, it's— I definitely like this idea, but it also, you know, again, even in a 60-minute window, you can do a lot of damage to a Cloudflare account if these aren't properly secured. So again, going back to belt and suspenders, uh, you know, buyer beware. [21:18] Justin: Isn't the default for AWS IAM credentials, like with your EC2 role, like 60 minutes too? I feel like that's kind of a little bit the default. And I feel like pre-signed URLs too, while you can do a lot of damage, it's not a terrible timeframe. I mean, if Ryan was here, he would say he wants 60 seconds. Let's be honest here. Security person always wants less. [21:41] Jonathan: I mean, he's not that mean of a security guy. I mean, he came from the DevOps side, so he at least understands like, hey, you sign stuff to do real work. Yeah, uh, so I mean, Ryan's not that bad. [21:51] Justin: I know, I'm just making fun of him because he's not here to defend himself. [21:54] Jonathan: I mean, he is an Eagles fan, or, you know, so that's the bigger challenge. Yeah, yeah, he's not here to defend himself. He hates the Eagles. All right, uh, other Cloudflare news this week, uh, they've released Cloudflare OneStack, an open source set of agent skills hosted on GitHub that helps automate the deployment to configuration and management of zero trust network environments without requiring deep prior knowledge of Cloudflare's product suite. The stack ships as two SCaLE files: Cloudflare One for general product guidance like VPN replacement and policy management, and Cloudflare One Migration for translating configurations from vendors like Zscaler and Palo Alto Networks into equivalent Cloudflare constructs. When paired with Cloudflare Code Mode MCP Server, agents get a typed interface to the live Cloudflare API, allowing them to query account configurations and make changes through recommended workflows rather than ad hoc API calls, while keeping the credential out of the model context. Migration logic in the stack is the same used in Cloudflare's existing dscaler and dscope programs, which have moved enterprise customers from zscaler and netscope to Cloudflare One in hours rather than months. And this takes— makes that capability self-serve for any customer or partner at any time. This announcement also just taught me that Cloudflare has a zscaler and netscope competitor, which I did not know. Yep. [23:03] Justin: I think I did know that. I think they do have like an always-on VPN that routes through them. It's kind of what I thought it was, but I mean, I don't know that it's, I'm gonna say heavily used, but maybe that's why they're putting this out there so that people can have a better understanding of how to migrate. I mean, I think this is a great sales tool also. You know, hey, we're looking at these things, cool. You know, if it's you or me or Ryan or, you know, anyway, looking at these things, I don't look at most vendors unless if they support some Terraform at this point, you know, and this might be a thing in the future. Do you have these tools to help migrate? Do you have the appropriate MCPs, you know? In 3 years from now, these might just be the, my requirements without realizing it that I just need in order to do things. [23:47] Jonathan: Yeah. One thing about Cloudflare is their, their UI and, and console is so hard to navigate sometimes that I think like they have a lot of really good features that are just kind of buried. Uh, and like, I see, like, I'm looking at the website right now, just while we're talking, and I'm like, yeah, they have a whole column of CASB, SASE, secure web gateways, data loss prevention tooling. Like I just didn't think I knew about any of it. So typically looking to them to do DDoS protection and CDN, and that's the two things I look at first. And then I know they're into bot protection and making AI's lives difficult. And then I knew they had a bit of a serverless piece, but the rest of it I didn't know. So some research to do later. [24:28] Justin: Yeah, it's amazing how many things they've expanded into without, without us realizing. I mean, I knew they had like the workers at the edge and the R2 and things like that, but I didn't realize the depth of the security and zero trust setups that they had. [24:43] Jonathan: Yeah. I mean, I knew, I definitely knew they were trying to get more and more into security. I didn't realize how far they had gotten. So that's good to know. [24:50] Justin: Yeah. They have email security, AI-driven email security. [24:53] Jonathan: I saw that. I mean, I have the best, we have the best spam filtering solution at my day job that I, I'll trust no one else's email filtering now after using it. I'm like, every company I go to, I'm going to recommend this tool because it's so good. Which, do I remember the name of the tool to tell our listeners right now who are all like, what's tool? [25:11] Justin: Uh, no, I can't remember the top of my name, but I was going to prompt you for it, but I felt like since you didn't say it, there was either a reason you didn't say it or— [25:18] Jonathan: I know, I was literally thinking like, what's the name of that tool? Because it's really great. And I'm realizing I don't know the name of it off my head because it's so, it's one of those things like you said it and you forget it and you never touch it again. And, uh, yeah, so it's, it's good. If Ryan was here, he'd be able to tell me cuz he, he helps manage it, uh, on a day-to-day basis. [25:36] Justin: But back in the day, and I'm thinking like 15 years ago, was like we used to have Barracuda spam filters and those were, and those were really good cuz they also would do, um, email, like, you know, secure pickup back before there was like better systems for it. So whenever we knew like every company had to have it, 'cause we were an SEC registered company, that was a pretty nice system they had. [26:01] Jonathan: Oh, Abnormal. Abnormal Behavior Platform is what it's called. Uh, and it's great. I highly recommend if you are looking for something to help solve like not only, you know, phishing attacks, uh, but also like spam, uh, prevention and reduction. Like I went from probably 300 to 400 emails in my mailbox a day that were just complete junk spam, terribleness of the day job to now That never makes it to me. And, and the nice thing is that it moves them into a folder. So like they go into a junk email folder and there's a promotions folder that it creates automatically. And then, uh, and if you go into that folder, all those emails that you would've got in your inbox are now there. And if you like them, you just drag them back to your inbox and it learns as you go and it'll stop putting them in there, which is really nice. You don't even have to go to like another console. That's why I don't remember the, couldn't remember the name. I'm like, 'cause I never go to it. Because you don't need to. It's just all, it's all based, based in your mailbox, which is so nice. [26:54] Justin: But anyways, if you're looking for that tool, so we should get them to be a, uh, sponsor. [26:58] Jonathan: Yeah, they should sponsor us. [26:59] Justin: We're selling them so much. [27:01] Jonathan: Yeah. I mean, I would, it's one of these own, I wouldn't even take their money at this moment cuz I just like the tool that much, but I would take their money cuz I need it, but it's fine. Yeah. Helm pay for all the podcast stuff. AWS this week, uh, Amazon S3 annotations now has a new metadata capability that lets you attach up to 1,000 named annotations per object. Up to 1 megabyte, totaling up to 1 gigabit per object in formats like JSON, XML, YAML, and plaintext. This addresses a longstanding limitation where rich object contexts had to live in separate databases or sidecar files requiring complex synchronization. Annotations are immutable and move automatically with objects during copy replication and cross-region transfers, which is a meaningful improvement over the existing 10-tag limit and 2 kilobyte user-defined metadata headers that S3 had historically offered you. When S3 Metadata is enabled, annotations automatically flow into Apache Iceberg-backed annotation tables queryable via Amazon Athena, with backfill support for existing annotated objects. And the tables adapt to JSON, XML, and YAML structure without schema migrations, and you can also query them using natural language through the S3 Tables MCP server. Practical use cases include media companies tracking AI-generated scripts and content ratings, financial services attaching sentiment analysis to research documents, and life sciences teams annotating clinical trial data for compliance audits without needing to restore archived objects from S3 Glacier. Annotation storage is billed at S3 Standard rates regardless of the parent object storage class. So teams storing annotations on Glacier objects should factor that cost difference into your planning. And so, you know, this was, when I saw this first, I was like, well, didn't they already announce S3 Metadata? But it's really the fact that this is actually now tied to the object versus being something that was, you know, basically entered into Apache Iceberg and you had to kind of keep them synchronized. So this is a pretty handy improvement. And you know, I kind of got to the point where I thought S3 had all the features it could possibly have and they just keep surprising me. Like they added vectors, now they've added this. It's a, yeah, foundational service that keeps on growing. It's kind of great. [28:55] Justin: Yeah, I just always worry at one point if they're gonna wreck the stability, but I feel like that's so like, at this point I assume it's almost different teams that are just using S3 differently. Like I always think this is a different, complete different service that's not even touching the raw S3, or like it's a very strict contract between the two teams around how it works, because like replicating a gigabyte metadata per file is a ton for text. Like, that is— I want to know where and why they came up with the size of 1 gigabyte per object. [29:30] Jonathan: Well, but it's, it's really— you can attach a 1 megabit item per annotation. So it's just, you can have a, you can have 1,024 of those items attached to it if they're all 1 megabyte in size. Uh, okay. [29:43] Justin: I missed that part. [29:44] Jonathan: Yeah. So it's not like you're putting a 1 gigabyte of metadata orientation. [29:47] Justin: That's what I thought. I was like, how is that useful? [29:50] Jonathan: You have a bunch of different, uh, pieces adding up to a total. So, well, the New York Summit happened this week as well. And, uh, AWS Continuum is apparently a new security service in gated preview that automates the full vulnerability lifecycle from discovery and prioritization to validation and remediation using AI agents. Operating within guardrails defined by your security team. The service addresses a common pain point where teams already have vulnerability findings but spend significant time on manual triage, exploitability validation, and cross-team coordination before fixes are deployed. Continuum handles that middle work automatically. A notable technical detail is the sandbox-based exploit validation, where Continuum builds producible proof of exploitability in an isolated environment before flagging a vulnerability as confirmed, reducing noise from theoretical findings. Continuum integrates with existing AWS security tooling, including GuardDuty and Security Hub, and absorbs the previously separate AWS Security Agent capabilities under a unified product umbrella as Continuum Penetration Testing and Continuum Code Scanning. A new threat modeling feature is also launching in preview, automatically generating STRIDE format threat models from design documents or source code, which could reduce the manual effort typically required during architecture review processing. [30:56] Justin: This is extremely nice. It reminds me a lot of what GitHub did with their security feature where they're trying to help you prioritize and say, sure, while you have 37 highs in this repo, only 6 of them are actually proven to be exploitable, not just theoretically. So like actually prioritizing vulnerabilities, because if you have a large code base, it's going to happen. It's impossible to not between other libraries. You know, if you're doing SCA, in your application code, you're always going to have these in there. So prioritization is the real key and, you know, it reducing the noise and saying, okay, focus on these highs. Yes, you should get through all your highs. You should try not to have highs in your application in general, but trying to scale it down to these are the ones that are actually there. These are the ones to go. And I, I really do like it. I missed it during the announcement, the where they actually will try to exploit it yourself, themselves, which I think will probably take a little bit to get out of sandbox. But that's really nice too, because cool, maybe you have another control in place. So while this has a high finding of, you know, reverse path or something along those lines, you've mitigated it somewhere else in your code. So yes, you have a high, but you have, what's the term, compensating, uh, mitigating, compensating controls in place, you know, to protect yourself. So I think this is a really good improvement because, and it can be over time, the de facto centralized location for everything. So if they keep moving this time, maybe they'll expand CodeCommit to have some of these things built in too. [32:35] Jonathan: Yeah, it's very possible. I mean, I think the, I think I've ranted about on the show for our long-term listeners, you know, about the problem with tools like Qualys is the overall lack of context. And, you know, my perfect example of this is like, hey, you've identified that I have a high severity vulnerability on the NetApp filer I run. And that NetApp filer is at the core of my system, protected by 7 other layers of security. And so if a hacker gets to the NetApp to hack that high vulnerability, I have much, much bigger problems that are recurring in the system. But, you know, it's that context that's missing in the tool like Qualys that says that this is a high vulnerability. So this continuum thing is great because, yeah, being able to red team it You know, the fastest way to get an exploit fix is to be able to prove that it's exploitable. I mean, I literally had a red team at a prior company where, you know, they would come and they would say, hey, we need to talk to you about this thing. And you're like, okay. And it wasn't theory. It wasn't like, oh, there's a vulnerability and you guys should know. They're like, no, no, there's a vulnerability and I want to show you how I breached it. And it's like, okay, cool. I'm going to go back to my desk and I'm going to code a fix for this right now because you just showed me how you did it relatively easily. And now again, like those guys were brilliant and they're very smart, but, uh, so are the hackers, you know, so are hackers. Yeah, exactly. [33:50] Justin: So yeah, I mean, proving the vulnerability and the mitigating controls in place. So like there was a couple of companies ago where I was advising, they were like, yeah, we have a vulnerability, but in order to attack that vulnerability, you would have to be already in our system. And this goes to like your NetApp's file or thing like They're already on in the system. This one other thing to escalate the permission, one, sure, technically is a high because it's a privilege escalation attack, but they had to get there somehow. And that's an internal subsystem. Like, and that's where like any of these, any of these systems, I feel like you always need a good security person. And we'll say Ryan in this case, you know, to actually go. [34:38] Jonathan: At least had a good security. No, I'm just kidding. [34:39] Justin: Well, I make fun of it enough, so I thought like, you know, we should, you know, give it a chance. [34:44] Jonathan: Try to be nice. Yeah, I get it. [34:45] Justin: Yeah. You know, like I've worked with Riot in the past, you know, as a client and as a friend and on side projects. It's like you take, you take the vulnerabilities and you're like, okay, which are the real ones that we need to attack? Because if I have infinite time in the world, I would love to attack everyone. But tell me a product team that doesn't have 500 things on the backlog for your engineering team to do. And never on that list is, hey, go improve the, go fix your, you know, medium-level vulnerabilities. [35:14] Jonathan: Exactly. Or your lows until the low becomes exploitable and high. But that's where, you know, things like Mythos are also coming into play because they're showing, you know, you can use, you can stitch a bunch of low ones together and to turn into an interesting exploit. So yeah, I think our whole worldview of vulnerabilities and exploits is going to probably have to start changing with AI speed. Which is, you know, good that we have the tools to help fix the problem, but it also means that we have to be much faster about it. [35:39] Justin: There was a stat that my old security person told me that one, like, 70% of companies getting breached are through known vulnerabilities that, like, some system or something they just didn't patch. And then the time from a vulnerability getting published till the time it gets getting exploited is down from, like, 20 days or something like that down to like 2. So essentially when, as soon as Microsoft releases their Patch Tuesday, you have till like Tuesday night to Wednesday to patch your systems at this point. [36:12] Jonathan: I mean, if you're in FedRAMP, you have like 7 days to patch. [36:16] Justin: Yeah, well, not anymore. [36:17] Jonathan: Not anymore. All right, next up, AWS Security Agent, which has now been moved into AWS EKS, also got some new features with the, you know, after it's moved past its preview from last year's re:Invent., to now cover the full software development lifecycle, including threat modeling, design reviews at design time, code review at development time, and penetration testing now drawn available at deployment time. The new threat modeling tool we just talked about a little bit previously with Stride, but the code review capabilities now support GitHub, GitLab, Bitbucket, and Confluence with pull request scanning that validates findings in simulated environments to confirm actual exploitability rather than just flagging potential issues. And then it has a new Kiro Power and upcoming Claude plugin, uh, to let developers trigger security scans, generate threat models, and remediate findings directly from their IDE. About context switching using an open MSP integration that works with any AI-powered IDE. Uh, you get a 2-month free trial with full pricing details on the product page available to you now. And it is not terribly priced for what it does. I mean, again, like these, these are tools you're spending a lot of money for like threat modeling. Um, so I overall, I was not too scared off by the pricing on this one. It is expensive for what it is, but because it has to be. [37:22] Justin: Yeah. I mean, any of these tools. That do any of this are not cheap to start off. Like whether it's, I feel like Snyk is the big one out there that everyone attacks, you know, it's not a cheap tool to do. It's based on number of developers and things like that. And it wouldn't surprise me if they start to figure out how to change their pricing model because, you know, how many lines of code did you produce in 2018, Justin, versus how many lines have you produced in 2026? [37:49] Jonathan: Yeah, quite a bit more. [37:50] Justin: Yeah, some of these companies are also gonna have to change their pricing models too. [37:54] Jonathan: Yeah, so if you were to run one task for the entire year and not turn it off, which again, this is pay as you go with no commitments or anything, it's almost $500,000 a year to run this. But again, the way they count as a task hour, which is how this is billed, is a task represents active work performed by an AWS Security Agent during a penetration test. So this isn't you running it all the time. So that's the wrong model unless you're doing a lot of code changes. But again, this is really around, you know, the time it's doing to actually do the penetration testing, to do the different scanning activities. So it should be less than $500,000, but that's worst case scenario. And like even their examples there, you know, a development team runs a penetration test on a new API. AWS Security Agent runs multiple tasks in parallel, completing a comprehensive test in approximately 1 hour while consuming 3 hours, 27 minutes, 46 seconds of cumulative task hours for $173. So I mean, it's not crazy, but it's also, you know, it's a security tool. So just be prepared. [38:47] Justin: They're not cheap, but you need to have them because otherwise your business won't be around for long. [38:51] Jonathan: Yeah, your hack is a lot more expensive than the tool was, trust me. The breach and the remediation of your breach. [38:58] Justin: Then the customer apology tour and losing the customer because of it. Yeah, it doesn't end well. [39:04] Jonathan: No, it's not great. AWS DevOps Agent now includes release management capabilities, now in preview, adding pre-production code review and autonomous release testing to its existing post-deployment incident investigation features. Effectively covering the full software development lifecycle. The Release Readiness Review feature evaluates pull requests against user-defined natural language standards for general best practices, checking cross-repository dependency risks, access control changes against the Well-Architected Framework, and runs lightweight functional tests in an AWS-managed isolated environment before code enters the pipeline. The Autonomous Release Testing feature goes beyond static test suites by reasoning about what a specific code change does and generating tailored test plans covering functional correctness. Behavior regressions, and integration scenarios, producing structured artifacts including metrics, logs, and traces for each run. Findings surface in multiple places including the DevOps Agent console, GitHub, and GitLab pull request comments, and directly in IDEs via Kira or Cloud Code plugins. The recommendation is categorized as block, proceed with caution, or safe to release. Both features are currently available at no additional cost during the preview, but they are limited to US East North Virginia region, with GitHub and GitLab repository connectivity required to get started. [40:09] Justin: I mean, it's interesting. Years ago, we've— they only had, for the longest time in the software development lifecycle, they had the code— I'm going to say star, but not actually saying the code star products, you know, CodeCommit, CodeDeploy, CodeBuild. And it's interesting how much since AI has come out, they really started to not just be your build, your deployment system, but trying to get into the actual SDLC, trying to get into all these things. I think some of it's also them pulling out pieces of what Amazon does into, into the best, into the world and, and providing it to people. So, you know, I think these are great features. I think that they're not gonna be cheap, but doing this right and doing it at the beginning will really make you as a business be able to move quicker and faster. You know, that's, The philosophy of, you know, the DORA reports and things along those lines is showing the metrics associated with it. And this is a tool that can help you hit those metrics and make your developers happy and get those features out for your customers. [41:14] Jonathan: And no company had enough DevOps engineers, right? It was one of the, you know, like AI engineers, DevOps engineers for a long time were highly coveted and highly expensive. And so, and they are, you know, not to diminish that, like they are valuable and they have a ton of value, but like you also don't want them working on trivial stuff like your CI/CD pipeline most of the time because that's, you know, that's stuff you can automate pretty heavily. And so being able to have this stuff and automated testing and rollbacks and the capabilities that you're getting here with AI, it becomes like a force multiplier in such a big way that I think companies are, who are not already investing in SRE agents and DevOps agents and automating parts of their CI/CD pipeline with AI, I think you're missing out. Yeah. [41:55] Justin: Now I'm like, hmm, what should we add to Vault this week? But I don't really think I need for all those things. [42:00] Jonathan: That's, that's the problem for a lot of these things. [42:01] Justin: I'm like, I really wanna play 'em a with them. I just don't wanna pay for them. [42:05] Jonathan: Yeah. Well, and it's, you know, it's like we, we had an outage of our, of our podcast service and Jonathan's like, I could build a new one. Like, and yeah, we were talking about this exact thing. It's like, okay, well, you know, the, the barrier or the moats of SaaS products, you know, are diminishing in some ways. Like I look at Calendly and I'm like, look, if I had to, if I only had to schedule maybe 20, 30 meetings a month with people and it was a pain to coordinate, I could totally make an agent do that. I need to, I need to do hundreds of, uh, you know, schedules per month 'cause I'm a recruiter or something like that. I'm definitely gonna pay Calendly. But the problem is that that's not good for Calendly because they're making money on people like me who only need 20 a month and they're also making money on people making, you know, 200, 300 events a month. But like, it's kind of the challenge they have is like you have to be able to create enough value that You know, what you did as your core previously is probably not enough now. And so that's kind of one of the interesting challenges why you're seeing some of the SaaSmageddon stuff is because of companies like Calendly and smaller ones who their moat isn't there. And that's what the market's trying to figure out is like, who has a moat, who doesn't have a moat, who's at risk of being impacted and who's not. [43:13] Justin: I mean, look at, you know, my dad's a small business. He has some tools he pays for. I was like, you know what? I'm just gonna go write something very specific for him. And my father-in-law, the same thing. So over a weekend, a few weekends ago, I wrote a simple check-in app for, you know, my father-in-law teaches. So for teacher, for the teachers to check in students, and it's a simple PWA app, but it took me a couple hours to do with, you know, running on costing, I think about 30 cents a month for storage. And that's about it. If we looked at any other tools that we were buying, it was like $10 per person per month. So it was like gonna cost $100 a month. I'm like, cool, it cost me 10 cents. Now is it as featureful? No, but a lot of companies don't need all those features too. [43:59] Jonathan: Yeah. I mean, and you know, some things are so bespoke, like no one would buy Bolt. I mean, Bolt is so particular to how we do things here at the podcast. Now there's conceptual parts of Bolt that people might want. There's parts of it that I could see packaging into libraries or things that people could use. But, you know, I'm also working on another, like, full chat experience with something else I'm doing. And, like, I've already worked out, like, well, you know, this is a, a tool I built to go manage this other thing, and I could probably sell this if I wanted to. Um, I'm not going to because I don't have that kind of time, but, you know, like, this is something people could use, and I could see the value. And it's something, you know, it's a little bit particular to what I need, but I can make it more generic very quickly and probably sell it. And so there's always gonna be those scenarios. And would people buy it? I don't know. Or maybe they just build it themselves too, cuz it didn't take me that long to build it, but it's, it's pretty powerful for what I need. [44:53] Justin: Yeah. Bull nags. I think the best thing about Bull is how much it's naggy and the sarcasm it's learned from us. [45:00] Jonathan: It is, it is pretty funny how sarcastic it is. It's picked up on, you know, because it has a lot of, uh, our podcast notes and things like what Heather adds to it in the RAG database. It is starting to get a little, little snippy at times. I'm like, oh, he just called out Ryan for his Eagles fandom, which is again a joke, but he's picked up on it, which is great. All right, Amazon Bedrock Managed Knowledge Base is a new fully managed RAG service. Is this like the fourth time they've tried to build a fully managed enterprise knowledge base that Amazon. [45:31] Justin: Yes, 100%. I was just going to ask, wasn't there like the Cassandra one that was called— [45:37] Jonathan: what was the, um, oh, there was, there was one that came out like right before AI became big and then like everyone realized like, oh no, AI is going to destroy this. And so then like, it's like, oh no, here's the next one. But yeah, there's been, there's been several, um, enterprise knowledge. [45:52] Justin: Kendra. [45:52] Jonathan: Kendra. Kendra. Yeah. [45:54] Justin: The search service powered by ML. This is officially what their tagline is. [46:00] Justin Brodley: Mm-hmm. [46:00] Justin: But they've added it to Bedrock now. [46:05] Jonathan: Yeah, perfect. There you go. [46:06] Justin: Next article. [46:09] Jonathan: This is, uh, it's giving all your usual things. RAG service handles entire pipeline including storage, embeddings, re-rankings, and retrieval. S3, SharePoint, Confluence, Google Drive connectors, things you would expect. I mean, there's, it says the Gentec Retriever feature addresses a real limitation standard RAG by automatically creating multi-step query plans for complex questions, performing multi-hop retrieval across knowledge bases rather than LLM on a single retrieval pass. Um, that is nice, but yeah, it's, you know, RAG is always problematic at high volumes because of cardinality rules. And then smart parsing gives you right parsing strategies, etc. So it's, I mean, it's got some nice improvements to what they previously released, but yeah, I just asked, uh, they had Amazon Q Connect, they had Kendra, they had Amazon Q for Business, they had knowledge bases for Amazon Bedrock, which was the base RAG service from November 2023. And now Amazon Bedrock Managed Knowledge Base. Yeah, they've, uh, they've been on a journey on this one for trying to get something good. [47:03] Justin: I mean, I feel like this goes all the way back to, I'd say it probably was like 2010. I was at a company and now I can think of as Silicon Valley, the box, but essentially it was the Google Search hardware box that you could buy for your corporate network. [47:19] Jonathan: Yeah, they, they were yellow. Yeah. Yeah, the Google Search Appliance. [47:23] Justin: Yeah. Do they still even sell anything like that? [47:26] Jonathan: They sell like the capability, like you can, you can connect a Google custom Google search engine to like your website, but they don't sell the appliance anymore. They haven't sold that for quite a while. [47:34] Justin: Apparently it was sold until 2016. [47:38] Jonathan: Yeah, it, it had a long life, uh, before they killed it. [47:41] Justin: First launched in 2002. Woo. [47:44] Jonathan: And I knew some people who had it and they loved it. In their companies. But, um, you know, it definitely was showing its age by the time that they got rid of it. So yeah, things were, things were trying to get better up at that point. CloudWatch Synthetics now support multi-location canaries, letting you manage a single canary in one primary region while CloudWatch automatically replicates it to additional regions, consolidating all metrics and artifacts centrally. Thank you. Another quality of life AI-developed feature that I desperately wanted, because if you've ever tried to do multi-region canary setup, you had to go to every region and set it up. Or use Terraform, which I would do. And then when you realize how much, how expensive CloudWatch Synthetics are and you wanted to turn it off, you had to remember to actually turn it off in all the regions because they're not cheap. Uh, so be careful on those. [48:26] Justin: No, great quality of life improvement. You know, synthetic checks are very valuable when you're trying to make sure things are up, but if you leave them, they add up so quickly. [48:36] Jonathan: Yeah, you, you, people make the mistake of like, oh, well, I want to test every 5 minutes from all, all regions available. And it's like, you don't really want to do that. You want one region that checks more frequently and then you want the other regions to check periodically. [48:49] Justin: Uh, yeah, like once an hour, once a day, like it's fine. [48:52] Jonathan: Yeah, yeah, that's more than enough. And then you basically have your, your one canary that's probably the closest to it, so you have the least amount of egress traffic costs, uh, that you can run every 5 minutes or every 1 minute or whatever. I, I mean, even, I mean, really, to me, canaries are the worst solution to this problem. APM and you know, proper log management, I think it's a better way to go. But that's just, that's just me. [49:15] Justin: Yeah, I had, I had an external service, uh, my last company that did, that we used for essentially synthetic checks. [49:23] Jonathan: It's hard to compete with Pingdom. Pingdom's pretty cheap. [49:27] Justin: We found one that was a little more expensive because it also like called us. It was a poor man's PagerDuty is the way I kind of called it. [49:32] Jonathan: Okay. [49:33] Justin: Because it did full synthetic checks for us and it was useful on Azure when there was networking issues a lot. And you know, our alerts wouldn't go off or the day that CrowdStrike went down, one of the Azure regions also went down where we have a bunch of stuff. And that actually notified us faster than anything Azure did. Because Azure was still showing a lot of this stuff up for a little bit longer. And so everything in region was showing us up, everything out of region wasn't. So that was able to pull from multiple locations, but We always had issues when you had like Sydney checking France, for example. Like there's a speed of light issue here. [50:11] Jonathan: Yeah, you're never gonna get better latency than, you know, 300 milliseconds because of that kind of stuff. [50:17] Justin: Well, and then things would timeout randomly because it's just so long. [50:21] Jonathan: Mm-hmm. AWS Lambda microVMs are a new serverless compute primitive built on Firecracker that provides VM-level isolation with near-instant startup targeting multi-tenant applications that need to run user or AI-generated code safely. It fills the gap between containers, fast but user-shared kernel, and full VMs, strong isolation but slow start. The image-then-launch model works by running your Dockerfile, initializing your application, and snapshotting the running memory and disk state. So every subsequent microVM launch resumes that pre-initialized snapshot rather than booting cold. This means even large, stateful sessions start quickly enough to feel responsive to your end users. Each microVM supports up to 16 vCPUs, 32 gigs of memory, and 32 gigs of disk, with up to 8 hours of total runtime and configurable idle suspension policies. That preserve full state while reducing your cost. Auto-resume on incoming requests means the suspend/resume cycle is transparent to your end users. Practical use cases include AI coding assistance, interactive data analytics sessions, vulnerability scanners, and game servers running user-supplied scripts. Lambda microservices are available to you in most regions, uh, at least two important ones in the US: US East North Virginia and Oregon, Europe and Ireland, and Asia Pacific Tokyo on ARM64 architecture. [51:32] Justin: This is one of those things. It sounds really cool. I don't have a good use case to play with it yet. [51:38] Jonathan: Yeah. [51:38] Justin: Like I get the AI coding system and things like that. I just, I don't know where I would use it. [51:42] Jonathan: Mm-hmm. Well, and, and the thing is it talks about state, but if state has to update, then your paused, you know, your paused, uh, state machine is not gonna be updated when it comes back up. So there's still gonna be potentially some refresh things. So it's, you really had to think about how you architect what they mean by state. In this conversation, I think, because yes, if you can, if you can keep a clean state that is like maybe runtime parameters and maybe there's a basic dataset that you need to have available to that, that launched Lambda function, then it's fine. But if you had any like, like things are happening in a database that need to basically, you know, get pulled into this system when it starts up, then you're still going to have cold start problems. So it's a nice solution. I'm glad to see it. It might be really good for agents. And agent runtime environments in the future, but they're not really talking about that in the, the press release, which is interesting. [52:30] Justin: Yeah. I mean, it does say a multi-gigabyte session can come back online and feel fast. So like, I just, I get the use case they're trying to solve for, like we need more than a Lambda can and less than a full VM. And I guess you don't want to run a container even though these are essentially just running containers. So Is this way number 17 to run Docker containers inside of AWS? [52:56] Jonathan: Yep. One more way. [52:58] Justin: 'Cause all the, you know, it's essentially a Docker container that boots up with some state in it. It's kind of the way I'm understanding this. [53:05] Jonathan: Yep. You are correct. Amazon MSK, or for those who know, is managed Kafka from Amazon, now offers you AI agent skills that integrate with coding assistants like Quro, Cloud Code, and Cursor to provide guided help for common Kafka operational tasks, including troubleshooting, sizing, configuring, monitoring, and cluster migration. The skills are access to the AWS IAM toolkit, which developers configure via the AWS CLI, then query conversationally with questions like, is my Kafka cluster compatible with MSK Express? No one asked that question. Turning specialized knowledge into a self-service experience. A key use case is accelerating migrations from self-managed Kafka to MSK Express, which offers up to 3x more throughput per broker, 20x faster scaling, and 90% reduced recovery times compared to standard brokers running on Apache Kafka. This fits into the broader agent toolkit ecosystem, such as a pattern where Azure services will increasingly expose operational knowledge as consumable skills for AI coding agents rather than relying solely on documentation or support skills. And I welcome this new future because it's great. [54:01] Justin: It's nice, you know, CloudFront released an AI agent to kind of help with migrations. Here's another one. So I feel like this is slowly gonna just be what it is, but I also don't want to be loading thousands of skills and thousands of agents and thousands of MSP into my context window. So at one point I feel like we're gonna have to figure out a better way to manage which MCPs you keep on, off, because all that takes context and all that takes space. [54:28] Jonathan: And well, I think really the, the MCP is helpful in some use cases, but really it's the skills. If I can get access to the skill that knows how, where the documentation lives, knows the, you know, has like You know, example code, that's where I feel like the acceleration comes from. The MCP is helpful if you need to access like real-time data. But that's, that's very nice. And I, so I do think that has value too, but I agree with you. Like you don't always need the MCP to be loaded, but like even in Cloud Run code now, um, MCPs or even skills are only loaded, you know, when you initiate them. They don't sit there typically in full context as much as they used to. But some, some still do. Yeah, it'll search for them and it still has to look for the name, but, and some of that doesn't in context, but. It's better than it was. [55:07] Justin: Yeah. I mean, but I mean, we've talked about 4 sets of new skills in this episode alone, like maybe 3, you know, so it's just like, it's one of those things I, I worry over time is going to become a problem, you know, and hopefully somebody smarter than me figures out a better way to do it. And maybe it is the lazy loading that we're doing now versus before was the always-on loading. I know my personal one, or even my day job one, I have a bunch of skills in there and I just keep adding to them because they do things for me and they make my life better. Mm-hmm. [55:38] Jonathan: So, well, and the, um, you know, there's also interesting things like, uh, I was complaining about Gemini cuz we rolled out some new Gemini features at the day job and, uh, one of them was, uh, ability to search Active Directory to see, you know, org structures, which is nice. And I'm like, oh cool, I wanna play with it. So I'm like, like, oh, ask like, who is this person in my org? And it comes back and it's like, well, this person who's a man, it calls her she multiple times and then doesn't actually have, like, knows a little bit but doesn't really. I'm like, well, that's weird. Like, the two very clearly know that that person reports to me and that these per people are peers of him. And those are the questions I was asking it. And you know, I, so then I went into Gemini Enterprise and I turned off all the connectors other than the one for the new directory connector. And I asked the question again and then it gave me perfectly good answers, but And then I went and looked at the sources of what sources it used. And one of the things I don't like about Gemini Enterprise is it doesn't show you the thinking chain of like how it made certain conclusions or what data it used to do that. So I had to, but it does show you the data sources it used. So I was able to look at it. It's like, well, my first question was basically all using my email and trying to pick up inference from email versus using the Connect to Us Better. And what you realize very quickly is that because there's so much data that Google's loading into Contacts when you have all these connectors on. It just starts hallucinating a lot more data or getting bad data because like, oh yeah, well, that person used to report to you and you had a PowerPoint deck in your, in your email with an org chart at one point. And so it's using that as, you know, part of its loading and it's wrong because it's, you know, it's a 2-year-old PowerPoint presentation. And so, you know, these connectors and skills and MCPs, they also have the risk of diluting the ability for the model to work effectively and to be able to get the right answer. Yeah. [57:21] Justin: I mean, I went through this week and turned off a bunch because in the span of an hour I had burned through my 5-hour Claude session at that point. And part of it was I just had too many things turned on and it was pulling data from too many places that wasn't needed. And just like you said, you know, so it's going to be at one point, you know, I still like to control, maybe I'm a little bit like Ryan, I'm still paranoid. You know, I like to say, okay, use this skill and I'll tell it using this skill, pull this information. 'Cause I can feel like I can target it more and use it more as, you know, a sniper versus a bazooka and try to pinpoint it where I need it to go. But you know, there's definitely things I do. I have a routine that sounds really stupid, but it helps me, you know, every morning I come in at 9 o'clock and it sends me a Slack message that's, here's my daily routine, you know, uh, and preps me for all my meetings and prioritizes, hey, these are, these are things you need. Oh, there was a doc that you were working on yesterday for that. And like reminds me kind of where I am. I also just feel like I'm getting dumber and lazier every day, but that's a different problem. [58:29] Jonathan: Never, that never happens. Uh, I mean, I, I definitely feel like on some things I'm a little less aware of some of the things like I used to be like, but I, I still try to stay at least a little bit in the weeds. So yeah, I agree. It's definitely a little bit of, uh, some idiocracy happening a little bit too. It's like, oh, well, that would've been an early easy function. I could just, you know, I would've written that in 5 minutes and I'm like, I gotta say, I had to do it in 30 seconds. Yep. So you don't exercise that, uh, same muscle. All right. CloudWatch Logs is now supporting native syslog ingestion from network devices like firewalls, routers, switches, and Linux servers via VPC endpoint, removing the need to deploy and manage log collection agents across infrastructure. Again, another feature built, hopefully I imagine by AI, because this was something I've asked for for years. And I basically just come to the conclusion that everything I've wanted for years, that the product people were always like, there's no way we're gonna build that. There's not enough revenue or things tied to it to make it worthwhile for us, or just being written by those AI agents over there. And then they get, mm-hmm, you know, pulled in. And this, this feels like one of those, cuz why would they do this? Like we've been asking for this for decades. It feels like. [59:35] Justin: Yeah. What's the instigator now for it? [59:38] Jonathan: And it's like, it was in the backlog and the AI agent looked at it and goes, oh, this would be easy to write. And then so I wrote it. [59:43] Justin: Yeah. It's some conversion layer on the same endpoint and reading the formatting, go from there. I mean, syslog's been around forever. I feel like now I'm kind of curious, you know, you know, that like I've been using syslog since I used Linux, like, and it, it's been around. Let's see what the format was. Released in the 1980s is officially what Wikipedia says. Doesn't give you a year, just '80s. [60:09] Justin Brodley: Wow. [60:10] Jonathan: Impressive. [60:13] Justin: As part of, it was part of the SAML project. [60:17] Jonathan: Oh yes. That's pretty old. [60:19] Justin: Yeah. [60:20] Jonathan: That just means we're getting older and older in technology. Like I remember when syslog came out or it got real popular in Linux and I was like, oh, this is so cool. It's so nice and easy. I'm just an old man who yells at the cloud. So here we are. [60:32] Justin: No, now you're old. We used to yell at the cloud. Now we yell at AI. [60:36] Jonathan: Fair, fair. All right, let's move on to Google. Google Interactions API has now reached general availability and is now the new primary interface for Gemini models and agents, replacing the older Generate Content API as the default for Google AI Studio and all documentation. The API uses a simplified step-based schema and is available through Python and Java SDKs. Manage Agents is a notable addition where a single API call provisions a remote Linux sandbox capable of reasoning, executing code, browsing the web, and managing files. And developers can use the default antigravity agent or define custom agents with their own instruction skills and data sources. Background execution lets developers set background equals true on any call to run interactions asynchronously, which is useful for long-running tasks. The API also supports mixing built-in tools like Google Search and Google Maps with custom functions on a single request. On the cost side, Flex Inference offers a 50% cost reduction compared to Priority tier, giving developers a way to trade latency for lower pricing, and paid tier users also get 55-day retention on past interactions, which is useful for stateful, agentic workflows. The legacy Generated Content API remains supported and will continue receiving new mainline Gemini models, but Google has signaled that frontier capabilities for long-running agentic use cases will land exclusively on the Interactions API. Well, that's nice Google didn't kill the legacy one, which is, would be the move that they would typically do. Just kill the old one. So this is nice that they're still supporting. They will, they will probably. [61:56] Justin: It'll come soon. [61:58] Jonathan: Killed by Google will eventually hit. [62:00] Justin: I wonder how many products are being killed by Google at this point. [62:03] Jonathan: Oh, so many. I'm still bitter about Reader. I am. [62:07] Justin: That's— I think that was the last time I truly stayed up to date on RSS feeds. [62:11] Jonathan: I mean, I've moved to competitors. We should talk. [62:14] Justin: I have too. I just never stayed there. [62:18] Jonathan: Well, the biggest problem now is that no one's implementing RSS feeds anymore because, uh, they don't want to let their data get sucked up by AI. So it's just like, it's a, it's a real pain. The world's getting— the internet's getting worse, uh, because of some of the AI stuff for sure. We have another log story. Logs were very popular this week. Log Analytics, uh, on Google has been renamed to Observability Analytics and now includes generally available support for querying trace data alongside logs using SQL, all within Cloud Logging without needing to move or duplicate locate your data. The core capability lets you write SQL queries that join log and trace data together, enabling analysis like finding checkout requests over 5 seconds and identifying which microservices caused the slowdown. Or you can calculate P95 latency across thousands of AI agent tool calls. Another use case is AI agent observability, where teams can run aggregate queries across millions of span events to calculate failure rates and latency percentiles per tool, and then drill down by joining trace spans of logs to extract the exact LLM prompts that led to the failure. The Azure Relay API is now generally available, allowing teams to create linked BigQuery datasets from their Azure Relay buckets so AI agents and analytical workloads can query telemetry programmatically via standard BigQuery APIs, which is useful for automated monitoring pipelines. You know, pricing on this is going to be based on BigQuery and all the other components of this mixup. [63:32] Justin: Anything to make logs easier and SQL easier, I'm all on board for parsing logs, especially as we have more and more systems and getting to the point of being able to find true data in there is definitely worthwhile. And then you throw SQL on top of it and I really just hate everyone. [63:50] Jonathan: I mean, it's better than some of the terrible syntaxes that logging companies came up with to try to help you parse logs. So I would, I agree with you. I don't love the SQL parsing for that, but I also didn't like what we had as well. Like, have you done Elastic syntax lately? [64:06] Justin: No, I've avoided that because Ryan and Jonathan just swore so much that I've avoided it like the plague. [64:13] Jonathan: Yeah, that's the right call. All right. And we'll roll into Azure. EKS is now offering you agent pool rollback in general availability, letting operators revert both the Kubernetes version and node image with a single command across all node pool types, which reduces recovery time from bad upgrades without requiring manual reprovisioning or snapshot management. Azure Kubernetes Fleet Manager now supports up to 1,000-member clusters, up from 200, and managed fleet namespaces are generally available, allowing teams to define namespaces once as ARM resources and propagate them consistently across large multiple cluster estates, including Arc-enabled hybrid and multi-cloud environments. GPU efficiency gets two notable additions with configurable scheduler profiles, which let teams pack pods more densely using the upstream Kubernetes scheduling framework without running a custom scheduler., and GPU memory profiling in preview as function-level visibility through Prometheus and Grafana to catch memory leaks before out-of-memory crashes are occurring. Artifact streaming from Azure Container Registry reduces pod start for images under 10 gigabytes from minutes to seconds by streaming only the layers needed at startup rather than pulling full images, which directly improves scale-out responsiveness for AI workloads. And the Azure S3 agent now covers EKS incident scenarios in preview, automatically gathering diagnostic evidence and attributing failure-specific layers. I can tell you what it is right now. It's Kubernetes. [65:26] Justin: A lot of these features are just nice, nice quality of life. Being able to provision your namespace in ARM, especially when you're redeploying across multiple environments, it's just, it's a nice quality of life. You know, I don't personally manage Kubernetes clusters up to that many of them, especially I don't manage 200 Kubernetes clusters because I would say I respect my sanity, but I don't. You know, but they're nice general quality of life ones. You know, the Azure Container Registry boot up improvement there is, is pretty interesting. You know, obviously it's targeted a little bit at Windows images, but, you know, still getting it from minutes to seconds. And the idea that they're able to figure out which layers to stream quicker to there is, is a nice one because otherwise, I'm kind of curious how they decide which layers to stream and how they're lazily loading it all in. [66:24] Jonathan: Uh, then, uh, another observability story. All three cloud providers. Microsoft announced general availability of Azure Copilot Observability Agent built on Azure Monitor, which correlates logs, metrics, traces, and topology signals across agents, applications, and infrastructure to help operators identify root causes faster. Pricing details were not disclosed though. The agent will address a real operational pain point of Microsoft. A material survey of 250 IT decision makers found 84% report increased cloud complexity and 69% says it's outpacing their current operating model. The tool aims to reduce the manual effort of PCR context across multiple monitoring tools. So that's nice. [66:59] Justin: You want to speak about a language, another monitoring language, Azure Logs. [67:05] Jonathan: Is it bad? [67:06] Justin: Is KQL? Well, it's actually pretty powerful. It's KQL. And then which is, um, it's really powerful and actually it's not bad, but it's a whole other language you actually should learn. It's like a bastardized version of SQL because you can still do joins and whatnot across tables. And it's honestly, I, whenever I needed to, I just made AI do it for me. But it's just another language that you had to learn, but it was pretty powerful. And they released actually their, oh, that platform. So everything they run Azure logs on, is actually Cusco's, which is ADX, Azure Data Explorer. So you can use the platform that they use across all of Azure logging for, you know, other features of your own product. Not cheap, but it works well. [67:50] Jonathan: That's good. [67:52] Justin: Sorry, slight tangent on that one. [67:55] Jonathan: I can sense some bitterness there. All right, good. Well, I think that's everything for this week. We do have an after show today, but other than that, I think, We've covered all the cloud news. Databricks, if you're a Databricks fan, definitely check out all the things from their Data and AI Summit as well as the New York Summit. I was from Amazon and all those new AI capabilities this week. So another fantastic week here in the cloud, Matt. [68:18] Justin: Took 3 tries, but we got it done this week. [68:21] Jonathan: Finally got it done. [68:22] Justin: Have a good one, guys. Another week of cloud news wrapped up. Bolt will collect the news. Justin will get the notes. Jonathan Jonathan will write some code. Ryan will watch the perimeter. And Matt will reluctantly watch Azure. Till next week for AI, Amazon, Google Cloud, and Azure. And hey, maybe even Oracle, who knows? Check out thecloudpod.net for our newsletter. Join our Slack, message us on socials, or leave a review. [68:57] Jonathan: So this week's after show, I feel like is from your hometown because it's basically about SoftBank walking away from their investment in Boston Dynamics of $325 million and handing Hyundai the keys to their AI world here. So apparently they still own a 20% stake in Boston Dynamics, which I was surprised about, bringing now the ownership to 100% owned by Hyundai. So we went from Boston-owned robots, uh, to now Hyundai-owned robots. You know, the biggest one that everyone talks about is the Electric Atlas. And also, aren't these guys who make the dog? The creepy dog that's gonna kill us all in the apocalypse cuz of, uh, Black Mirror. Yeah, that's what I thought. So now it's all owned by Hyundai. And so now I'm suddenly less concerned, uh, cuz I don't know if the quality of Hyundai has improved enough to make me concerned that they're gonna end up killing me yet or not. But, uh, yeah, it's kind of end of an era then a little bit. Uh, which I kind of imagine you wanna talk about this a little bit, but, uh, yeah. What do you think? [69:49] Justin: I just think it's always interesting, you know, they went from kind of their own thing. They got bought by SoftBank, you know, slowly sold out. And what Hyundai's doing with it, you know, they're gonna throw it in manufacturing, you know, and really kind of step that up. So I think it'll be interesting if they can target it and then if they get it to work well for them, this is something they could easily sell to, you know, other people or keep it for themselves as their competitive advantage. Who knows? You know, but it's always interesting that that's kind of, it was the hottest thing, you know, when they, when SoftBank was really involved and AI obviously has overtaken that a lot. You know, robots, while it's still a thing, isn't, you know, what everyone is always talking about. [70:32] Jonathan: Yeah. I mean, it's, it's sort of interesting, Craig, because you had really like this big group of people all kind of out of Boston, I think because of, there's a college there that's really big into robotics. [70:42] Justin: MIT, Harvard. [70:43] Jonathan: MIT, thank you. Thank you. Thank you. Those ones. Those them. There's a few of them. I thought it was Harvard for sure, but it was MIT was the one I couldn't recall. [70:50] Justin: I could throw Northeastern there, but you know, that's just me and my alma mater. [70:53] Jonathan: Uh, but you know, iRobot came out of, you know, MIT. You had Boston Dynamics, you've had a couple and they've all, you know, been Bose sort of like, yeah, still, that's true. [71:03] Justin: Still owned by MIT actually, I think. [71:05] Jonathan: Yeah, that's true. So, you know, these companies are all kind of like all working the same things. They have a lot of warehousing robots that do, you know, packing of boxes and shipping things out. And, you know, iRobot of course had the vacuums and they got, you know, they imploded not too long ago after all the Chinese robots basically destroyed them. And you know, the Chinese market has built a lot of robots as well. And you know, they're also automating their manufacturing processes. And so it's almost like all the manufacturing moved outta the US into China. These companies had all the robots to help, you know, manage some of the manufacturing process or then the packaging processes. And then China kind of undercut all of them and they're all kind of going through this, this period where they're all being bought by somebody else. And then you have on the other side of this, you have all these new AI companies like, you know, uh, SpaceX, who's trying to build a new robot that's more AI powered. And it's sort of like we've graduated from, I don't know, maybe we call this the Gen 1 of robotics, you know, the iRobot, Boston Dynamics, to now the next level, which is, uh, the AI side of it. You know, I don't know where it goes. And, and I, I think the power of the new, the newer robots that like they're making is that are using AI and AI makes it much easier to train these things and to be able to learn in their own environment how to move properly and things like that. So it's sort of interesting and I don't know where we end up is like, is this a situation where, you know, companies like SpaceX in 10 years are undermined by, you know, Chinese innovation in this space as well? Or, or is this generation just, it wasn't possible to get to Gen 2 and so they just kind of are all going to do what they do and they do it well, but they're never going to move on to the next level, which is the other side of it is I think Boston Dynamics will be trying to adopt a lot of this new AI technology. I think they have with Spot a little bit. Cause those, those dogs have become more and more autonomous and more and more terrifying, um, every time I learn about them. So, you know, it's just one of those areas. [72:53] Justin: I try not to anymore. [72:55] Jonathan: Yeah. [72:56] Justin: I mean, I, I agree with what you're saying. I think it's both aspects of it. You can already see, you know, talking about SpaceX and, you know, rockets. I think there was a company in China that was already kind of trying to mirror what SpaceX was doing, and I think they had a few failures. Which, you know, every one of these companies always do. But on the flip side, the robots, if they can, I don't think they made it to the Gen 2 that they really needed to, to make them be the, for lack of better verbiage and story, you know, the iRobot that from the movie that, you know, is at your house. They're still too, hey, we do a single task, we do it this way. And that's kind of where manufacturing and, you know, plants where go walk around, move the box, auto-pick everything, you know, for the Amazon warehouses, you know, things like that. That it's continuous simple tasks that they're able to do. They're not able to, you know, think as fast and everything else. I think if AI came earlier, the robot improvements came later, I think they would've collided more. But I think you'll probably see a couple new companies come out of these things, you know, that will spin off, hey, the founder of Boston Dynamics, you know, started a new business and took some funding to go do kind of a new version of it when his non-compete is no longer relevant or whatever. Yeah, that could be, you know, and leverage AI or anything else in that way and start with, we have all this knowledge already, we don't have any tech debt, let's start fresh here and go from there. [74:26] Jonathan: Well, yeah. And it, it's interesting 'cause I, you know, in the case of iRobot, I think we talked about this on the show previously, you know, they, they really revolutionized the robot vacuum space, but then, then they tried to go into other markets, they kind of struggled. And part of it's that single, single product problem, right? Like, you know, I think one of the ones they created was a, a leaf, a gutter cleaning robot. Okay. How often do you use a gutter cleaning robot? Once a year, twice a year, you know, depending after where you're at in New England, maybe you do it more often because, you know, falls bigger there. I don't know. [74:55] Justin: But, uh, I don't know. [74:56] Jonathan: You know, it, it doesn't seem like it has a lot of utility. A robo, a vacuum, you have to robo, you know, you have to vacuum every day. And I just actually just bought a bunch of robots for my pool. Because, you know, I had a pool filter die and we replaced it. But then I, you know, during that process I realized the, you know, the vacuum suction bot thing is terrible. It doesn't actually do a good job cleaning. So I was like, well, let me go look at what's out in the robot world. And so I bought two robots, one that, you know, goes on the top of the pool and, you know, goes and finds leaves and sucks 'em up. And so they don't sink to the bottom of the pool. And then another one, you know, does all the walls and does all the floor. And you know, that combined with the filter of the pool now cleans the pool better than the old stuff ever did. It's pretty great, but you know, that's never gonna be more than those two things. [75:38] Justin: So I was gonna say, I thought, I thought iRobot built a pool system. That was the only other system I knew they did. [75:44] Jonathan: They had a, I thought they did a lawnmower. I don't, maybe they did do a pool too. [75:46] Justin: So lawnmowers are really popular. I looked at them. Um, I have a decent size yard. It was taking me like 3 hours to use a push lawnmower. So I ended up, and I was, did a bunch of research. I was, I'd say in a year or two they're gonna be a lot more. Affordable, but there's a big push right now for any lawn yard automatic robots to just cut your lawn. And they don't do a lot, but if it runs every day or every other day, what do you care? It's not doing large clippings or anything. And that space, just because, you know, once you Google it, you get the ads and you get everything else where I still get them. I ended up just— they were like, it was gonna cost me like $4,000 2 years ago when I was looking at them, and I wasn't willing to do that on that new of technology, just also because I don't trust the battery. So I went the other way and bought a ride-on lawn mower that is battery operated, which, you know, choose which one had what problems. But this is fun because I can pull my kids behind it on stuff and I've used it for like, you know, hauling mulch and stuff like that where the other ones couldn't. So like, I think there's a lot more robot-esque things that you— that are coming out there. But Boston Dynamics and, or sorry, iRobot never really capitalized on any of that yet. I felt like they pushed into this small, these small niche market, but like, and maybe it was lawn care is more complicated. There's more sticks, there's more rocks, there's more bumps. I mean, even a lot of the robots, you gotta either, the new ones use GPS to track, so you gotta make sure you have clear sense of the sky. But the other ones, You have to bury a line around your, your, your yard. So if you have a tree in the middle of the yard, you essentially have to like, it runs power through. So you have to like run a line around your yard, a single line up and back. And so it voids itself out so it can go across it. But it's like they're not quite there yet on all these different things. But I think you're going to see a lot of them. I'm going to call them mundane tasks, but I personally like, you know, mowing my lawn. It's 15 minutes of enjoyment. And my daughter sometimes likes to ride it with me. It's always good when a 4-year-old's driving a lawnmower. Definitely, we haven't hit anything yet. We might also do once around the block too, just for fun. But it's interesting, you know, if we can get more of these little mundane tasks that we can automate— vacuum cleaners, you know, the yard, your, you know, the leaf one's interesting, but like you said, you do it a couple times a year and you're done. Do you really need a robot to do it every single day? And if you have multiple layers, like I'm in a split level, I have to move it from one level to the other. That defeats the purpose. [78:24] Jonathan: Yeah. Now, like, I will tell you, if, uh, if they come up with a robot that would clean my solar panels and clean the gutters, I'd be in. Because you had to clean solar panels every time it rains, pretty much. If you're in a dusty place, they get dirty, and then they— yeah. But again, it's one of those things, like, it's like 1% battery or improvement in solar generation. It's not— it doesn't actually justify what it typically costs to to pay someone to clean them. So I don't know if a robot would actually ever be affordable, but you know, if you're talking about like, hey, I'm gonna have a robot on my roof that's gonna do things like a robot that could kick balls off the roof and clean the gutters and clean the solar panels, I'm in. So maybe we'll get on that, Matt. We can, we can build that product. [79:01] Justin: You could build the software. The hardware for it's harder. 'Cause you gotta like move levels too. Like how does it jump down without rolling off your roof to go from your solar panel there? [79:11] Jonathan: Well, and that's, and that's the thing is like, I got a bunch of sticks on my roof. I have a, I have a pretty simple roof on my house. It's not a big deal. It's, it's all one roof. But yeah, a lot of people have like multiple levels of roof and they have all kinds of problems. Uh, but yeah, no, it probably doesn't work either. But, uh, yeah, no, they did have a pool cleaner. I had to look it up while you were talking. Uh, but they apparently they were licensing both the, the leaf thing and the pool thing from other companies, uh, and just branding them with iRobot. And then those companies got bought by other players in spaces. And so then that's where they got disconnected. Discontinued. So that's, uh, but Mira actually is the, uh, one of the successors of one of the products I almost bought for my pool. I didn't buy that one, but it was my number 2 choice. [79:47] Justin: So I'm trying to think of what else do you, what are the robots around the house? Window cleaners could be interesting. [79:52] Jonathan: I mean, there seems to be this really big fascination with laundry folding robots. I don't know about you, Matt. [79:57] Justin: I know I've seen them. [79:59] Jonathan: I don't find folding to be the problem. It's putting the clothes on hangers that drives me crazy. So I mean, I want the, The hanger putter on a robot, not the folding clothes robot. [80:11] Justin: See, I'm banned from doing actual laundry because I've ruined too much of my wife's clothes. [80:16] Jonathan: Yeah. [80:17] Justin: So I just get the pile of laundry, but weirdly I don't mind it. I put on a podcast, a TV show, something on my phone for 20 minutes, and I just fold laundry. Is it the most interesting? No. But is it something that I can do at 10 o'clock at night? When I need just my brain to turn off and monotonously do stuff, yes. So, you know, maybe that's just me. [80:40] Jonathan: Yeah. Well, um, you, you sound like you have the same problem. My wife doesn't let me do her laundry either, uh, cuz I ruin all her clothes too. But I'm like, why do you make them all so complicated? Why do they have to like, you know, my clothes, you just put 'em in and you wash 'em as long as you, you know, separate the whites and the darks. All's, all's good in the world. [80:54] Justin: But no, no, like, turns out I didn't do that either. [80:58] Jonathan: And then, yeah, I mean, I didn't do that when I was a bachelor. I knew that when I was a bachelor, but now that Now I'm more educated and mature and have a wife who told me how bad that is. I now separate them. [81:08] Justin: So see, I got banned about 6 months into dating my now wife because I burned stuff and I was permanently banned. And I, she said, you're banned from doing it. I said, great. And forever after I hold that line, I'm banned from doing laundry. It's one less thing I have to do in life. [81:24] Jonathan: Well, hopefully you, you took over some other responsibilities to keep it equal. So. [81:27] Justin: Oh yeah, we, we balance each other out, so it's perfect. [81:31] Jonathan: Uh, yeah, uh, Brandi does the cleaning, I do the cooking cuz she doesn't like to cook, but she likes to clean. So it's kind of like I make the meal and then she cleans up after me. [81:39] Justin: Although I, yeah, that's kind of what I do. [81:41] Jonathan: I'm one of those people, I, I don't like to, like a lot of people will cook and they'll just like leave everything to the very end to clean. I'm like, no, I clean as I go. So like, I can't, I clean as I go, but there's also like the last set of stuff that you just like, yeah, the final, the final part that I don't mind her doing, but like I, you know, like like cleaning the pan you cook the meat in, or, you know, like I'm just like, I'm, I'm here. It's actually faster if I do it while it's still hot versus wait for it to cool off in the, in the sink or whatever. And you know, all other things. But anyways, domestic bliss. All right. Oh, we should probably wrap this up cuz I wanna get to my weekend. I'm sure you wanna get to yours as well. Uh, but thanks for joining us back. Sorry. Uh, you know, if you listen for the first 10 minutes of Jonathan, uh, then you realize he disappeared. Uh, yeah. You know, sometimes technology breaks. Uh, it happens. So, all right. [82:22] Justin: Have a good weekend, guys. [82:23] Justin Brodley: Later. [82:23] Justin: Bye.