
Surprise
Deployment of workloads and dependency management are fundamentally hard. Adding more layers of abstraction doesn't make that go away.
Google has recognised that users struggle to configure Kubernetes correctly and introduced a new Autopilot service in an attempt to simplify deployment and management. Two things everyone knows about Kubernetes are: first, that it has won in the critically important container orchestration space, and second, that its …
AWS allows free usage indefinitely if you keep your usage low, with api fully available for the free-tier services.
GCP allows free usage for three months if you keep your usage low, and finding the api? I ended up giving up.
Google KNOWS that human error causes 80% of their own OMGs. Using the API is the only acceptable way to manage prod resources. And yet, they don't seem to want you to play at that level.
> Using the API is the only acceptable way to manage prod resources
That's just Google and APIs though.
It's not just GCP, their APIs and management of access to those APIs in general are a complete mess, often relying on you knowing the exact link to get to something
Fairly recently I was adding a NEST thermo to HomeAssistant. Just look at the setup instructions - https://www.home-assistant.io/integrations/nest/#device-access-registration - and then consider that there are steps/bits missing.
Google's problem with APIs has always been one of discoverability. The APIs themselves are (generally) solid, but actually finding the API you need to enable is a nightmare. There's a similar issue with their documentation - the APIs are well documented, but to find that documentation you often need to already know the API you need.
It's a shame, because they've got some incredible minds behind those APIs, but it really is hard to recommend building any dependency on GCP if there's an option to use AWS (or even Azure) to achieve similar ends.
That read like an advert to me.
Does sound like it adds some assurance, but deliberately removing ssh sounds like it’s appealing to those security types who have no clue as to how anything works or people do stuff but have heard about engineers ssh’ing into stuff and consider things would be safer if they couldn’t do that.
"removing ssh sounds like it’s appealing to those security types who have no clue as to how anything works or people do stuff but have heard about engineers ssh’ing into stuff and consider things would be safer if they couldn’t do that."
Yep, it also blocks mutating webhooks, so is useless for anything more than simple stateless service deployment
I'm torn, without SSH is avoiding in place debugging.
But if your remediation is replace the image, then I'm not against it.
You do end up doing spinning up a box with ssh, doing the build and saving a snapshot post config.
So its not so much without SSH, but running a previously configured image without SSH.
Remediation for these things IS to replace the running container. Using SSH to troubleshoot a running container in production is really missing the point.
Making a container a simple virtual server replacement is missing the point and asking for trouble. Fix the problem in dev and roll it to production. You shouldn't need SSH in production. It's a crutch.
And buy into a service and notice a few months later they change it. I was about to do a video on how to get unlimited drive space for just over £100 compared to the cost of Amazon Drive, Google Drive etc. It involved a little bit of knowledge, paying for a domain name, paying for small bit of hosting then paying the business package of Gsuite. Set it up and you have unlimited drive space for one user for only £11 a month, and if you set it up you can use the email, google docs etc. Altogether works out cheaper per year than Amazon drive etc.
I was on the basic package originally as last company used it. So wanted to keep the knowledge up. Realised the above was cheaper than the drive only packages and I could use it as offline backups for all my home stuff. Noticed on my bill the name had changed, so looked it up. Found out they'd scrapped my package (although I've not been forced off it yet) and if you want unlimited storage you now have to pay for the enterprise package.
Bastards.
It sounds like "enterprises" ought to be doing a little more research and not simply following a trend. Having an application broken down into a lot of microservices raises issues of authorisation and data consistency as well as deployment and resource management. All that comes at a cost; you need to identify the compensating benefit before you start "embracing" anything.
How many layers of bugs are we supposed to tolerate in this sodding baklava? Code is evil, strive to use less.
Personally I'm trying to learn Elixir/OTP. Basically a genuinely lightweight services architecture. (Nanoservices?) I'll see how that goes.
So, what's not to love? - the management of complex server architecture as a series of, on the surface, simple text files.
Hoorah for devops!
The problem here, is that understanding the complex architecture of networking and underlying resources of hardware, is ... quite an advanced skill set.
Sure, it can now be expressed with code, but that doesn't mean the underlying complexity is any less - it just means a n00b with hardly any knowledge of the complex architecture behind what they are doing, can construct a text file and fling it at, say, AWS, supposedly safe in the knowledge "it will just work"
More often than not, sure, it does. Layers of redundancy and hopefully some decent peer reviews will usually prevent serious P1 downtime.
But, as we all know, it's that 1% of cases that fling the shit at the fan - and the n00b coding infrastructure in a yaml file has zero understanding, really, of what has just transpired.
Devops is in it's infancy - and we absolutely need seasoned IT people who were around before these developments, to provide the understanding required to ensure the most uptime possible.
Out.
Google has a fresh list of reasons why it opposes tech antitrust legislation making its way through Congress but, like others who've expressed discontent, the ad giant's complaints leave out mention of portions of the proposed law that address said gripes.
The law bill in question is S.2992, the Senate version of the American Innovation and Choice Online Act (AICOA), which is closer than ever to getting votes in the House and Senate, which could see it advanced to President Biden's desk.
AICOA prohibits tech companies above a certain size from favoring their own products and services over their competitors. It applies to businesses considered "critical trading partners," meaning the company controls access to a platform through which business users reach their customers. Google, Apple, Amazon, and Meta in one way or another seemingly fall under the scope of this US legislation.
Google is winding down its messaging app Hangouts before it officially shuts in November, the web giant announced on Monday.
Users of the mobile app will see a pop-up asking them to move their conversations onto Google Chat, which is yet another one of its online services. It can be accessed via Gmail as well as its own standalone application. Next month, conversations in the web version of Hangouts will be ported over to Chat in Gmail.
Updated Another kicking has been leveled at American tech giants by EU regulators as Italy's data protection authority ruled against transfers of data to the US using Google Analytics.
The ruling by the Garante was made yesterday as regulators took a close look at a website operator who was using Google Analytics. The regulators found that the site collected all manner of information.
So far, so normal. Google Analytics is commonly used by websites to analyze traffic. Others exist, but Google's is very much the big beast. It also performs its analysis in the USA, which is what EU regulators have taken exception to. The place is, after all, "a country without an adequate level of data protection," according to the regulator.
After offering free G Suite apps for more than a decade, Google next week plans to discontinue its legacy service – which hasn't been offered to new customers since 2012 – and force business users to transition to a paid subscription for the service's successor, Google Workspace.
"For businesses, the G Suite legacy free edition will no longer be available after June 27, 2022," Google explains in its support document. "Your account will be automatically transitioned to a paid Google Workspace subscription where we continue to deliver new capabilities to help businesses transform the way they work."
Small business owners who have relied on the G Suite legacy free edition aren't thrilled that they will have to pay for Workspace or migrate to a rival like Microsoft, which happens to be actively encouraging defectors. As noted by The New York Times on Monday, the approaching deadline has elicited complaints from small firms that bet on Google's cloud productivity apps in the 2006-2012 period and have enjoyed the lack of billing since then.
A former Google video producer has sued the internet giant alleging he was unfairly fired for blowing the whistle on a religious sect that had all but taken over his business unit.
The lawsuit demands a jury trial and financial restitution for "religious discrimination, wrongful termination, retaliation and related causes of action." It alleges Peter Lubbers, director of the Google Developer Studio (GDS) film group in which 34-year-old plaintiff Kevin Lloyd worked, is not only a member of The Fellowship of Friends, the exec was influential in growing the studio into a team that, in essence, funneled money back to the fellowship.
In his complaint [PDF], filed in a California Superior Court in Silicon Valley, Lloyd lays down a case that he was fired for expressing concerns over the fellowship's influence at Google, specifically in the GDS. When these concerns were reported to a manager, Lloyd was told to drop the issue or risk losing his job, it is claimed.
Amazon Web Services has made a small but important change to its EKS Anywhere on-prem Kubernetes offering – the option to install it on bare metal servers instead of exclusively inside a VMware vSphere environment.
"Amazon EKS Anywhere on bare metal enables customers to automate all steps from bare metal hardware provisioning to Kubernetes cluster operations using a bundled open source toolset built on the foundation of Tinkerbell and Cluster API," states the cloud colossus's announcement of the offering.
The offering is free, but AWS generously offers service subscriptions.
Google has added API security tools and Workspace (formerly G-Suite) admin alerts about potentially risky configuration changes such as super admin passwords resets.
The API capabilities – aptly named "Advanced API Security" – are built on top of Apigee, the API management platform that the web giant bought for $625 million six years ago.
As API data makes up an increasing amount of internet traffic – Cloudflare says more than 50 percent of all of the traffic it processes is API based, and it's growing twice as fast as traditional web traffic – API security becomes more important to enterprises. Malicious actors can use API calls to bypass network security measures and connect directly to backend systems or launch DDoS attacks.
Google Cloud's Anthos on-prem platform is getting a new home under the search giant’s recently announced Google Distributed Cloud (GDC) portfolio, where it will live on as a software-based competitor to AWS Outposts and Microsoft Azure Stack.
Introduced last fall, GDC enables customers to deploy managed servers and software in private datacenters and at communication service provider or on the edge.
Its latest update sees Google reposition Anthos on-prem, introduced back in 2020, as the bring-your-own-server edition of GDC. Using the service, customers can extend Google Cloud-style management and services to applications running on-prem.
Democrat lawmakers want the FTC to investigate Apple and Google's online ad trackers, which they say amount to unfair and deceptive business practices and pose a privacy and security risk to people using the tech giants' mobile devices.
US Senators Ron Wyden (D-OR), Elizabeth Warren (D-MA), and Cory Booker (D-NJ) and House Representative Sara Jacobs (D-CA) requested on Friday that the watchdog launch a probe into Apple and Google, hours before the US Supreme Court overturned Roe v. Wade, clearing the way for individual states to ban access to abortions.
In the days leading up to the court's action, some of these same lawmakers had also introduced data privacy bills, including a proposal that would make it illegal for data brokers to sell sensitive location and health information of individuals' medical treatment.
Spyware developed by Italian firm RCS Labs was used to target cellphones in Italy and Kazakhstan — in some cases with an assist from the victims' cellular network providers, according to Google's Threat Analysis Group (TAG).
RCS Labs customers include law-enforcement agencies worldwide, according to the vendor's website. It's one of more than 30 outfits Google researchers are tracking that sell exploits or surveillance capabilities to government-backed groups. And we're told this particular spyware runs on both iOS and Android phones.
We understand this particular campaign of espionage involving RCS's spyware was documented last week by Lookout, which dubbed the toolkit "Hermit." We're told it is potentially capable of spying on the victims' chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base. It's said that Italian authorities have used this tool in tackling corruption cases, and the Kazakh government has had its hands on it, too.
Biting the hand that feeds IT © 1998–2022