Welcome to episode 273 of The Cloud Pod, where the forecast is always cloudy! Hold onto your butts – this week your hosts Justin, Ryan, Matthew and (eventually) Jonathan are bringing you two weeks worth of cloud and AI news. We’ve got Karpenter, Kubernetes, and Secrets, plus news from OpenAI, MFA changes that are going to be super fun for Matthew, and Azure Phi. Get comfy – it’s going to be a doozy!

• The Cloud Pod Teaches Azure-normalized Camel Casing
• The Cloud Pod Travels to Malaysia
• Azure Detaches Itself From its Own Scale Sets
• The Cloud Pod Conditionally Writes Show Notes
• You got MFA!
• The Cloud Pod Delays Deleting Itself
• The Cloud Pod is Now the Cloud Pod Podcast!

01:37 Terraform AzureRM provider 4.0 adds provider-defined functions

• Terraform is announcing the GA of Terraform AzureRM provider 4.0. The new version improves the extensibility and flexibility in the provider.
• Since the Providers’ Last major release in March 2022, Hashi has added support for some 340 resources and 120 data sources, bringing the total Azure resources to 1,101 resources and almost 360 data sources.
• The provider has topped 660M downloads, MS and Hashi continue to develop new, innovative integrations that further ease the cloud adoption journey to enterprise organizations.
• With Terraform 1.8, providers can implement custom functions that you can call from the Terraform configuration. The new provider adds two Azure-specific provider functions to let users correct the casing of their resource IDs or access the individual components of it.
• Previously, the Azure RM provider took an all-or-nothing approach to Azure resource provider registration, where the Terraform provider would either attempt to register a fixed set of 68 providers upon initialization or registration or be skipped.
• This didn’t match Microsoft’s recommendations, which are to register resource providers only as needed, and to enable the services you’re actively using.
• With adding two new feature flags, resource_provider_registrations and resource_providers_to_register, users now have more control over which providers to register automatically or whether to continue managing a subscription resources provider.
• AzureRM has removed a number of deprecated items, and it is recommended that you look at the removed resources/data sources and the 4.0 upgrade guide.

03:50 Justin – “Okay, so it

Welcome to episode 272 of The Cloud Pod! This week, Matthew and Justin are bringing you all the latest in cloud and AI news, including new updates to the ongoing Crowdstrike drama, JSON schemas, AWS vaults, and IPv6 addresses – even some hacking opportunities! All this and more, this week in the cloud.

• The cloud pod is now logically air-gapped
• The Cloud Pod has continuous snark
• The Cloud Pod points the finger at delta
• AI now with JSON SCHEMAS!!!

00:35 Crowdstrike RCA

• The final RCA is out from Crowdstrike, and as we talked during the preliminary report, this was an issue with a channel file that had 21 input parameters. No update previously had more than 20, and it was not caught in earlier testing.
• Crowdstrike has several findings, and mitigating actions that they are taking. They go into detail on each of them, and you can read through all of them at the linked document.

02:31 Justin – “…the one thing I would say is this would be a perfect RCA if it included a timeline, but it lacks, it lacks a timeline view.”

12:06 Justin – “…their mitigations don’t have any dates on them of when they’re going to be done or implemented, which, in addition to a timeline, it would be nice to see in this process.”

15:46 Microsoft joins CrowdStrike in pushing IT outage recovery responsibility

back to Delta

• Microsoft has joined Crowdstrike in throwing Delta under the bus.
• Delta Airlines has been blaming Crowdstrike and MS for their recent IT woes, which the company claims cost them over $500 million.
• Microsoft says “Our preliminary review suggests that Delta, unlike its competitors, has not modernized its IT infrastructure, either for the benefit of its customers or for its pilots and flight attendants” Mark Cheffo from law firm Dechert representing MS.
• Gonna get ugly before this all gets settled. *Insert Michael Jackson eating popcorn gif here*

16:43 Justin – “The struggle with, you know, offering to send someone on site to help you is, you know, you, you can’t vet them that quickly. And so you also have an obligation to your shareholders. You have obligations to your security controls and your SOC and ISO and all the things that you’re doing, you know, to, to allow some strangers into your network and then give them access required to fix this issue, which in some cases required you to provide local encryption keys, and local administrator passwords, like you’re, you’re basically saying, you know, here’s the keys. Cause we’re in a, you know, everything’s in crisis and we’re going to th

Welcome to episode 271 of the Cloud Pod Podcast – where the forecast is always cloudy! Justin, Jonathan and Matthew are your hosts today as we discuss the latest news in cloud and AI, including earnings reports, Google’s legal trouble, and SQL updates. We even take a minute to give some side eye to AWS’s deprioritization techniques. Spoiler alert: 0 out of 5 stars for keeping customers informed.

• No Google, you can’t own Park Place, Boardwalk, the railroads and the utilities
• Amazons Titan Image Generator is no titan of photography
• BigTable graduates to SQL support
• TikTok/Instagram, Azure Reliability and Temu bring down the big three clouds’ earnings
• Span your Mind to Graphs & Vectors
• DOJ rules The Cloud Pod should be your default news source
• The CloudPod – now with SQL support
• AWS Deprioritizes 7 Services, Cloud Pod Hosts Prioritize Therapy

00:45 Amazon decision to deprioritize 7 cloud services caught customers and

even some salespeople by surprise

• Jeff Barr confirmed on Twitter (Yes will always call it Twitter) after recording last week’s episode that they had made the tough decision to deprioritize 7 cloud services.
• There is still no official blog post announcing this, beyond the confirmation from Jeff Barr.
• Amazon is discontinuing new access to a small number of services in the tweet – but would continue to run them in a secure environment.
• Jeff Bar confirmed the list of services to be S3 Select, CloudSearch, Cloud9, SimpleDB, Forecast, Data Pipeline and CodeCommit.
• An AWS Spokesperson claimed to Business Insider that the changes were communicated through multiple channels within and outside the company.
  • But were they REALLY though?

01:33 Justin – “Yeah, they kind of took a leap out of the Hitchhiker’s Guide to the Galaxy book and put the planning commission in the filing cabinet downstairs with the broken light.”

It’s Earnings Time!

07:35 Alphabet meets earnings expectations but misses on YouTube ad revenue

• Alphabet revenue was up 14% YOY, driven by search and cloud, GCP surpassed $10B in quarterly revenues and $1 Billion in operating profit for the first time.
• GCP Cloud Revenue was 10.35 B vs the expected 10.20 billion.
• Alphabet shares were down on the news due to a miss on YouTube adv

Welcome to episode 269 of the Cloud Pod Podcast – where the forecast is always cloudy! Justin, Matthew and Ryan are your hosts this week as we talk about – you guessed it – the Crowdstrike update that broke, well, everything! We’re also looking at Databricks, Google potentially buying Wiz, NY Summit news, and more!

• You can’t take Justin down; but a 23-hour flight to India (or Crowdstrike updates) can
• Google wants Wiz, and Crowdstrike Strikes all
• Crowdstrike, does anyone know the Graviton of this situation?
• We are called to this summit to talk AWS AI Supremacy
• Crowdstrike, Wiz and Chat GPT 4o Mini… oh my
• An Impatient Wiz builds his own data centers not impacted by Crowdstrike

00:58 You Guessed It – Crowdstrike

Microsoft, CrowdStrike outage disrupts travel and business worldwide

Our Statement on Today’s Outage (listener note: paywall article)

• It’s not every day you get to experience one of the largest IT Outages in history, and it even impacted our recording of the show last week.
• Crowdstrike, a popular EDR solution caused major disruption to the worlds IT systems with an errant update to their software that caused servers to BSOD, disrupting travel (airplanes, trains, etc), governments, news organizations and more.
• Crowdstrike removed the errant file quickly, but still the damage was done with tons of systems requiring manual intervention to be recovered.
  • The fix required booting into safe mode, and removing a file from the crowdstrike directory.
    • This was all complicated by bitlocker and lack of local admin rights for many end user devices.
  • Sometimes doing up to 15 reboots would bring the server back to life.
  • Swinging the hard drives from one broken server to a working server manually removes the files and puts them back.
• The issue also caused a large-scale outage in the Azure Central region.
  • In addition to services on AWS being impacted that run Windows (Amazon is a well-known large Crowdstrike customer)
• Crowdstrike CEO Goerge Kurtz (who happened to be the CTO at Mcafee during the 2010 Update Fiasco that impacted Mcafee clients globally) stated that he was deeply sorry and vowed to make sure every customer is fully recovered.
• By the time of this recording, most clients should be mostly fixed and recovered, and we are all anxiously waiting to hear how this could have happened.

04:50 Justin – “It’s really an Achilles heel of the cloud. I mean, to fix this, you need to be able to boot a server into safe mode or into recovery mode and then remove this file manually, which requires that you have console access, which, you know, Amazon just added a couple of years ago.”

07:45 Matthew – “It’s always fun when you’re like, okay, everyone sit down, no stupid ideas. Like these crazy ideas that you have, like end up being

Welcome to episode 268 of the Cloud Pod Podcast – where the forecast is always cloudy! Justin says he’s in India, but we know he’s really been replaced by Skynet. Jonathan, Matthew, and Ryan are here in his stead to bring all the latest cloud news, including PGO for optimization, a Linux vulnerability, CloudFront’s new managed policies, and even a frank discussion about whether or not the AI Hype train has officially left the station. Sit back and enjoy!

• OpenSSH sings “Oops I did it again”
• All aboard, the AI hype train is leaving the station
• Caching In on CloudFront’s New Managed Policies
• Get your Go Apps a personal trainer this summer with PGO
• Was Japan actually using floppy disks or were they 3.5
• Azure is on summer break
• Singapore will soon just be datacenters

00:56 Japan declares victory in effort to end government use of floppy disks

• Here’s a bit of tech nostalgia meets modernization for you!
• Japan’s government has finally phased out the use of floppy disks in all its systems.
• The Digital Agency has scrapped over 1,000 regulations related to their use, marking a significant step in their efforts to update government technology.
• Digital Minister Taro Kono, who’s been on a mission to modernize Japan’s government tech, announced this victory last week. It’s part of a larger push to digitize Japan’s notoriously paper-heavy bureaucracy, which became glaringly apparent during the COVID-19 pandemic.
• Japan’s digitization efforts have hit some bumps along the way, including issues with a contact-tracing app and slow adoption of their digital ID system.
• It’s a reminder that modernizing legacy systems isn’t just about replacing old hardware – it’s a complex process that involves changing long-standing processes and especially mindsets.

02:36 Jonathan – “Yeah, I remember a couple of years ago they started talking about this modernization they were doing and people started to panic because Japan’s the largest purchaser of floppy disks anymore, or three and a half inch disks anyway. And so I ended up buying some because I’ve still got a USB floppy drive and some machines that have floppy disks. And I wanted just to stock up on some for the future, just in case the price went through the roof if Japan finally cut them and they have.”

05:16 regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server

• The Qualys Threat Research Unit just dropped a bombshell – they’ve discovered a remote code execution vulnerability in OpenSSH that affects millions of Linux systems.
• The vulnerability, dubbed “regreSSHion,” allows unauthenticated attackers to execute code as root on vulnerable systems.
  • Root access is the ultimate prize for hackers.

Welcome to episode 265 of the Cloud Pod Podcast – where the forecast is always cloudy! It’s a full house this week – Matthew, Jonathan, Ryan and Justin are all here to bring you the latest in cloud news – including FOCUS features in AWS Billing, Magic Quadrants, and AWS Metis. Plus, we have an Andoid vs. Apple showdown in the Aftershow, so be sure to stay tuned for that!

• Tech reports show Gartner leads in the BS quadrant
• Oracle adds cloud and legal expenses to their FinOps hub
• AWS Metis: Great chatbot, or Greek tragedy waiting to happen?
• The cloud pod rocks Cargo Pants
• A sonnet is written for FOCUSing on spend

01:40 Finops X

• Recently Justin attended FinOps in beautiful and sunny San Diego – and if you weren’t there, you really should plan on attending next year. This year’s topics included:
  • Focus 1.0
  • State of Vendors
• Conference size – they will most likely outgrow this particular conference center, seeing as how they’re either selling out or pretty close to it.
• Coolest thing about the conference – on stage all the biggies – TOGETHER.
  • It’s great to see them all together talking about how they’re making Finops better, and introducing new things for Finops and not just saving them for their own conferences.
• Next Year – Is Oracle going to be on stage next year?

08:22 Justin – “The shift left of FinOps was a big topic. You know, how do we get visibility? How do we show people what things are going to cost? How do we make sure that, you know, people are aware of what they’re doing? And so I think, you know, it’s just a recognition that is important and just as important as security is your cost. And in some ways security is part of your cost story. Because if you bankrupt your company, that’s a pretty bad security situation.”

10:17 Introducing Managed OpenSearch: Gain Control of Your Cloud with Powerful Log Analysis

• Listen. We don’t really *care* about OpenSearch – but the reality is it’s taking over the world. Nobody is doing ElasticSearch anymore.
• Digital Ocean is launching Managed OpenSearch offering, a comprehensive solution designed for in depth log analysis, simplifying troubleshooting, and optimizing application performance.
• With Digital ocean you can Pinpoint and analyze log data with ease, customize log retention, enhance security and can scale with your business and receive forwarded logs from multiple sources including Digital Ocean droplets, managed databases, etc.
• Interested in pricing? You can find that here. Or, if you’d like to take a product tour, you can do that here.

12:11 Ryan – “It’s the important ones where everything revolves around it and so no on

Welcome to episode 265 of the Cloud Pod Podcast – where the forecast is always cloudy! Justin and Matthew are with you this week, and even though it’s a light news week, you’re definitely going to want to stick around. We’re looking forward to FinOps, talking about updates to Consul, WIF coming to Vault 1.17, and giving an intro to Databricks LakeFlow. Because we needed another lake product. Be sure to stick around for this week’s Cloud Journey series too.

• The CloudPod lets the DataLake flow
• Amazon attempts an international incident in Taiwan
• What’s your Vector Mysql?

01:40 Consul 1.19 improves Kubernetes workflows, snapshot support, and Nomad integration

• Consul 1.19 is now generally available, improving the user experience, providing flexibility and enhancing integration points.
• Consul 1.19 introduces a new registration custom resource definition (CRD) that simplifies the process of registering external services into the mesh.
• Consul service mesh already supports routing to services outside of the mesh through terminating gateways. However, there are advantages to using the new Registration CRD.
• Consul snapshots can now be stored in multiple destinations, previously, you could only snapshot to a local path or to a remote object store destination but not both.
• Now you can take a snapshot of NFS Mounts, San attached Storage, or Object storage.
• Consul API gateways can now be deployed on Nomad, combined with transparent proxy and enterprise features like admin partitions

01:37 Matthew- “What I was surprised about, which I did not know, was that console API gateway can now be deployed on Nomad. Was it not able to be deployed before? Just feels weird… you know, consoles should be able to be deployed on nomad compared to that. You know, it’s all the same company, but sometimes team A doesn’t always talk to team B.”

03:21 Vault 1.17 brings WIF, EST support for PKI, and more

• Vault 1.17 is now generally available with new secure workflows, better performance and improved secrets management scalability.
• Key new features:
  • Workload Identify Federation (WIF) allows you to eliminate concerns around providing security credentials to vault plugins.
  • Using the new support for WIF< a trust relationship can be established between an external system and vault’s identity token provider to access the external system.
  • This enables secretless configuration for plugins that integrate with external systems such as AWS, Azure and GCP.

Welcome to episode 264 of the Cloud Pod Podcast – where the forecast is always cloudy! Justin, Jonathan, Ryan (and eventually) Matthew are all on hand this week – and *announcement noise* this week it’s the return of the Cloud Journey Series! There’s also a lot of news from Re:inforce, a ground-breaking partnership between Oracle and Google Cloud, and updates to GKE. The guys also look ahead to Finops ‘24.

• First, AI came for Writers/Artists, then it came for Developers, and now it comes for Security… What’s Next?
• Amazon Reinforces my Lack of Interest in Attending – JPB rl
• Object Storage Malware protection, everyone, please copy it!
• Amazon is the last man out in Oracle next-gen partnerships
• Dear Google, A partnership with Oracle is not Groundbreaking when Azure already did it
• AWS Announces some “We finally got around to it feature updates”
• Protect your S3 buckets from themselves with Amazon Guard Duty
• The CloudPod and AI play Guess Who? with IAM Access Analyzer.

01:04 Simplify risk and compliance assessments with the new common control library in AWS Audit Manager

• AWS Audit Manager is introducing a common control library that provides common controls with predefined and pre-mapped AWS data sources.
• This makes it easy for the GRC teams to use the common control library to save time when mapping enterprise controls into Audit Manager for evidence collection, reducing their dependence on IT teams.
• You can view the compliance requirements for multiple frameworks such as PCI or HIPAA, associated with the same common control in one place, making it easier to understand your audit readiness across multiple frameworks simultaneously.
• Interested in pricing? You can find that info here.

01:37 Ryan – “It’s the dream! Automated evidence generation. And now with the context of known frameworks. Yeah; because that’s always the challenge, you know, are the last step of the translation – this is the control. Hey, we need all these controls to do this level of compliance.”

04:36 Centrally manage member account root email addresses across your AWS Organization

• 2017 Justin is really digging all these quality-of-life features coming out, and we like to think that AWS has just finally gotten to our pile of feature requests from back then.
• This week, it’s now easier for AWS Organizations customers to centrally manage the root email address of member accounts across their organization using the CLI, SDK and Organizations Console.
• They had previously made it possible to update primary and alternative contact information and enable AWS regions for their accounts. However you would still need to log in as the r