tcp.fm

293: Terraform Apply – Output Pizza

Listen Later

Welcome to episode 293 of The Cloud Pod – where the forecast is always cloudy! This week we’ve got a lot of new and, surprise, a new installment of Cloud Journey AND and aftershow – so make sure to stay tuned for that! We’ve got undersea cables, Go 1.24, Wasm, Anthropic and more. 

Titles we almost went with this week:
  • Lets Go!
  • Under Sea cables make AI go BRRRRRR
  • The CloudPod says it will grow the listeners by 10x by 2027
    • A big thanks to this week’s sponsor:

    We’re sponsorless! Want to get your brand, company, or service in front of a very enthusiastic group of cloud news seekers? You’ve come to the right place! Send us an email or hit us up on our slack channel for more info. 

    General News

    01:30 Go 1.24 is released! 

    • Go 1.24 has been released with a bunch of improvements! 
    • Go now fully supports generic type aliases.
    • It also includes several performance improvements to the runtime that have reduced CPU overhead by 2-3% on average across a suite of representative benchmarks. (Say that 5 times fast.)
    • Tool improvements around tool dependencies for a module. 
    • The standard library now includes new mechanisms to facilitate FIPS-140-3 compliance. And you know we love some good FIPS-140-3 compliance. 
    • Lastly, it includes some improved WebAssembly support – which we’ll talk about later. 

      • 04:46 Unlocking global AI potential with next-generation subsea infrastructure

      • Meta announced their most ambitious subsea cable endeavor: Project Waterworth. 
      • Once the cable is completed, the project will reach five major continents and span over 50,000 KM (longer than the earth’s circumference) making it the world’s longest subsea cable project using the highest-capacity technology available. 
      • It will bring connectivity to the US, India, Brazil, South Africa, as well as other key regions. 
      • Waterworth will be a multi-billion dollar, multi-year investment to strengthen the scale and reliability of the world’s digital highways by opening three new oceanic corridors with the abundant, high-speed connectivity needed to drive AI innovation around the world.
      • Meta has apparently developed 20 subsea cables over the last decade, including multiple deployments of industry leading subsea cables of 24 fiber pairs, compared to the typical 8 to 16 pairs of other new systems .
      • They are also deploying a first of its kind routing system, maximizing the cable load in deep waters at depths up to 7,000 meters and using enhanced burial techniques in high-risk fault areas, such as shallow waters near the coast, to avoid damage from ship anchors and other hazards. 
      • They wrap up the article by basically saying they’re doing this for AI. Color us surprised. 

        • 06:25 Ryan – “I was sort of surprised that this is where Meta is investing. I don’t think of them in that space, like I do internet providers and cloud hyperscalers.”

        AI Is Going Great – Or How ML Makes All Its Money  

        07:50 Sam Altman lays out roadmap for OpenAI’s long-awaited GPT-5 model 

        • Sam Altman announced a roadmap for how Open AI plans to release GPT-5, the long awaited followup to GPT 4.  
        • Altman said it would be coming in “months,” suggesting a release later this year.
        • He further explained on X that they plan to ship GPT 4.5 – previously known as Orion – in “weeks” as their last non-simulated reasoning model.  Simulated reasoning like o3 uses a special technique to iteratively process problems posed by users more deeply, but they are slower than conventional LLM like GPT-4o, and not ideal for all tasks. 
        • After 4.5, GPT 5 will be a system that brings together features from across the current AI Model lineup, including conventional AI models, SR models, and specialized models that do tasks like web search and research. 

          • 08:54 Justin – “I’m definitely very interested in how, you know, like where does AGI come into their roadmap? Like I know they keep talking about it soon. Like, is that this year’s problem? Is that a problem next year? Is that a next decade problem? Like I don’t really know when AGI is going to be real on what their timeline looks like.”

          09:31 Anthropic Strikes Back

          • Everyone has been waiting for Anthropic to produce a reasoning model.  
          • From reporting on The Information, they say Anthropic is taking a different approach to reasoning. 
          • It developed a hybrid AI model that includes reasoning capabilities, which basically means the model uses more computation resources to calculate answers to hard questions, but the model can also handle simpler tasks quickly, without the extra work by acting like a normal LLM.
          • The company reportedly plans to release it in the next few weeks. 

            • 10:31 Anthropic Projects Soaring Growth to $34.5 Billion in 2027 Revenue  

            • More reporting from The Information also alleges that current revenue for Anthropic is $3.7 Billion, with a projection that revenue could grow to $34.5 billion in 2027. 

              • 11:08 Ryan – “I don’t recommend anyone take investment advice from The Cloud Pod…”

              Cloud Tools

              11:37 The Terraform plugin for the Dominos Pizza provider 

              • When you’re been writing a lot of Terraform code, it can sometimes make you hungry for some pizza. This provider can help you out! 
              • The Domino Terraform provider exists to ensure that while you’re waiting for your cloud infrastructure to spin up, you can get a hot pizza delivered.
              • This is powered by the expansion of the Terraform resource model into the physical world, inspired by the Google Rest API for interconnects.  
              • The provider configuration is straightforward (although we’re disappointed that the credit card isn’t “sensitive.”
              • We truly are living in advanced times. 

                • 12:55 Matthew – “There is a feature for hash card vault support for credit card data. And you know, another one which blocks the addition of pineapple as a topping.”

                *Listener note: If anyone tries this, let us know how it goes! 

                AWS 

                14:30 AWS CloudTrail network activity events for VPC endpoints now generally available

                • AWS is announcing the GA of network activity events for VPC endpoints in CloudTrail
                • This feature helps you to record and monitor AWS API activity traversing your VPC endpoints, helping you strengthen your data perimeter and implement better detective controls. 
                • Previously, it was hard to detect potential data exfiltration attempts and unauthorized access to the resources within your network through VPC endpoints.  
                • While VPC endpoint policies could be configured to prevent access from external accounts, there was no built in mechanism to log a denied action or detect when external credentials were used at a VPC endpoint. 
                • Now you can opt in to log all AWS API activity passing through your VPC endpoints. Cloudtrail records these events as a new event type called network activity events, which capture both control plane and data plane actions passing through a VPC endpoint. 
                • Network activity events in CloudTrail provide several key benefits:
                  • Comprehensive Visibility
                  • External credential detection
                  • Data exfiltration prevention
                  • Enhanced security monitoring 
                  • Visibility for regulatory compliance

                    • 15:21 Ryan – “Yeah, this is a neat feature. As someone who remembers, I guess remembers or dreads, can’t, I’m not sure what’s the right word, trying to troubleshoot connectivity to a private endpoint from a data center connectivity. There really is just no visibility or was until this feature was announced. So this is, I think, a fantastic addition and being able to log that information and act on that information for security purposes.”

                    20:03 Introducing the AWS Trust Center  

                    • AWS is working to earn your trust as it is one of their core leadership principles with the launch of AWS Trust Center, a new online resource that shares how AWS approaches securing your assets in the cloud. 
                    • The AWS Trust Center is a window into their security practices, compliance programs and data protection controls that demonstrate how they work to earn your trust every day. 
                    • AWS artifact? 

                      • 20:45 Ryan – “I know that the artifacts was seemingly very hard for non-technical auditors to navigate. And I’ve had to spend a lot of time walking people through that. So anything that makes this easier. I haven’t looked at this landing page, but I’m hoping that it’s sort of geared towards that audience of compliance people who are building reports for very specific frameworks. And it sort of lays it all out in an easy to find manner.”

                      22:57 Amazon Inspector enhances the security engine for container images scanning

                      • Amazon Inspector has updated its engine powering container image scanning for ECR. This upgrade will give you a more comprehensive view of the vulnerabilities in third party dependencies used in container images. 
                      • This will not disrupt any of your existing workflows. 
                      • Our big question: didn’t’ this already exist? 

                        • 25:12 AWS Secrets and Configuration Provider now integrates with Pod Identity for Amazon EKS  

                        • AWS Secrets Manager Secrets and Configuration Provider now integrates with EKS pod identity. 
                        • This integration simplifies IAM authentication for Amazon EKS when retrieving secrets from AWS Secrets Manager or parameters from AWS Systems Manager Parameter Store. 
                        • With the new features, you can manage IAM permissions for K8 apps more efficiently and securely, enabling granular access control through role session tags on secrets. 

                          • 25:29 Ryan – “This has been a, like a clear area where EKS was not the same offering as in Google or, you know, being able to sort of leverage these identities directly from your pod configuration and your secure, your namespace configuration and be able to tie that to sort of a distributed role identity. So this is something that’s pretty great in terms of being able to provide that. It’s at least one step closer to full workload identity.

                          26:21 AWS Re:inforce Dates announced

                          • Dates just dropped; it’s going to be June 16-18th in Philadelphia. 
                          • Registration opens in March. 
                          • Chris Betz CISO will keynote. 
                          • At least it’s not in Houston in July. 

                            • 28:30 Exploring new subnet management capabilities of Network Load Balancer

                            • You can now remove subnets from NLBs without destroying the entire NLB, matching the capabilities of ALBs.
                            • It’s one of those things you only find out the hard way, It’s nice to have the flexibility now. 
                              • GCP

                              31:17 Deep dive into AI with Google Cloud’s global generative AI roadshow

                              • Google is on the road with their Generative AI roadshow!  
                              • This event provides practical code-level engagement with Google’s most advanced AI technologies. 
                              • These events will show you how to leverage everything from Google Cloud Infrastructure to the latest Gemini 2.0 models. 
                              • They started in India and then moved on to Europe and APAC, with the Bay, Seattle and Austin all getting visits in March 2025. 
                              • Ryan’s take: It’s worth your time if there’s an event near you. 

                                • 36:31 With MultiKueue, grab GPUs for your GKE cluster, wherever they may be   

                                • AI and LLM’s are experiencing explosive growth powering applications like machine translation to artistic creations. These technologies rely on intensive computations that require specialized hardware resources, like GPUs. 
                                • To address scarcity in GPU’s, Google introduced the dynamic workload scheduler, and it transformed how you access and use GPU resources, particularly within a GKE cluster.  
                                • In addition, DWS offered an easy and straightforward integration between GKE and Kueue, a cloud-native job scheduler making it easier than ever to access GPUs quickly in a given region for a given GKE cluster.
                                • But what if you can use multiple regions, so you can get it done ASAP. This is what today’s announcement is all about with MultiKueue, a Kueue feature. With MK GKE and DWS can wait for accelerators in multiple regions.  
                                • DWS automatically provisions resources in the best GKE clusters as soon as they are available. By submitting workloads to the global queue, MK executes them in the region with available GPU resources helping to optimize global resource usage.  

                                  • 25:29 Matthew – “What I found interesting about this is that this is something that Amazon and Microsoft really can’t do because of the way Google is built at a global VNet level or VPC level, where each of the other ones have isolated regions. So this is something that because of the way Google is instructed with that global VPC, you have the ability to more easily burst into other regions, versus on AWS or Microsoft, you have to build a VPC or VNet and then launch your workloads in there and then connect it all back. So it’s actually an interesting win that, you know, win or loss, depending on how you want to view it, that Google has, and that they are able to say, just go use the access capacity here. Don’t really worry about data, you know, laws or anything else that you might have to worry about. But, you know, you have this ability to go grab these things in these other places that could be cheaper or more expensive depending on where your origin of everything is.”

                                  41:27 Announcing Wasm support in Go 1.24

                                  • As we talked earlier, Google has released Go 1.24, the latest version of Google’s OS programming language. 
                                  • There is a lot to love that we covered earlier, but it also significantly expands its capabilities for WebAssembly (Wasm) a binary instruction format that provides for the execution of high-performance, low-level code at speeds approaching native performance. 
                                  • With a new go:wasmexport compiler directive and the ability to build a reactor for WebAssembly System Interface (WASI), developers now export functions from their Go code to Wasm, including long-running apps. 

                                    • 42:01 Justin – “…if you can just natively go into WebAssembly from Go, I think that’s a nice feature. Yeah, one more reason why I should learn more Go. Yeah, I keep working on Python, but I could also learn Go. Maybe I could get some more utility out of Go, I think.”

                                    Azure

                                    43:02 Securing DeepSeek and other AI systems with Microsoft Security 

                                    • With recent concerns around security and deepseek, Microsoft is capitalizing with this helpful article on securing DeepSeek and others with Microsoft Security
                                    • They highlight several things for security around your AI estate
                                      • Azure AI Foundry’s Azure AI Content Safety, built in content filtering available by default to help detect and block malicious, harmful, or ungrounded content, with opt out options for flexibility.
                                      • Security Posture Management with Microsoft Defender for Cloud AI security posture management capabilities
                                      • See all the data via cyberthreat protection with Microsoft Defender for cloud allowing your SOC to review logs and telemetry to block real time attacks against the AI as well as XDR capabilities to further analyze threats. 
                                      • Integrations with Purview DLP and Purview Data Security Posture Management. 

                                        • 44:03 Ryan – “…the reaction to DeepSeek I find hilarious more than the tool itself, you know, because it is just sort of like, wait, China, no, we have to secure this stuff. And, you know, everyone knew about the security concerns of sending data to AI and sort of, you know, like, yeah, no, this is a thing to be aware of. then immediately forgot it. But the minute it was being sent to a Chinese company, was a different reaction in the industry. And so I definitely think that Azure is capitalizing on this for sure.”

                                        46:39 Microsoft Cost Management updates—February 2025 

                                        • Microsoft is rolling out a bunch of cool things in the world of finops this week. Woo!
                                        • For those of you with an EA agreement, you can now use the Cost allocation field so you can support cost allocations based on hierarchy based on departments and accounts. 
                                        • Copilot has been a good way to get your cost queries answered using natural language.  With view in cost analysis functionality you can also directly navigate to cost analysis to a custom view based on your prompts.  
                                        • Now to that powerful capability they are giving sample prompts (nudges) to the overview page to encourage and guide users to interact with copilot more effectively.
                                        • Azure has built out some FOCUS introduction lessons for use with Azure to help you apply Finops Focus best practices directly to your environment. 

                                          • 47:27 Matthew – “The nudges are kind of useful and they’ve been adding copilot into the console. And then I have fun with it when it’s like, you know, internal server errors, why my instance didn’t scale up properly. And then I just say, copilot, tell me what’s wrong. And it goes, yo, open a support ticket or like try turning it back on and off again.”

                                          49:45 Generally Available: Scheduled Load Tests in Azure Load Testing

                                          • Scheduling tests allows you to run tests at a later time or run at a regular cadence. Azure Load Testing supports adding one schedule to a test. You can add a schedule to a test after creating it.

                                            • 51:27 GA: 6th Generation Intel-Based VMS – DV6-EV6

                                            • New 5th Gen Intel® Xeon® Platinum 8537C (Emerald Rapids) processor
                                              • Up to 27% higher vCPU performance and 3x larger L3 cache than the previous generation Intel Dl/D/Ev5 VMs 
                                              • Up to 192vCPU and >18GiB of memory 
                                              • Azure Boost which enables: 
                                                • Up to 400k IOPS and 12 GB/s remote storage throughput 
                                                • Up to 200 Gbps VM network bandwidth 
                                                • 46% larger local SSD capacity and >3X read IOPS 
                                                • NVMe interface for local and remote disks 
                                                • Enhanced security through Total Memory Encryption (TME) technology.
                                                • Woo.
                                                • We still hate their naming conventions. 
                                                  • Cloud Journey Series

                                                  Yes – It’s back! 

                                                  53:10 Should all developers learn Infrastructure as Code? 

                                                  Aftershow

                                                  Yes, This is back too! 

                                                  1:03:02 Man offers to buy city dump in last-ditch effort to recover $800M in  bitcoins 

                                                    • James Howell is back in the news, the IT Pro who lost 8,000 bitcoins in a landfill more than a decade ago, thinks he has one last chance to dig up his buried treasure before it’s lost forever – by buying the landfill itself. 
                                                    • This has been an ongoing legal battle for a while, with the latest curve being the Newport city council in Wales, has decided to close the landfill.  He has offered to buy it, if approved he would remove every piece of trash — clearing out thousands of tons and potentially sparing the city the cost of cleaning the site. He would use “a scanner with AI-trained detection technology” and a magnetic belt to surface his long lost hard drive containing the only copy of the 51-character private key he needs to get back into his crypto wallet. 
                                                    • But the Newport council appears unlikely to accept Howells offer. The city has already secured permission to develop a solar farm on a portion of the landfill property. 
                                                    • Howell would rather clean it up and turn it into a park, but the council believes the solar project is a better use. 
                                                    • They have regularly ignored his advances, including his offer to share the money with them. 
                                                    • “This needle is very, very, very valuable—$800 million,” Howells told The Times. “Which means I’m willing to search every piece of hay in order to find the needle.”
                                                      • Closing

                                                      And that is the week in the cloud! Visit our website, the home of the Cloud Pod where you can join our newsletter, slack team, send feedback or ask questions at theCloud Pod.net or tweet at us with hashtag #theCloudPod

                                                      ...more
                                                      View all episodesView all episodes
                                                      Download on the App Store
                                                      tcp.fmBy Justin Brodley, Jonathan Baker, Ryan Lucas and Matt Kohn