AI 资讯
Apple Extends Private Cloud Compute to Google Cloud for the First Time
Apple chose Google Cloud to run Private Cloud Compute outside its own data centers for the first time, using NVIDIA Blackwell GPUs, Intel TDX, and Google's Titan chip. Apple maintains an independent append-only hardware ledger and dual-vendor attestation roots. AWS and Azure are not part of the collaboration. By Steef-Jan Wiggers
AI 资讯
How I Built an Ultra-Fast Bilingual Dictionary Handling 293,000+ Words on the Edge
Every developer has that one project. The passion build that sits in the back of your mind for months—or even years—before you finally sit down, crack your knuckles, and make it a reality. For me, that project was building a modern, open-access bilingual digital lexicon bridging English and Assamese: AssameseDictionary.org . While it started as a personal milestone dream, it quickly turned into a massive data engineering and architecture challenge. Here is how I tackled parsing a massive vocabulary database and serving it globally with near-zero latency. 🏗️ The Core Challenge: Scale vs. Speed A dictionary isn't like a standard SaaS app or landing page. It lives and dies by its database depth. To make this a truly definitive tool, I compiled, cleaned, and programmatically validated an extensive vocabulary index mapping over 293,000 words . The dataset doesn't just hold simple translations; it maps complex bidirectional lookups, phonetic transliterations, advanced English definitions, context usage examples, and cross-linked synonym tokens. If I threw this massive dataset into a traditional relational database hooked up to a standard server setup, I ran into immediate roadblocks: Latency: Heavy search queries on a dataset this size can cause noticeable lag. Cost/Overhead: Maintaining and scaling database servers for unpredictable public traffic gets expensive fast. I wanted the search utility to snap back instantly. To achieve that, I had to ditch traditional server paradigms entirely. ⚡ The Architecture: Serverless Edge Caching To keep things ultra-lightweight, highly cost-effective, and blazing fast, I built the platform around an edge-computing topology: The Runtime: I offloaded the backend logic entirely to Cloudflare Workers . Instead of routing traffic to a centralized origin server, queries are intercepted and executed at serverless edge locations physically closest to the user. The Data Layer: Instead of an active SQL database bottleneck, I mapped the data mat
AI 资讯
Neocloud Together AI raises $800M, leaps to $8.3B valuation
The AI neocloud provider, which specializes in hosting open source models, last raised at a $3.3 billion valuation in early 2025.
AI 资讯
Cloudflare’s new policy pushes AI companies to pay for publishers’ content
Cloudflare is giving AI companies until September 15 to separate web crawlers used for search from those used for AI training and agents, or risk being blocked by default on many publisher sites.
AI 资讯
Prepare Application Artifacts To Be Deployed To AWS | 🏗️ Build A Multi-Environment Serverless App
Exam Guide: Developer - Associate 🏗️ Domain 3: Deployment 📘 Task 1: Prepare Application Artifacts To Be Deployed To AWS Before you can deploy anything to AWS, you need to package it properly. This task covers Lambda deployment packaging (zip vs container), managing dependencies, structuring projects for multi-environment deployment, and using AWS AppConfig for runtime configuration. 📘Concepts Lambda Deployment Packaging Options Option Max Size Build Complexity Cold Start Best For Zip Package (inline editor) 3 MB (editor limit) None Fastest Simple functions, no dependencies Zip Package (upload) 50 MB compressed / 250 MB uncompressed Low Fast Most Lambda functions Zip + Lambda Layers 250 MB total (function + all layers) Medium Fast Shared dependencies across functions Container Image 10 GB Higher Slower (first invoke) ML libraries, large dependencies, custom runtimes 💡 If a scenario is about a deployment package exceeding 250 MB, the answer is container images. If it mentions sharing dependencies across multiple functions, the answer is Lambda Layers. Zip is the default for most workloads. Lambda Layers Aspect Detail What They Are Zip archives containing libraries, custom runtimes, or other dependencies Max Layers Per Function 5 Size Limit 250 MB total (function code + all layers uncompressed) Versioning Each publish creates an immutable version Sharing Can be shared across functions, accounts, or made public Path Contents extracted to /opt in the execution environment Dependency Management Strategies Strategy How It Works Pros Cons Bundle In Zip Install deps into package directory, zip together Simple, self-contained Larger package, duplicated across functions Lambda Layers Package deps as a layer, attach to functions Shared across functions, smaller deploys Layer version management, 5-layer limit Container Image Install deps in Dockerfile Full control, large deps supported Slower cold starts, ECR management sam build SAM resolves deps from requirements.txt automatic
AI 资讯
How to right-size RDS instances without downtime
Quick Answer (TL;DR) Modifying an RDS instance class in place causes 5 to 15 minutes of downtime while AWS reboots the database. To right-size without downtime, use RDS Blue/Green Deployments (fastest, cleanest), a read-replica promotion (works on older engines), or a Multi-AZ failover to a resized standby. Blue/Green is the 2026 default for most workloads on MySQL, MariaDB, Postgres, and now SQL Server. Why this happens RDS instances are Managed EC2 hosts running the DB engine, and a class change (say db.m6i.large to db.m6i.xlarge ) requires stopping the process, migrating the EBS volumes to a new host, and restarting. AWS's default "modify" workflow does this in place and warns you about downtime. The workarounds exist because that reboot is unacceptable for user-facing services, so you build the new instance alongside the old one and cut over. Fix #1: Use RDS Blue/Green Deployments The 2026 default. Available for RDS MySQL, MariaDB, PostgreSQL, and SQL Server (added mid-2025). Steps: In the RDS console, select the instance and choose Actions → Create Blue/Green Deployment . Set the Green instance to your target instance class. AWS creates a full standby using logical replication, keeps it in sync, and validates health. When ready, click Switch over . Cutover typically takes under 60 seconds. Applications reconnect using the same endpoint. Command-line equivalent: aws rds create-blue-green-deployment --blue-green-deployment-name resize-prod --source arn:aws:rds:... --target-db-instance-class db.m6i.xlarge Best when: your engine supports it and you can tolerate the extra cost of running two instances for the sync window. Fix #2: Read-replica promotion For engines or versions that do not yet support Blue/Green, or for cross-region resizing. Steps: Create a read replica with the desired new instance class. Wait for the replica to catch up (near-zero lag). Point application writes to the read replica endpoint (requires connection-string change or DNS switch). Promote
AI 资讯
EC2 Spot vs On-Demand: the true cost difference in 2026
Quick Answer (TL;DR) EC2 Spot lists at up to 90% off On-Demand , but the effective savings after accounting for interruptions, engineering overhead, and workload retries land closer to 40 to 60% for most teams in 2026. Spot wins for stateless, retryable, or checkpointable workloads. It loses money on single-instance stateful services with strict SLAs. The honest formula: True savings = Spot discount × Utilization ÷ (1 + Interruption overhead) . Why the sticker discount is misleading The Spot price is a market price. AWS sets it against unused capacity in a given instance family, region, and Availability Zone, and it can move in minutes. The 90% headline is the maximum discount for a rarely-used instance family in an off-peak region. The workhorses ( m6i , c7i , r7g in us-east-1 ) usually sit at 55 to 75% off. Then there is the hidden cost of interruption. AWS gives a 2-minute warning before reclaiming a Spot instance. Handling that gracefully requires either a stateless workload, a checkpointed job, or careful autoscaler wiring. Teams that do not build for interruption end up with retries, half-finished batches, and engineering time that erases the savings. Fix #1: Diversify across instance types and AZs The single most effective way to reduce Spot interruption rate. Instead of asking for m6i.large specifically, ask for "any of m6i.large , m6a.large , m7i.large , m7a.large in any AZ." AWS pools capacity across the diversification pool. With Karpenter or Auto Scaling Groups: Set the NodePool or ASG's requirements to allow 5 to 15 instance types across families. Include both x86 and ARM (Graviton) options when your workload runs on both. Enable capacity-optimized-prioritized allocation strategy, which picks the deepest capacity pool at launch. Result: interruption rate drops from ~5% per instance-hour to under 1% on most workloads. Fix #2: Use Spot for the right workload shape Not every workload should be on Spot. The rule I use: Great fits : batch processing, data pi
AI 资讯
AWS EFS Essentials — Shared File Storage Across Multiple EC2 Instances
Part of my AWS learning journey — transitioning from Systems Engineer to Cloud/DevOps. This session covers Amazon EFS — shared storage that multiple EC2 instances can read/write simultaneously. 📋 Topics Covered # Topic Type 1 What is Amazon EFS Concept 2 EFS vs EBS vs S3 Concept + Interview 3 EFS Architecture (Mount Targets, AZs, NFS) Concept + Cert 4 Mounting — What It Means Concept 5 Mount Targets & Security Group Config Concept + Lab 6 EFS Storage Classes Concept + Cert 7 EFS Lifecycle Management & Policies Concept + Cert 8 EFS Performance Modes & Throughput Modes Concept + Cert 9 Benefits of EFS Concept 10 Security & Encryption Concept + Interview 11 EFS Pricing & Cost Optimization Concept 12 Lab: Launch 2 EC2 Instances Lab 13 Lab: Create & Configure EFS Lab 14 Lab: Mount EFS on Both Instances Lab 15 Lab: Demonstrate File Sharing Lab 16 Cleanup Checklist Lab 17 Assignment — Independent Repeat Practice What is Amazon EFS? EFS = Elastic File System — a fully managed, auto-scaling shared file system that multiple EC2 instances can mount and use at the same time , both reading and writing. Analogy: Think of EBS as a personal hard drive — it belongs to one laptop only. EFS is like a shared Google Drive folder that your entire team can open simultaneously from different computers, see the same files, and edit them in real time. Key characteristics: Uses the NFS 4.1 protocol (Network File System — standard Linux file sharing) Serverless — no capacity to provision, no servers to manage Auto-scales — grows from KB to PB automatically, shrinks when files are deleted Highly available — data replicated across multiple AZs in a Region Pay-as-you-go — billed per GB actually stored, no pre-provisioning EFS vs EBS vs S3 — The Big Comparison This is one of the most commonly tested comparisons in AWS certifications. Feature EBS EFS S3 Access Single EC2 instance only Multiple EC2 instances simultaneously Internet / API, unlimited clients Protocol Block storage NFS v4.1 HTTP/REST (
AI 资讯
The Connected Agent: Scaling Antigravity 2.0 with Google Cloud Data Services and Model Context Protocol
Artificial Intelligence is rapidly evolving from chatbots to autonomous agents capable of...
AI 资讯
Splitting a Terraform Monolith into Smaller States
If your Terraform plans are slow, your blast radius is too wide, or multiple teams are stepping on each other's changes, it's time to split your monolith. See The Problem with Large Terraform States for how to diagnose whether you've reached that point. This guide walks through the process of breaking a monolithic Terraform state into smaller, focused states — and how Snap CD can manage the dependencies between them so you don't have to. The approach 1. Identify natural boundaries Look at your resources and group them by lifecycle and ownership. Common boundaries: Networking — VPCs, subnets, route tables, NAT gateways. Changes rarely, underpins everything. DNS — Zones, records. Usually owned by a platform team. Compute — Kubernetes clusters, VM scale sets, container services. Changes more often, depends on networking. Application infrastructure — Databases, caches, queues, storage accounts. Owned by application teams. Monitoring — Dashboards, alerts, log sinks. Changes frequently, depends on everything but nothing depends on it. A useful test: if two resources would never be changed in the same PR by the same person, they probably belong in different states. 2. Map the dependencies Before you move anything, draw the dependency graph. Which groups produce values that other groups consume? networking dns │ ▲ ▼ │ compute ──────────►─┘ │ ▼ application │ ▼ monitoring The outputs that cross these boundaries are what you'll need to wire up after the split. Typical examples: Networking → Compute: vpc_id , private_subnet_ids Compute → DNS: load_balancer_ip Compute → Application: cluster_endpoint , cluster_ca_certificate Application → Monitoring: database_id , cache_name 3. Use terraform state mv to migrate resources Terraform's state mv command lets you move resources from one state to another without destroying and recreating them. # Initialize the destination state cd modules/networking terraform init # Move resources from the monolith to the new state terraform state mv \
AI 资讯
The Problem with Large Terraform States
At some point every growing Terraform project hits a wall. Plans that used to finish in seconds now take minutes. Applies feel risky because hundreds of resources share a single blast radius. Colleagues avoid running terraform plan because it hammers cloud APIs hard enough to trigger throttling. The state file itself becomes a liability — large, slow to lock, and one bad write away from corruption. This guide covers the symptoms of an oversized state, the band-aids teams reach for, and the structural fix that actually works. How Terraform state works under the hood Every terraform plan does two things: Refresh — for every resource in state, Terraform calls the provider's API to read the current real-world status. A state with 500 resources means 500+ API calls, often more when resources have nested data sources. Diff — compare the refreshed state against the desired configuration and produce a change set. The refresh phase is the bottleneck. It's sequential per provider (parallelism helps across providers, not within one), and every resource pays the cost whether you changed it or not. Adding ten resources to a 500-resource state doesn't make plans 2% slower — it makes the refresh 2% slower on every single plan, for every engineer, forever. Symptoms of a state that's too large Slow plans The most visible symptom. Plan time scales with resource count because every resource is refreshed on every plan, regardless of whether its configuration changed. The exact speed depends on provider — AWS resources with complex nested structures (IAM policies, security group rules) are slower to refresh than simple ones, and Azure resources that require multiple API calls per refresh are worse still. These aren't edge cases — users regularly report 2,900-resource states taking 20–25 minutes to plan and 1,600-resource states taking 8+ minutes . Even starting Terraform with a large state can take minutes before a single API call is made . There's a long-standing proposal for terraform
AI 资讯
Cutting Idle Agent Costs by 90% with Agent Substrate
Cost is everything. In just about every agentic conversation, the three things that come up for enterprises implementing AI workloads are: Cost Observability Security and as AI continues to throw everyone for a loop when it comes to cost management (e.g - Uber running out of the yearly token budget in one quarter), the ability to shrink resource (like hardware) usage will be crucial moving forward. In this blog post, you will learn how to cust costs by 90% using Agent Susbtrate in comparison to Agents running in k8s Deployments/Pods. The Cost Comparison Agents need a place to run. The "place to run" needs to be a platform that's easily managed, orchestrated, and has the ability to cluster resources. Resources like CPU, GPU, and memory need to be able to scale and expand. Without this, it's a matter of manually managing servers that Agents are running on and clients to interact with said server. That's why so many organizations choose Kubernetes to run Agentic. When running Agents per Pod, however, that can get costly very quick in terms of hardware (GPU, CPU, memory) and performance (can your cluster scale up and down quickly based on resource needs when it comes to Agents coming up and going down per use?). The tests in this blog post show: Always-on Agents running in k8s. Actors running in Workers via Agent Substrate And the comparison will be 50 always-on Pods in comparison to 50 Actors across 5-7 Workers (Pods). If there are 50 Agents running per Pod and 50 Agents running per Worker with 5-10 Actors per Pod, you can already imagine the hardware resource savings that can be accomplished. Right now, the majority of organizations start off with the "one Agent per Pod" approach as that's the fastest way to show value and get up and running. For the future, however, Agents in Actors via Agent Substrate will be how organizations deploy when they care about efficiency, optimization, and managing cost. Let's dive in from a hands-on perspective. Prerequisites To follow a
AI 资讯
AWS Launches Lambda MicroVMs for Isolated Agent and User Code Execution
AWS launched Lambda MicroVMs, a new serverless compute primitive that runs each user session or AI agent in its own Firecracker virtual machine with hardware-level isolation, snapshot-based rapid launch, and state preservation for up to eight hours. Reddit community analysis found the minimum setup costs $3.03/day, roughly 9x Fargate spot pricing. By Steef-Jan Wiggers
AI 资讯
🚦 Meet Kueue: Smart Job Queueing for Kubernetes 🧠⚙️
Hey everyone 👋 If you run batch jobs, data pipelines, or any kind of AI and ML training on Kubernetes, you have probably hit this wall. Kubernetes is fantastic at deciding WHERE a pod should run, but it is surprisingly clueless about WHEN a job should start. 😅 You submit ten jobs, the cluster fills up, and the rest just sit there as Pending. No real queue, no priority, no fairness between teams. One noisy team can eat all your expensive nodes while everyone else waits. 🥲 That is exactly the gap Kueue fills, and today I want to walk you through it with a pile of hands on examples you can run on any cluster, even your homelab. 🏡 👉 Key takeaway up front: Kueue is a job level manager that holds your jobs in a real queue and only admits them when there is enough quota to actually run them. 🧪 Everything in this guide was tested against Kueue v0.18.1 using the v1beta2 API. I pinned every command and manifest to that version so you do not get surprised by API drift. 📋 What we will cover ✅ Why Kubernetes needs a queue ✅ The building blocks in plain language ✅ Installing Kueue ✅ Setting up quota with a ResourceFlavor, a ClusterQueue, and a LocalQueue ✅ Submitting a Job and watching it get queued and admitted ✅ Priority based admission ✅ Partial admission and elastic jobs ✅ Multiple resource flavors for x86 and arm ✅ Fair sharing between teams with cohorts ✅ Dedicated quota with a shared fallback ✅ Queueing a plain Pod ✅ Why this matters a lot for GPUs and your cloud bill 🤔 Why Kubernetes needs a queue Native Kubernetes scheduling is pod centric. The scheduler looks at one pod at a time and tries to place it. That works great for long running services. Batch workloads are different. They have a beginning and an end, they often need a fixed chunk of capacity, and they compete with other teams for the same nodes. Without a queueing layer you get: ✅ Jobs that fail or stay Pending when resources are tight ✅ No quota governance, so one team can starve the others ✅ No admission prio
AI 资讯
frontier models are becoming cloud procurement
The interesting part of OpenAI and Codex on AWS is not that another cloud menu got more model names. That part is useful. Enterprises want strong models. Developers want Codex closer to their infrastructure, data, and deployment machinery. The interesting part is that frontier AI is being pulled into the same boring machinery that already governs everything else companies run: procurement, IAM, billing commitments, region policy, audit logs, support contracts, data boundaries, and security review. That sounds like paperwork. It is also how enterprise software becomes real. model access was the easy problem For a while, AI adoption was framed as an access problem. Can we call the model? Can we get enough rate limit? Can we wire the SDK into our product? Can the coding assistant see enough of the repo to be useful? Those are real questions. They are not the end of the story. The next set is much more familiar to anyone who has operated software inside a company: which account owns this usage, which data can cross the boundary, who can create agents, which region runs inference, how the bill is allocated, and what evidence exists when an incident involves model output. That is the part where the demo becomes a platform. OpenAI on AWS matters because many companies already have that platform muscle in AWS. They have IAM, billing, private networking, audit trails, procurement paths, compliance evidence, cost allocation tags, and teams whose job is to make all of this survivable. Putting a frontier model behind that machinery does not make the hard parts disappear. It makes them legible. bedrock is a procurement surface Amazon Bedrock is usually described as a managed model service, which is true and also undersells the point. For enterprises, Bedrock is a procurement and control surface. If OpenAI models and Codex are available through Bedrock, a company can route adoption through an existing cloud relationship instead of creating a new vendor path for every team that wa
AI 资讯
Cloud Resume Challenge
Building a Serverless Resume on AWS I rebuilt my resume as a live AWS application instead of a PDF. It's a static site backed by a real serverless pipeline: a visitor counter that reads and writes to a database, behind an API, deployed through infrastructure as code, with its own CI/CD pipeline pushing updates automatically. I did this through the Cloud Resume Challenge, and this post walks through how it's built and what I actually learned doing it. The Architecture The site itself is static: HTML and CSS, no server rendering anything on the fly. It's hosted in an S3 bucket, sitting behind CloudFront, with Route 53 pointing my custom domain at the CloudFront distribution. Nobody hits S3 directly. Every request goes through CloudFront first, which means consistent load times no matter where in the world someone's loading the page from, and it keeps the actual storage layer shielded from direct traffic. That's the whole story for the page itself. The visitor counter is a separate thing entirely, and it only starts once the page has already finished loading. Once the page renders, JavaScript running in the browser fires off a fetch to API Gateway. API Gateway invokes a Lambda function through a resource policy attached directly to it, that's a different kind of permission than the role Lambda itself uses, one controls who can call Lambda, the other controls what Lambda is allowed to do once it's running. The Lambda function uses its own execution role to read and write a single item in a DynamoDB table: the current visitor count. It increments that number, writes it back, and the result travels back through Lambda, through API Gateway, and into the page, where the count updates on screen. Every piece of this, the S3 bucket, CloudFront, Route 53, the IAM roles, the Lambda function, the DynamoDB table, API Gateway, was provisioned through Terraform. None of it was clicked together in the AWS console. And once it was built, GitHub Actions took over deployment entirely: p
AI 资讯
Podcast: Architectural Patterns: Moving Beyond Cloud-Native to Local-First - Insights from Adam Wiggins
In this episode, Heroku co-founder and Ink & Switch founder Adam Wiggins argues for a 'local-first' architecture that reconciles cloud-based collaboration with the performance and data ownership of local software. He explores the role of CRDTs and version control primitives in non-code domains, and examines how a hybrid AI future might leverage local models for core productivity tasks. By Adam Wiggins
AI 资讯
How Factory Data Actually Gets from Machines and PLCs to the Cloud
Industry 4.0 data collection sounds simple until you look closely at the factory floor. In theory, the flow is clean: machine → gateway → cloud → dashboard In practice, it is usually less tidy. Factories may have PLCs, CNC machines, sensors, meters, inspection systems, production lines, and older equipment all working together. Some devices use Ethernet. Some still rely on serial interfaces. Some data is useful every second. Some data only matters when a machine changes state, crosses a threshold, or triggers an alarm. This is where an industrial edge gateway becomes useful. A gateway such as Robustel EG5120 can sit between factory equipment and upper-layer systems, helping collect selected machine or PLC data, handle it locally where needed, and forward useful information toward cloud or enterprise platforms. That does not mean the gateway replaces PLCs, SCADA, MES, or the cloud. It simply means factory data often needs a practical middle layer before it becomes useful somewhere else. Factory data is not one clean data stream One thing that gets underestimated in Industry 4.0 projects is how mixed the data sources can be. A PLC may provide equipment status, alarms, and process values. A CNC machine may expose cycle information or maintenance indicators. Sensors and meters may generate temperature, vibration, energy, or environmental data. Inspection systems may produce quality-related events or selected result data. A production line may generate throughput signals, downtime events, or operating states. These are all “factory data,” but they do not behave the same way. A machine fault may need quick attention. An energy reading may only need periodic reporting. A repeated sensor value may not need to be sent upstream every time. A quality inspection output may be useful as metadata, but not every raw file is practical to upload continuously.So the first question is not only: Can we connect this machine? A better question is: What data do we actually need, where sho
开发者
Closing the Trust Gap: Automating GKE Incident Response with Antigravity 2.0, GKE MCP, and Artifacts
Anatomy of the Trust Gap Before we can talk about the solution, we need to talk honestly about how...
AI 资讯
Why your Cloudflare Turnstile token works in the browser but 403s from requests
Why your Cloudflare Turnstile token works in the browser but 403s from requests You solved the Turnstile widget. You can see the token in the page. You copy it into your script, POST the form from requests, and the server hands you back a 403 — or a JSON body with "success": false. The token clearly worked a second ago in the browser, so what changed? Short answer: a Turnstile token is not a password you can carry around. It's a one-time, short-lived proof bound to a very specific context, and replaying it from a different context is exactly what it's designed to reject. Below is what that context is, how to tell which constraint you're hitting, and the fix for each. The real scenario You're automating a flow on a Cloudflare-protected site. There's a cf-turnstile widget on the form. You get a token one of two ways: you render the page in a real browser (Playwright/Selenium) and read cf-turnstile-response, or you hand the sitekey + page URL to a solving service and get a token back. Either way, you then submit the form with a plain HTTP client requests, httpx, axios) and it fails. The frustrating part: it's intermittent-looking. The reason it feels random is that there are four separate constraints, and you're usually tripping a different one each time. The four things a Turnstile token is bound to 1. It's single-use Once Cloudflare validates a token server-side (the siteverify call your target makes), that token is spent. Submit twice, retry, or test it once by hand, and the second use returns false. You get a fresh one per submission. 2. It has a short TTL Turnstile tokens expire fast — a few minutes. Solve early, do other work, submit later, and the token can be dead on arrival. The widget auto-refreshes in the browser precisely because tokens go stale; a script that grabs the token and sits on it loses that refresh. 3. It's bound to the sitekey and the page URL Multiple widgets. Some pages embed more than one Turnstile (login + newsletter). Solving the wrong site