今日已更新 166 条资讯 | 累计 20138 条内容
关于我们

标签:#Infrastructure

找到 70 篇相关文章

AI 资讯

How to Renew an Apache SSL Certificate with Restricted SSH and WinSCP Permissions

When managing production enterprise infrastructure, you rarely have direct root access via SFTP or SSH for security reasons. Instead, you often have to navigate multi-layered permissions—logging in as a standard user, transferring files locally, and escalating privileges via CLI to finalize configurations. In this tutorial, we will walk through the step-by-step procedure to safely renew an Apache SSL certificate under a restricted environment where WinSCP access is limited to a non-root user (sysops), requiring command-line intervention to complete the installation. Prerequisites A target Apache web server (CentOS/RHEL-based configuration using /etc/httpd/). A standard user account (sysops) with sudo privileges. The new SSL certificate (.crt) and CA bundle/chain file ready on your local machine. Step 1: Backup Existing Certificates Before making any changes to production security files, always back up the working configuration. Access the server via PuTTY using the sysops account, and switch to the root user or use sudo to create a backup of your existing keys: sudo cp /etc/httpd/server.crt /etc/httpd/server.crt.bak sudo cp /etc/httpd/server.key /etc/httpd/server.key.bak Step 2: Stage the New Certificates via WinSCP Because your WinSCP session cannot log in directly as root, you must stage the files in a directory your user owns. Open WinSCP and log in using your sysops credentials. Upload your new certificate files (nouveau_certificat.crt and nouveau_certificat_chain.pem) directly into your home directory: /home/sysops/. Step 3: Install and Replace the Certificates Now, return to your terminal session (PuTTY) to move the files from your staging directory to the protected Apache directory using elevated privileges. Copy the new primary certificate sudo cp /home/sysops/nouveau_certificat.crt /etc/httpd/server.crt Copy the new certificate chain / CA bundle sudo cp /home/sysops/nouveau_certificat_chain.pem /etc/httpd/server-ca.crt Step 4: Verify Permissions and Ownersh

2026-06-02 原文 →
AI 资讯

Why Most Disaster Recovery Tests Don't Test Recovery

The test passed. The runbook completed. Infrastructure came back online inside the RTO window. None of that means the organization can recover from an actual disaster. Disaster recovery testing is designed to succeed. Clean environments, pre-staged dependencies, known failure modes, available staff — each design decision is operationally reasonable. Collectively they remove the conditions that make real recovery hard. What the test validates is test completion, not recovery capability. The Test Is Designed to Pass Every design decision in a standard DR test tilts toward a successful outcome. The test window is pre-announced, so the right engineers are available. The scope is pre-defined, so unexpected systems don't surface mid-exercise. The environment is either isolated or pre-staged, so competing failures don't complicate the recovery sequence. The data state is known and clean, so integrity issues don't slow the restore. The declaration point is assumed, so nobody has to make an ambiguous call under pressure. A test designed to remove the variables that make recovery hard cannot produce evidence about what happens when those variables are present. What Disaster Recovery Testing Actually Excludes Declaration threshold. In a DR test, recovery starts at a pre-agreed time. In a real incident, recovery starts when someone decides the situation has crossed the threshold for declaration — a decision that is rarely clean and routinely delayed 45 minutes to several hours. That delay is inside the real outage window and outside the test clock. Dependency assumptions. DR tests run against known, pre-cleared dependencies. Real incidents surface undocumented dependencies that were never in scope — a configuration service that hasn't been touched in two years, an authentication endpoint that wasn't in the architecture diagram. Data state. Test environments use clean or pre-staged data. Real recovery requires handling whatever state the data was in at the moment of failure — pa

2026-06-02 原文 →
AI 资讯

AI Placement Decisions Are Architecture, Not Optimization

AI placement latency is not the problem most teams think they are managing. The default framing treats it as an optimization variable — pick the cheapest compute that meets the SLA, centralize inference, optimize for utilization, revisit locality later when the architecture matures. That framing is wrong in a way that compounds over time. AI placement decisions are not continuously reversible optimization choices. They are architectural commitments that harden incrementally — through inference path configuration, data gravity, routing dependencies, and runtime behavior that normalizes around whatever topology you chose first. By the time latency SLAs begin failing, the placement topology is already embedded across routing, observability, and application behavior. The remediation cost is not an optimization exercise. It is a re-architecture. The First Optimization Becomes the Permanent One Cost is the default optimization axis for AI placement decisions. Centralized GPU clusters are cheaper to operate per token than distributed inference endpoints. Utilization density justifies centralization on paper. Procurement processes reward it. FinOps tooling measures it. So teams centralize. They optimize the compute economics. They defer locality decisions to a later phase when requirements are better understood. That later phase rarely arrives before the architecture has already made the locality decision implicitly — through the inference paths built against a centralized endpoint, the data gravity that formed around it, and the application behavior that normalized against the latency profile it produced. The pattern this creates is latency debt: accumulated runtime latency overhead from placement decisions that optimized for cost before locality requirements were operationally visible. It accrues gradually, stays invisible until something triggers it, and is significantly more expensive to resolve after the fact than it would have been to avoid at design time. It does not

2026-05-30 原文 →
AI 资讯

How Meta Rebuilt Data Ingestion for Petabyte-Scale Reliability

The engineering team at Meta recently outlined how the company migrated a data ingestion platform that transfers several petabytes of MySQL social graph data daily to improve reliability and operational efficiency. The team used techniques like reverse shadowing and continuous checksum monitoring to ensure zero downtime during the transition. By Renato Losio

2026-05-30 原文 →
AI 资讯

The Platform Team Became a Finance Team

Platform team sprint planning in 2026 begins with budget allocation, not architecture review. The first question is no longer "what do we need to build?" — it's "what can we afford to run?" This is not FinOps adoption. This is authority displacement. The platform team became a finance team because the control plane for infrastructure decisions migrated from architecture governance to budget governance. Cost constraints don't inform architectural decisions anymore — they dictate them. And when financial systems gain veto authority over technical systems, resilience becomes the variable that adjusts. Platform team cost governance is now the primary control surface. Architecture is secondary. How We Got Here The timeline is sharper than most organizations admit. 2018–2022 was the cloud adoption phase. Platform teams built for scale. Multi-region resilience was standard. Observability was deep. Auto-scaling was elastic. Architectural requirements shaped cost models. The budget followed the design. 2023–2024 brought FinOps as a cost visibility layer. Teams could finally see where money was going. Dashboards got built. Anomaly detection got configured. Attribution models got refined. But visibility was still separate from authority. The FinOps team reported. The platform team decided. 2025–2026 is when cost governance moved from reporting to gating. The turning point: platform teams stopped asking "can we build this?" and started asking "can we afford this?" Engineering roadmaps became cost roadmaps. Feature requests now come with budget allocation approvals. Architecture reviews now include CFO sign-off gates. This shift introduced Budget-Normalized Architecture — systems designed around predictable monthly spend targets instead of operational resilience targets. The architecture no longer optimizes for failure domains, latency requirements, or recovery objectives. It optimizes for staying under the cost ceiling. Cost governance expanded because engineering governance fa

2026-05-28 原文 →
AI 资讯

Google just redesigned the search box for the first time in 25 years — here’s why it matters more than you think.

For a quarter century, the Google search box has been one of the most recognizable interfaces in computing: a thin white rectangle, a blinking cursor, a few typed words, and a list of blue links. On Tuesday, Google will formally retire that paradigm. At its annual I/O developer conference , Google announced a sweeping redesign of the search box itself — the literal text field where billions of queries begin every day — transforming it from a simple keyword input into a dynamic, AI-driven conversation starter that can accept text, images, PDFs, videos, and even open Chrome tabs as inputs. The company is also merging its AI Overviews and AI Mode features into a single, seamless search flow, eliminating the friction that previously forced users to choose between a traditional results page and an AI-forward experience. Liz Reid, Google's vice president and head of Search, called it "the biggest upgrade to our iconic search box since its debut over 25 years ago" during a press briefing on Monday. The announcement arrived alongside a blizzard of other news — new Gemini models , a personal AI agent called Spark , an intelligent shopping cart , a reimagined developer platform — but the search box redesign may prove to be the most consequential. It is the clearest signal yet that Google views the future of its flagship product not as a place where users type fragmented keywords, but as an interface where they hold open-ended, multimodal conversations with an AI system backed by the entire web. The new search box expands, accepts files, and coaches you on what to ask The changes show a fundamental shift in how Google expects people to interact with the product that generates the vast majority of Alphabet's revenue. The box itself now dynamically expands to accommodate longer, more conversational queries. Where the old interface subtly encouraged brevity — a narrow field suited to two- or three-word keyword strings — the new design invites users to fully articulate complex que

2026-05-20 原文 →
AI 资讯

Railway secures $100 million to challenge AWS with AI-native cloud infrastructure

Railway , a San Francisco-based cloud platform that has quietly amassed two million developers without spending a dollar on marketing, announced Thursday that it raised $100 million in a Series B funding round, as surging demand for artificial intelligence applications exposes the limitations of legacy cloud infrastructure. TQ Ventures led the round, with participation from FPV Ventures , Redpoint , and Unusual Ventures . The investment values Railway as one of the most significant infrastructure startups to emerge during the AI boom, capitalizing on developer frustration with the complexity and cost of traditional platforms like Amazon Web Services and Google Cloud . "As AI models get better at writing code, more and more people are asking the age-old question: where, and how, do I run my applications?" said Jake Cooper, Railway's 28-year-old founder and chief executive, in an exclusive interview with VentureBeat. "The last generation of cloud primitives were slow and outdated, and now with AI moving everything faster, teams simply can't keep up." The funding is a dramatic acceleration for a company that has charted an unconventional path through the cloud computing industry. Railway raised just $24 million in total before this round, including a $20 million Series A from Redpoint in 2022. The company now processes more than 10 million deployments monthly and handles over one trillion requests through its edge network — metrics that rival far larger and better-funded competitors. Why three-minute deploy times have become unacceptable in the age of AI coding assistants Railway's pitch rests on a simple observation: the tools developers use to deploy and manage software were designed for a slower era. A standard build-and-deploy cycle using Terraform , the industry-standard infrastructure tool, takes two to three minutes. That delay, once tolerable, has become a critical bottleneck as AI coding assistants like Claude , ChatGPT , and Cursor can generate working code i

2026-01-22 原文 →
AI 资讯

Claude Code costs up to $200 a month. Goose does the same thing for free.

The artificial intelligence coding revolution comes with a catch: it's expensive. Claude Code , Anthropic's terminal-based AI agent that can write, debug, and deploy code autonomously, has captured the imagination of software developers worldwide. But its pricing — ranging from $20 to $200 per month depending on usage — has sparked a growing rebellion among the very programmers it aims to serve. Now, a free alternative is gaining traction. Goose , an open-source AI agent developed by Block (the financial technology company formerly known as Square), offers nearly identical functionality to Claude Code but runs entirely on a user's local machine. No subscription fees. No cloud dependency. No rate limits that reset every five hours. "Your data stays with you, period," said Parth Sareen, a software engineer who demonstrated the tool during a recent livestream . The comment captures the core appeal: Goose gives developers complete control over their AI-powered workflow, including the ability to work offline — even on an airplane. The project has exploded in popularity. Goose now boasts more than 26,100 stars on GitHub , the code-sharing platform, with 362 contributors and 102 releases since its launch. The latest version, 1.20.1 , shipped on January 19, 2026, reflecting a development pace that rivals commercial products. For developers frustrated by Claude Code's pricing structure and usage caps, Goose represents something increasingly rare in the AI industry: a genuinely free, no-strings-attached option for serious work. Anthropic's new rate limits spark a developer revolt To understand why Goose matters, you need to understand the Claude Code pricing controversy . Anthropic, the San Francisco artificial intelligence company founded by former OpenAI executives, offers Claude Code as part of its subscription tiers. The free plan provides no access whatsoever. The Pro plan , at $17 per month with annual billing (or $20 monthly), limits users to just 10 to 40 prompts ever

2026-01-19 原文 →