Meaning Msft Principal is below L5? I got the same feedback from one of my friends who works at Google. She said quality of former MSFT engineers now working at Google was noticeably lower.
I did not get that impression at all. He mentioned quite a few conversations with partner level employees, technical fellow, principal managers.
The impression I got is he tried to fix things, but the mess is so widespread and decision makers are so comfortable in this mess that nobody wants to stick their necks out and fix things. I got strong NASA Challenger vibes when reading this story…
Why would an Azure customer need to query this service at all? I was not aware this service even exists- because I never needed anything like it. AFAI can tell, this service tells services running on the VM what SKU the VM is. But how is this useful to the service? Any Azure users could tell how they use IMDS? Thanks!
> Why would an Azure customer need to query this service at all? I was not aware this service even exists- because I never needed anything like it.
The "metadata service" is hardly unique to Azure (both GCP & AWS have an equivalent), and it is what you would query to get API credentials to Azure (/GCP/AWS) service APIs. You can assign a service account² to the VM¹, and the code running there can just auto-obtain short-lived credentials, without you ever having to manage any sort of key material (i.e., there is no bearer token / secret access key / RSA key / etc. that you manage).
I.e., easy, automatic access to whatever other Azure services the workload running on that VM requires.
¹and in the case of GCP, even to a Pod in GKE, and the metadata service is aware of that; for all I know AKS/EKS support this too
²I am using this term generically; each cloud provider calls service accounts something different.
I use GCP, but it also has the idea of a metadata server. When you use a Google Cloud library in your server code like PubSub or Firestore or GCS or BigQuery, it is automatically authenticated as the service account you assigned to that VM (or K8S deployment).
This is because the metadata server provides an access token for the service account you assigned. Internally, those client libraries automatically retrieve the access token and therefore auth to those services.
We run a significant amount of stuff on spot-instances (AKS nodes) and use the service detect, monitor and gracefully handle the imminent shutdown on the Kubernetes side.
Mainly for getting managed-identity access tokens for Azure APIs. In AWS you can call it to get temporary credentials for the EC2’s attached IAM role. In both cases - you use IMDS to get tokens/creds for identity/access management.
Client libraries usually abstract away the need to call IMDS directly by calling it for you.
Thank you, and everyone else who responded. So then this type of service seems to be used by other cloud providers (AWS). What makes this Azure service so much more insecure than its AWS equivalent?
Having it running on host (!), and the metadata for all guest VMs stored and managed by the same memory/service (!!), with no clear security boundary (!!!).
It's like storing all your nuke launch codes in the same vault, right in the middle of Washington DC national mall. Things are okay, until they are not okay.
Tourism to Mars and back (this is the easiest interplanetary travel) means years confined in a space rocket just to circle around Mars and get back (it is not possible to land on Mars and get back). Not that appealing…
I know the GP mentioned making humans interplanetary, but I mostly just interpreted this as “more spacefaring”. By tourism I really just meant something along the lines of orbiting hotels.
I am very sceptical about that. Much safer and cleaner languages like ML and Lisp were contemporary to C, and were equally developed on memory-scarce hardware.
Maybe on the high-end machines in some fancy lab somewhere?
All I saw were 386's and 486's, and I am pretty sure every piece of software I ever used was either C or Turbo Pascal or direct assembly. In the mid-90s, Java appeared and I remember how horribly slow those Java apps were compared to C/Pascal code.
Yeah, sure. Don't complain when the independence of countries like Estonia, Lithuania, and Latvia is unceremoniously snuffed out the next day.
But I'm sure Europe will rise to the occasion. I'm sure the same European countries that gave us the phrase "Pourquoi mourir pour Dantzig?" will be ready to send their sons to die for Narva.
I'm sure all this defense talk has produced European militaries capable of fighting a prolonged conflict. I'm sure all these societies that are not even willing to tolerate the increased cost of not buying Russian gas and oil, let alone financial support for Ukraine - I'm sure they'll be cheering the enormous expense of a direct shooting war with Russia.
The deep irony of all of this is that we're all actually agreed. The American empire will end, with NATO as its clear military dimension also ending, and you'll be on your own, as you've always wanted. Have fun.
I do think that the Baltics are Russia’s next target IF they ever conquer Ukraine. So far this is not happening. And just because NATO will not be there does not mean Russia will be able to conquer the Baltics. Baltics by themselves may be able to check Russia’s armed forces. Also Germany has a vested interest in keeping the Russians out of the Baltics as well -nobody wants Russia to be their neighbor.
What you wrote would make sense if Russian army would not be so woefully incompetent. Every day more Russians die in the Ukraine is a good day for European security.
The question is whether Europe is going to be capable of maintaining that level of defensive action on its own. I hope the answer is yes. Sadly, I'm left extremely sceptical from observing European politics.
BTW - after 4 years of war Russia got around 30,000 sq km [0] - this is less than the smallest Baltic state Estonia. So I think the Baltics will be fine by themselves - because of the crass Russian military incompetence.
With extensive US logistical support, yes. We're talking about a scenario where that factor is absent.
That's not to diminish the bravery of the Ukrainian people. They're heroes. But bravery doesn't suffice without materiel. I'm not convinced the rest of Europe has good supplies of either.
reply