Tim McConnaughy: 0:13

Hey everybody and welcome to a very special episode of the Cables to Clouds uh for I was almost at Fortnightly News, but I guess the monthly news update. Uh I, of course, am Tim. Everybody knows me already. Um and Chris is off in Japan doing uh, I don't know, Japanese things probably. Uh so we uh Chris and I decided we were gonna bring in a good friend of ours who is a co-author of our uh of the AWS uh ANS book and a longtime friend of of both of ours and of the show. If you go back far enough, he's he's been on the show uh God, Steve, Steve, I guess it's been geez, it's been like a while. We needed to get you back here earlier. But yeah, Steve, go ahead and uh he's doing the news with me. Go ahead and introduce yourself real quick just so we can get going.

Steve McNutt: 1:01

Greetings, programs. So yep, I am friends with Chris and Tim all the way back from when we were studying for our CCIEs, which we all got, by the way. Yep. And um I am a uh security solutions engineer for Cisco. I've been at Cisco for like a little over six years. So Tim and I are both at Cisco now. And uh that's right. That's my story, and I'm sticking to it.

Tim McConnaughy: 1:22

Yeah, yep, sounds good. Like I said, Steve is also the third co-author on our uh AWS Advanced Networking certification book, which we all uh you know did blood, sweat, and tears to uh to bring out uh earlier. Was it earlier this year or last year? I don't remember. It was it's been so it's been so long now. All right, so let's just jump right into the news, right? And top story, no surprise to anyone, is the recent AWS outage for US East One. So um US East One, as everyone who works with AWS knows, is pretty much the nerve center and also the Achilles heel of AWS, and this is no exception, although the root cause this time is rather interesting. So uh I've included some links in the, you know, as always, in our news update. Um the one I'm gonna be referring to right now is actually the the AWS uh after action report or summary or whatever. It's very dense read, it's really complicated and confusing. Um, but basically you have AWS relying on AWS services to make AWS work, and that's the kind of the root of the of the problem. So they had an issue with Dynamo DB, uh, which is actually, and I didn't know this, it I I guess it makes sense, but the Dynamo B DB is actually what AWS uses to um register and kind of record the DNS records that it hands out when things like load balancers are created. So um, and there's a service that is that goes into place that creates the plan for the uh you know for these load balancing load balancers and the DNS records for them to be deployed. Um but apparently as part of this outage, or what what one of the root causes of this outage was that the service that writes it to Yeah, can I say the thing?

Steve McNutt: 3:07

Go, say the thing. It was DNS.

Tim McConnaughy: 3:10

It was DNS. We need the haiku. There's no way it was DNS. It couldn't be DNS. It was DNS. Yes, absolutely. So so long story short, yes, Dynamo DB is how uh AWS records DNS entries uh or how it hands out DNS for things like load balancer and services, and it crapped because of of this race condition where uh it couldn't deploy the services faster than they were being created, and it just kind of collapsed on itself. So read through the very dense uh you know after action report here from AWS, but it's very interesting that AWS was using an AWS service to deploy AWS. It makes sense, like eat your own dog food, but when you get into this kind of race condition, uh it's you know, you're you're asking yourself, scratching your head, wondering why, you know, you relied on a service that essentially relies on other services that then rely on your service working. Uh I don't know, Steve. You read this too. We were both kind of scratching our heads at how this race condition ever got started. What do you think?

Steve McNutt: 4:15

Uh you know, I think that uh I guess you know uh the obvious quite I guess you know to me the obvious it's interesting when you when you kind of read through there, they make one little point in there, which is customers that were using uh dynamo db and other regions that weren't just depending on US East 1 for Dynamo DB wouldn't have been experiencing the same problems. But then again, they but if you keep reading the third phase of this whole thing, EC2 instances wouldn't start because of this. Because again, EC2 was depending on Dynamo DB, which had an empty DNS record in US East 1, because the plan updater and the plan enactors started racing each other. So they were kind of trying to talk their way out of saying that it was really, you know, that if you'd architected things correctly, you wouldn't have had an issue, but but you really would. And so that's a fascinating thing to me because usually when these happens, when this happens and people services start going down, everybody starts cackling and saying, well, architect your stuff correctly, and you you won't this won't happen. But in this case, I'm not so sure that's true. I think I think you could say, all right, you know, this this wasn't the customer's fault, right?

Tim McConnaughy: 5:25

No, it's absolutely true, man. And and and I I don't, I mean, you're on LinkedIn too, and I'm sure a lot of our listeners are as well. How many of those, you know, oh well, you know, you said you you didn't architect your app correctly, and that's why you're down, and that's why you had this outage, and you should have architected your app correctly. A lot of those people pontificating about that didn't understand like what was actually broken, right? Like you can't, it's very hard to architect an application around this kind of failure because this failure is like the platform failure, right? You've built you've built your application on a platform. It doesn't matter how well you've architected if the platform itself is the is the Achilles heel that that goes down. So um, you know, now would multi-cloud have helped you? Obviously, right? But then you, you know, you not everybody wants to own and deploy and pay for a multi-cloud network. So there's definitely trade-offs here, right? So for people that were down, they're probably right now looking at, you know, what was the cost? How much money did I lose by being down for you know the two hours or four hours or however long it was, with the, you know, depending on what the service that they were using is down. What was the cost of that versus what is the cost of you know paying for a multi-cloud application, like a multi-cloud network, a multi-cloud application, you know, because you essentially have to deploy your application twice, one in each cloud, or as like a disaster recovery type of or disaster avoidance, I guess, method here. So I'd like to see some of those numbers. I'd love to see if people are doing that math and figuring it out. And I would love somebody to share and say, hey, we did the math, and you know, even being down for four hours, we still, you know, the the business risk that we uh that we kind of allowed or or took on by not paying that extra money, you know, it's maybe the numbers still worked out, maybe they didn't. I'm really curious.

Steve McNutt: 7:15

Well, the other thought I have about that is if you let's say your architect around the idea that one of your cloud your cloud service providers is gonna fail, that can the complexity of that architecture itself can be a source of outages, right? Yep, that's right. I mean, I can't point it makes me think back to like way back in time when I had like a lot more hair and like the catalyst 6509s were brand new. That's how old I am. I remember when they when they first came out and everyone was all excited about them. And I I designed a like one of my one of the first networks I ever designed where someone would actually let me spend their money to build a network for them. Pair of cat 50 uh 6509s sitting on a raised floor in a data center, and you had a can't and we had a campus with like IDF closets all over the place, and all the all the IDFs came back into the 6509, and I had this very elaborate design where I thought of like every different way things could fail. Like fiber cuts and switches going down and link flapping. Like I thought through all the failure modes, designed all of them away, and it was beautiful on day one, but there was just one problem. If it was 2 30 in the morning and something didn't work, they had to call me every single time because nobody could understand it. Yeah, that's absolutely the case. You maybe could translate that issue into something like this, where you you have some really smart person designing an app that will run across multiple cloud providers, but what happens when something goes wrong at 2 30 in the morning?

Tim McConnaughy: 8:38

No, it's that's absolutely the case. I mean, I just did this thing at uh I just spoke at the Megaport uh Connect event, and it was about how to design global global WANs across clouds and data centers. And I had this big beautiful slide that was talking about how you need to design networks that someone else can operate. Like if you take nothing else away, build a network that someone else can operate. Um, because yeah, that's that's the alternative is that you're gonna gold plate, you're gonna build the Rude Gold network, Rude Goldberg network, and you're actually gonna increase your downtime because when it fails, it won't fail fast. It'll be in this kind of half working, half broken. You have to investigate it type of situation where you'll be down longer than if you had just failed fast and knew exactly what was wrong and how to fix it, right? So totally agree. Um, okay, so let's move on to the next one. I think you got this one, right, Chris? Or sorry, Chris. Steve.

Steve McNutt: 9:30

Yeah. So this is like totally not really cloud related, but I thought it was really interesting, which is uh the the the the thing, the thing that the patcher, the patch, the thing that sends out the patches to patch all the security volunteers on your Windows devices, in and of itself had a critical vulnerability. So I'm talking about Windows software update services. Had a uh crit Microsoft disclosed a critical vulnerability, which is uh remote unauthenticated attacker could execute arbitrary code against a W Sus server. So that's that's basically as bad as it gets when somebody can just fire packets that are at your box and get it to run code that you want it to run. So if if you run WSUS in your shop, I advise you to either turn it off or patch it like literally right now.

Tim McConnaughy: 10:14

Can I use WSUS to patch my WSS server?

Steve McNutt: 10:17

You can, but patch the yeah, you gotta patch all the W right. You gotta patch the first one and then roll out the patch from the rest of them.

Tim McConnaughy: 10:25

So yeah. Oh my gosh. So that's yeah, remote uh remote unauthenticated attacker, man. That's that is that really is the worst of the options. Yeah.

Steve McNutt: 10:35

And then when a remote auth unauthenticated attacker can execute arbitrary code on your bot, it gets nowhere.

Tim McConnaughy: 10:42

Yeah, yeah, that's everything. That's like yeah, it's like saying it's like a mall kiosk, and then you're just logged in and anybody can walk by and do anything, basically. So brilliant, brilliant, yeah. W Sus. We used to use that at my old uh enterprise. It's a great, I mean it's a good product, I guess, or whatever, but yeah, I mean, oof. So they've but you said they've released the patch, so I guess everybody should be going and running, stopping listening to this and then going and running and patching their W Sus servers. And then you can come back, we'll be here at the end.

Steve McNutt: 11:11

That's a good idea.

Tim McConnaughy: 11:13

Uh speaking of vulnerabilities, um so well not not so much vulnerabilities. This one's a good one. Another one that was another uh article that was in the in the news recently was that F5 actually had attackers break in and steal source code. So source code for F5 devices. Um and normally you'd be like, okay, so what are they gonna do? Are they gonna start up a competing company or something? But this the source code, of course, includes things like undisclosed vulnerabilities or I mean you can just comb through source code to find vulnerabilities. So it's not that, you know, hey, I stole your source code and now I'm gonna start a competing pro you know company and release your product or something. It's more like, hey, somebody stole the source code and now they can see literally everything that F5 is doing, and and that includes the ability to create cyber attacks exploiting your or against that code, right? So that's the real uh concern. So yeah, this this was uh quote unquote blamed on Chinese spies. I'm kind of curious to see which if they even know what group. Uh I don't think they even know what group it was.

Steve McNutt: 12:16

Yeah, there's that's what's interesting, is they they they say all the I've seen multiple reports saying it was Chinese, uh Chinese but uh hackers, but it doesn't say like you'll see things like uh state sponsored, which means it's like a group that's like not they're not Chinese government employees, they're just a hack, they're just a hacking crew that gets checks from China, right? Like they're like they're like a business, right? That are that you know they're sponsored sponsored by China, which means they just they get their you know, China sends them checks to say, yeah, good job, you know, share your share your exploits with us. Uh an example of that would actually be affecting Cisco would be the Arcane Door campaign, which uh is there is attribution, but that is a Chinese sponsored group. So and uh yeah, and then there there was the big, you know, the Microsoft, several successful Microsoft campaigns are also Chinese sponsored hacking groups, so there's a theme emerging there, just saying. Anyhow, we don't know, they don't they they say it's Chinese, but they're not they're not attributing it to a specific group or crew, which is kind of interesting.

Tim McConnaughy: 13:16

Yeah, which is yeah, because normally it's like, oh well, here's uh salt typhoon or scattered spider or like one of the you know they can attract they can adjust attribute the uh attack to a certain group usually. So this is interesting. Of course, F5 stock took a took a tumble. I don't know where it's is is now. This this story is uh seven days. Oh one week old. This is a one week old story, so I'm curious to see if F5's stock is still uh down or or not. Or you know, these things tend to be like once the once it leaves the news cycle, like maybe things things change, things, things come back. This one's scary because like I said, it's you know, and there's patches. By the way, F5 has released the you know, patches for this. For the I it's kind of weird because it's like they released a patch, but it's not really patch. It's I guess it's a patch for the vulnerability that allows the hackers to get in in the first place, but like it's at the end of the day, the source code has been stolen, so they haven't actually figured, you know, the so this is like a future thing, right? So we'll see future cyber attacks probably against F5. Um, so it's a little different than like Solar Winds where you had a supply chain attack or something like that. It's a different, different thing.

Steve McNutt: 14:22

Yep. Right. I would I would agree with that, because I mean that now that they have the source code, I mean you you can expect uh you know uncomfortable disclosures to start emanating from F5 now they're in it, they're definitely not in a in a good place. Yeah, yeah. Speaking of, speaking of Steve. So I was what I was you know, we were uh I was looking at this, the F5 story, and what I was one of the one of the qu you know, there's always a list of questions you ask as a security nerd when you see something like this. And we actually talked about it with the uh the W Sus thing, which is how hard is it, you know, to do something, right? Do you have to be local or remote? Do you have do you have to be authenticated? Can you be unauthenticated? Uh is it can you execute code? Is it arbitrary code or is it just a privilege escalation? Right? So how how hard is it to do? What what conditions have to be uh present for you to be able to exploit the vulnerability? And then how easy is it to get your hands on the code? Is it something where you can just go grab a proof of concept code off of GitHub, you know, and like any screw, you know, or even worse, it's like packaged into like a MetaSplit module and anybody with like any can go watch a Udemy video and and you know run it, the exploit, right? So kind of trying to get a sense of of that when while I was doing what I was doing that, because that's just naturally what you you're trying to learn. And with the F5, by the way, since it's a nation-state actor, they're not gonna be releasing their source code. This is not something is gonna be like a widely available where you're gonna see exploits in the wild. This is something where this whoever developed this code, if if the Chinese government's paying for it, then there's a very limited number of folks that are actually gonna be using this code. And if you're not one of their targets, you probably have nothing to worry about. So anyway, so I was going through that, and what I found was this interesting uh article from and it's paywall, so they give you a couple paragraphs for a teaser from this uh site called the Stack. And with the apparently after the F5 disclosure, uh F5 released a uh threat hunting report shortly after. That was a 33-page threat hunting report talked about a the same group that breached them, has uh developed some malware that attacks vCenter servers and ESXi hypervisors, and it does it through something called vSock sockets. So what are vSock sockets? So it turns out vSock is like an API that actually allows you to interact with guest virtual machines on a hypervisor, and that that's all of them, right? That's like that's Azure. I mean, yeah, that's Hyper-V, that's uh QMU, right? Which means like Red Hat and the open source virtualization, as well as VMware, right? So this is like a uh an API that's broadly used, and it actually allows you to communicate with guest VMs, which means you can open a communication channel, which means you can exfiltrate data and things like that. Yeah, you can take data. Yeah, so this group came up with some malware with a tool that allowed them to implant malware, exfiltrate data, like all kinds of nasty stuff. And because I couldn't, I was trying to find like across like a like a second source, right? Because you got this one site that's reporting this. I'm like, there's gotta be more sites, I'll I'll go to the Google machine and ask it, and I couldn't find any, but I found lots of information about VSOC, and more importantly, it turns out there's a number of recent CVEs for VSOC, including two of them that are with you know less than six months old that target VMware. And they're not they're not easy to develop for, but there's exploit code available, and it is actively these these VSOC vulnerabilities in VMware are actually being uh actively exploited in the wild. So it's not just these guys, these Chinese Nations Day guys that created this malware, but these these vulnerabilities are actually being widely exploited. And so I thought, wow, this is this is pretty interesting. I didn't realize that vSock was being so heavily exploited, and yeah, did not even really know that much about VSOC until I came across it. So I thought that was uh I thought that was really interesting. And what that tells me is if I'm a VMware shop, I'm gonna be doing like some pretty strong segmentation on my management plane, like the management interface on those hosts and stuff. I'm gonna have that stuff on lock. I'm gonna have it so that you can't get to it unless you're like on a jump box or something like that, and I'm gonna have some other controls in there too.

Tim McConnaughy: 18:29

Yeah, because I mean if they can get to it, if they can get to the host, then they can get to all the guests, is what I'm hearing, right? So that's right.

Steve McNutt: 18:35

It allows you to communicate directly with the guest, right?

Tim McConnaughy: 18:38

Oof, which is of course where's all the data. That's like all the data you would want to pull out or or all the back doors you'd want to place are right there on those guests. And just the the idea that you could actually implant malware that way. I mean, that's that's crazy. It's like out-of-band malware, uh yeah, explain like you could just put it right on the box. Holy crap. Because normally for normally you gotta have somebody go and grab the malware like via phishing link or something like this to pull it down, and here you can literally like just put it on the box. That's crazy.

Steve McNutt: 19:10

For one event, I mean, this this kind of vulnerability has a potential to be like wormable, right? Like once it gets started, it can start to spread on its own. But I haven't come across any cited examples of that, just only that that there's a potential for that. But there have it is being exploited in the wild right now.

Tim McConnaughy: 19:26

So the for those CVEs um for VSOC, I mean, do they have workarounds? Is there a patches and stuff? Like, where how how concerned you know should everybody be?

Steve McNutt: 19:36

So Cisa's been all over that and telling people to patch their their VMware hosts. Okay.

Tim McConnaughy: 19:41

Um yeah. Okay, cool. Just making sure I don't want to freak everybody out and then not not give them any paths to do anything about it.

Steve McNutt: 19:49

Yeah, there's you can you can patch for that. And on QMU platforms, you can just disable VSOC as well. So that's another option.

Tim McConnaughy: 19:56

Oh, well, there you go. For the people that are running QMU, like uh people who run um Croxmos, such as Yeah, like hang on one second, something just happened. Hold on one sec, guys. Chris will have to cut this part. Hang on one sec. All right, sorry, Chris. So I I went to fix my earbud and it started, it like apparently unpaused a video. I didn't even know I had like paused, and then so it started playing my ear while I was talking to you. All right, so Chris, we'll have to cut that little bit out, but uh okay, so let's go ahead and pick up. Um also your video quality just started to suck, but it's it's locally good. It if it records locally, so don't worry, you're good. Um okay, so let's go ahead. I'll get started again in three. Wow, that's crazy. All right, so let's move on to the next uh story, which is uh see it here. Oh yeah, yeah, yeah. Right. That sounds crazy. So vendors don't have answers to the ROI for AI question. And I'm just like, yeah, no kidding. Like, isn't that one of the like the most obvious things you've probably heard today? Is that vendors don't have nobody can explain where the where the return on investment is for AI, least of all vendors who are building it into their products, apparently, at least Salesforce. This is this came out of Salesforce uh Gartner's conference, sorry, the conf Gartner Conference. They had Mark Benioff on stage asking about like, hey, Salesforce is using AI in your product. How's it how's that working out for you basically? Where's the ROI? And uh he specifically says, if you think anyone has a complete answer or there there's any Vander that's on the stage and says, I know what to do here in this world of new agentic enterprise, they've then that person's they've made a mistake, is what he said. So basically he's saying, Yeah, we've all we're all figuring out how to build AI into our product and like what use it has and how it will drive ROI. So this is really funny. Um, you know, the obviously the link to the article's in the in the show notes here, but um, you know, just he just put they just it just the whole article goes over what everybody that's been working with AI knows, whether or not they want to admit it at the end of the day, which is you know, there's so much of this agencai and hey, you know, digital coworkers and like this idea of like AI being able to just go and do all of these tasks money-wise, like where where are people seeing the return on investment? Where is a company that spent a million billion a million dollars building out an agentic AI enterprise function seeing the return? I I'm I'm not seeing those stories, right? I'm not seeing anybody saying, hey, we we built this and we're seeing huge gains in productivity and money and and and all of this. I don't know, Steve. Any of your customers do uh doing this and have they seen anything?

Steve McNutt: 22:32

So um, you know, I have of course I have customers that are experimenting with AI. They're like they're they're I have some that are using uh SaaS tooling like Amazon Bedrock or Azure AI, and some that are bit they're building their own on-prem, which Oh, that's surprising, actually. Oh yeah, we have we have a I have a couple that are that are actually building on-prem. And you know, to me, the the the most obvious analog would be like the dot-com boom, right? Yeah, like I so I'm I'm an old, I'm an uh I'm an oldie. I lived in a dot-com boom, and I just remember when it was like everybody's like freaking out about e-commerce. It sounds so quaint now, doesn't it? But the hype, like the level of hype and just like venture capital money, just people just spending insane amounts of money when their the use cases didn't make sense, right? And I feel like this is probably gonna follow a similar trajectory where there's there's useful things that are gonna happen. Like AI is great for like non-deterministic use cases. When you when you try to get a deterministic output, then there's misalignment and then you get yourself in trouble very quickly. Eventually the the the tide will go out and a lot of companies are gonna get wrecked, but in the in the wake of that, there will probably be some cool stuff. But yeah, right now we just have to live through this this crazy hype.

Tim McConnaughy: 23:50

Yeah. I mean, I I wrote a I wrote a Substack uh I don't know last week or something, and I was going over this exact thing, which is like, what anything that people are building with AI right now are built, they're building it in a heavily subsidized environment, right? So like they are building an agent that does XYZ, logs into routers and switches or or builds an application or whatever this is Copilot, perfect example, right? Every every checkbox AI feature that vendors are putting in is being implemented in a very subsidized environment where the tokens are cheap as sh as hell, right? So what happens when the VC money or whatever that's fueling this you know, what's propping up the US economy, God for, you know, like what's what when this VC money eventually has not seen the return and has to dry up at some point, and then the tokens are gonna have to cost what they're worth, you know, basically what more than more than they cost to create, essentially, right? Resource-wise. Um, you know, how is how are these fun little chatbot features that are in your product and whatnot that they're gonna they're gonna cost money, right? All those things are gonna cost even you're gonna have things like local models, of course. A good vendor is gonna build a local model, they're gonna they're gonna have their own local models. I'm not necessarily talking about that, but anything LLM-based, anything that's based on using the vendors that isn't, you know, hey, I bit I built my own model, I downloaded my own model, I fine-tuned my own model, you know, I went through the my the the exercise and the money, and there are companies doing that, by the way. You know, we were we work for one. Um, those companies much more insulated against this, right? But but there's so many people out there doing so many science projects and proof of concepts. And hey, isn't this cool? I can get you know my AI agent to send an email for me or something. You know, things that you're just not gonna want to spend tokens on once those tokens cost money, you know what I mean? So I don't know. I think I'm with you, Steve. I think there's gonna be a bust. And I think after that, we can start having real conversations about the true usefulness that we can get out of you know, this essentially.

Steve McNutt: 25:55

I mean, there's there's actually things that despite the the the hype kind of is always you know is a turn off when you when especially when you've lived through a bunch of these hype cycles. Yeah. But at the same time, there are a few things I get excited about, right? Like like chatbots never really struck me as being interesting. Like uh they're not novel, right? Yeah, that's true. But but once but once you take an LLM and you bolt memory and tools onto it, and now you now it can do something interesting, right? Now, and then once you are able to take those and you start wiring them together into these kind of interesting architectures, you can it's really it's really it's cool. But like you said, the the problem is is the resource consumption, the amount of resources it takes to build something like that. Like right now, we're we're we are definitely in a subsidized environment, and I'm sure most probably the vast majority of people listening to this would agree. But if you don't, just for fun, you just go and try and download some models on your laptop and run them. Yeah, just you'll quickly find out, right? Even if you have like a newer machine with like a bunch of cores and a ton of memory and a GPU, you'd be like, I I think I need to go find one with a maybe a smaller number of parameters because this sucks. This is slow, right?

Tim McConnaughy: 27:05

Yeah, we're we're yeah, we're in that part of uh technology where you know bigger is better, like the NIA, you know, the NEAC type of thing where we're you know, just to get simple calculations, we're filling rooms full of computers type of thing. You know, eventually, again, and I hope this happens after the collapse, uh, we'll we'll get to, oh, okay, well, we need to make these things efficient in order so we can charge what these tokens are worth and actually get profit out of them. That's what I would hope and expect, is right, because right now it costs nothing. It it truly costs a lot, right? But it costs nothing to the people that are paying essentially to do this. So they can be wasteful.

Steve McNutt: 27:44

I just thought something it's almost as if if you could go back and like in the 1970s, convinced IBM to like put some like take their ginormous mainframes and just like let people use them for free. It's like the same idea. Yeah. It's the same idea it is. Use our free mainframe.

Tim McConnaughy: 28:03

It's like a freaking power plant to run. Yep, and look, look at all the cool stuff you can do with it. Yeah, but like who's paying for all this, right? So that's the that's to me, that's the thing. That is the thing, the question that nobody can answer. And once, and I think it I think nobody will be able to answer it until the crash happens because everybody's so busy barreling towards whatever the I don't know, whatever the the the what would you call it, the singularity of AI here is you know, they're they don't have time to do things like optimize, apparently. I mean they do I guess the Chinese do if you if you believe the deep if you believe those deep seep numbers or whatever. But yeah, everybody's too busy trying to do the next thing, like the next model, the next thing, the G, you know, GPT 4, 4.55, and so on and so forth. Nobody's working on the optimization. Or if they are, they're not being vocal about it. Uh or it's not, or it's like, you know, third row back, not up front. So like I said, once these tokens, once people have to pay what these tokens are worth, and there's companies that actually have to like try to make profit off of it, I think that's when you're gonna see the real time spent on making this thing a lot more uh efficient, and God knows it has to be. How many data centers are going up in the US on the bed of AI, like 19, some some ridiculous amount of data centers are reinvesting in nuclear power, um, which is good, by the way. Nuclear power is fine. I'm just saying, like, there's so much. I don't think people understand the the the the the money that's the money and the resources.

Steve McNutt: 29:26

I think you actually just kind of touched on something. I was thinking I started thinking about this as you were talking. You're seeing like like I live in uh Appalachian Mountains, right? So I live in uh I live in Western North Carolina. But the Appalachian Mountains is mountain range goes all the way up into West Virginia. It's you know, it goes from like Georgia up through West Virginia. And so the Appalachian Mountains pass through some of the poorest areas of the country, and some of these counties, folks are going, you know, operators are going in, they're like they're throwing up these data centers uh because the cost of land is cheap, and they're getting subsidized power from the local power company. Yeah, with there's like there's like no thoughts of the people that live there and how. How the those data centers might affect their quality of life. And for me, the closest analog, and it's it's not terrible, it's like but it's minor, but it's just interesting because it's a way that it touches my life, and that is when I'm uh when I go hiking, like if I'm like up on the parkway or I go up on Grandfather Mountain, or I go hiking in the Limeral Gorge and I'm looking out and I look towards Lenore, particularly in the morning on a clear day. Uh you can though probably one of the most prominent features from this part of the Appalachians is the Google data center in Lanure. Because it puts off these steam stacks. You can see like I thought it was a furniture factory for the longest time. I looked it up on ironically Google Maps. I'm like, oh, that's the Google data center, right? So data centers are becoming it's more than just like this abstract, like this this building, industrial building that is unseen. It actually as more and more of these get built and they consume more and more power, drive your electricity, bill up, and you odds that you're gonna be living closer to one go up, right? And so there's some potentially environmental concerns. So it's kind of I think we might start to see some more people, you know, once once it once it's less an abstraction, it becomes like a real part of people's lives and they're seeing it all around them. They might become a lot of people.

Tim McConnaughy: 31:10

Yeah, they'll understand.

Steve McNutt: 31:12

Yeah.

Tim McConnaughy: 31:12

Yeah, for sure. Um, okay, so I guess we'll we'll leave it there. This is uh this is as good a place as any uh to to stop. Was this did you have fun with this, Steve? I hope you had fun with this. I loved it.

Steve McNutt: 31:23

I did, I'm and I'm glad we got to like nerd out a bunch of security stuff and he's kind of went with it. And it was kind of fun, like scratching my our heads and kind of struggling to understand all the circular dependencies and the AWS outage. And especially the way they I love the way in the report, you got you gotta read this report just just to watch the the you know, they're trying to explain and be transparent, but they're also kind of trying to say, well, if you did things correctly, but not really because this actually did kind of affect other regions a little bit, maybe. It's an interesting read if you can get through it.

Tim McConnaughy: 31:57

Yeah, absolutely. All right, guys. Well, um, as usual, I'm Tim. Uh this is Steve, and we'll see you on the next uh Fort God damn it, I was about to say Fortnite News again. Uh monthly news update. All right, take care, everybody.