I am a graduate of Khoury and find this very disappointing. I wasn’t a huge fan of learning Scheme/Racket but after looking back during my career I’m grateful for the education I got there.
Had some pretty negative experiences with pricing/"enterprise" sales tactics by Okta (which now owns Auth0, and they used the same tactics on both products). I will take AWS pricing shenanigans over that any day.
Given the choice between a crummy API and being driven bankrupt by a SaaS vendor, I prefer a crummy API. I suppose your calculus might look different if you have a lot of money or an employer with great negotiating leverage.
Okta has been plagued by security issues [1], never heard of Ping Identity, Azure only makes sense if you get a sweetheart deal and are willing to deal with Azure's crap, and I'd never recommend anyone to use anything Google any more.
Ping is one of the oldest players in the business, they were founded in 2002 and had one of the earliest identity PaaS in the market (at least as far back as 2012). Haven't used their products much though.
okta is not "active-active" in a multi-region sense, they run in a single active AWS single Region per-tenant. You can pay extra to have a faster failover in a region level failure scenario:
I haven't looked at Cloud Run pricing but running Kubernetes in the cloud is pretty cheap these days and my experience with solutions like Cloud Run in the past is that they end up becoming expensive.
Kubernetes can be as complex or as expensive as you'd like but it's also fairly possible to run a pretty bulletproof simple Kube cluster.
With Kubernetes is that you need to pay for a few node just to keep it up, and then you need to pay for your nodes, no matter how much you use them.
Remember that Cloud Run charges based usage, so if a service sits unused for a while, which often happens in a heterogeneous microservices environment, you don't pay for it.
Also autoscaling is slow (Cloud Run autoscales really quickly, about as fast as your docker can be loaded and started, which for me is 1-3 seconds, where as I found Kubernetes auto-scales on the order of minutes) unless you over-provision, which is costly. This lets one scale to zero even without much of a hit.
I also ran into massive issues trying to get GPUs to work in Kubernetes - it was a driver nightmare that has wasted weeks of time collectively over the years. Whereas they are auto-provisioned properly on Cloud Run if you request them.
Lastly job systems on Kubernetes are a nightmare of configuration. The built-in scheduler cannot handle a lot of jobs but Argo also has its own issues if you actually try to use it. We've wasted weeks of effort on this. Cloud Run Tasks just skips this and is ultra fast too and handles scaling up to do a lot of jobs in such a simple fashion.
Honestly, managing Kubernetes is just overall a pain that has little benefit.
It is really hard to figure out what the benefits of Kubernetes is from my point of view. It has been a massive source of pain and costs and lost developer time.
It varies state by state in the US but the level of insurance you're required to buy for operating a vehicle is incredibly low. Generally, the level of insurance you must buy is dictated by the terms of financing because the only collateral the bank has is the vehicle itself.
If I were in the market for a CyberTruck (I'm not) I'd be thinking long and hard about what I'm getting myself into.
In my state, you can get out of the insurance requirement by holding $30k in escrow (or at least that's what it was about ten years ago; maybe they've increased it). I guess maybe it's meant to be indicative that you could get your hands on more cash if needed, but that's basically only enough to cover a fender bender. If there's injuries or a totalled vehicle, it's likely not sufficient.
If there's injury, $30k would only cover a day or two in the hospital, might not even cover ER expenses, as they'll be charged at list price not the "negotiated" rates insurance companies pay.
$30k is an absurdly small bond to post for self-insurance, though I'd believe that the regulations have not kept pace with reality.
The cash rate is similar to insurance negotiated rates. Typically 25-30% off automatically, 50-100% off with a financial aid application. Doesn’t change the inadequacy of $30k medical liability in a serious wreck, but don’t think you’re stuck with list price bills if you’re hit by an underinsured driver and have no health insurance.
Are you in California? The requirement is to either a bond $35k or to carry a liability policy that covers at least $30k for death and injury and $5k for property damage, matching the deposit requirement. That will increase to $75k in 2025, which still seems far too low.
As someone who worked at a very large SaaS company this is a good recommendation if the vast majority of your customers come from large enterprises with competent IT departments.
The problem is when you work with smaller shops that don’t have IT departments or worse bad IT departments you’re going to pay a fortune in support costs.
Use an open source identity provider or pay someone to do it for you.
Yes, it is a good recommendation if the customers have an IT Department.
But I'd argue you're missing the other half.
It's an even better recommendation if the customer is using M365, Google Workspaces, or Apple Business Manager, without an IT Department, since they don't need an IT Department at all to get effectively the same benefit as SSO.
After your initial setup to accept OIDC as the SaaS or PaaS, neither you nor the customer have to do an "integration" to support additional customers of Microsoft, Google, or any other OIDC provider you add. You could let your customer validate an email ___domain to ensure their sign-ins are theirs, but other than that, once you support OIDC with their provider, nobody has to do anything.
Something on the order of 80% of SMB in the U.S. are on O365/M365 by some measures, and judging from startups here, every tech startup thinks everyone's on Google Workspaces like they are, so that's the other 80%. :-) Toss in socials if you are B2C instead of B2B, and of course Apple IDs if you are targeting users by "wallet share".
You get the key benefit of SSO while your clients do not need to integrate one by one. And...
> Use an open source identity provider or pay someone to do it for you.
Or, don't do that effort at all, use what's baked in and just take the win.
I was also the SAML person at one point in my career and I 100% agree. I used to laugh at all the HN criticisms of JWT because of how much of a nightmare SAML is.
I personally love sports betting and I’m glad that it’s legal to do and I don’t have to send money to the Caribbean to do it. For me $10 is enough to get me interested in a game and I don’t gamble compulsively.
The cat is out of the bag with sports betting, any teenager can open up a Bovada account with no verification.
I’m happy to talk about advertising and reasonable regulation but banning sports betting at this point seems silly.
I’m not saying I agree with the comment above you but Kubernetes upgrades and keeping all your addons/vpc stuff up to date can be a never ending slog of one-way upgrades that, when they go wrong, can cause big issues.
Those are all issues that should be solved by the managed provider.
It's been a while since I spun up a k8s instance on AWS, Azure, or the like, but when I did I was astounded at how many implementation decisions and toil I had to do myself. Hosted k8s should be plug-and-play unless you have a very specialized use-case.
If you're not paying someone to manage this for you, either you're a hobbyist (perhaps masquerading as a professional) or you have the scale or special use-case that makes you outside 95% of use-cases.
Last I checked, managed k8s clusters weren't much more expensive than the compute they ran on.
The Tesla subreddit collective proactively bans people who comment in any sub-Reddit they don’t like. I dropped a drive by comment on a subreddit that was Tesla related but apparently had the wrong opinion so I was banned from a number of other subreddits unless I deleted my post and apologized.
This feels like a step backwards.