alt Hacker NewsI just started the process of migrating to them yesterday. They are still very affordable. But a bit less. I'm estimating that our quite lean GCP setup cost is going to be cut to about 20-25% when I'm done. So, it doesn't affect my decision to go with them literally yesterday morning.
It's all a bit barebones and primitive but I don't mind. I spent yesterday tweaking some ansible scripts with codex to setup stuff like bastion hosts and nat networking. I expect I have most of the rest ready in a few days.
The benefits of having an uncomplicated docker compose and boring tech stack. No microservices. Just a monolith.
One issue that I don't have a solution for yet is disk encryption and encrypted bucket content. Probably solvable but not natively supported. Might trigger compliance issues with some of our customers.
I always found that compliance issue with encrypted drives a bit funny.
The provider has the keys.
So, the drives encryption has no practical application.
The drives in, say, GCP aren't even real drives, the blocks are chunked over a distributed pool of storage- you can't just grab a drive and walk away with an OS or a data volume, you'd just get random junk. - So what's the encryption going to do?
I guess it's harder to attach your drive to someone elses VM, but ultimately since the provider has the key it doesn't actually change anything there either, except that you need another API call to launch a drive and maybe there's different permissions on your drives key than on the drive itself?
idk, feels like a weird theatre that the providers get away with because they're so big; there's no practical way of even checking if they're following up with drive encryption either. So it really is "here you can input a secret key, that you choose, we promise to use it *wink*".
Totally absent any verifiable outcome, or actual threat model.