> I mean there's already a lot of hardware that has gotten more expensive in the last 5 years.
The vast majority of the price rise is mainly due to AI companies sucking all the air out of the room and everyone investing in "AI" regardless.
If China gets their process down to match US/Korea/Taiwan and they decide to flood the market to drown out competitors then hardware is going to be an order of magnitude (or two) cheaper than it is today.
One would assume that the "market cap" of the company is equivalent to it's *worth*. Asking how Anthropic is worth $1tn+ is a valid question when it doesn't do much, apart from the promise of making a large fraction of the world unemployed and the rest under the thumb of unethical American tech supremacy. It's arguably built on the largest intellectual property theft in the history of mankind. That's generally what people worry about. Whether that's "true" or not I guess is how you frame your world view.
There's a lot of people writing bad code. With AI being forced top down (with the promise of turning people into 10x-ers), we're going to get a lot of people writing bad code 10x faster.
I really do worry - I especially worry about security. You thought supply chain security management was an impossible task with NPM? Let me introduce to AI - you can look forward to the days of AI poisoning where AIs will infiltrate, exfiltrate, or just destroy and there's no way of stopping it because you cannot examine the internals of the system.
AI has turbo charged people's lax attitude to security.
Not security, but I ran into a related supply-chain issue recently. I needed a library to perform a moderately complex task, and found one in the ecosystem I was working with that had been around for a while, appeared reputable, and passed my cursory inspection. So I dropped it in, got the feature implemented, and moved on.
Some time down the line, I discover CPU being maxed out, which is showing up in degraded performance in other parts of the system. I investigate, and I trace the issue to a boneheaded busy loop in this library that no human with the domain expertise to implement the library would have written. Turns out I'd missed one deeply-buried mention in the README that maintenance was being done via AI now, and basically the whole library had been rewritten from the ground up from the reliable tool it used to be to a vibecoded imitation.
Yeah, yeah, sure, bad libraries existed before all this. But there used to be signals you picked up on to filter the gold from the dreck. Those signals don't work anymore.
The price of hardware (DELL, HP), and the price of enterprise software (VMWare, Nutanix, etc.) has increased an insane amount in the last 12 months. In our case some of the services it has been as much as 6x. Hardware quotes are rising 10-20% per week. Delivery dates are months out.
It has become so bad that we're considering moving to the cloud for our on-premise workloads. Only problem is some of the cloud providers in the areas we operate from have run out of compute.
What happened with VMWare licensing post acquisition is a travesty and has absolutely ruined what was a great ecosystem of small to medium scale hosting operations (talking in the half a rack to 10 racks territory). There is still no alternative with feature parity.
How to deploy secrets during bootstrap to a new virtual machine running in the Cloud that does not leave a trace in the infrastructure. And in a way that I can completely automate the deployment.
One answer is providing the secrets in cloudinit - but this leaves a trail on the host/provider's infrastructure, I do not know if those configs I paste into the portal then get saved off somewhere.
The other option (more secure) is having the keys/secrets generated on the host itself at first boot. But then this is difficult to automate as I would need to scrap them (even just the public parts) in a secure way. One option would be to have the public keys printed to the terminal/VNC - but this is much more trouble than it is worth to automate.
I'm not sure on a good solution. This is taking quite an adversarial security model though, assuming the host/provider is not completely trustworthy. Of course not owning the hardware means that the host/provider could be performing other attacks without my knowledge (copying memory, etc.)
You can bootstrap from your custom ISO with some embedded starter key, upload ISO, loads into RAM and opens SSH, connect and run a playbook to encrypt the root drive where you deploy your OS with your SSH key. If you went with encrypted root, you might need to enter pass via console, or dropbear server in a pre-boot env you connect to via SSH to enter the key if you dont trust the console, or setup some custom network unlock mechanism, etc. But once unlocked your provider can still dump your keys from memory. There are also things like AMD SEV-SNP for some more confidential use cases.
> Couldn’t the MITM ssh server just forward the client’s fingerprint to the legitimate server?
Fingerprints are derived from the certificates/private keys. Unless I don't understand some basic crypto, or SSH works in some obtuse way, I do not think it would be possible for the MITM attacker to present the server with the true client's fingerprint unless they also had had the client's private key.
To try to add some explanation here: the server doesn't send the fingerprint. The server sends the public key, your computer just shows a fingerprint because it's more human-friendly and sufficiently secure.
If they forward the real key, so it matches the fingerprint, and you use it, they can't MITM the request because they can't read the contents.
The vast majority of the price rise is mainly due to AI companies sucking all the air out of the room and everyone investing in "AI" regardless.
If China gets their process down to match US/Korea/Taiwan and they decide to flood the market to drown out competitors then hardware is going to be an order of magnitude (or two) cheaper than it is today.
reply