loudwhisper

But those are absolutely not the only 2 levels. Server rental can be managed easily by the same infra team who manages the cloud, for a fraction of cost.

I will say more, the same exact team that spends time managing EKS clusters could manage self-managed clusters and have money to spare for additional hires.

Mind you that my take and experience is specifically in the context of security.

I struggle to make the parallel that you suggest (which might work for some areas) with a security engineer.

Say, a person learned to brainlessly parrot that pods need to have setting x or z. If they don't understand them, they can't offer meaningful insight in cases where that's not possibile (which might be specific), they can't provide a solid risk analysis etc.

What is the counterpart to this gap? Because I struggle to see it. Breadth of areas where this superficial knowledge is available is useless, IMHO.

Ahaha yes, that might be the case, but I started to lose hope if the top of the applicants (out of hundreds of rejected!) all exhibits this behavior. I can't help but feel that now we are looking for people with a mindset and skillset that is simply disappearing in the industry.

And as I said in another post, I perfectly acknowledge that if I stopped reading and investigating stuff on my own, I could absolutely keep my job by just mindlessly administering a few services and rephrasing CIS benchmarks...

This is quite a trite argument from my point of view. Also, this is from the perspective of the business, which I don't particularly care about, and I tend to look from the perspective of the worker.

Additionally, the cloud allows to scale quickly, but the fact that it allows to delegate everything is a myth. It's so much a myth that you see companies running fully on cloud with an army on people in platform teams and additionally you get finops teams, entire teams whose job is optimizing the spend of cloud. Sure, when you start out it's 100% reasonable to use cloud services, but in the medium-long term, it's an incredibly poor investment, because you still need people to administer the cloud plus, you need to pay a huge premium for the services you buy, which your workforce now can't manage or build anymore. This means you still pay people to do work which is not your core business, but now they babysit cloud services instead of the actual infra, and you are paying twice.

Cloud exploded during the times of easy money at no interest, where startups had to build some stuff, IPO and then explode without ever turning a single dollar of profit. It's a model that fits perfect in that context.

Not when the skillset is essentially outsourced and you are left consuming the product of that skillset.

Understanding is nonnegotiable in security, IMHO.

You can't fail to understand how signature attestation works, if you are implementing it, to make one example I made in the post. Otherwise you end up verifying the signature in the CI (like that person claimed it should be done) and waste the whole effort. You can definitely still outsource the whole infra and scripting to Github, but you still need to understand. The problem is that when you can outsource everything, at some point understanding becomes an extra step.

That's the thing! I think it wouldn't be conceivable that your "principal engineer" (real position for one of the people) doesn't understand the basic theory of the stuff they are implementing. Now it feels you can instead work years and years just shuffling configuration and pressing buttons, leading to "senior" people who didn't gather actual years of experience.

I don't want to pretend I am outside this logic. I am very much part of this problem myself, having started my career 10 years ago. I do despise cloud services though (if anything, they are super boring), so I tend to work with other stuff. But I could 100% just click buttons and parrot standard and keep accruing empty years of experience...

I completely respect your position. Some people genuinely like the office life and it's totally fine!

Personally, I have never had any boundary issue with home being used for work. I have my own office room that is also my hobby room that I made as I like, so it's a very nice and quiet space, and I love working there.

Besides the obvious aspects of this post which are quite dumb, what that person misses is that by working from home I finish to work at 17 and at 17.01 I am free to go meet people. Cutting commuting time frees quite some time for personal life and not to mention working from home is associated with more flexible work too, like doing some chores during a break etc., which frees up even more time.

Absolutely, but a much much lower risk than a stab. Since we are reasoning on the morals and not from a purely rhetorical point of view, we can't consider them the same. Also that's why I specifically said "slapping" in my example. Slapping is still physical violence, it's still an attack, but it's an example of something that doesn't warrant a potentially fatal response.

Stabbing has always the risk of being fatal. No slur deserves death.

Edit: to expand to that, being motivated and proportional are two principles that I find very moral. I agree that legal and moral are not the same, but in this case I think the law is absolutely aligned with my moral. Stabbing someone for a slap or a slur is completely disproportionate and I would absolutely not consider it justified. Being assaulted and fearing from your life, that is different.

Spitting on someone is an assault. Insulting someone is not. The two things are not comparable.

You don't blame the guy for striking her after getting spit in the face?

To be clear, I wouldn't escalate anything in general, if someone cuts in line or whatever, not worth picking a fight for such silly things. But if you spit to someone in their face, getting punched is something that it's well within the realm of things you should expect. From an ethical point of view, I probably wouldn't do either, but in general spitting is what turned this uncivilized event (from both parties) into a fight.

If a guy hits me even once and I knife him in self defense,

Self-defense laws vary a lot across countries. At least where I live, defense has to be motivated and proportional. If someone would slap you - for example - and you stab them, that probably wouldn't count as self-defense. I would personally disagree with you in that context, and probably a judge would too (at least here).

Kubernetes is not really meant primarily for scaling. Even kubernetes clusters require autoscaling groups on nodes to support it, for example, or horizontal pod autoscalers, but they are minor features.

The benefits are pooling computing resources and creating effectively a private cloud. Easy replication of applications in case of hardware failure. Single language to deploy applications, network controls, etc.

Yes if single node, kinda if 2-3 nodes, no for anything above that IMHO.