I find it morbidly fascinating how leadership at the same company can simultaneously believe all of "network egress is a staggeringly expensive component of data center rollout" yet "we should stream real-time input and video instead of shipping client software" and "the backend DCs to support this have to be built everywhere to reduce latency" plus "we can't bill this in any way that is correlative to our costs, because it won't make any sense to buyers", yet "we'll price it at a level that cannot possibly make sense for anyone except the most niche buyers".

Like, even at the most basic level: The kind of buyer that might be interested in this might actually be interested in something like per-minute pricing. If you only need Windows or Xbox Streaming for a few hours a month, just charge per minute. But they don't price it like that. Instead, a 2vcpu/8gb/256gb machine is $50/month. A similar machine from HP would cost, like, $400. And the best part is, if someone actually used it 8 hours per day, 20 days a month, 1080p60: That's like ~$28 in the cheapest tier of Azure bandwidth costs. And, I guess, you have to also buy a thin client device.

Just very unclear who any of these services are for.

Remember when Google did this and it failed because PC gamers dont want 1700 stores for games. They just want Steam or GOG.

These companies do not know their customer base and it costs them.

I do see these devices making way more sense for enterprise on the other hand, to the dismay of many. But for the average consumer maybe not. I assume they are going to recycle the same tech they are using to let you stream Xbox games.

If Windows wasnt so damned bloated this wouldnt cost them much. Every Windows laptop that was nearing its end of life became magically better and still in my house all 15 years later after I installed Linux. Wild.

Google failed with Stadia because no sane AAA company would want to risk App/Play Store terms. The offering maybe made sense for A companies, but Google's requirements were too much for them (their marketing certain wasn't there). Google ended up subsidizing a few AAA companies, and then it fell to typical Google kill-it-now cost cutting. Microsoft has existing relationships and won't have this problem.

The fine article plainly says that these are for corporate use and that the service it is meant to connect to isn't even available to regular consumers. And this is hardly a new concept: even a casual search shows that Windows thin clients have existed since the '90s and that the previous models are still currently being sold by various OEMs.

Yes, exactly, this is the same old "how do we prevent lowly employees from going on facebook and solitaire" technology they and many other companies have tried 1000 times before.

Microsoft has always resisted doing it, with citrix picking up the slack, but they'll give it another shot.

I mean GeForce Now is still going and PS+ streaming is surprisingly playable.

I think people just didn't want Google.

Google stupidly positioned their service as if it was a separate console you had to buy games for, which then couldn’t be played anywhere else. The successful streaming services sell you games for non-streaming platforms and then just allow you to stream them as an option.

I think the reasons are a little more boring, that it was a combination of different reasons that contributed to Stadia’s failure.

> how leadership at the same company can simultaneously believe all of "network egress is a staggeringly expensive component of data center rollout" yet "we should stream real-time input and video instead of shipping client software"

The leadership doesn’t believe egress is expensive.

And neither do the customers believe it.

However the customers are okay paying the egress price. So it stays, regardless of what leadership or customers say.

Are you suggesting that low latency video isn't expensive? That goes against everything I've ever heard from people at streaming platforms. The costs are high enough to be a major competitive moat for some of the biggest companies on the planet (e.g. Google's YouTube).

20/40/70 GB of outbound data is included, depending on the tier.

But you need to meet pretty high licensing requirements, e.g. for enterprise:

Microsoft 365 Business Premium, Microsoft 365 F3, Microsoft 365 E3, and Microsoft 365 E5, including versions of these suites that do not include Microsoft Teams, as well as Microsoft 365 A3, Microsoft 365 A5, and Microsoft 365 Education Student Use Benefit.

Which means around 20€ per month for business premium. They are also managed in intune, so you need someone with intune expertise.

And InTune needs user's to put Edge on their devices, which means a significant set of users will just give up being able to open links on their phone from work apps. That puts a drag on productivity which is definitely more costly than 20€ per month.

You don't account the "reliability" of cloud. What if Azure goes dark?

> Just very unclear who any of these services are for.

These services are for Microsoft, to serve Microsoft's business needs at the customer's expenses.

Look at Azure and how it designed it's products around the concept of accounts. Azure is supposed to be a cloud provider but their offering is built around charging customers for provisioning dedicated hardware that users then can run their apps on.

Even their function-as-a-service offer requires you to pay por the dedicated hardware where to deploy your event handlers.

If you look at Azure as Active Directory/Entra ID attracting and locking in enterprise accounts, you start to see these service account products as a way to price gouge customers. You have customers locked in with the auth system who then have to manage competing pressures such as "I need to keep my azure resources independent of other teams/projects" and "why do I need to pay 100$/month for a dedicated app service plan with two cores if all I want is a small internal app that might run the occasional background job"

He's running a 35B parameter model. Frontier models are well over a trillion parameters at this point. Parameters = smarts. There are 1T+ open source models (e.g. GLM5), and they're actually getting to the point of being comparable with the closed source models; but you cannot remotely run them on any hardware available to us.

Core speed/count and memory bandwidth determines your performance. Memory size determines your model size which determines your smarts. Broadly speaking.

My understanding of the difference, influenced mostly by consuming too many anonymous tweets on the matter over the past day so could be entirely incorrect, is: Anthropic wanted control of a kill switch actively in the loop to stop usage that went against the terms of use (maybe this is a system prompt-level thing that stops it, maybe monitoring systems, humans with this authority, etc). OpenAI's position was more like "if you break the contract, the contract is over" without going so far as to say they'd immediately stop service (maybe there's an offboarding period, transition of service, etc).

My interpretation of the difference is more like: Anthropic wanted the synchronous real-time authority to say "No we wont do that" (e.g. by modifying system prompts, training data, Anthropic people in the loop with shutdown authority). OpenAI instead asked for the asynchronous authority to re-evaluate the contract if it is breached (e.g. the DoD can use OpenAI tech for domestic surveillance, but there's a path to contract and service termination if they do this).

If my read is correct: I personally agree with the DoD that Anthropic's demands were not something any military should agree to. However, as you say, the DoD's reaction to Anthropic's terms is wildly inappropriate and materially harmed our military by forcing all private companies to re-evaluate whether selling to the military is a good idea going forward.

The DoD likely spends somewhere on the order of ~$100M/year with Google; but Google owns a 14% stake in Anthropic, who spends at least that much if not more on training and inference. All-in-all, that relationship is worth on the order of ~$10B+. If Google is put into the position of having to decide between servicing DoD contracts or maintaining Anthropic as an investee and customer, its not trivially obvious that they'd pick the DoD unless forced to with behind-the-scenes threats and the DPA. Amazon is in a similar situation; its only Microsoft that has contracts large enough with the DoD where their decision is obvious. Hegseth's decision leaves the DoD, our military, and our defense materially weaker by both refusing federal access to state of the art technology, and creating a schism in the broader tech ecosystem where many players will now refuse to engage with the government.

Either party could have walked away from negotiations if they were unhappy with the terms. Alternatively: the DoD should have agreed to Anthropic's red lines, then constrained/compartmentalized their usage of Anthropic's technology to a clearly limited and non-combat capacity until re-negotiation and expansion of the deal could happen. Instead, we get where we're at, which is not good.

IMO: I know a lot of people are scared of a fascist-like future for the US, but personally I'm more fearful of a different outcome. Our government and military has lost all of its capacity to manufacture and innovate. Its been conceded to private industry, and its at the point where private industry has grown so large that companies can seriously say "ok, we won't work with you, bye" and it just be, like, fine for their bottom line. The US cannot grow federal spending and cannot find a reasonable path to taxing or otherwise slowing down the rise of private industry. We're not headed into fascism (though there are elements of that in the current admin): We're headed into Snow Crash. The military is just a thin coordination layer of operators piecing together technology from OpenAI, Boeing, Anduril, Raytheon. Public governments everywhere are being out-competed by private industry, and in some countries it feels like industry tolerates the government, because it still has some decreasing semblance of authority, but especially in the US that semblance of authority has been on a downward trend for years. Google's revenue was 7% of the US Federal Government's revenue last year. That's fucking insane. What happens when we get to the point where Federal debt becomes unserviceable? When Google or Apple or Microsoft hit 10%, or 15%? Our government loses its ability to actually function effectively; and private industry will be there to fill the void.

Its one thing to say "we cannot abide by these terms, so let's part ways", and its another entirely to respond this drastically. The Trump administration will look back on this decision as the most consequential in their efforts to win the 2026 midterms and Republican efforts in 2028. This is a $400B+ American company that has significant partial ownership from Amazon, Google, and other private equity sources; they just made serious enemies in SV, many of whom supported Trump in his 2024 election victory.

This is a pimple on the arse of said consequence. It's one tiny thing in a chain of many bigger things.

It's magnified because it's right now, but this won't affect midterm results barely a whisker compared to many other daily headlines.

There are no serious enemies to this administration in SV and I can't see this changing that. SV has bent the knee exactly like Anthropic didn't. They're not going to stand up because of this, they've proven they don't have those muscles.

OTOH it could amplify their base: “Big Tech refusing to work with us on National Security matters!” The base will never hear what/where the red line was drawn, just that Some Company in California (liberal/bad) is being Woke and Political.

Their base doesn't have any clue who Anthropic is, and never will. Their base is barely paying attention to what they do anymore.

In this case, I'm not sure it matters what it says or how your non-technical friends interpret it. The site is down. Why it is down doesn't change the next thing casual viewers will do (close the tab).

But it does matter to their opinion of the site: is it down because the author took it down, is it down due to a technical problem, or is it is it down because the hosting provider took it down?

"This deployment is temporarily paused", if anything, sounds like the people who put the site up took it down again. That sends the wrong message.

Personally, if my hosting provider took my post down, I'd want them to make that obvious to my visitors. Or at the very least make it look like a technical issue. Not make it look like I took it down.

> The site is down.

Is it? The title is "The Robotic Dexterity Deadlock". For all I know, it's a joke about what deadlock looks like for robots, showing what could be interpreted as a deadlock in a webserver. At a glance, I can't tell if the site is down, or if it's up and correctly showing its very short message.

So, yeah, in reality, I'm 99% sure it really is an error message. That's only because I've seen similar error messages in the past and can infer how to interpret it.

If the United States is ever, in the future, at war with an adversary using truly autonomous and functional killing machines; you may find yourself praying that we have our own rather than praying human nature changes. Of course, we must strive for this to never happen; but carrying a huge stick seems to be the most effective way to reduce human death and suffering from armed conflict.

Given how unstable and aggressive the US government is at the moment others having these weapons seems to be a good idea for balance. Not sure you are aware of the damage Trump is inflicting on international relations.

But personally I wouldn't like to die because some crackpot with the right connections can will rest-of-world to that fate, no matter their affiliation. This escalation of destructive power and the carelessness with which it is justified pretty disheartening to see. Good times create bad people?

Reading comprehension check: I never stated that others shouldn't have the weapons. In fact, I stated what you are stating: that it is likely others will have the weapons, and for the sake of balance the West will be in a better place if the US also has them.

My primary point was to state that reducing friction between will (e.g. want Greenland) and reality (send autonomous drone swarm) is a really terrible thing for the US to possess with these elites. This technology needs to spread fast if classic non-proliferation is unworkable.

We seem to be unable to stop building the weapon, we seem unable to stop handing it over to morons, and I should expect these morons to not fire it?

Then again, it's called MAD for a reason... What's one more WMD after all? Let's hope that we at least understand it before it becomes as powerful as everyone seems to think it will become.

Reading comprehension check: I did not say that it reduced the risk of armed conflict. I said that it reduced the death and human suffering from armed conflict.

Between the years of 1850-1950, an estimated 150M humans died (and many more permanently disabled) due to armed conflict (~1.5M/year). Between 1950-today: closer to 10M (~132k/year). The majority of those came from the Vietnam and Korean wars. If you limit the window to after 2000: only ~2M deaths, or ~78k/year. We carry bigger sticks than ever, and those sticks allow us to execute more strategic, incapacitating strikes, or stop conflict from even happening in the first place.

It's a cliché, but you are forcing my hand: Correlation does not imply causation

> If you limit the window to after 2000: only ~2M deaths, or ~78k/year First, this can't be right? Just the Russian war against the Ukraine is more than that?

Also, let's do a recount in 2050

Yeah its tremendously unclear how they can even recover from this. I think the most selective would be: they have to at minimum remove the Generative Language API grant from every API key that was created before it was released. But even that isn't a full fix, because there's definitely keys that were created after that API was released which accidentally got it. They might have to just blanket remove the Generative Language API grant from every API key ever issued.

This is going to break so many applications. No wonder they don't want to admit this is a problem. This is, like, whole-number percentage of Gemini traffic, level of fuck-up.

Jesus, and the keys leak cached context and Gemini uploads. This might be the worst security vulnerability Google has ever pushed to prod.

The Gemini API is not enabled by default, it has to be explicitly enabled for each project.

The problem here is that people create an API key for use X, then enable Gemini on the same project to do something else, not realizing that the old key now allows access to Gemini as well.

Takeaway: GCP projects are free and provide strong security boundaries, so use them liberally and never reuse them for anything public-facing.

Imagine enabling Maps, deploying it on your website, and then enabling Google Drive API and that key immediately providing the ability to store or read files. It didn't work like that for any other service, why should it work that way for Gemini.

Also, for APIs with quotas you have to be careful not to use multiple GCP projects for a single logical application, since those quotas are tracked per application, not per account. It is definitely not Google's intent that you should have one GCP project per service within a single logical application.

Really? I make multiple GCP projects per app. One project for the (eg) Maps API, one for Drive, one for Mail, one for $THING. Internal corp-services might have one project with a few APIs enabled - but for the client-app that we sell, there are many projects with one or two APIs enabled only.

If you ever have to enable public OAuth on such a project, you'll need to provide a list of all the API projects in use with the application, and Google Trust and Safety will pressure you to merge them together into a single GCP project. I've been through it.

You can do what you're describing but it's not the model Google is expecting you to use, and you shouldn't have to do that.

It seems what happened here is that some extremely overzealous PM, probably fueled by Google's insane push to maximize Gemini's usage, decided that the Gemini API on GCP should be default enabled to make it easier for people to deploy, either being unaware or intentionally overlooking the obvious security implications of doing so. It's a huge mistake.

> decided that the Gemini API on GCP should be default enabled to make it easier for people to deploy

Like deciding ATM cabinets should be default open to make it easier for people to withdraw cash.

No, there must be more behind this than overzealotry.

On the other hand, i would not attribute to malice what could be reasonably attributed to stupidity.

Why would they encourage more resource use, increasing their cost?

Gemini should have had it's own API key separate from their traditionally public facing API IDs (which they call keys) and API keys should default to being tightly scoped to their use case rather than being unrestricted.

Who cares if you have three API keys for three services.

Quite frankly putting any API information in things like url params or client side code just doesn't sit right with me. It breaks the norm in a way that could be, and is now security concern.

I’m usually client side dev, and am an ex googler and very curious how this happened.

I can somewhat follow this line of thinking, it’s pretty intentional and clear what you’re doing when you flip on APIs in the Google cloud site.

But I can’t wrap my mind around what is an API key. All the Google cloud stuff I’ve done the last couple years involves a lot of security stuff and permissions (namely, using Gemini, of all things. The irony…).

Somewhat infamously, there’s a separate Gemini API specifically to get the easy API key based experience. I don’t understand how the concept of an easy API key leaked into Google Cloud, especially if it is coupled to Gemini access. Why not use that to make the easy dev experience? This must be some sort of overlooked fuckup. You’d either ship this and API keys for Gemini, or neither. Doing it and not using it for an easier dev experience is a head scratcher.

They started off behind, and have been scrambling to catch up. This means they didn't get the extra year of design-doc hell before shipping, so mistakes were made.

they auto-create projects and api keys: gen-lang-client-12345

app-scripts creates projects as well but maps just generates api keys in the current project

--- Get Started on Google Maps Platform You're all set to develop! Here's the API key you would need for your implementation. API key can be referenced in the Credentials section.

I was trying to test the gemini-cli using code assist standard.

To this day I am unable to access the models they say I should be able to.

I still get 2.5 only, despite enabling previews in the google cloud config etc etc.

The access seems to randomly turn on and off and swaps depending on the auth used (Oauth, api-key, etc)

The entire gemini-cli repo looks like it is full of slop with 1000 devs trying to be the first to pump every issue into claude and claim some sort of clout.

It is an absolute shit show and not a good a look.

I was exploring this today and just clicked on the "maps" Platform or APIs & Services to just explore and it immediately popped up a screen with "This is your API key for maps to start using!" without my input.

It sent me to a url: https://console.cloud.google.com/google/maps-apis/onboard;fl...

which auto-generated an API key for me to paste into things ASAP.

---

Get Started on Google Maps Platform You're all set to develop! Here's the API key you would need for your implementation. API key can be referenced in the Credentials section.

Isn't there a limit to the number of projects you can make and then you have to ask support to increase it?

There is, yes. The rumor mill suggests that the default limit is 30.

At $DAYJOB, we had a (not very special) special arrangement with GCP, and I never heard of anyone who was unable to create a project in our company's orgs [0].

Given how Google never, ever wants to have a human do customer support, I expect a robot will quickly auto-approve requests for "number of projects" quota increases. I know that's how it worked at work.

[0] ...with the exception of errors caused by GCP flakiness and other malfunction, of course.

Many products using the Cloud APIs auto-create projects. I know of AI Studio and Google Script (including scripts embedded in Docs, Sheets, etc)

So many organizations have the IAM "Project creator" role assigned to everyone at the org level. I think it's even a default.

Can vouch, I put in a request for 20 projects extra which was approved in hours.

As long as you are over a certain spend. I started something for my own project and went to apply the recommended architecture, which does not work without a quota increase. As it was from a fresh account, the email was we won't look at this until you spend or pre spend so much money. Frankly, for a trail period when evaluating at prior enterprises, that would have made me just say no to their cloud. One expects that the recommended architecture can be deployed in the trial run without hoops.

Everytime someone proposes protobuf as an rpc format, I respond “Hell no! There’s no support for protocol versioning.”

Of course, I bring this up because they could just version their API keys, completely solving this problem and preventing future ones like it.

Versioning data formats is wrongthink over there, so I’m guessing they just… won’t.

Does JSON have support for protocol versioning?

Yep: JSON schema Alternatively, with typescript you can write:

export type FooRpcV1 : { version: 1, ... } export type FooRpcV2 : { version: 2, ... }

in zod syntax, and it'll do the right thing statically and at runtime (ask an LLM for help with the syntax).

With protobufs (specifically protoc), you get some type like:

export type FooRpc : { version : 1 | 2, v1fieldA? : string, v1fieldB? : int, v2fieldB? : string, v2fieldB? string };

which is 2^5 message types, even if all fields of both versions were mandatory. Then application logic needs to validate it.

I started replying with a clever approach to layer scopes onto keys… but nope. Doesn’t work.

How did this get past any kind of security review at all? It’s like using usernames as passwords.

Maliciously thinking allowing this increase billable. Thus it increases the bottom line and make stock go up... Which is good for vesting...

Sheesh. We're in a world where a global Big Tech security team lacks comptetance to run even one high-street locksmith.

I hope Google has a database with the creation timestamp for every API key they issued.

You can see the creation date even on the GCloud dashboard. But this information isn't helpful in recovering from this issue, if they're interested in recovering correctly, because there's no guarantee that even keys created before the launch of Gemini didn't have Gemini access added to the keys intentionally. There are also likely public keys created after the launch of Gemini that also erroneously received the Gemini grant. The key creation date is ultimately useless; what it comes down to is whether the key's usage is intentional or malicious, which is impossible for Google to determine without involving the customer.

If there's one thing Google is good at, it's logging.

I think Google has a database with everything. EVERYTHING.

Is the implication at the end that Google has not actually fixed this issue yet? This is really bad; a massive oversight, very clearly caused by a rush to get Gemini in customers' hands, and the remediation is in all likelihood going to nuke customer workflows by forcing them to disable keys. Extremely bad look for Google.

As I was reading it I didn't realize I was reading a security report, so I was like, is it responsible for them to be sharing this?

Then I saw the disclosure at the end and didn't get the sense that the flaw was fixed, so then I was still thinking... Is it responsible for them to be sharing this?

I'm glad that they did, because I can audit my own projects, but a bad actor may also be glad that they did.

The fact that we're hearing this first from a third-party and not from Google themselves is extremely problematic.

When I got to “the initial triage was frustrating; the report was dismissed as "Intended Behavior”” I thought well there’s no need to follow ‘responsible disclosure’ then, eh?

I would have been tempted to blog about it immediately. Companies already get a sweet deal by people finding bugs for free, reporting them for free, and voluntarily keeping quiet about them for free; researchers shouldn’t also have to fight to report problems (for free).