In aws you can use IPv6 with either security groups or EIGW to avoid NAT fees altogether (you still pay for transfer fees )

Death , taxes and transfer fees

That's quite recent. There was some time after AWS started charging for ipv4 addresses where you could not realistically go for an ipv6 only setup behind Cloudfront because it would for example not connect to a v6 only origin.

This is probably a result of all AWS services being independent teams with their own release schedule. But it would have made sense for AWS to coordinate this better.

You’re right IPv6 has compatibility issues. But for instances needing NAT gateway (no public ip) , they are often good candidates for IPv6 egress.

Moving to IPv6 works until it doesn't.

thanks I didn't realize there was no public bulletin for this notice. i've shared a copy above.

Naturally a good move to remove root privileges from containers, and the interesting topic for discussion is about the flimsy default root access, since the hosting OS is shared infra.

Does this comment apply to the current crop of American politicians? (Just curious.)

Well, lack of trust in that case .

That’s what I was referring to. The concept that comprehensive laws can substitute leaders with integrity is ridiculous

Any technical minds care to explain how the "agentic Windows" actually functions?

Based on the marketing it seems to run a sandboxed copilot instance that can impersonate the user to take actions, with their permission?

Something like "hey copilot install Putty"? and it does it?

I can relate to the reluctance to adopt AI features into the OS -- but I would also like to understand how they work and any utility they might provide.

"How it actually functions" is too much of a moving target. The book of "best practices for building AI agent functionality into your OS" is still being written. But "sandboxed envs for AI to do things in" is one approach MS is currently trying for.

I agree that a "good" implementation of agentic AI can have a lot of benefits, to casual users and power users both. But do I have any trust in Microsoft being the company to ship a "good" implementation? Hell no.

Windows has been getting more and more user hostile for years now, to casual users and power users both. If there's anyone at Microsoft who still cares about good UX, they sure don't have any decision-making power. And getting AI integration right is as much a UX issue as it is a foundation model issue or an integration hook issue.

That's what I understand. It basically spins up a windows VM, you grant it access to specific files or folders, and it runs the actions in the VM.

From the MS support doc:

> "An agent workspace is a separate, contained space in Windows where you can grant agents access to your apps and files so they can complete tasks for you in the background while you continue to use your device. Each agent operates using its own account, distinct from your personal user account. This dedicated agent account establishes clear boundaries between agent activity and your own, enabling scoped authorization and runtime isolation. As a result, you can delegate tasks to agents while retaining full control, visibility into agent actions, and the ability to manage access at any time."

MS showed a little bit of something like it at Ignite yesterday, but for enterprise automations, the AI spun up a Windows 365 instance, did some stuff on the web, then disposed of it when it was done.

thanks for explaining that. I could see some value and also tremendous risk.

My concern is that the Windows Credential itself doesn’t have a ton of value (opening windows apps) but the browser cookie jar (e..g Edge or Chrome) , which the Credential unlocks, has tremendous value — and threats.

The core problem is lack of granularity in permissions. If you allow the agent to do browser activities as your user, you can’t control which cookie / scope it will take action on.

You might say “buy me chips” and it instead logs into your Fidelity account and buys $100k worth of stock.

Let’s see how they figure out the authorization model.

the internet can be divided up into factions like Divergent. AWSubbies (orange), Azure-ants (blue), CloudFlaricons (black) & the Rogues (jester colors, like Google). A proper down detector would identify platform outages based on the number of faction members who are down.

We could get very far by mandating easier adjustment of headlights, and free adjustment at auto shops. It only takes a couple minutes to adjust the headlights , especially at a shop with a lift and a gauge.

It's supposed to already be done at the MOT stations. They are supposed to check the level and adjust it to conform.

that's good to hear. I don't think it's as common in USA. I've even asked shops to do the work and a few aren't familiar.

Congressional hearings on headlights seem to focus on lumens, but the bigger issue is misalignment. I worry that setting a lumen cap will undermine LEDs strengths. Adaptive matrix like Tesla Model Y etc , which shade oncoming and leading traffic, allow incredible visibility without the glare.

Even with static headlights, the beams need to be realigned every year or two. Vibration puts them out of order.

A weak beam pointed at your eye will be more blinding than a much stronger beam aimed properly.