> From the perspective of the traditional server business, such a developer is unfortunately often seen as rather helpless—someone who needs assistance with everything, can’t run their own database, and has no idea what a nameserver is.
Developers who have no idea about how things work (like nameservers and databases) are pretty helpless generally, regardless of whether they call themselves cloud-native developers or not.
> And even then, it wouldn’t be as seamless as AWS/Google/Azure!
I haven't used Cognito or Google's one, but Azure AD B2C is a complete mess. Or it was 3 years ago. A disaster of poor configuration options, and poor documentation, and even when we spoke to internal Azure engineers they said the same.
Stick with something like Auth0, or self-host Keycloak. Don't use the Azure one if you can at all avoid it, at least for B2C applications.
Same with Cognito, to be honest. The vendor lock-in is so strong, the abstractions leak through every crevice, not even full AWS shops can tolerate it.
I truly believe this is why email-based logins have become quite popular. You delegate the security of the authentication to the client (whether they’re a B2B client or B2C doesn’t make much of a difference), you don’t need to have 2FA, password reset flows, etc.
For my new SaaS I went with just supporting oauth flows with Google and Microsoft to start with. Not having to deal with everything you mentioned in the last sentence is exactly why.
Google's (GCP) OAuth is more difficult to set up than it should be.
I wish there were two versions of the UI:
1) the current "God mode" with hundreds of services and nested pages for cloud uber natives that grok all that, and
2) a simplfied UI for simple devs like me. There could be a few types of the simplified UI, depending on what you do (mobile dev, ML researcher, AI engineer, web dev, etc.).
Currently, I spend way too much time scrolling and navigating between different pages to set up or troubleshoot basic things.
It is interesting that this relates exactly to everything that goes as "cloud native" these days, without really mentioning the fact that due to Kubernetes and the Cloud Native Computing Foundation's huge landscape of open source software that targets specifically Kubernetes, you can have a comprehensive platform on "any" infrastructure. On-premise, private cloud, public clouds that are in the EC2/S3 era of services (VMs and object storage)... it doesn't matter. You can literally run the same database that powers YouTube, it's freely available and operates great on Kubernetes.
Yes, the problem is that someone has to manage it all (full disclosure: I work for Elastisys, a company exactly in the space of fully-managed application platforms on top of the infra operated by others).
But the fact that smaller cloud providers haven't had the money to invest in their capabilities to offer managed services to the same degree as the enormous hyperscalers isn't exactly impossible to overcome. In fact, it's never been more possible. Other comments here show that very well, too. And that the particular choice of identity management services is perhaps not the best for showing where the hyperscaler options shine.
> due to Kubernetes and the Cloud Native Computing Foundation's huge landscape of open source software that targets specifically Kubernetes, you can have a comprehensive platform on "any" infrastructure
Most CNCF projects and incubators are coming out of American, Chinese, and Indian teams at American or Chinese firms.
The 5G rollout in the US, China, and India in the mid-2010s meant an entire ecosystem of K8s and eBPF versed engineers exist in those geos.
There isn't a similar ecosystem in Europe, and all the major telcos in Europe decided to become resellers of white labeled American cloud products.
Totally, but IMHO it's better to use those open source building blocks on top of an european provider (or your own infra) instead of getting locked in into any domestic (or foreign) service. Why pay AWS for Cognito and get locked in there, when you can run Keycloak on top of K8s on any provider.
We can definitely reinvent the wheel, perhaps even making better products, but for the time being these open source tools are good enough, again, IMHO
The issue is you also need a fairly deep understanding of your OSS stack to take full advantage - and this is where the issue arises.
OSS is not plug-and-play (nor should it be), and the ecosystem of talent for technologies like eBPF, OTel, or Operator Frameworks doesn't exist because the primary forcing function to generate that kind of an ecosystem (5G rollouts) has lagged for over a decade in much of Europe.
Remember that Tim Cook quote about not being able to fill a room of American die cast engineers? It's the same thing in Europe and America for a lot of core technologies in cybersecurity, systems programming, and devops.
If you cannot incubate your own OSS offerings or play a major role in contributing to these projects, then you will always remain a laggard. Almost every incubated CNCF, eBPF, or Linux Foundation project has some sort of corporate backing behind it, and it's almost inevitably some company or team in America, China, Israel, or India that monetizing the offering and remains the primary contributor.
OSS is extremely political, just like creating a company, and open-core players always end up muscling or out-competing passion projects alone. And for those that they can't, they end up sponsoring those or hiring those developers and thus subsume it.
Countries like China and India have actual bureaucrats with EECS backgrounds at ministries who have worked for a decade building public-private strategies around building a Kubernetes, RISC-V, or eBPF strategy, and in the US and Israel, it's highly capitalized private sector players taking advantage of that.
A big issue I've noticed is a lot of the players pushing for a new "European cloud" are glorified DC hosters who do not have Product or Development experience with cloud tools or technologies, and continue to underpay their employees.
I saw this at an attempted version of AWS by a major retailer in DACH - they are trying to build their own competitive hyperscaler, but their internal teams still preferred one of the big 3 CSPs (AWS, Azure, GCP) due to reliability and the talent gap in their internal CSP team.
European software only does great when those vendors pay regionally competitive (doesn't have to be SV level) salaries. Look at DIPT in France, Gov.uk in the UK, and Datadog in France as examples of well made European stacks that also paid employees competitively.
European companies will also HAVE to be product first - only selling on "European First" sentiment doesn't close RFPs when the CSPs have created EU staffed and managed landing zones, and companies like Google Cloud and AWS expand EU specific offerings in EU megaoffices like Warsaw and Cluj respectively.
The other issue is most EMEA customers have much smaller budgets, so discounting and bundling becomes critical - and it's hard to beat vendors who can sell in the US (which is what a French vendor like Datadog has done).
Finally, the growth of the cloud software ecosystem in the US, China, and India was also thanks to 5G rollouts, as much of the 5G stack is virtualized and is essentially VOIP. This meant telecom players helped spark a generation of vendors or OSS ecosystems.
I slightly agree but my take is less salaries and more that most companies in Europe have been totally captured by the management/academic classes [1].
You can't create what is fundamentally a highly technical product using management to tell engineers what to do. European management structures tend to keep the technical people isolated to their own lower strata and don't listen to them.
AWS' success is it enabled its _engineers_ to launch products. Which is why Azure sticks out like a sore thumb.
[1] This is why you generally only see innovation in Europe coming from small companies, but they don't have the capital to keep investing at pace - AWS was able to build ahead of where its customers were and those customers eventually caught up.
> my take is less salaries and more that most companies in Europe have been totally captured by the management/academic classes
I agree, but that's not too bad if management was ex-Engineers or ex-Product sales.
In most cases I've seen in Europe, they're just consultants or alumni of LDPs from a handful of elite programs, and line level Engineers or Sales Engineers don't get their due.
Inevitabely, the best European technical minds either migrate to the US or become Sales Engineers or Solutions Architects for American vendors.
> ou can't create what is fundamentally a highly technical product using management to tell engineers what to do
Amen to that.
> AWS' success is it enabled its _engineers_ to launch products. Which is why Azure sticks out like a sore thumb.
Azure's issues are due to their GovCloud compliance needs - almost all Fed cloud spend is Azure because they are almost always the first hyperscaler to guarantee FedRAMP compliant products for any cloud segment. This has the downside of features being hacky, because a significant portion of a team's effort is spent on FedRAMP related tasks.
> Inevitabely, the best European technical minds either migrate to the US or become Sales Engineers or Solutions Architects for American vendors.
There is always Switzerland for overall higher quality of life. Sums on paychecks themselves are meaningless if there is no underlying quality of life.
It's still American or Israeli companies though. Working for Google Zurich still means you're working for an American employer (though Google and other employers are increasingly shifting to Warsaw, Praha, and Romania due to tax incentives and employees with less of an ego).
Why work for SAP as a Cloud Engineer earning $45-60k in Waldorf and required to go in-person when Wiz or AWS can pay you $90-110k as a Partner Cloud Architect while letting you work remotely in Waldorf and travel may 10-20% to customer onsites in Frankfurt or Berlin or EMEA partner conferences in Praha or Amsterdam.
The point is one way or the other, you don't have a choice other than to work for an American or Israeli company in some way or the other in most of Europe's tech scene, and incorporation remains extremely difficult. I've met so many French and Germans who committed aliyah explicitly because they could earn 2x in TLV what they could in Paris or Berlin, or because it was easier to create a startup. And for non-Jewish Europeans America has remained somewhat easier (unless your Polish, Romanian, or Czech/Slovak - in which case Eastern Europeans have a similar hustle and founder culture, as most operators worked in American bigtech or VCs)
It would be great if it would also include links to all those studies showing how $random_company saved tens of millions by weaning themselves of these "cloud services" and rolling their own.
Cloud costs are higher than DC costs, but you can also hire fewer engineers (who are cost centers if you aren't a tech company) and you don't have to deal with asset depreciation (impacting Capex) so your overall infra spend becomes much less.
Looking at technology in isolation is one of those pitfalls I've mentioned in my comment - you need to understand the technical AND business usecase.
Sadly, most Europeans who understand both are inevitably poached to become Sales or Solutions Architects for American or Israeli vendors.
Those aren’t the only options. VPS are a thing, cost less and are pretty easy to operate (even easier than cloud, I’d argue).
You can, of course, use cloud services for some stuff (databases? S3?) that are high maintenance, but some things (like the Cognito example from the OP article) just don’t make sense from the point of reducing costs – you trade some complexity for more complexity with a vendor lock-in and some additional costs on top.
Rolling your own doesn't mean only building your own data center. It can mean renting beige boxes or even virtual beige boxes without being locked in to the "cloud services".
You tend to pay fixed costs for those beige boxes instead of per api call costs that aren't predictable and tend to exponentially compound each other.
Edit: and just as a reminder, unless you work at Google or Facebook you won't have their scaling and dynamic resource allocation needs.
> If someone tries to program [auth] themselves, they either do it incorrectly (or not well enough) or keep an expert busy for weeks and weeks.
Or they could set up something like https://goauthentik.io/? (Shameless plug: if you use my Docker dashboard, https://lunni.dev/, you can install it in a couple clicks from the Marketplace.) Or any other open source option – there are dozens at this point.
And honestly speaking, auth isn’t that hard in the first place. You do have to remember a few things, but if you follow something like https://lucia-auth.com/ it shouldn’t take you more than an hour to set up some decent auth with 2FA and OIDC support. A bit more time to implement sign-in rate limiting and email verification and you have a robust system that (a) works in a way that you understand and (b) you can reuse between projects without paying a dime.
It’s going to take time. Short of vast amounts of capital this takes time. See the initial progression of AWS. They didn’t start with a billion cloud product. Just the primitives first
Yeah, it's clear from how Hetzner Cloud develops. First it was just instances, then they added object storage, and the next services will follow. All this for a fraction of the price of AWS/Azure/GCP.
This blog post really resonates with me. I'm originally one of those "server guys" who had 20 years of experience with Linux and hosting all kinds of software (my last gig was running OpenStack). I was also pretty deep in Red Hat ecosystem and had their highest certification (RHCA). But sadly in my EU country these server oriented tech roles kind of dried out around 10 years ago and the rest were outsourced to Indian companies. That's why I work at AWS nowadays.
> Not everything is equally good or affordable, but it’s crucial to understand what the world is moving toward (even if maybe they shouldn’t).
And this is exactly how we get to Elon Musk creating a constitutional crisis.
Complacency. Complacency with Tesla servitizing the automobile. Complacency with someone doing a Sieg Heil... Twice... on national television.
Maybe if you don't take the first leap, you won't be in the position that so many Tesla owners are in now. "I didn't know he was crazy!"
Well maybe you should have. Maybe you should have read all the signs and seen all the writing on the wall and listened to all the enthusiasts and experts who warned you.
Obviously this carries the risk of creating an incredibly off-topic thread, but usually they "I didn't know" excuse is the result of being unwilling to see red flags for what they are.
In Elon's case, his angry narcissistic nature was obvious years ago (like his 2018 "pedo boy" tweet). Of course, "red flags" can be abused and become premature optimization, so sometimes you have to have your foot on the accelerator but not forget where the brake pedal is.
Relating this back to technology and hosting, we have to maintain strong fundamentals while we use abstractions and building blocks. I'm "old" in technology years (48) but I'm seeing a lot of mid-level to "senior" developers who barely understand the basics of SQL or operating systems.
Developers who have no idea about how things work (like nameservers and databases) are pretty helpless generally, regardless of whether they call themselves cloud-native developers or not.