The Cloud Pod is in Tears Trying to Understand Azure Tiers  

 Welcome to episode 321 of The Cloud Pod, where the forecast is always cloudy! Justin, Ryan, and Matt are all on hand to bring you the latest in cloud and AI news, including increased metrics data (because who doesn’t love more data), some issues over at Cloudflare, and even bigger issues at Builder.ai  – plus so much more.
Let’s get started! 

Titles we almost went with this week

• Lost in Translation: Google Helps IPv6 Find Its Way to IPv4


• BigQuery’s Soft Landing for Hard Problems


• CloudWatch Gets a Two-Week Memory Upgrade


• VM Glow-Up: From Gen1 Zero to Gen2 Hero


• Azure Gets Contextual: API Management Learns to Speak AI


• The Cloud Pod: Now Broadcasting from 20,000 Leagues Under the Sea


• LoRA LoRA on the Wall, Who’s the Finest Model of Them All


• Azure Says MFA or the Highway for Resource Management


• Two-Factor or Two-Furious: Azure’s Security Ultimatum


• Agent 007: License to Build


• CUD You Believe It? Google’s Discounts Get More Flexible


• WAF’s New Deal: Free Logs with Every Million Requests Served


• SOC It To Me: Google’s AI Security Workshop Tour


• MFA mandatory in Azure, now you too can hate/hate MS Authenticator


• AWS AMIs no longer the Tribbles of cloud computing


• ECS Exec; Justin’s prediction from 2018 finally comes true

General News

00:56 FinOps Weekly Summit 2025

• Victor Garcia reached out and asked us to share the news about the FinOps Weekly Summit coming up on October 23rd, 2025. 


• A lot of great speakers; if you’re in the FinOps space, we recommend it. 


• Want to register? You can do that here. 

01:53 Ignite Registration Opens 

• San Francisco, Moscone Center


• November 18–21, 2025


• Need to convince your manager to pay for you to go? Find that letter here. 

02:45 Addressing the unauthorized issuance of multiple TLS certificates for 1.1.1.1

• Some issues over at Cloudflare recently…


• Fina CA issued 12 unauthorized TLS certificates for Cloudflare’s 1.1.1.1 DNS resolver IP address between February 2024 and August 2025, violating domain control validation requirements and potentially allowing man-in-the-middle attacks on DNS-over-TLS and DNS-over-HTTPS connections.


• The incident highlights vulnerabilities in the Certificate Authority trust model where any trusted CA can issue certificates for any domain or IP without proper validation, though exploitation would require the attacker to have the private key, intercept traffic, and target clients that trust Fina CA (primarily Microsoft systems).


• Cloudflare failed to detect these certificates for months despite operating its own Certificate Transparency monitoring service because its system wasn’t configured to alert on IP address certificates rather than domain names, exposing gaps in its internal security monitoring.


• The certificates have been revoked and no evidence of malicious use was found, but the incident demonstrates why Certificate Transparency logs are critical infrastructure – without Fina CA voluntarily logging these test certificates, they might never have been discovered.


• Organizations should review their root certificate stores and consider removing or restricting CAs with poor validation practices, while DNS client developers should implement Certificate Transparency validation requirements similar to modern browsers to prevent future incidents.

02:58 Matt – “I really like how in this they say we messed up, but also you should go review everyone that you don’t trust, and only keep ours, because we ARE trusted, and look what we just found and how we fixed it.”

AI Is Going Great – Or How ML Makes Money 

06:02 How Builder.ai Collapsed Amid Silicon Valley’s Biggest Boom – The New York Times

• Builder.ai collapsed from a $1.5 billion valuation to bankruptcy after the board discovered sales were overstated by 75% – reported $217M revenue in 2024 was actually $51M, highlighting risks in AI startup valuations during the current investment boom


• The company spent 80% of revenue on marketing rather than product development, using terms like “AI-powered” and “machine learning” without substantial AI technology – its “Natasha AI” product manager was reportedly assisted by 700 Indian programmers rather than autonomous AI


• Microsoft invested $30M and partnered with Builder for cloud storage integration, while other investors included Qatar Investment Authority, SoftBank’s DeepCore, and Jeffrey Katzenberg – total funding reached $450M before the collapse


• SEC has charged multiple AI startups with fraud this year, including GameOn ($60M investor losses) and Nate (shopping app using Filipino contractors instead of AI), with Builder now under investigation by Southern District of New York prosecutors


• The .ai domain registrations are approaching 1 million addresses with 1,500 new ones daily, compared to an estimated 10,000 total ventures during the dot-com era, which demonstrates the scale of the current AI investment frenzy, where companies rebrand to attract funding

07:30 Ryan – “I’ve definitely seen this before, and you know, this sort of model of that’s like ‘we’ve got machine learning, we got this, and now it’s with AI too’. It’s the same sort of thing – fake it till you make it only goes so far.”

09:31 The Visual Studio August Update is here – smarter AI, better debugging, and more control – Visual Studio Blog

• Visual Studio’s August 2025 update integrates GPT-5 and introduces Model Context Protocol (MCP) support, enabling developers to connect AI agents directly to databases, code search, and deployment systems without custom integrations for each tool.


• MCP functions as “the HTTP of tool connectivity” with OAuth support for any provider, one-click server installation from web repositories, and governance controls via GitHub policy settings for enterprise compliance.


• The enhanced Copilot Chat now uses improved semantic code search to automatically retrieve relevant code snippets from natural language queries across entire solutions, reducing manual navigation time.


• Developers can now bring their own AI models using API keys from OpenAI, <a href="https://www.bing.com/ck/a?!&&p=a0fca627a471901a03a5542e1255d02695659a0d071ab3c06eaeff1