121 comments

[ 3.0 ms ] story [ 195 ms ] thread
Given the discontinuance of the Google search appliance, I would be reluctant to consider any Google hardware. I’d likely use something like PCF on owned hardware for the scenarios they describe.
I mean, the search appliance was discontinued after 17 years. Not sure it's that bad...
And they supported their last search appliance over 10 years and provided a transition path toward cloud-based alternative. This is probably better than usual industry cases and I'm pretty sure Google wouldn't get this bad reputation if they adopted this case as their own product longevity standard.
The customer is the DoD. They know how to negotiate contracts to cover this scenario and have the clout to negotiate such and enforce it.
And they’ll likely have a “this need to be supported for 50 years” provision too
Well, Google already distribute hardware to various ISP - it's called GGC (https://www.gstatic.com/isp/docs/ggc-installation.pdf?sjid=5...).

We (GSA) & GGC used to source our hardware from the same supplier (Dell).

Only part of the GGC fleet are Dell machines (that pdf lists Dell, HP, and Equus). Paraphrasing one of the leads from some years back: "Single-vendor is not a vendor strategy."

Between improved negotiating position and resilience to vendor-specific firmware bugs / vulnerabilities, the additional maintenance cost associated with supporting two or more platforms pays for itself very quickly.

In this particular case, they're the air-gapped product is singly dependent on HPE servers, mostly for compliance reasons. Same reason on why it uses Palo Alto firewalls.

Though in the case of the GGC nodes, having multiple vendors was mostly a negotiating component. If we could go to HO and order 3000 servers and have them running, Dell loses a large amount of negotiating power.

Being honest though, working with Dell was significantly better than working with HP or (especially) Equus.

Former Google Employee, on GGC.

HP!=HPE for over 8 years now
This is very different. This is like if Anthos married a Toughbook. There are very real, very sticky use cases for this appliance.
The Google Search Appliance was available from 2002 to 2019, which is a pretty decent run for a piece of IT hardware. Especially given that the average office environment looked quite different in 2002: the GSA was designed for indexing intranets (remember those?) and did not require any Internet connectivity at all.
>the GSA was designed for indexing intranets (remember those?)

Yet the problem of being able to find things still exists. That my "intranet" consists now of a bunch of cloud services accessible to the internet makes no functional difference.

If it's accessible to the Internet, Google can make a private index for you with Cloud Search and you don't need a physical appliance.

https://workspace.google.com/intl/en_au/products/cloud-searc...

That doesn't read like it can login to anything other than Google services. Those internet intranets typically sit behind some kind of authentication.
Does Cloud Search support third-party data?

Yes, Cloud Search includes connectors to third-party data sources, such as Salesforce, SAP and more than 100 others.

(comment deleted)
One of my previous jobs had this appliance back >10-15 years ago, and honestly I'm yet to come across anything which assists with internal content discovery quite as well. I really miss it! (Side note, Confluence search is awful)
We[0] have made this. Fully self-hosted. Confluence search is a particularly consistent pain point.

[0] atolio.com

(comment deleted)
The post announces a physical (i presume) appliance and it’s just a wall of text and not a single photo. Mkay…
Yeah I just wanted to see a picture of it
I couldn't find any specs in the docs either. Welcome to enterprise.
There's a bit complexity there as the system is designed to be modular based on requirements. GPUs? Raw RAM? DC or AC? All different compoents that you can swap in/out.
I would assume there's some kind of catalog or configuration guide y'all could publish but maybe not.
No, the obfuscation helps with setting "enterprise" prices.
I mean this is literally their 'AI, but for TLAs' product. I'm kinda shocked there's a public announcement at all.
Is the box painted yellow? That's all I want to know, and if you are old enough you will get the Google Search Appliance reference.
It's for military applications so it's quite obviously green.
In this particular case, no, they're unbranded HP boxes, though some that have been deployed have GCP logos on the racks themselves.
How lame, Google used to be fun.
parts of it is still is, you're just focusing on non fun parts
It's always fun trying to guess which product Google will sunset next month
> unbranded HP boxes

HPEnterprise (Compaq-derived servers) or HPInc (desktops/laptops)?

Truly puzzling why Google is doing these things that do not scale. Their DNA historically has been doing things for billions of users, not 10 companies that might ever pay for this. Google is a technology company through and through, they have a great engineering talent, and they can keep shifting paradigm in many areas, especially in cloud. Yet, the short-term profit motive of the rot economy is taking another tech giant hostage.
Kurian = enterprise IT = high-margin low-scale customized solutions. In theory the long tail of the market is just as lucrative as the big head.
depends if you define long tail as customer count vs contract size
That's what happens when you take your most productive/creative minds, thrown them in the trash, and replace them with greedy MBA drones.
Drones, indeed. Now your government's murderbots can be powered by Google Gemini.
One of the more interesting things was the MBAs don't run engineering, it was fascinating seeing how quickly the tide can go out on management quality, especially when you're growing 20% every year -- took maybe 4 years to form a new extremely agreeable layer over significantly worse quality than the one 2 layers above it. Kiss up, kick down.
I have no idea what you’re talking about in practice. It felt like MBAs or less competent perspectives abounded when I was in cloud.
You realise that the idea that developers who work at google are more intelligent than average is the product of the work of marketing graduates who work at google?
I have no experience in this space, but I suspect supplying the US Air Force with this equipment may have a number of indirect benefits.
(comment deleted)
This seems pretty adjacent to their existing cloud business not requiring major new investments and is likely a requirement to do bigger deals with customers.
They invested in a dead end AI technology. They, like all the other players in the space, are trying madly to recoup their original investments. It turns out "chat bot" is not a viable product on any level whatsoever.
Google Cloud has an totally different customer base, strategy and internal culture from the rest of Google.
The post seems to really be vague around the obvious and most likely majority defense use cases this would be deployed for. It instead tries to emphasize all the other potential uses and mentions defense only as the final one with a generic quote from the air force.

I think it’s very likely that’s due to historical Googler outrage against working with defense organizations.

I was hoping for a picture of a box with sundar's signature on it.
Richard, we're making the box.
It'll be the next iteration, Sundar's signature edition.
I'm glad they've finally learned to appreciate the conjoined triangles of success.
Let me tell you a story ... in 1999, Google was a little startup, just like we are. And when they started bringing in chefs and masseuses, we thought, "They're nuts!"

But, they were attracting the best possible people, and they were able to create the best product, and now they're worth over $400 billion.

And ... do you know the name of that company?

"Erm, ... Google"

(gets me every time!)

"Bzzt, wrong answer! It's Alphabet!"
(comment deleted)
Curious about open source licenses: this was a big problem for the Google search appliance IIRC
I spent tons of time with Google Search Appliance (at least 100 hours reverse-engineering it) it was just a CentOS machine with a daemon called Babysitter (which was just a loop restarting services), and a C++ binary called gws (Google Web Server).

Fun fact, if you ran gws without its config files you would see the real front end for Google Search, News, etc.

Web configuration interface was in Java, writing some XML templates if I remember well.

So taking all of that, besides a very boring OS there was "nothing" or very little amount of open-source they were using.

It was more all homemade (except the OS).

Fun fact: There was a secret hardcoded password in clear (but only for physical access).

EDIT: Password was different for each instance, not the same as I thought.

Well that's fun. I was the TL of the GSA platform team and you are mostly spot on. You are missing the whole crawling/indexing & security parts though. the GWS on the GSA was, tbh, one of the simplest component.

Each GSA had a set of unique BIOS/root password generated during bootstrap though.

I edited the message, sorry for that mistake, I had assumed it was the same everywhere.

It was great to see how it was engineered, some parts were truly remarkable, my main interest was to learn about the ranking algorithm (not for SEO purposes, but because I thought it was fun and interesting).

We would have been in love 15 years ago when there was the GSA, sadly, our paths have separated :D

How do you know to which libraries the c++ binary was statically linked to?
What was the problem specifically?
Though other use cases for the appliance are given, it seems primarily designed for military applications?

It's designed to military standards and to be as individually transportable as other military communications equipment:

> Department of Defense (DoD) Impact Level 5 (IL5) accreditation

> rugged and portable design that meets stringent accreditation requirements like MIL-STD-810H

> The appliance can be conveniently transported in a rugged case

> Weighing approximately 100lbs, it's human-portable, making it easy to transport and deploy in various locations.

> disaster zones, remote research stations, or long-haul trucking operations

Military operations are all three of these.

Its design enables the offline self-hosting of cloud surveillance tools:

> Google Distributed Cloud air-gapped appliance is designed to operate without any connectivity to Google Cloud or the public internet. The appliance remains fully functional in disconnected environments

> built-in AI solutions from the Google Distributed Cloud air-gapped appliance like translation, speech, and optical character recognition

What about facial recognition?

The "smart border security system" is coming. This feels like it would be a "perfect" part of that looming disaster.
Does anyone care about this except DoD?
The sad reality is probably not.

I personally would prefer organizations to own their hardware as in the early age of internet. It was meant to be decentralized. However in the last 2 decades centralization has prevailed.

I think it is sad because look at the CrowdStrike incident earlier this week. Or outages in AWS, cloudflare etc. These are examples why decentralization would give people/organizations power and control.

This mentality of making it “someone else’s problem” with outsourcing is a fairy tale. In the end your business is at risk. Let alone the overhead and inefficiencies.

Perhaps another analogy: if one eats out every day and never learnt how to cook a meal themselves. When the situation presents itself there is no cook around. One would probably starve or resort to simple food sources like whole fruits.

(comment deleted)
(comment deleted)
This is to let the military use AI to help kill people.

“Don’t be evil” is dead.

> This is to let the military use AI to help kill people.

So are your tax dollars, and some portion of any money you spend or any productive engagement you have with the economy wherever you live on this planet.

This is not a convincing argument for not engaging in voluntary trade with the morally bankrupt.

It is, however, a pretty good argument for the moral basis for tax minimization and avoidance.

My tax dollars are used to bomb the middle east and there is absolutely nothing I can do about it. Voting is useless.
Donate to humanitarian aid organizations to offset your tax bomb dollars
Almost universally those funds are stolen in the name of administrative overhead
Need:

  - photo/video
  - root of trust definition (TPM? OpenTitan?)
  - firmware and OS description
  - specs
There's an edge device family from AWS, with specs and photos, https://aws.amazon.com/blogs/aws/introducing-aws-snowcone-sm...

> AWS Snow Family of physical edge computing, edge storage, and data transfer devices for rugged or disconnected environments.. can be used in a variety of environments including desktops, data centers, messenger bags, vehicles, and in conjunction with drones.. enclosure is both tamper-evident and tamper-resistant, and also uses a Trusted Platform Module (TPM) designed to ensure both security and full chain-of-custody for your data. The device encrypts data at rest and in transit using keys that are managed by AWS Key Management Service (AWS KMS) and are never stored on the device.. use Snowcone for data migration, content distribution, tactical edge computing, healthcare IoT, industrial IoT, transportation, logistics, and autonomous vehicle use cases.

AWS Snowball hardware, https://youtube.com/watch?v=BIx9bbe58K8

GDC video of users and control panels, no hardware, https://youtube.com/watch?v=i5fCfgNaPE0

With hardware expertise from servers, OpenCompute, Project Ara, Chromebooks, Pixels and TPUs, hopefully this appliance is more than a PC OEM whitebox.

> The device encrypts data... using keys that are... never stored on the device..

Incredible!

Not really. They can just use a public key to encrypt ephemeral symmetric keys. The private key is stored inside AWS and is never exposed to the device.
I guess that makes sense. So it's like a ballot box you can drop data into but only Amazon can pull it back out.

Still a bit misleading. The public key is on the device (which is fine) and that's the key it uses to encrypt the data (if we consider the symmetric key as just a performance optimization)

Feels like something that will almost certainly be sunset in <2 years
Would never consider this after getting rug pulled when Google abandoned the search appliance. That was fun.
Useful for a truly never-connected 'island' (meaning it never needs to speak to the outside world).

However, even some of the use cases they cite rarely exist on a never-connected island, e.g. industrial automation and transportation.

So, to be broadly applicable, it needs to be secure by design for connected use cases as well, even if those connections are considered to be ephemeral (e.g. remote management, periodic telemetry, metadata sharing, etc.).

has anyone done an analysis on how much big tech revenue comes from the DoD, particularly as its changed over time?
I wonder about the weight details and its fundamentals:

"The device weighs about 100 lbs (~45.3 kg) and can be carried by two people. The device is not operational while it is moved from one location to the next. It might be moved on and off vehicles and might be subject to rougher treatment than in a data center. While the device is running, it might be in an uncontrolled environment subject to more temperature variations and dust than a data center, such as a tent or a repurposed building." [1]

[1] https://cloud.google.com/distributed-cloud/hosted/docs/lates...

It's interesting watching silicon valley buzzwords mix with DOD speak.
So basically a local server. Guess we're on trailing edge of "move everything to cloud" now, slowly eeking back into having more local infrastructure again.
It's not a local server! It's a hyperconverged system, as explained on the product page [0].

Which is, I assume, a very fancy expression for a local server.

[0] https://cloud.google.com/distributed-cloud/hosted/docs/lates...

> GDC air-gapped appliance consists of a chassis that holds three blades and a switch. Customers must provide their own laptop to use as an admin workstation for installing the software and performing upgrades.

It's borderline criminal that they don't include a picture of this thing. Let's see this thing!

> Previously, organizations with mission-critical workloads lacked access to important cloud and AI capabilities when in demanding edge environments, including those that present unique challenges and requirements.

I'm sorry, what???

[flagged]
You're another GPT bot : (

https://news.ycombinator.com/threads?id=hksgdk

Your comments have all the same structure:

- general statement

- further development

- rhetorical question

There's a slew of bot-army template comments from new-ish accounts, getting comment credit to work up to voting rights for a spruiking up-vote spree.

38 in the last hour & a half:

https://news.ycombinator.com/threads?id=bbkj

https://news.ycombinator.com/threads?id=bhjgjy

https://news.ycombinator.com/threads?id=bjgiusg

https://news.ycombinator.com/threads?id=bkjshki

https://news.ycombinator.com/threads?id=dfgdgf

https://news.ycombinator.com/threads?id=ebjjbsd

https://news.ycombinator.com/threads?id=gjsgdj

https://news.ycombinator.com/threads?id=gssa

https://news.ycombinator.com/threads?id=hksgdk

https://news.ycombinator.com/threads?id=hsag

https://news.ycombinator.com/threads?id=jhkug

https://news.ycombinator.com/threads?id=kidfkj

https://news.ycombinator.com/threads?id=kjlojpo

https://news.ycombinator.com/threads?id=kkjkj

https://news.ycombinator.com/threads?id=lihli

https://news.ycombinator.com/threads?id=linkjp

https://news.ycombinator.com/threads?id=lndsh

https://news.ycombinator.com/threads?id=lpod

https://news.ycombinator.com/threads?id=masjl

https://news.ycombinator.com/threads?id=mknux

https://news.ycombinator.com/threads?id=mkpp

https://news.ycombinator.com/threads?id=mncsz

https://news.ycombinator.com/threads?id=mnjksd

https://news.ycombinator.com/threads?id=nklhlk

https://news.ycombinator.com/threads?id=nknld

https://news.ycombinator.com/threads?id=nsjolj

https://news.ycombinator.com/threads?id=oiphl

https://news.ycombinator.com/threads?id=pdjljl

This should be emailed to dang. hn@ycombinator.com The most anyone here could do with it is add the users to uBlock but that would hopefully be a waste of time if they are disabled by dang. Most appear to have negative karma already.