Slightly off topic, I'm surprised why more tool or SaaS vendors don't run as Atlassian apps. It solves so many enterprise gatekeeping issues for most tools:
1. Usually integrated with the Enterprise IDP
2. apps/modules usually are part of the security boundary of Atlassian, meaning little compliance headaches if any.
3. Out of the box scaling of per user licenses since individual apps can't have their own independent user limits, they use the whole Atlassian user count. So, if your customer needs just 10 licenses but their Atlassian suite has 500 users, they must purchase at 500 user cal.
4. Atlassian Jira/Confluence are very sticky at the enterprise level. Yes, teams may move to Gitlab, but most customers prefer to stick to Jira/Confluence.
Easy answer: because you are then beholden to them, same with Salesforce apps or any other "app marketplace". If they decide to change their rules or go out of business, there goes your business with theirs. Not saying SaaS apps shouldn't go in that direction, but it should not be their first play IMHO.
For niche products, I think it makes sense. For example, we had a need for a tool to generate AWS/Azure diagrams automatically. There are a ton of SaaS options in this space, some of which just leverage opensource projects to generate the diagrams. In the gov space, I can't touch it if they aren't FedRAMP'ed. I've gone through that process as a CSP, and it's near a million dollar investment. Or the vendor can just release their product as an Atlassian App and avoid that headache. Yes, you'll never be the next billion dollar SaaS vendor but could you make a 7 figures? I'm confident you could.
Rephrased, I think an agency or company that follows the AWS model of "borrowing" open source projects and converting them to a paid service would work would do well. Wrap a open source solution around an Atlassian or similar PaaS app/module.
LOL. Maybe the professional class (doctors, lawyers) but most real working-class people do not bucket themselves in the category as the professional class. Yes, you are all salaried, but they don't get 6 figure RSU's or bonuses.
This is just class infighting, though. If you don't own the capital, you're labour. Yes, some labour is paid better, sometimes much better! But if you can be fired, you're labour, and fighting with other labour is counter-productive.
Instead of scrapping with someone who makes twice your wage for half your work, we should all be scrapping with those who own the capital, who are profiting from our labour, who even allow for such crappy jobs in the first place. We should ALL be paid well and have respectful work accommodations.
Working class means that you are earning a wage/salary and you don't own the means of your value production. Small businesses typically aren't working class, whereas sports professionals typically are working class.
If you want to talk about income levels, "working class" isn't a term you should be using; it's too big of a bucket.
Very valid point. One could extend this definition such that: When someone has enough wealth to make a comfortable living passively, they're no longer working class. I think that should sufficiently account for this.
All the doctors I know are workers for a corporation now, upper middle class. The days of a private practice professional class of doctors owning their own business is mostly gone. Those that did cried poverty at what medicare paid. Dentists are an exception because insurance companies haven't destroyed them yet.
It's still people who own vs. people who earn. Those people on 400k are on the same side of the capital divide as people who work at Starbucks.
Hedgies are trying to take a cut of both of their wages so they can buy more cocaine.
Obviously theyd prefer us to think we're special little creative snowflakes who don't need union membership like a common old factory workers. Or Tom Cruise. Or the hollywood writers who just won a massive victory.
I know not the same use case, but nginx will serve near 100K requests per second of a static site on a moderately powerful server. Server side generated SPA empowered by K8 solution drops that to a dozen. Those number discrepancies are comical.
I must be too old to enjoy recent resume building architectures....
they just use docker api, hence why I don't think there is the resource waste typical of k8s
I haven't run benchmarks but speed wise containers shouldn't slow down app requests (except in a few cases with very specific kernels, which I unfortunately experienced in production - but I was told it was just bugs)
fly.io is simply a VM provider. You can achieve the same requests per second there as any VM host. The person you're replying to just has a comically low expectation of performance.
I've worked in this field, as well. Both implementing a FedRAMP'ed PaaS and sponsoring a CSP from the customer side where FedRAMP compliance was required. One thing that is often missing in these articles are compliance costs. Most don't realize that FedRAMP compliance at a High baseline is likely a $750K - 1M investment.
Then all the good developers leave. A series of decent people hire in, get frustrated and quit. After awhile you just have a core group of either incompetent or desperate people hanging on.
Management can ignore for a few years. Rebooting things isn't too hard.
But then the issues that could be ignored can't be anymore. Eventually you get sold for the intellectual property or customer base.
If a "good developer" doesn't want to deal with the overhead of security, then, frankly, I have to ask why they are a "good developer"?
Why does security and compliance frustrate "good developers"? Is it the extra steps required? Is it that it sometimes (often?) means that they don't get to work with bleeding edge/greenfield technology and feel left out?
This seems like the heart of the security issue, IMO. Sure, there are investors and managers who don't prioritize this work, and there are definitely concerns with the amount of investment it takes to accomplish ... but if a large majority of the engineering team were pushing for security and compliance as part of their normal routine in the same way they push for things like automation, would that solve some of other issues too?
So in that case it's much less about a company desiring to comply to these costs and much more about not being able to realistically being able to afford to do so?
1. Engineer costs - A PaaS at the high baseline will likely implement 300+ controls. It's been a while since I looked at an IaaS CSP's FedRAMP package, but they typically implement roughly 100 fully implemented controls. The rest is on the customer to fully implement or engineer completely. Likely 300K-500K worth of engineering costs.
2. Assessment - 3PAO assessor will likely be 100K-200K. Most first time CSP's may require more than 1 assessment as the process is usually (1) Assess (2) Submit to FedRAMP PMO (3) they provide feedback (4) limited time to implement. If you cannot implement in sufficient time, you'll have to reassess. Note, unless you are AWS, Azure, Google, FedRAMP PMO may not prioritize you without sufficient customer support. As a result, your contract with your 3PAO may be expired. You'll need to bring them in again.
3. Documentation experts – There’s an art to generating the FedRAMP package. Engineers typically aren’t good at it, and it often requires one level of abstraction above internal technical documentation. Having technical writing experts that know how to communicate the security implementation without diverging too much is a skill set. You share the bear minimum to get compliance. As there’s business risk from sharing too much (sharing implementation details with a competitor or untrusted source). Also, the more technical details there are, the more audit questions often arise.
4. Control Implementation SME’s – Often time your engineers don’t know how to implement a required security control or don’t know what the compliance people really want. Many CSP’s hire a 3PAO assessor to advice you how to implement. This cannot be the same 3PAO assessor that audits you.
5. Conflict between product/feature value versus control implementation - Sometimes a value or feature of your product directly conflicts with a control requirement. A good example is a CMS PaaS (WP as a service or Drupal as a Service). Those CMS's often support user code or user code to spawn processes. The high baseline requires process whitelisting. Solving this problem while not destroying that feature can be difficult or expensive.
Good. I've started purchasing Birthday cards here. I've noticed Birthday cards costing 4-6 dollars at grocery stores. They are 50 cents to a dollar at the Dollar Store. Between family birthdays and kid birthdays, I think I spend close to 100-150 dollars a year on birthday cards. That's expense is now down to 20 dollars from Dollar Store.
The quality of education is dictated innate ability, parents, and school system. I like to think of as a three leg stool. If one leg is missing, it's possible to balance. If two are missing, no amount of money will solve the problem.
The stool has a fourth leg: other students. It's tough to get a good education if many of the other students are violent or disruptive. Public schools can't easily expel problem students.
1. Usually integrated with the Enterprise IDP
2. apps/modules usually are part of the security boundary of Atlassian, meaning little compliance headaches if any.
3. Out of the box scaling of per user licenses since individual apps can't have their own independent user limits, they use the whole Atlassian user count. So, if your customer needs just 10 licenses but their Atlassian suite has 500 users, they must purchase at 500 user cal.
4. Atlassian Jira/Confluence are very sticky at the enterprise level. Yes, teams may move to Gitlab, but most customers prefer to stick to Jira/Confluence.