It's also a crowded and super mature space space between JFrog (Artifactory) and Sonatype (Nexus). They already support private PyPI repositories and are super locked in at pretty much every enterprise-level company out there.
A commodity yes, but could be wrapped in to work very nicely with the latest and greatest in python tooling. Remember, the only 2 ways to make money are by bundling and unbundling. This seems like a pretty easy bundling story.
Yeah you'd think so but somehow JFrog (makers of Artifactory) made half a billion dollars last year. I don't really understand that. Conda also makes an implausible amount of money.
Most of the companies that spend $$$$ with them can't use public registries for production/production-adjacent workloads due to regulations and, secondarily a desire to mitigate supply chain risk.
Artifactory is a drop-in replacement for every kind of repository they'll need to work with, and it has a nice UI. They also support "pass-through" repositories that mirror the public repositories with the customization options these customers like to have. It also has image/artifact scanning, which cybersecurity teams love to use in their remediation reporting.
It's also relatively easy to spin up and scale. I don't work there, but I had to use Artifactory for a demo I built, and getting it up and running took very little time, even without AI assistance.
Yeah I mean I understand the demand. My previous company used Artifactory. I just don't understand why nobody has made a free option. It's so simple it seems like it would be a no brainer open source project.
Like, nobody really pays for web servers - there are too many good free options. They're far more complex than Artifactory.
I guess it's just that it's a product that only really appeals to private companies?
JFrog has a free version. It's called the JFrog Container Registry. Lots of features are missing and you can't use the Artifactory API that it ships with, but it's there.
There are also several free registries out there: Quay, Harbor, and Docker's own distribution. They all have paid versions, of course.
Both Artifactory and Sonatype have somewhat restricted open-source options, which is part of their "get a foot in the door" product-driven sales strategy.
There are no competing open-source projects because such projects would need to provide more value than Artifactory/Sonatype OSS, which are both already huge projects, just to be considered.
From my understanding there are a lot of companies that need their own package repositories, for a variety of reasons. I listened to a couple podcasts where Charlie Marsh outlined their plans for pyx, and why they felt their entry into that market would be profitable. My guess is that OpenAI just dangled way more money in their faces than what they were likely to get from pyx.
Having a private package index gives you a central place where all employees can install from, without having to screen what each person is installing. Also, if I remember right, there are some large AI and ML focused packages that benefit from an index that's tuned to your specific hardware and workflows.
Private artifact repositories also help to mitigate supply chain risk since you can host all of your screened packages and don't have to worry about something getting removed from mvn-central, PyPI, NPM, etc.
Plus the obvious need for a place to host proprietary internal libraries.
> a lot of companies that need their own package repositories
Every company needs its own package repository. You need to be able to control what is running on your environment. Supply-chain risk is very, very real and affects anybody selling software for a living.
This is besides the point that in the real world, not every risk is addressed, at least in part because available resources are diverted to address larger risks.
How many people use that simple pip repo daily? If the number is not in the high hundreds, or a few thousands; maybe nothing. But once you get up there, any kind of better coordination layer is useful enough to pay money to a third party for, unless maintaining a layer over pip is your core competency.
That starts to get into a very philosophical space talking about human action as deterministic or not. I think keeping to the fact that the artifacts (ie code) we are working off will have deterministic effects (unless we want it not to) is exactly the point. That is what lets chaotic human brains communicate with machines at all. Adding more chaos to the system doesn't strike me as obviously an improvement.
It is not at all clear that the mapping is for purposes other than the AR features in the game itself though. In fact Niantic advertised the scanning field research as helping them make richer experience at PokeStops (which they did).
Niantic was much more upfront about this with Ingress, so people who know the company's history will likely guess that Pokemon Go is serving the same purpose, but for someone coming into the game without that background, there is nothing in the game itself that indicates that data is being collected for other commercial purpose.
Right, but it sounds like the data collection itself was pretty well communicated. So nobody should be surprised it gets used for some other (legal) purpose than was originally intended.
To maintain that take, wouldn't you need to offer a plausible way that Niantic managed to train their Visual Positioning System using that data if the data was all bad?
I guess we don't know the terms of the deal, as far as how much they paid? So maybe they didn't pay much, so whatever data they could extract was ok for the cost.
The other point from article. I took this as experimental, so maybe we'll find out later that they really couldn't get much usable data.
This is exactly what I do. I have a few operators set up in k8s that handle all of this with just a couple of annotations on the Ingress resource (yeah, I know I need to migrate to Gateway). For services I want to be publicly-facing, I can set up a Cloudflare tunnel using cloudflare-operator.
I had an interview where I was asked to implement a data structure. I transparently told the interviewer I hadn't thought about that particular data structure since university, and that I was looking it up on Wikipedia to see how it worked before I wrote the implementation. I got that job.
Every time I drink a Coke (or any other soft drink), the brand's baggage (good and bad) is present. Unless you're doing a blind taste test, it's impossible to avoid that.
First I've heard of this thread (I haven't spent much time on the forums for a while), but my Framework Desktop definitely has the PSU noise issue, and it doesn't seem correlated to system load. Otherwise a really solid machine.
My SolArk inverter came with a wifi dongle that uses Modbus over RS232 to interface with the inverter. I removed the dongle and connected a Pi to provide a Modbus-over-TCP interface that I can use from Home Assistant. I got more control (the officially-supported Modbus interface is read-only), and SolArk no longer has any access to my equipment.
reply