HackerTrans
TopNewTrendsCommentsPastAskShowJobs

alongub

no profile record

Submissions

[untitled]

1 points·by alongub·vor 2 Monaten·0 comments

Show HN: Alien – Self-hosting with remote management (written in Rust)

106 points·by alongub·vor 3 Monaten·49 comments

Show HN: Deploy to your customers' AWS/GCP/Azure accounts

2 points·by alongub·vor 3 Monaten·0 comments

[untitled]

1 points·by alongub·vor 3 Monaten·0 comments

Show HN: Run AI tool calls in your user's environment and access local data

alien.dev
2 points·by alongub·vor 3 Monaten·0 comments

Show HN: Alien – Ship to your customer's cloud

github.com
3 points·by alongub·vor 3 Monaten·0 comments

Faster Rust Builds on Mac

nnethercote.github.io
1 points·by alongub·vor 10 Monaten·0 comments

comments

alongub
·vor 3 Monaten·discuss
The main difference is granularity. Terraform runs a plan and applies it as a batch. If something fails, you re-run apply and it retries from the last saved state... but that state is per-resource, not per-API-call.

Alien tracks state at the individual API call level. A single resource creation might involve 5-10 API calls (create IAM role -> attach policy -> create function -> configure triggers -> set up DNS...). If it fails at step 7, it resumes from step 7. Terraform would retry the entire resource.

The other difference is that Alien runs continuously, not as a one-shot apply. It's a long-running control plane that watches the environment, detects drift, and reconciles. Terraform assumes you run it, it converges, and then nothing changes until you run it again.
alongub
·vor 3 Monaten·discuss
Thanks so much! If you have any other ideas, I'd really appreciate it if you could shoot them my way (alon AT alien dot dev)
alongub
·vor 3 Monaten·discuss
Fair point
alongub
·vor 3 Monaten·discuss
Alien is basically a huge state machine where every API call that mutates the environment is a discrete step, and the full state is durably persisted after each one.

If something fails mid-update, it resumes from exactly where it stopped. You can also point a deployment to a previous release and it walks back. This catches and recovers from issues that something like Terraform would just leave in a broken state.

For on-prem: we're working on Kubernetes as a deployment target (e.g. bare metal OpenShift)
alongub
·vor 3 Monaten·discuss
> Would you support simpler deployment targets, like on premises VMs etc?

https://github.com/alienplatform/alien/blob/main/crates/alie... :)
alongub
·vor 3 Monaten·discuss
This is true even with fully-managed SaaS though. There are always users who don't want the new UI, the changed workflow, the moved button. But the update mechanism isn't really the problem IMO, feature flags and gradual rollouts solve this much better than version pinning
alongub
·vor 3 Monaten·discuss
At least they didn't ask you to TeamViewer into a Windows Server 2012 box and open Event Viewer..
alongub
·vor 3 Monaten·discuss
Both are real risks. But supply chain attacks exist whether you self-host or not... you're still running the vendor's code either way. The question is whether you also want that code to stay up to date and properly managed, or drift silently.
alongub
·vor 3 Monaten·discuss
> Although unfortunately, we can't maintain _any_ connection back to our servers. Pull or push, doesn't matter.

We're working on something for this! Stay tuned.
alongub
·vor 3 Monaten·discuss
In practice, unmanaged self-hosting is often less secure, because you end up with outdated versions, unpatched vulnerabilities, and no one responsible for keeping things healthy.

More and more enterprise CISOs are starting to understand this.

The model here is closer to what companies like Databricks already do inside highly regulated environments. It's not new... it's just becoming more structured and accessible to smaller vendors.
alongub
·vor 3 Monaten·discuss
Right, and that's when you do control the environment. Now imagine debugging that when it's your customer's infra, you have no access, and you're relying on them to copy-paste logs on a Zoom call.
alongub
·vor 3 Monaten·discuss
It's not RCE. The commands are predefined RPCs written into the deployed code. Customers can review and approve them. Trust between the vendor and the customer is still required and Alien doesn't make it unnecessary.
alongub
·vor 3 Monaten·discuss
It's heavily inspired by Databricks' deployment model. And you're right that it's not "execute arbitrary commands". Commands are predefined functions in the deployed code that the developer defines upfront and customers can review.

The metrics/logs part is also core to Alien... telemetry flows back to the vendor's control plane so you actually have visibility into what's running.
alongub
·vor 5 Monaten·discuss
AgentMail looks amazing!
alongub
·vor 10 Monaten·discuss
Exactly
alongub
·vor 10 Monaten·discuss
Foyer is great!