HackerTrans
TopNewTrendsCommentsPastAskShowJobs

alongub

no profile record

Submissions

[untitled]

1 points·by alongub·2 месяца назад·0 comments

Show HN: Alien – Self-hosting with remote management (written in Rust)

106 points·by alongub·3 месяца назад·49 comments

Show HN: Deploy to your customers' AWS/GCP/Azure accounts

2 points·by alongub·3 месяца назад·0 comments

[untitled]

1 points·by alongub·3 месяца назад·0 comments

Show HN: Run AI tool calls in your user's environment and access local data

alien.dev
2 points·by alongub·3 месяца назад·0 comments

Show HN: Alien – Ship to your customer's cloud

github.com
3 points·by alongub·3 месяца назад·0 comments

Faster Rust Builds on Mac

nnethercote.github.io
1 points·by alongub·10 месяцев назад·0 comments

comments

alongub
·3 месяца назад·discuss
The main difference is granularity. Terraform runs a plan and applies it as a batch. If something fails, you re-run apply and it retries from the last saved state... but that state is per-resource, not per-API-call.

Alien tracks state at the individual API call level. A single resource creation might involve 5-10 API calls (create IAM role -> attach policy -> create function -> configure triggers -> set up DNS...). If it fails at step 7, it resumes from step 7. Terraform would retry the entire resource.

The other difference is that Alien runs continuously, not as a one-shot apply. It's a long-running control plane that watches the environment, detects drift, and reconciles. Terraform assumes you run it, it converges, and then nothing changes until you run it again.
alongub
·3 месяца назад·discuss
Thanks so much! If you have any other ideas, I'd really appreciate it if you could shoot them my way (alon AT alien dot dev)
alongub
·3 месяца назад·discuss
Fair point
alongub
·3 месяца назад·discuss
Alien is basically a huge state machine where every API call that mutates the environment is a discrete step, and the full state is durably persisted after each one.

If something fails mid-update, it resumes from exactly where it stopped. You can also point a deployment to a previous release and it walks back. This catches and recovers from issues that something like Terraform would just leave in a broken state.

For on-prem: we're working on Kubernetes as a deployment target (e.g. bare metal OpenShift)
alongub
·3 месяца назад·discuss
> Would you support simpler deployment targets, like on premises VMs etc?

https://github.com/alienplatform/alien/blob/main/crates/alie... :)
alongub
·3 месяца назад·discuss
This is true even with fully-managed SaaS though. There are always users who don't want the new UI, the changed workflow, the moved button. But the update mechanism isn't really the problem IMO, feature flags and gradual rollouts solve this much better than version pinning
alongub
·3 месяца назад·discuss
At least they didn't ask you to TeamViewer into a Windows Server 2012 box and open Event Viewer..
alongub
·3 месяца назад·discuss
Both are real risks. But supply chain attacks exist whether you self-host or not... you're still running the vendor's code either way. The question is whether you also want that code to stay up to date and properly managed, or drift silently.
alongub
·3 месяца назад·discuss
> Although unfortunately, we can't maintain _any_ connection back to our servers. Pull or push, doesn't matter.

We're working on something for this! Stay tuned.
alongub
·3 месяца назад·discuss
In practice, unmanaged self-hosting is often less secure, because you end up with outdated versions, unpatched vulnerabilities, and no one responsible for keeping things healthy.

More and more enterprise CISOs are starting to understand this.

The model here is closer to what companies like Databricks already do inside highly regulated environments. It's not new... it's just becoming more structured and accessible to smaller vendors.
alongub
·3 месяца назад·discuss
Right, and that's when you do control the environment. Now imagine debugging that when it's your customer's infra, you have no access, and you're relying on them to copy-paste logs on a Zoom call.
alongub
·3 месяца назад·discuss
It's not RCE. The commands are predefined RPCs written into the deployed code. Customers can review and approve them. Trust between the vendor and the customer is still required and Alien doesn't make it unnecessary.
alongub
·3 месяца назад·discuss
It's heavily inspired by Databricks' deployment model. And you're right that it's not "execute arbitrary commands". Commands are predefined functions in the deployed code that the developer defines upfront and customers can review.

The metrics/logs part is also core to Alien... telemetry flows back to the vendor's control plane so you actually have visibility into what's running.
alongub
·5 месяцев назад·discuss
AgentMail looks amazing!
alongub
·10 месяцев назад·discuss
Exactly
alongub
·10 месяцев назад·discuss
Foyer is great!