Welcome to issue #396 April 29th, 2024

News

Introducing the Verified Peering Provider program, a simple alternative to Direct Peering - Google has launched a new program called Verified Peering Provider (VPP) to help businesses easily connect to Google Cloud services. This program benefits companies who don't have the expertise or resources to manage complex Direct Peering connections.

Announcing PyTorch/XLA 2.3: Distributed training, dev improvements, and GPUs

Introducing new ML model monitoring capabilities in BigQuery

Direct VPC egress on Cloud Run is now generally available

Caliptra: Building trust, one chip at a time - Google partnered with AMD, Microsoft, and NVIDIA to develop Caliptra, a standard at the Open Compute Project (OCP) to raise the bar on security for chips. Caliptra is a hardware root-of-trust (RoT) that provides verifiable cryptographic assurances to help ensure that only recognized and trusted firmware is allowed to run production workloads.

2024 DORA survey now live: share your thoughts on AI, DevEx, and platform engineering - A possibility to participate in DORA's annual survey.

Your insider’s guide to Google Cloud Security at RSA Conference 2024 - A list of Google Cloud presentations at RSA Conference on May 6-9.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

The power of choice: Simplifying your regulatory and compliance journey - Google Cloud offers various customizable control packages (Regional Controls, Sovereign Controls) to meet your specific regulatory, compliance and sovereignty needs. They've also expanded compliance controls, audit capabilities (Audit Manager) and simplified the onboarding experience for easier workload control configuration.

Poll Vaulting: Cyber Threats to Global Elections - Elections globally are under fire from cyberattacks targeting not just voting systems but campaigns, media, and social media too. State actors pose the biggest threat, but others join in. Strong defenses and awareness of diverse attack methods are crucial to safeguard elections.

M-Trends 2024: Our View from the Frontlines - Mandiant's latest M-Trends report highlights a concerning trend: attackers are actively working to evade detection and stay on compromised systems longer. The report analyzes data from 2023, revealing a rise in tactics like targeting unmonitored devices, using zero-day exploits, and leveraging legitimate tools.

Ninja Van: delivering flexibility, stability and scalability to core applications with a cloud container platform - Ninja Van, a fast-growing logistics company in Southeast Asia, uses Google Cloud's Kubernetes Engine (GKE) to manage its microservices architecture. GKE's scalability and ease of use enable Ninja Van to deliver a seamless development experience and improve its CI/CD pipeline.

FakeNet-NG Levels Up: Introducing Interactive HTML-Based Output - FakeNet-NG is a network analysis tool used to capture network traffic and simulate network services to help researchers understand malware behavior. Recently, FakeNet-NG was updated to generate interactive HTML reports to present captured data in a more user-friendly way.

Airflow on GKE using Helm - A tutorial on deploying Apache Airflow (tested with 2.8.4) on Google Kubernetes Engine (GKE) using the official Helm chart.

Platform Engineering in action: Deploy the Online Boutique sample apps with Score and Humanitec

App Development, Serverless, Databases, DevOps

AI will break the stagnation in developer productivity, but only if you do it right - This paper explores how to measure developer productivity and how AI can make a significant impact. It's aimed at team leaders who can create the right environment to maximize the benefits of AI-powered developer tools.

Modernization vs. migration for data workloads - Migrating data to the cloud (lift-and-shift) is an option, but modernizing your data workloads with cloud-native technologies offers greater benefits. Modernization improves scalability, security, and performance while reducing costs through serverless technology. Google's Database Modernization program can help you with the process.

Regional Persistent Disks: Delivering maximum resilience for your mission-critical workloads - Regional Persistent Disk with its cross-zone synchronous replication capabilities can help you deliver resilience, management simplicity, and continuous protection for your most important and demanding applications.

Make data your competitive edge with new solutions from Cortex Framework

Implement a GenAI Code Review Bot with Google Cloud Platform - By incorporating generative AI into DevOps for automated code reviews, we can accelerate software development and enhance quality.

LLM in your favorite Transactional Database: Spanner - Build a Patent Search App with Spanner, Vector Search & Gemini 1.0 Pro!

Using Gemini to help write Synthetic Monitoring tests in Google Cloud - This article describes how to use Synthetic Monitoring with Google Cloud Console and Cloud Run and use Generative AI to write the test code for Synthetic Monitoring.

Stay Ahead of the Storm: Comprehensive Insights into Google Cloud Personalized Service Health - Personalized Service Health from Google Cloud monitors your cloud projects and proactively notifies you of potential issues. It provides customizable alerts and leverages past incidents to improve reliability, making it a valuable tool for managing your cloud environment.

Big Data, Analytics, ML&AI

Creating a common language for learners, educators, and employers with AI - Jobspeaker, a career planning platform, uses Google Cloud's AI and scalable infrastructure to bridge the skills gap between education and employment. By extracting skills information and using AI-powered matching, Jobspeaker helps people understand and develop the skills they need for their desired careers.

Transforming Data Management: Leveraging GCP Serverless Solutions at a Chilean NGO - Developing a Customer Data Platform on GCP for NGO.

What’s new in data? My reflection on Google Cloud Next ‘24 - A look at Google Next 2024.

Stop Scheming, Start Streaming - The Power of BigQuery Event Stream Tables.

Dataform and Terraform: Automate SQL pipelines in production - Automate the orchestration of SQL pipelines in Google Cloud Platform using Dataform, Terraform, and Workflows.

Configuring Data Pipeline Environments in Dataform - Separating development, QA and production data pipeline environments inside the Google Cloud using Dataform.

Pass Google Cloud Machine Learning Exam, with this HowTo Human Learning Guide - Master Google Cloud ML certification prep with this detailed guide in 2024. Tips, resources, personal insights and learning strategy.

Lessons in adopting Airflow - Booking.com’s AdTech team’s learnings in adopting Airflow on GCP Composer.

Gemini has entered the chat: building an LLM-powered Discord bot - Take your first steps into the world of Generative AI by building a Discord bot that uses Gemini to talk with other users.

Various

Google Cloud Innovator Juan Guillermo Gómez on transforming AI and the importance of community

LLm infini-attention with linear complexity - Introducing Google’s Infini-attention to increase LLM attention windows and reduce quadratic complexity.

Slides, Videos, Audio

Security Podcast - #169 Google Cloud Next 2024 Recap: Is Cloud an Island, So Much AI, Bots in SecOps.

GCP Life Podcast - #63 The Awards - In this episode we discuss; Mantelgroup Partner Awards, Next AI, Google Vids, Axion Chips, Service Mesh, Gemini In Databses, Future Of Containers, Gemini Code Assist, App Hub, Continuous Queries in BQ, Data Canvas, Victorian Digital Drivers Licence, Netapp Flexible, Next Gen Firewalls, Palo Alto SSLVPN, Gemini Pro 1.5, TPUv5p, LLAMA3.

Releases

GDCV for VMware - A vulnerability (CVE-2024-26585) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. GKE on VMware 1.16.8-gke.19 is now available. The following vulnerabilities are fixed in 1.16.8-gke.19: Container-optimized OS vulnerabilities: CVE-2023-52434 CVE-2023-52439 CVE-2024-26589 CVE-2023-52447 Ubuntu vulnerabilities: CVE-2023-1194 CVE-2023-32254 CVE-2023-32258 CVE-2023-38427 CVE-2023-38430 CVE-2023-38431 CVE-2023-3867 CVE-2023-46838 CVE-2023-52340 CVE-2023-52429 CVE-2023-52436 CVE-2023-52438 CVE-2023-52439 CVE-2023-52441 CVE-2023-52442 CVE-2023-52443 CVE-2023-52444 CVE-2023-52445 CVE-2023-52448 CVE-2023-52449 CVE-2023-52451 CVE-2023-52454 CVE-2023-52456 CVE-2023-52457 CVE-2023-52458 CVE-2023-52462 CVE-2023-52463 CVE-2023-52464 CVE-2023-52467 CVE-2023-52469 CVE-2023-52470 CVE-2023-52480 CVE-2023-52609 CVE-2023-52610 CVE-2023-52612 CVE-2024-22705 CVE-2024-23850 CVE-2024-23851 CVE-2024-24860 CVE-2024-26586 CVE-2024-26589 CVE-2024-26591 CVE-2024-26597 CVE-2024-26598 CVE-2024-26631 CVE-2024-26633.

Apigee X - On April 26, 2024, we released an updated version of Apigee. Logging Apigee access logs Apigee Subscription and Pay-as-you-go customers can now enable Cloud Logging ingress access logs for each Apigee instance in their organization.

Application Integration - For Cloud Pub/Sub triggers, the default value of the expiration period option for subscriptions is changed from 31 days to never expire.

BigQuery - SQL code generation is now available for all BigQuery projects. BigQuery Studio is now available in the following regions: Johannesburg (africa-south1) Hong Kong (asia-east2) Seoul (asia-northeast3) Jakarta (asia-southeast2) Sydney (australia-southeast1) Madrid (europe-southwest1) Turin (europe-west12) Doha (me-central1) Dammam (me-central2) Montréal (northamerica-northeast1) N. Virginia (us-east4) Columbus (us-east5) Dallas (us-south1) Los Angeles (us-west2) Las Vegas (us-west4). The BigQuery Data Transfer Service for Google Merchant Center supports the Product Targeting report. User-defined aggregate functions (UDAFs) that support SQL expressions are in preview.

Chronicle Security Operations - Chronicle Security Operations (Chronicle SecOps) has been rebranded to Google Security Operations (Google SecOps). The ingestion_stats table in BigQuery is deprecated and will no longer be updated after May 15, 2024. The ingestion alerting system using Chronicle has been deprecated.

Compute Engine - Generally available: Zonal metadata (previously known as project zonal metadata) is custom metadata that you define at a zonal scope within a project and provides information about VMs in that specific zone.

Contact Center AI Platform - Deployment schedules With deployment schedules, you can control the timing of Google's automatic updates to your contact center instance. Version 3.15 is released All release notes published on this date are part of version 3.15. Authentication context You can select the authentication context that you want when you set up single sign-on (SSO) for CRMs that use the Security Assertion Markup Language (SAML) standard. Glossary support in live translation Live translation supports glossaries, helping you ensure that specific terms are translated appropriately. Email channel endpoints in the Manager API The Manager API has the following two new endpoints for email data management and analysis: Email manager. Skip CRM account and record creation With the Salesforce CRM and custom CRMs, you can skip account creation or record creation (or both) during a session. Configure chat auto answer at the queue level You can configure auto answer settings for chat at the queue level. Chat dismissal warning for agents Agents receive a chat dismissal warning at the same time that an end-user receives one. New event field in session reports from the Manager API Session reports from the Manager API now include an event field. On the Agents page, the All teams filter now shows all teams, regardless of whether an agent is assigned. Fixed an issue where the Create a Record API used the user ID instead of the queue name. Fixed a reporting error that showed Wait, Queue, and Handle times as 0 for expired or abandoned chats that were escalated from a virtual agent to a queue. Fixed an issue where the All teams filter on the Agents page didn't display the complete team hierarchy. Fixed an issue where a user with a custom role that included the Settings > Queue permission was not able to view the Queues page. Fixed an issue where a user could sometimes still hear a call after ending call monitoring. Fixed an issue with the ServiceNow CRM where selecting Skip CRM record creation disabled the contact lookup feature. Fixed an issue with the Chat API where photos and videos sent by an end-user would sometimes not be visible to the agent in the adapter. Fixed an issue where virtual escalations canceled by an end-user were not being logged as abandoned. Fixed an issue where the virtual agent streaming service ended mid-session.

Dataflow - The following Dataflow templates now support user-defined functions (UDFs) written in Python: Cloud Storage Text to BigQuery, Cloud Storage Text to BigQuery (Stream), Pub/Sub to BigQuery, Pub/Sub Proto to BigQuery.

Dataplex - Dataplex automatic data quality supports the following capabilities: The SQL assertion rule type for custom SQL rules lets you check for an invalid state of a dataset.

Dataproc Serverless - New Dataproc Serverless for Spark runtime versions: 1.1.59 1.2.3 2.0.67 2.1.46 2.2.3.

Deep Learning Containers - M120 release Upgraded TensorFlow 2.15 container images to TensorFlow 2.15.1.

Dialogflow - Dialogflow CX: The following new region is available: us: United States multi-region accessed via usa-dialogflow.googleapis.com hostname.

Cloud Data Loss Prevention - A new detection model is available for the STREET_ADDRESS infoType detector.

Anti Money Laundering AI - A new major engine version is now available for Retail and Commercial lines of business, within the v4 tuning version.

Identity-Aware Proxy - WebSocket support for managing Compute Engine resource sessions is now available.

Integration Connectors - The following connector versions are deprecated as on 20 April, 2024: MongoDB (version 1) Oracle DB (version 1) Instead, use MongoDB V2 and Oracle DB V2 connectors.

Networking Interconnect - Verified Peering Provider is now generally available.

Backup for GKE - Backup for GKE now supports Smart Scheduling, an alternative backup creation scheduling approach based on desired RPO instead of a fixed schedule. Backup index is now available for viewing the resource information in backups.

Google Kubernetes Engine - You can now use the node system configuration file in GKE to enable and use Linux huge pages in your Pods. GKE Standard clusters now support nested virtualization. GKE Sandbox supports the use of NVIDIA GPUs (H100, A100, L4, and T4) in Public Preview in GKE version 1.29.2-gke.1108000 and later on both Standard and Autopilot clusters. A vulnerability (CVE-2024-26585) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. A known issue causes a subset of Pods in GKE Autopilot clusters to occasionally become stuck during termination or creation.

GKE new features - You can now use the node system configuration file in GKE to enable and use Linux huge pages in your Pods. GKE Standard clusters now support nested virtualization. GKE Sandbox supports the use of NVIDIA GPUs (H100, A100, L4, and T4) in Public Preview in GKE version 1.29.2-gke.1108000 and later on both Standard and Autopilot clusters.

Marketplace Partners - We've added a new field, wholesale_charges, to Detailed Disbursements reports and Customer Insights reports for Cloud Marketplace. You can now create multiple orders for the same product with flat fee pricing. We've made the following updates to the the provider Entitlement resource: A new field called new_offer_start_time is populated with the start time of an offer that's scheduled to start in the future.

Cloud Monitoring - Broken-link checkers collect screenshots of failing tests in a Cloud Storage bucket.

Cloud Interconnect - Verified Peering Provider is now generally available.

Cloud PubSub - Resolved an issue where Pub/Sub pull RPCs incorrectly return a "cancelled" status when the configured deadline is reached in the absence of a backlog.

reCAPTCHA Enterprise - reCAPTCHA Enterprise Mobile SDK v18.5.0-beta03 is now available for Android.

Cloud Run - Support for Direct VPC egress, which lets you send traffic directly to a VPC network with no Serverless VPC Access connector required, is now at general availability (GA).

Sensitive Data Protection - A new detection model is available for the STREET_ADDRESS infoType detector.

Service Mesh - 1.18.x. 1.18.7-asm.21 is now available for in-cluster Anthos Service Mesh. 1.19.x. 1.19.10-asm.0 is now available for in-cluster Anthos Service Mesh. 1.20.x. 1.20.6-asm.0 is now available for in-cluster Anthos Service Mesh.

Cloud SQL Postgres - The pgvector extension is upgraded from version 0.5.1 to version 0.6.0.

Vertex AI Workbench - The M120 release of Vertex AI Workbench user-managed notebooks includes the following: Upgraded TensorFlow 2.15 user-managed notebooks to TensorFlow 2.15.1., Minor bug fixes for the libcurl package.

Video Stitcher API - VOD configs are now used to create VOD sessions.

Virtual Private Cloud - Bring your own IP v2 for regional addresses is available in General Availability. The Private Service Connect interface documentation has been updated.

Workflows - Workflows is available in the following additional region: me-central1 (Doha, Qatar).

Anthos Config Management - Config Controller is now supported in region us-west4, us-west3, us-west1, europe-central2, europe-west10, europe-west12, europe-west4 , europe-west9, africa-south1, asia-east1, asia-east2, asia-northeast3, asia-south1, asia-south2, me-west1, europe-southwest1, us-south1, asia-southeast2, me-central1, southamerica-west1 and southamerica-east1. Config Controller now uses the following versions of its included products: Config Connector v1.115.0, release notes Anthos Config Management v1.17.3, release notes.

Google Distributed Cloud Bare Metal - 1.16. Release 1.16.8 GKE on Bare Metal 1.16.8 is now available for download. Fixes: The following container image security vulnerabilities have been fixed in 1.16.8: Critical container vulnerabilities: CVE-2021-38297 CVE-2022-23806 CVE-2023-24538 CVE-2023-24540 CVE-2023-29402 CVE-2023-29404 CVE-2023-29405 High-severity container vulnerabilities: CVE-2020-29652 CVE-2021-29923 CVE-2021-33195 CVE-2021-33196 CVE-2021-33198 CVE-2021-39293 CVE-2021-41771 CVE-2021-41772 CVE-2021-44716 CVE-2022-2879 CVE-2022-2880 CVE-2022-21698 CVE-2022-23772 CVE-2022-23773 CVE-2022-24675 CVE-2022-24921 CVE-2022-28131 CVE-2022-28327 CVE-2022-30580 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-32189 CVE-2022-41715 CVE-2022-41724 CVE-2022-41725 CVE-2023-6040 CVE-2023-6356 CVE-2023-6536 CVE-2023-6606 CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24539 CVE-2023-29400 CVE-2023-29403 CVE-2023-45287 CVE-2023-46838 CVE-2023-52436 CVE-2023-52439 CVE-2023-52444 CVE-2023-52445 CVE-2023-52451 CVE-2023-52464 CVE-2023-52469 CVE-2024-1086 CVE-2024-26586 CVE-2024-26597 CVE-2024-26598 Medium-severity container vulnerabilities: CVE-2020-29509 CVE-2020-29511 CVE-2021-33197 CVE-2021-34558 CVE-2021-36221 CVE-2022-1705 CVE-2022-1962 CVE-2022-32148 CVE-2022-41717 CVE-2023-6915 CVE-2023-24532 CVE-2023-29406 CVE-2023-29409 CVE-2023-39198 CVE-2023-52443 CVE-2023-52449 CVE-2023-52470 Low-severity container vulnerabilities: CVE-2022-30629 CVE-2023-52438 CVE-2023-52448 CVE-2023-52454 CVE-2023-52456 CVE-2023-52457 CVE-2023-52462 CVE-2023-52463 CVE-2023-52467 CVE-2024-0646 CVE-2024-24860. Known issues: For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.

GKE on AWS - A vulnerability (CVE-2024-26585) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

Anthos clusters on Azure - A vulnerability (CVE-2024-26585) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.