惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Hacker News: Ask HN
Hacker News: Ask HN
WordPress大学
WordPress大学
T
The Blog of Author Tim Ferriss
The GitHub Blog
The GitHub Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 聂微东
A
About on SuperTechFans
Stack Overflow Blog
Stack Overflow Blog
雷峰网
雷峰网
Microsoft Azure Blog
Microsoft Azure Blog
腾讯CDC
爱范儿
爱范儿
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园 - 【当耐特】
V
Visual Studio Blog
有赞技术团队
有赞技术团队
U
Unit 42
D
Docker
小众软件
小众软件
F
Full Disclosure
I
Intezer
Scott Helme
Scott Helme
P
Privacy International News Feed
P
Proofpoint News Feed
Engineering at Meta
Engineering at Meta
Google DeepMind News
Google DeepMind News
B
Blog
Martin Fowler
Martin Fowler
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Vercel News
Vercel News
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Spread Privacy
Spread Privacy
宝玉的分享
宝玉的分享
S
Security Affairs
www.infosecurity-magazine.com
www.infosecurity-magazine.com
月光博客
月光博客
C
Cisco Blogs
云风的 BLOG
云风的 BLOG
Schneier on Security
Schneier on Security
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Threat Research - Cisco Blogs
量子位
Hacker News - Newest:
Hacker News - Newest: "LLM"
H
Heimdal Security Blog
N
Netflix TechBlog - Medium
H
Hacker News: Front Page
P
Proofpoint News Feed
G
GRAHAM CLULEY
V
Vulnerabilities – Threatpost
S
Schneier on Security

The Register - Off-Prem

AWS CloudFront outage serves errors instead of websites India’s tech services giant HCL is getting into the AI datacenter business Britain Microsoft shifts to annual exchange rate price revision for cloudy products Amazon’s Mechanical Turk to stop accepting new customers – and not even AI can save it Fire burns Google Cloud India’s network, which remains slow a week later EU sovereignty push gives tech buyers a new alphabet soup to swallow Google, Canonical team up to certify Ubuntu images for TPU VMs Arm moves into the heart of the cloud stack Snowflake to burn $6B on AWS Graviton CPUs and AI accelerators Big Tech extracts retirement-scale wealth from UK internet users, research shows Open Compute urges local government to bask in the warm glow of excess datacenter heat Google Cloud suspended major customer Railway.com without cause, causing outage Broadcom finds a VMware customer willing to stick around: London Stock Exchange Baidu says the quiet part out loud – you can’t build AI infrastructure, so clouds can cash in AWS racks M3 Ultra Macs that boast specs you can’t currently buy Tencent admits GPUs only pay for themselves when powering personalized ads Red Hat blasts RHEL 10.1 into orbit aboard Voyager's micro datacenter Sovereign cloud is only possible if you’re Chinese or American: Gartner Cloudflare to fire 1,100 staff whose jobs just aren’t AI enough AWS warns of EC2 'impairment' as power loss hits notorious US-EAST-1 region IBM Cloud evaporates as datacenter loses power Neocloud IREN buys OpenStack champion Mirantis AWS lets agents drive its virtual cloudy desktops Anthropic comes for the midmarket software spend VMware claims Cloud Foundation on track for world domination Microsoft to stop reservations for 17 Azure VMs, kill 13 DVSA shrugs off claims of week-long booking site issues ServiceNow under siege as Atlassian adds to ITSM take-outs ICANN opens applications for new gTLDs AWS says server memory shortage pushing customers to cloud Survey: US workers are not keen on Microsoft's AI Google to sell its TPUs to some customers Microsoft lifts 2026 CapEx by $25B to cover price rises Service change takes down Microsoft Outlook for iOS Google Cloud Next made it clear: AI is coming for everything Trump threatens UK with ‘big tariff’ over digital tech tax Workday, Rippling, Slack lflunk data access test: Fivetran Grafana offers AI assistant for free, warns users not to go mad UK tribunal sends £2B claim accusing Microsoft of overcharging for licensing to trial £2B Microsoft licensing claim gets go-ahead from UK tribunal The spaghettified DBMS chart that shows Oracle's crown is slowly slipping One of Europe's sovereign cloud picks may not be so-sovereign after all Europe picks 4 sovereign cloud providers, but one has Google UK weighs break clause in Palantir NHS deal Atlassian’s new data collection policy protects rich customers while AI eats the rest Atlassian to train AI on user data unless law or cash say no Users complain of UK Azure capacity problems Microsoft closes book on rogue Windows Server 2025 upgrades McGraw Hill linked to 13.5M-record data leak Britain sends 'biggest ever drone package' to Ukraine Networks not ready for the challenges of AI traffic UK told its Big Tech habit is now a national security risk Commvault has a Ctrl+Z for rogue AI agents How ServiceNow gets customers to gorge at the AI trough UK startup to supply drone interceptors for Britain, allies Digital sovereignty isn't just a buzzword – it's the future Salesforce is taking on ServiceNow in ITSM. The winner is AI Salesforce is taking on ServiceNow in ITSM. The winner is AI Snowflake manager on 'Spider-Man' theory of AI agents Amazon rejects AWS climate disclosure proposal Amazon rejects AWS climate disclosure proposal Microsoft cuts cloudy desktop prices by 20 percent Microsoft cuts cloudy desktop prices by 20 percent Google taps Intel for another round of custom network chips AWS put a file system on S3; I stress-tested it Minnesota payroll problems grew after Workday, say auditors Nutanix thinks some Azure cloud desktops belong on-prem Yahoo Japan’s consolidating 164 OpenStack clusters into one Ex-Microsoft engineer blames Azure problems on talent exodus Salesforce looks to Slackbot to help solve SaaSpocalypse ServiceNow salesman sues employer in commission dispute ServiceNow salesman sues employer in commission dispute Big Tech has not enforced Australia’s social media ban Lloyds app glitch exposed transactions to almost 500K users AWS would prefer to forget March in UAE region AWS would prefer to forget March in UAE region 'Emphathetic 'Salesforce bots to help fired via Labor Dept EFF has new boss, Nicole Ozer, to fight privacy-suckers Black Hawk drone: US Army gets self-flying chopper Smooth criminals talking their way into cloud environments, Google says NATO needs layered defenses to deal with swarms of drones NATO needs layered defenses to deal with swarms of drones CMA dithers as Microsoft's cloud meter runs on your dime Microsoft startup credits are the gift that keeps on billing SAP's grand cloud escape plan €2B short of the runway Tencent sees Tencent sees 'better pricing environment' due to AI boom Alibaba Cloud hikes prices by up to 34%, blames hardware costs and AI demand BBC digital switch backfires as online audience falls
AWS spurs Catch-22, ending PostgreSQL 13 support for RDS
Corey Quinn, special to El Reg · 2026-03-18 · via The Register - Off-Prem

Off-Prem

AWS giveth with its right hand and breaketh with its left

Never attribute to malice what can be adequately explained by one very large org chart

Earlier this month, AWS ended standard support for PostgreSQL 13 on RDS. Customers who want to stay on a supported database — as AWS is actively encouraging them to do — need to upgrade to PostgreSQL 14 or later.

This makes sense, as PostgreSQL (pronounced POST-gruh-SQUEAL if, like me, you want to annoy the living hell out of everyone within earshot) 13 reached its community end of life late last year.

PostgreSQL 14, which shipped in 2021, defaults to a more secure password authentication scheme (SCRAM-SHA-256, for any nerds that have read this far without diving for their keyboards to correct my previous parenthetical). It also just so happens to break AWS Glue, their managed ETL (extract-transform-load) service, which cannot handle that authentication scheme. If you upgrade your RDS database to follow AWS's own security guidance, AWS's own data pipeline tooling responds with "Authentication type 10 is not supported" and stops working.

Given that both of these services tend to hang out in the environment that most companies call "production," this is not terrific!

The deprecation didn't create this problem. It just removed the ability to avoid a problem that has existed for five years, unless you take on an additional maintenance burden or pay the Extended Support tax.

Here's the technical shape of the Catch-22, stripped to what matters: when you move to a newer PostgreSQL on RDS, Glue's connection-testing infrastructure uses an internal driver that predates the newer authentication support. The "Test Connection" button — the thing you'd click to verify that your setup works before trusting it with production data — simply doesn't. A community expert on AWS's support forum acknowledged three years ago that "the tester is pending a driver upgrade," and assured users that crawlers use their own drivers and should work fine. Users in the same thread reported back that the crawlers also fail. Running Glue against RDS PostgreSQL is a bread-and-butter data engineering pattern, not an edge case — this is a well-paved path that AWS has let fall into disrepair.

The incompatibility has been known since PostgreSQL 14 shipped in 2021. The deprecation timeline for PG13 was announced in advance. Both teams—RDS and Glue—presumably track industry developments. Neither, apparently, bothered to track each other.

The charitable read on how this happens is also the correct one: AWS has tens of thousands of engineers organized into hundreds of semi-autonomous service teams. The RDS team ships deprecations on the RDS lifecycle, the Glue team maintains driver dependencies on the Glue roadmap, and nobody explicitly owns the gap between them. The customer discovers the incompatibility in production, usually at an inconvenient hour.

This is not a conspiracy, as AWS lacks the internal cohesion needed to pull one of those off. This is also not a carefully-constructed revenue-enhancement mechanism, because the Extended Support revenue is almost certainly a rounding error on AWS's balance sheet compared to the customer ill-will it generates. Instead, this is simply organizational complexity doing what organizational complexity does. It's the same reason your company's internal tools don't talk to each other; AWS is just doing it at a scale where the blast radius is someone else's production database. Integration testing across service boundaries is genuinely hard when those boundaries span multiple billion-dollar businesses that happen to share a parent company. Nobody woke up and decided to break Glue. It came that way from the factory.

I want to be clear that I genuinely believe this, because the alternative I'm about to describe isn't about intent.

The problem with the charitable read is that it doesn't matter

If you're staring at a broken pipeline in your environment at 2 am, the reason is academic. You need a fix. AWS has provided three of them, and they all suck. You can downgrade password encryption on your database to the older, less secure standard: the one you just upgraded away from, per AWS's own recommendations. You can bring your own JDBC driver, which disables connection testing and may not support all the features you want. Or you can rewrite your ETL workflows as Python shell jobs.

Every exit means giving up the entire value proposition of a managed service — presumably why you're in this mess to begin with — or walking back the security improvement you were just told to make.

For customers who stayed on PG13 to avoid this specific problem, Extended Support is now running automatically unless you opted out at cluster creation time—a detail that's easy to miss. That's $0.10 per vCPU-hour for the first two years, doubling in year three. A 16-vCPU Multi-AZ instance works out to nearly $30,000 per year in Extended Support fees alone. It's not a shakedown. But it is a number that appears on a bill, from a company that also controls the timeline for fixing the problem, and all of the customer response options are bad.

AWS doesn't need to be running a shakedown. They just need to be large enough that the result is indistinguishable from one.

This pattern isn't unique to AWS, and it isn't going away. Every major cloud provider – indeed, every major technology provider – is a portfolio of semi-autonomous teams whose roadmaps occasionally collide in their customers' environments. It will happen again, with different services and different authentication protocols and different billing line items. The question isn't whether the org chart will produce another gap like this. It will. The question is what happens after the gap appears: does the response look like accountability — acknowledging the incompatibility before the deprecation deadline, not after — or does it look like a shrug and three paid alternatives?

Never attribute to malice what can be adequately explained by one very large org chart. Just don't forget to check the invoice. ®