DHH's decision to move Basecamp and HEY out of the public cloud sparked intense debate in the tech community. Still, as someone who interviewed him back in 2008 (which ended with us literally running from Chicago police over a filming permit), I respect his position: real numbers and real success back his argument. For mature applications with predictable loads and strong ops talent, owning infrastructure can absolutely make economic sense. But there's a lot more to this calculation than hardware versus EC2 pricing.

The public cloud bill that feels punishing is actually a feature you need to exploit. It forces immediate architectural decisions—why store 3 years of debug logs? Why run dev environments 24/7? That monthly invoice is a diagnostic tool that keeps waste visible. In private infrastructure, that pressure evaporates. Spend becomes sunk CapEx that feels "free" until you run out of capacity— and then you can't just spin up new instances.

Security is where the conversation gets serious. Hyperscalers handle thousands of quiet tasks—microcode patches, live VM migrations off suspect hosts, hardware attestation, cross-region controls. With vulnerabilities like TEE.fail affecting trusted execution environments across AMD, Intel, and Nvidia, you need an information security team plugged into a much larger community of experts. Your colo facility won't have hundreds of people thinking about physical security, side-channel attacks, and supply chain risks.

Then there's risk transfer. I learned this firsthand when lightning struck my search engine business in 1997, destroying both the central systems and the backups. Since then, I've seen unpredictable events in every role—multiple disk failures, backhoes cutting fiber, supply chain shocks that made SSDs scarce for months. Remember the Chelyabinsk meteor in 2013 that caused widespread infrastructure damage? Black Swan events happen on decade timelines, and one event can nullify years of savings.

We also cover today's tech news: NPM's "PhantomRaven" attack targeting AI-suggested packages, UV's promise to unify Python tooling with Rust-powered speed, and why 987654321/123456789 equals almost exactly 8.

• Why We're Leaving the Cloud - DHH
• TEE.fail Vulnerability Disclosure
• Chelyabinsk Meteor Event Documentation

• NPM flooded with malicious packages downloaded more than 86,000 times
• PhantomRaven NPM malware analysis by Koi
• UV is the best thing to happen to the Python ecosystem in a decade
• UV GitHub Repository
• UV Official Documentation
• 987654321 / 123456789
• Character.AI to Bar Children Under 18 From Using Its Chatbots
• GM Will Cut 1,750 Jobs in Electric Vehicle Business
• Microsoft Increases Investments Amid A.I. Race
• Alphabet Revenue Jumps 16% With Strong Cloud Sales