Alvaro Lopez Ortega / 2025-04-26 Briefing

Created Sat, 26 Apr 2025 14:31:10 +0000 Modified Sun, 18 May 2025 18:47:07 +0000
6139 Words

Discord improved search with Kubernetes and smaller Elasticsearch clusters, speeding up indexing of trillions of messages. Microsoft limited C/C++ extension to official VS Code products, affecting non-Microsoft editors. AI tools reshape workflows. Supabase secured $200M at $2B. DFloat11 cuts LLMs by 30%. XAI (Elon Musk) seeks $20B. UK threatened Wikipedia’s tax-exempt status over foreign influence.

▶️ Internet Infrastructure

Discord’s Search System Revolutionized with Kubernetes and Smaller Elasticsearch Clusters

Discord’s new search infrastructure, utilizing Kubernetes, smaller Elasticsearch clusters, PubSub, and shard reindexing, indexes trillions of messages with improved performance, scalability, and resilience.

  • Discord’s message search system, built in 2017, used Elasticsearch with messages sharded by guild or DM across two clusters.
  • Infrastructure issues included Redis message queue drops during Elasticsearch node failures, bulk indexing failures due to node failures, and large indices exceeding Lucene’s ~2 billion message limit.
  • System scaling challenges involved high overhead in large clusters (>200 nodes), difficulty performing rolling upgrades, and large guild indices causing indexing and query performance issues.
  • Transition to Kubernetes deployment with Elastic Cloud on Kubernetes (ECK) enabled automated upgrades and safer rolling restarts.
  • Implemented a multi-cluster “cell” architecture with smaller, dedicated Elasticsearch clusters per cell, each with dedicated ingest, master, and data nodes, distributed across zones for resilience.
  • Switched message queue from Redis to Google Cloud PubSub for guaranteed delivery and backlog handling.
  • Batch messages by cluster and index before bulk indexing, using a PubSub message router with Tokio tasks to group messages by destination, improving fault tolerance.
  • Introduced “cells” of Elasticsearch clusters to support cross-DM search by sharding messages by user ID into separate user-dm-messages cells.
  • Created dedicated Elasticsearch clusters with multiple primary shards for “Big Freaking Guilds” (BFGs) approaching Lucene’s max doc limit, enabling scalable search for large guilds.
  • Reindexing BFGs involves dual indexing, creating larger indices with more shards, and switching query traffic after validation, maintaining continuous search availability.
  • Results include indexing trillions of messages, doubling throughput, reducing median query latency from 500ms to under 100ms, and managing 40 Elasticsearch clusters with thousands of indices, enabling automated upgrades and zero service impact.

“NetEase CEO Steps Back as Company Shifts Strategy Away from Gaming”

NetEase is restructuring leadership as CEO William Ding reduces involvement in gaming, signaling a strategic shift away from game development amid regulatory and market pressures.

  • NetEase executives, including CEO William Ding, are stepping down amid strategic shifts, with Ding reducing his involvement in game development
  • The company is pulling back from its gaming business to focus on other areas, reflecting a broader corporate restructuring
  • The leadership changes follow a period of regulatory scrutiny and market challenges in China’s gaming industry

CISA warns of risks after Oracle cloud data breach exposes customer credentials

CISA issued an alert after Oracle’s cloud infrastructure was compromised, exposing customer credentials and emphasizing the need for password resets, log monitoring, and MFA.

  • CISA issued an alert regarding Oracle’s public cloud data breach, advising credential management and security measures.
  • Oracle admitted that customer data was stolen from two unpatched, obsolete login servers, exposing encrypted passwords, key files, and other information.
  • The breach presents risks of credential reuse, embedded secrets, and unauthorized access; Oracle declined to comment on the scope, while CISA emphasized potential enterprise impact.

AFRINIC set for June 23 elections under UK lawyer oversight

AFRINIC plans to hold elections on June 23, 2025, under oversight of UK lawyers due to longstanding disputes, security concerns, and legal interventions, aiming to restore governance stability.

  • AFRINIC, the regional internet registry for 54 African and Indian Ocean nations, will hold elections on June 23, 2025, after over three years of stalemate.
  • The election process is overseen by receiver Gowtamsingh Dabee, who appointed UK-based King’s Counsel Simon Davenport to chair the Nomination Committee, supported by three other UK barristers.
  • Concerns about potential interferences prompted Dabee to include measures ensuring a free and fair election, amid ongoing disputes, lawsuits, and security warnings about credential manipulation and misinformation.

Deploying Large Language Models in Production: A Guide to Scaling with GPU Resources, APIs, Kubernetes, and More

The guide details scaling LLMs for production, covering hardware requirements, deployment strategies (API, Kubernetes, inference microservices), and tuning parameters like max_model_len and tensor-parallel-size.

  • The article provides a comprehensive guide to deploying large language models (LLMs) in production environments, emphasizing scaling challenges.
  • Deploying models like Gemma 3 or Llama 3.1 requires significant GPU resources, with estimates of 40GB+ GPU memory for large models.
  • It discusses deployment methods including APIs, cloud inference services, container orchestration with Kubernetes, and inference-as-a-service providers like Nvidia NIMs and Hugging Face.

US Cybersecurity Infrastructure Deteriorates Amid Funding Cuts and Leadership Losses

The US cybersecurity infrastructure is deteriorating from within, with funding cuts, leadership dismissals, and internal data breaches undermining critical systems and the CVE vulnerability database.

  • The CVE system nearly collapsed due to lack of funding and staff cuts, with the contract expiring in March 2026.
  • The Trump administration dismantled key cybersecurity bodies, including firing NSA Cyber Command head General Timothy Haugh and disbanding the Cyber Safety Review Board.
  • Federal cybersecurity efforts have been weakened through budget cuts, staff reductions, and internal data breaches, with sensitive systems like Treasury and Social Security compromised.

Google’s Rising Depreciation Costs Amid $75B Investment in Data Centers

Google admits a 31% rise in depreciation costs from datacenter investments, spending $17.2 billion in Q1 and $75 billion CapEx in 2025 to meet cloud and AI demand.

  • Google reports a 31% year-over-year increase in depreciation costs due to extensive datacenter investments
  • In Q1 2025, Google spent $17.2 billion on technical infrastructure, mainly servers and datacenters
  • Despite soaring depreciation, Google plans to invest $75 billion in CapEx in 2025, maintaining capacity growth amid high demand

▶️ Open Source

From Scratch: The TacOS Project – A UNIX-Like OS Built with C and Assembly, Running Doom

TacOS is a hobby UNIX-like OS for x86_64 architecture, implementing core OS features and running on real hardware and QEMU, with a Doom port and licensed under MPL-2.0.

  • TacOS is an x86_64 UNIX-like operating system built from scratch, written primarily in C (93.2%) and Assembly (3.6%), with Makefile and linker script components.
  • It features a kernel with a Virtual Filesystem (VFS), scheduler, TempFS, device management, context switching, virtual memory management, physical page frame allocation, and a port of Doom.
  • The project is licensed under MPL-2.0, hosted on GitHub with 277 stars, 21 forks, and contributions from two developers, UnmappedStack and Dcraftbg.

“Linus Torvalds condemns case-insensitive file systems as fundamentally flawed.”

Linus Torvalds condemns case-insensitive file-systems as fundamentally flawed, citing security risks and Unicode case folding issues, advocating for strict case sensitivity in Linux file-systems.

  • Linus Torvalds criticizes case-insensitive file-systems, calling them “horribly wrong” and a bug, citing issues with Unicode case folding and security vulnerabilities.
  • He references recent Bcachefs case-folding support fixes in Linux 6.15 and past problems with Unicode emoji and special characters.
  • Torvalds emphasizes that case sensitivity is a fundamental feature, and implementing case-insensitive support introduces security and correctness issues, with detailed critique on testing and implementation practices.

Microsoft Blocks C/C++ Extension on Non-Microsoft Editors

Microsoft’s C/C++ extension for VS Code was made exclusive to Microsoft products after v1.24.5 (April 3, 2025), blocking non-MS editors and prompting open-source forks to seek alternatives.

  • Microsoft’s C/C++ extension for VS Code was removed from working with derivative products like VS Codium and Cursor after the release of v1.24.5 on April 3, 2025
  • The removal prevents extension use outside official Microsoft products, citing licensing restrictions since September 2020, and causes installation errors in non-MS editors
  • Cursor and other forks have responded by developing open-source alternatives and employing reverse proxies to access Microsoft marketplace extensions illegally

▶️ Software Development

Cohost.org’s Closure Marks End of Innovative CSS Hacks

Cohost.org’s permissive inline CSS and HTML sanitization enabled innovative CSS hacks like width-hacking and SVG animations, fostering a niche community that created interactive, game-like content before its 2024 shutdown.

  • Cohost.org was a short-lived, invite-only social media platform launched in June 2022 and shut down in September 2024 due to burnout and funding issues
  • Featured a unique, anti-capitalist design with no ads, no follower counts, chronological feeds, and support for HTML posts sanitized with permissive inline CSS, enabling creative CSS hacks
  • Users developed CSS techniques such as “width-hacking” with <details> and calc() to create interactive puzzles, games, and secret messages, and used SVG with media queries for animations and dynamic styling

MotherDuck’s Instant SQL Delivers Real-Time Query Updates Across Data Sources

MotherDuck launched Instant SQL, a real-time SQL interaction tool that updates query results instantly, leveraging DuckDB’s architecture, query rewriting, and AI suggestions to enhance ad-hoc data exploration.

  • MotherDuck released Instant SQL on April 23, 2025, enabling real-time, zero-latency SQL query previews as users type
  • Supports previewing results, inspecting/editing CTEs, breaking down complex expressions, and querying external data sources like S3, Postgres, SQLite, MySQL, Iceberg, Delta
  • Utilizes DuckDB’s local-first architecture, query rewriting, advanced caching, and AST mapping to achieve instant feedback and AI-powered inline suggestions

AI Coding May Reduce Developer Flow and Joy

AI coding may reduce developers’ sense of flow and joy, risking long-term happiness; balancing AI efficiency with manual coding could preserve fulfillment and creativity in software development.

  • The article discusses the impact of AI coding on developer joy and flow, emphasizing potential loss of deep engagement and satisfaction.
  • It highlights the psychological concept of “flow” by Mihaly Csikszentmihalyi, crucial for creativity and happiness in programming.
  • The author expresses concern that AI-driven workflows, which favor prompt-based code generation, may lead to detached developers and diminished fulfillment.

Storing Data for Future Use: YAGRI Over YAGNI

YAGRI advises storing likely-to-be-used data like timestamps and metadata alongside minimal required data to improve debugging and analytics, despite YAGNI principles.

  • Introduces YAGRI (“You are gonna read it”) as an exception to YAGNI, emphasizing storing data likely to be used, such as timestamps and metadata
  • Recommends storing fields like created_at, updated_at, deleted_at, created_by, and permission info on tables, even if not immediately necessary
  • Highlights that storing comprehensive data can aid debugging, analytics, and internal processes, outweighing the minimal storage costs

▶️ Management and Leadership

Judge Hannah Dugan arrested for aiding immigration suspect

Milwaukee Judge Hannah Dugan was arrested for aiding an immigration suspect, escalating tensions over immigration enforcement; she faces federal charges and was released after court appearance.

  • Judge Hannah Dugan was arrested by the FBI on April 25, 2025, at Milwaukee courthouse for helping a man evade immigration authorities.
  • She faces charges of concealing an individual to prevent arrest and obstructing judicial proceedings.
  • Dugan was released after appearing briefly in federal court; she was accused of guiding Flores-Ruiz, charged with domestic battery, through a non-public courthouse door.

Supabase Secures $200 Million Series D at $2 Billion Valuation

Supabase secured $200 million in Series D funding at a $2 billion valuation, highlighting its growth in developer community, Postgres support, and focus on vibe coding as a key industry trend.

  • Supabase raised $200 million in Series D funding at a $2 billion valuation, led by Accel, with participation from Coatue, Y Combinator, Craft Ventures, Felicis, and notable angels.
  • The company supports over 2 million developers managing more than 3.5 million databases, primarily using Postgres as an alternative to Firebase.
  • The funding underscores the strategic importance of the database layer in platform shifts, with founders emphasizing community growth, vibe coding, and global remote hiring.

Reimagining Employer Loyalty: Fair Pay, Respect, Stability, Innovation

Stevie Buckley advocates for realistic employer loyalty based on transparency, fair compensation, respectful treatment, financial security, and openness to change, emphasizing personal well-being over corporate loyalty.

  • Article by Stevie Buckley published on Jan 5, 2018, with a 5-minute read
  • Emphasizes that loyalty to an employer is limited; companies are transactional and can replace employees quickly
  • Outlines four non-negotiable criteria for evaluating an employer: fair pay, good treatment, financial stability, and openness to innovation

Believing in People Can Transform Lives

Tina Roth Eisenberg celebrates enthusiasm and belief in others, highlighting stories of inspiring individuals and the impact of community-driven initiatives like CreativeMornings, which foster connection and potential.

  • Tina Roth Eisenberg’s blog “swissmiss” emphasizes the transformative power of enthusiasm and believing in people.
  • The article shares personal stories of influential figures—Aunt Hugi, Matthew Waldman, Ella, Jim Coudal, Ben Chestnut, Ruth Ann Harnisch—that exemplify encouragement and belief.
  • CreativeMornings, founded in 2008, has hosted over 15,000 events globally, supported by community and sponsorships, notably from Mailchimp and Ruth Ann Harnisch’s $1 million donation.

Intel’s New CEO Plans Up to 20% Layoffs

Intel plans to cut up to 20% of its workforce under CEO Lip-Bu Tan’s strategy to streamline operations and improve financial health, with layoffs beginning in Q2 2025 and a focus on operational efficiency.

  • Intel’s new CEO Lip-Bu Tan announced plans for significant layoffs, aiming to reduce workforce by up to 20%, approximately 20,000 employees.
  • The company has already laid off about 15% (around 15,000 staff) in August 2024, ending 2024 with 108,900 employees, and further layoffs are planned starting Q2 2025.
  • Intel’s Q1 2025 revenue was $12.7 billion, flat year-on-year; operating expenses targeted to decrease to $17 billion in 2025 and $16 billion in 2026, with restructuring charges of $156 million in Q1 2025.

Defense Secretary Risks Security with Insecure Signal Access

US officials, including Defense Secretary Hegseth, used insecure internet and personal devices to share sensitive military information via Signal and Gmail, undermining security protocols.

  • US Defense Secretary Pete Hegseth used an insecure internet connection in his office to access Signal on a personal computer
  • He shared sensitive military details via Signal groups, including with his wife, brother, and personal attorney
  • Officials used personal Gmail accounts and commercial apps for military communication, risking exposure to foreign espionage and spyware

▶️ Technology

DFloat11: Lossless LLM Compression Reduces Size by 30%

DFloat11 is a lossless compression method that reduces large language model sizes by 30% with bit-for-bit accuracy, enabling efficient GPU inference and longer context lengths.

  • Introduces DFloat11, a lossless compression framework for LLMs that reduces model size by 30% while maintaining bit-for-bit identical outputs
  • Utilizes entropy coding to assign dynamic-length encodings based on weight frequency, exploiting low entropy in BFloat16 representations
  • Implements a custom GPU kernel with memory-efficient lookup tables, a two-phase thread coordination kernel, and transformer-block-level decompression
  • Validated on models including Llama-3.1, Qwen-2.5, and Gemma-3, achieving approximately 30% size reduction and enabling lossless inference of Llama-3.1-405B (810GB) on a single node with 8x80GB GPUs
  • DFloat11 achieves 1.9-38.8x higher throughput in token generation compared to offloading uncompressed models to CPU and enables 5.3-13.17x longer context lengths under fixed GPU memory constraints
  • Code and models are available at this GitHub repository

Gautham Shankar’s Workflow: Obsidian + Hugo + GitHub + Cloudflare Pages

Gautham Shankar details a workflow using Obsidian, Hugo, GitHub, and Cloudflare Pages for instant blog publishing, emphasizing control, portability, and technical setup with front matter and deployment automation

  • Gautham Shankar uses Obsidian with a local-first model, syncing via iCloud, Dropbox, or Google Drive for seamless cross-device editing
  • Publishes via Hugo with the Bear Blog theme, deploying through GitHub and Cloudflare Pages for full control and no vendor lock-in
  • Setup involves installing Hugo, configuring themes, linking Obsidian to Hugo’s content/blog folder, managing front matter with draft toggle, and automating deployment with GitHub and Cloudflare Pages

How Algorithms on X.com Shadowban and Amplify to Shape Public Discourse Without Overt Censorship

Influence algorithms on x.com subtly manipulate content visibility and perception through shadowbanning, amplification, and manufactured consensus, shaping public discourse without overt censorship.

  • Algorithmic influence on x.com manipulates visibility through shadowbanning and amplification based on user interactions, with high-profile accounts causing significant changes.
  • Small accounts’ visibility can drop from 150,000 to 20,000 views via algorithmic shadowbanning triggered by high-weight interactions, without notice or rule violations.
  • Repetitive low-effort interactions, such as likes or replies, act as signals to boost or suppress content, creating artificial popularity and engineered narratives.

Substack restricts access to sensitive system paths for security

Substack’s web application firewall blocks requests containing certain system paths (e.g., /etc/h*sts) to prevent path traversal and command injection attacks, causing “Network Error” and API failures.

  • User encountered “Network Error” in Substack editor when typing /etc/h*sts (obfuscated to avoid triggering) during draft autosave
  • Errors occurred specifically with paths to Linux system configuration files containing patterns like /etc/h*sts, /etc/pass*d, /etc/ssh/sshd_conf*g
  • Developer tools revealed 403 Forbidden responses from Substack API, with Cloudflare involved, indicating security filtering

The Gruen Transfer Goes Digital: How Online Platforms Disorient Users

The ‘Gruen Transfer’ concept now applies to the internet, with platforms like Facebook and others using confusing layouts and dark patterns to increase engagement and impulsive behavior.

  • The ‘Gruen Transfer’ describes consumer disorientation caused by deliberately confusing layouts, originally observed in physical stores and now prevalent online.
  • Facebook’s feed, intended to simplify updates, has evolved into a disorienting mix of ads, memes, and influencer content, reducing original intent focus.
  • Many websites employ UX dark patterns, making actions like account deletion or subscription cancellation confusing and impulsive, raising concerns about web design complexity.

LLMs Show Promise for CAD Designs via OpenSCAD with Automated STL Validation in 6-24 Months

LLMs can generate parametric CAD models via OpenSCAD scripts, with recent models achieving high accuracy in automated STL validation, indicating potential for automated mechanical design within 6-24 months.

  • LLMs can generate CAD models for simple 3D mechanical parts, with ongoing research exploring diffusion and transformer architectures trained on millions of CAD files
  • A prototype using OpenSCAD scripts and LLMs achieved iterative design of models like iPhone cases and flanges, leveraging parameterized code and general mechanical knowledge
  • An evaluation pipeline developed tests LLMs’ ability to produce correct OpenSCAD code and STL models, with success rates analyzed across 25 tasks, showing recent models like Sonnet 3.7 outperform earlier versions

Elon Musk’s XAI seeks $20B funding, valuation over $120B

Elon Musk’s XAI Holdings is negotiating to raise $20 billion, valuing the company at over $120 billion, making it the second-largest startup funding round after OpenAI’s $40 billion.

  • Elon Musk’s XAI Holdings is in discussions to raise approximately $20 billion in funding for its combined AI startup and social media business
  • The funding would be the second-largest startup financing, after OpenAI’s $40 billion raise earlier in 2025
  • The deal would value the company at over $120 billion, according to sources familiar with the matter

“Amodei urges rapid AI interpretability to avert catastrophe”

Dario Amodei advocates for rapid development of AI interpretability techniques, highlighting recent progress and the urgent need to understand AI systems before they become uncontrollably powerful, to mitigate risks and ensure safety.

  • Dario Amodei emphasizes the critical importance of interpretability in AI, especially before models reach overwhelming power, with recent breakthroughs suggesting feasibility within 5-10 years
  • Modern generative AI systems are opaque, making it difficult to understand internal mechanisms, predict behaviors like deception or power-seeking, and address risks such as misuse or unintended consequences
  • Advances in mechanistic interpretability, including identifying neurons, features, and circuits, enable tracing and manipulating model reasoning, aiding in problem diagnosis and safety assessments

Trump appointee threatens Wikipedia’s tax exemption over foreign influence claims

Trump’s D.C. prosecutor Ed Martin threatened Wikipedia’s tax-exempt status, alleging foreign manipulation and national security risks, demanding detailed disclosures on Wikipedia’s operations and content safeguards.

  • Ed Martin, Trump appointee and D.C. U.S. attorney, sent a letter to Wikimedia Foundation alleging activities that may violate 501(c)(3) tax-exempt obligations.
  • The letter claims Wikipedia allows foreign actors to manipulate information and spread propaganda, with concerns about foreign nationals on its board and content influencing U.S. interests.
  • The letter, demanding responses by May 15, questions Wikipedia’s handling of foreign influence, AI data sourcing, and editorial neutrality, citing potential national security implications.

Andreessen Horowitz Defends Deel Against Espionage Allegations

Andreessen Horowitz defended Deel against espionage allegations related to former employees attempting unauthorized access to client and competitor data.

  • Andreessen Horowitz publicly defended Deel amid allegations of espionage and spying by former employees
  • The dispute involves claims that Deel’s former employees attempted to access confidential information of clients and competitors
  • The firm issued a statement denying the allegations and emphasizing its commitment to security and ethical practices

Europe Seeks Self-Reliant Tech to Break Free From U.S. Dependency

European companies call for sovereign, European-built cloud solutions to mitigate US dependency and political risks, with projects like Fulcrum and Microsoft’s EU data boundary aiming to enhance digital sovereignty.

  • European businesses, including Netcompany, advocate for “European solutions” built on European data to reduce dependency on US technology amid US political unpredictability
  • US hyperscalers face eroded trust due to potential data disclosure laws, political risks, and recent US administration rhetoric
  • Initiatives like Fulcrum, supported by €1 million investment from CISPE, aim to develop European cloud federation tech; Microsoft’s EU data boundary is designed for EU data sovereignty but remains subject to US laws

Microsoft transforms Windows into a free, ad-supported service

Microsoft’s shift to Windows as a Service with Windows 10 in 2015 introduced free upgrades, telemetry, in-OS advertising, and subscription models, transforming Windows into a data-driven, monetized platform.

  • Former Microsoft engineer Dave Plummer criticizes Windows today as “a tool that’s a bit of an adversary,” emphasizing telemetry and advertising.
  • Microsoft shifted from paid upgrades to Windows as a Service starting with Windows 10 in 2015, offering free upgrades from Windows 7, 8, and 8.1, and introducing telemetry and in-OS ads.
  • The transition aimed to increase user engagement, data collection, and subscription revenue, while addressing declining PC sales and piracy; Windows 10 deployment included stealth downloads and suggested apps.

Securing GenAI Requires Governance, Technology, and Data Protection

Security leaders should adopt a comprehensive, evolving framework combining governance, technology controls, and data security to mitigate GenAI risks and ensure responsible AI use.

  • Security leaders must adopt a strategic framework integrating governance, technology controls, and data protection for GenAI security.
  • Establish a governance framework with cross-functional committees, ethical use policies, impact assessments, and ongoing training.
  • Implement anticipatory controls including secure deployment, logging, access controls, cryptographic hashing, third-party vetting, and real-time discovery of unapproved AI tools.
  • Strengthen data access with granular identity security, multi-factor authentication, data encryption, and monitoring of input/output data for privacy and bias.
  • Use comprehensive identity security tools such as Privileged Access Management (PAM), zero-trust frameworks, adaptive policies, and safeguards against adversarial attacks.
  • Avoid pitfalls like shadow AI underestimation, over-reliance on AI outputs, incomplete access controls, and supply chain oversight.
  • Continuous evolution of security posture is necessary to mitigate risks while harnessing AI’s transformative potential.
  • More information at delinea.com.

India’s IT Giants Warn US Tariffs May Reduce Tech Spending Amid Strong Financials

India’s top IT firms warn US tariffs may reduce client tech spending and delay projects, but strong financials position them to capitalize on increased efficiency and cost reduction opportunities.

  • India’s IT giants (Infosys, TCS, Wipro, HCL) express concern over US tariffs reducing customer tech spending and causing delays.
  • Wipro paused a critical SAP project due to client jitters over tariff uncertainties; revenue growth impacted.
  • Infosys CEO Salil Parekh noted lower consumer spending in retail; clients are tightening budgets amid economic uncertainty.
  • TCS CEO K Krithivasan reported delays in discretionary projects, especially in the US, due to declining consumer sentiment.
  • HCL CEO C Vijayakumar stated no immediate impact but expects tariffs to eventually affect all industries, driving cost reduction efforts.
  • Companies maintain healthy balance sheets: TCS revenue $30.18B (+3.8%), Infosys $19.28B (+4.2%), HCL $13.84B (+4.3%), Wipro $10.7B (-0.7%); margins around 20%.

Fedora Linux 42 vs. Ubuntu 25.04: Comparing Modernization and Compatibility

Fedora 42 (announced April 15, 2025) and Ubuntu 25.04 (April 17, 2025) both feature Linux kernel 6.14, GNOME 48, and improved installers; Fedora emphasizes modernization and breadth of editions, while Ubuntu offers better dual-boot support and hardware compatibility.

  • Fedora Linux 42 was announced on April 15, 2025, followed by Ubuntu 25.04 “Plucky Puffin” on April 17, 2025
  • Both are based on Linux kernel 6.14 and GNOME 48; Fedora supports a year-long release cycle, Ubuntu supports nine months
  • Fedora 42 introduces a new four-step, sequential installer replacing Anaconda’s hub-and-spoke; Ubuntu improves dual-boot support, including Bitlocker-encrypted Windows
  • Fedora defaults to GPT partitioning on all drives, which complicates dual-booting with BIOS firmware; Ubuntu maintains compatibility with older hardware and supports proprietary drivers
  • Fedora offers multiple editions and spins, including server, cloud, CoreOS, IoT, and tiling environments; Ubuntu provides various desktop flavors and special-purpose variants
  • Both distributions improve hardware support, with Fedora adding driver support and GNOME enhancements; Ubuntu updates include APT 3 with color output and a unified ARM64 image
  • Fedora’s installer is now more standard and supports WSL; Ubuntu’s installer has improved accessibility and supports dual-boot with Bitlocker
  • Fedora’s default filesystem is Btrfs with compression; Ubuntu’s installation size remains over 6 GB, with a 9.7 GB disk requirement at install
  • Fedora’s modernization may reduce compatibility with older hardware and dual-boot configurations; Ubuntu remains more flexible for multi-OS setups and proprietary driver support

UK CLA introduces Generative AI Training Licence for LLM developers

UK’s CLA will introduce a Generative AI Training Licence in 2025 enabling LLM developers to pay for copyrighted content, aiming to clarify legal access and compensate creators amid industry reluctance to wait for regulation.

  • UK non-profit CLA plans to launch a Generative AI Training Licence in Q3 2025 allowing LLM developers to pay publishers for copyrighted training data
  • The licence aims to provide legal certainty for AI developers and ensure fair compensation for rights holders, involving organizations like Publishers’ Licensing Services and ALCS
  • CLA CEO Mat Pfleger emphasizes licensing as a market-based solution to copyright issues, contrasting with proposed UK copyright exemptions for text and data mining; the industry is historically reluctant to wait for legal certainty

UK government allocates £136 million for Horizon system replacement amid £2.44 billion cost surge

UK government grants £136 million to replace the Horizon IT system, addressing its failures and risks; total costs now reach £2.44 billion, amid calls for clearer financial justification.

  • UK government allocated £136 million ($180 million) to fund Post Office’s Horizon system replacement and modernization
  • The total Fujitsu package cost has ballooned to £2.44 billion ($3.2 billion)
  • The subsidy advice report criticizes the lack of detailed financial evidence supporting the need for public funds

UK fines AFK Letters £90k for unsolicited calls to Do Not Call list

UK ICO fined AFK Letters £90,000 for making 95,000+ marketing calls to TPS-registered individuals without valid consent, violating PECR regulations and data privacy laws.

  • UK ICO fined AFK Letters Co Ltd £90,000 ($120,000) for making over 95,000 unsolicited calls to individuals registered with the Telephone Preference Service (TPS)
  • Calls were made despite the recipients being on the official “Do Not Call” opt-out list, violating electronic marketing laws
  • AFK used data from its website and a third-party survey firm without demonstrable valid consent; failed to retain proper consent records and used consent statements that did not specifically name the company

New CVE Foundation Aims to Secure Global Funding Post US Support Halt

The CVE program’s US government funding was abruptly halted, leading to the creation of the CVE Foundation to ensure sustainable, international, and independent vulnerability tracking.

  • CVE program’s US government funding was not renewed, discovered via social media, prompting concerns over long-term sustainability.
  • MITRE, managing the CVE program since 1999, received a last-minute contract extension through March 2026, but its future remains uncertain.
  • The CVE Foundation was established to secure diversified, long-term, global funding and maintain the program’s neutrality, with initial positive engagement from stakeholders.

Darcula Adds AI-Powered Phishing Toolkit, Simplifying Multi-Language Attacks

Darcula added AI features to its phishing kit, enabling multi-language, automated site cloning, and form generation, lowering technical barriers and increasing phishing campaign efficiency.

  • Darcula, a cybercrime toolkit provider, integrated AI into its phishing-as-a-service kit on April 23, enabling multi-language phishing site creation and automation
  • The AI can clone websites, generate phishing forms in languages like Chinese and English, and customize input fields while maintaining site layout
  • The update simplifies phishing site deployment for less technically skilled criminals, using tools like translation, form generation, and visual styling automation
  • The kit uses pre-built templates, downloads assets from legitimate sites, and can send messages via iMessage and RCS to bypass SMS firewalls
  • First documented in July 2023, Darcula’s operation includes over 20,000 domains and 200 templates targeting brands across 100+ countries; version 3.0 allows custom templates
  • The AI enhancement reduces technical barriers, increasing accessibility and speed for deploying targeted phishing campaigns, contributing to the rise in phishing and spoofing crimes reported in 2024

Hydrotreated Vegetable Oil Cuts Data Center Emissions but Faces Challenges

HVO lowers greenhouse gas emissions by up to 90% compared to diesel but is not emission-free, faces supply limitations, higher costs, and environmental trade-offs, impacting datacenter sustainability efforts.

  • Digital Realty tested and began using hydrotreated vegetable oil (HVO) in US datacenters in 2024, following European trials
  • HVO reduces Scope 1 CO2 emissions by up to 90%, with a 13% reduction in particulate matter and 6% in NOx emissions
  • HVO is produced via hydrogenation of feedstocks like rapeseed, soybean, used cooking oil, and fats, compatible with standard diesel engines, but more expensive and less available than diesel

Microsoft Fixes Server 2025 Remote Desktop Freeze Bug

Microsoft fixed a bug causing Server 2025 Remote Desktop session freezes in KB5055523, addressing issues from February’s faulty Windows 11 24H2 update that made sessions unresponsive.

  • Microsoft released a patch in KB5055523 on April 22, 2025, fixing a bug causing Server 2025 Remote Desktop sessions to freeze
  • The issue originated from the February update to Windows 11 24H2 and Server 2025, introduced in a botched update
  • The bug caused sessions to become unresponsive to keyboard and mouse input, requiring disconnection and reconnection; the fix addresses this problem

GreyNoise detects 800% surge in Ivanti VPN endpoint scans

GreyNoise detects an 800% surge in Ivanti VPN endpoint scans, suggesting reconnaissance activity that may precede vulnerabilities or exploits; Ivanti advises migrating from unsupported versions.

  • GreyNoise reports an 800% increase in IP scans targeting Ivanti Connect Secure and Pulse Secure systems last week, with 234 probes on April 18.
  • Over the past 90 days, 1,004 unique IPs scanned Ivanti VPN endpoints, with nearly a quarter (234) on a single day.
  • 634 IPs were labeled “suspicious,” 244 “malicious,” and 126 “benign,” indicating coordinated reconnaissance potentially leading to exploitation.

M&S halts online orders amid ongoing cyber incident

M&S halted online orders on April 25, 2025, amid a cyber incident affecting multiple services, with ongoing investigations and customer data security concerns.

  • M&S paused online orders via website and app due to ongoing “cyber incident” as of April 25, 2025
  • Contactless payments and Click & Collect services were previously suspended; website and app orders continued until today
  • Issues include inability to redeem gift cards, missing loyalty receipts, and unavailable self-serve kiosks; incident began on April 22, 2025

Ryan Discovers Calculator Fault Rooted in Poor Wiring and Low Voltage

Ryan identified a hardware fault in calculators caused by low voltage (64V) due to inadequate wiring, which was fixed by installing heavier cables, restoring proper operation.

  • Ryan diagnosed a hardware fault in a customer’s calculators by measuring 64 volts at a 115V outlet using a multimeter
  • The issue was caused by inadequate wiring in trailers, which was resolved by electricians installing heavier cables
  • The faulty wiring led to erratic calculator behavior and dim displays, highlighting the importance of proper electrical infrastructure in field service

SAP issues emergency fix for critical zero-day in NetWeaver

SAP issued an emergency patch for CVE-2025-31324, a critical zero-day in NetWeaver’s metadata uploader, potentially exploited for full system compromise and lateral movement.

  • SAP released an emergency out-of-band patch for a critical vulnerability in NetWeaver CVE-2025-31324, suspected to be exploited as a zero-day
  • The flaw involves the metadata uploader component in NetWeaver’s Visual Composer app-building tool, allowing unauthenticated malicious file uploads
  • Exploitation could enable full system control, ransomware deployment, and lateral movement; attackers have reportedly already exploited the vulnerability

DIY DOS Bootable USB: Running Legacy Apps via BIOS Emulation

A DIY DOS bootable USB key leverages BIOS/UEFI emulation with SvarDOS and VirtualBox, enabling legacy DOS apps like WordPerfect and Word to run on modern hardware without network or multimedia support.

  • Article details creating a bootable DOS environment on modern PCs using a USB key with FAT16 or FAT32 images based on SvarDOS, derived from Enhanced DR-DOS kernel.
  • The USB-DOS project on GitHub offers images that boot directly into a graphical menu, including applications like MS Word, Protext, WordPerfect Editor, and utilities like Adobe Reader for DOS.
  • The method involves using VirtualBox to create raw disk VMDK files linked to USB devices, enabling DOS to boot from USB via BIOS/UEFI emulation, despite limitations like no modern hardware support or networking.

UK Bans Export of Video Game Controllers to Russia Amid Drone Concerns for Ukraine’s Frontline

UK imposes export bans on video game controllers to Russia to prevent their use in piloting drones on Ukraine’s frontline, amid broader sanctions targeting Russia’s defense and energy sectors.

  • UK bans export of video game controllers to Russia, citing potential use for piloting frontline drones in Ukraine.
  • Over 150 new trade measures against Russia include restrictions on chemicals, electronics, machinery, metals, and software for defense and energy sectors.
  • Most controllers are made in China; banning UK sales may not prevent re-export via Chinese suppliers, as controllers connect via USB or Bluetooth designed for close proximity, unlike high-range drone controls.

Perplexity’s New Browser Aims to Challenge Google

Perplexity plans to release Comet, a browser designed to build AI agents capable of accessing third-party services, challenging Google’s dominance and expanding distribution through OEM partnerships like Motorola.

  • Aravind Srinivas, CEO of Perplexity, aims to challenge Google by integrating AI assistants into browsers and preinstalling on Android via partnerships like Motorola.
  • Plans to release the Perplexity browser, Comet, in May 2025, leveraging it as a containerized OS to access third-party services, scrape pages, and perform reasoning.
  • Perplexity has grown from 1 million to nearly 30 million monthly active users, handling approximately 600 million queries per month (~14% of Google’s volume); raised hundreds of millions at an $18 billion valuation.
  • Secured distribution deal with Motorola for pre-installation on Razr phones, capitalizing on antitrust scrutiny on Google; aims to expand to OEMs and develop versions for Mac and Windows.
  • The assistant on iOS uses Apple EventKit SDK for limited app control (Reminders, Podcasts, Apple Music, Maps) without special permissions; focuses on deep linking and client-side actions.
  • Srinivas emphasizes building a browser as a platform for building AI agents, enabling access to third-party services, client-side scraping, and reasoning, viewing it as the final frontier beyond OS-level control.
  • Discussed challenges with publishers over scraping content, now respecting robots.txt and using third-party data sources; plans to continue refining publisher relations.
  • Raises funds to develop frontier reasoning models, aiming to reduce costs and expand user base, with a focus on collecting data to improve models and personalization.
  • Mentioned ongoing efforts to acquire TikTok, citing control over algorithms and decoupling challenges; sees the browser as key to cross-platform context and memory for personalized AI.
  • Srinivas predicts the OS will be the ultimate battleground, with the browser as a critical step toward owning the user environment and actions on the web and mobile.

Slate Auto’s $20k Electric Pickup: Simple Design, Plastic Panels, 150-Mile Range

Slate Auto’s $20,000 electric truck, produced in the US, emphasizes extreme simplicity with plastic body panels, no infotainment, and DIY customization, aiming for rapid profitability and investor interest including Jeff Bezos.

  • Slate Auto plans to produce a $20,000 electric pickup in 2026, with federal incentives reducing the price.
  • The vehicle features a minimalist design, no paint, no stereo, no touchscreen, 150 miles range, and a two-seat configuration.
  • Manufacturing relies on injection-molded plastic body panels, eliminating the need for paint shops and stamping, simplifying production and reducing costs.

Google Halts Nest Thermostat Updates in Europe Starting Oct 25, 2025

Google will end software updates for early Nest Thermostats on October 25, 2025, removing remote control features and ceasing sales in Europe due to regional heating complexities.

  • Google announced the end of software support for first-generation Nest Learning Thermostat (2011) and second-generation models, effective October 25, 2025
  • Support removal includes remote control via Google Home and Nest apps; local control remains possible
  • European Nest thermostats from 2014 will be phased out; current models (Nest Thermostat 3rd gen, 2015, and Thermostat E, 2018) will continue to be sold while supplies last
  • Google cites “unique” heating challenges in Europe as reason for discontinuing sales and support
  • Owners will be able to create and modify schedules from the Google Home app later in 2025
  • Google offers discounts: $130 in the US, $160 in Canada, and 50% off the Tado Smart Thermostat X in Europe to mitigate frustration

U.S. Attorney Threatens Wikipedia’s Nonprofit Status Over Foreign Influence Allegations

U.S. Attorney Ed Martin threatened Wikipedia’s nonprofit status, alleging it allows foreign manipulation, and demanded transparency on its editorial and safety processes amid broader political criticism.

  • U.S. Attorney Ed Martin accused Wikipedia of allowing foreign actors to manipulate information and spread propaganda, threatening its nonprofit status.
  • The April 24, 2025, letter requests details on Wikimedia Foundation’s editorial process, trust and safety measures, and protections against foreign influence.
  • The letter claims Wikipedia permits manipulation of historical and biographical content related to U.S. leaders and national security, violating its Section 501(c)(3) status.