Alvaro Lopez Ortega / 2025-05-09 Briefing

Created Fri, 09 May 2025 18:41:42 +0000 Modified Sun, 18 May 2025 18:47:07 +0000
2318 Words

Today’s news highlights include the US DOJ’s move to break Google’s Chrome monopoly, the US Senate’s chip security bill to prevent smuggling, and 37signals’ significant cost savings by migrating from AWS to on-prem storage. Additionally, CERN’s ALICE experiment confirmed lead-to-gold transmutation, showcasing advances in nuclear physics.

▶️ Internet Infrastructure

37signals Switches from AWS S3 to On-Prem Storage to Save $1.3 Million Annually

37signals is completing its cloud-to-on-prem data migration, expecting to save $1.3 million annually by replacing AWS S3 with Pure Storage arrays, reducing overall infrastructure costs from $3.2 million to under $1 million.

  • 37signals is migrating its data from AWS S3 to on-prem storage provided by Pure Storage, aiming to eliminate its ~$1.5 million/year S3 hosting bill.
  • The company spent $1.5 million on 18 petabytes of Pure Storage hardware, projected to cost less than $200,000 annually to operate, saving approximately $1.3 million per year.
  • AWS waived $250,000 in egress fees to facilitate data transfer; the company plans to delete its AWS account entirely by summer 2025.

US DOJ Demands Google Divest Chrome to Break Browser Monopoly

US DoJ seeks Google’s divestiture of Chrome, risking major market shifts; Chrome’s 51.7% US share and $50B+ valuation attract buyers like OpenAI, Yahoo, and others, with potential industry-supported open-source replacements.

  • US Department of Justice (DoJ) demands Google divest Chrome and ban payments to default search providers, aiming to break Google’s browser dominance.
  • Chrome holds approximately 51.7% of US web browser market share as of May 7, 2025, with estimates of desktop share near 70-66%, making it highly valuable.
  • Potential buyers include OpenAI, Yahoo, Perplexity, and possibly Microsoft; Mozilla warns that losing Google’s search revenue could threaten Firefox’s survival.
  • Google and the Linux Foundation announced the Supporters of Chromium-Based Browsers initiative, supporting industry collaboration on open-source Chromium projects.
  • If sold, Google might replace Chrome with an industry-supported open-source browser, maintaining a browser presence while complying with antitrust rulings.

Senator Cotton’s Chip Security Act Mandates Location Verification for Exported Chips

US Senator Tom Cotton’s Chip Security Act proposes mandatory location verification mechanisms in exported advanced chips within six months, aiming to prevent smuggling and safeguard US tech dominance.

  • US Senator Tom Cotton proposed the Chip Security Act requiring export chips to include a “location verification mechanism” within six months of enactment
  • The bill mandates licensed exporters report diversion, misuse, or tampering, including disabling or spoofing tracking tech
  • The bill defines “chip security mechanism” as software, firmware, hardware, or physical security; initial implementation flexibility is granted, with location verification required within 180 days
  • Long-term, the Secretary of Commerce, in coordination with Defense, will explore and establish specific chip security requirements periodically
  • The bill does not specify how location tracking would work, allowing vague methods like attaching tracking devices or cryptographic signatures, with potential for spoofing
  • The bill aims to safeguard US technological edge and expand market access without explicit backdoors or kill switches
  • The bill follows the US Commerce Department’s recent rescinding of a Biden-era AI export control rule to China
  • The bill emphasizes maintaining and expanding US leadership in global chip markets while preventing diversion to adversaries

US Proposes 3-Year, Zero-Funded NAS Modernization to Upgrade FAA Infrastructure

US Transportation Secretary Sean Duffy proposes a three-year, $0-funded NAS modernization to replace outdated FAA systems, including radar, automation, and communication infrastructure, by 2028, requiring Congress funding upfront.

  • US Transportation Secretary Sean Duffy proposes a three-year overhaul of the National Airspace System (NAS) to modernize outdated FAA air traffic control infrastructure by 2028.
  • The plan includes replacing legacy systems such as radar, analog radios, and control software with IP-based telecommunications, fiber, satellite, wireless networks, VoIP equipment, and digital flight strips.
  • The upgrade aims to eliminate 618 aging radar systems, modernize automation and display systems, and rebuild or replace dozens of deteriorating air traffic control facilities, with no specified cost.

▶️ Open Source

Pi-hole on Raspberry Pi Blocks Two-Thirds of Network Traffic for Better Privacy

Pi-hole, installed on a Raspberry Pi, blocks 66.6% of network traffic by filtering domains, enhancing privacy and security, with minimal setup time and community-supported domain blocklists.

  • Pi-hole is software running on a Raspberry Pi that acts as a DNS proxy within a home network, blocking unwanted domains such as trackers and ad servers.
  • On the author’s network, 66.6% of all traffic is blocked with no functional impact, reducing unnecessary network requests.
  • Setup requires a Raspberry Pi, monitor, mouse, keyboard, and following Pi-hole installation instructions; configuration of network DNS routing is essential.

Rybbit: A Privacy-Focused, Open-Source Alternative to Google Analytics

Rybbit is an open-source, privacy-focused web analytics platform providing key metrics, customizable goals, and real-time dashboards, available as a hosted service or self-hosted solution.

  • Rybbit is an open-source, privacy-friendly alternative to Google Analytics, designed to be 10x more intuitive.
  • The project is licensed under AGPL-3.0, with over 3.9k stars and 104 forks on GitHub.
  • It offers both hosted (cloud service) and self-hosting options, with comprehensive documentation and active development (latest release v0.1.3 on May 9, 2025).

Mycoria: A Secure, Scalable Overlay Network Focused on Privacy and Simplicity

Mycoria is an open, secure overlay network prioritizing encryption, scalability, and simplicity, supporting features like DNS resolution, service discovery, and encrypted routing, with ongoing privacy enhancements.

  • Mycoria is an open, secure overlay network emphasizing freedom, encryption, and scalability, designed to connect all participants with minimal infrastructure.
  • Core features include automatic end-to-end encryption, modern cryptography, scalable routing, DNS resolution for .myco, service discovery, and network auto-optimization (WIP).
  • The project aims for simplicity, compatibility with existing infrastructure, security by default, and privacy, with ongoing development of private address rotation and auto-healing features.

Rust Dependency Bloat and Maintenance Concerns Highlighted by Large Codebase

Rust’s dependency ecosystem, while productive, raises concerns over unmaintained crates, codebase size, and auditability, exemplified by a 3.6 million line project and limited visibility into compiled code.

  • Rust’s ecosystem relies on crates.io, with dependencies added via cargo add or Cargo.toml, similar to NPM.
  • The author experienced issues with unmaintained crates, such as dotenv (advisory RUSTSEC-2021-0141), prompting reconsideration of dependency necessity.
  • A project with dependencies including Axum, Reqwest, Ripzip, Serde, Tokio, Tower-HTTP, Tracing, and Tracing-subscriber totaled 3.6 million lines of Rust when vendored; removing vendored packages reduces this to 11,136 lines.
  • The entire Linux kernel comprises approximately 27.8 million lines, raising concerns about auditing large codebases.
  • The author questions how often companies like Cloudflare audit dependencies like Tokio, which is heavily used in production.
  • Cargo lacks straightforward tools to determine which lines of code are included in the final binary, especially for platform-specific items.

US Treasury Reviews $75M Investment in Chinese AI Startup Manus

US Treasury is examining Benchmark Capital’s $75 million investment in Chinese startup Manus AI amid new AI investment restrictions, questioning if it complies with the 2023 outbound investment law.

  • US Treasury is reviewing a $75 million Benchmark Capital investment in Chinese startup Manus AI, following an inquiry into compliance with 2023 outbound investment restrictions.
  • The law, part of an executive order signed by President Biden, requires notification of investments in sensitive technologies like AI that could impact US interests.
  • Benchmark and Treasury declined comment; Manus did not respond; lawyers argued Manus is a “wrapper” using existing models and is not developing its own AI models or based in China.

Lazarus 4 Released with Enhanced Docking and Multi-Platform Support

Lazarus 4, released in May 2025, is a multi-platform IDE for FreePascal with enhanced docking features, supporting various OS architectures, built on FreePascal 3.2.2, and aims to boost Pascal development.

  • Lazarus 4, the latest version of the open-source, Delphi-compatible IDE for FreePascal, was released in May 2025.
  • Built on FreePascal 3.2.2 (2021), it replaces Lazarus 3.8, released in December 2023.
  • Major updates include built-in docking and docked-form editor, configurable via options, with support for Windows, Linux, FreeBSD, macOS (PowerPC, x86, Arm64), and Raspberry Pi 4+.

openSUSE removes Deepin Desktop Environment over security concerns

SUSE removed Deepin Desktop Environment from openSUSE over security violations, citing critical vulnerabilities and poor design, with the repository still accessible for manual setup.

  • openSUSE removed Deepin Desktop Environment (DDE) from its community Linux distribution due to security policy violations, as detailed in SUSE security blog
  • DDE, developed by Chinese vendor Uniontech for Linux Deepin, is criticized for security flaws including D-Bus and Polkit abuses, privilege escalation vulnerabilities, and poor design decisions
  • Issues with DDE’s packaging and upstream responses led SUSE to exclude it from openSUSE; the package repository remains available for manual installation

▶️ Software Development

Understanding Linear Regression and Gradient Descent for Stable Model Fitting

The article explains linear regression and gradient descent, showing how squared error enables stable, efficient model fitting by minimizing prediction errors in machine learning.

  • Explains how linear regression models house prices using a line defined by slope and intercept
  • Describes error measurement methods: absolute error and squared error, highlighting squared error’s smoothness and stability
  • Details gradient descent as an optimization algorithm to minimize error functions, emphasizing squared error’s suitability for this process

▶️ Management and Leadership

US Ends Investigation into Scale AI Amid Policy Shifts and Litigation

The U.S. Department of Labor dropped its investigation into Scale AI’s FLSA compliance, amid policy shifts and Scale’s political engagement, despite ongoing lawsuits over worker classification and pay.

  • The U.S. Department of Labor dropped its investigation into Scale AI’s compliance with the Fair Labor Standards Act (FLSA), according to a source familiar with the matter.
  • The investigation, initiated in March, also included Scale’s HR partners Upwork and HireArt, which are now no longer under investigation.
  • Scale AI, valued at $13.8 billion last year, relies on contractors for critical AI labeling work; it has faced lawsuits alleging employee misclassification and underpayment.
  • The DOL’s decision to end the probe may relate to recent policy shifts, including a relaxation of enforcement of worker classification rules announced on May 1, and Scale’s efforts to align with the Trump administration.
  • Scale AI’s CEO Alexandr Wang attended Trump’s inauguration and has publicly urged Trump to invest in AI; former managing director Michael Kratsios was appointed White House OSTP director in March.
  • Scale AI declined to comment; the company expressed satisfaction with the DOL’s decision, emphasizing the importance of flexible work opportunities in AI.

Mastering Project Completion in Large Tech Firms

Getting things done in large tech firms means finishing projects to satisfy decision-makers by delivering high-impact, visible work, and knowing when to declare completion and shift focus.

  • “Getting things done” in large tech companies requires finishing projects to a state where decision-makers are satisfied
  • Success involves delivering visible, high-impact work that aligns with company priorities and is understandable to managers and skip-levels
  • Engineers often focus on continuous improvements, but effective completion means declaring victory and moving on

Oracle Java Audits Surge Ahead of Year-End Amid Cost Concerns

Oracle Java audits are increasing globally ahead of fiscal year-end, as the shift to a per-employee license model raises costs up to fivefold, prompting many companies to consider open-source alternatives.

  • Experts warn of increased Oracle Java audits as year-end approaches, driven by a shift to a per-employee licensing model that can increase costs by up to five times.
  • Oracle introduced paid Java subscriptions in September 2018 and switched to a per-employee pricing model in January 2023, causing price hikes of 2-5x for users.
  • Azul CEO Scott Sellers reports a global rise in audits and Java sales teams targeting companies downloading Java, with many contracts expiring at the end of May prompting reconsideration of Oracle licensing.
  • Azul launched JVM Inventory for runtime visibility; a 2025 Dimensional Research report shows 88% of Java users consider switching to open-source JVMs, up from 72% in 2023.
  • Industry experts advise organizations to prepare early for potential license issues, consider moving off Oracle Java, and avoid returning Oracle audit calls, which are often aggressive.

▶️ Technology

ALICE Detects Lead to Gold Transmutation at CERN’s LHC

ALICE measured lead-to-gold transmutation via electromagnetic dissociation during LHC lead–lead collisions, producing up to 89,000 gold nuclei/sec, confirming nuclear transmutation through photon–nucleus interactions.

  • ALICE collaboration measured the transmutation of lead into gold via near-miss lead–lead collisions at CERN’s LHC, published in Physical Review C on May 8, 2025
  • Gold nuclei produced at a maximum rate of approximately 89,000 nuclei per second during Run 2 (2015–2018), totaling about 86 billion nuclei, equivalent to 29 picograms
  • The process involves electromagnetic dissociation where high-energy electromagnetic fields induce photon–nucleus interactions, ejecting protons and neutrons; three protons are removed from lead to produce gold (79 protons)
  • Lead nuclei, containing 82 protons, travel at 99.999993% of light speed, creating intense electromagnetic fields that generate short-lived photon pulses capable of inducing nuclear transmutation
  • Gold nuclei emerge with high energy, fragmenting immediately upon hitting beam pipe or collimators; their production demonstrates electromagnetic nuclear transmutation at collider energies

Microsoft Uses AI to Accelerate Nuclear Fusion Development Toward Practical Energy

Microsoft advocates AI to accelerate nuclear fusion development, aiming for practical energy solutions within decades, despite fusion’s current experimental status and AI’s environmental challenges.

  • Microsoft promotes AI as a means to accelerate nuclear fusion research, aiming to develop practical fusion energy to support energy-intensive AI workloads.
  • Fusion energy remains in theoretical and experimental stages, with test reactors only briefly producing more energy than they consume.
  • Microsoft Research and fusion experts see AI-driven modeling and machine learning as tools to shorten the decades-long development timeline for fusion power.
  • Microsoft’s efforts include applying AI to material discovery and PDE solving, with the goal of finding optimal fusion configurations.
  • Fusion research is projected to produce pilot plants between 2035 and 2040, overlapping with delays at ITER, an international fusion project.
  • AI’s environmental impact is significant, with data centers consuming large amounts of water, critical minerals, and electricity, contributing to greenhouse gas emissions.
  • Microsoft addresses AI’s environmental footprint via carbon offsets, clean energy procurement, and hardware/software efficiency improvements.
  • Fusion advocates, including Steven Cowley, emphasize AI’s potential to reduce trial-and-error in fusion development, which currently involves billion-dollar experiments.
  • Fusion remains a long-term goal, with commercial viability possibly a decade or more away, but AI is viewed as a promising tool to accelerate progress.