Alvaro Lopez Ortega / 2025-05-12 Briefing

Created Mon, 12 May 2025 19:16:49 +0000 Modified Sun, 22 Jun 2025 21:10:09 +0000
2316 Words

Today’s top news highlights include Google’s first icon update in a decade with a vibrant gradient design, the Trump administration’s exploration of AI chip exports to regional allies amid security concerns, and Perplexity’s $200 million Series C funding to expand AI search and chat tools. Additionally, cybersecurity incidents and ongoing challenges in software-defined vehicle development made headlines.

▶️ Internet Infrastructure

Google Refreshes Its ‘G’ Icon with Vibrant Gradient After 10 Years

Google updates its ‘G’ icon with a vibrant, gradient design blending four colors, first seen on iOS and Android apps, marking its first change in 10 years, with no logo overhaul.

  • Google updates its ‘G’ icon for the first time in 10 years, replacing the previous circular design with a more vibrant, gradient version that blends red, yellow, green, and blue.
  • The new icon, featuring a gradient bleed between colors, is already in use on the Google Search app for iOS as of May 11, 2025, and on Android with Google app 16.18 (beta).
  • The update does not currently affect the main six-letter Google logo or other product logos, though future updates to icons like Chrome or Maps are possible.

Trump Admin Explores AI Chip Exports to G42 and Saudi Arabia

The Trump administration is negotiating a potential export of hundreds of thousands of U.S.-designed AI chips to G42 and Saudi Arabia, amid regional strategic efforts and security concerns, with some chips linked to OpenAI.

  • Trump administration considers a deal to export hundreds of thousands of U.S.-designed AI chips to G42, an Emirati AI firm with past ties to China.
  • Negotiations involve chips with limited oversight, some linked to G42’s partnership with OpenAI; deal not yet finalized.
  • Potential additional agreement with Saudi Arabia to supply tens of thousands of semiconductors and AI technology support from Nvidia and AMD.
  • The U.S. began requiring licenses for AI chip exports during Biden administration due to military and surveillance technology concerns.
  • The deal reflects a shift in U.S. policy favoring regional AI technology expansion, contrasting with Biden-era restrictions aimed at preventing autocratic governments from gaining AI advantages.

GlobalX Airline Hit by Cyberattack Exposing ICE Deportation Flight Data

GlobalX, a charter airline supporting ICE deportation flights, suffered a cybersecurity incident on May 5, 2025, with attackers claiming data theft including deportation flight records.

  • GlobalX, a US charter airline used for ICE deportation flights, experienced a cybersecurity breach on May 5, 2025
  • Attackers claim to have stolen flight records and passenger manifests dating back to January, including deportation flight data
  • The company activated incident response protocols, engaged cybersecurity experts, and informed law enforcement; full scope of breach remains unknown

Enhancing Security with Unified Asset Data Aggregation for Better Visibility

Aggregating asset data from multiple security tools enhances visibility, identifies gaps, and supports proactive security management, improving control coverage and operational efficiency.

  • Managing IT assets via aggregated data improves visibility, security posture, and operational efficiency.
  • Disparate security tools (e.g., Microsoft Intune, Jamf, CrowdStrike, Tenable, Entra) often report inconsistent asset data, revealing gaps upon aggregation.
  • Asset inventory discrepancies include 5,500 total devices, with 200 missing CrowdStrike sensors, 300 lacking MDM, 100 missing vulnerability data, and 150 with misconfigured EDR; 75 users have no device record, 15 with high-risk access.
  • Manual data collection and analysis are time-consuming; Prelude Security’s platform aims to automate aggregation to reduce effort.
  • Aggregated data exposes control gaps in real time, enabling proactive vulnerability mitigation and better control coverage.
  • Consolidated inventory supports justified security investments and enhances the effectiveness of existing tools like EDR and IAM.
  • Complete visibility into assets helps close security gaps, improve control consistency, and optimize security tool performance.

▶️ Open Source

Carnegie Mellon’s LegoGPT Turns Text Prompts into Stable Lego Models

Carnegie Mellon University’s LegoGPT converts text prompts into stable Lego brick designs within a 20x20x20 grid, integrating physical laws for real-world feasibility and future expansion.

  • LegoGPT generates physically stable Lego designs from text prompts, limited to a 20 x 20 x 20 grid and eight basic brick types
  • The system creates a ShapeNetCore mesh, voxelizes it, and determines brick layout with stability analysis, randomizing variations for structural integrity
  • Developed by Carnegie Mellon University researchers, it aims to enable rapid, realistic prototyping and personalized manufacturing, with future expansion plans

zVault Releases Second Preview to Create Fully FOSS FreeBSD NAS OS

zVault is an all-FOSS FreeBSD-based NAS OS project, releasing its second preview to replace proprietary components, with plans for stable release and FreeBSD 14 rebasing.

  • zVault is a community-driven, all-FOSS NAS OS based on FreeBSD 13.3, aiming to continue TrueNAS CORE development after iXsystems shifted focus to TrueNAS SCALE.
  • The second preview release addresses intellectual property issues from the first preview, with plans to remove proprietary files and produce an all-FOSS version.
  • The roadmap includes achieving a stable release, updating to version 13.5, and rebasing on FreeBSD 14; current status is a work-in-progress preview.

▶️ Management and Leadership

Reverse Engineering Windows Defender Disablement via WSC API

The author reverse engineered WSC to disable Windows Defender, discovering signature and token checks, and debugged the service remotely, facing significant technical and environment challenges.

  • Implemented defendnot, a tool to disable Windows Defender via Windows Security Center (WSC) API, by directly interacting with COM interfaces.
  • Reverse engineered WSC’s validation, discovering it checks process signatures, DllCharacteristics flags (notably ForceIntegrity), and token SID impersonation.
  • Debugged WSC service on an ARM MacBook using a remote Windows VM with PPL removal, overcoming high latency and environment constraints.

Linux Audio Chaos in 2025: Legacy Issues and Compatibility Challenges

Linux audio remains unreliable in 2025 due to legacy ALSA, PulseAudio, and PipeWire layers, causing device detection, routing, and accessibility issues, especially for blind users.

  • Linux audio stack involves ALSA, PulseAudio, and PipeWire, with ongoing issues in device detection, routing, and session management in 2025
  • PipeWire, the modern low-latency system replacing PulseAudio, still faces compatibility challenges as most apps rely on PulseAudio interfaces
  • Troubleshooting requires complex CLI commands (pactl, pacmd, journalctl), with frequent crashes, device recognition failures, and inconsistent Bluetooth support

Native Windows Todo App in C with Win32 API and Data Persistence

A native Windows Todo application developed in C using Win32 API, featuring data persistence, system tray support, and a 54 KB executable size.

  • Lightweight Windows Todo app built with pure C and Win32 API, size 54 KB
  • Supports creating, editing, deleting, and marking todos as complete
  • Stores data in %APPDATA%\TodoApp\todos.dat, with persistent binary storage

Legacy Automakers Struggle with Software-Defined Vehicle Development Amid Tesla Lead

Legacy automakers struggle with SDV development, facing delays, software bugs, and organizational rework, while Tesla and Chinese brands lead with fully integrated, OTA-updatable systems.

  • Ford announced merging FNV4, its next-gen electrical architecture, into existing FNV3 after delays, aiming to improve EV and internal combustion vehicle upgradeability.
  • Legacy automakers like GM, Ford, VW, Volvo, BMW, and Mercedes face ongoing challenges in developing true software-defined vehicles (SDVs), with many still in early stages or experiencing software issues.
  • Tesla pioneered SDVs with over-the-air updates and centralized computing; other companies like Rivian, Lucid, and Chinese brands have built ground-up systems, while many legacy automakers struggle with organizational and technical rework.
  • GM’s Ultium platform and Volvo’s SDV efforts exemplify mixed success, with issues like bugs, delays, and outsourcing software development to third parties such as Mobileye and Rivian.
  • VW’s Cariad division faced billions in losses and outsourcing, relying on partnerships and zonal architecture, but remains behind Tesla and newer entrants.
  • The transition to SDVs requires merging traditional safety-focused development with rapid, innovative software practices, complicated by hardware constraints like limited 12V power supplies in ICE vehicles.
  • Future SDV leaders are likely to be Tesla, Rivian, Lucid, and Chinese automakers; most legacy companies are years away from full SDV deployment, with ongoing teething problems and organizational hurdles.

CISA Shifts Routine Cyber Alerts to Email, RSS, and X Amid Budget Cuts

CISA shifted routine cyber alerts to email, RSS, and X, focusing website updates on urgent threats, amid staff cuts and a 17% budget reduction, aligning with broader US government communication changes.

  • CISA announced routine cyber alerts, updates, and guidance will now be shared via email, RSS, and X instead of its website, effective May 12, 2025
  • Only urgent alerts related to emerging threats or major cyber activity will be posted on the official website
  • Sign-up for CISA email notifications and subscribe to GovDelivery for Vulnerabilities Catalog; X account @CISACyber will also carry updates
  • The policy shift may be linked to staff cuts at CISA, which began in March under Musk-influenced cost-cutting measures; further layoffs are expected amid proposed 17% budget reduction for 2026
  • CISA’s move follows other US agencies, such as the National Transportation Safety Board and Social Security Administration, shifting official communications to Elon Musk’s X platform
  • Former CISA chief Jen Easterly criticized budget cuts and resource undermining amid increasing cyber threats, including Chinese actors infiltrating critical infrastructure

Low Adoption of Microsoft 365 Copilot Due to Challenges and Limited ROI

Only 16% of organizations have transitioned from pilot to deployment of Microsoft 365 Copilot; barriers include ROI, data security, integration, and stakeholder resistance, with QA providing targeted training and support.

  • Only 16% of companies have moved beyond pilot phase for Microsoft 365 Copilot, despite 60% piloting it.
  • Main challenges include unclear ROI, data governance risks, integration complexity, and lack of stakeholder buy-in.
  • QA offers role-based training, integration support, and ongoing skills development to facilitate scale-up and responsible AI use.

UK NCSC Urges International Standards to Boost Software Security

UK’s NCSC calls for international standards and intervention to incentivize secure software, amid industry resistance, aiming to improve global cybersecurity resilience through voluntary codes and market-driven change.

  • UK’s National Cyber Security Centre (NCSC) advocates for intervention to hold vendors accountable for insecure software, citing a “non-functional market” where security investments are unrewarded.
  • Industry leaders from Vodafone, Mandiant, Sage, and Canadian cybersecurity experts contest the idea that vendors prioritize profit over security, emphasizing market-driven change.
  • The NCSC launched its Software Security Code of Practice, a voluntary standard aimed at raising security benchmarks and enabling international adoption, similar to its AI Security Code ratified by ETSI.

Microsoft Extends Support for Microsoft 365 on Windows 10 Until 2028

Microsoft will support security fixes for Microsoft 365 apps on Windows 10 through October 2028, despite Windows 10’s end of support on October 14, 2025, with limited troubleshooting if not upgrading to Windows 11.

  • Microsoft commits to providing security updates for Microsoft 365 apps on Windows 10 until October 10, 2028
  • Support for Windows 10 ends on October 14, 2025, unless extended support is purchased
  • Support issues for Microsoft 365 apps on Windows 10 after October 14, 2025, will require upgrading to Windows 11 for troubleshooting; limited support available otherwise

Microsoft Delays Windows Insider Canary Builds Over Critical Bug

Microsoft halted Canary channel Windows Insider builds due to a critical bug affecting core OS features, with a fix in progress expected to be deployed by week’s end.

  • Microsoft postponed Windows Insider Canary builds due to a severe bug impacting core functionality.
  • The bug affects features including Bluetooth, Wi-Fi, USB accessories, and Windows Hello, making basic tasks difficult.
  • The issue is linked to a code change in recent builds and has not been present in publicly released Insider flights; validation efforts aim to deliver a fix by the end of the week.

Apple Considers Higher iPhone Prices Amid Supply Chain and Tariff Challenges

Apple plans to raise iPhone prices in the fall without citing tariffs, as high-end models remain produced mainly in China; tariff reductions and supply chain shifts influence pricing and manufacturing strategies.

  • Apple considers raising iPhone prices for the fall lineup, aiming to avoid attributing increases to U.S. tariffs on Chinese goods
  • The U.S. and China agreed to reduce tariffs to 10%, but a 20% tariff on Chinese smartphones remains in place
  • High-end iPhone models (Pro and Pro Max) will continue to be produced mainly in China; Indian manufacturing is insufficient for mass production of these models
  • Apple built inventory in March ahead of tariffs and shifted some manufacturing to India, which accounted for 13-14% of global iPhone shipments last year, expected to double in 2025
  • The company faces a potential $900 million additional cost this quarter due to tariffs, with plans to explore U.S. production but expects years-long transition
  • Apple aims to increase Indian exports to meet U.S. demand, but analysts estimate reaching 40 million units in India within two years is challenging

▶️ Technology

Embeddings Transform Technical Writing with Large-Scale Text Connections

Embeddings, increasingly accessible, allow technical writers to analyze and connect texts at scale by representing content in high-dimensional latent space, enabling semantic similarity comparisons.

  • Embeddings enable discovery of connections between texts at large scales, significantly impacting technical writing.
  • Embeddings produce fixed-length arrays (e.g., 768 or 1024 numbers) regardless of input size, facilitating semantic comparison.
  • Models vary in input token limits; Voyage AI’s voyage-3 supports up to 32,000 tokens, outperforming others like Google’s text-embedding-004 with 2,048 tokens.

How Self-Attention Heads Use Simple Pattern Matching for Complex Representations

The article clarifies that individual attention heads perform simple pattern matching via dot products in impoverished query/key spaces, enabling complex representations through multi-head attention and layering.

  • The post explains the “why” behind the matrix operations in self-attention, emphasizing that individual attention heads are simple pattern matchers.
  • Each attention head is “dumb,” projecting input embeddings into a low-dimensional query and key space to perform dot product similarity.
  • Multi-head attention and layering enable complex, enriched representations over multiple layers, removing fixed-length bottlenecks in sequence modeling.

Perplexity Raises $200M in Series C to Expand AI Search and Chat Tools

Perplexity secured $200 million in Series C funding on April 24, boosting its valuation to $14 billion, to expand AI-powered search and chat tools for enterprise use.

  • Perplexity, an AI startup, raised $200 million in a Series C funding round on April 24, valuing the company at $14 billion
  • The funding was led by Thrive Capital, with participation from other investors
  • Perplexity develops AI-powered search and chat tools, integrating large language models for enterprise applications