Alvaro Lopez Ortega / 2025-05-13 Briefing

Created Tue, 13 May 2025 15:25:29 +0000 Modified Thu, 29 May 2025 17:31:33 +0000
2643 Words

Today’s highlights include the EU launching a real-time vulnerability database to enhance cybersecurity transparency, Nvidia and AMD partnering with Saudi Arabia for a $10 billion AI data center project, and Apple unveiling new accessibility features for iOS 19 and Vision Pro, reaffirming its commitment to inclusive innovation.

▶️ Internet Infrastructure

Mozilla Firefox Source Code Repository Features and Recent Updates

Mozilla’s firefox repository contains the source code for Firefox, with recent updates on bug fixes, build system changes, and feature enhancements as of May 2025.

  • The repository hosts Mozilla’s official Firefox web browser source code, with 4,000 stars and 132 forks.
  • Contains over 6,397 tags and 6 branches, with recent commits addressing bug fixes and feature updates as of May 13, 2025.
  • Includes extensive documentation, license info, and links to build instructions, contributing guidelines, and nightly builds.

Nix Flakes Fail to Deliver Flexibility and Stability in Dependency Management

Nix Flakes, designed to improve dependency management and reproducibility, have failed due to limited flexibility, lack of configurability, and unresolved technical issues, remaining unstable and unsupported.

  • Nix Flakes were introduced to enable declarative, reproducible dependency management without reliance on system-mutable state.
  • Flakes are limited to loading only other Flakes, requiring manual import of legacy projects like Nixpkgs, and lack configurability or extensibility.
  • The Nix community considers Flakes a failure due to stagnation, unresolved issues, and fundamental design flaws, with no plans for stabilization.

macOS Permission Spoofing Flaw CVE-2025-31250 Unpatched in Ventura and Sonoma

CVE-2025-31250 enables apps to spoof permission prompts on macOS via a bug in tccd, allowing user responses to be misapplied across applications; patched in macOS 15.5 but not in earlier releases.

  • CVE-2025-31250 allows applications to spoof macOS permission prompts, making them appear as if from other apps, and apply user responses to different applications.
  • The vulnerability exploits a bug in the TCCAccessRequestIndirect function of the tccd daemon, which handles TCC (Transparency, Consent, and Control) permissions.
  • Apple patched this flaw in macOS Sequoia 15.5; however, macOS Ventura 13.7.6 and Sonoma 14.7.6 are not patched as of the article’s publication.

Nvidia and AMD to Supply Chips for $10 Billion Saudi Data Center Project

Nvidia and AMD will provide chips for Saudi Arabia’s Humain data centers in a $10 billion project, enabled by US policy changes during Trump’s administration, announced at Riyadh forum.

  • Nvidia and AMD will supply chips to Saudi AI company Humain for a $10 billion data center project
  • Nvidia CEO Jensen Huang announced the partnership at the Saudi-US Investment Forum in Riyadh during President Trump’s visit
  • The project involves delivering advanced semiconductor technology to the region, lifting previous restrictions under a Trump administration initiative

Amazon Tests Warehouse Robots “Stow” and “Pick” Achieving Up to 91% Success

Amazon’s warehouse robots “Stow” and “Pick” demonstrate moderate success, with 85-91% task accuracy, but are not yet capable of fully replacing human workers due to failure rates and technical challenges.

  • Amazon tested robots “Stow” and “Pick” in warehouses, with “Stow” achieving 85% task success over 500,000 items and “Pick” achieving 91% success over 12,000 attempts.
  • “Stow” robot uses a pinch gripper, extendable plank, visual perception, and machine learning to optimize storage, with a speed comparable to human workers (243 UPH vs. 224 UPH).
  • “Pick” robot, deployed six hours daily from October 2024 to March 2025, has a 19.4% rejection rate due to vision failures; Amazon plans to improve VMP via visuomotor policy learning and Real2Sim modeling.

EU Launches Real-Time Vulnerability Database to Improve Transparency and Security

The EU launched the EU Vulnerability Database (EUVD) on May 13, 2025, offering real-time vulnerability tracking with CVE and EU-specific IDs, improving transparency and mitigation amid US system disruptions.

  • The European Vulnerability Database (EUVD) is now fully operational as of May 13, 2025, providing real-time updates on critical and exploited security flaws.
  • ENISA states the EUVD enhances transparency, vulnerability management, and risk mitigation, with data sourced from open-source databases, national CSIRTs, vendor advisories, and exploitation reports.
  • The EUVD assigns both CVE and EUVD identifiers, features three dashboards for critical, exploited, and EU CSIRTs-coordinated vulnerabilities, and is a response to US vulnerabilities tracking system issues amid US government funding and policy instability.

Commvault Patches Critical Path Traversal Flaw After Active Exploitation and Trial Delays

Commvault fixed a CVSS 10 path traversal vulnerability (CVE-2025-34028) in Command Center after active exploitation; updates for trial users were delayed, prompting policy changes for immediate patch access.

  • Commvault released a security update addressing CVE-2025-34028, a path traversal flaw with CVSS 10 severity, actively exploited via malicious ZIP files containing .jsp files.
  • The initial fix was ineffective for some users, including those testing free trial versions, due to incomplete updates and confusing advisory information.
  • Security researcher Will Dorman identified that even with the update, exploit attempts persisted, especially on unlicensed trial versions, prompting Commvault to revise update policies to ensure all users can deploy patches immediately.

Google Adds UWB Support to Find Hub for Precise Location Tracking

Google is adding UWB support to its rebranded Find Hub app and network, enabling precise location tracking for compatible devices, with satellite features planned for later this year.

  • Google is adding UWB support to its rebranded Find Hub app and network, enabling precise location tracking for compatible phones and trackers, with UWB activation expected later this month.
  • UWB offers more accurate close-range tracking than Bluetooth, providing both distance and directional data; Apple’s AirTag and Samsung’s SmartTags have supported UWB since 2021 and 2023 respectively.
  • The Moto Tag, launched in June 2024 with UWB support, will benefit from this update; however, Android device support is limited, with only some Pixel and Galaxy models including UWB chips, and Motorola’s Edge 50 Ultra (UWB-enabled) never launched in the US.
  • Alongside UWB support, Google is rebranding the network and app to Find Hub, adding a “People” tab for contact sharing, and plans to incorporate satellite connectivity later this year, including satellite SOS mode on Pixel 9 phones and tracker sharing with airline staff early next year.

▶️ Open Source

Nextcloud Accuses Google of Restricting File Access to Limit Competition

Nextcloud accuses Google of deliberately restricting its Android Files app by revoking “All files access” permission in 2024, citing privacy policies to limit competition and functionality.

  • Nextcloud alleges Google revoked “All files access” permission for its Android Files app in 2024, crippling functionality despite prior approval since 2016
  • The app requires broad file access to synchronize all file types; alternatives like SAF and MediaStore API are insufficient for its needs
  • Google’s policy change restricts app updates targeting Android 11+, citing privacy concerns, but Nextcloud claims it is a move to suppress competition and reduce functionality

▶️ Management and Leadership

Apple Unveils New Accessibility Features for iOS 19 and Vision Pro at WWDC 2025

Apple unveiled iOS 19 accessibility features, including App Store Nutrition Labels, Magnifier for Mac, system-wide Accessibility Reader, Braille Access, Live Captions on Apple Watch, Vision Pro enhancements, and Personal Voice upgrades, enhancing device accessibility and support for diverse disabilities.

  • Apple announced new accessibility features for iPhone, iPad, Mac, Apple Watch, and Vision Pro ahead of WWDC 2025, celebrating 40 years of accessibility innovation.
  • iOS 19 and macOS 16 will include Accessibility Nutrition Labels on the App Store, showing supported accessibility features like VoiceOver, Voice Control, Larger Text, and Sufficient Contrast.
  • New Magnifier app for Mac, using Continuity Camera or USB camera, allows zooming, object detection, and text recognition; system-wide Accessibility Reader enhances text readability; Braille Access transforms devices into braille note takers with BRF file support and real-time transcription.
  • Live Captions on watchOS 12 will enable real-time transcription and control of Live Listen on Apple Watch; Vision Pro updates include magnification, Live Recognition, and camera-based assistance for low vision users.
  • Personal Voice feature revamped to require only 10 phrases for training, producing more natural voices, with added support for Spanish (Mexico); additional features include improvements to Eye Tracking, Background Sounds, Sound Recognition, Voice Control, and more, supporting multiple languages and accessibility protocols.

John Carmack Urges Software Optimization for Outdated Hardware to Boost Innovation

John Carmack advocates for optimizing software to run on older hardware, emphasizing market-driven resource scarcity and proposing monolithic native codebases to sustain innovation.

  • John Carmack suggests that more of the world could operate on outdated hardware if software optimization was prioritized, driven by market signals on scarce compute resources.
  • He proposes rebuilding interpreted microservice-based products into monolithic native codebases to improve efficiency.
  • Carmack notes that without access to super cheap and scalable compute, the development of innovative new products would become much rarer.

UK NCSC Confirms Strong Cybersecurity Ties with US CISA Despite Political Tensions

UK NCSC officials affirm ongoing, unaffected cooperation with US CISA, emphasizing strong transatlantic cybersecurity ties despite US political criticisms and concerns over CISA’s current administration.

  • UK NCSC officials state their relationship with US CISA remains unchanged post-Trump, with ongoing cooperation and “embeds” inside CISA.
  • UK officials emphasize the importance of US-UK cybersecurity partnership despite US political tensions and criticisms of CISA under Trump.
  • CISA maintains that its partnership with UK NCSC is strong, with no public indication of disengagement or removal of UK embeds from CISA.

Linus Torvalds Switches Back to Cherry MX Blue Keyboard for Better Feedback

Linus Torvalds returned to a Cherry MX Blue mechanical keyboard after experimenting with a quieter model, citing improved feedback and reduced typos, blaming autocorrect for previous mistakes.

  • Linus Torvalds resumed using a mechanical keyboard after six months with a quieter low-profile keyboard
  • He prefers Cherry MX Blue switches for tactile and audible feedback to reduce typing errors
  • He attributes his typos to autocorrect and questions the need for quieter keyboards in a work-from-home environment

Microsoft trims 3% of workforce to boost agility and streamline management

Microsoft is cutting 3% of its 228,000 employees (~7,000 staff) to streamline management, with layoffs focusing on middle managers, amid organizational restructuring to enhance agility.

  • Microsoft is laying off 3% of its global workforce (~7,000 employees) to flatten management structure, the largest reduction since early 2023.
  • The layoffs target middle managers first, following a previous smaller wave in January affecting less than 1% of employees.
  • Microsoft confirmed the move as part of organizational changes to improve agility and position the company for success in a dynamic marketplace.

A federal judge temporarily halted Trump’s executive order for mass government layoffs, citing likely illegality and requiring evidence, amid ongoing legal challenges and potential government non-compliance.

  • A federal judge issued a two-week temporary restraining order (TRO) on May 12, 2025, halting Trump’s mass government layoffs until May 23
  • The order applies to over a dozen federal agencies, including OMB and OPM, and was based on the likely illegality of the layoffs and directives
  • The Trump administration has filed an appeal to the Ninth Circuit Court of Appeals, despite TROs typically not being subject to appeal; court refused to entertain an immediate appeal

NHS England Seeks Tech Proposals for Unified Electronic Health Records

NHS England seeks tech proposals for a unified electronic health record, aiming to improve data integration, patient access, and healthcare efficiency, with initial market consultation underway.

  • NHS England issued a request for information to tech suppliers on May 13, 2025, to develop a single electronic health record (EHR) system.
  • The initiative aims to create a comprehensive, accessible patient record integrating health information, test results, and correspondence via the NHS App.
  • The project involves assessing technical architecture, data management, and potential impacts on existing NHS systems, with early market engagement to gather innovative solutions.

▶️ Technology

Google Expands Gemini AI to Wear OS, Android Auto, Google TV, and XR in 2025

Google expands Gemini AI assistant across Wear OS, Android Auto, Google TV, and Android XR devices in 2025, enabling proactive, personalized help on all Android devices.

  • Gemini AI assistant expands to Wear OS, Android Auto, Google TV, and Android XR devices in 2025.
  • Available on Android 10+ devices with 2GB+ RAM.
  • Gemini offers hands-free help for driving, personalized TV recommendations, and interactions on headsets and glasses.
  • Features include natural voice commands, app integration, message summarization, translation, and itinerary planning.
  • Gemini’s integration with Android XR collaborates with Samsung for immersive experiences, such as vacation planning with videos and maps.

Google Unveils Material 3 Expressive Update for Android and Wear OS

Google’s Material 3 Expressive update for Android and Wear OS introduces extensive personalization, smoother animations, and up to 10% longer battery life, enhancing device customization and user experience.

  • Google announced a major update to Android and Wear OS with the launch of Material 3 Expressive.
  • Material 3 Expressive enhances personalization, introduces fluid animations, and improves interaction intuitiveness.
  • Wear OS 6 features up to 10% increased battery life, refined design, and dynamic color theming across system and apps.
  • Visual and functional updates include customizable Quick Settings, Live Updates for real-time notifications, and shape-morphing UI elements.
  • The updates will first be available on Pixel devices later in 2025, with ongoing improvements in performance and visual consistency across Google apps.

UK lawsuit alleges Microsoft market abuse over licensing practices, risking billions

A UK legal claim accuses Microsoft of market abuse via restrictive licensing practices on Office and Windows, potentially costing billions in damages and impacting competition.

  • A legal claim alleges Microsoft abused market dominance through restrictive licensing practices affecting Office and Windows, leading to inflated prices for new and pre-owned licenses.
  • The case, filed on behalf of UK customers from October 1, 2015, could result in a multibillion-pound payout.
  • Previous related lawsuits include a 2021 £270 million case by ValueLicensing and a 2024 over £1 billion claim for overcharging Windows Server customers on cloud platforms.

Kubernetes and Nutanix NKP Boost Scalable, Cost-Effective AI Development

Kubernetes drives rapid, scalable AI app development with Nutanix NKP, enabling efficient deployment, hybrid cloud portability, and cost savings, vital for modern AI workloads.

  • Cloud native AI development accelerates with Kubernetes, enabling scalable, flexible, and resource-efficient AI workloads across on-prem, cloud, and edge environments.
  • Nutanix Kubernetes Platform (NKP) offers comprehensive management for Kubernetes clusters, supporting AI workloads, model deployment, and hybrid cloud portability.
  • 93% of companies use Kubernetes in production or evaluation, with leading AI firms like OpenAI, Spotify, and Uber adopting it for complex AI model management.
  • NKP includes features like GPU sharing, rapid deployment, AI-specific integrations (e.g., AI Navigator), and Nutanix GPT-in-a-Box for simplified AI model operations.
  • Cloud native tools improve collaboration, governance, reproducibility, and cost control, crucial for AI lifecycle management and responsible AI deployment.

OpenAI Plans Subscription AI OS with Personal Data Integration and Flexible Development

OpenAI aims to create a subscription AI OS with SDKs and APIs, building models that incorporate comprehensive personal data, but has no fixed platform plan and emphasizes iterative development.

  • OpenAI CEO Sam Altman envisions developing a subscription-based AI operating system with SDKs, APIs, and user interface surfaces.
  • Altman proposes models ingesting all personal data, including conversations, books, emails, and other sources, aiming for a trillion-token context.
  • The company has no concrete plans for platform APIs or SDKs, acknowledging iterative development and adjustment as they progress.

Apple Partners with Synchron to Develop Neural Interfaces for Device Control

Apple is developing brain-computer interfaces with Synchron to enable device control via neural signals, aiming for FDA approval by 2030, enhancing accessibility for users with disabilities.

  • Apple collaborates with startup Synchron to develop brain-computer interfaces (BCIs) for controlling devices via neural signals, targeting accessibility for disabled users.
  • The company aims to enable control of iPhones, iPads, and Vision Pro headsets through neural implants, with FDA approval anticipated around 2030.
  • Synchron’s Stentrode device, implanted in a vein atop the motor cortex with 16 electrodes, translates brain signals into commands; early user Mark Jackson with ALS can control Apple devices using this technology.
  • Neuralink’s N1 implant, with over 1,000 electrodes inside the brain, demonstrates faster cursor movement via neural signals; Neuralink aims for earlier FDA approval.
  • Estimated 150,000 Americans with severe upper-limb impairments could be early candidates for BCIs, with commercial approval expected by 2030, according to Morgan Stanley.