2025-09-09 Briefing - alobbs.com

Today’s top stories include Signal’s launch of end-to-end encrypted backups in Android beta, Microsoft’s $20 billion AI cloud deal with Russian provider Nebius, and Canon’s UK government printer framework worth up to £900 million. Additionally, critical vulnerabilities in TP-Link routers are actively exploited, and researchers link Chinese espionage domains to Salt Typhoon.

▶️ Internet Infrastructure

Signal Launches End-to-End Encrypted Secure Backups in Android Beta

Signal’s secure backup feature provides end-to-end encrypted, daily refreshed archives stored with a unique recovery key, initially available in Android beta, supporting 100 MiB free storage and paid plans up to 100 GB.

Signal introduces secure backups as an opt-in feature in the latest Android beta, with plans for iOS and Desktop rollout.
Backups are end-to-end encrypted, stored without linking to user accounts, and protected by a 64-character recovery key generated on the device.
Free tier offers 100 MiB of message storage with a 45-day media backup limit; paid subscription costs US$1.99/month for up to 100 GB storage.
Secure backups are refreshed daily, excluding view-once messages and disappearing messages within 24 hours.
Future plans include enabling backups to user-chosen locations and cross-platform message transfer.

Microsoft Signs $20 Billion AI Cloud Deal with Russian Provider Nebius

Microsoft’s nearly $20 billion agreement with Nebius Group NV secures AI cloud infrastructure through 2031, leveraging Nebius’s capabilities and investor backing from Nvidia and Accel Partners.

Microsoft signed a multiyear cloud computing deal with Nebius Group NV valued at $17.4 billion to $19.4 billion through 2031
Nebius is a Russian cloud provider spun out from Yandex, with investors including Nvidia and Accel Partners
The deal involves Nebius providing AI cloud infrastructure services to Microsoft, expanding its presence in the AI and cloud markets

Canonical Outages Caused Multi-Day Ubuntu Update Backlog

Brief server outages at Canonical on September 5 and 7 caused a multi-day backlog, leaving Ubuntu users unable to update or install packages until September 8.

Canonical’s servers experienced brief outages on September 5 and 7, lasting 36 minutes, but caused a multi-day backlog affecting Ubuntu package updates.
Users reported failed installations and frozen updates throughout the weekend, with issues persisting until September 8.
The backlog prevented systems from installing or downloading security updates, despite the servers’ quick recovery, leading to user frustration and unreported security risks.

Data4 and EDF Secure 12-Year Nuclear Power Deal for Sustainable Data Centers

Data4 signed a 12-year nuclear power supply agreement with EDF to secure 40 MW of low-carbon energy, integrating nuclear into France’s predominantly nuclear-powered grid for sustainable datacenter operations.

Data4 signed a 12-year nuclear supply contract with EDF, starting in 2026, securing 40 MW of nuclear-generated electricity.
The deal involves a “cost and risk-sharing mechanism” based on actual energy volumes, utilizing a behind-the-meter arrangement.
The contract supports Data4’s strategy to operate datacenters with low-carbon energy, supplementing existing solar and wind Power Purchase Agreements (PPAs).

CISA Alerts on Active Exploitation of Critical TP-Link Router Vulnerabilities

CISA warns of active exploitation of two critical TP-Link router vulnerabilities (CVE-2023-50224 and CVE-2025-9377), with a third flaw causing crashes, amid concerns over Chinese market dominance and security risks.

CISA issued alerts about active exploitation of CVE-2023-50224 and CVE-2025-9377 in TP-Link routers, affecting Archer C7(EU) V2 and TL-WR841N/ND(MS) V9 models
CVE-2023-50224 allows unauthenticated attackers to retrieve credentials via httpd, while CVE-2025-9377 enables remote code execution
Additional flaw involves a CWMP protocol bug causing router crashes; Chinese manufacturer TP-Link faces scrutiny over security and market influence

Researchers Link 45 Domains to Chinese Espionage Group Salt Typhoon

Researchers identified over 45 domains used by Salt Typhoon and UNC4841 since 2020, linked to Chinese espionage activities targeting US telecoms and government networks, with domains registered via fake personas.

Researchers uncovered 45 domains linked to Chinese espionage group Salt Typhoon and UNC4841, active since at least 2020
Salt Typhoon targeted major US telecoms, stole metadata, and exploited CVE-2023-2868 in Barracuda Email Security Gateways in 2023
Domains used fake personas with US-based addresses, many registered with ProtonMail; oldest domain registered in May 2020
Several domains linked to UNC4841 appear in Barracuda ESG vulnerability documentation
Researchers advise checking telemetry and logs against these domains and low-density IPs for threat hunting

Liquidware FlexApp Boosts Application Flexibility and Security with 96% Compatibility

Liquidware’s FlexApp enables dynamic application layering with 96% Windows app compatibility, supporting hybrid environments, automating updates, and improving security and management efficiency.

Application layering software like Liquidware’s FlexApp delivers applications as virtual layers separate from the OS, enabling dynamic workspace composition.
FlexApp supports 96% application compatibility across Windows and can be delivered via physical or virtual platforms including Azure Virtual Desktop, Citrix Web Studio, and VMware Horizon.
The approach automates application lifecycle management, simplifies updates and rollbacks, enhances security with conditional access, and reduces manual packaging errors.

▶️ Open Source

Immich: Open-Source High-Performance Self-Hosted Media Management Platform

Immich is an open-source, self-hosted photo/video management platform with extensive features, licensed under AGPL-3.0, supporting high-performance media handling, multi-platform access, and advanced metadata and sharing capabilities.

Immich is a high-performance self-hosted photo and video management solution available at immich.app
Licensed under AGPL-3.0, with 75.9k stars and 4k forks on GitHub
Supports features including multi-user, raw formats, metadata, search, sharing, facial recognition, and more, with web and mobile support

Malicious Code Hijacks Crypto Transactions in Popular npm Packages

On September 8, 2025, 18 popular npm packages were compromised with malware that hijacks browser-based crypto transactions by injecting code into core APIs, affecting over 2 billion downloads weekly.

On September 8, 2025, 18 npm packages including chalk (299.99m weekly downloads) and debug (357.6m weekly downloads) were compromised with malicious code.
The packages contained code that silently intercepts crypto and web3 activity in browsers, manipulates wallet interactions, and redirects funds to attacker-controlled accounts.
The malicious code injects into browser functions like fetch, XMLHttpRequest, and wallet APIs (window.ethereum, Solana, etc.), enabling stealthy transaction hijacking across multiple blockchain formats.

Phishing Attack Hijacks npm Packages to Steal Crypto Transactions

A phishing attack hijacked npm maintainer accounts, injecting malware into packages with over 2.6 billion weekly downloads, enabling browser-based crypto transaction hijacking through malicious code.

Attackers compromised a maintainer’s npm account via phishing, injecting malware into packages with over 2.6 billion weekly downloads.
Malicious code acts as a browser-based interceptor, hijacking cryptocurrency transactions by monitoring wallet APIs and replacing destination addresses.
The attack targeted packages such as chalk (299.99m downloads/week) and debug (357.6m downloads/week), with malicious versions removed by npm team after detection.

SiFive Launches Second-Gen RISC-V AI Cores for Scalable High-Performance Chips

SiFive unveiled second-generation RISC-V cores and accelerators, enhancing AI chip scalability and performance, with cores supporting advanced data types and high-bandwidth interfaces, available for licensing in 2026.

SiFive announced second-generation RISC-V-based AI cores at the AI Infra Summit, including X160, X180, X200, X300, and XM series accelerators, available for licensing with first silicon expected in Q2 2026.
The new cores feature eight-stage dual-issue in-order superscalar architecture, support for 128-bit to 1024-bit wide vector registers, and upgraded communication interfaces (VCIX and SSCI) for high-bandwidth data transfer to accelerators.
The X160 (32-bit) and X180 (64-bit) target low-power applications like IoT and robotics; the X200 and X300 series support larger vector widths (512-bit and 1024-bit) and include hardware support for BF16, MXFP8, and MXFP4 data types; the X390 core offers up to 4x compute and 32x data throughput of the original X280, with up to 1TB/s data movement in four-core clusters; SiFive’s XM accelerators combine these cores to deliver 64 teraFLOPS FP8 performance at 2GHz, scalable to over 4 petaFLOPS.

▶️ Management and Leadership

Dmitry Brant Modernizes 25-Year-Old Linux Tape Driver Using Claude Code

Dmitry Brant leveraged Claude Code to update a 25-year-old Linux kernel driver for floppy-connected tape drives, enabling compilation and operation on modern kernels (version 6.8+), with significant manual refinement.

Dmitry Brant used Claude Code to modernize a Linux kernel driver for legacy tape drives connected via floppy controller, originally supporting kernel 2.4.
The process involved iterative code updates, replacing deprecated kernel functions, and creating a standalone loadable kernel module.
The modernization enabled the driver to compile, load, detect tape drives, and dump tape contents on a modern Linux distribution (Xubuntu 24.04) within two evenings; the driver is now available at GitHub.

Snap Restructures and Innovates to Boost Growth Amid Challenges

Snap is restructuring into small squads amid flat ad revenue growth and declining North American DAUs, while expanding Snapchat+ and AR glasses development to regain growth and competitiveness.

Snap CEO Evan Spiegel announced restructuring into small “startup squads” of 10-15 members to enhance agility and competitiveness.
Advertising revenue growth was flat at 4% in Q2; North American daily active users declined 2% to 98 million.
Snapchat+ subscriptions generate over $700 million annually from more than 15 million paying users; Snap’s valuation is approximately $12 billion, down 90% from $116 billion in September 2021.
Snap is developing AR glasses called Specs, aiming to replace smartphones, with Spiegel describing them as a “once-in-a-generation transformation” in human-centered computing.

Lachlan Murdoch to Control Rupert Murdoch’s Assets After Family Settlement

Lachlan Murdoch, 51, will control Rupert Murdoch’s assets after his death following a family trust settlement; he is CEO of Fox Corp, with a net worth linked to $24 billion family wealth.

Rupert Murdoch’s succession settlement finalized, granting Lachlan Murdoch control of assets in Fox Corp and News Corp upon Rupert’s death
Lachlan, 51, born in London in 1971, educated at Princeton (philosophy) and elite private schools; grew up in New York
Lachlan has held executive roles at Murdoch media properties, led Fox Corp, and acquired streaming service Tubi in 2020; net worth estimated from compensation and family wealth

Scale AI Cuts Red Team Amid Drop in AI Safety Work After Meta Investment

Scale AI reduced its Red Team by 12 contractors amid decreased AI safety testing work following Meta’s $14 billion investment, with layoffs representing about half the team.

Scale AI laid off 12 contractors from its Red Team on September 8, citing performance issues
The cuts follow a sharp decline in work after Meta’s $14 billion investment, with some workers estimating the team was halved
The company states the layoffs are not part of restructuring; affected workers will receive one month of severance and unused paid time off

Intel Announces Leadership Changes Amid Restructuring and Political Tensions

Intel announced executive shake-ups, including the departure of products chief Holthaus after 30+ years, amid leadership streamlining and political pressures, as it seeks to revitalize operations.

Intel announced top executive changes, including the departure of products chief Michelle Johnston Holthaus after over 30 years, effective immediately; she will remain a strategic adviser.
Holthaus held multiple senior roles, including interim co-CEO following Pat Gelsinger’s ouster last year.
New appointments include Kevork Kechichian as EVP and GM of Data Center Group, Srinivasan Iyengar leading a new central engineering group, Naga Chandrasekaran expanding to Foundry Services, and Jim Johnson as GM of Client Computing Group.
The company is streamlining leadership with most chip groups reporting directly to CEO Lip-Bu Tan amid ongoing operational cuts.
U.S. political tensions include President Trump proposing a 10% stake in Intel and calling for Tan’s resignation over conflicts of interest.

Intel Product CEO Michelle Johnston Holthaus Leaves After Ten Months

Intel’s CEO of Products Michelle Johnston Holthaus, with nearly 30 years at the company, left after ten months, amid a wider executive shake-up and leadership restructuring.

Michelle Johnston Holthaus served as Intel Products CEO for ten months before departing in September 2025
She had nearly 30 years at Intel and was appointed interim co-CEO in December 2024 after Pat Gelsinger’s departure
Holthaus will remain in an advisory role without being replaced, as part of broader executive restructuring

Linus Torvalds Criticizes Useless Link Arguments in Linux Kernel Patches

Linus Torvalds condemned unnecessary link arguments in Linux patches, advocating for links that add meaningful context; Linux 6.17-rc5 is out with key improvements and scheduled for release.

Linus Torvalds criticized the addition of pointless link arguments in Linux kernel patches, calling them “stupid useless garbage” on the mailing list.
He emphasized that links should provide useful explanations or direct to relevant threads, not just repeat previous messages.
The latest Linux kernel release candidate is Linux 6.17-rc5, with plans for full release in about a month, featuring improved memory management, enhanced Rust support, and broader hardware coverage for AMD and Intel platforms.

UK PM Starmer Reshuffles Tech Officials Amid Cabinet Changes

UK PM Sir Keir Starmer removed tech and digital law officials in a cabinet reshuffle, appointing Liz Kendall as science, innovation, and technology secretary, amid political and legislative changes.

UK prime minister Sir Keir Starmer dismissed key officials in charge of tech and digital law during a weekend cabinet reshuffle.
Liz Kendall replaced Peter Kyle as science, innovation and technology secretary, overseeing the Online Safety Act amid privacy and censorship criticisms.
Kyle will become secretary of state for business and trade after managing the Cyber Security and Resilience (CSR) Bill; Poppy Gustafsson left her role as investment minister, replaced by Jason Stockwood.

UK Government Awards £900 Million Printer and Digital Equipment Framework to Canon and Others

UK government’s four-year framework deal worth up to £900 million grants suppliers, primarily Canon, access to provide printers, digital equipment, cloud services, and consultancy, replacing a previous £900 million contract.

UK government awarded a four-year framework deal worth up to £900 million to 12 suppliers for printers, photocopiers, and multifunctional devices.
The framework includes five lots covering multifunctional print devices, digital equipment, digitization services, hardware support, and print consultancy.
Canon (UK) Limited secured all four lots for multifunctional devices and management software; other suppliers include HP Inc UK Ltd, Ricoh UK Ltd, Xerox UK Ltd, and others.

GAO Finds US Federal Cyber Workforce Data Incomplete and Unreliable

GAO found US federal cybersecurity workforce data incomplete, unreliable, and poorly managed, with over 63,000 employees costing $9.3 billion annually, due to lack of standardization and oversight.

GAO reviewed data from 23 out of 24 US federal agencies, estimating at least 63,934 full-time cybersecurity employees costing $9.3 billion annually, plus 4,151 contractors costing $5.2 billion.
Most agencies lacked quality, standardized, or complete data on their cyber workforce; 22 of 23 agencies had only partial or no contractor workforce data, and 19 lacked data quality assurance.
The Office of the National Cyber Director (ONCD) has not issued clear guidance; its working group meetings were suspended in February, with uncertainty over continuation after the appointment of Sean Cairncross as National Cyber Director.

WhatsApp ex-security chief sues Meta over retaliation for exposing security breaches

WhatsApp ex-security chief Attaullah Baig sued Meta, claiming retaliation for exposing security failures, including unauthorized data access, regulatory violations, and falsified security reports.

WhatsApp’s ex-security head Attaullah Baig filed a lawsuit against Meta, alleging retaliation for reporting security violations and legal non-compliance.
Baig reported violations of the US Sarbanes-Oxley Act, SEC rules, and internal controls, including unauthorized access to user data by 1,500 engineers.
The complaint details issues such as failure to inventory user data, lack of access monitoring, inability to detect breaches, and 100,000 daily account takeovers.

Datacenter Cricket Game Breaks Emergency Alarm and Leads to Ban

A datacenter team played cricket inside the facility, risking safety protocols, with the incident involving breaking an emergency alarm, but management accepted the story and banned the games afterward.

A datacenter staff team in a country where cricket is popular played informal cricket games using a soft cricket ball and bat within the facility.
The games started in the break room, then moved to the datacenter floor, eventually continuing past shift changes, with leaderboards tracking top scorers.
The incident culminated when a player hit the ball into an “In Case Of Emergency, Break Glass” alarm, breaking the glass and triggering alerts, which were later explained away as a joint training exercise.

Citrix to Replace File-Based Licenses with Cloud System in 2026

Citrix will phase out its file-based licenses in April 2026, replacing them with a cloud-based system that simplifies licensing, enables data collection, and risks functionality loss if not upgraded.

Citrix warns that products under its current file-based licensing system will experience “loss of functionality and potential impacts on end-users” starting April 2026
The company is replacing its licenses with a cloud-based licensing architecture requiring registration of a license server or NetScaler console with Citrix Cloud, with daily license entitlement checks
Offline devices will have a 30-day grace period before license activation becomes invalid; the new scheme allows Citrix to collect usage data to inform R&D
The licensing transition becomes mandatory on April 15, 2026, unless users accept functionality loss; Citrix has used this scheme for Virtual Apps and Desktops since 2024 with positive customer reception
Citrix indicates this move is an upsell opportunity, likely involving higher-priced product bundles, and has made perpetual licenses less favorable

Gartner Warns AI May Cause Skill Atrophy and Urges Regular Skill Assessments

Gartner warns AI’s adoption risks skill atrophy and experience erosion, urging employers to regularly assess and reinforce foundational skills to prevent critical technical and thinking skill loss.

Gartner analysts warn AI may cause skill atrophy, particularly in coding, due to reduced hands-on practice and reliance on AI coding tools.
Gartner’s Daryl Plummer highlights risks of “skills erosion” and “experience compression,” with 91% of CIOs dedicating little or no time to assessing AI-related skill impacts.
Gartner recommends employers implement periodic reviews and testing to prevent critical skill erosion and maintain core technical and critical thinking abilities.

▶️ Technology

Palmer Luckey Flies First Jetson One Personal Electric VTOL

Palmer Luckey took his first Jetson One electric VTOL for a test flight in California, highlighting a $128,000 personal aircraft with 20-minute flight time, 63 mph top speed, and upcoming 2027 delivery.

Palmer Luckey received the first Jetson One delivery and completed a test flight in Carlsbad, California, flying around a grass patch.
The Jetson One is an electric VTOL personal aircraft costing $128,000, with an $8,000 deposit, no pilot license required, and a 20-minute flight time, top speed of 63 mph, and operational up to 1,500 feet altitude.
Luckey’s flight training lasted under 50 minutes; the delivery was delayed from 2023 to 2025, with earliest shipping expected in 2027; Jetson has sold out of 2025 and 2026 orders.

Sam Altman noted that AI-related social media content increasingly appears “very fake,” driven by LLM-speak adoption, engagement tactics, and hype, reflecting a rise in low-quality AI-generated posts.

Sam Altman stated that social media posts about AI, especially on X and Reddit, now feel “very fake” compared to one or two years ago.
Altman observed that people may have adopted LLM-like quirks in their writing style, contributing to the AI-like tone.
He attributed the surge in AI-related content to social media engagement optimization and hype cycle extremism.

Alvaro Lopez Ortega / 2025-09-09 Briefing

▶️ Internet Infrastructure

▶️ Open Source

▶️ Management and Leadership

▶️ Technology