Alvaro Lopez Ortega / 2025-09-24 Briefing

Created Wed, 24 Sep 2025 04:16:10 +0000 Modified Tue, 14 Oct 2025 02:15:21 +0000
5712 Words

Today’s tech news highlights include a major US-TikTok data security deal with Oracle, a risky AI-enhanced hotel hacking campaign using AI-generated malware, and widespread internet disruptions in Spain caused by anti-piracy IP blocking. Additionally, Meta unveiled AI-powered AR glasses, while OpenAI and NVIDIA announced a $100 billion AI infrastructure partnership.

▶️ Internet Infrastructure

YouTube View Count Drops Likely Due to Ad Blockers, Not Systemic Issues

YouTube’s view count drops since August likely result from ad blockers affecting view reporting, with platform acknowledging impact on accuracy but denying systemic issues or AI verification involvement.

  • Many YouTubers reported significant drops in view counts since mid-August, with some experiencing reductions of around 50% on computers.
  • YouTube suggests that ad blockers and content blocking tools can impact the accuracy of reported view counts, especially for users on desktops.
  • The platform confirmed no systemic issues affecting creators and denied that new AI age verification tools are responsible for the decline.

Cap’n Web: Schema-Free TypeScript RPC for Bidirectional Web Communication

Cap’n Web is an open-source, schema-free RPC system in TypeScript enabling bidirectional, promise-pipelined communication over HTTP/WebSocket, supporting object references and security patterns.

  • Cap’n Web is an RPC protocol and implementation in pure TypeScript, designed for web integration, with no schemas and minimal boilerplate.
  • Supports bidirectional calls, passing functions and objects by reference, promise pipelining, and capability-based security.
  • Operates over HTTP, WebSocket, and postMessage(), with serialization based on JSON, compressed under 10 kB, and compatible with browsers, Cloudflare Workers, Node.js, and other JavaScript runtimes.

Critical Buffer Overflow in cURL Enables Remote Code Execution via Malicious Cookies

A stack buffer overflow in cURL’s cookie parser allows remote code execution through oversized cookies, confirmed by AddressSanitizer, affecting libcurl versions 8.7.x and related applications.

  • Vulnerability: Stack buffer overflow in cURL’s cookie parsing logic leading to remote code execution (RCE)
  • Affected component: Processing of maliciously crafted HTTP cookies, impacting all applications using libcurl
  • Detection: Confirmed via AddressSanitizer with a crash on reading 8,193 bytes in an 8,192-byte buffer, verified on September 14, 2025

Germany’s stance on Chat Control remains undecided amid EU encryption debates

Germany’s stance on Chat Control legislation remains undecided, balancing encryption concerns with ongoing EU negotiations; opposition persists from several member states.

  • Germany’s position on the Chat Control legislation was reverted to UNDECIDED after the September 12 LEWP meeting.
  • Germany expressed concerns about end-to-end encryption but remains open to negotiation and compromise.
  • Support and opposition vary among EU countries; opposition includes the Netherlands, Belgium, Luxembourg, Austria, Czech Republic, Poland, Slovakia, Finland, and Estonia, while most remaining states support it.

Mitchell Hashimoto Launches Cross-Platform Libghostty for Fast Terminal Emulation

Mitchell Hashimoto’s libghostty project introduces a minimal, cross-platform terminal emulation library, starting with libghostty-vt, offering SIMD-optimized, libc-free parsing, with plans for broader functionality and community-driven API design.

  • Mitchell Hashimoto announced libghostty, an embeddable library for modern, fast terminal emulation, with initial focus on libghostty-vt—a zero-dependency C API for parsing terminal sequences.
  • libghostty-vt inherits SIMD-optimized parsing, Unicode support, and robustness from Ghostty, with no libc dependency, targeting macOS, Linux, and expanding to Windows, embedded devices, and WASM.
  • The C API is under development, with Zig API available for testing; the project aims for a stable release within 6 months and seeks community feedback via Ghostty Discord.

Nostr: A Decentralized Protocol for Secure Censorship-Resistant Communication

Nostr is an open, cryptographically secure protocol for decentralized communication, utilizing signed notes, multiple relays, and smart clients to enable censorship-resistant, scalable information sharing.

  • Nostr is an open, scalable communication protocol independent of corporations or governments, enabling free information dissemination.
  • The protocol’s core unit is a cryptographically signed note, published to multiple relays, with clients acting as intelligent agents managing relay connections.
  • Users select outbox relays via special events, allowing dynamic relay switching; clients monitor relay updates to ensure continuous content flow.

OpenAI and NVIDIA Announce 10GW AI Infrastructure Partnership with $100B Investment

OpenAI and NVIDIA’s partnership aims to deploy 10 gigawatts of NVIDIA systems, with the first phase starting in late 2026, supported by up to $100 billion investment to advance AI infrastructure.

  • OpenAI and NVIDIA announced a strategic partnership to deploy at least 10 gigawatts of NVIDIA systems for OpenAI’s AI infrastructure.
  • NVIDIA plans to invest up to $100 billion in OpenAI as each gigawatt of systems is deployed.
  • The first gigawatt of NVIDIA systems will be deployed in the second half of 2026 on NVIDIA’s Vera Rubin platform.

Ruby Central Hosts Hostile Takeover of RubyGems in 2025

Ruby Central conducted a hostile takeover of RubyGems in September 2025, removing longstanding maintainers, revoking access, and consolidating control through unauthorized GitHub and RubyGems.org actions.

  • Between September 9 and September 19, 2025, Ruby Central unilaterally renamed the RubyGems GitHub enterprise to “Ruby Central,” added non-maintainer Marty Haught, and removed all other maintainers.
  • On September 15, the maintainer claimed to restore permissions after discussions with Marty, who admitted the initial deletion was a mistake; however, Marty became an owner of the GitHub enterprise.
  • On September 18, Marty Haught revoked GitHub organization membership for all RubyGems, Bundler, and RubyGems.org admins, and later revoked access to critical gems on RubyGems.org, constituting a hostile takeover.

LaLiga’s 2025 Anti-Piracy Crackdown Sparks Spain-Wide Internet Disruptions

LaLiga’s anti-piracy efforts in 2025, involving IP range blocking via Spanish ISPs, caused widespread internet outages and collateral damage, despite sending over 26 million takedown notices.

  • LaLiga increased anti-piracy takedown notices by 142% in early 2025, with over 26 million notices sent in the first half of 2025
  • Widespread internet disruptions across Spain resulted from blocking IP ranges suspected of hosting unauthorized streams, affecting major sites like Amazon, Cloudflare, GitHub, Twitch, and Google Fonts
  • The anti-piracy scheme, backed by Spanish courts and operated with Telefónica, blocks entire IP ranges, causing collateral damage to lawful services and forcing alternative distribution methods like BitTorrent for TrueNAS

Anthropic Fixes Infrastructure Bugs Causing Claude Response Issues

Anthropic’s postmortem details three infrastructure bugs causing response degradation in Claude from August to September, with fixes including routing corrections, rollback of faulty code, and enhanced testing.

  • Infrastructure bugs between August and September intermittently degraded Claude’s response quality, affecting millions of users.
  • Three bugs identified: context window routing error, output corruption due to TPU misconfiguration, and an approximate top-k XLA:TPU miscompilation.
  • Resolution involved fixing routing logic on September 4, rolling back faulty deployments, and improving validation, evaluation, and debugging tools.

Amazon to End Commingling Program in 2025 to Block Counterfeits

Amazon will end its commingling program in 2025 to improve brand protection, reduce counterfeit risks, and reallocate resources, citing logistics improvements and $600 million yearly re-sticker costs.

  • Amazon announced the end of its “commingling” program at the 2025 Accelerate seller conference in Seattle.
  • The practice pooled identical items from different sellers under one barcode, facilitating faster shipping but allowing counterfeit and expired goods.
  • The program will be phased out later in 2025, citing diminished logistics benefits and $600 million spent annually on re-stickerings by brand owners.

Meta to Sell Excess Power from Future Data Centers to Ease AI Energy Bottlenecks

Meta plans to sell excess power from its upcoming gigawatt-scale datacenters, including Prometheus and Hyperion, to mitigate AI infrastructure energy bottlenecks, leveraging market-based energy sales starting November 2025.

  • Meta’s Atem Energy LLC filed with the Federal Energy Regulatory Commission to sell excess electricity, capacity, and ancillary services at market-based rates, aiming to start by November 16, 2025
  • The initiative allows Meta to lock in large power commitments and resell unused capacity, addressing AI datacenter power demand bottlenecks
  • Meta plans to build multiple multi-gigawatt datacenters, including the Prometheus facility launching in 2026 and the Hyperion campus in Louisiana scaling to 5 GW, supported by 2.26 GW of combustion turbines and proposals for 1-4 GW of nuclear energy

Huawei Uses Ascend Chips to Enhance Content Moderation and Threat Detection

Huawei employed its Ascend 1000 chips to re-educate DeepSeek’s R1 model, achieving nearly 100% threat detection and improved content moderation with minimal performance impact.

  • Huawei used its own Ascend 1000 silicon to retrain DeepSeek’s R1 model, creating DeepSeek-R1-Safe, which reduces responses that could offend Beijing.
  • The retrained model achieves nearly 100% success against 14 malicious threats, including toxic speech, politically sensitive content, and incitement, with only 1% performance loss.
  • Huawei and Zhejiang University outperformed Alibaba Cloud’s Qwen model in producing content compliant with China’s regulations.

Moody’s Warns of Risks in Oracle’s $455B Cloud Expansion and AI Data Centers

Moody’s warns of counterparty and reliance risks in Oracle’s AI datacenter expansion, driven by a $300 billion OpenAI contract and $455 billion in cloud obligations, amid high debt and rapid investment.

  • Moody’s raises concerns over Oracle’s $300 billion AI datacenter buildout linked to a $455 billion pipeline of cloud obligations.
  • The contract with OpenAI is valued at a staggering size, highlighting potential growth but also significant counterparty risk.
  • Oracle’s Q1 2026 performance obligations increased by 359% year-over-year to over $455 billion; Moody’s notes risks related to reliance on few buyers and Oracle’s debt obligations.

MX Linux 25 Beta Launch Offers Multiple Variants and Updated Tools

MX Linux 25, based on Debian 13, is in beta with seven ISO variants, including systemd and sysvinit options, featuring KDE, Xfce, Fluxbox desktops, and updated MX Tools.

  • MX Linux 25 based on Debian 13 (‘Trixie’) is nearing release, with ISO images released for beta testing
  • Seven ISO variants are available; four utilize systemd, while three offer sysvinit alternatives
  • Desktop environments include KDE Plasma 6.3.6, Xfce 4.20, and Fluxbox 1.3.7; default kernel is 6.12, with optional Liquorix kernel support (not compatible with Secure Boot)
  • MX Tools suite upgraded to Qt 6, with features like a software updater that can use Nala instead of APT

US to Store TikTok Data on Oracle Servers to Prevent Foreign Interference

The US government will require TikTok’s US user data to be stored on Oracle servers, with Oracle acting as security provider, to prevent foreign interference and facilitate US ownership, amid a deal involving Oracle, Dell, and Larry Ellison.

  • The White House announced that all US TikTok user data will be stored on Oracle servers in the United States.
  • Oracle will serve as TikTok’s trusted security provider, with data protected from foreign surveillance or interference.
  • The deal involves retraining and operating TikTok’s algorithm in the US, with TikTok owned by a majority of American investors and controlled by a security-focused board.
  • US government estimates suggest TikTok-related business could generate up to $178 billion in US economic activity over four years.
  • The agreement extends Oracle Cloud Infrastructure (OCI) hosting all US traffic for TikTok, with US and Singapore data centers used for backups.
  • President Donald Trump indicated involvement of Michael Dell and Larry Ellison in TikTok acquisition negotiations.
  • The deal aims to transfer TikTok’s algorithm and data control from China to American interests, with the final announcement expected later this week.

US Secret Service Dismantles SIM Network Threatening NYC Communications

US Secret Service seized a 300-server network controlling 100,000+ SIM cards near NYC, linked to nation-state actors, capable of disrupting cellular infrastructure and targeting officials.

  • US Secret Service dismantled a network of over 300 colocated SIM servers controlling more than 100,000 SIM cards across multiple locations within 35 miles of NYC’s UN headquarters
  • The SIM farms were used to conduct telecommunications threats targeting senior US government officials, with potential to disable NYC cell towers and disrupt the cellular network
  • Early analysis indicates US operators coordinated with nation-state threat actors; investigation ongoing with hardware still under forensic examination

Inexpensive Mirrors Can Fool LIDAR, Causing Safety Failures in Autonomous Vehicles

Researchers demonstrated that inexpensive mirrors can manipulate LIDAR sensors on self-driving cars, causing critical safety failures like false obstacle detection and missed hazards.

  • Researchers from France and Germany demonstrated that inexpensive mirrors can fool LIDAR sensors on autonomous vehicles by masking or creating obstacles.
  • Two attack methods: Object Removal Attack (ORA) using mirrors to hide obstacles, and Object Addition Attack (OAA) using small mirror tiles to generate false obstacles.
  • Experiments with a vehicle running Autoware and commercial-grade LIDAR showed potential safety failures, including unnecessary emergency braking and failure to yield, at speeds below freeway levels.

SonicWall Releases Firmware to Remove OVERSTEP Rootkit Linked to UNC6148

SonicWall issued a firmware update on September 22, 2025, to remove the OVERSTEP rootkit exploiting SMA 100 appliances, linked to UNC6148, following recent attacks and disclosures.

  • SonicWall released a firmware update on September 22, 2025, to remove rootkit malware from SMA 100 appliances.
  • The malware, dubbed OVERSTEP, modifies the boot process to maintain persistent access, enabling credential theft and concealment.
  • The campaign targeting SonicWall devices was linked to threat group UNC6148, as identified by Google threat analysts in July.

OpenAI’s Stargate Project to Build 5 AI Datacenters with $400B Investment

OpenAI’s Stargate project will establish five new US AI datacenters, increasing capacity to 7GW within three years, supported by Oracle, Softbank, and Nvidia, with over $400 billion committed.

  • OpenAI’s Stargate project plans to build five new hyperscale AI datacenters in Shackelford County and Milam County, Texas; Doña Ana County, New Mexico; Lordstown, Ohio; and an unspecified Midwest site.
  • The project involves a $500 billion investment, with Oracle providing backend support and Softbank assuming financial responsibility; existing site in Abilene, Texas, will be part of the total capacity.
  • Combined compute capacity will reach 7 gigawatts over three years, with OpenAI aiming for 10GW by year’s end; total pledged spending exceeds $400 billion, including a $300 billion payout to Oracle and a $100 billion investment from Nvidia.

▶️ Open Source

Cloudflare Supports Ladybird and Omarchy to Promote Browser Diversity and Developer Freedom

Cloudflare sponsors open-source projects Ladybird and Omarchy to foster browser diversity and developer choice, with Ladybird developing a new rendering engine and Omarchy providing an accessible Linux environment.

  • Cloudflare sponsors open-source projects Ladybird and Omarchy to promote a diverse, open web ecosystem.
  • Ladybird is an independent browser built from scratch with its own rendering (LibWeb) and JavaScript (LibJS) engines, planned alpha release in 2026.
  • Omarchy is an opinionated Arch Linux distribution designed for developers, offering out-of-the-box tools like Neovim, Docker, and Git, with recent 3.0 release enhancing Macbook compatibility.
  • Support is provided without strings, aiming to strengthen web standards, developer choice, and internet openness.
  • Ladybird aims to challenge browser monoculture, emphasizing privacy, security, and performance; Omarchy simplifies Linux setup for developers.
  • Cloudflare’s support includes contributions to open-source, with project leaders emphasizing the importance of multiple browser implementations and accessible development environments.

Deno Launches Fundraiser to Challenge Oracle’s JavaScript Trademark Ownership

Deno seeks $200k via GoFundMe to fund legal action against Oracle’s claim to the “JavaScript” trademark, aiming to make it public domain and protect developers’ rights.

  • Deno launched a GoFundMe campaign to raise $200,000 for legal costs in a US Patent and Trademark Office dispute over the “JavaScript” trademark.
  • The case aims to declare “JavaScript” as a public domain term, preventing Oracle from asserting exclusive rights.
  • The funds will cover public surveys, expert witnesses, depositions, and legal responses; leftover funds will support OpenJS initiatives.
  • Oracle’s August 6, 2025 response denies that “JavaScript” is a generic term, challenging the petition’s claims.
  • The legal effort is critical to prevent Oracle from maintaining ownership of the “JavaScript” trademark, which could undermine trademark law integrity.

Qwen3-Omni: Alibaba’s Multilingual Omni-Modal LLM Sets New Benchmark Standards

Qwen3-Omni is a multilingual omni-modal LLM capable of understanding and generating text, audio, images, and video in real time, with architecture upgrades supporting 22 SOTA benchmarks.

  • Qwen3-Omni is an end-to-end, omni-modal large language model developed by Alibaba Cloud’s Qwen team, supporting text, audio, images, and video understanding and real-time speech generation.
  • Supports 119 languages for text, 19 for speech input, and 10 for speech output; features a MoE-based Thinker–Talker architecture with AuT pretraining and multi-codebook design for low latency.
  • Achieves state-of-the-art performance on 22 of 36 audio/video benchmarks, with open-source SOTA on 32, outperforming systems like Gemini 2.5 Pro and GPT-4o.

Lightweight C99 JSON Parser sj.h with Zero Allocations and Error Reporting

sj.h is a lightweight, public domain JSON parser in C99, offering minimal memory usage, line/column error reporting, and flexible integration without built-in number or string parsing.

  • sj.h is a C99 JSON parsing library (~150 lines) with zero allocations and minimal state
  • Provides error messages with line:column location; does not handle number or string parsing
  • Usage example demonstrates loading JSON into a Rect struct with sj_reader, sj_read, and iteration functions

Shopify Forcibly Takes Control of RubyGems Repos Amid Community Dispute

Shopify coerced Ruby Central into taking control of RubyGems repositories and gems without community approval, using financial leverage and organizational pressure, despite community ownership rights.

  • Ruby Central took over RubyGems repositories and related gems without community consent, executing a plan organized by Shopify under financial pressure.
  • The takeover involved renaming repositories, adding Marty Haught as owner, and removing maintainers’ permissions, despite legal and community ownership distinctions.
  • Shopify pressured Ruby Central after losing $250,000 annual sponsorship, demanding control over RubyGems infrastructure, excluding key maintainers like André Arko.

Midnight Commander: A Powerful GNU Text-Based Dual-Pane File Manager

Midnight Commander (mc) is a feature-rich, GNU GPL-licensed, text-based dual-pane file manager supporting ncurses and S-Lang, with release updates as recent as September 2025.

  • Midnight Commander (mc) is a GNU licensed, full-screen, text-mode dual-pane file manager.
  • Supports copying, moving, deleting files and directory trees, searching, executing commands, with internal viewer, editor, and diff viewer.
  • Compatible with ncurses and S-Lang libraries, functioning on consoles, X terminals, SSH, and remote shells; latest release date is September 18, 2025.

Obsidian Boosts Security by Minimizing Dependencies and Enforcing Strict Version Control

Obsidian reduces supply chain attack risks by limiting dependencies, re-implementing features, strict version control, and slow, deliberate updates, enhancing security and integrity of the app.

  • Obsidian minimizes supply chain attack risks by avoiding third-party dependencies, maintaining a shallow dependency graph, and implementing strict version control.
  • Implements features like Bases and Canvas from scratch, re-implements small utility functions, forks medium modules, and includes only known-good, version-locked large libraries such as pdf.js, Mermaid, and MathJax.
  • Uses strict version pinning, lockfiles, and prohibits postinstall scripts; dependency updates undergo thorough manual review, testing, and delayed release to detect malicious changes early.

Microsoft Urges Visa Holders to Return Before $100K Fee Deadline

Microsoft advised H-1B and H-4 visa employees to return to the US before September 21 due to a new $100,000 fee, following Trump’s executive order increasing visa costs to target highly skilled workers.

  • Microsoft urged H-1B and H-4 visa employees to return to the US before September 21 deadline due to a new $100,000 annual fee per H-1B worker.
  • The US signed an executive order on September 19 introducing a $100,000 fee for H-1B visa applications, applicable only to new applicants, not current visa holders.
  • India accounted for 71% of approved H-1B visas last year; major companies like Amazon, Microsoft, and Meta secured over 12,000, 5,000, and 5,000 approvals respectively.

Top YouTube Downloaders and Google’s Hidden Support to Maintain Dominance

The article highlights the importance of YouTube downloaders like Stacher and yt-dlp, discusses Google’s covert support for them to sustain YouTube’s ecosystem, and criticizes the deceptive nature of YouTube’s terms of service and Google’s anti-downloader tactics.

  • The article recommends top YouTube downloaders: Stacher for Windows and cross-platform, yt-dlp for command-line use, Cobalt.tools for web, and NewPipe for Android.
  • Google’s terms of service are often ignored, and Google secretly benefits from the existence of YouTube downloaders to maintain YouTube’s dominance.
  • Google has historically used ad network policies to suppress coverage of download tools, and intentionally makes downloading videos inconvenient to discourage casual use.

Ton Roosendaal to Step Down as Blender CEO in 2026

Ton Roosendaal, Blender’s original creator, will step down as CEO and chairman on January 1, 2026, passing leadership to Francesco Siddi, as Blender expands its organizational structure.

  • Ton Roosendaal announced he will step down as Blender chairman and CEO on January 1, 2026, during the Blender Conference keynote.
  • Roosendaal will transfer his roles to COO Francesco Siddi, who becomes the new chairman and CEO, while Roosendaal joins the Blender Foundation supervisory board.
  • The Blender Foundation’s new leadership team includes Sergey Sharybin as Head of Development, Dalai Felinto as Head of Product, and Fiona Cohen as Head of Operations.

GitHub Strengthens npm Security with Package Removal and Trusted Publishing

GitHub is tightening npm security by removing over 500 compromised packages, adopting trusted publishing with OpenID Connect, and phasing out legacy authentication, amid September’s phishing and malware surge.

  • GitHub, owner of the npm registry, has removed over 500 compromised packages and implemented security scans to block malicious uploads amid recent phishing and malware attacks in September 2025.
  • Changes include phasing out legacy authentication methods such as classic tokens and one-time passwords for 2FA, shortening token lifetimes, and enforcing trusted publishing and 2FA for local publishing.
  • Trusted publishing, supported by OpenID Connect, verifies packages from trusted sources via short-lived tokens, currently limited to GitHub Actions and GitLab CI/CD, with plans to expand provider support; full enforcement will be gradual due to potential workflow disruptions.

OpenSSF warns open source infrastructure is unsustainable without paid support

OpenSSF and partners warn that open source infrastructure, supporting billions of downloads, is unsustainable without paid support, urging industry to adopt funding models to cover rising operational costs.

  • OpenSSF and eight organizations warn that open source package registries handle billions of downloads monthly but rely on donations, grants, and sponsorships.
  • The ecosystem’s assumption of “free and infinite” infrastructure ignores rising costs of bandwidth, storage, staffing, and compliance.
  • The joint statement calls for sustainable funding models, including formal partnerships, tiered access, value-added services, and transparency, citing demands for rapid dependency resolution and regulatory compliance.

▶️ Software Development

Go Runtime Gets Valgrind Support for Improved Memory Debugging

The Go runtime now supports Valgrind instrumentation, enhancing memory debugging capabilities by detecting memory errors during program execution.

  • The Go runtime has been extended to include Valgrind instrumentation in commit 674077
  • Enables detection of memory leaks, invalid memory access, and other memory-related issues during runtime
  • Integrates with existing Valgrind tools, facilitating improved debugging and profiling of Go programs

DOOM Run on DIY Hardware Crashes After 2.5 Years Due to Variable Overflow

A 2.5-year real-world experiment running DOOM on hardware confirmed that a demo-tracking variable overflowed, causing the game to crash, demonstrating long-term stability limits.

  • The DOOM engine variable tracking demo progress overflowed after approximately 2.5 years of continuous real-world runtime
  • Experiment involved running DOOM on a PDA powered by a DIY 18650 UPS connected to a router’s USB port, with no intervention
  • The crash was confirmed by a device pop-up, occurring hours after the 2.5-year mark, validating the overflow hypothesis

Generative AI Boosts Software Productivity by 15% but Faces Adoption Challenges

Bain reports generative AI in software development yields modest 10-15% productivity gains, with widespread low adoption and AI tools sometimes slowing developers; a comprehensive lifecycle overhaul is needed.

  • Two-thirds of firms have implemented generative AI tools in software development, but developer adoption remains low.
  • Reported productivity gains are approximately 10-15%, with studies indicating AI tools can slow developers due to error correction.
  • Bain & Company states only a full rethinking of the software lifecycle will significantly improve productivity, emphasizing AI integration across all development phases.

▶️ Management and Leadership

ASUS ROG Firmware Flaws Cause System Latency and Stuttering

Firmware flaws in ASUS ROG laptops’ ACPI code cause periodic 13ms GPE handler delays, GPU power cycling without MUX awareness, and firmware re-arming, leading to high DPC latency and system stuttering.

  • The firmware’s ACPI code on ASUS ROG laptops contains a flawed _L02 GPE handler that executes lengthy Sleep() calls, blocking CPU core 0 for over 13ms.
  • Decompiled firmware shows _L02 calls ECLV, which runs a loop with sleep intervals and re-arms itself, creating periodic latency spikes every 30-60 seconds.
  • The firmware attempts GPU power cycling and battery polling without checking the MUX mode (HGMD flag), causing unnecessary GPU state changes and system instability.

How HLCs and CRDTs Enhance Offline-First App Synchronization

Offline-first apps struggle with reliable sync due to distributed system complexities; HLCs and CRDTs enable deterministic, conflict-resilient synchronization using lightweight SQLite extensions.

  • Offline-first apps face challenges in achieving reliable synchronization due to the complexity of distributed systems, especially in handling ordering and conflicts.
  • Hybrid Logical Clocks (HLCs) combine physical and logical timestamps to enable causally consistent event ordering without global synchronization.
  • CRDTs (Conflict-Free Replicated Data Types), such as Last-Write-Wins, ensure eventual consistency by making data updates commutative and idempotent, facilitating reliable offline synchronization with SQLite extensions.

YouTube Parent Alphabet Reinstates Banned Creators Over COVID and Election Content

Alphabet will reinstate banned creators for COVID-19 and election misinformation, citing free speech and criticizing Biden administration pressure; includes figures like Steve Bannon and Dan Bongino.

  • YouTube’s parent company, Alphabet, announced it will reinstate creators previously banned for COVID-19 misinformation and election content violations.
  • Reinstatement applies if channels were terminated for violations now considered no longer in effect, reflecting a commitment to free expression.
  • The company acknowledged the influence of conservative voices and criticized the Biden administration for pressuring removal of non-violative content related to COVID-19 and elections.

Disney+ and Hulu Subscription Prices to Rise in October

Disney will increase streaming subscription prices by $2-$3 from October 21, affecting Disney+, Hulu, and bundle plans, with specific increases detailed for each service and bundle.

  • Disney plans to raise prices for select Disney+ subscriptions starting October 21, with increases of $2 to $3.
  • The entry-level ad-supported Disney+ plan will increase to $11.99/month; bundle prices, such as Disney+, Hulu, and ESPN, will rise from $16.99 to $19.99.
  • Stand-alone Hulu with ads will increase from $9.99 to $11.99/month; other bundles, including HBO Max and ESPN, will also see price hikes.

SAP CFO Highlights AI’s Role in Boosting Software Output and Competitive Edge

SAP CFO Dominik Asam asserts AI allows the company to increase software output with fewer staff by automating tasks, integrating AI coding tools, and emphasizing rapid adoption to maintain competitive advantage.

  • SAP CFO Dominik Asam states AI enables producing more software with fewer employees, emphasizing automation to increase productivity and profit margins.
  • SAP uses AI for streamlining operations, automating tasks in back-office functions, and enhancing software development with AI coding tools.
  • Asam highlights AI’s strategic importance, warning that slow adoption could lead to competitive disadvantages; SAP aims to bring 30,000+ developers onto AI coding tools within its five-year plan.

Meta’s Live AI Demo Fails Before Major Event

Meta’s live staged AI demo failed, with the “AI” recording playing prematurely; Meta’s CTO stated the failure was not caused by Wi-Fi, highlighting technical issues during the demonstration.

  • Meta’s staged live demo of AI failed; the “AI” recording played before the actor completed the steps during a major event
  • The incident involved the demo playing an incorrect recording, with the actor not even looking at ingredients like soy sauce
  • Meta’s CTO explained the failure was not due to Wi-Fi issues, attributing it to other technical problems

Trump Admin Proposes $100K H-1B Visa Fee Amid Immigration Crackdown

The Trump administration announced a $100,000 yearly fee for H-1B visas, prompting tech companies to advise visa holders to stay or leave the U.S., amid ongoing immigration reforms affecting skilled foreign workers.

  • Trump administration proposes a $100,000 annual fee for H-1B visas, effective immediately.
  • Companies are advised to have H-1B visa holders in the U.S. remain or return before midnight Saturday.
  • The move aims to reshape the H-1B program amid broader immigration crackdown, impacting tech firms heavily reliant on Indian and Chinese STEM workers.

SaaS Vendors Raise Prices 3-9 Times Faster Than Inflation in 2025

SaaS vendors are raising prices 3-9 times faster than inflation, employing techniques like metric changes, hidden costs, and multipliers; strategic planning and negotiation can mitigate expenses.

  • SaaS vendors increased prices by 9-25% in 2025, surpassing inflation and corporate IT budget growth of 2.8%
  • Price hikes often result from metric changes, license repackaging, or hidden costs, notably around generative AI capabilities
  • Vendors use “multipliers” and unilateral adjustments, leading to doubled costs and accelerated consumption of credits

Lloyds Banking Group Deploys 100+ AI Apps with Strict Security Measures

Lloyds Banking Group deploys over 100 AI applications, including Microsoft Co-Pilot and Google Gemini, while enforcing strict security measures and banning risky AI model downloads like Hugging Face.

  • Lloyds Banking Group emphasizes strict data security, likening it to Fort Knox, and bans developers from downloading models from platforms like Hugging Face due to cybersecurity risks.
  • The bank is deploying over 100 AI use cases, including chatbots, document processing, and digital transformation initiatives, utilizing Microsoft Co-Pilot and Google Gemini AI platforms.
  • Lloyds is cautious about AI security, blocking access to AI model hosting frameworks to prevent malicious model downloads, but considers unblocking them after security assessments.

USCIS Proposes Wage-Weighted H-1B Lottery to Prioritize Higher-Paid Roles

USCIS proposed a rule to weight H-1B visa lottery by wage levels, giving up to four entries for higher-paying jobs, to better align with Congressional intent and skill-based criteria.

  • Proposed USCIS rule shifts H-1B lottery from random to wage-weighted, favoring higher-paying job offers.
  • Up to four entries allocated to applicants with the highest wage levels (Levels III and IV).
  • The rule aims to prioritize higher-skilled, higher-paid roles, with wage levels defined by the Bureau of Labor Statistics’ OEWS data.

▶️ Technology

AI Boosts Senior Developers with Automation but Lacks Critical Code Review Skills

AI primarily strengthens senior developers by automating repetitive tasks and rapid prototyping, while still lacking the reasoning and architectural skills needed for critical code review and security.

  • AI enhances boilerplate generation, routine automation, implementation testing, rapid iteration, and feature shipping, benefiting senior developers most.
  • AI struggles with code review, architecture design, code quality, security, and evaluating AI-produced code, requiring senior oversight.
  • AI is currently more effective for fast prototyping, routine speed-ups, multidisciplinary support, and simple function testing, but cannot replace human reasoning or judgment.

MacBook M1 Pro Beats Framework 13 in Sleep Battery Life

Author compares MacBook M1 Pro’s reliable battery life with Framework 13’s high sleep drain, highlighting ARM64’s role in Apple Silicon’s efficiency despite Framework’s hardware limitations.

  • Author’s MacBook M1 Pro retains 90% battery after 3 weeks of sleep, while Framework 13 with AMD Ryzen 7840HS often loses 3-4% per hour in suspend
  • Framework 13 runs Fedora Silverblue, but experiences significant battery drain during sleep, unlike Apple Silicon devices
  • Apple Silicon is based on ARM64 architecture, contributing to superior battery life; switching Framework to ARM64 involves complex challenges

ChatGPT and Claude: Diverging Uses in Content Creation and Enterprise Automation

OpenAI’s ChatGPT is mainly used for content creation and decision support, with a majority of “Asking” interactions, whereas Anthropic’s Claude emphasizes enterprise automation and coding, with automation usage overtaking augmentation in recent versions.

  • OpenAI’s study shows ChatGPT is primarily used for writing, editing, summarization, and brainstorming, with 51.6% of interactions for “Asking,” 34.6% for “Doing,” and 13.8% for “Expressing” as of June.
  • Anthropic’s study indicates Claude focuses more on software development and enterprise automation, with over one-third of usage for coding and math tasks; automation usage surpassed augmentation in the latest version.
  • ChatGPT is favored for consumer productivity and iterative tasks, while Claude is used for workplace efficiency and automating entire tasks, suggesting future dual deployment for communication and enterprise execution.

Meta Launches $800 Ray-Ban Display Glasses with Neural Control and AI 3D World Creation

Meta unveiled the $800 Ray-Ban Display glasses with neural wristband control and AI-driven 3D world creation, emphasizing hardware release but lacking detailed AI capabilities or platform breakthroughs.

  • Meta announced the Meta Ray-Ban Display glasses at Meta Connect 2025, priced at $800, with shipping expected in a few weeks
  • The glasses feature a neural wristband for control, capable of subtle finger movements and future versions may interpret thoughts for typing
  • Meta introduced AI-powered 3D world creation for Quest via text prompts, marking a metaverse refresh; no detailed AI features for glasses were revealed

Meta Unveils Ray-Ban Display and Neural Band with AI and EMG Control

Meta unveiled Ray-Ban Display and Neural Band at Connect 2025, combining a high-res display, AI, and EMG control for seamless, stylish everyday interactions, with availability in US stores from September 30.

  • Meta announced Ray-Ban Display and Neural Band at Connect 2025, priced from $799 USD, launching September 30 in US retail stores including Best Buy, LensCrafters, Sunglass Hut, and Ray-Ban Stores.
  • The glasses feature a full-color, high-resolution monocular display with 42 pixels per degree, Transitions® lenses, up to 6 hours of mixed-use battery life, and a collapsible charging case supporting 30 hours total.
  • Meta Neural Band, an EMG wristband interpreting muscle signals via deep learning trained on nearly 200,000 participants, enables intuitive control with subtle hand movements, supporting up to 18 hours of battery and IPX7 water resistance.

RevengeHotels Uses AI-Generated Malware to Boost Hotel Cyberattacks

Kaspersky warns that “RevengeHotels” uses AI-generated malware to enhance phishing attacks, increasing difficulty in detection and raising risks of guest data theft, with Brazil most affected.

  • Kaspersky reports resurgence of “RevengeHotels” hacking group using AI-generated malware from June to August 2025
  • Attack vector involves phishing emails with remote access trojan VenomRAT, targeting hotel staff to access guest card and personal data
  • AI-crafted malware variants are more effective, harder to detect, and can bypass older security tools, marking a significant evolution in cyberattack sophistication
  • Brazil is the primary target so far, with attacks also reported in Italy and other regions
  • The group has targeted hotels, hostels, and tourism sectors since 2015, selling access to compromised systems on dark-web markets
  • Kaspersky recommends staff training, spam filter adjustments, endpoint detection, and travelers monitoring card activity or using virtual payments

Critical Android Vulnerability in OxygenOS Exposes SMS/MMS Data Without User Permission

Rapid7 reports a critical Android bug in OxygenOS (since Dec 2021) that allows any app to read SMS/MMS data via internal content provider access, bypassing permissions and MFA protections.

  • Rapid7 identified a critical Android vulnerability (CVE-2025-10184) affecting multiple OxygenOS versions since December 7, 2021, allowing app access to SMS/MMS data.
  • The flaw stems from internal content providers being accessible without permission, enabling SQL injection and bypassing Android permission controls.
  • Exploitation requires no user interaction, can bypass SMS-based MFA, and potentially grants access to sensitive messages and surveillance data; OnePlus has not responded to remediation efforts.

WhatsApp Launches Built-In Message Translation for iPhone and Android

WhatsApp adds built-in message translation for iPhone and Android, supporting over 19 languages on iPhone and six initial languages on Android, enhancing cross-language communication.

  • WhatsApp introduces built-in message translation on iPhone and Android, rolling out gradually starting September 23, 2025
  • Supports initial languages: Android—English, Spanish, Hindi, Portuguese, Russian, Arabic; iPhone—over 19 languages
  • Activation via long-pressing messages and selecting “Translate”; Android users can enable automatic translation for entire chat threads