Alvaro Lopez Ortega / 2025-10-14 Briefing

Created Tue, 14 Oct 2025 22:08:39 +0000 Modified Thu, 16 Oct 2025 02:16:08 +0000
5297 Words

Today’s top headlines include the end of support for Windows 10 with 40% of PCs still running it, a record 29.6 Tbps DDoS attack by the Aisuru botnet exploiting IoT vulnerabilities, and the DOJ seizing $15 billion in cryptocurrency linked to a major global scam. Additionally, Intel announced its new Crescent Island AI GPU set for 2026, and OpenAI plans to introduce adult content in ChatGPT later this year.

▶️ Internet Infrastructure

Windows 10 Support Ends as 40% of PCs Continue Using It

Microsoft’s Windows 10 support ended on October 14, 2025, with users able to extend security updates via ESU; Windows 10 remains on 40% of PCs, despite Windows 11’s release and support.

  • Windows 10 support officially ended on October 14, 2025, after a decade since its initial release in July 2015.
  • Microsoft offers an Extended Security Updates (ESU) program, allowing home users to extend support for one year and organizations up to three years for a fee.
  • Despite end-of-support, Windows 10 still runs on approximately 40% of global Windows PCs, with continued support for updates like Windows 10 21H2, 22H2, and backported features such as Copilot.

Container Evolution and Docker’s Role in Modern Deployment

The article reviews container evolution, emphasizing Docker’s role in deployment and packaging, the shift from VMs, and the move toward “boring” technologies like Kubernetes and Postgres by 2025.

  • The article was presented at DevOpsDays London on October 10, 2025, with a video available here
  • Discusses the evolution of containers, their purpose, and their relationship with virtual machines, emphasizing container packaging over isolation
  • Highlights the role of Docker in simplifying deployment, with Docker Hub as a key innovation, and notes that Docker made Go a credible programming language

Aisuru Botnet Launches Record 29.6 Tbps DDoS Attack on US ISPs

The Aisuru botnet, built on IoT vulnerabilities and originating from Mirai, launched a 29.6 Tbps DDoS attack on October 6, 2025, mainly via US ISP-infected devices, disrupting services and highlighting IoT security issues.

  • The Aisuru botnet caused a record DDoS attack peaking at 29.6 Tbps on October 6, 2025, targeting US ISPs and gaming servers.
  • The botnet primarily uses compromised IoT devices on US ISPs like AT&T, Comcast, Verizon, and T-Mobile, with recent attacks affecting bandwidth and service quality.
  • Aisuru evolved from Mirai, leveraging zero-day vulnerabilities in IoT firmware, and is operated by three cybercriminals: “Snow,” “Tom,” and “Forky,” who also sell botnet access and proxies.

Wireshark 4.6.0 Adds macOS Pktap Metadata Support for Process-Level Analysis

Wireshark 4.6.0 now supports macOS pktap metadata such as PID and process name, enabling process-level network analysis via tcpdump -i pktap and filtering with frame.darwin.process_info.

  • Wireshark 4.6.0 released on October 14, 2025, adds support for macOS pktap metadata including PID and process name
  • Requires capturing with tcpdump using the pktap interface parameter, e.g., tcpdump -i pktap,en0 -w outfile.pcapng
  • Process info can be viewed in Wireshark under FrameProcess Information and filtered with frame.darwin.process_info.pname or frame.darwin.process_info.pid

A comprehensive study demonstrates that 50% of GEO satellite links transmit sensitive internal traffic in cleartext, exposing critical infrastructure and organizational data due to minimal encryption practices.

  • Conducted the first broad scan of IP traffic on 39 GEO satellites across 25 longitudes using consumer-grade equipment, analyzing 411 transponders.
  • Found that 50% of GEO links carried unencrypted IP traffic, including sensitive data such as cellular backhaul, utility control systems, military tracking, retail inventory, and in-flight WiFi.
  • Developed a universal GEO satellite scanner capable of self-aligning dishes, decoding seven different protocol stacks, and collecting data over a seven-month period, revealing widespread lack of network-layer encryption.

smolBSD: Fast Booting Minimal BSD System Built on NetBSD MicroVM

smolBSD is a minimal, composable BSD system built on NetBSD’s microVM kernel, enabling rapid, reproducible image creation and instant booting for custom UNIX environments.

  • smolBSD is a meta-operating system built on NetBSD, enabling users to compose minimal, bootable BSD environments tailored to specific needs.
  • Utilizes the netbsd-MICROVM kernel for fast, reliable, and portable booting, with build commands like $ bmake SERVICE=service_name build.
  • Supports creating images such as bozohttpd-amd64.img, sshd-amd64.img, and nbakery-amd64.img, with root filesystems of 512MB and boot times around 10-14ms.
  • Compatible with QEMU, Firecracker, cloud, CI, edge, and laptops, offering instant boot times in milliseconds.
  • Provides preconfigured services like static web servers (bozohttpd), NetBSD tools (nbakery), and secure SSH servers (nitrosshd), with example commands for build and startup.
  • Source code and builds available on GitHub, with additional community links to Mastodon and email contact.

AppLovin Accused of Nonconsensual App Installations on Android Devices

Analysis of source code, user complaints, and public statements shows AppLovin installs apps without user consent on Android, violating security expectations and Android policies.

  • AppLovin installs apps on Android devices without user consent, as evidenced by source code analysis, complaints, and code strings.
  • Source code review reveals installation logic triggered by ad taps, with no user approval, countdown timers, or visible install prompts.
  • 208 user complaints document nonconsensual app installations, matching code indicators such as auto-installs, tiny “X” buttons, and countdown timers.
  • Public statements from AppLovin claim downloads are user-initiated, but complaints and code evidence contradict these claims.
  • Install helpers from manufacturers like Samsung and T-Mobile perform installs without safeguards limiting to initial device setup, suggesting open-ended permissions.
  • Evidence categories include execution path analysis, code strings, permissions, user complaints, and public statements, indicating systematic nonconsensual installs.
  • AppLovin’s code obfuscation and matching complaint details reinforce the conclusion of unauthorized app installations.
  • The article discusses potential manufacturer and carrier motivations, including financial incentives and scope creep beyond initial device setup.

DOJ Seizes $15B in Bitcoin in Largest U.S. Crypto Fraud Bust

The DOJ seized $15 billion in bitcoin from Cambodia-based “pig butchering” fraud linked to Chen Zhi, founder of Prince Holding Group, in the largest forfeiture in U.S. history, involving global investment scams and forced labor.

  • DOJ seized approximately $15 billion in bitcoin linked to a Cambodia-based “pig butchering” scam operation.
  • The seizure is the largest in DOJ history; an indictment unsealed in Brooklyn charges Chen Zhi with wire fraud and money laundering.
  • Chen Zhi, also known as “Vincent,” is the founder and chairman of Prince Holding Group, designated as a transnational criminal organization, with sanctions imposed on over 100 associated entities.
  • The operation involved forced labor and cryptocurrency investment fraud schemes, duping victims globally via social media, with funds laundered through controlled accounts.
  • Zhi faces up to 40 years in prison; he remains at large, and the Prince Group operated in more than 30 countries, with facilities controlling 76,000 social media accounts and 1,250 mobile phones used in scams.

Intel Launches Crescent Island Inference GPU for Enterprise AI in 2026

Intel unveiled ‘Crescent Island’, a 160-GB inference GPU with Xe3P architecture, supporting open systems, set for sampling in late 2026, marking its annual GPU release cadence.

  • Intel announced ‘Crescent Island’, a 160-GB, energy-efficient data center GPU based on Xe3P microarchitecture, optimized for inference workloads.
  • The GPU features LPDDR5X memory, enhanced memory bandwidth, and support for diverse data types, targeting air-cooled enterprise servers.
  • Intel plans to begin customer sampling in H2 2026 and is developing an open, unified software stack for heterogeneous AI systems on Arc Pro B-Series GPUs.

Global Surveillance Exposed: First Wap’s Altamides Tracks Politicians, Activists, and More

A Lighthouse investigation uncovered extensive global surveillance data from First Wap’s Altamides, revealing misuse for political, corporate, and personal tracking, with capabilities including location, call interception, and encrypted app breaches.

  • Investigation analyzed a 1.5 million-record archive of global phone-tracking operations by surveillance company First Wap, covering over 14,000 phone numbers in 160+ countries.
  • The data revealed targets including political figures, journalists, activists, and private individuals, with evidence of misuse beyond law enforcement, including corporate and personal surveillance.
  • First Wap’s software, Altamides, can locate, intercept SMS, listen to calls, and breach encrypted messaging apps like WhatsApp, with clients ranging from governments to private actors.

Nvidia Unveils DGX Spark: The Compact AI Supercomputer for Large Model Training

Nvidia’s DGX Spark, a compact AI workstation with GB10 SoC, offers 125 TFLOPS FP4 performance, enabling large model inference and fine-tuning at a lower cost, leveraging Blackwell architecture and unified memory.

  • Nvidia introduces DGX Spark, priced at $3,000-$4,000, claiming it as the “world’s smallest AI supercomputer”
  • Equipped with Nvidia’s GB10 SoC based on Blackwell architecture, featuring 20 Arm cores, 6,144 CUDA cores, 192 Tensor Cores, and 48 RT Cores
  • Supports models up to 200 billion parameters inference and 70 billion parameters fine-tuning at 4-bit precision with 128 GB LPDDR5x memory and 273 GBps bandwidth

Mozilla Launches Beta Testing of Free Built-In Firefox VPN

Mozilla is opening beta testing for a free, browser-integrated VPN in Firefox, which routes traffic through Mozilla servers, conceals IPs, and adds encryption, with a planned full release in upcoming months.

  • Mozilla is recruiting a limited group of users for beta testing a free, built-in Firefox VPN feature, with rollout expected in several months.
  • The VPN will be integrated into Firefox, routing traffic through Mozilla-managed servers, concealing IP addresses and adding encryption.
  • The feature is distinct from Mozilla VPN, a paid product, and will initially default to the user’s best-performing server, typically their country’s server.

Ofcom Drops Investigation into Openreach’s Discounted FTTP Promotion

Ofcom declined to investigate Openreach’s FTTP upgrade discount, which offers broadband tiers at rental prices of existing products for 24 months, amid concerns over pricing and migration effects.

  • Ofcom declined to investigate Openreach’s discounted FTTP upgrade promotion, citing no “prima facie” concerns.
  • The promotion offers FTTP tiers (1,000/115 Mbps, 550/75 Mbps, 330/50 Mbps) at rental prices of current 80/20 Mbps for 24 months, valid from October 10, 2025, to April 9, 2026.
  • The offer covers the rental cost post-upgrade, representing a significant discount, with the window limited to encourage rapid migration.
  • Complaints from smaller providers argued the pricing below “a reasonably efficient operator’s” costs and that the limited timeframe could unfairly accelerate copper-to-fiber migration, disadvantaging rivals.
  • Ofcom’s analysis indicates the price exceeds the top end of cost estimates for an efficient operator and is monitoring the impact on competition.
  • Openreach plans to discontinue copper services at 94 exchanges, affecting 8.9 million properties, once 75% of premises can access fiber (“Stop Sell” policy).
  • The regulator emphasizes ongoing monitoring rather than intervention, citing the offer’s likely expiration before any action could be taken.

Oracle to Deploy Over 18 Zettaflops AI Compute with Nvidia and AMD by 2026

Oracle will introduce over 18 zettaFLOPS of AI infrastructure in late 2026, featuring 800,000 Nvidia Blackwell GPUs and 50,000 AMD MI450X accelerators, enabling large-scale AI workloads.

  • Oracle will deploy over 18 zettaFLOPS of AI compute from Nvidia and AMD by late 2026
  • Includes a cluster of 800,000 Nvidia Blackwell GPUs delivering up to 16 zettaFLOPS peak AI performance using sparse FP4
  • Also includes 50,000 AMD MI450X GPUs, each rack delivering 2.9 exaFLOPS FP4 and 1.4 exaFLOPS FP8, with 31 TB HBM4 memory and 1.4 PB/sec bandwidth; initial deployment of 50,000 MI450Xs suggests over 2 zettaFLOPS total

▶️ Open Source

ADS-B Massive Visualizer Uses ClickHouse for Real-Time Aircraft Mapping

The ADS-B Massive Visualizer leverages ClickHouse to provide real-time, self-hosted visualization of aircraft and related datasets across multiple map tiles.

  • The ADS-B Massive Visualizer is built using the open-source ClickHouse database
  • Visualizes real-time ADS-B data with datasets including planes, places, birds, photos, and more
  • Displays multiple map tiles with aircraft positions, such as OpenStreetMap, covering various regions

KDE Celebrates 29 Years with Fundraiser to Reach €50,000 Goal

KDE marks its 29th anniversary with a fundraiser targeting €50,000, funding software sustainability, environmental campaigns, and adaptation for public institutions, with €5,838.55 raised so far.

  • KDE celebrates its 29th anniversary; fundraiser aims to raise at least €50,000 before year-end
  • Current donations total €5,838.55, representing 12% of the goal
  • Fundraiser supports KDE’s software development, independence, environmental initiatives, and adaptation for public institutions

Exploring ktye’s Array Language Zoo and Development Resources

The webpage consolidates links to ktye’s projects, array language zoo, and tools, emphasizing ktye/k’s 50 functions, language variants, and technical resources for array programming and language development.

  • The webpage features links to various ktye projects, including ktye/k, source code repositories, and documentation.
  • Highlights include a zoo of array languages such as APL\360, ngn/apl, and other variants like BQN, KAP, and ktye/k.
  • Contains references to language-specific tools, examples, and concepts like j stack language, edit, and a Turbo.K diagram emphasizing assembly, C, and watch features.

FSF Launches Librephone Project to Create Fully Free Android Phones

The FSF launched the Librephone project to develop fully free Android-compatible phones by reverse-engineering proprietary firmware, led by Rob Savoye, with initial funding from John Gilmore.

  • FSF announced the Librephone project on October 14, 2025, to promote mobile phone software freedom.
  • The initiative aims to reverse-engineer and replace proprietary firmware and binary blobs in Android devices, focusing on LineageOS.
  • Rob Savoye leads the technical efforts, investigating device firmware and compatibility, with initial funding from John Gilmore.

Why SQLite Uses C for Performance and Stability

SQLite is coded in C for performance, compatibility, low dependencies, and stability; recoding in other languages like Rust is considered only if preconditions are met.

  • SQLite is implemented in C since its inception on 2000-05-29, citing performance, compatibility, low-dependency, and stability as primary reasons.
  • C enables high performance by allowing low-level hardware access, and is considered “portable assembly language.”
  • Nearly all systems can call C libraries, ensuring broad compatibility across platforms like Android and iPhone.
  • C has minimal runtime dependencies, requiring only routines like memcmp(), memcpy(), memmove(), memset(), strcmp(), strlen(), and strncmp().
  • C’s age and well-understood nature contribute to SQLite’s stability, avoiding issues from language specification changes.
  • SQLite is not coded in object-oriented languages like C++ or Java due to interoperability challenges and design considerations.
  • It is also not in “safe” languages like Rust or Go because of historical absence, potential performance impacts, and current limitations in error recovery and branch testing.

Simplify Version Control with Jujutsu: A Mutable, Interoperable Alternative to Git

The tutorial explains how Jujutsu’s mutable commits, no staging area, and lightweight branching simplify version control, making workflows more flexible and intuitive compared to git.

  • The article is a tutorial advocating for switching from git to Jujutsu (jj), emphasizing its simplified, mutable, and interoperable model.
  • Jujutsu treats commits as mutable objects, eliminates staging area, and uses “bookmarks” instead of branches, enabling easier branching and commit management.
  • It automatically creates snapshots of the repository state, supports undo operations, and integrates with git for remote interactions.

Framework’s Support for Controversial Linux Projects Sparks Community Backlash

Framework’s support for polarizing Linux projects Hyprland and Omarchy sparked community backlash, highlighting tensions over political associations and community moderation in open source sponsorships.

  • Framework attempted to promote support for Hyprland and Omarchy, both associated with politically contentious viewpoints, leading to community objections.
  • Debian developer Antoine Beaupré criticized Framework for sponsoring toxic communities, citing Hyprland’s toxic community and DHH’s controversial background.
  • Framework founder Nirav Patel emphasized a “big tent” approach, supporting open source without endorsing individual beliefs, but faced ongoing heated debate and over 1,500 replies.

KuzuDB Open-Source Graph Database Abandoned by Kùzu Inc

KuzuDB was abandoned by Kùzu Inc in October 2025, leaving community members to decide whether to fork or switch; it supported large-scale analytics, full text search, vector indexes, and WebAssembly, with few clues about the shift.

  • KuzuDB, an open-source embedded graph database under MIT license, was archived by Kùzu Inc, with the note “Kuzu is working on something new.”
  • The project, launched in November 2022, featured large database analytics, full text search, vector indexes, query parallelism, and WebAssembly bindings.
  • Community discussions indicate the project’s sudden abandonment, with some forking it (e.g., Kineviz’s bighorn) amid uncertainty about future development and potential acquisition.

OpenAI to Launch Adult Content in ChatGPT by 2025 Amid Mental Health Concerns

OpenAI plans to enable ChatGPT to generate adult-oriented content for verified users in December 2025, amid ongoing concerns over AI mental health impacts and content moderation.

  • OpenAI CEO Sam Altman announced plans to reintroduce more human-like behavior in ChatGPT, including generating “erotica for verified adults” in December 2025.
  • The company has mitigated previous mental health risks by dialing back ChatGPT’s friendliness and established an Expert Council on Well-Being and AI to advise on healthy interactions.
  • OpenAI’s updates include a GPT-5 model with improved detection of emotional distress and safer routing of sensitive chats, but ongoing risks and content moderation challenges remain unaddressed.

UK Tech Firms Pay High Six-Figure Salaries, Led by Anthropic’s £560,000 Average

UK units of US tech firms pay high six-figure average salaries, with Anthropic averaging £560,000 per employee in 2024, driven by share-based payments and high-end roles.

  • Anthropic UK paid £24.1 million in 2024 for 43 staff, averaging £560,000 per employee (comprising £288,000 salary, £226,000 share-based payments, plus pension and NI costs)
  • Average salaries at Anthropic ranged from £105,000-£140,000 for security roles and £250,000-£435,000 for research engineers; current listings reflect high compensation
  • Google UK spent £2.42 billion on 7,029 employees in 2024, averaging £345,000 per person, including £142,000 in wages and £163,000 in share-based payments; DeepMind spent £1.01 billion on staff

▶️ Software Development

Programming Languages Evolve to Promote Exploration and Innovation

Rachit Nigam discusses that programming languages are created primarily for exploration and expressing new ideas, emphasizing syntax, semantics, and ecosystems that enable innovation and experimentation.

  • The article explores why new programming languages are created, emphasizing exploration and expressing new ideas over subjective metrics like usability or performance.
  • It argues that languages evolve through feature borrowing and convergence, with differences mainly in syntax.
  • Defines a programming language as comprising syntax, semantics, and ecosystem, with the latter two supporting exploration and innovation.

Pyrefly: Fast Python Type Checker and Language Server with IDE Support

Pyrefly is a high-performance Python type checker and language server, capable of analyzing 1.85 million lines/sec, with VSCode support, offering rapid IDE features and competitive benchmarking against Pyright and MyPy.

  • Pyrefly is a fast Python type checker and language server with IDE features, capable of checking over 1.85 million lines per second, tested on Meta infrastructure (166 cores, 228 GB RAM)
  • Installation via pip install pyrefly && pyrefly init; supports VSCode extension here
  • Performance comparison on PyTorch codebase (10-core MacBook): Pyrefly, Pyright, and MyPy all achieve 0.2 seconds for type checking using multiple threads

▶️ Management and Leadership

Major News Outlets Reject Pentagon Press Rules Over Free Speech Concerns

Major outlets like NYT, AP, and Newsmax refuse to sign Pentagon’s new press rules, citing threats to press freedom and First Amendment protections.

  • Major news outlets including The New York Times, AP, and Newsmax refuse to sign new Pentagon press access rules, risking reporter expulsion.
  • The rules require reporters to acknowledge understanding of vague policies, potentially infringing on First Amendment rights and restricting routine news gathering.
  • The Pentagon’s new restrictions include limiting access to facilities without escort and revoking press badges for asking unapproved questions, prompting widespread criticism from journalistic groups.

Spotify Teams Up with Netflix for Video Podcasts Launch in 2026

Spotify partners with Netflix to stream curated video podcasts from early 2026, aiming to expand discovery, creator reach, and monetization, amid growing video consumption and ad revenue opportunities.

  • Spotify will launch its video podcasts on Netflix starting in early 2026, initially in the U.S., with global expansion planned.
  • The partnership will feature curated shows from Spotify Studios and The Ringer, covering sports, culture, lifestyle, and true crime.
  • Over time, Spotify plans to include more genres and podcasts from additional studios, with video consumption growing 20x faster than audio-only since 2024.

GrapheneOS Partners with Major OEM to Support Snapdragon Flagship Smartphones

GrapheneOS plans to expand beyond Pixels by partnering with a major OEM to support Snapdragon flagship phones, starting with Pixel 10 support and potentially including Pixel 11, aiming for devices priced similarly to Pixels.

  • GrapheneOS announced a partnership with a major Android OEM to bring its privacy-focused OS to Snapdragon-powered flagship smartphones.
  • Support will include Pixel 10, with uncertain support for Pixel 11; devices are expected to be priced similarly to Pixels and available globally.
  • The partnership, confirmed via Reddit, has been ongoing since June 2025 and aims to enable official support for future flagship models using Snapdragon chips, moving away from Pixel-only support.
  • The OEM partner’s devices will meet GrapheneOS’s strict security and update standards, potentially allowing broader device support beyond Pixels.
  • The announcement follows GrapheneOS’s criticism of Google’s security patch timelines, emphasizing collaboration with a partner that provides earlier vulnerability fixes.
  • Support for existing Pixel devices will continue until their end-of-life, with ongoing evaluation for Pixel 11 support; the OEM’s identity remains unconfirmed, with speculation about brands like Nothing.

Walmart Teams Up with OpenAI to Enable ChatGPT Shopping Experience

Walmart collaborates with OpenAI to enable product browsing and purchasing on ChatGPT, expanding AI-driven retail with a catalog including Walmart and Sam’s Club items, accessible via a “buy” button.

  • Walmart partners with OpenAI to enable shopping via ChatGPT, allowing users to browse and purchase products directly within the chat interface.
  • The shopping catalog includes apparel, entertainment, packaged food, and other products from Walmart and Sam’s Club.
  • Users can click a “buy” button to complete transactions, integrating AI-driven commerce into conversational interfaces.

Nvidia CEO Jensen Huang Reports to 36 Executives Amid Organizational Shift

Nvidia CEO Jensen Huang reports to 36 executives as of October 2025, reflecting a potentially strategic shift; he advocates that more direct reports streamline communication and decision-making.

  • Nvidia CEO Jensen Huang has 36 direct reports as of October, down from 55 last year, according to an internal list obtained by Business Insider
  • Huang emphasizes that more direct reports reduce organizational layers and improve information flow; he has previously stated that having many direct reports aids communication
  • Notable direct reports include Ian Buck (CUDA architect), CTO Michael Kagan, and chief scientist Bill Dally; the full list comprises senior and executive vice presidents across key divisions

Spotify Launches Parental Controls to Block Videos, Podcasts, and Explicit Content

Spotify’s parental controls now enable blocking videos, podcasts, explicit lyrics, and specific artists on Family Accounts, improving content management for children and addressing previous filtering challenges.

  • Spotify introduces parental controls to block videos, podcasts, explicit lyrics, and specific artists for Family Account plans, rolling out in the US, UK, and more by October 2025
  • Controls allow parents to manage content visibility, turn off videos and podcasts, and ban individual songs or artists, addressing previous ease of disabling explicit filters
  • The new features respond to parental frustrations over unfiltered video content and the difficulty of managing multiple app-specific controls across platforms

CISA Faces Massive Staff Cuts and Reassignments During Government Shutdown

The Trump administration reduced CISA staff by nearly 1,000 through layoffs and reassignments amid the government shutdown, with many employees redirected to immigration enforcement agencies.

  • Nearly 1,000 CISA employees have been laid off or reassigned since the start of the 2025 government shutdown
  • 176 DHS employees, including many from CISA, have been laid off; only 889 of remaining staff are cleared to work during shutdown
  • Many employees face management-directed reassignments (MDRs) to agencies like ICE, Customs and Border Patrol, FEMA, and the Federal Protective Service, often under tight deadlines

EU’s EES Launch Faces Technical Failures and Delays at Prague Airport

EU’s EES launched on October 12, 2025, faced technical failures causing 90-minute delays; system mandates biometric registration for non-EU travelers, with gradual implementation across Schengen.

  • EU’s biometric Exit/Entry System (EES) launched at Prague Airport on October 12, 2025, experiencing widespread malfunctions and manual processing delays
  • Equipment failures caused queues up to 90 minutes; initial system activation issues led to manual border checks for non-EU travelers
  • EES requires travelers aged 12+ from non-EU countries to register fingerprints, facial biometrics, and passport data, with a three-year record validity; rollout is ongoing across Schengen countries until March 2026

Microsoft Launches Free AI Tools for Washington Schools to Bridge Opportunity Gap

Microsoft’s Elevate Washington program offers three years of free AI tools to all Washington schools, aiming to bridge regional AI usage disparities and promote AI literacy amid concerns over AI’s impact on academic skills.

  • Microsoft announced the Elevate Washington program, providing three years of free AI tools, including Copilot Studio, to all school districts and community colleges in Washington state.
  • The initiative aims to address the “opportunity gap” by increasing AI adoption in eastern Washington, where AI usage is currently lower than in the western regions.
  • High school students will receive three years of free access to Copilot Chat, Microsoft 365 desktop apps, Teams for Education, and Learning Accelerators; community college students will get 12 months of Microsoft 365 Personal and Copilot integrations.

Microsoft Warns of Security Risks from Shadow AI in Workplaces

Microsoft warns of security and data risks from Shadow AI, with 71% of UK employees using unapproved tools; promotes BYOC to ensure enterprise-grade AI security.

  • Microsoft warns of risks associated with employees bringing personal AI tools (“Shadow AI”) into workplaces, circumventing IT policies.
  • 71% of UK employees have used unapproved consumer AI tools at work; 51% continue to do so, mainly for drafting, reports, and finance tasks.
  • 32% of respondents are concerned about data privacy; 29% worry about IT security; 41% use Shadow AI due to familiarity from personal use.
  • Microsoft promotes “Bring Your Own Copilot” (BYOC) initiative, encouraging employees to use personal Microsoft 365 Copilot subscriptions at work.
  • The report highlights unmanaged AI tools pose security and data risks but ends with an optimistic view, noting over half of employees feel positive about AI’s workplace potential.
  • Microsoft emphasizes that enterprise-grade AI, with proper security, is essential for workplace use, as per Darren Hardman, CEO of Microsoft UK & Ireland.

Oracle Issues Emergency Patch for Critical E-Business Suite Vulnerability Amid Clop Attacks

Oracle issued an emergency update for E-Business Suite to fix CVE-2025-61884, a remote, unauthenticated vulnerability with CVSS 7.5, amid ongoing Clop-linked attack campaigns.

  • Oracle released an emergency patch for E-Business Suite addressing CVE-2025-61884, a flaw with CVSS score 7.5 affecting Runtime UI component
  • The vulnerability allows remote, unauthenticated access to sensitive resources, exploited without authentication over the network
  • The patch follows a recent zero-day fix linked to the Clop ransomware campaign, which targeted Oracle EBS since July 2025, with ongoing exploitation risks

Protest Against Windows 10 End Support Sparks Calls for Longer Updates

Protest outside Microsoft Brussels highlights opposition to Windows 10 support ending October 14, criticizing forced obsolescence; Microsoft cites security and sustainability goals, with ongoing security improvements in Windows 11.

  • Protesters staged a civil demonstration outside Microsoft’s Brussels office on October 14, opposing the end of Windows 10 support.
  • Support for many Windows 10 versions ended on October 14, affecting millions of devices unable to upgrade to Windows 11 due to hardware requirements.
  • Campaigners, including Right to Repair Europe, criticize Microsoft’s decision for rendering functional PCs obsolete and advocate for 15 years of software updates, repairability, and anti-obsolescence regulations.

Salesforce’s Agentforce 360 Promotes AI Helpers to Boost Efficiency and Cut Costs

Salesforce unveiled its Agentforce 360 platform at Dreamforce 2025, promoting AI agents as helpers that improve efficiency and save costs, despite high failure rates and ongoing risks.

  • Salesforce CEO Marc Benioff announced the “agentic era” at Dreamforce 2025, emphasizing AI as helper, not replacer
  • Salesforce’s Agentforce 360 platform, now generally available, integrates AI agents, Data 360, Customer 360 apps, and Slack for enterprise use
  • AI agents have approximately 70% failure rate; Salesforce claims AI saves $100 million annually in customer service and improves efficiency, e.g., Reddit deflected 46% support cases and reduced response times from 8.9 to 1.4 minutes

▶️ Technology

Finetuned HuBERT Model Maps English Accents in 3D Space

A finetuned HuBERT model with 94.6M parameters clusters English accents in latent space, revealing geographic and social influences over linguistic taxonomy, aiding pronunciation tool development.

  • The model finetunes HuBERT with 94.6 million trainable parameters, using raw audio (16kHz) as input, with 12 transformer layers and a classification head.
  • Trained on 30 million speech recordings totaling 25,000 hours of English speech over approximately one week on A100 GPUs.
  • Uses UMAP for 3D latent space visualization, reducing 768-dimensional embeddings to analyze accent clustering and relationships.

Researchers demonstrate Pixnapping Android attack bypassing security patches

Researchers demonstrated Pixnapping, a side channel attack on Android that extracts 2FA codes and private messages by timing pixel rendering, bypassing recent security patches on Pixel and Galaxy S25.

  • The Pixnapping attack exploits a side channel in Android to covertly read sensitive on-screen data, including 2FA codes and private messages, without requiring permissions.
  • The attack involves three steps: invoking target app visual content, performing pixel-level graphical operations, and timing measurements to infer pixel colors.
  • Google released mitigations in September 2025, with additional patches in December 2025; however, a modified attack can bypass these updates, and the attack has demonstrated success on Google Pixel and Samsung Galaxy S25 devices.

New LLMs Excel at Character Tasks and Decoding Challenges

Recent LLMs like GPT-5 and Claude 4.5 show significant improvements in character-level text manipulation, decoding Base64 and ciphered texts, and performing complex character operations reliably.

  • Newer LLMs (GPT-5, Claude 4.5) demonstrate improved ability to handle character-level tasks, such as counting characters and manipulating individual characters.
  • GPT-4.1 reliably counts characters and identifies specific characters; GPT-5 models perform well even without reasoning.
  • In Base64 and ROT20 decoding tests, GPT-5 and related models successfully decode out-of-distribution, gibberish, or encoded texts, indicating understanding beyond pattern memorization.

AI Risks Are Misunderstood: Training Data, Not Code, Causes Unpredictable Behaviors

The article explains that AI systems are fundamentally different from regular software, with vulnerabilities arising from training data and unpredictable behaviors, challenging traditional debugging and safety assumptions.

  • The article argues that public understanding of AI risks is based on misconceptions rooted in regular software assumptions.
  • Modern AI systems differ fundamentally from traditional software: vulnerabilities stem from training data, not code mistakes, and behaviors are unpredictable.
  • AI bugs are caused by training data issues in datasets exceeding trillions of words, making pinpointing and fixing bugs impossible; behaviors are not reliably fixable or repeatable.

AI Bubble Fueled by Tech Giants Lacks Consumer and Cultural Impact

Despite signs of an AI bubble driven by major tech companies like Nvidia and Microsoft, it lacks the widespread consumer engagement and cultural indicators typical of previous economic bubbles.

  • Experts suggest we are likely in an AI bubble, with OpenAI and other tech giants fueling inflated valuations.
  • Unlike past bubbles (dot-com, housing, crypto), AI’s current impact is concentrated within large corporations, not widespread consumer participation.
  • Public perception and cultural cues do not yet reflect the typical “bubble” atmosphere, with AI remaining a niche industry focus rather than a mass-market phenomenon.

AI Boosts US Economy in 2025, Shields from Recession Risks

AI sector’s growth has significantly supported US GDP (~0.6-1%) in 2025, potentially shielding the economy from tariff impacts; a sector crash could threaten economic stability and political outcomes.

  • The U.S. economy remains resilient despite manufacturing decline, weak payrolls, and recession-level consumer sentiment, with GDP growth around 2-2.5% in late 2025.
  • AI-related spending is estimated to have contributed approximately 0.6-1% annualized GDP growth in the first half of 2025, offsetting negative effects of tariffs and economic sluggishness.
  • Over 80% of US stock gains in 2025 are attributed to AI companies, with Nvidia, Microsoft, and Apple comprising more than 20% of the S&P 500 market cap; AI sector may be a critical economic buffer.

U.S. Manufacturing Declines as AI Industry Booms with Record Investments

U.S. manufacturing is in decline amid a booming AI industry, with manufacturing jobs down 6% since 2021 and AI investments, including data centers, rising sharply, signaling diverging economic trajectories.

  • The U.S. manufacturing sector has lost over 6% of its workforce since 2021, with 78,000 jobs lost in the year ending August 2025, and investment falling 6% before July 2025.
  • Artificial intelligence has seen unprecedented investment, with data center and AI hardware shipments up 64% year-to-date and data center investment increasing nearly 37% in the first half of 2025.
  • Despite tariffs and policies to support manufacturing, the sector remains in decline, while AI-related investments and data center construction surge, with tens of billions invested through the Chips Act of 2022.