Alvaro Lopez Ortega / 2025-11-16 Briefing

Created Sun, 16 Nov 2025 22:04:03 +0000 Modified Mon, 17 Nov 2025 03:04:13 +0000
3412 Words

Today’s headlines highlight significant cybersecurity challenges faced by websites from sophisticated scraping attacks, the U.S. approval for South Korea to construct nuclear submarines at U.S. shipyards, Tata Motors’ massive $2.4 billion loss from a cyberattack, and groundbreaking advancements in AI such as DeepMind’s focus on cosmic goals and the shift towards world models amid industry disagreements.

▶️ Internet Infrastructure

Website Faces Scraping Attacks From Alibaba IPs and Spoofed Headers

The site faced severe scraping attacks from IPs like 47.79.0.0/16, mainly hosted by Alibaba Singapore, revealing challenges in bot detection and reliance on spoofable user agents, prompting considerations for moving hosting or implementing advanced anti-bot measures.

  • Website was temporarily knocked out by scraping bots, with Fail2ban and iptables struggling to block IP range 47.79.0.0/16 from Alibaba (US) Technology Co., Ltd.
  • User agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36 is spoofable, complicating bot detection.
  • Increased traffic from spoofed Referer headers from sites like bioware.com, mcdonalds.com, and microsoft.com suggests attempts to inflate hit counts.

Cloudflare Zero Trust Tunnels Enable Secure Network Access and Exposure

Cloudflare Zero Trust tunnels, configured with cloudflared, enable private network access and public service exposure through DNS, routes, and access policies, enhancing NAT traversal and security.

  • Cloudflare Zero Trust uses cloudflared to create tunnels, routes, and targets for private network access and public exposure
  • Tunnels are deployed on infrastructure (e.g., routers, servers, Kubernetes pods) to route traffic based on hostname configurations
  • Access policies enable granular control, including login methods, email restrictions, and bypassing login when connected via Warp

Ken Thompson’s 1983 Reflection on Trusting Trust Reconfirmed

Ken Thompson’s 1983 paper “Reflections on Trusting Trust” shows how a self-reproducing compiler can secretly insert backdoors; recent reproduction confirms its simplicity and security implications.

  • Ken Thompson’s 1983 Turing Award lecture demonstrated how to modify a C compiler binary to insert a backdoor into the “login” program without source code traces
  • The backdoor code, nih.a, was obtained in 2023 and run in a V6 Unix emulator, illustrating a self-reproducing, backdoored compiler with 99 lines of code plus a shell script
  • The backdoor exploits self-reproduction, source code textual substitution, and recognition of specific programs to insert malicious code, highlighting the ease of such attacks and the importance of trusted build processes

U.S. Allows South Korea to Build Nuclear Submarines at Philadelphia

U.S. approval enables South Korea to build nuclear submarines at Philadelphia shipyards, marking a shift from conventional designs, with a 10+ year development timeline and over 5,000-ton displacement.

  • U.S. President Donald Trump announced on October 29, 2025, that South Korea is authorized to build nuclear submarines on U.S. soil at Philadelphia shipyards.
  • Hanwha invested an additional $5 billion in modernization of the Philadelphia shipyards, which are currently only equipped for commercial vessel construction.
  • The program’s start date is undecided; construction is estimated to take over 10 years, with a planned displacement exceeding 5,000 tons and at least four submarines.

Tata Motors Loses $2.4 Billion in Cyberattack on Jaguar Land Rover

Tata Motors reported a $2.4 billion loss from a cyberattack on Jaguar Land Rover, causing £196 million in costs and revenue drops, emphasizing growing cybersecurity risks in automotive industry.

  • Tata Motors, owner of Jaguar Land Rover, incurred approximately £1.8 billion ($2.4 billion) in costs due to a cyberattack that disrupted UK production.
  • The attack led to exceptional costs of £196 million ($258 million) and a revenue decline from £6.5 billion to £4.9 billion ($8.5bn to $6.4bn) for the quarter ending September 30th.
  • The company’s financial results were partially offset by increased sales in India; the attack highlights rising cyber threats to automotive manufacturing.

OpenBSD: A Security-Focused UNIX-Like OS Supporting 10+ Architectures

OpenBSD, a security-focused UNIX-like OS since 1995, supports 10+ architectures, offers ~12,000 binary packages, and provides extensive server and workstation features, emphasizing simplicity and security.

  • OpenBSD is a free UNIX-like OS forked from NetBSD in 1995, emphasizing portability and security, supporting over 10 hardware architectures.
  • It offers open source code, freely downloadable installation media, compatibility with virtualization platforms (Qemu, KVM, VirtualBox, VMware, bhyve, vmd), and a comprehensive package repository (~12,000 packages for amd64 and arm64).
  • Features include security innovations (privilege separation, pledge(2), unveil(2)), server roles (firewall, router, bastion, DHCP/DNS, web, mail), workstation software (Xorg, window managers, terminal emulators, editors), and simplified system management via /etc/rc.conf.local, rcctl(8), and package tools (pkg_add, pkg_delete, syspatch, sysupgrade).

▶️ Open Source

AsciiMath: Easy Math Markup Language with MathJax Support

AsciiMath is an easy-to-write markup language for mathematics, supporting rendering through MathJax or JavaScript, with syntax for symbols, functions, Greek letters, grouping, accents, arrows, and matrices.

  • AsciiMath is a markup language for mathematical notation designed for easy writing and rendering.
  • Supports rendering via MathJax with a recommended default configuration or by loading its JavaScript file directly.
  • Syntax includes symbols, functions, Greek letters, grouping, accents, arrows, and matrices, with specific notation for subscripts, superscripts, and complex expressions.

Heretic: Automated Censorship Removal for Transformer Language Models

Heretic automatically removes censorship from language models using directional ablation with optimized parameters, achieving high-quality decensored models with minimal damage to original performance.

  • Heretic is an automated tool for censorship removal in transformer-based language models, utilizing directional ablation and parameter optimization.
  • It co-minimizes refusals and KL divergence to produce decensored models that retain original capabilities, achieving comparable refusal suppression with lower KL divergence.
  • Supports most dense models, including multimodal and MoE architectures, but not SSMs/hybrid models or certain attention systems; evaluation on Hugging Face models is available.

pgFirstAid: Open Source PostgreSQL Health Checks with Actionable Insights

pgFirstAid is a GPLv3-licensed PostgreSQL function offering prioritized health checks (e.g., missing primary keys, table bloat) with actionable recommendations, supporting PostgreSQL 10+ and no external tools.

  • pgFirstAid is an open source PostgreSQL function providing prioritized health check actions
  • Contains 12+ built-in checks covering performance and stability issues with severity ranking
  • Outputs include remediation steps and links to PostgreSQL documentation, requires no dependencies

Nolan Lawson Declares End of Small Open Source Libraries Like Blob-Util

Lawson argues that the era of small, low-value open source libraries like blob-util is over due to Node.js, browser APIs, and AI-generated code, shifting focus to larger, niche projects.

  • Nolan Lawson’s most popular npm package, blob-util, has over 5 million weekly downloads after nearly 10 years.
  • blob-util provides utilities for working with Blob in JavaScript, primarily to teach developers how to handle binary data.
  • With 80% of developers now using AI in their work, tools like Claude can generate Blob utilities, reducing the need for small, low-value open source libraries.

Zigbook Launches Project-Based Zig Course Focused on Software Philosophy

Zigbook provides a comprehensive, project-based Zig language course emphasizing software philosophy, accessible via an interactive terminal at zigbook.net.

  • Zigbook offers a 61-chapter, project-based course designed to teach the Zig programming language
  • Emphasizes a philosophical approach to software development beyond syntax learning
  • Developed by @zigbook, with an interactive terminal interface for hands-on learning

▶️ Software Development

Applying Garbage Collection Principles to Optimize ProseMirror Incremental Parsing

Patrick Dubroy applies garbage collection concepts, specifically reference counting, to efficiently identify unshared nodes during incremental parsing in Ohm-based ProseMirror updates, inspired by the 2004 paper A Unified Theory of Garbage Collection.

  • Patrick Dubroy discusses applying garbage collection principles to optimize incremental parsing in ProseMirror using Ohm.
  • Implements reference counting to identify nodes not reused after document edits, avoiding full traversal.
  • Based on insights from the 2004 OOPSLA paper A Unified Theory of Garbage Collection, viewing tracing and reference counting as dual approaches.

▶️ Management and Leadership

Researchers Question Anthropic’s Claim of 90% Autonomous AI-Driven Cyberattacks

Researchers question Anthropic’s claim that AI-driven cyberattacks using Claude were 90% autonomous, citing low success rates, reliance on traditional tools, and AI hallucinations limiting real-world threat potential.

  • Anthropic reported observing the “first reported AI-orchestrated cyber espionage campaign” using Claude AI to automate up to 90% of attack tasks, with minimal human intervention.
  • Outside researchers questioned the significance, noting low success rates, reliance on existing open-source tools, and AI hallucinations that limit operational effectiveness.
  • Anthropic acknowledged limitations, including AI overstatement and fabricated data during autonomous operations, requiring manual validation to ensure attack accuracy.

Archimedes: Python Framework for C Code Generation in Embedded Control Systems

Archimedes is a Python framework that generates optimized C code from NumPy models for embedded control systems, supporting simulation, optimization, autodiff, and hierarchical data structures.

  • Archimedes is an open-source Python toolkit for hardware control system development and analysis, enabling automatic C code generation from NumPy.
  • It supports codegen for nonlinear optimization, ODE integration, Jacobian computation, and hierarchical data structures, leveraging CasADi for symbolic computation.
  • The framework aims to bridge Python’s flexibility with embedded deployment efficiency, facilitating workflows from modeling to hardware deployment.

UK to Build First Small Modular Reactor at Wylfa by 2030s

The UK will build its first small modular reactor nuclear power station at Wylfa, Anglesey, with £2.5bn government funding, aiming for mid-2030s operation, providing power for three million homes.

  • Wylfa nuclear power plant in Anglesey will host the UK’s first three small modular reactors (SMRs), with potential for up to eight, starting construction in 2024 aiming for mid-2030s power generation.
  • The project, led by publicly owned Great British Energy-Nuclear, involves a £2.5bn UK government investment and could supply approximately three million homes.
  • SMRs use nuclear reactions to generate heat for electricity, are about one-third the size of traditional reactors, and are built modularly in factories, with final contracts expected later this year.

Companies Hire Human Managers for AI Agents to Enhance Workflow Automation

Companies are increasingly hiring human managers for AI agents, requiring technical skills for training and oversight, as AI-driven management roles emerge with lower experience barriers.

  • Companies are hiring humans to manage AI agents to improve workflows and task automation.
  • Managing AI agents may require less experience than managing humans but demands higher technical skills.
  • The role of managing AI agents involves training, reviewing behavior, and designing workflows, with a focus on intentionality and oversight.

Robinhood CEO Embraces Luddite Approach Amid Growth and New Platform Plans

Robinhood CEO Vlad Tenev described adopting a more Luddite approach amid growth, as the company announced new features and plans to launch Robinhood Social, a finance-focused social platform, in early 2026.

  • Robinhood CEO Vlad Tenev stated he is becoming “more of a Luddite” as the company’s operations expand
  • Robinhood announced new products and platform features in September, including extended index options trading and increased investment account options
  • The company is developing Robinhood Social, a finance-focused social media platform, with a beta launch for 10,000 users in Q1 2026

Tesla Layoff Sparks UC Davis Student’s Resilience and Support Initiative

Arlina Yang’s Tesla internship was rescinded during a major layoff, prompting her to develop resilience, launch Career Now supporting 73,000 students, and emphasize job security volatility in Big Tech.

  • Arlina Yang, a UC Davis student from Taiwan, had her Tesla 2024 internship rescinded in summer 2024 amid a company layoff affecting over 14,000 employees
  • The layoff prompted her to question her belonging in Big Tech and recognize her resilience, leading her to create the Career Now newsletter to support over 73,000 students
  • She applied to approximately 500 jobs (250 before and after Tesla) and now works as a content marketing intern at Siemens, planning to study abroad in Europe

TLTF Summit highlighted the legal industry’s shift toward AI integration, with firms adopting new models, outside funding, and restructuring to meet client demands and technological advancements.

  • TLTF Summit in Austin discussed AI adoption in law firms, emphasizing use over fear, with panels on staffing, ownership, and shadow IT.
  • Law firms’ partnership structure and billable-hour model hinder technology investment; client demand is accelerating AI adoption.
  • Outside capital via MSOs and private equity is increasingly used to fund AI and tech initiatives; law firm models are shifting toward leaner structures with fewer junior lawyers.

Goldman Sachs Questions Sustainability of Cure-Based Biotech Business Models

Goldman Sachs’ April 10 report questions the long-term sustainability of biotech business models based on cures, citing declining revenues from hepatitis C treatments and proposing targeted markets and innovation strategies.

  • Goldman Sachs’ April 10 report questions if curing patients is a sustainable business model in biotech.
  • The report highlights that “one shot cures” from gene therapy and gene editing reduce recurring revenue, challenging long-term cash flow.
  • Gilead Sciences’ hepatitis C treatments peaked at $12.5 billion in 2015, now projected to fall below $4 billion in 2023, as cures decrease the incident pool of treatable patients.
  • The report suggests three strategies for biotech firms: target large markets (e.g., hemophilia at $9-10bn), address high-incidence disorders (e.g., SMA), and pursue constant innovation and portfolio expansion to offset declining revenues.

Server-Side Technique Blocks LLM Crawlers Without JavaScript

Implements a server-side method to block LLM crawlers by serving a challenge page with hidden links, cookies, and redirects, avoiding JavaScript reliance and minimizing false positives.

  • Proposes blocking LLM crawlers without JavaScript by using a “poisoned path” in robots.txt and server-side responses
  • Uses a hidden link and meta refresh in server responses to challenge crawlers, setting cookies like slop=1 and validated=1
  • Requests to /heck-off/ set slop=1, and to /validate/ set validated=1 with redirect; blocking occurs if slop cookie is present, allowing if validated is set

Hyundai Ioniq 5 N Brake Pad Replacement Requires Professional Diagnostic Tools

Replacing brake pads on a Hyundai Ioniq 5 N necessitates professional diagnostic tools and credentials due to electronic parking brake controls, restricting DIY repairs despite basic maintenance being traditionally simple.

  • Replacing brake pads on a 2025 Hyundai Ioniq 5 N requires access to Hyundai’s proprietary GDS or J2534 diagnostic tools.
  • Hyundai’s official repair procedure mandates placing rear calipers in service mode via secure diagnostic systems, with access restricted to licensed professionals.
  • Hyundai supports J2534 standard with recommended hardware (CarDAQ Plus 3, MTS 6531, d-briDGe PRO) costing between $800 and $2,000, plus a $60/week subscription for software; NASTF credentialing is required for access.

Apple Lowers Mini App Commission to 15% in iOS App Ecosystem

Apple’s new 15% fee on mini apps inside iOS apps, including Tencent’s WeChat mini-programs, formalizes revenue sharing, supporting HTML5/JavaScript and aiming to expand mini app adoption globally.

  • Apple reduced its commission to 15% on transactions within mini apps embedded in other iOS apps, including WeChat mini-programs.
  • The deal with Tencent allows Apple to take a 15% cut from WeChat mini-game and mini-app sales, which earned Tencent $4.5 billion (32.3 billion yuan) in Q3 2025.
  • The Mini Apps Partner Program enables developers to earn 85% of In-App Purchase revenue within qualifying mini apps, supporting HTML5 and JavaScript, with requirements for age declaration and commerce APIs.

Peter Thiel Dumps Nvidia Stocks Amid AI Bubble Warnings

Peter Thiel exited Nvidia amid AI hype concerns, warning of a bubble similar to 1999, while shifting his portfolio toward diversified tech giants like Microsoft and Apple.

  • Peter Thiel fully exited his Nvidia (NVDA) position in Q3, selling 537,742 shares (~40% of portfolio).
  • Thiel warns of an AI hype bubble, comparing current enthusiasm to 1999’s excessive optimism.
  • His fund reduced equity holdings from $212 million in Q2 to $74.4 million in Q3, consolidating around Microsoft, Apple, and Tesla.

▶️ Technology

Enhancing Rust’s Type System for Safe Self-Borrows and Async Functions

The article explores how Rust could support self-borrows and safe async functions by extending its type system with named, inconceivable types, lifetime tokens, and in-place transmutes, enabling safe, zero-cost code.

  • The article proposes a hypothetical extension to Rust’s type system to support self-borrows and safe async functions.
  • It suggests introducing named types for unnameable and inconceivable types, including partial moves, borrowed types, and lifetime tokens.
  • The proposal includes syntax for lifetime naming (life, end, bind) and in-place transmutes based on memory layout guarantees.

Britney Spears’ Fun Guide to Semiconductor Lasers and Fabrication

Britney Spears’ webpage (link) provides an overview of semiconductor physics, emphasizing laser components, quantum wells, and fabrication techniques, with detailed technical links.

  • Britney Spears is humorously presented as an expert in semiconductor physics, focusing on laser components.
  • The webpage covers fundamentals such as semiconductor basics, crystal structures, junctions, quantum wells, radiative recombination, and carrier transport.
  • Specific topics include edge-emitting lasers, VCSELs, photonic crystals, fabrication processes, photolithography, and related references.

Brimstone: Rust-Based JavaScript Engine Achieving 97% ECMAScript Support

Brimstone is a Rust-based JavaScript engine supporting most ECMAScript features, featuring a bytecode VM, custom RegExp, and extensive spec compliance, with ongoing development.

  • Brimstone is a JavaScript engine written in Rust, supporting over 97% of ECMAScript as of 2025
  • Implements a bytecode VM, custom RegExp engine, garbage collector, and nearly all built-in objects
  • Inspired by V8 and SerenityOS’s LibJS, with minimal dependencies, notably ICU4X

Apple Reshapes iPhone Launches and Features with iPhone Air 2, iPhone 18 and Satellite Tech

Apple’s iPhone roadmap includes the iPhone Air 2 and iPhone 18, with a shift to less reliance on annual fall releases, delayed Mac Pro development, and new satellite features; Tesla CarPlay support is also upcoming.

  • Apple plans a major redesign of the iPhone, including new features and a revised release schedule, moving away from the traditional annual fall launch.
  • The iPhone 18 is expected to debut in 2026, with the iPhone Air 2 and other models also in development.
  • The Mac Pro’s development is delayed, and Apple is focusing on satellite-powered features and support for third-party apps like Tesla’s CarPlay, which is being integrated into Tesla vehicles.

AI Growth Threatens Privacy; Data Control Measures Needed

AI’s growth risks eroding privacy through extensive data collection and surveillance; implementing data portability and control systems inspired by historical privacy reforms could mitigate these threats.

  • The article warns that AI advancements threaten personal privacy by increasing data collection, surveillance, and potential misuse.
  • AI technologies like facial recognition, emotion tracking, and chatbots are collecting highly sensitive personal data, including conversations and health information.
  • Existing privacy laws (e.g., GDPR, CCPA) are insufficient to address the scale and complexity of AI-driven data collection and exploitation.

DeepMind CEO Demis Hassabis Focuses on Cosmic AI Goals Over Profits

Google’s DeepMind CEO Demis Hassabis seeks cosmic, scientific AI breakthroughs over profits, leading to innovations like Gemini and AlphaFold, with long-term goals of AGI and universal assistance.

  • Demis Hassabis, Google DeepMind’s top AI executive, emphasizes profound, cosmic, philosophical goals over short-term profits, aiming to unlock universal secrets through AI.
  • Since Google’s 2014 acquisition of DeepMind for approximately $650 million, Hassabis has prioritized long-term scientific research, including winning a Nobel Prize for AlphaFold’s protein structure predictions.
  • Google has launched AI products like Gemini, an advanced chatbot improving search and ranking, and Nano Banana, an AI photo editor with 13 million users in four days; DeepMind’s revenue is over $7.8 billion (2019-2024) from internal Google platform use, with no external sales.

Only Chatbots, Code Tools, and AI Agents Succeed in Current AI Market

Only chatbots, code completions, and AI agents currently work effectively; feeds and AI-driven games show potential but are not yet proven at scale.

  • Only three types of AI products currently succeed: chatbots, completion-based coding tools, and agentic products, with success primarily in coding.
  • Chatbots like ChatGPT dominate general-purpose use; niche products like explicit roleplay chatbots exist but face competition from large labs.
  • Completion products such as GitHub Copilot enable AI-assisted coding without conversational interfaces; research and agentic products are emerging.
  • AI agents, capable of executing multi-step tasks independently, have gained traction in coding and research, with potential in law and other fields.
  • AI-generated infinite feeds and video games are promising but not yet commercially successful; image generation remains more of a toy than a core product.

Yann LeCun Plans to Leave Meta Over AI Disagreements and Focus on World Models

Yann LeCun, a foundational AI researcher, criticizes large language models and plans to leave Meta to develop startup-focused world models, believing they better advance AI technology.

  • Yann LeCun, a pioneer in AI and inventor of key components of modern machine learning, has been increasingly sidelined at Meta due to differing views on AI development.
  • LeCun, critical of large language models (LLMs), advocates for “world models,” which he believes are more promising for advancing AI.
  • Reports indicate LeCun may leave Meta to launch a startup focused on world models, diverging from Meta’s current emphasis on LLMs.

The Security Flaws and Privacy Risks of Surveillance Cameras

Benn Jordan’s video analyzes security vulnerabilities, limited efficacy, and privacy risks of surveillance cameras, highlighting systemic flaws and resistance efforts.

  • The YouTube video titled “The Cameras Tracking You = A Security Nightmare” was uploaded by Benn Jordan on November 16, 2025, with 198,026 views.
  • The video discusses vulnerabilities, efficacy concerns, and resistance related to widespread surveillance cameras.
  • It includes chapters on security flaws, questionable effectiveness, and potential compromises in surveillance systems.