The Register

INTERVIEW Gregory Kurtzer, CentOS's founder, tells the story of how the Red Hat Enterprise Linux clone was born of a small group of rebuild hackers and Linux fans who were angry that Red Hat Enterprise Linux had replaced Red Hat Linux and convinced they could do better. Back in 2003, Linux fans were ticked off at Red Hat because they were replacing the end-user-friendly Red Hat Linux with the business-oriented Red Hat Enterprise Linux (RHEL). It was a smart move for Red Hat, but users were pissed when then Red Hat CEO, Matthew Szulik, said that for home users, Windows was probably "the right product line." Yeah. That went over about as well as you'd expect. In the meantime, Gregory Kurtzer had no plans to start building a Linux distribution, he says. He came out of biochemistry and genomics, where compute‑hungry (Basic Local Alignment Search Tool) (BLAST) jobs were chewing through early SGI systems. One day, his business partner suggested they try Linux. "He said there was this thing called Linux, he wanted to try, and I thought he was mispronouncing Unix," Kurtzer tells The Register. They drove to Fry's, "bought a ton of hardware," and discovered that a free operating system downloaded off the internet could run serious scientific workloads. It wasn't the price that blew his mind, says Kurtzer. What hooked him was realizing that "many, many thousands of people [were] collaboratively working all over the world on a common software project… actually creating something of massive amounts of value." He became "enamored with open source in general, but Linux as a platform," and started looking for ways to contribute. When he landed at the Department of Energy's Berkeley lab, the environment was standardized on Red Hat. He says he missed Debian's ecosystem and apt so much that he began asking why there was "no community around the Red Hat type ecosystem or the RPM-based ecosystem." The answer he kept hearing was that Red Hat owned that space. His answer was Caos [Community Assembled Operating System]. The idea was "to be basically a Debian-like alternative for RPM-based distributions of Linux." Caos used Red Hat as a base. "Glibc came out of Red Hat, for example, right, but we used the upstream kernel and then extended it with a community‑driven package universe." He formalized the effort as the Caos Foundation, a 501(c)(3) non‑profit. Caos might have stayed a small Linux distro like so many others, but when Red Hat ended the classic Red Hat Linux line in favor of RHEL, it picked up steam. Kurtzer recalls that the community had grown up on free Red Hat Linux CDs, and the move landed badly: "Linux is a community project, it's freely available, and it should remain freely available, so a lot of people didn't like that notion at the time." By then, there was already a Red Hat "rebuild" mailing list where multiple groups were experimenting with re‑compiling Red Hat's source packages into community distributions.uKurtzer tell is: "VA Linux was doing this, along with an HPC company called Atipa, which is where early CentOS developer Rocky McGaugh worked… and there were a few others." Rocky, later immortalized in the name Rocky Linux, was part of that loose coalition, maintaining his own rebuilds. The list also included John Morris, who'd create White Box Enterprise Linux, and David Parsley, who would launch Tao Linux. The first RHEL clone to break out wasn't CentOS; John Morris's White Box Enterprise Linux, not CAOS or CentOS, was first. "He released White Box Enterprise Linux, and Slashdot went crazy for it," Kurtzer remembered. Sudden success became a burden. Morris "got way more visibility and attention and responsibility than… he was ready to take on" and didn't want to "take on the weight of the world in terms of infrastructure." The Caos folks, by contrast, already had build and mirror infrastructure: "we already have our own builders, we already have our own infrastructure… we were already ingesting packages from… Red Hat Linux [and] Red Hat Enterprise Linux." "So a couple members of the Caos team said, well, we're already kind of doing a lot of this… It's like, well, this actually makes sense, because we can then leverage those same binaries… and let's start this project, and so CentOS kind of came out of everything that was happening at the time." Then the Red Hat clones were more collaborative than competitive: "We were generally all very collaborative… we were all kind of on the same IRC list, so when any of us had a bug on rebuilding a package or issue, we all kind of worked together." Where Caos had an edge was scale. "We actually had a number of people already associated with it. We already had a critical mass… so it was not that big of a lift for us to properly support this," Kurtzer says. Parsley ultimately "ran Tao Linux… for quite a while before finally retiring the project, and then telling his users basically to go… over to CentOS," complete with a "nice transition plan." White Box and Tao quietly funneled users and expectations into the emerging CentOS brand. Even the version numbers reflect CentOS's pragmatic roots. "CentOS 3 was developed almost completely by Rocky," Kurtzer adds. "We started CentOS version 3 before version 2, and there was never a 1, right, because… There was never a version 1 of RHEL either." CentOS 3 arrived on stage on March 19, 2004. The community went where the demand was. "We identified that the first and most pressing need was around version 3, so Rocky started with version 3. That focus, combined with Caos's infrastructure and the consolidation of smaller rebuilds, turned CentOS into the RHEL clone that stuck." For its early life, CentOS lived under the Caos Foundation umbrella. By the CentOS 4 timeframe, in 2005, the projects split. Kurtzer says, "At about the release of… CentOS four… the CentOS project left the Caos Foundation, and it moved on… and we kind of ended up going different directions." He ceded control. "I was no longer the project lead of CentOS at that point, so it was taken over by a guy named Lance Davis," he tells The Reg. Caos continued until around 2007–2008, including a "Node Server Appliance" variant focused on "lightweight high-performance computing systems," but the market was voting with its feet. "Most people wanted the compatibility… that one-to-one compatibility… was incredibly important," he says. CentOS became the canonical RHEL clone; Caos faded into history. How CentOS simply had to exist From the outside, CentOS often gets cast as Red Hat's free rival. Kurtzer sees it differently. Red Hat's subscription model, he contends, practically required something like CentOS to exist. "This choice in the business model has made it very difficult for organizations, and so this is the whole reason why… There was even a need for CentOS," he says. Kurtzer explains that enterprises evolved a two‑tier pattern. "Organizations started running a bisected environment where they ran CentOS on the majority of it, and then they ran Red Hat on a sliver of it, where they needed the most support, where they needed validation, where they needed to know that it's going to work." Without CentOS, he bluntly says: "I believe that most organizations probably would have gone to a Debian and Ubuntu model because nobody's going to pay for support… across their whole environment for a free product." Running Debian or Ubuntu everywhere and RHEL on a small slice doesn't work well, he argues, because "it's an incompatible operating system, so the tooling would be different depending on what side of the infrastructure that they're looking at." With CentOS, they could "run the free product where they can and then only pay for the support where they need to." His conclusion: "I actually truly believe CentOS was very helpful to RHEL overall, given the choice of that particular business model." Asked when CentOS stopped being a niche rebuild and became a default choice, Kurtzer points to a supercomputing conference in Phoenix in the mid-2000s. "I remember being at a supercomputing conference… and I was talking with a vendor… and I remember somebody came up next to me and interrupted the conversation to ask the vendor: 'Why don't they support CentOS?'" It was a turning point. "This is the first time I actually even heard somebody outside of my circle of people actually now start demanding CentOS… and it was somebody I didn't know, and I'm just kind of like, 'wow, that was kind of cool.'" Around the same time, Kurtzer says he and early collaborators met IBM executives there to pitch Caos and CentOS. "Interestingly enough, there was no interest at the time. Another metric of success was seeing technology appear on resumes and in job descriptions. By the mid‑2000s, CentOS was on its way to being more popular than RHEL." By the early 2010s, CentOS was everywhere, but still maintained by a small, unpaid team. When Red Hat moved to sponsor the project in 2014, some read it as a hostile capture. Kurtzer didn't. "The CentOS team was fairly small at this point… and the developers were basically doing heroic feats for the entire community, and not being paid for it." Some things never change in open source, do they? Kurtzer says he thought the deal was fair. "They're giving up their home lives and whatnot… and there were companies out there that were doing very well, basing their infrastructure on it, but also making a ton of money on that, so I thought that this was a really fair option for them to now get hired by Red Hat… and now get paid, and now be… not having to give up their home life." Vendors began calling to ask if CentOS was going away and whether he'd recreate it. "I even had two people from fairly large companies at fairly high rankings… basically say, 'Greg, do you want to recreate CentOS?' And I said, 'no… let's give Red Hat… the benefit of the doubt… and see what happens,'" he recalls. For years, he thinks, Red Hat did "a phenomenal job": release latency improved, documentation and community interaction got better. That's why the CentOS 8/CentOS Stream pivot in 2021 hit so hard. Kurtzer thinks that Red Hat's messaging "was just a complete cluster… nobody, including the people at Red Hat, really knew what they were saying." The community's "general consensus at the time was that CentOS is end of life, and there's this new thing that's replacing it, which is some rolling beta." The blog post announcing the change "got more press… and more comments than any other blog that Red Hat has ever posted… mostly people in the community yelling at Red Hat," and "it was… nasty." By then, Kurtzer was running CIQ, a young high-performance computing (HPC) company building a computing platform on CentOS. They had already asked themselves what would happen if "something happens to CentOS." Their answer was to be ready to help rebuild a RHEL‑compatible distro if needed. Within two hours of the CentOS blog going live, as comments piled up, Kurtzer says, he replied publicly: "Hi everybody, I'm… original founder of CentOS. I'm going to go… recreate CentOS, and I'm hanging out over in this Slack over here… and if anybody wants to join me, I'll be hanging over there, kind of thinking about how to do this." The response was immediate. "Within four to six weeks, we had over 10,000 people join… it took off," he says. The free tier of Slack couldn't cope, "that 10,000 message limit goes in a matter of hours," but it was enough to bootstrap a new community. Teams coalesced around release engineering, testing, development, branding, web work, and even merchandise. "We had T‑shirts, swags, and memorabilia that you can get before we had any code," he laughs. Early shirts read "Rocky Linux" with "early supporter" in brackets underneath. Rocky Linux wasn't the only successor; AlmaLinux and others joined the field, and the usual distro tribalism followed. Kurtzer compares it to sports rivalries: "We just do it around our Linux distribution choices," he says. But he insists the diversity is healthy. "If something happens to Alma, Rocky's here; if something happens to Rocky, Alma is there; if something happens to both of us, Oracle is there; and we have all of these other options to guarantee the stability in the ecosystem." That may be CentOS's real legacy. It proved that a community could rebuild an enterprise OS from source and sustain it long enough for enterprises to standardize on it, and that doing so could actually reinforce, not undermine, the commercial platform it tracked. The clones that followed, from Scientific Linux to Rocky and Alma, are part of the same lineage that began when a few people on a rebuild mailing list decided that Red Hat's sources shouldn't just sit on a server; they should become a truly community Linux again. ®

OPINION In the time zone of the keynote, it's dystopia o'clock. These days, it always is. The fervent CEO prophet strolls around an empty stage, backlit by a giant altar of light on which they display their magic and impart visions of a future that address none of our fears, choosing instead to add to them. The format has as little variation as a church service, the whoops and cheers of the faithful as predictable as psalms. There are no industry awards for keynotes, even the most brazen hype machines can't go that far. Perhaps there should be. Taiwan's Computex had a great selection. Nvidia's Jensen Huang pushed RTX Spark, a repackaging of existing technologies — another keynote staple — as the next PC platform. It'll make local AI ubiquitous, freeing users from reliance on giant minds elsewhere. Or it would, if those giant minds weren't using all the memory you'll need. Pricey thing, privacy. Another, even more delightful dollop of digital darkness came from Qualcomm's Vogon Captain Cristiano Amon. His vision is of omniscient agents constantly monitoring everything you do on every device, combined with the sort of wireless traffic analysis via 5G that outperforms anything GCHQ and the NSA managed in the cold war. "Resistance is futile," he actually said. Which is curiously comforting. It replicates both Sun Microsystem's 1984 "The network is the computer" and the more notorious quote from Sun's then-CEO, Scott McNealy, in 1999 that: "You have zero privacy. Get over it." He, too, actually said it. Sun was defunct ten years later, and we still have privacy worth fighting for. Just. But the They Actually Said It Award in a keynote didn't come from Ol' Taipei, but rather the streets of that upstart city San Francisco. Here, the keynote for Microsoft Build 2026 was in the CEO-as-Ringmaster format, an option if your company does more than a couple of things. Here Satya Nadella, sadly lacking top hat, tails and a spangly waistcoat, wheeled on act after act culled from underlings blinking uncertainly in the LED lights. Yes, there were plenty of moments where things nobody wanted were presented as inevitable miracles. Shrunken models that might actually run in affordable memory because "sorry-not-sorry about the datacenters." Autopilot, an omniscient, omnipresent trickster god of an agent, that watches everything you do and wilfully inserts itself into your reality. A synthetic demo of agents wandering critical power plants gathering vulnerability data and integrating it into corporate IT. Why on Earth would you want a human doing that, anyway? It's all very exciting, and pffft, security is too trivial to mention. Only — OMG — they did mention it. It came late, after the "We've put grep and Homebrew in Windows' fans service." Imagine shipping your OS with a CLI package manager, eh, Apple? Then, at last, agent security took the stage. In fact, there was a live demo of OpenClaw trying desperately to delete all the files on a desktop and failing. "Six months ago, that totally would have worked," they joshed. The reason Microsoft can finally admit that agents are dangerous AF is because it has rediscovered what an operating system actually is and actually does. The thwarted OpenClaw was sandboxed in a Windows MXC container with very detailed permissions about what agents could access, who they could talk to, and so on. If this sounds familiar, it's because MXC marks Microsoft's discovery that agents need an ID that has to operate under rules and needs to be managed. In other words, once you realize that agents are just another kind of user, all the user and process focused protection of a modern OS can be brought to bear. It was sitting there all the time in the OS, because that's what we've had to evolve to keep things safe. Fancy that, eh? None of this is much good as it stands for Qualcomm's unique cyberpunk dreams. Getting access to all of your services wherever you are, on your own terms, is obvious and as old as silicon. The keynote actinic fever dream videos always show such access to be effortless — the Microsoft keynote had Project Solara showing just that — but the MXCification of OpenClaw is anything but. It's a belated admission that trust and control are prerequisites of agent acceptance, and that currently you can only grok that if you know about menu diving through right-click granular system-level settings. The alternative at the moment is the slightly abstracted model for mobile apps, where the user has to tell the OS to grant or deny permissions as requested by the software. Just hitting accept every time is common, dangerous in apps, and devastating with agents. If the industry is serious about agentic AI, let alone multi-platform auto-porting agents, it needs to create and adopt common interfaces that monitor, manage, and protect wherever agents touch the users, user ID and user data. As Microsoft has now actually said, this is what OSes are designed to do. It doesn't fit precisely into the shimmering nightmare future, but it does into one that's moderately shiny and not entirely unwholesome. That's a difficult proposition to work into a 2027 season keynote but what if it was? That would really be worth an award. ®

WHO, ME? Is showing up for work every Monday a mistake? While you ponder that question, dive into a new installment of Who, Me? – The Register's weekly column that shares readers' stories of escaping their errors. This week, meet a reader we'll Regomize as "Evan," who wrote to us from the side of a pool while his kids had a swimming lesson! "I work in test automation as a consultant and for one client I had to record test evidence as video," he explained, adding that the client's test management tool stored the vids. The resulting files weren't individually large, but by the time Evan had recorded 600 of them, managing all those files was starting to get a bit cumbersome. "Removing them manually was far too slow and wasn't feasible," he wrote. So he wrote a script to clean things up all at once. "Obviously this data was important, and I'm not reckless," Evan wrote. He therefore carefully debugged the script using breakpoints. "I stepped through every line, I checked all values, and I could see everything was right. Then I let the code try to delete the one file I was watching." The script deleted that file. And everything else in the container that the test tool used to store videos and plenty of other data. Did we mention this happened in the middle of a project, meaning Evan's action was profoundly unwelcome? Evan reckoned he was probably at fault, but decided not to confess to his client and instead informed them about the data loss and logged a support ticket. The client therefore assumed this incident was an accident and was cool about it. After a week of back-and-forth with support, Evan got good news. His client's support team was able to restore the data from a backup and could not find a reason for the incident. And then came even better news. "They took all ownership of the fault," Evan admitted. "They were very apologetic and said one of their SaaS scripts had gone haywire and deleted the content." Evan therefore escaped blame and carried on consulting – and is clearly doing well enough to pay for multiple kids to have swimming lessons! Have you successfully escaped blame for an error? If so, click here to send an email to Who, Me? It would be a mistake not to share your story so we can present it to your fellow readers. ®

KETTLE El Reg's systems editor Tobias Mann has been in Taipei for the past week getting the skinny on the hottest new chips, and what he's heard has been less about actual hardware announcements and more about how chipmakers are rushing to meet the demands of AI, other customers be damned. Tobias joins host Brandon Vigliarolo to discuss what he noticed at Computex 2026, how AI has taken over yet another industry event, and whether the world is going to have to adjust to new, more expensive hardware that only the biggest datacenter operators and wealthiest consumers are going to be able to afford. Will things stabilize? Will prices return to normal? We're not so sure, to be honest. You can listen to The Kettle here, as well as on Spotify and Apple Music, or read the transcript of the latest episode below. It's been lightly edited for clarity. Brandon (00:01) Fire up the hob, it's time for another episode of The Register’s Kettle Podcast. And we're even more international than usual this week, as our systems editor Tobias Mann has been in Taiwan scoping out this year's Computex conference. If you're curious about what's coming from chip market leaders this year, you've come to the right place. Tobias, it's really good to see you from the other side of the globe. Tobias Mann (00:21) Yeah, a whole twelve hours ahead, right? If I don't have it confused in my head. But it yeah, it's good to be here. Brandon (00:29) Yeah, it's kind of late for you, so we'll try to we'll try to keep this concise so we don't keep you from from some sleep. So I think you filed a number of stories this week about Computex, like quite a few. so talk us through some of the biggest announcements or or news items that have come out of this year's show. Tobias Mann (00:46) Yeah, yeah. It's been a it's been a wild week here in Taiwan and and at least for the first half of it it was sunny and warm rather than the last half, which has been rainy and warm. Brandon (01:00) Well, hopefully that means you've been focusing more on the conference for the second half, right? Tobias Mann (01:05) Well, at least the air conditioning works in the conference center, that's certainly true. We had some we had some interesting announcements, some of which we we we definitely hadn't anticipated. I think the one that everybody had long hoped to see was Nvidia's N1X. This is their kind of Apple silicon competitor, high-end notebook SOC. They're they're finally rolling that out on a Windows platform. And you know, this is something that Nvidia had been rumored to have been working on for for years, but we only started to see inklings of what it could look like last year in some very niche products, and now that silicon is gonna be coming to to notebooks. I think that's the big PC news from Computex. As sad as that might sound, of all the chipmaking stuff we got, that's probably the biggest. Intel had some Brandon (02:01) And that's more like mainly I'm assuming consumer kind of, or are they talking about business notebooks and stuff too? Tobias Mann (02:04) They're spinning it both ways. This is a 20-core CPU with like a 5070 class GPU strapped on to it, with up to 128 gigabytes of unified memory. So this is a very, very high-end chip and it's expected to retail in notebooks that start around three thousand dollars. Brandon (02:18) So we're talking about yeah, high end hardware here. Like you said, it's kind of a Mac an Apple Silicon competitor, so to speak. Tobias Mann (02:33) High end hardware. Right. The funny thing is the chip's not new. So even Nvidia is having to recycle parts to to have something to talk about in the PC sphere. This is a part they announced back at CES in 2025. It was called the GB10, at that time, Grace Blackwell miniaturized super chip. Brandon (02:41) So this is a Blackwell derivative here. Tobias Mann (03:05) Yeah, it initially launched as part of what was originally called Project Digits, and later actually launched to the market as the DGX Spark. This was like an AI development mini PC that we reviewed back in October. Brandon (03:18) I remember when that came out. Tobias Mann (03:22) And so really the silicon is being recycled and what's new is the partnership Nvidia embarked [on] with Microsoft in order to kind of extend Windows support to this platform, and they're working on a bunch of agentic AI integrations into Windows, so maybe Copilot might be worth a damn. It's hard to say. Brandon (03:39) Of of course they are. Yeah. So now is this gonna be, I mean, are these gonna be Microsoft branded machines then? Or is this gonna be something that's available to the to the wider OEM market for PCs? Tobias Mann (03:52) So essentially every major OEM is gonna have some version of this. Whether under the RTX Spark branding. Microsoft will have hardware, they have a Surface product that they're also bringing out with it. But I think that the partnership with Microsoft and Nvidia is largely focused on kind of doing something actually interesting and useful to end users with AI versus, you know, another chatbot, which unfortunately is what most people kind of associate it with with this technology at this point and kind of roll their eyes. Or at least I do anyway. Brandon (04:24) So Microsoft had their – was it Ignite this week? Tobias Mann (04:36) Ignite is later in the year, I think. Build was this week. Brandon (04:42) Right. So at Build this week they announced new autopilots, right? So they're trying to do something useful with that AI, right? Turn it into something that's completely autonomous and always watching everything you do. But that's not what we're here to talk about. I'm sure we could go on about Microsoft and agentic AI being stuffed in everyone's faces for for a while. Tobias Mann (05:02) Right. We we we also got a couple othe announcements this week from Intel that are worth mentioning, at least on the PC side. They had some they had some handheld gaming processors which didn't get a ton of attention, mostly because everything has gotten so much more expensive that it's just kind of like, great, a new thing I can't afford. Brandon (05:25) Right. Yeah, yeah. I mean we'll get to some of the pricing issues a bit a bit later on in the podcast, but that also ties back to, right, the big factor in every trade show right now, and it seems like Computex, based on what I'm reading from what you reported and elsewhere, it was an AI show again this year, right? I mean that's kinda what it seemed like. Everything was being turned toward feeding the great large language model beast. Tobias Mann (05:52) Every conference is an AI conference now. And that includes Computex. Even Nvidia's PC hardware launch was steeped in AI. You just can't escape it. It was, every keynote was AI, AI, AI, whether it was Jensen getting on stage at GTC Taipei because they've gotten too big for Computex, so they have to hold their own conference on the sidelines as well. But everything just came down to artificial intelligence and how it's going to revolutionize the world, and also maybe turn the entire world into a surveillance state if Cristiano Amon has his way. Brandon (06:23) Yeah, what did he say? He was talking about AI agents are going to be inescapable, according to what he said in the story you covered. You were at that keynote, I assume. Tobias Mann (06:55) Yes. That was probably the most dystopian of the keynotes that I caught. And I get the message he's trying to say. He's trying to make the argument that doing AI compute inference in the cloud is just not economically viable. It needs to move down the stack, and that means it needs to move down onto our personal devices, whether that's notebooks and smartphones and, he seems to think we're gonna have AI inference happening in earbuds even. Brandon (07:27) Yeah, I saw that. Glasses, obviously, so that it can watch everything you do. Tobias Mann (07:31) And so I think the creepiest moment in all of it was when he said, basically on the topic of the economics of it all, he said "resistance is futile." It's like this is happening whether you want it or not. But in that same breath starts going on about 6G, because of course this is a you know a big connectivity chipmaker. And how 6G is gonna turn all of us into walking cameras and 6G towers are going to function like radars that let us track everything from bicycles to cars to drones in the sky and…[laughs] Brandon (08:09) Tech leaders always try to spin that as like this thing that's great for data and great for, you know, we're gonna be able to maximize every little thing we do, right? With with for the most efficient XYZ. But it right, they always kind of seem to neglect the fact that I don't think the average person really wants to be tracked by their cell phone towers, even if they don't have a phone. You know, it's it's a little intrusive to put it lightly. Tobias Mann (08:36) I certainly don't want to be tracked. You would think somebody, maybe even Copilot, could have checked over his keynote speech to see if this is it what what is the vibe here? Is it creepy? Yeah, it's kinda creepy. Brandon (08:48) Maybe you should cut this out or rephrase it a little bit. Tobias Mann (08:54) "Resistance is futile." Maybe maybe don't say that part out loud. Brandon (08:57) Yeah, drop the Borg reference, you know? 'Cause I that's a thing, right? Like anyone in this space probably is a Star Trek fan. I know I am. And I mean when you hear "resistance is futile", you immediately think, right, yeah, the the the Star Trek, the Borg, the the thing that assimilates everything and sucks it into the big collective aka big large language model. Tobias Mann (09:14) If you're gonna make a pop culture reference appealing to nerds, don't make it a creepy one. Brandon (09:20) Seriously. And I guess Marvell was also talking about, kind of on the AI front too, ditching copper finally in favor of optical connections. I know they're not the first company to take this up, but Jensen seemed dead sure that this was gonna turn them into a trillion-dollar company. Tobias Mann (09:36) This is one of the more interesting chats, mostly because of the dialogue between Jensen and Matt Murphy, the CEO of Marvell. Marvell is a company that most people probably never heard of before today, or before this week, when Jensen sends its stock prices through the roof, with the next trillion-dollar company claim. but they are a chip development company and IP house that has collected a lot of intellectual property around networking and photonics. A Brandon (10:13) They're fabless, is that correct? Tobias Mann (10:18) Yes. They design and then license out, kind of shake and bake pieces of a larger design. So you might go to them to license a piece of the chip that you don't want to spend resources on, and you just need it to work, so you're gonna spend money on engineers to do the core part that you're interested in, then buy the rest from Marvell. Broadcom also operates in this space. But we're in an interesting place where the speeds that these networks need to operate for the the AI infrastructure to work efficiently keep doubling, and doubling really quickly. And the problem with going faster is every time you double the speed, you half the reach on copper. Brandon (11:10) So I think you mentioned in your story a 400 gigabit interconnect that only moved to I think two and a half meters. Was that right in terms of length? Tobias Mann (11:18) Right, yeah. We're at the point where at 200 gig it's about two and a half meters and it's gonna get halved as you go to four hundred gig. These are lanes. So, you think about ports on a network switch today and you might see 400 gig or 800 gig or 1.6 T. But those are assembled from four to eight lanes at these speeds. It's not the port speed, it's the link speed. At four hundred gigabit you're down to like 1.25 meters, you're at the limit of a rack….We are putting the switches in the middle of the rack for these systems for a reason, because that's the where you can get the best reach to all the stuff you get a plug in. Once we go to 800, you're gonna be supremely limited. And so you have to start talk thinking about optics at some level. There's a lot of ways to do this, but Matt Murphy is convinced that within 10 years, copper is basically going to go away. And there's a lot of companies that have been working towards this. Today the way we connect to optics is really complicated. You have a chip that communicates over copper through PCB out to a front end, some PCI interface or something like that. That has to go up to a network interface, and then you're gonna plug a pluggable optic in. And then you can go out over the fiber, and then you have to have basically the same thing on the other end, or there might be a switch in the middle, with more pluggable optics. Those pluggable optics are one of the reasons that we haven'tdone this yet. Why, if we're heading in this direction, just not move to optics now? And the reason is pluggables are really power hungry, especially at the speeds we're talking about. You need lots of them. Like 72 pluggables for one GPU potentially. And each pluggable pulls like fifteen watts. So you start doing the math – or not 72, but 18, so sorry, or 36. It's a lot of power. It adds up really, really quickly. The numbers get really confusing very quickly, but the point is you just need an absurd amount of pluggables. And to use really simple numbers, Nvidia faced this problem two years ago. They said why not just do optics? We're gonna have to go there eventually. And they did the math and it was going to add 20 kilowatts of power to a rack that was already pulling 120. And as you go faster, you need faster pluggables. Eventually we'll get to the point where the fibers go straight to the chip. You've cut out all of those copper interconnects all the way out, and the fibers just go to the chip, and you might have a little connector that goes from fiber to fiber in between. Brandon (14:39) So that's that's coming. Tobias Mann (14:41) That's coming. Matt Murphy thinks it's probably ten years out, that we're gonna get to a point where most most of the copper is gone. You'll still use it for power, but you're not gonna be using it for data communications. Brandon (14:56) Well it'd be great if that would kind of resolve our issue with with the copper shortage. Tobias Mann (15:00) It would help with copper shortage, but it would also help with memory. So today the reason everything has to go in one box. You have a CPU, a GPU, you have a bunch of memory. All of it has to go in one box and it has to be in a relatively fixed ratio of of these things. You know, one CPU to two GPUs to X amount of memory. And regardless of whether your application, your workload actually needs that ratio or not, that's what you're stuck with. When everything is optically interconnected, Murphy is contending that you could just have a box full of GPUs in one corner of your data center. You could have memory over in the other corner, and CPUs in another corner. Brandon (15:43) Basically it'd be fast enough to have a distributed system essentially. Tobias Mann (15:48) Right, and then you can then reallocate it. And there's there are protocols, Compute Express Link, this is a technology that's been under development for a long time. It allows for memory sharing on compatible components. And memory sharing is interesting because you can have two different systems doing almost exactly the same thing, and it's basically deduplicating. So they're only using the memory of like one and a quarter versus two machines. And so we can dramatically potentially reduce the memory consumption of these systems by sharing the memory like it's network attached storage device almost. Brandon (16:36) Yeah. So Marvell is putting this forward as their strategy and causing Jensen to basically cause their stock to just skyrocket, right? That to me sounds like they're getting their share of the bubble. Right? A lot of what I wonder is, what's going on there this week, do you think it's more it's more bubble inflation? Or do you think these are, you know, practical, realistic things they're saying in an attempt to move an industry forward regardless of the potential collapse. Tobias Mann (17:12) Well, I think there's a lot of industry building going on, certainly. But I think to your point, hype is something that, if you if you can't launch a product, then you can hype up your product or hype up somebody else's. Nvidia invested two billion dollars in Marvell not that long ago. So I'm sure Jensen is eager to get his money's worth out of that investment and jacking up the stock price with predictions is probably a pretty decent way of getting things going. But the reality is that for any of the things that you know Matt Murphy is talking about, for Jensen's prediction to come true, there's a lot of the industry that needs to start ramping up now in preparation of this, and if you want to keep the bubble from popping, a good way to do that is to make sure that you don't run into roadblocks too early. So if you've got capital to burn in getting…in kind of building the track further out in front of the train, I'm mixing a lot of metaphors here because it's late, but this seems to be what Nvidia is doing here. And it feels like we're seeing a lot more of this. This is not the first time Nvidia has thrown money at optics in the last couple of months. They've invested heavily in photonics companies and Marvell is just the latest example. Brandon (18:50) We've seen memory prices just skyrocket recently, right? Memory and storage prices are going through the roof. There's no reason to guess on that. It's been AI and people have been fingering AI chip needs as as the cause for a while now. What was the sense like there, right? D customers, do speakers, did the air seem to be kind of thick with concern over an an affordability, you know, or what? Like what's the finger on the pulse there? Are people concerned about pricing? Tobias Mann (19:27) Yeah, I think people are concerned about pricing, but less so on the components that we used to get excited about and more so on things that touch memory. Memory has basically eaten everybody's lunch. It doesn't matter whether you're building AI servers or you're just trying to buy a new laptop. The share of the price on either of those things as associated with memory has just become the dominant force and what's driving up memory. I was talking to AMD this week about some products that they're they have in the works, trying to build up their developer onramp for around their products, something they have kind of a deficit and they're trying to catch up with Nvidia on. And you know, the device that they're gonna do this with is $4,000. And they said 75 percent of that is now memory and storage. And you know what's crazy is the hardware in it's not new. And so a year ago, that $4,000 box could be had for under $2,000. Brandon (20:45) Yeah, it's the same with the Steam Deck, right? It skyrocketed in price as a consumer device example, right? We talked about this in last week's episode. It's gone through the roof and it's not new hardware. It's the same thing. It's just that in order to make it, Valve's markups are now gonna be have to be so much higher because of the price of the memory and the storage in the thing. It's ludicrous. Tobias Mann (21:05) Right. I was walking around some of the consumer memory vendors. They don't make the memory but they package it and they're how consumers buy it. And they were all advertising that their new SSDs with capacities up to eight terabytes and and new memory with up to a 128 gigabytes per DIMM. And I'm looking at this going, uh-huh. And so we have a $8,000 SSD that I can't afford and a memory kit that God knows how expensive that's going to be, but it's going to be probably two, three thousand dollars for that. The addressable market for these products is shrinking because you know the market can't, the consumer market simply can't bear it. And there's a lot of excitement that's lost on that. Brandon (21:36) Yeah, totally. I mean when you when you say, hey, here's the newest graphics card or the newest blah blah blah blah blah, it's faster, it's greater, it's gonna make your PC run, more efficiently, but it costs, more than three times more than the computer you bought, it's like, well I that why should I get excited about that? Tobias Mann (22:21) We used to get excited when there was a thirty percent improvement and whatever performance market generation on generation, but that was predicated on the price staying relatively…increasing by less than the performance increased. Why upgrade? Sure the performance is thirty percent better, but the price doubled. That's not a compelling sale. Brandon (22:28) So this this old machine's gonna have to work for a little longer, you know? It really makes me wonder, I've been thinking about this a lot lately. Apple's got the new MacBook Neo or whatever it's called, the the the cheap one, right? I think I just read somewhere that they've had a double production because it's been so popular, right? Cheap hardware, people want it, right? And it makes me wonder if given the cost of, you know, high performance components, getting to the point where they're going to be untenable for anyone but, hyperscalers and colo facilities that are running, all this this stuff. I mean, are we looking at kind of a new normal in computing? Are these prices going to come back down or are we are we getting to a point where this is going to be the sort of thing where companies are going to use this as an excuse to say, here's a cheap machine that you need all our services for? Are we moving that direction? Tobias Mann (23:38) It's an interesting question. There's a lot of there's a lot of shifting market dynamics around this kind of thing. New markets are oftentimes born out of necessity. I would say that the MacBook at Neo is an interesting example of this. It's like this is this is not a market that Apple has traditionally played in. But they had excess capacity of, I think it's the A19 that it's based on. And they were able to leverage that and to bring into bringing a lower cost but still premium device to to market. In that there's some relief and there's an ecosystem play. They can capture a market that has previously been inaccessible to them on and kind of that low end Mac marketing. So I do think that there's some opportunity for Microsoft to capitalize on this if they're if they're smart. But I would also say that Windows has become increasingly hostile to users and I think that they might be better served by focusing on fixing the software first. Back in April, Intel did bring some new chips to market that look like they're going to provide similar performance to a MacBook Neo at low enough prices that we should start to see notebook vendors being able to compete on kind of the premium device with just enough performance to be interesting. Brandon (25:15) So you don't necessarily think we're looking at a period where we're gonna all be sold Chromebooks and toll or something to that effect, right? Like cheap machines that are basically gonna be like, necessitating connected services that we can eventually either be handing over data or money for. Tobias Mann (25:30) Right. You know, anytime you hit a kind of you stall out on the technological, the hardware side of things, software typically is where you see the most optimization and improvement. But I do think that if this idea of local AI is going to take over as kind of an economic driver, as Amon was kind of pushing, we're gonna need memory. Like these models are not small and it needs to be fast memory. And so, right now those devices cost three or four thousand dollars for to even to get into the entry level of of of that. It's kind of two forces working against each other. And the reality is the problem that all of this comes back to is that we can't control the memory markets. And at least from talking to folks at Tech Insights not that long ago, it looks like we're in this for the next year and a half at least. And even then prices are going to settle rather than continuing to rise. It's not going to be the course correction that we've historically seen. Memory markets are historically very cyclical. You have booms and busts, prices go high, memory vendors raise enough money to ramp production again, they stop production, and when inventory gets high, prices drop because people are willing to pay less for it. That we're just not seeing that. The demand is so high that every memory module just gets eaten. Brandon (27:18) Yeah. I it's gonna be an interesting it's gonna be interesting couple of years here in the tech space as we kind of hopefully find some new balance. We'll see what comes of it. And chances are we will be right here at The Kettle to talk about it after writing plenty of stories about it. So thanks again Tobias for joining me this week and hopefully have a safe flight home. And to everyone listening, we'll see you soon. ®

Britain’s Maritime and Coastguard Agency (MCA) says it helped to develop a code of safety for future remotely operated and autonomous cargo ships. The executive body, responsible for maritime law and safety policy, represented the UK’s interests in working groups during development of the first non-mandatory International Code of Safety for Maritime Autonomous Surface Ships (MASS Code). This code, set to be published by the International Maritime Organization (IMO) on July 1, is the first stab at a global regulatory framework covering uncrewed cargo ships. It will be followed by a mandatory MASS Code based on reviews of this set of regulations, slated for adoption in 2030, for entry into force on January 1, 2032. Autonomous vessels are already being tested out. In Norway, for example, a ship called the Yara Birkeland is used to carry chemicals and fertiliser from an industrial plant where they are produced to the deep-sea container harbor at Brevik, from where they are shipped to customers around the world. Yara Birkeland is the world's first fully autonomous and electric zero-emission container ship, but is relatively small at about 80 meters (260 ft) long and a weight of 3,200 tonnes. A scoping exercise by the IMO to help inform the regulations identified four degrees of autonomy - inspired by those applicable to self-driving cars. Degree one has seafarers on board to operate and control shipboard systems and functions, although some operations may be automated. Degree two is a remotely controlled ship with crew aboard, able to take control if necessary. Degree three covers a remotely controlled ship without any crew, and Degree four is a fully autonomous ship. The IMO said it identified a number of high-priority issues, cutting across several instruments, that must be addressed at a policy level in future. These involve the development of MASS terminology and definitions, particularly in clarification of who is responsible for the ship in Degrees Three and Four. Others include actions normally be carried out by the crew, including firefighting, cargo stowage and securing, maintenance, watchkeeping and implications for search and rescue. The latter is a legally binding duty that applies to all vessels, without exception. “The maritime industry is inherently global, so progress towards a harmonised regulatory framework is vital to support consistency, fairness and – most importantly – safe operations internationally,” said MCA assistant director for Future Technical Standards Leanne Page. “We’re very proud to have played a leading role in reaching this major milestone.” The next step is building a framework for an experience-building phase, the MCA says, to inform development of the mandatory MASS Code. Both the MCA and the UK’s Department for Transport will continue industry consultations to provide further information and guidance on this new non-mandatory MASS Code. ®

The UK's long-running asylum IT overhaul may finally have put the 25-year-old Case Information Database (CID) out to pasture, but Parliament says that officials are still relying on spreadsheets and disconnected systems to keep track of asylum cases. A new report from the Public Accounts Committee (PAC) found asylum data remains scattered across multiple systems, making it difficult for officials to track cases, spot emerging backlogs, or understand where pressure is building across the wider system. As of December last year, the Home Office was still heavily dependent on CID, a decommissioned platform dating back to the turn of the century, while attempting to move asylum operations onto Atlas. The PAC's findings suggest the migration has not solved a more familiar government IT problem: getting different systems to share information. The committee said that there is still "no single, reliable view of cases across the asylum system." While the Home Office told MPs it has now fully moved to Atlas for asylum case management, officials noted that the transition has been complex, involving legacy data migration, functional improvements, and staff training. MPs also heard that some Home Office staff continue to maintain their own spreadsheets alongside official systems. The committee warned this can leave multiple versions of the same information in circulation and contribute to ongoing data quality problems. One of the bigger gaps sits between the Home Office and HM Courts & Tribunals Service. The two are working to link their case management systems, but MPs said current data-sharing arrangements still make it impossible to follow an individual case through the entire asylum process. The report also echoes earlier National Audit Office findings that a reliable single record for each asylum seeker is still unavailable. Information on issues such as repeat appeals and absconders remains incomplete, inconsistent, or unavailable, while MPs said officials struggled to provide some key figures with confidence. The committee concluded that departments still lack the integrated data needed to understand how people move through the asylum system or whether attempts to fix one bottleneck are simply creating another elsewhere. What’s more, without reliable data, MPs said that they cannot properly assess whether the asylum system is improving or whether taxpayers are getting value for money. “Departments still lack integrated, system-wide data and agreed performance measures needed to manage the asylum system effectively,” the PAC report states. “Until these gaps are addressed, senior leaders cannot fully understand where pressures are building or assess whether interventions are working as intended, and Parliament cannot obtain robust assurance on progress or value for money.” The old database may be on the way out, but MPs are not convinced the underlying data problems went with it. ®

England's exams watchdog is warning that the next generation of school cheating may arrive not in a student's pocket, but perched on their face. In a new podcast, Ofqual chief regulator Sir Ian Bauckham said advances in consumer technology are creating fresh headaches for exam authorities, with smart glasses, hidden earpieces, and other connected gadgets raising the prospect of increasingly sophisticated cheating during exams. "We shouldn't underestimate the challenge involved here," Bauckham said, warning that regulators will need to move quickly as technology evolves. Students smuggling phones into exam halls is hardly a new phenomenon. According to Ofqual, mobile phones and other smart devices were involved in 2,225 malpractice cases during 2025 exams, accounting for 44.3 percent of all student malpractice incidents. Device-related offenses have been the largest category of student malpractice every year since 2018. What appears to be keeping regulators awake at night is what comes next. A smartphone hidden in a blazer pocket is one thing, but a pair of ordinary-looking glasses quietly displaying information to the wearer, or a near-invisible earpiece feeding them answers from elsewhere, is harder to spot from the back of an exam hall. The concerns arise as consumer technology companies continue to cram cameras, microphones, AI assistants, and internet connectivity into an ever-growing range of wearable devices. What starts life as a gadget for checking messages or translating languages can easily become something more useful when sitting a three-hour mathematics exam. Bauckham also suggested artificial intelligence poses a separate challenge outside the exam hall. Ofqual is examining ways to ensure coursework remains authentic as AI-generated submissions become harder to distinguish from student work. Possible responses include tighter requirements around referencing sources and greater involvement from teachers in verifying that students actually produced the work they hand in. Bauckham even floated the possibility of removing coursework entirely from some qualifications if confidence in its authenticity cannot be maintained. For now, students are still expected to turn up with a pen and whatever knowledge they've managed to retain. But as smart glasses and AI gadgets become cheaper and harder to spot, invigilators may soon need to know as much about consumer electronics as they do about exam regulations. ®

Oxford University students seeking work will be dismayed to learn that crooks have breached a second external platform provider for the university in as many months. The institution’s CareerConnect platform, provided by Group GTI, was the target of the intrusion, which exposed users’ full names and email addresses. Those who don’t use single sign-on (SSO) had their encrypted passwords leaked, too. CareerConnect forms part of Oxford University’s career services department, supporting students and alumni to find work opportunities. It is available to students, alumni, research staff, and recruiters. The same underlying technology powering the platform, which GTI markets as TargetConnect, is used by other universities in the UK and overseas, according to its website. OxfordUni said the May 28 attack was enabled by a “security vulnerability,” which has since been fixed. GTI has not publicly disclosed the security snafu itself, and did not respond to our requests for more information. The London-based tech company has not confirmed how many individuals were affected by the break-in, nor whether any data was stolen. It has also not explicitly stated which types of individuals were affected, although Oxford’s announcement listed “alumni, research staff, and employer users” as those who had their passwords forcibly reset following the attack. “There is no evidence that course information, uploaded files, appointment information, or financial information were involved in this incident,” the announcement went on to say. “GTI has stated this breach appeared to be focused on gathering credentials which may lead to phishing attempts.” The university did not list current students as among those affected, but told student newspaper Cherwell that names and email addresses might be compromised, and said the attack was entirely separate from the one which hit Instructure’s Canvas last month. Twice bitten Oxford University was just one of the circa 8,800 educational institutions affected by the mega breach at Canvas, a separate platform that’s also relied upon by schools, colleges, and universities. Seemingly timed by ShinyHunters to coincide with exam season, students across multiple countries were left without access to learning materials, tests, and grades at a pivotal time of the year. The scale of the attack was vast, affecting the usernames, email addresses, course names, enrollment information, and messages of up to 275 million students, teachers, and staff. The severity of the situation, coupled with the inopportune timing, led to Instructure “reaching an agreement” with ShinyHunters to prevent the criminal gang from leaking all the data online. In cyberese, this implies Instructure paid the criminals an extortion fee in exchange for their word that they would delete the stolen data. "We received digital confirmation of data destruction (shred logs)," Instructure said, adding "We have been informed that no Instructure customers will be extorted as a result of this incident, publicly or otherwise." ®

New York lawmakers have approved a bill imposing new labor, energy, environmental, and community-benefit requirements on datacenters, including a one-year moratorium on certain permits for facilities drawing 20 MW or more. The bill now heads to New York Gov. Kathy Hochul for a signature. A spokesperson for the governor told the New York Post she would review the legislation, but gave no signal as to whether she would sign it. Hochul has previously said she hoped to leave regulating datacenter construction to the local communities. “Today we face an unprecedented wave of proposed large-scale data center development across New York,” the bill’s sponsor Assemblymember Anna Kelles wrote in a statement posted to Instagram. “My legislation seeks to provide New York with the time necessary to fully evaluate the environmental, energy, water, and ratepayer impacts of these facilities and to develop appropriate regulatory safeguards before additional projects move forward.” The Assembly approved the bill on Thursday, the same day Anthropic, the AI giant behind Claude, called for a pause on LLM development sprints as developers believe the models could soon be capable of building themselves. In light of that possibility, researchers at Anthropic said the world would benefit from a slowdown in the race to make models more powerful. In New York, lawmakers hope to protect consumers from higher energy bills by creating a special classification for datacenter electrical customers and mandating that all necessary infrastructure upgrades, administrative expenses, and operational costs be assigned entirely to the datacenter. The bill also outlines electricity-sourcing requirements for datacenters with a peak load of at least 5 MW, requiring a phased shift toward renewable energy, with one-third of electricity coming from renewable sources between 2030 and 2034, two-thirds between 2035 and 2039, and 90 percent from 2040 onward. For trade workers who are employed to build the facilities and maintain the buildings later, the bill requires the datacenters to meet prevailing wage requirements, unless the workers are operating under a collective bargaining agreement. Additionally, it demands datacenter companies help host communities with renewable energy initiatives, and mitigate the strain on local wastewater treatment facilities. Business leaders are urging Hochul to reject the bill, saying it was rushed through at the end of a legislative session and presented without appropriate debate. In a statement provided to The Register, Julie Samuels, president and CEO of Tech:NYC, which promotes the state’s technology industry, said a blanket moratorium on datacenters would slow investment in the next generation of infrastructure projects. “Energy usage, grid capacity, and the community impact of data centers must be addressed, and the Governor’s Public Service Commission is already pursuing the right approach by ensuring data centers pay their fair share for grid upgrades and energy usage,” Samuels wrote in a statement. Republican Assemblymember Phil Palmesano argued that datacenters were being unfairly targeted when other technology companies were given tax incentives to build, pointing to the recent groundbreaking of the Micron chip fab in Clay, New York, which is expected to create 50,000 New York jobs throughout construction, and up to 90,000 nationally. The bill, approved by the Senate on Friday, includes carve-outs for certain industrial computing applications, including manufacturing. “If we told Micron they had to power their energy demands strictly using renewable resources, they wouldn’t be here,” Palmesano said, according to the NY Post. One of the first drafts of the bill had called for a three-year pause on datacenter construction. ®

If they don't get you online, they'll try in person. A data-theft and extortion gang has targeted “dozens” of banks, law firms, and other professional services companies in the US from January through May, using fake help desk calls and other social-engineering techniques to gain access to corporate IT environments, according to Google’s Mandiant incident response team. And when those remote-deception methods don’t work, the criminals sometimes show up at victims’ physical offices, posing as IT technicians, and attempt to steal sensitive files using thumb drives. Google’s threat hunters track the extortion threat group as UNC3753, while other analysts call it Luna Moth, Chatty Spider, and Silent Ransom Group. The crew has been around since 2022, originally using fake software renewal emails and other billing lures, typically with PDF attachments containing phone numbers for attacker-controlled call centers, as their means of gaining initial access to corporate networks. Beginning around March 2025, the crims shifted tactics and started posing as IT help desk staff. “While UNC3753 primarily relies on digital vectors, GTIG assesses that associated threat actors have also attempted direct data theft using physical, in person access,” Google incident responders and researchers Chad Reams, Tufail Ahmed, Keith Knapp, Ashley Frazer, and Tyler McLellan said in a Friday blog. The authors also pointed to a May FBI alert to corroborate this in-person tactic. According to the feds, Silent Ransom Group crooks have been walking into law firms’ physical offices as recently as this spring. Once they are on-site, they claim to be IT support staff needing to image a device or create local backups for security reasons. If that line works, they plug a thumb drive into the victim’s computer and steal data the old-fashioned way. “Although limited forensic evidence and the absence of a subsequent extortion attempt prevent formal attribution, GTIG assesses that these physical intrusions are likely associated with UNC3753 based on structural, timeline, and targeting overlaps,” the blog said. Google won’t say how many dozens of firms have been targeted in these attacks, or how many ended in the data thieves paying a visit to the victims’ locations. “While we can’t share additional details regarding specific investigations, Mandiant CTO Charles Carmakal notes that this tactic has been observed over the years,” a spokesperson told The Register. “Mandiant has investigated various matters where adversaries planted insiders, bribed employees, or physically entered buildings to facilitate cyberattacks.” Another noteworthy thing about UNC3753’s attacks: they are very fast. In many of Mandiant’s investigated incidents, the entire operation from initial contact to data extortion occurred in just one day. “Recently, Mandiant observed data searches, staging, and theft initiated in under an hour,” the threat analysts warned. These intrusions typically begin with an invoice-themed email - but these don’t usually contain any malicious links or attachments. The email’s sole purpose is to give the miscreants a plausible reason to follow up via phone, so that the recipient is more likely to believe the call is legitimate. Most of the crew’s entry mechanisms involve voice-phishing, using a method that has worked so well for other groups like ShinyHunters and Scattered Spider over the past few years. UNC3753 calls organizations’ employees directly and purports to be a help desk worker or member of the security team. The criminals say they need the target’s help addressing a security issue or aiding with a corporate data migration project, and convince the individual to join a screen-sharing session via Zoom, Microsoft Terminal Services, Microsoft Teams, or Quick Assist. In one such intrusion, using Teams to gain access to the victim’s computer, the attacker jumped on five separate calls with the same target over a three-day period, we’re told. And in more than one incident that Mandiant responded to, UNC3753 established Zoom sessions directly on targets' personal laptops, using these machines to access corporate virtual desktop infrastructure (VDI) using native client platforms, such as Windows 365 or Citrix clients. Once they’re in the corporate systems, the intruders map local directories and network drives, and target specific legal and document storage repositories. The crooks also use very-specific keyword searches to find sensitive folders containing tax logs (Forms W-2, W-9, and 1099), audit files, corporate client agreements, and Social Security numbers, before staging this data for exfiltration. UNC3753 uses several methods to sneak the data out of the corporate IT environment without setting off any security alarm bells, including using portable versions of free Windows file manager WinSCP or another open source filesystem like Rclone. The crew has also been known to log into a file-sharing account from the victim’s browser and upload the stolen files that way - or even instruct the victims to send the files to an attacker-controlled email address. After stealing the data, they send the extortion email, usually within 30 minutes of exiting the victim’s environment, and set a three-day deadline to respond and begin the negotiation process. “We hope to find a financial solution that will be acceptable for both parties,” reads one such extortion email. It continues: In case of ignorance or no agreement, We will notify your employees, partners and customers, after which We will publish your data. You will receive claims from individuals, and legal entities for information leakage and breach of contracts, your current deals will be terminated. Journalists and others will dig into your documents, finding inconsistencies or violations in them. Your organization will lose its reputation, shares will fall in price, and your organization will be forced to close. Stay safe, friends In the Friday report, Google’s threat hunters list IP addresses and other indicators of compromise, including these phishing domains that UNC3753 uses in its social-engineering attacks, all designed to look like the target organization’s help desk: -itdesk[.]com, -it[.]com, and -helpdesk[.]com. The security shop also suggests a range of things companies can do to avoid falling victim to this group and other voice-phishing scams or physical office intrusions. Some of the physical controls include requiring visitors to display official credentials and photo identification, and mandating front-desk staff log all visitor IDs before granting access. Also, check pre-scheduled work orders to ensure the “technician” at the front desk is who they say they are, and make sure any visiting technical service workers are always accompanied by a corporate, in-office supervisor. Because the bulk of these intrusions occur without any physical entry into the office, however, companies should also implement remote access conditional access policies to ensure only corporate-owned devices can authenticate to any VDIs or VPNs. Plus, block the installation and execution of unauthorized remote monitoring and support utilities. ®

The threat is real. Unknown miscreants are exploiting a high-severity, zero-day bug in Cisco’s SD-WAN management software, and the networking giant hasn’t said when it will patch the flaw. Cisco issued an advisory on Thursday for the Catalyst SD-WAN Manager vulnerability, tracked as CVE-2026-20245, and it sounds like attackers have been exploiting this security failure for at least the last week. It’s due to a validation error - the software fails to properly validate user-supplied input - and an authenticated, local attacker can exploit the flaw by uploading a specially crafted file to vulnerable systems. From there, they can escalate privileges and execute commands with root privileges. The vulnerability affects all versions of the SD-WAN software, regardless of device configuration, and across all deployment types including on-premises, cloud-based, and FedRAMP-certified deployments. Switchzilla says it became aware of attacks against this vulnerability in June. “To exploit this vulnerability, an attacker must have netadmin privileges on an affected system,” the vendor said. “This would require valid credentials or exploitation of CVE-2026-20182 or CVE-2026-20127. Cisco is not aware of successful exploitation by other methods.” Both of these earlier SD-WAN security holes have also been hit by attackers in previous months. The good news: an attacker needs valid credentials to abuse the new hole. The bad news: exposed credentials aren’t hard to find (or buy) online. We don’t know the scope of exploitation or exactly when attackers began hitting this SD-WAN hole. Cisco declined to answer The Register’s questions, and instead sent us a statement via email. “Cisco recommends customers upgrade to the fixed software released in May 2026 for CVE-2026-20182 as a protective measure,” a spokesperson said. “A patch for this vulnerability will be provided on a future date. Customers needing assistance should contact Cisco TAC.” This latest bug is the sixth SD-WAN vulnerability listed as under attack since the start of the year, and the second zero-day in two months. The most recent is the one the Cisco spokesperson mentioned in an email to The Register. In May, Switchzilla disclosed a max-severity make-me-admin bug (CVE-2026-20182) affecting Catalyst SD-WAN Controller and Manager, and warned that attackers had already found and exploited the hole before it issued a patch. A month earlier, America's lead cyber-defense agency said that three Cisco Catalyst SD-WAN Manager bugs (CVE-2026-20128, CVE-2026-20133, and CVE-2026-20122) were under attack, and gave federal agencies just four days to patch the security holes. Cisco fixed all three CVEs in late February, and in March warned of attackers abusing two of them. Also in February, the networking vendor patched a max-severity improper authentication flaw (CVE-2026-20127) affecting the same SD-WAN software, prompting a Five Eyes countries’ joint intelligence alert urgently warning defenders to patch it - plus an old SD-WAN vulnerability (CVE-2022-20775) - or risk root takeover. "Malicious cyber threat actors are targeting Cisco Catalyst SD-WAN used by organizations globally," the UK's lead cyber agency said at the time. "These actors are compromising SD-WANs to add a malicious rogue peer and then conduct a range of follow-on actions to achieve root access and maintain persistent access to the SD-WAN." And while this one isn't listed as under active exploitation (yet), on Wednesday, Cisco warned about a proof-of-concept exploit for CVE-2026-20230, a critical bug in its Unified Communications Manager that also allows attackers to gain root privileges. ®

Operations on the International Space Station may have returned to normal on Friday, but concerns over a persistent air leak in the Russian segment of the station remain unresolved. NASA spokesperson Bethany Stevens confirmed on Friday that NASA had instructed crew members sheltering in a docked Dragon spacecraft to resume normal operations aboard the International Space Station after Roscosmos paused repair work in the Zvezda service module's transfer tunnel, known as PrK. Reuters reported that concerns over air leaks in the Russian module prompted NASA to order astronaut Chris Williams and the four-member SpaceX Crew-12 team into the Dragon spacecraft as part of a precautionary safe-haven procedure on Friday. The crew entered the spacecraft wearing spacesuits, per Reuters. Stevens did not specify exactly when the crew was instructed to shelter in place. The Roscosmos crew was planning to conduct repairs on the transfer tunnel on Friday, but Stevens said that the plan was paused in order to further assess “measurements and data” regarding the new leaks. “Given this development, NASA has instructed the crew members inside the Dragon spacecraft to end the safe haven procedures and return to planned operations aboard the International Space Station,” Stevens said. What’s life in space without some risks? Just how big is this crack, exactly? We’ve known about problems with Zvezda leaks for some time now, as Stevens noted. “The cracks have always been a concern that NASA watches very closely,” the NASA mouthpiece said in Friday’s X post about the leak. “NASA and Roscosmos have been working to determine the root cause of the cracks, and Roscosmos manages the issue through operational mitigation measures and periodic partial-repair efforts.” The Register has been reporting on leaks in the Russian segment of the orbital lab since they were first identified in 2020. Multiple repair efforts over the past few years have failed to stop the leaks entirely, and newly identified cracks suggest the problem is continuing. Reuters, citing an unnamed NASA official, said that leaks in the Russian section of the station escalated this week from around a pound of air a day to two pounds. A source The Register spoke with said that the latest discoveries were the longest cracks in the module they’d seen, though we’re still not clear on how large the cracks actually are. Russian news wire Interfax reported that cosmonauts identified two potential air leaks in the transfer chamber, one of which was sealed on Friday with a layer of Germetall-1 two-component sealant, but the second hasn’t been addressed yet. “Efforts are underway to prepare it for hermetic sealing,” Roscosmos said in a statement. We’ll update this story if we hear anything new from NASA, including whether the continued leaks, with cause unknown, could lead to an early retirement for the station. ®

The Trump Administration is using Cold War-era rules to authorize up to $500 million in funding to keep 13 coal-fired power plants going and build a coal export terminal in California. America's Department of Energy (DoE) says it is securing the funding via the Defense Production Act (DPA), which grants the president authority to use federal financial incentives to stimulate private domestic industry deemed critical to national defense. At the same time, the DoE announced that one of the advanced nuclear reactor projects it has been sponsoring has achieved criticality ahead of a July 4 deadline set by President Trump. That DPA funding includes up to $425 million for 12 projects to "expand and reinvigorate" the aging US coal power fleet, plus up to $75 million for the West Gateway Terminal Project in Oakland, California. This will be an export terminal reached by rail, capable of handling more than 10 million tons annually, which the government hopes to export to nations such as Japan, South Korea, Taiwan, Vietnam, and Malaysia. The pretext for authorizing funding via the DPA is that the DoE is ensuring the US maintains the industrial capacity and energy resources it needs to strengthen national security. Those projects chosen are intended to keep domestic coal mining alive and support reliable baseload power generation to boost the resilience of critical energy infrastructure, the DoE said. The coal industry in America has been declining for decades. It delivered 578 million tons in 2023, less than half the amount produced in 2008 when coal production peaked, according to figures from the US Energy Information Administration. And according to a report from the Stanford Institute for Economic Policy Research (SIEPR), it was largely due to natural gas becoming cheaper, rather than green energy rules or clean air legislation, while solar and wind have also proved a competitive threat to coal. But the recent AI-driven datacenter build boom has pushed electricity demand upwards after years of stagnation, prompting coal-fired plants to stay online rather than retire. A group of environmental nonprofit organizations warned earlier this year that coal plants in America emit pollutants such as sulfur dioxide (SO2) and nitrogen oxides (NOx), both threatening human health, in addition to the greenhouse gases belched out. The DoE is at least pushing ahead with new nuclear reactor technology. One of its advanced reactor designs, the Mark-0 from Antares Nuclear, has successfully completed what the agency calls a zero-power fueled criticality demonstration at the Idaho National Laboratory. This is basically a test running a controlled, self-sustaining chain reaction, but with no electricity generation involved, simply to show that the reactor can operate safely. Perhaps the reason for the announcement is that Energy Secretary Chris Wright promised in an interview with Bloomberg last year that at least one small nuclear reactor project would be online by July 2026. Sustaining a test chain reaction doesn’t really count as online in our book, but we’ll let that pass. The DoE said the Mark-0 is the first of multiple advanced reactors anticipated to go critical by July 4, the 250th anniversary of the US Declaration of Independence. “It is fitting that on the eve of our nation’s 250th anniversary, we are witnessing a historic moment for American energy,” Secretary Wright commented. “For the first time in more than four decades, a new privately developed non-light-water reactor has reached criticality in the United States.” The DoE announced the Nuclear Reactor Pilot Program last June, and in August disclosed a list of ten companies it has accepted to take part, including Antares Nuclear. In other news, the department also trumpeted that Japan is officially joining the Trump Administration’s Genesis Mission, billed as a national effort to use AI to drive scientific discoveries. Japan's RIKEN scientific research institute and Fujitsu began working with Argonne National Laboratory (ANL) and Nvidia to build the compute infrastructure for Genesis back in January, but now the DoE says that Japan and the US are both contributing $500 million each to the project. The move makes Japan the first, and so far only, international partner on Genesis. ®

ZTE Corporation today showcased its pioneering achievements in digital transformation and AI-driven project management at the 14th IPMA Research Conference in Bogotá, Colombia. During the conference, Wang Yuzhu, Managing Director of Engineering Services at ZTE Colombia, and Jose Perez, Senior Expert in Engineering Delivery Management at ZTE, delivered a keynote speech themed "The Digital and Intelligent Future of Project Management", highlighting ZTE's practical experiences and innovative achievements in global project delivery. To address the evolving challenges of global project delivery, ZTE has developed a digital project management system tailored for complex international scenarios. Built on the "One Team, One System, One Mechanism" tripartite architecture, this system, powered by ZTE’s iEPMS (Intelligent Engineering Project Management System), enables comprehensive management across the entire project lifecycle—spanning planning, cost control, quality assurance, risk mitigation, and resource allocation. Through digital, automated, and intelligent management approaches, the system significantly enhances project management efficiency and precision. On the intelligence front, ZTE is driving the deep integration of AI with project management. By deploying Optical Character Recognition (OCR), AI Agents, Large Language Models (LLMs), and Retrieval-Augmented Generation (RAG) for knowledge enhancement, ZTE has automated key workflows such as quality reviews, design generation, risk analysis, and reporting. These innovations have yielded outstanding operational benefits: the accuracy of AI-powered quality reviews has reached 98%, and the time required to generate project reports has plummeted from 180 minutes to just 5 minutes, significantly improving delivery efficiency and governance capabilities. ZTE’s digital delivery achievements are backed by its extensive global footprint and rich network service expertise. Globally, ZTE has delivered over 240,000 projects, deployed over 7 million base stations and over 240,000 kilometers of optical cables, while managing and maintaining over 510,000 kilometers of network cabling. By continuously automating processes and building an intelligent tool ecosystem, ZTE has achieved a 65% reduction in acceptance costs, an 85% drop in site re-entry rates, and a 2.5-fold improvement in network activation efficiency, creating tangible value for global customers. ZTE also showcased several global benchmark case studies at the conference. In Ecuador’s RAN network project, ZTE integrated its intelligent platform with over 50 Standard Operating Procedures (SOPs) to achieve a seamless, "zero-user-perception" migration during network handovers. Additionally, ZTE’s digital project management solutions have been widely deployed in Colombia across diverse projects, including lithium battery installations, solar energy, microwave, FTTH, and DWDM networks. Centered on the theme "Project Management Practice in a Disruptive Era: Integrating Technology, Innovation, and Sustainability", this landmark event gathered experts from over 50 countries. Across key thematic tracks including AI & innovation, project manager 5.0, and sustainability & purposeful management, attendees explored how disruptive technologies are reshaping human leadership and project frameworks in the digital era. Looking ahead, ZTE will continue to act as a "Driver of Digital Economy", deepening the integration of AI, big data, and project management to upgrade global delivery models. ZTE remains committed to collaborating with global ecosystem partners to advance both research and practical innovation, contributing to an open, intelligent, and sustainable global project management ecosystem. Contributed by ZTE.

ZTE has joined forces with China Mobile Jiangsu under the guidance of China Mobile's Network Division to pioneer the implementation of core network complaint agent capabilities, marking a significant step forward in accelerating intelligent network operations and maintenance (O&M) transformation. Both parties innovatively introduce the multi-modal signaling model and agent technology to reconstruct the complaint handling process, implement automatic signaling analysis, and efficiently locate customer complaints. This solution sets a new benchmark for digital and intelligent O&M in the industry. At present, the complexity of service signaling interaction in mobile communication networks increases dramatically. Manual analysis of original signaling to locate problems has a high technical threshold, which relies on expert experience. In 2024, the Network Division of China Mobile Communications Group proposed a planning framework for intelligent agent-based complaint handling, leveraging agent and large model architectures to intelligently process complaint work orders. China Mobile Jiangsu and ZTE innovatively launched the complaint agent solution, and implemented it in 2025, breaking through the bottleneck of the industry through three core technologies. Modal Signaling Large Model: Learn massive raw signaling rules to train a core network multi-modal signaling large model, achieving end-to-end automatic signaling parsing and anomaly detection. The system inherits signaling expert knowledge to significantly enhance signaling interpretation efficiency. In customer complaint scenarios, the complaint agent automatically orchestrates the analysis workflow by integrating the signaling analysis large model and core network configuration data. It enables precise localization of issues in complex scenarios such as international roaming. Knowledge-based Complaint Handling: Intelligently recommend complaint handling suggestions based on complaint localization results to assist operations personnel in making rapid decisions. It can drive the transformation of complaint handling from "experience-driven" to "knowledge-driven" and close the loop on complaint resolution tickets. In the future, China Mobile Jiangsu and ZTE will continue to focus on digital and intelligent transformation, driven by value-oriented scenarios, to extend coverage to all scenarios and processes of core network operations and maintenance. It will continuously produce core network operations and maintenance agents and large models tailored to diverse maintenance scenarios, forming an agent cluster to enhance analytical capabilities in complex scenarios and empower industrial digital transformation. Through in-depth integration of AI and communications technologies, ZTE has created a new O&M mode to improve user experience and satisfaction. Contributed by ZTE.

Three-quarters of enterprise leaders say they're adopting agentic AI, but only a small minority have managed to move beyond pilots and into meaningful production deployments, according to Forrester. That won't stop vendors from slapping "agentic" onto every product brochure they can find, but the analyst's assessment is that most organizations remain stuck somewhere between experimentation and actual business value. Agentic AI has reached an important milestone in 2026, says Forrester: "long-horizon agents are no longer off on the horizon." In plain English, the bots are no longer clocking on for a five-minute task and calling it a day. Vendors have demonstrated agents capable of operating for days, weeks, or even months, with examples ranging from software development to research workflows. The trouble starts when those demos collide with the realities of enterprise. Forrester says companies are expanding their agentic ambitions while largely failing to scale them. Governance remains immature, platform strategies remain fuzzy, and many organizations are struggling to demonstrate a return on investment substantial enough to justify broader deployment. Forrester's argument is that companies aren't struggling because they have too many AI agents, but rather they're struggling because managing them gets messy fast. What works as a handful of experimental projects can become much harder to control once agents start operating across multiple systems and teams. Many organizations are building agents in isolation, the report says, without a clear way to track them, manage them, or coordinate how they work together. That may be fine for a pilot, but it becomes more of a problem when dozens of agents are making decisions, calling tools, and passing information around an enterprise environment. The report warns that, as projects grow, companies often end up with overlapping systems, duplicated work, and agents behaving in ways that become increasingly difficult to predict. Forrester is equally skeptical that governance policies alone will solve the problem. The firm notes that more than half of enterprises still experience what it calls "agentic sprawl" despite adopting governance frameworks and formal policies. Its conclusion is that writing rules down is one thing; enforcing them is another. Companies are increasingly finding that autonomous systems need automated guardrails that can track what agents are doing and restrict what they're allowed to do in real time. For now, the industry's biggest challenge may not be building AI agents. It's finding useful work for them that survives contact with the enterprise. Or, as Forrester puts it: "Until companies tie agent autonomy to measurable changes in how work gets done, agentic AI will remain stuck in proof-of-concept purgatory." ®

Microsoft now lets customers apply existing SQL Server licenses toward SQL Server usage on AWS's managed relational database service (RDS). The move promises to give customers who decided to go with AWS an easier path to consuming their SQL Server systems as a service, rather than in virtual machines. In a blog post, Amazon explained that customers paying with Microsoft’s Software Assurance licensing program could only previously bring their SQL Server licenses to AWS on self-managed Amazon EC2 through the Redmond vendor’s License Mobility program. “If you wanted a fully managed database like Amazon Relational Database Service (Amazon RDS), and you already had SQL Server licenses, you had to pay for licensing a second time through the License Included model,” RDS database engineer Srikanth Katakam said. Amazon's Bring Your Own Media (BYOM) for RDS for SQL Server lets customers use existing SQL Server Enterprise or Standard Edition licenses to cover both installation media and licensing on the managed service, with no additional fees. The process includes three steps, Amazon told The Register: customers submit a License Mobility Verification Form to Microsoft to confirm eligibility; they upload their SQL Server Release to Manufacturing media to Amazon S3; and in the Amazon RDS Console, users should select their SQL Server major version, point to the media file in S3, choose their minor version, and create the database. Customers can track their Microsoft SQL Server license usage with AWS License Manager. Microsoft has declined to comment on why it got involved in the deal. For Amazon, the self-interest is clear: it wants to get the data nearer to its AI tech. “Once that operational data is in the cloud, it sits alongside AWS AI and analytics services — so teams can build agentic AI applications that reason directly over their business data without complex data pipelines or infrastructure constraints,” AWS said in a statement. Microsoft has its own equivalent technology in Fabric, its data lake and analytics environment, which also offers a control console to manage databases. In the absence of any firm statement from Redmond, it seems reasonable to assume that SQL Server is no longer the strategic priority it once was for the Microsoft. It is inviting users to migrate to its database services, Azure SQL and SQL database in Fabric. Like AWS, users can also choose from a bunch of database services, including those running MySQL and PostgreSQL, which Microsoft has been increasingly vocal about SQL Server remains third in the DB-Engines ranking, although its popularity has been on the slide for more than five years, and it looks like it will be overtaken by PostgreSQL in the near future. However that may not be of great concern to Redmond’s accountants. As a database vendor, Microsoft is doing fine. As Adam Ronthal, vice president analyst at Gartner, pointed out: "Of the leading vendors in 2011 (Oracle, IBM, Microsoft, and SAP), only Microsoft has grown their market share in the last 15 years.” ®

Humanitarian organization World Food Programme (WFP) says one of its systems was breached, and around 600,000 Gazan households receiving aid had their details improperly accessed. Its announcement, made via Telegram on May 31, confirmed there was “a security incident” in the self-registration application used by Gazans to register for aid and applicants’ names, ID numbers, phone numbers, and location information were among the data types accessed. “We understand this may be concerning, and we want to assure you that protecting your data and privacy is our top priority,” the WFP said. “The program is treating this situation with the utmost seriousness and priority.” The organization said it temporarily suspended the registration platform to urgently apply the necessary security improvements. Its most recent update on the situation came on June 2, when it said the platform was still down, but added that aid recipients did not need to do anything, while their support would continue to be delivered uninterrupted. “The WFP wants to assure all those registered via the link that food assistance, cash assistance, nutritional supplementation, and all other WFP programs are continuing as usual,” it said. “If you are already registered on the Self-Registration Application (SRA), your registration remains valid. There is no need to update, delete, or re-register your information at this time.” WFP told The New Humanitarian, which first reported the story, that the attack was detected on May 14, and confirmed the scale to be in the region of 600,000 households. The news organization also claimed, citing a whistleblower’s account of matters, that an anonymous “independent expert” contacted WFP’s Palestine team, alerting it to vulnerabilities in the SRA two days before the organization detected the breach. The Register contacted WFP’s Rome headquarters for more details, but it did not immediately respond. WFP, which is a division of the UN and the largest welfare organization in the world, supports 1.6 million Palestinians every month who face a malnutrition crisis amid fierce conflict between the territory and neighboring Israel. This represents around 77 percent of the country’s population, and an estimated 80 percent of the population is unemployed, unable to earn the money required to pay for a nutritionally sound diet. WFP delivers wheat flour, high-energy biscuits, and fortified snacks to families, community kitchens, and bakeries in its effort to push back famine, as well as facilitating cash transfers. The organization is also helping individuals get back into paid work, maintains roads, and says that when conditions allow, it will stay in the region and help local people rebuild communities, markets, and other food systems. ®

COMPUTEX 2026 Gigabyte showed off a high density server platform at Computex this week that crams 40 low-power compute nodes into a pizza box. Amid a sea of nearly identical MGX and NVL blades, the R1C7-KOA-AS1 was one of the more unusual systems on this year’s show floor. Rather than using Intel or AMD's datacenter class Xeon or Epyc, the machine is powered by dozens of notebook processors. Specifically, Gigabyte has opted for Intel's Core Ultra 7 258V. Launched in mid 2024, each chip is equipped with four Lion Cove P-cores and four Skymont E-cores clocked at up to 4.8 GHz and 3.7 GHz respectively. Each processor is paired with 32 GB of LPDDR5x 8,533 MT/s memory, Arc 140V graphics with eight Xe cores, and a 48 TOPS NPU. These chips are mounted on a thin motherboard roughly the size of an index card. Each node is equipped with a pair of PCIe 5.0 m.2 drives, which probably provide redundant storage. Eight of these nodes slot into one of the chassis’ five carriers for a total of 40 systems, 320 cores (160 P / 160 E), and 1.28 TB of high-speed memory. Networking and power come in the form of two 100 Gbps QSFP28 LAN Ports, and a pair of 3200 watt 80-plus Titanium power supplies. We're told the system is well suited to running micro services workloads like Kubernetes, but we suspect many will be attracted to it as a bare metal alternative to VDI, for something like Microsoft 365 cloud PCs or casual cloud game streaming. The Intel 258V's on board graphics means customers wouldn't need to worry about vGPU licensing costs. Each node would have its own dedicated graphics acceleration. Gigabyte currently lists the system as "To be released" on its website. We've asked for comment on timing and will let you know if we hear anything back. ®

The AI gold rush is proving good for Raspberry Pi's bottom line, but it's also forcing the low-cost computer maker to borrow money to keep enough memory chips in stock. In a trading update published on Friday, Raspberry Pi said it expects full-year earnings to come in significantly ahead of market expectations after a stronger-than-expected first half driven by healthy demand, higher average selling prices, and the benefit of lower-cost memory inventory purchased earlier. Raspberry Pi expects first-half profits of at least $38 million from shipments of more than 4 million units, putting it close to the roughly $42 million analysts had forecast for the entire year. Investors piled in after the update, pushing Raspberry Pi shares up nearly 20 percent and more than tripling the Cambridge-based firm’s value since January. The most interesting detail, however, was tucked away beneath the headline numbers. Raspberry Pi warned that pricing and availability of DRAM and non-volatile memory remain challenging, a familiar complaint across the industry as AI infrastructure builders continue vacuuming up components. To ensure it meets production targets, the company said it intends to make strategic purchases of memory inventory and will "appropriately utilize" its debt facilities throughout the year. Not so long ago, Raspberry Pi's biggest supply-chain challenge was making enough boards for eager tinkerers and classrooms. The firm increasingly looks less like a hobbyist hardware vendor and more like a company navigating the same semiconductor supply chain headaches as much larger technology firms. Earlier this year it raised prices on some products as memory costs climbed, while executives have repeatedly pointed to component availability as a key business risk. At least Raspberry Pi has a problem that many hardware vendors would happily take. Customers are still buying enough boards to keep the memory buyers busy. Still, Raspberry Pi said first-half profitability benefited from lower-cost DRAM inventory acquired before memory prices moved higher. As that stock is consumed, margins are expected to moderate during the second half of the year. Still, management seems willing to sacrifice some profitability to secure supply. It turns out the AI boom affects more than datacenter operators. Even Raspberry Pi is now playing the DRAM market. ®