Scattered Spider pleads out; Jaeger gets 8.6x cheaper storage

Scattered Spider pleads out, Jaeger gets 8.6x compression on a real workload, and Red Hat spends two posts arguing the same S-curve point from opposite ends.

// SECURITY FOCUS

Scattered Spider members plead guilty on trial day one

The TfL August 2024 attack took down Oyster card top-ups, contactless payments, and staff systems for weeks – a rare case study in what full transit network compromise looks like operationally. The guilty pleas confirm the TTPs attributed to Scattered Spider (SIM swapping, social engineering helpdesks, MFA fatigue) were real and deployed at scale. If your org hasn’t reviewed helpdesk identity-verification procedures and MFA push policies since 2024, this conviction is the prompt.

What to do: Audit your helpdesk escalation paths for account recovery: any path that bypasses MFA via a phone call or ticket alone is the same vector TfL was hit through.

The innovation S-curve: How technology matures, disrupts, and why your next platform decision matters more than you think — Red Hat Blog · Jun 23
Red Hat’s blog uses the S-curve model to argue that sticking with hypervisor-based infrastructure – particularly VMware post-Broadcom – is a bet on a plateaued curve, while Kubernetes is still climbing. The core claim: Broadcom’s $61B VMware acquisition follows the same harvest playbook it ran with Brocade, CA Technologies, and Symantec – cut R&D, bundle, raise prices, and count on migration pain to keep customers locked in. The CNCF’s 2025 survey puts Kubernetes in production at 82% of container users, up from 66% two years prior, which Red Hat cites as evidence the network-effects flywheel is still spinning. The pitch lands, predictably, on OpenShift Virtualization – VMs as Kubernetes CRDs via KVM, one control plane for containers and VMs alike – positioned as the jump to the next curve rather than a lateral hypervisor swap. It’s a well-structured argument, but it’s still a vendor blog, so weigh the OpenShift-as-obvious-answer framing accordingly; the S-curve logic is sound, the product conclusion is theirs to sell.
Toward More Controllable AI Video Editing: An Early Research Exploration at Netflix — Netflix TechBlog · Jun 23
By Zhuoning Yuan, Ta-Ying Cheng, Benjamin Klein, Bahareh Azarnoush Introduction At Netflix, we build technology to help storytellers bring their creative visions to life and to help members discover the stories they love. To connect stories with diverse audiences around the world, we produce promotional assets, including trailers, teasers, and social short‑form videos, that build on and elevate the original footage. Through close collaboration with the teams crafting these assets, we identified a recurring gap in current tools. Transforming raw footage into a polished final asset often requires complex edits like seamlessly adding new visual elements, patching or replacing backgrounds, or removing unwanted objects without breaking the scene’s physical continuity. These tasks typically demand hours of specialized manual editing work. While recent generative video editing models show promise, they often struggle to preserve the integrity of the source footage. Many methods regenerate every pixel to make an edit, which can fail to isolate changes and inadvertently alter elements that should remain untouched. To execute these tasks effectively, artists need tools that empower them to dictate exactly what changes and how it changes. Our research goal is to make this process easier for artists. We’re deliberate about where and how AI is applied, ensuring that the technology always serves the creative intent. That principle drives our recent work: exploring the benefits of…
Building Jaeger’s ClickHouse backend: 8.6x compression on 10 million spans — CNCF Blog · Jun 23
Jaeger v2.18.0 ships ClickHouse as an alpha storage backend, replacing or supplementing Cassandra and Elasticsearch with a columnar OLAP store built for append-heavy telemetry workloads. On a single-node benchmark of 10 million spans across 1 million traces, the backend hit 50k spans/sec ingest throughput, achieved 8.6x compression on the spans table – shrinking roughly 6 GiB down to 722 MiB on disk – and kept trace retrieval around 100 ms with most search queries under 50 ms. The schema sorts by (service_name, name, start_time) rather than trace_id, which pushes trace retrieval from ~27 ms to ~100 ms but drops multi-filter search from ~880 ms to ~140 ms; a bloom filter skip index on trace_id and a materialized view for trace timestamps recover most of the retrieval cost. Attribute-only searches still require full column scans, so the docs recommend always pairing attribute filters with service, operation, or time constraints. These numbers come from a single-node setup with a specific dataset, so production results on distributed clusters or denser attribute schemas will differ – check the linked benchmarking report before sizing anything.
From cost to currency with sovereign AI — Red Hat Blog · Jun 23
A Red Hat telco exec argues that sovereign AI infrastructure – keeping data local and running your own inference rather than paying external providers per query – is shifting from compliance burden to margin opportunity for service providers. The pitch is that as agentic AI drives token costs up, operators who run their own inference on a controlled stack become “token providers” instead of “token consumers,” turning sovereignty into a revenue line rather than a checkbox. Red Hat points to Telenor AI Factory in Norway and Orange Business Cloud Avenue as customers doing this on OpenShift. The article is a vendor opinion piece with no independent benchmarks or cost figures, so take the margin claims at face value – the underlying logic that fragmented 5G stacks were expensive to maintain and 6G/AI shouldn’t repeat that mistake is the more useful part.
Build an AI knowledge fabric for your organization — Thoughtworks · Jun 22
Thoughtworks argues that as organizations move from chatbots to autonomous AI agents, the real bottleneck is context – and the fix is a structured “knowledge fabric” rather than pointing agents at existing Confluence or SharePoint dumps. The proposal has three layers: engineering knowledge (your tech stack defaults, security rules, architecture patterns), industry knowledge (domain terminology and regulatory constraints scoped tightly to your vertical), and institutional knowledge (your actual internal APIs, OpenAPI schemas, team ownership, integration patterns). The practical rules are sensible enough – use Markdown and YAML over PDFs, keep chunks short, automate updates via CI/CD pipelines when APIs change, assign explicit owners to each section, and document antipatterns explicitly so agents know what not to do. The concept is reasonable, but the article’s own performance claims are placeholders: cost savings are listed as “X%” and latency improvements as “X seconds,” so there’s no real data to evaluate here. Treat this as a framework post, not a benchmark.

// In other news

ai

datasette 1.0a35 (Simon Willison) · Jun 23 — Datasette 1.0a35 ships as a notably large alpha release; Simon flags a full writeup coming, so watch the changelog before upgrading existing deployments.
Porting the Moebius 0.2B image inpainting model to run in the browser with Claude Code (Simon Willison) · Jun 22 — Moebius 0.2B image inpainting model ported to run entirely in-browser using Claude Code as the porting assistant – a concrete example of WASM-based ML without a server round-trip.
Experimenting with the proposed Cross-Origin Storage API in Transformers.js (Hugging Face Blog) · Jun 23 — Transformers.js experiments with the proposed Cross-Origin Storage API to share cached model weights across origins, potentially eliminating redundant downloads for multi-site ML deployments.
Shipping huggingface_hub every week with AI, open tools, and a human in the loop (Hugging Face Blog) · Jun 23 — Hugging Face details how they ship huggingface_hub weekly using AI-assisted CI with a human gating the final merge – a practical look at where automation helps and where it still needs supervision.
Import AI 462: Superpersuasion; self-sustaining AI; paths to ASI (Import AI) · Jun 22 — Import AI 462 covers superpersuasion research, self-sustaining AI systems, and competing ASI timelines – the superpersuasion section is the one worth reading for anyone thinking about model misuse vectors.

cloud

The post-quantum EO is an important milestone. Now it’s time to get to work (Cloudflare Blog) · Jun 23 — The new US post-quantum executive order sets a hard 2030 migration deadline; Cloudflare’s analysis covers what the mandate requires, where the spec gaps remain, and what to prioritize now.
Log Analytics is now Observability Analytics: Query logs and traces with SQL (Google Cloud Blog) · Jun 23 — Google Cloud’s Log Analytics renames to Observability Analytics and adds trace querying via SQL alongside logs – reduces context-switching for SREs already fluent in BigQuery-style queries.

culture

Engineering managers ditch cloud AI for local LLMs (LeadDev) · Jun 23 — Engineering managers are moving sensitive codebases to local LLMs over data-residency and cost concerns – LeadDev surveys the tradeoffs actually driving the shift.
You can vibe code a demo, but what about a product? (LeadDev) · Jun 23 — Lessons from teams shipping generative AI to production confirm that the prototype-to-product gap widens where AI-generated code meets error handling, observability, and rollback strategy.
Slow down to speed up: so much has changed in 6 months’ time (Pragmatic Engineer) · Jun 23 — Gergely Orosz surveys the last six months of engineering org changes and argues that teams compressing review cycles to ship AI faster are accumulating the kind of debt that slows them later.

dev

Node.js 24.18.0 (LTS) (Node.js Blog) · Jun 23 — Node.js 24.18.0 lands as the latest LTS drop on the v24 line; worth pinning if you’re tracking the current LTS for production deployments.
Node.js 22.23.1 (LTS) (Node.js Blog) · Jun 23 — Node.js 22.23.1 is a maintenance LTS patch; check the changelog for any security fixes before skipping the upgrade.
Your AI shipped a backend that boots. That is the whole problem.‌‍‍‍‌‍‌‍‌‍‍‌‌‍‌‌‍‍‌‌‍‍‍‍‍‍‍‍‌‌‍‌‌‍‍‌‍‍‌‌‌‌‍‌‍‍‌‍‍‌‌‍‍‍‍‍‍‌‍‍‌‍‌‍‌‌‌‍‌‍‍‍‍‍‍‍‌‍‍‌‌‌‌‌‌‍‍‍‍‌‍‌‍‌‌‍‍‌‌‌‌‍‌‌‍‌‍‍‌‍‌‌‍‌‍‌‌‌‍‌‍‌‍‌‍‌‍‌‌‍‍‌‍‌‍‍‌‍‍‌‌‍‍‌‌‌‍‌‌‌‍‍‌‌‍‌‍‌‌‌‍‌‌‍‍‌‌‌‍‌‍‌‌‍‌‍‌‌‍‌‌‌‌‌‍‌‍‌‌‌‌‍‌‌‌‍‍‌‌‌‍‌‌‌‌‍‍‌‌‍‌‍‍‍‌‍‍‌‌‍‌‌‌‌‍‍‍‍‌‍‍‌‍‌‍‌‌‌‍‌‍‌‌‍‌ (Stack Overflow Blog) · Jun 23 — AI-generated backends that pass smoke tests but skip auth, input validation, and error boundaries are silently accumulating in production – Stack Overflow’s engineering team catalogues the failure modes.

iac

Cloudflare-First Networking as Code with Pulumi (Pulumi Blog) · Jun 23 — Pulumi’s Cloudflare provider guide covers managing DNS, WAF rules, and Workers as code alongside origin infrastructure, closing the visibility gap where most IaC stops at the load balancer.

k8s

Telemetry that matters: Designing sustainable, high-impact observability pipelines (CNCF Blog) · Jun 22 — CNCF post on trimming telemetry pipelines argues that over-instrumented cloud-native systems are generating noise that masks signal – covers filtering and sampling strategies worth reviewing.

linux

[$] KASAN for JIT-compiled BPF code (LWN.net) · Jun 23 — Alexis Lothoré’s KASAN-for-BPF-JIT work would bring kernel memory-access checking to compiled BPF programs, catching use-after-free and out-of-bounds bugs that currently slip past verifier analysis.
Benchmarking Bcachefs 1.38.6: The First Release No Longer “Experimental” (Phoronix) · Jun 22 — Bcachefs 1.38.6 is the first release dropping the ‘experimental’ label, and Phoronix benchmarks show meaningful throughput gains – worth reading before any production evaluation.
EROFS With Linux 7.2 Better Handles Large Sparse AI Datasets, More Efficient I/O (Phoronix) · Jun 23 — Linux 7.2’s EROFS improvements target large sparse files typical in AI dataset storage, with more efficient I/O that reduces wasted reads on near-empty blocks.
DeviceTree-ACPI Hybrid Mode Proposed For Improving Linux Support On Snapdragon Laptops (Phoronix) · Jun 23 — A DeviceTree-ACPI hybrid mode proposal aims to fix incomplete Linux hardware support on Snapdragon laptops where neither firmware description method covers all peripherals alone.
Fwupd 2.0.21 Brings Fixes For More Than 250 Potential Security Issues Found Via AI (Phoronix) · Jun 23 — Fwupd 2.0.21 backports fixes for 250+ potential security issues found via AI-assisted code analysis to the 2.0 stable branch for users not yet on the 2.1 series.

obs

Tempo 3.0 release: a new architecture for scale and lower TCO, TraceQL metrics GA, and more (Grafana Labs) — Grafana Tempo 3.0 ships a rearchitected storage backend targeting lower TCO at scale, with TraceQL metrics moving to GA – relevant to anyone self-hosting distributed tracing.
Grafana Labs security update: Latest on TanStack npm supply chain ransomware incident (Grafana Labs) — Grafana’s post-incident write-up on the TanStack npm supply chain ransomware confirms no customer production systems were accessed – the timeline and containment steps are worth reading regardless of the outcome.
How to generate real-world load tests using Grafana Cloud k6 and production telemetry (Grafana Labs) — Using production telemetry to shape k6 load test traffic distributions is a more honest approach than picking VU counts from thin air – this post walks through the mechanics.
Using Evaluation Frameworks with Agent Observability (Datadog Blog) · Jun 22 — Datadog now supports running DeepEval and Pydantic Evals natively inside Agent Observability, connecting eval scores directly to production traces for regression tracking.

sec

Anthropic’s Fable 5 Model Jailbroken Within Days (Schneier on Security) · Jun 23 — Anthropic’s Fable 5, positioned as the safety-hardened version of Mythos Preview, was jailbroken within days of release – Schneier’s analysis focuses on why guardrail layers keep failing at the same seam.

web

Hiding the Classic block from the inserter in WordPress 7.1 (Make WordPress Core) · Jun 23 — WordPress 7.1 will hide the Classic block from the inserter by default while keeping it registered – existing content is unaffected, but theme devs relying on it as a fallback should audit now.
Privacy Filter: Detect PII in Text from Laravel (Laravel News) · Jun 22 — A new Laravel package for client-side PII detection lets you flag emails, phone numbers, and IDs in text before they hit the database – useful anywhere GDPR or HIPAA compliance is in scope.
Improving Laravel Architecture With Expressive (Freek Van der Herten) · Jun 23 — Expressive lets you keep Eloquent as the persistence layer while moving business logic into fully typed value objects – Freek Van der Herten’s walkthrough shows where the seams land in practice.
Monitor and Control Schedules, Queues, and Errors in Laravel with Watchtower (Laravel News) · Jun 23 — Watchtower is a self-hosted Laravel package that surfaces schedule, queue, and error state in one dashboard – fills a gap for teams not paying for Forge or a third-party APM.

Scattered Spider pled out on day one — patch the auth stack before it’s someone else’s case study. Back tomorrow.