Welcome to the Chaos
Dec. 10, 2024

Chinese Hackers, Data Brokers, and AI Power Grabs | Tech News of the Week

Chinese Hackers, Data Brokers, and AI Power Grabs | Tech News of the Week

 Welcome back to Chaos Lever, where we sift through the latest in tech news so you don’t have to. Please take our listener survey! https://chaoslever.com/survey 

This week’s episode covers everything from Meta's nuclear ambitions to Broadcom's sudden change of heart. Let’s break it down: 

--- 

🧠 Meta Joins the Nuke AI Club Meta is doubling down on AI by exploring nuclear power to meet its growing data center demands. They’ve issued an RFP for 1-4 gigawatts of nuclear power, focusing on Small Modular Reactors (SMRs) for faster deployment. With ambitious plans to go live by 2030, this move might reshape energy partnerships in tech. Will SMRs light the path forward, or will Meta hit regulatory roadblocks? 
👉 https://sustainability.atmeta.com/blog/2024/12/03/accelerating-the-next-wave-of-nuclear-to-power-ai-innovation/ 

--- 

💻 Fear of Losing Customers Has Broadcom Relaxing VMware Policies After a year of painful price hikes and policy overhauls, Broadcom is walking back some of its harshest changes to VMware licensing. Enterprises like Beeks Group are migrating away, citing costs that have ballooned tenfold. In response, Broadcom is introducing SMB-friendly subscription tiers and improving partner relationships. But is it too little, too late? 
👉 https://arstechnica.com/information-technology/2024/12/new-broadcom-sales-plan-may-be-insignificant-in-deterring-vmware-migrations/ 

--- 

📡 Salt Typhoon Isn’t Just a Dish At Applebee’s A Chinese hacking group, Salt Typhoon, has infiltrated U.S. telecom networks, targeting companies like Verizon and T-Mobile. Telecoms blame vulnerabilities stemming from legally required surveillance backdoors. To stay secure, consider using encrypted services like iMessage, Android RCS, or Signal. Is this the wake-up call we need to rethink backdoor policies? 
👉 https://arstechnica.com/tech-policy/2024/12/us-recommends-encrypted-messaging-as-chinese-hackers-linger-in-telecom-networks/ 

--- 

🛡 Data Brokers Finally Facing Possible Restrictions on Selling User Data The CFPB is cracking down on data brokers, proposing rules that treat them like credit bureaus under the Fair Credit Reporting Act. This follows a massive breach that exposed 200 million social security numbers. If passed, this regulation could drastically reshape how companies buy and sell personal data. Is the era of unrestricted data brokering finally coming to an end? 
👉 https://www.theverge.com/2024/12/3/24311498/cfpb-rule-data-brokers-social-security-number-fico-score 

Transcript

[01:00:00.000]
Announcer: Welcome to Tech News of the Week with your host, Sousou Studio, Make Me A Sandwich.


[01:00:07.260]
Ned: Welcome to Tech News of the Week. This is our weekly Tech News podcast where Chris and I get into four interesting articles that we found in the past week. Before we get into those articles, I want to remind everyone that we are currently doing a listener survey over at chaoslever. Com/survey. Why don't you wander on over there when you're done running or the lawn or, I don't know, kidnapping baby seals, whatever it is you do, and fill out our listener survey. We would appreciate it. Now onto the news. Meta joins the Nuke AI Club, by which I, sadly, do not mean nuking AI from orbit, but rather funding nuclear power to facilitate the AI boom that is definitely not a bubble that will collapse in 2025, foreshadowing. So what happened? Meta issued a request Request for Proposal, also known as an RFP, through a blog post on December third. The request is for between one and four gigawatts of nuclear power for their data centers to drive AI innovation. Can I just say that the range of one to four gigawatts is preposterous? That's like putting your finger up in the... You don't know. Just throwing darts at a dartboard, whatever.


[01:01:27.450]
Ned: Anyway, they don't know how much AI there's going to Neither do you. The goal is to bring additional nuclear power online by early 2030, and they're looking to suppliers who can help build out this capacity on a relatively rapid time scale. I know that anything more than five years out seems like a ludicrous time scale for technology, but nuclear power plants typically take an average of 11 years to be built. That's for old-school reactors, which is why meta is probably going to favor suppliers that focus focus on small modular reactors called SMRs. They typically produce tens or hundreds of megawatts of power, as opposed to traditional plants that tend to average about one gigawatt per plant. One of the leading companies, NuScale, has proposed a design that has been approved by the US Nuclear Regulatory Commission, which generates 77 megawatts per module. I should note, however, they have yet to actually build a fully functional site using their reactors. Meta's RFP is likely to come down to a small handful of suppliers like NuScale that have the technology and necessary approvals to get the ball rolling quickly. Of much greater difficulty, maybe finding somewhere to locate these new SMRs and their AI data center counterparts.


[01:02:52.960]
Ned: Do you want brand new small modular reactors in your backyard? I mean, Chris and I already have the Limerick power plant and Three Mile Island, so I guess we don't really count.


[01:03:05.600]
Chris: As usual. Fear of losing customers has Broadcom relaxing many unfriendly VMware policies. When Broadcom purchased VMware all the way back in November of 2023, they thought it was longer than that. The major thought that went through the IT world was, Ah, shit. That thought turned out to be completely justified as Broadcom chose to slaughter the golden virtualization goose. Some of their first moves as Overlord, raising prices substantially. In some cases, they reported 5 to 1,000%, eliminating individual skews in favor of bundles that nobody really wanted, removing perpetual licensing, and basically abandoning all but the largest partner resellers in favor of taking the work direct. This all appears to have been done under the belief that it didn't matter what Broadcom did. Vmware was just too entrenched for people to leave it behind for something else, especially in the enterprise. Well, turns out people are starting to leave VMware, especially at the enterprise. Last week, for example, UK fintech company, The Beaks Group, announced that it was migrating their 20,000 odd VM estate over to OpenNebula. They cited pricing that was, 10 times the sum it had previously paid for VMware as one reason, and wow, wow, just wow.


[01:04:44.360]
Chris: Beaks said that they didn't believe that VMware was essential anymore. As such, Broadcom is announcing some things. They have now created a SMB friendly subscription tier. They're increasing They're releasing their discounting program, and they're moving back into working with partners. They recently announced that they will only be taking the top 500 VMware accounts direct instead of all the accounts. So I guess Broadcom has finally, finally decided to chill. Not ding chill, mind you. There's no way they can be that cool. And props to the three listeners who drew some human are out of that one.


[01:05:33.660]
Ned: Salt typhoon isn't just a dish at Applebee's. Is Applebee's possessive or is it plural?


[01:05:43.770]
Chris: It's judgmental.


[01:05:46.070]
Ned: Can one just have an Apple Bee? Is that what you call an unattended iPad? Shit. We were talking about Chinese hacking groups, or rather, that's where I was heading. Salt Alt Typhoon is a Chinese hacking group that has infiltrated the United States telecom networks, and Verizon, T-Mobile, and Lumen are having a hell of a time getting them out. So Assistant Director Jeff Green over at CISO USA is recommending that customers use encrypted communications for calls and texts whenever possible. The telecoms are pushing back on two fronts. First, Lumen and T-Mobile are mostly denying the compromise of their network. Second, they are also saying that if they were compromised, it's the US government's fault because the 1994 Communications Assistance for Law Enforcement Act requires telecoms to design their equipment in such a way to allow law enforcement to surveil telecom customers on demand, basically to create a backdoor. The thing about backdoors is that once you create one, anyone with the proper tools can use it, including hackers like Salt Typhoon. If you're wondering what you can do about all of this, well, if you're an Apple customer, you're in luck. Imessage and FaceTime are both encrypted by default, so it doesn't matter much what your telecom is doing.


[01:07:16.170]
Ned: Same thing with Android messages that are using RCS and Google Meet. You're still leaving things up to Google and Apple to a certain extent, though, so if you're feeling really paranoid, you can use Signal instead, or just refuse to answer your phone like me.


[01:07:34.690]
Chris: Data brokers finally facing possible restrictions on selling user data.


[01:07:40.660]
Ned: Maybe.


[01:07:42.510]
Chris: From the, I have been complaining about this since I think the Nixon Administration Department, why is this not already a law? My God. The Consumer Financial Protection Bureau has proposed a new rule that would require data brokers to comply with the Credit Reporting Act regarding how they sell your data. Basically, the change would cause data brokers to be treated with the same scrutiny as credit bureaus, background checking companies, etc. This would be dramatically different than the current level of legal scrutiny data brokers get, which is absolutely none at all. And the data that they sell is not just the stuff that you put on Facebook. Although, let's be honest, you're definitely We're not really putting too much personal stuff on Facebook. We are talking about PII and sensitive data, including social security numbers. The impetus for this action, which has been so, so, so long in coming, was the recent National Public Data Breach, which leaked 200 million Social Security numbers. That one, you'll remember, showed that National Public Data, a real company, had obtained and was selling PII data that was not just about us puny civilians, but it was also police and FBI employees.


[01:09:10.330]
Chris: Now, we can argue about the abject stupidity of the way that America uses social security numbers for identification purposes. But I mean, really, is it really somehow controversial that maybe we shouldn't allow companies to collect them and sell them by whatever means to the highest bidder? This is not complicated, right? Am I alone in this?


[01:09:34.530]
Ned: No.


[01:09:35.040]
Chris: How come nobody's answering me? And when did these walls get so much padding?


[01:09:41.650]
Ned: I think there are larger forces at play.


[01:09:47.830]
Chris: Where's my apple sauce? Something about your last trip.


[01:09:50.180]
Ned: Something about your last trip to Applebee's. All right, that's it. We're done. Go away now. Bye.