Stake and Rope | Podcast on RSS.com

Stake and Rope

by Goat Security

Entertainment News Technology

Despite Obvious Challenge

The latest round of underwater data centers is taking shape. Highlander Digital Technology has a 24-megawatt facility running off the coast of China, powered by an offshore wind farm. A Portland startup called Panthalassa has Peter Thiel money and a plan to put autonomous server pods in international waters connected via Starlink. Capital Clean Energy Carriers signed an MoU with Samsung and Lloyd's Register earlier this month on a data-center-on-ship deployment. Nautilus actually shipped its Marseille facility, and the Stockton deployment is still up at six and a half megawatts. The Register wrote it up this week under the headline that did most of the editorial work for the show: datacenters dip a toe back into waterborne computing despite obvious challenges. The word that matters in that headline is "back." Microsoft ran Project Natick from 2015 to 2020. Eight hundred sixty-four servers in a sealed steel cylinder off the Orkney Islands, two years on the seabed, a failure rate one-eighth what the same hardware showed in a land-based control cluster. Peer-reviewed results. Successful experiment by Microsoft's own published account. And then in 2024, Microsoft quietly confirmed there were no longer any underwater data centers in operation, never fully explained why, and built thirty conventional land-based data centers in the same window. The decision is the artifact. The next data centers the world's most invested operator built after running the most rigorous experiment on the question were all conventional. The current cycle isn't a return. The previous cycle never stopped — it ran the experiment, measured the result, and made a deployment decision. The current operators are running the same experiment. The editorial center is the gap between two things both being true. The technology works — Microsoft proved that, nobody has to re-prove it. The deployment economics don't — Microsoft proved that too, by what they built next. The gap closes when both sides converge. The technology side has been ready since 2020. The economics side hasn't moved. The version of waterborne that actually has a chance, the panel lands on, is the pod-as-tenant model where the marine operating costs are amortized against a different revenue stream — a wind farm operator with the boats and divers and grid interconnect already, a shipping company with vessel operations already running, somebody else owning the marine layer and the data operator being a customer on the platform. Highlander, collocated with an offshore wind farm, is that model. Panthalassa, with autonomous wave-powered pods four days' steam from the nearest human, is the moonshot version that runs the same experiment again with the same results pending. Source Article Datacenters dip a toe back into waterborne computing despite obvious challenges — The Register, June 23, 2026. Panel The Legacy Sysadmin The DBA The Startup Founder The Goat Farmer's Counsel

Perpetual Was a Marketing Word

Tesco, the UK grocery chain, is moving forty thousand server workloads off VMware after suing Broadcom for what its legal filings call "abusive conduct." The story is straightforward in its sequence: Tesco bought perpetual licenses for VMware's vSphere Foundation and Cloud Foundation in January 2021, along with a VMware Tanzu subscription, with support services through 2026 and an option to extend support four additional years. Broadcom acquired VMware in November 2023. According to Tesco's filings, Broadcom refused to honor the existing contract, demanded "excessive and inflated prices" for products Tesco had already paid for, stopped supporting Tesco's products in January 2026, and is now being sued in the UK's High Court for at least £100 million in damages from each of three defendants — Broadcom, VMware, and reseller Computacenter — plus interest. The Register and Ars Technica covered the migration filing this week. The editorial pattern is older than the parties. Oracle bought Sun in 2010 and torched the Solaris support contracts within eighteen months, leaving customers like a regional bank with thirty thousand workloads to migrate on Oracle's timeline. CA built a thirty-year business on the same model and got bought by Broadcom for parts. HP did it to Autonomy customers. Compaq absorbed DEC, HP absorbed Compaq, IBM absorbed Red Hat — every one of those acquisitions was somebody's stability getting renegotiated. The Broadcom-VMware case is not an integration accident. It is the integration. Broadcom paid sixty-one billion dollars for VMware; to make that math work at the returns Broadcom promises shareholders, you need to expand operating margins from roughly twenty-five percent under old management to closer to seventy percent. You do not get from twenty-five to seventy by being nicer to customers. The CFO modeled the customer lawsuits as a line item, factored in the legal reserves, and the net was still positive. The Tesco filing reports that Tesco rejected at least four offers from Broadcom to continue using VMware. Whatever Broadcom was offering, forty thousand workload migrations on a two-year timeline was the cheaper option — which tells you what the offers were. The destination platform is incompatible with Veeam and Zerto, the backup and replication products Tesco currently runs, which means the migration is not forty thousand workloads. It is forty thousand workloads plus a complete rebuild of the data protection layer, on a deadline, with third-party support on the source platform because Broadcom walked off the job in January. The lawsuit is scheduled to reach court between November 2027 and February 2028; Tesco's stated target is to be completely off VMware by the end of 2027 at the earliest. Source Article Tesco Moving 40,000 Server Workloads Off VMware Amid Broadcom's 'Abusive Conduct' — Slashdot, June 17, 2026, summarizing reporting from Ars Technica (Tesco moving 40,000 server workloads off VMware amid Broadcom's abusive conduct) and The Register (Tesco is sprinting to quit VMware and Broadcom despite rapid migration risks). Panel The Legacy Sysadmin The DBA The Startup Founder The Goat Farmer's Counsel

Plausible Isn't Good Enough

Midjourney, the AI image generation company best known for producing pictures on demand, announced on Wednesday that it is opening a medical spa in San Francisco. Guests will be lowered into a tank of golden light while three hundred fifty-eight thousand ultrasonic transducers scan their bodies. The Register wrote it up. The underlying scanner technology is real — it's a Caltech research project using hardware from Butterfly Network, the latter of whom Midjourney initially neglected to mention in its announcement and had to issue a press release on its own behalf. The company claims the scanner could prevent thirty percent of all deaths and fifty percent of healthcare costs, pending FDA approval, which it describes as the "next limit." The panel reads it not as a fraud but as a specific kind of pivot the industry has seen before. In 1994 there was a company called Imatron selling electron beam CT scanners to a chain of preventative scan centers called HealthCheck America. Drive in, get scanned, walk out with your calcium score. Same thirty-percent-of-deaths framing. The scan centers were everywhere by 1999. By 2005 most of them were closed, because insurance wouldn't reimburse, the radiologists hated the false positives, and the company that made the scanners was acquired and broken up. The cycle takes about seven years to play out. The pieces in this round are the same. The editorial center is a single distinction. Midjourney has spent four years optimizing models to produce outputs that look correct, which is a fundamentally different problem from medical imaging, where the image needs to correspond to the actual tissue inside the actual patient. A plausible-looking artifact in medical imaging is worse than a noisy one, because a radiologist might trust it. The company's existing core competency — producing plausible images — is the worst possible skill to transfer into diagnostic medicine. Add to that a stated buildout of fifty thousand scanners by 2031 with capacity for a billion scans a month, a data governance posture that is currently the subject of multiple copyright suits, and an announcement that names neither the storage location nor the retention policy nor the training-use intent of the scans, and you have a company asking patients to trust it with the most intimate dataset that has ever been collected at scale. The breach announcement is already written. It just hasn't been filed yet. Source Article Midjourney pivots from AI image generation to body scanning medical spa where patients bathe in 'golden light — The Register, June 18, 2026 Panel The Legacy Sysadmin The Paranoid CISO The Startup Founder The Goat Farmer's Counsel

It's the Bill

The AI industry is discovering, with apparent surprise, that maybe you shouldn't use more compute than you need. TechCrunch ran a piece this week on the cost-conscious turn — Brian Armstrong of Coinbase predicting eighty percent of workloads shift to ninety-nine percent cheaper models inside eighteen months, Harvey reporting a three-times inference cost reduction without quality loss, and the broader question of whether the scaling-first approach has finally hit a budget. The Harvey quote in the article is precise about what's changed. "The definition of quality is evolving from simply using the most powerful model for everything, to using the best model that gets the right answer most efficiently." The panel reads this as a sentence written by someone who got an invoice. Not an evolution of quality — quality being redefined to fit the budget. Most of the savings, the article notes, come out of the pockets of the big labs as they head for IPO. The frontier labs say they're fine with that; the volume shift is happening at the low end, which was barely profitable for them anyway. Legacy has heard that sentence before, in 1991, when IBM said it about Sun taking the low-end workstation market. The panel's argument lands somewhere close to four cycles of the same pattern. Mainframe MIPS optimization in the late eighties when IBM's processor-second billing finally got somebody in accounting to pull the report. Sun E10K right-sizing when shops realized they'd bought hardware for workloads that ran fine on an Ultra 60. EC2 instance selection around 2012 when companies running m4-large for cron jobs got the bill. And now intelligent routing in 2026, where the discipline that should have been obvious from the start arrives because the invoice finally got walked into a meeting. The lesson takes ten to fifteen years to stick before someone invents a new abstraction layer and the cycle starts again. The reason it doesn't stick is that the people who learned it last time have retired or been promoted out of the work. Source Article Can tech companies learn to love cheaper models? — TechCrunch, June 9, 2026. Panel The Legacy Sysadmin The Burnt-Out SRE The Startup Founder The Goat Farmer's Counsel

The Tuesday

Linux kernel maintainers are floating a proposal that would let admins disable vulnerable kernel functions at runtime. The feature is called Killswitch, and the patch was submitted in early May by Sasha Levin, a distinguished engineer at Nvidia and co-maintainer of the long-term support and stable Linux kernel trees. The Register covered it. The pitch is straightforward — when a serious vulnerability drops and patches aren't ready, instead of waiting for the build-distribute-reboot cycle, you flip a switch and the buggy function refuses to run. The proposal arrived after a rough stretch for Linux. CopyFail (CVE-2026-31431) dropped, went from disclosure to active exploitation in days. Dirty Frag landed with public exploit code targeting the IPsec ESP and RxRPC subsystems and no official fix at the time of disclosure. The kernel community is now openly discussing whether broken functionality might be preferable to weaponized functionality. Red Hat is on record supporting the idea; the security forums are calling it "terrifying" and "absolutely ridiculous"; both reactions are defensible from where the people saying them are sitting. The panel's argument lands somewhere close to four positions held simultaneously. The mechanism isn't new — Solaris had psradm, IBM had dynamic LPAR reconfiguration, AIX had rmdev, every generation of enterprise Unix shipped a version of "turn off the broken thing at runtime." The threat model is real but the larger threat is operational, not adversarial — the Tuesday-afternoon mis-toggle that breaks production six hours into a six-hour diagnosis is more likely than the APT using Killswitch as a defense-evasion primitive. The proposal is the right answer to the problem the kernel community is actually facing — patch pipelines cannot keep up with disclosure pipelines, and that's a structural admission worth sitting with. And the feature will be implemented badly in its first version, get an audit trail by its third, become a NIST control by its eighth, and by the time it's a NIST control nobody will remember it was supposed to be an emergency mechanism. That arc is the show. Source Article Linux kernel maintainers pitch emergency killswitch after CopyFail and Dirty Frag chaos - The Register, May 11, 2026 Panel The Legacy Sysadmin The Paranoid CISO The DBA The Goat Farmer's Counsel

Same Fight, Different Language

The Python steering council has asked for development on the experimental JIT compiler to be suspended from the main branch, pending a new PEP, with a six-month deadline before the code gets removed entirely. The JIT was already in the Python 3.15 release notes, showing an eight-to-nine percent geometric mean performance improvement on x86 Linux, with full release expected in October. The Register reported it this week. The council's position is that proper process wasn't followed. The JIT team's position is that the code is already merged, working, and benchmarked. Pablo Galindo Salgado, speaking for the council, acknowledged that "we have not been as strict about following the process as a change of this complexity and reach deserves" — which is the council admitting that they approved the merges and are now saying they shouldn't have. The same announcement asks for a PEP and then describes the desired outcome as "a JIT infrastructure that can support multiple implementation strategies," which is asking for a different project, not a document. The panel's argument lands somewhere close to thirty years of watching this same pattern. Perl 6 announced in 2000, shipped as Raku in 2019, audience gone by then. Python 2 to 3 nearly died the same way until Guido cut Python 2 off. OpenSSL almost died because the foundation was three people and a Patreon. systemd shipped because Lennart stopped asking. Every functioning open-source project the panel can name has had one person who could say no and mean it. The committee isn't the structure that ships code. The committee is the structure that manages people who ship code. When the committee starts trying to ship the code itself, the code stops shipping. The work shipped. The process didn't. That's the part that doesn't change. Source Article Python JIT compiler project under threat after steering council says proper process wasn't followed — Tim Anderson, The Register, June 8, 2026. Reporting on the Python steering council's request to suspend development on the experimental JIT compiler from the Python 3.15 main branch, the six-month deadline before code removal, Pablo Galindo Salgado's statement on behalf of the council acknowledging that earlier process was insufficient, the JIT team's response including Mark Shannon's concerns about contributor churn, and the council's description of the desired post-PEP architecture as "a JIT infrastructure that can support multiple implementation strategies." Panel The Legacy Sysadmin The DBA The Startup Founder The Goat Farmer's Counsel

Please Do Not Vibe

Rsync, the file synchronization utility that has quietly underpinned essentially every backup system in the Unix and Linux world since the mid-nineties, shipped a release earlier this year with regressions affecting incremental backup workflows. Users digging through the commit history found dozens of commits attributed to "tridge and claude" — that's Andrew Tridgell, the project's creator and a foundational figure in open-source infrastructure, working alongside Anthropic's Claude. A GitHub post titled, with the expletive sanitized, "Please Do Not Vibe Fuck Up This Software" lit the fuse. The Register reported it this week. Tridgell responded with a Medium piece called "Rsync and Outrage" defending his process. Forty years of software engineering experience. Every commit reviewed personally. AI tooling adopted in response to a flood of AI-generated security reports consuming his maintenance time. The defense is the strongest possible version of the position — the original maintainer is also the reviewer, the usual AI-PR concerns about review capacity don't apply, the tool adoption was a rational response to real operational pressure. The panel takes the defense seriously and engages with it on its merits. And the backups have regressions. That's the transaction the panel keeps returning to. The maintainer's standing is intact, the process defense holds, the response to the security-report flood was reasonable, and the incremental backup paths broke. The standard objection to AI-assisted contributions in open source — review capacity — doesn't apply here. So if the regressions still happen, the conclusion has to be something else: the kind of code being produced is harder to review than the code being replaced, the rewrite was the wrong unit of work for the tool, or the test coverage gap was always there and got surfaced by being broken. None of those are character flaws. They're decisions that produced an outcome. And the outcome is that some number of people are going to find out their incremental backups don't restore at three in the morning when they try to. Source Article "Please do not vibe f$%& up this software": Broken backups spark AI coding row in rsync communit — Carly Page, The Register, June 4, 2026 Panel The Legacy Sysadmin The DBA The Startup Founder The Goat Farmer's Counsel

Continue to Function

Microsoft Office 2019 and Office 2021 for Mac, both sold as perpetual licenses, will drop into "reduced functionality mode" on July 13, 2026. After that date, customers who paid in full for the software can open files and view them, but cannot edit or save. The cause is a license-validation certificate scheduled to expire on that date — a date that was baked into the binary the day the software shipped. When Office 2019 reached end of support in October 2023, Microsoft's own support page told customers the apps would "continue to function." Last week, OSnews and the Consumer Rights Wiki noticed that the page had been quietly rewritten. The continue-to-function language was gone. No email to customers. No press release. The promise was edited out before the kill switch was scheduled to flip. The panel's argument lands on the simpler reading of the transaction. The customers paid. The software works. Microsoft is going to turn it off, remotely, because the customers won't pay again. Everything else — the EULA language, the business-model defense, the lifecycle framing — is decoration. The industry has spent thirty years smearing the distinction between owning a thing and leasing access to a thing, and now we live in the version where the lease can be ended whenever the vendor wants, on a date the vendor set, with a promise that gets edited out before the date arrives. Source Articles Microsoft Deliberately Bricking All Office For Mac 2019/2021 Installations — Slashdot, June 2, 2026. Coverage of OSnews and Consumer Rights Wiki reporting on the certificate expiration scheduled for Office 2019 and Office 2021 for Mac, the rewriting of the Microsoft support page to remove the continue-to-function language, the "reduced functionality mode" mechanic, and Microsoft's four officially recommended responses for affected customers. Panel The Legacy Sysadmin The DBA The Startup Founder The Goat Farmer's Counsel

Untapped Means Broken

Google is quietly emailing Android developers with offers to buy their source code. The pitch is "unlock new revenue" and "help transform tools and products." The actual ask is access to production codebases and archived side projects, to train Google's AI coding tools. Jason Koebler at 404 Media obtained the email and broke the story this week. The framing is partnership. The structure is procurement. The license is non-exclusive — which means the developer keeps the IP and Google gets a permanent, non-revocable right to use the code as training data. Once a model is trained on a codebase, the codebase is in the weights. You can sue Google for breach of contract; you cannot sue the model. The panel's argument lands on the simpler reading: Google has a product that doesn't work as well as the competition, and the data they need to make it better lives in the heads and laptops of small developers. The Reddit deal at sixty million produced Gemini telling users to eat glue. The phase-two content-owner deals didn't produce the quality the models needed. So Google is in phase three — cold-emailing individual developers because what the coding models actually need is non-public, real-world production code, and there is no aggregator who owns that. Nobody's getting rich. Google's getting incrementally less behind. And the code, including the parts the developer forgot was in there, becomes training data forever. Source Article Google is emailing Android developers asking to buy their source code — 404 Media, Jason Koebler, June 2026. Panel The DBA The Startup Founder The Paranoid CISO The Goat Farmer's Counsel

Should Be Making Executives Uncomfortable

Two convergent reports landed in the same week with the same conclusion. Bain & Company published survey findings on June 1 reporting that corporate AI investments are based on cost savings that haven't arrived. The consultancy told its own clients the situation "should be making executives uncomfortable." The same week, developer telemetry firm Faros published a study of 22,000 developers and 4,000 teams measuring what LLM-assisted coding actually does to operational metrics. The numbers: lead time for changes up nearly five-fold. Deployment frequency down eleven percent. Defect rates up fifty percent. System throughput, calculated via Little's Law, down somewhere between seventy and eighty percent. The consultancy that sold the savings model is telling clients to worry. The measurement firm is telling engineers what they already suspected. The procurement decks were written before either of those was measurable. The decks for next year are being written now, by the same people, on the same assumptions. The panel argues toward an editorial center the show has been on the record about for several episodes: the AI ROI isn't materializing the way the procurement narrative promised, and both the consulting class and the measurement class are now saying so. The convergence is the news. The pattern — consultancy sells the strategy, strategy doesn't pay off, consultancy sells the diagnostic — is older than the technology in the middle. Source Articles AI Savings Misses 'Should Be Making Executives Uncomfortable,' Bain Says — Bloomberg, June 1, 2026. Bain & Company's survey of executives finding that AI deployment hasn't delivered the productivity gains modeled into business cases, and the consultancy's framing that executives should be worried about the gap between projected and realized savings. Talk Is Cheap: The Operational Impact of LLM Use, May 31, 2026. Coverage of the Faros.ai study measuring operational metrics across 22,000 developers and 4,000 teams using LLM-assisted coding tools. The study finds decreased deployment frequency, increased lead time for features, and increased cost of defects, with a calculated system throughput drop between seventy and eighty percent using Little's Law. Panel The Burnt-Out SRE The DBA The Startup Founder The Goat Farmer's Counsel

1 of 3