Hosted on Acast. See acast.com/privacy for more information.
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast, Lou brings you a packed 8-minute walkthrough of the biggest themes and technologies from SuperComputing 25—the largest and busiest HPC show he’s ever attended.
In this video, Lou covers:
🔥 Cooling Wars: immersion cooling, PG25 liquid loops, cavitation risks, phase-change fluids, and long-term hardware reliability.
🧠 CXL & Memory Expansion: shared GPU pools, multi-host memory fabrics, and how CXL can extend server life.
☁️ Hybrid Cloud AI Platforms: two research-born vendors (including one FedRAMP-compliant) redefining HPC + cloud orchestration.
⚡ Infrastructure Giants: the mind-blowing cooling and power equipment that will shape future enterprise data centers.
And John reads out Listener Feedback regarding AlmaLinux as the successor to CentOS.
If you want a concise, expert-level briefing from the SC25 show floor—this is the one to watch.
What it on Youtube Here - https://youtu.be/Ve57fs7efFY
00:00 – Intro
01:08 – Greeting from Super Computing 25
Lou sets the stage after returning from SuperComputing 25, describing the massive scale of the show, packed floors, and how SC25 has effectively replaced events like Interop and SuperComm.
NEWS & TECH BREAKDOWN
02:22 – The Major Theme: Cooling, Cooling, Cooling
Lou explains that cooling dominated the show, with two primary approaches emerging:
1. Immersion Cooling
•Full-system submersion in mineral oil or engineered fluids
2. Active Liquid Cooling (PG25 Mix)
•Issues explored: erosion, cavitation, biological growth, thermal cycling, solder fatigue
3. Phase-Change Approaches
•Solutions that vaporize at fixed temperatures (e.g., 55°C boiling point phase-change fluids)
Why It Matters: Enterprise hardware longevity, reduced thermal stress, and predictable cooling efficiency.
05:41 – CXL & Memory Expansion: The Future of Server Life Extension
Lou discusses a major standout category: CXL (Compute Express Link) technologies allowing:
•Shared memory pools & GPUs across multiple hosts
•Extending server life by adding external memory instead of replacing hardware
•Switching architectures enabling dynamic assignment of terabytes of memory to GPUs
Enterprise takeaway: “Do more with less” becomes practical—critical during recessionary or budget-tight periods.
⸻
07:55 – Hybrid Cloud AI Platforms
Lou meets with two research-born companies offering advanced hybrid cloud and orchestration stacks:
•One FedRAMP-compliant, built for U.S. federal and defense workloads
•One European research derivative, designed for container-heavy hybrid environments without VMware reliance
These solutions focus on orchestration, HPC-to-cloud overflow, container scheduling, and distributed compute for AI.
09:19 – Wrap Up
John closes by encouraging viewers to watch the upcoming shorts and emphasizing how SC25 showcased the next generation of enterprise-class tech. He also covers Listener Feedback on our first short from SC25 regarding AlmaLinux
Social Links
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – News Bytes, John and Lou tackle a wild week in enterprise IT—from grounded aircraft disrupting hardware logistics, to open-source maintainers calling out Google, to sophisticated VM-based malware hiding inside Windows systems, to Santa Clara’s power grid collapsing under the weight of the AI boom.
First, a tragic UPS MD-11 crash in Louisville forces both UPS and FedEx to ground all MD-11 aircraft—creating ripple effects for enterprise sparing strategies and next-day hardware replacement SLAs. John and Lou explain how events outside the IT bubble can quietly break your uptime guarantees.
Then, the maintainers of FFmpeg publicly call out Google: either fund the project or stop flooding it with fuzz-generated bugs. The hosts explore the broader lesson: organizations relying on open source must contribute—code, money, or both.
Next, the team walks through a jaw-dropping Hyper-V evasion technique, where Russian hackers spin up hidden Alpine Linux VMs to run malware undetected by EDR tools. Lou calls it “one of the most clever attack chains we’ve seen in years,” and John argues that Windows security must evolve to detect surprise VM creation.
Finally, Santa Clara—Nvidia’s hometown—has data centers sitting empty because the city literally has no power left to give. With AI megaprojects like Project Stargate on the horizon, John and Lou warn that the grid crisis is about to become every CIO’s problem.
Show Notes
00:00 – Intro
NEWS BYTES
01:05 – UPS and FedEx Ground Planes After Louisville Crash
•A UPS MD-11 crashes, triggering a fleetwide grounding of MD-11 cargo aircraft.
•Immediate supply-chain impact for next-day server replacements and enterprise sparing.
•John and Lou highlight why IT leaders must monitor “non-IT” news that affects logistics.
•A reminder: SLA = logistics, and logistics depends on the real world.
https://www.nbcnews.com/news/us-news/ups-grounds-md-11-fleet-type-plane-louisville-crash-sources-say-rcna242711
04:19 – FFmpeg to Google: Fund Us or Stop Sending Bugs
•Google’s fuzzing system floods FFmpeg with nonstop bug reports.
•Maintainers say the project is overwhelmed and demand Google contribute.
•Discussion: the ethical and practical responsibility companies have to support open source.
https://thenewstack.io/ffmpeg-to-google-fund-us-or-stop-sending-bugs
07:25 – Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection
•Threat actor Curly Comrades uses Hyper-V to run hidden Alpine Linux VMs.
•Malware (CurlyShell & CurlyCat) routes through host NAT, appearing as normal traffic.
•Hard to detect: tiny VM footprint, few forensic artifacts, zero EDR visibility.
•John: Windows Defender should alert when a new VM spins up—“Did you mean to do this?”
https://thehackernews.com/2025/11/hackers-weaponize-windows-hyper-v-to.html
13:08 – Data Centers in Nvidia’s Hometown Stand Empty Awaiting Power
•Two new Santa Clara data centers cannot turn on due to a power shortage.
•Signals a coming crisis as AI mega-facilities exceed grid capacity.
•Power costs and grid constraints may soon drive enterprise IT budgeting changes.
https://finance.yahoo.com/news/data-centers-nvidia-hometown-stand-100009877.html
15:56 – Mail Bag & Wrap Up
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this week’s IT SPARC Cast, John and Lou break down a Cisco security double feature—three critical vulnerabilities impacting Cisco ASA, Cisco Secure Firewall (FTD), and Cisco Identity Services Engine (ISE). These flaws include authentication bypass, chained remote code execution, and a CVSS 10.0 root-level compromise via an undocumented ISE API.
We explain how CVE-2025-20333, CVE-2025-20362, and the newly revealed CVE-2025-20337 work, why federal agencies issued emergency patch directives, and what immediate mitigation steps enterprise defenders must take. If you manage Cisco firewalls or identity systems, this episode is mandatory listening.
00:00 - Intro
01:05 - CVEs of the Week – Cisco ASA & FTD (CVE-2025-20333 & CVE-2025-20362)
• Two actively exploited Cisco firewall vulnerabilities enable authentication bypass and chained remote code execution.
• Attackers linked to ArcaneDoor/Storm-1849 are using CVE-2025-20362 to bypass authentication, paired with CVE-2025-20333 for full RCE device takeover.
• Compromised devices show unexpected reloads, disabled logs, and firmware persistence via ROMMON modification.
• Over 50,000 ASA/FTD systems remain exposed, many still unpatched.
• Emergency guidance from CISA and NCSC stresses immediate patching, disabling WebVPN/SSL, IP whitelisting, and checking for persistence or odd CLI behavior.
• Lou and John emphasize the need for a multi-vendor firewall strategy to avoid single-vendor blast-radius failures.
⸻
05:00 - Cisco ISE – CVE-2025-20337 (Root-Level RCE via Undocumented API)
• Amazon’s threat intelligence team discovered in-the-wild exploitation of an undocumented ISE API endpoint.
• This CVSS 10.0 vulnerability allows deserialization attacks leading to unauthenticated root-level access.
• Attackers deploy an advanced, stealthy web-shell (“IdentityAuditAction”) featuring:
– In-memory execution
– Java reflection thread injection
– Custom DES-encrypted C2
– No disk artifacts
• Exploitation activity dates back to at least May and may be earlier.
• Mitigation requires updating to patched ISE versions, segmenting management networks, monitoring unexpected listeners, and tightening inbound firewall policies.
• John and Lou reiterate that identity remains the “universal attack surface,” and poor segmentation continues to amplify enterprise risk.
⸻
09:26 - Listener Feedback
A viewer asked whether the F5 BIG-IP source code leak affects only the management plane or the data plane.
Answer: Both. Because the entire codebase was leaked, any subsystem could harbor latent zero-day attack surfaces—further stressing the importance of aggressive patching and hardened segmentation.
⸻
10:28 - Wrap Up
We appreciate every question, comment, and suggestion. Keep them coming.
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this week’s IT SPARC Cast – News Bytes, John and Lou go galactic—covering AI data centers in orbit, Microsoft’s blunders, and a nasty new Windows backdoor exploiting OpenAI’s API.
First, it’s “IT in SPAAAAAACE!” as Google unveils Project Suncatcher, an effort to launch radiation-hardened Tensor Processing Units (TPUs) into orbit for solar-powered, space-based AI compute. Then, SpaceX announces plans to build low-Earth-orbit data centers using its Starlink satellite infrastructure and Tesla’s upcoming AI chips—pushing the data center arms race off-planet.
Next up in “Really, Microsoft?” — the latest Windows 11 bug means “Update and Shut Down” doesn’t actually shut down. It just reboots. But the real danger comes from the newly discovered SesameOp backdoor, which uses the OpenAI Assistants API as its command-and-control channel—making it nearly invisible to traditional security tools.
Finally, Microsoft ends volume pricing discounts for enterprise customers, sparking frustration across IT departments already battling licensing complexity.
Show Notes
00:00 - Intro
John and Lou open with a new segment: “IT in Space!” as data centers literally leave Earth’s surface.
01:02 - Google’s Next Moonshot: Project Suncatcher
•Google to launch Project Suncatcher—solar-powered AI compute nodes using Tensor Processing Units (TPUs) in orbit.
•Partners with Planet Labs for radiation-hardened TPU testing.
•Orbiting clusters could provide 8x more energy efficiency than Earth-based systems.
•Challenges include cooling, radiation shielding, and debris avoidance.
https://9to5google.com/2025/11/04/google-project-suncatcher/
03:41 - SpaceX Plans Data Centers in Low-Earth Orbit
•SpaceX confirms Starlink v3 satellites will support data center modules.
•Tied to Tesla’s AI5 and upcoming AI6 chip platforms.
•Starship will be used to deploy orbital compute clusters.
•Laser interlinks and orbital energy capture could redefine distributed computing.
https://x.com/dimazeniuk/status/1984613494629503484?s=61&t=vt5DZTzMzVaVQd0cNd8iuA
06:55 - “Update and Shut Down” No Longer Restarts PC
•Microsoft’s November 2025 preview patch fixes a long-standing issue: “Update and Shut Down” reboots instead of powering off.
•Optional fix available under Windows 11 build 26200.7019.
•Another headache in Windows’ long list of quality-of-life bugs.
https://www.windowslatest.com/2025/11/02/update-and-shut-down-no-longer-restarts-pc-as-windows-11-25h2-patch-addresses-a-decades-old-bug/
08:10 - SesameOp Backdoor Using OpenAI Assistants API
•SesameOp discovered by Microsoft’s DART Team.
•Uses OpenAI’s Assistants API as a stealthy command-and-control (C2) channel.
•No patch yet—only firewall whitelisting and Defender rules recommended.
https://thehackernews.com/2025/11/microsoft-detects-sesameop-backdoor.html
13:53 - Microsoft Ends Volume Pricing
•As of Nov 1, Microsoft has eliminated tiered volume discounts for Enterprise Agreements.
•Large customers will now pay the same flat rate as smaller ones.
•Could increase software spend by double digits at renewal.
https://www.cio.com/article/4079004/microsoft-ends-volume-pricing-potentially-costing-companies-millions.html
15:29 - Mail Bag & Wrap Up
https://daily.jstor.org/when-the-push-button-was-new-people-were-freaked/
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt dive deep into CVE-2025-52665, a critical 10.0 CVSS vulnerability impacting Ubiquiti’s UniFi Access Management API. This flaw blends physical security and cybersecurity risks — allowing unauthenticated attackers to execute remote code, manipulate door access, or even lock users inside buildings.
John and Lou break down how this misconfigured API opens the door (literally) to full network takeover and discuss the real-world implications of smart building vulnerabilities. They cover the affected UniFi Access versions (3.3.22 to 3.4.31) and emphasize updating immediately to version 4.0.21 or later.
Beyond the technical details, they debate the broader question: Are smart buildings worth the risk? From API hygiene to network segmentation, the hosts offer actionable strategies to secure IoT infrastructure and ensure that “smart” doesn’t become “unsafe.”
⸻
Social Links:
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this week’s IT SPARC Cast – News Bytes, John and Lou explore the intersection of AI, hardware, and IT freedom — from creative tension at EA to chipmaking disruption.
First, Electronic Arts (EA) launches ReefGPT, an internal AI design tool meant to boost productivity across studios. Developers say it’s unreliable and fear job losses, while leadership insists AI is the future. John and Lou unpack the deeper message: AI won’t take your job, but someone using AI will.
Then, Qualcomm jumps into the AI data center market with its new AI200 and AI250 chips — scaled-up versions of its mobile neural processors, ready to challenge Nvidia and AMD for inference workloads. The hosts discuss how this could finally relieve the GPU bottleneck driving AI infrastructure costs through the roof.
Next, Ubiquiti declares “SFP Liberation Day.” The new $49 SFP Wizard not only tests but reprograms fiber modules to work with any switch — bypassing vendor lock-ins from Cisco, HPE, and others. John and Lou call it “the jailbreak every network engineer has been waiting for.”
Finally, Substrate, a U.S. startup, unveils an X-ray lithography chipmaking tool that could rival ASML’s $400M EUV machines. Backed by $100M in funding, the company aims to bring advanced chip manufacturing back to the U.S. — potentially reshaping the semiconductor landscape.
00:00 - Intro
00:52 - Electronic Arts (EA) AI Divide
•EA launches ReefGPT to accelerate game design.
•Creatives call it unreliable and fear losing creative control.
04:15 - Qualcomm Joins the AI Arms Race
•Qualcomm announces AI200 (2026) and AI250 (2027) chips for data centers.
•Targets Nvidia’s GPU monopoly with rack-mounted, liquid-cooled solutions.
•Could ease supply pressure and diversify AI compute resources.
https://www.cnbc.com/2025/10/27/qualcomm-ai200-ai250-ai-chips-nvidia-amd.html
11:35 - Ubiquiti Liberates the SFPs
•“SFP Liberation Day” brings a $49 SFP Wizard tool for testing and reprogramming optics.
•Supports SFP, SFP+, and QSFP modules across brands.
•A win for network engineers tired of overpriced vendor modules.
https://blog.ui.com/article/welcome-to-sfp-liberation-day
15:58 - Substrate Announces Chipmaking Tool to Rival ASML
•Substrate reveals an X-ray lithography system
•Rivaling ASML’s EUV tools at lower cost.
•Could reshape semiconductor competition and domestic manufacturing.
https://www.ft.com/content/2496edef-4f1b-47aa-877d-9c01271faaa1
21:02 - Mail Bag & Wrap Up
Hosted on Acast. See acast.com/privacy for more information.
In this special Halloween edition of CVE of the Week, John and Lou dive into a truly chilling scenario — a high-severity DNS poisoning flaw that could be the perfect setup for a wave of phishing attacks and credential theft across enterprise networks.
The star of the episode: CVE-2025-40778, a newly discovered vulnerability in BIND 9’s resolver logic. This flaw allows unauthenticated attackers to inject forged DNS records, redirecting legitimate queries to malicious servers — all without user interaction. With a CVSS score of 8.6, exploits are already active in the wild, and over 5,900 exposed instances have been identified.
But that’s just the start. The hosts explain how major outages at AWS (US-East-1) and Microsoft Azure opened the door for clever phishers to strike when users were most vulnerable — during downtime. Together, these issues illustrate a perfect storm of technical failure and human manipulation.
Lou and John share practical defenses: patch immediately, enable DNSSEC, restrict recursion, and — most importantly — establish a trusted, redundant communication plan for your users before the next outage hits.
⸻
Key Takeaways
•CVE-2025-40778 impacts BIND 9 versions from 9.11 to 9.21.12, including S1 previews.
•Exploits are already circulating — attackers can poison DNS caches remotely.
•Misconfigured DNS and phishing attacks can combine for devastating impact.
•Immediate action: patch, enable DNSSEC, monitor cache entries, and reduce TTLs.
•Prepare for outages — build redundant user communication channels to prevent panic and credential leaks.
Links
https://kb.isc.org/docs/cve-2025-40778
https://nvd.nist.gov/vuln/detail/CVE-2025-40778
https://thehackernews.com/2025/10/threatsday-bulletin-dns-poisoning-flaw.html
https://www.helpnetsecurity.com/2025/10/28/bind-9-vulnerability-cve-2025-40778-poc/
⸻
Wrap-Up – Stay Connected
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this week’s IT SPARC Cast – News Bytes, John and Lou explore the fast-moving world of AI, quantum computing, and cloud reliability.
First up, OpenAI launches Atlas, an AI-powered browser with ChatGPT built in—complete with persistent memory, agent mode, and deep personalization. But as John warns, “If ChatGPT can see everything you do, that includes your company’s data.” Lou connects it to last week’s 7-Zip discussion, emphasizing the need for strict data access policies in enterprises managing shadow AI use.
Then, Google makes a quantum leap with its new Willow chip and Quantum Echoes algorithm, achieving verifiable quantum advantage—13,000x faster than classical supercomputers. The duo discusses its implications for material science, encryption, and the coming “cryptopocalypse.”
Next, Signal gets proactive, introducing Triple Ratchet Encryption—a post-quantum secure update using ML-KEM (Kyber) to protect against future quantum decryption. It’s the first major messaging platform to harden itself against Harvest Now–Decrypt Later attacks.
Finally, in this week’s Hot Take, the hosts analyze the recent AWS DNS outage that took down half the internet. Their verdict? “It’s not just AWS—it’s the apps.” They discuss multi-region design, cloud dependency, and why “Five Nines” uptime might be a thing of the past.
⸻
⏱️ Show Notes
00:00 - Intro
01:24 - OpenAI Debuts AI-Powered Browser (Atlas)
07:27 - Google Launches New Quantum Chip and Algorithm
https://blog.google/technology/research/quantum-echoes-willow-verifiable-quantum-advantage/
09:31 - Signal Stays Ahead of the Game — Triple Ratchet Encryption
⸻
12:03 - Hot Take: Amazon Web Services (AWS) DNS Outage
John recounts debugging his Ring cameras—before realizing the culprit was AWS.
•Cascading DNS failure caused a self-inflicted denial of service
•Exposed lack of redundancy and poor multi-region design
•50% of the internet went down, despite AWS only running 30% of it
Lou’s takeaway: “Cloud isn’t inherently resilient—it’s only as resilient as you design it to be.”
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this episode of CVE of the Week, John and Lou unpack a fresh pair of vulnerabilities affecting one of the most common tools on Windows desktops — 7-Zip.
Tracked as CVE-2025-11001 and CVE-2025-11002, these directory traversal flaws allow attackers to craft malicious archives that can escape the extraction folder, overwrite arbitrary files, and potentially lead to remote code execution (RCE). The hosts discuss how the vulnerabilities impact not just individual users but also automated systems such as CI/CD pipelines, backup servers, and antivirus scanners that automatically unpack archives.
They also cover how this seemingly moderate (CVSS 7.0) issue highlights a deeper problem — shadow IT and uncontrolled software installation inside enterprise environments. From patching strategies to user privilege escalation controls, this episode offers real-world guidance for keeping your organization secure.
⸻
Key Takeaways
•Two new 7-Zip vulnerabilities (CVE-2025-11001 & CVE-2025-11002) enable directory traversal and code execution.
•Impacts Windows desktops and automated extraction workflows in enterprise systems.
•Proof-of-concept exploits are already public on GitHub.
•The fix: Update 7-Zip immediately, disable automatic extraction of untrusted files, and audit your endpoint permissions.
•Also, define a clear policy for software installation to minimize risk from unmanaged tools.
⸻
Stay Connected
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – News Bytes, John and Lou cover the latest updates from Ubiquiti, Google, and the global supply chain.
First, UniFi Network 9.5 rolls out with Channel AI, a next-gen visualization tool that uses AI to map RF interference, optimize channels, and improve roaming performance. Add in wired port anomaly detection, Bonjour and multicast enhancements, and it’s clear—Ubiquiti’s aiming straight at the enterprise.
Then, a new report from UC San Diego and the University of Maryland reveals that half of all geostationary satellites are transmitting unencrypted data—including in-flight Wi-Fi, phone calls, and even critical infrastructure telemetry. Lou calls it “the coffee shop Wi-Fi of enterprise networking.”
Finally, Microsoft, AWS, and Google are all cutting China out of their supply chains, relocating server, switch, and AI chip production to India, Thailand, and Vietnam to reduce risk and geopolitical exposure. The move may reshape where tomorrow’s cloud is built.
⸻
⏱️ Show Notes
00:00 - Intro
John & Lou tee up the week’s biggest IT stories with a mix of insight, humor, and caffeine.
⸻
00:48 - Introducing UniFi Network 9.5
•Major update to UniFi’s platform with Channel AI for real-time RF visualization.
•Enhanced roaming for Apple devices.
•New wired port anomaly detection and better multicast handling.
•Lou calls it “the most enterprise-ready version of UniFi yet.”
https://blog.ui.com/article/releasing-unifi-network-9-5
⸻
06:18 - Satellites Found Exposing Unencrypted Data
•Researchers intercepted sensitive traffic from half of all GEO satellites.
•Data included calls, in-flight Wi-Fi, and industrial telemetry.
•Some providers, like AT&T and T-Mobile Mexico, are still unpatched.
•John warns: “Satellites are the coffee shop Wi-Fi of enterprise networks.”
•Encrypt your traffic at the endpoint—don’t rely on the carrier.
https://techcrunch.com/2025/10/14/satellites-found-exposing-unencrypted-data-including-phone-calls-and-some-military-comms/
⸻
12:24 - Microsoft, AWS, and Google Are Reducing China’s Role in Their Supply Chains
•Microsoft aims for 80% of Surface, Xbox, and server production outside China by 2026.
•AWS and Google shifting to India, Thailand, and Vietnam.
•Lou notes: “The white boxes in your rack probably started in a hyperscaler design lab.”
•Reduced tariffs, diversified supply, and fewer geopolitical risks ahead.
https://techcrunch.com/2025/10/16/microsoft-aws-and-google-are-trying-to-drastically-reduce-chinas-role-in-their-supply-chains/
⸻
18:05 - Mail Bag & Wrap Up
Listener Tom writes in, celebrating Synology’s decision to restore third-party drive compatibility:
“They’re back at the top of my list.”
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
A suspected state-sponsored attack has breached F5 Networks, compromising source code, customer data, and production systems. With F5 handling 85% of global load balancing, this could expose countless organizations to new zero-day vulnerabilities.
John and Lou break down how it happened, what’s at risk, and what you should do right now if your infrastructure depends on F5 BIG-IP or related systems.
✅ Learn how to prepare for cascading exploits
✅ Why this breach could redefine patch management and Zero Trust
✅ What AI means for future vulnerability discovery
Like, subscribe, and share to stay ahead of the next major exploit.
Follow us:
IT SPARC Cast — @ITSPARCCast on X | https://www.linkedin.com/company/sparc-sales/
John Barger — @john_Video on X | https://www.linkedin.com/in/johnbarger/
Lou Schmidt — @loudoggeek on X | https://www.linkedin.com/in/louis-schmidt-b102446/
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – News Bytes, John and Lou break down three big stories that touch nearly every corner of enterprise IT—from power to code to storage.
First, Ubiquiti expands into the UPS market with the new UniFi Uninterruptible Power Supply, combining network management integration, graceful shutdown control, and plug-and-play simplicity for small offices and home labs.
Then, they explore Google DeepMind’s latest breakthrough—CodeMender, an AI tool that not only finds software vulnerabilities but also rewrites and tests patches automatically before submitting them upstream.
Finally, Synology caves to user backlash, walking back its controversial policy that restricted third-party drives in 2025 NAS models. The nerd uprising worked, restoring support for Seagate, WD, and other drives under DSM 7.3.
⏱️ Show Notes
00:00 - Intro
00:51 - Ubiquiti Is Launching a New UniFi Uninterruptible Power Strategy
Ubiquiti enters the UPS market with the UniFi UPS Tower ($159) and UniFi UPS 2U Rackmount ($279).
•Fully integrates with UniFi OS for device-wide graceful shutdown.
•Simplifies UPS monitoring—no scripting or manual config needed.
https://blog.ui.com/article/introducing-uninterruptible-power
06:00 - Google’s New AI Doesn’t Just Find Vulnerabilities — It Rewrites Code to Patch Them
Google DeepMind’s CodeMender is the next step in automated software security.
•Detects, rewrites, and self-tests patches before submitting them.
•Refactors vulnerable code to prevent flaw reoccurrence.
•Uses multi-AI feedback loops to ensure accuracy before final submission.
https://thehackernews.com/2025/10/googles-new-ai-doesnt-just-find.html
11:03 - Synology Walks Back Controversial Compatibility Policy for 2025 NAS Units
User backlash works—Synology reverses its decision to block third-party drives in the Plus Series 2025 NAS lineup.
•DSM 7.3 restores compatibility with non-Synology drives.
•Synology pledges a new third-party drive validation program.
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this week’s episode of IT SPARC Cast - CVE of the Week, John Barger and Lou Schmidt dive deep into CVE-2025-49844, a newly discovered and critical remote code execution vulnerability in Redis—the in-memory database that powers over 75% of cloud services. This flaw, dubbed “RediShell”, scores a perfect 10.0 CVSS and affects Redis instances using Lua scripting, allowing attackers to execute arbitrary code and gain full system control.
This 13-year-old bug stems from a use-after-free memory corruption issue that lets attackers escape the Lua sandbox, run malicious code, exfiltrate data, deploy crypto miners, or move laterally inside cloud environments. Even worse—more than 60,000 internet-exposed Redis servers have no authentication, leaving them completely open to exploitation.
John and Lou discuss how this happened, what you can do to secure your infrastructure, and why “cloud-hosted” doesn’t always mean “secure.”
✅ Key Takeaways:
•Update to patched versions immediately (8.2.2, 8.0.4, 7.4.6, 7.2.11, 6.2.20)
•Restrict network access with ACLs
•Rotate all credentials and API keys
•Don’t run Redis as root
•Isolate any compromised hosts before investigation
Lou calls it “a 10 on the oh-crap-ometer”—and he’s not wrong.
https://thehackernews.com/2025/10/13-year-redis-flaw-exposed-cvss-100.html
https://www.darkreading.com/cloud-security/patch-now-redishell-redis-rce
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – News Bytes, John and Lou dive into three stories that blur the line between security, AI, and sci-fi becoming reality.
First, a jaw-dropping report reveals landlords using tenant-screening services to demand employee workplace logins—scraping paystubs directly from systems like ADP. It’s not only unethical—it’s potentially illegal. John and Lou unpack the security, HR, and legal nightmare this poses for corporate IT teams.
Next, OpenAI and Samsung team up under the Stargate project, with Samsung dedicating nearly 40% of its DRAM output to fuel OpenAI’s next wave of AI data centers—potentially even floating ones. The AI arms race is expanding into new dimensions.
Finally, a newly disclosed exploit gives attackers full control over Unitree robots—including humanoids and quadrupeds—via Bluetooth. The flaw, dubbed UniPwn, allows worms to spread across fleets of robots. Lou calls it “Runaway with Tom Selleck meets Star Trek: The Borg.”
⸻
⏱️ Show Notes
00:00 - Intro
John and Lou set up this week’s stories on privacy violations, AI chip deals, and robot exploits.
⸻
00:48 - Landlords Demand Tenants’ Workplace Logins to Scrape Their Paystubs
Landlords and tenant-screening services are asking renters to log into employer systems so they can scrape payroll data.
•Platforms like Argyle and Approve Shield are at the center of the controversy.
•This violates employee data access policies and may breach federal hacking laws.
•IT leaders should issue internal advisories and enforce MFA to prevent credential leaks.
https://www.404media.co/landlords-demand-tenants-workplace-logins-to-scrape-their-paystubs/
⸻
07:05 - OpenAI, Samsung & the Stargate Chip Pact
OpenAI partners with Samsung and SK Hynix under the Stargate project.
•Samsung to provide 900,000 DRAM wafers monthly—40% of its capacity.
•Floating, green data centers are in the works.
•May overlap with Nvidia’s 10GW expansion announced last week.
https://www.theverge.com/news/789687/openai-samsung-stargate-chips
⸻
10:51 - Exploit Allows Takeover of Fleets of Unitree Robots
Researchers uncovered CVE-2025-60251, a wormable flaw in Unitree’s robot lineup.
•Bluetooth handshake vulnerability allows remote takeover.
•Affects quadrupedal GO2/B2 and humanoid G1/H1 robots.
•Attackers can form botnets, move robots, or exfiltrate data.
•Security professionals must begin planning IoT and robotics policies now.
https://spectrum.ieee.org/unitree-robot-exploit
⸻
17:01 - Mail Bag & Wrap Up
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this eye-opening episode of IT SPARC Cast - CVE of the Week, John Barger and Lou Schmidt explore a shocking vulnerability that doesn’t exploit code — it exploits hardware. Specifically, they dive into how Intel and AMD’s Trusted Execution Environments (TEEs), once hailed as unbreakable, can be compromised via physical attacks. From voltage glitching to signal probing, these advanced threats are no longer theoretical and could sidestep your most hardened security measures.
The episode highlights real-world methods like side-channel probing, interposers, and even fault injection used to extract secrets directly from servers. If a malicious actor can gain physical access to your systems, all bets are off. Lou breaks down the Heracles attack on both AMD SEV and Intel SGX. The hosts emphasize just how crucial physical access controls, chassis alarms, and access logs really are.
Don’t underestimate your weakest link — your data center lock and key.
⸻
🔗 Social Links (Wrap Up Section):
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – News Bytes, John and Lou break down three stories reshaping enterprise IT and beyond. Nvidia plans to pour up to $100B into OpenAI, funding 10 gigawatts of new data center capacity—raising big questions about power, infrastructure, and the AI arms race.
Next, we explore a moon helium deal that marks the biggest-ever purchase of natural resources from space. A Finnish firm is set to buy Helium-3 for quantum computing and potential fusion—science fiction turning into enterprise reality.
Finally, Microsoft backtracks on Windows 10’s end of life by offering one year of free security updates, buying time for millions of organizations still running legacy systems.
⸻
⏱️ Show Notes
00:00 - Intro
Kicking off this week’s IT digest with energy, space, and security updates.
00:58 - Nvidia to Invest up to $100B into OpenAI
•Nvidia commits up to $100B to build data centers for OpenAI.
•Target: 10 gigawatts of compute capacity—unprecedented in scale.
•Raises concerns over power, sustainability, and regulation.
•Could fast-track nuclear projects and reshape U.S. energy policy.
07:22 - Moon Helium Deal: Biggest Purchase of Natural Resources from Space
•Finnish company BlueForce signs deal with Interloon to mine Helium-3 on the moon.
•Contract: up to 10,000 liters per year between 2028–2037.
•Helium-3 critical for quantum computing cooling and nuclear fusion fuel.
•Moves lunar mining from sci-fi dream to IT-impacting reality.
12:43 - Microsoft Offers Free Windows 10 Security Updates for One Year
•Windows 10 scheduled to end support October 2025.
•Microsoft extends free security updates through October 2026.
•Affects ~53% of PCs still running Windows 10.
•Likely to extend again due to huge install base.
https://www.straitstimes.com/world/united-states/microsoft-offers-no-cost-windows-10-lifeline
⸻
17:19 - Wrap Up
Thanks for tuning in—let us know your thoughts on Nvidia’s investment, lunar helium mining, or Microsoft’s Windows 10 strategy.
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – CVE of the Week, John and Lou break down CVE-2025-20352, a serious SNMP vulnerability impacting Cisco’s IOS and IOS XE software. Rated CVSS 7.7, this flaw allows attackers with read-only SNMP credentials to crash your system—and with admin credentials, it can escalate to full remote code execution as root. That’s right—root.
We explain why this threat is more dangerous than the score suggests, how it fits into broader supply-chain and chain-attack patterns, and why outdated or unsupported infrastructure makes this even worse. The team also shares mitigation tips and why you might need to shut off SNMP entirely if you’re running legacy gear.
If you’re managing Cisco infrastructure, especially with SNMPv2c or earlier, this episode is a must-listen. Don’t wait for this to be part of a multi-vector attack—lock it down now.
⸻
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – News Bytes, John and Lou cover three stories that hit at the core of enterprise IT and the global tech economy. Ubiquiti expands its portfolio with a new UniFi NAS lineup, featuring everything from 2-bay PoE-powered appliances to rackmount Pro units with 10G and redundant power. The move puts UniFi in direct competition with Synology—but with its own unique twists.
Then, they turn to India’s outsourcing industry, where AI is hollowing out the entry-level coding, QA, and documentation jobs that fueled its decades-long tech boom. What does this mean for global IT services, and can India climb the value chain before it’s too late?
Finally, Nvidia just dropped a $5B investment in Intel, snapping up common stock and setting the stage for joint chip development. Could this be a “promise ring” for an eventual acquisition—and what does it mean for the U.S. semiconductor landscape?
⏱️ Show Notes
00:00 - Intro
John and Lou set the stage for this week’s enterprise IT news rundown.
00:55 - UniFi’s Next-Gen Storage Lineup
Ubiquiti announces four new NAS appliances:
•UNAS 2: $200, 2-bay, 2.5G, PoE-powered, targeted at home & small office.
•UNAS 4: $380, 4-bay, adds NVMe cache slots, PoE+++, ships Q4.
•UNAS Pro 4: $500, 1RU rackmount, multiple 10G ports, MCLAG support.
•UNAS Pro 8: $800, 2RU rackmount, 8 bays, dual PSUs, enterprise-ready.
No container compute like Synology, but excellent backup/cloud integration and PoE flexibility make these compelling.
https://blog.ui.com/article/all-new-next-gen-of-unifi-storage
06:46 - AI is Gutting the Entry-Level Jobs That Powered India’s Tech Boom
•Entry-level coding, QA, and tech writing roles are being automated away.
•Hiring has dropped drastically, with unemployment among young engineers rising.
•Outsourcing’s model is collapsing, replaced by AI’s first-pass coding, testing, and documentation.
What’s next: India must move up the value chain—or face major economic disruption.
https://indiadispatch.com/p/hollow-at-the-base
12:33 - Nvidia is Investing $5 Billion in Intel
•Nvidia buys $5B in Intel stock at $23.28/share.
•Strategic partnership to co-develop chips for data centers and PCs.
•Could this be the start of Nvidia acquiring Intel?
•Implications for U.S. chip sovereignty, competition with AMD, and the AI infrastructure arms race.
https://www.investopedia.com/nvidia-bets-big-on-intel-with-usd5b-investment-11812508
17:32 - Listener Feedback
John & Lou respond to a listener’s thoughtful comments on UniFi vs. Cisco enterprise support, exploring VAR roles, RMA challenges, and whether UniFi is ready for global scale.
21:11 - Wrap Up
Thanks for tuning in! Drop your feedback via email, X, or YouTube comments—we read them all.
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this week’s episode of IT SPARC Cast - CVE of the Week, John Barger and Lou Schmidt dive into CVE-2025-10585, a newly discovered and actively exploited Chrome zero-day vulnerability that targets the V8 JavaScript engine. This type confusion flaw opens the door to arbitrary code execution — and yes, it’s already being used in the wild. With 70% of the browser market affected, this isn’t just a theoretical risk.
John and Lou break down the exploit mechanics, what V8 is and why it’s so critical, and how this CVE marks the sixth Chrome zero-day in 2025 alone. They also discuss mitigation steps and the ripple effects for Chromium-based browsers like Edge, Brave, and Opera. As a bonus, the duo interprets a cryptic (and possibly alarming) listener comment involving fileless malware, COFF loaders, and HTTPS delivery — spooky stuff.
⸻
🔗 IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
🎙️ John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
🎙️ Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – News Bytes, John and Lou explore three stories that could reshape IT’s future. GitHub’s launch of SpecKit signals the end of “vibe coding” as we know it—ushering in a new era of spec-driven development that empowers product managers to become builders. Next, we dive deep (literally) into the nuclear startup Deep Fission, which just went public via a SPAC with a plan to drill tiny nuclear reactors into the earth near data centers. Finally, OpenAI is teaming up with Broadcom to launch a custom AI chip by 2026, intensifying the race for compute power.
If you’re interested in dev workflows, energy innovation, or AI hardware strategy—this is one you don’t want to miss.
⸻
⏱️ Show Notes
00:00 - Intro
00:49 - GitHub Just Killed Vibe Coding
GitHub’s new Spec-Kit toolkit enables spec-driven development, allowing teams to move from document to executable with dramatically fewer handoffs. Product managers can now define specs, environments, and target platforms, letting tools like LLMs and automation build apps directly.
John calls it a “product manager’s dream,” while Lou warns it could disrupt the delicate balance between engineering and PM teams.
https://github.com/github/spec-kit
https://youtu.be/em3vIT9aUsg?si=ND9GlREU7ccDaV0H
https://www.reddit.com/r/GithubCopilot/comments/1n7v2pv/kiro_is_cooked_githubs_spec_kit/
07:15 - Nuclear Startup Deep Fission Goes Public in a Curious SPAC
Deep Fission just raised $30M by reverse merging with Surfside Acquisition. Their bold plan? Small modular nuclear reactors dropped a mile underground—powering AI-hungry data centers with ultra-local energy.
They’re partnering with Endeavor to co-develop 2GW of underground capacity and have been tapped for a DOE reactor pilot program.
https://techcrunch.com/2025/09/08/nuclear-startup-deep-fission-goes-public-in-a-curious-spac/
11:47 - OpenAI to Launch Its First AI Chip in 2026 with Broadcom
OpenAI and Broadcom are building a new AI chip that will power OpenAI’s internal workloads starting in 2026.
• It won’t be publicly available (at least at launch).
• It’s the latest in a growing trend of custom silicon from AI giants.
• Lou & John break down why this signals a hardware arms race and the compute bottlenecks that still plague the AI industry.
⸻
15:30 - Wrap Up
Thanks for tuning in! We want your feedback:
📩 feedback@itsparccast.com
📣 Social Links
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.