Hosted on Acast. See acast.com/privacy for more information.
Hosted on Acast. See acast.com/privacy for more information.
In this special predictions episode of IT SPARC Cast – News Bytes, John Barger and Lou Schmidt kick off 2026 by trading bold, unfiltered forecasts for enterprise IT, AI, cloud, energy, and geopolitics. With five predictions each—and no prior coordination—they round-robin through what they believe will define the next year in technology.
From the deflation of the AI hype cycle and Apple’s inevitable AI acquisition, to quantum computing entering nation-state playbooks, nuclear power reshaping data centers, and lawsuits finally challenging cloud provider accountability, this episode puts both hosts on the record. At the end of the year, they’ll revisit every prediction and grade themselves—so these takes are meant to age in public.
⸻
⏱️ Show Notes
00:00 – Intro
John and Lou explain the format: ten total predictions for 2026, five each, shared live without coordination—and revisited at the end of the year for accountability.
⸻
🔮 2026 Predictions
01:09 – Lou: The AI Bubble Deflates
AI investment cools as rationalization sets in—money keeps flowing, but weaker players and inflated expectations begin to fall away instead of a full collapse.
01:29 – John: Apple Acquires an AI / LLM Company
Apple makes a major AI acquisition to avoid long-term dependence on competitors’ models and regain control over its AI strategy.
02:53 – Lou: AI Starts to Get Really Useful
AI shifts from hype to practical value, quietly improving everyday workflows and real-world systems rather than flashy demos.
04:11 – John: Nation States Use Quantum Computing
Evidence emerges that a nation-state is actively using quantum computing for espionage or cyber operations, even if never formally acknowledged.
04:45 – Lou: AI Sneaks Into Places We Never Expected
AI embeds itself into overlooked products and environments—especially AR, wearables, and location-aware systems—delivering small but meaningful gains.
05:50 – John: Negative Reaction to OpenAI Hardware
OpenAI’s hardware announcement is initially panned by the press and competitors, only to be vindicated later as its purpose becomes clear.
06:51 – Lou: Power Gets Real for Data Centers
Energy—not chips—becomes the primary constraint for cloud and enterprise infrastructure, forcing new generation strategies into production.
08:00 – John: Small Modular Nuclear Reactors Explode (In a Good Way)
SMRs rapidly gain funding, deployments, and valuations as they become the only scalable answer to data center power demand.
08:36 – Lou: The Privacy Environment Gets Weird
Geopolitics, AI agents, and shifting borders create inconsistent and unpredictable privacy regimes across regions.
10:11 – John: Lawsuits Over Cloud Outages
Major lawsuits—possibly class actions—emerge after cloud outages cause real-world harm, forcing legal accountability for uptime failures.
⸻
🔁 Wrap Up
11:58 – Wrap Up
John and Lou invite listeners to submit their own 2026 predictions and commit to revisiting all forecasts at year’s end to see who was right.
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/
Hosted on Acast. See acast.com/privacy for more information.
n this special CVE Year in Review episode of IT SPARC Cast, John Barger and Lou Schmidt break from the usual single-CVE format to count down the five worst IT security failures of 2025.
From long-lived remote code execution flaws in enterprise networking gear, to a ransomware attack that shut down a global distributor, to systemic cloud outages that shattered the concept of “five nines” availability, this episode looks at what really went wrong—and why it matters heading into 2026.
These weren’t theoretical risks. They were real-world failures that disrupted supply chains, exposed critical infrastructure, and forced the industry to rethink assumptions about resilience, cloud reliability, and operational security.
⸻
📋 Show Notes
🔥 Top 5 IT Security Fails of 2025
01:39 - #5 – Ruckus Networks
Ruckus suffered from multiple long-lived remote code execution and authentication bypass vulnerabilities that persisted across 2024 and 2025. Impacted products included SmartZone, ZoneDirector, Cloudpath, and ICX switch management interfaces. Several flaws allowed unauthenticated access to management planes, enabling attackers to take over wireless controllers, push malicious firmware, and pivot deeper into enterprise networks. The lack of timely patches and limited communication made remediation especially painful for customers.
04:32 - #4 – Ingram Micro
A ransomware attack forced one of the world’s largest technology distributors to effectively shut down operations for days. Ordering systems went offline, patch access was disrupted, and thousands of downstream partners and customers were impacted. While it remains unclear whether ransom was paid, the incident highlighted how a single distributor outage can cascade across the IT supply chain, delaying hardware replacements, breaking SLAs, and costing millions in lost revenue.
07:21 - #3 – SAP NetWeaver
CVE-2025-31324 exposed a critical unauthenticated remote code execution flaw in SAP NetWeaver’s Visual Composer. Actively exploited in the wild before many organizations were aware of its existence, the vulnerability gave attackers potential access to finance, HR, procurement, and supply-chain data. For enterprises running SAP at the core of operations, successful exploitation meant full application takeover and deep visibility into business processes.
10:26 - #2 – React
A severe remote code execution issue in React sent shockwaves through the software ecosystem. With an estimated one-third of cloud applications depending on React, attackers were able to chain exploits involving dependency poisoning, build pipeline compromise, and even client-side execution. While patches were released quickly, the sheer scale of affected deployments meant many systems remained vulnerable well after disclosure—and some still are.
12:23 - #1 – Cloud Outages
2025 marked the year that “five nines” effectively died. Major outages across AWS, Microsoft Azure, Google Cloud, Microsoft 365, and IBM Cloud caused multi-hour disruptions affecting identity systems, collaboration tools, healthcare platforms, and public-safety infrastructure. Many incidents were caused not by attackers, but by control plane failures, DNS issues, NTP misconfigurations, and cascading dependencies. The result: billions in estimated financial impact and renewed concern over life-critical workloads running entirely in the cloud.
Watch Cloud SLA Theater: Why 99.999% Uptime Is a Joke in 2025 - https://www.youtube.com/watch?v=ygcYoFBXdjQ
⸻
17:19 - Wrap Up
If you think we missed a major security failure—or disagree with our rankings—we want to hear from you. Reach out, leave a comment, or send us feedback. Your insights often shape future episodes.
🔗 Connect With Us
IT SPARC Cast
X: @ITSPARCCast
LinkedIn: https://www.linkedin.com/company/sparc-sales/
John Barger
X: @john_Video
LinkedIn: https://www.linkedin.com/in/johnbarger/
Lou Schmidt
X: @loudoggeek
LinkedIn: https://www.linkedin.com/in/louis-schmidt-b102446/
Hosted on Acast. See acast.com/privacy for more information.
This week on IT SPARC Cast, John Barger and Lou Schmidt break down three stories shaping the future of enterprise IT—from continued AI spending despite questionable ROI, to radically new approaches to long-term data storage, and a major consolidation in the online learning market.
⸻
📰 News Bytes
00:46 – CEOs Keep Spending on AI Despite Spotty Returns
Despite mixed financial outcomes, a growing number of CEOs plan to increase AI investment through 2026, viewing AI as strategically unavoidable rather than immediately profitable.
Key discussion points:
•Fewer than half of current AI projects are delivering clear ROI
•Strong gains in sales, marketing, customer service, and developer productivity
•Weak performance in regulated, high-risk areas like legal, HR, compliance, and cybersecurity
•Layoffs blamed on AI may result in long-term operational backlash
The hosts argue that AI should augment human expertise, not prematurely replace it—and warn against betting the company on incomplete automation strategies.
07:34 – 5D Glass Storage: Crystals for the Enterprise
A UK company, SPhotonix, is advancing 5D glass storage, capable of preserving data for billions of years by etching nanoscale structures into glass using femtosecond lasers.
Highlights include:
•360 TB per 5-inch glass disk
•Designed for permanent archival, not hot or warm storage
•Potential replacement for long-term tape archives
•Early write speeds are slow, but roadmap improvements are promising
This technology positions itself as a future-proof solution for enterprises, governments, universities, and cultural institutions facing long-term data retention challenges.
15:00 – Coursera Acquires Udemy for $930 Million
Online education giant Coursera is acquiring Udemy in a deal valued at approximately $930 million, creating a dominant force in enterprise and consumer e-learning.
Discussion points:
•Udemy’s strong practitioner-led course model
•Coursera’s academic and credentialing reach
•Expanded use of AI for assessments, personalization, and skills validation
•Potential shift toward a “market-driven university” model
The hosts see this consolidation as a net positive for enterprise IT teams responsible for compliance training, upskilling, and leadership development.
https://techcrunch.com/2025/12/17/coursera-and-udemy-enter-a-merger-agreement-valued-at-around-2-5b/
🔁 Wrap Up
20:00 – Listener Feedback
⭐ Community Call-Out: Abdullah’s React Audit Tool
A special shout-out to Abdullah ( https://x.com/ozkayabd ) who responded on X after a previous React CVE episode and shared an open-source tool to help teams audit their environments:
👉 React Audit Scanner
http://rsc-auditor.vercel.app
This tool allows teams to quickly check whether they may be impacted by recent React vulnerabilities. As always, review and validate any third-party tool before using it in production.
A special shout-out to Megan, who reached out after the episode with thoughtful feedback—and who’s doing important work to tackle a problem far too many people experience: ghosting of job applicants by recruiters and HR teams.
Megan is actively pushing for better communication, transparency, and basic professionalism in the hiring process. It’s a reminder that while we talk a lot about AI, automation, and efficiency, the human side of tech and hiring still matters. Follow her on LinkedIn:
https://www.linkedin.com/in/megan-juliano
Connect with the hosts and the show:
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break down a long-overdue security move from Microsoft: disabling the RC4 cipher by default across Windows authentication infrastructure. After more than two decades of known cryptographic weaknesses, RC4 is finally being deprecated in favor of modern encryption standards like AES.
The discussion covers why RC4 persisted for so long, how legacy Active Directory and Kerberos environments kept it alive, and why attackers have continued to exploit it through techniques like Kerberoasting. The hosts also highlight the new logging, auditing, and PowerShell tools Microsoft released to help enterprises identify and eliminate lingering RC4 dependencies—without breaking production systems.
⸻
📋 Show Notes
🔐 Main Topic: Microsoft Disables RC4 by Default
•Microsoft is removing RC4 (Rivest Cipher 4) as a default cipher in Windows authentication after more than 25 years.
•RC4 has been known to be cryptographically broken for decades and has been actively exploited in real-world attacks.
•The change impacts Kerberos authentication across Windows Server 2008 and later.
•RC4 will still function only if explicitly re-enabled—which is strongly discouraged.
⚠️ Why RC4 Is Dangerous
•RC4 has been abused in Kerberoasting attacks against Active Directory environments.
•Weak encryption allows attackers to extract service account credentials offline.
•Keeping RC4 enabled significantly increases the blast radius of a compromised domain.
🛠️ What Microsoft Did Right This Time
•Added enhanced Kerberos logging (Event IDs 4768 and 4769) to identify RC4 usage.
•Released PowerShell scripts to audit domain controllers for RC4 dependencies.
•Published clear migration guidance to move environments to AES-SHA1 and stronger encryption.
•Provided visibility before enforcing the change, helping admins avoid outages.
🎧 Listener Feedback Highlight
•A YouTube listener praised the CVE of the Week format as being highly valuable from an ops and security standpoint.
•Strong validation that actionable vulnerability analysis resonates with enterprise IT teams.
⭐ Community Call-Out: Abdullah’s React Audit Tool
A special shout-out to Abdullah ( https://x.com/ozkayabd ) who responded on X after a previous React CVE episode and shared an open-source tool to help teams audit their environments:
👉 React Audit Scanner
http://rsc-auditor.vercel.app
This tool allows teams to quickly check whether they may be impacted by recent React vulnerabilities. As always, review and validate any third-party tool before using it in production.
⸻
🔚 Wrap Up & Social Links
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – News Bytes, John and Lou tackle one of the most emotionally charged weeks in enterprise IT. Google CEO Sundar Pichai openly acknowledges that AI-driven layoffs will cause real pain before progress—a statement that sparks a candid Hot Take on disruption, job loss, and opportunity.
From there, the show dives deep into the mounting backlash against U.S. data centers, with over 200 environmental groups demanding a halt to new builds—ironically accelerating plans for orbital data centers. The conversation then turns optimistic as the inventor of the Super Soaker unveils a breakthrough technology that converts waste heat directly into electricity, potentially reshaping geothermal and data center power economics.
Finally, the guys explore Boom Supersonic’s unexpected pivot—using jet engines as grid-scale power generators for data centers—and Google’s launch of managed MCP servers that allow AI agents to plug directly into core Google services with minimal integration effort.
⸻
⏱️ Show Notes
00:00 – Intro
This week: Google admits AI pain is coming, environmentalists push data centers toward orbit, waste heat becomes power, and AI agents get a universal plug.
⸻
HOT TAKE
00:55 – Google CEO on AI Layoffs: “We’re All Going to Have to Suffer Through It”
•Sundar Pichai acknowledges widespread layoffs and economic strain tied to AI adoption.
•John and Lou discuss why AI-driven efficiency gains are being used as justification for premature workforce cuts.
•Key argument: AI doesn’t replace people—it amplifies small teams and enables entrepreneurship.
⸻
NEWS BYTES
06:11 – More Than 200 Environmental Groups Demand Halt to New U.S. Data Centers
•Greenpeace and others cite water usage, power demand, and CO₂ emissions.
•~$64 billion in data center projects already delayed or halted.
•Lou explains why this pressure is accelerating interest in orbital data centers—one FCC license vs. hundreds of local permits.
https://www.theguardian.com/us-news/2025/dec/08/us-data-centers
⸻
10:26 – Super Soaker Inventor Wants to Turn Waste Heat into Electricity
•Lonnie Johnson (inventor of the Super Soaker) unveils the Johnson Thermal Electrochemical Converter (JTEC).
•Works with small temperature differentials—no turbines, no moving parts.
•Could dramatically change how data centers source supplemental power.
⸻
13:08 – Boom Supersonic Uses Jet Engines to Power Data Centers
•Boom Supersonic repurposes its jet engine designs into natural gas turbines for data centers.
•Each turbine outputs ~42 MW; initial orders exceed 1.2 GW and are rapidly increasing.
•First deliveries expected in 2027; turbine factory opening next year.
•John and Lou connect this to job creation across manufacturing, operations, and IT management.
https://techcrunch.com/2025/12/10/google-is-going-all-in-on-mcp-servers-agent-ready-by-design/
⸻
16:44 – Google Launches Managed MCP Servers for AI Agents
•Google introduces managed Model Context Protocol (MCP) servers on GCP.
•MCP creates a universal “language” for AI agents to interact with tools and services.
•Reduces API complexity—ask questions, get results, take action.
•Free during public preview for enterprise customers.
•Lou calls this a major step toward AI-native enterprise workflows.
https://techcrunch.com/2025/12/10/google-is-going-all-in-on-mcp-servers-agent-ready-by-design/
⸻
Wrap Up
20:38 – Mail Bag & Wrap Up
•Listener feedback highlights interest in portable and containerized data centers.
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
This week on IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt break down a code-red security situation affecting a massive portion of the modern web. CVE-2025-55182 is a critical, actively exploited vulnerability in React Server Components (RSC) that enables unauthenticated remote code execution, even in applications that don’t explicitly use server functions.
With an estimated 33–35% of cloud-based services running React, attackers are already leveraging automated tooling to deploy cryptominers, Linux backdoors, and persistent malware across vulnerable systems. If you run React, Next.js, or containerized web workloads, this episode outlines exactly why this exploit is so dangerous, how attackers are weaponizing it, and what you must do right now to mitigate risk—from emergency patching to Zero Trust and micro-segmentation strategies.
⸻
Show Notes
🔴 CVE of the Week: CVE-2025-55182 (React Server Components RCE)
In this episode, John and Lou sound the alarm on a critical vulnerability in React Server Components that has escalated from disclosure to active, automated exploitation in the wild.
Key points covered:
•CVE-2025-55182 allows unauthenticated remote code execution via unsafe serialization and deserialization in React Server Component endpoints
•Vulnerable components include:
•react-server-dom-webpack
•react-server-dom-parcel
•react-server-dom-turbopack
•A related issue impacts Next.js App Router deployments, tracked separately as CVE-2025-66478
•Even applications that do not explicitly use server functions may still be exploitable if RSC support exists
🚨 Active Exploitation Confirmed
Lou shares real-time intelligence showing attackers using automated tooling dubbed “React-to-Shell”, delivering:
•Cryptocurrency miners
•Linux backdoors (PeerBlight)
•Reverse proxy tooling (CowTunnel)
•Go-based post-exploitation implants (ZinFoq)
This is no longer theoretical—production systems are being compromised right now.
🛡️ Immediate Mitigation Guidance
If you run React or Next.js workloads:
•Patch immediately to fixed versions
•Disable or strictly isolate RSC server function endpoints if not required
•Place RSC behind WAFs and strict network controls
•Harden container and OS permissions
•Implement payload anomaly detection
•Move toward micro-segmentation and Zero Trust architectures to limit blast radius
John and Lou emphasize that patching alone is no longer enough in an era of AI-accelerated exploitation.
⸻
Wrap Up & Community Feedback
The episode closes with listener feedback from LinkedIn discussing CXL memory pooling and how it is changing enterprise infrastructure economics—plus a recommendation to check out deep-dive demos from Serve The Home.
As always, the team invites listener input on whether future episodes should focus on individual CVEs or broader security themes.
⸻
Follow & Connect
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – News Bytes, John and Lou cover a packed week in tech policy, AI disruption, and cloud infrastructure. Apple loses its AI chief as the company struggles to keep pace with rivals. India orders smartphone makers to preload a government surveillance app—then backpedals after Apple pushes back. Sam Altman declares a “Code Red” inside OpenAI as pressure mounts from Google, Anthropic, and the entire LLM ecosystem. And finally, Amazon and Google partner on a new high-speed multi-cloud interconnect—an unexpected alliance triggered in part by AWS’ recent outages.
This episode blends politics, enterprise IT strategy, security concerns, and cloud architecture trends—delivered with classic SPARC Cast sarcasm.
⏱️ Show Notes
00:00 – Intro
This week: Apple says goodbye to its AI chief, India tests mandatory surveillance apps, OpenAI hits the panic button, and Amazon+Google become “friends with benefits.”
NEWS BYTES
00:46 – Apple AI Chief Exits
Apple confirms that John Giannandrea, SVP of Machine Learning & AI Strategy, will step down in Spring 2026.
•He was Apple’s “big hire from Google” and led AI initiatives for eight years.
•His replacement: Amar Subramanya, reporting to Craig Federighi.
•John & Lou discuss Apple’s AI struggles:
– Apple Intelligence is “not what was promised”—delayed, underwhelming, and widely criticized.
https://www.apple.com/newsroom/2025/12/john-giannandrea-to-retire-from-apple/
06:43 – India Orders Smartphone Makers to Preload State-Owned Cyber Safety App
India announces a mandate requiring all new smartphones to include a government-built, undeletable cybersecurity app.
•Goal: combat rising cybercrime, IMEI cloning, stolen-device fraud.
•Users cannot remove or disable the app.
•Lou and John highlight the risk.
https://www.reuters.com/sustainability/boards-policy-regulation/india-orders-mobile-phones-preloaded-with-government-app-ensure-cyber-safety-2025-12-01/
11:51 – Sam Altman Declares ‘Code Red’ for ChatGPT
OpenAI CEO Sam Altman declares an internal “Code Red” tied to ChatGPT 5.2.
•All nonessential projects—including the Pulse personalized assistant—paused.
•Focus is entirely on improving 5.2 performance, reliability, and user experience.
•Why now?
– Gemini just jumped ahead in accuracy.
– Claude leads in coding tasks.
– Competition is moving at blistering speed.
https://www.macrumors.com/2025/12/02/openai-delays-ad-plans/
16:55 – Amazon and Google Launch Multicloud Service for Faster Connectivity
Amazon Web Services & Google Cloud jointly launch a multi-cloud private interconnect for rapid cross-cloud connectivity.
•High-speed AWS ↔ Google Cloud links provisioned in minutes, not weeks.
•Early adopter: Salesforce.
•Why this matters:
– After the major AWS East-1 outage, enterprises need cloud failover options fast.
– This partnership essentially creates a safety net: if one cloud fails, the other can pick up load.
https://www.reuters.com/business/retail-consumer/amazon-google-launch-multicloud-service-faster-connectivity-2025-12-01/
20:32 – Mail Bag & Wrap Up
Social Links:
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – News Bytes, John and Lou break down Ubiquiti’s brand-new UniFi wireless bridging lineup, test drive the surprisingly powerful ChatGPT Group Chat feature, and review the newly released IT Specialist Simulator game—yes, it’s a real thing.
Lou also shares his SuperComputing 25 highlights, covering quantum computing, CXL memory extension, and why this year’s show was one of the most energetic he’s ever seen. A packed week for enterprise IT, networking, AI tooling, and HPC.
⏱️ Show Notes
00:00 – Intro
A preview of the week’s topics: ChatGPT enters the chat, Pixel Team Red makes IT into a game, and UniFi pushes wireless bridging further.
NEWS BYTES
01:21 – All-New UniFi Bridging
Ubiquiti announces an expanded lineup of UniFi bridging hardware, offering new flexibility for building-to-building links and hard-to-cable environments. Key highlights:
•Building Bridge Single Unit – no more buying pairs; units can now be paired or re-paired on demand.
•Device Bridge IoT – tiny 2.4 GHz client bridge for connecting wired devices where Ethernet isn’t available.
•Device Bridge Switch – 2.5GbE PoE switch + Wi-Fi 7 / 6 GHz bridging for high-throughput deployment without new cabling.
•Ideal for renters, campuses, remote buildings, and temporary connectivity.
https://blog.ui.com/article/all-new-unifi-bridging
05:00 – ChatGPT Group Chats
ChatGPT now offers multi-user group chats, allowing collaborative research, shared notes, and real-time AI-assisted discussions.
•Works like “ChatGPT inside Slack or Teams.”
•No cross-bleed from personal ChatGPT memory—group chats stay isolated.
•Great for brainstorming, problem-solving, and real-time content creation.
•John tests memory segmentation and explains why this feature actually matters for privacy.
https://openai.com/index/group-chats-in-chatgpt/
07:38 – IT Specialist Simulator (Game)
A new Steam game, IT Specialist Simulator, lets players start as junior IT techs and work their way up the ladder.
•Tasks include configuring IP addresses, handling tickets, and climbing into management roles.
•John plans to test it using Crossover on his Mac during Thanksgiving vacation.
•Lou questions whether this is secretly a recruitment or training tool.
•Possible educational value for beginners learning networking basics.
https://store.steampowered.com/app/3266090/IT_Specialist_Simulator/
10:16 – Lou’s SuperComputing 25 Overview
Lou shares additional SC25 observations not covered in the shorts:
•Deep dive conversations with quantum computing firms including Alice & Bob.
•IBM’s quantum roadmap and why commercial systems are likely 2030+.
•How quantum computing targets molecular simulation, advanced materials, next-gen drugs, and computational fluid dynamics.
•The rise of CXL, PCIe expansion, and technologies enabling enterprises to extend hardware rather than replace it.
•SC25 was one of the most active HPC events Lou has seen in decades.
Wrap Up
14:42 – Listener Feedback & Wrap Up
Listeners react to recent shorts, including extreme cooling solutions (0.01 Kelvin) and moon-mined Helium-3 for future fusion and quantum workloads.
Full contact and feedback channels below:
Social Links
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast, Lou brings you a packed 8-minute walkthrough of the biggest themes and technologies from SuperComputing 25—the largest and busiest HPC show he’s ever attended.
In this video, Lou covers:
🔥 Cooling Wars: immersion cooling, PG25 liquid loops, cavitation risks, phase-change fluids, and long-term hardware reliability.
🧠 CXL & Memory Expansion: shared GPU pools, multi-host memory fabrics, and how CXL can extend server life.
☁️ Hybrid Cloud AI Platforms: two research-born vendors (including one FedRAMP-compliant) redefining HPC + cloud orchestration.
⚡ Infrastructure Giants: the mind-blowing cooling and power equipment that will shape future enterprise data centers.
And John reads out Listener Feedback regarding AlmaLinux as the successor to CentOS.
If you want a concise, expert-level briefing from the SC25 show floor—this is the one to watch.
What it on Youtube Here - https://youtu.be/Ve57fs7efFY
00:00 – Intro
01:08 – Greeting from Super Computing 25
Lou sets the stage after returning from SuperComputing 25, describing the massive scale of the show, packed floors, and how SC25 has effectively replaced events like Interop and SuperComm.
NEWS & TECH BREAKDOWN
02:22 – The Major Theme: Cooling, Cooling, Cooling
Lou explains that cooling dominated the show, with two primary approaches emerging:
1. Immersion Cooling
•Full-system submersion in mineral oil or engineered fluids
2. Active Liquid Cooling (PG25 Mix)
•Issues explored: erosion, cavitation, biological growth, thermal cycling, solder fatigue
3. Phase-Change Approaches
•Solutions that vaporize at fixed temperatures (e.g., 55°C boiling point phase-change fluids)
Why It Matters: Enterprise hardware longevity, reduced thermal stress, and predictable cooling efficiency.
05:41 – CXL & Memory Expansion: The Future of Server Life Extension
Lou discusses a major standout category: CXL (Compute Express Link) technologies allowing:
•Shared memory pools & GPUs across multiple hosts
•Extending server life by adding external memory instead of replacing hardware
•Switching architectures enabling dynamic assignment of terabytes of memory to GPUs
Enterprise takeaway: “Do more with less” becomes practical—critical during recessionary or budget-tight periods.
⸻
07:55 – Hybrid Cloud AI Platforms
Lou meets with two research-born companies offering advanced hybrid cloud and orchestration stacks:
•One FedRAMP-compliant, built for U.S. federal and defense workloads
•One European research derivative, designed for container-heavy hybrid environments without VMware reliance
These solutions focus on orchestration, HPC-to-cloud overflow, container scheduling, and distributed compute for AI.
09:19 – Wrap Up
John closes by encouraging viewers to watch the upcoming shorts and emphasizing how SC25 showcased the next generation of enterprise-class tech. He also covers Listener Feedback on our first short from SC25 regarding AlmaLinux
Social Links
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – News Bytes, John and Lou tackle a wild week in enterprise IT—from grounded aircraft disrupting hardware logistics, to open-source maintainers calling out Google, to sophisticated VM-based malware hiding inside Windows systems, to Santa Clara’s power grid collapsing under the weight of the AI boom.
First, a tragic UPS MD-11 crash in Louisville forces both UPS and FedEx to ground all MD-11 aircraft—creating ripple effects for enterprise sparing strategies and next-day hardware replacement SLAs. John and Lou explain how events outside the IT bubble can quietly break your uptime guarantees.
Then, the maintainers of FFmpeg publicly call out Google: either fund the project or stop flooding it with fuzz-generated bugs. The hosts explore the broader lesson: organizations relying on open source must contribute—code, money, or both.
Next, the team walks through a jaw-dropping Hyper-V evasion technique, where Russian hackers spin up hidden Alpine Linux VMs to run malware undetected by EDR tools. Lou calls it “one of the most clever attack chains we’ve seen in years,” and John argues that Windows security must evolve to detect surprise VM creation.
Finally, Santa Clara—Nvidia’s hometown—has data centers sitting empty because the city literally has no power left to give. With AI megaprojects like Project Stargate on the horizon, John and Lou warn that the grid crisis is about to become every CIO’s problem.
Show Notes
00:00 – Intro
NEWS BYTES
01:05 – UPS and FedEx Ground Planes After Louisville Crash
•A UPS MD-11 crashes, triggering a fleetwide grounding of MD-11 cargo aircraft.
•Immediate supply-chain impact for next-day server replacements and enterprise sparing.
•John and Lou highlight why IT leaders must monitor “non-IT” news that affects logistics.
•A reminder: SLA = logistics, and logistics depends on the real world.
https://www.nbcnews.com/news/us-news/ups-grounds-md-11-fleet-type-plane-louisville-crash-sources-say-rcna242711
04:19 – FFmpeg to Google: Fund Us or Stop Sending Bugs
•Google’s fuzzing system floods FFmpeg with nonstop bug reports.
•Maintainers say the project is overwhelmed and demand Google contribute.
•Discussion: the ethical and practical responsibility companies have to support open source.
https://thenewstack.io/ffmpeg-to-google-fund-us-or-stop-sending-bugs
07:25 – Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection
•Threat actor Curly Comrades uses Hyper-V to run hidden Alpine Linux VMs.
•Malware (CurlyShell & CurlyCat) routes through host NAT, appearing as normal traffic.
•Hard to detect: tiny VM footprint, few forensic artifacts, zero EDR visibility.
•John: Windows Defender should alert when a new VM spins up—“Did you mean to do this?”
https://thehackernews.com/2025/11/hackers-weaponize-windows-hyper-v-to.html
13:08 – Data Centers in Nvidia’s Hometown Stand Empty Awaiting Power
•Two new Santa Clara data centers cannot turn on due to a power shortage.
•Signals a coming crisis as AI mega-facilities exceed grid capacity.
•Power costs and grid constraints may soon drive enterprise IT budgeting changes.
https://finance.yahoo.com/news/data-centers-nvidia-hometown-stand-100009877.html
15:56 – Mail Bag & Wrap Up
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this week’s IT SPARC Cast, John and Lou break down a Cisco security double feature—three critical vulnerabilities impacting Cisco ASA, Cisco Secure Firewall (FTD), and Cisco Identity Services Engine (ISE). These flaws include authentication bypass, chained remote code execution, and a CVSS 10.0 root-level compromise via an undocumented ISE API.
We explain how CVE-2025-20333, CVE-2025-20362, and the newly revealed CVE-2025-20337 work, why federal agencies issued emergency patch directives, and what immediate mitigation steps enterprise defenders must take. If you manage Cisco firewalls or identity systems, this episode is mandatory listening.
00:00 - Intro
01:05 - CVEs of the Week – Cisco ASA & FTD (CVE-2025-20333 & CVE-2025-20362)
• Two actively exploited Cisco firewall vulnerabilities enable authentication bypass and chained remote code execution.
• Attackers linked to ArcaneDoor/Storm-1849 are using CVE-2025-20362 to bypass authentication, paired with CVE-2025-20333 for full RCE device takeover.
• Compromised devices show unexpected reloads, disabled logs, and firmware persistence via ROMMON modification.
• Over 50,000 ASA/FTD systems remain exposed, many still unpatched.
• Emergency guidance from CISA and NCSC stresses immediate patching, disabling WebVPN/SSL, IP whitelisting, and checking for persistence or odd CLI behavior.
• Lou and John emphasize the need for a multi-vendor firewall strategy to avoid single-vendor blast-radius failures.
⸻
05:00 - Cisco ISE – CVE-2025-20337 (Root-Level RCE via Undocumented API)
• Amazon’s threat intelligence team discovered in-the-wild exploitation of an undocumented ISE API endpoint.
• This CVSS 10.0 vulnerability allows deserialization attacks leading to unauthenticated root-level access.
• Attackers deploy an advanced, stealthy web-shell (“IdentityAuditAction”) featuring:
– In-memory execution
– Java reflection thread injection
– Custom DES-encrypted C2
– No disk artifacts
• Exploitation activity dates back to at least May and may be earlier.
• Mitigation requires updating to patched ISE versions, segmenting management networks, monitoring unexpected listeners, and tightening inbound firewall policies.
• John and Lou reiterate that identity remains the “universal attack surface,” and poor segmentation continues to amplify enterprise risk.
⸻
09:26 - Listener Feedback
A viewer asked whether the F5 BIG-IP source code leak affects only the management plane or the data plane.
Answer: Both. Because the entire codebase was leaked, any subsystem could harbor latent zero-day attack surfaces—further stressing the importance of aggressive patching and hardened segmentation.
⸻
10:28 - Wrap Up
We appreciate every question, comment, and suggestion. Keep them coming.
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this week’s IT SPARC Cast – News Bytes, John and Lou go galactic—covering AI data centers in orbit, Microsoft’s blunders, and a nasty new Windows backdoor exploiting OpenAI’s API.
First, it’s “IT in SPAAAAAACE!” as Google unveils Project Suncatcher, an effort to launch radiation-hardened Tensor Processing Units (TPUs) into orbit for solar-powered, space-based AI compute. Then, SpaceX announces plans to build low-Earth-orbit data centers using its Starlink satellite infrastructure and Tesla’s upcoming AI chips—pushing the data center arms race off-planet.
Next up in “Really, Microsoft?” — the latest Windows 11 bug means “Update and Shut Down” doesn’t actually shut down. It just reboots. But the real danger comes from the newly discovered SesameOp backdoor, which uses the OpenAI Assistants API as its command-and-control channel—making it nearly invisible to traditional security tools.
Finally, Microsoft ends volume pricing discounts for enterprise customers, sparking frustration across IT departments already battling licensing complexity.
Show Notes
00:00 - Intro
John and Lou open with a new segment: “IT in Space!” as data centers literally leave Earth’s surface.
01:02 - Google’s Next Moonshot: Project Suncatcher
•Google to launch Project Suncatcher—solar-powered AI compute nodes using Tensor Processing Units (TPUs) in orbit.
•Partners with Planet Labs for radiation-hardened TPU testing.
•Orbiting clusters could provide 8x more energy efficiency than Earth-based systems.
•Challenges include cooling, radiation shielding, and debris avoidance.
https://9to5google.com/2025/11/04/google-project-suncatcher/
03:41 - SpaceX Plans Data Centers in Low-Earth Orbit
•SpaceX confirms Starlink v3 satellites will support data center modules.
•Tied to Tesla’s AI5 and upcoming AI6 chip platforms.
•Starship will be used to deploy orbital compute clusters.
•Laser interlinks and orbital energy capture could redefine distributed computing.
https://x.com/dimazeniuk/status/1984613494629503484?s=61&t=vt5DZTzMzVaVQd0cNd8iuA
06:55 - “Update and Shut Down” No Longer Restarts PC
•Microsoft’s November 2025 preview patch fixes a long-standing issue: “Update and Shut Down” reboots instead of powering off.
•Optional fix available under Windows 11 build 26200.7019.
•Another headache in Windows’ long list of quality-of-life bugs.
https://www.windowslatest.com/2025/11/02/update-and-shut-down-no-longer-restarts-pc-as-windows-11-25h2-patch-addresses-a-decades-old-bug/
08:10 - SesameOp Backdoor Using OpenAI Assistants API
•SesameOp discovered by Microsoft’s DART Team.
•Uses OpenAI’s Assistants API as a stealthy command-and-control (C2) channel.
•No patch yet—only firewall whitelisting and Defender rules recommended.
https://thehackernews.com/2025/11/microsoft-detects-sesameop-backdoor.html
13:53 - Microsoft Ends Volume Pricing
•As of Nov 1, Microsoft has eliminated tiered volume discounts for Enterprise Agreements.
•Large customers will now pay the same flat rate as smaller ones.
•Could increase software spend by double digits at renewal.
https://www.cio.com/article/4079004/microsoft-ends-volume-pricing-potentially-costing-companies-millions.html
15:29 - Mail Bag & Wrap Up
https://daily.jstor.org/when-the-push-button-was-new-people-were-freaked/
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt dive deep into CVE-2025-52665, a critical 10.0 CVSS vulnerability impacting Ubiquiti’s UniFi Access Management API. This flaw blends physical security and cybersecurity risks — allowing unauthenticated attackers to execute remote code, manipulate door access, or even lock users inside buildings.
John and Lou break down how this misconfigured API opens the door (literally) to full network takeover and discuss the real-world implications of smart building vulnerabilities. They cover the affected UniFi Access versions (3.3.22 to 3.4.31) and emphasize updating immediately to version 4.0.21 or later.
Beyond the technical details, they debate the broader question: Are smart buildings worth the risk? From API hygiene to network segmentation, the hosts offer actionable strategies to secure IoT infrastructure and ensure that “smart” doesn’t become “unsafe.”
⸻
Social Links:
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this week’s IT SPARC Cast – News Bytes, John and Lou explore the intersection of AI, hardware, and IT freedom — from creative tension at EA to chipmaking disruption.
First, Electronic Arts (EA) launches ReefGPT, an internal AI design tool meant to boost productivity across studios. Developers say it’s unreliable and fear job losses, while leadership insists AI is the future. John and Lou unpack the deeper message: AI won’t take your job, but someone using AI will.
Then, Qualcomm jumps into the AI data center market with its new AI200 and AI250 chips — scaled-up versions of its mobile neural processors, ready to challenge Nvidia and AMD for inference workloads. The hosts discuss how this could finally relieve the GPU bottleneck driving AI infrastructure costs through the roof.
Next, Ubiquiti declares “SFP Liberation Day.” The new $49 SFP Wizard not only tests but reprograms fiber modules to work with any switch — bypassing vendor lock-ins from Cisco, HPE, and others. John and Lou call it “the jailbreak every network engineer has been waiting for.”
Finally, Substrate, a U.S. startup, unveils an X-ray lithography chipmaking tool that could rival ASML’s $400M EUV machines. Backed by $100M in funding, the company aims to bring advanced chip manufacturing back to the U.S. — potentially reshaping the semiconductor landscape.
00:00 - Intro
00:52 - Electronic Arts (EA) AI Divide
•EA launches ReefGPT to accelerate game design.
•Creatives call it unreliable and fear losing creative control.
04:15 - Qualcomm Joins the AI Arms Race
•Qualcomm announces AI200 (2026) and AI250 (2027) chips for data centers.
•Targets Nvidia’s GPU monopoly with rack-mounted, liquid-cooled solutions.
•Could ease supply pressure and diversify AI compute resources.
https://www.cnbc.com/2025/10/27/qualcomm-ai200-ai250-ai-chips-nvidia-amd.html
11:35 - Ubiquiti Liberates the SFPs
•“SFP Liberation Day” brings a $49 SFP Wizard tool for testing and reprogramming optics.
•Supports SFP, SFP+, and QSFP modules across brands.
•A win for network engineers tired of overpriced vendor modules.
https://blog.ui.com/article/welcome-to-sfp-liberation-day
15:58 - Substrate Announces Chipmaking Tool to Rival ASML
•Substrate reveals an X-ray lithography system
•Rivaling ASML’s EUV tools at lower cost.
•Could reshape semiconductor competition and domestic manufacturing.
https://www.ft.com/content/2496edef-4f1b-47aa-877d-9c01271faaa1
21:02 - Mail Bag & Wrap Up
Hosted on Acast. See acast.com/privacy for more information.
In this special Halloween edition of CVE of the Week, John and Lou dive into a truly chilling scenario — a high-severity DNS poisoning flaw that could be the perfect setup for a wave of phishing attacks and credential theft across enterprise networks.
The star of the episode: CVE-2025-40778, a newly discovered vulnerability in BIND 9’s resolver logic. This flaw allows unauthenticated attackers to inject forged DNS records, redirecting legitimate queries to malicious servers — all without user interaction. With a CVSS score of 8.6, exploits are already active in the wild, and over 5,900 exposed instances have been identified.
But that’s just the start. The hosts explain how major outages at AWS (US-East-1) and Microsoft Azure opened the door for clever phishers to strike when users were most vulnerable — during downtime. Together, these issues illustrate a perfect storm of technical failure and human manipulation.
Lou and John share practical defenses: patch immediately, enable DNSSEC, restrict recursion, and — most importantly — establish a trusted, redundant communication plan for your users before the next outage hits.
⸻
Key Takeaways
•CVE-2025-40778 impacts BIND 9 versions from 9.11 to 9.21.12, including S1 previews.
•Exploits are already circulating — attackers can poison DNS caches remotely.
•Misconfigured DNS and phishing attacks can combine for devastating impact.
•Immediate action: patch, enable DNSSEC, monitor cache entries, and reduce TTLs.
•Prepare for outages — build redundant user communication channels to prevent panic and credential leaks.
Links
https://kb.isc.org/docs/cve-2025-40778
https://nvd.nist.gov/vuln/detail/CVE-2025-40778
https://thehackernews.com/2025/10/threatsday-bulletin-dns-poisoning-flaw.html
https://www.helpnetsecurity.com/2025/10/28/bind-9-vulnerability-cve-2025-40778-poc/
⸻
Wrap-Up – Stay Connected
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this week’s IT SPARC Cast – News Bytes, John and Lou explore the fast-moving world of AI, quantum computing, and cloud reliability.
First up, OpenAI launches Atlas, an AI-powered browser with ChatGPT built in—complete with persistent memory, agent mode, and deep personalization. But as John warns, “If ChatGPT can see everything you do, that includes your company’s data.” Lou connects it to last week’s 7-Zip discussion, emphasizing the need for strict data access policies in enterprises managing shadow AI use.
Then, Google makes a quantum leap with its new Willow chip and Quantum Echoes algorithm, achieving verifiable quantum advantage—13,000x faster than classical supercomputers. The duo discusses its implications for material science, encryption, and the coming “cryptopocalypse.”
Next, Signal gets proactive, introducing Triple Ratchet Encryption—a post-quantum secure update using ML-KEM (Kyber) to protect against future quantum decryption. It’s the first major messaging platform to harden itself against Harvest Now–Decrypt Later attacks.
Finally, in this week’s Hot Take, the hosts analyze the recent AWS DNS outage that took down half the internet. Their verdict? “It’s not just AWS—it’s the apps.” They discuss multi-region design, cloud dependency, and why “Five Nines” uptime might be a thing of the past.
⸻
⏱️ Show Notes
00:00 - Intro
01:24 - OpenAI Debuts AI-Powered Browser (Atlas)
07:27 - Google Launches New Quantum Chip and Algorithm
https://blog.google/technology/research/quantum-echoes-willow-verifiable-quantum-advantage/
09:31 - Signal Stays Ahead of the Game — Triple Ratchet Encryption
⸻
12:03 - Hot Take: Amazon Web Services (AWS) DNS Outage
John recounts debugging his Ring cameras—before realizing the culprit was AWS.
•Cascading DNS failure caused a self-inflicted denial of service
•Exposed lack of redundancy and poor multi-region design
•50% of the internet went down, despite AWS only running 30% of it
Lou’s takeaway: “Cloud isn’t inherently resilient—it’s only as resilient as you design it to be.”
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this episode of CVE of the Week, John and Lou unpack a fresh pair of vulnerabilities affecting one of the most common tools on Windows desktops — 7-Zip.
Tracked as CVE-2025-11001 and CVE-2025-11002, these directory traversal flaws allow attackers to craft malicious archives that can escape the extraction folder, overwrite arbitrary files, and potentially lead to remote code execution (RCE). The hosts discuss how the vulnerabilities impact not just individual users but also automated systems such as CI/CD pipelines, backup servers, and antivirus scanners that automatically unpack archives.
They also cover how this seemingly moderate (CVSS 7.0) issue highlights a deeper problem — shadow IT and uncontrolled software installation inside enterprise environments. From patching strategies to user privilege escalation controls, this episode offers real-world guidance for keeping your organization secure.
⸻
Key Takeaways
•Two new 7-Zip vulnerabilities (CVE-2025-11001 & CVE-2025-11002) enable directory traversal and code execution.
•Impacts Windows desktops and automated extraction workflows in enterprise systems.
•Proof-of-concept exploits are already public on GitHub.
•The fix: Update 7-Zip immediately, disable automatic extraction of untrusted files, and audit your endpoint permissions.
•Also, define a clear policy for software installation to minimize risk from unmanaged tools.
⸻
Stay Connected
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – News Bytes, John and Lou cover the latest updates from Ubiquiti, Google, and the global supply chain.
First, UniFi Network 9.5 rolls out with Channel AI, a next-gen visualization tool that uses AI to map RF interference, optimize channels, and improve roaming performance. Add in wired port anomaly detection, Bonjour and multicast enhancements, and it’s clear—Ubiquiti’s aiming straight at the enterprise.
Then, a new report from UC San Diego and the University of Maryland reveals that half of all geostationary satellites are transmitting unencrypted data—including in-flight Wi-Fi, phone calls, and even critical infrastructure telemetry. Lou calls it “the coffee shop Wi-Fi of enterprise networking.”
Finally, Microsoft, AWS, and Google are all cutting China out of their supply chains, relocating server, switch, and AI chip production to India, Thailand, and Vietnam to reduce risk and geopolitical exposure. The move may reshape where tomorrow’s cloud is built.
⸻
⏱️ Show Notes
00:00 - Intro
John & Lou tee up the week’s biggest IT stories with a mix of insight, humor, and caffeine.
⸻
00:48 - Introducing UniFi Network 9.5
•Major update to UniFi’s platform with Channel AI for real-time RF visualization.
•Enhanced roaming for Apple devices.
•New wired port anomaly detection and better multicast handling.
•Lou calls it “the most enterprise-ready version of UniFi yet.”
https://blog.ui.com/article/releasing-unifi-network-9-5
⸻
06:18 - Satellites Found Exposing Unencrypted Data
•Researchers intercepted sensitive traffic from half of all GEO satellites.
•Data included calls, in-flight Wi-Fi, and industrial telemetry.
•Some providers, like AT&T and T-Mobile Mexico, are still unpatched.
•John warns: “Satellites are the coffee shop Wi-Fi of enterprise networks.”
•Encrypt your traffic at the endpoint—don’t rely on the carrier.
https://techcrunch.com/2025/10/14/satellites-found-exposing-unencrypted-data-including-phone-calls-and-some-military-comms/
⸻
12:24 - Microsoft, AWS, and Google Are Reducing China’s Role in Their Supply Chains
•Microsoft aims for 80% of Surface, Xbox, and server production outside China by 2026.
•AWS and Google shifting to India, Thailand, and Vietnam.
•Lou notes: “The white boxes in your rack probably started in a hyperscaler design lab.”
•Reduced tariffs, diversified supply, and fewer geopolitical risks ahead.
https://techcrunch.com/2025/10/16/microsoft-aws-and-google-are-trying-to-drastically-reduce-chinas-role-in-their-supply-chains/
⸻
18:05 - Mail Bag & Wrap Up
Listener Tom writes in, celebrating Synology’s decision to restore third-party drive compatibility:
“They’re back at the top of my list.”
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.
A suspected state-sponsored attack has breached F5 Networks, compromising source code, customer data, and production systems. With F5 handling 85% of global load balancing, this could expose countless organizations to new zero-day vulnerabilities.
John and Lou break down how it happened, what’s at risk, and what you should do right now if your infrastructure depends on F5 BIG-IP or related systems.
✅ Learn how to prepare for cascading exploits
✅ Why this breach could redefine patch management and Zero Trust
✅ What AI means for future vulnerability discovery
Like, subscribe, and share to stay ahead of the next major exploit.
Follow us:
IT SPARC Cast — @ITSPARCCast on X | https://www.linkedin.com/company/sparc-sales/
John Barger — @john_Video on X | https://www.linkedin.com/in/johnbarger/
Lou Schmidt — @loudoggeek on X | https://www.linkedin.com/in/louis-schmidt-b102446/
Hosted on Acast. See acast.com/privacy for more information.
In this episode of IT SPARC Cast – News Bytes, John and Lou break down three big stories that touch nearly every corner of enterprise IT—from power to code to storage.
First, Ubiquiti expands into the UPS market with the new UniFi Uninterruptible Power Supply, combining network management integration, graceful shutdown control, and plug-and-play simplicity for small offices and home labs.
Then, they explore Google DeepMind’s latest breakthrough—CodeMender, an AI tool that not only finds software vulnerabilities but also rewrites and tests patches automatically before submitting them upstream.
Finally, Synology caves to user backlash, walking back its controversial policy that restricted third-party drives in 2025 NAS models. The nerd uprising worked, restoring support for Seagate, WD, and other drives under DSM 7.3.
⏱️ Show Notes
00:00 - Intro
00:51 - Ubiquiti Is Launching a New UniFi Uninterruptible Power Strategy
Ubiquiti enters the UPS market with the UniFi UPS Tower ($159) and UniFi UPS 2U Rackmount ($279).
•Fully integrates with UniFi OS for device-wide graceful shutdown.
•Simplifies UPS monitoring—no scripting or manual config needed.
https://blog.ui.com/article/introducing-uninterruptible-power
06:00 - Google’s New AI Doesn’t Just Find Vulnerabilities — It Rewrites Code to Patch Them
Google DeepMind’s CodeMender is the next step in automated software security.
•Detects, rewrites, and self-tests patches before submitting them.
•Refactors vulnerable code to prevent flaw reoccurrence.
•Uses multi-AI feedback loops to ensure accuracy before final submission.
https://thehackernews.com/2025/10/googles-new-ai-doesnt-just-find.html
11:03 - Synology Walks Back Controversial Compatibility Policy for 2025 NAS Units
User backlash works—Synology reverses its decision to block third-party drives in the Plus Series 2025 NAS lineup.
•DSM 7.3 restores compatibility with non-Synology drives.
•Synology pledges a new third-party drive validation program.
IT SPARC Cast
@ITSPARCCast on X
https://www.linkedin.com/company/sparc-sales/ on LinkedIn
John Barger
@john_Video on X
https://www.linkedin.com/in/johnbarger/ on LinkedIn
Lou Schmidt
@loudoggeek on X
https://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn
Hosted on Acast. See acast.com/privacy for more information.