- ByteSize
- Posts
- nightmare eclipse, $7,500 tips, and pyongyang on your company's payroll drips
nightmare eclipse, $7,500 tips, and pyongyang on your company's payroll drips
ALSO: Microsoft is locking Office 2019 on Mac to read-only starting July 13. Subscribe or cry.
Do you actually know what's on your network?
In minutes, Auvik automatically finds what's on your network, maps connections, and highlights changes before they become problems.
Welcome back! The World Cup is underway, serving as a great reminder that FIFA somehow organized a global tournament involving dozens of countries, which is still easier to do than getting Legal to approve a PDF.
Remember Geek Squad? The IT support company millions of Americans entrusted with their computers, their family photos, and occasionally evidence of crimes? Well, on this day in 1994, Robert Stephens founded Geek Squad with $200, a cellphone, and a bicycle (which is either a heartwarming origin story or an OSHA violation, depending on whether or not you’re a corporate exec). By 2002, Best Buy bought the whole operation. By 2004, the Geekmobiles were rolling nationwide, logging 300 million miles total — nine times the distance from Earth to Mars, which is frankly more ambition than anyone expected from a company whose uniform includes a clip-on tie.
Oh, and also we're on LinkedIn now, doing our thing! Go follow ByteSize for last week's Amazon’s Ring Digital Photo Frame GIF, which is funnier than anything you'll see in your feed today. Guaranteed. (Unbiased opinion, of course.)
MICROSOFT IS IN A KNIFE FIGHT WITH A RESEARCHER AND THE RESEARCHER IS WINNING
Microsoft has been sitting on a pile of unpatched vulnerabilities while publicly threatening the person who found them, and somehow this is not even the most embarrassing thing that happened to their security team this week.
A researcher going by Nightmare Eclipse has spent the last several months disclosing vulnerabilities to Microsoft's security response center, getting ignored and credited with nothing, then doing the entirely predictable thing: publishing the exploits publicly. Microsoft's response was to send a vague legal threat, watch the internet collectively roll its eyes, and then walk it back.
This week, Tuesday's patch bundle from Microsoft fixed roughly 200 vulnerabilities, including a zero-day called MiniPlasma — which turns out to be a regression of CVE-2020-17103, a bug Microsoft technically patched six years ago. They fixed it once. Poorly. And then pretended they hadn't.
Nightmare Eclipse also disclosed YellowKey, which can defeat BitLocker full-disk encryption if you have physical access to a machine… which is exactly what BitLocker is supposed to stop. Microsoft's current solution for YellowKey is a manual workaround document, not a patch. Another vulnerability called BlueHammer is also outstanding. Microsoft called the researcher "irresponsible" for publicly disclosing. Nightmare Eclipse's counter-argument is a published working exploit, which is a very compelling rebuttal.
COMPANIES SPENDING $7,500 PER EMPLOYEE PER MONTH ON AI ARE DOING GREAT, PROBABLY
The top 1% of AI-spending companies in America are now dropping $7,500 per employee per month on tokens, according to new data from the Ramp AI Index, which tracks AI adoption among American businesses. These are the firms Ramp describes as "AI-pilled," and honestly the name is doing a lot of work.
For context, TechCrunch reports the average software engineer makes roughly $16,000 a month. So the math on replacing humans with AI still doesn't quite land, although a few very confident Nvidia executives and startup CEOs are doing their best to push the narrative. Mercor's CEO announced last week that the company is spending more on AI agents than on human employees, which is either visionary or a future case study in a Wharton class called "How to Alienate Your Workforce in One Press Release."
The median company in the study is spending $11.38 per employee per month — about the cost of one enterprise seat. The top 10% spend around $611. So the gap between the AI-pilled and everyone else is genuinely enormous, and the AI-pilled cohort grew its per-employee spend by 14.1% last month alone.
Your ByteSize writer, for what it's worth, is spending $0 per month on AI and is still somehow employed. Make of that what you will.
NORTH KOREA IS BASICALLY RUNNING AN OFFSHORE IT STAFFING AGENCY AND USING THE MONEY TO BUILD NUKES
Cybersecurity firm CrowdStrike published a report this week revealing that North Korean hackers, operating under the group name "Famous Chollima," accounted for 47% of all state-backed cyber intrusions at U.S. tech companies between April 2025 and May 2026. NEARLY HALF! FROM ONE COUNTRY! Obsessed much?!
The method is grimly creative: operatives apply for remote IT jobs at American, European, and Asian tech companies using stolen identities, AI-generated deepfake video interviews, and forged documents. Once hired, they collect a salary, steal intellectual property, and when they eventually get caught, threaten to publish what they took unless the company pays a ransom. North Korea has pulled in approximately $2 billion in stolen crypto in 2025 alone, funneled directly into a nuclear weapons program that the UN has sanctioned and Kim Jong Un absolutely does not care about.
To be clear, your next remote IT hire could be running a parallel operation to fund intercontinental ballistic missile tests. HR screening has never felt more urgent.
⚙️ TOOL TIME
Is Your Switch Living in a Broom Closet?
Look around your office. Is your core network switch neatly racked in a climate-controlled server room, or marinating on a dusty shelf in a literal bathroom closet?
If you're ready to rescue your hardware from its current tech dungeon, check out The It Pro’s Guide To Network Switch Physical Design Configuration.
It’s a cheatsheet on how to physically set up and configure a switch that won't die on you.
Here is the quick blueprint
Prevent Overheating: Learn how to analyze intake/exhaust paths so your gear stops choking on literal dust and crud.
Slash Upstream Costs: Calculate your oversubscription ratio to see if you actually need pricey 10Gbps fiber, or if 1Gbps is plenty.
Stop Network Loops: Fix your spanning tree priorities so a random closet switch doesn't accidentally hijack your core root bridge.
Optimize Routing Table Space: Configure your access switches as EIGRP stubs to filter out core clutter and keep traffic pathing clean.
Claim your free copy and build a network closet you can actually trust.
👨💻 JOB OPPORTUNITIES
Magna wants someone to bring order to a global IT governance operation that sounds like it currently has the structural integrity of a Jenga tower mid-game. Eight to ten years of IT controls experience required… or however long it takes for you to look at a risk matrix and feel something.
You'll manage multiple IT projects simultaneously for a defense contractor, which is a fancy way of saying you'll be running five fires at once while someone in a polo asks you if the dashboard is "intuitive enough." PMP preferred, security clearance potential, and a tolerance for ambiguity that borders on spiritual.
Lead global enterprise IT operations for an ad tech company that manages $6 billion in annual ad spend, which means you'll be keeping the lights on for a machine that generates 300 billion creatives a year. Cloud-first mindset required. Existential dread about digital advertising: optional but common.
🛩 INDUSTRY MOVES
China's JDY botnet grew from 650 to 1,500 compromised devices and is actively scanning U.S. military networks. Your unpatched Hikvision camera now has a second job, a shift supervisor, and did not put in two weeks' notice.
Starting July 13, Office 2019 on Mac goes read-only. You can open and print files but not save or edit them. Microsoft calls this "reduced functionality mode." The rest of us call it a $10/month hostage situation.
GitHub is making npm 12 stop auto-running install scripts by default. pnpm, Yarn, Bun, and Deno all did this years ago. npm was the last package manager executing stranger code on install, purely on trust and good vibes.
A man outside Rockstar North is counting cigarette butts to predict GTA 6 Trailer 3. He logged 71 in 19 hours, declared developers "clearly stressed," and this is the most scientifically rigorous GTA 6 reporting of 2026. Your writer respects the dedication and refuses to comment on the methodology, because obviously this newsletter is produced under similar conditions.
Hey, it's Chip. While you were out there watching Brazil struggle to draw against Morocco in their opening World Cup Match, our EE community were solving problems that would make Stack Overflow nervous. This week's highlight reel:
One member discovered that installing Office 2003 on a fresh Windows 10 setup throws a Visual FoxPro error, because some software doesn't go gently into that good night — it just sits there demanding a 26-year-old runtime dependency.
Another member tried to move a CSV file from their C drive to a USB flash drive and got a "no disc space" error despite the drive being completely empty… which is the kind of mystery that makes you question everything you thought you knew about storage and also yourself.
And one person is debugging a Type Mismatch error in a Microsoft Access query with enough nested JOINs that reading it feels like being handed a map of the New York City Subway system during a fire drill.
Until next time! May your documentation be accurate and your stakeholders distracted.