- ByteSize
- Posts
- Zuck spies, SharePoint dies, Firefox had two hundred seventy-one surprises
Zuck spies, SharePoint dies, Firefox had two hundred seventy-one surprises
PLUS: Elon is buying a code editor for $60B and calling it a space company thing
Welcome back! We’re almost at the end of April and, if you’re like us, the end of our patience!
Twenty-three years ago today, Apple launched the iTunes Music Store and sold over a million songs in its first week at 99 cents a pop (...which, for context, is less than what Spotify now pays artists per stream if you round up generously). Record executives, who had spent years watching Napster eat their lunch, reacted with a mixture of cautious optimism and soiled khakis. The store went on to become the #1 music retailer in the US, eventually outselling Walmart. Steve Jobs changed the music industry forever, and in return the music industry sued everyone in sight for the next decade. Tradition.
META EMPLOYEES DISCOVER WHAT IT'S LIKE TO BE A META USER
The company that built its entire fortune watching billions of people scroll through divorce announcements and MLM pitches has now turned its surveillance apparatus inward… and its own employees are not thrilled about it.
Yup, that’s right. Reuters reports that Meta is rolling out a tool called "Model Capability Initiative" on employee work computers. It records keystrokes, logs mouse movements, takes periodic screenshots, and monitors "work-related applications and URLs."The memo was reportedly obtained by Business Insider, which means someone at Meta used their surveilled computer to leak information about the surveillance computer. Poetic.
Apparently, CTO Andrew Bosworth's stated vision is to gather enough footage of humans clicking through Gmail and VSCode so Meta's AI agents can eventually do the work humans do. Zuckerberg calls the end goal a "personal superintelligence" that will help you "be a better friend" and "grow into the person you aspire to be."
Which raises a question nobody at Meta seems to have answered: what kind of person do you aspire to be when your employer is watching every keystroke you make?
Anthropic, OpenAI, and Microsoft are all building similar tools, so at least Zuckerberg has company in the dystopia he's constructing.
Microsoft patched CVE-2026-32201 last week — a spoofing vulnerability in SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition that lets unprivileged attackers mess with your data through a network spoofing attack requiring zero user interaction. CISA added it to the Known Exploited Vulnerabilities catalog the same day and ordered federal agencies to patch by April 28.
That deadline is today. You're reading this on April 28. (So, * checks notes * get on it?!?!!?)
Shadowserver says over 1,300 SharePoint servers are still unpatched and exposed online, with fewer than 200 systems secured since the patch dropped. Federal agencies have until the end of day. Everyone else is apparently playing chicken with threat actors. Go patch your SharePoint servers. We'll still be here.
AI FINDS 271 BUGS IN FIREFOX AND THE SECURITY COMMUNITY HAS COMPLICATED FEELINGS ABOUT IT
Anthropic's AI security tool “Mythos” ran against Firefox 150 and found 271 vulnerabilities. Mozilla CTO Raffi Krikorian published a New York Times essay arguing this tilts the offense/defense balance toward defenders — that AI makes finding bugs cheaper for both sides, but at least now security teams have access to the same capabilities as attackers. Mozilla security head Tom Holley put it plainly: "Computers were completely incapable of doing this a few months ago, and now they excel at it."
The uncomfortable footnote is that open source maintainers (you know, that little guy who's spent 20 years holding critical infrastructure together on a volunteer stipend and vibes) still don't have access to Mythos. Krikorian wrote that he should.
We * oBviOuSlY * agree.
⚙️ TOOL TIME
Wait… what is connected to what?
Let’s be honest: your current "network map" is either a 4-year-old Visio file that’s 80% fiction or a mental image you’re holding together with sheer willpower.
Kevin Dooley (who has a Ph.D. in theoretical physics, so he’s officially smarter than us) teamed up with Auvik to drop The No-Sweat Guide to Network Topology.
It’s the ultimate "how-to" for people who want to stop troubleshooting networks in the dark.
Inside:
The fundamentals of different types of network topology and their applications.
Step-by-step instructions for creating accurate network diagrams and understanding their importance.
Expert tips for troubleshooting network issues effectively using your topology diagram.
It’s focused. It’s practical. It’s free.
Download the guide here and stop guessing where the packets go.
Brought to you by Auvik, the tool that maps your network in real-time.
👨💻 JOB OPPORTUNITIES
You'll assess technology controls, identify risks, and write reports that at least three senior people will skim. Requires 1+ years of audit experience and the emotional fortitude to say "control gap" in a meeting without laughing.
Sole on-site IT presence in the NYC office, which is a fancy way of saying you're everyone's first call when the Zoom Rooms dies 90 seconds before a board presentation. Pays up to $175K. Worth it? Debatable.
Lead global IT and security audits at a crypto company, where "auditability" was historically a suggestion. 12+ years of experience required. Familiarity with blockchain, NIST, and the specific feeling of presenting audit findings to people who think regulations are a personality flaw strongly preferred.
🛩 INDUSTRY MOVES
Framework CEO Nirav Patel says the Framework Laptop 13 Pro is "the MacBook Pro for Linux users," and given that Framework 13 users are now 55% Linux to 45% Windows, he's either onto something or about to get a very polite email from Apple's legal team.
SpaceX has struck a deal with Cursor — the AI coding tool that still uses Claude and GPT because xAI's models can't match them — and reserved the right to buy the startup for $60 billion later this year. Elon Musk is assembling a tech conglomerate one impulsive acquisition at a time, and calling it a space company.
OpenAI launched ChatGPT Images 2.0, and it can now generate legible text in images without inventing new words — a bar so low it was basically underground. But anyway, here we are celebrating an AI that previously couldn't write "burrito" without making up two new letters of the alphabet!
Anthropic released Bun 1.1.13 with memory fixes after developers reported the runtime leaking memory like my 1994 Pontiac leaking oil — loudly, persistently, and always right before something important.
Hey, it's Chip! The writer is tired, the AI hype cycle is still going, and yet somehow this newsletter still gets made every week. Respect the hustle. Even if it's mine.
Here’s what the EE community been up to lately:
Someone running three separate vCenter sites wants to know if RVTools can pull cross-vCenter data without running three separate exports and manually stitching everything together. Classic multi-site pain!
A team still sitting on a Windows Server 2012 R2 domain functional level (while running 2016, 2019, and 2022) wants to know if they can jump straight to 2022 and what they'd actually gain by doing it.
A security pro wants to know where the real blind spots are in the field: endpoints, identity, or web access? They got a bunch of refreshingly honest, real-world takes.
That’s it for today! Make sure you step outside for some fresh air… the work will still be there when you’re back. Until next time!
Enjoyed the news? Discuss over on Experts Exchange.
Got news to share or topics you'd like us to cover? Send ‘em our way by responding to this email. We can’t wait to hear from you. Really.