TheRegister

Join us to learn how to architect a development environment where your builders and their agents can move fast and securely.

There’s a mysterious framework worming its way through exposed cloud instances removing all traces of TeamPCP infections, but it’s not benevolent by a long shot: Whoever is behind this bit of malware may be cleaning up who came before, but only so they can take their place. Discovered by security outfit SentinelOne’s SentinelLabs researchers and dubbed PCPJack for its habit of stealing previously compromised systems from TeamPCP, the worm was first spotted in late April hiding among a Kubernetes-focused VirusTotal hunting rule. It stood out from known cloud hacktools, said SentinelLabs, because the first action it always takes is to eliminate tools associated with TeamPCP attacks. The script didn’t stop there, though. “We initially considered that this toolset could be a researcher removing TeamPCP’s infections,” SentielLabs said. “Analysis of the later-stage payloads indicates otherwise.” “Analyzing this script led us to discover a full framework dedicated to cloud credential harvesting and propagating onto other systems, both internal and external to the victim’s environment,” SentinelLabs continued. In other words, this thing will harvest credentials from everywhere it can get its hands on, and then find new, unsecured cloud environment targets to spread itself to. TeamPCP came onto the scene late last year, and since then has made a name for itself primarily by undertaking a successful compromise of the Trivy vulnerability scanner. That act spread credential-harvesting malware which attackers then used to pivot to more valuable targets, and became one of the most notable supply chain attacks in recent memory. Unlike TeamPCP’s campaign, which relied on the spread of compromised software by human actors, this one spreads on its own accord. Infections start when already-infected systems look for exposed services, including Docker, Kubernetes, Redis, MongoDB, and RayML, as well as exposed web applications. Once it finds a vulnerable environment, it runs a shell script on the target system that sets up an environment to download additional payloads and searches for TeamPCP processes and artifacts to kill. That part of the infection downloads the worm itself, along with modules to enable lateral movement, parse credentials and encrypt them for exfiltration, and for scanning the web for new environments to infect. From there, the worm goes to work with the second module in its kit that conducts the actual credential thefts. This portion of the infection targets environment variables, config files, SSH keys, Docker secrets, Kubernetes tokens, and credentials from a list of finance, enterprise, messaging, and cloud service targets so long that we recommend taking a look at it here, or just assuming whatever you’re using is probably being targeted. SentinelLabs noted that the lack of a cryptominer in the malware package is unusual, and said the particular services it targeted suggests its goal is either conduct its own spam campaigns and financial fraud with the stolen data, or to make the data it harvests available to those planning similar crimes. The worm's practice of removing TeamPCP files could be opportunistic, or could mean there’s drama going on in the cybercrime world. “We have no evidence to suggest whether this toolset represents someone associated with the group or familiar with their activities,” SentinelLabs noted. “However, the first toolset’s focus on disabling and replacing TeamPCP’s services implies a direct focus on the threat actor’s activities rather than pure cloud attack opportunism.” Because this is a worm relying on unsecured cloud and web app instances ripe for targeting, mitigation recommendations are pretty simple: Keep your cloud platforms secure, and ensure authentication is required even for instances of things like Docker and Kubernetes that aren’t exposed to the internet. ®

A Virginia man, Sohaib Akhter, faces decades in prison after a jury convicted him of being involved in a scheme to delete approximately 96 databases containing US government data. The events of the case transpired around two weeks before the twin brothers allegedly involved were fired from their jobs at a software supplier to the US government. Sohaib and Muneeb Akhter, both 34, allegedly worked together on February 1, 2025, to access the account of an unnamed individual who submitted a complaint through the Equal Employment Opportunity Commission’s public portal. According to the Justice Department, Muneeb asked Sohaib for the individual’s plaintext password. Prosecutors say Sohaib provided the credential, which Muneeb then used to gain unauthorized access to the account. Court documents do not say why the brothers wanted access to the account, but the pair were both fired on February 18, 2025, after the company, which provided software to at least 45 government agencies, learned that Sohaib had a prior felony conviction. The superseding indictment [PDF] goes on to describe the timeline of events leading up to the database manipulation. Within five minutes of being fired via remote meeting, the twins sought to inflict damage on their employer. At approximately 16:55, Sohaib tried to access the software supplier’s network but couldn’t because his VPN connection was severed and his Windows account was deactivated while he was sitting in the firing meeting. However, Muneeb allegedly still had access and told his brother the same. A minute later, at approximately 16:56, officials say Muneeb issued commands preventing other users from reading or writing to the database, before issuing a command to delete it. Over the following 56 minutes, Muneeb allegedly deleted approximately 96 databases, the indictment states, which contained data related to Freedom of Information Act matters and sensitive investigative files belonging to federal departments and agencies. One of the 96 was also described as “a DHS production database containing US government information,” hosted in the Eastern District of Virginia. After the deletions, Muneeb allegedly set about covering his tracks. According to the indictment, Muneeb queried an AI tool: “How do I clear system logs from SQL servers after deleting databases,” and later: “How do you clear all event and application logs from Microsoft Windows Server 2012.” The twins then discussed how to proceed. Sohaib allegedly stated aloud: “They’re gonna probably raid this place,” to which Muneeb replied, “I’ll clean this shit up.” Sohaib added: “We also gotta clean stuff up from the other house, man.” Per the timeline of events heard in court, Muneeb then set about copying EEOC files to a USB stick, around 1,805 of them per court documents, all while using a laptop issued by his former employer. Muneeb allegedly also stole IRS documents stored on virtual machines, including tax information and personally identifiable information belonging to at least 450 individuals. Over the following week, Muneeb unsuccessfully attempted to gain access to a DHS-owned laptop, and the twins sought the help of another unnamed individual to wipe their company-issued devices by reinstalling Windows. Finally, the court heard that Muneeb drove to Texas, transporting his personal laptop, mobile device, and a Personal Identity Verification card issued by a US government agency. They were both arrested on December 3, 2025. Muneeb Akhter has not yet been convicted. Further firearms charges Sohaib was in double trouble for not only computer fraud and password trafficking, but for possessing seven firearms, which police found in March 2025, roughly a month after his brother allegedly deleted the databases. After a search warrant was authorized, police found roughly 378 .30 caliber rounds of ammunition, as well as a selection of firearms, including M1 and M1A rifles, a Glenfield Model 60, a Ruger .22 automatic pistol, and a Colt Police .38 Special revolver, among others. Officials said Sohaib took steps to sell the guns after the search warrant was executed, which involved threatening and intimidating his domestic partner to sign transaction documents since he, a convicted felon who served prison time in 2015 for over a year, was not legally allowed to own any firearms. Sohaib, then 23, was sentenced to two years in prison and three years of supervised release after pleading guilty to accessing sensitive data, including that belonging to co-workers, acquaintances, and a former employer, held on State Department systems while he was working as a contractor. The court heard at the time that he also devised a scheme, along with Muneeb and others, to maintain perpetual access to these systems by installing “an electronic collection device inside a State Department building.” This plan failed, however, as he broke the device while trying to install it behind a wall at a State Department facility in Washington, DC. Muneeb got 39 months in prison and three years of supervised release as a result of his role in the scheme. Sohaib’s sentencing is scheduled for September 9. Muneeb’s additional charges Muneeb, who is yet to be convicted, allegedly downloaded approximately 5,400 username and password combinations from the EEOC’s servers, storing them on multiple devices and in the cloud. In hundreds of cases, according to the indictment, Muneeb successfully accessed the corresponding email accounts without authorization, and created Python scripts to determine which combinations were valid when testing against the servers of an unidentified US hotel chain. During this time, Muneeb allegedly tested the stolen username-password combinations against various companies, including other hotel chains, airlines, and financial services companies. In multiple cases where Muneeb successfully logged into these accounts, court documents state that he changed the email address associated with the account to one he controlled, keeping the victim’s name in the address. The typical format was [victim name]@wardensys.com or [victim name]@wardensystems.com. The domain belongs to a small, Virginia-based company called Warden Systems, which describes itself as an embedded systems and cybersecurity research company. The company’s Crunchbase profile lists Sohaib as vice president, and an X account bearing the name Muneeb Akhter lists itself as CEO at Warden Systems. Its website is no longer reachable, and it stopped posting to social media around 2014, a year before the pair were convicted of earlier felonies. Neither Sohaib nor Muneeb is explicitly connected to “Warden Systems” in court documents, although Muneeb is said to control both the wardensys.com and wardensystems.com domains. In at least one case involving the alleged stolen username-password combinations, prosecutors say Muneeb used one victim’s air miles balance to successfully book a flight. Muneeb faces a maximum prison sentence of 45 years, if convicted. ®

The Iran conflict is adding to supply-chain disruption for datacenter construction projects, bumping up material costs and causing shortages due to the closure of the Strait of Hormuz. So says server hall project specialist BCS Consultancy, which claims construction firms are seeing increases of up to 20 percent in the cost of certain building materials, while in some cases, the quantity available for delivery has been reduced to a quarter of the required amount on order. The firm’s regional director Oskar Lampe says that oil-based building materials are becoming scarcer and more expensive, as about a fifth of the global supply flows through the Strait of Hormuz in the Middle East. Because producing materials such as steel, aluminum, and cement is very energy-intensive, the construction industry is starting to feel the effects of the blockade, he claims. “For datacenter construction, the key components of which consist of exactly these materials, this is a turning point,” he stated. That pressure predates the current conflict, according to IDC. Andrew Buss, senior research director at the analyst house, told The Register: “We’re hearing some reports of broader supply chain disruption and availability issues – particularly for things like high-voltage transformers and copper supply - around datacenter builds from even before the war in the Middle East and the resulting closure of the Straits of Hormuz. “So the closing of the Straits is certainly not helping, but this has been an issue for some time resulting in more frailty and susceptibility to disruption and therefore likely to have a disproportionate impact as a result of the closure.” Last month, IDC warned that IT equipment supplies are facing further volatility as the Iran war has strained global logistics through rising energy costs and freight routes being disrupted. It isn’t just bit barn projects that are suffering, of course. The wider construction industry is experiencing some of the steepest cost increases in nearly 30 years as the ongoing Iran crisis drives up the price of fuel and raw materials, according to The Guardian. These new effects come on top of existing challenges facing the datacenter construction industry, such as the availability of suitable land, getting planning permission, being able to get a grid connection for power, skills shortages and the cost of equipment. Segro, one of the UK's major commercial property developers, revealed a while back that it would invest "hundreds of millions and more" in building new server farms, except that it faced delays often running into years getting such projects wired up to the national grid. Lampe says that the current situation is unlikely to ease quickly, as it will take a while for disrupted transport routes, energy price inflation and volatile raw material markets to recover, even if the Strait of Hormuz were to reopen tomorrow. He advises development teams to follow a few measures to try and minimize the impact on their project timelines, including submitting orders for long lead items early, building clear price escalation rules into contracts, and diversifying supply chains where possible. For example, delivery times can vary between 5 and 38 months for chillers, transformers, generators and other critical plant equipment, even under normal conditions. “Those who only start the procurement process when the project plan dictates will order at a higher price and wait longer,” he notes. Also, dependence on a single supplier is a structural risk for builders even before this conflict and can seriously endanger projects. Known alternatives are needed. “For several oil-based materials, technically equivalent, non-oil-based variants exist. Potentially more expensive to procure, but available and in many cases already geared towards future sustainability requirements, which makes them the more sensible choice in the medium term anyway,” Lampe says. ®

Administrators who want a Windows version of Raspberry Pi Connect need to register their interest, or else the Pi team might ditch the concept. Raspberry Pi Connect is a tool that lets admins remotely access a Raspberry Pi device from a web browser. It launched in 2024 as a free service for individuals and was later joined by Raspberry Pi Connect for Organizations, aimed at commercial customers with fleets of devices, costing $0.50 per device per month. $0.50 per device per month is cheap for a commercial remote access solution on Windows. In response to queries on the subject, the Raspberry Pi team made a Windows version of the service available, albeit as a highly experimental demo not intended for production, at the end of April. Gordon Hollingworth, CTO of Software at Raspberry Pi, told The Register: "The Raspberry Pi Connect daemon implementation is currently closed source, but we intend to open source it eventually so it can be added to other architectures." Hollingworth noted that the Windows version was working in early beta form, saying: "We think it may be useful for our customers to control all their devices from one place. But we are still investigating the concept and may remove this capability if there's insufficient interest." For admins managing mixed fleets of devices, it's an interesting option, though the company would face stiff competition in the Windows market if it decides to proceed. Raspberry Pi has quietly added more enterprise-friendly features over time. Tags can now be applied to devices (for example, to show their location or purpose), and it is possible to require two-factor authentication for members of Connect for Organizations. The company's computers have long been a low-cost option for businesses considering thin clients, and its most recent crop of hardware releases, such as the computer-in-a-keyboard Pi 500 and Pi 500+ devices, could replace existing desktops. Should the Windows version of Raspberry Pi Connect attract enough interest to progress beyond its early beta state, it will represent another inroad into the enterprise computing space. ®

A fresh Linux privilege escalation bug dubbed "Dirty Frag" has dropped into the wild with no patches, no CVE, and a public exploit that hands attackers root access across major distributions. Security researcher Hyunwoo Kim disclosed the local privilege escalation flaw on Friday after what he said was a broken embargo forced the issue into the open. Kim described Dirty Frag as a "universal LPE" affecting "all major distributions" and warned that it delivers the same kind of immediate root access as the recent CopyFail mess – only this time, defenders do not even have patches to throw at the problem. "As with the previous Copy Fail vulnerability, Dirty Frag likewise allows immediate root privilege escalation on all major distributions," Kim said. "Because the responsible disclosure schedule and embargo have been broken, no patches exist for any distribution." Dirty Frag works by chaining together two separate Linux kernel flaws. One sits in the xfrm-ESP subsystem and dates back to a January 2017 kernel commit, according to Kim, while the second vulnerability affects RxRPC functionality introduced in 2023. Together, the two bugs allegedly let unprivileged local users overwrite protected files in memory and claw their way to root. A long list of distributions in the firing line, according to Kim, including Ubuntu, Red Hat Enterprise Linux, CentOS Stream, Fedora, AlmaLinux, and openSUSE Tumbleweed. Separately, researchers appear to have independently reverse-engineered part of the bug chain from a publicly visible kernel fix commit before the embargo expired, adding to the disclosure mess already surrounding the flaw. One GitHub project titled "Copy Fail 2: Electric Boogaloo" claims to weaponize the ESP/xfrm side of the issue separately from Kim's full Dirty Frag chain. Kim said maintainers signed off on the disclosure of the flaw after somebody else dumped exploit details online first, collapsing the embargo before patches were finished. So now the exploit is public, the fixes are not, and Linux admins get another long week. The disclosure comes as the industry is still dealing with the fallout from CopyFail, another Linux privilege escalation bug that recently landed in CISA's Known Exploited Vulnerabilities catalog after attackers started cashing in on it in the wild. But Dirty Frag makes the recent CopyFail chaos look relatively organized. There's still no CVE, no coordinated patch rollout, and not much in the way of mitigation. Kim published a temporary workaround that disables affected ESP and RxRPC modules before clearing the system page cache. Useful, perhaps, although "turn bits of the kernel off and hope for the best" is not usually the sort of guidance admins enjoy seeing. ®

OPINION When President Donald Trump returned to power, he cast himself as the anti‑Biden on AI. First, he tore up Biden's Executive Order 14110, which had demanded "safe, secure, and trustworthy" AI. He then replaced it with his own "Removing Barriers to American Leadership in Artificial Intelligence" directive, ordering agencies to rescind or dilute rules seen as obstacles to innovation. In short, American AI vendors could do anything they wanted. That was then. This is now. While Trump has yet to issue a new AI Executive Order, we know his crew is forming an AI working group of tech execs and government officials to bring oversight to AI. Specifically, they're considering requiring all new "high‑risk" AI frontier models to undergo a formal government review before they can be used. That's going to go over well. What we do know is that National Economic Council Director Kevin Hassett has said: "We're studying possibly an executive order to give a clear roadmap to everybody about how this is gonna go, and how future AIs that also potentially create vulnerabilities should go through a process so that they’re released into the wild after they've been proven safe – just like an FDA drug." Considering that people who ignore evidence now regulate healthcare in the United States, that doesn’t fill me with much confidence. Indeed, we now know the FDA blocked the publication of studies showing that COVID-19 and shingles vaccines were safe. Are these the kinds of people we want calling the shots on AI? Be that as it may, the Trump yes-men are framing this shift as a response to escalating cybersecurity and national‑security risks rather than as a broader embrace of EU‑style AI regulation. Yes, they're looking at Anthropic's Mythos and its potential use by hackers. At the same time, they emphasize that they want to avoid "onerous" controls on everyday AI applications. Frontier models that could supercharge cyberwarfare, bio‑threats, or other strategic dangers are another matter. That's quite a change from last summer when Trump babbled: "We have to grow that [AI] baby and let that baby thrive. We can't stop it. We can't stop it with politics. We can't stop it with foolish rules and even stupid rules." Now he seems to think rules would be a good thing. Darrell West, a senior fellow at the Center for Technology Innovation at the Brookings Institution, has suggested that Trump is returning to Biden's policy. Just don't tell him that; he'll have a fit. While Trump and company are still contemplating exactly how they want to rule – sorry, regulate – AI, the Department of Commerce's Center for AI Standards and Innovation (CAISI) announced new agreements with Google DeepMind, Microsoft, and xAI. According to these new policy statements, CAISI will conduct pre-deployment evaluations and targeted research to better assess frontier AI capabilities and advance the state of AI security. CAISI director Chris Fall said: "Independent, rigorous measurement science is essential to understanding frontier AI and its national security implications." How to do this? Who will do this? What will it look like? Good question! Too bad we don’t have any answers yet. You may have noticed that Anthropic was not invited to this cozy policy get-together. Funny, that, since most observers think that Mythos was the model that broke the "do anything you want" AI camel's back in Trump's White House. That's because the months‑long feud between the administration and Anthropic is still simmering. Trump's team moved to block federal agencies from using the company's tools, and Anthropic is now challenging that policy in court. Recently, however, Trump's tone has softened. Trump told CNBC that Anthropic was "shaping up." If he can't get peace with Iran, maybe peace with Anthropic will please him. On the other hand, we also know that the Trumpies are considering forbidding companies from "interfering" with the government's use of AI models. You hear that, Anthropic? You will toe the line! Meanwhile, Gregory Falco, a Cornell assistant professor of mechanical and aerospace engineering, pointed out the obvious: "The federal government does not currently have the in-house technical expertise, infrastructure, or day-to-day insight needed to directly evaluate these systems on its own." Expertise is something Trump's cast of characters sorely lacks across any and all subjects. "At the same time," Falco continued, "a purely voluntary model of self-governance is not enough." After all, foxes are notorious guardians of chicken houses. What I think is going to happen is that AI vendors who play ball with Trump will end up "governing" AI alongside some Trump loyalists. It's going to be ugly. Some regulation is needed, but these are not the people who will do a good job of it. I won't be surprised if one of Trump's goals isn't so much to make AI safer as it is to ensure that the answers AI gives are the ones he and his regime want people to see. Today, for example, when I asked a variety of chatbots who lost the 2020 election, they all agreed Trump had lost. Funnily enough, when the Senate Judiciary Committee asked numerous Trump nominees for federal judgeships the same question, they universally refused to say he lost. For better or worse, most Americans don't pay attention to legal news. What they do, however, is ask AI chatbots for answers. Foolish of them, considering how inaccurate they can be, but there it is. If Trump's allowed to call the shots, I've little doubt that the approved bots will follow in the footsteps of his obedient judges and give the answers he wants and not the truth. ®

Meta has quietly pulled the plug on encrypted Instagram DMs, meaning private messages on one of the world’s biggest social networks are no longer especially private. The change took effect today, according to a revised Meta post first published in 2022. In a statement to The Register, Meta said the feature saw limited adoption and pointed users toward WhatsApp instead. "Very few people were opting in to end-to-end encrypted messaging in DMs, so we're removing this option from Instagram in the coming months," the spokesperson said. "Anyone who wants to keep messaging with end-to-end encryption can easily do that on WhatsApp." It’s quite the reversal for a corporation that spent years telling everyone that encryption was the future of online communications, even as governments pushed back against the company’s wider rollout plans. Much of that pressure centered on child protection. Campaigners and agencies, including the NSPCC UK’s National Crime Agency, argued wider encryption would make it harder to detect grooming, child abuse material, and other criminal activity taking place over private messaging services. Privacy advocates, however, say Meta has just blown a hole in one of the few genuinely private corners of the platform. The Center for Democracy & Technology said it had urged Meta to reverse the decision, alongside members of the Global Encryption Coalition Steering Committee. “Without default encryption, millions of Instagram users are left exposed to surveillance, interception, and misuse of their private communications,” the group said. “These risks fall hardest on people who rely on secure messaging for their safety, including journalists, human rights defenders, and survivors of abuse.” Swiss privacy outfit Proton also questioned what exactly happens to existing chats once encryption disappears. Because properly implemented E2EE prevents platforms from reading message contents, the company noted that Meta has not clarified whether previously encrypted conversations will remain inaccessible, get deleted, or become readable. “For Instagram, dropping E2EE is just an example of how little regard Meta has for the privacy and safety of its community,” Proton said in a blog post. Meta has become increasingly aggressive about monetizing and analyzing user interactions. Last year, the company confirmed that interactions with Meta AI tools, including those inside private conversations, could be used for ad targeting. The company has not publicly said whether ordinary Instagram messages could eventually feed into similar systems now that encryption is gone. ®

The veteran editor Vi turns 50 this year, and what better way to celebrate than to write a version in BASIC? The code was created by Lee Tusman, who likes to be a little out of step with the latest IT industry fads. Not strictly a professional programmer, Tusman, whose background is in art, began looking at BASIC in 2025. Specifically, Yabasic, an open source BASIC interpreter for Unix and Windows. "For a modern BASIC, it's quite fun to use," Tusman wrote. "I made my own cyber-hoss racing game, a command line game inspired by the UFO50 and Flash game Quibble Race. I also tinkered with the internals of the text version of The Oregon Trail, and built a clone, a simple version of Dope Wars economic simulation game." All of which brought Tusman to code up a version of the veteran text editor Vi, using BASIC because… well… it was there. "I've been using Neovim (and before that, Vim) for years and years. I've never made a text editor before. But I decided it could be fun to try to implement my own." Inspired by tools such as Offpunk, a text-based browser, "I thought I could likely build an ULTRA simple editor with a minimum of Vim commands. How hard could it be?" In this instance, not too hard at all. It only took a few hundred lines of Yabasic code to get a minimal blank page working before Tusman began adding simple commands. Before long, the editor had reached the point where it was possible to open a file, start a new one, and save. "This was satisfying as I was now able to open the actual code for my vi.bas program and poke around and edit it." There's no wrapping in Tusman's editor – 80 characters is the limit – but fire up the code from the GitHub repository, and a reasonable simulacrum of the venerable editor, along with a lot of its sometimes esoteric shortcuts, runs up. The Register asked Tusman why he chose Vi. "I chose Vi because I already use it, and of course, once you're addicted to it, it's hard to want to use any other style of editor." So what's missing? "Many things! But I'm purposefully not trying to rebuild a complete Vim. I just wanted something usable with as much functionality as I could build in as short and straightforward a program as I could write. Notably, most of it is 'if this key is pressed, do this.'" As for future development, "I don't know how much I'd add," Tusman said. "I've only been using the program a week or so, but haven't found much I completely miss from Neovim. I'm speculating here, but maybe I'd optionally add back in line numbers, and I haven't found a way to prevent errors when the screen gets resized that works cross-platform." In his post, Tusman notes that while the code won't win any prizes for its beauty, it is functional and can be tinkered with. It's also in the public domain, and so could be forked if there's a function that a BASIC wrangler can't do without. A look at the source certainly brought back some memories for this hack, who cut his teeth on TI BASIC in the very early 1980s and hasn't gone near the language since uninstalling Visual BASIC 6 decades ago. "It's not only the best Vi clone I've found written in a BASIC implementation," Tusman wrote. "I think it's the only one!" ®

The UK Home Office is bringing the Police National Database (PND) cloud migration in-house after a transformation program faced an additional £26 million in costs and an 18 months delay. The PND shares information across all police forces, law enforcement agencies, and regulatory bodies. The crucial system was meant to shift to the cloud, but the procurement project was delayed by more than a year, as The Register reported. In a letter to MPs, Home Office Permanent Secretary Gareth Davies said the cloud transition had been based on "delivery assumptions" that had proven incorrect. Davies said the Home Office had expected 80 percent of the code from the system, which went live in 2011, could be reused. In fact, only 20 percent was reusable. As a result, it would miss its June 2025 migration target without significant extra time and funding. "With the support contract expiring in March 2026 and no further direct award available, the programme explored contingency options, but analysis concluded continuation was not value for money ," Davies said in the written response to Parliament's Home Affairs Committee. "The programme decided it would exit the contract, bringing the service into Home Office control and in-house support." The PND was proposed following the 2002 murders of two 10-year-old girls in Soham. The subsequent Bichard Inquiry identified serious weaknesses in police intelligence, including the inability of forces to access potentially important information held outside their own geographic jurisdictions. Those gaps contributed to poor information-sharing about Ian Huntley, who murdered the girls. CGI won the contract in 2009 and the system was launched in April 2011. Elements of the current PND transformation program include a transition to cloud-native architecture, improved usability, and the replacement or updating of obsolete Oracle databases and middleware. A transparency notice published in 2024 said that since 2016, investment in the system was limited to "keeping the lights on" because of the introduction of the National Law Enforcement Data Programme (NLEDP). NLEDP imagined the Police National Computer (PNC) would be combined with the PND, creating a single system. "However, between 2016 and 2020 NLEDP faced some significant challenges that impacted progression and delivery ," the notice said. "Upon various reviews of NLEDP the decision was made for a complete reset of the programme, with PND being removed from the scope of work." "The PND transformation is being delivered to address the technological debt in PND which is causing a failing service." According to Davies' letter, the PND program was set up in 2021 but did not commence until January 2024. "By May 2025, around £35.1m had been spent before the transformation was paused," it said. Running, sustaining, and maintaining the live service cost about £24 million a year, amounting to £111.5 million since FY2021/22. Total PND spend over FY2021/22 to FY2025/26 was £146.6 million. Despite the money invested in the program, the Home Office and CGI were unable to agree a revised plan to move it forward. "Both the Home Office and the supplier worked closely together for many months to understand the depth of the challenges ," the letter said. "We [the Home Office] ultimately put our trust in the supplier's expertise and track record in providing and maintaining PND since 23 June 2011. From July to December 2024, the Home Office held workshops with the supplier to agree a realistic revised Initial Implementation Plan… The two sides could not come to an agreement, however, in particular about the contracted scope, time required for testing and allocation of residual risk." The Home Office said it reached a settlement with the supplier but did not disclose the terms. Davies admitted that the cloud migration work did not result in any improvements to the PND because the project was incomplete, although "upgrades have been made to the live system to ensure its security and stability." The Home Office now plans to move the PND from a CGI site to its datacenter, promising "robust governance drawing on prior transfer experience." It promised to mitigate disruption risks resulting from the "age and complexity of the legacy infrastructure." It is promising to make the on-prem system more secure, stable, and available at a cost of £20.3 million. "These upgrades are expected to extend service continuity by 5-10 years by tackling technical debt, improving resilience and capacity, and supporting enhanced analytics and safeguarding," the letter said. "The service remains stable, with customer-facing availability above 99 percent over the past six months, and the team proactively monitors servers and responds quickly to issues, including known legacy software risks. With the control in place with the addition of the stabilisation plans, the risk of major failure is anticipated to be low." ®

GameStop CEO Ryan Cohen has had his eBay account reinstated after the platform suspended him for selling personal items to help fund his takeover bid for the digital auction house. Less than 12 hours after Cohen announced he was selling various memorabilia and vintage wares to fund the proposed $55.5 billion buyout offer made earlier in the week, he shared a screenshot of an email informing him that his PR stunt had landed him a platform ban. "We wanted to let you know that your eBay account has been permanently suspended because of activity that we believe was putting the eBay community at risk," the email read. "We understand that this must be frustrating, but this decision was not made lightly and it's important that we keep our marketplace safe for everyone. For more information, see our article on how and why accounts can be suspended or review our User Agreement." The Register asked eBay why it suspended and reinstated Cohen's account, but the company did not immediately respond. Supporters of GameStop's bid for the auction site can show it via Cohen's page, where they can pick up rare games, tech, and other valuables. Highlights among the 36 listings include genuine GameStop storefront signs, which are currently going for just under $15,000 with bidding still open, and a Halo 2 Master Chief statue going for a similar amount. Cohen's original Apple iPhone is also up for grabs, with bidding now topping $9,100, and he has some baseball trading cards going for several thousand dollars too. He said that the winning bidder on each item will receive a hand-signed "Letter to eBay" as thanks for their support. GameStop's bid GameStop announced its offer to buy eBay on May 3 at $125 per share - a 46 percent increase on its February 4 closing price - which is the date GameStop first started buying eBay shares, taking its ownership stake to 5 percent. Cohen said if the bid is successful, GameStop and eBay will operate as a combined company, and the CEO, who took over the gaming retail business in 2021, would pursue $2 billion in cost reductions in the first year. This would include slashing eBay's current $2.4 billion marketing budget in half, as well as reductions across product development and general administration. While eBay share price rallied following the announcement, GameStop stock fell by around 10 percent following an interview Cohen gave to CNBC. In it, he shied away from calling the buyout proposal "hostile," instead opting to call it "unsolicited," and failed to robustly answer questions about the structure of the deal. Asked about the value in the context of GameStop's $12 billion market cap, Cohen repeated the information previously stated in the initial announcement: the purchase will comprise half cash and half GameStop stock, and it had secured a $20 billion financing letter from TD Bank. He declined to elaborate further. Already widely reported, investor Michael Burry of The Big Short fame dumped his GameStop shares after the company outlined its proposed deal structure, telling his Substack subscribers that it was over-leveraged. eBay acknowledged GameStop's bid on Monday, and said it would discuss it at board level. "Until the Board has further carefully and thoroughly considered the proposal, the company does not intend to comment further at this time." ®

Students around the world have an excuse to bunk off after hacking crew ShinyHunters did something nasty to educational SaaS Canvas. Canvas is widely used by schools and universities to communicate with students, publish and store course material, and collect assignments. An outfit called Instructure develops the software and an entry on its Status Page dated May 2 features Chief Information Security Officer Steve Proud stating the org "recently experienced a cybersecurity incident perpetrated by a criminal threat actor." "We are actively investigating this incident with the help of outside forensics experts. We are working quickly to understand the extent of the incident and actively taking steps to minimize its impact," he added. Numerous posts report that attempts to log into Canvas earlier this week failed, but did produce a notice from an entity claiming to be the notorious hacking crew ShinyHunters, who claimed the outage was only possible due to lax patching. The crew also claimed to have stolen data from institutions that use Canvas and threatened to leak it unless a "settlement" is reached by May 12. Canvas has thousands of customers, meaning any confirmed breach could have wide impact. As of Thursday evening US time, Canvas says its wares are now available "for most users" and won't offer further comment. A student of The Register's acquaintance – OK, one of my kids – shared an email advising that his uni has prevented access to Canvas while it tries to understand the situation and the risk of data leakage. We've seen multiple universities posting notices about the incident that say more or less the same thing. Most also warn students of heightened phishing risk and urge caution. Several also advise that as they require students to lodge assignments in Canvas, students can assume they have an extension on deadlines. Your correspondent's offspring does not mind this one little bit. This is an evolving story. The Register will update it as more information becomes available. ®

Meta appears to have decided Britain's Online Safety Act would be much easier to swallow if Ofcom stopped counting all the money the social media giant makes everywhere else. The Facebook and Instagram owner has launched a legal challenge against the UK comms regulator, arguing that the way Ofcom calculates fees and potential penalties under the Online Safety Act is fundamentally wrong because it relies on global turnover rather than UK-specific revenue. The law allows Ofcom to fine companies for up to 10 percent of their qualifying worldwide revenue, or £18 million, whichever is higher. For Meta, which brought in about $201 billion last year, that means the numbers stop sounding like regulatory penalties and start sounding like national infrastructure projects. Meta is now seeking a judicial review in the High Court over how Ofcom defines "qualifying worldwide revenue." The dispute boils down to three complaints. First, Meta argues that Ofcom should only consider UK revenue tied to regulated services, not the company’s global income. Second, it objects to rules that treat multiple services under the same corporate umbrella as jointly liable, potentially exposing the wider organization to larger penalties. Third, it is challenging how Ofcom aggregates revenue across services rather than assessing them individually. An Ofcom spokesperson told The Register: "Meta have initiated a judicial review in relation to online safety fees and penalties. Under the Online Safety Act, these are to be set with reference to a provider's 'Qualifying Worldwide Revenue', which we have defined based on a plain reading of the law. "Disappointingly, Meta are objecting to the payment of fees, and any penalties that could be levied on companies in future, that are calculated on this basis. We will robustly defend our reasoning and decisions." A Meta spokesperson told The Register: "We are committed to cooperating constructively with Ofcom as it enforces the Online Safety Act. However, we and others in the tech industry believe its decisions on the methodology to calculate fees and potential fines are disproportionate. We believe fees and penalties should be based on the services being regulated in the countries they're being regulated in. This would still allow Ofcom to impose the largest fines in UK corporate history." The case marks the latest flare-up between Silicon Valley and Britain over the Online Safety Act, which has already triggered complaints from US politicians, free speech campaigners, and tech firms unhappy about the scale of Ofcom’s new powers. The regulator has not been shy about flexing them either. It has already threatened action against Elon Musk's X over sexually explicit AI-generated images linked to Grok and, in March, issued its first fine under the regime against 4chan. Meta appears to have looked at where that enforcement road leads and decided now was the time to argue about the math. ®

EPISODE 9 It's 3:30 am and I'm at work, having been woken up by numerous outage notifications. The Boss – as useful as Jason Statham's method acting coach – is also on site, presumably to offer moral support. The Building Manager – who's so old that his CV likely includes the construction of a vessel for the shipping of pairs of animals – is nowhere to be seen. The PFY is also absent. His excuse will likely be that he "accidentally" put his phone into silent mode. Had any of the alerts been from his rack of Bitcoin mining machines, however, he'd have been in the office in a flash. Security appears to be hard at work protecting the couches in the foyer of the building from being stolen. The rest of the building is in darkness – save for the shining beacon that is Mission Control. "What's happened?" the Boss asks. "Power outage," I reply. "Do we get someone in for that?" "Only if we want to wait till 9am to call our electrical contractors, who'll agree to turn up between 9 and 5 sometime in the next two weeks." "So what do we do?" "We go to the basement!" I reply, "but first we need THE KEYS". "The keys?" "No. THE KEYS." "What are THE KEYS?" he asks. "THE KEYS are what ex-local government buildings like this have for access to places you're not supposed to go. They're for the rooms you 'accidentally' show people if you think they're planning a hostile takeover of the company. You open the door and say something like 'I'm pretty sure that's not asbestos' or 'Why would we have needed all those leaky drums of 2,4,5-Trichlorophenoxyacetic acid ?'" "Are the rooms dangerous?" "Not if you keep the doors closed." "So what are you going to do?" "I'll open a couple of the doors." ...Five minutes later in the basement... "Oooh, there's a clue," I say to the Boss, pointing. "A Bakelite – or, to be specific, phenolic – label. Circa 1970s. There's bound to be something horrible behind that door." >creak< ... >slam< "Moving on," I say. "What was behind the door?" "Something horrible. We're not talking 'three-hour Richard Stallman monologue' horrible, but it was pretty bad. Anyway, let's try door number two." >creeeeeeak< "Ah, now this is promising. Cables from the ceiling. Unless they're snakes." "SNAKES!" the Boss gasps. "Nah, just cables. And, look, ALL METAL service breakers – and not a speck of safety-oriented insulation to be seen!" "What does that mean?" "It means life was cheap back in the '70s. Now, see those four massive breakers, all pointing to the Bakelite ON position, and one ABSOLUTELY MASSIVE breaker over there, in the OFF position?" "Yes. Do we just turn it on?" the Boss asks. "Only if you want to save your loved ones the cremation fees." "?" "The smaller breakers are three-phase 1,000-amp units, but that big one's a 5,000-amp unit. Designed for the days when offices were crammed with people and bar heaters." "So what do we do?" the Boss asks. "We get a broom. A wooden broom. A DRY wooden broom. Then we turn OFF all the massive breakers, then turn ON the REALLY massive breaker." ...Two minutes later... "Is this safe?" the Boss asks nervously. "Not even slightly," I say, brandishing the broom. >CLACK!< >CLACK!< >CLACK!< >CLACK!< "That wasn't so bad," the Boss sighs. "We're not to the good part yet. But maybe you want to move away a little bit." "How far?" "The third floor would be wise, but the doorway will do." .... >CLUNK!< ... "So we're... OK then?" the Boss asks. "In the words of Karen Carpenter, we've only just begun. Now we have to turn all of those smaller breakers on again, one of which will likely trip the massive breaker." "Is that a problem?" "The really massive breaker's over 50 years old, covered in rust, and has probably only ever tripped from a fault once. The miracle here is that it did so without exploding." "So?" "So, sometimes you've just got to spin the potato," I say, raising the broom again. >CLACK!< ... >CLACK!< ... >CLACK!< ... ... >CLACK!< "It worked!" the Boss gasps happily, as light returns to the building. "Yeeeessss," I say, leading the Boss out of the room and shutting the door as quickly as I can. "You... don't seem happy?" "No. There's a fair chance that whatever tripped the big breaker will trip it again the next time whatever it is star-" >FZZZZZ< >CLUNK< "Oh," the Boss says, disappointed. "Do we switch it back on again?" "Did you hear that buzzing sound before the lights went out?" "Uhhh, yes. What does that mean?" "It means we need to (a) go upstairs, (b) turn off the power to a rack of very noisy machines, and (c) switch our phones to silent and pretend we've never been here..." BOFH: Previous episodes on The RegisterThe Compleat BOFH Archives 95-99

Lego has released a set to coincide with the Project Hail Mary movie, and it's a clever bit of Technic-style engineering, even if the price is a little high. Usually, we only look at Lego builds of real objects – think Concorde and the recent Artemis set. However, having enjoyed Andy Weir's Project Hail Mary (the book more than the film), I was keen to see what Lego had done with its license. The answer is: it's good, but a bit pricey. The 830-piece set comprises a model of the eponymous spacecraft, a minifig-scale Ryland Grace, and Lego's version of the Rocky character. It also, thankfully, does not have the stickers that have blighted recent Lego sets. This set is not cheap, though Lego has at least invested in some pre-printed components rather than making customers fiddle with sticky transfers that invariably end up looking awful. Lego lists the set's age as 18+, which I'd quibble with. It's a lengthy (at least in terms of steps) but straightforward build. Budget around half a day to a full day for building it, depending on your skill level and how often little bits of Lego get flung around the room. Starting with the spacecraft, it's worth emphasizing that this is essentially a Technic set. If Technic components aren't your thing, this set isn't for you. However, persevere, and it is difficult not to be impressed with the design work. As the spacecraft comes together, so the mechanism reveals itself. Turn a crank, and the crew modules slide out before the entire spacecraft rotates to simulate gravity. Turn the crank in the opposite direction to return the crew modules. No, it's not like the book, but it is like the film, which deviates from the book in several other places too. We'd be tempted to fit a motor to achieve smoother rotation. The spacecraft is mounted on a stand that also includes a place for the Grace minifigure and the Rocky character. Both have pre-printed accessories, such as a tape measure, which will be familiar to those who have seen the film. It's a fun build and an impressive bit of Technic design. The elephant in the room, however, is cost. At £99.99 in the UK, this is not cheap. Certainly not when compared to the Artemis Technic set, which retails for £54.99. Turn the crank there, and the SLS rises, boosters separate, and Orion heads off to the Moon. Yes, there are fewer pieces (and some stickers to deal with), but for our money, it's a better value set. However, if you're a fan of Weir's book or the movie adaptation, there's a lot to like here, and the Technic designer deserves an award for making the mechanics of the spacecraft work. If only it were a little cheaper. ®

BORK, BORK, BORK! There was a time when information boards were handwritten or paper-based affairs. Then departure information was shown on split-flap displays, which made a satisfying tick sound as the display changed. Pixel-based boards followed (we took a look at the excellent take-home-and-keep versions by UK Departure Boards in 2024, but, with the inevitability of death and taxes, Windows of course had to get involved, which brings us to this unhappy example spotted in a Northampton bus station by a Register reader. "This poor main display announcing bus times has been dying for a while," our reader said. "The time has been out by 3-4 minutes, meaning any passenger trying to get somewhere on time would have missed their bus. Now its time info software is not loading." The screen looks like Windows 10 is running in the background, but instead of helpful information for customers taking a bus journey, there's just the default Windows desktop background and a few forlorn icons. The screen has been fitted with spikes to prevent birds from perching and leaving deposits, no such luxury has been afforded to the software. Somebody crueler than us might suggest this is because no feathered friend would deign to perch atop Microsoft's finest, or that a healthy dose of bird droppings could only improve the appearance of Windows. The bus station in question is Northgate, a relatively recent addition to Northampton's architectural landscape, opened in 2014. Windows 10 was released the following year and now clings, limpet-like, to the information boards. Our reader's comment that the display appears to be wheezing its last is, of course, nothing to do with Microsoft's fervent wish that Windows 10 would hurry up and die so that it can notch up more Windows 11 users. The question is, would Northampton's avian chums be any keener on the display if it were running the latest and greatest? Certainly, Windows 11 could use some improvements. Even Microsoft has admitted as much, but we're not sure the rear of a bird is where those improvements should come from. ®

No week at The Register is complete without a new installment of On Call, the reader-contributed column in which you share tales of the peaks and troughs of the tech support experience. So let's get going and meet this week's contributor, who we shall Regomize as "Gerald." He took us back to an early moment in his career, when he worked for an outfit that configured Windows 98 PCs as "data collectors" for its clients. As part of his job, Gerald built PCs and provided field support. In this story, he built a new data collector, checked that it worked with the usual round of tests, and left it for someone else to install because he had another job to do elsewhere for a different client. That visit was interrupted by his boss, who Gerald said "reamed me out for allowing a non-functional system to leave the shop." After the criticism stopped, Gerald's boss ordered him to fix the stricken PC, ASAP, even though it was 100 km away by car. "The boss man said go, so I went," Gerald told On Call. "About an hour and a half later, I arrived to diagnose the recalcitrant PC. The client was literally hopping mad and asking how I could be so stupid, because his firm was losing money." Gerald got to work and inspected the PC, which was on the shop floor, connected to power and peripherals. It booted and worked well but couldn't reach the network. "A check of devices installed showed the network card," Gerald reported, "and a ping to home worked... but nothing outside the box itself was reachable." Gerald decided the only thing to do was take the PC back to the office for more tests, so he started unplugging the peripherals. "Out came the power cord, display cable, keyboard, mouse..." and then he noticed the network cable wasn't plugged in. "It was neatly coiled and taped to a support column," Gerald told On Call, making it very easily fixed – and quite the embarrassment for the angry client and boss. Have you been abused for a customer's error? If so, click here to send On Call an email so we can share your story on a future Friday. ®

Cloudflare has revealed it will farewell 1,100 staff, due to its current and future use of AI. In a blog post that oozes Orwellian “doublespeak,” CEO Matthew Prince and President/COO Michelle Zatlyn used the headline “Building for the future” to share the email they sent to all employees. That mail opens: “We are writing to let you know directly that we’ve made the decision to reduce Cloudflare’s workforce by more than 1,100 employees globally.” The post explains, “Cloudflare’s usage of AI has increased by more than 600% in the last three months alone. Employees across the company from engineering to HR to finance to marketing run thousands of AI agent sessions each day to get their work done.” All that AI means “we have to be intentional in how we architect our company for the agentic AI era in order to supercharge the value we deliver to our customers and to honor our mission to help build a better Internet for everyone, everywhere.” Sackings are therefore needed, and are “about defining how a world-class, high-growth company operates and creates value in the agentic AI era.” To rub salt into the wounds of sacked staff, the email went out not long before Cloudflare announced quarterly results that included 34 percent year-over-year revenue growth and guidance for 30 percent future growth. Prince opened the company’s earnings call by stating “We had a very strong start to 2026.” Analysts on the earnings call asked Prince to explain the layoffs and whether they will make Cloudflare stronger. “We have seen that there are roles at Cloudflare that are not the roles we need for the future,” Prince responded. “Just because you are fit does not mean you cannot get fitter. Over the last six months especially, the productivity gains from the people directly talking to customers and directly creating code have been incredible, and a lot of the support roles behind them are not going to be the roles that drive companies going forward.” The CEO said Cloudflare has “always lived a little bit in the future” and said the company is an early beneficiary of AI. And he said the company will keep hiring. “The people embracing these tools are so much more productive than we have ever seen before,” he said. “I would guess that in 2027 we will have more employees than we did at any point in 2026, but the roles are changing dramatically, and you have to do something dramatic to make that shift.” “This is not about downsizing or saving costs,” Prince said. “This is about having the right people in the right roles to build the future.” As is often the case these days, the email to staff warned them of a brief doomsday countdown. “Within the next hour, every member of our global team will receive an email from both of us clarifying how this change affects them,” the message states. “For those departing today, we will send this update to both their personal and Cloudflare addresses to ensure they receive the information immediately.” The Register imagines that went down well for workers in time zones where employees might avoid their work email outside 9-5, but sneak an early-morning-or-late-night-glance at their personal inboxes. Prince and Zatlyn told employees they hope “to do this only once” and then contradict themselves by saying they “don’t want to do it again for the foreseeable future.” “By taking decisive action now, we provide immediate clarity to those departing and protect the stability of the team that remains,” they wrote, before adding their view that one deep cut because “dragging a reorganization out over multiple quarters creates prolonged emotional uncertainty for employees and stalls our ability to build.” Firing 1,100 people is therefore “the right thing to do; it’s the honest thing to do; and it reflects the values of the company we are continuing to build.” ®

Amazon Web Services is working to address a power outage that has created “impairments” to services served from the notorious US-EAST-1 region. A May 7 incident report time-stamped 5:25 PM PDT (00:25 UTC Friday) states that AWS spotted problems in the use1-az4 availability zone of the US-EAST-1 Region. A subsequent update states “EC2 instances and EBS volumes hosted on impacted hardware are affected by the loss of power during the thermal event.” An update time-stamped 6:47 PM PDT reveals“We continue to work towards mitigating the increased temperatures to its normal levels,” but warns “Other AWS services that depend on the affected EC2 instances and EBS volumes in this Availability Zone may also experience impairments.” At 8:06 PM PDT Amazon said it was "actively working to restore temperatures to normal levels ... though progress is slower than originally anticipated." The cloudy concern said it made "incremental progress to restore cooling systems" but users of EC2 Instances, EBS Volumes, and other services are "experiencing elevated error rates and latencies for some workflows." AWS has also shifted traffic away from the stricken AZ, and suggested companies shift workloads into other US-EAST-1 availability zones. Good luck getting that done because the update admits “Customers may experience longer than usual provisioning times.” US-EAST-1 is arguably AWS’s problem child, as it was the site of major outages that took big chunks of the internet offline in 2021 and then again in October 2025 . AWS execs have told The Register the region isn’t inherently more fragile than other parts of the Amazonian cloud, but often runs things at bigger scale than elsewhere and therefore imposes extra stress on services. The Register will update this story as the situation evolves. ®

HPE has delivered the first fruits of its Juniper acquisition: Wi-Fi access points that users can manage with either Aruba Central or the Mist platform, and “self-driving” tools that use AI to allow some autonomous operations. The access points are the prosaically named HPE Networking 723H, a three-radio Wi-Fi 7 machine the company recommends for hospitality, branch, and teleworker deployments. The APs also represent HPE’s first application of AI-powered autonomous networks. Mittal Parekh, HPE’s marketing lead for campus and branch networking, told The Register one self-driving scenario HPE provides is scanning the local RF environment to detect any frequencies Wi-Fi should avoid because they’re required or in use by military or other organizations that have priority. Self-driving means networks will automatically steer clear of those frequencies when it makes sense to do so. He also pointed to “dynamic capacity optimization,” which he said will see HPE Wi-Fi networks detect a gathering of users for events like an all-hands meeting, and adjust itself as necessary to ensure connections remain strong and steady. Detecting mismatched or missing VLANs, and rebuilding networks before traffic drops, is another self-driving capability. Parekh said those scenarios currently require IT teams to do manual work that might not be possible to complete before the meeting ends, or a military user vacates a frequency. HPE’s tech will also detect and de-fang rogue DHCP servers before they become a problem. Parekh said HPE’s tech allows humans to remain in the loop if they choose but hopes that NetAdmins begin to develop sufficient trust that they let networks take care of their own affairs and spend their time on higher-value tasks. The application that delivers self-driving capabilities runs in the cloud, and uses oodles of data HPE and Juniper collected over decades, plus the Marvis AI Juniper offered when it was an independent outfit. Jeff Aaron, marketing lead for HPE’s networking business unit, pointed out that HPE has delivered a unified product within months of closing its Juniper acquisition, and snarked that Cisco took years to do likewise when merging its own-brand Wi-Fi with Meraki’s. Competitive sniping aside, Aaron said the self-driving tech and Wi-Fi APs show how HPE plans to cross-pollinate its Aruba and Juniper portfolios, without forcing users of either brand to make a jump. HPE is not alone in pursuing agentic network operations, or merging networking brands: Cisco is combining its Catalyst and Meraki management tools, and is betting on AI to detect network issues and automate fixes. ®