ThierryLabro

On parle cloud. On parle hyperscalers. On parle SecNumCloud. Et pendant ce temps, le code lui-même, matière première de notre souveraineté, se forge sur GitHub. Soit une plateforme détenue par Microsoft, de juridiction américaine, soumise au CLOUD Act et au FISA 702. Nos administrations, nos OIV, nos pépites y installent leurs dépôts, leurs pipelines CI/CD, leurs secrets de build. La chaîne de production logicielle nationale s'appuie sur une infrastructure étrangère, non pas pour héberger nos données, mais pour fabriquer notre logiciel. Le débat souverain se concentre sur le lieu où la donnée dort. L'angle mort, c'est le lieu où le logiciel naît. Tant que nous penserons la souveraineté en aval, nous la perdrons en amont.

‼️🚨 Malicious actors can now use your SSD's activity, just by getting you to open their website, to spy on which other sites you're browsing and which apps you're running. The attack, called FROST, is accurate: 88.95% on identifying websites, 95.83% on identifying applications. It works on macOS and Linux, across browsers, and runs entirely in JavaScript. The browser makers were told, and largely shrugged. Chromium says fingerprinting isn't a security bug. Apple called it out of scope. Mozilla acknowledged it and shipped nothing. Researchers at Graz University of Technology developed the attack. It abuses the Origin Private File System, a browser feature that lets sites store files on your disk without asking. The attack creates one huge file, then constantly times how fast it can read from it. When you open another tab or launch an app, that activity competes for the same SSD, and the tiny changes in read speed leak what you're doing. A trained neural network turns those timing patterns into guesses about which site or app it is.

🦔Microsoft canceled its internal Claude Code licenses this week after token-based billing made the cost untenable, even for a company with effectively infinite cloud resources. Uber's CTO sent an internal memo warning the company burned through its entire 2026 AI budget in just four months. American AI software prices have jumped 20% to 37%, and GitHub (owned by Microsoft) is dropping flat-rate plans for usage-based billing across its products. My Take The AI subsidy era is ending in real time. The same company that put $13 billion into OpenAI and built the Azure infrastructure powering most of Anthropic's compute just looked at the bill from a competitor's coding tool and decided it was not worth paying. That is not a productivity failure on Anthropic's end. Token-based pricing is forcing every enterprise customer to confront the actual cost of running these models at scale, and the number turns out to be far higher than the flat-rate experiments suggested. This ties directly to my Gemini Flash post yesterday. Anthropic, OpenAI, and Google all raised effective prices in the last six months. Enterprises that built workflows assuming AI costs would keep falling are now watching annual budgets evaporate in months. Two outcomes look likely from here. Either enterprises scale back AI usage to fit budgets, which slows the revenue ramp the labs need to justify their valuations ahead of IPOs, or the labs cut prices and absorb the losses, which makes the unit economics worse at exactly the wrong moment. Both paths land in the same place, the numbers stop working, and somebody has to take the writedown. Hedgie🤗

Cloudflare's security team spent the last few weeks testing Anthropic's Mythos against fifty of our own repositories. What we learned about offensive AI, why faster patching is the wrong reaction, and what the architecture around vulnerabilities has to look like next. https://t.co/RSrRtIhgaV