Beers and Bytes Podcast

🦔Banks including JPMorgan, Morgan Stanley, MUFG, and SMBC are shopping ways to offload data center debt exposure, with lenders spending more than six months trying to distribute $38 billion of construction debt tied to a single Oracle-leased project in Texas and Wisconsin. Some banks have sold portions to non-bank lenders at a discount. The structures being explored include modified significant risk transfers, where banks slice individual concentrated loans rather than pooling dozens of smaller ones, with deals in the $500 million range backed by a single borrower already in market. Maine passed a statewide data center moratorium in April, adding regulatory risk to projects that already carry construction risk and heavy concentration among a handful of operators. My Take Banks selling loans at a discount to clear them off the books shows how tight things have gotten internally, because JPMorgan does not spend six months shopping $38 billion in construction debt unless risk limits are getting hit and the only way to keep originating new loans into the AI buildout is to make room first. Man Group describing banks as starting to choke on the size of these deals is not language that ends up in print by accident. A traditional SRT spreads risk across dozens of loans so no single default sinks the trade, while what is being shopped now is closer to a single-borrower SRT with investors taking the riskiest tranche of one concentrated loan to one operator carrying significant construction risk and one or two anchor tenants. That looks closer to the bespoke single-name structures that showed up before 2008 than to the diversified portfolio transfers Europeans have used for years, and my question is what happens when the AI capex cycle slows and you are left with half-built data centers in secondary markets tied to operators whose business models depend on frontier model spending continuing forever. The banks are doing what rational risk managers should do, and the fact that they need to is what should be getting attention. Hedgie🤗

Mind blown 🤯 Some smartphones sold in mainland China (like certain OPPO models) can read MIFARE Classic cards, crack the keys in seconds, store them, and then fully emulate the card directly on the phone. No extra hardware. Just the phone. Access control, transit cards, hotel keys… game over. Huge thanks to Ian for showing me this in person. Really eye-opening how far NFC capabilities have gone in some regions. Who else has seen this in the wild? #NFC #MIFARE #TechSecurity​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​ #oppo

‼️🚨 BREAKING: An AI found a Linux kernel zero-day that roots every distribution since 2017. The exploit fits in 732 bytes of Python. Patch your kernel ASAP. The vulnerability is CVE-2026-31431, nicknamed "Copy Fail," disclosed today by Theori. It has been sitting quietly in the Linux kernel for nine years. Most Linux privilege-escalation bugs are picky. They need a precise timing window (a "race"), or specific kernel addresses leaked from somewhere, or careful tuning per distribution. Copy Fail needs none of that. It is a straight-line logic mistake that works on the first try, every time, on every mainstream Linux box. The attacker just needs a normal user account on the machine. From there, the script asks the kernel to do some encryption work, abuses how that work is wired up, and ends up writing 4 bytes into a memory area called the "page cache" (Linux's high-speed copy of files in RAM). Those 4 bytes can be aimed at any program the system trusts, like /usr/bin/su, the shortcut to becoming root. Result: the next time anyone runs that program, it lets the attacker in as root. What should worry most: the corruption never touches the file on disk. It only exists in Linux's in-memory copy of that file. If you imaged the hard drive afterwards, the on-disk file would match the official package hash exactly. Reboot the machine, or just put it under memory pressure (any normal system load that needs the RAM), and the cached copy reloads fresh from disk. Containers do not help either. The page cache is shared across the whole host, so a process inside a container can use this bug to compromise the underlying server and reach into other tenants. The original sin was a 2017 "in-place optimization" in a kernel crypto module called algif_aead. It was meant to make encryption slightly faster. The change broke a critical safety assumption, and nobody noticed for nine years. That bug then rode every kernel update from 2017 to today. This vulnerability affects the following: 🔴 Shared servers (dev boxes, jump hosts, build servers): any user becomes root 🔴 Kubernetes and container clusters: one compromised pod escapes to the host 🔴 CI runners (GitHub Actions, GitLab, Jenkins): a malicious pull request becomes root on the runner 🔴 Cloud platforms running user code (notebooks, agent sandboxes, serverless functions): a tenant becomes host root Timeline: 🔴 March 23, 2026: reported to the Linux kernel security team 🔴 April 1: patch committed to mainline (commit a664bf3d603d) 🔴 April 22: CVE assigned 🔴 April 29: public disclosure Mitigation: update your kernel to a build that includes mainline commit a664bf3d603d. If you cannot patch immediately, turn off the vulnerable module: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true For environments that run untrusted code (containers, sandboxes, CI runners), block access to the kernel's AF_ALG crypto interface entirely, even after patching. Almost nothing legitimate needs it, and blocking it shuts the door on this whole class of bug...

ANTHROPIC JUST BANNED A 110 PERSON COMPANY OVERNIGHT WITHOUT WARNING monday morning at an agricultural tech company, every single employee wakes up to an email saying their claude account has been suspended 110 people locked out at the same time with zero warning and the email even pretended it was an individual ban with a link to a personal appeal form it took them 10 minutes on slack to realize the entire org had been wiped at once. not even the account admins were told it was coming they submitted the appeal form and got no response, even after 36 hours later there was still nothing AND it gets worse: > their separate API account is still active and still billing them > their admins can't log in to view usage or billing because the email addresses are banned > they got hit with a renewal invoice the day AFTER the team account was suspended > they have no idea what triggered it. fertilizer conversations? GPS satellites? agriculture in general? so they're paying anthropic to get banned by anthropic while anthropic ignores their support tickets the founder of the company laid out the bigger problem perfectly banning an entire organization for one user's behavior means a single employee or careless intern can revoke claude access for your whole business. there's no per seat guardrail, no admin override, no way to limit the ban radius his words: "you have to ask yourself if this is a platform you can entrust your daily workflows to as a business" every founder reading this who runs claude through their company should be checking right now what their actual exposure looks like billion dollar AI company with zero enterprise customer support

I have three monitors on my desk. The left one shows the order book. The middle one shows Truth Social. The right one shows the investigation queue. On April 21st, the left screen moved first. I am a Senior Surveillance Analyst at a commodities exchange. I have held this position for nineteen years. My job is to monitor trading activity for suspicious patterns and generate compliance reports. I am employee of the quarter. I have a mug. At 19:54 GMT on April 21st, someone placed 4,260 sell orders on Brent crude futures. They did this during post-settlement. The window after the market closes when daily volume is typically in the dozens. Sometimes single digits. Sometimes I watch the screen and nothing happens for forty minutes and I think about whether my daughter is happy. On April 21st, someone placed $430 million in directional bets in 120 seconds during that window. One hundred and twenty seconds. I timed it on my watch because the system clock rounds to the nearest minute and I have found, in nineteen years, that precision matters to no one but me. At 20:10 GMT, the President posted on Truth Social that he was extending the Iran ceasefire. Brent dropped from $100.91 to $96.83. I flagged the trade. I flag a lot of trades. I want to tell you what happens to my flags. My flags go into a system called TRACE. Trade Review and Compliance Evaluation. I did not name it. The system generates a report. The report goes to a committee. The committee has a name I am not allowed to share but I can tell you it meets quarterly and the conference room has a credenza with bottled water that is sparkling because someone once put still water in the room and a managing director sent an email about it that was longer than most of my surveillance reports. The committee reviews my flags. The committee has reviewed all of my flags. Here is the complete record of actions taken on my flags in 2026: Reviewed. That's it. "Reviewed" is a status. In compliance, a status is the absence of an action that has been given a name so it looks like one. Let me show you my flags. March 9th. Someone bet millions on oil falling at 18:29 GMT. Forty-seven minutes later, a CBS reporter posted that the President said the Iran war was "very complete, pretty much." Oil dropped 25%. Forty-seven minutes. I flagged it. March 23rd. Someone sold 5,100 lots of Brent and WTI crude futures between 10:49 and 10:50 GMT. Fourteen minutes later, the President posted on Truth Social about a "COMPLETE AND TOTAL RESOLUTION" to hostilities. Oil dropped 11%. Over 13,000 contracts traded in sixty seconds after the post. Fourteen minutes. I flagged it. April 7th. Someone established a $950 million short position in oil futures at 19:45 GMT. Three hours later, the President declared a two-week ceasefire. Nine hundred and fifty million dollars. I flagged it. April 17th. Someone placed $760 million in bearish bets twenty minutes before Iran's foreign minister confirmed the Strait of Hormuz would reopen. Seven hundred and sixty million. I flagged it. April 21st. The $430 million. Fifteen minutes. I flagged it. That is $2.1 billion in directional oil bets in April alone. Every one of them landed on the correct side of a presidential announcement. Every one of them was placed in a window so narrow you could measure it in bathroom breaks. I flagged every single one. The CFTC chair told a Congressional committee that his organization has "zero tolerance" for fraud and insider trading. I wrote that quote on a Post-it note and stuck it to my right monitor. The one that shows the investigation queue. The investigation queue has not moved since March. Zero tolerance. Zero staff. Zero budget. Zero prosecutions under the STOCK Act since it was signed in 2012. Fourteen years. The law has existed for fourteen years and has been enforced zero times. In compliance, we call that a compliance rate of one hundred percent. No cases filed means no cases lost. You cannot fail an audit you never conduct. We call that excellence. Last month the White House sent an internal email to staff. I was not on the distribution list but I have read reporting on it and I need you to sit with what I am about to say. The email instructed White House staff not to use insider information to place bets on prediction markets. The White House had to send a memo telling its own employees not to insider-trade. I want you to read that sentence again. Not because the instruction was unclear. Because the instruction was necessary. Because someone in the building looked at the same pattern I have been flagging for months on my three monitors and decided the appropriate response was an email. The President's son sits on the advisory board of Kalshi. He is an investor in Polymarket. Both are prediction markets. Both saw accounts created days before U.S. military action. One account. I cannot stop thinking about this account. It was called "Burdensome-Mix." It was created in December. On January 2nd, it placed $32,500 on Venezuela's president being removed from power. On January 3rd, Maduro was seized by U.S. special forces. Burdensome-Mix collected $436,000. Then it changed its username. Then it disappeared. One account is a coincidence. But there were six. Six accounts were created on Polymarket in February. All bet on U.S. strikes on Iran by the 28th. When the President confirmed the strikes, the six accounts collected $1.2 million between them. Five of the six never placed another bet. The sixth went on to correctly predict the ceasefire date and made another $163,000. My surveillance system logged all of this. My system logs everything. My system does not have opinions and neither do I. I generate reports. The reports go to committees. The committees meet quarterly. Between meetings, the windows get shorter and the bets get larger. March 9th: 47 minutes. March 23rd: 14 minutes. April 17th: 20 minutes. April 21st: 15 minutes. The window is compressing. In March, you had time to make coffee between the trade and the announcement. By April, you had time to send a text. By summer, at this rate, the trade and the announcement will be the same event. The spokesman said any implication that administration officials are engaged in insider trading is "baseless and irresponsible reporting." Then the White House sent the email again. I have been in compliance for nineteen years. I have seen insider trading run out of strip mall offices by men who could not spell "derivative." I have seen pump-and-dump schemes coordinated over WhatsApp by people who used their real names. I have seen a man try to manipulate soybean futures from a Panera Bread. I have never seen $2.1 billion in perfectly timed trades across five presidential announcements in a single month go uninvestigated. But I have also never seen a compliance system work this beautifully. Every trade flagged. Every report filed. Every committee briefed. Every quarterly meeting attended. Bottled water: sparkling. Minutes: distributed. Zero prosecutions. As long as the flags go up and the cases don't, my performance review says I am meeting expectations. I am meeting expectations. The system is meeting expectations. The $2.1 billion is meeting expectations. The fourteen-year-old law with zero prosecutions is meeting expectations. The left screen moves. The middle screen moves. The right screen stays perfectly, immaculately still. In my field, we call this price discovery.

Trump’s billionaire allies will now control: CNN, Fox News, CBS, WaPo, WSJ and NY Post — plus 450 local TV stations, including news, in 95% of U.S. markets. X, Facebook, Instagram, Threads, WhatsApp, TikTok, Truth and Twitch. Plus Gemini, ChatGPT and Grok. They’ll make sure Trump’s lies are legitimized and the truth is always questioned.

Charging the Southern Poverty Law Center with a federal crime for paying informants to help dismantle hate groups is an outrageous weaponization of the Dept of Justice and the FBI. As someone who has been a prosecutor and has taken on the Klan I can tell you that use of paid informants is a common tactic used to dismantle drug cartels, the mob and extremist groups on both the right and the left. It is clear that all civil rights organizations are in the cross hairs of this Administration and that folks, puts everyone at risk.

Sam Altman is the most dangerous man in Silicon Valley right now. The board that fired him? Replaced. The safety team that questioned his priorities? Dissolved. The nonprofit structure that was supposed to keep mission above profit? Restructured. The employees who wanted to speak out? Silenced – or bought out.

💥MASSIVE BOMBSHELL: DAN GOLDMAN UNLEASHES TRUTH! Congressman Goldman just went live with FBI 302 receipts. Evidence shows Trump unzipped his pants, forced a 13-year-old’s head down, and when she bit his p*nis in self-defense, he punched her and called her a "B." The FBI interviewed her FOUR times while the case was buried. Pam Bondi lied to Congress, claiming “no evidence” of these crimes while sitting on files describing this exact assault. This is perjury and a cover-up for a predator. You don’t get to "save the kids" while your AG hides files of a child being beaten for fighting back. History will remember the enablers. We stand with the children who bit back.

🦔 Researchers at Aikido Security found 151 malicious packages uploaded to GitHub between March 3 and March 9. The packages use Unicode characters that are invisible to humans but execute as code when run. Manual code reviews and static analysis tools see only whitespace or blank lines. The surrounding code looks legitimate, with realistic documentation tweaks, version bumps, and bug fixes. Researchers suspect the attackers are using LLMs to generate convincing packages at scale. Similar packages have been found on NPM and the VS Code marketplace. My Take Supply chain attacks on code repositories aren't new, but this technique is nasty. The malicious payload is encoded in Unicode characters that don't render in any editor, terminal, or review interface. You can stare at the code all day and see nothing. A small decoder extracts the hidden bytes at runtime and passes them to eval(). Unless you're specifically looking for invisible Unicode ranges, you won't catch it. The researchers think AI is writing these packages because 151 bespoke code changes across different projects in a week isn't something a human team could do manually. If that's right, we're watching AI-generated attacks hit AI-assisted development workflows. The vibe coders pulling packages without reading them are the target, and there are a lot of them. The best defense is still carefully inspecting dependencies before adding them, but that's exactly the step people skip when they're moving fast. I don't really know how any of this gets better. The attackers are scaling faster than the defenses. Hedgie🤗 https://t.co/XQ8Eqs1QOA

Convicted fraudsters Trump has pardoned this year: Jason Galanis — ~$200M+ Joseph Schwartz — ~$38M Lawrence Duran — ~$205M (Medicare fraud billed; ~$87M paid) Carlos Watson — ~$60M investor fraud Trevor Milton — ~$20M+ investor losses Todd Chrisley — ~$30M bank fraud Julie Chrisley — ~$30M bank fraud Devon Archer — ~$60M tribal bond scheme George Santos — ~$44K–$1M+ (multiple fraud schemes) Michele Fiore — ~$70K charity fraud Brian Kelsey — ~$90K campaign finance fraud Scott Jenkins — ~$75K bribery/fraud scheme Paul Walczak — ~$10M+ tax fraud Adriana Camberos — ~$1M+ counterfeit/fraud