Lumen Buys Alkira For Control

Tim 0:13

Hello and welcome to another episode of our monthly news report here on the Cable to Clouds podcast. I'm Tim. I'm here with Chris. And Catherine is somewhere else, probably having more fun than we are. So uh we'll just jump right into the news. So top story from the last month. Uh Lumen is acquiring Alkira, establishing the control plane for cloud connectivity. So according to Lumen, uh now they've made they've made an all-cash offer, which is interesting, of$435 million in an all-cash transaction to buy Alkira. The Alcira, of course, is one of the uh multi-cloud networking OGs, along with uh what was Prosimo and Aviatrix. I don't know. I think those were probably the big three that were kind of the MCN darlings for a long time.

Chris 1:05

So it was the LeBron, the Chris Bosch, and the uh Dwayne Wade of Cloud Networking.

Tim 1:11

Exactly. Exactly. So yeah, I mean 435 million all cash transactions. So Lumen is seeking to acquire Alkira basically to serve as its uh, like it says, control plane, its orchestration plane for connecting um customers using Lumen, I assume, to all of its different services. This is a really good uh acquisition by Lumen, if that's what they're looking for, because Alkira was always very much in the kind of as a service uh layer of cloud connectivity. So yeah, like really I would not have I would not have had this on my bingo card, but it actually makes a lot of sense. Uh anything to add there, Chris?

Chris 1:52

Yeah, I'm kind of with you in that it's a it's a good move for Lumen, which um I think this kind of um piggybacks on the back of uh another um offering that they have from uh at least through AWS. I don't know if they offer the exact same thing through any of the other cloud providers to date, but they they do offer like a last mile service for uh AWS as well. Um when you know we also in the last month saw the AWS Um Cloud Interconnect uh option that they've launched that has now gone into GA as well. So um and that even even on the you know published uh or the the published article about that going GA, they've talked about this last mile service that they that they were getting from Lumen. And and then Lumen on the back of that has just acquired Alkira, which you know, if if you know about Alkira in terms of cloud networking, they had uh the you know, all the major players in that space had um kind of different ways to solve the same problem, um, similar problem, I guess. And um Alkira was very centered on building a backbone that they owned and operated, right? So they had a lot of pops uh distributed across the globe, and it was more like you just needed to get traffic into their pops and they would handle the traffic end-to-end. They had integrations with Zscale or things like that. Um I to me, this sounds like it's going to require quite a bit of transformation of one of these entities for this to work out appropriately, I think. Um, given that it's Alkira being purchased by Lumen, which is a uh probably a much larger company just with their the kind of historical days of being uh in the telco space. I imagine that's gonna end up being a lot a bigger transformation of the Alkira product set. Um, and I wonder how it's gonna tie into this AWS Cloud Connect service as well, whether or not we're gonna see kind of um added benefits on top of that, you know, maybe some path monitoring, some dynamic stuff, um, you know, uh adding real app intelligence to these last mile services, maybe. Um but it's you know, at the end of the day, I don't know how well AWS, Azure, GCP are gonna integrate with that as well. So yeah, I think it's gonna it's gonna require a lot of heavy lifting to get something out of it, but it could be something really, really cool um at the end of the day, probably more similar to like a like a Graphiant type of service. I could see them kind of stepping into that fold as well. Um, but yeah, super interesting.

Claude Code Quality Post Mortem

Tim 4:26

Also, I forgot to point it out, but uh so Lumen's acquiring Alkira not to like run Alkira as the Alcura business, right? They're they're running it, they're buying it specifically to use as their kind of control plane for this orchestration, which again the way m Alkira works is this kind of pop-based backbone system, so it makes perfect sense. But something that Alkira also really, really succeeded with was kind of their marketplace offerings, like you know, because of hey, we're your backbone, kind of, you know, here's here's a bunch of partners that we have, and you can just kind of bring services through us. So it's really, really popular and good. You know, that's just how they did it. And so again, they're uh Lumen's not buying Alkira to like, hey, we're still, you know, we're Alkira, but like, hey, we're gonna use this as our control plane. So I wonder if that means that you know current Alkira customers are just gonna kind of roll in, you know, like what that looks like, you know, like once that becomes part of Lumen's, and this is probably gonna take a year or more probably to really see significant change, but what does that mean if you're a Alkira customer? You know, obviously you're just gonna become a Lumen customer, but as they kind of try to do the merging, you know, of Alkira to service what Lumen bought them for, I wonder if there'll be any kind of hiccups there. So we'll see. We shall see.

Who Pays When AI Degrades

Chris 5:50

Okay, and next up we have an article here from Anthropic about a clawed code quality post-mortem. So um basically Anthropic came out and said that they are um providing a post-mortem for three separate issues that they saw with degraded clawed code quality between March and April 2026. Um, the issues um that they stated were default reasoning effort was silently reduced from high to medium, a caching bug caused loss of reasoning, history mid-session, and a verbosity reduction prompt inadvertently reduced coding intelligence. So um the thing is about this, I mean, it's it's it's great that they're providing this level of transparency um with the the reduction in um kind of quality from uh this tool that they've now um blasted into the enterprise with. Um, but you know, if it kind of creates this weird discussion now about like, you know, when you have teams fully dependent on these types of services and generating good quality code, um I think we start to enter into, you know, oh, was this uh the the outcome of these apps or you know APIs or things like that that were built just during this this short window of time could be drastically less uh secure or or less uh optimized than than what was produced, you know, two weeks after that, right? So um yeah, it's um I don't know. You got any uh commentary about this one, Tim?

Tim 7:22

So it's interesting, right? The this idea that what you said about the um idea of that you know that you've got enterprises that are now relying on clawed code and whatnot, um just made me gave me like the the the drug dealer thing, you know, where the first the first hits free and then you know they gotcha, they gotcha. But regardless. Um yeah, so what is this is uh brings forward a an interesting thing that really we haven't nobody's really talked about, especially the you know, the service the AI as a service providers. I don't know what you would call these guys, um, you know, like anthropic and and open AI. You know, what is the service level agreement of your access to models, you know, or you know, using whatever harness, you know, like what is the what is the damage uh redress, you know, if if they just do stuff like this and the service suffers? It's and of course the answer is legally probably very little or not or non, right? Uh it's kind of an as at you know, uh what do they call it? As you just good luck, you know, kind of kind of serves level agreement, you know. Um so yeah, so what is the redress? And the answer is probably nothing for a company that uh is using you know clawed code and maybe they paying, you know, paying whatever, paying API call by the API call, paying for Max Pro X37, you know, subscriptions or whatever. Um, how do you prove it? Well, how do you prove it?

Chris 8:53

Yeah. Yeah. Like first of all, how do you prove it? But also like I it also not not that I sympathize, but I also kind of understand the the anthropic side of it as well, like you like you pointed out, in that like i if I am using this model, uh, whether it be the top-tier model or the mid-tier model, whatever, to do this level of task, and you know, Claude or Anthropic on the other side has some type of outage where there's reduced quality. Maybe if if I'm using it to build a calculator app versus I'm building some enterprise application that's a full-on CRM, just because they said they have reduced quality between this point and this point, do I get am I entitled to some type of compensation because I didn't get the output I should when it's really like I'm just doing fucking basic shit, you know what I mean? Like I don't know.

Tim 9:41

Uh there's no process. There's no process in place for anything like this, right? Uh and the other thing is that um, you know, you're we're we're doing this uh thing where we're coding and and they're they're they're or rather sorry, not where we're coding, rather where they're coding. They're they're changing their stuff up all the time, right? And so like this is an example of them basically, I mean, it's given the what they said was the the actual problem, it was basically them trying to shave off as much as possible, you know, from usage, basically. I mean, and that's something that you hope they would do to become more efficient, but there's also this question of like where where does and and I don't think anybody has the answer, what is the balance between increasing the efficiency of using a model and making the model less usable? You know, because I mean at the end of the day, the more efficient uh anthropic makes their models, the the more of a margin that they kind of built for themselves, right? It's not like you're gonna pay you're not gonna pay less for your max probe subscription because the they manage to make the model more efficient or you know, more efficient by being dumber. I'm not sure like what that looks like, right? It's experimentation.

Chris 10:53

It's the economy of scale, dude. Isn't that what it is?

Supply Chain Worm Steals AI Keys

Tim 10:56

It's the cloud all over again. Yeah, well, that's a whole other that's a whole other thing, right? Um, but yeah, I mean you want, we do want models to be more efficient. God knows we don't want to burn down the Amazon to build a calculator app. Um, but it does beg the question, you know, what does that look like? Like how do we, you know, to what to what degree can we build the plane while we got a bunch of passengers flying on it to make it better? And that's you know, personally, I I'm all for making it as efficient as possible. Um, but you know, if you got a bunch of customers relying on the app for their their livelihoods, essentially, or more like you you got a bunch of late-stage capitalist companies relying on it for the shareholders at the end of the day. It's not the people. Um but anyway, yeah, like what what's the answer? Um and and what's the redress or what's the responsibility? So that's the question I have. All right. Uh let's see. Moving on, uh, speaking on, there's a new kind of a new spin on an older uh attack. So back in 2025, I think it was, we had a uh uh there was a malware attack called Shy Halud, which is which was a supply chain attack that would get into like NPM and like some of the big, really, really big software packages that developers use. And you know, so the this uh cyber um I I don't I don't know if cyber terrorists is right, but like just a you know criminal cyber criminal uh organization introduced this Cy Halude worm that would basically get on, steal a bunch of credentials, and then could could act as ransomware, or you know, or could just steal just I mean, after you steal credentials, you kind of have keys to the kingdom. But this there's a new version of it released, I think, by the same group, uh called Mini Shia Halude, which is kind of just a round two, if you will. Now, this one specifically focuses, uh, and I'm not sure if the other one focused on it exclusively, but I now the newest attack is targeting prominent software libraries uh like TanStack and Mistral AI. So it seems a little bit more AI focused this time around. Uh again, I'm not 100% sure on how AI focused it was last time, but I think that one's was specifically much more on the software side of things, like like I said, like npm and really, really big uh packages. So in this case, you know, they it's a supply chain attack. So they essentially f make a small update to a fork of a of a really popular software package on like GitHub or something, and that fork picks up the changes uh and then you know builds it in, and then it becomes like a new version of the of the software. And so people who are building using that software you know either uh suck in the changes and like upgrade their package version and therefore bring in this this uh compromised, you know, this malware infested package. Uh, or if they're just you know starting a new build of something, you know, AI is like, oh hey, I you know, I'm gonna go download you know this package, like uh, you know, Tan stack or whatever, uh and it pulls it in then. So it just depends on when you you know, what did you already have something that was part of the supply chain, or are you building something that's part of the supply chain? And so even though these are found fairly quickly and removed, so because you know, open source and the because the pipelines are what's getting infected and not we're it's not just random people that are just you know, here's a here's here's malicious code, and and that would be easy to find. They're actually being pulled, pick, pulled in by pipelines that are trusted. And because the pipelines are trusted, it ends up with the same signature as the trusted, you know, software essentially. And that's how that's how this is happening. And when it gets in, it it looks at your Clawed, uh, like your not just Claude, but like your, you know, open AI, whatever, all of your Claude uh credentials, it looks in all the directories where AI builds, puts credentials and builds uh stuff, you know, and and steals all of it and tries to basically, you know, compromise those accounts as well. It's also self-replicating. So if it if it compromises something else, uh it'll log in and you know, create the worm on that device and then it do the same thing and and just keep replicating as much of the pause as possible. And there's a point, uh this article actually specifically points out that you know they'll do things like uh ransomware. So, you know, after they after they steal your credentials, they'll lock you out. And then basically if you it'd say, you know, hey, if you rotate your keys, uh we can remotely trigger a uh you know meltdown, like a destruction of all of all the stuff on your computer. So it's getting really sophisticated out there. But what I find so interesting about this is this is like classic, truly classic supply chain type stuff. And this this new the I don't I don't think it's new, but like this thing of of of using a fork of of something really popular and then kind of very kind of shadowy updating the fork and the fork getting picked up and and becoming part of the tr you know pipeline that's that's trusted. It's very, very um what's the word I'm looking for? It's just very elegant and very very sneaky how uh a lot of this is happening. And and you know, to avoid detection, they use certain exfiltrate uh data session, they use something called session to do uh exfiltration. Just I I just I I kind of have to to clap, you know, because it's it's really well done. So anyway, any any thoughts about this?

Chris 16:29

No, I mean you you said you said it well. Um I think I think it points it out in this article as well that that the this option that has been um potentially exploited as Tan Stack React router, it's it has 12 million plus weekly downloads. So uh the blast radius on this thing is quite big, right? Um this could be um uh consumed uh at a very large scale uh across the board. Um and I think that it also says that most security teams need to rotate all their connected cloud credentials if any of these affected packages were um potentially compromised there. So um it's unfortunately it's one of those ones where it just causes a lot of busy work for people. Um so I imagine that's uh that's probably gonna be the outcome of this. Um but this is uh I mean, to be honest, we don't do too much on the developer side, right? Like uh we don't do a ton of that, but with with the introduction of um things like clawed code and and what have you. Uh I mean it's something I'm using on a daily basis now when I'm building apps and things like that. And you know, this thing that is interesting about this was not just that it compromised the the CS CD pipeline itself, but that um there's a lot of things like a developer configuration directory that is local to your machine that um typically does not get checked by version control, does not get um get put through regular security scanning, and that's where all the stuff was that that you know was used to exploit the the user, right? So um things like that are in a.claw directory or.vscode directory. Um I actually don't know the broader scale of how these things are typically controlled. Like, you know, uh a lot of us aren't using um, you know, kind of the intricate key vault stores and things like that. So I imagine this problem could uh it could be a big attack surface in the future because of the way people are using this stuff now. Um and probably in a relatively insecure manner, like I am probably doing.

Tim 18:34

I mean, it used to be you could just use a dot like a dot env file or something, and as long as it's in your git ignore, it's not gonna end up on a public GitHub. And I mean th that's still the case. But if you have something that's uh that's compromised and then running locally on your machine, like there's nothing to stop that thing from being able to view all of your anything that's in plain text, basically. Anything that's not truly encrypted, it's gonna be able to do it to see it. And that's and the other thing is now that we're cl you know we're we're coding with AI harnesses and you know agents and everything, you know, those those things don't as part of their workflow, you know, it's not like they're going to check whether or not the things the packages they're installing, you know, whatever it is that they're doing to to accomplish your your task, they're not necessarily checking them against CVEs and you know doing that. Even even that rigor wouldn't have caught a lot of these things with the with you know again, these uh the a lot of these um with mini shy alud, we're talking about stuff that was signed uh, you know, by the essentially by the publisher, if you will, uh saying it was good, it was it was real. So, you know, it's not that simple. So but but the further the more we let AI do on our behalf, even if you're not a coder, especially if you're not a coder, um you don't necessarily know you know what it's installing and what it's pulling in. And uh, you know, especially with things like skills. Skills is a new thing as well. I'm not I don't want to get too far into that because we'll go way off the the thing. But that's you know, skills installing malicious skills is a thing. Uh we should cover on a few.

Chris 20:09

We also talked about all the security baked into MCP as of today.

Data Centers And Water Pressure Fallout

Tim 20:13

Let's not even get on MCP again. Yeah, it's it's interesting stuff, man. Brave New World, and uh we're we're just barreling headlong at it.

Chris 20:23

All right, and to round this out, um I have another um, you know, kind of spirit uplifting one here from uh from the I believe this is a source from TomsHardware.com. Um so a QTS data center in Fayette County, Georgia drew 29 million gallons of water through an unauthorized connection for over 15 months. The unauthorized usage was discovered only after nearby residents reported low water pressure. Despite the um unauthorized draw, the county declined to find QTS uh citing future tax revenue from the campus. Um so I mean, one first thing I would notice, I don't know how the kind of utility itself would be able to tr like not track a loss in 29 million gallons of uh of water over that course of 15 months. That seems uh like something you would probably notice, but yeah, I mean who knows? I don't work in a utility company. I don't know if that's uh that's a drop in the bucket or what, uh, not to no pun intended. But um you know, I think I think I do remember seeing clips of this like on even if it wasn't this reported story, I've seen other communities where um you know the the the um members of the community are posting on the news or like news stories talking about like their low pro water pressure and like and turns out yeah, they're just like half a mile down the road from where a data center is being built. And I'm I don't know about you, Tim, but I'm seeing it on like social media, like local news, etc. At least from in America, there's a lot of anti data center rhetoric coming across in um and obviously we're We, you know, we have elections coming up where you guys have elections. I'm in I'm in Australia. We don't have an election for for this. No elections in Australia. Yeah. Dictatorships in Australia. I also can't vote. I also can't vote yet. So um they're it's kind of uh not not too important to me just yet. But um yeah, so I mean I'm you gotta take it with a grain of salt because obviously when there's an election year happening, there's a lot of uh uh a lot of I won't say propaganda all the time, but there's a lot more focus on these kind of social economic issues and things like that. But yeah, um this is just another uh another reason why you probably don't want a data center within you know a a five mile radius of where you live. Uh it's not gonna be an enjoyable experience, most likely. And obviously that's what we're barreling towards. So um how are you how are you gonna solve this, Tim? Are you gonna um are you gonna start an uprising?

Closing Thoughts And Support

Tim 22:53

Yeah, probably. No, I mean so something new and fun has been happening here in the US recently. Um because of the uh because of the AI arms race that's kind of unfolding, I've heard stories and seen articles talking about how even when um like a municipality or like the people I guess really inside a municipality are trying to protest or vote against this this data center uh being built, they're being overridden as a calling there's some new thing. Either they're calling them military installations and getting around this this you know the process, or I've heard some national security words being thrown around. Like this is a this is a matter of national security, and it's such a it's I mean it's like the war on it's like the war on drugs, dude. Like it's not uh if it's it uh and I've seen it more than one place, but I I'm still looking for some very big specifics, but I have seen even from reputable sources some stuff about this, and it's just more crony crony capitalism at the end of the day. Uh it's complete crony capitalism, which is what I would expect. So this is the same thing. But the thing is that this is like real people. Yeah, right? But but I mean it's real the thing is at the end of the day, as we're talking about this article, you know, this is one of many, right? This is this is what's going to happen. This is the the behavior. People are gonna have higher energy costs because you know, although here in North Carolina, actually, there's trying to pass uh a law basically that says that you know, any data centers that are being built will have to offset, essentially pay their own energy costs, which is a huge deal because we're talking like millions and millions and millions of dollars per year. But there's still all sorts of other stuff, like you know, uh in North Carolina they were trying to attract data center uh development. Uh this is you know a couple years old legislation, you know, not having to pay taxes on uh property, of course, or like materials and stuff like this. But but recently, because of things that are happening, like that's very quickly reversing course. But I don't think it's gonna matter. I think at the end of the day, uh, you know, these data center lobbyists basically are gonna be not data center lobbyists, really, it's just gonna be the whole AI lobby, if you will, as a whole, is gonna appeal to the administration and they're just gonna start getting waivers and whatever they can to shove these things down people's throats. Um and it's gonna have real impact on their pair on their power. Water, god we know, water is already a huge availability problem. Um, yeah, man, I don't know what the answer is, but uh this is a real thing that's happening in the US right now.

Chris 25:32

So we gotta start we gotta start talking about some positive stuff, man. Like we I know, right?

Tim 25:37

I feel like we our last the the last times we've done news, it's been really down Debbie Downer stuff. I'm sorry. I want to I want to talk about positive stuff, man. Let's let's let's next time let's we're gonna go completely off topic. We're gonna like bring in uh something about like, I don't know, cat rescue shelters or something. Like in how all the cats getting adopted or something. I don't know.

Chris 25:58

I feel like this is just becoming like an extension of our doom scrolling, right? It's just all fucking it's all shit.

Tim 26:04

It's hard to find the good news in tech these days, to be fair with you. True. So we're gonna try.

Chris 26:10

Tech is becoming public enemy number one, I think. Uh yeah.

Tim 26:14

Anyway. Yeah, anyway, we're uh we'll get there if we can get there. So but I promise we're doing it.

Chris 26:20

We're all we're all happy. We're all right.

Tim 26:22

Yeah, everybody's doing well. Okay, yeah. All right. So we've had better days, but uh we're making the best of it. Yeah. I hope everybody else is doing well. Uh I hope all our listeners are doing well, are certainly uh better than the average. So that's that's all we can do.

Chris 26:38

Yeah, I guess we should probably take the opportunity to uh share our uh support for uh any potential layoffs that happened recently that impacted anyone that we know and and care about, um, or you know, listeners, etc. Um it's not fun, but you know, record profits uh keep happening, so it's uh the cycle repeats. And but you know, we're always here. Um if anyone out there has has you know kind of fallen on hard times because of something like this, Tim and I are always uh and Catherine we can do uh willing to help.

Tim 27:12

So all right. And on that note, then having really, really raised the mood up, I think we should probably go ahead and uh close out for the month before you know before something else bad happens. As quickly as possible. Let's close it out. Uh thanks for joining us. So if you uh enjoyed the news, and I can't imagine why you would have. So please uh share it with a friend. Um hopefully things are things are better. Uh things will be better next time. We'll bring Catherine better back in next time. She'll she she always keeps the mood very uh all right. Take care, everyone, and see you next time. Take us