News from KW32.2025 - the "Wews of the Week" 4.8

Come here, come here, here you get the same news as next door! Nine contributions from week 4.8 – 10.8 (KW32-2025) this week as a reduction, two Contributions of which with an extra flake of butter – for the figure, the ‘Wews of the Week’.

Article 1

Cloudflare Issues in Frankfurt Data Center

Monday morning, half past 10 in Germany. No, no Knoppers today. But qüalend slow construction of some pages and complete unavailability of others... well, Monday stop.

Actually a nice summer day in Germany, partly mild light rain, otherwise clear and only slightly cloudy at chilly 21 degrees. If it wasn't for internet performance. In Data center Frankfurt At Cloudflare, it is probably hot to find the error why some pages no longer load at all with customers and others extremely slow.

TL:DR towards evening there was then all-clear, everything again chic.

Affected users: Mainly telecom customers (both DSL and fiber optic) reported problems. Other providers were not affected.

Symptoms:

Websites not reachable or build very slowly
Timeouts for various online services (e.g. Freshservice Ticketsystem)
Direct unavailability issues lasted about 2 hours (until about 12:30 p.m.)

Workarounds:

VPN connections (e.g. Mullvad) continued to work
Cloudflare DNS resolvers in the router showed no problems

History: The disturbance occurred several times – first in the morning, then again later. Cloudflare officially confirmed the disruption on its status page.

Special feature: It seems to have been a specific routing problem between Telekom and Cloudflare, which is why only certain providers were affected.

Article 2

XBox Leak Tuesday

Xbox Revolution: Magnus chip points to modular gaming future

Peter Steinlechner, whom some of you still know from the Gamestar (or the older ones from the PowerPlay) Golem.de There are some cool speculations:
The gaming world could be facing a fundamental change. A leaked AMD chip codenamed ‘Magnus’ suggests that Microsoft could take a completely new path for the next generation of Xbox, away from traditional monolithic design and towards a flexible, modular system.

However, the information described here is based on unconfirmed leaks and speculation. Microsoft has not yet officially commented on the reports, so please be careful first. ⁇

One chip, many possibilities

loud a video the Youtube Channel Moore’s Law Is Dead Magnus is not a conventional all-in-one chip, but an innovative modular SoC design consisting of two separate components:

The GPU: 264 mm2 with RDNA-5 architecture, up to 68 compute units and GDDR7 memory (192-bit connection)
The CPU: 140 mm2 with three Zen-6 cores and eight more compact Zen-6C cores
connection: 384-bit bridge for data exchange between chips

Change of strategy at Microsoft?

This modular architecture could be Microsoft's answer to the changing gaming landscape. Instead of developing different chips for different devices, the modular principle allows:

High-end consoles for the living room
Cheap entry-level models for price-conscious gamers
Portable handhelds in the style of the Steam Deck
Close Windows integration and possible OEM partnerships

More than just Xbox

Particularly interesting: The GPU component from Magnus will be part of a new AMD graphics chip family that could also be used in PC graphics cards. This would allow even closer integration between Xbox and PC gaming. A strategic advantage in the fight against Sony and Valve?

When will the future come?

While Sony does not expect the PlayStation 6 until 2028/2029, Microsoft could be on the market sooner with a Magnus-based system. The rumors are not yet officially confirmed, but the technical details seem plausible and show a well-thought-out strategy.

Microsoft remains silent on the speculation, but the gaming community is eagerly awaiting official announcements. One thing seems certain: The next generation of consoles will be unlike anything we've ever known.

This video speculates diligently, but the guys from DigitalFoundry seem to be relatively sure. And if you're interested in gaming, the rest of the video is also worth seeing:

Article 3

Claude Opus 4.1 is live!

Anthropic Releases Claude Opus 4.1 Strategically Right Before OpenAI's Expected GPT-5

Anthropic has released an updated version of its top-of-the-line AI model, Claude Opus 4.1, which is now available to paying users. The update may come as a strategic response to the expected release of OpenAI's GPT-5. The Articles by t3n.de I ran across that path.

Main improvements:

Significantly better performance in code refactoring across multiple files
Precise identification of errors in large code bases without unnecessary changes
New record in the ‘SWE-bench Verified’ test with 74.5% (2 percentage points ahead of the predecessor, 5% before OpenAI's o3 series)
Improved analysis and research tasks as well as agent search functions

Context: The update comes at a strategically important time, as OpenAI appears to be on the verge of releasing GPT-5.

Anthropic recommends the change to all users and announces further improvements for the coming weeks. Prices remain unchanged despite the performance increases.

The update highlights the intensity of the current AI competition for market leadership. Now we are eagerly waiting for the counter.

Article 4

Proxmox VE 9.0 and Backup Server 4.0 are here!

This week has it all in terms of virtualization and backup, hit by hit followed on 5.8 the release of the VE 9.0 and directly afterwards on 6 August 2025 the PBS 4.0

I keep this message on the short leash, there is already a detailed blog entry on the subject. Now only the new mail server and the data center dashboard are missing.

Article 5

OpenAI introduces GPT-5

The fight of the AI giants goes into the next round! The release of Claude Opus has recently caused quite a stir. But now OpenAI counters with a bang:

GPT-5 is there and promises to revolutionize the AI landscape again. What can the new model do and how does it compare directly?

What's new in GPT-5?

The new language model of OpenAI should be one thing above all else: more reliable.

A central point of criticism of earlier models was the tendency towards hallucinations, i.e. fictitious facts. GPT-5 should be significantly less likely to fall by the wayside and be able to answer technical questions with almost expert knowledge.

OpenAI demonstrated the New Skills Impressive: At a press conference, the model programmed a working web app from a simple text prompt in seconds. Some examples You can admire here. Another highlight: While you still had to choose between different models in GPT-4, GPT-5 now combines all functions under a single hood. These consolidation makes it much easier and more versatile to use.

The duel: GPT-5 vs. Claude Opus

The publication of Claude Opus has raised the bar. With its latest model, Anthropic has not only shown impressive performance in text comprehension and programming, but also scored points in terms of security and ethical guidelines.

GPT-5 now competes directly against this strong competitor. One of the biggest arguments for GPT-5 is its Wide application in risk areas. U.S. companies are already using the new model in sensitive sectors such as finance and healthcare. For example, a health insurance company uses GPT-5 to examine applications, and a bank entrusts it with its financial analyses. This shows the level of industry’s confidence in the new model, even before independent testing.

Caution should be exercised: Use in risk areas

However, this aggressive use in critical areas also raises questions. In Europe, such applications alone would be Reasons for data protection problematic. GPT-5 runs exclusively on OpenAI's servers, which would mean passing on sensitive customer data to third parties. So be careful here, especially when it comes to linking to your personal accounts like Gmail.

Another point is the Lack of independent audit. Although OpenAI emphasizes testing the model for security issues for 5,000 hours, this number seems low given the complexity. One has to wait and see if independent studies can confirm OpenAI's promises, especially in software development, where previous models often led to useless results.

conclusion

GPT-5 is an impressive language model that once again raises the bar in AI competition. It scores with its reliability, versatile functions and rapid adoption in the industry.

But the competition isn't sleeping. With Claude Opus 4.1, there is a strong competitor who also convinces with outstanding performance. It remains to be seen how the two models will perform in practical use and whether GPT-5 can meet the high expectations in terms of reliability and safety.

Article 6

Stop digital espionage in everyday crime!

Imagine if the police are allowed to secretly infect your cell phone or computer with a state trojan to spy on you on any small suspicion of a crime you may be committing on the Internet.

Sounds like a privacy nightmare, right? Fortunately, the Federal Constitutional Court has now put a stop to this!

In one Judgment published today On 24 June, the judges ruled that the use of state trojans is taboo for offences with a maximum sentence of three years or less. This means that in the case of ‘everyday crime’, such as stealing or computer fraud, investigators can no longer simply access your digital devices in this way. This is a great victory for our privacy and a clear signal against shoreless surveillance.

Why the judgment is so important

The main reason for this decision is the proportionality. The judges emphasize that the interference with our privacy by a state trojan is extremely strong. It allows access to the ‘whole raw data stream’ – from messages to personal habits. Such a massive intervention is only justified in the case of really serious crimes.

It was also about a formal error in the previous legislation. The online search does not only have the so-called Fundamental IT Rights Injured, but also Telecommunications secrecy. Both fundamental rights must be explicitly mentioned in such a case – something the legislator had not done before. The court therefore gave him a clear homework task: Improve it! The current regulation may remain in place for the time being, but needs to be revised as a matter of urgency.

The debate continues

Civil rights organisations such as the Gesellschaft für Freiheitsrechte (GFF) and Digitalcourage are enthusiastic about the ruling. They see it as an important step that limits the use of state Trojans in light crimes and thus makes the IT systems of all of us safer.

However, experts also point to a central weakness: To install a Trojan, vulnerabilities must be exploited. The State therefore ‘hoards’ these gaps, instead of notifying them to the manufacturers so that they can be closed. This makes us all – millions of internet users – vulnerable to cyberattacks.

Another criticism comes from the police union (GdP). She fears that the effective fight against serious crime will be made more difficult. But don't worry, the Constitutional Court has also clarified: In the case of really serious crimes such as terrorism or offences punishable by more than five years' imprisonment, investigators may continue to use state Trojans.

The verdict is a clear commitment to our digital freedom. It makes it clear that the State cannot take action against ‘small offences’ with the ‘big hammer’. It's an important step, but there's still a lot to do to strengthen our IT security and strictly limit the power of surveillance.

Sources: BVG | heise.de | Tagesschau.de | Netzpolitik.org

Article 7

Data leak at Magenta TV: Millions of user data unprotected for months

Massive security gap in Germany's largest telecommunications provider

Deutsche Telekom is once again the focus of discussions on data protection law: A major security incident on their Magenta TV streaming service has left over 324 million records unprotected on the Internet for months. The extent and duration of the leak raises serious questions about data protection and IT security at the Bonn-based company.

The dimension of the problem

Since at least February 2025, user data of Magenta TV customers has been freely available on the Internet via an unsecured server of a technical service provider. Cybernews' security experts, who uncovered the leak in June, speak of over 324 million log entries with a total data volume of 729 GB. With an estimated 4.4 million Magenta TV subscribers, this means that potentially every customer could be affected by the data breach multiple times.

The compromised data did not include any direct personal information such as names or addresses, but contained unique Internet identifiers, account numbers and detailed hardware information of the affected users. However, this seemingly ‘harmless’ metadata can become quite problematic in the wrong hands. For example, there is a potential risk of Session hijacking. Theoretically, attackers could log into customer accounts using the disclosed session IDs.

Why this data is dangerous

Although Telekom stresses that no "security-relevant data" such as payment information or personal contact details were affected, cybersecurity experts warn against trivialisation. The shared information allows attackers to:

Identify users: By combining hardware information and account numbers, behavior patterns can be created
Targeted attacks to launch: Using the data obtained, cybercriminals can develop tailor-made phishing campaigns
Gain access to accounts: The exposed data could serve as a basis for social engineering attacks or, as already mentioned above, for so-called session hijacking.

Telecom response: Too little, too late?

Only after Cybernews alerted Telekom to the data leak in June 2025 did the company react and then take the data offline at the end of July. For a security flaw that had persisted for months, this response time seems worrisomely slow.

According to initial estimates, most of the data was not potentially dangerous, but the leak revealed some user data, including: User Agents, IP Addresses, MAC Addresses, Session IDs, Customer IDs

Here is a timeline according to cybernews.com:

Leak discovered: 18 June 2025
Leak reported: 18 June 2025
CERT contacted: 18 June 2025
Leak closed: 22 July 2025

The cybernews experts discovered the data leak in mid-June 2025 via an unprotected Elasticsearch instance hosted by Serverside.ai, a server-side advertisements (SSAI) service. In a statement to the Frankfurter Allgemeine Zeitung, a Telekom spokesman stated that "no further security measures are necessary" and that the data leak was closed. This trivial presentation contradicts the assessments of independent security experts.

Industry-wide problem or individual case?

This incident joins a troubling series of data leaks at major technology and telecommunications companies. Recently, T-Mobile US was fined $60 million for a data breach. This shows that data protection problems have not only local, but international dimensions.

It is particularly critical that the affected server was the infrastructure of a technical service provider. This illustrates the challenges of the modern IT landscape, in which companies increasingly rely on external partners and partially give control over sensitive data out of hand.

What customers can do now

Despite Telekom's downplaying statements, Magenta TV customers should take proactive steps:

Change passwords: Even if no direct login data was affected, a precautionary password update is advisable
Monitor suspicious activity: Watch out for unusual emails or calls related to your Magenta TV account
Enable two-factor authentication: If available, use additional layers of security for your Telekom account
Check account activity: Regularly check your account movements and settings

Outlook and teachings

The Magenta TV data incident once again highlights the need for stricter data protection standards and regular security audits. Companies must take their responsibility seriously not only for their own systems, but also for those of their service providers.

For consumers, the case shows that caution is also required with incumbent providers. Digitalisation undoubtedly brings many benefits, but it also requires a new awareness of data security for both businesses and users.

The coming weeks will show whether and what regulatory consequences this incident will have. Data protection authorities are already examining similar cases in more detail, and a fine procedure could follow here too.

Status: 8/9 August 2025 ⁇ This article is based on publicly available information at the time of publication.

Sources: cybernews.com | golem.de | it-daily.de | faz.net

Article 8

Google takes a hearty bite off the apple

Google is against Apple: Pixel 10 Teaser Makes Fun of Delayed Siri Updates

Google is using the advertising for its new Pixel 10 for a direct swipe against Apple and the AI features for Siri that have been postponed for a year.

On the Page winfuture.de I stumbled upon it: Shortly before the launch of the Pixel 10 on August 20, Google released a new ad that openly makes fun of Apple's delayed AI plans. In the 30-second video entitled ‘Google Pixel 10 ⁇ Soon’, the company refers directly to the Apple Intelligence features that have been promised since WWDC 2024, but have not yet been delivered.

“If you buy a new phone because of a feature that comes “soon” but has been coming “soon” for a whole year, you could change your definition of “soon” – or just change your phone”, It says in the spot, without mentioning Apple directly by name.

Clever details in the marketing attack

The teaser published on YouTube contains other subtle allusions: As background music, Google uses an instrumental version of Dr. Dre’s ‘The Next Episode’ – a reference to Apple once taking over Beats by Dr. Dre for $3 billion.

Apple originally announced the improved AI-powered Siri version for the iPhone 16, but features such as personalized context recognition and in-app actions have since been moved to 2026.

The Pixel 10 will be unveiled in New York on August 20 along with the Pro models, the Pixel 10 Pro Fold, the Pixel Watch 4 and the Pixel Buds 2a. Despite the well-known design of the Pixel 9 series, prices remain stable.

In the video: The official teaser spot from Google, which makes fun of Apple's delayed AI functions, and yes, it's a few days older, but I didn't discover it until Saturday via winfuture.de.

Article 9

Debian 13 ‘Trixie’ – finally no B ⁇

‘Trixie’ should be one thing in particular: A milestone for open source computing with revolutionary innovations

Debian 13 ‘Trixie’ is finally here, after the project had already entered the hard freeze phase. The final version has been live since 9 August 2025.

I got you as good as it went everything in detail summarized in my blog post, here again a few short cuts:

Some of the innovations However, you should know in advance. For example, that an remote upgrade via SSH that is aborted This may mean that it is no longer possible to log in again! Also helpful is to know that the /boot partition At least 768MB in size at 300 free It's supposed to be. Users already using Trixie's testing version report exceptionally stable performance with minimal issues.

Also Proxmox had already this week in the run-up to a release of the new versions of the VE and the PBS decided with Trixie as substructure.

Possible problems with upgrades and measures against them are summarized here.

Important other changes for administrators

Migration and upgrade notes

For existing 32-bit systems

Users of 32-bit Debian systems should prepare for the end of support:

No upgrade path: Direct upgrades from 32-bit Bookworm to Trixie are not possible
Hardware evaluation: Check if the hardware supports 64-bit
Migration strategy: Planning a new installation or hardware upgrade

Upgrade from Debian 12 ‘Bookworm’

For 64-bit systems, Debian offers proven upgrade paths:

Full compatibility for supported architectures
Detailed upgrade instructions in the release notes
Recommendation for pre-upgrade backups
Pitfalls and possible problems It has also been documented

The package sources get a new format

In Trixie, there is an important change in package sources: The old format in /etc/apt/sources.list was completely replaced by the new DEB822 format. This new format, which is based on the RFC822 standard, uses Key value pairs, which greatly simplifies machine processing.

What does this mean for admins?

Existing package sources must be converted to the new DEB822 format. This offers some advantages, such as improved management of GPG keys. With these keys, the package manager verifies apt the authenticity of the package sources.

Package sources in DEB822 format: /etc/apt/sources.list.d/debian.sources

Types: deb URIs: https://deb.debian.org/debian Suites: trixie trixie-updates Components: main non-free-firmware Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg Types: deb URIs: https://security.debian.org/debian-security Suites: trixie-security Components: main non-free-firmware Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

availability

The final version of Debian 13 ‘Trixie’ will Actively rolled out since Saturday.

And another week to get some more advice from the head of security: Sun-Tsu This time I have wise words for you, namely the following.
„The strength of the team lies in its unity. Encourage collaboration and communication within your IT team. A fragmented or divided team is more susceptible to errors and attacks.”