News from KW43.2025

Here we are again: Nine contributions from week 20.10-26.10 (KW43-2025). My favorites from hundreds of articles, two Posts of this are salted with all kinds of opinions, as always on Sundays throughout the ‘Wews of the Week’.

Article 1

Order spaghetti, get macaroni? Welcome to 1&1 ‘Fiber optic DSL’

Moin, dear high-speed hunters and all those who want fast internet!

Do you know that? You order in the restaurant the finest spaghetti, long, thin, high-end noodle enjoyment. But you only get the slightly rougher Maccaroni delivered. Good try, but not what you paid for.

Exactly this feeling perfectly describes what many are currently doing with the advertising of 1&1 Going through. It's about the magic word ‘Fibreglass’.

When fiberglass is not fiberglass

Advertising promises us the full program: Fiberglass, best speed, future technology! But wait a minute, what's really in the small print or in the cable?

That's exactly what this has now District Court of Koblenz Get on the table and decided: 1&1's advertising is misleading!

The crux of the matter:

Ordered: Customers book tariffs advertised with the magic word ‘glass fibre’. They expect the pure-bred fiber into the home (FTTH, the Fiber to the Home), which easily delivers 1,000 Mbit/s and more.
Delivered: Often, however, customers only DSL connectors or so-called Vectoring connectors.

Vectoring: A turbo, but not a quantum leap

Vectoring is indeed a decent turbo for the old copper cable, because the fiber optic is at least up to the gray distribution box on the road (FTTC, so Fiber to the Curb). But from the distribution box to your FritzBox it's just Copper cable.

That makes a huge difference! Over copper (depending on the distance) there is perhaps a maximum of 250 Mbit/s in it. With real fiber (FTTH), we're already at 1,000 Mbps and more today, and that's just the beginning! The difference is like between a good old diesel and a Formula 1 car.

The judgment: Stop the mockery pack

The Regional Court has now clarified: Who fibreglass Promises must also fibreglass Deliver to the apartment. Consumers are deceived by terms such as ‘glass fibre DSL’ of a word creation that sounds like squaring the circle.

Ramona Pop German Consumer Association (VZBV) has brought it to the point: ‘Customers must not be persuaded to conclude a contract with false high-speed Internet promises.’

What does that mean to you?

When you sign or change a new contract:

Always check carefully: In the availability check, look not only at the speed, but also at the Underlying technology.
Ask about FTTH: If it really is to be fiberglass, make sure that from Fiber to the Home (FTTH) I'm talking.
Don't be blinded: A quick DSL result is okay, but it's just not Fiber optic connection.

The road to real high-speed internet is rocky, but don't let yourself be eaten with macaroni if you've ordered spaghetti!

Article 2

AWS outage disrupts many services

On Monday, October 20, 2025, Amazon Web Services experienced a massive outage in the Northern Virginia region (US-EAST-1), lasting over 14 hours and affecting numerous cloud services worldwide.

The outage began at 8:48 a.m. European time and initially affected the US-EAST-1 data center only, where new EC2 instances could no longer be started, Network Load Balancers produced connection errors, and numerous AWS services such as Lambda, ECS, Amazon Connect, and Redshift failed. Dozens of external services that host on Amazon Cloud such as the Messenger Signal or Snapchat, social media platforms Reddit and Facebook, games, financial service providers and also Amazon's own website were no longer available for hours or only very limited.

Update from Friday:

The cause: Race condition in DNS management

Amazon has released a detailed report: A latent race condition in DynamoDB's automatic DNS management system deleted all IP addresses for the regional DynamoDB endpoint due to unfortunate timing. Because DynamoDB is a central component of countless AWS services, it triggered a cascade of outages that dragged on throughout the day.

All details about the incident I have worked on the blog and also submitted the opinion of Amazon and the PostMortem of Friday in another post on Saturday.

There are now also some videos on the topic, for example the WAN show with the guys from LTT is entertaining:

Article 3

Wonderful article on German bureaucracy with the perfect title ‘Passierschein A38’ at heise.de

Hello everyone, dear entrepreneurs and all those who struggle with the German paper war every day!

Do you still know the A38 pass from Asterix? A document whose only function is to drive you crazy by getting it from switch to switch. Welcome to 2025, as a new study shows: The German bureaucracy has reached an absurd level in the last three years!

The shock number: 325,000 new "bureaucracy jobs"

The renowned Institute for Employment Research (IAB) In a recent survey (9,209 companies, Q1 2025) published a number that makes us all listen:

German companies have had to hire around 325,000 additional employees in the last three years just to cope with the increased bureaucracy!

These are not jobs that develop new products or drive innovation. These are jobs that are only there to fill out forms, interpret laws and manage compliance.

The effort explodes

The perceived burden of bureaucracy has increased massively. On a scale from 1 (very low) to 10 (very high), companies today rate the effort on average with 6,8. Only three years ago, this figure was still a whole point lower!

Particularly crass: In 2022, there were only 4 % The maximum value is 10. Today it is 14 %! The hat is on fire!

The culprits: GDPR, IT Security & Supply Chain

What burdens you the most? The companies clearly state:

The GDPR: Data protection is massively devouring resources, and according to the Bitkom survey, 97 % the German companies over very high effort in the implementation.
EU IT Security Regulations: New rules for IT security.
The Supply Chain Act: Even if the Federal Government defused this somewhat in September 2025, the additional effort is there.

That costs us all 146 billion euros!

The 325,000 new jobs are just the personnel costs. The macroeconomic consequences are devastating: This ifo Institute has calculated that the lost economic performance due to bureaucracy at the end of 2024 at incredible 146 billion euros per year lay down! The mechanical engineering association VDMA sees this as the main reason for the continued weak growth in Germany.

Bright spot on the horizon?

Yes, the subject is recognized!

This Bureaucracy Relief Act IV entered into force on 1 January 2025 (small simplifications, e.g. for reporting obligations).
The new Digital Minister, Karsten Wildberger, has a Modernisation agenda announced that the cost of 25 percent reduction I'm supposed to.

It is also being discussed One in, two out: For each new incriminating law, two old, equivalent burdens must be eliminated. That would be a real game changer!

The IAB study shows: Productive companies bite into the sour apple and stop. However, this means that less productive farms are in need of livelihoods. It is about the competitiveness of all of us.

What do you think? Is the ‘one in, two out’ scheme the right way to go? Or what laws would you have to go into the bin immediately?

Article 4

Judgment: Father has to pay 33,000 euros for son's in-app purchases

A father from Baden-Württemberg has to pay over 33,000 euros for in-app purchases, which his underage son has made over almost two years on a tablet. This was decided by the Regional Court of Karlsruhe (Az. 2 O 64/23).

More than 1,200 purchases in a game app paid through the father's Google account with a credit card deposited. The claim for repayment failed. I have already published details and instructions on how to prevent this in my blog this week.

The judgment

The Court of First Instance held that there was an ‘apparent power of attorney’: Since the purchases lasted almost two years, the father gave the impression that his son was justified. Crucial: The father had not activated security mechanisms such as purchase confirmations or family releases – breach of due diligence.

What Parents Should Do

Activate purchase confirmations
Set up Family Sharing (Apple) or Family Link (Google)
Use separate child accounts without means of payment

→ Detailed instructions on parental controls

Source: PC WORLD | Ref.: LG Karlsruhe 2 O 64/23

Article 5

The online store is in danger. Critical gap in Adobe Commerce & Magento is actively attacked:

Attention, dear shop owners, developers and all those who support e-commerce platforms!

After just talking about bureaucracy, lame internet lines and parental approvals, now comes the next shocker from the cyber world. If you Adobe Commerce (formerly Magento) you must act now and Patch immediately!

In September, Adobe released updates for a critical vulnerability that has since been Actively Attacked on the Internet will. Time is pressing!

"SessionReaper" -> the nightmare for online shops

The vulnerability (CVE-2025-54236) has an extremely high risk score of 9.1 (Critical). The IT security researchers at NullSecurityX have given it the creepy name SessionReaper given.

What does this SessionReaper do?

It is a so-called deserialization vulnerability that is extremely dangerous. Attackers can use it to:

Sessions to take over: You can connect to another user's (or even admin's!) session.
Remote Code Execution (RCE): Under certain conditions (e.g. file-based session storage), the hackers can even Run code over the network! This means they have complete control over your shop.

The dangerous thing about it: No user interaction is required. The attackers can exploit the vulnerability via common API endpoints (REST, GraphQL, SOAP).

More than 60% of shops are vulnerable.

The IT analysts of Sansec They sound the alarm because they are watching. Active attacks since Wednesday to this ‘SessionReaper’ gap.

And the sad statistics: So far, only 38 percent of Adobe Commerce and Magento Shops have installed the necessary security updates!

This means: More than 60 percent of all shops are currently an easy target for cybercriminals!

Proof-of-concept exploits are already in public circulation. This means that automated scanners are currently combing the Internet to find and attack unpatched shops.

Your urgent call to action: Patch it now!

If you run an Adobe Commerce or Magento shop, please IMMEDIATELY Check if the security updates released in September are installed on you.

Check: Is the shop up to date?
Patching: Get the updates released in September immediately.
Be careful: Expects the attacks to increase massively in the next few days.

Don't let your online store become an easy prey! A compromised shop means data theft at best, and complete business damage at worst.

Have you patched your shop yet? Or are you working on it right now?

Article 6

Gaming week at a glance: Radiant wasteland, sarcastic colonies, thick dinosaurs, vampires & more!

Moin, dear gaming community!

What a week! Fortunately, there is good news on the couch between emergency patches and absurd bureaucracy. This week is all about big names, highly anticipated releases and a lot of nostalgia. Let's get it ready: Here's the biggest game news of the week!

Happy 10th Birthday! Fallout 4 Anniversary Edition is coming! ⁇

The wasteland is calling back! Bethesda celebrates the tenth anniversary of Fallout 4 with a thick Anniversary edition.

Release: Mark it to you 10 November 2025 Bold on the calendar!
What's in it? The ultimate complete package! The Anniversary edition contains not only the main game and all six official expansions (Far Harbor, Nuka-World etc.), but also more than 150 content from the Creation Club. Think of new weapons, additional quests, and even new dog breeds for Dogmeat!
Platforms: Available for Xbox Series X ⁇ S, Xbox One, PS5, PS4 and PC.
Switch fans watch out: There is even a version for the coming Nintendo Switch 2, Not until 2026.

The perfect opportunity if you haven't explored post-apocalyptic Boston yet, or just want to go out with all the goodies!

Ready for launch: The Outer Worlds 2 is just getting started! ⁇

Halcyon's corporations will soon face competition: The Outer Worlds 2, Obsidian Entertainment's highly anticipated sci-fi RPG sequel is about to be released!

The date: The official launch is on 29 October 2025, Perfect for anyone looking for a great role-playing experience.
Day-one surprise: For all Xbox Game PassSubscribers have good news: The game is included in the subscription right from day 1! (Also for PC Game Pass).
About the game: After The Outer Worlds With his snappy humor and anti-corporate attitude winning many fans, the second part promises an even bigger and better RPG experience in the new star system Arcadia.

The reviews for the Premium Edition, which enabled early access, have already appeared and promise a strong successor. Only a few days until the start of the new galactic colony!

Finally: Cyberpunk 2077 Apple MacOS Gaming ‘News’ is also available!

CD Project Red’s ‘Cyberpunk 2077’ hit for Windows, Playstation and Xbox since December 2020 has finally reached MacOS. YAY!

If you want to do your wallet a favor, please buy Not in the Apple App Store, but about the usual other suspects. That saves you at least 3 Starbucks coffee specialties ⁇

More gaming highlights of the week (KW 43, October 2025)

But that wasn't all! The week had some more cool releases:

Jurassic World Evolution 3: For all strategy and dino fans, the third part of Frontier's park simulation is already at the start (since 21.10.).
Vampires: The Masquerade - Bloodlines 2: After a long wait, the RPG fans were able to Day 1 edition Also on October 20th, we will finally dive into the gloomy world of Seattle.
Ninja Gaiden 4: The fast-paced action spectacle was also released on October 21 for Xbox and PC; with a Day-One-Launch in the Game Pass!

Conclusion of the week: October delivers what it promises, namely a lot of high-profile releases, some of which even end up directly in the subscription.

Let's go, GG WP and all a nice weekend.

Article 7

Critical WSUS gap! Patch immediately because attacks are already running!

You may have already noticed: Microsoft on Friday morning Unscheduled emergency patches. The reason is hot and affects the Windows Server Update Service (WSUS)!

This is a critical vulnerability with the identifier CVE-2025-59287 (CVSS score 9.8), which allows attackers to execute code over the network: without authentication.

That is why haste is required now!

Unfortunately, this is not just theoretical:

Exploit attempts: The IT security researchers of Huntress have already Active attacks Observed on the Internet. The hackers are targeting WSUS services that have made ports 5830/5831 openly accessible on the network. They use specially prepared requests to exploit the vulnerability and then run Base64-encoded PowerShell scripts. They then steal sensitive network and user data and send it to a remote server.
Easy to use: The well-known IT security researcher Kevin Beaumont (GossiTheDog) He tested the vulnerability himself in the lab. His conclusion on Mastodon: It was child's play, Remote Code Execution (RCE) on the WSUS server. And even worse: He was able to manipulate the update offers and malicious updates Distribute to clients on the network! Imagine an attacker pushing out ransomware via your own update mechanism – nightmare scenario!

What do you have to do now?

Don't waste time! If you're using WSUS, you should check out Microsoft's emergency updates. Install immediately.

The update is available for Windows Server 2012 and later:

Windows Server 2025 (KB5070881)
Windows Server, version 23H2 (KB5070879)
Windows Server 2022 (KB5070884)
Windows Server 2019 (KB5070883)
Windows Server 2016 (KB5070882)
Windows Server 2012 R2 (KB5070886)
Windows Server 2012 (KB5070887)

The official description The gap is: "Deserializing untrusted data in the Windows Server Update Service allows an unauthorized attacker to execute code over a network."

Important to know:

Affected are all supported versions of Windows Server (starting with Server 2012).
After installing the stand-alone update, a restart The server is required.
You should use the information provided by Huntress. Indicators of Compromise (IOCs) Check your weblogs and WSUS logs to see if your systems may have already been attacked.

Indicators of Compromise

Item	Description
C:\Program Files\Update Services\Logfiles\SoftwareDistribution.log	WSUS log file to review indicators of compromise
*C:\inetpub\logs\LogFiles\W3SVC\u_ex.log*	HTTP service log files to review indicators of compromise
w3wp.exe	HTTP worker process binary
wsusservice.exe	WSUS service process binary
whoami;net user /domain	Observed enumeration command
net user /domain; ipconfig /all	Observed enumeration command

Our urgent advice: Put these patches at the top of your priority list! Before an attacker turns your WSUS into a malware distribution point, close the gate!

Stay safe and patched diligently!

Article 8

Media State Treaty: Major reform planned for the digital age

The Broadcasting Commission of the Länder is working on a comprehensive reorganization of German media regulation.

A current discussion paper shows: The media order should be made fit for AI, platforms and algorithmic mediation.

The main planned changes:

AI regulation: ChatGPT & Co. to be required to provide source information, rights holders to receive remuneration for AI training
Fair advertising markets: Equal rules for broadcasting and digital platforms, easing of obsolete restrictions
Better findability: Quality journalism should be privileged in feeds, timelines and AI responses
Protection from manipulation: Obligation to label bots, fake accounts and paid content
Media concentration: Platform power and dissemination structures will also be covered in the future

The reform seeks to bridge the gap between promoting innovation and protecting journalistic standards in a digital world dominated by tech giants.

→ A detailed analysis with all the details of the reform plans will be published next week

Article 9

Local LLM as a chatbot easily and quickly privately on your computer

This video of c’t 3003 “Local AI is REALLY usable now (and it runs on this hardware)” deals in detail with the operation of large language models (LLMs) directly on your own computer (local AI or Open Weights models) and provides recommendations on the necessary hardware and software. This is a great addition to my article on LM Studio.

Summary:

Optimum hardware for local AI

The most important component for the speed of local operation of LLMs (inference) is the Storage data transfer rate the graphics card.

Graphics memory (VRAM) is crucial: When the voice model fully fits into the fast VRAM of the graphics card, the speed (tokens per second) is highest.
Graphics card memory (VRAM) recommendations:
- Small models (< 24 GB): A single NVIDIA RTX 3090 (used, approximately $700) or 4090 is sufficient and recommended as they provide fast storage (GDDR6X) and support CUDA.
- Large models (up to 72 GB): For very large models, a system with several used RTX 3090 graphics cards recommended, as these still support NVLink (for bundling the memory), which is omitted in the 4000 generation.
Alternative hardware:
- AMD Strix Halo (Ryzen AI Max Plus 395): Offers similar token/second performance to a much more expensive Nvidia DGX Park for around $1,800.
- Apple Silicon (Macs): Computers with M3 Max and 120 GB shared memory can achieve very good speeds because they have fast, shared memory.
Attention at Nvidia DGX Park: Despite the large and fast memory, the DGX Park delivers in tests with the GPT-OSS 120B model lower speeds (Token/Second) as self-built rigs with 3090s.

2. Software and models

LM Studio: It is currently recommended as the best platform for the simple tapping (prompting) of language models on Linux, Windows and MacOS. It offers easy setting options for offloading (outsourcing to the GPU) and context length.
Quantification: The models are available in different quantization levels (e.g. 4 bit), which reduces the file size and increases the speed. In the LM Studio you can see which versions fit best into your own GPU memory.
Model recommendations:
- Qwen 3 Coder 34B: A very small (2.5 GB) model that runs on ‘every potato’ and delivers surprisingly good coding results.
- GPT-OSS 120B (by Omi): A very large model that provides good factual accuracy.
- Mistral Small 3.2: Provides also correct facts, e.g. via the c’t magazine.

3. Use Cases and Benefits of Local AI

Disadvantage: Local models can't search the web from scratch, which is what cloud LLMs like ChatGPT or Gemini do by default. This often leads to incorrect or outdated answers for knowledge questions without RAG function.

Coding assistance: Local models can use software such as Continue or Cody be integrated into editors such as Visual Studio Code to help with programming.

RAG (Retrieval-Augmented Generation): Works well for analyzing local documents (e.g. PDFs). You can ask complex questions about a document without having to upload it to the Internet (privacy).

Vision models: Some small models, such as the only 12 billion parameter large Gemma 3 by Google, They can understand and process images.

Since the colleague Sun-Tsu from IT security is still on vacation this week, another gap filler has to step in: Kamik423 on Github has set itself to work in the best of German authorities.

And please don't forget: ‘Entering a galley? They're wrong here! Contact the Port Command at the bottom of the port.’