Fri. 05/16 – Bribing Is The Oldest Form Of Hacking

Welcome to the Tech Meme Ride Home for Friday, May 16th, 2025. I'm Brian McCullough. Today, Epic Games and Apple are still having beef over App Store rejections. Coinbase got hacked with the oldest attack vector there is, bribery. Meta's having problems with its behemoth AI model, new Windsurf coding suite, new Apple CarPlay, and of course, the Weekend Long Read suggestions. Here's what you missed today in the world of tech.

Epic Games says that Apple rejected its latest Fortnite submission to the US App Store and the game on iOS will be offline worldwide until Apple unblocks it. According to Epic, quoting The Verge, Following the rejection, Fortnite is no longer available on iPhones and iPads, even in the European Union, where it had previously been available to download through the Epic Games Store.

Apple has blocked our Fortnite submission, so we cannot release to the U.S. App Store or to the Epic Games Store for iOS in the European Union. The company posted on the official Fortnite X account. Now, sadly, Fortnite on iOS will be offline worldwide until Apple unblocks it, end quote. The Verge has confirmed that the game is no longer available to download on iOS from the Epic Games Store or the alternative marketplace Alt Store PAL in the EU.

where it had previously been available. It's not yet clear if Apple blocked the game's availability through those stores or if Epic itself chose to make it unavailable. We've reached out to both Apple and Epic for comment. Fortnite returned to iOS in the EU last year, but only through those two storefronts and not Apple's App Store. The return was made possible by the EU's Digital Markets Act, which required Apple to allow third-party app stores on iOS.

Epic had resubmitted Fortnite to the US App Store this month following a recent ruling in Epic's lawsuit against Apple. That ruling prohibited Apple from restricting developers' ability to link to external payment systems, one of the issues that had started their long-running legal battle. Epic was forced to use its EU developer account to resubmit the game, as its US account was terminated in 2020 when it first broke Apple's rules by introducing its own in-app payments to the game.

This week, Epic CEO Tim Sweeney announced that the company had pulled its previous Fortnite submission and submitted a new version that included an update due to release today, noting that, quote, all platforms must update simultaneously. He's since taken to X repeatedly to complain that unofficial Fortnite knockoffs have been allowed into the App Store, while Fortnite hasn't, claiming that Apple's app review process has been, quote, weaponized by senior management, end quote.

So one big story I missed yesterday that I want to snag is that Coinbase got hacked. Coinbase had to divulge that hackers access data of what they are calling a small subset of users, though not their credentials.

that they expect to incur 180 to 400 million dollars in costs on account of remediating this but they also want you to know that they refuse to pay a 20 million dollar ransom According writers, The company received an email from an unknown threat actor on May 11th claiming to have information about certain customer accounts as well as internal documents.

While some data, including names, addresses, and emails was stolen, the hackers did not get access to login credentials or passwords, Coinbase said. It would, however, reimburse customers who were tricked into sending funds to the attackers. Hackers had paid multiple contractors and employees working in support roles outside the US to collect the information.

The company has fired those involved, it said. Separately, the US Securities and Exchange Commission has begun scrutinizing whether Coinbase had misstated its user figures. Two sources familiar with the matter told Reuters. The agency had also been interested in whether any inaccurate user data could indicate the company had inadequate know your customer compliance that is required of firms registered with the SEC. The source is set.

A Coinbase spokesperson denied the SEC was probing the company's compliance with Know Your Customer and Bank Security Act rules, end quote. But what I want to come back to what I found interesting is the details of this particular hack A source is telling Bloomberg that hackers bribed enough Coinbase customer service representatives to achieve effectively on-demand access to Coinbase customer information since January.

While the company says the Coinbase Prime service that custody is crypto for ETF issuers and services other institutional investors was not affected, The hackers did have near constant access to some of Coinbase Global's most valuable customer data since January, according to a person familiar with the incident who asked not to be named discussing company matters.

The hackers' scheme was brazen, if not especially impressive from a technology standpoint. They bribed customer service representatives to steal client data and then demanded a $20 million ransom to delete it. Coinbase began noticing unusual activity from some of these representatives as far back as January, the company confirmed in an interview with Bloomberg News. The bribed reps got access to names, dates of birth, addresses, nationalities, government-issued ID numbers,

some banking information as well as details about when customer accounts were created and their balances, the person familiar with the situation said. This information could be used to attempt to impersonate Coinbase and convince customers to let the hackers into their account. It could also be used to impersonate the victims with other service providers to attempt to convince them to let hackers into other financial accounts they maintain.

For some traders with big balances on the exchange, the incident was alarming for reasons that go beyond the potential financial losses. considering the kidnapping and mutilation of a crypto startup co-founder earlier this year and reports of other similar incidents. It's a major breach. The amount of personal information shared is staggering, said Mike Dudas, managing partner of Web3 firm 6MV, who said he was targeted by the Coinbase hackers.

The hackers had bribed enough customer service representatives to achieve effectively on-demand access to Coinbase customer information in the past five months, the person said. Coinbase Chief Security Officer Philip Martin disputed the assertion of near-constant access, saying in an interview with Bloomberg News, that the company pulled the agent's access as soon as it was discovered that they were improperly sharing information.

Therefore, the hackers quote, did not have persistent access over the course of the entire period, he said. What these attackers were doing was finding Coinbase employees and contractors based in India who were associated with our business process outsourcing or support operations, that kind of thing, and bribing them in order to obtain customer data, Martin said.

Coinbase detected the agents, quarantined them and fired them as soon as the company noticed the activity. The hackers had access to this data as recently as Wednesday, the person familiar with the incident said. Martin said, quote, we have no reason to believe that is true at all, but could not, quote, prove a negative. Bloomberg News is aware of one notable high net worth individual's data being accessed, whom Bloomberg is not disclosing for privacy reasons, end quote.

Sources say that Meta has delayed the rollout of its Behemoth LLM, which was internally slated for an April release. now to be released in the fall or later. This comes after struggles to improve its capabilities, apparently. Quoting the journal, Company engineers are struggling to significantly improve the capabilities of its behemoth large language model leading to staff questions about whether improvements over prior versions are significant enough to justify public release, the people said.

Early in its development, Behemoth was internally slated for an April release to coincide with Meta's inaugural AI conference for developers. Meta put two smaller models in its Llama AI model family ahead of the event, but later pushed an internal target for the larger Behemoth release to June. Now it's been delayed to fall or later.

Meta has previously drawn praise for the speed with which it's caught up to rivals in the global AI arms race, spending billions of dollars along the way to develop the technology that powers chatbots on WhatsApp, Instagram, and Facebook. Meta plans to spend up to $72 billion in capital expenditures this year, much of which will be used to help realize Chief Executive Mark Zuckerberg's grand ambitions for AI.

Senior executives at the company are frustrated at the performance of the team that built the Llama 4 models and blame them for the failure to make progress on Behemoth. according to people familiar with their views. Meta is contemplating significant management changes to its AI product group as a result, the people said. The Facebook parent

has publicly touted the capabilities of Behemoth, saying it already outperforms similar technology from OpenAI, Google, and Anthropic on some tests. But internally, its performance has been hobbled by training challenges, the people said, end quote. Make this your best season yet with nutritious two-minute meals from Factor. Eating well has never been this easy. Just heat up and enjoy, giving you more time to do what you want.

get outside instead of prepping and cooking indoors factor meals arrive fresh and ready to eat perfect for any active lifestyle with 45 weekly menu options you can pick gourmet meals that fit your goals choose from calorie smart protein plus keto and more factor powers your day with satisfying breakfasts on-the-go lunches premium dinners and guilt-free snacks and desserts it's easy to savor more this spring factor meals pack in the flavor with none of the fuss my wife

left the house this morning with her factory meal in her bag to heat up for lunch at work today. If you're too busy for lunch, Factor is great. Two to three minutes is all the prep you need for something hot and honestly delicious. Try it yourself. Get started at factormeals.com slash ride50off. And use code RIDE50OFF to get 50% off plus free shipping on your first box. That's code RIDE50OFF at factormills.com slash RIDE50OFF for 50% off plus free shipping.

Life's been a little crazy lately, and one thing that helps me unwind is cornbread hemp's CBD gummies. Long-time listeners will recall the gummies that helped me unwind after Chris and I used to do ride home experience recordings late at night.

Have you tried everything under the sun? For peace of mind, it sounds like it's time for you to try cornbread hemp's CBD gummies. Cornbread hemp's CBD gummies are made to help you feel better, whether it's stress, discomfort, or just needing a little relaxation. They only use the best part of the hemp plant the flower for the purest and most potent CBD

formulated to help relieve discomfort, stress, and sleeplessness. They have THC for relaxation, CBD for sleep, CBD oil for recovery, and CBD gummies for stress. All products are third-party lab-tested and USDA organic to ensure safety and purity. Right now, Tech Meme Ride Home listeners can save 30% on their first order. Just head to cornbreadhemp.com slash ride and use code ride at checkout. That's cornbreadhemp.com slash ride and use code ride.

Hey devs, heads up. WindSurf has launched SWE-1, its first family of software engineering AI models claiming its largest model matches Claude 3.5 Sonnet, GPT 4.1, and Gemini 2.5 Pro. quoting TechCrunch. The startup says it trained its new family of AI models, SWE1, SWE1 Lite, and SWE1 Mini. to be optimized for the entire software engineering process, not just coding.

The launch of Windsurf's in-house AI models may come as a shock to some, given that OpenAI has reportedly closed a $3 billion deal to acquire Windsurf. However, this model launch suggests Windsurf is trying to expand beyond just developing applications to also developing the models that power them. According to Windsurf, SWE-1, the largest and most capable AI model of the bunch, performs competitively with CLOD 3.5 Sonnet, GPT 4.1, and Gemini 2.5 Pro on internal programming benchmarks.

However, SWE1 appears to fall short of frontier AI models such as Cloud 3.7 Sonnet on software engineering tasks. Windsurf says its SWE1 Lite and mini models will be available for all users on its platform, free or paid. Meanwhile, SWE1 will only be available to paid users. Windsurf did not immediately announce pricing for its SWE1 models, but claims it's cheaper to serve than Claude 3.5 Sonnet.

Windsurf is best known for tools that allow software engineers to write and edit code through conversations with an AI chatbot, a practice known as vibe coding. Other popular vibe coding startups include Curser, the largest in the space, as well as Lovable. Most of these startups, including Winsurf, have traditionally relied on AI models from OpenAI, Anthropic, and Google to power their applications.

in a video announcing the SWE model's comments made by Windsurf's head of research, Nicholas Moy, underscore Windsurf's newest efforts to differentiate its approach. Today, Frontier models are optimized for coding and they've made massive strides over the last couple of years, said Moy. But they're not enough for us. Coding is not software engineering.

Winsurf notes in a blog post that while other models are good at writing code, they struggle to work between multiple surfaces as programmers often do. such as terminals, IDEs, and the internet. The startup says SWE1 was trained using a new data model and a training recipe that encapsulates incomplete states, long-running tasks, and multiple surfaces, end quote.

you Apple has rolled out CarPlay Ultra, the next generation of CarPlay, in new and existing Aston Martins in North America after months of delays. But this is way before a wider rollout, which is coming soon. Quoting a 9-to-5 Mac. Apple also said Hyundai, Kia, and Genesis are working on adding CarPlay Ultra to their cars but did not disclose a time frame.

CarPlay Ultra integrates vehicle controls with the CarPlay experience including taking over display of the instrument cluster and gauges, toggles for air conditioning and driver assistance systems, advanced media controls and more. CarPlay Ultra services all of the screens in the vehicle, not just the primary infotainment display.

That includes digital renderings of the speedometer, tachometer, fuel gauge, and more. CarPlay apps like media and navigation can also seamlessly integrate into the instrument cluster. CarPlay Ultra cars also allow for on-screen controls or Siri voice commands to control car features.

like the radio and climate, as well as vehicle-specific features like performance driving modes. Widgets from the iPhone can also be projected on the infotainment display to show glanceable information like calendar or weather.

Of course, the big question mark with CarPlay Ultra is availability. A launch with just Aston Martin vehicles is pretty restrictive. In today's press release, Apple announced an expansion of car manufacturers committed to supporting CarPlay Ultra, including Hyundai and Kia. Apple also previously showed renders of what next-gen CarPlay would look like in Porsche vehicles. However, there is no timeline for when CarPlay Ultra will be made available on anything but Aston Martin right now, end quote.

Time for the weekend long read suggestions. First up, not a long read exactly, but explanation of some cool new tech that I wasn't aware of. Infrared wireless charging. quoting the verge one morning last month i walked into my kitchen to get a glass of water but my smart faucet was out of battery I went to sit down in my front room and the shade was still shut. It was out of battery. I walked down the hall and found a beached robot vacuum out of battery.

I headed outside to feed the chickens, unlocking the back door on the way out. The battery-powered smart lock had done what it was supposed to and automatically locked at 8 p.m. At least something was working. The game changer here is wireless charging. Not wireless like putting your phone on a charging pad. Wireless like across the room.

For the past year, a Y-Charge transmitter in my ceiling has been shooting infrared lasers at a photovoltaic panel on the specially modified Alfred DB2S Smart Lock. my back door keeping its battery hovering at 100% so I never have to deal with a deadlock when going to feed my chickens. To get this souped-up setup costs around $1,250

required cutting a hole in my ceiling and is only available through an early access program. The wide charge compatible Alfred lock can't be purchased off the shelf. However, despite this extra effort after a year of living with a wirelessly powered smart lock whose battery I never have to mess with, I want this for everything in my smart home, end quote. And finally today, not tech, but a publication called Dirt.

has a look at the newfangled movie studios like A24 that are basically the only things winning in Hollywood right now, unless you've got a superhero or two in your pocket. What we might call Peak A24, stretching between 2019 and 2022, began with the Safdie Brothers Diamond District Thriller Uncut Gems. a nervy and propulsive character study of a gambling addict played by Adam Sandler who might just win the bet of a lifetime.

The September Before Uncut Gems' December release in 2019, A24 launched A24 Books, an imprint to showcase with coffee table flair, gorgeous hardcover books that collected scripts, essays, and celebrities like Frank Ocean and literary names like Carmen Maria Machado and

Photos from select films the first releases ex machina the witch and moonlight A24's merch, along with a zine tied to new releases, was already well known, seen as lovingly rendered accompaniments to films that had the confectionary allure of a rare vinyl pressing.

The books, which were initially celebrated as deep dives before later being more clearly labeled as screenplay books, helped to more explicitly lash together a selection of A24 achievements, straightening out the timeline in both directions, a built-in method for enshrining future touchstones legitimized by artsy packaging. In 2022, Stripes LLC, around $70 billion as a fund, led a $225 million equity investment in A24.

North of 60% of the people that go to see an A24 movie in a theater go because it's an A24 film. Stripes founder Ken Fox told Bloomberg, invoking the myth of that all-consuming A24 fan who loves everything everywhere all at once, or Lady Bird, as much as waves or white noise. They've watched A24 content, and they know that the quality is going to be exceptional and interesting and compelling. Basically, A24 and Disney are the only two companies that test that way.

At the end of June 2024, Thrive Capital, a major investor in OpenAI along with other investing parties, participated in another round of funding to the tune of $100 million and a $3.5 billion valuation. Thrive Capital founder Josh Kushner will sit on A24's board. What is being entertained here is the degree to which a studio can serve as a litmus test for where modern filmmaking is headed.

A24 has become both a very telling kind of punching bag, absorbing any number of wider systemic issues and anxieties, and a hero single-handedly rescuing cinema from a swift death. the cavalier flattening of major studio filmmaking exemplified by the endless resurrection of nostalgia-bait IP and corporate overreach, makes it easy to cast doubt on the legitimacy of any studio's artistic intentions, or if the question of making art enters the equation at all.

A24 is pointed to as the singular way forward, but the company always wanted to assimilate into the mainstream just by a less conventional approach, end quote. Okay, since I gave you part one of the World Cup of Entrepreneurs yesterday, I figured I'd give you part two this weekend as a bonus episode just to put a bow on it. Thanks again to founder collective for inviting me to the conference yesterday was tons and tons of Talk to you on Monday.

Get a fresh start feeling for less. At Matalan there's a huge 20% off home wear and kids wear. Get your home and garden prepped for the sunny weather. And kit out the kids too. Shop in-store and online at matalan.co.uk. T's and C's apply.