Weekly Backlog Week 46/2025

Editorial

Digital sovereignty used to be a tech topic. In 2025, it’s power politics: Whoever controls GPUs, clouds, and networks controls value creation. This week: Pinocchio PR in the Valley, Bavaria hands out loyalty points at Microsoft, the Louvre time travels with Windows 2000, and Munich declares AI training not a legal vacuum. Europe, find a plan, not a label.

The Tech News of the Week

Sam Altman, the Pinocchio of Silicon Valley

“A lie keeps growing and growing, until it’s as plain as the nose on your face.” What Disney once taught children is now an apt description of Sam Altman’s communication style.

Altman claims OpenAI never asked for government guarantees. Yet an official letter from his company to the White House proves otherwise: OpenAI requests government guarantees, loans, and tax benefits for the expansion of data centers, the production of its own servers, and energy infrastructure. The letter even names specific funding programs through which these resources should flow.

Publicly, Altman speaks of “misunderstandings.” Internally, he plans to secure an infrastructure that apparently cannot be financed without government help. The pattern is familiar: Silicon Valley celebrates the free market – but only as long as the state picks up the tab.

What OpenAI is doing here is not “strategic communication.” It is deliberate deception. Requesting government assistance while publicly claiming the opposite is a PR chess game against the public.

Conclusion: Altman lied. Period.

🔗 OpenAI letter to the White House (PDF, October 27, 2025)

🔗 Sam Altman’s tweet on the topic (“We never asked for guarantees”)

Ralph Brinkhaus on Digital Sovereignty:

“In the end, US law always applies to US companies”

In an interview with iX, CDU politician Ralph Brinkhaus discusses Europe’s digital dependency – and why Open Source is a building block but not a panacea.

Since the Trump years, Brinkhaus says, the geopolitical situation has shifted so much that technological dependency is now a security risk. Particularly interesting: He points to the International Criminal Court, which recently turned away from Microsoft and adopted openDesk. OpenDesk is an open-source management solution.

But Brinkhaus remains realistic: Open Source doesn’t solve everything. The key is for the state to itself act as a client in technology policy – and systematically prefer European providers in tenders.

The central sentence of his interview:

“In the end, US law always applies to US companies.”

This precisely identifies the problem: Even if data is stored in Frankfurt – the legal power center remains Washington.

🔗 Interview at iX Magazine / Heise

Louvre Heist: The Password was “Louvre”

Sometimes life writes security satire. After the spectacular jewel heist at the Paris Louvre, it emerges: The IT security of the world-famous museum was a relic from 2003.

Passwords like “LOUVRE” and “THALES”, systems on Windows 2000 and XP, analog video surveillance system with poor image quality – the full program.

As early as 2014, the French cybersecurity agency ANSSI warned of serious vulnerabilities. The result was repeated in 2017. Nothing was done. When the perpetrators stole eight pieces of the French crown jewels worth around 88 million euros on October 19, 2025, modernization had already been postponed twice.

Takeaway: Security audits without implementation are not prevention, they are a waste of time.

🔗 WinFuture: IT Security Chaos at the Louvre – Password “Louvre”

Söder’s Cloud Policy: One Billion for Microsoft

Bavaria signs a contract worth one billion euros with Microsoft – without a tender, without competition, without regard for data protection or sovereignty. All authorities are to work with Microsoft 365, Teams, and Copilot in the future.

Sounds like modernization, but in reality, it’s a complete dependency on US infrastructure. Because even with “German Cloud” rhetoric, the US Cloud Act applies. The US government can access data as soon as an American company is involved.

The State Office for Information Security warns, over 100 experts demand a reassessment in an open letter. But the Ministry of Finance stubbornly sticks to its plan.

While Schleswig-Holstein, Thuringia, and France build sovereign cloud models on Open Source, Bavaria does the opposite – and sells it to us as progress.

🔗 Golem.de: One Billion Tax Euros to Microsoft – This is Bavarian Digital Sovereignty

BSI Situation Report: Germany Remains in Cyber Siege

The Federal Office for Information Security (BSI) has presented its annual report – and the conclusion is grim. Germany is not “digitally sovereign,” but digitally constantly under attack.

• 119 new vulnerabilities daily – +24% compared to 2024
• 80% of attacks target small and medium-sized enterprises
• Target groups: Authorities, defense industry, energy supply
• Quishing (QR code phishing) has arrived in everyday life

Nevertheless, the response remains reactive. Cyber defense is organizationally fragmented, strategically underfunded, and technically fragmented.

Particularly relevant: The BSI explicitly names the energy transition as a security risk for the first time. Every new charging station, every wind turbine is a new endpoint and thus a new attack surface.

🔗 Tagesschau: BSI Situation Report 2025 – Germany’s Cyber Situation Remains Critical

Munich vs. OpenAI: A Precedent for Copyright

The Munich I Regional Court has ruled: OpenAI has violated copyright. In the dispute with GEMA, the court ruled that ChatGPT stored and reproduced copyrighted song lyrics almost identically – a clear case of reproduction under copyright law.

Nine German songs are affected, including works by Helene Fischer, Herbert Grönemeyer, and Reinhard Mey. The ruling could have far-reaching consequences: If confirmed, AI providers will have to disclose which content is included in training data and possibly pay license fees.

Take: Europe shows backbone. AI may be new, but copyright is older and still applies.

🔗 Süddeutsche Zeitung: LG Munich – OpenAI Violates Copyright

Blog Post of the Week

The Great Self-Deception of Digital Sovereignty

Fabian Peter dissects in a brilliant blog post two flagship projects of European cloud policy: Delos Cloud and Stackit Workspace. Both sell themselves as European alternatives to Azure and Google Workspace – but are deeply entangled in American technology.

The platforms may operate “in Germany,” but code, architecture, and update pipelines remain in the hands of Microsoft and Google. Thus, the US Cloud Act remains applicable – so no real gain in control.

“Sovereignty cannot be bought. It is created through design.”

That is the decisive sentence of the article. Anyone serious about European cloud sovereignty must build it technically – with open standards, auditable code, and real exit strategies.

🔗 Fabian Peter: The Great Self-Deception of Digital Sovereignty

Podcast & Documentary Tips

todo:cast | Developer Podcast 🎙️ – Understanding Kubernetes

After episode 6 on Containers, this time it’s about the orchestrator: Kubernetes. If you want to understand why Kubernetes is more than YAML with an ego, you’ll get the right overview here.

Ideal for DevOps newcomers.

🔗 Spotify: todo:cast – Episode 7: Kubernetes

ARTE Documentary: Is a Digital Blackout Threatening?

This documentary is a must-watch: Data centers, undersea cables, energy shortages, geopolitical dependencies – all the things our digital life is built on. It shows how thin the threads are that our infrastructure hangs on. And how unprepared Europe is if one of these threads breaks.

🔗 Watch the Arte Documentary

Events

EU Summit – Digital Sovereignty

November 18, 2025, Berlin (Livestream available) A must-attend for anyone who wants to not only consume technology policy but shape it. Topics: Cloud, AI, European infrastructure, startups.

🔗 bmds.bund.de – Summit on European Digital Sovereignty

Review: Cyber Security Innovation Day 2025

Cyber Security Innovation Day 2025

The Saarland University impressively demonstrated that German research and startups are already operating at a world-class level in AI security. Particularly strong: SQUR, which develops automated security tests with AI support. A format that shows how practical research policy can work in Germany – if allowed.

In-Post of the Week

Sascha Pallenberg 潘賞世 comments on LinkedIn about political developments in the USA – emotional but spot-on: Hope against authoritarian tendencies. Why does this fit here? Because political stability in the USA directly decides over GPU export, cloud governance, and global supply chains. Technology is political even if it likes to present itself as neutral.

🔗 Sascha Pallenberg on LinkedIn

Meme of the Week

Thanks for the submission Jonathan Bouillon

Conclusion

Europe continues to grapple with its digital identity. Between real progress (Munich ruling, OpenDesk) and symbolic politics (Bavaria, Delos Cloud), the continent swings back and forth.