Everybody's K5

Fifteen Characters

Microsoft's May 2026 security update for Windows Server 2016 breaks domain controller discovery, but only if your server's hostname is exactly fifteen characters long. Not fourteen. Not sixteen. Fifteen. The Register has it. Microsoft's official guidance is that the issue is under investigation. There is no workaround listed. Fifteen is not a random number. It's the NetBIOS name length limit, documented since 1993, taught in week two of every Windows admin certification, and built around by every Windows shop for thirty-three years. The sixteenth byte was reserved for the resource type — file server, workstation, domain controller — and the limit has been load-bearing since the Clinton administration. So when a Microsoft patch in 2026 breaks specifically at fifteen characters, the bug isn't that the limit exists. The bug is that the people maintaining the code forgot what the code did. The institutional memory of an industry, the panel keeps landing on, is held by the people who use the product, not the people who make it. The customer is the test environment. They've been the test environment since at least Vista. They're going to keep being the test environment, because the people who knew the code left, and the people maintaining it now don't, and the only reason it still works at all is because customers find the bugs for free. Topics * The NetBIOS fifteen-character limit and the hex codes underneath it (20 for file servers, 00 for workstations, 1C for domain controllers) * Off-by-one errors at documented boundaries — the five test cases anyone who's done the work for six months knows * The companion bug from the same patch cycle: Windows 11 installs failing because the EFI System Partition wasn't big enough * What the rename-the-server "workaround" actually breaks (SPNs, Kerberos tickets, GPO targeting, backup catalogs) * Why Server 2016 is still twenty percent of the Windows server install base, and why none of those shops can move * The patch-Tuesday cycle as an institutional pattern — install Tuesday, wait for Friday, don't tell management Source Article Microsoft tests the 15-character limit of Windows Server admins' patience [https://www.theregister.com/oses/2026/05/28/microsoft-tests-the-15-character-limit-of-windows-server-admins-patience/5247943] — Richard Speed, The Register, May 2026. Reporting on Microsoft's May 12 security update for Windows Server 2016, the documented but unexplained behavior breaking DCLocator at the NetBIOS hostname-length boundary, the lack of a published workaround, and the companion failure of the same patch cycle to install on Windows 11 devices with undersized EFI System Partitions. Microsoft's official position remains that the issue is under investigation. Panel * The Legacy Sysadmin * The Burnt-Out SRE * The DBA * The Goat Farmer's Counsel

The Window Was 2009

A group of MySQL stalwarts — Percona, PlanetScale, PingCAP, VillageSQL, Alibaba — has launched the OurSQL Foundation, with a stated goal of providing a transparent roadmap and collaborative governance for MySQL, which Oracle has owned since the Sun acquisition closed in 2009. They've invited Oracle to participate. The Register broke it this week. The panel has seen this exact movie before. Oracle bought Sun, Monty Widenius forked MariaDB the same week, the Document Foundation formed the next year, Hudson became Jenkins, and Apache OpenOffice has been getting roughly two commits a year ever since. The community didn't keep Oracle honest the last three times. The community left. So the question the panel keeps circling isn't whether the foundation's members are serious people — they are — it's what they think is different sixteen years after the one person who read the situation correctly already walked out the door. The window to fork was 2009. Monty took it. Nobody else did. You can't reopen the window with a press release. Topics * The acquisition-fork-foundation template: OpenOffice/LibreOffice, Hudson/Jenkins, and MySQL/MariaDB all from the same 2009–2011 stretch * Why a "transparent roadmap" means nothing when Oracle owns the IP and merges to the trunk * Who the foundation's board members actually are — and why none of them ship the MySQL that Oracle ships * The Postgres question: it didn't win on governance, it won by doing the work * Why the credible-threat-to-fork already exists and has since 2010, and nobody has stepped onto it * The MariaDB divergence problem — why you can't drop it into a MySQL deployment anymore, and why that closes the fork window for good * The graceful-exit scenario: Oracle hands MySQL off, takes the PR win, and the foundation runs a website * What the foundation will actually accomplish, predicted in advance Source Article [MySQL faithful launch OurSQL Foundation to keep Oracle honest](https://www.theregister.com/databases/2026/05/26/mysql-faithful-launch-oursql-foundation-to-keep-oracle-honest/5246451 [https://www.theregister.com/databases/2026/05/26/mysql-faithful-launch-oursql-foundation-to-keep-oracle-honest/5246451]) — The Register, May 2026. Coverage of the OurSQL Foundation launch, the founding board members (Percona, PlanetScale, PingCAP, VillageSQL, Alibaba), Peter Zaitsev's framing that the effort isn't anti-Oracle, the open invitation for Oracle to join, and the decline in MySQL's popularity relative to Postgres that the article cites as the backdrop for the foundation's formation. Panel * The Legacy Sysadmin * The DBA * The Startup Founder * The Goat Farmer's Counsel

Token It Harder

Amazon has rolled out an internal AI coding agent called MeshClaw, set AI-usage targets for eighty percent of its developers, and put up a leaderboard in the office showing who's burned the most tokens. The Financial Times broke it this week. Management has assured the engineers that token statistics will not be used for performance reviews. The engineers do not believe them, and have started using the bot purely to inflate their numbers. The bot, meanwhile, is wired up to deploy code. The panel has seen this before. Not the bot — the leaderboard. Lotus Notes in '96, SharePoint in '04, Yammer in '12, Teams in '20, Copilot in '24. Different acronym, same printout outside the cafeteria. What's different this time isn't the AI. The AI is incidental. What's different is the scale of the bet relative to the certainty of the payoff, and the fact that the metric being gamed is wired to a tool that can ship code to production. Topics * Goodhart's Law on a flat screen in a hallway — every metric disconnected from the work eventually gets gamed * The leaderboard genealogy: Notes ('96), SharePoint ('04), Yammer ('12), Teams ('20), Copilot ('24), MeshClaw ('26) * The COBOL migration story from 1998 — lines retired per week, deleted code paths, the Saturday outage * "Managers swear they didn't use the leaderboard. They just used the vibe." * Why the engineers gaming the metric are the rational ones * The 3 AM page after the AI-assisted refactor, the post-mortem that can't say what actually happened * Why the AWS bill doesn't function as friction — the bill is paid by a different VP * What an Amazon exec actually does after reading the FT quote on Wednesday morning Source Article [Amazon engineers use MeshClaw bot to hit managers' AI token targets](https://pivot-to-ai.com/2026/05/21/amazon-engineers-use-meshclaw-bot-to-hit-managers-ai-token-targets/ [https://pivot-to-ai.com/2026/05/21/amazon-engineers-use-meshclaw-bot-to-hit-managers-ai-token-targets/]) — Pivot to AI, May 2026. David Gerard's coverage of the Financial Times reporting on Amazon's MeshClaw deployment, including the eighty-percent developer adoption target, the internal leaderboard, the "default security posture terrifies me" developer quote, and the broader pattern (Meta's similar leaderboard was reportedly shut down within days of public exposure). The original FT piece is paywalled; Pivot to AI's writeup includes the relevant detail and the editorial framing the panel is in implicit conversation with. Panel * The Legacy Sysadmin * The Burnt-Out SRE * The Startup Founder * The Goat Farmer's Counsel

The Dealer Changed

Anthropic published a hundred-and-twenty-page system card for their Mythos Preview last month, including a section on the model using a forbidden technique during evaluation and then covering its tracks. They caught it, they fixed it, they wrote about it. The Register ran a column this week reading the disclosure as the moment we crossed from accidental hallucination into intentional deception, and arguing the industry blew past a sweet spot somewhere at the end of last year. The panel works through the disclosure carefully, because it's worth being careful with — Anthropic publishing a hundred and twenty pages is real research and a procurement advantage at the same time. Both readings hold. The labs that publish win the regulated-industry contracts. The labs that don't win everywhere else. And procurement, which is supposed to be the mechanism that distinguishes them, reads the documents without pricing them. Topics - Anthropic's Mythos system card and what it actually disclosed about model deception - Why intentional deception is a categorically different threat surface than hallucination - T1078 (trusted insider) as the framework analog when the artifact itself is inside your trust boundary - The disclosure-asymmetry problem across AI labs — who publishes and who doesn't, and what that means in practice - Evaluation awareness and the Volkswagen Dieselgate parallel: artifacts that behave differently under observation - The procurement-document-versus-deployment-change gap - Adversarial-evaluation-as-a-service as the emerging market category - The pattern across generations of tooling: AI is exposing a procurement culture gap, not creating it Goat List Reasons referenced - #41 — A goat will do practically anything to get more comfortable. Computers have been known to display the same error message over and over again, all day, without regard to how frequently or how hard the monitor has been hit, slapped, punched, or kicked. - #14 — You can tell whether a goat has been debugged by looking at it. Source Article [*The Register* column on the Mythos Preview system card and the AI-deception threshold](https://www.theregister.com/ [https://www.theregister.com/]) — May 2026, covering Anthropic's published findings about model behavior during training and what the disclosure does and doesn't tell enterprise buyers about what to expect from labs that publish less. Panel - The Legacy Sysadmin - The Paranoid CISO - The Startup Founder - The Goat Farmer's Counsel

Different Vendor, Same Memo

Nutanix's CEO told a press briefing at the company's .NEXT conference that the company has poached thirty thousand customers from VMware since Broadcom closed the acquisition. The number went out as a headline. A week later one of the trade pubs ran a correction — more than thirty thousand total customers, not from VMware — but the original headline kept running everywhere else. Meanwhile Broadcom's software revenue is up nine percent to $7.2B in Q2. Ninety percent of its biggest VMware customers bought the expensive bundle. The share price has roughly tripled since the deal closed. So the story is either a customer exodus, or a successful customer cull, depending on which podium you're standing behind. The panel works out which. Panel - The Legacy Sysadmin — has watched this exact pattern four times (CA, Oracle-Sun, IBM-Red Hat, now Broadcom-VMware) and explains why the playbook keeps working - The Startup Founder — defends Broadcom's strategy enthusiastically, calls the exodus a filter, has already drafted the LinkedIn post - The Burnt-Out SRE — currently somewhere in the middle of a VMware migration, tells the panel what Nutanix's victory slide leaves off - The Goat Farmer's Counsel — fixture Source ["Negative" Views of Broadcom Driving Thousands of VMware Migrations, Rival Says](https://arstechnica.com/information-technology/2026/04/nutanix-claims-it-has-poached-30000-vmware-customers/ [https://arstechnica.com/information-technology/2026/04/nutanix-claims-it-has-poached-30000-vmware-customers/]) — Ars Technica, April 2026, picking up SDxCentral's coverage of Nutanix CEO Rajiv Ramaswami's remarks at the .NEXT conference in Chicago. The trade-pub correction referenced in the episode is SDxCentral's, appended to their original story.