A busy library
Photo: Benjamin Ashton via Unsplash

What’s in your software libraries?

Protocol Enterprise

Hello and welcome to Protocol Enterprise! Today: a new kind of software supply-chain problem, Intel executive shuffles and does anybody really want to build software on Web3?

Daily grind

This is the first edition of the new daily Protocol Enterprise newsletter! We’ll be arriving in your inbox each weekday afternoon with a detailed roundup of everything you need to know about the day that was in enterprise tech. Expect to see new, fun sections as well as daily contributions from our growing staff. And if you like what you see, tell a friend.


When every company is a technology company and technology itself is a competitive differentiator, it’s essential to rethink the way that IT services are delivered and how IT resources are integrated into business units. Lenovo is on this journey together with our customers and our ecosystem of technology partners.

Learn more

Spin up

Maybe the chip shortage is a good thing? Canon has been forced to ship printer ink cartridges without the chips that detect whether or not its printers are using Canon-branded cartridges, thanks to the ongoing supply-chain fiasco.

‘Fakers’ for makers

The supply-chain dangers from under-maintained open-source projects were well documented in 2021, a year capped by the Log4j disaster. But the new year has already served up another reminder that software reliant on open-source software libraries and projects can be vulnerable to a different type of problem.

Over the weekend, a developer inserted new code into two popular open-source software libraries stored in the npm package repository, which is owned by Microsoft’s GitHub, that generated a seemingly random string of characters into applications that relied on those libraries. Those libraries are used by thousands of projects and are downloaded millions of times a week, according to Bleeping Computer.

  • Developers using those libraries, called “colors” and “faker,” were forced to revert to older versions of those libraries that didn’t have the affected code to fix their apps.
  • This probably wasn’t difficult for major enterprises, which (ideally, anyway) check new versions of packages before committing them to their production apps.
  • But it did affect users of AWS’s Cloud Development Kit, an open-source framework that helps developers deploy their applications to AWS.

The act appears to have been sabotage: a statement of protest by a developer identified as Marak Squires by Bleeping Computer against corporate control of open source and the decade-old prosecution of Aaron Swartz, who committed suicide after facing serious legal problems for downloading documents from a server owned by MIT.

  • The incident bears some similarity to the actions of a developer working on the open-source Chef project in 2019, who removed code he had contributed to the project in protest of the eponymous company’s business relationship with the U.S. Immigration and Customs Enforcement agency.
  • Chef contributors scrambled to duplicate the code, which caused a great deal of disruption across open-source users and the company’s commercial customers.

Open-source software has had an immense impact on enterprise tech; it’s almost impossible to imagine the modern enterprise without open-source software, especially when it comes to cloud computing. But so much of that tech resides on a shaky foundation.

  • Squires is right about one thing: A lot of open-source work these days is done by professional contributors who work for some of the biggest tech companies on the planet.
  • But there are a surprising number of small quasi-independent projects that are subject to the whims of their creators at the heart of the world’s software.
  • And when it comes to verifying that the open-source software companies rely on is free from security problems or pranks, it’s the small and medium-sized businesses that don’t have the same resources as the enterprise ones that get hurt.

These days, software is never finished; the average code base is a living document that gets updated constantly, and that approach has unlocked a ton of innovation and produced more reliable software since it has come into vogue.

However, the cracks are starting to show. Maintaining the integrity of software supply chains will be an ongoing problem for users and vendors alike for years to come.

— Tom Krazit

Pass the chips

Intel shakes it up: Micron CFO David Zinsner will replace Intel’s CFO George Davis, who had previously said he will retire from Intel in May. Zinsner has served as memory-maker Micron’s finance chief since 2018.

But Gregory Bryant, known inside the company as “GB” over a 30-year stint, also plans to leave the company at the end of the month for a “new opportunity.” Intel looked inward to replace Bryant, tapping Michelle Johnston Holthaus to head the PC unit.

CEO Pat Gelsinger has made sweeping changes to his executive team. He brought CTO Greg Lavender along with him from VMware, and big names like Navin Shenoy, head of the data platforms group, have also left.

A rare chip IPO: When Credo Technology filed its prospectus with the SEC, we took note. The company makes chips and cables that hyperscalers use to move data around inside their facilities.

Credo’s technology is complicated, but its business isn’t: It makes money selling chips and components, and also licensing the tech it has developed since 2008. It lost $27.5 million last fiscal year on revenue of $58.7 million, but turned a profit in fiscal 2020.

TSMC December sales. TSMC reported its closely watched monthly revenue figure for December, notching a big jump over the same month last year. TSMC said it recorded net revenue of NT$155.38 billion ($5.62 billion) in December, a 32% jump. Demand for the company’s 5-nanometer manufacturing process — used for the latest Apple chips and for others found in smartphones — helped TSMC amid the wider chip shortage.

TSMC’s capacity remains full, and next year looks like it will be a good one for the business, according to Bernstein chip analyst Mark Li.

— Max A. Cherney

Upcoming at Protocol

We’ve talked at length about the promise of low-code and no-code software development tools to make companies more efficient and allow a bigger percentage of the population to create software, but how can companies implement those tools inside their organizations most effectively? Join Protocol’s Kevin McAllister on Jan. 19 at 10am PT for a virtual event with Nutanix CIO Wendy M. Pfeiffer and Kerim Akgonul, chief product officer at Pegasystems, in discussion about the best ways to make low-code and no-code tools work for you. Sign up here.

Financial corner

Data startup Labelbox, which annotes training data for AI models, closed a $110 million Series D round led by SoftBank’s Vision Fund II. The funding puts Labelbox near unicorn status and strengthens its ties to strategic investor Databricks.

Speaking of SoftBank, the multinational investment giant gave $146 million to Qraft, which uses deep-learning AI models to build exchange-traded funds. The promise for SoftBank? To figure out how to use AI to do its own investing better than highly paid fund managers.

Assent Compliance, a supply chain data management startup, raised $350 million at a valuation exceeding $1 billion, in a funding round led by Vista Equity Partners.

Stryker is acquiring Vocera Communications, a platform for healthcare workers to collaborate, for $2.97 billion in equity. The acquisition is expected to close in the first quarter of 2022.

Justworks, a SaaS company providing benefits, payroll and HR services to small and medium-sized businesses, filed an IPO to raise more than $200 million at a market cap north of $2 billion.

Around the enterprise

The U.K. plans new scrutiny of the Big Three cloud providers,seeking more information about their security and resiliency plans.

Microsoft entered into a strategic partnership with Johnson & Johnson to serve as the company’s preferred cloud provider for digital surgery solutions.

Security researchers found a new Java vulnerability similar to the Log4j problem, but don’t anticipate this one causing as many issues.

What’s next for Box? Protocol alumnus Joe Williams interviewed CEO Aaron Levie on his post-proxy fight plans.

Kleiner Perkins’ Bucky Moore shared some interesting perspectives on the year ahead for enterprise tech, including the rise of serverless computing and the supply-chain dilemma.

In case you missed it over the weekend, don't wait any longer to read outgoing Signal CEO Moxie Marlinspike’s thoughts on Web3 and software development.


Companies need to be flexible enough to scale up and down different tech stacks for a hybrid, global workforce, and adapt to new challenges. What works in one geography might not for another.

Learn more

Thanks for reading — see you tomorrow!

Recent Issues