Comments

ResearcherZero August 22, 2025 10:14 PM

@Name

If they can stop criminals before they act then they do not have to worry about the difficulty of conviction. Conviction to deal with all those old case files in storage.

Not much intelligence.

During the Crimean War, British cavalrymen galloped straight into Russian cannon fire.

Looking at past military mistakes helps us see the dangers of flawed decision-making, reckless risk-taking, and poor strategic planning. We continue to live in a time in which history is ignored, facts seem like an inconvenience and there is a prevailing ideology – that one’s opinion is more important, regardless if you can back it up with facts or not.

‘https://commonplacefacts.com/2025/08/19/charge-of-the-light-brigade/

The Supreme Court first allowed the president to fire independent agency officials.
Trump can now dismantle independent agencies and regulatory bodies without restraint.
https://verdict.justia.com/2025/07/30/the-courts-power-grab-over-independent-agencies

New Out of Box Software

The U.S. is now without qualified directors and experienced leaders in many senior roles.
The federal departments and agencies which protect the well-being of the public and the nation are headed by noobs. The people in these positions also make decisions that effect the lives of people outside the United States and have an important function in making decisions about information sharing and cooperation with partnering nations and military.

https://www.jurist.org/commentary/2025/03/the-dangerous-decline-of-expertise-in-federal-government/

ResearcherZero August 22, 2025 10:58 PM

Political ignorance and the depletion of knowledge as a resource, is the new Tragedy of the Social Commons.

The politicization of complex subjects often presents a narrow view and over simplifies arguments during public discourse. As a result, the ability to identify matters of real public concern and engage in a broader discussion about them, has been weakened. This has very real consequences for our own understanding of important civic and moral concerns.

Without a deeper understanding – through our own actions – we put ourselves at greater risk of compromising not only our own well-being, but that of others and wider community itself.

‘https://www.thepublicdiscourse.com/2025/07/98373/

Name August 23, 2025 2:21 AM

@ResearcherZero that vpn article seems outright malicious. At that point, discussion becomes pointless and intelligence irrelevant, it’s not ‘ignored’ per se, just focused elsewhere. (Nothing for us to worry about)

This kills any remaining options of being able to challenge or discuss the changes suggested

Robin August 23, 2025 3:25 AM

@not important, all:

This is a link to the original paper about AI going rogue:

‘https://ai-2027.com

Other sites offer alternative endings to the scenario.

lurker August 23, 2025 6:23 PM

@Robin

ai-2027[dot]com is an interesting scifi thought experiment, but anybody who has read enough Aristotle, Locke, Kant, &c. must be wincing at the casual use of words like think, learn, reason, understand.

More concerning in a man-vs-machine scenario is the man-vs-man subplot overwhelming the main story. It would be interesting to compare a US -and- China version, rather than US -or- China.

not important August 23, 2025 6:27 PM

https://www.yahoo.com/news/articles/north-korea-secret-missile-poses-072101358.html

=The Sinpung-dong missile base is located just 27 kilometers (about 17 miles) from the China border. It’s believed to store up to nine nuclear-capable intercontinental ballistic missiles (ICBM) as well as their mobile launchers, said the report by Washington-based think tank Center for Strategic and International Studies (CSIS).

The base sits in a narrow mountain valley, cut in half by a stream, and measures 22 square kilometers (about 5,436 acres) – bigger than New York’s John F. Kennedy International Airport.

Experts say that its location near the border lends a geographical advantage – countries like the United States might be wary of targeting it since any fallout could impact adjacent China.

the base carries transporter launchers or mobile launchers – which can quickly shoot and move to a new position.

“During times of crisis or war, these launchers and missiles will exit the base, meet special warhead storage/transportation units, and conduct launch operations from dispersed pre-surveyed sites,” the report said.

North Korea is believed to possess between 40 and 50 nuclear warheads, along with the means to deliver them across the region and potentially to the US mainland.=

Clive Robinson August 23, 2025 8:30 PM

@ Ismar, ALL,

With regards the ACM paper,

https://www.schneier.com/blog/archives/2024/06/new-blog-moderation-policy.html

You’ve linked to, it should carry a “health warning”.

Because it’s not just an up-hill struggle to read. Due in part to the fact it’s written in what reads like “Domain experts” trying to be more “non expert friendly” and comming off like parents trying to answer their childs “Why is the sky blue?” Question.

Thus you get things like,

“such as top-p or top-k sampling with nonzero temperature.”

And no further explanation. Thus a non domain reader knows not if it is a throw away statment or something of significant relevance. With further no way of knowing what relevance the writers ascribe to it…

Thus for non domain experts the paper suffers one of four fates,

1, It imparts confusion not clarity.
2, It gets put down / ignored.
3, The reader consults a traditional search engine.
4, The reader asks an AI to expand / explain.

Some will realise that the best option for those with expertise in other domains is at the moment still ‘3 – consult a traditional search engine’.

But AI slop is polluting the internet, and not only does that have a bad feedback effect on “Hover it all up AI”, but less well publicised it effects traditional search engines as well. Which additionally are also suffering from Corry Doctrow’s “enshitification” problem as well as a double whammy. Thus combined making them increasingly worse than useless or a significant grueling challenge to use, that at times feels like wading through a turbulent stream of diarrhoea…

Thus of the four options available to non domain experts the two (3/4) that might have helped them forward are being polluted with noise and bias and becoming in effect useless.

Leaving only the first two options (1/2) where a non domain experts gets at best no value in the paper and have at the very least wasted their time, if not worse.

I do not know if this is because the authors are just poor writers, or they were trying to put to much into too little assigned space… But what is clear is,

“They have not achieved meaningful communications.”

Thus few can judge the merit of the message they were attempting to convey.

But even now a traditional search has been polluted… To see why I say

“that at times feels like wading through a turbulent stream of diarrhoea…”

Lets “walk it through”,

If you “duck-duck” with AI turned off you get nine poor examples before you get to,

https://codefinity.com/blog/Understanding-Temperature%2C-Top-k%2C-and-Top-p-Sampling-in-Generative-Models

How many people would go that far?

And unfortunately whilst it sort of explains Top-K and Top-P to a level most can start productively thinking about in terms of probability they were taught in school… Temperature remains a mystery behind the “door-stop” of the technical term “logits” that do not get explained in a meaningful way…

And another search gives a page,

https://peterchng.com/blog/2023/05/02/token-selection-strategies-top-k-top-p-and-temperature/

Does a less well explanation of Top-K and Top-P but… explains Temperature via Softmax in a way few would understand, with only the pictured graphs giving a clue.

But of “logits” there is no sign…

To save the pain of looking through many pages with eye aching formula, in a “Digital Neural Network”(DNN) neuron there are a large number of inputs from tokens or previous layer neurons. These inputs are multiplied by the “weights” these are summed. and thus an output range between “plus and minus infinity” is potentially possible. This needs to be brought into a usable range –ie normalised– before it can be used in the next layer.

This normalisation is sometimes done via a “Sigmoid function” which has certain desirable characteristics for this. Because it is a mathematical function with a graph that has a characteristic S-shaped or “sigmoid” curve, that reversibly maps any real input via the curve to an output in the ranges from minus one to one. This curve can be done via the exponential or “log”(ln) function so in this case is called a “logistic function” And this is where the statistical term “logit” comes from as it’s “the inverse transform of the logistic function”. Or more readily it’s “the logarithm of the odds p/(1-p)” so,

logit(p) = ln(p/(1-p))

However…In the world of AI and artificial neural networks Sigmoid and Logistic get used as synonyms. Worse they use “logits” as a shorthand for the raw “not yet normalised” input to the final layer normalisation function (SoftMax).

Also remember as far as we can tell natural neurons have different equivalent output curves that are not reversible so not Sigmoids, and in effect are the integration of multiple variable frequency pulse train inputs so not really linear sums of the inputs either.

The question of speed and required accuracy of the Sigmoid curve normalisation arises and a crude three straight line linear approximation has been used successfully. With a closer approximation done faster by a look-up table. Thus giving a “memory time trade off”.

But what of “Temperature” this is a function carried out on the logits vector prior to the Softmax Sigmoid function normalisation and can be thought of as a multiplicative or scaling rather than additive bias. However to the eye on the output of the Softmax functions it looks somewhat like an additive shift or bias. The result is it effects the degree of “randomness” that some see incorrectly see as “creativity”.

Which brings me back to my point about the ACM paper and the four options. As can be seen from my partial demonstration above, option 3 of consulting a traditional search engine can be grueling work for those without sufficient domain knowledge, but also it has low relevance to the argument being made…

Which is a shame because the message in the paper is getting lost in the message for all but a few, who would in effect be “part of choir/congregation”.

lurker August 24, 2025 1:42 AM

@Clive, Ismar

re CACM price of AI, skip to the conclusions for the best bits:

Fortunately, we have extensive experience in building usable processes based on nondeterministic components that may sometimes produce erroneous results or fall prey to an attacker’s meddling—namely, our fellow human beings.

Where we monitor humans, have multiple humans cross-check each other, and enforce compliance regimens, … These methods have been in use for millennia, even in the most critical of systems, and their generalizations will continue to be useful in the age of AI.

ie. don’t be dazzled by the blinkng lights, treat it as a new coworker: it has to earn our trust.

Ismar August 24, 2025 3:19 AM

@Clive
I think you are overthinking this. What I wanted to convey (and article is clear about) is that the best we can hope for AI security is mitigation rather than perfection.

ResearcherZero August 24, 2025 7:16 AM

@Name

RE: that vpn article seems outright malicious.

As you alluded to, the style of how we write is within our control. The modern convenience of electronic communication makes it all too easy to produce content that fails to properly explore the subject or is unhelpfully antagonistic. Perhaps the author could of examined the wider negative effect of “quick fixes” and a lack of nuance in the government policy.

The following article discusses the ease of typing compared with hand writing. It is part of a number of wider issues that are caused by automation that include the effect on public discourse, cognition and attention span. Other influences that effect or capacity to cope with stress, also affect our cognition and ability to make well thought through decisions (such as financial pressure, health and social relationships).

Despite the resources of government and media, they do seem to have fallen short in the delivery of communication and messaging in many areas. Perhaps this too is part of the wider symptoms of the modern communication environment and the decline in handwriting.

(I worry about the decline in my own literary skills and lazy rubbish I might puke out.)

Writing by hand activates a much broader and richer cognitive process. With more effort comes a greater consideration of the content produced. Longer periods of thought deciding how to structure and edit the verse. Extra care in the words chosen to create a clearer message and a better articulated construct. The are further benefits of writing by hand.

‘https://www.mid-day.com/sunday-mid-day/article/likhna-zaroori-hai-experts-highlight-why-it-is-important-to-continue-writing-by-hand-23590844

Countries begin suspending postal services to the United States to avoid tariffs.
https://www.cbsnews.com/news/european-postal-services-suspend-us-packages-shipment-tariffs/

What was it that I was saying again? [loses train of thought] 😉
https://williamcfox.substack.com/p/is-society-getting-stupider-a-serious

Clive Robinson August 24, 2025 9:32 AM

@ Jon,

With regards,

Unlocking shopping carts

Ever thought how much those shopping cart disable wheels are like the mechanics of an electronic lock for hotels and the like?

For instance the outside door handle is “clutched” to the traditional door latch/lock spindle. So the handle is effectively useless unless the clutch pulls in to connect the handle and spindle.

Back in the 1980’s I was a design engineer for a lock company (Unikey) after I decided working in the crazy part of the offshore gas and oil industry was nolonger fun (or the crap wages).

The existing lock they had was not quite what it could be and it unfortunately used a solenoid to pull in a gear link on a rocker.

That was a security issue because a large magnet would activate it and the door could be opened with no logging or key-card required.

It was also not very efficient.

I designed a simple mechanical device (a soft iron slug on a weak spring) such that if a magnet was brought near the lock the slug blocked the mechanics connected to the solenoid and stoped the dore handle connecting to the latching mechanism.

I’d brought a friend on board to help in the development and we discussed using a clutch mechanism not to disimilar to that in the trolly wheel system. Though we dropped the idea of the teeth as it was slightly problematic in that it was slow and hungry not just to engage but disengage. So after bringing his father in who was a skilled engineer with about half a centuries experience in related mechanics we went with a friction design instead. This ment we did not have to run a geared down motor to pull the scissor mechanism.

We went with a drop pin that acted as a gear tooth, that used the rotation force of the human hand on the door handle to pull it in and thus the clutch to mechanically link the handle to the lock spigot.

It was a clean design, did not suffer from magnet problems and used next to no power.

We were going to take out a patent but the managing director leo, who shall otherwise remain unnamed decided that he was not going to spend the money… My friends father therefore took out a patent instead. Both me and my friend left the company very shortly after Leo made his choice and all the drawings and mechanical prototypes that had been made by us using our own materials returned to our keeping.

My friends father used the clutch design in other work (vortex mixers) and made some money, as well as selling a licence or three on the lock design which had interested a number of high security companies and it ended up in high end electronic safes. Four decades later the clutch design is effectively out of patent but licence deals can be endless. But also remember that there are primary and secondary patents. Primary patents like the clutch design rarely make money, but secondary patents applying the primary paternt to specific applications if gained at the right time in the right way can not just earn money but block others getting into the market in competition…

not important August 24, 2025 6:02 PM

https://www.yahoo.com/news/articles/fort-worth-researchers-plan-ai-212409598.html

=There are more than 11,000 unidentified bodies in the U.S., according to the National Missing and Unidentified Persons System.

Soon, identifying those bodies could get a little easier, thanks to new software being developed at UNT Health Fort Worth.

The university is part of a team that was recently awarded a $2 million grant from the National Institute of Justice to develop artificial intelligence-powered software that can be used by forensic anthropologists to make identifying human remains more accurate.

forensic anthropologists identify human remains by creating a biological profile of a deceased individual, in which they estimate a person’s age, ancestry, sex, and height. Currently, forensic anthropologists estimate these individually, without considering how they interact with each other.

But Lesciotto’s AI software project will work differently. Forensic anthropologists will input data from the deceased individual — like bone measurements — and the software will use machine learning to help identify new patterns within the data. The end result, Lesciotto said, is that the software will provide an estimate and say, for example, that a given individual is most likely male and between 5 feet 8 inches and 6 feet in height.

To create the AI software, Lesciotto and her colleagues will build a reference database from skeletal remains that have been donated. >The donated skeletons will allow the researchers to train the software on relationships between different demographic characteristics.=

ResearcherZero August 24, 2025 11:08 PM

@Clive

State and federal government has engaged in similar behaviour to the OSA in Australia. The actions have come after decades of inquiries into Institutional Abuse, where after each preceding inquiry, few (or none) of the previous recommendations where implemented. The failure to implement any of the recommendations on law reform allowed serial predators to continue to escape conviction. All of the offenders were in places of authority in either government or religious institutions. Schools, sporting bodies, places supervising children.

Many of the offenders worked in justice and law enforcement. Exactly in the place where sentencing was never secured — despite the conviction of the offenders. As a result, those offenders continued working in their professions while they continued to offend. Despite overwhelming evidence and repeated court testimony of further victims, they remained there.

Recommendations such as background checks and supervision, make absolutely no difference when the very system designed to enforce the law and pass judgement against offenders is not subject to independent supervision or investigation, while administered by offenders.

“Interventions” such as the Online Safety Act allow the government to completely escape the responsibility of protecting children from a perverted and flawed justice system and real physical assault, malicious interference and retribution from the system that is supposed to protect those very same children.

Highlighting VPNs in the online world avoids having to take the action needed in the offline world, where government representatives would be required to take personal action. Avoiding personal involvement</> avoids any chance of <b>accountability or personal and public exposure to the scandal of systematic and institutional child abuse being left without any real action to address it, allowing for further retribution and abuse, while these same child safety “interventions” take place.

Nothing will be done about unlawful surveillance of children and victims of crime, or any other member of the public subjected to the abuses of authority and powerful positions.

Corporate lobbying will however get full personal attention — along with anything that can take place out of sight and out of mind of the public — despite any public outcry about the short-lived issues that do make it to the headlines and into the public hive consciousness.

Who actually is the head and what is a head?

Information in the head — not the report — of the experienced head of Intelligence.

Head of Pentagon Intelligence is fired for a report that said things other than wanted…

‘https://apnews.com/article/pentagon-dia-iran-intelligence-trump-kruse-5cb1fb89b8f12c3b517f139f6d840b48

Information in the head — not the draft — of the book by former Trump advisor.

The raid of John Bolton’s home was over a draft of his book, not about his head content.
https://edition.cnn.com/2025/08/23/politics/john-bolton-2020-investigation

Part of draft of book — not the draft — of the book in emails of draft of book.

No! The emails of part of a draft of Bolton’s book are not about the book, and are “entirely separate from a different investigation into Bolton’s alleged inclusion of national security secrets in his 2020 book,” says someone perhaps at the New York Post. Perhaps the argument was made by the Trump administration, or the FBI. No-one really knows.

“I could know about it. I could be the one starting — and I’m actually the chief law enforcement officer — but I feel that it’s better this way,” the president added. (?)

https://nypost.com/2025/08/22/us-news/patels-fbi-raids-john-boltons-home-in-high-profile-national-security-probe/

ResearcherZero August 25, 2025 12:19 AM

@Clive

One of the corporations behind the push for the “online safety” act, News Corp, operates on behalf of powerful political players in return for political favors. Its top senior government relations executive Todd Thorpe flew to Canberra in 2025 to ensure success.

(spelled News Corp, not News Corpse, a common misconception)

‘https://www.crikey.com.au/2025/05/13/news-corp-federal-election-labor-coalition-nine-abc/

News Corp lied to the Australian parliament in its bid to change media laws in its favor.
https://asiapacificreport.nz/2025/01/26/news-corp-lies-to-australian-parliament-in-lobbying-putsch-to-change-media-laws/

(No. Not to further the Murdoch Empire’s own selfish interests. For the kids silly!) 😉

News Corp launched its ‘Let Them Be Kids’ campaign to change media laws. It has done a smashing job by not reporting on crimes committed against children by powerful people, but rather by distracting the public with stories about children running wild on the streets, children committing crimes and the need to investigate things in News Corp’s interest and the need to build more youth detention facilities in which to punish children.

https://www.crikey.com.au/2024/11/11/teen-social-media-ban-australia-timeline/

In 2006, the Australian government amended media laws to further extend Murdoch’s power.
https://www.smh.com.au/business/parliament-passes-media-laws-20061018-gdomil.html

ResearcherZero August 25, 2025 2:16 AM

In Australia we don’t bother with fact-checking or thinking through stupid decisions before making them. Proper supervision around unknown adults is a lot of bother requiring far too much accountability from elected representatives of government. They are busy and do not have time to read reports or think through the implications of a lack of accountability.

‘https://www.abc.net.au/news/2025-08-23/childcare-safety-education-minister-cctv/105666692

Locking up children in Australia. A workable model for the United States.

If a small child is spotted by police they are tossed in the local lock-up. Later they are detained long-term in a juvenile detention facility until someone figures out a solution.

The words of children cannot be believed and prosecutors can make up evidence as they go.
Prosecutors and the police are legally allowed to lie and interrogate children alone to obtain a confession – without the presence of a guardian, parent or responsible adult.

The presumption of doli incapax is irrefutable up until the age of 7, while for the ages of 7 through to 13, it is open for the court to rebut the principle if the prosecution can prove the child was capable of understanding they had engaged in serious wrongdoing. The prosecution must be able to prove that the child knew they were doing something seriously wrong, regardless of how obviously wrong the crime committed might appear to adults. Only once this level of understanding has been established, can a child then be imprisoned.

(Of course in reality no-one ensures doli incapax is properly applied.) 😉

The prosecution can legally withhold evidence that would prove a child’s innocence. The prosecution can legally withhold evidence that would prove an offense committed against a child by an adult and also refuse to call bystanders or police who were present at the time. The prosecution can choose both the charge and the sentence to be applied, or no sentence at all following a conviction for serious crime against a child by an adult.

https://www.sydneycriminallawyers.com.au/blog/doli-incapax-the-presumption-that-kids-between-10-and-14-cannot-form-criminal-intent/

…in a recent development

Youth convictions fell after the High Court clarified the legal term of doli incapax.
https://www.abc.net.au/listen/programs/am/youth-convictions-plunge-after-legal-term-clarified/105266678

not important August 25, 2025 5:51 PM

@lurker – that is just example how that (bleeping) fine print is working against average user – Joe/Jane. Government silently exclude itself from analyzing and fighting such fraudulent established practice which is everywhere: term of usage on multiple pages in legalize, account agreements and privacy terms with banks, insurance companies, other big business where on one side is huge legal department drafting those documents which leave zero chance for user to win in case of any disagreement: e.g.banning class action lawsuits, arbitrage as the only option, you name it.
YouTube is within the same corporate family with Google which declared motto was at the beginning: ‘Don’t be evil’. They absolutely abandon this for chasing profits by any means.

Anonymous August 26, 2025 12:21 AM

The newly-created AI super PAC network ‘Leading the Future’ (LTF) has pulled together a $100 million political spending fund aimed to support candidates aligned with a pro-AI agenda.

It will begin spending this year on state races in California, New York, Illinois, and Ohio. It will expand to federal races ahead of the 2026 midterm elections.

It’s reported that no contingent of the Democratic Party has staked out positions in opposition to AI.

LTF “said it would support both Democrats and Republicans and would include federal and state PACs and a 501(c)(4) organization that advocates for policies.”

I’m trying to think what positions would be considered “anti-AI.”

ResearcherZero August 26, 2025 2:45 AM

Large scale RDP scanning is looking for information leaks for possible later attacks.

‘https://www.greynoise.io/blog/surge-malicious-ips-probe-microsoft-remote-desktop

ResearcherZero August 26, 2025 2:54 AM

Microsoft vulnerability exploited in Canadian House of Commons breach.

‘https://www.cpomagazine.com/cyber-security/canadas-house-of-commons-hit-by-data-breach-exploiting-recent-microsoft-vulnerability/

Robin August 26, 2025 3:05 AM

@Anonymous:

I’m trying to think what positions would be considered “anti-AI.”

Anyone who questions the business model of the AI bubble.

Anything that says they don’t want data centres built in their backyard, or that questions whether there’s enough water or energy available in their constituency to support them.

And depending on whether the agenda is honest or not – anyone who supports renewable energy or encourages inward migration of tech specialists.

not important August 26, 2025 4:35 PM

How to stop AI agents going rogue
https://www.bbc.com/news/articles/cq87e0dwj25o

=Disturbing results emerged earlier this year, when AI developer Anthropic tested leading AI models to see if they engaged in risky behaviour when using sensitive information.

Mostly when we interact with AI it usually involves asking a question or prompting the AI to complete a task.
But it’s becoming more common for AI systems to make decisions and take action on behalf of the user, which often involves sifting through information, like emails and files.

Given agents have access to sensitive information and the ability to act on it, they are an attractive target for hackers.

One of the threats is memory poisoning, where an attacker interferes with the agent’s knowledge base to change its decision making and actions.

Another threat is tool misuse, where an attacker gets the AI to use its tools inappropriately.

Another potential weakness is the inability of AI to tell the difference between the text it’s supposed to be processing and the instructions it’s supposed to be following.

!!!His company has demonstrated how instructions and malicious programs can be hidden in Word documents, images and databases, and activated when AI processes them.

Old “zombie” agents could be left running in the business, posing a risk to all the systems they can access, says Mr Casey.

Similar to the way that HR deactivates an employee’s logins when they leave, there needs to be a process for shutting down AI agents that have finished their work, he says.

“You need to make sure you do the same thing as you do with a human: cut off all access to systems. Let’s make sure we walk them out of the building, take their badge off them.”=

lurker August 26, 2025 5:37 PM

@not important

The AI “failure” rates in that article suggest an old meme: If AI was a car it wouldn’t be allowed on the road. But then as Mr. Casey hints, maybe it’s the driver at fault …

HeyBruce August 26, 2025 11:10 PM

Just saw this story. It’s interesting…

From https://thehackernews.com/2025/08/linux-malware-delivered-via-malicious.html AND the Google AI response for “linux malware malicious filename rar“:

Starts with a phishing email with an attachment…

The filename itself is the mallicious part. A BASH script is embeded in the filename, not its contents. Eg:

“foo.pdf`{echo,<Base64-encoded command>}|{base64,-d}|bash`”

The file itself is innocuous. But anything that attempts to parse the filename, and can evaluate it, runs the mallicious payload.

Nasty… Not sure how well it will actually work, but nasty if it does…

Reminicent of Little Bobby Tables: https://xkcd.com/327/
Sanitize your inputs…

Clive Robinson August 27, 2025 12:26 AM

@ HeyBruce, ALL,

You note,

“The filename itself is the mallicious part. A BASH script is embeded in the filename, not its contents.”

This is actually an old attack and goes back to the days of “the magic file” at least. The problem used to happen on 8bit home computers as well. Funny thing is the same problem has recently happened with AI systems.

The problem boils down to “the command shell is an interpreter”.

And it suffers from the issue that

“Input text can be a command or data”

If the command shell can not tell the difference between the two, then what should it do?

It’s why some programs “vi” being the most well known still have separate input and command modes switched by a known key combination.

The thing is editors like “vi” are not the only thing as your reference to XKCD’s “little bobby tables” databases can have the same issue.

The real problem that nobody talks about is, in reality you can not effectively,

“Sanitize your inputs…”

The reason is the complex and knoty problem of,

“In band signalling”

That back a decade or so ago was one of the way hackers “got into the heap”.

Now… Using non ASCII character sets all sorts of new tricks can be done.

If you have a *nix box with a shell try using the “echo” “touch” and “tr” commands to change file names to what ever you want. Back when users could cock-up things and end up with file names with spaces or control chars in they could not be “used or removed”. Some admins found the inode and used that others were more creative.

If any one ever wonders why the terminal interface got called “CLI mode”, just remember the I stands for “interpreter” or “a whole world of hurt in ‘I’nexperienced hands” 😉

For those that have not yet seen it even though it’s been around for 45years or more, there is the “hereis / here documents” issue as well,

https://en.m.wikipedia.org/wiki/Here_document

ResearcherZero August 28, 2025 12:11 AM

PLA and MSS linked companies and vulnerabilities assisting Salt Typhoon operations.

‘https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/4287371/nsa-and-others-provide-guidance-to-counter-china-state-sponsored-actors-targeti/

State-level networks and Fusion Centers are a target of cyber operations.
https://www.cpomagazine.com/cyber-security/new-dhs-memo-reveals-chinese-state-sponsored-hackers-compromised-army-national-guard-for-much-of-2024/

Salt Typhoon specifically look for ways to evade defenses and exploit IoT devices.
https://www.bloomberg.com/news/articles/2025-07-17/chinese-group-hacks-edge-devices-in-ongoing-telecom-targeting

Clive Robinson August 28, 2025 6:17 AM

@ ResearcherZero, lurker,

As I’ve mentioned before, some people think I’m paranoid because I see things before they do, or the believe the “think of the children” dog whistle nonsense that politicians and others spout…

Well it is as they say “Time to share the love”

You might have heard of Rob Braxman well he’s just dropped a video, saying almost exactly what I’ve been saying even the same words and issues…

https://m.youtube.com/watch?v=KoqiNoHrvj0

P.S. Now I know some say the get lots of adverts on YouTube. But the setup I get to watch on (is not mine) and I’ve never seen an add from YouTube on it yet.

Anonymous August 28, 2025 10:46 AM

There are lots of opportunities to use AI in the OCCE Canada’s election office, said a Concordia University professor.

A developer has already proposed how an AI agent could process AITP (access to information and privacy) requests and FOI requests, fetching and redacting documents across multiple systems much faster than humans.

“The professor said he believes we will not see significant AI usage by Elections Canada itself, arguing in the interview that the technology shouldn’t be “anywhere near voting.””

Clive Robinson August 29, 2025 3:05 PM

@ Bruce, ALL,

I’m tacking this on the tail end of this squid post because whilst it is very funny to UK eyes, if might not, to some less than the average else where…

https://www.theregister.com/2025/08/29/gmail_republican_email_spam/

The title and sub title kind of says it all,

FTC chair accuses Google of treating GOP’s emails as spam

Chocolate Factory says people keep marking them as such, so QED

Put simply Google decide what is and is not parsed as spam by certain metrics.

Yes one is certain phrases, but they are derived from Emails that have previously been marked as spam by ordinary humans.

Likewise is certain sending hosts and domains, derived from what has previously been marked by irritated humans as spam.

And… What people currently mark as spam.

So the Chocolate Factory is right, people are seeing GOPping missives as unwanted trash or faux news thus marking them as spam (as it’s the only option Google offer at the moment)…

But is this really surprising?

Well I’d say no when you look at what has recently happened in Iowa for instance…

It appears the GOP is repeatedly loosing or getting a drubbing in elections, and has now lost it’s super majority in the Iowa House. They lost what had been considered by many “a safe seat” with around a quarter of the votes swinging away from them.

A bit embarrassing yes, but consider there have been “other losses” and poor performance in what were previously seen as pro Doh-gnarled districts. Some are even saying the Trumper has less than a year to declare War…

But is it likely…

I posted this link the other day,

https://abcnews.go.com/Business/wireStory/trump-vows-retaliation-countries-digital-rules-targeting-us-124984255

And look at the “under tones” arising… You might be forgiven for thinking it might be time to get into a protected occupation PDQ.

As an outsider looking in it’s hard to know what to make of “little hands” doing a ‘Violet Elizabeth Bott’.

ResearcherZero September 5, 2025 7:07 AM

@Clive Robinson

cough cough I have a few rare earth magnets if you’d like to take a look.

As government takes a stake in Intel and explores an interest in defense companies. Experts warn regulations may be needed to deter government officials from engaging in insider trading. Deranged, crazy people might argue that laws in that space were needed long ago.

Howard Lutnick (real person) said Lockheed was basically an arm of the U.S. government.

‘https://arstechnica.com/tech-policy/2025/08/intel-details-everything-that-could-go-wrong-with-us-taking-a-10-stake/

What does the law say about government having a vested interest in private businesses?
https://www.lawfaremedia.org/article/the-legal-bases-for-government-stakes-in-private-firms

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.