A bagpipe and drum band:
SQUID transforms traditional Bagpipe and Drum Band entertainment into a multi-sensory rush of excitement, featuring high energy bagpipes, pop music influences and visually stunning percussion!
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
wood stove • March 14, 2025 6:27 PM
Mark Klein, AT&T Whistleblower Who Revealed NSA Mass Spying, Has Died
“An anonymous reader quotes a report from the EFF:
EFF is deeply saddened to learn of the passing of Mark Klein, a bona fide hero who risked civil liability and criminal prosecution to help expose a massive spying program that violated the rights of millions of Americans.
Mark didn’t set out to change the world. For 22 years, he was a telecommunications technician for AT&T, most of that in San Francisco. But he always had a strong sense of right and wrong and a commitment to privacy. When the New York Times reported in late 2005 that the NSA was engaging in spying inside the U.S., Mark realized that he had witnessed how it was happening. He also realized that the President was not telling Americans the truth about the program. And, though newly retired, he knew that he had to do something. He showed up at EFF’s front door in early 2006 with a simple question: “Do you folks care about privacy?”
We did. And what Mark told us changed everything. Through his work, Mark had learned that the National Security Agency (NSA) had installed a secret, secure room at AT&T’s central office in San Francisco, called Room 641A. Mark was assigned to connect circuits carrying Internet data to optical “splitters” that sat just outside of the secret NSA room but were hardwired into it. Those splitters — as well as similar ones in cities around the U.S. — made a copy of all data going through those circuits and delivered it into the secret room.
Mark not only saw how it works, he had the documents to prove it. He brought us over a hundred pages of authenticated AT&T schematic diagrams and tables. Mark also shared this information with major media outlets, numerous Congressional staffers, and at least two senators personally. One, Senator Chris Dodd, took the floor of the Senate to acknowledge Mark as the great American hero he was.”
https://www.eff.org/deeplinks/2025/03/memoriam-mark-klein-att-whistleblower-about-nsa-mass-spying
https://slashdot.org/story/06/05/22/132206/wired-releases-full-text-of-att-nsa-document
Clive Robinson • March 14, 2025 11:59 PM
@ Bruce, ALL,
In an earlier posting I mentioned Ross Anderson, who some of you know was quite fond of the pipes and traditional Scottish music.
Well you can connect him to Squid via a young lady called Jane Espie who the last time I saw her was a “Theater Nurse” at the Victoria Hospital in Kircaldy in Fife Scotland just over the famous “Forth Railway bridge” from Edinburgh.
As I’ve mentioned I’ve relatives in Kircaldy and on one occasion I had the misfortune to become seriously in need of medical attention and ended up in the Victoria Hospital.
A face with a button nose beneath a green scrubs cap enquired as to my well being as I lay there on a gurney looking not unlike a wood pile under a tarp, with a dead fox sticking out at one end 😉
Well when she turned slightly in profile I realised who she was, and I said “Your the Phantom Piper from Celtica?” To which she grinned actually quite shyly.
For those who don’r know Celtica is a high energy pipes and drum rock band that tours all over the world, but Canada and the US are repeat favourites. And whilst doing tours they also drop in on “Scot-Fests” which is where they crossed paths with a group that was back then called “Tasty Squid” from “New Scotland” that was three Drummers and a Piper.
Well Jane is “sponsored” by “McCallum Bagpipes” who Ross was known to frequent on the odd occasion.
So as the used to say on the radio program “chain made”.
But… It was not just Jane at the Victoria that put this old lug back on the road…
Jane made a Covid Video to honour the NHS workers in Fife and it includes a few other faces from the Victoria I am grateful to,
https://m.youtube.com/watch?v=4bjGpOjdmA4
I wish them all well.
Clive Robinson • March 15, 2025 4:57 AM
@ Bruce, ALL,
In an earlier posting I mentioned Ross Anderson, who some of you know was quite fond of the pipes and traditional Scottish music.
Well you can connect him to Squid via a young lady called Jane Espie who the last time I saw her was a “Theater Nurse” at the Victoria Hospital in Kircaldy in Fife Scotland just over the famous “Forth Railway bridge” from Edinburgh.
As I’ve mentioned I’ve relatives in Kircaldy and on one occasion I had the misfortune to become seriously in need of medical attention and ended up in the Victoria Hospital.
A face with a button nose beneath a green scrubs cap enquired as to my well being as I lay there on a gurney looking not unlike a wood pile under a tarp, with a dead fox sticking out at one end 😉
Well when she turned slightly in profile I realised who she was, and I said “Your the Phantom Piper from Celtica?” To which she grinned actually quite shyly.
For those who don’r know Celtica is a high energy pipes and drum rock band that tours all over the world, but Canada and the US are repeat favourites. And whilst doing tours they also drop in on “Scot-Fests” which is where they crossed paths with a group that was back then called “Tasty Squid” from “New Scotland” that was three Drummers and a Piper.
Well Jane is “sponsored” by “McCallum Bagpipes” who Ross was known to frequent on the odd occasion.
So as the used to say on the radio program “chain made”.
But… It was not just Jane at the Victoria that put this old lug back on the road…
Jane made a Covid Video to honour the NHS workers in Fife and it includes a few other faces from the Victoria I am grateful to,
https://m.youtube.com/watch?v=4bjGpOjdmA4
I wish them all well.
Clive Robinson • March 16, 2025 10:55 PM
@ Bruce, ALL,
OpenAI bankrupt and spent by year end?
Once an unthinkable question now appears to be one Microsoft are considering to be sufficiently probable… Rather than “embrace and enfold” as they very nearly did a very short while ago, they are fairly rapidly distancing themselves from Sam Altman and Co.
Hellon-Rusk whilst fighting Sam Altman in court, is also finding that AI is not working for him or anyone else at DOGE. So his dream of all jobs done by current AI LLM and ML systems is apparently not going to happen any time soon if at all…
But even if people are keen on using current AI LLM and ML systems, it turns out they don’t really know how to…
Hallucinations are given as being a reason but… With tests finding nearly 2/3rds of current AI LLM and ML systems outputs are false, faux or fanciful at best on simple enquiries,
‘https://www.techspot.com/news/107101-new-study-finds-ai-search-tools-60-percent.html
The people with the “spending money” rather than the “investing money” have become shall we say reticent. Whilst those investing give all the hallmarks of doubling down or going all in on the idea of “black tulips tomorrow”…
Which is causing others to give voice to opinions that indicate the investors might not get their shirts back after they’ve been taken to the cleaners and dunked,
https://www.theregister.com/2025/03/14/ai_running_out_of_juice/
But the fact that Microsoft is raising subscription prices for no reason other than slapping the wart that CoPilot is on the side… further suggests they want their AI money back by in effect extortionate behaviours.
Maybe people should “renovate Mr clippy” as the AI mascot (because ‘the goat’ is already taken),
‘https://imagenerator.net/clippy
Clive Robinson • March 17, 2025 12:19 PM
@ Bruce, ALL,
Google AI tech Latest criminality use.
It appears Google let “Gemini 2.0 Flash” out the door without any realistic guardrails in place…
So unsurprisingly people are taking advantage to do questionable and illegal things.
“Users on social media have discovered a controversial use case for Google’s new Gemini AI model: removing watermarks from images, including from images published by Getty Images and other well-known stock media outfits.”
Clive Robinson • March 19, 2025 1:23 PM
@ ALL,
Bad begets bad with LLMs and code.
At a 20,000ft view current AI LLM systems are just “auto complete” with “a bit of random” thrown in for spice / variation hence “Stochastic Parrot”.
So with that in mind does this sound really that surprising,
“Nine scientists from institutions, including Beijing University of Chemical Technology, set out to test how LLMs handle buggy code, and found that the models often regurgitate known flaws rather than correct them.”
https://www.theregister.com/2025/03/19/llms_buggy_code/
As they say “Garbage-in is Garbage-out” because if the input corpus contains bad/buggy code and it will. And bad/buggy will also probably very much exceed good/bug-free code as you might expect from “Internet scraping”… Give it bad code and the prediction will be more extensive bad code because that’s the nature of the probability of “best fit” prediction.
Now dress that up in more fancy words in ten or more pages 😉
Clive Robinson • March 20, 2025 2:42 PM
@ Bruce, ALL,
These are toys that are really amazing at killing people
A comment from a Wired article titled,
Low-Cost Drone Add-Ons From China Let Anyone With a Credit Card Turn Toys Into Weapons of War
https://www.wired.com/story/drone-accessories-weapons-of-war/
Economics 101 generally mentions the laws of “Supply and Demand” that basically say,
“If there is a perceived need for a good or service, then a market will arise to supply it.”
Further,
“If resources are available the market in normal circumstances will expand to supply it. And in so doing the price of the good or service will drop untill supply of resources or excess demand drive the price up.”
Both of these happen irrespective of societies mores or legislation.
To the east of Europe there is a conflict event that has been going on for more than 1000days. As with all conflicts, it generates needs for new goods and services often regardless of price.
Where there is manufacturing that can accommodate the need then the market will form and the need supplied.
But what happens when there is over manufacturing thus over supply?
Well two simple things can happen,
1, The price drops to either take up the oversupply or manufacturing cost is to high and production declines or stops.
2, New markets get created to push the oversupply into thus negating price drop or manufacturing stop.
Well the second has certainly happened.
A decade or so ago I warned that the then nascent drones could be turned by undergraduates into many things. Further that any kind of legislation would be ignored or bypassed as the commercial code could be replaced or GPS etc geo-location could be easily spoofed.
I indicated hear how that could be done and later how the Iranian’s could have fairly easily “spoofed” a US “CIA” Spy Drone and brought it down such that they could demonstrate to the world what the US were upto.
I also indicated how even “pocket drones” could be equipped very inexpensively as “Electronic Intelligence”(ElInt) and “Signals Intelligence”(SigInt) instrumentation “head ends” with all the processing grunt safely out of harms way.
Since then technological improvements have been rapid gotten a lot smaller, lighter, and less power hungry and drones of all sizes have become the chosen weapon of choice to both sides in the conflict.
Now to the point where as I suspected and indicated might happen “light aircraft” are being turned into drones that have a 500kM or more range with a considerable payload capacity above 100kg.
Now a “Second Market” for ordinary consumers has arisen questions are obviously going to arise as to,
“What are consumers going to do with these new technologies?”
And one answer to that is what the Wired article is about.
Personally I’m not as worried about it as less well informed journalists and politicians are.
Terrorism is generally not “irregular warfare” the people it attracts are generally not the sort of people who have technical capabilities or knowledge. Whilst crude “bomb making” is within pre-teen “chemistry set” type capabilities the design of other weapons is generally out of such peoples capabilities and all to often their patience levels and as the old advice has it,
“Hast kills the impatient and intemperate all to quickly”
Even Shakespeare was aware of this with the famous line of,
“Hoist with his own petard.”
Engineering is generally a thoughtful occupation and those who live long enough to get good at it generally have a high regard for their own skin, thus are usually temperate and patient. Further they tend not to subscribe to the notion of,
“Move fast and break things”
When high levels of “energy and mass” are involved, preferring the “live to fight another day” of things.
Because they generally the can also predict far enough to see on whom things that “go up” tend to “come down upon”.
Clive Robinson • March 20, 2025 3:26 PM
@ Bruce, ALL,
New AI hallucination court case.
Can the bounds of proprietary by imposed on current AI LLM and ML systems?
Well it appears not by Sam Altman and OpenAI either can not or will not,
“Privacy rights advocacy group Noyb is supporting an individual in Norway who was horrified to find ChatGPT returning made-up information that claimed he’d been convicted for murdering two of his children and attempting to kill the third.”
https://techcrunch.com/2025/03/19/chatgpt-hit-with-privacy-complaint-over-defamatory-hallucinations/
What is the actual cause for this hallucination if known is not getting mentioned.
But does that matter?
Well under the EU GDPR not a jot, it’s beholdent on the system owner/operators to not do such things, and certainly not to repeatedly do so.
In effect the old maxim of,
“Even a dog is allowed one bite.”
Is not allowable.
The TechCrunch article goes into more details on this…
Clive Robinson • March 20, 2025 10:04 PM
@ Bruce, ALL,
UK Gov asking for input on Computer Evidence
This is something the late Prof Ross Anderson would be not just talking about but asking anyone with any reasonable expertise, experience or opinion to submit.
Whilst it talks of “software” it’s a typical misunderstanding of the subject matter.
In reality software is dependent on humans that design, write, and test it, as well as the humans that put data into it’s operation and configure, operate, and maintain it, as well as humans that try to disrupt it’s operation for various reasons.
Likewise software is dependent on the hardware it uses to processes, store or communicate information with, as well as obtain input by. So includes not just standard peripherals but the gamut of connected equipment, not least of which being IoT, CCTV, microphones, BLE beaconing, positioning, location and other sensors such as “Smart Meters” etc.
Basically anything that is a system or subsystem that can or does generate any type of information from the physical or informational domains or acts upon information in those domains. That is information that can be generated, communicated, stored or processed to generate other information or action physical or informational.
Unfortunately the person who wrote the page shows the same failings as Australian Prime Minister Turnbull, almost as far back as the UK “Investigatory Powers Act”(IPA-2016),
https://www.newscientist.com/article/2140747-laws-of-mathematics-dont-apply-here-says-australian-pm/
It’s an attitude we should strongly take issue with, especially when it comes to Stochastic and Probabilistic systems which are becoming highly prevalent due to current AI LLM and ML systems.
OK it gets called “Hallucination” or “Soft Bullshit” in the relevent domains of expertise as “terms of art”. But in reality the point needs to be firmly made that it is “non deterministic” and “without repeatability or provable causal behaviour” and is in reality little more than somewhere between “throwing dice” or “throwing darts” with your eyes closed.
The notion of “evidence” is based on the notion of “truth” from which facts can be reliably established. The fact it was mathematically established that there is a problem with any logic beyond the most basic a century ago. That shows it’s inconsistent, thus incapable of proving it’s self to be reliable, the consequence of which is no computer can “check it’s self” to function as it should at any level should be cause to wave a big red flag.
Thus the answer to a question such as,
“Can a computer report falsely?”
Is most definitely “yes”
And to the obvious following question of,
“Can a computer be reliably audited after an event?”
The answer is most definitely “no”.
After that it all goes downhill…
(It’s the same arguments that are used about why ‘computer voting’ is a bad idea).
The fact that politicians and to a certain extent the judiciary really do not like this… Gives rise every so often –since UK PM Maggie Thatcher decreed that what was printed on a piece of paper was “The uncontestable truth”– as evidence against “what they want being true stacks up adversely”, they feel the necessity to either,
1, Make it go away.
2, Some how fix it by legislation.
And so far, always end up finding they cannot do either, so they fudge it. With so far moving further and further away from the Thatcher view point. Which they find unfortunately causes problems they can not resolve, hence significant injustice can and does arise.
The actual solution is to treat current computers systems as,
1, Unreliable witnesses with a long history of “false testimony” given.
2, Hostile witnesses that can not be cross examined.
In the past I’ve pointed out how you can resolve some of the issues but also it’s not possible with current computing systems.
This subject needs “Public Debate” not a “nod and a wink long grass kicking” that is clearly wanted to in effect “carry on as before” in a pretense of a cosy delusion.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Steve • March 14, 2025 5:37 PM
If I might, I’d like to note the passing of the person responsible for the likely inspiration for Friday Squid Blogging, Kevin Drum, aka Calpundit, who since 2002 blogged and brought us Friday Cat Blogging.
I didn’t personally know Kevin, though I followed him for years as he moved from his own site to the Washington Monthly to Mother Jones and back to his own site, though we did correspond a few times as I had the temerity to gently chide him on some of his uses of regression curves and he was kind enough to politely respond.