The small pyjama squid (Sepioloidea lineolata) produces toxic slime, “a rare example of a poisonous predatory mollusc.”
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
jelo 117 • May 2, 2025 10:57 PM
“AI models routinely lie when honesty conflicts with their goals”
https://www.theregister.com/2025/05/01/ai_models_lie_research/
This is just what humans would do and is therefore completely expected in the AI. The training data being a “grab everything” includes all those exchanges where humans prevaricate in the course of a project.
All AI eerie presentation disconnects are explainable the same way. We are used to human intentional behavior, but it is at first startling when encountered from a mindless machine.
ResearcherZero • May 2, 2025 11:15 PM
LLM grooming
Pravda Network designed to poison AI chatbots with Russian propaganda targets elections.
‘https://www.abc.net.au/news/2025-05-03/pro-russian-push-to-poison-ai-chatbots-in-australia/105239644
The Kremlin backed operation is saturating search results and web crawlers at scale.
https://www.newsguardrealitycheck.com/p/a-well-funded-moscow-based-global
ResearcherZero • May 3, 2025 12:10 AM
White House officials are reportedly stocking up on dunny paper and other essentials.
‘https://www.rollingstone.com/politics/politics-features/trump-officials-hoarding-supplies-trade-war-tariffs-1235329235/
Companies are warning consumers about prolonged shortages as shipping bookings drop 60%.
https://www.nbcnews.com/business/consumer/trump-tariffs-stores-companies-economists-warning-for-consumers-rcna202779
Vance rushed back to Washington to block the Senate from averting an economic disaster.
https://edition.cnn.com/2025/04/30/politics/senate-republicans-democrats-trump-tariffs
ResearcherZero • May 3, 2025 2:37 AM
Mike Waltz is using an app named TeleMessage, a less secure fork of Signal.
‘https://www.nbcnews.com/tech/security/photo-appears-shows-mike-waltz-using-signal-app-can-archive-messages-rcna204434
Messages appear to be backed up to an email server.
https://micahflee.com/tm-sgnl-the-obscure-unofficial-signal-app-mike-waltz-uses-to-text-with-trump-officials/
Clive Robinson • May 3, 2025 7:06 AM
@ ResearcherZero, ALL,
You note,
“Mike Waltz is using an app named TeleMessage, a less secure fork of Signal.”
As I’ve noted before Signal is not a secure messaging system.
But as importantly for what it can claim a measure of security for, all the “forks of Signal” appear to be less secure than Signal.
I’m not going to go into the nitty gritty of why this might be, people can look it up. That is why the Signal app does not a secure system make, and it’s code is apparently so brittle or fragile. I’ll leave that to others who are young enough to have the stamina to deal with those who will come screaming out of the wood work and who are in effect unquestioning “FanBois and Shills” of insecure systems.
As has been said,
“Been there, done that, have the blood stained T-Shirt”.
lurker • May 3, 2025 3:08 PM
@ResearcherZero
If the US can’t even make their own dunny paper, then they are doomed.
lurker • May 3, 2025 3:33 PM
@ResearcherZero, ALL
This TM SGNL looks rather deadly. End-run around “encrypted” msgs, archiving “vanishing” msgs in plaintext, but requires to be setup by your sysadmin … Who is really running that govt?
The ideho Goons know my Handle • May 3, 2025 4:35 PM
@Lurker,
If the US can’t even make their own dunny paper, then they are doomed.
Of course we are doomed. Exporting jobs for decades, exporting manufacturing for decades so now if there’s a conflict with Gyna – they can just cut off supplying anything they ever want to the USA. It is a National Security RISK! But of course, those who do not give a damn about the United States, they will come here and tell me how stupid I am. I understand that the FAILURE of CRONY Capitalism was to allow this to happen, or one of its downsides/shortcomings. I am not suggesting Socialism or Communism but what happened was that the Board of Directors, Chairmen (basically those owning the largest shares of big US companies aka Shareholders) they sat down and said: hey, let’s go make stuff in China-no regulations, plus no benefits paid to the workforce, no paid vacation, no sick leave, no insurance – NO NOTHING, and they laid off millions of people in the US but their China-made cheaply-made product made it back in the US without any tariffs. Trump is trying to reverse it – well, somebody had to. Sooner or later. A pandemic like COVID or any other happens again, and Gyna sez – no supplies 4 u, coz we at war with you. What do you do? C’mon China trolls, in 1, 2, 3…..
Clive Robinson • May 3, 2025 9:23 PM
@ The ideho Goons…
All that you have said has been said on this blog for as long as it’s existed (go search for offshoring or outsourcing to find them).
Back last century I used to work in the design of “Fast Moving Consumer Electronics”(FMCE). As I’ve said before this was at a time when the expression,
“China Knock off”
Referred to not “Communist China” of the “Peoples Republic of China”(PRC) or then UK held “Hong Kong” but that little island of Formosa called Taiwan which was also called ROC for the “Republic of China”.
Warnings about the consequences of “Off Shoring” and “Out Sourcing” were repeatedly made ignored or ridiculed…
But the problem is the US has a problem when it comes to “manufacturing” it’s not just stopped doing it the people in the US basically can not do it…
The thing is actual manufacturing is a profession and it needs two types of professionals, those that are “white collar” and those that are “blue collar” of the two becoming a “white collar professional” is actually easier than “blue collar professional”. Worse to become a “blue collar professional” you really need to be adapt before you are around seven years old and then spend around 5000hours becoming skilled. Back in the 1950’s and earlier everyman carried one or two knives in their pockets and used them as a universal tool to fix things and as entertainment and a way to make things/money by whittling things out of wood. From learning how to do this kids learnt how to make other tools and how to work with metal and fire. Thus around 14 going “into trade” as a craftsman was quite normal and it was the exception to remain in education to become a “white collar professional”.
The cause of the loss of the “blue collar professionals” was believe it or not politicians and the various “Red Scares”. I can go through the history of this but basically “CCCP Propaganda” made US Politicians think the US Population were “unskilled”… Well the politicians medaling to correct this faux-perception as usual had the opposite effect of that which was desired…
ResearcherZero • May 4, 2025 8:13 AM
Outsourcing avoids having to take the blame when things go wrong and great ‘value’. 😉
Multinationals took advantage of government incentives for private child-care.
‘https://www.abc.net.au/news/2025-04-29/how-multinational-firms-profit-from-australian-childcare-kids/105197310
Records show that Peter Dutton did not exclude himself from deliberations on the scheme.
https://www.thesaturdaypaper.com.au/news/politics/2018/09/08/exclusive-dutton-chose-not-recuse/15363288006827
Tax payers bailed out ABC Learning after it collapsed owing creditors $2.7 billion.
https://www.theage.com.au/business/discovery-of-secret-deals-adds-to-woes-at-abc-20081205-6sio.html
ResearcherZero • May 4, 2025 8:16 AM
Great value for some…
Peter Dutton’s secret investments in private child-care with Eddie Groves.
‘https://www.abc.net.au/news/2025-04-28/peter-dutton-failed-to-disclose-interest-in-family-trust/105217880
Dutton denies making money from childcare and a large property portfolio.
https://www.news.com.au/finance/work/leaders/opposition-leader-peter-duttons-sprawling-property-portfolio-revealed/news-story/b97a9433ccf4bc7dcba258ef33c952d9
Dutton trust, one of many holdings, is apparently empty. A tax minimization vanishing act!
https://www.smh.com.au/politics/federal/dutton-says-his-trust-fund-has-nothing-in-it-any-more-20250226-p5lf7i.html
ResearcherZero • May 4, 2025 9:03 AM
Speaking of pajamas, it’s difficult building ships with your pants around your ankles.
‘https://www.lowyinstitute.org/the-interpreter/floating-america-s-boats
Simplicity of thought faced with the complications of reality.
https://www.axios.com/2025/04/10/trumps-tariffs-manufacturing
The cost of inputs in a globalized industry where few affordable alternatives exist.
https://dsm.forecastinternational.com/2025/04/15/ripple-effects-steel-tariffs-and-u-s-naval-shipbuilding/
The most exposed industries include electronics, energy, food processing, transportation equipment, machinery, and… manufacturing.
https://dornsife.usc.edu/news/stories/impact-of-tariff-plans-explained-by-economist/
not important • May 4, 2025 6:51 PM
@all
One reason production was moved to China is vague Laws and their arbitrary application by court system and judges in US – that is like gambling.
Too many lawyers not making country the rule of law but rather the rule of lawyers with laws and regulations have so many loopholes to be exploited. Business needs clear and predictable rules and their application for long investment, aka stability.
Clive Robinson • May 5, 2025 2:27 AM
@ Bruce, ALL,
On occasion you have asked/talked about “owning” in the biological sense of one organism turning another into a zombie/puppet.
Well over the centuries humans have tried “training” other organisms, but mostly this has been restricted to mammals or others with what are regarded as higher functioning central nervous systems (another reason to see pigeons as equivalent to rats 😉
Well, over the weekend this article passed under my nose,
https://arstechnica.com/science/2025/05/cyborg-cicadas-play-pachelbels-canon/
Where it triggered the “Oh 5hit” alarm… Whilst I’m broadly interested in bio-mechanoids as they fill a gap between nano-tech and what most would regard as human appreciable robots and tools, I’m not in favour of lobotomizing any living creature.
What made it worse was that last week I’d been looking into robotic quadrapeds and how various people (say hi to Alphapet/Google) are trying to turn them into weapons platforms as variants of ground based drones.
And the rather nausea inducing article I’d seen just before,
I’m sure you don’t need me to amplify on the potential link…
Any way if the two regular journalists at ARS who wrote the articles are reading,
“Thank you ladies for adding that certain something to my weekend, that used to be reserved for the visit to the cinema on ‘Scream Night’.”
ResearcherZero • May 5, 2025 3:02 AM
I prefer to rely on empirical studies by experts and long-term observation.
Stupid policy may not necessarily reflect the intelligence of those behind its implementation. Yet, one could gain insights through analyzing their behaviour.
‘https://theconversation.com/donald-trumps-policies-are-more-than-dumb-theyre-stupid-according-to-stupidity-researchers-253009
Americans rate Trump as a ‘terrible’ or ‘poor’ president in his second term.
https://www.independent.co.uk/news/world/americas/us-politics/trump-poll-second-term-policies-b2740049.html
Most of what the American President has claimed in his second term is bulls–t.
https://edition.cnn.com/politics/fact-check-trump-false-claims-debunked/index.html
ResearcherZero • May 5, 2025 3:42 AM
@Clive Robinson
I’m of the opinion that anyone who wants to shove electrodes into another creature, should first shove them into their own brain as a matter of principle. Building weapons platforms based on insects seems like a terrible waste of money, which could instead be diverted to maintain the existing natural environments where insects live and pollinate plants.
Basing designs on insects, which pollinate and protect crops we eat, for weapons which would ultimately be used to destroy the landscape, is a misuse of natural resources.
If starving to death is the ultimate aim, this can be achieved much more easily than destroying the environment which sustains us. We simply need to refrain from stuffing our faces and become one of those Breatharians who claim that they live only on air and light.
(Breatharians do eat and also charge large amounts of money for their workshops)
Ewok crack pipe from Endor • May 5, 2025 12:42 PM
Here’s the source code for the unofficial Signal app used by Trump officials
https://micahflee.com/heres-the-source-code-for-the-unofficial-signal-app-used-by-trump-officials/
The Signal Clone the Trump Admin Uses Was Hacked
TeleMessage, a company that makes a modified version of Signal that archives messages for government agencies, was hacked.
https://micahflee.com/the-signal-clone-the-trump-admin-uses-was-hacked/
lurker • May 5, 2025 9:07 PM
@ResearcherZero
re Fact-checking Falsehoods:
You asked eslewhere for “an empirical study” of the alleged idiot. Your above linked CNN reference would surely be prima facie evidence in support of the allegation. With all the links to supporting background this is an historic document.
Isn’t democracy wonderful, it allows you to elect a President like that.
Dancing on thin ice • May 5, 2025 11:31 PM
A hacker was able to breach the TeleMessage app administration officials have been using.
ResearcherZero • May 6, 2025 1:04 AM
@lurker
Statistically, given the deterioration of the information environment and the large amounts of dark money allowed by the results of Citizens United v. Federal Election Commission, the results were inevitable. Corporations were sure to bet on an idiot letting them do what they want. Republican majority leaders were also willing to take the same gamble.
“…unprecedented — and in some cases, untraceable — spending on elections by ultra-wealthy special interests.”
‘https://www.pennlive.com/politics/2025/05/15-years-after-citizens-united-big-money-dominates-politics-in-pa-and-beyond.html
Dark money from groups that do not disclose their donors topped $1 billion in 2024.
https://www.brennancenter.org/our-work/research-reports/citizens-united-explained
The graphs are a little old, but they show the huge surge in dark money thrown at elections:
https://www.opensecrets.org/news/reports/a-decade-under-citizens-united
lastofthev8's • May 6, 2025 1:18 AM
@All @Bruce>>>I came across this yrs ago it came to mind while im reading up on bruce’s bio re: book ‘Applied Cryptography’ and moreover the crypto wars and the why for’s ,there of’s
‘
blowfish and twofish erc,It goes something like this>
‘In medicine: “What would Atul Gawande say?”
In climate science: “What’s James Hansen’s take?”
In infosec: “Where’s Bruce on this?”
https://en.wikipedia.org/wiki/Atul_Gawande
https://en.wikipedia.org/wiki/James_Hansen
ive come to the conclusion “Military-grade” is often just marketing bullshit. In reality:
The military often uses NIST-approved ciphers like AES
They wrap them in classified protocols, tamper-resistant hardware, and compartmentalized trust models
Strength comes not just from the cipher — but from key management, protocols, and implementation security
So yeah — Blowfish could have secured classified comms in 1993, and done it better than DES in many ways. But it wasn’t built for generals — it was built for you, me, and the open world.
ResearcherZero • May 6, 2025 1:21 AM
I do not actually use ChatGPT. Let us instead see what a qualified human might write.
A philosophical exploration of the term “ship of fools” using the second presidency of the Trump administration as an example…
The Ship of Fools: Plato’s Political Allegory
~ written by Luke Dunne, BA Philosophy & Theology
‘https://www.thecollector.com/ship-of-fools-plato/
Do a deep dive that describes the societal and economic consequences for both the United States and its citizens:
https://www.wired.com/story/fema-ending-door-to-door-canvassing-disaster-areas/
Funding cuts to vital research which allows hurricanes to be tracked and employee lay-offs.
https://arstechnica.com/science/2025/05/on-cusp-of-storm-season-noaa-funding-cuts-put-hurricane-forecasting-at-risk/
(German municipal leaders routinely used the Danube, the Isar, and the Main rivers as the best way to rid their towns of difficult or friendless mad persons.)
lastofthev8's • May 6, 2025 1:26 AM
@ll @Bruce Apparently this phrase here is an unwritten rule in the cyber sec world.
‘ “If Bruce Schneier thinks this is a bad idea, maybe we should rethink it.”
P/S i never realized the backstory we’re dealing with in regards to a certain individuals ‘skill set’ its kinda mind blowin specially to a greenhorn like me.
Peace all.
ResearcherZero • May 6, 2025 1:44 AM
You can implement something securely, but then fools can do otherwise. It reportedly took 10 to 15 minutes to breach Telemessage and access a large amount of data. Archived Telemessage chat logs are not end-to-end encrypted. This is why the government typically uses secure systems operated by professionals, rather than insecure and amateur setups.
You can use what ever secure systems you like. If the White House decides to insecurely store your private sensitive data and allow anyone to access it, you are screwed. 😉
DOGE members had unfettered access to SSA without background checks or being hired by SSA.
‘https://arstechnica.com/tech-policy/2025/05/after-two-court-losses-doge-asks-supreme-court-for-social-security-data-access/
DHS already has a DNA collection of at least 1.5 million people.
https://www.popsci.com/science/dna-database-study/
A Florida judge granted cops a warrant to search an entire database.
https://www.nytimes.com/2019/11/05/business/dna-database-search-warrant.html
The two 15-million-person datasets of Ancestry and 23andMe are next on the list.
https://www.cnn.com/2025/03/30/business/23andme-for-sale-genetic-data/index.html
ResearcherZero • May 6, 2025 5:28 AM
Ignorance is catching. As in that one person can mislead another and over time, by only listening to those who do not understand what they are talking about, further convince themselves and the others within the group, that their incorrect assumptions are true.
Morons have convinced themselves radar are weather weapons.
‘https://edition.cnn.com/2025/05/05/weather/weather-weapons-nws-radar-attack
The Doppler effect is the change in frequency of a wave as observed by someone moving relative to the source of the wave. A common example is the change in pitch of a siren from an approaching emergency vehicle. It sounds higher as it approaches and lower as it moves away.
Doppler radar is used to measures precipitation, quantity, speed and direction of weather systems. When a wave source moves towards an observer, the waves get compressed, leading to a higher frequency. If the source moves away, the waves stretch out, resulting in a lower frequency. This change in frequency affects the perceived pitch or color of the waves.
You may have seen the coloured radar maps on television weather reports which display a weather systems as it tracks towards the coastline and then moves over land.
Additionally, atmospheric pressure, temperature, humidity and wind speed is measured by weather balloon, which are released every 12 hours to improve the predictions of forecasts.
https://science.howstuffworks.com/nature/climate-weather/meteorological-instruments/tiv.htm
Clive Robinson • May 6, 2025 10:03 AM
@ ResearcherZero,
With regards,
“Morons have convinced themselves radar are weather weapons.”
Not necessarily “Morons” think about “Cargo Cult” behaviour on Pacific Islands during WWII.
As Arthur C. Clarke put it, in what became known as “Clarke’s Third Law”,
“Any sufficiently advanced technology is indistinguishable from magic.”
But what is forgotten by many is that “advanced” is very much a relative term, and is dependent on “the observers” point of view / experience.
But there is also the concept of “The magic umbrella” caused by a level of self delusion… To see why consider,
Looking back I remember that every time I’ve left the house with my “long brolly” I did not get rained on. However I do remember getting rained on when I did not have it with me.
Thus I start to ascribe mystical if not magical powers to my “long brolly”… Eventually I start thinking of my long brolly as “Magical”…
Now consider those Weatherman Radar Pictures, they only get shown when bad weather is heading our way.
How long before “radar map on TV” correlating with “bad weather warnings” appears to be “cause and effect” in action in peoples minds… Which it obviously is, but… Because the radar maps appear before the bad weather does people get the cause and effect the wrong way around? So assume the appearance of the weather maps is the cause of the bad weather that follows very shortly there after.
Then get to thinking that it’s deliberate, after all the maps are “man made” so simple follow on logic dictates the bad weather must also be “man made”…
Hence the view that the Weather Radar systems cause the bad weather so must be a weapon…
You would be surprised at just how much this happens with technology, especially something that can not be satisfactorily explained to the person wanting an explanation.
I get this issue almost every time when trying to explain “True Random” generation and why “chaotic” just does not cut it, nor does encryption.
It should be “easy” and to me it is “easy” but to others…
You end up finding that the expression,
“Magic pixie dust thinking”
Comes into your lexicon (just search this blog for “pixie dust”).
lurker • May 6, 2025 5:40 PM
@ Who does not care
I just heard the Great Narcissist[1] on the news claiming “Canada wants what we’ve got, China wants it, they all want what we’ve got, our money.”
Right on Don, because all we’ve got now is big wad of IOUs. There’s gotta be a day of reckoning.
[1] https://en.wikipedia.org/wiki/Metamorphosis_of_Narcissus
ResearcherZero • May 7, 2025 2:52 AM
@Clive Robinson, ALL
The Director of National Intelligence per se?
The DNI oversees the security of the U.S. and its intelligence agencies.
‘https://www.wired.com/story/tulsi-gabbard-dni-weak-password/
Gabbard may deprioritize intelligence community input or dismiss inconvenient truths.
https://abcnews.go.com/US/gabbards-views-russia-shaped-part-kremlin-propaganda-outlet/story?id=116430097
–
A more in-depth look at why TeleMessage was never suitable for secure communication.
https://micahflee.com/despite-misleading-marketing-israeli-company-telemessage-used-by-trump-officials-can-access-plaintext-chat-logs/
Clive Robinson • May 7, 2025 2:58 AM
@ Bruce, ALL,
Meta win damages against NSO
Reuters reports that Silicon Vally Corp Meta say a California court has awarded it damages against the Israeli Spyware VC backed company NSO,
“Meta had already won a December ruling finding that NSO had unlawfully exploited a bug in its messaging service WhatsApp to plant spy software on its users’ phones. On Tuesday, a jury in California ruled that NSO owed Meta $444,719 in compensatory damages – and $167.3 million in punitive damages, Meta said.”
NSO have a number of options but from a public relations point of view none of them are good and “shareholder value” will in all probability be negatively impacted.
If this also impacts other Spyware organisations and VC backed entities is yet to be seen. But Meta in effect opening up a civil attack vector against the industry is going to have consequences.
Clive Robinson • May 7, 2025 3:40 AM
@ ResearcherZero,
With regards,
“A more in-depth look at why TeleMessage was never suitable for secure communication.”
If I said “colour me unsurprised” would you be “surprised?”
The issues with encryption, group chats, and plaintext is not new. I indicated it was a complete mess back in the early part of lockdown with the likes of video meeting apps like Zoom etc.
Put simply encryption burns CPU cycles and “group” communication causes there to be the N^2 issue of the number of links with the number of participants you wish to communicate with. Worse as each participant can not for security usually act as a “center node” in the star configuration communication this normally means a “mid point” that is not one of the participants and the mid point has to know all the KeyMat to function as it needs to work with the plaintext in most implementations.
The fact the company behind the software is reported as ex Israel defence opens up a whole slew of issues and embarrassing questions for the current US executive as it’s broken quite a number of US laws.
Which is going to give “Tulsi Gabbard” at best a head ache.
Speaking of which this will give another,
I believe Oscar Wild had cause to comment on such behaviour with,
“To lose one, may be regarded as a misfortune, to lose both seems like carelessness.”
ResearcherZero • May 7, 2025 4:08 AM
Crimean Tatars sentenced to 14 years ‘for refusing to be silent’ about Russian repression.
‘https://khpg.org/en/1608814618
Authoritarian regimes suppress dissent through the criminalization of opposition groups.
https://icds.ee/en/distance-is-not-a-shield-russias-transnational-repression-in-wartime/
The cost for those who dare to speak out against Putin.
‘https://www.youtube.com/watch?v=ZgDy0UMyieQ
beavis • May 7, 2025 4:58 AM
Despite misleading marketing, Israeli company TeleMessage, used by Trump officials, can access plaintext chat logs – Micah Lee – 06 May 2025
“Despite their misleading marketing, TeleMessage, the company that makes a modified version of Signal used by senior Trump officials, can access plaintext chat logs from its customers.
In this post I give a high level overview of how the TeleMessage fake Signal app, called TM SGNL, works and why it’s so insecure. Then I give a thorough analysis of the source code for TM SGNL’s Android app, and what led me to conclude that TeleMessage can access plaintext chat logs. Finally, I back up my analysis with as-of-yet unpublished details about the hack of TeleMessage.”
Chris Neustrup • May 7, 2025 11:53 AM
I found this interesting cephalopod article.
Clive Robinson • May 7, 2025 5:20 PM
@ ALL,
As some of you may have experienced Spain, Portugal and France all the way upto Belgium experienced a varying degree of power grid drop a week ago,
https://en.wikipedia.org/wiki/2025_Iberian_Peninsula_blackout
The reports of what went wrong and how are not yet available.
However fingers are being pointed at Spain for it’s near total generation by solar and wind.
As I’ve already noted due to “safety reasons” “local power” domestic level generation by Solar or Wind gets rapidly disconnected from the grid and the result load is thrown on regional generation which causes not just voltage drops but line phase and frequency to trigger protection measures. The result is there is little or no “flywheel storage/generation” of “mechanical inertia” to see the grid over momentary but significant changes in load, so it’s possible for a cascade shutdown effect to kick in. It’s unknown publicly if this is the cause and we may never find out.
What is actually needed irrespective of the blackout cause is “flywheel” base load anyway the question is “reliability” of non mechanical systems.
Conventional battery technology is chemical based and only good for maybe a thousand or so charge cycles. There is no way this could provide longterm reliability for “flywheel” capability that would need hundreds of thousand if not millions of charge cycles.
Two other ways to store energy is the traditional “mechanically via inertia” in the flywheel effect in generators or electrostatically in the likes of “artificial transmission lines” or just “electrolytic capacitors of the “super-cap” variety.
In Europe not so long ago, telephone exchanges used vacuum flywheel systems as short term power backup. Such flywheel systems have an almost indefinite life unlike any kind of chemical battery,
https://en.m.wikipedia.org/wiki/Flywheel_energy_storage
Interestingly AI is bringing this lack of flywheel generation storage to the fore, as the way AI electrical load is accessed is often in multiple short bursts,
lurker • May 7, 2025 9:55 PM
@Clive Robinson
re Iberian blackout: Gib not on the grid? British stoicism, or another word?
More seriously there is an interesting observation[1] linking frequency variations in Spain to those in Latvia at the same time. The distance is getting close to half a wavelength at 50hz …
[1] ‘https://www.carbonbrief.org/qa-what-we-do-and-do-not-know-about-the-blackout-in-spain-and-portugal/
Dancing on thin ice • May 8, 2025 2:25 AM
DOGE is creating a master database using personal information about millions of U.S. citizens and residents.
DOGE is bypassing normal safeguards, including neglecting to record who has accessed or changed database information as paraphrased by historian Heather Cox Richardson who included a link to Cybersecurity experts at the Ash Center.
Both may be perceived as liberal biased but HCR refers to herself as a Lincoln Era Republican.
It would be preferable to hear security news first from experts in the field rather than a historian or advocates.
https://ash.harvard.edu/resources/understanding-doge-and-your-data/
Clive Robinson • May 8, 2025 4:03 AM
@ lurker,
With regards,
“Gib not on the grid? British stoicism, or another word?”
A little lesson from history with respect to Hong Kong and China turning the water off…
Being self sufficient to a fault, is not paranoia when you know that a resource you are reliant on can be snatched away at a moment for political or other reasons.
Something Germans and Austrians have come to find out the hard way recently with the loss of Russian gas when the pipeline got destroyed.
You will find I’ve mentioned “water wars” “energy wars” and other resource wars like “rare earth metals” quite a few times before on this blog.
So behind the recent spat between Trump and Zelensky over rare earth metals is China making the US Mil-Industrial complex more twitchy than a mouse on speed as another case in point.
However I hope Zelensky insists that the US takes the waste with the metals. Put simply rare earth metal extraction is an extremely toxic process as is the abundance of toxic waste created, you do not want that within thousands of miles of you.
Something that China with it’s “black lagoons”,
https://www.bbc.co.uk/future/article/20150402-the-worst-place-on-earth
Is only to aware of from thinks like increased respiratory disease, birth defect, and cancer hot spots. The sludge is not just toxic from sulfuric and nitric acid use, it’s also radioactive and gets air bourn for miles around. We can also assume it gets into the water table thus drinking water.
But getting back to why the power black out and was “renewable energy” to blaim?
The answer is complicated but you need to understand that the old style “central generation” grid based around burning coal is not appropriate for the modern style “local generation” grid based around distributed generation that a lot of renewable energy is produced by.
A friend lives with what is around 36KW of renewable generation capacity but does not have sufficient electrical or thermal battery storage, so the excess goes out to his “local grid” of homes on his substation connection. As a result thus reduces “up stream load” to the network and makes the network operators a “free profit” from the other homes as well as reducing their maintainance and upgrade costs. For which they kick back a tiny percentage to my friend.
However you now have a safety problem. You have a length of supply cable with multiple generation points. With the old style “central” generation grid throw the trip or switch at the substation and the down stream cable would be safe to work on as it would be isolated from the upstream central generation thus unpowered. However with multiple points of “local” generation throwing that trip or switch does not stop the cable being powered thus significantly more risky to work on.
But there is another issue, loss of central or upstream generation causes loss of synchronisation, which means you can not just flip the trip or switch back on…
Thus local generation has all sorts of protection systems built in for “safety” not just for the local grid but regional and national grids.
The two grid types of central and local are not really compatible due to the “down stream” design ethos of the old style “central” thinking.
It means that to start adding local generation you either need to rebuild the grid adding the changes to make it support a local grid. Or you need to force local generation to behave like central generation, which is actually really undesirable.
It’s going to take a century or so of investment to turn a national grid from a central to local design. However the benefit will outlast the wasteful insecure natural gas generation issues (and don’t get me started on the only truly non renewable energy source of nuclear).
You mentioned transmission line theory and the effect of a halfwave. This is not the first time this has come up and you can have a look at a Smith Chart to see how complicated it is even when you ignore relativity… At 50Hz a half wave length distance is such that you have to include effects from “propagation at the speed of light” but I’m not going to get into it as to say “complex” is a bit of an understatement.
What I will say is that the inertia of generators is also problematic, unsynced generators fight each other untill they come into synchronisation at which point they sort of fall into “lock step” only not with each other but what they see of each other. The frequency may be the same but the phase can not be due to delays in the transmission lines. Inertia delay however is such that a “step change” in load can cause to generators to go into a form of slow oscillation. Put overly simply the effective delay due to inertia is measured at a a length of time that corresponds to a very low frequency and the grid can go into oscillation at that frequency or it’s harmonics.
Think of the squeal of an audio system as it goes into feedback with a microphone picking up the speaker output. The delay in sound is around 300m/S or about one millionth of the speed of light, hence it is “in band” and distinctly audible.
All “feedback systems” will oscillate if two criteria are met,
1, The delay corresponds to a 360 degree phase shift at the frequency.
2, The system gain at that frequency is above unity.
With a central generation system the chance of feedback is small and can be dealt with moderately easily.
However with a local generation system the chance of feedback is very high and can not be dealt with easily without dependence on an external synchronisation system that then becomes a single point of failure…
Clive Robinson • May 8, 2025 10:07 AM
@ Bruce, ALL,
In
Cryptocurrency Thefts Get Physical[1]
You noted,
“$250 million cryptocurrency theft that, in a complicated chain events, resulted in a pretty brutal kidnapping.”
And I noted,
‘Like it or not this sort of thing will fairly quickly become a “normal crime”’
Well an article in ARS Tech appears to be confirming that,
But I also noted,
‘The “smart crooks” went into “ransomware” and have made sums in the many many millions. However even ransomware needs planning and technical ability.
But as you go down the “smarts” you end up with people who to use an old quote,
“Do their thinking with their fists and boots”’
So yes having crypto in quantity could get as a minimum not just your fingers broken but severed by “idiots”…
[1] last months thread,
https://www.schneier.com/blog/archives/2025/04/cryptocurrency-thefts-get-physical.html
ResearcherZero • May 9, 2025 2:30 AM
Fragmentation and isolationism typically tends to exacerbate any existing vulnerabilities.
When prices and unemployment rise, crime usually follows in hand (or loss of appendages).
Insecure practices have proliferated amongst those operating America’s government departments and the chaos at the top will hand adversaries an opportunity to target critical networks. America’s intelligence capability and its ability to accurately access threats may have declined with the recent alterations and the change in its directive.
But those at the top will hear what they want to hear and say that everything is fine.
The cost of fresh produce and consumer goods is on the up.
‘https://www.cbsnews.com/news/trump-tariffs-inflation-rate-economy/
As West Coast shipping declines, businesses cut budgets and job lay-offs begin.
https://www.politico.com/news/2025/05/06/california-ports-trump-tariffs-00332493
Prices are likely to face further upward pressure over coming months.
https://www.cbsnews.com/news/trump-tariffs-inflation-rate-economy/
ResearcherZero • May 9, 2025 2:41 AM
Nearly all U.S. exports have declined. Importers must fill orders this month to avoid empty shelves. Some have moved products to holding warehouses. Others are waiting it out, hoping there will be an end to the tariffs, or some kind of exemption that reduces their expenses.
‘https://www.cnbc.com/2025/05/06/trump-tariffs-hit-us-exports-import-covid-level-event.html
Baseline inflationary pressures are now at their highest level in decades.
https://www.nytimes.com/2025/05/07/us/politics/trump-tariffs-10-percent.html
The stagflation of the 1970s and early 1980s may be returning.
The cost of living then skyrocketed and the unemployment rate rose to 10.8%
https://fortune.com/2025/03/06/stagflation-us-economy-inflation-slow-growth-trump-tariffs/
Graphs show the early trend this year before tariffs came into effect:
ResearcherZero • May 9, 2025 3:05 AM
@Dancing on thin ice
Ensure to take precautions to protect your personal data and identity.
‘https://www.cnbc.com/2025/05/02/real-id-deadline-identity-government-privacy.html
Institutional safeguards have been removed or weakened and significant risks were introduced throughout all government systems and departments by ignoring best practice.
https://theconversation.com/doges-ai-surveillance-risks-silencing-whistleblowers-and-weakening-democracy-254358
DOGE’s lack of essential security practices risks exposing sensitive personal information.
https://cyberlaw.stanford.edu/blog/2025/02/thoughts-on-doge-and-violating-protocols-that-protect-government-computer-systems/
Clive Robinson • May 9, 2025 12:34 PM
@ ALL,
A base for a security model
A number of security models are loosely based on biological processes it’s why we name just a couple of them as “viruses” and “worms”.
But,
“Do they need to be “biological?”
In a way using biological models is neither accurate nor reliable. Because they imply
1, Self “agency” not controling “direction”.
2, Whilst appearing “inevitable” thus “unavoidable” when in fact they are not.
That second point is convenient to many because it lets us off of the “failure hook” with little more than “a shrug of the shoulders” thus taking on no responsibility for our actions.
The reality is for too long “run fast and break things” has reigned supreme without question. And when allied with “patch later if there is time”. Has created a veritable “Tsunami of technical debt”, with “no incentive to reduce it” thus a monumental number of “errors and vulnerabilities” that keep rapidly rising.
Worse as time progresses there are those that find new and shall we say more interesting ways to turn “instances and classes” of “errors” that have existed for years into freshly exploitable “vulnerabilities”. So acting as a second front on building the tsunami of technical debt. One piece of strategic advice that has been handed down over several thousand years is,
“Don’t fight a war on two fronts”
Especially if one is within your own territory behind your “home front”.
Because as history shows it usually results in defeat no matter how strong your assumed forces are with regards to how you see your enemies forces. That is if you can actually see them at all, rather than by seeing the results of their actions. Which mostly you can not such is the nature of asymmetric warfare.
In short we need to stop letting ourselves off the hook and take a flame thrower to that tangle of technical debt.
One way to start stopping the “let yourself off the hook” mentality is to stop using “biological” analogue models, and start actually using “engineering” models. That is models that have worked since what later became called science turned artisanal crafts people into mechanical and electrical engineers, producing “dependable” and “available” products that enabled the “Industrial Revolution” to actually happen.
I was reminded of this when I read,
“And it’s a nightmare for the DOT, too, trying to make sure this highway is safe to drive on despite it literally collapsing into the earth. From what we know so far, this is not a natural phenomenon, but one that’s human-made. It looks like all these issues were set in motion more than a century ago when the area had numerous underground iron mines.”
In,
When Abandoned Mines Collapse
In “Practical Engineering”,
https://practical.engineering/blog/2025/5/6/when-abandoned-mines-collapse
As you read through it try and draw parallels between the long history of mining methods and the resulting chaos it’s caused, and the short history of software development and the increasing disasters it is causing.
As the article notes,
“But I really think the story of subsidence isn’t just one of “mining is bad” but really “mining used to be bad, and now it’s a lot better, but there are still challenges to overcome.” I guess that’s the story of so many things in engineering – addressing the difficulties we used to just ignore.”
In software development the reality is we are barely off the starting blocks we are still very much not just in the “ignore everything” phase but worse some positively “revel in ignorance” so as to more rapidly crash and burn.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Bubbles the chimp • May 2, 2025 10:38 PM
[…] “what I’d REALLY like is something better than CLAMAV for anti-virus on Linux.”
There are other AV’s for Linux. However, they are all proprietary and cost money, IIRC. There was one free one, while still being proprietary it was free money wise, but it was sneakily sending mail from your system to theirs with a bunch of information, I don’t recall to what extent but it was information about your system and such that shouldn’t be sent out. It wasn’t even anonymized! I had to block it just to briefly use it before I wiped it.
While I don’t know the current count, as I haven’t checked in awhile, there should be a few free AV LiveCD/DVDs available from some AV companies. While these LiveCD/DVDs run Linux, they may or may not scan for Linux specific malware.
What we need is better, FOSS tools for rootkit detection. Chkrootkit and Rkhunter are good programs but a) they are not updated often enough and b) there are TONS of rootkits out there for Linux which these tools DO NOT INCLUDE DETECTION OF!
Someone needs to hire some developers and fund/kick start some alternative to those two programs.
Yes, I know there’s also Lynis and Yara and a few other tools but we need better rootkit detection.