Comments

cls September 26, 2025 7:12 PM

Universal “digital ID” proposal for Great Britain.

http s://www.nytimes.com/2025/09/26/world/europe/uk-digital-id-britcard-starmer.html

goal is to prevent working by “illegal aliens”.

The usual mission creep

“… respondents favoring the concept of a single card that could function as an ID, passport and driving license.”

with attendant unmitigated risks.

article notes that NHS uses a phone resident ID already, so roll that in the mix.

Where is Ross Anderson, need him right now.

I would lihe to hear from UK folhs, what really is the national mood about this?

(cls, RealID free for ever)

ashes ashes we all fall down September 26, 2025 11:47 PM

Think twice before abandoning X11. Wayland breaks everything!

This GARBAGE software (Wayland) is being PUSHED on Linux users by MANY distributions and it is TRASH!

I have computers that work great with Xorg which are RUINED by Wayland. I get screen resolution incompatibility issues, frequent HARD freezes which require a hard reset, can’t use Window Manager(s) of my choice and so much more.

I long for wild west type of Linux Distributions which won’t bow to Wayland and corporations and instead keep Xorg.

Please think twice before supporting/using Wayland GARBAGE.

Read the article “Think twice before abandoning X11. Wayland breaks everything!” (on github) for a features comparison between Xorg and Wayland. I can’t link it here, I’ve tried, but it keeps going to moderation status…

Robin September 27, 2025 4:02 AM

@cls

I can’t speak for the national mood on this but here’s a couple of observations. For the most part the discussion is missing the point of a digital ID. Plenty of comments about how convenient an ID ‘card’ is, easy to carry around etc. And as usual it’s dog-whistle talk about the relatively trivial numbers of illegal migrants arriving, taking jobs or scrounging benefits. It’s hard to see what the digital ID can do to stop small boats crossing the channel. The consequences of having a centralised database linked to pretty much every aspect of life (residence, housing, jobs, healthcare, education, travel, officialdom) seem to go over the heads of most people.

That’s if it works. Which brings me to the second observation.

There’s no talk (that I’ve seen) about how this is actually going to be achieved and the UK has a shockingly bad track record for public mega-IT projects. It seems almost inevitable that the whole thing will be handed over to the private sector and the likes of Palantir must be licking their lips at the prospect. It wouldn’t surprise me if this aspect is kept under wraps for as long as possible. Data security and sovereignty? Privacy? Cost?

At the moment this is security theatre at the service of political grandstanding. It’s the Labour Party annual conference this weekend. Hard to know whether the Government actually believe in it.

Clive Robinson September 27, 2025 6:02 AM

@ cls, Robin, ALL,

With regards,

“Universal “digital ID” proposal for Great Britain.”

It’s something that comes up again and again with the Tony Blair PM legacy (remember him, the one that was “Bush’s Poodle” that ran around Europe and other places making the fake WMD argument etc and then making the Gulf War happen because he wanted to be better than Thatcher…)

Well he was the man behind why,

“There’s no talk (that I’ve seen) about how this is actually going to be achieved and the UK has a shockingly bad track record for public mega-IT projects”

He wasted around the equivallent of $40billion (in todays USD) on improving the NHS in two ways,

1, 20Billion on “clipboard consultants”
2, 20Billion on the NHS spine computer system that used US Consultants.

The aim was to move the UK NHS into a privatised “US Healthcare” system.

And Tony brought in the mad “Public Private Finance Initiative” which is sending billions abroad to Germany amoungst other places.

The reason Tony and friends could not manage a pocket book let alone a household budget… So imagine the disaster their political party funds were in… Lets just say it was criminal.

This is where the National ID comes in, Tony did lots of behind the back backhander deals with companies that have failed to produce National ID cards for other countries that lets just say have failed to be safe, secure or of any use even in some cases for the real purpose of surveillance.

There was befor Tony a cast iron rule in the UK Civil Service from knowing what the Nazis had done during the run up to and including WWII. The rule was all Government Dept records that we would now call “databases” would be kept separate and indexed independently and use different data formats so they could not be linked together.

Yes it made some things “inefficient” but it made,

“The safety of society”

Much much greater and secure from tyrannical, authoritarian, and worse politicians and Guard Labour in all it’s forms (think how military coups get rapid control and establish “police States” almost over night).

Well Tony sold not just the Farm for next to nothing to these companies he put the political party in perpetual hock to them, which is why they keep bringing up National ID cards…

National ID cards by the way do not work for Citizens… The trick to make it look like it does is to make the purchase of things Age bared like Alcohol and Tobacco. Then force regulation onto retailers by large fines etc which are in reality “revenue raising” for the Treasury. Thus they set it up so that retailers have no defence against this back door taxing that is so lucrative for the Treasury.

This makes the retailers make life difficult for selling to those with a disposable income and a strong desire to buy.

Then they say “A national ID Card” would make life easier for the retailers (when in reality it does not). With the retailers pushing it at customers… The customers get the fake idea it would make it more convenient for them…

To see just how dangerous this is it is known that Tony Blair started putting in place changes to “local land tax” (Rates) that would make what each house had to pay dependent on the disposable income of their near neighbours. So if you had bought your house half a life time ago when the area was run down and it had since become fashionably gentrified you would be forced out or financially crippled by the land tax, due to your “Champaign Socialist” neighbours spending on what they see as “lifes little luxuries one can not do with out” like “Booz, Baccy, and Avocado Toast etc etc”. Tony and “Two Jags” started this lunacy in Northern Ireland, I assume as some form of revenge for making him look impotent.

The thing is it has been found that no matter what you do there will always be substance abuse and trying to control it even by putting people up against a wall does not solve it. It does however give Governments great opportunity to do bad things and hid behind dog whistles.

National ID cards are bad, very bad, and never ever save money for the nation and never ever achieve “the claims”.

However much as there are always flies buzzing around piles of turds… Such scheme are great for using public money to “backhand and nest feather”. That is to get money in in brown envelopes etc for “the party” and the “anointed few” as ministers / legislators.

That is what this UK National ID scheme is all about,

1, Paying off Tony’s debts.

And in the process,

2, Giving all UK citizens data away to corporate profit.
3, Making the less desirable “Guard Labour” ecstatic.

Oh and if you want to see another part of this in action…

Take a close look at EVM and their “touch and go”. The real idea behind it is very insidious. Aside from EVM’s 4% transaction fees, there is the “make it hard for a card holder to track money… The result of this in general is more lucrative debt.

But also the card tracks your every spend and also can track your movments even when you don’t spend.

Oh and security wise, the cards are less secure than “cash in your wallet”. Because it takes quite noticable physical action to steal cash, but with Touch and Go criminals can with a little technology “rob you on the go”.

But… all that tracking and spend information is a “gold mine” for all sorts of people including Government Agencies and the worst of Guard Labour…

We really do not need “National ID” with such tracking going on…

We know it will never solve any of the things that Dog Whistle claims say it will do…

So why bring in at enormous expense something that is totally useless to UK Citizens?

As was said with Watergate in the US

“Follow the Money”

And who gets benefit from it.

Warrick September 27, 2025 7:27 AM

Interesting announcement out of Albania on the use of AI for public procurement. Quoting from the announcement (via BBC article):

World’s first AI minister will eliminate corruption, says Albania’s PM
“We’re working with a brilliant team, which is not only Albanian but also international, to come out with the first full AI model in public procurement,” the prime minister told the BBC.

“Not only will we wipe out every potential influence on public biddings – we will also make the process much faster, much more efficient and totally accountable.”
Source: BBC News

Although the principle is admirable, there are so many potential ways that the system could be abused, that there is a danger that the AI moniker will become a shallow veneer around continued corruption. I would not be surprised to see cases of prompt injection or hidden text attacks against the AI, however the politicisation of the process will almost certainly hamper any such reporting

Clive Robinson September 27, 2025 11:12 AM

@ ResearcherZero, ALL,

With regards,

“Sure we do not publish the details of how to build your own personal hydrogen bomb”

Funny thing is the information you need was all in the public domain.

For those that don’t know you just can not make a hydrogen bomb… It’s a bit like making and using a candle.. In that the candle is not a lot of use unless you have a flame from a lit match or spill to “light the wick”.

In turn you need a spark on tinder to get the tinder to produce a flame. Early “matches” were hemp rope or string soaked in pine pitch or similar with a spark source being a flint and steel. But you needed bio-mechanical energy to physically strike them to get the spark.

This chain of events to go from mechanical motion to lit candle can be seen as an analogue to lighting up a hydrogen bomb… That is via a nuclear bomb, that was via refined materials subject to mechanical –compressive– force.

The original idea was from Hungarian physicist, inventor and microbiologist Leo Szilard. Back in 1933 he thought up the “chain reaction” then conceived how it would apply to the nuclear chain reaction. On getting to Britain he patented the basic idea. And along with Enrico Fermi he pattented the idea of a nuclear reactor. Later in 1939 he wrote the letter that Albert Einstein’s put his signature on, that eventually resulted in the Manhattan Project that built the atomic bomb.

But before the Manhatten project he convinced the British to start work on making the nuclear bomb, and this gave rise to the MAUD report that formed the basis of the Directorate of Tube Alloys Project.

The Report got sent to the US for the attention of the Uranium Committee but the man in charge Lyman Briggs rather than show it to the committee simply locked it in his safe for about a year and said nothing…

Which is why the British project was up and running but quickly realised that there was not the industrial capacity in Britain to go from research to bomb.

Dr Mark Oliphant was sent to the US to find out what was going on and he was horrified not just by Lyman Briggs inaction but the direction the US Uranium committee were thinking of going in…

Roosevelt wrote to Churchill but in many ways the damage had been done, and Britain for various reasons did not trust the US…

It was this that led to the “liaison by courier” that allowed the secrets to be smuggled to the Soviet Union.

So shortly after the Soviets detonated their firs device, the US authorities decided it did not need to be kept secret any more. One result was the design documentation including “hydro-codes” became easily available and I acquired copies in the early 1980’s to write them up to run on a computer at the education establishment I was at, at the time.

But earlier almost all you needed to know ended up in the 1973 “Encyclopedia Britannica”. It was only later when certain other countries started their own projects that the US “shut the barn door to late” and reclassified some of it.

So what you need to “make the spark and match” for a hydrogen device is already out there as is a fair amount of what you need to know to go upwards.

In part it is why a very small European nation had the information that was stolen by A Q Khan and return with it to Packistan. This then alowed him to sell the designs to several other nations along with the physical hardware, that in turn gave rise to the US trying to kill off the North Korean project via Stuxnet (if you look back on this blog you will find my write up at the time).

But more fun is this very light weight entry from the Britannica,

https://www.britannica.com/biography/Abdul-Qadeer-Khan

Which is missing a lot of interesting details like the involvement of Switzerland in Khan’s global proliferation of not just the knowledge but parts to get a bomb program up and running…

And the last time I looked finding all the information needed was still around in dusty corners of the Internet and University libraries.

JG5 September 27, 2025 11:15 AM

How deep is the rabbit-hole? A bit dated, but interesting.

https://hackaday.com/2017/09/20/spy-tech-nonlinear-junction-detectors/

Don’t recall seeing it commented. I do recall Clive mentioning red-eye from most lenses. Analogous at some superficial level.

@Clive – You mentioned how thin a lens could be. Vanishingly.

There is an MIT-spinout in the Boston area that are mass producing thin film lenses that depend on metamaterials. Interesting connection back to non-linear junctions.

Can’t recall the company name, but I think that they are associated with the guy at Harvard who shared a Nobel prize for quantum cascade and interband cascade lasers.

I saw a really good UTube video on the metamaterial lenses about three or four years ago. Don’t have the link handy, but there is plenty of good content on metamaterial applications.

One of many is DARPA’s dream of invisibility cloaks.

lurker September 27, 2025 2:15 PM

@Clive Robinson, Researcher Zero

Waaay back the Ozzie adventurer Dick Smith was rumoured to have in his cheap electronics cataloge a Fission Bomb for A$1M. Al the bits, drawings, operational manuals, the only thing missing was the purchaser would have to provide their own fissile material. I never heard how many he sold …

KC September 27, 2025 2:47 PM

An enchanting village, a mysterious crypt, a verdant garden, a futuristic dwelling

These are but a few of the worlds to explore in World Labs’ Marble model.

Large World Models (LWMs) are incorporating physics and time to develop spatially intelligent models, moving from 2D images and videos to 3D worlds.

Many of these LWMs are currently in their research previews.

You may be able to ‘vibe code’ a photo-realistic virtual landscape in Google’s Genie 3 with nothing more than a text prompt.

Toronto-based Waabi created an entire world, Waabi World, just to train AIs to drive trucks. It allows AIs to log millions of miles and to crash with abandon 🙂

As AI developers go ever deeper into world models blue collar jobs lay on the edge of AI absorption.

It’s an emerging development and I’d imagine the virtual sky’s the limit.

https://www.wsj.com/tech/ai/world-models-ai-evolution-11275913

not important September 27, 2025 5:48 PM

https://www.dw.com/en/how-prey-animals-survive-camouflage-vs-warning-colors/g-74119102

=A new study published in the journal Science shows prey animals display different
behavior based on the number of predators that are active in their habitat. Meet some of the masters of camouflage and of using color as a signal not to eat them.=

The rare disease that stops people from feeling fear
https://www.bbc.com/future/article/20250924-the-rare-disease-that-stops-us-feeling-fear

=It turns out that the amygdala may play more of a role in certain types of fear than
others. For example, it seems to be crucial for fear conditioning. Experiments with
rodents show that animals that experience an electric shock immediately after a noise
learn to freeze when presented with the noise alone.

When it comes to external threats, the amygdala acts like an orchestra conductor,
directing the other parts of the brain and body to produce a response.

there are actually two different fear pathways in the brain, depending on whether
the threat is external or internal.

When it comes to external threats, the amygdala acts like an orchestra conductor,
directing the other parts of the brain and body to produce a response. First it receives
information from the brain areas that process vision, smell, taste and hearing. If the
amygdala detects a threat, such as an approaching burglar, snake or bear, it then sends messages to the hypothalamus, a region just above the back of the neck. The hypothalamus then communicates with the pituitary gland, which in turns gets the adrenal glands to release cortisol and adrenaline into the bloodstream.

However, when it comes to internal threats, such as detecting raised levels of CO2 in
the blood, the brain manages things in a different way. The body interprets the high CO2 as a sign of impending suffocation, as there aren’t any oxygen sensors in the brain.

Feinstein’s research has shown that it is the brainstem, a region that regulates
unconscious bodily functions such as breathing, that senses the rise in CO2 and
initiates a sense of panic.

All vertebrates, including mammals, birds, reptiles, amphibians and fish, possess an
amygdala, and it is clearly a huge aid to survival.

“When you damage the amygdala, and you put the animal back out into the wild, the animal
will typically die within a matter of hours or days,” says Feinstein. “And that’s
because without this critical circuitry for navigating the external world, these animals
are putting themselves into dangerous situations.”=

not important September 27, 2025 7:11 PM

https://cyberguy.com/ai/schools-turn-ai-gun-detection-safety/

=The Glassboro Public School District has become the first in the country to combine AI
gun detection with a mass communication system that speeds up emergency responses and
reduces the time it takes to notify law enforcement.

The district is using ZeroEyes, an AI video analytics platform that integrates with
existing security cameras. The software scans for visible firearms and sends an alert
whenever a potential threat appears. A team of military and law enforcement veterans at
a 24/7 operations center then reviews the image to confirm whether the gun is real. >Once verified, the system pushes an alert to school staff and police within three to five
seconds. At the same time, buildings go into lockdown automatically.

These alerts are distributed through Singlewire Software’s InformaCast platform.
This system can send warnings across school PA systems, strobe lights, digital signs, desk phones, and other communication tools. >Together, the two technologies give law
enforcement and educators a faster and more coordinated way to respond to potential dangers.

Security cameras around each building feed video into the ZeroEyes software. When the AI
detects what appears to be a firearm, it highlights the object and immediately shares
the footage with human analysts. If those experts confirm that the weapon is real, they
send the alert to the district and local authorities. InformaCast then pushes the
message to every connected device, allowing staff and students to receive instructions
within seconds.

The goal is to shorten the time between detection and action so schools
can respond before violence has a chance to unfold.

Even with human oversight, AI can make mistakes, and false alerts are always a
possibility. Privacy also comes into play since the system depends on constant
monitoring through security cameras. Cost is another factor because installing,
maintaining, and training staff for these systems requires significant funding.=

ResearcherZero September 28, 2025 12:16 AM

@Clive Robinson

I said that there were no consequences for those responsible from the government at the time. Although there were no consequences for the individual GRU operatives, the Russian embassy in Western Australia was closed. It was also recommended that if they did it again on our soil that we should shutter the Russian embassy in Canberra. Following the attacks on CIA officers in Brisbane and other malign activities, action to that effect was taken.

The individuals responsible again escaped any personal inconvenience or consequences. Just as they earlier escaped any legal ramifications for kidnapping, torture, poisoning, violent assault, shootings, bombings, theft of classified military documents and interference efforts. As those activities were conducted openly and brazenly in public and they were under very regular scrutiny and surveillance, there remains a very detailed formal record.

There are easier ways of winning people over than employing violence and coercion. Those methods seem to be far more effective, especially in times of financial hardship.

Over the last two months the Kremlin as spent $50M buying votes in Moldova.

‘https://radiomoldova.md/p/59808

Ilan Shor was convicted last year for his role in stealing $1 billion from Moldovan banks.
https://www.elliptic.co/blog/the-a7-leaks-the-role-of-crypto-in-russian-sanctions-evasion-and-election-interference

Ilan Shor has assisted the Kremlin’s efforts by funneling money through the NGO Evrazia to fund a fake news network named Odniklassniki. The NGO Evrazia was sanctioned by the UK, US and EU for allegedly bribing Moldovans to vote against EU membership last year.
https://www.newgeopolitics.org/2025/09/23/interfering-from-exile-ilan-shors-demonstrations-in-moldova/

Moscow would like to replace the Moldovan government with one compliant to its demands.
https://edition.cnn.com/2025/09/26/europe/moldova-election-russia-sandu-intl

lurker September 28, 2025 12:20 AM

“Harrods says customers’ data stolen in IT breach
Harrods described the breach in an email sent to customers on Friday evening as an “isolated incident”, and that no passwords or payment details were taken.”

https://www.bbc.com/news/articles/c8d70d912e6o

errm, it’s all very well to blame a “third party” for this incident, but what about back in May this year:
“Harrods, a globally recognized purveyor of all things luxury, is the third major UK retailer to confirm an attempted cyberattack on its systems in under two weeks.”

https://www.theregister.com/2025/05/02/ncsc_steps_in_as_harrods/

ResearcherZero September 28, 2025 12:52 AM

@Clive Robinson

The INF treaty expires next year. One site inspections and information sharing have already ended and all nuclear armed nations are ramping up production, renewing their weapons programs and the number of warheads. This is surrounded by increased secrecy, or what the government likes to call – “strategic ambiguity” – and a bunch of self-serving excuses.

“If we have these weapons that cannot be used, then they will not be used.”

Rather than the policy of ‘nuclear deterrence’, it was the policy of negotiation, deescalation and nuclear disarmament which eased tensions for almost thirty years.

Telling themselves they had ended the Cold War, they sat back and relaxed while making promises to end world hunger and homelessness through the application of greed. A blind eye was turned to other activities while governments ignored the needs and plight of large numbers of their citizens, while politicians and businessmen enjoyed “the good life”.

Unfortunately they all were shaken from their slumber by footage of tanks crossing the Ukrainian border – and unlike Chechnya and Moldova, Ukraine was major global exporter.
The invasion also had major ideological and moral consequences for lawmakers to grapple with, because unlike wars in the Middle East or Africa, these people were white people.

“Taking children from their families and re-educating them is not American.”
~ Sen. Lindsey Graham.

Separating children from their families has been a key tactic used by the Russian government since its annexation of Crimea in 2014. It has also been a tactic used before in other places, but let us ignore the historical and focus on the present situation and the plight of those children. If the children of the United States executive branch were stolen by a foreign power, would the matter be taken far more seriously?

Under the 1948 United Nations Genocide Convention, the forcible transfer of children is one of the five recognized acts of genocide. International arrest warrants have been issued against Maria Lvova-Belova and Vladimir Putin for the unlawful transfer of children.

‘https://thewalrus.ca/ukrainian-children/

From the age of 8 or older, abducted children are forced into military training.
https://www.usatoday.com/story/news/world/2025/09/16/russia-brainwashing-camps-ukrainian-kids/86178414007/

Funding for Yale Humanitarian Research Lab efforts to find children who were stolen by the Putin regime has been sustained through individual funding. The lab has operated in a state of uncertainty after its funding was cut by the Trump administration earlier in the year and it was nearly forced to close.

https://yaledailynews.com/blog/2025/09/05/efforts-to-find-missing-ukrainian-children-sustained-by-individual-donors/

ResearcherZero September 28, 2025 1:34 AM

Hundreds of thousands of Australian citizens continue to be harmed by faulty automated government systems. Money continues to been taken from bank accounts without authorization, with hundreds of thousands of social security payments cut off entirely.

‘https://www.theguardian.com/australia-news/2025/sep/26/more-than-300000-australians-had-centrelink-payments-cancelled-illegally-new-analysis-shows

It was never going to be over…

An added overhead of the amount required to incorrectly recalculate “the debts” remains.
https://theconversation.com/the-ghost-of-robodebt-federal-court-rules-billions-of-dollars-in-welfare-debts-must-be-recalculated-261543

Being spied upon is hip, cool and American as apple pie. Even kids can join in on the fun!

‘https://ts2.tech/en/palantirs-shocking-reinvention-from-secretive-spy-tech-to-400b-cult-lifestyle-brand/

It’s as simple as selling your soul to the devil. 🙂
https://finance.yahoo.com/news/palantir-ceo-says-gen-z-143849781.html

Clive Robinson September 28, 2025 1:50 AM

@ Bruce, ALL,

Will Corry add to the lexicon again?

It’s fairly well accepted that Corry Doctrow added “Enshitification” as a word after Alphabet/Google turned their search engine from something vaguely usable and sometimes useful into a hell fest of crap descending.

Well it appears things have moved on with “YouTube Shorts AI”…

https://m.youtube.com/watch?v=T6yQZpOVe-A

Current words alone are incapable of getting across the sheer wrongness in so many domains this atrocity engenders, it has to be deserving of a new word in it’s own right.

I thought “craphatting” might be a punt in the right direction but I’m told it’s already taken. By “British Squadies and referenced in the Eric Partridge[1] dictionary of 2007.

So the hunt is on, for those that can think up a word you can “robustly get behind”[2]. That can adequately cover the sheer debasement by addled putrefaction and aimless insanity such moronically imbued marketing inanity of sub-humanoid thinking to make “Shareholder Value” for the bonus to be paid can produce.

[1] Even though Eric Partridge died back in 1979 his work carries on. He was a New Zealand–British lexicographer of the English language… In particularly the more choice parts of its slang and lets say more robust expletives.

[2] See “Frontier Gibberish” in Blazing saddles from 1974.

Clive Robinson September 28, 2025 3:12 AM

@ ALL,

Two things,

First my apologies to Cory Doctorow for misspelling his name in my above.

Second, is my occasionally mentioned surprise at “synchronicity” that happens.

After posting my above it hit me that I had misspelled Cory’s name so I thought I would chase out the correct spelling.

So I used as I sometimes do a search engine as a spell checker when the fairly useless one in Brave lets me down… As it’s about all search engines are good for most of the time these days especially since “Adding AI” has made then slower than a porcupine reversing back into a hole in the ground.

Well to my surprise something usefull that has just been posted by Cory came up fairly rapidly,

https://doctorow.medium.com/https-pluralistic-net-2025-09-27-econopocalypse-subprime-intelligence-e9a06136d109

I had no idea that Cory had the same feelings about the AI-Collapse-of-Doom that I do, and actually given it a name “Econopocalypse”.

As I’ve said I’ve worked off and on with AI since the 1980’s with “Fuzzy logic” and “Expert Systems” they are both “useful tools” that can and when used properly be quite productive in nich systems.

However as I repeatedly say,

“Current AI LLM and ML systems”

Are a useless disaster in the making, that has the sub-prime Financial Crisis potential to bring down the US Economy (a time when only the money laundering of drug cartels kept the US economy nose just above the water line).

I’ve pointed out the succession of Venture Capitalist failings of Bitcoins, NFTs, Web 3.0, and now LLM/ML AI. I’ve even mentioned that this impending doom could be profited by due to “secondary investment”. That is if you shove real money in at one end to “burn it” it has to be spent on something, thus identify what and invest in that (as I said back then Nvidia was the obvious one, but there were others). Well that time is now past because the bubble is building on “circular investment” which has the same disadvantages as “breeding with your very close relatives”.

But Cory also points out what the “potential users/victims of AI” are finding “it fails in around 95% of projects, and even when it does not, it either reduces productivity or looses money or both.

Put simply via a look at AI “vibe” Coding. It all works on the “stack it high” style fingers crossed “fair weather manure storage” idea. It’s okay as long as you are upwind and the sun shines… But add a change of wind direction and a little rain and not only do you quickly get to know it stinks, but the crap goes everywhere faster than it can be cleaned up. And thus the best option is just “bulldozer everything into land fill and start again somewhere new and distant”.

The same is true for most uses of LLM&ML systems that,

“Try to be “jack of all trades but masters of none!”

Where they do work is in highly constrained and well identified and mostly abstract things. That is where there are clearly definable rules by which random can be productively tested by “pattern matching”.

But such applications are few and far between and neither they nor their output can be patented.

So by any sensible measure general use “Current AI LLM and ML Systems” are a failure that can not make money. And will never repay the billions invested in it so far let alone any future “Idiot Cash” that some will use to grab and run to disappear over the hill and far away with.

Anonymous Grump September 28, 2025 8:36 AM

Re: UK digital ID

Another factor in the Tonycard saga is the many millions of pounds donated to the Tony Blair Institute by Larry Ellison’s foundation. I wonder which big corp will be given the job of looking after UK citizens’ data (and supplying it to US gov and other interested parties).

Ian Stewart September 28, 2025 11:48 AM

@Anonymous Grump

Re: UK digital ID

Also Blair’s son runs Multiverse, a company that trains people in data and AI. Would it be cynical to suggest that his son could also benefit from this CCP style ID?

I went into Waitrose today and facial recognition technology photographed everyone as they entered, no doubt this will eventually be linked to the ID database. I was furious that my face appeared on a large screen with a square isolating it.

KC September 28, 2025 12:54 PM

@ Clive, All

Re: Cory Doctorow’s “The real (economic) AI apocalypse is nigh

It’s excellent writing. Insightful and incredibly well-researched. His future book (“The Reverse Centaur’s Guide to AI”) looks like it will be a great read.

I’m really over-simplifying here, but he lays out the case that the revenues are not covering the expenses. And that the harms of an AI bubble burst will fracture through our economies and human capital; people’s lives.

Suffer me one moment here. If you only put your ‘investor’ hat on, one might borrow a John Bogle phrase: “Don’t do something, just stand there!” Basically meaning to stay the course re: your investment policy.

(Bogle was the founder of Vanguard and is the father of low-cost index funds. Folks on the Bogleheads forum are discussing these issues. Another consideration to position for this type of risk is to diversify to small caps and increase international exposure, which has done well this year.)

More importantly, I think Cory is right to be concerned about the ordinal effects of a bubble doing what bubbles do, in all kinds of devastating and destabilizing ways. Cory links to an article that mentions a math professor who studies bubbles. I’m betting there’s equally high-quality and interesting reading there.

He seems deeply concerned for workers being detrimentally sidelined, and understandably so. And the student debt thing and changing economy is no joke.

I also feel like the befuddled young man left wondering: how do you de-risk this? Bruce recently linked to a threat modeling guide, but it also has something in there about risk management. It appears Cory has done a great deal of research and would be a fantastic resource for mapping out risk identification, mitigations, etc. I’m thinking his book and writings are already addressing a lot of this. There are just so many risks on so many levels. Ugh.

Steve September 28, 2025 2:36 PM

@ashes ashes we all fall down: “Think twice before abandoning X11. Wayland breaks everything!

I can’t help but remember being handed a flyer at, I think, SIGGRAPH 89 in Boston that went something like

X windows:
Accept any substitute.
If it’s broke, don’t fix it.
If it ain’t broke, fix it.
Form follows malfunction.
The Cutting Edge of Obsolescence.
The trailing edge of software technology.
Armageddon never looked so good.
Japan’s secret weapon.
You’ll envy the dead.
Making the world safe for competing window systems.
Let it get in YOUR way.
The problem for your problem.
If it starts working, we’ll fix it. Pronto.
It could be worse, but it’ll take time.
Simplicity made complex.
The greatest productivity aid since typhoid.
Flakey and built to stay that way.

One thousand monkeys. One thousand MicroVAXes. One thousand years.
X windows.

Plus ça change, plus c’est la même chose.

Robin September 28, 2025 5:47 PM

@KC
Another read about how the walls come tumbling down. It’s fiction, up to you to decide if it offers a happy ending:

‘https://crookedtimber.org/2025/08/31/the-crash-of-2026-a-fiction/

cls September 28, 2025 11:19 PM

@Anonymous Grump

re:

Another factor in the Tonycard saga is the many millions of pounds donated to the Tony Blair Institute by Larry Ellison’s foundation.

… That may also be some guilt money for the Birmingham city situation with Oracle?

another in a series of Great UK IT Disasters so huge we even hear of them on the Left Coast or North America! Primary being the Post Office scandal, that one isn’t funny.

Winter September 29, 2025 3:54 AM

@KC

Cory Doctorow’s “The real (economic) AI apocalypse is nigh”
It’s excellent writing. Insightful and incredibly well-researched.

In my experience, one should read as much of Cory’s writings as one can stomach. You will learn a lot. Sometimes things you would not expect.[1]

In this essay, I would not focus on the collapse of the bubble, it is almost impossible to stop lemmings running towards their doom, but on the aftermath he describes:

During my stay at Cornell, one of the people responsible for the university’s AI strategy asked me what I thought the university should be doing about AI. I told them that they should be planning to absorb the productive residue that will be left behind after the bubble bursts:

`https://locusmag.com/feature/commentary-cory-doctorow-what-kind-of-bubble-is-ai/

Plan for a future where you can buy GPUs for ten cents on the dollar, where there’s a buyer’s market for hiring skilled applied statisticians, and where there’s a ton of extremely promising open source models that have barely been optimized and have vast potential for improvement.

The foundational AI models can do thing that were considered magic in the 2000’s. It is just not the all powerful Harry Potter magic they claim.

[1] In “Makers”, he describes a medical treatment for obese people to get slim no matter what they eat. Something I found rather SciFi at the time. We do now have a reliable method to slim. However, it works by making you stop eating. On hindsight, biology and thermodynamics tells us that trying to burn that many calories will cook you. Still, the “plot part” of that prediction, that severely obese people can get slim without much problem, came true within little more than a decade.

Clive Robinson September 29, 2025 4:42 AM

@ KC, ALL,

Re AI hype bubble collapse.

A little study of history shows every so often we have wars, but also we have hype bubbles that collapse more frequently as significant war approaches.

Worryingly the interval between bubbles is currently getting shorter, and I’ve been warning about the US and Iran / China both of which are being built up to conflict one way or another for about as long as this blog has existed.

So I’ve kept my eye on the “investor” hype bubbles in technology the ones most here can name over the past few years are,

1, Bit Coins & Blockchains
2, Smart Contracts
3, NFT’s and “Digital assets”
4, Web3 [1]

All of which have effectively failed or become criminal enterprises hence the jokes about DOGE Coins.

But behind the shills and con artists of Blockchain are the of the “Venture Capitalist” collective of “Vampire Face Huggers”. Who have to have bubbles to take a “Fat Tax” off of. They have found the work in selling Bitcoin nonsense is just not giving them the wealth they want. So now they have moved into AI but, have hit a problem, AI is a “Moby Dick Market” where the main players are actually bigger than the VCs who now can not pump-n-dump. Thus the Wales Pump and Slide&Hide, and the VC’s at best chase a little side action.

The difference being “Dump” allows you to get money out of mugs by “passing the potato” which is essentially what VC’s do. Whilst Slide&Hide just builds a tsunami of fake money that is pretend value for Shareholder’s to trade up. It’s the kind of thing certain US Corps that are nolonger with us did.

All of the above is clearly visible and has been for some time. The only reason that people have not been more vocal is fear of legislation.

Put overly simply the likes of various US Government entities can claim you are giving “unlicensed financial advice” and hit you with legal action to take you out of society…

Thus people have to take care what they say and back it with significant evidence. Thus they have to work like “investigative journalists” (but in Scotland that is not enough a judge decided that an investigative journalist was not a journalist by her definition and had him locked in jail for an eight month sentence, for a crime that does not exist except in her mind…).

So it’s not just Cory that has collected and presented the same argument. Have a look at a fairly well respected AI practitioner and commenter “Gary Marcus”,

https://garymarcus.substack.com/

There are others some of who comment here from time to time.

The fact is the evidence has been mounting quite visibly for the past couple of years, all people had to do was notice and look a little. Oh and ignore the shrill voices of the self interested like Sam Altman.

I think it’s safe to say from his visible actions that Mr Altman has known the “Current AI LLM and ML Systems” are at best a scam. The run up to Nov 2023 should have been a clarion call to all that Sam wanted to “pump and dump” Open AI with a few billions in his pocket. His subsequent actions should have confirmed this “pump” process in motion. Elon Musk certainly knew what was going on but as much of his apparent wealth is based on AI and shareholder confidence, his actions to reign Mr Altman in were by self interest limited.

The simple fact is that AI in some aspects is very useful and has a future. As I’ve said I’ve been involved as a systems and design engineer with both robotics and AI since the 1980’s. It’s why I know that current LLM’s are little more than DSP Filters on steroids and current ML systems are little more than Adaptive mechanisms to tune the filters (and why I keep telling people this 😉

The notion of AGI based on Current AI LLM and ML systems is at best people deluding themselves, at worst a “Pump Up” by those who want to scam investors.

This would just be another Hype Bubble gone bank if it were not for the industry Wales of Silicon Valley Mega Corporates.

Lets be honest most of the Mega Corporates have run out of steam as far as investors are concerned. They can see the likes of “Open Source” eating the Mega corps breakfasts not just their lunches and beating them around the block.

Virtual Reality is still just Games and Pipe Dreams, Search Engines are Enshitified, and SaaS in all it’s forms is at best getting “cheap white sliced” to the table.

Thus how to keep the share price high and as a consequence the US economy riding on the Mega Corp valuations.

It does not matter if it’s the AI hype bubble bursting or several other things. The simple fact is there are only a couple of things keeping the US economy “churn” up,

1, The Tech Mega Corps
2, The Drug Money being laundered

If either one bails then the US economy effectively fails and another Financial Crisis happens along with a fairly obvious recession if not “General Recession” of the style of the 1920’s…

This is what history tells us about the system of Capitalism the US Economy is based on.

Currently there is not the growth to support those “taking out” of the US economy.

In the past one way to get an economy going way was to make a reason to keep industry –not services– going. The two main ones were,

1, Government Engineering for the Future (dams, highways and other communal infrastructure).

2, Go to war and burn non renewable resources as fast as possible.

Of the two the first is most “socially desirable”. However under the capitalist mantra the second makes the self entitled vastly richer in the shortest possible time.

So give you a guess which is going to get lobbyist driven support from politicians and “be damned for the rest of us”…

Because we will be back to the “four estates of man” model where most of us will be at best serfs, working to death to pay the “rent” of the Lords etc.

Now you might not agree with this view, but I think it’s the most likely currently.

[1] Just to make the world more difficult for people to get their head around we have Web 3.0 and we have Web3 and this appears to be deliberate by the Web3 Ethereum blockchain / Bitcoin mob a decade ago to perpetuate blockchain bubbles and scams such as Blockchains, SmartContracts, DeFi, NFTs, DAOs, etc. All of which have failed to be efficient or secure and rife with crime. Apparently endlessly as Molly White catalogues on a daily basis,

https://www.web3isgoinggreat.com/

There is so much crime around Web3 I’m sure she can not catch it all.

Though Tim O’Riely and Tim Berners-Lee want us to stop using Web3 as a term etc as “It’s not the internet”

https://www.cnbc.com/2022/11/04/web-inventor-tim-berners-lee-wants-us-to-ignore-web3.html

The shills of Blockchain bubbles appear to be “Whining and winning” in the conflation game, as can be seen by,

‘https://cointelegraph.com/learn/articles/web3-is-not-the-same-as-web-3-0

And many similar.

Winter September 29, 2025 5:31 AM

@Clive

1, Bit Coins & Blockchains
2, Smart Contracts

I think reports of the death of the “blockchain bubble” are exaggerated. If anything, the inflow of money is still increasing (for now).

As the Mad Red Hatter et al. are full into blockchain money, I would advice everyone to keep/get out unless they really know what you are doing.

If you read my advice on this subject, you obviously don’t know what you are doing.

Clive Robinson September 29, 2025 6:12 AM

@ Bruce, ALL,

The death of AGI by LLM&ML?

It’s a shocking thought for many but the view point is pivoting from the top…

Perhaps the biggest surprise is recent Turing Award recipient Rich Sutton.

He is known by the pro LLM crowd for the notion that “scaling is best” from his short essay in 2019 called,

“The Bitter Lesson”

Well a few days back he made comments to the effect that LLMs were a dead end no matter how big they get, simply because all they do is ape human words.

This came as a bit of a shock to Gary Marcus,

“My jaw just about fell out of my head a few minutes ago when I read the following tweet, a summary of what Sutton just said on a popular podcast.”

https://garymarcus.substack.com/p/game-over-for-pure-llms-even-turing

And Richard popped up and graciously commented,

“You were never alone, Gary, though you were the first to byte the bullet, to fight the good fight and to make the argument well, again and again, for the limitations of LLMs. I salute you for this good service.”

As is noted in the article the Royal Society in London is hosting an event to commemorate the 75th Anniversary of the Turing Test, on 2nd October.

Clive Robonson September 29, 2025 6:43 AM

@ Winter,

The trick behind eat as much as you want but not suffer your observation of,

“On hindsight, biology and thermodynamics tells us that trying to burn that many calories will cook you.”

Is actually quite simple.

“Don’t absorb it.”

It is known that certain things have to happen for the calories be they carbs, fats, or proteins to cross from the gut into the blood and on to the liver etc.

We also know how to stop that happening to a lesser or greater extent.

One such was made available in the past in that it reduced lipid take up.

https://en.m.wikipedia.org/w/index.php?title=Lipid-lowering_agent

The results were however for most rather unpleasant though it did work.

Clive Robinson September 29, 2025 7:06 AM

@ Winter,

With regards,

“I think reports of the death of the “blockchain bubble” are exaggerated. If anything, the inflow of money is still increasing (for now).”

It’s why I separated bitcoins and blockchain.

The madness that is bitcoin funding is nothing to do with the technology production but the trading of the deliberately capped product.

Think of it like Gold “trading” and “mining”.

There was a time when even IBM jumped on “Blockchain for everything” and many many VC’s were pushing anyone who could stand upright and say the word at the same time as an investment.

As far as I’m aware those days are long over.

Yes the technology that makes blockchains possible is useful in many respects, but actual blockchains have very limited value for most things.

Two big reasons for this are,

1, They are incredibly slow and consume vast resources to “find a number” of next to no practical worth (it’s an Error Detecting only checksum).

2, All the Blockchains so far lack the ability of “correction” so they do not act as all other financial systems do.

The second issue is one few actually understand as to how much of a stumbling block it is.

One way thought up to try and solve this was “smart contracts”… But whilst these hang of a blockchain, they suffer from the same lack of correction issue, and worse also suffer as all contracts and program code likewise “vulnerabilities”.

Winter September 29, 2025 7:06 AM

@Clive

Well a few days back he made comments to the effect that LLMs were a dead end no matter how big they get, simply because all they do is ape human words.

I think the basic flaw of LLMs is not that they “ape human words”, we are apes that do the exact same. We seem to be doing pretty well compared to LLMs

In my opinion, the basic flaw is that LLMs are feed-forward networks. They simply do not scale. It is completely bonkers that an AI needs the equivalent of all the words spoken and written by 100,000 people during their lifetimes to get a useful language model [1]. A random child gets there in 10 years with a vanishing fraction of that input.

The obvious cure is to build in feedback loops, ie, recursion, where the network can reevaluate the stages of the output against the input. That way it can decide whether the current avenue is leading to a useful output. Like in Prolog and Lisp where there are recursive searches for the best answer[2].

This has been tried for artificial neural nets, but it proved to be horrendously difficult to stabilize such networks. There must be a delicate balance between activation and inhibition. These recursive networks either get ever more excited and end in a seizure or die down in no activity at all (just like real brains can do).

Animal brains have safeguards for both too much activation and too much inhibition. But no one has yet cracked that nu for artificial networks.

But such recursive LLMs would be much, much more economical with data and “neurons” than the current ones. I suspect that will only AI take off big time after that problem has been cracked.

[1] Order 10T words/tokens while a human might produce in the order of 100M words during their lifetime (80 years).

[2] These languages did not work as AI for different reasons.

Winter September 29, 2025 10:35 AM

@Clive

“Don’t absorb it.”

The results were however for most rather unpleasant though it did work.

The option to eat and don’t absorb is the worst one. If all what you eat comes partially unprocessed, you rather not eat anymore.

An old way to do it was actually the preferred option of rich Romans in the empire, or so I was told. They used a feather to get rid of the food eaten. Also a socially unacceptable procedure nowadays still used by those suffering from bulimia.

Clive Robinson September 29, 2025 12:29 PM

@ Winter,

As we both know there is a significant problem with,

“The obvious cure is to build in feedback loops, ie, recursion, where the network can reevaluate the stages of the output against the input.”

Such feedback networks have issues in that stability can easily get to K being 1 or more, at which point things start to oscillate. But even with K less than 1 the response curve is decidedly out of whack the closer it gets. Which would seriously effect the token weightings.

Which brings us to,

“This has been tried for artificial neural nets, but it proved to be horrendously difficult to stabilize such networks.”

And, so far as I’m aware, they have all failed in some way or another.

The thing is as you approach K=1 you approach a cusp. Which is the “chicken egg on the spire” problem in that you really do not know which way it’s going to fall away.

Getting all of the tokens correctly tuned is a task that we do not yet know how to do.

Steve September 29, 2025 4:18 PM

@Anon: There is a reason you all are in academia and not industry.

Yes, there is, but it’s a secret.

Clive Robinson September 29, 2025 10:47 PM

@ Anon,

You say clearly without evidence,

“There is a reason you all are in academia and not industry.”

Actually quite a few folks here are in industry especially hard engineering, where few academics are found. Industry can afford to do the types of research that academics can not get grants for. Worse even if they could, their grants would not cover the most basic of needed resources in those knowledge domains.

But also because in part academia are well behind in quite a few knowledge domains.

This happens because of “publish or be damned”. What is not said out loud is journals only publish what is going to be covered by profit. So their editors cut any subjects that are seen as “small interest”.

Thus if you are on “the bleeding edge” you are very likely to be part of a very tiny community. Many of whom are constrained by “confidentiality” thus can not publish due to legal constraint.

I was doing independent research back in the 1980’s that still gets no real academic research even though a very great deal of modern system security rests squarely on it as a foundation.

It was gently suggested to me by people in Cambridge getting on for thirty years ago that I should think about joining them. Whilst it looked like it might be fun, in all honesty I was more interested in investigating than writing up… so I let the opportunity pass.

Fun thing is back then “papers were short” as journals were printed on paper. Now with electronic journals papers are now the size of chapters in text books… So the incentive for them to be read is not what it once was.

I used to be able to read one or two papers in the “dead time” on the train and other public transport in the morning and still have time to do some thinking about them as well.

Now I don’t have that “dead time” on public transport… So the only option would be to “hold a meeting with myself” during the day if I want to read just one paper…

That means for your average working stiffs “time out of the working day” that has to be accounted for, so in most places it’s not going to happen.

Corporate Management view is generally,

“Nose, grindstone, contact, emit bright sparks or blood. Else pass go on way out and do not collect pay…”

The result of this is of course that there is no “bright sparks” only blood so the sensible get out of research for something that Management respects.

The joke of it is that most Management work and work management respects are “strongly rules based”… Which is the prime territory for AI to replace job functions.

So much of middle management and the makework staff will in effect be,

“The first up against the LLM Wall come the supposed Agentic revolution (if it ever does).”

Winter September 30, 2025 1:51 AM

@Clive

Such feedback networks have issues in that stability can easily get to K being 1 or more, at which point things start to oscillate.

It’s worse, the system would only work at the edge of chaos. All estimates of active, biological, neural nets (ie, animals) put the nets at the edge between excitational chaos and a inhibitory shutdown.

“Horrendously difficult” should be read as “solution unknown”.

ResearcherZero September 30, 2025 2:37 AM

@Anonymous Grump, Ian Stewart, cls, lurker, ALL

Tony Blair is helping make us all safer from war ha ha ha … I can barely type this. 😀

Bullets and bombs will now sting less when tearing through our delicate human flesh due to the establishment of the “Board of Peace”. Members of the Board of Peace, which already includes Tony Blair and Donald Trump, will be announced at a later date.

‘https://www.firstpost.com/world/trump-gaza-20-point-plan-board-of-peace-israel-palestine-13938103.html

ResearcherZero September 30, 2025 2:59 AM

@Robin, @ALL

You all love personal ads don’t you. Now they can be matched to your Digital ID.

The Digital ID will work. They will be handing out illegal debts faster than anyone can say “Robodebt”. Not a Social Security recipient? Council taxes and other fees can be deducted straight from your account without warning. Own a house, a car, a mortgage? If there are any mistakes which cause untold harm and stress, or loss of home and livelihood, please report the matter to one of our digital assistants or join the cue to a phone operator.

If there is one thing politicians of all persuasions can agree on, it’s bankaccountability. The ability to remove funds from your wallet to subsidize tax deductions for the wealthy. The “age of entitlement” for the working classes is over and it is up to you to shoulder the tax burden and the expenses of a busy jet-set lifestyle for those who do contribute.

(oligarchs who can afford a GOLD VISA and are happy to invest their ill-gotten gains)

Now where is my bodyguard?

ResearcherZero September 30, 2025 3:06 AM

@Clive Robinson

I would of thought it was obvious I was an academic, I mean acomedic. Slip of the tongue.

ResearcherZero September 30, 2025 3:29 AM

Do not dial 000 for Optus. (because zero is not the letter O)

How the communications industry failed to connect emergency calls to emergency services.

‘https://www.smartcompany.com.au/opinion/three-key-failures-optus-triple-zero-emergency-call-debacle/

The tether system connecting emergency calls to other operators then failed again.
https://www.reuters.com/business/media-telecom/australian-telco-optus-suffers-fresh-emergency-call-outage-2025-09-29/

A number of people died as a result of the communications failure.
https://www.smh.com.au/business/companies/timeline-what-happened-in-the-32-hours-after-a-customer-told-optus-triple-zero-wasn-t-working-20250920-p5mwm7.html

Who? September 30, 2025 7:38 AM

The Great Firewall source code and documentation has been leaked:

hxxps://gfw.report/blog/geedge_and_mesa_leak/en/

See section 3, and take proper operational security precautions before analyzing the leaked information.

ResearcherZero September 30, 2025 7:42 AM

Rupert Murdoch is yesterday’s news. Barron Ellison has better access to the world of data.

‘https://www.nytimes.com/2025/09/23/technology/larry-ellison-oracle-tiktok.html

lurker September 30, 2025 1:46 PM

@ResearcherZero

re “Board of Peace”

They booked one into Geneva and it laid an egg [in response to a war in Gaza, Stan Freberg: Incident at Los Voroces, 1957]
‘https://www.youtube.com/watch?v=2XlHdVdsjOA

ResearcherZero October 1, 2025 9:38 PM

@lurker

I do need a little comedy given my holiday is over and I had to return to far less enticing world outside of Australia’s vast interior. Even with the heat it is far more enticing. The cool air in the gorges from the wind blowing over the shaded water and the lack of people is especially relaxing. The distances between places are very far, so you don’t want a blow too many tires or you might be in a spot of bother if you run out of water. Its a nice a place to die as any, and there are plenty of hawks and eagles to pick your corpse clean.

I should probably start carrying some of those joke glasses with a fake nose and mustache.
It has always been one of my dreams to freak out some tourists with my dead corpse. 🙂

[hail warning]

A new Chinese group has been targeting governments for long-term intelligence confidential data collection. The group gained access to the Microsoft Exchange email servers of foreign ministries allowing them to read sensitive emails belonging to those working there.

‘https://unit42.paloaltonetworks.com/phantom-taurus/

Chinese APTs are running constant attempts at long-term access to critical infrastructure.
https://industrialcyber.co/news/chinese-apts-running-persistent-campaign-target-critical-infrastructure-telecom-networks/

RedNovember hit at least 60 organizations around the world in four days using CVE-2024-24919, a vulnerability in Check Point Security Gateways that allowed them to read sensitive information, extract all password hashes from the vulnerable host and AD access.

The group also exploited CVE-2023-46805 and CVE-2024-21887 in Ivanti appliances to breach US defense contractors and again access restricted resources without authentication.

‘https://www.csoonline.com/article/4064737/chinese-hackers-breached-critical-infrastructure-globally-using-enterprise-network-gear.html

RedNovember targets governments around the time of significant events for collection.
https://www.recordedfuture.com/research/rednovember-targets-government-defense-and-technology-organizations

Chinese group Naikon targeted Foreign Ministries and telecommunications companies with backdoors. The intrusions took place in ASEAN nations and Asian telecom companies were also victimized. The group may be working in collaboration with BackdoorDiplomacy or at least using the same tools.

‘https://blog.talosintelligence.com/how-rainyday-turian-and-a-new-plugx-variant-abuse-dll-search-order-hijacking/

ResearcherZero October 1, 2025 10:07 PM

There were a couple of bugs in VMware products as well as a zero day that was exploited.

‘https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150

UNC5174 provides access to governmental and non-governmental organizations for the MSS.
UNC5174 was using 2025-41244 to break into valuable targets since October last year.

Trivial attack on VMs via VMware Aria Operations and VMware Tools using a malicious binary.
https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/

Following the penetration of a target and establishment of a backdoor, UNC5174 has been known to patch the vulnerability they used to gain access, probably to close the entry point to other groups, remain competitive in the world of access brokers and get paid.

https://www.sysdig.com/blog/unc5174-chinese-threat-actor-vshell

lurker October 1, 2025 10:14 PM

@ReaearcherZero, ALL

“The same plaintext written to the same address always produces the same ciphertext.”

If Intel & AMD are calling this encryption, then this must violate some Trade Description laws …

dainty well folded napkin October 1, 2025 10:41 PM

CISA warns of critical Linux Sudo flaw exploited in attacks

https://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-linux-sudo-flaw-exploited-in-attacks/

Hackers are actively exploiting a critical vulnerability (CVE-2025-32463) in the sudo package that enables the execution of commands with root-level privileges on Linux operating systems.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, describing it as “an inclusion of functionality from untrusted control sphere.”

CISA has given federal agencies until October 20 to apply the official mitigations or discontinue the use of sudo.

A local attacker can exploit this flaw to escalate privileges by using the -R (--chroot) option, even if they are not included in the sudoers list, a configuration file that specifies which users or groups are authorized to execute commands with elevated permissions.

Sudo (“superuser do”) allows system administrators to delegate their authority to certain unprivileged users while logging the executed commands and their arguments.

Officially disclosed on June 30, CVE-2025-32463 affects sudo versions 1.9.14 through 1.9.17 and has received a critical severity score of 9.3 out of 10.

“An attacker can leverage sudo’s -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file,” explains the security advisory.

Rich Mirch, a researcher at cybersecurity services company Stratascale who discovered CVE-2025-32463, noted that the issue impacts the default sudo configuration and can be exploited without any predefined rules for the user.

On July 4, Mirch released a proof-of-concept exploit for the CVE-2025-32463 flaw, which has existed since June 2023 with the release of version 1.9.14.

However, additional exploits have circulated publicly since July 1, likely derived from the technical write-up.

CISA has warned that the CVE-2025-32463 vulnerability in sudo is being exploited in real-world attacks, although the agency has not specified the types of incidents in which it has been leveraged.

Organizations worldwide are advised to use CISA’s Known Exploited Vulnerabilities catalog as a reference for prioritizing patching and implementing other security mitigations.

Clive Robinson October 2, 2025 3:33 AM

@ lurker,

With regards,

If Intel & AMD are calling this encryption, then this must violate some Trade Description laws

Err no, it’s the same as using any encryption algorithm with a fixed key and not in a fixed padded chained mode.

In essence it’s the simplest form of using an encryption algorithm and got named as ECB by NIST and others possibly before many readers here were born…

As I’ve mentioned before,

“Encrypting core memory is problematical and difficult to accomplish.”

The main reason for this is that all mutable and semi-mutable memory is expected to change in random ways at random times and random block sizes.

Have a think of how you would do “Key Management”(KeyMan) for even just 1kByte of RAM…

In effect you would need one “key value” for every byte of RAM. Which would mean having at least as much RAM again for Key-Delta storage or considerably more for full Key-Width. So with AES-256 full Key-Width you would need 32 times as much RAM.

You would have to protect the Key-Storage RAM with at least the same level of protection as the Data/Code RAM. Which is in effect not possible as it’s a “Turtles all the way down” issue.

The way that some use is to take the data address add a delta and encrypt that to produce the byte key. This is obviously not very strong as the only entropy is actually the Delta value so your effective key space for a byte is just 2^N of the number of variable Delta bits N.

This makes it a simple Substitution “Ceaser Cipher” and it’s easy to get “Messages in Depth” to find the cipher keys, and work out or “pattern match” the bytes for which you don’t have messages in depth for.

But… Each layer of protective encryption you add, adds delay to decrypting a byte such that it becomes Data/Code for the CPU, thus badly hurts performance.

It’s why encrypting mutable or semi-mutable memory is a hard problem to solve against “Dynamic Attacks”.

not important October 2, 2025 7:30 PM

https://www.businessinsider.com/china-videos-new-fujian-carrier-launching-stealth-fighter-catapult-2025-9

=China published new footage on Monday of its latest aircraft carrier using an electromagnetic catapult to launch its warplanes, showcasing the use of new naval technology that only the US has so far deployed.

It is remarkable how quickly China has moved from no carriers, to older ski-jump designs, and now to electromagnetic catapults,” Matthew Funaiole, a senior fellow with the China Power Project at the Center for Strategic and International Studies, told Business Insider.

The Fujian is the Chinese navy’s third aircraft carrier overall and its second domestically made carrier. Considered a substantial improvement over its predecessors, Liaoning and Shandong, Fujian features a flat flight deck with catapults rather than a ski-jump design.

The benefit of a catapult over a ski jump is the ability to launch aircraft regardless of takeoff weight, allowing for the launch of a more diversified air wing, as well as fully fueled and fully armed air assets for greater combat effectiveness. The catapults offer more predictable launches, and the newer electromagnetic launch systems are engineered for efficiency.

China has become the first country to launch a stealth fighter aircraft off of a carrier with an electromagnetic catapult for flight operations — in this case, the new Shenyang J-35.=

Clive Robinson October 2, 2025 9:21 PM

@ not important,

With regards,

“It is remarkable how quickly China has moved from no carriers, to older ski-jump designs, and now to electromagnetic catapults,”

No it’s not actually.

Obviously “Matthew Funaiole” is not paying attention.

Remember C19 and how quickly China made those isolation come prison hospital units so fast and they just “dropped into place”?

I’ve had simple and complex manufacturing done in both Taiwanese and Chinese mainland factories over the years as well as Japanese and South Korean. Between the Chinese and the Taiwanese, the Taiwanese were on average faster untill shortly after the mid 2010’s when Trump Got into power. Then it was about the same untill fairly recently China pulled ahead when Trump got in again… I’ve been told this increase in time is apparently due to “Domestic Government” orders taking priority for preparatory “war effort”.

At the moment Mainland China is still in the “development phase” and what we are not hearing about very much is the battles in the South China Seas based around “Directed Energy Weapons”(DEW). That are almost all based on “bottomless magazine” electrically powered systems from several on board nuclear power plants.

It’s one of the reasons they are developing electromagnetic launch capabilities.

How well they will do with electromagnet weapons such as rail-guns that the US failed to get battlefield capable is yet to be seen. But we do know that radiant EM energy systems such as laser and microwave have become battlefield ready. But also consider most other weapons systems they’ve got to the visible “incremental stage” of development appear to have got through into full production.

As far as we can tell so far, their DEW systems have been designed to be rather more than just “drone killers”, and capable of defence if not offence against 6th Gen air systems.

As was pointed out at DSEI in London just the last week “the US is falling behind”… And from someone else that they are “not making what people want to buy”…

One thing there were enquires about was “strap on smarts” for field artillery that is not susceptable to GPS and similar jamming also rocket and other range extension.

Interestingly such “range extension” changes not just the shell flight path from “ballistic trajectory”. It also ups the velocity from near Mach 2 to near Mach 3 or so of hypersonic missiles. Which makes defending against them considerably harder.

ResearcherZero October 3, 2025 1:59 AM

@Clive Robinson

Security Theater. Like the security at Ascension Health.

‘https://arstechnica.com/security/2025/09/how-weak-passwords-and-other-failings-led-to-catastrophic-breach-of-ascension/

This extends to the performance you were talking about during jury trials in our courts, and the performance that takes place on the political stage, the police, the press, the prosecutors, the pundits and the public who get swept up in the act and join in with it.

If people would wake up to the performative aspects of society, then they could focus on something more productive. Now this might be a bit of a long rant, but it is long story that would probably fit a couple of books if I told it. Boring books that suck! 😀

(I edited this to prevent cognitive harm through utter boorishness and removed all the examples of security theater that the police, prosecutors, politicians and the pundits all engage in)

Back to the point…

“Sovereign Citizens” for example join right in with their own performance. It does not help them one little bit. They are resorting to self-defeating measures when confronted with things they do not like. Other types of self-defeating, emotion and anger driven helplessness are rife within society. Rather than think through the consequences of actions or reflect on the failures and mistakes in their lack of strategy, putting on a song a dance remains the default setting of many with preconceived ideas about how institutional processes should function. Although it is not a perfect world and many recognize this, some will abandon reason and expect legal processes to fit their own personal beliefs.

When confronted with events that are an affront to how we might perceive the world should function, others simply give up on the spot and claim doing anything is pointless. 🙁

When the police are responsible, 🐷 OINK!, there is nothing to see. Many play along with this little game and pretends it is worthless to try. In doing so, through this inaction they make it so. They maintain the status quo despite their constant moaning about how terrible certain crimes are and the many other gripes and grievances about our institutions. Yet when given the opportunity to take part in ensuring the proper function of vital public processes, all of those grievances vanish along with their enthusiasm to make even a small effort that would assist in helping someone face the slow-grind of the legal system. 😐

That lack of enthusiasm hurts far more than any bullets or violent assault and is far more deadly. Even small acts of kindness and support can help to make a difference when others face overwhelming odds. To leave people to face overwhelming odds alone is what defeats us all. Bit by bit, the slow weathering grinds down even mountains.

Just like this long winded pile of rubbish I did spit upon the page. 😉

ResearcherZero October 3, 2025 2:16 AM

Here is a perfect example of the press engaging in a performance with the police and the guy who shot the police. He got angry after he tried to defeat the law by making up his own legalese. It did not work out very well for him – or for anyone else – despite his name.

The police have been tromping around through the mountains for weeks. Its more likely he is not even in the bush, but was picked up and crossed the border weeks ago. If the police were a little more polite and stopped and listened now and then, tensions might relax.

I do need some dunny paper and the poor print of the Mail will do the job.

‘https://www.dailymail.co.uk/news/article-15154169/Is-Dezi-Freeman-hiding-Police-storm-new-area-hunt-Australias-wanted-man.html

ResearcherZero October 9, 2025 11:37 PM

@Clive, ALL

I guess if news outlets are jigging for readers, then some are going to go with the clickbait articles given the general theme of content that they have produced by paying of cops, intruding ungraciously into lives and hacking of their target’s phone message bank.

Probably a bad move in retrospect. That particular financial model got digitally whacked.

‘https://www.irishtimes.com/business/2025/10/07/has-social-media-finally-peaked-the-rise-of-ai-and-decline-of-screen-time/

I do not not like interactive sites that change when I scroll down the page.

Personally I prefer minimalist, non-interactive site experience. Like a book, I’m old, boring. Static, uncluttered, large print text with few distractions. No animated thingys.

Interactive multimedia<b appears to be far more popular amongst the younger set. 🤢
https://pressgazette.co.uk/press-gazette-events/washington-posts-chatbot-has-receioved-tens-of-millions-of-queries/

M is for Monopoly

AI chat bot referrals have produced a dramatic decline in revenue of website owners. Companies like Google get access to all the information and content that the internet provides for free. That content however costs the many industries and businesses that produce it time and money. Big Tech has a monopoly on all of those fronts.
https://jolt.law.harvard.edu/digest/the-antitrust-case-against-ai-overviews

Traditional media is being pummeled even harder as AI chat bot and search interfaces reduce advertising revenue due to how they direct users to content, bypassing a significant portion of many sites’ income streams. Again, something Big Tech has a monopoly on.

Many businesses are also not getting a return on their AI investments as these products are not producing any value for those in a range of different industries. It is still early days, so this could change over time and any conclusions will take a long time to play out.

Time and resources is something that Big Tech has plenty of, unlike the little guys. The resources of some small business sectors could ultimately be stretched beyond capacity.

https://bigthink.com/the-present/ai-adoption-rates-look-weak-but-current-data-hides-a-bigger-story/

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.