Schneier on Security

Clive Robinson • October 25, 2025 10:41 AM

@ Bruce, ALL,

This YouTube vid from the “Art of Law” channel will be worth looking at,

https://m.youtube.com/watch?v=xfsrDEGF9ks

The video it’s self explains why a “spying for China” case in the UK was dropped.

Believe it or not the reason was the word “enemy” and how it would be interpreted…

But of much more interest is “the links below” which as the video indicates point to three statements that are from one of the more senior people in the UK Intelligence service setup, and are fairly frank about Chinese capabilities.

Why the UK Gov approved the release of these documents is rather mind boggling in various ways.

So I suspect that they will not be available for long, so “grab them whilst you can”.

Clive Robinson • October 26, 2025 10:42 AM

@ Winter,

With regards,

“Don’t blame those poor Danes for what the Dutch did.”

My bad…

Not sure why I thought Danes not Dutch. Having worked for and later with various parts of Phillips back last century and have also spent time there in the early 2000’s for another company it’s a puzzling mistake for me to make.

Worse when you consider the Reuters article I link to says Dutch 12 times…

(And no it was not auto-complete getting “fat fingered” either…)

Clive Robinson • October 28, 2025 8:08 AM

More whittling of the stick

Quite a few people are prodding the “AI Hype Bubble” with either a “barge pole” or suitably long stick (you don’t want those fleas etc to jump your way).

Others are whittling a point on the stick to “lance the puppy”.

One such whittling (that actually uses exactly the same arguments I used here in the recent past is,

Steven J. Vaughan-Nichols’s opinion piece,

The Chinese Box and Turing Test: AI has no intelligence at all

It’s just good at mass-production copy and paste

https://www.theregister.com/2025/10/27/ai_intelligence_opinion/

In it he says,

For example, I was recently accused of writing a Linux story using AI. For the record, I don’t use AI for writing. Search, yes, Perplexity, for one, is a lot better than Google; writing, no. I looked into it, and what did I find? That ChatGPT, in this case, did indeed give answers that appeared a lot like my writing because, when I dug into it, it had “learned” by stealing words from my earlier articles on Linux.

I wonder did he read my comments here, or did “Perplexity” give them to him…

It’s a point that not much noise is yet being made about.

Every time you speak or write, you actually have at least two channels of communication,

1, Content
2, Style

Whilst there is a lot of complaint from artists about “theft of work” it differs as to what is being stolen. Broadly we can see,

1, Oral / Written – Content
2, Visual / Pictures – Style
3, music / songs – Content and Style

Whilst content can often be more easily shown to be copied when a dispute arises, actually what makes creative work valuable is actually “The style of the creator”.

I can not afford to own a Picasso Original to hang on my wall. But an LLM system can easily produce an original picture in Picasso’s style right down to not just the brush strokes but the type of bristles/hairs in the brushes used by Picasso.

Technically the created picture is not a forgery and it only becomes a crime if I try “passing it of” as a Picasso.

So as usual we don’t have the legal framework to deal with the issue.

It’s been suggested that various forms of “Digital Water Marking”(DWM) be used. Unfortunately as shown in the late 1990’s all watermarks were either “obtrusive” or “negatable”. So we know Water Marks are going to fail before we start.

DWM systems were based on “Low Probability of Intercept”(LPI) radio techniques known mostly as “Direct Sequence Spread Spectrum”(DSSS) where deterministic / psuedo random noise is added to “spread the signal in the “frequency domain”.

The problem with psuedo random systems is that to “unwind them” you need to know the pattern (just as you have to do with OTPs and XOR mixing). If two patterns are applied where one pattern is known, but the second added pattern is unknown then “you are so out of luck”.

As I’ve mentioned before Current AI LLMs and ML systems are little more than “Digital Signal Processing”(DSP) “Adaptive Matched Filters” with the LLM being the “filter” and the ML being the adaptive mechanism that “tunes the LLM” or “matches” to the desired “response curve”.

Most people think of filters adaptive or otherwise as being for the “frequency domain”. But there are many many other domains for which spectrums are obvious or can be constructed for simply by “averaging and adjacency” processes to produce a “response curve” which in LLM / ML parlance is done by “weighting and tokenisation”.

Both Content and Style can be turned into a “response curve” in multiple dimensions.

Most people know that if you gently flick a wine glass, or rub it with a wet finger it will make a sound. What most don’t realise is that this is caused by the wine glass acting as a matched filter or resonator responding to semi-random energy input. Thus the energy that falls on or near the wine glasses frequency “response curve” will pull the sound into the response curve. Where in the response curve has a degree of freedom thus can be semi-random. Which is why “Stochastic Parrot” is a very apt pejorative.

So whilst the author calls Current AI LLM and ML Systems,

“Or, as I like to put it, very sophisticated mass-production copy and paste.”

It leaves out a lot of important information out and thus misses a lot.

It’s why I say the Microsoft Business Plan for AI is to be a significant surveillance tool by the five steps of,

“Bedazzle, Beguile, Bewitch, Befriend, and Betray”

Clive Robinson • October 29, 2025 3:59 PM

@ ALL,

Apparently,

Microsoft dumb waiter drops the tray

I think most know AWS had a large drop just the other day and the crash was heard in many places around the globe.

Well it looks like Microsoft has gone one atleast as loud if not louder,

“Microsoft Azure is down, affecting 365, Xbox, Minecraft, and others”

“According to Microsoft, “We suspect that an inadvertent configuration change triggered this issue.” The company has not indicated when service will be restored.”

https://techcrunch.com/2025/10/29/microsoft-azure-is-down-affecting-365-xbox-minecraft-and-others/

Apparently this went out mid day EST, and right before,

“This outage takes place just hours before Microsoft is scheduled to announce its earnings results this afternoon.”

I guess a little humour might be appropriate… But as people have noted News Worthy events “come in threes” on two principles,

1, If it Bleeds it leads.
2, Gore is a Clarion Call for the eyes.

How many are “already seeing red?”

Now did you see “Minecraft” was hit?

“OMG think of the children…”

Back on planet user, some are in for a Snow Day early but their bosses will not be happy and thus will be “Out For Blood”

Microsoft recently has a very bad reputation for a number of reasons. Firstly the press has reported that to save money they’ve laid of thousands of skilled staff to make the “Share Holders Happy”.

They press have also noted that a lot of people are very very unhappy to know they have been conned to pay for AI surveillance they do not want on them (365 debacle). With so much noise,

“The ACCC competition regulator has accused Microsoft of misleading millions of customers into paying significantly more for artificial intelligence platform Copilot even if they did not want it, creating a test case about the power of technology giants to quickly expand the uptake of AI.”

https://www.afr.com/technology/accc-alleges-microsoft-misled-users-into-price-hikes-for-ai-assistant-20251027-p5n5ic

But the level of Tech Support Microsoft is giving has got to be so bad every level from home consumer through to major corporate customer is complaining.

And it goes on, and on, and on.

Some are questioning if Microsoft seniors are “trying to cash out now” because the AI investment is a compleat disaster. With Microsoft effectively bankrupt not just morally but financially because of it. Thus the seniors know when the AI bubble bursts “real soon now” their jobs will end anyway, but any shares will be next to worthless. So they will “Fill their boots whilst they can”.

Clive Robinson • October 29, 2025 4:36 PM

@ ALL,

“Can AI ChatBots kill children?”

Some certainly think so with AI significantly involved in a number of children’s suicides.

Up untill recently the AI industry has tried to keep the issue undet wraps and away from them and in effect “Victim blaim”.

Well it appears on AI company is starting to change,

“Character.AI is ending its chatbot experience for kids”

“Character.AI, an AI role-playing startup that’s facing lawsuits and public outcry after at least two teenagers died by suicide following prolonged conversations with AI chatbots on its platform.”

Is apparently,

“Now, Character.AI is making changes to its platform to protect teenagers and kids, changes that could affect the startup’s bottom line.”

https://techcrunch.com/2025/10/29/character-ai-is-killing-the-chatbot-experience-for-minors/

You could say,

“Don’t let children and fools play with sharp edged tools.”

But that victim blaming and avoiding the real issue of “Virtual Drugs”.

The evidence is rising that AI and similar are designed to cause chemical changes in people just as drugs sold outside the School Yard do. Because

“It’s all about engagement”

That is,

“The more eyeballs, for longer, the fastest.”

Means a startup gets investment thus value at others expense.

I’ve pointed this out before with the “AI Five Step Business Plan Be” first identified in Microsoft,

‘It’s just one of the things that concerns me about “AI Chatbots” being “given agency” as “AI Agents”. Because as I note the Business plan of Microsoft and other major US Corps is,

“Bedazzle, Beguile, Bewitch, Befriend, and BETRAY”’

https://www.schneier.com/blog/archives/2025/05/privacy-for-agentic-ai.html

Clive Robinson • October 29, 2025 6:30 PM

@ jelo 117,

You beat me to it 😉

I would have chosen a different verse from the Bible. Proverbs 16:18, says,

“Pride goeth before destruction, and a haughty spirit before a fall.”

It’s allegedly the origin of the common saw/saying of “Pride comes before a fall”

It serves up a warning that excessive pride etc can lead to an embarrassing or worse failure and consequent downfall.

That said with regards the subject of the article.

Common sense should tell people that any data stored unencrypted is vulnerable.

All of these “in Core and Cache RAM” systems don’t encrypt because it would hurt performance a LOT.

Thus you can “see the tripping point”

The CPU designers try to hide the Core RAM and Cache Memory from unauthorised users by inadequate “technical means”.

How do we know they are “inadequate”?

Well think back to Intel and it’s “Xmas Gift that keeps giving”. I pointed out back then that the attacks were only possible due to management putting in ill thought out “Go Faster Stripe” short cut performance enhancers that could not be easily taken out and if turned off would cut performance a lot.

Which it did so Intel decided to leave in the “Go Faster Stripes” and say it was an OS Software issue to fix…

I warned at the time that there would be more of these problems found over the following decade.

My reasoning was because upto that point, academic researchers had not been interested. But that due to the publicity of Intel seniors doing “dastardly things” like trying to bury it untill after the Xmas sales period, and what was said to be “insider trading”… It suddenly was a way “to make your name quick”. so even lowely undergrads were jumping on the issues with,

“Picks and shovels, and other Weapons of Mass Determination”.

And as one open source meem called “Linus’s law” has it,

“Given enough eyeballs, all bugs are shallow”,

kind of got proven, and still is.

But in a way I also had “insider knowledge” I’d been involved with the designed of CPU’s all the way down to the “gate level” back in the 1980’s. A time when “manual tape out” was still the way electronics design went from paper to products. And further the joys of “microcode” where state machine sequencers built complex instructions from gates by “Register Transfer Level”(RTL)[1] language / logic where you use a ROM to decode the sequence counter output into the ALU and Bus control lines.

On the funny side of it, I was quite good at this low level electronics design and I was assured I had a great future… But I had a hunch these “manual functions” would get replaced by computers using the then arising “Fuzzy Logic” and “Expert Systems” for Robotics, that just like Current AI LLM and ML systems was getting AI-hype… It was fairly easy to see that what would become CAD/CAM and CNC machines along with Industrial Robots was going to kill off certain types of “manual” “skilled labour” that were on the bottom of the “middle class” ladder, but at that time not Trades and non-skilled manual labour. So I jumped up a number of rungs of the ladder and started designing the systems that would replace people doing what I saw as “drudge work” and even “make-work”.

Hence I got a fore taste of what was to come and dodged that trap/bullet.

The same is true today. Usless as Current AI LLM and ML Systems are because they can never live up to the hype of “General” or “Reasoning” being in essense glorified “search and replace” auto suggest systems. They do however do, a quite limited number of specialised things very much better than humans (see Alpha Fold). And that is where they will hit what is now considered the “upper rungs” of the Middle Class Ladder where the “Professions” are, that in reality are glorified “rule followers”. So Lawyers, Accountants, some Doctors and some scientists / researchers. It’s the Doctors, Scientists and Researchers that will be able to stay in their professions by “jumping on AI” of the right form (that is yet to appear because ML is currently not yet upto it). As for lawyers and accountants they might be best off finding alternative employment to use their brains on where current AI can not for various reasons compete.

But in my area of design research it will just as CAD/CAM did creep upwards.

And it will replace the lower more mundane levels of “design” and with it the issues like Meltdown etc will get found in designs by their “pattern signitures”. This is what AI can do, what it can not do is find things that are “unknown” to it unless it is given “sufficient agency” and that is not likely to happen before the hype bubble bursting.

In that respect AI will become the next generations “test tools” and CAD/CAM systems. But will not replace test engineers or designers who have upped their game to use them.

They will also make “Fuzzing” and other automated tools more effective based simply on the fact that they can be not just faster but rules based directed in the areas they apply “random”.

Which will catch certain types of fault, such as we see with seeking out “New bounty” from the “Xmas gift that keeps giving”.

[1] If you go hunting you will find RTL as an acronym gets used for many things. In historical electronics you will find the two major uses are,

https://en.wikipedia.org/wiki/Register-transfer_level

https://en.wikipedia.org/wiki/Resistor%E2%80%93transistor_logic

Used to make early logic gates like UK electronics company Mullard’s Norbits. But RTL in turn was descended from “Diode Resistor Logic”(DRL) used in industrial control “Lader Logic”,

https://en.wikipedia.org/wiki/Diode_logic

Which had the disadvantage that it had no NOT inverter hence the introduction of relays, triodes, transistors to perform the NOT function. Relays were also used to make the XOR function during WWII in encryption devices that did high speed –for the time– “Super Encryption” of information on punched tape.

Clive Robinson • October 31, 2025 8:42 AM

@ ResearcherZero, ALL,

With regards,

“Don’t be confused if it sounds a little two-faced. The program is completely peaceful.”

“Like heck it is!”

The military are moving from high cost per shot and slow kinetic weapons, to “bottomless magazine” Fast as can be radiant energy weapons for “active defence” as well as some mobile offense.

In theory as hypersonic weapons move from ballistic trajectories they become near impossible to engage with kinetic defences even under the fastest of automation.

Thus the “spray and pray” “net of bullets” / shrapnel defences that first started with what evolved into shot-guns, has kind of reached it’s end stop.

Because unfortunately “nets of shrapnel” are very localised and often very short range thus close in defence measured in just tens of meters.

Hypersonic weapons are on the other hand long range and their very high kinetic energy almost makes a standard explosive payload pointless.

So hypersonic weapons even if hit by shrapnel, they would be close in to the aim point, and would not break up much, so still likely to do considerable damage to the point they were aimed at.

Which kind of makes kinetic defence attempts pointless…

Thus the idea of radiant energy weapons. Actually first started out as a defence against IRBM nukes. You calculate a sufficiently distant point where the IRBMs are likely to be clustered but far enough away and explode a tactical nuclear weapon there at the right point in time. The IRBMs would be hit by the intense radiant energy thus hopefully destroyed, disabled, or diverted.

As lasers have become viable weapons as have high power microwave HERF systems defence systems have become “plug in the wall”.

Thus a small nuclear power station becomes the most wanted of military inventory the “bottomless magazine” for defence, offence, and even Intelligence gathering/processing, with Command and Control thrown in on top.

As one military senior was heard to remark,

“In the modern combat sphere, power is power”.

And as was pointed out here the other day the OODA is the base of engagement tactics, for which speed is absolutely essential. And these days that comes from “Cooking GPU’s till they glow fit to blow”.

The tipping point from muscle to science happend more than half a century ago. What had not been so keenly observed is that the tipping point or rubicon from bang to technology has now been crossed. War will be fought out of “shipping containers” tended by many who would otherwise be excused military service. Because special training is rapidly approaching or above PhD levels in STEM in the military. Something for which “Grunt and Hump” is generally not a requirement though just a desk and chair in a shipping container somewhere quietly out of the way will do[1].

We’ve see this publicly with active duty Combat Pilots flying drones from Las Vegas, and going home to their family most days.

There are a heck of a lot of other roles where flesh and blood is not needed on the target line. The use of existing proven types of Artificial Intelligence (not LLMs) is making the distance between gunner and gun global in nature, and we can expect that trend to increase. Boots on the ground is rapidly becoming old school. Even most forms of ISR are going remote. And it’s raising serious questions about Command Structures and Order of Battle[2].

[1] Look at it this way, at 6ft 6in with a 50in chest I was to big to “carry a useful load”… Or get in/out of most combat vehicles and a foot to tall to jump out of aircraft. So ruled out from infantry, cavalry, paras and nearly every “front line” activity. Because they actually did not make the clothes or anything else to fit. So I did Intelligence in custom made clothing, then Signals in custom made clothing along with some EW and more fun stuff and the QM kept his fingers crossed I did not suffer “wear and tear”. I got shoved into the “awkward squad” as an “army of one” because I could look after myself, was over “traded” skilled for every role the army had and could solve most problems apparently without thinking, and I had a dislike for certain types that got into command without deserving it. I was seen as an “Amiable odd ball who got things done just by being asked”. I was once accused of “not giving orders” and I replied “asking nicely gets more respect” which got a laugh out of a very senior officer as the RSM who was one of those over promoted types went scarlett with annoyance. Put simply my good uses / value that had saved lives several times gave me some leeway and the fact I would “shift shit like a navies shovel” and help out anywhere and would not ask people to do what they knew I could and would do, earned me respect and friendship (and BBQing a fresh kill sheep earned lots of appreciation all round). Sadly health issues stopped me going into “hacking in green” which was back then a new forming role is a shame. Oh and I had a custom fit rifle to keep the numpties well away 😉

[2] The change most obviously seen is that “Electronic ORBAT”,

https://en.wikipedia.org/wiki/Signals_intelligence#Electronic_order_of_battle

Has a rapidly growing “cyber” component that even a decade or so ago was seen as “curious”. But currently with what is going on at the East of Europe has moved Cyber way way up E-ORBAT to being a major component of any command process all the way down to the “device on the line”.

Clive Robinson • November 2, 2025 5:45 PM

@JG5

“I started to realize in 2016/2017 that energy could become very inexpensive.”

As a rough rule of thumb, the closer you are to the energy source along the supply chain the more efficient thus generally less expensive things are.

If each step in your chain is say 90% efficient it sounds good[1]

But that’s a 10% loss per step. 5 steps makes that a 61% loss for the system or only 39% usable power…

It’s why “micro grids” would be the way to go, but for one problem… which is “storage” type. A power grid has an availability figure based on charging and discharging your battery. The worst time generally is “winter” when days are short, temperatures are low and demand is high. Most batteries are actually based on “water” which as most of us know “freezes and expands”. With lithium batteries the temperature stops them being charged. Below 4C shortens the life of a battery with below 0C kills it rather rapidly. It’s why you should not charge your EV out doors…

Oh and that 61% power loss becomes “heat” and actually contributes to warming of the climate, and micro climates where the weather is changed which cascades down to biological issues like disease and pest increase and invasive species.

You used to be able to get a “Temperature Map”[2] of South East England and it was fairly clear that London was around ~3C (~5.5f) than surrounding areas.

[1] There are engineering techniques that can reduce the losses but they all tend to be “snakes and ladders”… As any one living in New Zealand can testify,
https://www.theblackoutreport.co.uk/2020/01/24/auckland-blackouts/

One way to reduce “ohmic losses” is to reduce current by increasing voltage. But how far can you go before you get “voltage break down”? That is a million volts can jump an impressive distance in air and any ionisation tends to destroy insulation and produce conductive “carbonisation”. The gap size depends on the gas and the pressure but is complex in nature (see Paschen’s law). Which is why “rule of thumb” says 30kV / cm… But of more importance is the shape of the terminal and the amount of cosmic and other ionising radiation. I’ve seen arcs across 6mm safety gaps with a 240V AC supply.

Thus “space weather” is a consideration, and for power grids of significant concern. Because it’s very “wide area” so you kind of get an “everything blows at once” issue.

[2] The map got removed because it supposedly could assist terrorists in finding targets… The real reason I suspect was it was “politically embarrassing”.