Friday Squid Blogging: Vampire Squid Genome

The vampire squid (Vampyroteuthis infernalis) has the largest cephalopod genome ever sequenced: more than 11 billion base pairs. That’s more than twice as large as the biggest squid genomes.

It’s technically not a squid: “The vampire squid is a fascinating twig tenaciously hanging onto the cephalopod family tree. It’s neither a squid nor an octopus (nor a vampire), but rather the last, lone remnant of an ancient lineage whose other members have long since vanished.”

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

Tags:

Posted on December 5, 2025 at 5:06 PM41 Comments

Comments

ResearcherZero December 5, 2025 11:34 PM

Baden-Württemberg state parliament has undermined German data sovereignty by approving Gotham for police. Palantir’s software pulls together data from many different sources, allowing police to conduct dragnet surveillance, profile groups of people and identify patterns within the data. The tool is immensely more powerful than the Stasi ever was.

Palantir has no ethical problem with the abuse of power and human rights, nation wide large-scale surveillance and invasion of privacy, racial profiling, or the ability to single out large groups of people and individuals based on their beliefs or appearance. Nor is Palantir worried that AI is biased, prone to flawed reasoning and hallucinations, often repeatedly makes mistakes when analyzing evidence, and misidentifies people and objects.

Chief executive of Palantir, Alex Karp, is well acquainted with the fascist state, having written his college thesis on the subject and having developed software to help United States Immigration and Customs Enforcement round up large groups of people for detention and deportation.

‘https://reclaimthenet.org/germany-expands-police-ai-powers-using-citizens-personal-data

Germany’s political parties sold-out their citizens, with the majority voting in favour.
https://posteo.de/en/news/germany-baden-w%C3%BCrttemberg-approves-use-of-palantir

ResearcherZero December 6, 2025 3:38 AM

The UK government told its citizens held captive in an Iranian prison and their families to remain silent. It did not tell them they were held captive because of a debt.

‘https://www.bigissue.com/culture/tv/prisoner-951-nazanin-zaghari-ratcliffe-richard-tv/

Nazanin Zaghari-Ratcliffe was accused by her captors of working for Mossad, MI6, being a journalist, and a range of other absurdities. Boris Johnson inflamed the situation by incorrectly stating that Nazanin was teaching journalism in Iran, during a television broadcast.

Nazanin Zaghari-Ratcliffe was only released after 6 years in an Iranian prison when the British government finally paid an outstanding debt to Iran from the 1970’s. Anoosheh Ashoori had also been jailed for nearly five years in Iran on charges of spying for Mossad, despite having lived in the UK for 20 years. Dozens of foreign nationals have been detained in Tehran on fabricated charges and held for years as political pawns.

https://www.declassifieduk.org/nazanins-story-in-iran-is-not-just-a-tragedy-its-a-warning/

The Iranian Military Procurement Offices (IMPO) and the National Iranian Oil Company (NIOC) were located at 4 Victoria Street, adjacent to the Department of Trade and Industry (DTI) and a short distance from Westminster Abbey and the Houses of Parliament. Arms deals conducted between MOD subsidiary International Military Services (I.M.S.) and the IMPO, continued during the Iran-Iraq war and throughout the 1980’s, ending in 1987.

‘https://kclpure.kcl.ac.uk/ws/portalfiles/portal/135753836/IMPOs_Article_pre_pub_version.pdf

“Even after Ms Zaghari-Ratcliffe and Mr Ashoori had been taken and informed that their imprisonment was linked to the debt, which was substantiated by a clear link between the stalling of negotiations and an escalation in Iran’s actions, the Government continued to deny the debt’s relevance as well as attempting to distance itself from its responsibility to resolve it.”

‘https://committees.parliament.uk/writtenevidence/108762/pdf/

Clive Robinson December 6, 2025 3:49 AM

@ ResearcherZero,

With regards Palantir and it’s software.

I’ve mentioned in the past the real intent is to,

1, Eliminate Investigators
2, Have rank and file officers become data entry clerks.
3, Replace at similar or greater cost Investigators.

This is the “drug dealer MO” plan of getting an organisation hooked and then rack up the price.

But that is not the only thing they are going to do…

4, Repackage data typed in by police as Intelligence Reports for other agencies in the same location or nation.
5, Replace Intelligence staff in Government entities.
6, Take over entire Nations intelligence and investigation “behind desks” activities.
7, Replace other civil servants in Health and Revenue etc.

Now imagine what influence that gives the “real controllers” of Palantir over what was a Democratic Sovereign Nation.

Yes it sounds like a nightmare, but look at what databases Palantir has been accumulating to see and verify just a part of it.

Clive Robinson December 6, 2025 4:24 AM

@ Ismar,

With regards,

“Let’s see how it all unfolds”

I’d rather not. Australian politicians in recent years have earned themselves a very poor reputation.

As have their various senior law enforcement and civil servants.

It’s becoming clear from the UK equivalent of the “Online Safety Act” that one of the intents of such legislation is to build a “register on citizens” by their interests and actions.

Likewise those in the US,

https://www.wired.com/story/age-verification-is-sweeping-the-us-activists-are-fighting-back/

However the UK Regulator OfCom that has been given the job of enforcing the OSA is making quite a hash of it. And in the process reveal it is for “Inlawful Revenue Raising” for the UK Government Treasury…

I have no interest in 4Chan but they have attracted OfCom’s attention, and a lawyer involved Preston Byrne is making OfCom’s stupidities and intent all to clear,

https://prestonbyrne.com/2025/12/04/the-ofcom-files-part-4-ofcom-rides-again/

I think we can make the same basic assumptions about all these “Think of the Children” systems that are bring rushed into place.

Clive Robinson December 6, 2025 4:38 AM

@ ResearcherZero, ALL,

With regards,

“Nazanin Zaghari-Ratcliffe was only released after 6 years in an Iranian prison when the British government finally paid an outstanding debt to Iran from the 1970’s. Anoosheh Ashoori had also been jailed for nearly five years in Iran on charges of spying for Mossad, despite having lived in the UK for 20 years. Dozens of foreign nationals have been detained in Tehran on fabricated charges and held for years as political pawns.”

I suspect the UK is setting up a similar “Catch and hold for ransom” with the UK Online Safety Act (See my above response to @Ismar).

The UK OfCom tactic or opening shots as you might see it is to create a faux-debt that is not owed to the UK Treasury.

The level of harm this will create is immense, and remember the US has also been doing similar politically motivated hostage taking,

https://en.wikipedia.org/wiki/Meng_Wanzhou

KC December 6, 2025 12:28 PM

@ ResearcherZero, All

Re: secure integration of AI in OT

On this, the ACSC and others released a report.

https://www.cyber.gov.au/business-government/secure-design/operational-technology-environments/principles-for-the-secure-integration-of-artificial-intelligence-in-operational-technology

Regulatory compliance is a serious consideration.

The report links to top ETSI AI technical security standards.

In ETSI TR 104 128 (AI cybersecurity guide), the technical committee maps out 13 principles.

One of these is evaluating the threats and managing the risks to AI systems.

One threat (6.3.3) is allowing AI models to retain superfluous functionalities. ETSI provides two control opportunities. One is requiring governance approval for documented threat models that include cross-discipline inputs, eg, ethics, privacy, legal, and an etc. for good measure.

I know we talk a lot about AI risks to the workforce, but someone’s going to be having fun.

Rontea December 6, 2025 1:42 PM

@ResearcherZero

"Chief executive of Palantir, Alex Karp, is well acquainted with the fascist state, having written his college thesis on the subject and having developed software to help United States Immigration and Customs Enforcement round up large groups of people for detention and deportation."

Standing together against the rise of fascism and mass surveillance is more important than ever. By joining the fight, we can protect human rights, defend privacy, and ensure that our communities remain free from unjust profiling and oppression. Every voice matters in resisting systems that threaten civil liberties, and collective action is how we keep democracy strong.

Rontea December 6, 2025 1:49 PM

@Ismar
“Australia’s first to introduce Social Media age restrictions in the World”

Ah, the dance between freedom and safety finds yet another partner. There is something almost tender in watching a government try to shield its young from the whirlpool of social media, as if a law could guard the soul from temptation. I can’t help but smile at the thought: those under sixteen will be spared a little while longer from the theater of vanity and noise. Perhaps, for a brief moment, they will hear their own thoughts before the world drowns them out.

Clive Robinson December 6, 2025 10:30 PM

@ Bruce, ALL,

Is secret sharing the semi-secure way best?

Most are aware of the “authentication issue” which is to prove who/what you are securely.

The first such systems sometime back an average lifetime ago were what became “passwords” that for various reasons had to have “usernames” to kind of act as “primary keys” (in the database sense).

Eventually the idea of “Multi-Factor Aithentication”(MFA) came along with,

1, What you know.
2, What you have.
3, What you are.

To which I added some years ago geo-location and various types of time gating,

4, Where you are.
5, When you Authenticate.

To try and reduce the problems with the first three…

Such as Law Enforcement using various methods of intimidation by threat/imprisonment, theft of property, and physical assault respectively.

And more recently crypto-wallet grabbing criminals that are more than happy to break bones or rupture organs.

But it appears that some think incorrectly[1] that we’ve sort of moved into a more secure time of authentication…

https://www.theregister.com/2025/12/06/multifactor_authentication_passkeys/

Death to one-time text codes : Passkeys are the new hotness in MFA

Using someone’s legitimate account credentials is a much more effective avenue for crims than finding a security hole to exploit. Microsoft’s latest Digital Defense Report puts identity as the top attack vector.

Using MFA of any kind is the main way to stave off identity attacks, but what you really want is a method that can stand up to phishing.

“Phishing-resistant MFA is the gold standard for security,” according to Microsoft’s threat intel team. “No matter how much the cyber threat landscape changes, multifactor authentication still blocks over 99 percent of unauthorized access attempts, making it the single most important security measure an organization can implement.”

Note the “crims” reference with the implication all the attackers under consideration are both “external” and “unlawful”. Which increasingly is not the case (think as an obvious case Law Enforcement, Government entities, and crypto-wallet thieves).

Worse the “security hole” notion being apparently limited to attacks on software vulnerabilities.

Remember having your teeth punched down your throat or worse is still a “security vulnerability” all be it a human vulnerability rather than software…

So it’s way more than “Phishing-Resistant MFA” people with a “Duty of Care” need…

Hence the further extensions I added to MFA that added various types of “anti-tamper” such as partial / soft / hard lockout as well as similar “timeout”.

I’ve even added “Bluetooth Low Energy”(BLE) beacons such that anyone separating a device and it’s beacon by say putting the device in a Faraday shield / bag / box, Hard Locks the device by destroying crypto keys stored in encrypted RAM storage.

Though people need to remember,

“Nothing is ever perfect and Security is never 100%, not even close…”

Because it’s a never ending war, and some are quite happy to use torture and other extortion methods as many with crypto-coin wallets have found out the hard / painful way.

[1] “More Secure” is a very movable feast that depends on all manner of things including who the adversary is, their proximity to you, and how you generate and communicate “the shared secret”.

Clive Robinson December 7, 2025 8:19 AM

@ ALL,

AI derails train service

The posting of an AI manipulated photo after an earthquake caused a major rail link to be shut, whilst safety engineers were called out to inspect a bridge that was as far as we know was actually unaffected.

https://www.bbc.co.uk/news/articles/cwygqqll9k2o

I expect this sort of thing to increase, and rather than fix the actual problem of AI’s being totally incapable of not being misused due to the deficiencies in their fundamental design…

What will happen with a high degree of certainty, is that it will be used by politicians along with “think of the children” to increase digital communications surveillance.

That will without any shadow of a doubt cause more harm than any fake-photo or similar can…

lurker December 7, 2025 12:08 PM

@Clive Robinson, ALL

“A BBC journalist ran the image through an AI chatbot which identified key spots that may have been manipulated.”

Using AI to defeat AI? Coming soon: The War of the Chatbots.

Rontea December 7, 2025 2:23 PM

@lurker

"Using AI to defeat AI? Coming soon: The War of the Chatbots."

To pit algorithms against algorithms is to marvel at the futility of human ambition: we have built reflections to destroy reflections, hoping to spare the flesh the trouble of bleeding. “The War of the Chatbots”—is it a triumph of reason or a parody of our own wars? Perhaps it is better than the War of the Humans, if only because no one mourns the silence of a server. And yet, in outsourcing our conflict to circuits, we merely stage our despair in another medium, an echo chamber where the victors are forgotten the moment the power flickers.

Clive Robinson December 7, 2025 11:33 PM

@ lurker, Rontea, ALL,

Do ‘words of jest’ foretell ‘future truths’.

Your comment,

“Using AI to defeat AI? Coming soon: The War of the Chatbots.”

Has in another sense already started.

You might have noted I carefull say,

“Current AI LLM and ML Systems”

When I talk about why things are not going the way the AI-Bros have been fancifully painting for investors and shills to chant along to.

The cause for the current systems is the 2017 idea of “attention and the transformer”.

It initially had promise but soon it became apparent it had problems. One in specific condemned the transformer and that is it does not scale linearly as O(N) but quadratically as O(N^2). Like “doubling down on bets” it’s basically a non-wining strategy, or to use a more trendy term “you quickly run out of moat”.

Thus we’ve reached a point where in effect people can not make the next wager to cover their losses, so they loose.

Thus the knockout bell has been sounded for the transformer, all we are waiting on is the “count out”.

Is this the end of AI, or another AI Winter, or is there a new contender for the belt?

As I’ve been careful to note it’s the “knockout” for “Current AI LLM and ML Systems”, and others have been predicting a new “AI Winter” to “kill the tulips” etc.

However there has been renewed research in old ideas going on in the quieter places on ideas old enough to be Grand-Pa’s in human terms.

One such is “State System Models”(SSMs) that go back to control theory of the 1960’s, that are more like O(n) in performance.

But these are not the only avenues of investigation,

https://arxiv.org/html/2408.00386v1

But the thing is “pure models have issues” that “Hybrid models can overcome”. The trick is finding an optimal approach, but to do that there are two basic ways,

1, Walk forward with the way lit by knowledge.
2, Blunder around in the darkness of lack of knowledge.

At the moment “we lack detailed knowledge” so we have to in essence “grope our way forward” in trial increments.

Which bring forth the question,

“Can we get somewhere far enough before we run out of moat?”

The answer I suspect at the moment is “NO” because “investors are flighty creatures” at best.

History shows that new technology tends to come into being via one or two bubble markets hence the cruel joke of,

“The second mouse get’s more than the cheese!”

As it also gets the benifits that accrue to having possession of the first mouses’ corpse.

The classic one in more recent times was the infrastructure build out of communications and all that “dark fibre” that was got in place for pennies on the dollar, and now return real income for some “second mice”. But historically Canals and Railways had the same issue.

So in the current AI game, what is the infrastructure that will be “pennies on the dollar” to pick up after the bubble either bursts or deflates fairly rapidly?

The answer is “the data centers” but… “Probably not the equipment inside them”. It all depends on if there is sufficient value in a “hybrid approach”…

Also of importance is the “Speed of light issue” for certain algorithms they can not realistically be either run in parallel or over a distributed surface because they need each point to be connected with each other point. So their speed of operation is defined by “shortest distance”. However some algorithms do not have these types of limitations or the consequences such as “heat death”.

Any way food to think on, that I’m still “chewing over” as it were 😉

Clive Robinson December 9, 2025 4:36 AM

@ Bruce, ALL,

If automation fails what hope AI?

Back in the 1970’s and 80’s machinist jobs were lost to CNC machines.

Mostly because CNC machines had major advantages over humans.

Ever since then “automation” has tried to replace other human jobs, but there were always significant issues that all to often incurred major expense or lack of flexibility. Thus “robots” only became of use in certain industries such as small vehicle mass manufacture.

In more recent times automation has been applied to warehousing. But again only in niche areas. Such as shelf stacking on “goods inwards” where shipping cartons etc are designed to fit standard containers and palettes.

The other side of warehousing, “customer order fulfillment” is still mostly done by “minimum wage workforces” even though people have tried and failed to replace them.

There are many excuses made for these failures but the real reasons are hardly ever spoken about,

Take the latest,

https://www.grocerydive.com/news/kroger-ocado-close-automated-fulfillment-centers-robotics-grocery-ecommerce/805931/

Kroger acknowledges that its bet on robotics went too far

Kroger’s announcement on Tuesday that it will shutter three of its robotic e-commerce fulfillment facilities represents a sharp turnabout for the grocery company, which until recently had expressed confidence in its ability to leverage automation to run a profitable online grocery business.

Less than a year ago, Kroger said it planned to expand the fleet of high-tech fulfillment centers it has been developing in partnership with U.K.-based warehouse automation company Ocado. And in mid-2024, Kroger revealed that it would install new technology from Ocado to improve the efficiency of the warehouses.

One of the issues not talked about is the “Points problem” first found with pulley railways in mines and at collieries and lumber production at saw mills and yards and later with steam railways.

Rails are a simple solution to get a truck from point A to point B with a high degree of precision, speed, and load carrying capability. But add another point C or more and all of a sudden you have real issues that still cause problems today even though many consider it a “solved problem for two rail systems it’s not and it’s an “open problem” for monorails and multi-rail systems.

At the very least you loose one or more of precision, speed, capacity, flexibility or floor space when compared to humans pushing dumb carts or trollies, or using sack barrows.

The point of automation is to keep all of the precision, speed, capacity, flexibility of humans. In a smaller floor space and at less cost than minimum wage workers.

It’s not happened in retail fulfilment warehouses and nor is it likely to do so any time soon for very many reasons.

So Kroger’s have found failure at high cost in this area of automation and are trying to “slap lipstick on the pig” to save face in front of shareholders.

I can safely predict that Current AI LLM and ML Systems in use as Agents or bots will fail for equivalent reasons at the bottom of the socioeconomic ladder and it would appear that most people who try have found they fail.

Where there is some small advantage is in the province of the 1980’s and later “expert systems” where rules are used to winnow down what appears to be complex presentations down to known and resolvable simplicity.

This was the province of Doctors, Lawyers, and accountants who charged money for the facts they could hold in their head something computers are generally better at than humans.

However whilst “evaluation” is in the AI Wheelhouse, reasoning is still only being at best “faked”. Thus flexibility was, is, and I suspect still will be a failure in Current AI LLM and ML systems for quite some time to come if not forever.

So either Current AI LLM and ML systems will be relegated to niche applications, or they will have to undergo significant changes. Sufficiently so that they will nolonger be the LLM and ML systems being fielded currently.

The thing that is needed is “fundamental innovation” and throwing trillions of investment money at the AI industry is not going to achieve that.

To be blunt fundamental innovation happens when it’s time arrives, which is why it occurs to several if not many people in widely dispersed areas all in a very short time period. And all to often later “looks simple” which is why you get the “Why did I not think of that”… Or worse “That was my idea” “they stole” thinking (and it probably was their idea first, and can be shown as such, such is the fickle nature of “publish” in “publish or be dammed”).

Current AI LLM and ML Systems are from the “general use” case flops… despite the outrageous claims of some of those involved. They need fundamental innovation and that has not really happened in nearly a decade. We’ve seen similar happen throughout the history of AI, and it’s why some are predicting another “AI Winter”.

The real question is how much harm will happen first…

369 December 9, 2025 5:50 PM

Trump gives Nvidia green light to sell advanced AI chips to China
https://www.bbc.com/news/articles/ckg9q635q6po

‘US President Donald Trump has announced that he will allow AI chip giant Nvidia to sell its advanced H200 chips to “approved customers” in China.

“We will protect National Security, create American Jobs, and keep America’s lead in AI,” Trump said on social media on Monday.

The decision will apply to other US chip companies like AMD and comes after extensive lobbying by Nvidia boss Jensen Huang, who visited Washington last week to drum up support.

Nvidia’s H200 is a generation behind its Blackwell chip, which is considered to be the world’s most advanced AI semiconductor.

The sale of H200 chips to some Chinese customers “buys time” for the US to negotiate a deal with Beijing over rare earths and prevent major disruptions to global supply chains, Alex Capri from the National University of Singapore said.

“By making it easier for the Chinese to access these high-quality AI chips, you enable China to more easily use and deploy AI systems for military applications,” said Cole McFaul, senior research analyst at CSET. “They want to harness advanced chips for battlefield advantage.”‘

369 December 9, 2025 6:33 PM

https://news.yahoo.com/news/finance/news/nvidia-ceo-says-data-centers-181353030.html

‘Nvidia CEO Jensen Huang said China has an AI infrastructure advantage over the U.S., namely in construction and energy.

While the U.S. retains an edge on AI chips, he warned China can build large projects at staggering speeds.

“If you want to build a data center here in the United States, from breaking ground to standing up an AI supercomputer is probably about three years,” Huang told Center for Strategic and International Studies president John Hamre in late November.

“They can build a hospital in a weekend.”

The speed at which China can build infrastructure is just one of his concerns. He also worries about the countries’ comparative energy capacity to support the AI boom.

China has “twice as much energy as we have as a nation, and our economy is larger than theirs. Makes no sense to me,” Huang said.’

Clive Robinson December 10, 2025 1:51 AM

@ 369, ALL,

With regards BBC article and,

“US President Donald Trump has announced that he will allow AI chip giant Nvidia to sell its advanced H200 chips to “approved customers” in China.”

He probably had little choice but to do so. Because as noted,

“… comes after extensive lobbying by Nvidia boss Jensen Huang, who visited Washington last week to drum up support.”

If you examine the US economy currently you will find that “all the churn” that keeps the economy “moving in the right direction” is really only happening in “tech stocks” that revolve around Nvidia and it’s AI chip modules

( See the, “How Nvidia and Open AI fuel the AI Money Machine” graphic in,

https://garymarcus.substack.com/p/openais-code-red

)

If Nvidia or OpenAI start to “look bad” shareholders will “jump ship” and the entire “AI Money Machine” will start to unwind, probably quite rapidly, and with it the US economy equally as rapidly (if not faster).

To stop the “look bad” Nvidia “has to be seen to grow” and “OpenAI” still doing those crazy “debt funded deals” it talks up.

The thing is the US AI market is in reality at best stagnant, as worse and worse news comes in about the ROI on “General AI Projects”…

With ROI really not being there with less than 1 AI based project in 20 showing any gains over existing human resource utilisation.

Even the much touted software building “Vibe Coding” AI are in reality way less productive with more humans having to be brought in to “understand, clean up, support, and maintain” the “AI Slop” that results.

Apparently even Microsoft are finding their “AI with everything” Investments, –even with all their underhanded tricks to push them,– are just not selling.

So for the sake of the US Economy Nvidia,

“Has to fly, not tail spin”

And the only way that can happen is if new markets for it’s chips exist.

China holds one heck of a lot of “US Paper” and could kill the US economy very very easily. However it would be killing it’s primary market if it did… A “mutual suicide pact” is not in either Nations interests or the rest of the world for that matter… So the US has a problem of how to get out of the hole it’s corporations have been “rapidly digging” this century…

Opening up “New Markets for Nvidia” will delay the inevitable “look bad” tipping point a little while. Further “Bailing out OpenAI” with tax payer money either through phoney contracts or direct hand outs will delay the inevitable that little bit longer as well.

The question is can the US unwind the other bad AI Corp relationships “in it’s own house” to head off the inevitable into a new direction?

Then of course “rinse wash and repeate” over and over, all funded by tax payer money that really is not there… So that “thump thump crunch” you hear from behind the curtain is the sound of the “funny money printing presses” being restarted… Of course it will have to have a new name as “Quantitative Easing”,

https://www.britannica.com/money/quantitative-easing

Which now, understandably, has such a bad reputation due to the amount of “paper and inflation” and of course massive National Debt that creates.

One of the reasons the EU scares the US State Dept etc, is the issue of the Euro -v- Dollar. At the moment the world trade is financed in Dollars which gives the US a certain economic advantage. Ask yourself two questions,

1, What would happen to the US if other nations stopped buying it’s military equipment?

Something the US is clearly desperate to stop happening hence the clumsy Trump behaviour with regards NATO and Russia.

2, What would happen to the US if world trade was to become financed in Euros?

It’s why the EU should stop buying and being dependent on US Weapons and it looks like a number of EU politicians are waking upto this reasoning.

The real problem that needs to be fixed though is the Corporations in the US that are basically taking the US Tax Dollars being pumped into the US Economy to “stimulate activity” (churn) thus growth. And instead “off shoring” the money in “tax free” investments etc in other nations where it builds their economies rather than provide growth, jobs etc in the US economy…

Oh and just be thankful that Current AI LLM and ML Systems are such a bust in replacing humans. Because AI Agents / Bots,

“Do not buy goods or services in the US domestic consumer markets”

Which is where the US most desperately needs to improve things.

the Laffer curve - is anyone laughing yet? December 10, 2025 3:33 AM

@369 @Clive Robinson

It’s almost as if the real decision about the chips was not whether to sell at all, but rather when to sell.

I suppose a lot will turn on what an “approved customer” is. And how easy it might be for an approved customer to reverse engineer the product and pass that information along to weapons manufacturers in certain places.

Clive Robinson’s point about AI not buying goods and services is very important. AI also will not pay taxes, or contribute to Social Security and Medicare.

Back about 30 years ago improving the productivity of labour and capital was all the rage. But I don’t think the same concept applies when you replace labour with capital (i.e. replace employees with AI) — there you’re just changing the capital-labour mix. Without more, you can’t automatically conclude that changing the capital-labour mix will result in more efficient production.

Clive Robinson December 10, 2025 6:32 AM

@ the Laffer curve…, ALL,

With regards,

“I suppose a lot will turn on what an “approved customer” is.”

And more importantly on who decides…

It appears the Chinese Government is in effect doing the joke of,

“The computer says NO”

To the US…

Some things to note about China and AI,

We already know China can build CPU’s and GPU’s as can quite a few EU countries. So it’s very far from being a “US Only” skill set (in fact the only country that you would expect to be a player, that has failed and in fact gone backwards on AI is Russia).

China actually does not see “Wide AI” such as AGI Bots as being a worthwhile endeavor. They favour “Narrow AI” that is specific to a task / function. Such a difference requires different computing infrastructure in most cases.

China also don’t see huge Data Centers as the way to go, but more like “Personal AI Hardware” that would “sit in an office” or “under a desk”. Again requires a different computing infrastructure.

China also has a different outlook on how to do AI. You can see this in the DeepSeek system and the weights they use.

China also saw the RAM shortage well ahead, due to US trying to kill Chinese Smart Phone manufacture.

So from China’s perspective the H200 is kind of like a formula 2 racing car that can only drive backwards. Or a bus that has the passenger doors on the traffic bot pavement side.

Thus China does not really have much use for big data centers full of H200 chips. Especially as by all reports the NVIDIA chips die very quickly in such environments… So with a six month life expectancy and the way the US Executive “flips and flops” on policy, the investment would be not just a waste of time but other resources as well.

But there is another question nobody is asking and they really should, and that is,

How EMP / CME susceptible the NVIDIA chips are when in data centers?

Especially when the data centers can be easily seen by satellite due to the massive heat signature…

I think people will find that smallish AI hardware systems that are widely dispersed are going to have a way way higher “survivability” than any of the US or EU proposed Mega Data Centers, come peek-solar cycle or active warfare.

Thus as the Chinese think and plan longterm and US Corps and the current US Executive don’t think even short term… I have a sneaky suspicion that China will only allow the H200’s to what are “public good”, “high publicity” research uses “for global good”. That also will just so happen to indirectly target major corporate targets in the west such as “Big Pharma” and “Big Ag”. So in effect the US will “box it’s self in”.

After all “why look a gift horse in the mouth” when “Trojan horse” or not it can work in the fields where every one can see it’s work plainly.

Clive Robinson December 10, 2025 6:10 PM

@ the Laffer curve…, ALL,

Due to Yahoo “consent” requirements the link you give may not work for people.

So I duck-ducked bits of the link and got,

https://finance.yahoo.com/news/china-deepseek-uses-banned-nvidia-131207746.html

And like the alleged Einstein quote on madness I unsurprisingly “Got the same issue” so it’s not a refering page issue.

However the “LSD Butterfly” of MSM has,

https://www.msn.com/en-us/money/other/china-s-deepseek-uses-banned-nvidia-chips-for-ai-model-report-says/ar-AA1S5vah

Not sure if it’s the same article or not due to flurry of articles with similar content.

@ ALL,

But “going the other way” is a law suit against Intel, AMD, Texas Instruments and Mouser.

As their products “allegedly”[1] have been found in Russian weapons specifically targeted at Ukrainian civilians…

I suspect the case will get very messy if it gets to court. Because the lawyer has a bit of a reputation[2],

https://www.msn.com/en-us/news/us/ukrainians-file-lawsuits-against-intel-amd-and-texas-instruments-report/ar-AA1S64gM

[1] Holding what looks like a genuine chip in your hand is actually “zero guarantee” it is genuine or the tape-out used is IP of the companies who’s Trademarks appear on the package.

I’ve had this problem with International Rectifiers(IR) V-fet parts in the past. As I’ve mentioned before “supply chain poisoning” became news worthy even on this blog let alone in the general MSM, it’s a very real security issue.

Put simply there is a “Grey Market” on parts, that is genuine parts that got into inventory either of companies that have subsequently gone under, restructured, or had tooled-up projects canceled. Thus unwanted inventory gets sold often via auction etc.

However, where there is lax controls, which is true of all auctions, people can slip fakes in and make near untraceable profit. Because auction houses at best verify “supporting paperwork” not items and you can launder parts simply by putting through two auctions, the first giving “genuine paperwork” for the second… Unfortunately such a lax system is perfect for “passing off” fakes or lower spec / fails as full dollar items (this happened last century with some 486 parts).

These actually fake parts end up on the Grey Market and look genuine and have genuine paperwork so get treated as such unless caught. Also unscrupulous suppliers or their employees can do a swap of “known to be genuine” with “from grey market” parts. Most of the time it does not matter as the grey market parts “work for most” (but not everyone).

It’s the reason as an electronics manufacturer you should always do “Goods Inwards Test”(GIT) Inspection no matter how much you trust your supplier and supply chain.

I found out because the application we were using the V-fets for was “off-book” thus had a way more exacting GIT. And yes we got grey-market “actual fakes” (we de-caped and microscoped the silicone which revealed them to be fake). They were supplied to us by a very well known supplier who when informed went through their inventory and ensured we got real parts direct from IR that we had actually paid for.

Since then the use of V-fets and similar –like IRF510’s and 610s– have seen significant use in MF and HF RF “Power Amplifiers”(PAs) It has “become a thing” not just in “home-brew” but “Chinese-Knock-Offs” from the likes of Alibaba etc, E-Bay, and even Amazon.

This happened because the IP belonging to a friend and myself got “ripped-off” by an Israeli Company, and the details became “general knowledge”. The reason so many grabbed the IP was because a 20cent V-fet part was actually better for the job than a whole bunch of $50 or more RF-fets from the likes of Philips, Motorola, and other “Big Name” RF Transistor manufactures that put unnecessary “lip-stick on their pigs” to justify ludicrous pricing.

[2] Some may remember I talked about the disasters PG&E caused in the US South West as a serious security issue. But also as a consequence of court action PG&E had to “Chapter 11”.

Well the lawyer “Mikal Watts” is the same who brought,

“The PG&E case led to a $13.5B settlement.”

If Intel loose, in their current precarious state it could be End-Ex for them and their remaining shareholders.

The simple fact is none of the mentioned companies have the liquidity or reserves to pay out that size of settlement “out of pocket”. Even the “Tech Big 5” don’t have that kind of cash “doing nothing” but jingling, because there is not a table big enough to have that size chunk of money just left on it (look at it another way, based on what we currently know it would buy you 56years of the US Presidency… Which could be very lucrative).

the Laffer curve - is anyone laughing yet? December 10, 2025 6:42 PM

@ Clive Robinson @ALL

My apologies, I may have been fooled. According to CNBC, quoting an Nvidia spokesperson:

“We haven’t seen any substantiation or received tips of ‘phantom data centers’ constructed to deceive us and our [original equipment manufacturer] partners, then deconstructed, smuggled and reconstructed somewhere else,” an Nvidia spokesperson said in a statement. “While such smuggling seems far-fetched, we pursue any tip we receive.”

(see https://www.cnbc.com/2025/12/10/nvidia-report-china-deepseek-ai-blackwell-chips.html?msockid=05e534a0274865560b5f221e26006498)

I cannot find any press release about this at https://nvidianews.nvidia.com/. So I don’t have any way of verifying what CNBC reports the spokesperson said. (In other words, it’s hearsay.)

**

That all being said, it might be worth pondering:

What measures are in place to ensure that an “approved customer” can’t act as an intermediary and transfer the chips to someone who is not an “approved customer” ?

369 December 10, 2025 6:57 PM

https://news.yahoo.com/news/tech/science/articles/watch-spacex-launch-mystery-mission-110000192.html

‘SpaceX just launched a secret payload for the U.S. military.
A Falcon 9 rocket lifted off into cloudy skies from Florida’s Cape Canaveral Space Force Station today (Dec. 9) at 2:16 p.m. EDT (1916 GMT) on a mission for the U.S. National Reconnaissance Office (NRO) called NROL-77.

The NRO, which is part of the Department of Defense, operates the United States’ fleet of spy satellites.

NROL-77 was the third mission that SpaceX has launched this year for the NRO and U.S. Space Systems Command, according to the company. However, it was the seventh Falcon 9 flight of 2025 carrying the “NROL-” prefix. The others — NROL-153, NROL-57, NROL-69, NROL-192, NROL-145 and NROL-48 — launched between January and September.’

crackers_from_the_hell December 10, 2025 7:44 PM

Breaking…Breaking…Breaking…

Netware 3.x serialization algorithm has been broken.

pastebin.com/BW7GzK85

It was pretty easy.

250 user Netware 3.12 was pretty pricey – list price was $12,495
And all it was protected was a pretty simple encoding.
Crazy to think now how much money Novell made from it.

lurker December 10, 2025 8:57 PM

@laffer curve …, Clive, ALL

This is old news, surely? When DeepSeek first popped its head up, sharp minds worked out that ~half its chips had been purchased legitimately before any Trumpery came into effect, and the other half had been in carry-on baggage of various travellers.

Note also that the book subject of last week’s thread https://www.schneier.com/blog/archives/2025/11/huawei-and-chinese-surveillance.html details how the Chinese are master market manipulators since before the Han dynasty.

see also: https://finance.yahoo.com/news/white-house-u-turn-nvidia-130904942.html

and other analysis of Huawei’s Ascend roadmap which renders the H200 ban futile.

ResearcherZero December 11, 2025 1:03 AM

Foreign visitors to the US would require up to 5 years of social media history disclosure to gain entry under a proposal being considered by the Trump administration.

‘https://www.cbsnews.com/news/us-tourists-social-media-history-5-years-trump/

The administration has reportedly violated the First Amendment nearly 200 times.
https://edition.cnn.com/2025/12/08/media/trump-free-speech-second-term-press

The actions mirror moves that authoritarian governments have used to censor and stifle speech. Civil freedoms in the United States have been in rapid decline throughout the year.
https://time.com/7339363/us-civil-liberties-authoritarian-shift-civicus-trump/

ResearcherZero December 11, 2025 1:18 AM

Another good reason have carbon filters for your water at home. Though it would be far more helpful if industry refrained from polluting the air and water with dangerous chemicals.

A common chemical trichloroethylene, used since the 1920’s, may be linked to Parkinson’s Disease. Studies have shown that drinking water polluted by trichloroethylene (TCE) could be the trigger for those with a higher genetic predisposition to developing Parkinson’s.

Public and private water supplies in have been widely polluted by unsafe disposal of TCE.

‘https://www.wired.com/story/scientists-thought-parkinsons-was-in-our-genes-it-might-be-in-the-water/

Volatile organic compounds and trichloroethylene have been used in a very wide range of applications including industrial solvents and persistent insecticides. Water polluted with trichloroethylene and volatile organic compounds increases risk of brain damage and cancer.

https://www.mdpi.com/2305-6304/12/12/894

Parkinson’s is the fastest growing neurodegenerative disease globally.
https://edition.cnn.com/2025/12/09/health/parkinson-risk-reduction-wellness

Clive Robinson December 11, 2025 7:49 AM

@ ResearcherZero, ALL,

Trichloroethylene as anesthetic

With regards,

“”

Like a number of other “Volatile Organic Compounds”(VOCs) such as “carbon tet” and “chloroform” “trichloroethylene” also called “tric” had uses as a cleaning/degreasing and as an intermediate chemical. Importantly it was used as an anesthetic for a half century or so.

Trichloroethylene was first used as an anesthetic just after “The Great War” and remained in use untill the late sixties in the West when it was replaced by less hazardous halothanes.

In 1975 the US finally banned it’s use, but I’m told it can still be found in use in some third world countries as it’s inexpensive and relatively easy to make and purify.

When used correctly it was/is assumed not to be harmful to humans. However if used with a “soda lime closed circuit system”, it can cause the trichloroethylene to form other chemicals that attack the nervous system, kidneys and can be carcinogenic. One such chemical being phosgene… Also trichloroethylene is lipophilic which draws it out of the blood stream and into body fats.

Whilst trichloroethylene is not normally flammable, it can react violently with some fine metal powders. Which means care has to be used when it is used as a degreaser on freshly machined metal parts.

It can also cause odd effects with certain rubbers and plastics. It’s been said that if injected through the inflation valve of a vehicle tyre it can cause the tyre to degrade fairly quickly and cause a “blow out”.

It also degrades at moderate to low temperaturess.

All in all in the West it is a chemical best avoided.

Clive Robinson December 11, 2025 4:02 PM

@ Bruce, ALL,

Xmas AI ads bomb again…

It appears AI Ads especially those with winter solstice spirit themes are not popular with those on which they get inflicted upon…

So much so even the MSM are calling some ads out in particular,

https://www.theguardian.com/business/2025/dec/11/mcdonalds-removes-ai-generated-christmas-ad-advert-backlash

I guess,

Tis the season,
To throw AI slop away,
With good reason.
As punters do let cry,
That ain’t a jolly watch,
It’s made my Yuletide die.

lurker December 11, 2025 8:25 PM

@F6

“even the FIDO Alliance mentions that passkeys require a trusted environment.”

“The browser is the primary interface for users to register and authenticate passkeys,” and it’s relied on by both sides ”to communicate honestly.” If the browser can’t be trusted,” …

it’s Game Over Man.

I don’t have any money that says a common or garden browser is a trusted environment. Authenticating pass-keys is a job for a dedicated app, that can be verified for sanity and sanctity each time it is used. But when your user thinks the browser is the internet, where do you go?

I wince, and take my business elsewhere, every time I get a notification: “You can stay logged in on this trusted device.”

Clive Robinson December 12, 2025 1:50 AM

@ F6, lurker, ALL,

With regards,

“They are pushing for passkeys but all is not roses.”

It is one instance in a whole class of attacks that has been known about and discussed on this blog in the long past…

I originally noted that browsers had two major issues,

1, They were becoming operating systems in their own right.
2, They had no security of the form built into traditional operating systems.

This was shortly after the rumours about Google and what became Chromium became fleshed out so a little under two decades ago.

Put simply browsers of the time were all very insecure because they ran as a single process with just a single memory space.

Thus you could use a web page from one web server, to get at the memory used for a different web page from an unrelated second server.

I discussed this with @Nick P here several times and we kind of danced around what we both knew “user credentials and data were 100% vulnerable”. Not just to be being read, thus used, but changed to what an attacker desired a user to see etc.

Thus the browser could be attacked just like “driver shims” in the actual OS.

The problem was made infinitely worse due to the basic fact HTTP effectively required the Web Server to be “stateless”, thus the security of authentication protocols and processes were in effect not possible.

Because the all important “shared secret” was both static and easily accessed.

So hear we are and the “idea has come of age”, but as can be seen in the Forbes article,

‘The passkey attack works by exploiting the passkey setup process, which assumes your browser — which is the mandatory middleman — is a secure environment.

“The browser is the primary interface for users to register and authenticate passkeys,” and it’s relied on by both sides”to communicate honestly.” If the browser can’t be trusted, then the device passkey setup and the services can be duped.’

It’s a trust breaking attack “Class Vulnerability” so old,

“The ICTsec industry has forgotten about it (I would add “not for the first time either”).

Hopefully the attack instance will help pin it in peoples brains but to be honest if there is one thing this blog has shown beyond all doubt, is the ICT Industry cares not a jot about security and has no memory for it. Which is why,

Old attacks get reincarnated and become New again…

@ ALL,

A question for every one to give some thought to,

“What makes the ICT industry so special that forgetting even it’s very recent history, is seen as a virtue?”

ResearcherZero December 12, 2025 2:24 AM

@Clive Robinson

RE: influence that gives the “real controllers” of Palantir

The influence. That is also a concern of mine. Large amounts of data additionally require a significant degree of access, and the tendrils of Palantir reach into many sectors who have large quantities of consumer data and market data. This would allow sweeping analysis right across entire markets, businesses and their customers. An enormous inside scoping view.

The wide deployment of such products across broad ecosystems leaves these systems open to security weaknesses and opportunities for malicious or outside party access to the data and plenty of opportunities for misuse. This too leaves room for a lack of accountability and opportunity to hide behind layers of bureaucracy and commercial confidentiality.

Spyware and surveillance vendors use corporate structures and clients to frequently shield themselves legally and claim that they were unaware of how there products were being used.

There is a number of confirmed cases of Predator being used to spy on civil society members. These products don’t just violate people’s privacy and human rights, they put at risk the private sensitive information and security of people and place them at risk. They also undermine the legal rights of targeted individuals by exploiting their private domain.

Predator allows additional modules to be downloaded onto device that are already infected.

‘https://recordedfuture.com/research/intellexas-global-corporate-web

Employees at Intellexa can see details of surveillance operations and details of individuals targeted by their customers – such as journalists, human rights defenders and members of civil society. Intellexa maintains remote access to the spyware including the dashboard, as well as the “storage system containing photos, messages and all other surveillance data gathered from victims of the Predator spyware,” using TeamViewer.

As well as real-time access, Intellexa employees can view the logs of their customers.

https://securitylab.amnesty.org/latest/2025/12/intellexa-leaks-predator-spyware-operations-exposed/

An investigation is taking place in Greece regarding who in the government authorized the use of Predator to spy on a Greek journalist. Hundreds of other people in 150 countries were targeted with Intellexa’s spyware, many likely unaware there devices were infected.

https://greekcitytimes.com/2025/12/08/intellexa-predator-spyware-greek-court/

ResearcherZero December 12, 2025 5:03 AM

A boon for fourth-party collection.

There a few or no laws that exist in many regions to regulate or limit the sale or purchase of private data. Even sensitive and personal health data can be gleaned via multiple means and then pooled to build profiles of individuals with very detailed behavioral patterns.

The modern surveillance data ecosystem operates largely without oversight or transparency.
Populations are unaware of who is accessing their data, when it is accessed, or why their personal sensitive data is being used for a range of different purposes and reasons. Many are unaware that this is even happening or that their personal devices are sharing it.

There is no transparency surrounding wiretapping programs and how agencies utilize them.

‘https://www.wired.com/story/warnings-mount-in-congress-over-expanded-us-wiretap-powers/

Spoofing emails used by law enforcement for data requests is relatively easy.
https://techcrunch.com/2024/11/08/fbi-says-hackers-are-sending-fraudulent-police-data-requests-to-tech-giants-to-steal-peoples-private-information/

ResearcherZero December 13, 2025 1:16 AM

@Clive Robinson

no security of the form built into traditional operating systems

The majority of attacks from spyware attack the browser as it is ubiquitous amongst a range of devices and a primary interface. It doesn’t bode well for AI being jammed in everywhere.

Smart phones do not even come with a firewall to control data connections and require rooting and super user permissions to set rules for iptables in order to block applications from connecting. This significantly limits users from having visibility into what these apps are doing or practicing the kind of behaviour which fosters an understanding. This makes it far easier for surveillance data to be collected, and spyware to limit evidence of its existence on an infected device, while also easily collecting user behaviour and data.

Considering the nature of AI, users have even less insight into opaque cloud structure.
People have been pumping their personal history into the cloud for years for analysis.

‘https://techcrunch.com/2025/12/12/google-and-apple-roll-out-emergency-security-updates-after-zero-day-attacks/

Rontea December 13, 2025 2:18 PM

@Clive
“At the moment “we lack detailed knowledge” so we have to in essence “grope our way forward” in trial increments.”

Security is foundational to trust, and without it, no technological model—whether transformers, State System Models, or any hybrid approach—can sustain long-term adoption. As we navigate the potential end of the current AI boom, the real differentiator for future systems will not just be efficiency or scaling but the assurance that they are secure, resilient, and resistant to misuse. Security must be embedded into the infrastructure, from data centers to model architectures, because only when systems are demonstrably safe can they earn the trust required to survive beyond the hype cycles.

KC December 18, 2025 3:58 PM

AI defense startups

““Offense is going to be all-AI in under two years,” he said. “And because that’s going to happen, that means defense has to be autonomous. You can’t have a human in the loop or it’s going to be too slow.” […]

The company [Armadin] will use AI to find and report flaws that hackers might use to break in. “The cheapest way to build your defense is to actually hit it with the best offense and refine it,” Mandia said.

“What used to cost anywhere from $20,000 to $30,000 in human time is going to be three to five minutes,” he said. “We’ll charge hundreds.””

https://www.wsj.com/tech/ai/this-buzzy-cyber-startup-wants-to-take-on-dangerous-ai-threat-c0916a3a

Clive Robinson December 19, 2025 6:27 AM

@ KC,

With regards the quote you give of,

“Offense is going to be all-AI in under two years,” he said. “And because that’s going to happen, that means defense has to be autonomous. You can’t have a human in the loop or it’s going to be too slow.”

It’s actually a “half truth”.

To see why consider the fact that attacks have been speeding up and humans can not keep up is something that was obvious to “the keen of eye” back in the 1990’s.

Call that the “Second Signpost to disaster”

The “First Signpost” was known to the original designers of what became known as the ARPANet back when a bod at Rand called Gordon Welchman pointed out why the primary idea of a “net-work” was that a “net” was highly resilient to having holes made in it.

Which eventually gave rise to the myth of “The Internet routes around censorship”. The myth turned out to be “false” because the Internet fundamentally is not built as a “net” but a series of “inter connected trees”. Thus if you control a node you can control/censor every node and leaf beneath/downstream of your node. This failing is being slowly undone due to the insecurity of the “Internet of Things”(IoT) devices becoming parts of massive “Bot-nets” used to generate traffic way beyond most peoples comprehension as “Distributed Denial of Service”(DDoS) attacks.

Which is why some will say we’ve gone past the “Third Signpost” to disaster because Hacking etc is now a common topic even in the “Main Stream Media”…

But ask yourself,

“Is Disaster actually going to happen now?”

And then the second question of,

“Why not?”

Well there are several reasons for the cause of the attacks but the two main ones,

1, The Internet was never built as a net.
2, Creeping “sunk cost” minimisation.

The first issue we know how to solve, but it is going to cost a significant amount to do so.

Which brings us to the second issue of “sunk cost”, which is strongly correlated to “missed opportunity cost”. Thus is seen as a harmful thing in the eyes of investors, share holders and others.

Less obvious is the “Defence Cost Paradox” of,

“How do you know what to spend on defence?”

And secondly

“What on?”

The answer is you can only guess because,

“You only ever know you’ve spent to little when you are attacked.”

Nobody mentions the secondary answer of,

“You only ever know you’ve spent it on the wrong things when you are defeated.”

The major historical example most get to hear about is the French Maginot Line. Unfortunately the also get told the wrong reason it failed, which is,

“Because the Germans went around it through Belgium”

Whilst that is true, the real reason it failed was it was a “static defence” and warfare had moved on from that “trench mentality” into a new form due to rapidly improving technology. Because technology had made mobile warfare way more easily possible not just on the ground, but importantly in the air. So if France had built the wall to cover the French-Belgium boarder the Germans would have just used a different point “AND WAY” of attack and the Maginot Line would still have failed.

Which gives rise to the obvious question,

“But what happens when both sides advance in technology?”

The answer is a exponential cost increasing “Arms Race”.

This lesson can be most easily seen by the “Electronic Warfare” domain and “Electronic Counter Measures”(ECM). The obvious answer to ECM is “counter” measures so you get “Electronic Counter Counter Measures”(ECCM) and to “counter” this ECCCM…

The partial way out of that was “Kinetic measures” of “beam riding missiles”. Originally designed to fly down the transmission of a RADAR system it can with only minor changes in programming fly down any radio transmission such as that from a “Satellite phone” being used by a Chechen General. Thus the only “counter measure” to most was to stop using electronic communications from their locations, and later to cause the adversary to waste resources and suffer the embarrassment of “collateral damage” on innocent civilians.

The point is this is why the principle of the “Observe, Orient, Decide, and Act”(OODA) loop was thought up by USAF Col. John Boyd. Also known as “getting inside his curve” from pilot behaviours in dog fights. The point being if you can respond faster you will mostly win the dog fight. Taken to extremes this ment trading pilot consciousness for tighter turning. The idea being if your plane and weapons can out turn the adversary and shoot them down, you as the pilot do not have to be conscious to do so, therefore you have an exploitable advantage. But just as with ECM to ECCM and so on there are limits.

This “AI Advertisment” is when you analyse it the OODA principle being applied but without the caution of the fact it’s actually an “Arms Race” build up so will give rise to exponential cost rise or as they hope exponential rise in profits before going bust (by which time they will have “sold out” via VCs to “more money than sense” investors).

This should warn people that there has to be another way to do things…

And there are several, but the most effective to think about is “Mitigation by segregation”.

As I have noted from time to time the first question I tend to ask in it’s stripped down form is,

“Why is this computer connected to the Internet?”

Mostly the answer is,

“Well ummm… It’s what everyone is doing ummm… Because we were told by someone we paid it’s going to bring in profit…”

Back in the 1950’s and 60’s computer security was by todays issues “easy” because they could put it all in a room where nobody outside the room could get at it. This gave rise to the notion of what we now call the “air gap”. Which is nolonger sufficient which is why “energy gapping” via the likes of “Sensitive Compartmented Information Facility”(SCIF) buildings and tents are becoming more common.

But at the root of it is a simple principle,

“If the adversary can not reach it they can not attack it.”

Thus it can be seen that “The Cloud” and most XaaS was a very bad move and that very soon the smart choice will be to go back to “perimeter defence” where the “perimeter” is

“Physical and Energy segregation”.

However this will need to be moderated by the need for some information to “cross over” which is why

“Instrumented and mandated gap crossing.”

Will become part of that. But will Current AI LLM and ML systems be part of that?

Well as they mostly can only find “Known Knowns” with humans capable of finding “Unknown Unknowns” they will probably not be worth the very high cost they currently carry.

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.