Schneier on Security

Clive Robinson • January 3, 2026 2:19 PM

@ Winter,

Sadly for the last fifty or more years the game has been rigged against the ordinary person so “prosperity” can not happen for the ordinary mortal.

But worse… This century the rigging has progressed to the point where the ordinary mortal can not have “peace” either it’s a continuous series of invoked “War on XXX” where a select few decide what XXX is and often it has no reality it’s just a means to another end.

The idea being in part that the 1% of the 1% of the 1% and their families will not get into any kinetic or similar conflict. So that when ordinary mortals are pressed into service to die as cannon fodder, their estate/assets can be acquired for maybe 1 Cent on the Dollar or less to be “rented out” at way more than a Dollar into the future, free from tax and lien.

Ordinary people are fobbed off by being told that it’s a “trickle down economy” which is complete BS, as just a few moments thinking will reveal by simple maths.

It’s cynically called by some a “K shaped economy”,

https://www.npr.org/2025/12/31/nx-s1-5660842/what-is-a-k-shaped-economy

Because there are two trajectories. and just about every one who will ever read this is on the descending limb to rent seeking induced destitution and abject poverty. As was once said at Davos “You will not own anything”.

Which means the K-Shaped Economy is just another “cover it up” as the “real balance” is with tangible assets being transferred from those on the bottom limb to those on the top limb. And like all things in life if you live by emptying the cookie jar at some point it’s going to be empty and you starve and loose both choice and freedom if not life.

The Venezuelan “issue” is because they do not want to buy into the “American Man’s way” dream that Kippling exhorted the Americans to “pick up” over the Philippines back in 1899, and we can see how that did not work out well today.

It’s clear to anyone who can see and think that those boats being sunk are not full of Fent@@@ but Coca@@@. The lie of Fent@@@ was tried on Canada by the “ill wind that blows” Trumpeta and was soundly rebuked.

It’s actually been known since before 2019 that Fent@@@ comes in from Mexico where it is manufactured on mass much as Syria was doing. But it makes a great excuse for starting the death of tens if not hundreds of thousands for grabbing resources very cheaply.

And I’ve explained in the past why there is the demand for Fent@@@, and in short it’s the real side of the “American Dream” hoey-bunkum that can only happen untill everything is bought up by the few by their criminal behaviour then rented out. Thus re-establishing the King, Church, Baron, serfdom three estates model of the Medieval period.

All that said, I do wish most people both peace in their hearts and minds, and peace in their lives to live modestly and without fear and be able to secure sustainable futures for their loved ones.

Whilst I don’t believe in the con-game of deities that support the King Game, I do believe that in general mankind can improve it’s lot and be become better than it was thus share in a better future for all not just the very few. However there is a price that has to be paid by all and that is by taking social responsibility for society not leaving it to what has become a corrupt hierarchy propped up by authoritarian follower guard labour.

Read Cory Doctorow’s 393c talk he gave just a week ago that I gave a link to,
https://pluralistic.net/2026/01/01/39c3/#the-new-coalition

Or you can now listen/watch,

https://craphound.com/news/2026/01/01/the-post-american-internet-39c3-hamburg-dec-28/

Because it describes a simple step that can put a spoke in the wheel of Enshitification that is created by solipsistic managed Corps not just into the ruination of the Internet, but modern life that has become so badly entangled with it and the almost inevitable downward spiral that is following.

There is however a downside in that it will need some form of balkanization, not just of the Internet but technology in general. Look on it as how surgery cuts out that which is bad and growing at the expense of the good, to protect what is good whilst it still can be.

Interestingly it looks like Canada has already realised this and is acting in that direction.

Clive Robinson • January 4, 2026 5:21 AM

@ ResearcherZero, ALL,

With regards,

“Under international and U.S. law, the Trump administration’s actions, the incursion into Venezuela and the capture and rendition of the Maduros, are blatantly illegal and criminal.”

Serious as that is, it’s not in the list of real issues that concerns me.

The issue top of the list is,

1, Might is right.

That is the belief that if you have “the power” then you can do anything you want. In the “King Game” this is known as “Divine Right” and it’s killed more people than any other human failing known.

As such views are held and acted upon by those who are abnormal mentally you can seriously say that,

“The lunatics are running the asylum.”

And this can only end one way which brings me onto the second bullet point on the list

2, Sets precedent.

This is a failing the US has made and still makes over and over since the end of WWII.

What is to stop another country grabbing Trump or his wife or other members of his family and “hanging him from the yard arm?” By international “common sense” and “collective defence” it was seen that certain actions should not be taken. One of which is that “Heads of State” and their families should not be taken, imprisoned, executed, or assassinated. But the US has repeatedly done such acts for short term political gain and created far more long term problems not just for themselves but others.

3, Dictatorship by Exceptionalism.

The US is increasingly saying that it’s “wants” should be global but nobody else should have the same rights or the right to say no.

It’s a form of solipsism that is rather more than egotism and it is exceptionally harmful, not just to others but US citizens as well.

I could go on with the list but the reality is for short term politics the US Executive have blessed the lunacy of Corporatism. This action has never been about what the US Executive claims, but about unlawfully “grabbing resources” and similar as “pay-off”.

It will not benefit the majority of US citizens as any “gain” will stay “off shore” and actually act against US citizens interests thus be a “clear harm” to them.

I’ve made warnings about this sort of thing since the 1990’s and on this blog since it’s existed. The fact it’s all been “logically predictable” to so few people is actually quite shocking.

Just remember I’ve made predictions about the US fomenting war against China and Iran for nearly as long and if people care to look they will see that the notion of “boiling the frog” applies… And yes we are heading down that road where the destination is kinetic disaster of global proportions.

Do the people of the US want crosses painted on their children and grandchildren’s backs, and for them to be used as “food for the cannons?”

If you remember back the US Executive has been saying that Europe needs to spend 400-500% more on “defence” on the pretext that Russia will invade. It appears reasonable, untill you step back and look at it from the view point that it actually means

“You will give it to the US to build up it’s pre-global conflict MIC development”

That is the US does not have the manufacturing capability currently to “go to significant conflict”. It needs to build up the “industrial” side of the MIC which it can not afford to do. As the Corps have killed “manufacturing” in the US and “off shored” not just the money but skills and other necessary capabilities. So the idea is make other countries pay for the US to get it back first then it can start global conflict.

But also consider that US legislation has made it so that all US Manufactured items must have the equivalent of “kill switches” built in… (It’s most likely why the lights went out in Caracas).

Thus using US weapons for defence is not actually giving “sovereign security” it’s surrender to short term thinking of US political whims and solipsism…

Clive Robinson • January 4, 2026 6:58 PM

Part 6,

Because the honest,

“Of course not…”

Is not going to be admitted to even though simple logic tells why there is not a chance of that happening…
It’s for two basic reasons that are actually the two faces of the same coin,

1, Basic economic supply and demand.
2, Because it’s “too useful”[1]

Even though it kills something approaching 100,000 Americans a year with around half being illegal Fentanyl and similar entirely manufactured and easily produced drugs. The nature of the actual drugs that kills US citizens is not easy to determine after death,

‘https://www.medcentral.com/meds/opioids/fentanyl-separating-fact-fiction

Worse the likes of Fentynal, Fenetylline and similar is they are used as a filler in other “street drugs”… So if you think you are getting one thing, your are actually getting an unknown cocktail of synthetic drugs –made by very similar processes– all of which have varying complications and contra-indications. As the production processes are similar switching from manufacturing one to another is not difficult and thus cross contamination can easily result.

A true fact is the deaths save the US Federal and State Govs save vast amounts of money as those that end up dead do not live long enough to collect on pensions medicare and similar “expensive but obligatory” welfare. Thus allows vast profits to continue to flow into certain pockets.

The legal manufacture of the raw / feed stock of these drugs / fillers is being made in China and increasingly the worlds largest manufacturer of generics India. And legally exported by them not to the US but other nations where they get “lost in the system”…

[1] As I’ve indicated before the real problem is the way the US does “health care” it’s a money machine that provides unimaginable income to certain interests. Especially “pain relief” which should be treated in other ways not by just upping drug usage. But the illegal drug supply is a very useful shield to stop US citizens going after the “Health care crooks” because rather than have those who have been failed by the system killing themselves by suicide or worse they get pushed into the consumption of illegal drugs thus can be “victim blamed”.

[2] The evidence for Syria manufacturing Fenethylline and supplying into the Middle east is fairly conclusive. However their earlier supply of Fentynal to various countries is less direct and found not by “finished product” but by records of imports of raw / feed stock. The argument given by some is that Syria stopped supplying the “Americas” when the Mexicans started to undercut them (basic economics of “distance costs” which always makes local manufacture more profitable thus causes “markets to fracture” which is not what Corp/cartels want, thus getting “state intervention” in various ways). Others indicate the increasing difficulties due to “sanctions” bringing scrutiny on exports. Either way they apparently shifted from one to another.

Clive Robinson • January 5, 2026 6:22 AM

@ Bruce,

A couple of threads back you asked,

“Are We Ready to Be Governed by Artificial Intelligence?”

And the thread following it,

“Using AI-Generated Images to Get Refunds”

Now consider those in terms of how AI can spoof things… Then ask,

Are we ready to be owned by AI using generated faux-biometrics to get authentication and access?

I’ve warned in the past with all these “think of the children” nonsense biometrics that the systems have gaps in the chain between the meatbag and the decision process. Well I’ve yet to see a way to stop Current AI LLM&ML systems “filling the gap thus rendering what comes before it moot.

Almost the first thing those not with a sufficient technical background will say,

“But this will only be the case for remote biometrics not local biometrics.”

Thus arrive at the notion of using a token / dongle at the user end of the chain that communicates back via a cryptographic or similar “secured” communications path.

But a moments thought reveals that this just makes the gap at the user end where they can more easily exploit it.

Thus within a year or two at the most the “something you are” will be “dead and buried” as an authentication factor.

But think a little further and so to will be “something you have”.

Thus leaving “something you know” but that will fail for another reason…

The human memory is remarkably bad at accuracy it’s the price we payed tens of thousands of years ago for survivability. That is we don’t need to know in detail how a predator looks, to recognise a threat. We just need to recognise they way they behave when they are preparing to attack us.

The problem we have, with Current AI LLM&ML Systems is that they really don’t do “learning” in real time. Thus you can not use AI to defend against an offensive AI system.

We’ve seen this demonstrated with the endless cat and mouse games of “prompt attacks to jail break”.

As I’ve indicated before the LLM “Digital Neural Network”(DNN) is really a DSP “adaptive tuned filter” working with many dimensional layers of spectrums. In the likes of audio DSP systems the adaptive aspect can be made very close to “real time” but due to various issues not so for LLM DNN’s because of the way the ML component works. And if you think about it this is not something that is likely to change, the defending LLM is going to be a very long way behind the curve of the offensive LLM… That as the old adage puts it,

“The attacker only has to win once, the defender every time…”

Ordinarily you could “chain low reliability tests” to improve the odds of detecting an offensive move… But the human mind is so unreliable that such a strategy is going to over load it’s capabilities.

In effect we’ve lost or are about to loose the battle on the three main authentication factors, we just as an industry don’t realise it yet…

Clive Robinson • January 5, 2026 8:20 PM

@ ALL,

In the past I’ve pointed out that the “Digital Neural Network”(DNN) in an LLM is actually a very large “Digital Signal Processing”(DSP) filter. And that the ML makes it in effect “adaptable”.

I also mentioned that what it was filtering was “semantic layer spectrums” but did not really say what they were because there are not many easy to comprehend examples out there that are as “real world” as they could be. Also explaining ML as “chunking” to make “tokens/vectors in scope” is all a bit “airy fairy, up in the air, hand wavery”.

Well today I read a couple of articles that were both “real world” and relevant.

The first article is about an issue in the US legal system to explain why searching “case law” and similar is so expensive and actually an unlawful cartel. But in the telling of the story it does give a reasonable example of “semantic layers”,

https://www.thebignewsletter.com/p/gatekeepers-of-law-inside-the-westlaw

The second is about the issues to do with “ML Chunking” and highlights just some of what can be involved with getting it right,

https://minha.sh/posts/so,-you-want-to-chunk-really-fast

If you read them both then go back to the first again it makes the second even more clear.

Clive Robinson • January 6, 2026 9:46 AM

@ JG5

Re

“… how many of the fires involved foam materials.”

They are often not called “foam” or even cloth these days but “low density” or “high thermal insulating” or similar with an attached “R-Value”.

Thus the “R-Value” indirectly gives an approximation / indication of how lethal it is going to be to you…

I was actually shocked “by the news” of the revelers in that basement bar “Le Constellation” fire in the Swiss ski resort just a few days back. The report indicated they were more intent on getting footage on their mobile phones than hot-footing it out of there whilst they still could… If true or not it’s still a shocking thing to say. It’s been indicated that there are over 115 seriously injures some of whom who will be sent to other countries for treatment, and that one of the 40 dead is a 14year old local girl.

But more inexplicable and may be cause of the news report is that some of the dead actually took video of the fire with one video of the only set of stairs starting to burn then getting engulfed as others panicked trying to get up them.

It’s being reported that the owner who was from Corsica and had served time in prison, had halved the width of the only stairs out in DIY renovations made with wooden slats and acoustic materials in the ceiling not designed to be used that way. And that his wife was related to senior fire officials in the area and for some reason the bar had been very infrequently inspected for fire safety, and might not even have been fully inspected after the renovations.

Sometimes “your security” is best served by “basic situational awareness” and consideration of what “could happen”. As my father used to point out,

“The place to be when there is trouble is somewhere else.”

With the observation that using your eyes, ears, brain, and physical positioning would assist in that task by giving you both a “heads up” and importantly “time to act” and “get the heck out of Dodge”.

Clive Robinson • January 6, 2026 5:12 PM

@ Bruce, ALL,

You will love this new bit of law…

I wish the UK had the equivalent “send to bin or hell now” buttons for adds.

https://saigoneer.com/vietnam-news/28652-vienam-bans-unskippable-ads,-requires-skip-button-to-appear-after-5-seconds

I use Brave with javascript disabled so rarely see adds but the few I do I’d rather not see at all. Also I regard the bandwidth taken from me as “theft” so I see online adds as “criminal activity” regardless.

Yes I know a lot of peoples jobs and income “supposedly” are based on “add income”… but really, lets be honest now, most are actually being scammed by their employers just as much as the people who pay for the online ads in the first place are being scammed… The whole bit in between the company buying ads time and consumer eye balls is as crooked as heck and beyond. And would be regarded as a form of fraud if not for those oh so crooked lobbyists.

Clive Robinson • January 6, 2026 10:56 PM

@ Bruce, ALL,

And so it begins, in a factory far far away..

Looks like those pesky LLM&ML systems are going to be getting “agency this year. Wether it’s “free” agency or not could be a major hurdle,

Optimus Schmoptimus – Boston Dynamics’ humanoid robot is already in mass production

“Remember when Elon Musk predicted that there would be thousands of Optimus robots at Tesla factories by the end of 2025? Well, that didn’t happen, but competitor Boston Dynamics has just announced that its humanoid robot, Atlas, is going to the big time.

…

In addition to its planned Hyundai deployments this year, Boston Dynamics also announced a partnership with Google DeepMind at CES that will see the pair working out how to integrate Gemini Robotics AI foundation models into Atlas to, according to Boston Dynamics, “give the robot greater cognitive capabilities.”“

https://www.theregister.com/2026/01/06/boston_dynamics_atlas_production/

Wether to be delighted or horrified is something I guess only hindsight will determine…

Fun point some will remember that I said “giving AI ‘free’ Agency” to explore and learn about it’s environment was a prerequisite for the I in AI to actually having meaning in the meatbag sense.

So is the limb I’ve climbed out on looking shaky and possibly going to leave me “with egg on my face”?

Honestly I don’t know, but it’s a prediction I’m going to stick with on one condition,

1, They first fix the LLM memory problem.

It’s been shown that LLMs do not actually learn in the “long term memory sense” as they interact with a user or other external stimulus. That is the weights and biases in the DNN do not dynamically change.

So Current AI LLMs do not “learn by doing”. I’d kind of assumed it was a “relatively easy fix” issue they would have fixed effectively if not efficiently by now. But they have not so far, which technically it does not appear on the face of it to be difficult to do, just potentially time and money consuming, so “slow and expensive”.

So on the assumption they fix that issue fairly quickly, then personally I’m “cautiously curious” and,

“Wondering if they will need a “double tap to the head” like zombies, to stop them chowing down on you” 😉

Any way it’s a “crystal ball” notion and I could be shown to be wrong that “agency” is a key missing step to “actual I in AI”.

In which case you guys are going to have fun kicking my ass (all those jokes and so little time 😉

But seriously I’ve presented my reasoning, in the past… does anybody think I’m wrong about “Giving AI Agency” is a prerequisite for biological level Intelligence?

Clive Robinson • January 8, 2026 7:00 AM

@ Bruce, ALL,

European Capital power hit by claimed EcoTerorism

I’ve seen little of this in MSM outside of German reporting.

But what have been described as Left-wing Eco Terrorists have claimed they were responsible for destroying power cables out of a Gas Powered power station in Berlin, plunging something like 50,000 busineses, homes, education, hospital and emergancy service centers into not just winter darkness but well below zero temperatures.

The incident has also critically effected emergency services and other infrastructure causing flooding by raw sewerage backup into peoples homes etc. As well as inability to carry out maintenance / repair on emergency vehicles etc.

See more,

German prosecutors open terror probe into Berlin blackout

“German federal prosecutors on Tuesday said they had launched a terrorism investigation into an arson attack on high-voltage cables that triggered a power blackout affecting about 45,000 households in Berlin.

Prosecutors said they were probing Saturday’s attack on suspicion of “membership in a terrorist organization, sabotage, arson and disruption of public services.”

…

The attack was claimed online by a far-left extremist group calling itself Vulkangruppe, or Volcano Group, which said it was targeting “the fossil fuel economy” driving climate change.“

https://www.dw.com/en/german-prosecutors-open-terror-probe-into-berlin-blackout/a-75413616

Put simply a major design weakness was probably exploited that is a major security vulnerability found in many places in the world.

The weakness was that a bridge with public access had the main power station output cables “slung underneath” with little or no protection.

Thus all that was required was a fairly minor fire to destroy the cables.

The resulting blackout has been called the worst since WW II

Interestingly London UK learned the hard way from WWII that power cables that need to cross rivers, need to be in deep tunnels underground. Also from PIRA terrorism last Century that all access points to sub surface major infrastructure need properly secured access.

Unfortunately it took hundreds of “Cable theft by Land Rovers” to make people realise that even minor sub surface infrastructure needs access protection, something that is only very slowly progressing in the UK Capital.

As far as I’m aware “arson” has not been verified, so as with a major fire on the London Underground I have good cause to remember it might have been build up of wind blown or similar rubbish that then became ignited in some non deliberate way.

Also the fact a claim is made “supposedly by an extremist group” does not mean it came from the group, or that the group actually exists, or actually carried out an attack.

It’s very much in vogue at the moment for false claims to be made from the “supposed” most Powerful man in the world, the US President, all the way down to low intelligence shunned teens wanting to be noticed etc. Such is the state of societies currently.

Clive Robinson • January 8, 2026 10:44 AM

@ fib, ResearcherZero, lurker,

With regards,

“Sometimes it seems that those who do learn from history repeat it on purpose.”

There is a saying in the UK of,

“There’s only one way to crack a nut!”

Whilst it’s true, you have to apply sufficient pressure. And there are several ways to do that…

Of which the traditional smashing it with a rock as a primative hammer is the most uncontrolled, damaging, and wasteful way… It’s a way for all humans and quite a few primates to “put in the effort”…

When thinking about it, it always takes me back to a time when Arthur C. Clark and Stanley Kubrick stood and talked about the opening scene of 2001… Where they had primates kill their opposing tribe using the same principle. That of the hammering process on their skulls… To the tune of a waltz.

Brutal, thugish, bloody, and leathal, with that little rush and dance of victory and throwing the stick up in the air.

Whilst our technology has advanced many thousand fold since the mid 1960’s… our base nature has not changed for maybe 35-50 thousand years. And we pay for it every day.

My father used to wrly observe,

“The wheel goes around, the rut gets deeper, but each revolution still moves ahead all be it on a slightly different course.”

And that’s the problem… It’s the same issue we see with Current AI, things appear to change at the surface. But deep down it’s all just the same. No learning no moving forward, the same issues play out the same again and again. A form of recurrent madness or nightmare.

To quote a P.F.Slone song,

“You may leave here for four days in space,
But when you return it’s the same old place.
The pounding of the drum,
The pride and disgrace
Hate your next door neighbour,
But don’t forget to say grace.
And you tell me over and over and over again my friend, You don’t believe…”

And so “The Eve of Destruction” ever present plays out to the end.

What we realy need is actual humans, not narcissist politicians that don’t learn, and that just want to bicker and play juvenile one upmanship games, whilst strutting back and forth, crowing with less brains than a rooster in a coop, likewise destined for the chop.

Clive Robinson • January 9, 2026 7:41 AM

@ ALL,

AI Obsesed toilets at CES 2026

It’s some years since I was last at the Consumer Electronics Show in Vegas. But even in earlier times it was “fad obsessed” every year. The only hard part some years was working out “Which Fad”. There were ways you could tell mostly by finding the consumer product that should be the least appropriate to have electronics technology in it…

Apparently this year is no different with AI infested toilets talking to the cloud about well I guess your movements, or lack there of… If this reporting is factual, and trust me it very probably is.

<

blockquote>Tech that helps people outshone overhyped AI at CES 2026

Nobody really needs an AI toothbrush that sends their gums to the cloud.

“[T]his year vendors scrawled “AI-enabled” on all the kit they hope will find its way into your home – while airbrushing away its immaturity and downsides.

Attendees could therefore hear vendors spruik AI toothbrushes and AI toilets and promise to turn snapshots of your gums into health-enhancing insights – just don’t ask about privacy – and a plethora of apps that will use machines to better manage your life – and your elderly parents’ affairs, too.“

https://www.theregister.com/2026/01/09/ai_sideshow_ces_2026/

Maybe I’m getting old and jaded, or my tastes have become more rarefied with age, but it really sounds quite gruesome if not tedious like a teenage fright fest crashing into a wedding reception.

But the question arisses as to who it was really for this year?

A clue comes from

“Jensen Huang’s opening day keynote – were completely consumed by [AI projections]. After a 15-second pre-roll of some eye-popping video game scenes, NVIDIA’s CEO spoke for nearly two hours, said nothing about gaming, launched Vera Rubin silicon for AI training and inference, and framed it all as more relevant to financial analysts than the assembled press.”

Which in some ways smacks of desperation of having traversed the crest flat top, before the inevitable down slope and potential avalanche of doom.

As for what the journalist thought worthy of praise, it was the very very few products that might actually help those less fortunate,

“Those four products show us that tech can be more than just privacy invading, soul destroying, and enshittified experiences. We have amazing capabilities, and when they meet the right motives, beautiful things can happen. That’s the reason I keep coming back to CES: amidst all the dross and waste, there are always bright sparks doing remarkable things.”

I was once one of those “bright sparks” doing “remarkable things”[1] in robotics and AI back in the 1980’s it felt good to be alive back then…

[1] The journalist indicates that the robots on show at this CES had a common problem,

“ready for service as soon as they work out a few lingering issues, such as software, safety, and oh yeah, being able to grip things.

As I’ve mentioned before I’d worked out how to solve the “grip” issue back in the 1980’s after nearly having my head removed by a Puma in a lab that is now part of a University doing doctoral research work. It’s actually simple enough you just “reframe the issue” and the answer “drops out”. Leaving the real issue being making the sensors… But I also fixed the then software safety by combining an “Expert System” with “Fuzzy logic”, but then you could say I was motivated to keep my head on my shoulders 😉