Comments
not important •
“Data is like garbage. You’d better know what you are going to do with it before you
collect it.” ~ Mark Twain
@ALL Have a good weekend!
Clive Robinson •
@ Bruce,
When you lookup “stellarator” on Wikipedia you get,
“It is one of many types of magnetic confinement fusion devices. The name “stellarator” refers to stars because fusion mostly occurs in stars such as the Sun.”
There is a little bit of irony there… Because “stars” achieve and maintain the conditions for “fusion” not by “magnetic confinement” but by the constriction effects of “gravity”.
The fun thing to note is that “magnetic confinement” has never achieved sustainable fusion.
Some think it never will because it is not stable. That is magnetic confinement is an external force that “pushes in”. Rather than gravity which is effectively an internal force that “pulls in” which is stable.
I suspect none of us reading this today will be around when sustainable stable fusion goes into commercial production of electricity or other way to efficiently transmit energy to the home etc.
So up there in the Unobtainium stakes along with AGI, Quantum Computing, World Peace and day trips to Mars 😉
lurker •
@Clive
When you lookup “stellarator” on Wikipedia you see –
pictures of star-shaped objects, surely difficult to contain magnetic fields within. And further irony, they should have known back then, that such magnetic containment as exists in the sun is unstable and leaks frequently, hurling blobs of solar material at us, causing pretty lights in the sky and comms and nav blackouts …
Clive Robinson •
@ Bruce, ALL,
Another attack on RAM secrets.
I suspect some remember the tales of times distant past when DRAM would get frozen with something quite cold. Such that the contents of memory could be read out.
Some called it a “Cold Boot” attack and the solution used was to store secrets in SRAM in the chip thus making it nearly impossible to get at.
Or so many thought… Welcome to a new attack “Volt Boot” that exploits design failings in “System on a Chip”(SoC) devices power busses. Or as the Communications of the ACM article,
Puts it,
“A Volt Boot attack leverages a vulnerability of on-chip volatile memories due to the physical separation common to modern system-on-chip power distribution networks.”
So another fun hardware exploit and it’s not even Xmas.
Put simply SRAM “being static” retains what is written to it as long as power is maintained to it in various ways.
As the article indicates “embedded systems” are vulnerable. This includes most Internet of Things”(IoT) and network infrastructure and edge devices.
However it will probably work against some “Smart Devices” such as Pads and Mobiles.
In the distant past I gave methods of protecting “root of trust” KeyMat by using evolving “data shadows” that should still work today.
Clive Robinson •
@ pattimichelle,
With regards,
“Heh. Humans cannot even safely handle fission tech.”
The way we currently do it is kind of,
1, Start a nuclear bomb
2, Get the heat in to a pressure cooker bomb
3, Vent off pressure into turbines
4, Hope that the turbines and generators they drive wont lock up or fly apart under changeable rotational forces.
What could possibly go wrong, with that?
That has not already happened one place or another…
Oh and why such power stations are only useful for,
“Constant base load that is resistive”
Which is so 20th century…
The problem being in our drive to being not wasteful this century our loads have become highly reactive and very variable.
Which can sort of be averaged out and power factor corrected if all the loads act as though they are independent within about five times the averaging time.
Even back last century that was not true, with very few entertainment channels on TV and radio and a National Sporting Event the load would go up and down like an express elevator. But it was possible for the skilled technicians in the National Grid to predictively act as part of the control loop and spin up and spin down for peak loads. Such as at half time when everyone put the kettle on…
The recent Iberian Peninsula Peninsular “black out” that took Spain, Portugal and quite a few other parts of Western Europe “off the European grid” is still a bit of a mystery…
Back last century the national grids got fast damping from “inertial load” from the “mechanical” rotational mass in the generators and turbines acting like a “fly wheel”.
Highly efficient Green power sources such as Solar has no moving parts so no mechanical storage for fast damping.
Thus you need less efficient wind or wave systems that do have mechanical storage, or you need something else.
Wind is very far from predictable enough to give grid sized fly wheel damping. And whilst wave is more predictable it has a cyclic pattern that does not match the human power requirement rhythm both domestic and industrial.
People talk of using chemical storage by “batteries” but it is actually “too slow” for peak load balancing, unless it is very local to the dynamic loads.
Which means shifting from a national grid for everything… To a backbone national grid for base load to regional and local grids and finally micro grids with distributed dynamic storage.
The problem with that is what happens under fault. With a national grid you in effect have a simple model of a central generator, distribution grid and distributed loads. Power flows in only one direction “out from the center”. Which makes “safety” easy to manage and preventing cascade failures in the range of “humanly possible”
As generation moves out from the center and across the distribution grid safety and load management becomes a whole lot more difficult and the system becomes increasingly fragile.
This requires “dynamic load managment” that needs “smart grids” to control the loads in your homes, office, factories etc.
The flip side is a “smart grid” as part of it’s primary working function has to be a “surveillance grid”…
We’ve seen this with power companies telling Sheriffs Dept’s that houses are “growing drugs” and thus “no knock raids” happen on domestic customers without any kind of proof (because they raise lots of money via fines).
We know from experience that “no knock raids” lead to “unlawful killings” by Police of entirely innocent people just trying to defend them selves from the failings of politicians and the guard labour they employ as law enforcement (which you might have noticed is becoming increasingly militarised).
With money/profit as the driver that can only move in one direction, and that is not good for anyone in the long or medium term.
It’s the unspoken side of “green power solutions” and politicians don’t want you thinking about the implication as they grab in the short term profits.
Nor for that matter do the power generators want you knowing because the more they can see into your home the more profit they can engineer from you (we know this will happen from the US health care model)…
Such engineering increases the fragility of the network and in turn brown outs and black outs and thus an increased “cast/class system” with all the historical meaning that carries with it… Oh and it can already be seen with US domestic communications supply with the likes of AT&T “engineering politicians for profit” via lobbying for subsidiaries and not doing the work etc. There is a name for it in the Far East and it translates as “Rice Bowl Culture” and a flip side of it “iron rice bowl” employment that is a form of socialist benefit system in disguise that causes massive entitlement and bureaucratic empire building.
We’ve seen this “rice bowl culture” and the resulting “cast system” in Texas where those on certain payment systems got treated very differently to people on other payment systems. When due to political and corporate mismanagement / greed the power grid failed.
In the past I’ve suggested people study the history of “Water Wars” and see how they will be the basic model of “Energy Wars” which are already being put in place in the middle east for the sake of the petro-dollar. Where “resource control” is a primary method of not just “Might is Right” political control we’ve seen with Russia under Putin but also how it moves forward into “ethnic cleansing” and eventually genocide, war, or both.
not important •
Does this look like a real woman? AI Vogue model raises concerns about beauty standards
https://www.bbc.com/news/articles/cgeqe084nn4o
=In the advert, an image generator is asked to create the most beautiful woman in the
world and produces virtually indistinguishable women who are young, thin and white, with
blonde hair and blue eyes. The images generated look similar to the Guess AI model.
Concern around unrealistic beauty standards and the damaging effects they can have is
nothing new. But unlike traditional airbrushing, which at least began with a real
person, these AI models are digitally created to look perfect, free from human flaws,
inconsistencies or uniqueness.=
Yeah, what is beauty? Symmetry + proportions and rare occurrence: blonde hair (natural) + blue eyes matching this criteria.
Clive Robinson •
@ not important,
With regards,
“what is beauty? Symmetry + proportions”
You might be surprised.
Testing has shown that people feel uncomfortable with pictures of people that have perfectly symmetrical faces. Some say they look like “mug-shots” or “passport photos” (implying they look criminal or ill).
It’s one of the reasons photographers and artists rarely do “full face on” and suggest people cant their heads slightly left or right, and tip backwards or forwards or they take the image from either above or below the center eye-line[1].
As for proportions this is still a subject of much research, but strangely for some to realise, it’s very much more women that rate by proportion than men (depending on who’s study you read).
[1] Being “overly tall” and with a double chin from a cycling accident that ripped my face back from the jaw when younger… I prefer to have an photos etc taken from “above” the eye line and “sitting”. Thus helping hide the results of the injury.
Robin •
@not important, @Clive, All:
“Beauty is in the eye of the beholder”
I fear that this is not a lesson drilled home to youngsters in the process of discovering themselves and their appeal to others. The AI images do not represent beauty to me but then I’m defintiely not in their target audience and in fact find the whole fashion/cosmetics industry rather obnoxious. “Delivering a dream … ” is one way of putting it but “undermining self worth for profit” is another.
And therein, perhaps, lies the link with Security: the use of artificial images to change how people think about themselves and others, with the objective of manipulating their behaviour (beyond their spending habits). Bit remote, though.
Winter •
@ not important, Clive
“what is beauty? Symmetry + proportions”
Indeed, this is what research shows. But, perfect is inherently unnatural. Still, it seems people prefer a horizontally mirrored face over it original.
There is one thing on a head that must not be perfectly symmetrical: the outer part of the two ears, the pinna. If they are perfectly symmetric, it seems to decrease sound localization.
Whatever the reason, human pinna are naturally asymmetrical.
‘https://alljournals.blog/ear-asymmetries/
not important •
Thank you for all respected bloggers responding to the post related to beauty.
Thank you Moderator for NOT deleting it 🙂
lurker •
In Japan many “public services” are operated by private companies for commercial reasons. But the Earthquake Early Warning system is run by the government throught the Japan Meteorological Agency using a network of dedicated seismometers. Now we have an advertising company who thinks its control of the mobile phone ecosystem can do the same job …
Sliver •
Hackers on Planet Earth (HOPE) In Person and Virtual Tickets Being Sold
Hackers on Planet Earth (HOPE) 16 is scheduled for August 15-17 2025. In Person as well as Virtual tickets are on sale now.
“The Hackers on Planet Earth (HOPE) conference series is a hacker convention sponsored by the security hacker magazine 2600”
#16 Talks so far!
For an example of past content, here is the page for HOPE XV “Talks” with recordings from 2014.
If you’re like me, you’re cheap and will just wait for the talks from #16 to (hopefully) drop at the site, but I thought I would post the information about this event anyway for those who may be interested.
Clive Robinson •
@ Bruce, ALL (in UK),
As some in the UK know the new UK faux child protection legislation has kicked in.
Well this site,
Might be of some amusement.
If you enter a valid UK “Post Code” in[1], it looks up your local “Member of Parliament”(MP) elected politician and gets their photograph. Which it uses to generate a fake driving license to use to do “age verification”
I’ve no idea if it actually works sufficiently well to pass some or all of the new web-site based age verification systems…
But the fact someone has created the site makes me smile.
[1] UK postal codes are in no way secret, but some people use them as a way to “authenticate people” which is about as dumb as you can get… If you want to find a valid post code type a house number and street name, railway station, or municipal building into DuckDuck and scroll down… Zoopla or other online estate agents will usually have the post code.
Try “4 St Pancras Way” (which is a hospital)
A look down will give you a post code of “NW1 0PE”
Drop that in and you get the UK Prime Minister (with apart from the name entirely bogus details).
Clive Robinson •
@ Bruce,
Not any IoT security fail causing an embarrassment with these toys…
“The connected sex toy platform Lovense is vulnerable to a zero-day flaw that allows an attacker to get access to a member’s email address simply by knowing their username, putting them at risk of doxxing and harassment.
Lovense is an interactive sex toy manufacturer, best known for producing app-controlled sex toys with names like the Lush, the Gush, and, perhaps most boldly, the Kraken. The company claims to have 20 million customers worldwide.”
Hmm, a “zero day” that,
“… stems from the interaction between Lovense’s XMPP chat system, used for communication between users, and the platform’s backend.”
And emits a users EMail address…
There are reasons a plenty why I don’t do EMail and this sort of “disclosure” is just one of very many.
The use of EMail as a form of authentication side channel has always been a bad idea.
As I’ve pointed out in the past “people have multiple roles” and they should in effect have a compleate ICT-Personality for each and every role.
However the Silicon Valley Mega-Corps appear to go out of their way to stop people doing this…
So the options are,
1, Live with the inevitable consequences.
2, Take what measures you can to mitigate.
3, Don’t play in a game you can never win.
I go for the third option, because from experience I know it’s the only way to avoid the first option…
The second option can be done, and I know people who do it, and I’ve helped some set it up. But it’s hard work to set up and very prone to easily made mistakes that,
“The internet never forgets…”
not important •
https://www.yahoo.com/news/articles/scientists-secretly-working-plan-test-185816508.html
=The concept, known as solar geoengineering, has proven incredibly controversial in the past, with critics arguing that we simply don’t know enough about the risks, including the environmental and societal impacts of tinkering with the climate. Proponents don’t necessarily disagree, but they say the situation is already so bad that we need to consider drastic action, even if there is the potential for immense risk.
Last year, blindsided city officials in Alameda, California, ordered scientists from the University of Washington to halt an unannounced experiment using a device that would inject cloud-brightening particles into the atmosphere, citing fears of unintended consequences.
Even huge swathes of the scientific community aren’t convinced that dimming the Sun is the answer, citing unknown knock-on risks that could make the cure worse than the disease.
Earlier this year, the UK’s Advanced Research and Invention Agency announced it would invest $60 million in five small climate-cooling research projects, including “marine cloud brightening” to make them reflect more sunlight, refreezing the Arctic by pumping seawater from below the ice to the surface, and investigating the idea of injecting natural mineral dust into the stratosphere.=
As I see it, there is global impact of such actions, so when technology applied beyond countries own territory and bad results take place, that could be considered as act of war with adequate response.
Clive Robinson •
The blow hard does not like wind power.
A story from both sides of The Pond,
https://www.bbc.co.uk/news/articles/c15l3knp4xyo
“Trump battled the plans through the Scottish courts, then appealed to the UK’s Supreme Court – but he was unable to stop the “monsters” from going ahead.”
And he lost at every stage even though he had been repeatedly warned there was no deal to be made.
“It clearly left him smarting and he’s not had a good word to say about wind power since.”
Even before he acquired the land he had been warned, but he apparently knew better…
He also made himself very unpopular not just in the immediate area but almost nation wide… So It would be fair to say that a lot of people in Scotland see him as something lower and less pleasant than something you might find at the bottom of an unclean toilet bowl.
Some have joked “He’s loosing his mind over windmills”[1] and further making him sound like a modern day “Don Quixote of La Mancha” who is “tilting at windmills”. Others more dryly remark that “At least Don Quixote had a mind to loose”.
Speaking of which, the Doh-gnarled has apparently,
“posted on Truth Social (with his trademark capital letters) that the UK should “incentivize the drillers, FAST”, and that there was a “VAST FORTUNE TO BE MADE” for the UK from the “treasure chest” of oil.”
Err no in fact the exact opposite. The oil up in scotland and gas in the North sea are very obviously running out and it won’t be very long before it’s nolonger economically viable. This has been well known since I was working “Off Shore” last century (which is why he was warned).
Wind on the other hand is one of Scotland’s greatest assets due to “location location location” and the extraction of power via wind and some wave is very much on the up and up.
If the Doh-gnarled’s investing advice were to be followed bankruptcy would surely be the inevitable result. Something I’m told he also has experience of as well as repeatedly being found against in court.
Can someone please take him home before he gets “Jimmied”[2]
[1] Perhaps it would be wise not to whistle the theme tune from the 1968
Steve McQueen film “The Thomas Crown Affair” within his earshot…
[2] Jimmied is a local term for getting head butted / nutted or worse that follows on from some one shouting “stich that Jimmy”.
Clive Robinson •
@ Bruce, All who like Crypto theory,
This might be of interest,
Quantum Scientists Have Built a New Math of Cryptography
Put simply they have come up with the basis of cryptography that will only run on Quantum Computers (if and when they exist).
https://www.quantamagazine.org/quantum-scientists-have-built-a-new-math-of-cryptography-20250725/
“In the 1980s, researchers proved that cryptography built atop one-way functions would ensure security for many different tasks. But decades later, they still aren’t certain that the [foundation] bedrock is strong enough to support [any tower you build on] it.”
A problem about classical NP-Problems that make “One Way Functions”(OWFs) I’ve mentioned before on this blog. Because a variation of OWFs are “trap-door functions” that have a secret shortcut. The thing about such tricks is the observation of,
“You can have noting of something, something can be unique, or there can be a multiplicity of something.”
You want “unique” not “multiplicity” and the line between is not yet drawn in the sand.
“Unfortunately, you can’t simply move your tower elsewhere. The tower’s foundation — one-way functions — can only sit on a bedrock of NP problems.
To build a tower on harder problems, cryptographers would need a new foundation that isn’t made of one-way functions. That seemed impossible until just a few years ago, when researchers realized that quantum physics could help.
“
And that’s where the interesting things start
“It started with a 2021 paper by a graduate student named William Kretschmer that drew attention to a strange problem about the properties of quantum systems. Researchers soon showed that Kretschmer’s problem could replace one-way functions as the foundation for a new tower of cryptographic protocols. The following year, Kretschmer and others proved that this alternative approach could work even without hard NP problems. Suddenly, it seemed like it might be possible to construct a cryptographic fortress that would be far sturdier.”
And ends with the observation of,
“Alas, you won’t be able to use Khurana and Tomer’s new approach to send secret messages any time soon. Despite recent progress, quantum computing technology is not yet mature enough to put their ideas into practice.”
not important •
https://www.yahoo.com/news/articles/secret-cia-program-sounds-conspiracy-133000406.html
=In the late 1950s, the CIA was obsessed with mind control—what it was, how to weaponize it, and how to keep it out of Soviet hands. But instead of toiling in the lab to find the answers, the agency went in a wildly different direction: renting a San Francisco
apartment, cloaking it in red velvet curtains, hiring sex workers, and secretly drugging men with LSD to see what secrets they might spill.
Andrew and John walk through how this bizarre project spun out of the CIA’s MKUltra
program, and how it quickly went from a high-stakes spy op into years-long frat party
fueled by taxpayer money, junk science, and virtually zero oversight.=
How itis possible to oversight those who have secret budget? Money spending is key for real oversight.
Clive Robinson •
not important,
“But instead of toiling in the lab to find the answers, the agency went in a wildly different direction”
Let me see 1950’s US intelligence agency debauchery,
1, Sex – check
2, Drugs – check
3, Rock and roll – to early.
Jokes aside, from things that have been said by some of the victims, there was a lot more to the highly illegal MKUltra Projects that we’ve yet to learn about “officially” if we ever do.
https://en.m.wikipedia.org/wiki/MKUltra
It’s said amongst other things MKUltra was in part responsible for the coining of the expression “Conspiracy Theory” as a way to discredit people as part of CoIntel Pro joint CIA / FBI projects.
Whilst much CIA documentation was destroyed, it’s known that “researchers notes” and similar in private sector organisations and held by individuals sub-contracted by the CIA survived the purging.
lurker •
When Bytedance (owners of Tiktok) moved global management and R&D abroad it was accused by Chinese of “de-Sinification.” When they start to ramp up their lobbying/graft in Washington they get the Not Invented Here cold shoulder.
” … data privacy always involves extensive entanglements and negotiations between corporate control and state intervention in platform governance.”
Whose head servant? TikTok’s conundrum between digital capitalism and states
‘https://doi.org/10.1080/17544750.2025.2528825
Clive Robinson •
@ Bruce, ALL,
Developers not feeling the vibe.
It would appear that AI popularity with developers is on a downward slope, in short they don’t trust it and it’s costing them time having to check in depth when they do use it.
Thus two results,
1, Increased costs.
2, Increased technical debt.
As indicated in,
Actually this is actually not surprising when you consider how Current AI LLMs and ML work.
Consider,
1, Tokenisation size.
2, Length of focus.
Tokenisation can act as a form of “compression function” but even so the width of the network puts a limit on the length that can be considered for “attention”.
People have already noticed with simple language Current AI LLMs realy only work upto a few sentences or short paragraph.
Now consider what the same sort of constraint would be with programs…
In short vibe programming will sort of work with maybe a page of code as a block provided it has a very clearly defined and easily testable interface.
Outside of that well…
But is that actually an issue?
Guidelines for safety critical code call for the same or less. And safety critical code is actually on the same basis as secure code.
Maybe it’s the programming style that has to change to “fit the vibe” if it’s going to be of actual use.
lurker •
All data ingestion, processing, and distribution from the Defense Meteorological Satellite Program by Fleet Numerical Meteorology and Oceanography Center was set to be permanently terminated as of June 30, 2025 due to a “significant cybersecurity risk.” [ … ] due to the short notice provided FNMOC now expects to continue to ingest and disseminate data until July 31, 2025.
https://www.ospo.noaa.gov/data/messages/2025/06/MSG_20250630_0345.html
Could the “significant cybersecurity risk” have anything to do with the data being used in collaborative research with Chinese geophysicists on the terrestrial magnetosphere?
‘https://agupubs.onlinelibrary.wiley.com/doi/full/10.1029/2025SW004435
Fun fact: a number of DSMP and similarly designed NOAA satellites have exploded in orbit near or after decommissioning due to battery overcharging.
ResearcherZero •
@Clive Robinson
The windmills Trump is moaning about are some 20km off-shore. Beyond his eyesight. XD
Beauty is indeed in the eye of the beholder. If you are planning on buying a house or anything else, then you are going to have to pay more if you live in America.
(This why one suspects the Fed left interest rates on hold. Inflation driven by tariffs.)
$2 Trillion hit to global GDP expected, along with deflation outside the U.S.
‘https://www.bloomberg.com/professional/insights/markets/trade-war-means-2-trillion-world-gdp-hit-global-outlook/
U.S. prices for electronics, furniture, food, energy and other goods continue to rise.
https://www.cbsnews.com/sacramento/news/pce-report-today-inflation-june-federal-reserve/
ResearcherZero •
@Clive Robinson
But, having not ever read a briefing, how could Trump ever see beyond first impressions?
Patriotism is the last refuge of a scoundrel.
Violence is the last refuge of the incompetent.
Syria, Sudan, Yemen, Haiti, Myanmar, North Korea, Iran, Ukraine, Israel-Palestine etc.
‘https://edition.cnn.com/2025/07/29/politics/trump-promises-gaza-ukraine-mcgurk-analysis
The U.S. has dismantled much of the capability it had to engage in strategic reasoning.
https://www.currentaffairs.org/news/a-lack-of-u.s.-diplomacy-is-destroying-the-worlds-security
… “how little we seemed to see, and even less appreciate, of the dramatic changes happening”
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.