Friday Squid Blogging: Giant Squid in the Star Trek Universe
Spock befriends a giant space squid in the comic Star Trek: Strange New Worlds: The Seeds of Salvation #5.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Posted on January 23, 2026 at 5:03 PM • 32 Comments
Red Dwarf did space squids first. Another first for those guys!
Oh, that’s where the end section of the video for The Darkness’s “I believe in a thing called love” comes from?
Do Microsoft have your BitLocker Key? Yup they probably do.
Apparently Microsoft have been handing over BitLocker keys to US Authorities even for those not resident or citizens of the US…
Surrender as a service: Microsoft unlocks BitLocker for feds
“The government case, which claims defendants in Guam fraudulently collected pandemic unemployment benefits, represents the first publicly known instance of Microsoft providing BitLocker keys, according to Forbes.
BitLocker is a Windows security system that can encrypt data on storage devices. It supports two modes: Device Encryption, a mode designed to simplify security, and BitLocker Drive Encryption, an advanced mode.“
https://www.theregister.com/2026/01/23/surrender_as_a_service_microsoft/
Microsoft are required to hand over keys by US Legislation if they have them… The obvious first question would be,
“But why would Microsoft have your BitLocker keys?”
Apparently it “Collects them” via it’s cloud service…
“For either mode, Microsoft “typically” backs up BitLocker keys to its servers when the service gets set up from an active Microsoft account. “If you use a Microsoft account, the BitLocker recovery key is typically attached to it, and you can access the recovery key online,” the company explains in its documentation.
The situation is similar for managed devices. “If you’re using a device that’s managed by your work or school, the BitLocker recovery key is typically backed up and managed by your organization’s IT department,” the company says.”
Which gives rise to the next logical security question,
“How do you stop Microsoft getting your encryption keys?”
“Microsoft provides the option to store keys elsewhere. Instead of selecting “Save to your Microsoft Account,” customers can “Save to a USB flash drive,” “Save to a file,” or “Print the recovery key.”
But customers are encouraged to entrust keys to Microsoft because as long as they have access to the account online, they can recover the keys, effectively making Redmond their digital doorman.”
The last time I set up a Microsoft OS on a system the use of a “Microsoft Account” was effectively “Mandated” and you were not given a warning or way out of key storage in Microsoft’s cloud…
The talk on bitlocker at 39C3 seemed to indicate that hardware attacks are out of scope, even though they assume the hardware is in the opponent’s possession. If you use the convenience featue of not having to enter the full bitlocker key, then things might not go well if your hardware is stolen by someone capable of modifying the hardware in order to capture the key released by the tpm during boot.
I wonder if we’ll eventually get a squid book from Bruce. I keep imagining a picture book for kids. Something educational for children and therapeutic for Bruce.
“How do you stop Microsoft getting your encryption keys?”
That might be very difficult, now or in the future, and even if it is possible, you might never be sure they don’t have it.
An application under their own like Veracrypt might better suit the needs of people who risk running foul of USA “law” enforcement, Trump, or his henchmen.[1]
However, using Windows or any MS application would be suspect here.
Europe has renewed interest in ramping up its tech independence.
In 2024 it spent $25 billion on infrastructure from the top five US cloud companies, 83% of the total European market.
“Our willingness is clearly to do everything we can to build European champions,” Macron said at the German digital-sovereignty summit. “This is just a refusal of being a vassal.”
“Many European entrepreneurs blame Europe’s plight on a risk-averse culture, fragmented market and onerous regulations. That is in large part why the EU is now trying to relax some of its digital rules, though progress has so far been slow.”
On Thursday the European Parliament passed a “technological sovereignty” resolution to favor and support European products and providers. President Macron is trying to help Mistral AI, one of Europe’s leading AI developers, secure big corporate customers.
Europe has renewed interest in ramping up its tech independence.
In 2024, it spent $25 billion on infrastructure from the top five US cloud companies, 83% of the total European market.
“Our willingness is clearly to do everything we can to build European champions, ” Macron said at the German digital-sovereignty summit. “This is just a refusal of being a vassal.”
“Many European entrepreneurs blame Europe’s plight on a risk-averse culture, fragmented market and onerous regulations. That is in large part why the EU is now trying to relax some of its digital rules, though progress has so far been slow.”
On Thursday, the European Parliament passed a “technological sovereignty” resolution to favor and support European products and providers. President Macron is trying to help Mistral AI, one of Europe’s leading AI developers, secure big corporate customers.
Peoplw born on Guam are United States’ ctizens, but while residing on the island they are poitically disenfranchised.[1] El Reg also notes that MS handed over keys to foreign LEOs for foreign purposes almost as often a it did for the US Feds.
Since security is a matter of trust, and MS has not earned sufficient of my trust, I would regard any establishment of keys while I am connected to MS infrastructure as already broken. Anyhow, regardles of how the keys are established, or where they are stored, the user is still putting their stuff on somebody else’s computer. Game Over Man.
[1] That is the wording used in Wikipedia as at 20240301. I see that the online version today has modified the wording to allow for the election of local governance. But the article still explains the status of Guam vis à vis the US, as being less than that of New Caledonia to France.
@KC
“Europe has renewed interest in ramping up its tech independence.”
Europe’s renewed focus on tech independence is less about innovation and more about risk management. Right now, the continent’s digital backbone is almost entirely dependent on U.S. cloud providers—83% of the European market is controlled by the top five American firms. That’s a centralization problem, and centralization is a security risk. A single geopolitical shift or access restriction could cascade into widespread operational failures across European industries.
President Macron’s call to build European champions—backed by initiatives like Mistral AI—reflects an understanding that resilience comes from diversity and local control. But Europe’s structural challenges—risk aversion, fragmented markets, and bureaucratic drag—remain obstacles to meaningful sovereignty. Passing resolutions in Brussels won’t change that overnight.
If Europe wants real digital sovereignty, it must think in terms of threat models, not just market share. That means investing in redundant, diverse infrastructure and open standards, while reducing single points of failure. Until then, Europe’s dependence on U.S. tech is not just an economic issue—it’s a systemic vulnerability.
“An application under their own like Veracrypt might better suit the needs of people who risk running foul of USA “law” enforcement, Trump, or his henchmen”
It’s an issue in the US from long before the current nut-bar executive.
Think back to the 100mile extension of the boarder zone, where nobody has “rights” that can not be ignored or in other ways abrogated.
But consider the case of when you are across the border zone, your rights are still not assured.
The “$5 Wrench” issue arises for all MFA local to you. And the non local ones rely on certain assumptions like “secure communications” that as Iran is currently demonstrating can be easily removed and as Pakistan and both China and Russia show can be a permanent issue…
It’s why untill recently I advised “go over the boarder naked” as far as technology is concerned, not even a dumb phone. But since C19 some countries nolonger allow entry if you don’t have a smart phone to download their persistent “malware” onto. And not having it with you continuously tracking you is a major crime.
The issue we all should have seen coming but mostly did not was that E2EE fails to “client side scanning”.
The only solution to Client Side Scanning is to take the “security end point” off of the “communications end point” device.
Something I pointed out about “secure messaging apps not being secure” which surprised many people including our host.
There are “solutions” to the issue but none of them are “both secure and convenient” or for that matter inconspicuous to even basic “street searches” that most “Guard Labour” are allowed to do even without “reasonable suspicion”… Think back to when there were Police announcing publicly that “Having two mobile phones was a sign of a terrorist and should be reported”… (The funny one was people “having a beard and carrying a back pack” etc should be reported, just before Xmas…). These are the sort of thing you would expect from “Ask an LLM” only they were not a thing back then. Proof if needed that “decision by committee” is “dumber than asking a pile of rocks”.
“Many European entrepreneurs blame Europe’s plight on a risk-averse culture, fragmented market and onerous regulations. That is in large part why the EU is now trying to relax some of its digital rules, though progress has so far been slow.”
The reason things are “slow” is DMCA 1201 and similar that all US Trade agreements insisted had a legislative equivalent of in the non US nation. As Cory Doctorow has pointed out at 39C3, “this was done under the threat of “punitive tariffs”.
But as Cory also noted we now have such tariffs, so there is nolonger a reason to keep the legislation…
But most governments are trimmed and cowed and appear frightened of “poking the ape”.
Which is why Cory specifically mentioned the commercial benefits of removing DMCA 1201 equivalence from national legislation…
I’ll enjoy learning more about the technologies that emerge. I wasn’t aware that Germany is using an open source alternative to Microsoft, called openDesk for public administration.
https://www.openproject.org/blog/digital-sovereignty-government-germany-opendesk/
https://www.yahoo.com/news/articles/arms-makers-fast-moving-war-135239168.html
Drone and ground robot makers said they’re designing their systems in ways that allow them to be easily updated.
They’re either modular, meaning parts can be swapped out, or designed so software changes are all that’s needed.
Instead, companies making aerial drones and ground robots told Business Insider that their focus is now on creating weapons that can be upgraded by simply changing parts or software rather than overhauling the whole system.
Designs are modular, like Lego pieces, with parts being easily swapped out as new mission demands arise. Increasingly, companies are turning to software-first designs for more convenient upgrades.
software is now playing a central role in adapting systems, whether for command-and-control integration or mission management.
“Software updates can be developed, tested, and deployed much more quickly, allowing lessons learned from the field to be integrated on shorter timescales,”
‘Chinese competitors include Alibaba’s Qwen and Moonshot’s Kimi, while TikTok owner ByteDance is also working on similar technology.
Pinterest Chief Technology Officer Matt Madrigal said the strength of these models is that they can be freely downloaded and customised by companies like his – which is not the case with the majority of models offered by US rivals like OpenAI, which makes ChatGPT.
Airbnb boss Brian Chesky told Bloomberg in October his company relied “a lot” on Alibaba’s Qwen to power its AI customer service agent.
He gave three simple reasons – it’s “very good”, “fast” and “cheap”.
Jeff Boudier, who builds products at the platform, said it is the cost factor that leads young start-ups to look at Chinese models over their US counterparts.
“If you look at the top trending models on Hugging Face – the ones that are most downloaded and liked by the community – typically, Chinese models from Chinese labs occupy many of the top 10 spots,” he told me.
Going into 2025, the consensus was despite billions of dollars being spent by US tech firms, Chinese companies were threatening to pull ahead.
“That’s not the story anymore,” Boudier said. “Now, the best model is an open-source model.”
A report published last month by Stanford University found Chinese AI models “seem to have caught up or even pulled ahead” of their global counterparts – both in terms of what they’re capable of, and how many people are using them.
The Stanford report also suggested China’s success in developing open-source models could be partly explained by government support.’
@ Bruce, where you aware that Linda Park the Technology Editor over at the New World Today Journal, has been shadowing some of your Friday Squid posts?
I think there are five or six since this one last year,
https://www.world-today-journal.com/new-squid-game-sneakers-friday-squid-blogging-updates/
It would appear she is quite a fan of finding security related meaning in them…
Which is more than many others have from past postings on the Friday Squid page.
I happen to like it from even the early days when @Nick P and myself tried to spice it up a little with jokes and only vaguely related to security items (the supposedly exploding plastic surgery implants on aircraft being just one of many).
I think all blogs should have an end of week wind down thread kind of like a “Dress Down Friday” for any one old enough to remember when they were first a thing.
As you obviously read the Squid Pages and attached thread,
Client Side Scanning and reporting in Maker Tools” on it’s way.
It would appear that Washington State and New York politicians are being “dumber than a rock” yet again…
By a friend who is a UK “Maker” who had seen this video,
Then a quick DuckDuck gave the following, from Hackaday,
Washington State Bill Seeks To Add Firearms Detection To 3D Printers
“Washington State’s House Bill 2321 is currently causing a bit of an uproar, as it seeks to add blocking technologies to 3D printers, in order to prevent them from printing “a firearm or illegal firearm parts”, as per the full text. by a sizeable number of House members, it’s currently in committee“
As the gentleman in the video points out if the manufacturer has to put it in for just one US state, they will put in all their products.
And like Apple’s botched Client Side Scanning for CSAM images etc it can and will be used for more than the laws currently stated objectives.
Thus you can be locked out of your printer and have the police descend on your home with a full SWAT Team an action that rarely goes without incidence such as psychological and physical harm and deaths, simply for trying to print or cut a simple mechanical part such as an “Inverted L latch” used in countless tools and other non Firearm devices. Think how many non Firearm devices have a hand grip and finger operated lever device, hair dryers and cycle handlebars are just two fairly obvious ones. Timing strobe lights, caulking tube, and hot melt dispensers are two very common tools… and so on.
But think how quickly such a system will be used by manufacturers to establish well over priced parts, simply because they claim what you are pronting/cutting out breaches their IP in some way that they won’t have to disclose (the proposed legislation is alleged to be “No Defence” so you are automatically guilty)…
“People born on Guam are United States’ citizens, but while residing on the island they are politically disenfranchised.”
If I’m correct in thinking that the US is a republic that supposedly has a democratic voting system for all it’s citizens… Then at best those born and living on Guam are not considered citizens by the republic’s supposedly democratic representatives.
So similar to Hawaii and similar “out posts of Empire” the US has (which won’t be a welcome status for those living in Greenland, Iceland, or even Canada).
“Feel the knee of oppression on your throat, but have no lawful ability to stop it suffocating you”.
It really sounds like it’s not a democracy to “be proud of” or that anyone else would want as it is not just discriminatory, it encodes a “cast system” in all areas of life, that reduces people native to the areas to the rank of “farm animal” for exploitation and profit…
“The talk on bitlocker at 39C3 seemed to indicate that hardware attacks are out of scope, even though they assume the hardware is in the opponent’s possession.”
I suspect the talk was just about “Keyboard and some external I/O access” of the “Evil Maid” variety.
The simple fact is that as their fourth demo indicated the BitLocker decrypt key is in memory somewhere so that all those files can be decrypted.
If you know the BitLocker encryption algorithm you can search for it in RAM and find as a minimum the “expanded key” but it’s highly likely that the key is also kept in RAM in it’s “user key” form as well.
A reverse engineering walk through of WinRe on your own machine would give you sufficient information to know either where it is or how difficult it will be to find.
Back last year a hardware demo was shown to attack “security enclaves” where the usually easily accessable RAM sockets could be used to access even Encrypted RAM due to the design compromise for speed of using a fast but insecure encryption/decryption process thus enabling you to walk through RAM…
So it can be done as long as the BitLocker keys are stored on the computer even if super-encrypted. Which they obviously are…
@Clive, ALL does anyone know how plausible this is
https://www.aljazeera.com/features/2026/1/26/the-discombobulator-did-us-use-secret-weapon-in-maduro-abduction
“The atmosphere is filled with tens of thousands of human-made objects that orbit Earth. When this extraterrestrial jetsam occasionally plunges through the atmosphere, it poses a risk to life, infrastructure and the environment.
In a new study, two scientists outlined a way to track space-debris crash sites and fallout zones using the sonic booms that occur when such objects streak through the atmosphere. Vibrations from the booms can be picked up by stations typically used to detect earthquakes, helping researchers calculate an object’s speed, trajectory and potential fallout zone.“
https://www.wsj.com/tech/ai/tracking-space-debris-using-sonic-booms-91f564f8?mod=tech_feat1_ai_pos3
Whilst it can not “predict” where or when debris is going to enter the atmosphere, it can provide enough information as to where it can be found using already existing “Earth quake/slip” networks.
Likewise although not said in the article, other acoustic networks like those the Ukraine has developed for detecting and triangulating drones, and various US cities have developed for “gun shot” detection.
Not many realise just how much energy is created by spacecraft that make a reentry into the atmosphere but in power terms it’s up in the many tens to hundreds of kW and it all has to go somewhere. For basic physics reasons –as with lightning– a significant chunk goes into super-heating air at greater than the speed of sound trapping much of that energy in a wave front that is if you get lucky with a camera visible as a shock wave radiating out axially from the ~17,000 descent path.
The fact that audio networks for detecting audio can be quite inexpensive they could easily be expanded to include both lightning and space debris touch down so that emergency services could be alerted in real time.
The Department of Defense has had a device in their possession for the last year. What Trump means though, could be something entirely different and entirely standard. Trump labels anything and everything as “never seen” or “never used” before and regularly makes outlandish claims. It could have been a concussion grenade or flash bang.
A device was seized from Russian agents nearly four decades ago and Naval Research had experimented with similar devices long before that. Although the CIA may publicly play dumb on the matter, they are very aware of the capabilities and use of such equipment by foreign adversaries in Western Countries. Sound and energy weapons are not science fiction.
Active Denial systems that employ sound have been tested by the DoD and Russia has long experimented with sound and energy weapons on unwitting civilians and officers abroad.
Rick Crawford has called for the recall of the flawed report that excused Russia of responsibility for multiple attacks which resulted in physical and neurological harm.
‘https://nypost.com/2026/01/26/us-news/house-intel-chair-demands-recall-of-flawed-report-saying-us-foes-didnt-cause-havana-syndrome/
The Pentagon obtained a device by conducting a covert operation to buy the equipment through a black market purchase. The device is believed it may be responsible for causing Havana Syndrome and has been in the possession of the Defense Department for the past year, allowing for the study of its functioning, its design and to carry out tests.
https://edition.cnn.com/2026/01/13/politics/havana-syndrome-device-pentagon-hsi
Although the Defense Department has been testing the device, the CIA has continued to claim the technology did not exist and has repeatedly denied that it has long known it existed. Given this predicament, any applicant making a claim would likely face an insurmountable challenge obtaining documentation of an event to prove an attack took place.
Long-held and detailed evidence documenting attacks in multiple locations over the last 40 years could easily be disclosed to describe the events without harming national security, or placing those who were attacked in danger. Hiding those events harms those affected, places others in danger, and continues to harm national security and gaslight the victims.
(Given the Russian devices were initially developed for eavesdropping, pretending the equipment does not exist places sensitive communications, electronics and people at risk.)
https://www.cbsnews.com/news/havana-syndrome-device-what-to-know/
The DoD imposed new policies requiring documentation and validation of an attack at a particular location and further review of compensation claims. Changes to eligibility and review of claims are particularly burdensome, and have now been hampered by a limited and inadequate time frame. Obtaining documentation and medical evidence from government departments is a difficult process, prolonged by bureaucracy and time spent waiting to receive the results of medical testing, following a complicated medical examination process. Getting government to acknowledge a known incident is difficult enough on its own.
‘https://media.defense.gov/2025/Jul/11/2003752338/-1/-1/0/PAYMENTS-UNDER-HELPING-AMERICAN-VICTIMS-AFFLICTED-NEUROLOGICAL-ATTACKS-ACT-2021.PDF
Lying and shifting the blame to avoid accountability.
(a criticism not limited to the United States but universal)
When politicians deceptively plead ignorance, or needlessly resort to the claim of secrecy as a legitimate act of authority, they undermine their moral and legal obligations and are no longer practicing democratic governance. Unwarranted secrecy cannot be penetrated to allow democratic function and hence suspends it. Especially when any claim of crisis has passed, or cannot be legitimately classed as crisis requiring total secrecy, yet secrecy and denial is still employed to avoid disclosure – this places lives at risk of harm.
Denying harm caused by foreign agents to serving officers and government employees who swore to protect their country is bad enough, denying attacks on unwitting civilians and children by a foreign power (despite documented evidence) and allowing it to continue is both vile and cruel. Such acts can only continue in the shadows when all levels of government fail to fulfill their obligations to the public. Their duty is to protect the public from such known and violent threats to public safety.
When such acts are extensively documented with credible evidence by law enforcement, it is inexcusable.
Be it United States, or Australian politicians who smugly sprook their commitment to “public security”.
‘https://www.cambridge.org/core/journals/review-of-politics/article/necessary-but-illegitimate-on-democracys-secrets/47D6E4B63FFBC05A8426BFC8D6911B4B
The refusal of transparency and the denial of the release or existence of documented evidence avoids scrutiny. The denial of a past or present threat, cannot always excuse the continued reliance on secrecy, to withhold documented evidence of malicious acts that were perpetrated against citizens from years (or decades) past. If such malign or violent acts were perpetrated by agents of a foreign power against a nation’s citizens, its political representatives cannot excuse total secrecy. Redactions and discretion exist for very good reason.
The excuse of secrecy for national security reasons has its limits when it needlessly places the public in danger. Undermining the legitimacy of the other party (or side), labeling them as enemies and unfaithfully laying all of the blame at their feet – is a betrayal of the privilege of representing the public – and a betrayal of the system that elected representatives swore an oath to protect. As they share responsibility, when politicians point fingers at one another, it is the ultimate act of hypocrisy. When politicians lie and pretend they do not share responsibility in withholding the truth from the public, to shift the blame to others is an even greater act of dishonesty. Especially when they knowingly withhold the truth for decades and continue to blame each other.
No human or politician is expected to be perfect, but repeatedly covering-up incidents of public harm to hide an initial failure or mistake, only perpetuates further harm. It allows those responsible for the malicious and aggregated behavior to escalate, widening the number of those harmed and severity of violence. (With the full knowledge of officials.)
https://news.uchicago.edu/big-brains-podcast-when-governments-share-their-secrets-and-when-they-dont
“The future of American democracy depends on how politicians, more than ordinary voters, behave.”
https://www.rochester.edu/newscenter/partisan-hostility-and-american-democracy-polarization-610522/
There was research carried out into sonic weapons in the UK back last century. It was done in Teddington SW london just a hop skip and a jump from the National Physics Laboratory.
I’ve talked about it when the H-Syndrome in the past.
Brain injuries are usually caused by a concussive energy source be it matter or energy, the trick is getting the coupling method right.
If you think about a boxing gloved fist a right hook or haymaker will land you flat out in one go, however a series of jabs to the side of the head will bring you down in stages by “knocking you silly”.
So if I hit your head with a pulse train of sonic or EM pulses of the right frequency and amplitude characteristics in the envelope down you will go… But you know kno about the US NFL and the players who’s personalities changed… This was due to brain damage that still can not be seen by medical scans just at autopsy. Modern FMRI can see change in function but not the actual damage. All the symptoms seen in NFL players have been seen in H-Syndrom sufferers which tends to point in the direction of energy pulse weapons.
What I can tell you is that sonic weapons I’ve had involvement with can be stopped by glass especially if double glazed (because they kind of act the same way a thermos flask does). So put glass doors at either end of an access corridor and once closed flick a switch and nobody is going to get from one end of the corridor to the other, but guards standing on the other side of the doors will only get a jangling in their teeth.
Then there is the issue of actively stimulating the nerves. The brain and central nervous system work at very low frequency, which just won’t propagate directly because of the wavelengths involved. However use two beams that will that also have a frequency difference at that frequency and you can walk fairly harmlessly through either beam. However be where they are together/cross and they mix nonlinearly on exposed skin and flesh and produce the difference frequency and directly stimulate the nerves causing extremities to behave apparently randomly, and the Central Nervous System to get overloaded, get the effective modulation right and it induces fits, cardiac arrhythmias and fairly quickly death because you can nolonger breath effectively or at all. This can work out to 250-300m, and be selective enough to pick out individuals in a loose crowd.
On another issue the weapons they call CHAMPS have much longer been called HERF weapons. Below around 10kW they tend to work by the heating effect, above that you get the equivalent of high voltage damage that takes out the silicon chips permanently rather than shut them down by over heating.
As for “carbon fiber” this is not something you want anywhere near you on a battle field or anywhere else. The resulting dust if it gets in your skin or eyes or lungs will cause you permanent harm… And again it’s hard to diagnose even if a cancer does happen to you.
As for EW weapons and the Russian defence systems… Well don’t forget that little event over at the East of Europe, many of the high tech Russian systems were abandoned or captured. It’s fairly certain US analysts would have been all over them… So no secrets there.
But consider US legislation, even “Guard Labour” are subject to “Weapons of Mass Destruction”(WMD) definitions and limitations. The US claim what theyvwere doing was “a policing action”… which caused the deaths of more than fifty people by a single weapon so a WMD under the US legal view point. So every one of those US personnel involved are International Terrorists subject not just to US laws but also International laws including “war crimes”…
As for the Discombobulate, remember when George Bush Junior used it the world ripped him for a fool / imbecile… It would appear it could be catching in GOP Puppet Presidents…
@ lurker
Very interesting. re: Medium, I was just exploring some of those network requests too,
“enterprise.js & recaptcha__en.js … are running in the background to ensure you are a human and not a bot trying to scrape the article or spam the site.”
As you observed there are a lot more scripts to explore 👍
NotebookLM is the only AI research tool I’m actually spending money on right now. I’m still trying to find a way to share some of the outputs. Its ‘Mind Map’ feature is nice for a creating an interactive branching outline, especially for large text files.
The other tool I really want to explore is Claude Code. I was reading an article about how people are using it. One dad vibe-coded a program to help sort his kids’ laundry. He taught the program what clothing belonged to which kid by taking pictures of each item. Then he could just show the computer camera an item of clothing and it would tell him which pile to put it into. I’m just thinking this might be better on a ‘play around’ computer 🙂
@Clive Robinson
“The atmosphere is filled with tens of thousands of human-made objects that orbit Earth.”
Shoot the messenger: I wouldn’t expect the current owner of the WSJ to pay enough for journalists who know where orbit is in relation to atmosphere …
Whatever lightning detector blitzortung[dot]org are using, it clearly showed the storm twinkling and fizzing that caused devastating flash floods in Texas July 2025, but could only pick up one of six strikes in two minutes here last week,
“One dad vibe-coded a program to help sort his kids’ laundry. He taught the program what clothing belonged to which kid by taking pictures”
What ever you do, do not copy this person and their behaviours or even look at their code if you fall under certain types of CSAM and harassment legislation…
Because there are various legislations with prohibitions of,
1, Tools for making or taking “intimate images or sounds”.
2, Possession or transmission of “intimate images or sounds”.
That are “no defense” legislation and “intimate” is left open for the prosecution to propose and the judge to dispose[1] not that they are likely to…
It is known that “one man” with an unwell child acted under the doctor’s directions took a photo of the rash/swelling and sent it via the Internet through a UK NHS portal and he was charged and taken into custody and then to court under such legislation and had to be found guilty because “No defence” under law was either open to him or he was informed by the judge permissable.
This is the problem with all such “catch all” legislation it’s draconian and unjust, because lets say you are in a public place with a public water feature and your children or somebody elses children are playing in it in their underwear as happens and is quite accepted by society.
However just pointing a camera in their direction for a “happy day family photo” even if you don’t press the shutter button automatically makes you guilty under UK legislation of possessing the tools or possession all be it briefly of CSAM or if it’s adults doing the same “revenge porn” (that’s not the legal term used because it’s worded so “broadly in scope”) on a digital camera, mobile phone, or anything capable of making an image that could be stored in it’s memory mutable (RAM etc) or otherwise as it’s “the making of the image” even if it’s accidental that is the crime with no defence.
As I said the image becomes a “no defence” crime not because the child is in it but because the fact it’s effectively labeled with an identifier for a living person thus it is now an “intimate image” that might be used to harass them in some way at some point…
If you think “this is mad” or similar then you would be right, it is, but unless people do something about it[1] then you accept the fact you are “complicit in making a police state” of where you are a citizen.
Such legislation that is overly broad in scope or used that way should be “nullified”[1] because it is never “in the public interest” for it to be used in this way and the judiciary should “nut up” and tell legislators, prosecutors, the “guard labour” and other agitators who pushed for it, it is never acceptable.
You will find a quote from “Blackstone’s on Law” creator William Blackstone of, in 1769 gave voice to what is now called “Blackstones Ratio” of
“The law holds that it is better that 10 guilty persons escape, than that 1 innocent suffer.”
That is an innocent person be convicted of a crime that has not been commited, or a crime that should not exist, or applied against “the public interest” of society.
[1] Actually there is an option for “jury nullification” but judges and others get very upset if you even know or talk about it which means “contempt legislation applies in their eyes”. See, “Art of Law” a UK Barrister’s channel and his “telling the judge to stick it” video,
I would say as there is no defence for “not knowing the law” and it’s about case law, every one who falls under “Traditional English Common law” systems –about 1/3rd of jurisdictions– every body in them should watch it and memorise it or read up on it and print it out and put it their pocket before they ever step into a court.
“Shoot the messenger: I wouldn’t expect the current owner of the WSJ to pay enough for journalists who know where orbit is in relation to atmosphere”
Actually all things that are thrown and many that are just knocked off another object are “technically in orbit” even though deep within the atmosphere (you can prove this for your self just using Pythagoras’ little right angle triangle to first come up with a “closed orbit” equation then derive from that a “ballistic equation” using the generalised force mass equation that Sir Isaac came up with.
Any high school maths and science student should be able to do it. I did it first when I was at school when trying to come up with a simple orbit simulator written in BASIC some half century ago to make a space game that went from earth orbit to lunar orbit then do a landing / crash and burn[1].
But have you considered who owns the WSJ, and why much of it is Paywalled?
And what relationship very very many of his “lackey journalists” have with space? And their “duty of care” not to make the boss look like a rambling imbecile (even though he did a good impersonation of it in front of the House of Commons Select Enquiry so he could commit perjury)
1, Write what you know you can prove with facts as it might go to court.
A new one that is added to the longer rule list is,
And commets made some time ago by @Winter and others came to mind so..
“Clive Robinson is known for his expertise in telecommunications security, particularly regarding vulnerabilities in protocols like SS7, which can be exploited for surveillance and attacks. He has been vocal about the inherent security risks in telecom systems, emphasizing that many features are designed to facilitate spying”
Clive Robinson is a notable figure in the telecommunications industry, particularly recognized for his insights on security risks associated with telecom protocols.
* Expertise: Robinson has been vocal about the vulnerabilities in telecommunications systems, especially regarding the SS7 protocol, which is crucial for mobile network operations.
* Security Risks: He argues that many security flaws in telecom systems are intentional, designed to facilitate surveillance by government and intelligence agencies. This has led to ongoing concerns about the integrity and security of communications.
* Company Involvement: Clive Robinson has been associated with Premier Telecom Contracts Limited, where he held a director position until his appointment was terminated.
* Publications: He has contributed to discussions and writings on the risks and security challenges in the telecommunications sector, emphasizing the need for better security measures.
Key Takeaways
Robinson’s work highlights the critical need for improved security protocols in telecommunications to protect against potential threats and vulnerabilities. His insights serve as a warning about the inherent risks in current telecom infrastructures.“
Might be wise to check with your own experience then and only then check the facts it gives in other ways…
[1] I still have it on “punched paper tape” (the one with “round holes not the faux “Square Holes In Tape”(5h1t) of the Hofstadter joke.
To add to that, I was a little freaked out thinking someone could vibecode a program that has access to their camera, filesystems, network, etc.
It’s wild though. These projects seem like, inordinately easy to make. The article mentioned other Claude Code creations too: a website for a documentary film, a trading simulator, a mobile app.
In this video (1:49 min) a technology columnist shares his vibecoding project.
Claude Code Made the Internet Fun Again
https://www.nytimes.com/video/podcasts/100000010658866/claude-code-made-the-internet-fun-again.html
Personally, I’m not quite ready to FAFO for $20 mo 🙂
That intellibot must be nibbling away at your camouflage net. A couple of years ago I had a brief glance, and found a dozen Clive Robinsons in London, all claiming to be directors of obscure companies.
“A couple of years ago I had a brief glance, and found a dozen Clive Robinsons in London,”
I’ve mentioned before that for what feels like an “uncommon name” that I’d actually met 5 “Clive Robinsons” in person apparently quite randomly, one being a Prof of Medicine at a London Teaching Hospital who resided within walking distance of me. Also that people often mistake me for people they know, and I had a friend who apparently looked sufficiently like me that the hotel Front Desk clerk gave us back our passports wrongly and going through an international flight nobody checking on passports or tickets picked up on it handing us back each others passports. I only discovered it on getting home and sorting out paper work. My friend had not checked the one he had at all, simply just “putting it away”.
As I’ve mentioned before if people whose job involves or it is in effect their whole job, to do traditional “face / form recognition” can get it wrong, why should I even remotely trust “eye witness evidence”?
But as I’ve also pointed out maybe we should also not trust automated “face / form” biometrics, because they get it so wrong as well with false positives and false negatives getting bad very very quickly as the matching database size gets larger. Hence on digging I found out it was known to criminals who stole peoples genuine ID Documents and sold them to look alikes as a black market business, hence “ID Shopping”.
I also found out it’s something Israel’s Government does with people who emigrate to Israel they are persuaded to relinquish their genuine old ID Documents which then get used by the likes of Mosad operatives. And remember they have the persons entire “back story” as well from the naturalization process, so passing “scrutiny” is simple and no “fake backstory” with all the difficulties involved has to be carried out.
A practice that came to light when a Mossad Death Squad botched up a hit in a hotel. But apparently the practice still goes on,
https://www.ynetnews.com/articles/0,7340,L-4188629,00.html.
But long ago now the UK under PM Tony Blair was desperate to push ID Cards –for what we now have evidence of– for strong “personal gain reasons”…
The first female Director General of UK internal security service MI5, Stella Rimmington made it fairly clear in a quote, that there is no way that ID Cards can be trusted.
All ID documents and Authentication systems fail for a reason I’ve stated before,
“You can not reliably link a non tangible “information object” to a “tangible physical object” in either direction, because there is always an exploitable gap in the translation process.”
It’s also why AI should not be used for so many things, because it will always be an “unreliable eye witness” no matter what proponents might claim.
But that “translation gap” applies in all such systems not just for biometrics[1] and is why the UK “Online Saftey Act”(OSA) will fail for it’s “Publicly Stated Reasons” every time[2].
But as always it’s not been properly thought through[3].
[1] The same issue exists in every supply chain as well, which is why there is so much crime that has moved there, and will increasingly do so[2]. Currently it includes one that is known as “carousel fraud” that is the size of a large European Nation GDP hence some call it the “Hidden 28th EU member”. Rather than me explain it you can read it described in a recent article,
https://vatit.com/blog/what-is-a-carousel-scheme-vat-carousel-fraud/
[2] But the politicians don’t care because the real reason why the UK OSA and similar in other countries exists is nothing to do with “identity” or “age” or “protecting children” they are just part of the “cover story” that is sold on the “if it bleeds it leads” principle. And the legislation relies on the “translation gap” failure, because it actually has two purposes… Firstly it’s a “revenue raising” scheme to get unpaid or avoided tax by overseas especially US Corporations back. And as such unlike import/export tariffs it’s something that scares US politicians and their backers because it’s more like “Gun Boat Diplomacy” what ever they do it’s going to hurt them in non negotiable ways by “stigmatisation” as crooks, criminals, and worse a lot worse[3]. Secondly it will cause “home grown” surveillance companies to form, and thus access to the “surveillance information” becomes available to the UK Government Agencies without the costs of gathering it…
[3] And as the law of “unexpected consequences” is likewise near universal, it will also kill off interest / trust in AI as an authentication tool as a side effect. Because you can not win an “arms race” against an always present and unstoppable and inexorable opponent that the “translation gap” creates. It will also create a “home grown” “Data Broker” market of almost unimaginable depth and accuracy individuals can not hide from in any kind of “life” where “online living” is part of. We already see this with mobile phone Broadband suppliers like Vodafone, that “grey list” many web sites and demand you give them a “credit card number” as the only way to gain access to any of the “grey list sites”. It also “stigmatises people as “naughty people” even though as an independent security researcher it hits me all the time…
Nihilist: You see, this is exactly what I mean. In 2026, we’ve reached the point where giving and receiving have become meaningless. Everything is a transaction, and we’re all just moving data, likes, and empty gestures around. Who’s the giver? Who’s the receiver? No one can tell anymore.
Believer: I disagree. The essence of giving has never been about recognition. Even if the world blurs the roles, the act of giving still has spiritual weight. When someone offers kindness, care, or even a digital message with genuine intent, they’re giving—and someone is receiving, even if it’s unseen.
Nihilist: But that’s just it. If you don’t know who receives, or if what you give is swallowed by the void, how can it matter? A gift that no one holds is just a gesture into nothingness. We’ve gamified generosity. Metrics replaced meaning.
Believer: Meaning isn’t dictated by visibility. Love, generosity, and faith work in hidden ways. Even if you never see the receiver, the giving nourishes the soul. And someone, somewhere, is touched by it—whether they acknowledge it or not.
Nihilist: Or maybe we just tell ourselves that to feel less hollow. We’ve built a world where giving and receiving are indistinguishable because nothing is truly owned, and nothing lasts.
Believer: Or maybe the confusion is a lesson—that real giving doesn’t cling to ownership. Perhaps losing track of who gives and who receives is the first step toward selfless love.
Believer: Sometimes those look the same, until you choose which meaning to live by. But in the blur of 2026, maybe the only thing that matters is trust—trust that no matter who gives or takes, some bonds remain secure. In a world where roles dissolve, security becomes the gift we give one another.
Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/
I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998. I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc. This personal website expresses the opinions of none of those organizations.