Security by delegation is not security. Outsourcing responsibility to vendors or third parties doesn’t eliminate risk—it just moves it to a place you can’t see as clearly. When organizations rely on assumptions that their partners, suppliers, or cloud providers are secure without independent verification, they effectively introduce blind spots into their risk model.

True security requires oversight, auditing, and accountability across the entire chain of trust. Delegation can be part of the operational model, but without validation and active management, it is simply wishful thinking.

---

Clive Robinson – January 3, 2026 2:19 PM

@ Winter,

Sadly for the last fifty or more years the game has been rigged against the ordinary person so “prosperity” cannot happen for the ordinary mortal.

But worse… This century the rigging has progressed to the point where the ordinary mortal cannot have “peace” either; it’s a continuous series of invoked “War on XXX” where a select few decide what XXX is and often it has no reality—it’s just a means to another end.

The idea being in part that the 1 % of the 1 % of the 1 % and their families will not get into any kinetic or similar conflict. So when ordinary mortals are pressed into service to die as cannon fodder, their estate/assets can be acquired for maybe 1 cent on the dollar or less to be “rented out” at way more than a dollar into the future, free from tax and lien.

Ordinary people are fobbed off by being told that it’s a “trickle‑down economy,” which is complete BS, as just a few moments of thinking will reveal by simple maths.

It’s cynically called by some a “K‑shaped economy,”

https://www.npr.org/2025/12/31/nx-s1-5660842/what-is-a-k-shaped-economy

Because there are two trajectories, and just about every one who will ever read this is on the descending limb to rent‑seeking‑induced destitution and abject poverty. As was once said at Davos, “You will not own anything.”

Which means the K‑shaped economy is just another “cover‑up” as the “real balance” is with tangible assets being transferred from those on the bottom limb to those on the top limb. And like all things in life, if you live by emptying the cookie jar, at some point it’s going to be empty and you starve and lose both choice and freedom.

The Venezuelan “issue” is because they do not want to buy into the “American Man’s way” dream that Kippling exhorted the Americans to “pick up” over the Philippines back in 1899, and we can see how that did not work out well today.

It’s clear to anyone who can see and think that those boats being sunk are not full of fentanyl but cocaine. The lie of fentanyl was tried on Canada by the “ill wind that blows” Trumpeta and was soundly rebuked.

It’s actually been known since before 2019 that fentanyl comes in from Mexico where it is manufactured en masse, much as Syria was doing. But it makes a great excuse for starting the death of tens, if not hundreds, of thousands for grabbing resources very cheaply.

I’ve explained in the past why there is demand for fentanyl, and in short it’s the real side of the “American Dream” hokum that can only happen until everything is bought up by the few through criminal behaviour, then rented out—re‑establishing the king, church, baron, serfdom three‑estates model of the medieval period.

All that said, I do wish most people both peace in their hearts and minds, and peace in their lives to live modestly and without fear and be able to secure sustainable futures for their loved ones.

Whilst I don’t believe in the con‑game of deities that support the king game, I do believe that, in general, mankind can improve its lot and become better than it was, thus sharing in a better future for all, not just the very few. However, there is a price that has to be paid by all: taking social responsibility for society rather than leaving it to a corrupt hierarchy propped up by authoritarian follower‑guard labour.

Read Cory Doctorow’s 39c talk he gave just a week ago (link below), or listen/watch the recording:

• https://pluralistic.net/2026/01/01/39c3/#the-new-coalition

• https://craphound.com/news/2026/01/01/the-post-american-internet-39c3-hamburg-dec-28/

Because it describes a simple step that can put a spoke in the wheel of “Enshitification” created by solipsistic, managed corps—not just into the ruination of the Internet, but modern life that has become so badly entangled with it and the almost inevitable downward spiral that follows.

There is, however, a downside: it will need some form of balkanization, not just of the Internet but technology in general. Look at it as surgery that cuts out the bad and growing at the expense of the good, to protect what is good while it still can be.

Interestingly, it looks like Canada has already realised this and is acting in that direction.

---

Clive Robinson – January 3, 2026 4:35 PM

@ Rontea, ALL,

With regards,

“True security requires oversight, auditing, and accountability across the entire chain of trust.”

A couple of things:

1. You left out the all‑important “skilled workers.”

2. All the talk of current AI LLM & ML systems doing it is complete nonsense, as I’ve been pointing out for a while. These AI systems cannot do “skilled” work; they can only “follow skilled” instructions. They don’t learn; they simply “shake the can” to fuzz up the product of skilled workers.

Secondly, as Cory Doctorow recently said about even moderately skilled workers,

“Your boss hates you.”

Managers, especially at senior levels, often do little more than “make work.” They know that if they don’t turn up, very little changes, and the organization carries on. But they also know that if skilled workers stop working, the organization stops functioning—sometimes rapidly. This scares senior management, making them desperate for skilled workers, which AI salespeople exploit.

The real threat from AI is to senior, unskilled management and to “old‑profession” jobs that are merely memorising facts, rules, and following them—tasks AI can do well if the inputs are correctly curated, which is a skilled‑worker job.

That’s why we see “vib coding” failing: AI can “sausage‑machine” cut code, but it needs a very skilled worker to make it secure, safe, reliable, and available when required.

Cory Doctorow also says,

“Software is a liability, not an asset.”

The value lies in the process carried out, not the software itself.

File‑format lock‑in remains a problem. Closed, proprietary formats create vendor lock‑in and forced upgrades. Open, plain‑text formats (CSV, etc.) avoid this.

In the early‑to‑mid‑1990s, “document processing” became a thing. Proprietary systems acted as databases of all organisational documents, linking them via searches on “information within.” The real barrier was the input file formats.

When I used two back‑end databases—one relational, the other a source‑control system—I designed them to take PostScript input (a high‑end print format then supported by desktop publishing, word processors, and fax software). This turned many non‑productive tasks into “push‑of‑a‑button” operations, dramatically increasing productivity at minimal cost.

Cracking the file‑format issue today still yields productivity gains. You can now use a private LLM & ML system to do for semantic content what desktop publishing did for visual content.

But this never replaces skilled workers; it only augments them.

---

zzx – January 3, 2026 6:27 PM

How the defence sector is battling a skills crisis

https://www.bbc.com/news/articles/clyd1lpp1lyo

‘Salary, career path, and job security all looked good, but ultimately a defence sector career “didn’t sit well” with him. “It’s one of those jobs where you don’t want anything you work on to be used.”

That unease about working on lethal technology is just one of many factors contributing to an ongoing skills gap in the defence sector. The gap could widen as the UK government—and many of its allies—look to boost defence spending amid an increasingly volatile geopolitical environment.

Earlier this year, the Ministry of Defence announced a £1 bn investment in AI‑powered battlefield systems and a new Cyber and Electromagnetic Command. But the military and its suppliers face fierce competition from technology firms for specialists in these areas.

---

Ismar – January 3, 2026 9:03 PM

It looks like there was a cyber component in the cutting of the power in Caracas:

“The lights of Caracas were largely turned off due to a certain expertise that we have.”

---

Clive Robinson – January 4, 2026 5:21 AM

@ ResearcherZero, ALL,

“Under international and U.S. law, the Trump administration’s actions, the incursion into Venezuela and the capture and rendition of the Maduros, are blatantly illegal and criminal.”

Serious as that is, it’s not the issue that concerns me most.

1. Might is right.

The belief that if you have “the power” you can do anything you want—what I call “Divine Right” in the “King Game”—has killed more people than any other human failing.

2. Sets precedent.

The U.S. repeatedly violates the norm that heads of state and their families should not be kidnapped, imprisoned, executed, or assassinated.

3. Dictatorship by exceptionalism.

The U.S. claims global rights while denying the same to others—a solipsistic, harmful stance that also harms U.S. citizens.

These actions are not about protecting U.S. interests; they are about unlawfully grabbing resources and paying off allies. The benefits stay offshore, while ordinary Americans see no gain.

I’ve warned about this since the 1990s. The pattern—fomenting war against China and Iran, “boiling the frog,” and using citizens as “cannon fodder”—continues.

Consider the U.S. push for Europe to spend 400‑500 % more on defence under the pretext of a Russian invasion. In reality, it’s a way to funnel money back to the U.S. defence industrial base, which lacks the manufacturing capacity for a major conflict and has outsourced much of its capability abroad.

Moreover, U.S. legislation now requires “kill switches” in all domestically manufactured items—likely why Caracas’s lights went out.

---

Clive Robinson – January 4, 2026 7:47 AM

@ Ismar, ALL,

You note that:

“It looks like there was a cyber component in the cutting of the power in Caracas.”

I’m fairly certain of it from basic logic.

Power generation is typically controlled by Industrial Control Systems (ICS) that connect via Windows‑based Remote Telemetry Units (RTUs) to a centralized SCADA system—often also Windows‑based. This architecture mirrors the Stuxnet attack.

Three things are almost certainly true:

1. The communications between ICS and SCADA were across the Internet.

2. Signing certificates were likely compromised.

3. A back‑door update from a supply‑chain compromise was deployed.

The U.S. learned a lot from Stuxnet; Russia has done similar attacks. Few nations treat this as a sovereignty issue and take basic cyber‑defence steps.

During the Gulf War, the U.S. used “smart munitions” with conductive carbon filaments to disable power grids—demonstrating that the capability exists.

---

ResearcherZero – January 4, 2026 8:07 AM

@ Clive Robinson, ALL

You’ve described, in part, the plot of The Manchurian Candidate. The transfer of wealth into a few private hands will increase enormously over the decade.

A group of Wall Street investors bet on regime change by buying Venezuelan debt. Pressure on the bonds drove demand up 101 %. Investors lobbied the White House to lift sanctions, snapping up $60 bn of bonds at cheap prices.

• https://www.ft.com/content/a8beec5e-0c3f-4fb7-8780-6eeaa6c0f1ab

• https://www.reuters.com/world/americas/venezuelas-billions-distressed-debt-who-is-line-collect-2025-12-19/

• https://www.ft.com/content/10a8a099-5719-42ce-a2eb-edc3045a632f

---

Clive Robinson – January 4, 2026 6:18 PM

@ ResearcherZero, ALL,

Part 1 – “A group of Wall Street investors took a big bet on regime change by purchasing Venezuelan debt.”

This is not the first time South American debt has been exploited. In another case, investors bought worthless paper, obtained a U.S. court order to claim the country’s dollar holdings in the Federal Reserve, and became extraordinarily wealthy while the population suffered extreme poverty.

---

Clive Robinson – January 4, 2026 6:58 PM

Part 6 – The “honest” claim that “of course not” is never admitted, even though simple logic shows otherwise.

Two basic reasons (two faces of the same coin):

1. Basic economic supply and demand.

2. The product is “too useful.”

Fentanyl‑related deaths kill roughly 100 000 Americans a year; half are illegal fentanyl or similar synthetics. The drugs are often used as fillers in other street drugs, leading to unknown cocktails and cross‑contamination.

The deaths save the U.S. federal and state governments money (pensions, Medicare, etc.), allowing profits to flow into certain pockets.

Legal feed‑stock for these drugs is produced in China and, increasingly, India, and exported to nations other than the U.S., where it “gets lost in the system.”

Notes

1. The U.S. health‑care system is a money‑machine that fuels the opioid crisis.

2. Syria’s manufacturing of fenethylline (and earlier fentanyl) for the Middle East is well‑documented; Mexican producers later undercut Syrian exports, shifting the market.

---

Clive Robinson – January 5, 2026 6:22 AM

@ Bruce,

You asked:

“Are we ready to be governed by artificial intelligence?”

And later:

“Using AI‑generated images to get refunds.”

Now consider:

Are we ready to be owned by AI using generated faux‑biometrics to get authentication and access?

Current AI LLM & ML systems can fill the gap between the human (“meatbag”) and the decision process, rendering the “something you are” factor obsolete. Even “something you have” (tokens/dongles) can be compromised at the user end.

Eventually, “something you know” (human memory) will also fail—our memory is unreliable by design.

AI LLMs do not truly learn in real time; they are essentially digital signal‑processing (DSP) adaptive filters. Defensive LLMs will always lag behind offensive ones:

“The attacker only has to win once; the defender every time.”

Chaining low‑reliability tests overloads the human mind, leaving us losing the battle on the three main authentication factors.

---

Clive Robinson – January 5, 2026 7:54 PM

Real‑world AI in the office

UK government trial of M365 Copilot finds no clear productivity boost

“AI tech shows promise writing emails or summarising meetings. Don’t bother with anything more complex. A UK government department’s three‑month trial of Microsoft’s M365 Copilot revealed no discernible gain in productivity—some tasks sped up, others slowed due to lower‑quality outputs.”

https://www.theregister.com/2025/09/04/m365_copilot_uk_government/

The trial used a non‑random sample of staff (not a gold‑standard double‑blind test).

Hallucinations were reported by 22 % of participants; 43 % said they did not see hallucinations; 11 % were unsure—leaving a quarter of participants “AWOL.”

An MIT survey found that 95 % of companies that collectively spent $35‑40 bn on generative AI had little to show for it.

Only about 1 in 10 “new‑brand products” based on existing commodities make it to market; 1 in 20 “completely new products” succeed—still slightly better than expected.

---

Clive Robinson – January 5, 2026 8:20 PM

Digital Neural Networks (DNN) as DSP filters

I’ve previously explained that an LLM’s DNN is a massive DSP filter, adaptable via machine learning.

Two recent articles illustrate real‑world relevance:

• Gatekeepers of law (Westlaw): https://www.thebignewsletter.com/p/gatekeepers-of-law-inside-the-westlaw

• ML chunking fast: https://minha.sh/posts/so,-you-want-to-chunk-really-fast

Reading both together clarifies the concepts.

---

ResearcherZero – January 5, 2026 11:58 PM

Algorithmic decision‑making is already negatively impacting policy.

• Post‑Cold‑War nuclear competition in Europe will increase: https://thebulletin.org/premium/2025-12/the-changing-nuclear-landscape-in-europe

• The Monroe Doctrine turned into U.S. imperialism: https://historyhowithappened.com/how-the-monroe-doctrine-turned-into-american-imperialism/

• American foreign‑policy regime‑change leads to failed states: https://lawliberty.org/the-use-and-abuse-of-american-foreign-policy-doctrines/

• Aid cuts and tariff increases weaken fragile nations: https://odi.org/en/insights/vulnerable-nations-on-the-brink-the-double-shock-of-aid-cuts-and-us-tariff-increases/

---

Clive Robinson – January 6, 2026 7:30 AM

@ ResearcherZero,

Regarding the “Doomsday Clock” Xmas/New Year message you linked: the author, Ms Bell, appears naive, ignores authoritarian psychology, and downplays economics. She also misstates the reduction in “physics packages” (from 70 000 to 13 000) while ignoring the increase in yield (kilotons → megatons).

Authoritarians seek power and eternal remembrance; history remembers the bad more than the good.

---

JG5 – January 6, 2026 7:43 AM

A version without the links that triggered moderation.

The “health‑care” topic slipped by before I could say anything useful—another symptom of failed government. I noted a clue at the intersection of Kaiser and Nixon, captured on tapes, which will be central to the debate over electricity and cost‑of‑living issues in the U.S.

• https://www.schneier.com/blog/archives/2023/02/friday-squid-blogging-squid-is-a-blockchain-thingy.html/#comment-417596

• https://www.schneier.com/blog/archives/2023/11/friday-squid-blogging-unpatched-vulnerabilities-in-the-squid-caching-proxy.html/#comment-428889

Fire safety has been discussed many times. “Those who do not learn from history are condemned, period.” – lurker

---

Clive Robinson – January 6, 2026 9:46 AM

@ JG5

Foam‑type insulation (low‑density, high‑thermal‑insulating, “R‑value”) can be lethal.

I was shocked by the fire at the basement bar “Le Constellation” in a Swiss ski resort: over 115 seriously injured, 40 dead (including a 14‑year‑old). Video showed patrons filming the fire instead of evacuating.

The owner, a former prisoner from Corsica, had halved the width of the only exit stairs during DIY renovations, and his wife was related to senior fire officials. The bar was infrequently inspected.

Basic situational awareness—using eyes, ears, brain, and positioning—can save lives. As my father said, “The place to be when there is trouble is somewhere else.”

---

Clive Robinson – January 6, 2026 11:16 AM

BGP anomalies during the Venezuela blackout

“When watching the situation in Venezuela unfold, the phrase ‘It was dark, the lights of Caracas were largely turned off due to a certain expertise that we have’ caught my attention.”

BGP (Border Gateway Protocol) is used by routers to determine data paths and is notoriously insecure. Public datasets collect BGP data.

Read more: https://loworbitsecurity.com/radar/radar16/

---

Clive Robinson – January 6, 2026 6:00 PM

Data‑diode design

• https://nelop.com/bespoke-data-diode-airgap/

• Discussed on Hacker News: https://news.ycombinator.com/item?id=46516117

Two questions to consider:

1. Why isn’t it technically “air‑gapped”?

2. Why is “air‑gapping” less desirable today than “energy‑gapping”?

---

Clive Robinson – January 6, 2026 10:56 PM

Boston Dynamics’ humanoid robot Atlas entering mass production

“Remember when Elon Musk predicted thousands of Optimus robots at Tesla factories by the end of 2025? That didn’t happen, but Boston Dynamics announced its humanoid robot Atlas is going to the big time. Hyundai will deploy it this year, and Boston Dynamics partnered with Google DeepMind at CES to integrate Gemini Robotics AI models, giving the robot greater cognitive capabilities.”

https://www.theregister.com/2026/01/06/boston_dynamics_atlas_production/

Whether we should be delighted or horrified remains to be seen.

---

lurker – January 7, 2026 1:07 AM

@ Clive Robinson, ALL – on giving AI “agency”

When humans start learning, they are small and fragile; their environments are carefully guarded. Tech‑bros lack similar protections for machines. Free‑rein learning is rare in humans and yields mixed results.

I used reverse‑image lookup on a music‑file artwork. DuckDuckGo’s AI‑assisted engines identified it as “sawn timber,” “gravel,” or an “RGB vertical test pattern.” TinEye correctly found 40 examples of the CD cover.

The AI likely suppressed the result due to a content‑warning threshold on skin tone.

---

KC – January 7, 2026 9:12 AM

Proxy voting with AI

JPMorgan’s unit, managing over $7 trillion in client assets, will use an internal AI‑powered platform called Proxy IQ to assist on U.S. company votes, replacing external proxy advisers.

• https://www.wsj.com/finance/banking/jpmorgan-cuts-all-ties-with-proxy-advisers-in-industry-first-78c43d5f

---

JG5 – January 7, 2026 3:44 PM

@ Clive – Yes, it was that Jacques Baud. Freedom of expression is a better fit for the squid topic. The European Charter guarantees freedom of thought and expression, similar to U.S. attacks on speech under Biden.

• https://www.schneier.com/blog/archives/2025/12/denmark-accuses-russia-of-conducting-two-cyberattacks.html/#comment-451057

Also see the attack on Putin’s residence (unknown perpetrators).

• https://larrycjohnson.substack.com/p/did-russia-just-send-a-message-to

Larry C. Johnson, Jan 07, 2026:

“On January 6, Russia launched three major missile strikes against U.S.-owned facilities in Ukraine…”

---