The myth of neutrality

Imagine standing on the pavement, observing an injustice unfold. Perhaps a villain is performing egregiously bad deeds, or a bureaucrat is quietly rearranging paperwork in a way that ruins lives. You shrug. You mutter, “Not my circus, not my monkeys,” and continue scrolling through social media. This is the practical magic of neutrality: invisible, polite, and utterly useful if your goal is to help the oppressor. Desmond Tutu, who knew more than a little about elephants on mice, explained it in no uncertain terms: “If you are neutral in situations of injustice, you have chosen the side of the oppressor.” And just to make sure nobody missed the metaphor, he added: “If an elephant has its foot on the tail of a mouse and you say that you are neutral, the mouse will not appreciate your neutrality.” ...

September 29, 2025 · 5 min
A mysterious little package with eyes and hands, popping open to spill out tiny chaotic creatures labeled 'code', the witch nearby looking bemused, surreal and comical, illustrated in a whimsical Discworld style.

Talking code

Programming can be serious business, buffer overflows, privilege escalations, and command injections can ruin your day (or your server). But what if we let the code speak for itself? Imagine strcpy whispering, “I will politely overflow your stack”, or a rogue Python pickle.loads grinning, “I will happily instantiate whatever you smuggled in.” These literal translations are not only a chuckle for the seasoned security geek but also a cheeky reminder of why we need careful coding. They turn intimidating vulnerabilities into short, witty sentences that make you laugh, and maybe shiver a little. Dive in, enjoy the humour, and see old nemeses in a whole new light. ...

September 21, 2025 · 5 min

Europe’s hidden security debt

Europe likes to think it is safe and secure. In reality, much of its critical infrastructure is running on borrowed time. Old systems, fragmented responsibility, and perverse incentives have left a security debt that, if left unpaid, could affect millions of lives. Some sectors carry heavier debt than others, and the consequences of ignoring it grow by the day. Healthcare, energy, and transport carry the heaviest burdens. The patient-facing nightmare Hospitals and clinics are the most visible examples of this precarious state. Every day, lives depend on machines and systems conceived in a different era, when floppy disks were a mark of sophistication. Many hospitals run EHRs, imaging machines, and ICU monitors on unsupported systems, often unaware which devices are networked. Vendors supplying medical technology have rarely been held accountable for security, and procurement contracts tend to value cost or certification above protection against cyberattacks. ...

September 11, 2025 · 6 min
Granny Weatherwax, clad in a long, woven black dress and pointy hat, grasping the Sceptre of Omnicide

Governmental backdoors: skeleton keys and fairy tales

The trouble with governments and cryptography is that they keep mistaking mathematics for magic. In Ankh-Morpork, this was the sort of thinking that once led the Wizards of Unseen University to try and regulate gravity, on the grounds that it was “inconvenient.” It ended, inevitably, in bruises. In our world, the same logic has produced the noble invention of the “government backdoor.” A handy hole in the wall of your digital house, through which the Watch can come and go as it pleases. The Watch insists it will only use this hole to catch thieves and murderers. Unfortunately, thieves and murderers are rather good at using holes too. ...

September 9, 2025 · 5 min

The rise of neural ghosts and AI-driven hijacks

We are no longer in the age of the lone script kiddie lobbing pre-cooked exploits from their mum’s basement. What is emerging instead are neural ghosts, AI-powered entities capable of autonomously probing, adapting, and burrowing into networks. Think of them as digital fungi: self-replicating, invisible, and patient enough to live under your floorboards for years before fruiting. Proof-of-concepts like Neural Ghost and FungusFiber ISP hijacks already sketch what such systems can become: distributed, stealthy, and frighteningly persistent. ...

September 1, 2025 · 7 min

The slow death of the NVD

The US National Vulnerability Database has slipped from a dull but dependable piece of security plumbing into a sputtering liability. Enrichment of CVEs has stalled, backlogs have exploded, and defenders are left with raw identifiers instead of usable intelligence. This collapse is not accidental, it is the predictable result of political austerity, funding cuts, and a fixation on flashy science over unglamorous infrastructure. In other words, the pipes have burst while Washington debates whether water is really a priority. For security teams all over the world, the message is blunt: stop waiting for rescue. Diversify your sources, automate your own triage, build peer networks, and treat metadata as survival gear, not a luxury. ...

August 20, 2025 · 6 min

Psychological operations: understanding influence without the hype

Psychological operations, PSYOPs, are often painted as shadowy mind-control tools wielded by a secret cabal. Reality is less cinematic but far more interesting. PSYOPs are deliberate efforts to influence the beliefs, emotions, or behaviours of target audiences. They are planned, measurable, and bureaucratically codified, but that doesn’t make them benign, nor do they naturally uphold transparency or democratic norms. The US Department of Defense defines PSYOPs as operations “to convey selected information and indicators to foreign audiences to influence their emotions, motives, objective reasoning, and ultimately their behavior”. This definition is precise but neutral: it says what the practice is, not whether it is ethical. The challenge is recognising influence in action without falling into conspiracy or mystique. ...

August 20, 2025 · 7 min

Why professionals rarely start with 'what's needed' before choosing technology

In one corner, we have Demis Hassabis, CEO of DeepMind, telling The Guardian in 2024 that AI will be “10 times bigger than the Industrial Revolution.” Disruption is inevitable, he says, but humanity will adapt, as it always does. The challenge is simply to manage the turbulence. In the other corner, we have Joseph Weizenbaum, reflecting in the 1980s on his earlier work designing a banking system for processing physical cheques. It was an intricate, technically satisfying project. Only years later did it occur to him that no one had asked whether automating cheque processing at scale was socially desirable, or what knock-on effects it might have. “It never occurred to me to ask,” he admitted. ...

August 4, 2025 · 6 min
A hungry child sitting at a school desk made of circuit boards and screens, looking confused and isolated amid a background of headlines about poverty, underfunded schools, and rising military budgets

Thirty years of not listening to Joseph Weizenbaum

In 1991, The Tech at MIT published an interview with Joseph Weizenbaum, the computer scientist best known for creating ELIZA and later becoming one of the field’s sharpest internal critics. Speaking with Diana ben‑Aaron, he dissected the role of computers in education, their entanglement with the military, and the ethical evasions of scientists. Three decades later, his words are less a time capsule and more a mirror, the issues he named have not only persisted but mutated into modern forms, from AI hype cycles to tech‑military partnerships dressed up in start‑up chic. This post is a “then/now” rendering of that interview: his points in their original spirit, and how they look in the world of 2025. ...

August 3, 2025 · 7 min

Threat modelling for zero-day vulnerabilities

Threat modelling for zero-day vulnerabilities is a peculiar exercise in preparing for the unknowable. These are not the comfortable, catalogue‑ready bugs that live in CVE databases. These are the ones nobody, least of all the vendor, has seen fit to admit exist. They arrive without warning, without a patch, and with precisely zero days’ notice before being exploited. The task, therefore, is less about ticking boxes and more about building the sort of resilience that can withstand the unexpected without falling to pieces. ...

August 3, 2025 · 7 min