Security

Organisations invest heavily in procedures, certifications, and standards. Yet whether those investments deliver results depends on something far less tangible: human relationships. As organisations become more distributed and interdependent, seeing and strengthening these connections becomes critical to resilience. The hidden architecture of trust Without trust, perfectly drafted policies and shiny certificates become little more than beautifully formatted PDFs. In networks where multiple organisations or teams rely on each other to deliver quality services, trust determines whether processes work in practice or collapse under miscommunication. ...

When scenario planning practitioners and others speak of “looking forward”, they don’t mean prediction. Forecasting implies we know where we’re going, while scenario planning admits we do not. Looking forward is not clairvoyance, nor is it the worship of trend graphs. It is not about guessing which shiny technology or geopolitical shift will “win”. Like a single renewable technology or control system which will dominate the grid. That kind of forward-looking, the PowerPoint prophecy, breeds false certainty. ...

A developer pushes a feature. Security flags a missing TLS configuration. Operations scrambles to patch the database. Alerts multiply while emails ping insistently and no one knows who owns what. Technical pipelines are fine. The human side stutters. Miscommunication, conflicting priorities, and unspoken assumptions slow down response and occasionally create a small drama worthy of a sitcom. DevOps, Security, and Ops can be aligned by noticing patterns in how teams interact under stress, practising adaptive responses, and embedding relational awareness into everyday workflows. The goal is operational harmony without the motivational poster clichés or mandatory soft-skills seminars. ...

The internet is fundamentally broken. The question now is: what can we do? The answer is messy, expensive, and occasionally involves telling very powerful people that their business model is morally questionable. Accepting the obvious First, acknowledge the unpleasant truth: there is no quick fix. Security is not a feature to be bolted on after launch; it is a mindset, a discipline, and a budget item that competes poorly with shiny new apps and quarterly profits. Anyone promising a “secure internet in six months” is either deluded, lying, or hoping to sell you a consultancy package. Acceptance, at least, costs nothing. ...

Once upon a time, the internet was described as an “information superhighway”. In truth, it more closely resembles the back alley behind a funfair: noisy, sticky underfoot, and populated by people selling things you probably do not want but will end up buying anyway. It is not defendable in any serious sense, and the extraordinary thing is that everyone knows this but insists on behaving as if surprise breaches and collapses are acts of God rather than consequences of design. ...

Programming can be serious business, buffer overflows, privilege escalations, and command injections can ruin your day (or your server). But what if we let the code speak for itself? Imagine strcpy whispering, “I will politely overflow your stack”, or a rogue Python pickle.loads grinning, “I will happily instantiate whatever you smuggled in.” These literal translations are not only a chuckle for the seasoned security geek but also a cheeky reminder of why we need careful coding. They turn intimidating vulnerabilities into short, witty sentences that make you laugh, and maybe shiver a little. Dive in, enjoy the humour, and see old nemeses in a whole new light. ...

Europe likes to think it is safe and secure. In reality, much of its critical infrastructure is running on borrowed time. Old systems, fragmented responsibility, and perverse incentives have left a security debt that, if left unpaid, could affect millions of lives. Some sectors carry heavier debt than others, and the consequences of ignoring it grow by the day. Healthcare, energy, and transport carry the heaviest burdens. The patient-facing nightmare Hospitals and clinics are the most visible examples of this precarious state. Every day, lives depend on machines and systems conceived in a different era, when floppy disks were a mark of sophistication. Many hospitals run EHRs, imaging machines, and ICU monitors on unsupported systems, often unaware which devices are networked. Vendors supplying medical technology have rarely been held accountable for security, and procurement contracts tend to value cost or certification above protection against cyberattacks. ...

The trouble with governments and cryptography is that they keep mistaking mathematics for magic. In Ankh-Morpork, this was the sort of thinking that once led the Wizards of Unseen University to try and regulate gravity, on the grounds that it was “inconvenient.” It ended, inevitably, in bruises. In our world, the same logic has produced the noble invention of the “government backdoor.” A handy hole in the wall of your digital house, through which the Watch can come and go as it pleases. The Watch insists it will only use this hole to catch thieves and murderers. Unfortunately, thieves and murderers are rather good at using holes too. ...

The US National Vulnerability Database has slipped from a dull but dependable piece of security plumbing into a sputtering liability. Enrichment of CVEs has stalled, backlogs have exploded, and defenders are left with raw identifiers instead of usable intelligence. This collapse is not accidental, it is the predictable result of political austerity, funding cuts, and a fixation on flashy science over unglamorous infrastructure. In other words, the pipes have burst while Washington debates whether water is really a priority. For security teams all over the world, the message is blunt: stop waiting for rescue. Diversify your sources, automate your own triage, build peer networks, and treat metadata as survival gear, not a luxury. ...

You’ve spotted a cheap Android tablet or TV box online, taken by how cheap it looks, until you plug it in. Now, interred in its firmware, there’s malware. Not something you can remove, because it’s buried beneath the operating system. This is BadBox: a class of threats embedded in devices at the factory or during shipping. It isn’t just an app you can delete; it’s pre-installed, hidden in the firmware, and ready to phone home as soon as the device connects to the internet. ...