Legal Restrictions on Vulnerability Disclosure
Wednesday, November 19th, 2025 12:04 pm![[syndicated profile]](https://www.dreamwidth.org/img/silk/identity/feed.png){kind=small}
bruce_schneier_feedKendra Albert gave an excellent talk at USENIX Security this year, pointing out that the legal agreements surrounding vulnerability disclosure muzzle researchers while allowing companies to not fix the vulnerabilities—exactly the opposite of what the responsible disclosure movement of the early 2000s was supposed to prevent. This is the talk.
Thirty years ago, a debate raged over whether vulnerability disclosure was good for computer security. On one side, full disclosure advocates argued that software bugs weren’t getting fixed and wouldn’t get fixed if companies that made insecure software wasn’t called out publicly. On the other side, companies argued that full disclosure led to exploitation of unpatched vulnerabilities, especially if they were hard to fix. After blog posts, public debates, and countless mailing list flame wars, there emerged a compromise solution: coordinated vulnerability disclosure, where vulnerabilities were disclosed after a period of confidentiality where vendors can attempt to fix things. Although full disclosure fell out of fashion, disclosure won and security through obscurity lost. We’ve lived happily ever after since.
Or have we? The move towards paid bug bounties and the rise of platforms that manage bug bounty programs for security teams has changed the reality of disclosure significantly. In certain cases, these programs require agreement to contractual restrictions. Under the status quo, that means that software companies sometimes funnel vulnerabilities into bug bounty management platforms and then condition submission on confidentiality agreements that can prohibit researchers from ever sharing their findings.
In this talk, I’ll explain how confidentiality requirements for managed bug bounty programs restrict the ability of those who attempt to report vulnerabilities to share their findings publicly, compromising the bargain at the center of the CVD process. I’ll discuss what contract law can tell us about how and when these restrictions are enforceable, and more importantly, when they aren’t, providing advice to hackers around how to understand their legal rights when submitting. Finally, I’ll call upon platforms and companies to adapt their practices to be more in line with the original bargain of coordinated vulnerability disclosure, including by banning agreements that require non-disclosure.
And this is me from 2007, talking about “responsible disclosure”:
This was a good idea—and these days it’s normal procedure—but one that was possible only because full disclosure was the norm. And it remains a good idea only as long as full disclosure is the threat.
(no subject)
Wednesday, November 19th, 2025 05:59 amastronomypicofday_feed
What does the Milky Way look like in radio waves?
Iraq Reservoirs Plunge to Low Levels
Wednesday, November 19th, 2025 12:00 amearthobservatory_iod_feed
A multi-year drought has put extra strain on farmers and water managers in the Middle Eastern country.
The kingdom of heaven is within
Tuesday, November 18th, 2025 09:03 pmslacktivist_feedFree your mind and your ass will follow.
Where RLS Learnt Lallans.
Tuesday, November 18th, 2025 03:09 pmlanguagehat_feedJoel at Far Outliers is reading (and sharing excerpts from) Storyteller: The Life of Robert Louis Stevenson, by Leo Damrosch, and this post is obvious LH material:
Louis picked up much of his Lallans from a shepherd named John Todd, known as “Lang John” for his height, with whom he would tramp for hours in the hills while the sheep were grazing. “My friend the shepherd,” he said later, “speaks broad Scotch of the broadest, and often enough employs words that I do not understand myself.” Louis recalled Todd in an essay entitled “Pastoral”: “He laughed not very often, and when he did, with a sudden, loud haw-haw, hearty but somehow joyless, like an echo from a rock. His face was permanently set and coloured; ruddy and stiff with weathering; more like a picture than a face.”
But it was Todd’s eloquence that captivated Louis. “He spoke in the richest dialect of Scotch I ever heard, and this vocabulary he would handle like a master. I might count him with the best talkers, only that talking Scotch and talking English seem incomparable acts. He touched on nothing, at least, but he adorned it; when he narrated, the scene was before you.” Many of Louis’s original readers would have recognized a famous phrase that Samuel Johnson composed in Latin for his friend Oliver Goldsmith, Nihil tetegit quod non ornavit: “He touched nothing that he did not adorn.” The allusion is a beautiful tribute to the old shepherd, ranking his skill in language on a level with a writer of great distinction.
It was Todd, Louis said, who taught him to appreciate the spirit of the hills.
He it was that made it live for me, as the artist can make all things live. It was through him the simple strategy of massing sheep upon a snowy evening, with its attendant scampering of earnest, shaggy aides-de-camp, was an affair that I never wearied of seeing, and that I never weary of recalling to mind: the shadow of the night darkening on the hills, inscrutable black blots of snow shower moving here and there like night already come, huddles of yellow sheep and dartings of black dogs upon the snow, a bitter air that took you by the throat, unearthly harpings of the wind along the moors; and for centerpiece to all these features and influences, John winding up the brae [slope], keeping his captain’s eye upon all sides, and breaking, ever and again, into a spasm of bellowing that seemed to make the evening bleaker. It is thus that I still see him in my mind’s eye, perched on a hump of the declivity not far from Halkerside, his staff in airy flourish, his great voice taking hold upon the hills and echoing terror to the lowlands; I, meanwhile, standing somewhat back, until the fit should be over, and, with a pinch of snuff, my friend relapse into his easy, even conversation.
Though the shepherd’s casual talk might be “easy,” it was direct and to the point. In another essay Louis contrasted it with the conversational style in England, where “the contact of mind with mind [is] evaded as with terror. A Scottish peasant will talk more liberally out of his own experience. He will not put you by with conversational counters and small jests; he will give you the best of himself, like one interested in life and man’s chief end.”
Swanston people remembered that Todd used to say of Louis, “He is an awfu’ laddie for speirin’ questions about a’ thing, an’ whenever you turn your back, awa’ he gangs an’ writes it a’ doon.” A “speirin” questioner is prying and inquisitive. Years later some old-timers told a visitor the same thing. “Stevenson would dae naething but lie aboot the dykes. He wouldna wark. He was aye rinnin’ aboot wi’ lang Todd, amang the hills, getting him to tell a’ the stories he kent.” “Lang Todd” prompts one to wonder if John passed his nickname on to Long John Silver in Treasure Island.
RLS’s encomium on Lallans reminds me of Dorothy Richardson’s character Shatov on Russian, quoted in this post, and Russians have for a long time (at least since Karamzin) complained about the lack of “contact of mind with mind” in English conversation.
AI and Voter Engagement
Tuesday, November 18th, 2025 12:01 pmbruce_schneier_feedSocial media has been a familiar, even mundane, part of life for nearly two decades. It can be easy to forget it was not always that way.
In 2008, social media was just emerging into the mainstream. Facebook reached 100 million users that summer. And a singular candidate was integrating social media into his political campaign: Barack Obama. His campaign’s use of social media was so bracingly innovative, so impactful, that it was viewed by journalist David Talbot and others as the strategy that enabled the first term Senator to win the White House.
Over the past few years, a new technology has become mainstream: AI. But still, no candidate has unlocked AI’s potential to revolutionize political campaigns. Americans have three more years to wait before casting their ballots in another Presidential election, but we can look at the 2026 midterms and examples from around the globe for signs of how that breakthrough might occur.
How Obama Did It
Rereading the contemporaneous reflections of the New York Times’ late media critic, David Carr, on Obama’s campaign reminds us of just how new social media felt in 2008. Carr positions it within a now-familiar lineage of revolutionary communications technologies from newspapers to radio to television to the internet.
The Obama campaign and administration demonstrated that social media was different from those earlier communications technologies, including the pre-social internet. Yes, increasing numbers of voters were getting their news from the internet, and content about the then-Senator sometimes made a splash by going viral. But those were still broadcast communications: one voice reaching many. Obama found ways to connect voters to each other.
In describing what social media revolutionized in campaigning, Carr quotes campaign vendor Blue State Digital’s Thomas Gensemer: “People will continue to expect a conversation, a two-way relationship that is a give and take.”
The Obama team made some earnest efforts to realize this vision. His transition team launched change.gov, the website where the campaign collected a “Citizen’s Briefing Book” of public comment. Later, his administration built We the People, an online petitioning platform.
But the lasting legacy of Obama’s 2008 campaign, as political scientists Hahrie Han and Elizabeth McKenna chronicled, was pioneering online “relational organizing.” This technique enlisted individuals as organizers to activate their friends in a self-perpetuating web of relationships.
Perhaps because of the Obama campaign’s close association with the method, relational organizing has been touted repeatedly as the linchpin of Democratic campaigns: in 2020, 2024, and today. But research by non-partisan groups like Turnout Nation and right-aligned groups like the Center for Campaign Innovation has also empirically validated the effectiveness of the technique for inspiring voter turnout within connected groups.
The Facebook of 2008 worked well for relational organizing. It gave users tools to connect and promote ideas to the people they know: college classmates, neighbors, friends from work or church. But the nature of social networking has changed since then.
For the past decade, according to Pew Research, Facebook use has stalled and lagged behind YouTube, while Reddit and TikTok have surged. These platforms are less useful for relational organizing, at least in the traditional sense. YouTube is organized more like broadcast television, where content creators produce content disseminated on their own channels in a largely one-way communication to their fans. Reddit gathers users worldwide in forums (subreddits) organized primarily on topical interest. The endless feed of TikTok’s “For You” page disseminates engaging content with little ideological or social commonality. None of these platforms shares the essential feature of Facebook c. 2008: an organizational structure that emphasizes direct connection to people that users have direct social influence over.
AI and Relational Organizing
Ideas and messages might spread virally through modern social channels, but they are not where you convince your friends to show up at a campaign rally. Today’s platforms are spaces for political hobbyism, where you express your political feelings and see others express theirs.
Relational organizing works when one person’s action inspires others to do this same. That’s inherently a chain of human-to-human connection. If my AI assistant inspires your AI assistant, no human notices and one’s vote changes. But key steps in the human chain can be assisted by AI. Tell your phone’s AI assistant to craft a personal message to one friend—or a hundred—and it can do it.
So if a campaign hits you at the right time with the right message, they might persuade you to task your AI assistant to ask your friends to donate or volunteer. The result can be something more than a form letter; it could be automatically drafted based on the entirety of your email or text correspondence with that friend. It could include references to your discussions of recent events, or past campaigns, or shared personal experiences. It could sound as authentic as if you’d written it from the heart, but scaled to everyone in your address book.
Research suggests that AI can generate and perform written political messaging about as well as humans. AI will surely play a tactical role in the 2026 midterm campaigns, and some candidates may even use it for relational organizing in this way.
(Artificial) Identity Politics
For AI to be truly transformative of politics, it must change the way campaigns work. And we are starting to see that in the US.
The earliest uses of AI in American political campaigns are, to be polite, uninspiring. Candidates viewed them as just another tool to optimize an endless stream of email and text message appeals, to ramp up political vitriol, to harvest data on voters and donors, or merely as a stunt.
Of course, we have seen the rampant production and spread of AI-powered deepfakes and misinformation. This is already impacting the key 2026 Senate races, which are likely to attract hundreds of millions of dollars in financing. Roy Cooper, Democratic candidate for US Senate from North Carolina, and Abdul El-Sayed, Democratic candidate for Senate from Michigan, were both targeted by viral deepfake attacks in recent months. This may reflect a growing trend in Donald Trump’s Republican party in the use of AI-generated imagery to build up GOP candidates and assail the opposition.
And yet, in the global elections of 2024, AI was used more memetically than deceptively. So far, conservative and far right parties seem to have adopted this most aggressively. The ongoing rise of Germany’s far-right populist AfD party has been credited to its use of AI to generate nostalgic and evocative (and, to many, offensive) campaign images, videos, and music and, seemingly as a result, they have dominated TikTok. Because most social platforms’ algorithms are tuned to reward media that generates an emotional response, this counts as a double use of AI: to generate content and to manipulate its distribution.
AI can also be used to generate politically useful, though artificial, identities. These identities can fulfill different roles than humans in campaigning and governance because they have differentiated traits. They can’t be imprisoned for speaking out against the state, can be positioned (legitimately or not) as unsusceptible to bribery, and can be forced to show up when humans will not.
In Venezuela, journalists have turned to AI avatars—artificial newsreaders—to report anonymously on issues that would otherwise elicit government retaliation. Albania recently “appointed” an AI to a ministerial post responsible for procurement, claiming that it would be less vulnerable to bribery than a human. In Virginia, both in 2024 and again this year, candidates have used AI avatars as artificial stand-ins for opponents that refused to debate them.
And yet, none of these examples, whether positive or negative, pursue the promise of the Obama campaign: to make voter engagement a “two-way conversation” on a massive scale.
The closest so far to fulfilling that vision anywhere in the world may be Japan’s new political party, Team Mirai. It started in 2024, when an independent Tokyo gubernatorial candidate, Anno Takahiro, used an AI avatar on YouTube to respond to 8,600 constituent questions over a seventeen-day continuous livestream. He collated hundreds of comments on his campaign manifesto into a revised policy platform. While he didn’t win his race, he shot up to a fifth place finish among a record 56 candidates.
Anno was RECENTLY elected to the upper house of the federal legislature as the founder of a new party with a 100 day plan to bring his vision of a “public listening AI” to the whole country. In the early stages of that plan, they’ve invested their share of Japan’s 32 billion yen in party grants—public subsidies for political parties—to hire engineers building digital civic infrastructure for Japan. They’ve already created platforms to provide transparency for party expenditures, and to use AI to make legislation in the Diet easy, and are meeting with engineers from US-based Jigsaw Labs (a Google company) to learn from international examples of how AI can be used to power participatory democracy.
Team Mirai has yet to prove that it can get a second member elected to the Japanese Diet, let alone to win substantial power, but they’re innovating and demonstrating new ways of using AI to give people a way to participate in politics that we believe is likely to spread.
Organizing with AI
AI could be used in the US in similar ways. Following American federalism’s longstanding model of “laboratories of democracy,” we expect the most aggressive campaign innovation to happen at the state and local level.
D.C. Mayor Muriel Bowser is partnering with MIT and Stanford labs to use the AI-based tool deliberation.io to capture wide scale public feedback in city policymaking about AI. Her administration said that using AI in this process allows “the District to better solicit public input to ensure a broad range of perspectives, identify common ground, and cultivate solutions that align with the public interest.”
It remains to be seen how central this will become to Bowser’s expected re-election campaign in 2026, but the technology has legitimate potential to be a prominent part of a broader program to rebuild trust in government. This is a trail blazed by Taiwan a decade ago. The vTaiwan initiative showed how digital tools like Pol.is, which uses machine learning to make sense of real time constituent feedback, can scale participation in democratic processes and radically improve trust in government. Similar AI listening processes have been used in Kentucky, France, and Germany.
Even if campaigns like Bowser’s don’t adopt this kind of AI-facilitated listening and dialog, expect it to be an increasingly prominent part of American public debate. Through a partnership with Jigsaw, Scott Rasmussen’s Napolitan Institute will use AI to elicit and synthesize the views of at least five Americans from every Congressional district in a project called “We the People.” Timed to coincide with the country’s 250th anniversary in 2026, expect the results to be promoted during the heat of the midterm campaign and to stoke interest in this kind of AI-assisted political sensemaking.
In the year where we celebrate the American republic’s semiquincentennial and continue a decade-long debate about whether or not Donald Trump and the Republican party remade in his image is fighting for the interests of the working class, representation will be on the ballot in 2026. Midterm election candidates will look for any way they can get an edge. For all the risks it poses to democracy, AI presents a real opportunity, too, for politicians to engage voters en masse while factoring their input into their platform and message. Technology isn’t going to turn an uninspiring candidate into Barack Obama, but it gives any aspirant to office the capability to try to realize the promise that swept him into office.
This essay was written with Nathan E. Sanders, and originally appeared in The Fulcrum.
(no subject)
Tuesday, November 18th, 2025 06:37 amastronomypicofday_feed
What has happened to Comet Lemmon's tail?
Reservoirs Dwindle in South Texas
Monday, November 17th, 2025 04:39 pmearthobservatory_iod_feed
Drought in the Nueces River basin is reducing reservoir levels, leaving residents and industry in the Corpus Christi area facing water shortages.
Tippers Flew About.
Monday, November 17th, 2025 08:39 pmlanguagehat_feedI was reading Adam Gopnik’s New Yorker essay on child stars (archived) when I got to this passage:
The astonishing young actor known as Master Betty was the prototype of the species. An Irish boy with a stage father, Betty became a sensation in Belfast, at the start of the century, by playing adult roles, then conquered London, where he starred in “Hamlet”—the ironies of the “Players” scene must have been thick in the air—and “Richard III.” A genuine wonder, he was almost certainly one of Charles Dickens’s models for the “Infant Phenomenon” in the Crummles troupe of “Nicholas Nickleby.”
Betty’s story, remarkable as it is, has been told only once, by the acidly entertaining English historian Giles Playfair. Writing in the sixties, Playfair compared Betty to the newly minted Beatlemania, convinced that the new stars would fade as completely as the old. Yet Bettymania was the real thing. “He and Buonaparte now divide the world,” the artist James Northcote wrote to a friend after Betty’s London début. In Stockport, church bells rang to celebrate an extra performance; in Sheffield, “theatrical coaches” were dispatched from the Doncaster races to carry six eager passengers to see him. In Liverpool, the rush for seats was so great that, Playfair recounts, “hats, wigs, boots, and tippers flew about in all directions.”
I stopped reading right there, wondering what the hell “tippers” might be. I asked my wife, but she didn’t know. I googled around and got nothing useful. Finally I decided to find the original of the quote; it wasn’t easy, because it had been truncated without notice (shame!), but here it is, from Playfair’s The Prodigy: A Study of the Strange Life of Master Betty: “hats, wigs, boots, muffs, spencers and tippets, flew about in all directions.” Tippets! That word I was familiar with; a tippet is “A shoulder covering, typically the fur of a fox, with long ends that dangle in front,” and the word derives from Latin tapete ‘cloth (decorative, for use as carpet, wall hangings etc.).’ [Or perhaps not; see ktschwarz’s comment below.] So now you know, and we can join in lamenting the editing failure at the fabled magazine.
More Prompt||GTFO
Monday, November 17th, 2025 12:05 pmbruce_schneier_feedThe next three in this series on online events highlighting interesting uses of AI in cybersecurity are online: #4, #5, and #6. Well worth watching.
We’ll think of something funny when we write your epitaph
Monday, November 17th, 2025 09:18 amslacktivist_feedAny kind of heaven every body doesn't get in
Wont seem like a heaven to me
Wont seem like a heaven to me
(no subject)
Monday, November 17th, 2025 05:56 amastronomypicofday_feed
If this is Saturn, where are the rings?
Antarctic Sea Ice Saw Its Third-Lowest Maximum
Monday, November 17th, 2025 12:00 amearthobservatory_iod_feed
Sea ice around the southernmost continent hit one of its lowest seasonal highs since the start of the satellite record.
Estovers, Turbary, and Piscary.
Sunday, November 16th, 2025 01:53 pmlanguagehat_feedSome wonderful language in Peter Linebaugh’s CounterPunch review of Common People:
Common people used to be people of the commons. Leah Gordon & Stephen Ellcock with additional writing by Annabel Edwards, Common People: A Folk History of Land Rights, Enclosure and Resistance (Watkins: London 2025) explain this in such a lovely book. It brings together word and picture. Of the 240 pages there is scarcely an image-less page and no image without good speech quoted along with. I will say something about each but first overall on this the 500th anniversary of the German Peasants’ Revolt the book is introduced by images of Albrecht Dürer’s “Monument to the Vanquished Peasants.” […]
After this introduction we plunge right in to history and its dates, eight pages of clear timeline of enclosures and resistance. Here are the facts of the English class war between the Haves and the Have Nots. These facts form what E.P. Thompson would call “idioms” or “peculiarities of the English.” I looked up the word “idiom” in Fowler’s Dictionary of Modern English Usage and learned that it comes from a Greek word closely translated as “a manifestation of the peculiar” and Fowler explained that in the realm of speech this might refer to what is peculiar to the language of a people, the dialect of a district, or the vocabulary of a technique. The idiomatic exists alongside, though not against, abstract grammar. So it is with commoners and their powers of pasturage, estovers, turbary, pannage, piscary: all are idiomatic, that is, peculiar to language, district, and profession. Some might mistake the idiomatic with the incidental or trivial.
Look at the pictures of Crow Scaring, another of Twig Gathering, or Gleaners, or Leech Finders, or Acorn Knockers. We are invited to remember the world where Adam delved and Eve span. It is through them that we begin to find uncanny, magical, and spiritual relations. […]
The chapter on ‘Rural Rebels and Traditions’ begins with ten well-chosen illustrations with an emphasis on disguise, masking, cross-dressing, black face, fools, jesters, and mummers, and then a further two dozen photos and art of the resistance embedded in the deep folk history of opposition – the hobby horse, the straw bear, the sweep, Morris dancer, Jack-in-the-Green, oak apple day, the green man, mari lwyd, hoodening, the burryman. Like the Flora Britannica wonderfully described in Richard Mabey’s book of the same title, these popular forms are particular to place and peculiar to community life in the commons, “the granular minutiae of quotidian peasant activities.”
I have no nostalgia for the Old Ways and the life of the doughty peasantry, but I love granular minutiae and forgotten words. Thanks, Trevor!
As lagniappe, Pig-Cheer:
The good old Yorkshire custom of sending a present at pig-killing time to neighbours is in full life in Holderness. Holderness, however, differs somewhat from other parts of the country. In the neighbourhood of the city of York, for instance, it is always “pig-fry” which is sent—that is, a taste of liver, “leets” (or lungs), heart, etc., the whole neatly covered with a bit of the diaphragm. This part of the business also obtains in Holderness, but here there is an additional present sent later on. This second present consists of cooked, or at any rate prepared, articles, and generally includes a mince pie, a link or two of sausage, a bit of black-pudding, a “standin’ pie” (pork raised pie), with some times a bit of “chine.” The whole stock of articles sent, prepared or unprepared, is spoken of as “pig-cheer.” The liberality of the cottager on such occasions is very remarkable.
Click through to Laudator Temporis Acti for a photo.
Andromeda and Friends
Sunday, November 16th, 2025 06:19 amastronomypicofday_feed
Andromeda and Friends
Raddysh reaches in and pulls on Wood
Saturday, November 15th, 2025 07:35 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
musesfoolWhen I was a kid, the Italian bakery in my neighborhood had all the usual types of fancy butter cookies and pignoli and tricolor cookies etc. but they also had a selection of less fancy cookies - like sesame cookies and S cookies and anginetti etc., and what we used to call chocolate sprinkle cookies, which may have started out similarly to butter cookies but were sturdier/crumblier, piped in a swirl, and covered with chocolate sprinkles. That bakery closed a long, long time ago (though you can still get frozen pasta with their name on it at the supermarket), and I have been trying ever since to recreate those cookies, with little success.
Today I baked the butter cookies from the Dolci cookbook (pic), though I didn't bother with sandwiching them with jam, and instead added chocolate sprinkles, and 1/2 tsp almond extract in order to try to recreate the taste of those old cookies. They are pretty close! They might need to be slightly less sweet, and probably cook a couple of more minutes, but they're the closest I've come so far. Also, I had the correct piping tip AND you don't chill the dough until after you pipe the cookies so it's a much easier proposition all around.
I also made the King Arthur small batch focaccia, but it never rises as much as they say it should during proofing. Still rises nicely in the oven and tastes great though.
The timing all worked out really well, even though I didn't plan ahead. Sometimes I get lucky since timing is generally the hardest part of cooking for me.
Ha! The announcer was like, "low event hockey, with only 5 shots" and now the Blue Jackets are getting a penalty shot! Igor stopped it though.
*
Today I baked the butter cookies from the Dolci cookbook (pic), though I didn't bother with sandwiching them with jam, and instead added chocolate sprinkles, and 1/2 tsp almond extract in order to try to recreate the taste of those old cookies. They are pretty close! They might need to be slightly less sweet, and probably cook a couple of more minutes, but they're the closest I've come so far. Also, I had the correct piping tip AND you don't chill the dough until after you pipe the cookies so it's a much easier proposition all around.
I also made the King Arthur small batch focaccia, but it never rises as much as they say it should during proofing. Still rises nicely in the oven and tastes great though.
The timing all worked out really well, even though I didn't plan ahead. Sometimes I get lucky since timing is generally the hardest part of cooking for me.
Ha! The announcer was like, "low event hockey, with only 5 shots" and now the Blue Jackets are getting a penalty shot! Igor stopped it though.
*
How Literatures Begin: Chinese.
Saturday, November 15th, 2025 08:51 pmlanguagehat_feedHere’s the start of the first chapter in How Literatures Begin (see this post), “Chinese,” by Martin Kern:
To think about the beginning of Chinese literature raises a simple question: which beginning? The one in high antiquity? The one around 200 BCE, following the initial formation of the empire, when China’s “first poet” Qu Yuan (ca. 340–278 BCE) came into view as the model that has since been embraced by public intellectuals and literati for more than two millennia? The medieval period, from, roughly, the third through the ninth century, that gave us “classical Chinese poetry”? The early twentieth century with its conspicuous break with tradition and the promotion of modern, vernacular literature in response to both the collapse of the empire and the full experience of foreign—Japanese and “Western”—literature? Sometime in between, when particular genres came to flourish, such as Chinese theater and opera under Mongol rule (1279–1368) or the Chinese novel soon thereafter? All these are legitimate choices, some perhaps slightly more so than others. They can be based on language, literary forms, political institutions, exposure to the world beyond China, the concept of modernity, and other factors. What follows is an essay on antiquity: the time that is at once discontinuous with all later periods and yet its constant point of reference.
Mythologies of Writing and Orality For most ancient traditions, the modern notion of “literature” does not map well onto the nature, purposes, functions, aesthetics, and social practices involved in the creation and exchange of texts. In pre-imperial China, the term wen originated as broadly denoting “cultural patterns,” including those of textile ornament, musical melodies, the various formal aspects of ritual performances or any other aesthetic forms; it also was often used to refer to ancestors as “cultured” or “accomplished.” It was only over the course of the Han dynasty (202 BCE–220 CE) that the idea of “literature”—at that point just one of the many forms of aesthetic expression—was gradually privileged above all others to the extent that wen, together with its extension wenzhang (patterned brilliance), came to refer primarily to the well-developed written text. In other words, there was no early Chinese term for “literature” until wen, perhaps some fifteen centuries after its first appearance, began to be used primarily in that sense.
When labeled as wen or wenzhang, early Chinese texts comprise genres that we recognize as “poetry,” “prose,” or a combination of both, also including compositions in the service of political communication and administration. Cao Pi (187–226), the first emperor of the Wei dynasty (220–65) after the collapse of the Han, called wenzhang “the great business in organizing the state” and listed petitions and discussions, letters and discourses, inscriptions and dirges, and songs and poetic expositions as its principal genres—all of them as forms of public discourse. In short, the production and consumption of Chinese writing in antiquity—from its first evidence in the thirteenth century BCE well through the end of the Han dynasty in the third century CE—was always social and political. Whether in the service of the state or in opposition and deliberate distance to it, ancient Chinese literature was not regarded as a private or primarily personal affair. Early discussions of writing were devoted to cosmological, moral, and political concerns.
Literature (as opposed to utilitarian writing narrowly conceived) emerged first during the Western Zhou dynasty (ca. 1046–771 BCE) and developed from there over the long centuries of Chinese political division. […] Around 120 CE, a learned scholar at the Han imperial court, Xu Shen (ca. 55–ca. 149), composed the postface to his Explanation of Simple Graphs and Analysis of Composite Characters (Shuowen jiezi), the first comprehensive dictionary of more than ten thousand Chinese graphs. In the postface, he relied on a much earlier (fourth-century BCE) mythological account of how the sages had created the foundations of civilization. Xu, however, now focused on the invention of writing […]
Xu’s mythological narrative is correct in one important respect: the creation of Chinese graphs is one of but a handful of instances in human history where writing was invented independent of any known influence from the outside—and so the beginning of Chinese literature is monocultural and monolingual. But neither writing nor literature were nearly as old as was imagined in Xu’s time, nor did they emerge hand in hand. […]
Before turning to artifacts of literary writing, something must be said about the prehistory of literature before writing, or rather, the absence of any evidence for such a prehistory in ancient China. In contrast to, say, Greece, India, or Mesopotamia, there is no trace of a grand Chinese narrative or epic that may first have existed orally before finally being committed to writing, nor can we point to an early culture of song that preceded the arrival of writing and was then continued in written form. This does not mean that such things did not exist; in China just as everywhere else, people would have told their stories and sung their songs long before they knew or cared about how to write them. But none of these songs and stories is visible in the early documented stages of Chinese writing. Instead, the known traces of mythical narratives—all of them small fragments and often contradictory—that point to the dawn of history postdate the emergence of writing by several centuries and hence may not reflect that ancient oral culture at all.
The literary teleology from orality to writing, perhaps still a valid paradigm elsewhere, thus does not apply to early China. Nothing in the historical or archaeological record suggests such an idealizing linearity or the beginning of literature “with the common people.” There is a body of short songs that, with their charming simplicity, sincerity, and imagery, appear to reflect the daily joys, worries, and utterances of the common, presumably illiterate folk: the 160 “Airs of the States” included in the Classic of Poetry (Shijing). Already by Han times, legend had it that the ancient kings had dispatched messengers to the “lanes and alleys” to collect the ditties of the commoners in order to learn about their sentiments and well-being, and hence about the condition of the polity. Yet this legend was perhaps an invention in the service of court scholars themselves: songs thus collected were by definition innocent and truthful; they appeared spontaneously like natural omens and could be deployed for political critique.
The second time this paradigm of ancient folk songs became important was in the twentieth century, in the wake of the collapse of the empire in 1912 and the emergence of the modern Chinese nation-state. Here, not unlike in Johann Gottfried Herder’s (1744–1803) imagination about German folk songs, the ancient “Airs” were re imagined as the original language of the common people. Yet whether during the Han dynasty or in the twentieth century, the valorization of ancient Chinese folk song was but an ideological construction.
I imagine Bathrobe and others already know this stuff, but I’m finding it instructive.
Florida Northern Lights
Saturday, November 15th, 2025 06:46 amastronomypicofday_feed
Florida Northern Lights
Friday Squid Blogging: Pilot Whales Eat a Lot of Squid
Friday, November 14th, 2025 11:33 pmbruce_schneier_feedShort-finned pilot wales (Globicephala macrorhynchus) eat at lot of squid:
To figure out a short-finned pilot whale’s caloric intake, Gough says, the team had to combine data from a variety of sources, including movement data from short-lasting tags, daily feeding rates from satellite tags, body measurements collected via aerial drones, and sifting through the stomachs of unfortunate whales that ended up stranded on land.
Once the team pulled all this data together, they estimated that a typical whale will eat between 82 and 202 squid a day. To meet their energy needs, a whale will have to consume an average of 140 squid a day. Annually, that’s about 74,000 squid per whale. For all the whales in the area, that amounts to about 88,000 tons of squid eaten every year.
Research paper.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Opening the Black Box of EEBO.
Friday, November 14th, 2025 08:52 pmlanguagehat_feedA new Digital Scholarship in the Humanities article by Eetu Mäkelä, James Misson, Devani Singh, and Mikko Tolone (open access) examines Early English Books Online (EEBO):
Abstract
Digital archives that cover extended historical periods can create a misleading impression of comprehensiveness while in truth providing access to only a part of what survives. While completeness may be a tall order, researchers at least require that digital archives be representative, that is, have the same distribution of items as whatever they are used as proxies for. If even this representativeness does not hold, any conclusions we draw from the archives may be biased. In this article, we analyse in depth an interlinked set of archives which are widely used but which have also had their comprehensiveness questioned: the images of Early English Books Online (EEBO), and the texts of its hand-transcribed subset, EEBO-TCP. Together, they represent the most comprehensive digital archives of printed early modern British documents. Applying statistical analysis, we compare the contents of these archives to the English Short Title Catalogue (ESTC), a comprehensive record of surviving books and pamphlets in major libraries. Specifically, we demonstrate the relative coverage of EEBO and EEBO-TCP along six key dimensions—publication types (i.e. books/pamphlets), temporal coverage, geographic location, language, topics, and authors—and discuss the implications of the imbalances identified using research examples from historical linguistics and book history. Our study finds EEBO to be surprisingly comprehensive in its coverage and finds EEBO-TCP—while not comprehensive—to be still broadly representative of what it models. However, both of these findings come with important caveats, which highlight the care with which researchers should approach all digital archives.
1. Introduction
The purpose of this article is 2-fold. First, we aim to show, with major datasets often used for digital scholarship, that the collection history and composition of datasets matter, and cannot be ignored when doing research without jeopardizing the validity of results. Second, by demonstrating this principle in a descriptive manner across various dimensions of interest (including temporal, geographical, and linguistic coverage), we also wish to offer a solution: a series of practical guides for users of these datasets, with which they can make informed decisions about which imbalances they need to account for, and how. While this paper’s analyses of composition and its consequences will benefit users of the datasets of Early English Books Online (EEBO n.d.) and EEBO-TCP (n.d.) specifically, our guides offer a template which is readily usable for other collections, as evidenced by our sister publication on Eighteenth Century Collections Online (Tolonen, Mäkelä, and Lahti 2022).
It looks like a valuable read for anyone who uses those archives. Thanks, Leslie!
Upcoming Speaking Engagements
Friday, November 14th, 2025 05:08 pmbruce_schneier_feedThis is a current list of where and when I am scheduled to speak:
- My coauthor Nathan E. Sanders and I are speaking at the Rayburn House Office Building in Washington, DC at noon ET on November 17, 2025. The event is hosted by the POPVOX Foundation and the topic is “AI and Congress: Practical Steps to Govern and Prepare.”
- I’m speaking on “Integrity and Trustworthy AI” at North Hennepin Community College in Brooklyn Park, Minnesota, USA, on Friday, November 21, 2025, at 2:00 PM CT. The event is cohosted by the college and The Twin Cities IEEE Computer Society.
- Nathan E. Sanders and I will be speaking at the MIT Museum in Cambridge, Massachusetts, USA, on December 1, 2025, at 6:00 pm ET.
- Nathan E. Sanders and I will be speaking at a virtual event hosted by City Lights on the Zoom platform, on December 3, 2025, at 6:00 PM PT.
- I’m speaking and signing books at the Chicago Public Library in Chicago, Illinois, USA, on February 5, 2026. Details to come.
The list is maintained on this page.
The Role of Humans in an AI-Powered World
Friday, November 14th, 2025 12:00 pmbruce_schneier_feedAs AI capabilities grow, we must delineate the roles that should remain exclusively human. The line seems to be between fact-based decisions and judgment-based decisions.
For example, in a medical context, if an AI was demonstrably better at reading a test result and diagnosing cancer than a human, you would take the AI in a second. You want the more accurate tool. But justice is harder because justice is inherently a human quality in a way that “Is this tumor cancerous?” is not. That’s a fact-based question. “What’s the right thing to do here?” is a human-based question.
Chess provides a useful analogy for this evolution. For most of history, humans were best. Then, in the 1990s, Deep Blue beat the best human. For a while after that, a good human paired with a good computer could beat either one alone. But a few years ago, that changed again, and now the best computer simply wins. There will be an intermediate period for many applications where the human-AI combination is optimal, but eventually, for fact-based tasks, the best AI will likely surpass both.
The enduring role for humans lies in making judgments, especially when values come into conflict. What is the proper immigration policy? There is no single “right” answer; it’s a matter of feelings, values, and what we as a society hold dear. A lot of societal governance is about resolving conflicts between people’s rights—my right to play my music versus your right to have quiet. There’s no factual answer there. We can imagine machines will help; perhaps once we humans figure out the rules, the machines can do the implementing and kick the hard cases back to us. But the fundamental value judgments will likely remain our domain.
This essay originally appeared in IVY.
(no subject)
Friday, November 14th, 2025 06:06 amastronomypicofday_feed
Sometimes the dark dust of interstellar space has an angular elegance.
Orion and the Running Man
Friday, November 14th, 2025 06:06 amastronomypicofday_feed
Few cosmic vistas can excite the imagination like
(no subject)
Friday, November 14th, 2025 06:06 amastronomypicofday_feed
What are those colorful rings around the Moon?
(no subject)
Friday, November 14th, 2025 06:06 amastronomypicofday_feed
Jupiter looks a bit different in ultraviolet light.
(no subject)
Friday, November 14th, 2025 06:06 amastronomypicofday_feed
What was so super about Wednesday's supermoon?
(no subject)
Friday, November 14th, 2025 06:06 amastronomypicofday_feed
Does the road to our galaxy's center go through
A Full Moon at Perigee
Friday, November 14th, 2025 06:06 amastronomypicofday_feed
A Full Moon at Perigee
you're keeping calm, you're aiming higher
Thursday, November 13th, 2025 08:20 pmmusesfoolToday at work, they announced that we will be getting a COLA, retro back to July 1! My boss also floated a potential promotion for me (really, the work would mostly stay the same, but the title and money would be better) for after the new CEO is in place. We'll see if that ever happens. It would be cool if it did, but I won't hold my breath.
I thought I had other things to say, but I fell asleep on the couch after I logged off work and now I'm all fuzzy-headed.
*
I thought I had other things to say, but I fell asleep on the couch after I logged off work and now I'm all fuzzy-headed.
*
Puerto Rico From Above
Friday, November 14th, 2025 12:00 amearthobservatory_iod_feed
An astronaut photographed the island’s striking mix of mountains, forests, and expanding urban areas.
‘Political violence’ and Johnny and Nina
Thursday, November 13th, 2025 10:16 pmslacktivist_feedYou can run on for a long time, run on for a long time, run on for a long time, but sooner or later ...
The Friday Five for 14 November 2025
Thursday, November 13th, 2025 06:14 pmanais_pf posting in ![[community profile]](https://www.dreamwidth.org/img/silk/identity/community.png){kind=small}
thefridayfiveThese questions were originally suggested by ![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif)
alysonl.
1. What's one of the nicest things a friend has ever done for you?
2. What's one of the nicest things a stranger has ever done for you?
3. What is a trait in another person that you instantly admire, and that draws you to them?
4. What is a trait in another person that instantly repels you, and prevents you from forming a close relationship with them?
5. Time to vent: tell us about something rotten someone has done to you.
Copy and paste to your own journal, then reply to this post with a link to your answers. If your journal is private or friends-only, you can post your full answers in the comments below.
alysonl.1. What's one of the nicest things a friend has ever done for you?
2. What's one of the nicest things a stranger has ever done for you?
3. What is a trait in another person that you instantly admire, and that draws you to them?
4. What is a trait in another person that instantly repels you, and prevents you from forming a close relationship with them?
5. Time to vent: tell us about something rotten someone has done to you.
Copy and paste to your own journal, then reply to this post with a link to your answers. If your journal is private or friends-only, you can post your full answers in the comments below.
What Does ‘6-7’ Mean?
Thursday, November 13th, 2025 06:27 pmlanguagehat_feedEvery once in a while journalists turn their beady eyes on the ever-fresh topic of “how those crazy kids are talking these days” and make solemn efforts to decipher it; the latest entry, by Callie Holtermann in the NY Times (archived), is less solemn and more sensible than most, and it includes an admirable bit of institutional self-flagellation (the passage beginning “In November 1992”):
If you’d like to truly mortify yourself in front of a young person, try asking the meaning of a phrase that’s being repeated in schools around the country like an incantation: “6-7.”
The conversation might go something like this. You’ll be informed that it doesn’t have a definition — it’s just funny, OK? And also, isn’t it a little bit embarrassing that you’re asking? “There’s not really a meaning behind 6-7,” explained Ashlyn Sumpter, 10, who lives in Indiana. “I would just use it randomly,” said Carter Levy, 9, of Loganville, Ga. Dylan Goodman, 16, of Bucks County, Pa., described the phrase as an inside joke that gets funnier with each grown-up who tries and fails to understand it.
“No offense to adults, but I think they always want to know what’s going on,” she said.
They have certainly been trying. Several months after “6-7” began popping up in classrooms and online, the phrase has become the subject of perplexed social media posts by parents and dutiful explainers in national news outlets, most of which trace it to the song “Doot Doot (6 7)” by the rapper Skrilla. Last month, Dictionary.com chose the term as its word of the year, acknowledging it as “impossible to define.”
This is the oldest trick in the adolescent handbook: Say something silly, stump adults, repeat until maturity. Today, though, such terms ricochet around a network of publications and on the pages of influencers, all promising to decipher youth behavior for older audiences. “Six-seven” feels a bit like a nonsense grenade lobbed at the heart of that ecosystem. Desperate to understand us? Good luck, losers!
It is not the only way that younger generations are, consciously or not, scrambling the Very Earnest analysis of their forebears.
She goes on to talk about skibidi, Ballerina Cappuccina, Tralalero Tralala (a shark with human legs), and “Pudding mit Gabel” before continuing:
For as long as there has been teen slang, there has been a desire for adults to penetrate its meaning — and an impish urge among young people to exploit their curiosity. It’s practically a rite of passage.
In November 1992, The New York Times published a “lexicon of grunge speak” quoting Megan Jasper, a 25-year-old sales representative at Caroline Records in Seattle. After the article was published, Ms. Jasper revealed that she had made up several of her contributions, including “lamestain” (an uncool person) and “swingin’ on the flippity-flop” (hanging out). The paper’s eagerness to write up a loose scene’s nonexistent lingo had inspired Ms. Jasper to go rogue. “You react by trying to make fun of it,” she later said.
When it came time to needle Gen X, Ms. Jasper’s generation, millennials had a tool that had not been available to their parents: the internet.
Clarissa Hunnicutt remembers endlessly repeating phrases including “I’m a snake,” a line from a viral YouTube video from 2010, to her parents’ bafflement and frustration. “They finally just got to this point where they were like, ‘We’re going to accept that we have no clue what you are talking about,’” said Ms. Hunnicutt, 32, who works for a nonprofit foster-care agency.
She thinks that millennial parents like herself have struggled to do the same. Because she grew up steeped in internet culture, she feels that she should be able to get to the bottom of slang like “cooked” and “rizz” that her three children are learning online. In her day, most buzzy terms alluded to a single YouTube video or movie; now, the origins can be a lot more diffuse.
There’s a lot more in the article; click through and enjoy. Thanks, Trevor!
Book Review: The Business of Secrets
Thursday, November 13th, 2025 12:09 pmbruce_schneier_feedThe Business of Secrets: Adventures in Selling Encryption Around the World by Fred Kinch (May 24, 2024)
From the vantage point of today, it’s surreal reading about the commercial cryptography business in the 1970s. Nobody knew anything. The manufacturers didn’t know whether the cryptography they sold was any good. The customers didn’t know whether the crypto they bought was any good. Everyone pretended to know, thought they knew, or knew better than to even try to know.
The Business of Secrets is the self-published memoirs of Fred Kinch. He was founder and vice president of—mostly sales—at a US cryptographic hardware company called Datotek, from company’s founding in 1969 until 1982. It’s mostly a disjointed collection of stories about the difficulties of selling to governments worldwide, along with descriptions of the highs and (mostly) lows of foreign airlines, foreign hotels, and foreign travel in general. But it’s also about encryption.
Datotek sold cryptographic equipment in the era after rotor machines and before modern academic cryptography. The company initially marketed computer-file encryption, but pivoted to link encryption—low-speed data, voice, fax—because that’s what the market wanted.
These were the years where the NSA hired anyone promising in the field, and routinely classified—and thereby blocked—publication of academic mathematics papers of those they didn’t hire. They controlled the fielding of strong cryptography by aggressively using the International Traffic in Arms regulation. Kinch talks about the difficulties in getting an expert license for Datotek’s products; he didn’t know that the only reason he ever got that license was because the NSA was able to break his company’s stuff. He had no idea that his largest competitor, the Swiss company Crypto AG, was owned and controlled by the CIA and its West German equivalent. “Wouldn’t that have made our life easier if we had known that back in the 1970s?” Yes, it would. But no one knew.
Glimmers of the clandestine world peek out of the book. Countries like France ask detailed tech questions, borrow or buy a couple of units for “evaluation,” and then disappear again. Did they break the encryption? Did they just want to see what their adversaries were using? No one at Datotek knew.
Kinch “carried the key generator logic diagrams and schematics” with him—even today, it’s good practice not to rely on their secrecy for security—but the details seem laughably insecure: four linear shift registers of 29, 23, 13, and 7 bits, variable stepping, and a small nonlinear final transformation. The NSA probably used this as a challenge to its new hires. But Datotek didn’t know that, at the time.
Kinch writes: “The strength of the cryptography had to be accepted on trust and only on trust.” Yes, but it’s so, so weird to read about it in practice. Kinch demonstrated the security of his telephone encryptors by hooking a pair of them up and having people listen to the encrypted voice. It’s rather like demonstrating the safety of a food additive by showing that someone doesn’t immediately fall over dead after eating it. (In one absolutely bizarre anecdote, an Argentine sergeant with a “hearing defect” could understand the scrambled analog voice. Datotek fixed its security, but only offered the upgrade to the Argentines, because no one else complained. As I said, no one knew anything.)
In his postscript, he writes that even if the NSA could break Datotek’s products, they were “vastly superior to what [his customers] had used previously.” Given that the previous devices were electromechanical rotor machines, and that his primary competition was a CIA-run operation, he’s probably right. But even today, we know nothing about any other country’s cryptanalytic capabilities during those decades.
A lot of this book has a “you had to be there” vibe. And it’s mostly tone-deaf. There is no real acknowledgment of the human-rights-abusing countries on Datotek’s customer list, and how their products might have assisted those governments. But it’s a fascinating artifact of an era before commercial cryptography went mainstream, before academic cryptography became approved for US classified data, before those of us outside the triple fences of the NSA understood the mathematics of cryptography.
This book review originally appeared in AFIO.