NATO Cyber Defense Document: Worth a Look
September 1, 2025
It’s so hard to find decent resources on cyber security these days without them trying to sell you on the latest, greatest service own product. One
Great resource is the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), a multinational and interdisciplinary cyber defense hub. The organization’s mission is to support interdisciplinary expertise in cyber defense research, training and exercises covering the focus areas of technology, strategy, operations, and law.
While CCDCOE primarily serves NATO and member countries, its impactful research is useful for teaching all nations about the importance of cyber security. The organization began in May 2008 and since 2018 it has been responsible for teaching and training all NATO countries about cyber security. One of the organization’s biggest accomplishments is the Tallinn Manual:
“One of the most well-known and internationally recognised research accomplishments for CCDCOE has been the Tallinn Manual process, launched in 2009. The process has involved CCDCOE experts, internationally renowned legal scholars from various nations, legal advisors of nearly 50 states and other partners. Authored by nineteen international law experts, the “Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations” published in 2017 expanded the first edition published in 2013 with a legal analysis of more common cyber incidents that states encounter on a day-to-day basis and that fall below the thresholds of the use of force or armed conflict. The Tallinn Manual 2.0 is the most comprehensive analysis on how existing international law applies to cyberspace.”
CCDCOE is a very influential organization. Cybersecurity and defense is more important now than ever because of the dangers of artificial intelligence. CCDCOE is a fantastic organization to start learning the fundamentals of cybersecurity.
Whitney Grace , September 1, 2025
Faux Boeuf Delivers Zero Calories Plus a Non-Human Toxin
August 29, 2025
No AI. Just a dinobaby working the old-fashioned way.
That sizzling rib AI called boeuf à la Margaux Blanchard is a treat. I learned about this recipe for creating filling, substantive, calorie laden content in “Wired and Business Insider Remove Articles by AI-Generated Freelancer.” I can visualize the meeting in which the decision was taken to hire Margaux Blanchard. I can also run in my mental VHS, the meeting when the issue was discovered. In my version, the group agreed to blame it on a contractor and the lousy job human resource professionals do these days.
What’s the “real” story? Let go to the Guardian write up:
On Thursday [August 22, 2025], Press Gazette reported that at least six publications, including Wired and Business Insider, have removed articles from their websites in recent months after it was discovered that the stories – written under the name of Margaux Blanchard – were AI-generated.
I frequently use the phrase “ordained officiant” in my dinobaby musings. Doesn’t everyone with some journalism experience?
The write u p said:
Wired’s management acknowledged the faux pas, saying: “If anyone should be able to catch an AI scammer, it’s Wired. In fact we do, all the time … Unfortunately, one got through. We made errors here: This story did not go through a proper fact-check process or get a top edit from a more senior editor … We acted quickly once we discovered the ruse, and we’ve taken steps to ensure this doesn’t happen again. In this new era, every newsroom should be prepared to do the same.”
Yeah, unfortunately and quickly. Yeah.
I liked this paragraph in the story:
This incident of false AI-generated reporting follows a May error when the Chicago Sun-Times’ Sunday paper ran a syndicated section with a fake reading list created by AI. Marco Buscaglia, a journalist who was working for King Features Syndicate, turned to AI to help generate the list, saying: “Stupidly, and 100% on me, I just kind of republished this list that [an AI program] spit out … Usually, it’s something I wouldn’t do … Even if I’m not writing something, I’m at least making sure that I correctly source it and vet it and make sure it’s all legitimate. And I definitely failed in that task.” Meanwhile, in June, the Utah court of appeals sanctioned a lawyer after he was discovered to have used ChatGPT for a filing he made in which he referenced a nonexistent court case.
Hey, that AI is great. It builds trust. It is intellectually satisfying just like some time in the kitchen with Margot Blanchard, a hot laptop, and some spicy prompts. Yum yum yum.
Stephen E Arnold, August 29, 2025
Computer Science Grad Job Crisis: Root Cause Revealed
August 29, 2025
No AI. Just a dinobaby working the old-fashioned way.
I read a short item called “A Popular College Major Has One of The Highest Unemployment Rates.” The article contains old news, but it also reveals one of the underlying causes of the issue.
First, here’s the set up for the “no jobs for you” write up:
Computer science ranked seventh amongst undergraduate majors with the highest unemployment at 6.1 percent, according to the Federal Reserve Bank of New York. “Every kid with a laptop thinks they’re the next Zuckerberg, but most can’t debug their way out of a paper bag,” one expert told Newsweek.
Now, let’s look at the passage that points to an underlying cause:
HR consultant Bryan Driscoll told Newsweek: Computer science majors have long been sold a dream that doesn’t match reality.
And a bit of supporting input:
Michael Ryan, a finance expert and the founder of MichaelRyanMoney.com, told Newsweek: … “We created a gold rush mentality around coding right as the gold ran out. Companies are cutting engineering budgets by 40 percent while CS enrollment hits record highs. It’s basic economics. Flood the market, crater the wages.”
My take is this another example of “think it and it will become real” patterning in the US and probably elsewhere too. College and universities wanted to “sell” student loans. Computer science was nothing more than the bait on the hook of employment for life for the mark.
When one can visualize a world and make it real corresponds to how life unspools strikes me as crazy. In my career I have met a few people who said, “I knew I wanted to be an X, so I just did it.” The majority of those with whom I have interacted in my 60 plus year work career say something like this, “Yeah, I majored in X, but an opportunity arose, and I took it. Now I do Y. Go figure.”
The “think it into reality” approach seems to deliver low probability results. Situational decisions have several upsides. First, one doesn’t have a choice for some reason. Two, surprises happen. And, three, as one moves through life (the unspooling idea) perceptions, interests, and even intelligence change.
My hunch is that today (it happens to be August 21, 2025) is that we are living in a world in which “think it and it will happen” thought processes are everywhere. Is Mark Zuckerberg suddenly concerned about an AI bubble? Will Microsoft launch Excel Copilot with a warning label that says, “This will output errors”? Will you trust your child’s medical treatment to a smart robot?
I like to thing about dialing more “real” world into everyday life. Unemployment for computer science graduates won’t change too much in the “up” direction. But at least the carnival culture approach to selling a college education, an AI start up idea to a 20 something MBA “managing director”, and the “do it for 10,000 hours and become an expert” may loosen the grip on what are some pretty wacky ideas.
Stephen E Arnold, August 29, 2025
Misunderstanding the Google: A Hot Wok
August 29, 2025
No AI. Just a dinobaby working the old-fashioned way.
I am no longer certain how many people read blog posts. Bing, Google, and Yandex seem to be crawling in a more focused way; that is, comprehensiveness is not part of the game plan. I want to do my small part by recommending that you scan (preferably study) “Google Is Killing the Open Web.”
The premise of the essay is clear: Google has been working steadily and in a relatively low PR voltage mode to control the standards for the Web. I commented on this in my Google Legacy, Google Version 2.0, and other Google writings as early as 2003. How did I identify this strategic vision? Easy. A Googler told me. This individual like it when I called Google a “calculating predator.” This person made an effort (a lame one because he worked at Google) to hear my lectures about Google’s Web search.
Now 22 years later, a individual has put the pieces together and concluded rightly that Google is killing the open Web. The essay states:
Google is managing to achieve what Microsoft couldn’t: killing the open web. The efforts of tech giants to gain control of and enclose the commons for extractive purposes have been clear to anyone who has been following the history of the Internet for at least the last decade, and the adopted strategies are varied in technique as they are in success, from Embrace, Extend, Extinguish (EEE) to monopolization and lock-in.
Several observations:
- The visible efforts to monopolize have been search, ads, and the mobile plays. The lower profile technical standards are going to be more important as new technologies emerge. The accuracy of the early Googlers’ instincts were accurate. People (namely Wok) are just figuring it out. Unfortunately it is too late.
- Because online services have a tendency to become monopolies, the world of “online” has become increasingly centralized. The “myth” of decentralization is a great one but so was “Epic of Gilgamesh.” There may be some pony in there, but the reality is that it is better to centralize and then decide what to move out there.
- The big tech outfits reside in a “country,” but the reality is that these are borderless. There is no traditional there there. Consequently governments struggle to regulate what these outfits do. Australia levies a fine on Google. So what? Google just keeps being Googley. Live with it.
One cannot undo decades of methodical, strategic thinking, and deft tactical moves quickly. My view is that changing Google will occur within Google. The management thinking is becoming increasingly like that of an AT&T type company. Chop it up and it will just glue itself back together.
I know the Wok is hot. Time to cool off and learn to thrive in the walled garden. Getting out is going to be more difficult than many other tasks. Google controls lots of technology, including the button that opens the gate to the walled garden.
Stephen E Arnold, August 26, 2025
More Innovative Google Management: Hit Delete for Middle Managers
August 28, 2025
This blog post is the work of an authentic dinobaby. Sorry. No smart software can help this reptilian thinker.
I remember a teacher lecturing about the Great Chain of Being. The idea was interesting. The Big Guy at the top, then not-so-important people, and at the bottom amoebae. Google, if the information in “Google Has Eliminated 35% of Managers Overseeing Small Teams in Past Year, Exec Says,” is on the money has embraced the Great Chain of Being.
The write up says:
Google has eliminated more than one-third of its managers overseeing small teams, an executive told employees last week, as the company continues its focus on efficiencies across the organization. “Right now, we have 35% fewer managers, with fewer direct reports” than at this time a year ago, said Brian Welle, vice president of people analytics and performance ….“So a lot of fast progress there.”
Yep, efficiency. Quicker decisions. No bureaucracy.
The write up includes this statement from the person at the top of the Great Chain of Being:
Google CEO Sundar Pichai weighed in at the meeting, reiterating the need for the company “to be more efficient as we scale up so we don’t solve everything with headcount.”
Will Google continue to trim out the irrelevant parts of the Great Chain of Being? Absolutely. Why not? The company has a VEP or a Voluntary Exit Program. From Googler to Xoogler in a flash and with benefits.
Several observations:
- Google continues to work hard to cope with the costs of its infrastructure
- Google has to find ways to offset the costs of that $0.47 per employee deal for US government entities
- Google must expand its ability to extract more cash from [a] advertisers and [b] users without making life too easy for competitors like Meta and lurkers waiting for a chance to tap into the online revenue from surveillance, subscriptions, and data licensing.
Logic suggests that the Great Chain of Being will evolve, chopping out layers between the Big Guy at the top and the amoebae at the bottom. What’s in the middle? AI powered systems. Management innovation speeds forward at the ageing Google.
Fear, confusion, and chaos appear to be safely firewalled with this new approach.
Stephen E Arnold, August 28, 2025
A Interesting Free Software: FreeVPN
August 28, 2025
No AI. Just a dinobaby working the old-fashioned way.
I often hear about the wonders of open source software. Even an esteemed technologist like Pavel Durov offers free and open source software. He wants to make certain aspects of Telegram transparent. “Transparent” is a popular word in some circles. China releases Qwen and it is free. The commercial variants are particularly stimulating. Download free and open source software. If you run into a problem, just fix it yourself. Alternatively you can pay for “commercial for fee” support. Choice! That’s the right stuff.
I read “Chrome VPN Extension with 100K Installs Screenshots All Sites Users Visit.” Note: By the time you read this, the Googlers may have blocked this extension or the people who rolled out this digital Trojan horse may have modified the extension’s behavior to something slightly less egregious.
Now back to the Trojan horse with a saddle blanket displaying the word “spyware.” I quote:
FreeVPN.One, a Chrome extension with over 100,000 installs and a verified badge on the Chrome Web Store, is exposed by researchers for taking screenshots of users’ screens and exfiltrating them to remote servers. A Koi Security investigation of the VPN tool reveals that it has been capturing full-page screenshots from users’ browsers, logging sensitive visual data like personal messages, financial dashboards, and private photos, and uploading it to aitd[.]one, a domain registered by the extension’s developer.
The explanation makes clear that one downloads and installs or activates a Chrome extension. Then the software sends data to the actor deploying the malware.
The developer says:
The extension’s developer claimed to Koi Security that the background screenshot functionality is part of a “security scan” intended to detect threats.
Whom does one believe? The threat detection outfit or the developer.
Can you recall a similar service? Hint: Capitalize the “r” in “Recall.”
Can the same stealth (clumsy stealth in some cases) exist in other free software? Does a jet air craft stay aloft when its engines fail?
Stephen E Arnold, August 28, 2025
Google Anti-Competitive? No. No. No!
August 28, 2025
No AI. Just a dinobaby working the old-fashioned way.
I read another anti Google news release from a mere country. When I encounter statements that Google is anti competitive, I am flabbergasted. Google is search. Google is the Web. Google is great. Google is America. What’s with countries that don’t get with the program? The agenda has been crystal clear for more than 20 years. Is there as dumb drug in your water or your wheat?
“Google Admits Anti-Competitive Conduct Involving Google Search in Australia” reports that Google has been browbeaten, subjected to psychological pressure, and outrageous claims. Consequently, the wonderful Google has just said, “Okay, you are right. Whatever. How much?”
The write up from a nation state says:
Google has co-operated with the ACCC, admitted liability and agreed to jointly submit to the Court that Google should pay a total penalty of $55 million. It is a matter for the Court to determine whether the penalty and other orders are appropriate.
Happy now?
The write up crows about forcing Google to falter emotionally and make further statements to buttress the alleged anti competitive behavior; to wit:
Google and its US parent company, Google LLC, have also signed a court-enforceable undertaking which the ACCC has accepted to address the ACCC’s broader competition concerns relating to contractual arrangements between Google, Android phone manufacturers and Australian telcos since 2017. Google does not agree with all of the ACCC’s concerns but has acknowledged them and offered the undertaking to address these concerns.
And there is ample evidence that Google abandons any alleged improper behavior. Sure, there have been minor dust ups about accidental WiFi interception in Germany, some trivial issues with regards to the UK outfit Foundem, and the current misunderstanding in America’s judicial system. But in each of these alleged “issues,” Google has instantly and in good faith corrected any problem caused by a contractor, a junior employee, or a smart “robot.” Managing Google is tough even for former McKinsey consultants.
Mistakes happen.
The nation state issues word salad that does little to assuage the mental and financial harm Google has suffered. Here are the painful words which hang like a scimitar over the fair Google’s neck:
The ACCC remains committed to addressing anti-competitive conduct like this, as well as cartel conduct. Competition issues in the digital economy are a current priority area.
Google is America. America is good. Therefore, that which Google does is a benefit to America and anyone who uses its services.
How can countries not figure out who’s on first, what’s on second, and I don’t know’s on third.
Stephen E Arnold, August 28, 2025
Google Uses a Blue Light Special for the US Government (Sorry K-Meta You Lose)
August 27, 2025
No AI. Just a dinobaby working the old-fashioned way.
I read an interesting news item in Artificial Intelligence News, a publication unknown to me. Like most of the AI information I read online I believe every single word. AI radiates accuracy, trust, and factual information. Let’s treat this “real” news story as actual factual. To process the information, you will want to reflect on the sales tactics behind Filene’s Basement, K-Mart’s blue light specials, and the ShamWow guy.
“The US Federal Government Secures a Massive Google Gemini AI Deal at $0.47 per Agency” reports:
Google Gemini will soon power federal operations across the United States government following a sweeping new agreement between the General Services Administration (GSA) and Google that delivers comprehensive AI capabilities at unprecedented pricing.
I regret I don’t have Microsoft government sales professional or a Palantir forward deployed engineer to call and get their view of this deal. Oh, well, that’s what happens when one gets old. (Remember. For a LinkedIn audience NEVER reveal your age. Okay, too bad LinkedIn, I am 81.)
It so happens I was involved in Year 2000 in some meetings at which Google pitched its search-and-retrieval system for US government wide search. For a number of reasons, the Google did not win that procurement bake off. It took a formal protest and some more meetings to explain the concept of conforming to a Statement of Work and the bid analysis process used by the US government 25 years ago. Google took it on the snout.
Not this time.
By golly, Google figured out how to deal with RFPs, SOWs, the Q&A process, and the pricing dance. The write up says:
The “Gemini for Government” offering, announced by GSA, represents one of the most significant government AI procurement deals to date. Under the OneGov agreement extending through 2026, federal agencies will gain access to Google’s full artificial intelligence stack for just US$0.47 per agency—a pricing structure that industry observers note is remarkably aggressive for enterprise-level AI services.
What does the US government receive? According to the write up:
Google CEO Sundar Pichai characterized the partnership as building on existing relationships: “Building on our Workspace offer for federal employees, ‘Gemini for Government’ gives federal agencies access to our full stack approach to AI innovation, including tools like NotebookLM and Veo powered by our latest models and our secure cloud infrastructure.”
Yo, Microsoft. Yo, Palantir. Are you paying attention? This explanation suggests that a clever government professional can do what your firms do. But — get this — at a price that may be “unsustainable.” (Of course, I know that em dashes signal smart software. Believe me. I use em dashes all by myself. No AI needed.)
I also noted this statement in the write up:
The $0.47 per agency pricing model raises immediate concerns about market distortion and the sustainability of such aggressive government contracting. Industry analysts question whether this represents genuine cost efficiency or a loss-leader strategy designed to lock agencies into Google’s ecosystem before prices inevitably rise after 2026. Moreover, the deal’s sweeping scope—encompassing everything from basic productivity tools to custom AI agent development—may create dangerous vendor concentration risks. Should technical issues, security breaches, or contract disputes arise, the federal government could find itself heavily dependent on a single commercial provider for critical operational capabilities. The announcement notably lacks specific metrics for measuring success, implementation timelines, or safeguards against vendor lock-in—details that will ultimately determine whether this represents genuine modernization or expensive experimentation with taxpayer resources.
Several observations are warranted:
- Google has figured out that making AI too cheap to resist appeals to certain government procurement professionals. A deal is a deal, of course. Scope changes, engineering services, and government budget schedules may add some jerked chicken spice to the bargain meal.
- The existing government-wide incumbent types are probably going to be holding some meetings to discuss what “this deal” means to existing and new projects involving smart software.
- The budget issues about AI investments are significant. Adding more expense for what can be a very demanding client is likely to have a direct impact on advertisers who fund the Google fun bus. How much will that YouTube subscription go up? Would Google raise rates to fund this competitive strike at Microsoft and Palantir? Of course not, you silly goose.
I wish I were at liberty to share some of the Google-related outputs from the Year 2000 procurement. But, alas, I cannot. Let me close by saying, “Google has figured out some basics of dealing with the US government.” Hey, it only took a quarter century, not bad for an ageing Googzilla.
Stephen E Arnold, August 27, 2025
Think It. The * It * Becomes Real. Think Again?
August 27, 2025
No AI. Just a dinobaby working the old-fashioned way.
Fortune Magazine — once the gem for a now spinning-in-his-grave publisher —- posted “MIT Report: 95% of Generative AI Pilots at Companies Are Failing.” I take a skeptical view of MIT. Why? The esteemed university found Jeffrey Epstein a swell person.
The thrust of the story is that people stick smart software into an organization, allow it time to steep, cook up a use case, and find the result unpalatable. Research is useful. When it evokes a “Duh!”, I don’t get too excited.
But there was a phrase in the write up which caught my attention: Learning gap. AI or smart software is a “belief.” The idea of the next big thing creates an opportunity to move money. Flow, churn, motion — These are positive values in some business circles.
AI fits the bill. The technology demonstrates interesting capabilities. Use cases exist. Companies like Microsoft have put money into the idea. Moving money is proof that “something” is happening. And today that something is smart software. AI is the “it” for the next big thing.
Learning gap, however, is the issue. The hurdle is not Sam Altman’s fears about the end of humanity or his casual observation that trillions of dollars are needed to make AI progress. We have a learning gap.
But the driving vision for Internet era innovation is do something big, change the world, reinvent society. I think this idea goes back to the sales-oriented philosophy of visualizing a goal and aligning one’s actions to achieve that goal. I a fellow or persona named Napoleon Hill pulled together some ideas and crafted “Think and Grow Rich.” Today one just promotes the “next big thing,” gets some cash moving, and an innovation like smart software will revolutionize, remake, or redo the world.
The “it” seems to be stuck in the learning gap. Here’s the proof, and I quote:
But for 95% of companies in the dataset, generative AI implementation is falling short. The core issue? Not the quality of the AI models, but the “learning gap” for both tools and organizations. While executives often blame regulation or model performance, MIT’s research points to flawed enterprise integration. Generic tools like ChatGPT excel for individuals because of their flexibility, but they stall in enterprise use since they don’t learn from or adapt to workflows, Challapally explained. The data also reveals a misalignment in resource allocation. More than half of generative AI budgets are devoted to sales and marketing tools, yet MIT found the biggest ROI in back-office automation—eliminating business process outsourcing, cutting external agency costs, and streamlining operations.
Consider this question: What if smart software mostly works but makes humans uncomfortable in ways difficult for the user to articulate? What if humans lack the mental equipment to conceptualize what a smart system does? What if the smart software cannot answer certain user questions?
I find information about costs, failed use cases, hallucinations, and benefits plentiful. I don’t see much information about the “learning gap.” What causes a learning gap? Spell check makes sense. A click that produces a complete report on a complex topic is different. But in what way? What is the impact on the user?
I think the “learning gap” is a key phrase. I think there is money to be made in addressing it. I am not confident that visualizing a better AI is going to solve the problem which is similar to a bonfire of cash. The learning gap might be tough to fill with burning dollar bills.
Stephen E Arnold, August 27, 2025
A Better Telegram: Max (imum) Surveillance
August 27, 2025
No AI. Just a dinobaby working the old-fashioned way.
The super duper everything apps include many interesting functions. But one can spice up a messaging app with a bit of old-fashioned ingenuity. The newest “player” in the “secret” messaging game is not some knock off Silicon Valley service. The MAX app has arrived.
Reuters reported in “Russia Orders Sate-Backed MAX Messenger Ap, a WhatsApp Rival, Pre-Installed on Phones and Tablets.” (Did you notice the headline did not include Telegram?) The trusted news source says:
A Russian state-backed messenger application called MAX, a rival to WhatsApp that critics say could be used to track users, must be pre-installed on all mobile phones and tablets from next month, the Russian government said on Thursday. The decision to promote MAX comes as Moscow is seeking greater control over the internet space as it is locked in a standoff with the West over Ukraine, which it casts as part of an attempt to shape a new world order.
I like the inclusion of a reference to “a new world order.”
The trusted news source adds:
State media says accusations from Kremlin critics that MAX is a spying app are false and that it has fewer permissions to access user data than rivals WhatsApp and Telegram.
Yep, Telegram. Several questions:
- Are any of the companies supporting MAX providing services to Telegram?
- Were any of the technologists working on MAX associated with VKontakte or Telegram?
- Will other countries find the MAX mandated installation an interesting idea?
- How does MAX intersect with data captured from Russia-based telecom outfits and online service providers?
I can’t answer these questions, but I would think that a trusted news service would.
Stephen E Arnold, August 27, 2025
-
- Subscribe to Beyond Search
Feature archive
News archive
-
