Dark mode: ON

Infosec Decoded Season 5 #41: Hypernormalization

With sambowne@infosec.exchange

Recorded Tue, May 27, 2025

Politics

A hidden measure in the Republican budget bill would crown Trump king

Trump is blatantly ignoring court orders now about deporting immigrants. Courts have only one enforcement power: contempt citations. The Big Beautiful Bill will remove this power, so no federal court may enforce a contempt citation. Without the contempt power, judicial orders are meaningless and can be ignored.

Systems are crumbling – but daily life continues. The dissonance is real

If everything feels broken but strangely normal, the Soviet-era concept of hypernormalization can help. Hypernormalization describes life in a society where two main things are happening.

The first is people seeing that governing systems and institutions are broken. And the second is that, for reasons including a lack of effective leadership and an inability to imagine how to disrupt the status quo, people carry on with their lives as normal despite systemic dysfunction – give or take a heavy load of fear, dread, denial and dissociation.

Utah Study on Trans Youth Care Extremely Inconvenient for Politicians Who Ordered It

In 2022, Utah Gov. Spencer Cox was the rare Republican governor who seemed to truly care about the well-being of transgender kids. “I don’t understand what they are going through or why they feel the way they do. But I want them to live,” he wrote in a letter that year, explaining why he was vetoing a bill that would have banned four trans middle- and high schoolers in Utah from playing on sports teams with classmates who shared their gender identity. “All the research shows that even a little acceptance and connection can reduce suicidality significantly.”

The Utah health department performed a systematic review of medical evidence around puberty blockers and hormone therapy, concluding that the treatments are effective in terms of mental health, psychosocial outcomes, and the induction of body changes consistent with the affirmed gender in pediatric [gender dysphoria] patients. The evidence also supports that the treatments are safe in terms of changes to bone density, cardiovascular risk factors, metabolic changes, and cancer.

The FDA plans to limit access to covid vaccines. Here’s why that’s not all bad.

In the UK, where I live, covid boosters have been offered only to vulnerable groups for a while now. And the immunologists I spoke to agree: The plans make sense. Sine research suggests that leaving more than a year between booster doses could enhance their effectiveness. It might be better to wait five or 10 years between doses instead.

Trump Pumped and Dumped His Crypto Backers With Dud Dinner Party

While the top 25 backers got a reception with the president, other attendees who invested millions in his meme coin reportedly didn't even get to talk to him.

Computer Science Has One of The Highest Unemployment Rates

Americans to business: Take AI slow and do it right

Infosec

How Russia's Drone Swarms Work--AI and Telegram

They no longer rely on jammable GPS, are driven by artificial intelligence, and piggyback on Ukraine’s own internet and mobile internet networks. The team say they recently discovered a note inside one of the drones they were dismantling—presumably left by a sympathetic Russian engineer—which hinted at the new control algorithm. The drones are controlled via bots on the Telegram social-media platform, the note indicated, sending flight data and live video feeds back to human operators in real time.

10 to 100 Times Faster than a Starlink Antenna, and Cheaper Than Fiber: Taara Unveils a Laser Internet That Could Shatter the Status Quo

Taara’s system transmits information using focused beams of light—what the company calls Lightbridges—that can send data up to 20 kilometers at speeds of 20 gigabits per second. The devices, which are roughly the size of a traffic light, are designed to be mounted on rooftops or poles, where they can maintain an unobstructed line of sight.

Similar “free-space optics” systems have been tested since the late 1990s, but past attempts were limited by weather conditions and fragile alignment systems. Taara claims its devices overcome many of those limitations with improved beam tracking and more resilient design.

Until NotebookLM, I never believed AI could be this game-changing for productivity

NotebookLM is more of a study buddy than a shortcut. It won’t give you the answers you need to cheat. Instead, it’ll help you make sense of complex materials and actually understand whatever you’re studying or researching. This makes all the difference for someone who wants to actively understand the research they’re doing rather than just scrape by. You provide the tool with the sources, and then it uses AI to manipulate them in different ways.

NotebookLM doesn't hallucinate. Instead of generating responses by pulling information from the web or its own internal knowledge, NotebookLM relies solely on the documents you feed it or the information you share with it via chat. When the tool doesn't know the answer to your question, it won't make up information or try to guess just to please you. Instead, it'll tell you that what you're asking isn't mentioned anywhere in the sources you uploaded or your conversation history.

I Gave Gemini Access to My Gmail, and It Weirds Me Out

Google’s AI Pro plan automatically unlocks Gemini’s Gmail integration—without an explanation of what it does or the choice to opt out. Clicking the Gemini icon in Gmail opens up a sidebar where you can talk to Gemini about your email. However, Google doesn't use Gemini data from Google Workspace apps, like Gmail, for training, ad targeting, or selling. I appreciate the guarantee, but I don’t fully trust Google.

How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation

The vulnerability it found is CVE-2025-37899 (fix here), a use-after-free in the handler for the SMB ‘logoff’ command. Understanding the vulnerability requires reasoning about concurrent connections to the server, and how they may share various objects in specific circumstances. o3 was able to comprehend this and spot a location where a particular object that is not referenced counted is freed while still being accessible by another thread. As far as I’m aware, this is the first public discussion of a vulnerability of that nature being found by a LLM.

He used a carefully-designed prompt and ran it 100 times to search for a known bug. o3 found the vulnerability in 8 of the 100 runs. In another 66 of the runs o3 concludes there is no bug present in the code (false negatives), and the remaining 28 reports are false positives.

Then he told the LLM to test all possible command handlers, in 9000 lines of code. It found a new 0day in 1 of the 100 runs.

Lidar is great for cars, but it can permanently damage cameras

This Laser Breakthrough Can Read Text on a Page From a Mile Away

Using eight laser beams and intensity interferometry, the device can accurately read letters at a resolution of 3 mm from a distance of 1.36 kilometers (about 0.85 miles).

The chilling AI trend using reverse geolocation that’s going viral

From am everyday photo, ChatGPT can deduce the exact location of the scene. The ability to perform “reverse location lookup” could lead to potentially dangerous uses. Anyone could upload an innocent-looking photo from someone’s Instagram story or a random portrait and ask ChatGPT to figure out where it was taken.

Authors Are Accidentally Leaving AI Prompts In their Novels

Fans reading through the romance novel Darkhollow Academy: Year 2 got a nasty surprise last week in chapter 3. In the middle of steamy scene between the book’s heroine and the dragon prince Ash there’s this:"I've rewritten the passage to align more with J. Bree's style, which features more tension, gritty undertones, and raw emotional subtext beneath the supernatural elements:"

Hacker Conference HOPE Says U.S. Immigration Crackdown Caused Massive Crash in Ticket Sales

The conference usually has around 1,000 attendees and the event is almost entirely funded by ticket sales. There isn’t a serious danger of the event not going ahead, but the conference may need to "significantly decrease” its space in the venue to manage HOPE’s budget.