Grab’em by the fuel rods.What Pennsylvania officials told residents about Three Mile Island. In the 1970s they at least pretended to inform the public. Now they don’t even do that.TMI safety for kids. Source: Nuke’em Postcards
Three Mile Island is a lesson apparently lost on the billionaire tech kids riding Trump’s descent into madness.
NPR obtained copies of over a dozen of the new orders, none of which is publicly available. The orders slash hundreds of pages of requirements for security at the reactors. They also loosen protections for groundwater and the environment and eliminate at least one key safety role. The new orders cut back on requirements for keeping records, and they raise the amount of radiation a worker can be exposed to before an official accident investigation is triggered. […] Backers of the reactors, including tech giants Amazon, Google and Meta, have said they want the reactors to one day supply cheap, reliable power for artificial intelligence.
The integrity controls aren’t being circumvented, they’re being rewritten by the entity charged with enforcing them, then shared with the regulated parties while being withheld from the public.
That’s not deregulation, that’s capture.
That’s privatization of the regulatory framework by the regulated to deny safety. The paperwork now follows action, not the other way around, which is how dictatorship works. It’s all fake accountability that tracks to pure corruption.
The nuclear regulator literally has been reorganized as a service provider for the entities it regulates. Like how ICE are just stormtroopers loyal to Trump, refusing to follow law or respect the Constitution. The criminals now are the ones wearing the badges, occupying political spaces to prevent anyone from invoking actual law that would stop crimes.
Got ICE?
Over 500 pages of necessary security directives were slashed and burned down to 23 pages, for reactors that use higher levels of enriched uranium in their cores, which make them targets of theft.
More attractive targets, less security. This batshit threat model logic is by a small group of elites who plan to profit rapidly and hide, regardless of increased and widespread suffering.
Materials security for weapons-grade fuel, gutted so billionaires can shave construction costs?
No wonder the Big Tech boys keep buying their own islands, to isolate themselves from nuclear catastrophe they are rushing everyone else into.
Google Founder Larry Page Would Rather Die Self-Imprisoned on Desert Island Than Pay a Cent for Freedom
Six months of nation-state access to highly targeted networks simply because a widely-deployed tool treated TLS as the one and only integrity verification (rather than what it is, transport security).
The “sophisticated” attack reads like a tourist getting their wallet stolen from their beach chair while they went for a swim without it. Easy pickings, for someone to exploit unsophisticated engineering.
I love reading Dan Goodin, perhaps my favorite tech reporter of all time, but his article buries the lede:
…insufficient update verification controls that existed in older versions.
That’s the whole game, right there.
All the threat intelligence theater with chill names like “Chrysalis” and “Lotus Blossom,” with all the attribution to China-state actors getting “hands-on-keyboard” drama, obscures that this is a solved problem since at least 2005. Like twenty years ago Microsoft OEM’d an Israeli patching company and said oh shit we need to sign code, and that should have been the end of it, right?
Linux package managers have done cryptographic signature verification for many decades. Use of apt, yum, pacman, etc means you verify GPG signatures against pinned keys before execution. Done and dusted. This fix is older than many of the people involved in this disaster.
Why am I even writing about this?
The attack chain was to intercept update requests, redirect to a malicious binary, and let it execute. A checksum alone won’t save you here—if the attacker owns the distribution infrastructure, they serve bad binary and matching hash.
Self-consistent fraud.
The actual integrity breach fix is an asymmetric signing architecture. Key handling is the key. The developer signs a binary with a private key that never lives on update infrastructure. The client verifies against a public key pinned in the already-installed binary. Own the servers all you want—you can’t forge the signature without a properly hidden private key.
Here’s the part that should make you spit tea all over your screen. Or maybe that’s just me. They had signing. From Beaumont’s razor sharp analysis:
The downloads themselves are signed—however some earlier versions of Notepad++ used a self signed root cert, which is on Github.
Nice.
The lock was in the door and the key for it was… too. The integrity mechanism existed in form but not in function. A self-signed cert with the key published on GitHub means anyone who could redirect traffic could also forge valid signatures. That’s sad theater, an appearance of an integrity control when it doesn’t actually constrain anything.
Does content-addressable integrity need better marketing or something? I don’t get it. The transport layer is a layer for defense in depth, which someone confused with the core package integrity mechanism itself. And the actual signing layer, which should have been the real gate, was all hat no cattle.
Resources probably were allocated entirely into features and user growth. Someone went into transport layer security, yet didn’t bother to understand the limitations. The missing content integrity controls are a predictable catastrophic failure.
No regulators apparently required the basic cryptographic verification that actually prevents this. So the distribution of content never innovated on authenticity. Now we have to read about an integrity breach, a software developer scrambling to apologize and patch late what should have been there since twenty years ago.
Solved cryptographic engineering. Same pattern, always. You see it everywhere these days. A consent banner that doesn’t constrain data collection. An operations audit that doesn’t examine infrastructure. The signature that doesn’t verify authenticity.
The presence of a control, without regulations to ensure innovation around standards of care, can become dangerous cover for its absence.
Jason Zengerle’s new Tucker Carlson biography is titled Hated by All the Right People. The book treats a “struggle” to be hated as Carlson’s personal brand—a story of grievance and ambition. It’s actually the operating manual for authoritarian consolidation, and Zengerle apparently never recognizes he’s describing Mein Kampf for 2026.
The Numbers
Trump’s approval sits at 39-42%, net approval around -13 to -19. Among independents: 29%. Majorities disapprove of nearly every major policy.
Hitler’s numbers during consolidation were remarkably similar. July 1932—the last genuinely competitive election—the Nazi party got 37.3%. Even March 1933, with 50,000 brownshirts “monitoring” the vote, produced only 43.9%.
Neither man consolidated power with majority support. Both did it anyway. Being unpopular fueled their destruction of the state.
A contemporaneous State Department analysis noted that Hitler maintained control through “mass propaganda, backed by the energetic activity of the ‘Brown Shirts’, and with the tacit acquiescence of the Reichswehr.” Not popularity. Force plus institutional capitulation. Just like Truth Social and ICE today. Not a coincidence.
The Mein Kampf Return
Zengerle frames Carlson’s trajectory as psychology: Stewart destroyed him on Crossfire, Tucker felt betrayed, and “bitterness” explains his later radicalism.
This is biography as evasion. The pattern is structural:
Hitler: Failed putsch, then prison, then a lunatic manifesto reframing defeat as persecution, then return as more radical… takes over democracy and destroys it.
Trump: Lost 2020 and whined endlessly of a “Stolen election” mythology, then January 6th and returns more radical… takes over democracy and destroys it.
Carlson: Destroyed by Stewart and fired from CNN, he returns via Fox and then his own network, openly admiring Orbán and Putin. Now he “operates as a political actor, maybe even more than a media actor”
The pattern: Legitimate defeat doesn’t teach adjustment. It teaches that legitimate competition is rigged, which justifies abandoning it entirely.
“Hated by All the Right People” isn’t a brand. It’s the rationalization that transforms every fair loss into proof the system must be captured and destroyed, punishing everyone.
The Selection Mechanism
Being hated isn’t as much about personal grievance as it’s treated as qualification for authoritarian power. If you’re willing to do things decent people reject, you’ve proven your loyalty. The hatred is a token, a credential.
Current polling shows 57% disapprove of ICE enforcement. 51% say it makes cities less safe. The enforcement continues, stair-stepping in escalation. That’s the point.
Unpopular enforcement is the filter that builds the apparatus. Everyone who participates despite knowing better is identified for advancement. Everyone who objects is identified for removal.
The infamous Nazi Amon Goeth found grievances everywhere he looked, and he especially targeted experts, as depicted in the movie Schindler’s List
If the enforcement mechanism were popular, it wouldn’t generate fear. The point of visibly unpopular violence is demonstrating that popular opinion no longer constrains state action.
The “Autocratic Backfire” Fantasy
The same weekend Zengerle’s book dropped, Ruth Ben-Ghiat published a NYT essay arguing Trump’s overreach “may backfire.” Her thesis: autocrats believe their own propaganda, make disastrous decisions, and fall.
Her examples prove the opposite.
On Mussolini and Hitler: “it took being bombed by the Allies in World War Two to start the disintegration of the personality cults.” It took being bombed by the Allies. Not unpopularity. A world war.
Mobutu ruled 32 years until foreign-backed rebellion. Amin ruled 8 years until Tanzania invaded. Erdogan—her “recent example”—is still in power after 22 years. Putin—whom she called a “classic example of autocratic backfire”—is still in power.
She opens with a Chaplin quote from April 1939 about dictators throwing themselves into holes. Six months before Hitler invaded Poland. The “hole” didn’t stop anything. It took 60 million dead.
That’s the timeline “backfire” operates on. Not midterms. Decades of consolidation ended only by catastrophic external intervention.
Waiting for backfire is waiting for someone else to stop it.
I’ll say it again, because it’s such a spectacular misfire: her examples disprove her theory.
What This Means
Hitler was very, very unpopular. It’s how he amassed power. Trump also is very, very unpopular. And it’s working for him too.
Stop waiting for approval ratings to matter to people who want to be hated. They already don’t.
The question isn’t whether Trump’s silver-spoon elitist policies are popular, because they never are. The question is whether anyone with power will stop them. Courts that defer. Legislators that comply. Media that normalizes. Each capitulation teaches the lesson the SA taught in 1933: your disapproval juices the crackdown.
The apparatus is being built by people who understand this—who learned that losing means the game is rigged, that hatred from decent people is a credential, that popular opposition is irrelevant if institutions capitulate.
Zengerle’s book describes the selection mechanism in its title and never recognizes what it’s describing. That’s the liberal problem in miniature: dutifully cataloging symptoms while unable to authoritatively stop the disease.
Got ICE?
The unpopularity isn’t a problem for Trump, it’s proof the operation is working.
Left: A Japanese-American woman holds her sleeping daughter as they prepare to leave their home for an internment camp in 1942. Right: Japanese-Americans interned at the Santa Anita Assembly Center at the Santa Anita racetrack near Los Angeles in 1942. (Library of Congress/Corbis/VCG via Getty Images/Foreign Policy illustration)
Apparently unlawful detention of tens of thousands of Americans into concentration camps is starting to worry the GOP even in Texas.
[Rep. Pete] Sessions, who represents areas of central and west Texas in the state’s 17th Congressional District, suggested during an appearance on “CNN News Central” on Monday that voters were deterred from participating in the special election due to icy conditions.
Canada, for its part, has cancelled a contract with ICE. There’s a simple way to stop giant empty warehouses being converted into Trump concentration camps.
Canadian company says Virginia warehouse sale to ICE won’t proceed.
The owners of a property in Oklahoma City are “no longer engaged with the Department of Homeland Security about a potential acquisition or lease,” according to the city’s mayor David Holt.
These are just three examples of how the Texas GOP should be doing a lot more if it wants to get rid of problems with ICE.
They show how Trump is not above the thaw.
Got ICE?
a blog about the poetry of information security, since 1995
