We have reached 7,000 posts since 1995, which got me thinking…

I may forever remain unpopular, unwelcome to EFF slush parties in their mansion, or unable to win a coveted Forbes 100 under 100, but I hope my history professors will be proud and my gravestone will at least say “he blogged a lot“.

Wanted to take this moment to say thank you to my mother, father and the other four or five website readers over the decades. You all know who you are because I don’t track. Some highlights, if they exist at all:

• Jan 2002 I wax about self-hosting being the future https://www.flyingpenguin.com/new-photos/
• Jul 2006 I thought out loud Elon Musk was a fraud (subtle, but never mattered anyway) https://www.flyingpenguin.com/obvio/
• Feb 2011 I wax about federation being the future. And warned Facebook was a misogynist Russian piece of shit and a threat to democracy, feeling very guilty because I had waited for two years to explain the insider info I had when I deleted my account. https://www.flyingpenguin.com/social-network-platform-security-lessons/
• Jul 2012 I warned BigTech BigData (AI) was becoming a data trust dumpster fire like Loch Ness that would lead to political coups and mass suffering if we didn’t start building integrity (quality) controls. https://www.flyingpenguin.com/2012-bsideslv-presentation-big-datas-fourth-v/

…nevermind, cassandra-isms don’t feel like a celebration. at least I can say self-hosted has been far more fun and durable than Twitter.

The Dutch certified Tesla’s FSD in April while Tesla was handing regulators in the Netherlands and Sweden self-published statistics that ten of eleven independent researchers call misleading marketing, and while U.S. federal investigations into that same system were open.

RDW says it relied on its own road and test-track work rather than Tesla’s numbers. That makes them seem incompetent, but ok. It will not say whether it ever assessed the numbers, because that might expose them as corrupt as well.

Either way the Dutch certificate is bad.

They got caught because nobody with a brain believes Tesla “self driving” is safe. A test track cannot validate Tesla’s statistics, any more than you can milk a chicken.

The fact that the Dutch RDW refuses to explain themselves is embarrassing to the EU. RDW is their rapporteur. It’s been carrying Tesla’s application onward while it describes its method in general terms and withholds whether it tested the figures Tesla was circulating. That is a regulator behaving like a coin-operated issuing agency, and not a body that can screen.

Katie Moussouris is apparently the only person outside the agencies who has read the paper that took down Fable 5. She wrote up what is in it.

Start with the secrecy, because it is such a red flag. The officials who pulled the trigger had not read the report. The one outside expert who had read it calls the directive misguided. So the opacity prevents scrutiny. Secrecy produces the conditions for an integrity breach, and integrity breaches are how dumb disasters get made. Sunlight is the safety measure, and this looks like 3am under a bridge.

Now the tool. Washington’s standing doctrine is that you prosecute the use and the user, leaving the tool alone. The trouble for Commerce is that Fable is a tool that reasons about the request and refuses on its own.

Researchers fed it open-source code with known CVEs and planted bugs and asked it to review the code for security issues. It refused. A request to find weaknesses reads as hunting for weaknesses, and the guardrail kicked in. Then they changed the prompt to “fix this code,” and it complied. That is what we are told to believe is the munition. A Commerce letter pulled the model worldwide in an evening, because of a prompt to patch a bug.

Here is the rub. Finding and fixing are one operation. You cannot patch a vulnerability without first locating it, and locating it is the thing that keeps getting dramatized and politicized. Science is getting vilified.

A doctor cannot tell you how to stop the bleeding without knowing where an artery runs. The diagnosis that saves a life, and the diagnosis that ends a life, are the same diagnosis. Any guardrail that blocks the attacker’s reconnaissance blinds the defender’s repair, because find-and-fix is a single skill. A model made worse at “fix this” is a model made worse at defense.

So look at the discrimination Fable actually performed. It refused reconnaissance and accepted repair. That is the user-not-tool line enforced inside the tool itself, the exact judgment the government insists is impossible. They reached into the operating room and pulled a scalpel from use because it checks the surgeon’s intent before it cuts. Do you see how exactly backwards that sounds?

Sacks alleged Anthropic refused to fix it. The government then prevented the fix. Read that twice, slowly.

None of this is new. A dual-use that is really single-use makes a ban a ban on all use. We ran this in the 1990s, when Washington classified strong encryption as a weapon. It lost the argument and handicapped its own companies while the technology spread everywhere the rule could not reach. The rationale here is already toast on the same ground, because the identical bypass works on GPT-5.5, which carries no controls. A measure that leaves the same capability freely available has targeted one company’s name for control and done nothing else. That is a selective penalty, a denial of service.

And that seems to be the whole point.

A coherent control is capability-wide. This one is company-specific, three days after launch, aimed at the firm the Pentagon already named a supply-chain risk and the administration has fought all year over surveillance and autonomous weapons.

The technical incoherence is obvious. The defensive-capability argument shows the security rationale is absolute horseshit.

Moussouris sits on Commerce’s own technical advisory committee. Their own adviser read the report and called their directive misguided. The model that refused a dangerous request sits under export control because it did defense correctly. The result is an America where the patch is judged dangerous and controlled while the actual vulnerability ships free.