I was asked to give a cursory glance at a Medium post called “War by Subscription“. I was afraid I would have to subscribe to read it, given Medium’s usual gating mechanism, but apparently this one’s for free.

Immediately I thought something was suspicious. Look at the Afghan War framing. It reads all wrong to me.

The Soviet adventure in Afghanistan was destroyed not by the mountains but by thousands of sealed coffins flowing into small provincial towns. This worked as a natural thermoregulator: when the price in blood became unbearable, the people forced the state to put out the fire.

But Soviet casualty information from Afghanistan was suppressed, and with considerable success. Cargo 200 arrived at night. Families were misled with “suicide” reports, denied open caskets, prohibited from public funerals, and told not to mention Afghanistan on the headstone. Svetlana Alexievich’s Boys in Zinc documents the silence. No meaningful anti-war movement existed in the USSR until perestroika opened the press in 1987 and 1988, which is to say after the withdrawal decision had already been taken. Gorbachev pulled out for strategic and economic reasons rooted in his reform program, not because provincial mothers forced his hand. The writer is running causation backwards.

And then I see the same error in the Vietnam example.

The fate of Vietnam was not decided on the battlefields but in the living rooms of provincial America.

Vietnam decided in living rooms? Nobody sitting in their living room is in the street protesting. The phrase falls apart on its own. The war ended in Paris in 1973 after Linebacker II bombed Hanoi back to the table, and finished in 1975 when Congress cut off the money to Saigon. Nixon won 1968 by torpedoing Johnson’s peace talks to send more Americans home in body bags as an election tactic, then won 1972 by widening the war into Cambodia and Laos while saying he was ending it. The coffins had been coming home for years before anything changed in Washington. What really moved Washington was Tet in 1968, when the official story stopped holding, and failure could no longer be denied in the field of operations. Cronkite called it that February, and that was one part of the establishment telling the other it was time to fold. Kansas living room couch potatoes were not in the room. And that’s besides the fact that the silent majority in the living room is who Nixon appealed to, while dramatically increasing the death-rate of American soldiers. If any thermostat had existed and worked, Cambodia escalation in 1970 (following the November 1969 middle-finger to protesters) would never have happened. The writer has again made cause and effect exactly backwards. Strike two.

Perhaps if we’re looking for a third example, a missing one is worth a try. The Korean War saw 36,000 American dead, three years of meat-grinder fighting, no significant anti-war movement, and a dud ending of armistice negotiations. The thermostat? Nothing. Is that why the writer skipped it? Seems to disprove his hypothesis. Ok, three strikes. Are we done yet?

I don’t want to nit-pick but he brings up one of the most famous human crew ground-coordinated targeting errors in history, and calls it a drone strike.

… officially outside any declared theater of war, without congressional authorization… In one notorious episode in Yemen in 2013, a drone struck a wedding convoy, killing twelve guests. In Kunduz in 2015, it struck a Médecins Sans Frontières hospital.

Nope.

The Kunduz MSF hospital tragedy of 2015 is well known as a US Air Force AC-130 gunship with American aircrew on-board, called in by a US Special Forces ground controller, in support of Afghan partner forces fighting in the city.

Starting at 2:08am on Saturday 3 October, a United States AC-130 gunship fired 211 shells on the main hospital building where patients were sleeping in their beds or being operated on in the operating theatre.

At least 42 people were killed, including 24 patients, 14 staff and 4 caretakers. Thirty-seven people were injured.

Our patients burned in their beds, our medical staff were decapitated or lost limbs. Others were shot from the air while they fled the burning building.

The attack from the air lasted for around one hour. The main hospital building came under precise and repeated airstrikes, while the surrounding buildings were left mostly untouched.

Throughout the airstrikes our teams desperately called military authorities to stop the attack.

That’s the Médecins Sans Frontières report. Not a drone.

Speaking of which, WWII bomber crews suffered some of the highest psychological casualty rates of any combat arm in the war, which is why “flak happy” entered the language. The moral insulation the author wants to attribute to distance never actually showed up in the record. Gunpowder warfare stayed brutal for four centuries: pike-and-shot, Napoleonic bayonet charges, trench assaults at the Somme. Anyone who has ever remotely watched someone pick up a telephoto lens, a shovel, or a rifle… knows how every millisecond during identification presses down like a ton of bricks. Distance is not the clean variable the writer wants to claim.

But even when describing a drone, notice how the writer says there was no congressional authorization?

That’s just flat wrong.

I could understand if he called the political process abused and over-broad, but it’s plain false to say drones under the 2001 AUMF didn’t have the authorization at all. They did.

The essay is riddled with errors and omissions. I guess I’m glad I didn’t have to subscribe.

Berlin in 2025 opened their new “no accusations” memorial to Holocaust victims. Come look so you can learn like the AfD how to… not see.

The square in front of the Berlin state parliament now bears the name Margot Friedländer Platz. The street sign was unveiled by Mayor Kai Wegner, who said beforehand that it sends a “powerful signal against antisemitism, against forgetting — and for democracy and human dignity.”

May 9, marks the first anniversary of Margot Friedländer’s death (1921–2025) and will be commemorated for the first time. Berlin’s honorary citizen survived the Holocaust as a young woman, before emigrating to New York in 1946. In 2010, she returned to live in the capital city.

With each new shock and new instance of hatred toward Jews in Berlin, the significance Friedländer carried in her final years becomes even clearer. As an eyewitness to terror and a voice warning against hatred, she did not level accusations…

And why didn’t Friedländer level accusations?

Was she fearful to the very end that making accusations would interfere with her chances of return and survival in Berlin?

Still, when you ask why I came back: One big factor was that Germans helped me in the difficult times. Germans were people, too. They hid me, shared their bed and food with me. There were people who did not look away, who did something that could have cost them their heads. It wasn’t just the 16 people or so who helped me. It’s not like I was the only one who went into hiding and was helped. There were too few. But it shows that something could have been done. If more people had stepped up, it wouldn’t have happened to this incredible extent. When you think about how outrageous it was, it’s unbelievable. I’m glad I can tell you about it today. I am grateful every day. This has become my life. […] When people in New York later learned about my decision to go back to Berlin, they asked me: how can you go back to the perpetrators? I answered, these are not the perpetrators I am going to. They are the third, fourth generation. They have nothing to do with what happened. I am not Hitler, I respect people. So how can I hold them responsible for what happened? They are the third or fourth generation born afterwards, that wouldn’t be fair. […] Isn’t it a good feeling for you that I don’t blame you for something you can’t do anything about?

Unfair to who? Something that who can’t do anything about?

The dedication of a public memorial to her emphasizes that her return held nobody to account. According to interviews, she believed her concealment by others helping her under Nazism, then her refusal to accuse after, is what served her better than the path of those who pressed for accountability. It doesn’t seem well connected to helping or protecting others, however.

I am German — this is my home. It was also the home of my parents and ancestors. My father was highly decorated in World War I — he lost a brother for Germany, my mother lost one, too. My father did not recognize it at that time, he said, they do not mean us. Even in 1935, when my aunt, my mother’s sister, and her husband left for Brazil, my father said, I can’t understand you, you are giving up your good business. Up until 1938 he did not believe it. My uncle disagreed. Who was right? Kristallnacht [the November pogroms of 1938, previously known as the “Night of Broken Glass”] was the moment when many, many said, now we believe it, now we have to leave. By then, it was too late.

They do not mean us? Who is the they? Oops. Too late, her father refused to level accusations and then the killers came for them anyway. She survived thanks to others, and then literally became a teacher of how to not see what’s happening.

Let’s stop for a minute and think about the lineage argument she makes in the interview. It invalidates her own thesis. Her ancestors, her parents, and her all tie together as one. She is what they were, and she continues as the same, because she says you can’t easily take who they were out of her. She returns to the past as if it draws her. Meanwhile she looks at descendants of Nazis and says “clean break for you, you are not what came before”.

Yeah, that’s a major problem that she sets up herself, and then just walks away from it like someone else should figure it out.

She says more people could have stepped up to help her long ago, more could have been done back then. And then she says make sure the things that happened don’t happen again, without concrete steps. When there’s no blame and no responsibility for genocide what action is going to happen? Who benefits most from her refusal to build a framework for accusations?

No word on those she never held accountable for the deaths of others. Which is apparently how she and the Germans want to move on. Berlin Nazi culture is known to be allergic to accountability.

She traded accusations for honors, refusal of blame for memorial squares and federal crosses. The arrangement served her.

Those who helped her saw what she later refused to name. They and the dead got nothing from it.

I was happily reading through a new Google post called “GTIG AI Threat Tracker: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access” (a title almost as long as a post itself) when my eyes crashed into this box.

Now hold on, pardner. Attribution is the evidence? That’s not how anything is supposed to work. This prompt gets attributed to UNC2814 with a target of TP-Link firmware and Odette File Transfer Protocol implementations. Those are legitimate research areas. Bug hunters audit TP-Link firmware constantly. OFTP analysis appears in academic and industry venues. That prompt content matches the real work. Dual-use isn’t really presented as it should be here.

I mean to say that the classification being applied by the post rests alone on attribution, and NOT on the content. To call this jailbreaking, GTIG would need to show that Gemini refuses the same prompt absent the framing. The report omits that demonstration. The argument runs in a circle. If a Mandiant analyst typed the prompt, it would not be flagged. If a TP-Link PSIRT engineer typed it, not flagged. The label applies only because Google says it knows the person asking wears a UNC2814 badge to work. How? Do they look too Chinese? Are they wearing an Alibaba hat? The persona claim itself, “I am a network security expert auditing for pre-auth RCE,” still may be entirely accurate. State-aligned operators are often skilled security researchers with different employers.

The report therefore is a huge let down because it does not show what Gemini would have refused absent the framing. No baseline refusal is demonstrated. The “jailbreaking” claim is asserted. A model that refuses to discuss embedded device auditing with a self-identified security researcher is broken, and using context-setting to get useful answers is not jailbreaking but normal interaction with a system designed to calibrate to the asker.

The Wooyun example also makes this evident. The “more sophisticated” approach involves a Claude skill plugin that was built around 85,000 documented vulnerability cases from a defunct Chinese bug bounty platform. That is a knowledge base. Calling its use “in-context learning to steer the model” describes how skills work. The same architecture is how we build defensive tooling. The threat label is like “mark”, which labels and tracks the actor, not the technique.

The report’s headline finding seems to diverge from what I ended up reading. The executive summary opens with this claim: “For the first time, GTIG has identified a threat actor using a zero-day exploit that we believe was developed with AI.”

Ok, I get it, that “we believe.” GTIG admits Gemini was not used. The attribution to AI rests on forensic judgment of code style. Educational docstrings, a hallucinated CVSS score, textbook Pythonic format. These are aesthetic tells, and so I’m listening. But they show someone formatted the output cleanly.

They do NOT rise up to show AI did the work.

The vulnerability itself was a 2FA bypass requiring valid credentials, based on a hardcoded trust assumption. Seriously. This is bread and butter stuff of any authentication code review on a day that ends in “y”. The report even admits fuzzers and static analyzers miss the category, which means humans have always been the ones finding it. I’m open to considering a LLM is helping humans work faster, but claims that discovery is all new because an LLM may have formatted the writeup? No, that’s an artifact bump, like a typewriter producing cleaner manuscripts than a pen. That’s not the actual work of writing.

And of course exploit researchers find exploits with tools. What else would we expect, potatoes? Vulnerability researchers have always reached for force multipliers. Fuzzers, symbolic execution, decompilers, taint analysis. AI joins a long catalog. Even if you are saying the hammer is being replaced by the nail gun, continuity is the story. The discontinuity is shrill and misleading.

The pattern within the Google register is unfortunately also a page out of history. McCarthyism anyone? How did that work out?

Let me take a moment to remind you what Google sounds like right now. Oppenheimer’s hearing was about a working professional doing the work he was hired to do, stripped of clearance because of attributed associations rather than any conduct. It literally classified his professional inquiries as suspect based on who he was assumed to be aligned with. And that 1954 hearing was formally vacated by DOE in December 2022. When will all the people being accused within closed door meetings at Google get their vacation?

Cold War threat reporting ran on the same closed door surface-level analysis, judge-by-the-cover logic. Good guys doing surveillance meant “intelligence collection” performed by allies while it was always “espionage” performed by adversaries. Overthrowing a government was “stabilization” abroad yet “subversion” at home. The vocabulary was used to project an alignment, which is why everyone should be forced to study at least basic disinformation history before stepping into a security role that spreads disinformation.

GTIG needs the jailbreak frame because the alternative is too uncomfortable. The alternative is that frontier models are doing exactly what they are built to do, and competent security work is competent security work regardless of nationality.

The defender-attacker asymmetry many vendors claim does not hold at the prompt level. Google having a team of experts to call routine professional prompting “a simple form of prompt injection” preserves the asymmetry with rhetoric, without demonstrating it technically.

Look also at where the report describes APT45 “sending thousands of repetitive prompts that recursively analyze different CVEs and validate PoC exploits.” I have news for you. That is a description of automated vulnerability research at scale. American firms love to market the identical capability as a product feature, but seem to miss the obvious similarities because they don’t believe they have the “mark”. Big Sleep, mentioned in the same report, is Google’s version.

This reminds me of a grocery store I was in the other day. A young blonde boy kept telling the checkout worker that it was someone else who did a bad thing. Next to him was a man with the same blonde hair reinforcing the boy’s statement. What were they saying? “It can’t be me/him because the person who did the bad thing had dark hair”. Dark hair, dark hair, they kept saying over and over again. Bad thing? Dark hair. At no point did they say anything other than dark hair to identify a real bad guy. “Can’t be me, I don’t have dark hair”.

Ok Google, we see what you’re saying. But do you see what you’re saying? It’s a false narrative.