This was the week when the autonomous AI bots went a bit crazy and decided to burn tokens on social media. Moltbook is so hot it leaves behind molten agents. Well, no, stop there Gerald, people will start thinking you are using an LLM to do your writing. Of course, there’s a decent sprinkling of security issues where once again the usual suspects prove that security vendors are bad at securing software.

It’s been a busy week, hasn’t it. Fascism is on the rise and AI too. But it’s not all bad news… (touches earpiece) I’m receiving new information. Aaaanyway. This week we’re looking at mad and bad. We’re looking at how magic strings and parameter injection can be bad, how mad AI coding is and how bad people make me mad. Telnet? In 2026? First of all, we’re reminded that running old services can be rather dangerous.

This week’s installment of my LinkBlog covers old tech that is new, operational tech that is secure, observability that is not expensive and a series of vulnerabilities for us to snigger at, then take a breath and take seriously. Mainframes are not dead I have often said that learning COBOL is on my bucket list and that my advice for young people in the software engineering sector is that learning how to program mainframes would be quite profitable as the current cohort of greybeards retire, and nobody understands anymore how the thing that holds banks and insurances and government together actually works.

My post is a little late this week as I went away with the scouts. Everyone else was in the bunkhouse, I was in a tent. Something about ratios. And I brought the summer sleeping bag. Freezing. Alone. Kind of like America must feel like. What does America have to do with tents, I hear you ask? Well, now that the US has abandoned an inclusive big tent approach and focuses more on pissing on everyone else’s tents, according to Cory Doctorow (of enshittification fame) it has handed us a golden opportunity to break free of American dominance of technology.

Like any blog post at New Year’s, we’ll be looking to the future. We’ll also check our assumptions and we’ve got some security content before looking at a website to destroy all websites. I did like this piece on The Register which looks at four potentially game changing technologies without mentioning AI. The oxygen of publicity this year has mostly been consumed by our two-lettered friend, AI. There’s no reason to think this will change in 2026.

To those who celebrate the festivals either end of the last 7 days of the year: Happy <insert here>! This time round, there’s not one, but two bleeding fails in security, some interesting protections, how slowing down is not only speeding up, but also making things more enjoyable. So without further ado, and much less waffle, let’s jump right in: GPG fail Our first fail is from the 39th Chaos Computer Congress gathering, which provided a rather bountiful set of vulnerabilities and weaknesses around GPG - the GNU Privacy Guard to give it its full title.