important idea of the scientist Dan Geer to the ever more fraught relations.14” Perhaps the US and China could work together to buy up and then publish all the zero days as they emerged, | thought.!48 Instead of the dangerous code falling into the hands of cybercriminals, Mafiosi and terrorists, the two countries could lead an effort to jointly buy any new exploit for five times what anyone else would pay - and then immediately publish what they had bought and the necessary patch. This would make the network safer for everyone. I should have known better. The US and China and other nations were (and are) buying world-class zero days. But they were never going to publish them. They were buying them fo use. Sometimes against each other. Sometimes, unnervingly, against their own citizens. And they needed to keep on buying and developing and hiding such tools on an exhausting, never-ending security treadmill because, unlike traditional weapons, which could be stockpiled to use whenever they were needed in the future, the holes of the most valuable zero-days might be patched at any moment, making a once devastating bit of malware instantly useless. And, as the systems matured and accelerated, this meant that they had to run ever faster to keep up. Which further reduced their incentive to “buy and publish” what they did have. Little surprise then that all around the IT universe in recent years, the incidence of reporting dangerous bugs has been declining, even as we know the number of known security holes is certainly growing. 149 Grab the five nearest electronic devices near you and you can be pretty sure each is vulnerable; which of course means you are vulnerable too. Not merely to the loss of your secrets, but also to perversion and control. This is the cold truth: that old hacker ethos, the one spread out so warmly on Amsterdam grass 20 years ago, the be liberal in what you accept frontier society instinct, is dead. Weird machines and normal machines, weird networks