At the end of February 2026 half-a-dozen security bugs were reported in the text editor Vim. Fixing them requires an upgrade to Vim version 9.2.0078 or later. This time those who write the plugins for the Nessus security scanner decided it should produces an alert for each bug rather than a single combined alert suggesting an upgrade as it sometimes does. This produced a huge jump in our total number of vulnerabilities. Several of them have been given a severity level of Medium or High.

Understanding and explaining the impact of bugs like these is not simple. Vim is not like a web browser. A web browser downloads hundreds of files every time it is used. At best the user is explicitly aware only of the HTML page at the address shown in the address bar. But this page could be pulling in dozens or even hundreds of files from various servers. The browser can potentially be attacked by putting a maliciously-crafted file on any of these servers.

In contrast exploiting a security bug in something like Vim is far more difficult. One must get a maliciously-crafted file into some package of files such as a Git repository which people will deliberately install and then edit with Vim.

So if Nessus reports that your server has a dozen vulnerabilities in Vim, the actually chances that one of the bugs will ‘get woken up’ and start doing bad things is pretty low, since nothing happens until the system administrator interacts with maliciously-crafted files, and this will probably never happen. But Nessus marks them Medium and High seriousness because for all Nessus knows users may be downloading all sorts of stuff from the Internet and could get bitten. Be that as it may, the scary reports make people nervous and sometimes fixing it is simpler than performing a risk assessement and defending it.

The problem is that Debian has not yet released a patch for this and it is not clear (to me) if they believe the theoretical risks of exploitation justify the risks of breaking something in a stable release. The only place the problem is fixed is in the unstable repository which has Vim version 9.2.0136. Prior releases still have Vim version 9.1.x. There are three possible solutions:

1. Remove the Vim package and edit configuration files using busybox vi until they get this sorted out
2. Remove the Vim package and build and install it from source code
3. Install the packages from Sid

I chose option one for most servers and option two for my development system.

My development system was at Debian 12 “Bookworm”. The problem is that Vim from unstable depends on a newer version of the C library. If I allow this upgrade, it could cause problems either with code compatibility or package dependencies. So I decided to upgrade the system to Debian 13 “Trixie” which is the current latest release and hope the C library versions would be the same. This was on my list of things to do anyway and it paid off.

After the upgrade I temporarily added the Unstable repository by creating the file /etc/apt/sources.list.d/debian-unstable.sources with these contents:

Types: deb
URIs: https://deb.debian.org/debian/
Suites: sid
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

And then:

$ sudo apt-get update
$ sudo apt-get install vim

I then removed /etc/apt/sources.list.d/debian-unstable.sources and updated the sources list again:

$ sudo apt-get update

I think there may be a way to make the Trixie repository the default and leave the Unstable repository in place. Then presumably Vim would follow Unstable, but I did not persue that.

The so-called Cosmonaut Ludmila recording is of a series of radio transmissions intercepted by the Judica-Cordiglia brothers in May of 1961 on a channel which they believed was used by the Soviet space program. They interpreted the utterances as a distress call from a Soviet female astronaut reporting an onboard fire. Since no corresponding Soviet space mission has ever been identified, it is now widely supposed that the recording is a clumsy hoax. We carefully transcribe the recording and find that it contains no references at all to space flight, only nondescript utterances interspersed with childish patter and frivolous remarks about the heat in the radio operator’s workspace.

Since my previous article on Marconi I have tracked down the source of the extraordinary assertion made in the Provincetown Independent that the radio pioneer believed “sound never disappears from Earth”.i All the references I have found to this idea eventually lead back to the book Perfecting Sound Forever: An Aural History of Recorded Music by Greg Milner which was published in 2009ii. The story is not part of the main body of the book. Instead it is part of a teaser essay. This is what he wrote:

The story goes that, late in his life, Guglielmo Marconi had an epiphany. The godfather of radio technology decided that no sound ever dies. It just decays beyond the point that we can detect it with our ears. Any sound was forever recoverable, he believed, with the right device. His dream was to build one powerful enough to pick up Christ’s Sermon on the Mount.

Nessus is a security scanner sold by a company called Tenable. It runs through a customer’s network checking to see whether the computers have any known defects which could undermine their security.

Normally this works well. Yes, sometimes the test plugins do not have access to full information and have to make assumptions which lead to false positives. But sometimes Tenable writes the test procedure incorrectly. This has happened three times in the last three weeks.

We can learn much about how ChatGPT works from a single question. This question was posed to ChatGPT 3.5 on February 13, 2023.

Question

Why didn’t Newton accept the Trinity?

ChatGPT’s Answer

Isaac Newton was a devout Christian, but he did not accept the doctrine of the Trinity as traditionally defined by the Church. He believed in a more puritanical form of Christianity and rejected many of the orthodox beliefs of his time, including the idea of the Trinity as three persons in one Godhead. Newton saw the Trinity as a pagan corruption of the early Christian Church, and he held that the doctrine was not supported by the Bible.

Newton’s rejection of the Trinity was a relatively minor aspect of his religious beliefs, and it did not prevent him from making major contributions to science. Nevertheless, his views on the Trinity were not widely accepted during his lifetime, and he was often criticized for his unorthodox beliefs. Today, Newton is remembered primarily for his scientific achievements, and his views on religion are of historical interest.