pathfinder 2e – Surprise attack when talking and defending from this

Surprise round and reaction is not clear for me.
We have a scenario, two characters talk, for example character X and Y. Character X says that they will hit character Y and talk again.

Now the player of character X decides to hit character Y.

Is there any way to self defense by character Y? My GM say that if character X has higher initiative and is not surprised, it can defend itself effectively because this action will be done before Y attacks, so it will seem to be aggressor, not Y. Most possible actions (for example, a free action in this scenario is to cast a bloodrage spell to buff defense) are unable to do in an enemy’s turn so character X can’t use this one moment before taking a hit from Y in Y’s turn. Is there any way to take a free action or other defense action without looking like an aggressor within pure mechanics scope?

Defending against Wiegand sniffing (ESPKey) attacks in RFID card readers

It’s known that card readers, which use the Wiegand format, can be attacked by installing a sniffer, such as an ESPKey. After the sniffer is installed, whenever anyone uses the reader, their credentials get saved, and the attacker can clone them.

What is the defense against this? The article mentions that card readers have a tamper sensor. Is a correctly installed tamper sensor enough to thwart this attack? What exactly does the tamper sensor do, and what happens when it’s set off?

Also, since ESPKey attacks specifically target the interceptable wiegand protocol, is there some other protocol which provides secure communications? Many articles cite Wiegand as being the most common protocol. What percentage of card readers are vulnerable to this attack, and what’s the next most common non-vulnerable protocol?

soft question: how to publish important research, defending authorship, even if its applications are problematic?

Suppose an amateur mathematician solved a large open problem from the past, such as the Riemann hypothesis. He wants his work to be reviewed and published. What are the precise steps you have to take to defend your authorship? And the problems with applications, such as cryptography?

