Notices by Adam Shostack :donor: :rebelverified: (adamshostack@infosec.exchange)

Today's "history is boring" lesson: The Declaration of Independence lists "For transporting us beyond Seas to be tried for pretended offences" as one of the reasons Independence was important.

@matthew_d_green Is it normal for a university to memory hole a former professor's pages? I thought the norm was to keep scholarship present, but possibly mark it as an inactive page.

@brianvastag
@inthehands had a thread on better ways to bet against Tesla stock

@brianvastag @inthehands yeah, short 😇 form: retail investors should never short any stock. It's one of the few forms that has potentially larger downside than the investment.

@inthehands Also: realize that this is a bad investment but may be a good or fun gamble.

@inthehands Let it go Paul, it's mastodon and the HOA members need you to understand they have never made a mistake, and also their hobby-horse explains that thing perfectly.

(1/n)

I prefer text heavy slides, because they're useful to an audience who (1) loses the thread (2) doesn't speak english as a first language (3) wants to tweet screenshots.

Does anyone actually prefer a technical conference talk where the slides are all pictures? (Assuming clipart, LLM-generated, etc, not custom graphics)

I’m old enough to remember when Ronald Reagan stood in front of the Berlin Wall and said “Mr Gorbachev, how much of east Germany’s minerals are you willing to give us?”

Just normal 2025 stuff as I boost posts about multiple public exposures to measles because the CDC is … missing in action

@kataclyst @jeffowski I think you mean Connecticut. You clearly need to come south and warm up 😜

Hoarding, Debt and Threat Modeling (blog post cross post)

During a recent threat modeling course, one of our students, Aleksei*, made a striking comparison that resonated with a lot of us: starting security analysis is like tackling a hoarder’s house. That visceral image of looking at mountains of accumulated issues, feeling overwhelmed by where to begin, captures a challenge many engineering leaders face when they first attempt to systematically assess their system’s security.

Perhaps the reason it’s evocative is most of us have been in the situation of everywhere we look, there’s more problems. Where do you begin? And that feeling of being overwhelmed, of not knowing where to start... well, again, evocative

(1/4, https://shostack.org/blog/hoarding-debt-and-threat-modeling/)

@inthehands His Thinking Fast and Slow is a freaking masterpiece on many levels, including accessibility, clear science writing...

@inthehands @jannem about 15 years ago I read a book by a Berkely prof who had some very principles critiques of fMRI study designs, and advocated that a lot of our thinking is embodied. I really wish I could find it.

@inthehands My next book shall be titled "Led astray by Dan Kahneman." It shall be very, very short. ;)

@inthehands Musicians were very highly represented amongst WWII cryptographers. I always thought about that was more about patterns and variations than about space.

@rysiek @futurebird To build on what Raven said, you can often present a focus on clarity rather than ethics, and get people to see the ethical dilemmas and go do something else. This is less satisfying than a good table flip, but comes with a paycheck and a chance to do it again.

https://smallstep.com/blog/if-openssl-were-a-gui/

It’s as if 170 million voices were suddenly silenced … and then said “ok, boomer”

If states can rescind approval of Constitutional amendments, when does that end? Could we repeal the 3rd amendment by a vote of a few of the 13 original states?

@libreoffice Where is that “board report”? Where can we find release histories?