Notices by Adam Shostack :donor: :rebelverified: (adamshostack@infosec.exchange)

@inthehands @rk @beyondmachines1 💯 % agree. I've tried to show this visually in https://shostack.org/blog/strategy-for-threat-modeling-ai/ would appreciate your feedback.

@rk @inthehands @beyondmachines1 In the sense of LLMs being good at generating clocks at 10:10, it would not surprise me to discover that LLMs have preferences for certain MFA values that were used in a google blog post.

@mattblaze speaking about voting at security and human behavior #shb

This is a really awful situation for many authors. If you like an author whose books are available anywhere else, buy elsewhere. (There’s an argument in thread for buying through Boundless, but I think it throws good money at bad actors.) https://wandering.shop/@clacksee/114606754167072778

@cigitalgem BUT ALIGNMENT AND GUARDRA1LZ and Firewulls will fix it, right?

New blog: Free Threat Modeling Training for Displaced Federal Workers

US Government employees (and former employees) are going through a lot of chaos. Many of our colleagues, collaborators, and friends are out of work — suddenly and unexpectedly.

At Shostack + Associates, we can’t fix that. But we can offer something concrete.

In times of uncertainty, we focus on what we know, and what we know is threat modeling and how to teach it. It’s what we do best, and it’s how we can help.

(1/4) full post, links: https://is.gd/nYz3y2

@paul_ipv6 @heidilifeldman I believe you have to wait for the beauty of watching a court struggle to square originalism with immunity.

It’s going to be glorious. I mean in the sense of “this shall not stand” and bad for the republic but nice violin music.

@heidilifeldman @paul_ipv6 Who could have predicted that absolute immunity would be a tarpit?!?

This season of #andor sets aside childish things, and brings great writing, acting, and cinematography to #starwars in a way that the universe has always deserved and rarely gotten.

If you're not watching it, this is some of the best TV I've ever seen. I enjoy a lot of Star Wars, and do so understanding that most of it is fun and somewhat lighthearted in a very dystopian world.

Eric Geller has an amazing 11000 word analysis of this week's 3 episodes of #Andor.

https://ericgeller.wordpress.com/2025/05/10/andor-season-2-review-episodes-7-9/

Folks it’s very unreasonable to claim the #qatar plane will be covered in microphones.

The Qataris are experienced surveillance experts.

The plane will be full of microphones.

This is literally the message of 30 years of reporting on wiretap laws by @mattblaze @SteveBellovin Susan Landau and many others: designing these systems is exceptionally hard. That’s part of why the systems to handle classified data are so expensive. https://newsie.social/@bespacific/114451910633689677

This May the Fourth, remember that rebellions are built on hope.

How can they have "an abundance of caution" but not be able to handle the "complexity and scope" of understanding what they've done?

That doesn't sound like an abundance to me.

https://masto.deoan.org/@neurovagrant/114314578899331634

Today's "history is boring" lesson: The Declaration of Independence lists "For transporting us beyond Seas to be tried for pretended offences" as one of the reasons Independence was important.

@matthew_d_green Is it normal for a university to memory hole a former professor's pages? I thought the norm was to keep scholarship present, but possibly mark it as an inactive page.

@brianvastag
@inthehands had a thread on better ways to bet against Tesla stock

@brianvastag @inthehands yeah, short 😇 form: retail investors should never short any stock. It's one of the few forms that has potentially larger downside than the investment.

@inthehands Also: realize that this is a bad investment but may be a good or fun gamble.

@inthehands Let it go Paul, it's mastodon and the HOA members need you to understand they have never made a mistake, and also their hobby-horse explains that thing perfectly.

(1/n)

I prefer text heavy slides, because they're useful to an audience who (1) loses the thread (2) doesn't speak english as a first language (3) wants to tweet screenshots.

Does anyone actually prefer a technical conference talk where the slides are all pictures? (Assuming clipart, LLM-generated, etc, not custom graphics)