Notices by Adam Shostack :donor: :rebelverified: (adamshostack@infosec.exchange)

@inthehands His Thinking Fast and Slow is a freaking masterpiece on many levels, including accessibility, clear science writing...

@inthehands @jannem about 15 years ago I read a book by a Berkely prof who had some very principles critiques of fMRI study designs, and advocated that a lot of our thinking is embodied. I really wish I could find it.

@inthehands My next book shall be titled "Led astray by Dan Kahneman." It shall be very, very short. ;)

@inthehands Musicians were very highly represented amongst WWII cryptographers. I always thought about that was more about patterns and variations than about space.

@rysiek @futurebird To build on what Raven said, you can often present a focus on clarity rather than ethics, and get people to see the ethical dilemmas and go do something else. This is less satisfying than a good table flip, but comes with a paycheck and a chance to do it again.

https://smallstep.com/blog/if-openssl-were-a-gui/

It’s as if 170 million voices were suddenly silenced … and then said “ok, boomer”

If states can rescind approval of Constitutional amendments, when does that end? Could we repeal the 3rd amendment by a vote of a few of the 13 original states?

@libreoffice Where is that “board report”? Where can we find release histories?

@libreoffice Also: citation needed please?

@ryanc Surely…

@ryanc Well that’ll teach me to take you seriously! 😂

@ryanc I don't mean to be snarky, but, really? Is this a studied thing?

Is there any meaningful security benefit to one time codes being more than 4-6 digits?

(For any of TOTP, email, or sms delivery.)

@joshbressers Even in 14 the macl and quarantine bits were over the tip

@GossiTheDog We used to get data like that from the malicious software removal tool and Defender... it wouldn't surprise me if there was a ~50% drop from version to version.. we saw that order of improvement from XP to Vista to 7. Some of it's better code and architecture. some of it is the folks who upgrade are more likely to be on top of other parts of managing their systems.

@ryanc Hey look I’m not the one who under specified the requirements! 😂

@ryanc a trapdoor?

I find myself really irked by the headline here. The problem is not a "simple website bug", the problem is that they wrote thousands of lines of code without ever thinking about what the trust boundaries are, or should be.

This is a massive design flaw. The idea that cars should be controllable from some mothership is bizarre (and not needed for app control - have a digital signature from the mobile device). The idea that cars are enrolled even if the user didn't set up an account is similarly broken. This isn't a "simple website bug" but a massive failure to consider the security implications of features.

@luckytran @inthehands In reading about this, I learned there are already nasal vaccines, which no one had ever mentioned to me. They require administering by a professional, what’s new is the “at home?”