Notices by Adam Shostack :donor: :rebelverified: (adamshostack@infosec.exchange)

@ryanc That's "A little sarcastic?" What happens if you ask it to be cynical?

@gelliottmorris.com @inthehands This is just egging on the trolls….

Well, this is one way to introduce a topic:

Artists from all mediums emphatically support the use of AI, saying it augments and enhances their work, expanding what is possible. They are also unequivocal that they are still the creators of their work and the AI is not—but believe artists and technology must learn to coexist harmoniously.

https://cacm.acm.org/news/ai-and-art/

@inthehands @rk @beyondmachines1 💯 % agree. I've tried to show this visually in https://shostack.org/blog/strategy-for-threat-modeling-ai/ would appreciate your feedback.

@rk @inthehands @beyondmachines1 In the sense of LLMs being good at generating clocks at 10:10, it would not surprise me to discover that LLMs have preferences for certain MFA values that were used in a google blog post.

@mattblaze speaking about voting at security and human behavior #shb

This is a really awful situation for many authors. If you like an author whose books are available anywhere else, buy elsewhere. (There’s an argument in thread for buying through Boundless, but I think it throws good money at bad actors.) https://wandering.shop/@clacksee/114606754167072778

@cigitalgem BUT ALIGNMENT AND GUARDRA1LZ and Firewulls will fix it, right?

New blog: Free Threat Modeling Training for Displaced Federal Workers

US Government employees (and former employees) are going through a lot of chaos. Many of our colleagues, collaborators, and friends are out of work — suddenly and unexpectedly.

At Shostack + Associates, we can’t fix that. But we can offer something concrete.

In times of uncertainty, we focus on what we know, and what we know is threat modeling and how to teach it. It’s what we do best, and it’s how we can help.

(1/4) full post, links: https://is.gd/nYz3y2

@paul_ipv6 @heidilifeldman I believe you have to wait for the beauty of watching a court struggle to square originalism with immunity.

It’s going to be glorious. I mean in the sense of “this shall not stand” and bad for the republic but nice violin music.

@heidilifeldman @paul_ipv6 Who could have predicted that absolute immunity would be a tarpit?!?

This season of #andor sets aside childish things, and brings great writing, acting, and cinematography to #starwars in a way that the universe has always deserved and rarely gotten.

If you're not watching it, this is some of the best TV I've ever seen. I enjoy a lot of Star Wars, and do so understanding that most of it is fun and somewhat lighthearted in a very dystopian world.

Eric Geller has an amazing 11000 word analysis of this week's 3 episodes of #Andor.

https://ericgeller.wordpress.com/2025/05/10/andor-season-2-review-episodes-7-9/

Folks it’s very unreasonable to claim the #qatar plane will be covered in microphones.

The Qataris are experienced surveillance experts.

The plane will be full of microphones.

This is literally the message of 30 years of reporting on wiretap laws by @mattblaze @SteveBellovin Susan Landau and many others: designing these systems is exceptionally hard. That’s part of why the systems to handle classified data are so expensive. https://newsie.social/@bespacific/114451910633689677

This May the Fourth, remember that rebellions are built on hope.

How can they have "an abundance of caution" but not be able to handle the "complexity and scope" of understanding what they've done?

That doesn't sound like an abundance to me.

https://masto.deoan.org/@neurovagrant/114314578899331634

Today's "history is boring" lesson: The Declaration of Independence lists "For transporting us beyond Seas to be tried for pretended offences" as one of the reasons Independence was important.

@matthew_d_green Is it normal for a university to memory hole a former professor's pages? I thought the norm was to keep scholarship present, but possibly mark it as an inactive page.

@brianvastag
@inthehands had a thread on better ways to bet against Tesla stock

@brianvastag @inthehands yeah, short 😇 form: retail investors should never short any stock. It's one of the few forms that has potentially larger downside than the investment.