Adam Shostack
@adamshostack.bsky.social
Threat modeling. BH Review Board. Affiliate Professor, UW. Fixed autorun. Helped create CVE.
Not sure why we're building graphs on yet another (effectively) centralized system. https://infosec.exchange/@adamshostack
Not sure why we're building graphs on yet another (effectively) centralized system. https://infosec.exchange/@adamshostack
Reposted by Adam Shostack
The Lego Edge.
LEGO is launching the most ambitious brick it’s ever made: a tiny computer that fits entirely inside a classic 2x4 LEGO brick. It will make entire LEGO sets come to life — with humming lightsabers, roaring engines, light-up blasters, and more www.theverge.com/tech/854556/...
Lego announces Smart Brick, the ‘most significant evolution’ in 50 years
Starting with Lego Star Wars.
www.theverge.com
January 5, 2026 at 8:15 PM
The Lego Edge.
Reposted by Adam Shostack
This post by JA Westenberg is so good. And it's forcing me to look again at my own site, PressThink.
"The Case for Blogging in the Ruins." www.joanwestenberg.com/the-case-for...
"Most blogs are abandoned after three posts," she writes. The ones that persist have these things in common:
"The Case for Blogging in the Ruins." www.joanwestenberg.com/the-case-for...
"Most blogs are abandoned after three posts," she writes. The ones that persist have these things in common:
January 4, 2026 at 4:34 PM
This post by JA Westenberg is so good. And it's forcing me to look again at my own site, PressThink.
"The Case for Blogging in the Ruins." www.joanwestenberg.com/the-case-for...
"Most blogs are abandoned after three posts," she writes. The ones that persist have these things in common:
"The Case for Blogging in the Ruins." www.joanwestenberg.com/the-case-for...
"Most blogs are abandoned after three posts," she writes. The ones that persist have these things in common:
Look I’m not saying I have a completed plan but if anyone knows a hobbit or a few dwarves…
Remember Erebor, the mountain where Smaug killed the dwarves and stole all their money? And then every nation in the world fought a bloody war to try to get their money back?
Techrbos named their new bank after it.
Techrbos named their new bank after it.
Erebor Bank, Palmer Luckey's crypto-oriented finance startup, just got one step closer to launching
The FDIC approved the bank's application on Dec 16. It still requires final approval from the Office of the Comptroller of the Currency.
www.businessinsider.com
December 31, 2025 at 2:21 AM
Look I’m not saying I have a completed plan but if anyone knows a hobbit or a few dwarves…
Reposted by Adam Shostack
Anyway, Brandolini’s law continues to hold: Bullshit is asymmetrical.
Editorial failures like this put the burden on me to track how even purportedly scholarly works (mis)use what I’ve said and written, and expend time and effort to set the record straight. It’s untenable in the long run.
Editorial failures like this put the burden on me to track how even purportedly scholarly works (mis)use what I’ve said and written, and expend time and effort to set the record straight. It’s untenable in the long run.
December 29, 2025 at 5:36 PM
Anyway, Brandolini’s law continues to hold: Bullshit is asymmetrical.
Editorial failures like this put the burden on me to track how even purportedly scholarly works (mis)use what I’ve said and written, and expend time and effort to set the record straight. It’s untenable in the long run.
Editorial failures like this put the burden on me to track how even purportedly scholarly works (mis)use what I’ve said and written, and expend time and effort to set the record straight. It’s untenable in the long run.
I mean it’s a flex to go from “don’t invent the torment nexus” to “name your company after the guy who betrays absolutely everyone” and so you have to ummm respect it or maybe you could just prepare to laugh gleefully when it turns out it’s really a blackmail scheme. 🤷
Sauron is appearing on the scene as concerns rise about crime among the most wealthy.
Sauron, the high-end home security startup for "super premium" customers, plucks a new CEO out of Sonos | TechCrunch
Sauron is appearing on the scene as concerns rise about crime among the most wealthy.
techcrunch.com
December 29, 2025 at 2:43 AM
I mean it’s a flex to go from “don’t invent the torment nexus” to “name your company after the guy who betrays absolutely everyone” and so you have to ummm respect it or maybe you could just prepare to laugh gleefully when it turns out it’s really a blackmail scheme. 🤷
Reposted by Adam Shostack
Anyone who doesn’t understand how to read a royalty statement, there are professional auditors who will do it for you and they only get paid if they make a recovery for you. If you don’t know any, HMU. I know lots of them.
"Use AI tools to analyze royalty statements and contracts"
oh my god please read your fucking contracts and ask a human being about things you don't understand.
oh my god please read your fucking contracts and ask a human being about things you don't understand.
December 28, 2025 at 6:19 PM
Anyone who doesn’t understand how to read a royalty statement, there are professional auditors who will do it for you and they only get paid if they make a recovery for you. If you don’t know any, HMU. I know lots of them.
I cannot emphasize enough how good reviews provide your fave authors with both happiness and algorithmic favor.
Most people find new books via Amazon, and Amazon picks the books they want to show you (in part) from sales velocity and reviews.
Most people find new books via Amazon, and Amazon picks the books they want to show you (in part) from sales velocity and reviews.
"I can't afford to support my favorite author right now, I—"
Reviews.
Reviews are free AND they are a gift to authors that can keep on giving (i.e., exposure, marketing, algo boosts, etc.)
Please, give the gift of reviews to your authors this holiday season. It really can make a difference!
Reviews.
Reviews are free AND they are a gift to authors that can keep on giving (i.e., exposure, marketing, algo boosts, etc.)
Please, give the gift of reviews to your authors this holiday season. It really can make a difference!
December 28, 2025 at 12:58 AM
I cannot emphasize enough how good reviews provide your fave authors with both happiness and algorithmic favor.
Most people find new books via Amazon, and Amazon picks the books they want to show you (in part) from sales velocity and reviews.
Most people find new books via Amazon, and Amazon picks the books they want to show you (in part) from sales velocity and reviews.
masto/bluesky compare:
76 likes, 34 boosts, 10 comments
10 likes
76 likes, 34 boosts, 10 comments
10 likes
My editor is probably going to ask me to change this sentence, so I'll share it with you.
"If you have no privilege escalation issues because you’re already running as root fucking fix that shit."
"If you have no privilege escalation issues because you’re already running as root fucking fix that shit."
December 27, 2025 at 4:51 PM
masto/bluesky compare:
76 likes, 34 boosts, 10 comments
10 likes
76 likes, 34 boosts, 10 comments
10 likes
My editor is probably going to ask me to change this sentence, so I'll share it with you.
"If you have no privilege escalation issues because you’re already running as root fucking fix that shit."
"If you have no privilege escalation issues because you’re already running as root fucking fix that shit."
December 26, 2025 at 10:46 PM
My editor is probably going to ask me to change this sentence, so I'll share it with you.
"If you have no privilege escalation issues because you’re already running as root fucking fix that shit."
"If you have no privilege escalation issues because you’re already running as root fucking fix that shit."
Reposted by Adam Shostack
I don't think there's any understanding of the First Amendment under which this ("our Savior") is constitutional. Yet they don't care, and they've eliminated all the attorneys who would've objected.
Kudos to the Goldwater and Cato Institutes for condemning it.
www.nytimes.com/2025/12/25/a...
Kudos to the Goldwater and Cato Institutes for condemning it.
www.nytimes.com/2025/12/25/a...
Trump Administration Emphasizes Religion in Official Christmas Messages
www.nytimes.com
December 26, 2025 at 12:47 PM
I don't think there's any understanding of the First Amendment under which this ("our Savior") is constitutional. Yet they don't care, and they've eliminated all the attorneys who would've objected.
Kudos to the Goldwater and Cato Institutes for condemning it.
www.nytimes.com/2025/12/25/a...
Kudos to the Goldwater and Cato Institutes for condemning it.
www.nytimes.com/2025/12/25/a...
The absolutely amazing thing is we have a perfect storm of liability transfer, so entrepreneurs will get rich as you try to reach a human about the AI's denial of your insurance claim.
If only someone could invent a mechanism to help us manage such challenges!
If only someone could invent a mechanism to help us manage such challenges!
December 26, 2025 at 5:03 PM
The absolutely amazing thing is we have a perfect storm of liability transfer, so entrepreneurs will get rich as you try to reach a human about the AI's denial of your insurance claim.
If only someone could invent a mechanism to help us manage such challenges!
If only someone could invent a mechanism to help us manage such challenges!
Reposted by Adam Shostack
A few excerpts from Darmok's Christmas Story:
Ralphie and Flick, at the flagpole.
Randy, his arms down.
The Old Man, when the lamp broke.
Santa and Ralphie, on the mountain.
Ralphie and Flick, at the flagpole.
Randy, his arms down.
The Old Man, when the lamp broke.
Santa and Ralphie, on the mountain.
December 25, 2025 at 9:51 PM
A few excerpts from Darmok's Christmas Story:
Ralphie and Flick, at the flagpole.
Randy, his arms down.
The Old Man, when the lamp broke.
Santa and Ralphie, on the mountain.
Ralphie and Flick, at the flagpole.
Randy, his arms down.
The Old Man, when the lamp broke.
Santa and Ralphie, on the mountain.
Reposted by Adam Shostack
On Christmas Eve 1968, in Lunar orbit, the Apollo 8 crew took this photo: “Earthrise."
I'll never forget how inspiring the Apollo missions were to my brother and me as kids. They showed us what our country and humanity can accomplish when we work together toward a common goal.
I'll never forget how inspiring the Apollo missions were to my brother and me as kids. They showed us what our country and humanity can accomplish when we work together toward a common goal.
December 24, 2025 at 10:22 PM
On Christmas Eve 1968, in Lunar orbit, the Apollo 8 crew took this photo: “Earthrise."
I'll never forget how inspiring the Apollo missions were to my brother and me as kids. They showed us what our country and humanity can accomplish when we work together toward a common goal.
I'll never forget how inspiring the Apollo missions were to my brother and me as kids. They showed us what our country and humanity can accomplish when we work together toward a common goal.
Reposted by Adam Shostack
I'm going to suggest renaming it "the rule of three": "Doing these three things is doom."
There's way too much nuance in all the descriptions that call it a rule of two and imply you can do two out of the three.
Calling it the rule of three centers it on its core meaning of doom […]
There's way too much nuance in all the descriptions that call it a rule of two and imply you can do two out of the three.
Calling it the rule of three centers it on its core meaning of doom […]
Original post on infosec.exchange
infosec.exchange
December 24, 2025 at 4:21 PM
I'm going to suggest renaming it "the rule of three": "Doing these three things is doom."
There's way too much nuance in all the descriptions that call it a rule of two and imply you can do two out of the three.
Calling it the rule of three centers it on its core meaning of doom […]
There's way too much nuance in all the descriptions that call it a rule of two and imply you can do two out of the three.
Calling it the rule of three centers it on its core meaning of doom […]
Reposted by Adam Shostack
Year measles was declared eliminated from the US: 2000.
Measles deaths in the US, 2000-2024: 3.
Measles deaths in the US, 2025 alone: 3.
Deaths from the MMR vaccine in healthy people: 0
Measles deaths in the US, 2000-2024: 3.
Measles deaths in the US, 2025 alone: 3.
Deaths from the MMR vaccine in healthy people: 0
December 23, 2025 at 11:16 PM
Year measles was declared eliminated from the US: 2000.
Measles deaths in the US, 2000-2024: 3.
Measles deaths in the US, 2025 alone: 3.
Deaths from the MMR vaccine in healthy people: 0
Measles deaths in the US, 2000-2024: 3.
Measles deaths in the US, 2025 alone: 3.
Deaths from the MMR vaccine in healthy people: 0
Reposted by Adam Shostack
"This story doesn't need a sandworm"
This is almost always wrong. Arguably, EVERY story benefits from adding a huge subterranean worm with quasi-mystical or semi-supernatural powers, or equivalent (similar to Moby Dick).
Obviously the bigger the worm, the more literary quality it adds.
This is almost always wrong. Arguably, EVERY story benefits from adding a huge subterranean worm with quasi-mystical or semi-supernatural powers, or equivalent (similar to Moby Dick).
Obviously the bigger the worm, the more literary quality it adds.
what is your least favorite piece of writing advice and why? 👀
December 23, 2025 at 6:28 PM
"This story doesn't need a sandworm"
This is almost always wrong. Arguably, EVERY story benefits from adding a huge subterranean worm with quasi-mystical or semi-supernatural powers, or equivalent (similar to Moby Dick).
Obviously the bigger the worm, the more literary quality it adds.
This is almost always wrong. Arguably, EVERY story benefits from adding a huge subterranean worm with quasi-mystical or semi-supernatural powers, or equivalent (similar to Moby Dick).
Obviously the bigger the worm, the more literary quality it adds.
Question for my security colleagues: can you make Mitchell’s question a practicum? 😀🤷😇
Question for my IP attorney colleagues: How would you handicap the arguments for “fair use” if someone reposted the CECOT 60 Minutes segment (in its entirety) that CBS News aborted at the last minute? Which side of the argument would you think more likely to prevail?
Actively, in real time, trying to scrub this from the internet. The Youtube video here is set to private now. 60minutestonight.com/inside-cecot...
December 22, 2025 at 2:50 AM
Question for my security colleagues: can you make Mitchell’s question a practicum? 😀🤷😇
Reposted by Adam Shostack
If I understand this morning's news properly, we're invading Venezuela because they nationalized some American oil company's assets and gave it to Venezuelan companies. In unrelated news, America has nationalized TikTok and given it to American companies […]
Original post on infosec.exchange
infosec.exchange
December 19, 2025 at 3:23 PM
If I understand this morning's news properly, we're invading Venezuela because they nationalized some American oil company's assets and gave it to Venezuelan companies. In unrelated news, America has nationalized TikTok and given it to American companies […]
Reposted by Adam Shostack
everything is terrible so here's the Muppets channeling Hamilton and bringing me untold joy (via the brilliant brettevansmafrog on insta)
October 3, 2025 at 1:13 AM
everything is terrible so here's the Muppets channeling Hamilton and bringing me untold joy (via the brilliant brettevansmafrog on insta)
Reposted by Adam Shostack
it's (somehow) also worse than this because the AI summaries are embedded into the search output too
instead of a preview of the abstract, you get misleading garbage text immediately under each result (post below shows example with the summary clicked to expand)
bsky.app/profile/5tua...
instead of a preview of the abstract, you get misleading garbage text immediately under each result (post below shows example with the summary clicked to expand)
bsky.app/profile/5tua...
why is the ACM stabbing authors in the back with generative AI text effluent?
December 17, 2025 at 7:17 AM
it's (somehow) also worse than this because the AI summaries are embedded into the search output too
instead of a preview of the abstract, you get misleading garbage text immediately under each result (post below shows example with the summary clicked to expand)
bsky.app/profile/5tua...
instead of a preview of the abstract, you get misleading garbage text immediately under each result (post below shows example with the summary clicked to expand)
bsky.app/profile/5tua...
Reposted by Adam Shostack
Dear @acm.org this is a terrible idea. Please reconsider.
The ACM Digital Library, where a LOT of computing-related research is published (I'd say at least 75% of my own publications), is now not only providing (without consent of the authors and without opt-in by readers) AI-generated summaries of papers, but they appear as the *default* over abstracts.
December 17, 2025 at 5:03 PM
Dear @acm.org this is a terrible idea. Please reconsider.
Is there a bullet list of the amazing quotes that Vanity Fair got the best and brightest chief of staff ever? I'd like to read them without any of their snarky commentary, context or fact checking.
December 16, 2025 at 10:27 PM
Is there a bullet list of the amazing quotes that Vanity Fair got the best and brightest chief of staff ever? I'd like to read them without any of their snarky commentary, context or fact checking.
Reposted by Adam Shostack
December 15, 2025 at 12:50 PM
Life threatening flash floods near Green river/Tukwilla WA
😳
🚨 Flash Flood Warning issued December 15 at 11:51AM PST until December 15 at 9:00PM PST by NWS Seattle WA 🚨
Additional Details Here.
Additional Details Here.
December 15, 2025 at 8:41 PM
Life threatening flash floods near Green river/Tukwilla WA