Adam Shostack  

@adamshostack@infosec.exchange
3.9K Followers
663 Following
10.1K Posts

Author, game designer, technologist, teacher.

Helped to create the CVE and many other things. Fixed autorun for XP. On Blackhat Review board.

Books include Threats: What Every Engineer Should Learn from Star Wars (2023), Threat Modeling: Designing for Security, and The New School of Information Security.

Following back if you have content.

Websitehttps://shostack.org
Latest bookhttps://threatsbook.com
Opsec statusCurrently clean
Youtubehttps://youtube.com/shostack
Adam Shostack  5h ago

This is certainly a lot of effort to prevent me from pasting a link to a post as if it were a quote post. Oh wait, it won't do that.

https://oldfriends.live/@paul/115039837616245490

Paul Chambers🚧 (@paul@oldfriends.live)

Attached: 1 image @benroyce@mastodon.social The most recent, up-to-date, v4.* Mastodon servers have the setting now so people can set it in advanced of the upcoming Quote Post feature. It's under Preferences, Other The "Who can quote" options are: 1. Everyone 2. Followers 3. Nobody @maxleibman@beige.party @jstatepost@mstdn.social

oldfriends.live
Adam Shostack  6h ago
Show threadNick7h ago
@adamshostack I couldn't agree more. I often see people here talking about how Mozilla isn't listening to their user base, but when you have such a small market share you mostly need to think about what the people who currently don't use your product want. I know that there are some people who would say "just stay a small niche product," but because browser compatibility is largely driven by market share, in a world currently dominated by chrome variants staying niche player is a self-defeating strategy. But, as you said, there may not be much middle ground between what the existing user base wants and what will bring in new users. It's a real quandary..
Show threadAdam Shostack  7h ago
I'd love it if all the hate could be directed into a "here's how to double Firefox's market share."
Adam Shostack  7h ago

I don't envy Mozilla here. They're searching for a way to broadly regain relevance and market share, and that's really hard, especially for products that people use as heavily as a browser. It's even harder because they have a userbase (geeks) whose preferences may not line up with the broader world.

I also don't love their choices.

https://mastodon.social/@nixCraft/115031381450059277

Adam Shostack  7h ago
nixCraft 🐧1d ago
Many Linux users have recently reported their fans running at full speed and high temperatures. They discovered that Firefox was consuming all CPU cores, and it turns out that the cause was Firefox's new default AI features. This is how you ruin your product 😅 https://www.theregister.com/2025/08/13/firefox_ai_scoffing_power/
Some users report their Firefox browser is scoffing CPU power

: You guessed it: looks like it's a so-called AI

The Register
Adam Shostack  8h ago
skribe 🇺🇦 19h ago

Can you name ONE (one only please) SF/F book, written this century (2001+), that has absolutely blown your mind? Not just something you liked, or that was good, I'm looking for the absolute best books written this century.

Boost for visibility please.

#Books #SF #Fantasy #21Century

Adam Shostack  8h ago
Dave Anderson4d ago

Digging into the drive in my NAS that faulted, I'm reminded that magnetic hard drives are preposterously magical technology.

Case in point, using Seagate's tools I can get the drive to tell me how much it's adjusted the fly height of each of its 18 heads over the drive's lifetime, to compensate for wear and stuff. The drive provides these numbers in _thousandths of an angstrom_, or 0.1 _picometers_.

For reference, one helium atom is about 49 picometers in diameter. The drive is adjusting each head individually, in increments of a fraction of a helium atom, to keep them at the right height. I can't find numbers of modern drives, but what I can find for circa ten years ago is that the overall fly height had been reduced to under a nanometer, so the drive head is hovering on a gas bearing that's maybe 10-20 helium atoms thick, and adjusting its position even more minutely than that

This is _extremely_ silly. You can buy a box that contains not just one, but several copies of a mechanism capable of sub-picometer altitude control, and store shitposts on it! That's wild.

Anyway my sad drive apparently looks like it had a head impact, not a full crash but I guess clipped a tiny peak on the platter and splattered a couple thousand sectors. Yow. But I'm told this isn't too uncommon, and isn't the end of the world? Which is, again, just ludicrous to think of. The drive head that appears to have bonked something has adjusted its altitude by almost 0.5 picometers in its 2.5 years in service. Is that a lot? I have no idea!

Aside from having to resilver the array and the reallocated sector count taking a big spike, the drive is now fine and both SMART and vendor data say it could eat this many sectors again 8-9 times before hitting the warranty RMA threshold. Which is very silly. But I guess I should keep an eye on it.

Adam Shostack  23h ago
Seems productive, if you’re trying to distract from a failed plan.
Adam Shostack  23h ago
Show thread🐀 ␆23h ago
@adamshostack But Lisa says that's she's on the run looking for a special one
Adam Shostack  23h ago
Tanya Janca | SheHacksPurple  23h ago

Threat modeling helps teams build more secure, resilient applications without needing to become security experts. It’s about making security part of how we build, not something we tack on at the end.

https://shehackspurple.ca/2025/08/15/what-is-threat-modeling/

What is Threat Modeling?

Threat modeling is really just a fancy way of saying: “Let’s think about what could go wrong with our software in advance, so we can stop it before it happens.” When we build applications, most of …

SheHacksPurple