Right before RSAC, I posted an addendum to the Universal Cloud Threat Model that addresses the risks to non-US companies now that the US Government has lost its shit.

https://www.chrisfarris.com/post/threat-model-2025/

Specifically, I examined three new attack vectors: Denial of Availability, Violation of Confidentiality, and Attacks on Integrity. What could an unhinged and unrestrained US Government attempt to do, if they deem your organization is "not in the National Interest"

Well, this morning we woke up to the news that a prosecutor with the International Criminal Court (ICC) had his Outlook account shut down. Why did Microsoft do that? Well, Trump got upset because the ICC was going after leaders in Israel over alleged war crimes in Gaza. Also, I suspect because that same body indicted his KGB handler.

Ironically, just last month, Microsoft promised to push back against Trump, yet they are just rolling over. Admittedly, the ICC incident was for a consumer outlook account, and the promise was to protect the Azure Sovereign Cloud and maintain their operations in Europe.

So that is now my open question for all US companies building a Sovereign Cloud in Europe:

If the ICC attempted to open an account in your sovereign cloud, would you allow them to do so?

From @garymarcus on BlueSky:

A computer scientist’s perspective on vibe coding:

#ai #technology #vibecoding

It was also refreshing to hear, from the stage, Noem's plans to address this serious challenge in plain, forthrigh…

Oh.

Wait.

Nevermind.

https://www.fastcompany.com/91325646/how-trump-is-hacking-away-at-us-cyber-defenses

I boosted several posts about this already, but since people keep asking if I've seen it....

MITRE has announced that its funding for the Common Vulnerabilities and Exposures (CVE) program and related programs, including the Common Weakness Enumeration Program, will expire on April 16. The CVE database is critical for anyone doing vulnerability management or security research, and for a whole lot of other uses. There isn't really anyone else left who does this, and it's typically been work that is paid for and supported by the US government, which is a major consumer of this information, btw.

I reached out to MITRE, and they confirmed it is for real. Here is the contract, which is through the Department of Homeland Security, and has been renewed annually on the 16th or 17th of April.

https://www.usaspending.gov/award/CONT_AWD_70RCSJ23FR0000015_7001_70RSAT20D00000001_7001

MITRE's CVE database is likely going offline tomorrow. They have told me that for now, historical CVE records will be available at GitHub, https://github.com/CVEProject

Yosry Barsoum, vice president and director at MITRE's Center for Securing the Homeland, said:

“On Wednesday, April 16, 2025, funding for MITRE to develop, operate, and modernize the Common Vulnerabilities and Exposures (CVE®) Program and related programs, such as the Common Weakness Enumeration (CWE™) Program, will expire. The government continues to make considerable efforts to support MITRE’s role in the program and MITRE remains committed to CVE as a global resource.”

Trump's Treasury Department just rolled back a rule that was passed in 2021 to help expose straw donor schemes like the one used by Lev Parnas to funnel more than $1 million of foreign money into U.S. elections. New at @sludge

https://readsludge.com/2025/03/24/blatantly-pro-corruption-trump-guts-anti-money-laundering-rule/

Elon Musk just raided America's doomsday seed vault.

Yes, you read that right. The vault meant to protect humanity’s last defense against agricultural collapse, stripped and sabotaged.

This isn't hyperbole. The seed bunker held our future. Our protection from famine, disease, climate disasters, destroyed by reckless arrogance.

Elon Musk fired critical scientists, placing centuries of agricultural heritage at immediate risk.

America relied on those seeds. America relied on those scientists. America relied on that bunker.

62,000 unique wheat strains, 600,000 genetic lines, our lifeline in a crisis, now endangered.

Without regular care, these seeds die. Without these seeds, we lose our ability to respond to threats.

Without that ability, we lose food security itself.

This is a direct assault on humanity's survival.

Elon Musk and his Department of Government Efficiency (DOGE) treated our collective security as disposable, gambling with millions of lives. Farmers, families, and children. Everyone is harmed.

If you're thinking someone else will handle this, you're wrong. If you're assuming private industry will step in, you're wrong.

If you're comfortable waiting to act, you're complicit.

Apathy won't fix this, waiting won't reverse it.

You must immediately demand:
- Full reinstatement of the fired scientists.
- Secured federal funding protecting the seed vault permanently.
- Legislative safeguards ensuring this can never happen again.

Call your representatives. Share this message. Demand accountability from Musk, DOGE, and our government.

Act now, because your future depends on it. Your children's survival, planet's stability, and the nation's integrity are at stake.

It is urgent, necessary, and morally essential.

Stand up, speak out, and fight for our shared future.

Long blog post, "The First Constitutional Crisis of 2025"

Breaking from my usual style here, I'm not going to post it as a series. The post is intended to be read as a whole, and voting on and replying to subsets of it ... exacerbated the problems.

It starts:

"People frequently tell me that I’m good at bringing clarity to fraught questions. These days, I find myself wanting to write about the state of the United States. I write in the hopes that I can bring some of that clarity, while admitting that’s likely a vain hope because most of today’s arguments have degraded to tweet length snaps and taunts. I prefer to construct serious arguments, and I’m hopeful that this serious argument will help people understand why so many of us see a crisis and what we might do about it.

This is not a political post in the sense of advocating for one party or another. It’s a post about the state of our nation, which is in crisis. We have hundreds of years of history in which a few principles have been used to define how America works. That Constitutional bedrock includes separation of powers, the power of the purse being set in Congress, and the very Oath of Office."

https://shostack.org/blog/the-first-constitutional-crisis-of-2025/