Hovav Shacham

@[email protected]
380 Followers
335 Following
1.1K Posts

Security, privacy, and tech policy at UCSD.

“[U]niquely among all government employees, lie[s] outside the scope of [the government speech] doctrine; […] stand[s] alone on a First Amendment pedestal, free to say what [he] please[s], no matter what [his] government employers, including even the State Legislature, think about it.”

Profile photo: Nox the tiercel peregrine, Cal Falcons class of '24, photographed by Billy Thein (California Raptor Center).

Websitehttps://www.cs.utexas.edu/~hovav/
Backdoored compiler attack ideaKarger and Schell, Multics security evaluation, 1974
Hovav Shacham1d ago
Catarina Macario is back home in San Diego! Her minutes have been limited at Chelsea, but it's still sad to see her leave. https://www.theguardian.com/football/2026/mar/27/catarina-macario-transfer-chelsea-san-diego-wave
US star Catarina Macario departs Chelsea for record $8m, five-year deal with San Diego Wave

The 26-year-old forward, who had struggled to cement a starting role at Chelsea, is set to join Jonas Eidevall’s NWSL side immediately rather than in the summer

The Guardian
Hovav Shacham2d ago
Show threadLesley Carhart 2d ago
In this year of 2026 if you absolutely have to run your mobile, international event in America - and you choose to run it in Texas, Tennessee, or Florida, that is certainly a choice that reflects which of your members or employees you see as human.
Hovav Shacham2d ago
Mark Swed reviews the U.S. premiere of Gerald Barry’s Salome at Green Umbrella: https://www.latimes.com/entertainment-arts/story/2026-03-27/la-phil-premieres-gerald-barrys-wacky-salome
The L.A. Phil premieres Gerald Barry’s wacky ‘Salome’

Following two of the most brilliantly wacky operas of our time from Gerald Barry, the premiere of his 'Salome' promises to out-wacky the others.

Los Angeles Times
Hovav ShachamMar 21
Sophie SchmiegMar 21

I feel like we should maybe not give life time achievement awards to people that invented a technology that has zero deployment, that has no path to deployment, and that has fostered a very unhealthy amount of snake oil vendors, especially when there is an alternative technology available to solve the same problem, and that technology is already deployed and has comparatively next to no downsides, at a time when we really really need to start deploying it more widely.

But that's just me, I guess.

Hovav ShachamMar 21

Hot take: This Black Ferns sevens side is good at rugby.

https://www.youtube.com/watch?v=5ZluahVtjBo

UNREAL gold medal match 🥇 | New Zealand v Australia | HSBC SVNS New York 2026 | Full Match Replay

YouTube
Hovav ShachamMar 20
Steven GalbraithMar 20
https://www.mpg.de/26279645/gerd-faltings-2026-abel-prize abel prize for Faltings
Gerd Faltings to receive the 2026 Abel Prize

Gerd Faltings, Director Emeritus at the Max Planck Institute for Mathematics, has become the first German to receive the Abel Prize, having previously been awarded the Fields Medal.

Hovav ShachamMar 20
Lesley Carhart Mar 20
My advice - not either of my employers’ advice - to ANZ orgs regarding to US/Israel/Iran war cyber attacks: seeing a ton of activity. Some targeted, lots opportunistic. If you’re not a geopolitical target, increase threat posture. It’s too chaotic to fully predict and models can change at any time.
Hovav ShachamMar 20

Trevor Paglen has won the 2026 LG Guggenheim Award “for groundbreaking achievements in technology-based art.”

Looking beyond art and culture alone, Paglen examines the power structures surrounding mass technologies and the exchanges they facilitate—between cultural myths, national narratives, and deeply embedded social assumptions.

https://www.guggenheim.org/initiatives/lg-guggenheim-art-and-technology-initiative

LG Guggenheim Art and Technology Initiative | The Guggenheim Museums and Foundation

This five-year, multifaceted initiative is designed to research, honor, and promote artists working at the intersection of art and technology.

The Guggenheim Museums and Foundation
Show threadHovav ShachamMar 19

For those keeping track at home,

CVE-2025-31277: https://github.com/WebKit/WebKit/commit/716536ce98d6f8d40c44abed667b6a1970023e17
CVE-2025-43529: https://github.com/WebKit/WebKit/commit/b21a503b579a8ab14c839f82cc77176e507352e5

[JSC]ASSERTION FAILED: !needsSlowPutIndexing() at ensureArrayStorageSlow · WebKit/WebKit@716536c

https://bugs.webkit.org/show_bug.cgi?id=291745 rdar://149546458 Reviewed by Keith Miller. We should not create Contiguous array when have-a-bad-time happened for RegExp match results. * JSTests/...

GitHub
Hovav ShachamMar 19

Both first-stage bugs exploited by this chain are in JavaScriptCore. We should improve how we build JavaScript JITs somewhat.

https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain

The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors | Google Cloud Blog

DarkSword is a new iOS exploit chain that leverages multiple zero-day vulnerabilities to fully compromise iOS devices.

Google Cloud Blog