Mastodawn

I am at the Colorado capitol today to testify against a new bill, SB26-090, that would carve out a broad and unnecessary exemption to our groundbreaking right to repair law that would effectively remove the right to repair for large categories of technologies.

The bill is going to be heard in committee today "upon adjournment" of the senate. If you have the ability to testify online or in writing against this bill, I would encourage you to do so as soon as possible.

Background: https://www.ifixit.com/News/116447/a-new-colorado-bill-could-blow-a-hole-in-the-nations-strongest-right-to-repair-lawhe-nations-strongest-right-to-repair-law

Testimony signup link: https://sites.coleg.gov/public-testimony/sign-up-to-testify/step-1

Current day status board: https://www.leg.state.co.us/public/display.nsf/index.html

Bill details: https://leg.colorado.gov/bills/SB26-090

A New Colorado Bill Could Blow a Hole in the Nation’s Strongest Right to Repair Law

A bill could hollow out the strongest electronics Right to Repair law in the country, using the overbroad term “critical infrastructure.”

iFixit

Andrew 🌻 Brandt 🐇Mar 25

DEF CON Mar 10

DEF CON 34’s theme is ‘Agency’. We’re focusing on self-determination in our use of tech. Charting our own course and helping others do the same.

Let’s start moving our valuable attention to tech that supports our agency. Let’s find the places we can help and choose to act.

Visual style guide and homework assignments coming soon!

#defcon #defcon34 #agency

Andrew 🌻 Brandt 🐇Mar 25

Show thread

Adam Shostack

Mar 25

@defcon Agency obviously includes the right to repair. The right to repair must include the right to interoperate and build new clients. Looking at Slack, discord, and so many others.

Andrew 🌻 Brandt 🐇Mar 25

Viss Mar 25

heads up users of github

Andrew 🌻 Brandt 🐇Mar 25

Show thread

Jan Schaumann Mar 25

@Viss For folks looking for the right knob: https://github.com/settings/copilot, Allow GitHub to use my data for AI model training" -> Disabled

#savedyouaclick

Andrew 🌻 Brandt 🐇Mar 19

Andrew 🌻 Brandt 🐇Mar 18

Watching the premiere episode of @huntress' new webcast, _declassified, and John Hammond is talking to master scam-baiter Jim Browning about a hidden-camera video he's showing of a job interview of a prospective scam call center worker. The interviewer and interviewee use a kind of coded language to talk about the interviewee's experience in phone-based scams. Truly remarkable insider video I've never seen before. #scam #spam #cybercrime

Andrew 🌻 Brandt 🐇Mar 18

Andrew 🌻 Brandt 🐇Mar 4

Space Rogue Mar 4

The latest episode of 'Where Warlocks Stay up Late" dropped yesterday. Featuring yours truly. The interview goes pretty deep from growing up in Maine, working at Lotus, stories about L0pht you may not have heard before to getting fired from @stake. Probably the most personal interview I have ever given.

https://www.youtube.com/watch?v=j6jhAugNqvE

#l0pht #spacerogue #warlocks

Andrew 🌻 Brandt 🐇Mar 4

Christine Lemmer-Webber Mar 4

holy fucking shit so this is the worst "ai psychosis" story I have read in a while but also is it "ai psychosis" as much as it is "an AI is literally feeding you that you're in the middle of a piece of conspiracy fiction"? https://bsky.app/profile/ckunzelman.bsky.social/post/3mgazir4wu22x

https://techcrunch.com/2026/03/04/father-sues-google-claiming-gemini-chatbot-drove-son-into-fatal-delusion/

cmrn knzlmn (@ckunzelman.bsky.social)

This is bad, and part of what makes it so bad is that this is clearly pulling from *genre* understandings of reality, which the statistical linguistic machine seemingly cannot distinguish from other text included in the training data. Truly an ideology machine where every episode of CSI is true. [contains quote post or other embedded content]

Bluesky Social

Andrew 🌻 Brandt 🐇Mar 4

Nick Selby

Mar 4

When your company suffers a security breach, the instinct is to say as little as possible. Your legal team wants to limit liability. Your communications team wants to control the narrative. The result is vague, unhelpful disclosures that end up doing exactly the opposite of what they're intended to do.

In a new article published this week on Law.com, EPSD Advisory Board member Melanie Ensign, privacy attorney Michelle Finneran Dennedy and I make the case that vague breach communications don't protect you. They alienate your customers, freeze your pipeline, hand narrative control to third parties, and leave you facing litigation with an already hostile audience.

The lawsuits are coming regardless. What you control is whether you face them with customer trust intact or in tatters.

Read the full article ($): https://www.law.com/corpcounsel/2026/03/01/beyond-liability-how-vague-breach-communications-harm-your-business-and-legal-position/

Beyond Liability: How Vague Breach Communications Harm Your Business (And Legal Position)

The lawsuits are coming regardless. Vague communications ensure you’ll face them with an alienated customer base and evidence that they prioritize legal cover over helping victims protect themselves. That’s a costly combination for any brand.

Corporate Counsel

Backup tooter	@threatresearch.bsky.social
Threat level	mostly harmless