Allan
@allanfriedman.bsky.social
SBOM Champion. Full service technocrat. Now at @CISAgov, formerly NTIA. Lapsed{engineer, academic, author}. Personal Account. Food, drink, dogs, SBOM
Starting my nephew on good habits young.
November 27, 2025 at 5:04 AM
Starting my nephew on good habits young.
As a pretty active and ambitious cook, I’m totally behind this point. I will def pick up a cheap large bird after for parts and stock. And the right markets sell turkey leg quarters year round, which are perfect for luxurious confit.
"then why don't you roast turkeys all the time" because they're fucking huge? I very seldom need to cook like 14-20 pounds of protein. I don't smoke whole briskets all the time either.
November 23, 2025 at 9:03 PM
As a pretty active and ambitious cook, I’m totally behind this point. I will def pick up a cheap large bird after for parts and stock. And the right markets sell turkey leg quarters year round, which are perfect for luxurious confit.
Reposted by Allan
the “thanksgiving food is bad” discourse raises its ugly head every year, but the truth remains that thanksgiving food can be amazing as long as you know how to cook. the problem is we’re throwing a few million sunday drivers directly into a grand prix
I think this is unfair to turkey. turkey is good but hard to cook well because it is so damn big. turkey *parts* are great but lack the esthetic appeal of a centerpiece bird.
it is tired to the point of cliche to say if turkey was good, people would make it more than once a year. but it is understated that at least one American explodes every Thanksgiving in a brave attempt to make the main dish more palatable
November 23, 2025 at 7:44 PM
the “thanksgiving food is bad” discourse raises its ugly head every year, but the truth remains that thanksgiving food can be amazing as long as you know how to cook. the problem is we’re throwing a few million sunday drivers directly into a grand prix
Reposted by Allan
I used to handle interlibrary loans for a public library. ILL is a magnificent expression of the idea that readers deserve books, and books deserve readers. It’s libraries everywhere pooling their resources for the benefit of everyone.
Killing IMLS could have killed ILL.
This is great news. 📚
Killing IMLS could have killed ILL.
This is great news. 📚
Court permanently blocks Trump's executive order to dismantle federal agency for America's libraries IMLS
librarytechnology.org/pr/31973
librarytechnology.org/pr/31973
Court permanently blocks Trump's executive order to dismantle federal agency for America's libraries
Press Release: Court permanently blocks Trump's executive order to dismantle federal agency for America's libraries. The U.S. District Court for the District of Rhode Island struck down the Trump Adm...
librarytechnology.org
November 22, 2025 at 3:23 PM
I used to handle interlibrary loans for a public library. ILL is a magnificent expression of the idea that readers deserve books, and books deserve readers. It’s libraries everywhere pooling their resources for the benefit of everyone.
Killing IMLS could have killed ILL.
This is great news. 📚
Killing IMLS could have killed ILL.
This is great news. 📚
Reposted by Allan
With the EU's Cyber Resilience Act, #SoftwareTransparency isn't optional. It's a global mandate.
We're thrilled to announce #SBOM pioneer @allanfriedman.bsky.social is joining the Anchore board to help nav... https://anchore.com/blog/anchore-welcomes-sbom-pioneer-dr-allan-friedman-as-board-advisor/
We're thrilled to announce #SBOM pioneer @allanfriedman.bsky.social is joining the Anchore board to help nav... https://anchore.com/blog/anchore-welcomes-sbom-pioneer-dr-allan-friedman-as-board-advisor/
November 17, 2025 at 6:16 PM
With the EU's Cyber Resilience Act, #SoftwareTransparency isn't optional. It's a global mandate.
We're thrilled to announce #SBOM pioneer @allanfriedman.bsky.social is joining the Anchore board to help nav... https://anchore.com/blog/anchore-welcomes-sbom-pioneer-dr-allan-friedman-as-board-advisor/
We're thrilled to announce #SBOM pioneer @allanfriedman.bsky.social is joining the Anchore board to help nav... https://anchore.com/blog/anchore-welcomes-sbom-pioneer-dr-allan-friedman-as-board-advisor/
Reposted by Allan
The OSS made an incredible TRAINING FILM, directed by JOHN FORD, about the dos and donts of nonofficial cover. It’s great!
m.youtube.com/watch?v=oJJf...
m.youtube.com/watch?v=oJJf...
World War 2 Spy Training Film: Undercover | OSS Film | ca. 1944
YouTube video by The Best Film Archives
m.youtube.com
November 18, 2025 at 11:10 PM
The OSS made an incredible TRAINING FILM, directed by JOHN FORD, about the dos and donts of nonofficial cover. It’s great!
m.youtube.com/watch?v=oJJf...
m.youtube.com/watch?v=oJJf...
Reposted by Allan
A zygote is the result of a sperm joining an egg.
‘Zygote’ comes from the Greek word for ‘yoke.’
A ‘yoke’ is a wooden beam that JOINS two animals together.
The ‘yolk’ of an egg is from the Old English word for “yellow.”
‘Yoke’ and ‘yolk’ have no relation to each other.
‘Zygote’ comes from the Greek word for ‘yoke.’
A ‘yoke’ is a wooden beam that JOINS two animals together.
The ‘yolk’ of an egg is from the Old English word for “yellow.”
‘Yoke’ and ‘yolk’ have no relation to each other.
November 17, 2025 at 4:47 PM
A zygote is the result of a sperm joining an egg.
‘Zygote’ comes from the Greek word for ‘yoke.’
A ‘yoke’ is a wooden beam that JOINS two animals together.
The ‘yolk’ of an egg is from the Old English word for “yellow.”
‘Yoke’ and ‘yolk’ have no relation to each other.
‘Zygote’ comes from the Greek word for ‘yoke.’
A ‘yoke’ is a wooden beam that JOINS two animals together.
The ‘yolk’ of an egg is from the Old English word for “yellow.”
‘Yoke’ and ‘yolk’ have no relation to each other.
Reposted by Allan
No no no begs every archivist. You are never going to be able to find anything. Please don’t start using emojis in file names. Who asked for this? What fresh hell is next?
November 12, 2025 at 10:38 AM
No no no begs every archivist. You are never going to be able to find anything. Please don’t start using emojis in file names. Who asked for this? What fresh hell is next?
Reposted by Allan
HUGE NEWS! 📣
The "father of SBOM," @allanfriedman.bsky.social, is joining Anchore as a Board Advisor!
We sat down with him to discuss the future of #SoftwareSupplyChainSecurity and what comes after SBOM.... https://anchore.com/blog/anchore-welcomes-sbom-pioneer-dr-allan-friedman-as-board-advisor/
The "father of SBOM," @allanfriedman.bsky.social, is joining Anchore as a Board Advisor!
We sat down with him to discuss the future of #SoftwareSupplyChainSecurity and what comes after SBOM.... https://anchore.com/blog/anchore-welcomes-sbom-pioneer-dr-allan-friedman-as-board-advisor/
November 12, 2025 at 3:01 AM
HUGE NEWS! 📣
The "father of SBOM," @allanfriedman.bsky.social, is joining Anchore as a Board Advisor!
We sat down with him to discuss the future of #SoftwareSupplyChainSecurity and what comes after SBOM.... https://anchore.com/blog/anchore-welcomes-sbom-pioneer-dr-allan-friedman-as-board-advisor/
The "father of SBOM," @allanfriedman.bsky.social, is joining Anchore as a Board Advisor!
We sat down with him to discuss the future of #SoftwareSupplyChainSecurity and what comes after SBOM.... https://anchore.com/blog/anchore-welcomes-sbom-pioneer-dr-allan-friedman-as-board-advisor/
Reposted by Allan
Is there are name for the phenomenon where anything claiming to be something exceptional (e.g. "hot take", "thought leader", "gourmet deli") isn't actually that thing?
November 11, 2025 at 8:11 PM
Is there are name for the phenomenon where anything claiming to be something exceptional (e.g. "hot take", "thought leader", "gourmet deli") isn't actually that thing?
Reposted by Allan
New, by me at this.weekinsecurity.com: I wrote ~3,700 of my finest words on North Korea's remote IT workers, who have infiltrated businesses across the U.S. and Europe and aren't slowing down. Probably the most pervasive cyber threats today.
Here's my primer on how to recognize & combat them.
Here's my primer on how to recognize & combat them.
Thousands of North Koreans have secretly infiltrated US and European companies as remote IT workers
North Korea's secret remote workers are a major threat facing U.S. and European businesses today, taking jobs in Fortune 100 and smaller companies alike. Here's how to recognize and combat the threat.
this.weekinsecurity.com
November 6, 2025 at 1:35 PM
New, by me at this.weekinsecurity.com: I wrote ~3,700 of my finest words on North Korea's remote IT workers, who have infiltrated businesses across the U.S. and Europe and aren't slowing down. Probably the most pervasive cyber threats today.
Here's my primer on how to recognize & combat them.
Here's my primer on how to recognize & combat them.
I’m training my palate to reacclimatize to spicy. What’s a hot sauce that’s one layer up from Tabasco?
November 5, 2025 at 11:36 PM
I’m training my palate to reacclimatize to spicy. What’s a hot sauce that’s one layer up from Tabasco?
Finally have a Sunday free. Anyone in the DC area up for watching the Steelers-Colts game tomorrow at 1?
November 1, 2025 at 9:30 PM
Finally have a Sunday free. Anyone in the DC area up for watching the Steelers-Colts game tomorrow at 1?
Can confirm. Had the occasion to give Joe a hard time about this over the years :) My boss asked me why I was quoted saying “the Internet was on fire”. A damn good story, though.
What I’m saying is I once mixed up @allanfriedman.bsky.social and @joshcorman.bsky.social in a story about a conference call, despite having met both of them in person several times.
November 1, 2025 at 9:00 PM
Can confirm. Had the occasion to give Joe a hard time about this over the years :) My boss asked me why I was quoted saying “the Internet was on fire”. A damn good story, though.
Sigh. Grim news, but a potential wake up call for small operators and the policymakers who love them. It’s time to [quoting @joshcorman.bsky.social] SOS - get our Shit Off Shodan.
Cyberpunks mess with Canada's water, energy, and farm systems
Cyberpunks mess with Canada's water, energy, farm systems
: Infosec agency warns hacktivists broke into critical infrastructure systems to tamper with controls
www.theregister.com
October 30, 2025 at 12:12 PM
Sigh. Grim news, but a potential wake up call for small operators and the policymakers who love them. It’s time to [quoting @joshcorman.bsky.social] SOS - get our Shit Off Shodan.
Reposted by Allan
Too Many Secrets: Hackers Target Sensitive Data Sprawl www.darkreading.com/cyber-risk/t...
Too Many Secrets: Hackers Target Sensitive Data Sprawl
Hardcoded credentials, access tokens, and API keys end up in the darnedest places, prompting a call for organizations to stop over-privileging secrets.
www.darkreading.com
October 28, 2025 at 12:12 AM
Too Many Secrets: Hackers Target Sensitive Data Sprawl www.darkreading.com/cyber-risk/t...
A nice crisp autumn day for playing in the kitchen. Smoked lamb shanks, and breaking down pumpkins for kaddo bourani, the Helmand-inspired candied pumpkin w meat sauce.
October 25, 2025 at 6:06 PM
A nice crisp autumn day for playing in the kitchen. Smoked lamb shanks, and breaking down pumpkins for kaddo bourani, the Helmand-inspired candied pumpkin w meat sauce.
Reposted by Allan
Our new website has launched. We will continue to update the site with information as it becomes available.
https://bsidespyongyang.com/
https://bsidespyongyang.com/
October 20, 2025 at 3:55 AM
Our new website has launched. We will continue to update the site with information as it becomes available.
https://bsidespyongyang.com/
https://bsidespyongyang.com/
Sunday morning chorin’
October 19, 2025 at 3:42 PM
Sunday morning chorin’
Solid summary of the risks we face in our supply chains. SBOM is a powerful tool for software bc it enables automation; we need similar approaches for vendors and third party risk mgmt. Fun hard problem:
Semiconductor supply chain & and HBOM. (Coming soon!)
Semiconductor supply chain & and HBOM. (Coming soon!)
#TechRadar Third-party breaches are a wake-up call for modern cybersecurity https://techrad.ar/ksuJ #Pro
October 8, 2025 at 2:47 PM
Solid summary of the risks we face in our supply chains. SBOM is a powerful tool for software bc it enables automation; we need similar approaches for vendors and third party risk mgmt. Fun hard problem:
Semiconductor supply chain & and HBOM. (Coming soon!)
Semiconductor supply chain & and HBOM. (Coming soon!)
Finally feeling heathy enough to start doing some proper cooking. Thick cut pork chops with apple’n’onion pan sauce, nicely paired with a lovely crisp autumnal evening.
I’m still avoiding wine, etc (pairs poorly with nerve inflammation) but I prepped a batch of pear cardamon shrub.
I’m still avoiding wine, etc (pairs poorly with nerve inflammation) but I prepped a batch of pear cardamon shrub.
October 4, 2025 at 1:29 AM
Finally feeling heathy enough to start doing some proper cooking. Thick cut pork chops with apple’n’onion pan sauce, nicely paired with a lovely crisp autumnal evening.
I’m still avoiding wine, etc (pairs poorly with nerve inflammation) but I prepped a batch of pear cardamon shrub.
I’m still avoiding wine, etc (pairs poorly with nerve inflammation) but I prepped a batch of pear cardamon shrub.
Reposted by Allan
One of my favorite anecdotes from THE PREHISTORY OF THE FAR SIDE: "That doesn't sound like the Jane Goodall we know."
October 1, 2025 at 6:13 PM
One of my favorite anecdotes from THE PREHISTORY OF THE FAR SIDE: "That doesn't sound like the Jane Goodall we know."
Some of y’all remember the chaos we had in trying to decide whether to camel case it or not.
Or, even worse, which way to orient canonical examples of a dependency tree: top-to-bottom, or bottom-to-top.
Collective action is hard; the English language and good design are also hard.
Or, even worse, which way to orient canonical examples of a dependency tree: top-to-bottom, or bottom-to-top.
Collective action is hard; the English language and good design are also hard.
Y'all pluralizing SBOM as SBOMs when you know full well that it's SBsOM
September 26, 2025 at 6:30 PM
Some of y’all remember the chaos we had in trying to decide whether to camel case it or not.
Or, even worse, which way to orient canonical examples of a dependency tree: top-to-bottom, or bottom-to-top.
Collective action is hard; the English language and good design are also hard.
Or, even worse, which way to orient canonical examples of a dependency tree: top-to-bottom, or bottom-to-top.
Collective action is hard; the English language and good design are also hard.
Apple Music’s new automix feature not only isn’t very good, it’s bad enough to be distracting.
September 26, 2025 at 6:03 PM
Apple Music’s new automix feature not only isn’t very good, it’s bad enough to be distracting.