Levi Broderick
@grabyourpitchforks.bsky.social
Your friendly neighborhood security otter. Part of Microsoft's .NET team. Personal account, not speaking for my employer. 🔥🦦🛡️🔥 -- he/him
Reposted by Levi Broderick
WE HAVE A DATE!
The new terminal at the Pittsburgh Airport opens in a week, on Tuesday, Nov. 18.
More on the impressive new space: byerussell.substack.com/p/pittsburgh...
The new terminal at the Pittsburgh Airport opens in a week, on Tuesday, Nov. 18.
More on the impressive new space: byerussell.substack.com/p/pittsburgh...
November 10, 2025 at 9:13 PM
WE HAVE A DATE!
The new terminal at the Pittsburgh Airport opens in a week, on Tuesday, Nov. 18.
More on the impressive new space: byerussell.substack.com/p/pittsburgh...
The new terminal at the Pittsburgh Airport opens in a week, on Tuesday, Nov. 18.
More on the impressive new space: byerussell.substack.com/p/pittsburgh...
Bainbridge Island out showing its colors the other day.
November 10, 2025 at 7:58 PM
Bainbridge Island out showing its colors the other day.
Reposted by Levi Broderick
I’m really proud of this talk and I hope you’ll watch it. I put care in to making it approachable while still delivering my perspective and insights to security professionals. If you don't get the "why" behind passkeys, this talk will help fill that gap. [2/2] www.youtube.com/watch?v=otOb...
Authenticate 2025 Keynote | Ricky Mondello, Apple | Get the Most Out of Passkeys
YouTube video by FIDO Alliance
www.youtube.com
November 7, 2025 at 1:51 PM
I’m really proud of this talk and I hope you’ll watch it. I put care in to making it approachable while still delivering my perspective and insights to security professionals. If you don't get the "why" behind passkeys, this talk will help fill that gap. [2/2] www.youtube.com/watch?v=otOb...
[Politics, woo!] If you're writing to your senators (as I did today), be sure your message centers the vulnerable in your community. It's easy for us solidly middle-class people to be passionate, but at the end of the day, the fight is for our neighbors to have access to affordable, quality care.
November 10, 2025 at 12:12 AM
[Politics, woo!] If you're writing to your senators (as I did today), be sure your message centers the vulnerable in your community. It's easy for us solidly middle-class people to be passionate, but at the end of the day, the fight is for our neighbors to have access to affordable, quality care.
Being a Washington state voter teaches you certain life skills. Chief among them is patience. 😎
Happy Friday of Election Week! We expect to post around 100,000 ballots in today’s results update. That will leave around 120,000 ballots left to count, so we’ll have a large number to post on Monday, too.
November 7, 2025 at 9:35 PM
Being a Washington state voter teaches you certain life skills. Chief among them is patience. 😎
Reposted by Levi Broderick
Interested in working in .NET Tooling? My team is hiring for a few roles. This is a great to impact the .NET ecosystem, work with devs all across Microsoft and help drive the .NET platform forward.
jobs.careers.microsoft.com/global/en/jo...
jobs.careers.microsoft.com/global/en/jo...
jobs.careers.microsoft.com/global/en/jo...
jobs.careers.microsoft.com/global/en/jo...
November 5, 2025 at 1:26 AM
Interested in working in .NET Tooling? My team is hiring for a few roles. This is a great to impact the .NET ecosystem, work with devs all across Microsoft and help drive the .NET platform forward.
jobs.careers.microsoft.com/global/en/jo...
jobs.careers.microsoft.com/global/en/jo...
jobs.careers.microsoft.com/global/en/jo...
jobs.careers.microsoft.com/global/en/jo...
This article perfectly summarizes my household's experience with the new Nest cameras. The camera quality is a good upgrade compared to the previous gen; but the Gemini integration feels like utility and reliability stumbled off a cliff, plunged into the sea, and drowned.
AI Is Making a Lot of Big Promises, but It Can’t Even Properly Identify My Cat
It also said I have a herd of cats and thinks my husband is a child.
www.nytimes.com
November 4, 2025 at 7:02 PM
This article perfectly summarizes my household's experience with the new Nest cameras. The camera quality is a good upgrade compared to the previous gen; but the Gemini integration feels like utility and reliability stumbled off a cliff, plunged into the sea, and drowned.
My fellow Washingtonians, 2025 might be an off-cycle election, but we've still got some important measures to weigh in on! Remember to have your ballot in an election drop box by 8:00 pm Tuesday!
More resources, including drop box location and in-person registration & ballot casting, at votewa.gov
More resources, including drop box location and in-person registration & ballot casting, at votewa.gov
Another state that jumps out: Washington.
—Seattle's mayor's race
—also big stakes in Seattle's prosecutor + council + tax measure
—new exec in King County
—control of Spokane
—Olympia's labor measure
—competitive legislative specials
—school boards split on inclusion
—even a statewide referendum
—Seattle's mayor's race
—also big stakes in Seattle's prosecutor + council + tax measure
—new exec in King County
—control of Spokane
—Olympia's labor measure
—competitive legislative specials
—school boards split on inclusion
—even a statewide referendum
November 4, 2025 at 4:17 AM
My fellow Washingtonians, 2025 might be an off-cycle election, but we've still got some important measures to weigh in on! Remember to have your ballot in an election drop box by 8:00 pm Tuesday!
More resources, including drop box location and in-person registration & ballot casting, at votewa.gov
More resources, including drop box location and in-person registration & ballot casting, at votewa.gov
Reposted by Levi Broderick
I'm writing another book, and the first few chapters are available through Manning Early Access now! For 50% off!
hubs.la/Q03Q9PGP0
More details, and the story of how I came to write it, are on my blog at
ericlippert.com/2025/10/30/i...
It feels great to be writing again after a long break. :)
hubs.la/Q03Q9PGP0
More details, and the story of how I came to write it, are on my blog at
ericlippert.com/2025/10/30/i...
It feels great to be writing again after a long break. :)
Fabulous Adventures in Data Structures and Algorithms - Eric Lippert
Author Eric Lippert introduces fabulous solutions using uncommon algorithms and data structures.
There’s a lot more to algorithms than the useful-but-boring recipes you recite for every interview. Th...
hubs.la
October 30, 2025 at 4:39 PM
I'm writing another book, and the first few chapters are available through Manning Early Access now! For 50% off!
hubs.la/Q03Q9PGP0
More details, and the story of how I came to write it, are on my blog at
ericlippert.com/2025/10/30/i...
It feels great to be writing again after a long break. :)
hubs.la/Q03Q9PGP0
More details, and the story of how I came to write it, are on my blog at
ericlippert.com/2025/10/30/i...
It feels great to be writing again after a long break. :)
Vote by mail continues to be a glorious thing. :)
October 30, 2025 at 3:56 PM
Vote by mail continues to be a glorious thing. :)
Apropos of nothing, my fellow Washingtonians, there's an election coming up in a few weeks! We even have same-day registration, but it's far more convenient if you register in advance.
(They mail ballots! To your home! Return postage prepaid! How awesome is that?!)
(They mail ballots! To your home! Return postage prepaid! How awesome is that?!)
Elections | WA Secretary of State
www.sos.wa.gov
October 18, 2025 at 4:51 PM
Apropos of nothing, my fellow Washingtonians, there's an election coming up in a few weeks! We even have same-day registration, but it's far more convenient if you register in advance.
(They mail ballots! To your home! Return postage prepaid! How awesome is that?!)
(They mail ballots! To your home! Return postage prepaid! How awesome is that?!)
Reposted by Levi Broderick
Thank you Ron Conway for standing up for what's right and thank you Marc Benioff for listening.
www.sfchronicle.com/politics/art...
www.sfchronicle.com/politics/art...
Amid criticism, Benioff apologizes, reverses course on National Guard
After strong backlash to his embrace of Trump and a week of blistering criticism, the Salesforce CEO has changed course.
www.sfchronicle.com
October 17, 2025 at 9:31 PM
Thank you Ron Conway for standing up for what's right and thank you Marc Benioff for listening.
www.sfchronicle.com/politics/art...
www.sfchronicle.com/politics/art...
Reposted by Levi Broderick
It's Patch Tuesday and ASP.NET Core has a doozy, with a CVSS score of 9.9, our highest ever. Let's examine why.
The bug enables http request smuggling, which on its own for ASP.NET Core would be nowhere near that high, but that's not how we rate things...
* Thread- (1/7)
The bug enables http request smuggling, which on its own for ASP.NET Core would be nowhere near that high, but that's not how we rate things...
* Thread- (1/7)
Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability · Issue #371 · dotnet/announcements
Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability i...
github.com
October 14, 2025 at 6:01 PM
It's Patch Tuesday and ASP.NET Core has a doozy, with a CVSS score of 9.9, our highest ever. Let's examine why.
The bug enables http request smuggling, which on its own for ASP.NET Core would be nowhere near that high, but that's not how we rate things...
* Thread- (1/7)
The bug enables http request smuggling, which on its own for ASP.NET Core would be nowhere near that high, but that's not how we rate things...
* Thread- (1/7)
"Vibe working" a PowerPoint deck is fun! I had it generate a deck extolling the virtues of using Vibe HR to identify low-impact / low-engagement employees as layoff targets. (Note: Copilot forbids "layoff" as a dirty word, so I had to use "PiP" instead.)
September 29, 2025 at 3:37 PM
"Vibe working" a PowerPoint deck is fun! I had it generate a deck extolling the virtues of using Vibe HR to identify low-impact / low-engagement employees as layoff targets. (Note: Copilot forbids "layoff" as a dirty word, so I had to use "PiP" instead.)
Reposted by Levi Broderick
New by me:
A look into UK orgs outsourcing critical business and cyber functions to low cost providers and the fall out. I'll probably get in trouble for writing this one.
doublepulsar.com/the-elephant...
A look into UK orgs outsourcing critical business and cyber functions to low cost providers and the fall out. I'll probably get in trouble for writing this one.
doublepulsar.com/the-elephant...
The Elephant in The Biz: outsourcing of critical IT and cybersecurity functions risks UK economic…
Recently, there’s been three major UK ransomware and/or extortion incidents at three big UK companies — Co-op Group, Marks and Spencer and…
doublepulsar.com
September 15, 2025 at 8:29 PM
New by me:
A look into UK orgs outsourcing critical business and cyber functions to low cost providers and the fall out. I'll probably get in trouble for writing this one.
doublepulsar.com/the-elephant...
A look into UK orgs outsourcing critical business and cyber functions to low cost providers and the fall out. I'll probably get in trouble for writing this one.
doublepulsar.com/the-elephant...
@blowdart.me I think we should update .NET's envvar naming guidelines.
September 15, 2025 at 9:38 PM
@blowdart.me I think we should update .NET's envvar naming guidelines.
Reposted by Levi Broderick
✈️ Thinking about holiday travel? Make sure your passport is ready! If you live in WA-01, join us in Mill Creek on Oct. 16 for a passport application event.
Register below to renew or apply for a passport at the event.
bit.ly/46gI5w1
Register below to renew or apply for a passport at the event.
bit.ly/46gI5w1
September 15, 2025 at 1:05 AM
✈️ Thinking about holiday travel? Make sure your passport is ready! If you live in WA-01, join us in Mill Creek on Oct. 16 for a passport application event.
Register below to renew or apply for a passport at the event.
bit.ly/46gI5w1
Register below to renew or apply for a passport at the event.
bit.ly/46gI5w1
Reposted by Levi Broderick
the actual advances in new iPhone models are often about security (everyone is always trying to make memory allocation more secure and less of an attack surface because memory reuse/corruption attacks are key to a lot of exploits)
Memory Integrity Enforcement, built on the ARM Memory Tagging Extension Technology (MTE), "represents the most significant upgrade to memory safety in the history of consumer operating systems."
security.apple.com/blog/memory-...
security.apple.com/blog/memory-...
Blog - Memory Integrity Enforcement: A complete vision for memory safety in Apple devices - Apple Security Research
Memory Integrity Enforcement (MIE) is the culmination of an unprecedented design and engineering effort spanning half a decade that combines the unique strengths of Apple silicon hardware with our adv...
security.apple.com
September 9, 2025 at 7:32 PM
the actual advances in new iPhone models are often about security (everyone is always trying to make memory allocation more secure and less of an attack surface because memory reuse/corruption attacks are key to a lot of exploits)
Reposted by Levi Broderick
I’m picky about my dev workflow, so adopting new tools takes time. But I’ve used git worktrees exclusively for the past year and have loved it. 🌟
They’ve been game-changing as my engineering impact/scope has grown.
More details on my setup: blog.safia.rocks/2025/09/03/g...
They’ve been game-changing as my engineering impact/scope has grown.
More details on my setup: blog.safia.rocks/2025/09/03/g...
September 3, 2025 at 6:45 PM
I’m picky about my dev workflow, so adopting new tools takes time. But I’ve used git worktrees exclusively for the past year and have loved it. 🌟
They’ve been game-changing as my engineering impact/scope has grown.
More details on my setup: blog.safia.rocks/2025/09/03/g...
They’ve been game-changing as my engineering impact/scope has grown.
More details on my setup: blog.safia.rocks/2025/09/03/g...
Reposted by Levi Broderick
Most software tort proposals in the U.S. focus on defining a standard of care for developers, writes @csetgeorgetown.bsky.social's Micah Musser. But what happens after a finding of liability?
September 2, 2025 at 3:01 PM
Most software tort proposals in the U.S. focus on defining a standard of care for developers, writes @csetgeorgetown.bsky.social's Micah Musser. But what happens after a finding of liability?
Reposted by Levi Broderick
Ethics, social studies, and history should all be mandatory learning.
"But I'm an engineer" or "but I'm a scientist," they'll say, " those are humanities subjects "... Yes, that is literally the point. Everything you do affects humanity, and that impact needs to be understood by everyone involved.
"But I'm an engineer" or "but I'm a scientist," they'll say, " those are humanities subjects "... Yes, that is literally the point. Everything you do affects humanity, and that impact needs to be understood by everyone involved.
September 1, 2025 at 4:58 AM
Ethics, social studies, and history should all be mandatory learning.
"But I'm an engineer" or "but I'm a scientist," they'll say, " those are humanities subjects "... Yes, that is literally the point. Everything you do affects humanity, and that impact needs to be understood by everyone involved.
"But I'm an engineer" or "but I'm a scientist," they'll say, " those are humanities subjects "... Yes, that is literally the point. Everything you do affects humanity, and that impact needs to be understood by everyone involved.
Reposted by Levi Broderick
A Computer Can Never Be Held Accountable
Therefore A Computer Must Always Make Every Management Decision So You Can Say “Don’t Blame Me, Take It Up With Executron The All-Knowing”
Therefore A Computer Must Always Make Every Management Decision So You Can Say “Don’t Blame Me, Take It Up With Executron The All-Knowing”
February 26, 2025 at 5:44 PM
A Computer Can Never Be Held Accountable
Therefore A Computer Must Always Make Every Management Decision So You Can Say “Don’t Blame Me, Take It Up With Executron The All-Knowing”
Therefore A Computer Must Always Make Every Management Decision So You Can Say “Don’t Blame Me, Take It Up With Executron The All-Knowing”
Interesting post that also touches on some issues we've had when trying to use LLMs to TM components.
The big sticking point IMO: a threat model requires as input what you *intended* the component to do, but an LLM can only see what you *actually implemented*. This gap leads to false confidence.
The big sticking point IMO: a threat model requires as input what you *intended* the component to do, but an LLM can only see what you *actually implemented*. This gap leads to false confidence.
Everyone’s pitching “threat modeling with LLMs.” Problem: they sound smart, but often mislead. Useful vs nothing? Maybe. But accuracy, fragility & overconfidence remain big risks. Sidekick, not savior. Thoughts: helpful tool or dangerous distraction? #ThreatModeling #AI shostack.org/blog/manspla...
Shostack + Friends Blog > Mansplaining your threat model, as a service
Everyone wants robots to help with threat models. How’s that working out?
shostack.org
August 27, 2025 at 6:42 PM
Interesting post that also touches on some issues we've had when trying to use LLMs to TM components.
The big sticking point IMO: a threat model requires as input what you *intended* the component to do, but an LLM can only see what you *actually implemented*. This gap leads to false confidence.
The big sticking point IMO: a threat model requires as input what you *intended* the component to do, but an LLM can only see what you *actually implemented*. This gap leads to false confidence.
Reposted by Levi Broderick
I will caveat that "I didn't mean for this to happen" can be an absolving thing, but only when there's no reasonable way to know that "this" would follow from one's action or lack thereof, and that was manifestly not the case here. It's like the legal distinction btwn intent and gross negligence.
August 27, 2025 at 4:09 PM
I will caveat that "I didn't mean for this to happen" can be an absolving thing, but only when there's no reasonable way to know that "this" would follow from one's action or lack thereof, and that was manifestly not the case here. It's like the legal distinction btwn intent and gross negligence.