Arright... I've enjoyed Giordano's and Lou Malnati's when I go to Blue Team Con. I'll make this happen :)

🗓️ Mark your calendars 🗓️

BlueHat is headed to Singapore, September 17–18.

Call for Papers and registration announcements coming soon. 👀

100%. Show me the MMA champ that's never had a black eye and I'll show you the charletan.

I still love making bounty payouts though.

It's the best bit of my job.

Haha, people yell at me when I share tarantula pics without warning :)

Book cover for "Threat Driven Software Development: Defending online services from modern threat actors." Colors are primarily blue, with a depiction of an attack graph.

Artwork is not final yet, but I can't wait! The amount of battle tested content in this book is unbelievable. And by battle tested, I mean it. Name an APT and Microsoft has had to defend against them.

Sweet! BlueHat Redmond has kicked off its CFP!

BlueHat brings together security researchers and responders to exchange ideas and best practices - including vulnerability research, mitigations, emerging threats, techniques, and more.

Submit your paper by February 28, 2026: aka.ms/BH26CFP

No cover or concrete release date yet (content is fully complete and going through the editorial process), but this is going to be a banger.

"Threat Driven Software Development" distills 30 years of lessons learned at Microsoft on how to operationally secure services: management infrastructure, identities, keys, secrets, build systems, networks, risk management - you name it.

So freakin' excited. Have a book coming out with Michael Howard (author of Writing Secure Code), Sherrod DeGrippo (Director of Threat Intelligence at Microsoft) and Shawn Hernan (Director of Azure's Security Assurance organization).

Don't know if you went down the full ergodox + colemax rabbit hole, but going back to QWERTY from an alternate keyboard layout feels like mars too.

People's brains cramp the first time they pick a movie randomly - it's interesting to watch. Give the movie 20 minutes before you bail, and you'll find that you end up watching and enjoying them more often than not.

Security is a far better place for his contributions.

- The invention of AMSI in Windows, letting applications finally take an active role in their own defense
- Appliance-like delivery of some major on-premises projects that hardened these systems far more than operators could, and also protected them from hostile operational environments.

- The first scripting language to ever account for security from the get-go
- Countless improvements to Code Integrity in Windows to support dynamic runtimes
- The only scripting language to actively engage the researcher community in how to adapt to the evolving threat landscape

Wow, what an amazing impact @jsnover.com has had on the security industry and everybody that's had the privilege to work with him.

Jeffrey's leadership was directly responsible for:

Congratulations! If you ever need more fish, I can make that happen :)

Like, there should be a meme license that you need to obtain before being granted access to giphy.com.

Congrats on the addition to the family :) Before you know it, you'll have a bunch :)

Wife: "Whoa, Lewis Hamilton is getting a new race engineer this season"
Me: "Who?"
Wife: "🏎️🐎 We are checking... 🐎🏎️"

Nope, regular ol' APL :)

⎕IO ← 0
iter ←{⍉(≢⍉⍵)↑⍉(≢⍵)↑1⊖1⌽1⊖⊃9.05÷⍨+/+⌿1 0 ¯1∘.⊖1 0 ¯1⌽¨⊂¯1⊖¯1⌽(
(≢⍵)+2)↑⍉((≢⍉⍵)+2)↑⍉⍵⍪28+228×?2⍴⍨≢⍵}
{}{canvas∘←170↓' +=*░#▒▓'[(⌊(⍵÷10))⌊9]⋄_←⎕DL÷32⋄iter ⍵}⍣≡0⍴⍨1 1×250

Those approaches didn't end up working out for Encarta, but congratulations to Wikipedia to being an incredible resource for humanity.

They tried for a while with the quality angle - having paid professional editors being the primary content owners. And then they pivoted for a while by allowing community contributions that paid professional editors would then fact and quality check.

25 years ago is 2001. I joined Microsoft on the Encarta Encyclopedia team in 2002 and asked as part of my interviews: "So what are you going to do about this Wikipedia thing?"

I think it's mostly just "programmer" :) Unlike human languages - after the first programming language, they're mostly all the same.

Ever seen a demoscene demo in APL? Now you have. www.leeholmes.com/apl-demoscene/

Haha, I've spent so many times looking at it that I can notice the GH version has a bug that makes the fire drift left :)

I also did it in APL recently, that was a trip: www.leeholmes.com/apl-demoscene/

Was in a discussion with somebody once about their horse, and the conversation included the phrase, "and before you know it, you're in it for a million bucks."

Tower: "Caution, wake turbulence"

IShowSpeed about to approach a crowd of fans

Had a huge YouTuber (IShowSpeed, 44M subs) come to a place I was at last night. It was madness. Dozens (200?) of kids and teens swarming, screaming his name, and calling his cliches out to him.

He seemed like a nice enough guy, and his security mostly kept the mob from interrupting the rest of us.