bert_hubert

bert_hubert, 5 months ago to random

"Like and subscribe!" has come to GitHub https://github.com/daeuniverse/dae/issues/368#issuecomment-1859984256

bert_hubert, 4 months ago to random

And another unfortunate security thing I learned today is that .svg files can contain JavaScript, and that your browser will happily execute that if someone directly views your image (so not through <img>). This has consequences for anyone hosting user supplied images. Thank you Wander Nauta for pointing this out. The painful story is here: https://github.com/berthubert/trifecta/issues/38

bert_hubert, 4 months ago to random

In 1995 computing pioneer Niklaus Wirth wrote "A Plea for Lean Software". In 2024 it is entirely normal for simple software to be shipped as a 350MB package, or for it to have 1600 dependencies. In appreciation of Wirth's legacy, I wrote a 2024-era Plea for Lean Software, updated for today's computing horrors: https://berthub.eu/articles/posts/a-2024-plea-for-lean-software/

bert_hubert, 5 months ago to random

Had to send out the "dear corporate employee hiding behind a gmail.com address" post again today.. https://berthub.eu/articles/posts/anonymous-help/

bert_hubert, 1 month ago to random

May you one day theorize something and 48 years later be photographed with the 27 kilometer large country-spanning machine that confirmed you were right. Awesome photo of Peter Higgs courtesy of the @CMSexperiment at CERN.

bert_hubert, 6 months ago to random

So tomorrow there are national elections in The Netherlands and I need to acquaint you with two oddities. For one, we take our democracy entirely for granted so we mostly vote in.. garbage bins. Secondly, our ballots are HUGE as they list 28 parties and 1128 candidates (no joke). So we need to make good use of the space in the garbage bin. For this purpose, polling stations are equipped with the STEMBUSSTAMPER, specially designed to tamp down wayward ballots:

The stembusstamper is a longish piece of wood that fits through the slot meant for ballots. It allows one to tamp down wayward ballots so there is more room in the ballot box.

bert_hubert, 3 months ago to random

Microsoft is trying to get all email users, including governments, to migrate to their cloud-based solutions. This makes their email cloud THE prime target for nation-state/state sponsored hackers. Yet Microsoft appears to be leaving gaping security holes in the setup of their email services: https://arstechnica.com/security/2024/01/in-major-gaffe-hacked-microsoft-test-account-was-assigned-admin-privileges/

bert_hubert, 7 months ago to random

The EU intends to add surveillance to end-to-end encrypted chats, including the use of AI powered scanners that should (generically) detect Child Sexual Abuse Material and grooming & report to Europol. Yesterday, I presented on this terrible proposal in a hearing of the Dutch parliament. Here is an English transcript of my very plain language explanation of how bad this all is: https://berthub.eu/articles/posts/client-side-scanning-dutch-parliament/ /cc @echo_pbreyer

bert_hubert, 4 months ago to random

New post! The EU Cyber Resilience Act is now (almost) final, but what does it ACTUALLY mean for open source? It is mostly good news, and there are real opportunities to use the #CRA to our advantage: https://berthub.eu/articles/posts/eu-cra-what-does-it-mean-for-open-source/

bert_hubert, 9 months ago to random

Dutch traffic light that prioritizes cyclists when it detects rain. Nice.

bert_hubert, 1 day ago to random

This is quite rare - the C root-servers are out of sync with the rest of the world by 3 days. Since that time there have been no changes in the root zone, except for DNSSEC signature updates. It appears all C instances (operated by #cogent) are serving an outdated zone. For now this has no operational impact, but that might change #DNSSEC

bert_hubert, 4 months ago to random

This blog post comes from deep inside the world of advertising, from people trying to move away from cookies. And along the way offer a VERY rare insight into the dark technology behind advertising and tracking ("hashed offline passbacks", "first and multi-touch attribution"), stuff you almost never read about. https://blog.sentry.io/we-removed-advertising-cookies-heres-what-happened/

bert_hubert, 6 months ago to random

People of a certain age, have some free nostalgia:

video/mp4

bert_hubert, 4 months ago to random

The EU Cyber Resilience Act latest text has some pretty good words on open source. These words are to be found in the preamble & "recitals". Contrary to what some people are now claiming, these words on open source do determine what the act means & how judges will read it. These are not just 'non-binding comments':
https://berthub.eu/articles/posts/eu-cra-recitals-comments-compiler-judge/

bert_hubert, 5 months ago to random

The EU has reached agreement on the Cyber Resilience Act. The situation for open source has changed remarkably compared to earlier versions, it appears in a good way. Before issuing fresh hot takes, please take the time to understand what the (not yet published text) actually says. Even people well versed are still processing things!
https://ec.europa.eu/commission/presscorner/detail/en/IP_23_6168

bert_hubert, 3 months ago to random

Dutch .NL internet registry @SIDN announcing their complete move to Amazon Web Services today is extra ironic since they published research earlier this month that such centralization was a bad idea. https://www.sidnlabs.nl/en/news-and-blogs/simulating-cloud-provider-downtime-with-cloudburst

bert_hubert, 2 months ago to random

So Americans go crazy that the EU enacts thoughtful legislation full of procedures to reign in dominant social media players. EU bad! And this week US comes out with a law that simply bans TikTok if it is still Chinese owned 180 days from now. https://www.npr.org/2024/03/06/1236363592/biden-tiktok-ban

bert_hubert, 4 months ago to random

You may have heard of the Y2038 32 bit epoch problem, but ARE YOU READY FOR Y287586 when in May we cross the point where Javascript millisecond time crosses the Number.MAX_SAFE_INTEGER & it can no longer do time math? Get your compliance plans ready! https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/MAX_SAFE_INTEGER

bert_hubert, 3 months ago to random

Very proud that the IEEE has published my article “Why Bloat Is Still Software’s Biggest Vulnerability - A 2024 plea for lean software”:

https://spectrum.ieee.org/lean-software-development

bert_hubert, 3 months ago to random

From IRC:

bert_hubert, 8 days ago to random

Yesterday I presented at the NL-NCSC / @SURF / @ACCSS symposium "Cyber Security & Society". According to Donald Tusk we are entering a new pre-war era, and I fear that he is right. I also fear that we do not have anything near a "war-time resilient" level of control over the IT infrastructures that our societies depend on utterly. We are sitting ducks & it is getting worse. Transcribed presentation, with slides, is here:
https://berthub.eu/articles/posts/cyber-security-pre-war-reality-check/

bert_hubert, 3 months ago to debian

Three flawless upgrades from #Debian Bullseye to Debian Bookworm. Another round of thanks for all the hard work that happens behind the scene to deliver this absolute monument of open source!

bert_hubert, 6 months ago to random

Various versions of the new EU Cyber Resilience Act (#CRA) contain difficult attempts to partially/perhaps/sometimes regulate open source and open source foundations. In this reasonably brief article I argue for a different solution: https://berthub.eu/articles/posts/eu-cra-best-open-source-security/

bert_hubert, 3 months ago to random

Dutch .NL internet registry SIDN gives up, moves all its IT to Amazon Web Services. Cite that they are proud to be a first mover. https://www.linkedin.com/feed/update/urn:li:activity:7157716103236894720/

bert_hubert, 1 month ago to random

Remember the EU #Chatcontrol proposal that would have Europol keep a registry of everyone with photos flagged as potential child sexual abuse material? Even false positives? They appear to have lost track of some very personal data: https://www.politico.eu/article/europol-internal-agency-eu-police-agency-engulfed-in-clean-up-over-missing-files/