Notices by Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net), page 2

"To be successful, a European citizens' initiative has to reach one million statements of support as well as minimum thresholds in at least 7 countries."

The initiative "Ban on conversion practices in the European Union" made both.

- 1,245,603 online signatures plus an unknown number of paper signatures
- 11 countries, France did 1202% and Croatia passed in the final minutes.

Congratulations!

https://eci.ec.europa.eu/043/public/#/screen/home/

Kenne ich Lateiner die "Jobrad" auf Latein übersetzen können? Vehentum Laboris?

Every EU citizen should use International Day Against Homophobia, Biphobia, and Transphobia #IDAHOBIT, which is TODAY, May the 17th, as the perfect reason to sign the "Ban on conversion practices in the European Union" citizens initiative.

You have until the end of today to add your signature! If you have already done this — thank you!

https://eci.ec.europa.eu/043/public/#/screen/home

I am totally sure (sarcasm included) that #Google has totally overseen that their planned changes to their root program requirements will cause a lot of problems for mailserver owners like me who in future might run into weird problems with #Letsencrypt certificates for SMTP. I am sure that Google is absolutely not trying to make running your own mailserver even more complicated just to protect their gmail business. That would be totally not how Google thinks, amirite? https://letsencrypt.org/2025/05/14/ending-tls-client-authentication/

@easytarget @mirabilos No. The removal of the ClientAuth EKU (Extended Key Usage) in newly issued certificates happens everywhere, not only at LetsEncrypt. It is required by Google. Certificates with ClientAuth will not be trusted by Google from mid 2026.

@seyon Yes, and reducing TLS certs in ways they can effectively only be used for HTTPS through this step of only allowing ServerAuth EKUs is IMHO (In My Humble Opinion) a step backwards. But as you can see in the comments, other folks fiercely attack that position. @easytarget @mirabilos

Please, everyone who wants to check if we have reached the threshhold of 1 million signatures on the "ban conversion therapy" initiative, use this link:

https://eci.ec.europa.eu/043/public/api/report/progression

It's ugly, but it gives you the number you are looking for without putting extra load on the servers by avoiding all the pretty UI etc from being downloaded. Leave the full page to those who want to sign! Deal? :)

@sindarina The reasons given for this change at https://googlechrome.github.io/chromerootprogram/moving-forward-together/ are not convincing to me. The arguments there reduce the functionality of TLS certs to web servers: "Client authentication represents a private PKI use case that is not relied upon by web browsers for website authentication." which leads to the conclusion that ClientAuth EKU in a cert shouldn't simply be ignored but instead MUST be removed.

@sindarina I have been following this approach (of making ClientAuth less and less desired and actively being fought) since many years, going back to the times of https://unhosted.org where client certificate based auth was an actual browser feature we hoped to use for decentralised architectures. This is just another step to making such architectures far more complex and effectively unusable. THAT's what I oppose.

The policy change at Google is documented here: https://googlechrome.github.io/chromerootprogram/#definitions

- prior to June 15, 2026, include the extendedKeyUsage extension and (1) only assert an extendedKeyUsage purpose of id-kp-serverAuth OR (2) only assert extendedKeyUsage purposes of id-kp-serverAuth and id-kp-clientAuth.
- on or after June 15, 2026, include the extendedKeyUsage extension and only assert an extendedKeyUsage purpose of id-kp-serverAuth.

The document doesn't explain why dropping clientAuth is now required

4/5

Sure, #LetsEncrypt, you can say that using certificate based client auth is a minor use case and that this functionality was never guaranteed to always be available and all of that. But the fact stays: you are removing a feature from your certificates that has been here for a very long time, just because Google demands this. Why Google wants this? I will ask them. But I am quite sure that this #oopsie side effect is not an oversight.

3/5

Just at the time where all over the world discussions are happening to move mail servers back into organisations big and small instead of relying on the big email providers, due to risks associated with centralising email at (US) providers, you are willing to make life even more complicated for us postmasters. This is not what you should be doing. You should make it easier to use encryption instead of telling us postmasters find out ourselves where we can buy certificates in future.

2/5

Dear #Letsencrypt, you helped secure millions and millions of servers, not just web servers. But your announcement at https://letsencrypt.org/2025/05/14/ending-tls-client-authentication/ about ending Ending TLS Client Authentication Certificate Support in 2026 because Google changes their requirements would result in your certificates becoming a risk for SMTP servers. You are literally risking an email collapse for many mailserver owners just to please Google? Please think again. Please.

1/5

ICC (International Criminal Court) prosecutor Khan locked out of his Microsoft email account and UK based bank accounts based on US sanctions.

"Microsoft, for example, cancelled Khan’s email address, forcing the prosecutor to move to Proton Mail, a Swiss email provider, ICC staffers said. His bank accounts in his home country of the U.K. have been blocked."

https://apnews.com/article/icc-trump-sanctions-karim-khan-court-a4b4c02751ab84c09718b1b95cbd5db3

Nero Burning ROM will always stay in my heart as the best product name ever. This is not open for discussion.

1/3

@kevin @badnetmask Lifehack: if you know a hotel or restaurant owner/manager, you can ask them. They can get almost every brand and product in big containers (5,10,25 liters). They use them to refill the little pump bottles in their rooms. Also often dirt cheap in comparison :)

Heute schon was vor? Demos bundesweit um ein Verbotsverfahren gegen die gesichert rechtsextremistische AfD einzuleiten gibt es an vielen Orten! Mehr Infos: https://afd-verbot.jetzt/de/termine

Meine neue Fahne ist grad noch rechtzeitig angekommen. Und wenn ihr euch fragt ob es eventuell strafbar wäre mit dieser Fahne auf die Demo zu gehen: Nein, ist es nicht.

"Die Verwendung des Hakenkreuzes ist in allen Varianten strafbar, außer wenn die Darstellungsform eine deutliche Ablehnung der Ideologie des Nationalsozialismus erkennen lässt (z. B. durchgestrichenes Hakenkreuz)."

Quelle: Bayerische Informationsstelle gegen Extremismus https://www.bige.bayern.de/infos_zu_extremismus/rechtsextremismus/zeichen_und_symbole/symbole/index.html#:~:text=Die%20Verwendung%20des%20Hakenkreuzes%20ist,durchgestrichenes%20Hakenkreuz).

#Andor season 2 moves Star Wars into Battlestar Galactica 2004 territory when it comes to criticising the world we live in. I am impressed.

Also, also. The Battlestar Galactica 2004-2009 series deserves to be watched again. It was prescient in so many ways, IMHO (In My Humble Opinion) https://www.youtube.com/shorts/sz2QN8_VvoM