Notices by bert hubert 🇺🇦🇪🇺🇺🇦 (bert_hubert@fosstodon.org), page 2

US internet users are taking a huge interest in the page on how Europe can no longer trust US clouds. 10k visitors/hour, mostly from the orange site.

It is very hard to accept, but it is no longer safe to move EU governments & societies to US clouds. Not only is it dangerous to do so, it is also likely flat out illegal in the near feature. We're trading convenience for utter dependence on a mad king. It should stop.

https://berthub.eu/articles/posts/you-can-no-longer-base-your-government-and-society-on-us-clouds/

The legality (not wisdom) of putting European private data on US clouds hinges on the availability of the US Privacy and Civil Liberties Oversight Board. Trump neutered this board, and the European parliament has taken notice & asked the European Commission what they think:

In Dutch, but translation works well. My call for the Dutch government to retain at least a core IT/communication/email/file capability that is independent of US clouds. Named after the iconic Radio Kootwijk which we built in response to the English cutting off our communications with Indonesia in 1916: https://berthub.eu/articles/posts/mailen-en-communiceren-zonder-musk-en-trump-cloud-kootwijk/

Many media & posters apparently have the urge from time to time to inform us they think that Trump is not *all* bad. Here is some wisdom from 2017.

"The second advantage of WAL-mode is that writers do not block readers and readers to do not block writers. This is mostly true" - coming to you live from the part where this is not true. #sqlite3 https://sqlite.org/wal.html

"So how long have you been into cyber" - apparently since October 1989. I must have been insufferable if I read this correctly! Using the PowerC compiler no less! http://www.mixsoftware.com/product/powerc.htm

Yesterday a user told me they couldn't log in to my parliamentary monitoring site. On investigating, I found that Microsoft email security was logging in on behalf of my user by executing a POST. This broke the single-use sign-on link. Executing POSTs is usually considered unacceptable, and in this way Microsoft again transgresses an important norm. Here's how to deal with the specific POST problem & what might be done about these transgressions in general:
https://berthub.eu/articles/posts/shifting-cyber-norms-microsoft-post/

So I send out login links in emails. If the user clicks on the link, JavaScript in that webpage will *POST* to a URL to log in. The login token works only *once*. I now have a user that tells me they can't log in. From the logs, I see a Microsoft IP address POSTing that login link. Is some kind of MS email security product executing JavaScript and POSTING things? Is this a known phenomenon? I've now made this a login *button* which the user has to click again. I hope it helps.

George #Orwell’s 1940 review of Mein Kampf is an astounding read. It is very educational to study primary literature from just before historical events. In here we read that up to 1939 Hitler was regarded rather favorably by many, for reasons we might recognize today. Frightening: https://bookmarks.reviews/george-orwells-1940-review-of-mein-kampf/

"In Dublin's official timezone data, for example, tm_isdst is zero in their summer and one in their winter, the opposite of the norm, but not on RHEL, which "normalizes" the data. If you lived in Dublin and used Fedora, and made an invalid assumption about tm_isdst values, you would not be on time for tea." - from https://www.redhat.com/en/blog/brief-history-mktime

After studying the strptime timezone %Z situation for a bit, I have concluded that both time and computers were a mistake.

@jmorris in many countries they aren't if you put odd stuff in there. In The Netherlands there is for example the concept of 'mandatory law' which declares all kinds of things void in contracts with consumers. Judges here will assume that consumers are not lawyers and will not consult lawyers for most things they buy or services they consume. So if you put stuff in the TOS that is too surprising, it isn't valid here.

Someone just reported a crash in my Dutch post code database tooling. Turns out this was very likely hardware related, which made me think of my ~16 year old blog post "The 14 stages of any real software project":
https://blog.netherlabs.nl/articles/2008/11/16/the-fourteen-stages-of-any-real-software-project

Just recovering from a helpful user who launched a web security scanner at my site and found 5 "issues", none of which were a security issue. But by opening public security tickets you cause a lot of work for a project, since we can't just close those & people start to worry if you ignore them. Please think twice before opening security issues if you aren't sure what they mean & you just copied them from a random site. Feel free to send an email before raising the alarm.

@dalias thanks I guess?

Part of our global dumbing down is the assumption no one wants to read anything anymore. This leads to ever briefer articles. Which sucks, since the world is too complicated to be understood through soundbites alone. However, if you invest time in decent writing & do the measurements, you find that tens of thousands of people DO read 3200 word posts straight through to the end:

@tante no one has any use for that information since no medical place is going to trust you to provide that information correctly (and right they are). Also, I have no idea either.

Recently I was invited to present on long term software development. I asked around for people's experiences here on Mastodon, and you delivered in spades! Please find here the collected wisdom in blog post form. Likely relevant for everyone shipping software that has to stay viable for a decade or more: https://berthub.eu/articles/posts/on-long-term-software-development/

@vitaut earlier this week I had one that went three layers deep this way! Started with “JavaScript sorts a table badly” and went all the way to “our C++ sql library needs changes”