Notices by bert hubert 🇺🇦🇪🇺🇺🇦 (bert_hubert@fosstodon.org), page 2

@niels @Karlitschek does Nextcloud phone home these days? Seems worrying.

So I didn't know, but Europe already has a backup of PubMed, the database of biomedical research publications. The US PubMed broke down over the weekend. And here is our alternative: https://europepmc.org/ #pubmed #pmc

Many European governments are in the process of moving most of their INTERNAL communication to US controlled servers, in full view of the US intelligence apparatus. The political situation in the USA is however not going to get any less scary. Any (forced) migrations over summer might no longer be very wise. https://www.theregister.com/2025/02/26/europe_has_second_thoughts_about/

If you send me a Microsoft Teams link to talk about your open source policies, I'll respond with a Signal or Jitsi meeting link. And if you find it hard to install additional software or do something different to meet with me, I feel exactly the same way.

US internet users are taking a huge interest in the page on how Europe can no longer trust US clouds. 10k visitors/hour, mostly from the orange site.

It is very hard to accept, but it is no longer safe to move EU governments & societies to US clouds. Not only is it dangerous to do so, it is also likely flat out illegal in the near feature. We're trading convenience for utter dependence on a mad king. It should stop.

https://berthub.eu/articles/posts/you-can-no-longer-base-your-government-and-society-on-us-clouds/

The legality (not wisdom) of putting European private data on US clouds hinges on the availability of the US Privacy and Civil Liberties Oversight Board. Trump neutered this board, and the European parliament has taken notice & asked the European Commission what they think:

In Dutch, but translation works well. My call for the Dutch government to retain at least a core IT/communication/email/file capability that is independent of US clouds. Named after the iconic Radio Kootwijk which we built in response to the English cutting off our communications with Indonesia in 1916: https://berthub.eu/articles/posts/mailen-en-communiceren-zonder-musk-en-trump-cloud-kootwijk/

Many media & posters apparently have the urge from time to time to inform us they think that Trump is not *all* bad. Here is some wisdom from 2017.

"The second advantage of WAL-mode is that writers do not block readers and readers to do not block writers. This is mostly true" - coming to you live from the part where this is not true. #sqlite3 https://sqlite.org/wal.html

"So how long have you been into cyber" - apparently since October 1989. I must have been insufferable if I read this correctly! Using the PowerC compiler no less! http://www.mixsoftware.com/product/powerc.htm

Yesterday a user told me they couldn't log in to my parliamentary monitoring site. On investigating, I found that Microsoft email security was logging in on behalf of my user by executing a POST. This broke the single-use sign-on link. Executing POSTs is usually considered unacceptable, and in this way Microsoft again transgresses an important norm. Here's how to deal with the specific POST problem & what might be done about these transgressions in general:
https://berthub.eu/articles/posts/shifting-cyber-norms-microsoft-post/

So I send out login links in emails. If the user clicks on the link, JavaScript in that webpage will *POST* to a URL to log in. The login token works only *once*. I now have a user that tells me they can't log in. From the logs, I see a Microsoft IP address POSTing that login link. Is some kind of MS email security product executing JavaScript and POSTING things? Is this a known phenomenon? I've now made this a login *button* which the user has to click again. I hope it helps.

George #Orwell’s 1940 review of Mein Kampf is an astounding read. It is very educational to study primary literature from just before historical events. In here we read that up to 1939 Hitler was regarded rather favorably by many, for reasons we might recognize today. Frightening: https://bookmarks.reviews/george-orwells-1940-review-of-mein-kampf/

"In Dublin's official timezone data, for example, tm_isdst is zero in their summer and one in their winter, the opposite of the norm, but not on RHEL, which "normalizes" the data. If you lived in Dublin and used Fedora, and made an invalid assumption about tm_isdst values, you would not be on time for tea." - from https://www.redhat.com/en/blog/brief-history-mktime

After studying the strptime timezone %Z situation for a bit, I have concluded that both time and computers were a mistake.

@jmorris in many countries they aren't if you put odd stuff in there. In The Netherlands there is for example the concept of 'mandatory law' which declares all kinds of things void in contracts with consumers. Judges here will assume that consumers are not lawyers and will not consult lawyers for most things they buy or services they consume. So if you put stuff in the TOS that is too surprising, it isn't valid here.

Someone just reported a crash in my Dutch post code database tooling. Turns out this was very likely hardware related, which made me think of my ~16 year old blog post "The 14 stages of any real software project":
https://blog.netherlabs.nl/articles/2008/11/16/the-fourteen-stages-of-any-real-software-project

Just recovering from a helpful user who launched a web security scanner at my site and found 5 "issues", none of which were a security issue. But by opening public security tickets you cause a lot of work for a project, since we can't just close those & people start to worry if you ignore them. Please think twice before opening security issues if you aren't sure what they mean & you just copied them from a random site. Feel free to send an email before raising the alarm.

@dalias thanks I guess?