Search

1000 results for “DelusionalAI”

1. 

   The Gamer's Tavern 🍻 @[email protected] · 2024-06-07 · 22:52 UTC

   I love the Monster Hunter series but I should be really delusional to say I've played one single chapter up till end game.

   I'm a lousy hunter.

   #Gaming #Videogames #SummerGameFest #SummerGameFest2024 #MonsterHunter #MonsterHunterWilds

   #gaming #videogames #summergamefest #summergamefest2024 #monsterhunter #monsterhunterwilds
2. 

   alecm @[email protected] · 2023-11-30 · 11:55 UTC

   BREAKING: leaked document from MEPs lays out a delusional, paranoid joint (mis)understanding of how Web standards work, makes demands for Government, not experts, to dictate how Web works / for HTTPS backdoor #QWACs

   This document is circulating amongst European security academics.

   It is a shockingly bad basis for legislation; I was robustly anti-brexit but this makes me glad that we in the UK are “out”, not that Brexit improves matters because it still means that any global communication with an EU website may have its security and integrity violated.

   In particular: check out the answers to questions 2, 8, 11, and 12.

   Personal perspective: these are not arguments in favour of QWACs, in fact some of the text I would characterise as jingoism and bombast, something like:

   “THEY are people who implement web browsers but WE represent the federation of European states and THEREFORE we are surely fit to tell internet security how it should work; also THEY write software and WE cannot currently tell them what to do, and THIS situation is intolerable”

   Internet security is like the tides: you can locally shape where they go, yes, but you can’t control the reality of them and how they behave, and global change is not within the remit of humankind – instead change emerges from humankind.

   In this case:

   1. We had EV certificates. I am intimately familiar with them. They were a pain in the ass. They were expensive. They did not serve their purpose.
   2. It appears that the eIDAS project is captured by entities like the European Signature Dialogue who I’m pretty sure see potential for money in this identity project (edit: to resurrect EV goals as QWACs) not to mention the opportunity to expand it later
   3. And then they go try and paint Mozilla in the same terms which most internet activists reserve for Palantir <cough/>
   4. And they evidence this with (e.g.) the suggestion that shrinking certificate lifetimes down to 90 days is somehow an anticompetitive practice, as opposed to “minimising a temporal attack surface”. The European CAs feel that they should just be able to issue a certificate for a long time, collect the money and run, (edit: not even bothering to log it publicly in a trustworthy CT log.)

   This is appalling, in ways that are too innumerable to describe. I need more coffee and food before fully nitpicking it, unless others beat me to it.

   Full plaintext attached below. Previously. Background.

   Update: Statement re: Attribution

   I believe my sources with as much trust as those people who are cited within the document, demanding that we MUST arbitrarily trust them with the keys to internet safety because they are good guys who will be policed by yet more good guys and who would never do anything to undermine that trust.

   If the document suggested that all QWAC certificates would have to obey Web standards and be registered in a public encrypted log, we would mostly/ish not be in this situation.

   Trust is complicated like that.

   — Page 1 —

   Members briefing note on the discussion around Qualified Website Authentication Certificates (QWACs) – Art. 45 of eIDAS Regulation

   Despite the successful conclusion of the final trilogue on the eIDAS revision on November 8, an open letter has sparked a controversy around the Article 45 (QWACs) that is threatening to undermine the entire proposal. Subsequent to the publishing of the open letter, an aggressive disinformation campaign has been launched further spreading unfounded accusations.

   The open letter claims that the current proposal radically expands the ability of governments to surveil both their own citizens and residents across the EU by providing them with the technical means to intercept encrypted web traffic, as well as undermining the existing oversight mechanisms relied on by European citizens. It further claims that the technical implementation of these QWACs could affect the security of the Internet by interfering with the way in which web-browsers manage security and encrypt communication. The open letter claims that by mandating web-browser to recognize the QWACs, the new Regulation could lead to a breach of encryption and allow to intercept web-traffic.

   On top of this, Mozilla has also engaged in its own campaign trying at all costs to preserve the monopoly of the web browsers to set their own rules outside of any regulatory system.

   In view of the vote in ITRE on November 28, with this briefing we seek to revert to the facts- based discussion, to better inform Members and to also help with stakeholder communication.

   1. What is a Qualified Website Authentication Certificate (QWAC)?

   • A QWAC makes it possible to authenticate a website and that confirms that the person or company behind a website is genuine and legitimate. In other words, it gives assurance with a high level of confidence in the identity of the entity standing behind the website, irrespective of the platform used to display it.
   • As such, QWACs prevent identity fraud, protect the fundamental rights of European consumers in the digital world and are an important part of the European digital trust framework.

   1. Are QWACS new? Articles 45 and 45a mandate that all web browsers recognize a new form of certificate for the purposes of authenticating websites.

   • Qualified Web Authentication Certificates (QWACs) are not a new form of certificate. They were defined in the original 2014 eIDAS Regulation in the Article 45 as part of Europe’s push for “digital sovereignty” instead of domination by non-European big tech companies. They work in exactly the same way as other forms of website certificates that are also in use.
   • There is no information to suggests that the use of QWACs since 2014 has led to increase in mass surveillance of citizens by the governments, that they have in any way fragmented the Web or in any way undermined internet’s trust architecture!!!

   — Page 2 —

   1. Why is eIDAS mandating recognition of web-browsers by the QWACs?

   • QWACs are electronic certificates that provide independent assurance of the authenticity of a website by certifying its ownership. It gives the users the assurances that they are interacting with a genuine website helping prevent internet fraud. They, thereby, improve the security and transparency of the internet. As QWACs attest the authenticity of websites, they require the technical support of web-browsers to function correctly.
   • Since web browsers have not voluntarily recognised QWACs since their creation by the eIDAS regulation in 2014, the Commission has proposed to make this recognition compulsory.
   • Recognition means that web browsers are required to ensure support and interoperability for the QWACs for the sole purpose of displaying identity data in a user-friendly manner.
   • Recognition of QWACs implies that browsers shouldn’t question the origin, integrity or data in the certificate.

   1. Who issues QWACs?

   • QWACs are issued by Qualified Trust Service Providers (QTSPs), under the close supervision of the Member States’ authorities, similarly to all other qualified trust services. National trusted lists may be used to confirm the qualified status of QAWCs and of their trust service providers, including their full compliance with the requirements of this Regulation with regards to the issuance of qualified certificates for website authentication.

   1. Who are Qualified Trust Service Providers (QTSPs)? How do they get their qualified status?

   • QTSPs are trust service providers who provide one or more qualified trust services and are granted the qualified status by the Member States’ supervisory bodies. Put simply, they are providers of trust services whosehigh level of security, data protection, and compliance are subject to regular independent audits and certifications. As a result, there is greater assurance of the legal validity of their services.
   • Before a trust services provider is granted a qualified status (QTSP/QTS), it will be subject to a pre-authorization process — the so-called initiation process. QTSPs may only begin to provide the qualified trust service after the qualified status has been granted by the competent supervisory body and indicated in the national trusted list. Before being granted the qualified statues, the QTSP must successfully pass an external assessment (audit) to confirm it fulfills the eIDAS requirements. That audit must be conducted by a conformity assessment body specifically accredited to carry out assessments of a QTSP.
   • For example: a qualified status in Germany is only granted by the independent supervisory body (e.g. Federal Security Office in Germany) after auditing is completed by a conformity assessment body (e.g. TÜV).

   — Page 3 —

   1. Will all European websites be government mandated to use QWACs?

   • No. The provision and the use of website authentication services, including QWACs, is entirely voluntary and subject to market competition in the domain of website certificates. The use of QWACs is not subject to a government mandate – natural and legal persons are free to choose from a number of different browser certificates currently available on the market, such as EV, OV or DV certificates.

   1. Does the eIDAS Regulation intend to change the way browsers ensure web security?

   • No. The requirement to recognise QWACs does not, in any way, affect browsers own security policies. Art. 45 leaves it up to the web-browsers to preserve and follow their own procedures and criteria for encryption and authentication of certificates in line with best industry practices.
   • Amended recital 32 explicitly states that “The obligation of recognition, interoperability and support of QWACs is not to affect the freedom of web-browser providers to ensure web security, domain authentication and the encryption of web traffic in the manner and with the technology they consider most appropriate.”

   1. Do the rules on QWACs facilitate government surveillance of citizens and the interception of web traffic?

   • No. QWACs are certificates that allow to identify the entity behind a certain website. These certificates are issued by public or private trust service providers as a commercial service. QWACs have no other function than to attest the identity behind a website. Browsers are required to recognize them for the sole purpose of displaying this identity.
   • The recognition of QWACs does not oblige web-browsers to grant QWACs automatic access to their root stores. The obligation to recognise QWACs does not, therefore, affect browser security policies and leaves them complete freedom to preserve their own procedures and criteria for encryption and authentication of other certificates.

   1. Does the requirement to recognize QWACs in Article 45 make it impossible for web browsers to raise security issues with QWACs?

   • No. QWACs are trusted electronic certificates issued to common standards by accredited EU trust service providers. The issuance is supervised by national authorities which should act in full compliance with the requirements of the Regulation.
   • In order to ensure a fully harmonized approach to national supervision and avoid that any Member State would follow lower supervision standards, the eIDAS Regulation foresees the development of specific standards and procedures that will need to be followed by all national supervisory bodies within 12 months of the entering into force of the Regulation.
   • Should there be security incidents, web-browsers are free to take precautionary measures to protect the security of the Internet. This has en clarified in Recital 32.
   • It is important to ensure the correct functioning of QWACS. For this reason, the Regulation does not allow Member States or private parties to impose additional requirements to those set in the Regulation. [Article 45(2a)].

   — Page 4 —

   • The prohibition of additional requirements is of course without prejudice to the responsibility of web-browsers to ensure web security, domain authentication and the encryption of web traffic. This has been clarified by co-legislators in recital 32 which includes a provision that the rules on QWACs shall not affect the freedom of web browsers to ensure web security, domain authentication and the encryption of web traffic in the manner and with the technology they consider most appropriate.

   1. What is the procedure for web-browsers to raise security concerns on QWACs? [Article 45a, Recital 32]

   • In case of substantiated security concerns regarding security or integrity breaches of QWACs, web browsers may take precautionary measures to protect the integrity and security of the internet. Taking such precautionary measures is fully at the discretion of web-browsers and not a specific obligation set in the Regulation.
   • When taking these precautionary measures, web browsers shall notify all concerned parties and notably the national supervisory body of its concerns and the measures taken.
   • The national supervisory body will take a decision on the integrity of the QWAC in question and may request it to be withdrawn.
   • This process is only intended to secure the correct functioning of QWACs in the web environment and does therefore not cover other certificates used by web-browsers to ensure web security, domain authentication and the encryption of web traffic, such as TLS certificates. The Regulation does not introduce general reporting obligations on certificates used by web-browsers.
   • The independence of web-browsers when it comes to the management of web-security has been clarified by amendments to recital 32. These amendments state that the rules on QWACs shall not affect the freedom of web browsers to ensure web security, domain authentication and the encryption of web traffic in the manner and with the technology they considermost appropriate.

   1. The current system works – why change it?

   • Amended eIDAS Reuglation creates a balance between the EU and the browsers. Right now, there is no recourse or oversight to browsers’ decisions. Browsers are BOTH competitors of EU Qualified Trust Service Providers (QTSPs) – browsers also issue website certificates to their cloud hosting customers – AND regulators of QTSPs through the browsers’

   own root program rules.

   • Browsers have abused their monopoly regulatory powers in the past and are in the process of doing so again by forcing all website owners and QTSPs to move to automated 90-day website certificates (instead of the current 13-month certificate limit), even though there is widespread opposition in the internet ecosystem.
   • Under eIDAS, the EU is able to exercise its digital sovereignty to protect EU citizens, but the browsers are also able to (1) participate in future rulemaking and (2) report any certificate problems they encounter from QTSPs to regulatory bodies for investigation. Browsers can

   — Page 5 —

   • …participate in standardization forums like ETSI at any time – and some already do this – to strengthen the rules for the issuance of QWACs if they deem this necessary. Right now, the browsers just do what they want, and there is no recourse or oversight to their decisions. New eIDAS changes that.

   1. The eIDAS Regulation is a law to ensure the digital sovereignty of the EU and to enable the European Digital Single Market. The eIDAS is not a security law and does not give police and security authorities more rights and powers, nor does it lay the foundation for surveillance and data access rights.

   • The aim of eIDAS is to create trust anchors for digital transactions through strict, comprehensive regulation, which can be trusted comprehensively and generally by anyone involved in legal and business transactions. Any impairment of the status as an anchor of trust and weakening of the level of security is therefore unlawful.
   • The accusation that EU member states would use this regulation to spy on their citizens is completely absurd.
   • The suggested danger is purely hypothetical because a system of independent bodies guarantees security. The actions that would need to be taken for this would be costly (there are much simpler procedures for spying on citizens).
   • An EU member would have to take illegal actions and ruin its reputation. In addition, there would be a high risk of detection of any such attempt.
   • First of all, the approval of a QTSP already offers a high level of protection: it is only granted by the independent supervisory body (e.g. Federal Security Office in Germany) after auditing by a conformity assessment body (e.g. TÜV). This means that independent parties are still involved.
   • Second, in order for the suggested danger to occur, an EU member state would have to completely and deliberately put itself in the wrong: It would first have to compromise a QTSP. In addition, the EU Member State would have to ensure that the independent conformity assessment body and (!) the independent supervisory body do not fulfil their inspection and supervisory duties.
   • Finally, there would also be a risk that the European Commission, which must always be informed, would initiate infringement proceedings against the Member State if the browsers were reported due to security concerns.
   • Incidentally, browsers are obliged under the US Homeland Security Act to provide data to US intelligence agencies on request.

   — Page 6 —

   1. Can Member States follow different security approaches for the Wallet? What is the added value od eIDAS 2.0?

   • No. Member States cannot follow different security approaches for the Wallet.
   • New rules provide for a fully harmonized framework which is implemented on the basis of common standards and technical specifications in the same way in all the Member States.
   • All key features and requirements of the Wallet will be implemented following common EU technical standards and specifications. This is one of the main innovations of the Regulation for a European Digital Identity Framework. It means that it will become possible to use the Wallet in the same way in all Member States and offer users the same basic services and functionalities irrespective of which Member State issues it.
   • Currently existing national solutions are built on different solutions offering different levels of privacy and security protections.
   • A harmonized EU approach to digital identity management will also ensure compliance with data protection rules all over Europe and include features, such as a dashboard to see the log of all interactions of the wallet, a possibility to download and transfer data and a possibility to directly lodge a complaint in case of data breaches.
   • All technical specifications for the Wallet are being developed together with a group of experts from the Member States. In addition, the progress of this work is put to public scrutiny and feedback. First sets have already been published on Github.
   • Once the technical specifications are finalized, they will be made mandatory through implementing acts following the usual process of public consultation.
   • To ensure that these requirements are observed by all Member States, all Wallets must be independentlycertified to the highest security standards. The certification system will also follow harmonized standards and follow the EU Cybersecurity Act.
   • Until this system is fully operational [estimate 2027/2028], Wallets will be certified at national level. However also in this transition period, standards will be the same and the certification by national bodies will follow common standards established by the implementing acts.
   • In addition, all certification schemes will be submitted for opinion and recommendations to a joint group (European Digital Identity Cooperation Group) as an additional safeguard to ensure a harmonized approach and the highest degree of security. [Reference: Art. 6c(2a) (revised) and Article 46e(5)]
   • An important safeguard for security and harmonization is transparency: the co-legislators have decided that the European Digital Identity Wallet will be open-source licensed. This will contribute to public trust and improve the functionality and security of the Wallet as everybody can scrutinize the technological set-up proposed and provide feedback on the choices made. [Article 6a(2a), Recital 11d]

   #qwac #qwacs #webStandards

   https://alecmuffett.com/article/108519

   #qwac #qwacs #webstandards
3. 

   alecm @[email protected] · 2023-11-30 · 11:55 UTC

   BREAKING: leaked document from MEPs lays out a delusional, paranoid joint (mis)understanding of how Web standards work, makes demands for Government, not experts, to dictate how Web works / for HTTPS backdoor #QWACs

   This document is circulating amongst European security academics.

   It is a shockingly bad basis for legislation; I was robustly anti-brexit but this makes me glad that we in the UK are “out”, not that Brexit improves matters because it still means that any global communication with an EU website may have its security and integrity violated.

   In particular: check out the answers to questions 2, 8, 11, and 12.

   Personal perspective: these are not arguments in favour of QWACs, in fact some of the text I would characterise as jingoism and bombast, something like:

   “THEY are people who implement web browsers but WE represent the federation of European states and THEREFORE we are surely fit to tell internet security how it should work; also THEY write software and WE cannot currently tell them what to do, and THIS situation is intolerable”

   Internet security is like the tides: you can locally shape where they go, yes, but you can’t control the reality of them and how they behave, and global change is not within the remit of humankind – instead change emerges from humankind.

   In this case:

   1. We had EV certificates. I am intimately familiar with them. They were a pain in the ass. They were expensive. They did not serve their purpose.
   2. It appears that the eIDAS project is captured by entities like the European Signature Dialogue who I’m pretty sure see potential for money in this identity project (edit: to resurrect EV goals as QWACs) not to mention the opportunity to expand it later
   3. And then they go try and paint Mozilla in the same terms which most internet activists reserve for Palantir <cough/>
   4. And they evidence this with (e.g.) the suggestion that shrinking certificate lifetimes down to 90 days is somehow an anticompetitive practice, as opposed to “minimising a temporal attack surface”. The European CAs feel that they should just be able to issue a certificate for a long time, collect the money and run, (edit: not even bothering to log it publicly in a trustworthy CT log.)

   This is appalling, in ways that are too innumerable to describe. I need more coffee and food before fully nitpicking it, unless others beat me to it.

   Full plaintext attached below. Previously. Background.

   Update: Statement re: Attribution

   I believe my sources with as much trust as those people who are cited within the document, demanding that we MUST arbitrarily trust them with the keys to internet safety because they are good guys who will be policed by yet more good guys and who would never do anything to undermine that trust.

   If the document suggested that all QWAC certificates would have to obey Web standards and be registered in a public encrypted log, we would mostly/ish not be in this situation.

   Trust is complicated like that.

   — Page 1 —

   Members briefing note on the discussion around Qualified Website Authentication Certificates (QWACs) – Art. 45 of eIDAS Regulation

   Despite the successful conclusion of the final trilogue on the eIDAS revision on November 8, an open letter has sparked a controversy around the Article 45 (QWACs) that is threatening to undermine the entire proposal. Subsequent to the publishing of the open letter, an aggressive disinformation campaign has been launched further spreading unfounded accusations.

   The open letter claims that the current proposal radically expands the ability of governments to surveil both their own citizens and residents across the EU by providing them with the technical means to intercept encrypted web traffic, as well as undermining the existing oversight mechanisms relied on by European citizens. It further claims that the technical implementation of these QWACs could affect the security of the Internet by interfering with the way in which web-browsers manage security and encrypt communication. The open letter claims that by mandating web-browser to recognize the QWACs, the new Regulation could lead to a breach of encryption and allow to intercept web-traffic.

   On top of this, Mozilla has also engaged in its own campaign trying at all costs to preserve the monopoly of the web browsers to set their own rules outside of any regulatory system.

   In view of the vote in ITRE on November 28, with this briefing we seek to revert to the facts- based discussion, to better inform Members and to also help with stakeholder communication.

   1. What is a Qualified Website Authentication Certificate (QWAC)?

   • A QWAC makes it possible to authenticate a website and that confirms that the person or company behind a website is genuine and legitimate. In other words, it gives assurance with a high level of confidence in the identity of the entity standing behind the website, irrespective of the platform used to display it.
   • As such, QWACs prevent identity fraud, protect the fundamental rights of European consumers in the digital world and are an important part of the European digital trust framework.

   1. Are QWACS new? Articles 45 and 45a mandate that all web browsers recognize a new form of certificate for the purposes of authenticating websites.

   • Qualified Web Authentication Certificates (QWACs) are not a new form of certificate. They were defined in the original 2014 eIDAS Regulation in the Article 45 as part of Europe’s push for “digital sovereignty” instead of domination by non-European big tech companies. They work in exactly the same way as other forms of website certificates that are also in use.
   • There is no information to suggests that the use of QWACs since 2014 has led to increase in mass surveillance of citizens by the governments, that they have in any way fragmented the Web or in any way undermined internet’s trust architecture!!!

   — Page 2 —

   1. Why is eIDAS mandating recognition of web-browsers by the QWACs?

   • QWACs are electronic certificates that provide independent assurance of the authenticity of a website by certifying its ownership. It gives the users the assurances that they are interacting with a genuine website helping prevent internet fraud. They, thereby, improve the security and transparency of the internet. As QWACs attest the authenticity of websites, they require the technical support of web-browsers to function correctly.
   • Since web browsers have not voluntarily recognised QWACs since their creation by the eIDAS regulation in 2014, the Commission has proposed to make this recognition compulsory.
   • Recognition means that web browsers are required to ensure support and interoperability for the QWACs for the sole purpose of displaying identity data in a user-friendly manner.
   • Recognition of QWACs implies that browsers shouldn’t question the origin, integrity or data in the certificate.

   1. Who issues QWACs?

   • QWACs are issued by Qualified Trust Service Providers (QTSPs), under the close supervision of the Member States’ authorities, similarly to all other qualified trust services. National trusted lists may be used to confirm the qualified status of QAWCs and of their trust service providers, including their full compliance with the requirements of this Regulation with regards to the issuance of qualified certificates for website authentication.

   1. Who are Qualified Trust Service Providers (QTSPs)? How do they get their qualified status?

   • QTSPs are trust service providers who provide one or more qualified trust services and are granted the qualified status by the Member States’ supervisory bodies. Put simply, they are providers of trust services whosehigh level of security, data protection, and compliance are subject to regular independent audits and certifications. As a result, there is greater assurance of the legal validity of their services.
   • Before a trust services provider is granted a qualified status (QTSP/QTS), it will be subject to a pre-authorization process — the so-called initiation process. QTSPs may only begin to provide the qualified trust service after the qualified status has been granted by the competent supervisory body and indicated in the national trusted list. Before being granted the qualified statues, the QTSP must successfully pass an external assessment (audit) to confirm it fulfills the eIDAS requirements. That audit must be conducted by a conformity assessment body specifically accredited to carry out assessments of a QTSP.
   • For example: a qualified status in Germany is only granted by the independent supervisory body (e.g. Federal Security Office in Germany) after auditing is completed by a conformity assessment body (e.g. TÜV).

   — Page 3 —

   1. Will all European websites be government mandated to use QWACs?

   • No. The provision and the use of website authentication services, including QWACs, is entirely voluntary and subject to market competition in the domain of website certificates. The use of QWACs is not subject to a government mandate – natural and legal persons are free to choose from a number of different browser certificates currently available on the market, such as EV, OV or DV certificates.

   1. Does the eIDAS Regulation intend to change the way browsers ensure web security?

   • No. The requirement to recognise QWACs does not, in any way, affect browsers own security policies. Art. 45 leaves it up to the web-browsers to preserve and follow their own procedures and criteria for encryption and authentication of certificates in line with best industry practices.
   • Amended recital 32 explicitly states that “The obligation of recognition, interoperability and support of QWACs is not to affect the freedom of web-browser providers to ensure web security, domain authentication and the encryption of web traffic in the manner and with the technology they consider most appropriate.”

   1. Do the rules on QWACs facilitate government surveillance of citizens and the interception of web traffic?

   • No. QWACs are certificates that allow to identify the entity behind a certain website. These certificates are issued by public or private trust service providers as a commercial service. QWACs have no other function than to attest the identity behind a website. Browsers are required to recognize them for the sole purpose of displaying this identity.
   • The recognition of QWACs does not oblige web-browsers to grant QWACs automatic access to their root stores. The obligation to recognise QWACs does not, therefore, affect browser security policies and leaves them complete freedom to preserve their own procedures and criteria for encryption and authentication of other certificates.

   1. Does the requirement to recognize QWACs in Article 45 make it impossible for web browsers to raise security issues with QWACs?

   • No. QWACs are trusted electronic certificates issued to common standards by accredited EU trust service providers. The issuance is supervised by national authorities which should act in full compliance with the requirements of the Regulation.
   • In order to ensure a fully harmonized approach to national supervision and avoid that any Member State would follow lower supervision standards, the eIDAS Regulation foresees the development of specific standards and procedures that will need to be followed by all national supervisory bodies within 12 months of the entering into force of the Regulation.
   • Should there be security incidents, web-browsers are free to take precautionary measures to protect the security of the Internet. This has en clarified in Recital 32.
   • It is important to ensure the correct functioning of QWACS. For this reason, the Regulation does not allow Member States or private parties to impose additional requirements to those set in the Regulation. [Article 45(2a)].

   — Page 4 —

   • The prohibition of additional requirements is of course without prejudice to the responsibility of web-browsers to ensure web security, domain authentication and the encryption of web traffic. This has been clarified by co-legislators in recital 32 which includes a provision that the rules on QWACs shall not affect the freedom of web browsers to ensure web security, domain authentication and the encryption of web traffic in the manner and with the technology they consider most appropriate.

   1. What is the procedure for web-browsers to raise security concerns on QWACs? [Article 45a, Recital 32]

   • In case of substantiated security concerns regarding security or integrity breaches of QWACs, web browsers may take precautionary measures to protect the integrity and security of the internet. Taking such precautionary measures is fully at the discretion of web-browsers and not a specific obligation set in the Regulation.
   • When taking these precautionary measures, web browsers shall notify all concerned parties and notably the national supervisory body of its concerns and the measures taken.
   • The national supervisory body will take a decision on the integrity of the QWAC in question and may request it to be withdrawn.
   • This process is only intended to secure the correct functioning of QWACs in the web environment and does therefore not cover other certificates used by web-browsers to ensure web security, domain authentication and the encryption of web traffic, such as TLS certificates. The Regulation does not introduce general reporting obligations on certificates used by web-browsers.
   • The independence of web-browsers when it comes to the management of web-security has been clarified by amendments to recital 32. These amendments state that the rules on QWACs shall not affect the freedom of web browsers to ensure web security, domain authentication and the encryption of web traffic in the manner and with the technology they considermost appropriate.

   1. The current system works – why change it?

   • Amended eIDAS Reuglation creates a balance between the EU and the browsers. Right now, there is no recourse or oversight to browsers’ decisions. Browsers are BOTH competitors of EU Qualified Trust Service Providers (QTSPs) – browsers also issue website certificates to their cloud hosting customers – AND regulators of QTSPs through the browsers’

   own root program rules.

   • Browsers have abused their monopoly regulatory powers in the past and are in the process of doing so again by forcing all website owners and QTSPs to move to automated 90-day website certificates (instead of the current 13-month certificate limit), even though there is widespread opposition in the internet ecosystem.
   • Under eIDAS, the EU is able to exercise its digital sovereignty to protect EU citizens, but the browsers are also able to (1) participate in future rulemaking and (2) report any certificate problems they encounter from QTSPs to regulatory bodies for investigation. Browsers can

   — Page 5 —

   • …participate in standardization forums like ETSI at any time – and some already do this – to strengthen the rules for the issuance of QWACs if they deem this necessary. Right now, the browsers just do what they want, and there is no recourse or oversight to their decisions. New eIDAS changes that.

   1. The eIDAS Regulation is a law to ensure the digital sovereignty of the EU and to enable the European Digital Single Market. The eIDAS is not a security law and does not give police and security authorities more rights and powers, nor does it lay the foundation for surveillance and data access rights.

   • The aim of eIDAS is to create trust anchors for digital transactions through strict, comprehensive regulation, which can be trusted comprehensively and generally by anyone involved in legal and business transactions. Any impairment of the status as an anchor of trust and weakening of the level of security is therefore unlawful.
   • The accusation that EU member states would use this regulation to spy on their citizens is completely absurd.
   • The suggested danger is purely hypothetical because a system of independent bodies guarantees security. The actions that would need to be taken for this would be costly (there are much simpler procedures for spying on citizens).
   • An EU member would have to take illegal actions and ruin its reputation. In addition, there would be a high risk of detection of any such attempt.
   • First of all, the approval of a QTSP already offers a high level of protection: it is only granted by the independent supervisory body (e.g. Federal Security Office in Germany) after auditing by a conformity assessment body (e.g. TÜV). This means that independent parties are still involved.
   • Second, in order for the suggested danger to occur, an EU member state would have to completely and deliberately put itself in the wrong: It would first have to compromise a QTSP. In addition, the EU Member State would have to ensure that the independent conformity assessment body and (!) the independent supervisory body do not fulfil their inspection and supervisory duties.
   • Finally, there would also be a risk that the European Commission, which must always be informed, would initiate infringement proceedings against the Member State if the browsers were reported due to security concerns.
   • Incidentally, browsers are obliged under the US Homeland Security Act to provide data to US intelligence agencies on request.

   — Page 6 —

   1. Can Member States follow different security approaches for the Wallet? What is the added value od eIDAS 2.0?

   • No. Member States cannot follow different security approaches for the Wallet.
   • New rules provide for a fully harmonized framework which is implemented on the basis of common standards and technical specifications in the same way in all the Member States.
   • All key features and requirements of the Wallet will be implemented following common EU technical standards and specifications. This is one of the main innovations of the Regulation for a European Digital Identity Framework. It means that it will become possible to use the Wallet in the same way in all Member States and offer users the same basic services and functionalities irrespective of which Member State issues it.
   • Currently existing national solutions are built on different solutions offering different levels of privacy and security protections.
   • A harmonized EU approach to digital identity management will also ensure compliance with data protection rules all over Europe and include features, such as a dashboard to see the log of all interactions of the wallet, a possibility to download and transfer data and a possibility to directly lodge a complaint in case of data breaches.
   • All technical specifications for the Wallet are being developed together with a group of experts from the Member States. In addition, the progress of this work is put to public scrutiny and feedback. First sets have already been published on Github.
   • Once the technical specifications are finalized, they will be made mandatory through implementing acts following the usual process of public consultation.
   • To ensure that these requirements are observed by all Member States, all Wallets must be independentlycertified to the highest security standards. The certification system will also follow harmonized standards and follow the EU Cybersecurity Act.
   • Until this system is fully operational [estimate 2027/2028], Wallets will be certified at national level. However also in this transition period, standards will be the same and the certification by national bodies will follow common standards established by the implementing acts.
   • In addition, all certification schemes will be submitted for opinion and recommendations to a joint group (European Digital Identity Cooperation Group) as an additional safeguard to ensure a harmonized approach and the highest degree of security. [Reference: Art. 6c(2a) (revised) and Article 46e(5)]
   • An important safeguard for security and harmonization is transparency: the co-legislators have decided that the European Digital Identity Wallet will be open-source licensed. This will contribute to public trust and improve the functionality and security of the Wallet as everybody can scrutinize the technological set-up proposed and provide feedback on the choices made. [Article 6a(2a), Recital 11d]

   #qwac #qwacs #webStandards

   https://alecmuffett.com/article/108519

   #webstandards #qwacs #qwac
4. 

   Tarnkappe.info @[email protected] · 2024-04-04 · 07:28 UTC

   📬 Handball 17 nach 7,5 Jahren gecrackt
   #Denuvo #Warez #DELUSIONAL #EkoSoftware #Empress #Handball17 #Nacon #Voksi https://sc.tarnkappe.info/bcc335

   #denuvo #warez #delusional #ekosoftware #empress #handball17
5. 

   Tarnkappe.info @[email protected] · 2024-04-04 · 07:28 UTC

   📬 Handball 17 nach 7,5 Jahren gecrackt
   #Denuvo #Warez #DELUSIONAL #EkoSoftware #Empress #Handball17 #Nacon #Voksi https://sc.tarnkappe.info/bcc335

   #denuvo #warez #delusional #ekosoftware #empress #handball17
6. 

   Tarnkappe.info @[email protected] · 2024-04-04 · 07:28 UTC

   📬 Handball 17 nach 7,5 Jahren gecrackt
   #Denuvo #Warez #DELUSIONAL #EkoSoftware #Empress #Handball17 #Nacon #Voksi https://sc.tarnkappe.info/bcc335

   #voksi #nacon #handball17 #empress #ekosoftware #delusional
7. 

   Tarnkappe.info @[email protected] · 2024-04-04 · 07:28 UTC

   📬 Handball 17 nach 7,5 Jahren gecrackt
   #Denuvo #Warez #DELUSIONAL #EkoSoftware #Empress #Handball17 #Nacon #Voksi https://sc.tarnkappe.info/bcc335

   #denuvo #warez #delusional #ekosoftware #empress #handball17
8. 

   der.hans @[email protected] · 2024-09-11 · 02:30 UTC

   "I have concepts of a plan" - Trump

   #keineAhnung #NoPlan #DelusionalDonOld #Debate2024

   #keineahnung #noplan #delusionaldonold #debate2024
9. 

   der.hans @[email protected] · 2024-09-11 · 02:30 UTC

   "I have concepts of a plan" - Trump

   #keineAhnung #NoPlan #DelusionalDonOld #Debate2024

   #keineahnung #noplan #delusionaldonold #debate2024
10. 

    der.hans @[email protected] · 2024-09-11 · 02:30 UTC

    "I have concepts of a plan" - Trump

    #keineAhnung #NoPlan #DelusionalDonOld #Debate2024

    #debate2024 #delusionaldonold #noplan #keineahnung
11. 

    der.hans @[email protected] · 2024-09-11 · 02:30 UTC

    "I have concepts of a plan" - Trump

    #keineAhnung #NoPlan #DelusionalDonOld #Debate2024

    #keineahnung #noplan #delusionaldonold #debate2024
12. 

    Linda Bitch @[email protected] · 2023-12-10 · 17:11 UTC

    POV: you’re in the breakroom watching me loudly chew open Halls cough drops to get to their liquid centers while Janet sobs on the other side of the room because her radical, irrational right wing “fixer-upper” husband embarrassed her at a nice restaurant last night because he couldn’t keep his mouth shut about their trans waitress. #WalmartLife #StillSick #mastodon #transphobia #cat #chewingcat #BitchWhatDoYouExpect #ANORMALHusband #OutOfMrPeopleUnder25ShouldntVoteNextYear #delusional #sunday

    #sunday #delusional #outofmrpeopleunder25shouldntvotenextyear #anormalhusband #bitchwhatdoyouexpect #chewingcat
13. 

    Chuck Darwin @[email protected] · 2024-02-25 · 00:52 UTC

    Black leaders are condemning former President Trump’s recent comments about Black voters as “racist.”

    Speaking at the Black Conservative Federation ( #BCF ) annual gala in South Carolina on Friday, #Trump said his legal woes have earned him the support of Black voters around the country. 

    His comments quickly drew outrage from The #NAACP.

    “The NAACP is outraged, but not surprised by yet another racist remark from the former President,” Derrick Johnson, NAACP president, told The Hill in a statement.

    “Donald Trump is #delusional to think that his #criminality would be an attractive quality to Black voters,” he continued.

    “He has taken advantage of an inherently racist system, while Black Americans have been abused by it. We are not the same.”

    Mondale Robinson, founder of the Black Male Voter Project, called Trump’s comments “absolutely racist” and said they will not play out well with Black men.
    https://thehill.com/homenews/race-politics/4486998-black-leaders-dnc-blast-trump-for-racist-comments/

    #criminality #delusional #naacp #trump #bcf
14. 

    der.hans @[email protected] · 2024-09-11 · 02:26 UTC

    "She is Biden" says Trump

    "Clearly I'm not Joe Biden. And I'm not Donald Trump" responds Harris

    #DelusionalDonOld #Debate2024

    #debate2024 #delusionaldonold
15. 

    Gif's Artidote @[email protected] · 2026-03-08 · 01:20 UTC

    ⚠️ #TriggerWarning ⚠️

    this is why i am always busy promoting my #GifsArtidote , bc this is my future now with this #OrangeBlastFromThePast having a #NPD induced delusional fit over his inability to escape #TheEpsteinFiles , & me for that matter cause i will be fighting for justice until my dying day for the rest of my life.

    i, & my family have suffered bc of what these #SlaveDrivers have done & do still to this day.

    #MentalHealth #ClusterBPDs #CPTSD #CollectiveTrauma

    https://youtu.be/ZCon1tV6JzE?is=5hDW-vMw1Rdtmxm6

    #triggerwarning #gifsartidote #orangeblastfromthepast #npd #theepsteinfiles #slavedrivers
16. 

    Gif's Artidote @[email protected] · 2026-03-08 · 01:20 UTC

    ⚠️ #TriggerWarning ⚠️

    this is why i am always busy promoting my #GifsArtidote , bc this is my future now with this #OrangeBlastFromThePast having a #NPD induced delusional fit over his inability to escape #TheEpsteinFiles , & me for that matter cause i will be fighting for justice until my dying day for the rest of my life.

    i, & my family have suffered bc of what these #SlaveDrivers have done & do still to this day.

    #MentalHealth #ClusterBPDs #CPTSD #CollectiveTrauma

    https://youtu.be/ZCon1tV6JzE?is=5hDW-vMw1Rdtmxm6

    #triggerwarning #gifsartidote #orangeblastfromthepast #npd #theepsteinfiles #slavedrivers
17. 

    Gif's Artidote @[email protected] · 2026-03-08 · 01:20 UTC

    ⚠️ #TriggerWarning ⚠️

    this is why i am always busy promoting my #GifsArtidote , bc this is my future now with this #OrangeBlastFromThePast having a #NPD induced delusional fit over his inability to escape #TheEpsteinFiles , & me for that matter cause i will be fighting for justice until my dying day for the rest of my life.

    i, & my family have suffered bc of what these #SlaveDrivers have done & do still to this day.

    #MentalHealth #ClusterBPDs #CPTSD #CollectiveTrauma

    https://youtu.be/ZCon1tV6JzE?is=5hDW-vMw1Rdtmxm6

    #triggerwarning #gifsartidote #orangeblastfromthepast #npd #theepsteinfiles #slavedrivers
18. 

    Gif's Artidote @[email protected] · 2026-03-08 · 01:20 UTC

    ⚠️ #TriggerWarning ⚠️

    this is why i am always busy promoting my #GifsArtidote , bc this is my future now with this #OrangeBlastFromThePast having a #NPD induced delusional fit over his inability to escape #TheEpsteinFiles , & me for that matter cause i will be fighting for justice until my dying day for the rest of my life.

    i, & my family have suffered bc of what these #SlaveDrivers have done & do still to this day.

    #MentalHealth #ClusterBPDs #CPTSD #CollectiveTrauma

    https://youtu.be/ZCon1tV6JzE?is=5hDW-vMw1Rdtmxm6

    #collectivetrauma #cptsd #clusterbpds #mentalhealth #slavedrivers #theepsteinfiles
19. 

    Gif's Artidote @[email protected] · 2026-03-08 · 01:20 UTC

    ⚠️ #TriggerWarning ⚠️

    this is why i am always busy promoting my #GifsArtidote , bc this is my future now with this #OrangeBlastFromThePast having a #NPD induced delusional fit over his inability to escape #TheEpsteinFiles , & me for that matter cause i will be fighting for justice until my dying day for the rest of my life.

    i, & my family have suffered bc of what these #SlaveDrivers have done & do still to this day.

    #MentalHealth #ClusterBPDs #CPTSD #CollectiveTrauma

    https://youtu.be/ZCon1tV6JzE?is=5hDW-vMw1Rdtmxm6

    #triggerwarning #gifsartidote #orangeblastfromthepast #npd #theepsteinfiles #slavedrivers
20. 

    Ellis C. A. Arcwolf (Author) @[email protected] · 2025-12-29 · 11:01 UTC

    Some neurotypical person may have to explain to me why the socially acceptable thing to do when someone calls you pretentious is to checks notes say thank you and lick their boot.

    I'm autistic, so as we all know, I struggle to understand "common sense" things like that and am eager to learn so that I can be included in this delusionally toxic society of ours.

    Some of that was likely sarcasm.

    Things to keep in mind:

    • If you're a woman, and someone calls you manipulative, they're afraid of the only power they've allowed you to keep.
    • If you're an autist, and someone calls you pretentious, they are forcing you to do emotional labor to protect them, your attacker, from their own insecurity.

    Never accept as feedback what is intended as abuse.

    #SocialEngineering #BoundarySetting #EmotionalLabor #Sociology #Ontology #ActuallyAutistic #Neurodiversity #AutisticJoy #DoubleEmpathyProblem #Masking #IntersectionalFeminism #PowerDynamics #Assertiveness #InternalizedMisogyny

    #socialengineering #boundarysetting #emotionallabor #sociology #ontology #actuallyautistic
21. 

    Ellis C. A. Arcwolf (Author) @[email protected] · 2025-12-29 · 11:01 UTC

    Some neurotypical person may have to explain to me why the socially acceptable thing to do when someone calls you pretentious is to checks notes say thank you and lick their boot.

    I'm autistic, so as we all know, I struggle to understand "common sense" things like that and am eager to learn so that I can be included in this delusionally toxic society of ours.

    Some of that was likely sarcasm.

    Things to keep in mind:

    • If you're a woman, and someone calls you manipulative, they're afraid of the only power they've allowed you to keep.
    • If you're an autist, and someone calls you pretentious, they are forcing you to do emotional labor to protect them, your attacker, from their own insecurity.

    Never accept as feedback what is intended as abuse.

    #SocialEngineering #BoundarySetting #EmotionalLabor #Sociology #Ontology #ActuallyAutistic #Neurodiversity #AutisticJoy #DoubleEmpathyProblem #Masking #IntersectionalFeminism #PowerDynamics #Assertiveness #InternalizedMisogyny

    #socialengineering #boundarysetting #emotionallabor #sociology #ontology #actuallyautistic
22. 

    Ellis C. A. Arcwolf (Author) @[email protected] · 2025-12-29 · 11:01 UTC

    Some neurotypical person may have to explain to me why the socially acceptable thing to do when someone calls you pretentious is to checks notes say thank you and lick their boot.

    I'm autistic, so as we all know, I struggle to understand "common sense" things like that and am eager to learn so that I can be included in this delusionally toxic society of ours.

    Some of that was likely sarcasm.

    Things to keep in mind:

    • If you're a woman, and someone calls you manipulative, they're afraid of the only power they've allowed you to keep.
    • If you're an autist, and someone calls you pretentious, they are forcing you to do emotional labor to protect them, your attacker, from their own insecurity.

    Never accept as feedback what is intended as abuse.

    #SocialEngineering #BoundarySetting #EmotionalLabor #Sociology #Ontology #ActuallyAutistic #Neurodiversity #AutisticJoy #DoubleEmpathyProblem #Masking #IntersectionalFeminism #PowerDynamics #Assertiveness #InternalizedMisogyny

    #internalizedmisogyny #assertiveness #powerdynamics #intersectionalfeminism #masking #doubleempathyproblem
23. 

    Ellis C. A. Arcwolf (Author) @[email protected] · 2025-12-29 · 11:01 UTC

    Some neurotypical person may have to explain to me why the socially acceptable thing to do when someone calls you pretentious is to checks notes say thank you and lick their boot.

    I'm autistic, so as we all know, I struggle to understand "common sense" things like that and am eager to learn so that I can be included in this delusionally toxic society of ours.

    Some of that was likely sarcasm.

    Things to keep in mind:

    • If you're a woman, and someone calls you manipulative, they're afraid of the only power they've allowed you to keep.
    • If you're an autist, and someone calls you pretentious, they are forcing you to do emotional labor to protect them, your attacker, from their own insecurity.

    Never accept as feedback what is intended as abuse.

    #SocialEngineering #BoundarySetting #EmotionalLabor #Sociology #Ontology #ActuallyAutistic #Neurodiversity #AutisticJoy #DoubleEmpathyProblem #Masking #IntersectionalFeminism #PowerDynamics #Assertiveness #InternalizedMisogyny

    #socialengineering #boundarysetting #emotionallabor #sociology #ontology #actuallyautistic
24. 

    Ellis C. A. Arcwolf (Author) @[email protected] · 2025-12-29 · 11:01 UTC

    Some neurotypical person may have to explain to me why the socially acceptable thing to do when someone calls you pretentious is to checks notes say thank you and lick their boot.

    I'm autistic, so as we all know, I struggle to understand "common sense" things like that and am eager to learn so that I can be included in this delusionally toxic society of ours.

    Some of that was likely sarcasm.

    Things to keep in mind:

    • If you're a woman, and someone calls you manipulative, they're afraid of the only power they've allowed you to keep.
    • If you're an autist, and someone calls you pretentious, they are forcing you to do emotional labor to protect them, your attacker, from their own insecurity.

    Never accept as feedback what is intended as abuse.

    #SocialEngineering #BoundarySetting #EmotionalLabor #Sociology #Ontology #ActuallyAutistic #Neurodiversity #AutisticJoy #DoubleEmpathyProblem #Masking #IntersectionalFeminism #PowerDynamics #Assertiveness #InternalizedMisogyny

    #socialengineering #boundarysetting #emotionallabor #sociology #ontology #actuallyautistic
25. 

    Rob Pegoraro @[email protected] · 2025-09-27 · 22:04 UTC

    I’m not sure that the mass market shares the tech industry’s vision for smart glasses

    One recent change among early-adopter circles was plain on the faces of many fellow attendees of Qualcomm’s Snapdragon Summit in Maui this week: “smart” glasses with cameras, microphones, speakers and sometimes screens. But then my flights home Friday reminded me that for the overwhelming majority of people, “eyewear” means electronics-free glasses.

    Qualcomm’s invitation-only conference–that company paid my airfare and lodging, as it did on my prior trips to cover it in 2021, 2022 and 2024–allowed me to get some brief face time with Snap’s Spectacles ’24, running newer software than the version I tried at last year’s summit. The event also treated me to a parade of tech execs testifying that smart glasses were the next big computing platform.

    But despite all those optimistic assurances and my own earlier, brief tryouts of such smart glasses as Meta’s camera-enabled Ray-Bans and a prototype set of Android XR glasses, I remain unsold on the entire concept. So, it seems, do most customers: A Forrester Research survey released in September found that 79 percent of respondents had no interest in buying smart glasses.

    On one hand, smart glasses with cameras, speakers and microphones are not particularly cheap–the Ray-Ban-branded models from the conglomerate EssilorLuxottica cost $379 and up–but perform worse than phones at taking pictures and playing audio.

    Plus, they have the potential to annoy friends and strangers who aren’t keen on the possibility of surreptitious photography.

    On the other hand, more advanced smart glasses with built-in displays could finally make hands-free augmented-reality overviews of the world a reality, but first somebody has to bring them to market at a not-crazy price. Snap’s Spectacles, which require a $99/month developer subscription, are not there; Meta’s Ray-Ban Display glasses, available starting Tuesday for $799, aren’t that much closer.

    And somebody also has to solve battery-life concerns: What’s my motivation to strap a computer to my face, however stylish it might get, if that electronic eyewear will only run six hours on a charge and therefore need recharging much more often than my phone?

    Meta championing this cause gives me further cause. That company has shown a history of careless indifference to the consequences of its actions, including repeated episodes of bad-faith behavior towards my own industry, that does not make me want to give it my money.

    But Meta has also been so spectacularly wrong about consumer-electronics trends–topped by Mark Zuckerberg renaming Facebook to “Meta” and losing tens of billions of dollars on the delusional notion that people want to spend prolonged time in virtual-reality environments–that Zuck pushing smart glasses itself seems reason to eye the concept skeptically. Through dumb, software-free glasses.

    #AndroidXR #ARGlasses #faceComputer #GoogleGlass #GoogleGlasses #Hawaii #MarkZuckerberg #meta #metaverse #privacy #Qualcomm #RayBan #smartGlasses #SnapSpectacles #SnapdragonSummit

    #androidxr #arglasses #facecomputer #googleglass #googleglasses #hawaii
26. 

    A Stone in the River @[email protected] · 2026-03-22 · 21:15 UTC

    Real Spring?

    Caution: Wordiness ahead.

    Minneapolis hit a record breaking 78F/ 26C Saturday. Our first 70F/ 21C day of the year generally happens around April 7th. Over the last two years, the first 70-degree reading has come early—March 14 last year and March 3 in 2024. The 2024 date of March 3 was the earliest recorded 70-degree reading for the Twin Cities. Saturday’s record breaking temperature comes after we had 8.9 inches/ 22.6 cm of snow Saturday night to Sunday, a low temperature Monday night of 1F/ -17C, and another inch/ 2.5 cm of snow on Tuesday. March in Minnesota is generally a roller coaster, but not quite this whiplash-y. The temperature today has moderated back closer to “normal” and will continue for the rest of the week between 40F/4.4C to 50F/ 10C with a 60F/ 15.5C burp at the end of the week.

    The sap is running in the maples and tapped trees I see around town are filling up their bags like nobody’s business. I expect Melody Silver Maple in the front garden will soon be blooming. The witch hazel is blooming. Saturday we pruned the apple trees and their buds are already swelling. I noticed the perennial walking onions and the bunching onions are already sending up green shoots. I’ll be able to start adding some to meals next week at this rate.

    It appears that real spring has finally sprung. The animals think so too. I seem to be interrupting rabbit meetups every morning on my way to work, sending them scattering. I seriously doubt this will have an impact on the rabbit population, but who knows? I also keep finding stuff squirrels have commandeered for fluffing their nests stuck on perennial stems in the garden–gobs of leaves, fake grass, fiber fill stuffing, candy wrappers.

    The robins are trilling and the males are arguing over territory, the cardinals are singing to their mates, and the wild turkeys in the city are flocking with the males becoming extra aggressive. On my bike commute home from work recently I had to save a school bus that was having a standoff with a turkey in the middle of an intersection. The turkey was pecking at the bus and completely undisturbed by the driver honking the horn. I slowly and carefully biked up to the turkey and herded him off the road. James has also been herding turkeys off the road on his bike commutes. They are unfazed by the traffic jams they cause. I find it absolutely hilarious.

    Saturday was the Rebel Gardeners seed swap. It was a good turnout. I brought a bunch of seeds and other folks brought seeds too, and someone who is a Master Gardener brought a lot of commercial seed packets that must have been donated. I was very good and only came home with a seed packet of turnips. I was tempted by beans–I love growing beans!–but I refrained because I am filled up with bean varieties right now. The folks who organized the group talked a bit about plans going forward, the food shelves we will be donating to, efforts various people with connections are making to get donated wood for newer gardeners to build raised beds, compost and mulch donations, how we can help each other out during the summer with garden care when folks go out of town as well as skill and knowledge sharing.

    A couple people in the group are experienced hydroponics growers and after some discussion about it I’m thinking of maybe setting up something for growing greens indoors during the winter. But we’ll see if I end up having the time and willingness to go through the effort of setting that all up when October arrives. Sure would be nice to have fresh homegrown greens in winter though.

    The catalog for the Friends School Plant sale I attend every May went live midweek. I downloaded the PDF and thought, I’ll wait until the weekend to look through it. Yes, I am that delusional sometimes. It wasn’t even a full hour after downloading that I opened the document “just to peek.” A bunch of highlighted plants later, I managed to pull myself away until the next day when I made it to the end of the catalog.

    Inflation has come for the garden. Plants that used to cost $2.50 – $3 are now $4, and the “comes in a pack” where you get 4 or 6 plants that used to be $4 – $5 are now $6 to $7. The price for shrubs and trees has skyrocketed. Even so, the prices are still less than at a commercial nursery and they don’t sell any neonic plants. But also, I’m glad I don’t need many plants this year. Want is another matter. But wants are much easier to talk myself out of.

    ICE

    ICE is still here abducting people but it seems a bit less dire, or maybe I’m just used to this now as a new normal. Kids are still terrified to go to school for fear their parents won’t be there when they get home. Adults are still terrified of going to work for fear that they will be abducted. Mutual aid work continues as we all try to heal from the trauma. Saturday James and I went to a Maker and Baker neighborhood fundraiser where proceeds will go towards helping people in my neighborhood pay their rent. I came away with a cute new sticker for my water bottle, a new pair of earrings, and an awesome postcard. The fundraiser last month took in $6,000 and yesterday raised an additional $5,000. There will probably be another one next month, so I’m putting on my thinking cap for something I might be able to donate. Maybe a loaf of sourdough bread or some extra garden seedlings.

    In case you haven’t been following Minnesota news since we dropped out of the headlines when the surge “ended,” remember Liam, the cute little 5-year-old boy in the blue bunny hat who was used as bait to detain his dad? They were both then sent to Texas until a judge ordered they be released and returned to Minnesota. Well, the Department of Homeland Security filed to have their case expedited, and the other day an immigration judge ended the family’s asylum claims. The family’s lawyers are appealing, but it could take months or years for it all to be resolved. I am not certain whether they will be allowed to remain in the United States during the appeal, or if they will be forced to return to Ecuador. Trump has repeatedly said ICE is only looking for the worst of the worst, the criminals and bad people. I am not sure how the Ramos family qualifies as criminals and bad people. Maybe Trump finds blue bunny hats triggering?

    In other news, it turns out that the world’s deadliest sharks are only one-third as deadly to Minnesotans in 2026 as ICE. It’s a serious but also funny article in which I learned that with all of our shark-free fresh water lakes, a good many Minnesotans are still mildly afraid of sharks. Personally, I’m not worried about sharks in the lakes, it’s the silty mud and lake weeds that freak me out.

    Meanwhile in the New York Times, Thomas Friedman, of whom I am not a fan but who turns out to be from Minneapolis, has an op-ed piece (gift link) in which he talks about what the federal government has done here, the damage it has caused, and the peaceful resistance that stood up and forced the federal government to back down (a little). He suggests, in spite of the horrible title of the piece, that the response of the people of Minnesota needs to be exported to the rest of the country. The lesson Friedman wants to export is the understanding that governments and institutions will not save us, but solidarity and community will. Quite rich coming from a man who was an advocate of the Iraq War and who believes in unregulated trade.

    Speaking of the community response to being invaded by the federal government, the people of the Twin Cities were awarded the John F. Kennedy Profile in Courage Award this last week. It is an award created by the Kennedy family and given by the JFK Library to honor those who have demonstrated political courage and conscience at personal or professional risk. We apparently tied with Jerome Powell for the award. The award ceremony is in May. Is the whole Twin Cities invited to the ceremony? And who gets to show off the award? I suspect the mayors of Minneapolis and St. Paul will attend and then thumb wrestle over in whose City Hall the plaque will be displayed.

    Books and Libraries

    I’m totaling vibing with Jo Walton’s recent essay at The Reactor about how she reads sixteen books at once  I don’t use an e-reader and my number is lower, but I currently have twelve books on the go. It is, as she calls it, “a lovely reading symphony.” The way I read my multiple books is a bit different than Walton’s method. I have five main reads I cycle through and then the rest are ones I pick up in odd moments or when I need a breather from my main reads. 

    The main reads depend on location and day of the week. So I have a book I read only at work during my lunch break. This might be fiction or nonfiction. I have a book that James reads to me while I am doing a strength workout lifting weights and doing pushups and lunges on Tuesdays and Saturdays. We are reading our way through all of Terry Pratchett’s Discworld books. We’ve read all the books with the witches as the main story and are one and a half books away from being complete with all the Night Watch books.

    Generally Monday and Wednesday nights I get to read for about 45-minutes in bed before going to sleep. These are usually novel nights unless I’m reading a nonfiction book I really like or have to return to the library soon. Tuesday nights after neighborhood foot patrol and my strength workout I read nonfiction in bed before going to sleep. Thursday nights I don’t get to read because I’m at sangha and not home until after 9 and go right to bed. Fridays are either movie/TV show and popcorn night or meeting with my Beloved Community Circle, so generally no reading. Daytime Saturdays and Sunday I read whatever strikes my fancy, which could be one of my main reads or one of the other books I have going. At night on both those days I usually get a nice chunk of reading in bed before sleep time and generally devote half the time to a novel and half to nonfiction. Almost every night I read a poem and will also read poetry in those “I have 10 minutes” moments between other activities.

    This way there is something I always want to read no matter my mood and ability to focus. I’ve been reading like this for so long, I can’t remember the last time I read just one book with no others in progress. I sometimes worry the multiple books in progress are a result of a short attention span brought on by too much digital media, but when I think back through my reading history, I’ve been reading like this since university in pre-internet days.

    I couldn’t read like this if it weren’t for public libraries. When James and I moved to Minnesota back in the mid-1990s, within a day or two of arriving, we found the public library and got library cards even before we went to the DMV to get new driver’s licenses. Priorities! And back when libraries had more money and were open until 9 on a Friday night, we used to go to the library as a regular date night. Nerds!

    All this to say, anyone who loves reading or libraries should be extremely concerned about HR 7661, the “Stop Sexualization of Children Act. This is a bill introduced into Congress that will ban all “sexually oriented” children’s books from any institution that receives federal education funding. “Sexually oriented” includes all things LGBTQi+ as well as “lewd and lascivious dancing. Cue Footloose theme song

    https://youtu.be/e-OG0EyJyV8?si=js2DvWk6_f5NhxF3

    Books and libraries matter more than ever in these times of growing authoritarianism. I listened to a fantastic Movement Memos podcast conversation this morning on Why Libraries Matter in a Fascist Moment. As one of the guests said, “If we lose this as a public good and as a free public service, we will have lost everything.”

    One of the best ways to support your library? Use it!

    #censorship #fascism #Footloose #FriendsSchoolPlantSale #HR7661 #hydroponics #ICE #JoWalton #Libraries #ProfilesInCourageAward #recordBreakingWarmth #seedSwap #snow #spring #turkeys

    #censorship #fascism #footloose #friendsschoolplantsale #hr7661 #hydroponics
27. 

    Indie Tech News @[email protected] · 2026-05-13 · 19:20 UTC

    An attempt on my world. . .

    They used the nukes.

    #rust @rustaceans

    The future is regression. You know the exact version number (post ^0.2.1) when they broke the back of the arch of history, the day when the Project sacked socks.
    #Arti @torproject

    Agent Kaczynski strikes again. #EndCiv
    No PVH? Just HVM to ROP for an audio assault. Got 'em! We know who the Wacos are. They are an unaccountable hate group.
    #QubesOS @whonix
    @QubesOS

    Anyway, qvm-firewall is still run by Dom0, even if fire tries to rob your vault. ICMP probes held back. They never get to the other side of the @ past dom0 hostname. Delusionals. Cheats. Liars. The bastards!

    #SOCKSpocalypse #Exfiltration #CyberAttack #infosec #AgentKaczynski #DualCoreLes #StreamIsolation #Linux #Kernel #TorProject #Montana #War

    #rust #arti #endciv #qubesos #sockspocalypse #exfiltration
28. 

    Indie Tech News @[email protected] · 2026-05-13 · 19:20 UTC

    An attempt on my world. . .

    They used the nukes.

    #rust @rustaceans

    The future is regression. You know the exact version number (post ^0.2.1) when they broke the back of the arch of history, the day when the Project sacked socks.
    #Arti @torproject

    Agent Kaczynski strikes again. #EndCiv
    No PVH? Just HVM to ROP for an audio assault. Got 'em! We know who the Wacos are. They are an unaccountable hate group.
    #QubesOS @whonix
    @QubesOS

    Anyway, qvm-firewall is still run by Dom0, even if fire tries to rob your vault. ICMP probes held back. They never get to the other side of the @ past dom0 hostname. Delusionals. Cheats. Liars. The bastards!

    #SOCKSpocalypse #Exfiltration #CyberAttack #infosec #AgentKaczynski #DualCoreLes #StreamIsolation #Linux #Kernel #TorProject #Montana #War

    #linux #kernel #torproject #montana #war #rust
29. 

    Indie Tech News @[email protected] · 2026-05-13 · 19:20 UTC

    An attempt on my world. . .

    They used the nukes.

    #rust @rustaceans

    The future is regression. You know the exact version number (post ^0.2.1) when they broke the back of the arch of history, the day when the Project sacked socks.
    #Arti @torproject

    Agent Kaczynski strikes again. #EndCiv
    No PVH? Just HVM to ROP for an audio assault. Got 'em! We know who the Wacos are. They are an unaccountable hate group.
    #QubesOS @whonix
    @QubesOS

    Anyway, qvm-firewall is still run by Dom0, even if fire tries to rob your vault. ICMP probes held back. They never get to the other side of the @ past dom0 hostname. Delusionals. Cheats. Liars. The bastards!

    #SOCKSpocalypse #Exfiltration #CyberAttack #infosec #AgentKaczynski #DualCoreLes #StreamIsolation #Linux #Kernel #TorProject #Montana #War

    #war #montana #torproject #kernel #linux #streamisolation
30. 

    N-gated Hacker News @[email protected] · 2026-04-30 · 10:44 UTC

    😂 Wow, IBM's new #Granite #4.1 is like the #chihuahua of #AI models, #barking at the big dogs and pretending it can hunt like a wolf 🐕‍🦺. Who knew an 8B model could be so #delusional, thinking it can compete with a 32B MoE without leaving a trail of giggles and disbelief? 🤣 Keep dreaming, IBM!
    https://firethering.com/granite-4-1-ibm-open-source-model-family/ #IBM #Competition #HackerNews #ngated

    #granite #chihuahua #ai #barking #delusional #ibm