“Die politische Reaktion: betretenes Klicken auf PDFs. Schulministerin: Das ist nicht gut. SPD: Das ist ein Skandal. Eltern: Wir nutzen jetzt Moodle. Schüler: Wir sind längst auf Discord. Lehrer: Macht das Licht aus.”
Wenn das Digitale kommt, dann kommt es nicht. Und wenn es kommt, dann scheppert es. Und wenn es scheppert, dann ist es Logineo. NRW. Der Rhein rauscht, die Kreide kratzt.
‼️70 artistas, bandas y DJ internacionales exigen al Sónar que se distancie de las inversiones de KKR en Israel.
🛑Los grupos de música consideran insuficiente el comunicado lanzado en redes por el festival barcelonés y exigen que Sónar se guíe por los principios del movimiento BDS.
Los nueve empresarios, incluyendo cuatro catalanes, que formaban parte de la misión comercial de la Cambra de Tarragona y quedaron temporalmente retenidos en un hotel de Trípoli (Libia), ya se encuentran a salvo en Roma (Italia). La confirmación llegó a través de un comunicado emitido este viernes por la Cambra de Tarragona, aliviando la preocupación generada por los recientes enfrentamientos en la capital libia. Según el comunicado, los empresarios llegaron a Roma alrededor de la 01:00 de la madrugada del viernes. La Cambra de Tarragona ha asegurado que todos los miembros del grupo se encuentran "sanos y salvos", tras los momentos de incertidumbre vividos en Trípoli. Detalles de la misión comercial La misión comercial, organizada por la Cambra de Tarragona, tenía como objetivo explorar oportunidades de negocio en Libia. El grupo, compuesto por 21 miembros, llegó a Trípoli el lunes con la intención de establecer contactos y analizar el mercado local. Sin embargo, los enfrentamientos entre milicias rivales complicaron la situación, dejando a nueve de los empresarios atrapados en su hotel. Los enfrentamientos entre las milicias generaron una situación de inestabilidad y preocupación en la capital libia. La seguridad de los empresarios españoles se convirtió en una prioridad, y la Cambra de Tarragona, en colaboración con las autoridades consulares, trabajó intensamente para garantizar su evacuación segura. La Cambra de Tarragona ha agradecido la colaboración de las autoridades italianas y españolas en la gestión de la crisis. "La coordinación entre los diferentes actores ha sido fundamental para lograr un desenlace positivo", señalaron en el comunicado. Las gestiones diplomáticas y logísticas permitieron que los empresarios fueran trasladados a Roma, donde pudieron reunirse con sus familiares y recibir el apoyo necesario. Reacciones y agradecimientos El presidente de la Cambra de Tarragona, Andreu Suriol, expresó su alivio y satisfacción por el regreso seguro de los empresarios. "Han sido momentos de gran tensión, pero gracias al esfuerzo de todos, nuestros empresarios están a salvo", declaró. Asimismo, agradeció la comprensión y el apoyo de las familias de los afectados. Una vez superada la crisis, la Cambra de Tarragona se centrará en analizar las lecciones aprendidas y reforzar los protocolos de seguridad para futuras misiones comerciales. "La seguridad de nuestros empresarios es primordial, y tomaremos todas las medidas necesarias para evitar que situaciones como esta se repitan", afirmó Suriol. Súmate a Apoya nuestro trabajo. Navega sin publicidad. Entra a todos los contenidos. hazte socio
@Informatica (Italy e non Italy 😁) Guida pratica al Cyber Resilience Act per aiutare le aziende italiane del software a orientarsi tra categorie di rischio, obblighi, certificazioni e scadenze L'articolo Cyber Resilience Act: cosa devono sapere davvero le software house italiane proviene da
X-Nutzer können dem Chatbot Grok Fragen stellen. Am Mittwoch antwortete die Software plötzlich mit einer Geschichte über einen vermeintlichen Völkermord in Südafrika – egal, worum es ging.
O TikTok está a levar mais a sério o bem-estar digital dos seus utilizadores mais jovens. Depois de uma fase experimental, a popular plataforma de vídeos curto
Hola hola!! Hace un ratito he compartido este último post desde @gpreciados pero la federación con la web me está yendo fatal.
Básicamente ya está disponible el fanzine que he estado preparando con las primeras grabaciones de ensayos. Es un poco mi forma de hacer “crowdfunding” y costearme la producción final, así que si os lleváis uno estaré encantadísimo de hacéroslo llegar.
Para esta temporada primavera-verano le ofrecemos este conjunto de oportunidades digitales valorado en… ¡Mil euros! Pero si adquiere ahora nuestro catálogo-fanzine físico por tan solo cinco euros: ¡se lo regalamos!
Para esta temporada primavera-verano le ofrecemos este conjunto de oportunidades digitales valorado en... ¡Mil euros! Pero si adquiere ahora nuestro catálogo-fanzine físico por tan solo cinco...
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.
Enums can make your code more readable, safer and easier to maintain. If you want a solid overview of Python’s enum module, check out this article by Rodrigo. He covered everything from basic Enum usage to auto, StrEnum, Flags and more. It’s a great way to learn the full range of what Python enums offer.
Abstract
Helelyn Tammsaar (Team Lead of Estonia's Public Sector Innovation Team) shares how a small team is driving user-centered innovation across government through design, experimentation and behavioural insights.
Our next stop on our 2017 Baltic cruise would see us spend a weekend in the Russian city of St Petersburg. We booked tours to fill up both days because travelling to Russia on a cruise ship and booking excursions meant you didn't need a visa to head ashore and we didn't know if or when we would ever return. A good move as that's obviously highly unlikely to happen now, naturally.
We started with a highlights tour of the city and that began with a visit to the Church of the Saviour on Spilled Blood. Fabulously decorative outside in a typical Russian Orthodox style designed to mimic St Basil's in Moscow, built on the site of Alexander II's assassination in 1881, but not reconsecrated post-revolution.
Palkka-avoimuudesta ei päästy yksimielisyyteen – tällaisia uusi velvollisuuksia työryhmä esittää työnantajalle
EU-direktiivi antaa työntekijälle oikeuden saada tietoa samaa työtä tekevien palkasta. Työnantajan on jatkossa kerrottava ennen palkkaneuvotteluja kyseisen tehtävän palkkataso.
Luce: non solo lampadine, le meraviglie nascoste Nella Giornata internazionale della luce si celebrano i numerosi risvolti della radiazione elettromagnetica, dai laser alla fotosintesi “rubata” rsi.ch/s/2829509
E' un bambino di pochi mesi di vita, affetto da una rara malattia metabolica, il primo paziente al mondo trattato con una nuova terapia personalizzata basata sull'editing genetico con tecnologia Crispr: sottoposto a tre infusioni tra febbraio e april…
Le revenu de base ça marche. Ça change des vies, pour le meilleur. Et c'est pas un truc de fainéant. Et c'est pas moi qui le dit c'est la science. ⤵️ courrierinternational.com/arti…
( mais bien sûr la politique n'est pas d'accord avec la science )
Pendant trois ans, une centaine de personnes choisies parmi 2 millions de volontaires ont reçu 1 200 euros par mois, sans condition de ressources. Cette expérience vient de livrer ses résultats, qui penchent en faveur du revenu universel.
⛲ À l'occasion de cette décision de justice pour l'action chez Arkema en mars 2024, la fontaine place des Jacobins de Lyon a été colorée en vert (avec un produit non polluant) pour mettre une nouvelle fois en lumière l’omniprésence des #pfas dans notre environnement, notamment dans l’eau que nous buvons tou·te·s 😱
We are being killed, exterminated, slaughtered without mercy, and our blood flows through the alleys of our destroyed streets Do you see our pain, our oppression, our helplessness as we flee from one death to death?
Displacement has become impossible, and the features of life are fading before our eyes.
Red Tourism, or being a red tourist company, is a stick we often get hit with at YPT. The truth, of course, is that we are much more than purveyors of this
Cyber attacks were the most common form of hybrid threat faced by Australia in the last decade, but economic coercion and foreign interference are not far behind.
[...]
Analysts at the Australian Strategic Policy Institute have been tracking hybrid threats against Australia since March 2016, and between then and February 2025 have tracked 74 discrete activities targeting the country.
Given the growing state of digital connectivity across the globe, cyber security incidents and attacks make up approximately 35 per cent of all hybrid activity. Both private and public sector companies have been targeted by largely PRC-backed hackers, such as Naikon, APT40, APT27 and Aoqin Dragon, as well as critical infrastructure entities.
[...]
“The ASPI research into hybrid threats underscores a key trend observation that we have always expected would occur: nation-state aligned threat actors are prioritising cyber security as the foremost battleground in today’s modern, digital world. Whether it is cyber-espionage or targeting critical infrastructure for sabotage, this type of conflict is no longer relegated to complex stories found in television and movies,” Satnam Narang, senior staff research engineer at Tenable, told Defence Connect.
Economic coercion, foreign interference, and narrative & disinformation campaigns all make up about 20-25 per cent each targeted activity, and here again, China is highly active. China is thought to have engaged in efforts to sway debate toward far-right sources during the Voice to Parliament campaign, and its extensive Spamouflage network of fake social media accounts targeted an Australian rare earth mining company in recent years as well.
Journalists and members of the Chinese diaspora in Australia have also been targeted by Chinese influence and harassment campaigns.
China’s efforts to impact the Australian economy include tariffs and bans on Australian produce, trade restrictions, and even consumer boycotts
[...]
“Economic coercion involves actions that go beyond standard trade policy [such as tariffs], including: engaging in targeted boycotts; blocking access to essential resources; and imposing sanctions with the explicit goal of forcing political concessions.”
Military and paramilitary coercion only makes up about 15 per cent of hybrid activity, but as ASPI notes, such activity has increased in the last few years, and, again, China is the main culprit. Only recently, we have had the example of a Chinese naval flotilla performing firing drills in the Tasman Sea and aerial encounters between Chinese and Australian military aircraft in the South China Sea – all just in February 2025 alone.
[...]
Of course, while China is responsible for the bulk of hybrid activity targeting Australia, it is not alone. China is responsible for 69 per cent of such activity, with Russia the next most active nation at 11 per cent of activity, trailed closely by Iran, which makes up fully ten per cent of hybrid threat activity.
Other nations make up four per cent of activity, unidentified hackers responsible for five per cent of threat activity, and ideologically motivated violent extremism is one per cent.
TikTok is launching in-app guided meditation exercises, the social network announced on Thursday. The company began testing the meditation exercises with
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.
@Informatica (Italy e non Italy 😁) Varie fonti ufficiali hanno identificato la Federazione Russa come uno degli attori più attivi e strutturati nella promozione e nel finanziamento di campagne di disinformazione e manipolazione dell’informazione in Occidente. Cosa sappiamo e quale strategia ha
'The US government's Cybersecurity and Infrastructure Security Agency (CISA) announced Monday that going forward, only urgent alerts tied to emerging threats or major cyber activity will appear on its website. Routine updates, guidance, and other notifications will instead be shared via email, RSS, and X.'
La agencia de adquisiciones de la OTAN, NSPA, está siendo investigada por presunta corrupción y fraude relacionado con la compra de equipos militares. La investigación involucra a empleados actuales y anteriores de NSPA y se extiende a #España y #Luxemburgo.
La investigación se centra en posibles irregularidades en la adjudicación de contratos a empresas de defensa y presuntos sobornos intercambiados por la obtención de contratos.
social.marxist.network/@yogtho… yogthos@social.marxist.network - NATO's procurement agency, NSPA, is under investigation for alleged corruption and fraud involving military equipment purchases. The investigation involves current and former NSPA employees and stretches to Spain and Luxembourg.
The probe focuses on possible irregularities in the awarding of contracts to defense companies and suspected bribes exchanged for winning contracts.
NATO's procurement agency, NSPA, is under investigation for alleged corruption and fraud involving military equipment purchases. The investigation involves current and former NSPA employees and stretches to Spain and Luxembourg.
The probe focuses on possible irregularities in the awarding of contracts to defense companies and suspected bribes exchanged for winning contracts.
BRUSSELS (AP) — NATO Secretary-General Mark Rutte said Thursday that the organization’s procurement agency is cooperating with police investigating corruption and f…
Marco Aime è attualmente ricercatore di Antropologia Culturale presso l’Università di Genova. Ha condotto ricerche in Benin, Burkina Faso e Mali, oltre che sulle Alpi.
Non un libro sull’Africa, ma su alcune persone incontrate nel corso di quasi trent’anni di viaggi. Sono le storie raccolte da Marco Aime. Donne, uomini, bambini visti prima con gli occhi frettolosi e a volte poco saggi del turista, poi con quelli più attenti del ricercatore e dell’amico: delusioni e grandi gioie. Tanti giorni passati nei villaggi all’ombra di un mango, nelle buvette male illuminate a bere birra, per le vie caotiche e inquinate delle città, tra le bancarelle colorate dei mercati, nel silenzio polveroso dei deserti. A chiacchierare, a guardare, ad ascoltare, scrivere, fotografare. Sempre senza la pretesa di capire fino in fondo storie, culture, tradizioni con le quali al massimo, dopo tanto tempo di convivenza, riesci sì e no a familiarizzare.
La Francia non è riuscita a convincere Pechino ad abbandonare la minaccia di imporre dazi sul Cognac e sull’Armagnac, i prodotti più pregiati del Paese.
I was recently interviewed by Michelle Goodall for her Meet the Community Builders series. I originally met her as a fellow member of the Community Pros of London meetup group.
Michelle was also recently named in the first Independent Impact 50 Awards recognising her impact and professionalism, which I’m absolutely thrilled to see – I’ve come to know her as a brilliant community professional and consultant, so this this feels like a really appropriate reward for her work. We had an interesting discussion about my career, how I got involved with communities over time, and also had a chat about how Mastodon and the Fediverse fit in.
I hope you enjoy the conversation, and hear some of the lessons I’ve learned over my time in different online and in-person communities.
Share this post from your fediverse server https:// Share
This server does not support sharing. Please visit .
Andy Piper is Head of Communications at Mastodon. He shares his insights about community strategy, building community and explains how Mastodon can be a successful element of a community ecosystem strategy.
Conservative South Korean presidential candidate Kim Moon-soo on Thursday condemned the unanimous impeachment verdict against former President Yoon Suk-yeol as reminiscent of “communist” North Korea, a framing one expert described as “dangerous” rhet…
Falls Du der Nutzung Deiner Daten zum "Training" der künstlichen Intelligenz durch alle Meta - Anwendungen (#Facebook, #WhatsApp, #Instagram & Co) widersprechen magst:
"Metas Vorgehen verstößt aus unserer Sicht gegen europäisches Datenschutzrecht. Die Verbraucherzentrale NRW hat Meta deshalb erneut abgemahnt. Weil das Unternehmen an seinen Plänen festhält, hat die Verbraucherzentrale NRW eine einstweilige Verfügung beim Oberlandesgericht Köln beantragt. Wer widersprechen will, sollte das trotzdem machen!"
Warum ist das ein Problem? "Sind diese Daten (alle Nachrichten, Fotos, Beiträge, Kommentare etc.) einmal für das KI-Training verwendet worden, lassen sie sich nicht mehr zurückholen oder löschen."
Es eilt: Ab 27.05 werden Deine Daten von Meta genutzt, wenn bis dahin kein Widerspruch vorliegt ...
Meta will in Europa öffentliche Nutzerinhalte fürs Training der KI "Meta AI" verwenden. Sie können der Nutzung Ihrer Daten widersprechen, den Chatbot mit dem blauen Kreis aber nicht abschalten.
Stefano Galieni* Se ne è andato un compagno di tante lotte condivise e resto, mi si scusi se parlo in prima persona, attonito, addolorato, indignato, incred
Un importante appuntamento a sostegno delle lotte queer, storicamente marginalizzate, invisibilizzate e duramente attaccate dal regime di guerra reazionario al governo in sempre più paesi
Dear #Letsencrypt, you helped secure millions and millions of servers, not just web servers. But your announcement at letsencrypt.org/2025/05/14/end… about ending Ending TLS Client Authentication Certificate Support in 2026 because Google changes their requirements would result in your certificates becoming a possible risk for ensuring SMTP traffic. Please think again. Please.
Let’s Encrypt will no longer include the “TLS Client Authentication” Extended Key Usage (EKU) in our certificates beginning in 2026. Most users who use Let’s Encrypt to secure websites won’t be affected and won’t need to take any action.
Just at the time where all over the world discussions are happening to move mail servers back into organisations big and small instead of relying on the big email providers, due to risks associated with centralising email at (US) providers, you are willing to make life even more complicated for us postmasters. This is not what you should be doing. You should make it easier to use encryption instead of telling us postmasters find out ourselves where we can buy certificates in future.
Sure, #LetsEncrypt, you can say that using certificate based client auth is a minor use case and that this functionality was never guaranteed to always be available and all of that. But the fact stays: you are removing a feature from your certificates that has been here for a very long time, just because Google demands this. Why Google wants this? I will ask them. But I am quite sure that this #oopsie side effect is not an oversight.
- prior to June 15, 2026, include the extendedKeyUsage extension and (1) only assert an extendedKeyUsage purpose of id-kp-serverAuth OR (2) only assert extendedKeyUsage purposes of id-kp-serverAuth and id-kp-clientAuth. - on or after June 15, 2026, include the extendedKeyUsage extension and only assert an extendedKeyUsage purpose of id-kp-serverAuth.
The document doesn't explain why dropping clientAuth is now required
This means that you would have to run separate CAs/PKIs (Certificate Authority/Public Key Infrastructure) for certs that Google accepts to trust (with only ServerAuth allowed) and one for certs with other EKU (Extended Key Usage) features (like ClientAuth). For server admins that results in two different certificates per server/domain name where right now you have it "all in one".
Addendum: This will have impact on many solutions that use mTLS (Mutual TLS).
"Could my mTLS or cloud-API use cases be affected?
Yes. Any system using public TLS certificates for mutual TLS or machine-to-machine calls—rather than separate ServerAuth and ClientAuth certificates—will break once Chrome distrusts mixed-use intermediates. Financial institutions and service-mesh deployments are the most common examples."
As of June 15, 2026, public TLS server certificates must no longer include the Client Authentication EKU. It will carry significant consequences for financial services.
Addendum 2: Google wants TLS certificates to ONLY have the ServerAuth EKU. Any other EKU [1] in a certificate automatically means the certificate is NOT trusted by Chrome from mid next year.
What other EKUs exist and do you think it makes sense to exclude them all? IMHO this is a radical approach to TLS. But it seems to be the accepted position. No more certs with any EKU but ServerAuth.
i don't know / don't understand, why they stop issuing this certificates completely. as far as i understand it would be possible to add a profile to get certs with e.g. client-auth eku but without server-auth eku...
Would be more hassle as you could not use the same cert anymore but at least there would be a solution without fiddling with my own private pki ...
@IchEben IMO this would be a reasonable position for LetsEncrypt, have two PKI hierarchies: one for server auth (prb 99% of their use cases), one for client auth (1%) to separate the root certs, and keeping the client auth root out of Googles hair.
[Edit] this allows other cert distributions for servers (eg debian ca-certificates package) to continue to support client auth out of the box too.
@phlash Yep. And they could allow more EKUs on the second PKI. CodeSigning, MailProtection. LetsEncrypt should be more than just the minimal ServerAuth that Google will accept. @IchEben
Let’s Encrypt will no longer include the “TLS Client Authentication” Extended Key Usage (EKU) in our certificates beginning in 2026. Most users who use Let’s Encrypt to secure websites won’t be affected and won’t need to take any action.
@larsmb If you operate server A and B, both have their private key. Then you can tell server A to accept any mail from a server that presents Bs key. In that case, B key is used as client cert (even though the same cert is used as server cert if someone from outside connects to mail server B)
@david_chisnall @AndiBarth @larsmb PKI let's any client or server be trusted by only requiring they are verified once by a trusted third-party. In the US, there are legal benefits to this with data leaks, etc.
PKI let's any client or server be trusted by only requiring they are verified once by a trusted third-party.
Which is totally irrelevant for the use case under discussion in this thread (allowing a mail server under your control to establish an authenticated connection to another mail server under your control). Allowing machines not under your control to connect is the thing that you are trying to prevent. The fact that public PKI makes this possible is a bug, not a feature.
Sure, using Microsoft as mail hoster was always a stupid idea, but this is the proof why.
There was always the question if you could trust LetsEncrypt as US entity. The answer is now clear: No!
The US WANTS to monopolize e-mail, and use it to sanction enemies.
There are two things to do now:
1. Change the Mail Server code so that incoming connections are ok when they present a server certificate
2. Scold LetsEncrypt. At least DNS-verified client certificates need to be possible (for mail-only servers, DNS verification is the way to go, anyways).
@david_chisnall The problem is that LetsEncrypt et all will stop issuing certs with any EKU *except* ServerAuth. So no more Certs with ClientAuth, CodeSigning, MailProtection or any other EKU. And setting up your own CA/PKI is not just a handful of openssl commands, as you very well know. Getting the root CA in the trust store on a Linux machine might be doable, but adding new root CAs to the trust store on devices like iPhones, Android is a very different story @larsmb @Jpbrosnahan1 @AndiBarth
That not everyone out there can run a private CA/PKI and demanding that to be the requirement is an exclusive and not inclusive approach.
I find it hard to imagine that there are people who are capable of deploying the kind of systems that creates a need for PKI, who cannot run the tiny handful of openssl command line commands it needs.
Being able to configure a web or mail server that works with Let's Encrypt is at least as hard. Even installing a web server is almost as hard.
And that's assuming that they use the openssl command line directly. There are (open source) packaged wrappers that make it much easier.
While a lot is being talked about the security aspect, I have yet to see examples of security breaches caused by having ClientAuth EKU in a certificate
The problem is not having a ClientAuth EKU certificate, the problem is having a certificate that has both ServerAuth and ClientAuth EKU flags. These are different uses. A certificate is never simultaneously used for both. If you are establishing a connection and presenting a certificate, you want a client certificate. If you are accepting an incoming connection and presenting a certificate, you want a ServerAuth certificate.
Combining the two violates two of the most fundamental principles in computer security:
The principle of least privilege. A certificate that combines the two violates this because it is combining two things that are never used together and so should be separate.
The principle of intentional use. A certificate that combines the two violates this by providing a certificate that is easy to use in the wrong case.
There have been compromises as a result of trusting certificates that were issued for server use as clients and vice versa. This is why EKU was added in the first place, setting both the client and server EKUs misses the point. I'm not sure why LE ever did this. Especially since they've explicitly said on numerous occasions that they don't issue client certificates (which is a shame, I wish they'd provide a flow for issuing S/MIME certs).
Their certificates have very limited use for client auth. Most of the time you want more than a domain name when authenticating clients. You want to authenticate users and you want to authenticate them with some specific claim.
Server certificates are simpler because the claim that you want to authenticate with the certificate is that the owner of the domain name that you think you're connecting to is responsible for the other endpoint. With client certificates, simply binding to a domain rarely makes sense. For situations where this actually is what you want, protocols often use dial-back, where the server establishes a connection back to the server, which tells you both that they have the certificate for that domain and control (or can hijack connections to) the IP associated with that domain (XMPP does this, for example, because early 2000s anti-spam ideas thought that knowing the sending domain was useful, but this doesn't work for email because relaying complicates the whole thing).
@david_chisnall @Jpbrosnahan1 @AndiBarth But setting up a "PKI" for my (private/personal) use client certs (where I don't want an outside party to know the private key, nor there be any record in a public cert log) was quite easy?
The linked article (digicert.com/blog/how-the-clie…) drives this point home: "separate public and private trust" and suggests this makes sense?
I use mTLS quite a bit for my setups and using LE for that hasn't ever crossed my mind.
As of June 15, 2026, public TLS server certificates must no longer include the Client Authentication EKU. It will carry significant consequences for financial services.
@larsmb Yes. That not everyone out there can run a private CA/PKI and demanding that to be the requirement for any EKU except ServerAuth is an exclusive and not inclusive approach. While a lot is being talked about the security aspect, I have yet to see examples of security breaches caused by having ClientAuth EKU in a certificate. @david_chisnall @Jpbrosnahan1 @AndiBarth
L'appello di Globalist. Noi non abbiamo la copertura mediatica di altri. Per questo chiediamo a tutti di far circolare questo appello e condividerlo il più possibile. Non possiamo restare inermi
Deb Zaccaro-Rojas
in reply to Khurram Wadee • • •