Being an anarchist is often misunderstood. Many people think it's about breaking all rules and creating chaos. Additionally in my country, even mainstream media are mistakenly saying vandalism is equal to anarchism. This make me shake my head as they don't understand what anarchism really is. I've been practically doing anarchism value in my immediate social circles. I contribute to education, I reject about structural group in college especially for making decisions and I educate people about abstaining from political participation because no politicians can truly be trusted. I often share my thoughts on social issues from an anarchist point of view. Like most anarchists, I believe in building a society aligned with anarchist values. But still, I don't want anarchism to be applied in our society yet, in any state. Why?

Too Extreme for People to Accept

Anarchism is seen as “too far left” ideology, unlike socialism or communism, we reject hierarchical rulers. Everyone should be treated equally and all opinions should matter (as long as they're logically sound). But most countries today are run by conservatives who uphold capitalism, which is the complete opposite anarchism. These governments are elected by the conservative citizens, so the system and the people share the same ideology. Which makes it harder to spread anarchist values. By definition, conservatism is a commitment to traditional values and ideas with opposition to change or innovation. Capitalism has been dominant for over a century. That's why people fear radical change. Which leads to the next point.

Historical Failures of Leftist Ideas

The Soviet Union was once the biggest leftist state in the world and it collapsed. Many people now see that as proof that leftist ideologies don’t work. They say systems like socialism or anarchism are too utopian to survive in the real world. Because of that fear, anarchism is seen as unrealistic, even dangerous.

Anarchism Is Misunderstood

This ties into ignorance and media literacy. Many people think anarchism means “no rules” e.g. total chaos, violence, people killing each other. That’s NOT what anarchism is. As I mentioned earlier, the media here even label May Day protests as “anarchic” just because of vandalism or people spray-painting walls. That’s not anarchism, that’s just destruction. These false narratives shape public misunderstanding.

Bad People Still Exist

This is the main reason I don't think anarchism can work right now. There are still people who will take advantage of others if laws don’t exist. Legal systems, even if flawed, can still restrain some bad behavior. But in a world without written laws? Those people would feel free to exploit, harm, or abuse others. It’s like saying morals come from religion. If religion disappears, would some people suddenly start robbing, raping, or killing? That’s the scary part.

People today still need to learn how to be decent human beings and open themselves to new perspectives. Only then can we start introducing anarchist values in a real, meaningful way.

via Jürgen Hubert – @juergen_hubert@mementomori.social

Not far from the village of Retzin, which lies about one and a half miles away from Penkun, there is a long, tall hill and beneath it lies a lake commonly known as the Leichensee (“corpse lake”). On the hill, which is now overgrown with shrubs, there used to be a bandits' castle, whose remains can be spotted now and then amidst the shrubbery. The whole hill is therefore still called the Burgwall (“castle wall”)[1]. The bandits who lived in the castle threw the corpses of those they slew into the lake, from which the lake derives its name. The murdered and the murderers are said to haunt the lake and its environs in some nights, and nobody likes to visit the area after dark. Another tale gives us more details: The Leichensee is in the middle of two spots where two castles used to stand, and where now the villages of Lökenitz and Ramin can be found. These two castles belonged to a villainous robber knight named Hans von Ramin. The river Randow, which flows through the lake, was traversable by ships in those days[2] and thus it was common for ships to pass through the lake. The knight with his bandits only waited for those moments, and he had constructed an ingenious contraption which aided him in capturing those ships. He had put down two chains across the lake which were about 50 feet apart, and which were about two inches above the water when they were stretched taut. Whenever he saw a ship approaching in the distance he and his bandits hid in the reeds at the shore of the lake and left the first chain slacken so that it would be below the surface of the water. But when the ship had passed over it, he pulled it taut again. And thus the ship was stuck between the two chains and could go neither backwards nor forwards, and he and his bandits swarmed over it, slaughtered the crew, and took all of its goods. The corpses were thrown into the lake, on the side of the long hill[3]. It frequently occurred that the bandits discovered a larger crew on the ship than they had anticipated. In these cases they rang a large bell, which they had hung up at the shore for this very purpose. Then reinforcements would arrive from both castles. This bell fell into the lake after the death of the knight. It remains there, and at noon on St. John's Day it is still possible to hear its ringing. Source: Temme, J. D. H. Die Volkssagen von Pommern und Rügen, 1840. P. 202-204.

As a profession, cyber/information security has been telling itself that it is “risk-based”, but often fails to live up to that in practice. We see this from hyping threats because they're cool and make for a good conference talk, to having to make a market for a new Gartner product category.

We therefore often mistake the possible for the probable, and the PoC for a Production threat we have to invest to fix. Nowhere is this more extreme than in post quantum cryptography (PQC) and the false urgency of fixing it now, just in case.

Crypto Agility and PQC

Don't get me wrong. Crypto agility and PQC are good things. It is good to know which libraries in your code provide crypto functions so you can keep them up-to-date, whether for PQC or otherwise. That is not the debate. What I have trouble with is the urgency on a problem that everybody agrees to isn't real yet. There are no working quantum computers. Estimates are 5 (optimistic) to 10 (more realistic) to 20 (maybe) years out. Are we still doing risk-based infosec if we're spending time and effort on a problem that realistically won't occur for years?

Are we, when most organizations can't even keep on top of known vulnerabilities or running an effective CSPM program? Between your phishing defense, ransomware resilience and XDR adoption, where does this rate?

“Harvest Now, Decrypt Later” isn't Real

“Oh, but adversaries could capture TLS traffic, store it till a later date and decrypt when quantum computers are viable”.

Yes. Theoretically. But TLS + storage for 10 years is not free – especially when you consider the volume of TLS traffic that runs across the internet on a continuous basis. Google Search gives me daily internet traffic volumes running from 33 exabytes to 0.4 zettabytes which is quite the range, but enough to make it clear that is “stupid scale”. Therefore, simply due to volume, any HNDL would have to be targeted. Unless you're a foreign government or critical industry, that almost certainly already puts you outside of danger.

But BGP Hijacks...

BGP hijacks do happen, where adversaries route vast traffic volumes through infrastructure they control. This is almost certainly to capture metadata, not to HNDL. Even after filtering, what worth is a snapshot of a few hours or days after a decade? At the very least you'd want a continuous stream.

BGP hijacks would be incredibly wasteful to adversaries – storing data in the hope a fragment of a conversation might one day prove useful.

What About Targeted Organizations or Journalists?

If you're a targeted organization watch your XDR and network detection! If you're a journalist, use safe modes and reboot often as surveillance tools targeting you are already on the market.

You're WRONG, I have Clearance and Know it Happens

Very good. And maybe it is, but that still doesn't mean it's a threat. Those adversaries may believe it and waste their time. And you should still start your crypto agility program if not already done, for reasons nothing to do with PQC. Either way, I am happy to admit I am wrong, if that proves to be the case a decade from now. I'll wear the badge “PQC, The One I Got Wrong”.

But I'll take those chances. At least as long as the front doors remain wide open in most of our organizations.

WriteFreely is very similar to and may be a sister project of WordPress. However, after following the Fediverse instances, regardless of potential issues, the truth is that there is no such WordPress.org-based server that supports external accounts thus far.

Welcome to the Fediverse!

Hello! Welcome to the Fediverse!

WriteFreely is very similar to and may be a sister project of WordPress. However, after following the Fediverse instances, regardless of potential issues, the truth is that there is no such WordPress.org-based server that supports external accounts thus far.

WriteFreely is very similar to and may be a sister project of WordPress. However, after following the Fediverse instances, regardless of potential issues, the truth is that there is no such WordPress.org-based server that supports external accounts thus far.

WriteFreely is very similar to and may be a sister project of WordPress. However, after following the Fediverse instances, regardless of potential issues, the truth is that there is no such WordPress.org-based server that supports external accounts thus far.

I bought one so you don't have to. (Edit: at least until Eaton supports Matter over WiFi)

These devices connect to Azure IOT Platform. While I am sure Eaton has a great deal for that, it means that every time I turn the lights on or off, Azure gets paid a small amount of money.

The switch, while not multi-touch capable, will wait 0.5s before turning the load on or off.

In an event of a network connection disruption, when you are back online the switch will take ~5 minutes to become available in the app. There is no local control even though the ESP32-C3-MINI1 (datasheet) module can do this. The unit is provisioned with WiFi credentials over Bluetooth but other than that Bluetooth is not used.

And when you use schedules, the status LED does not correspond to the actual state of the switch.

I am still debating whether to give Schneider Electric Matter-over-WiFi a try, but the more I read the specs the more I become convinced that Z-Wave network I already have is the best.

Edit: https://www.eaton.com/us/en-us/products/wiring-devices-connectivity/Matter.html suggests that at some point these WiFi devices will gain Matter support. If/when that happens, these switches, dimmers, and receptacles will become much more useful.

In case you want more #IOT in your life, Eaton ships remotely actuated circuit breakers.

The breakers are provisioned using a “BlinkUp” system through your phone. You start the provisioning on your device, then put your screen to the sensor on the circuit breaker, your screen blinks a number of times sending WiFi credentials to the device, and then the latter connects to the Electric Imp servers. Eaton is using impOs as the basis of their offering, and Electric Imp is adamant they are secure.

Now, Eaton provides API to these circuit breakers – https://api.em.eaton.com/docs, but there is no true local access – there is apparently a way to get local control, but your device must phone home weekly to receive configuration that would allow you to talk to your device locally.

As I was writing this I decided to scan GitHub for the URLs I found so far, and, well, people smarter than me have already written a home_assistant integration against #SEW, but it is a bit different from what I saw in the field:

• https://github.com/cnecrea/hidroelectrica

I'd still like to describe how to locate the endpoints and the login process, so here we go...

This is the second post about #SEW SCM API – Smart Customer Mobile API by Smart Energy Water, this time we will learn about different APIs using real world utility websites.

It appears that there are at least two different API “flavors”. The one that uses ModuleName.svc/MethodNameMob naming convention and usually resides under PortalService endpoint, and the newer one, which lives under /API/.

So e.g. Nebraska Public Power District has endpoints at https://onlineaccount.nppd.com/PortalService/, e.g. https://onlineaccount.nppd.com/PortalService/UserLogin.svc/help. Rochester Public Utilities runs a different set of endpoints, with the root at https://connectwith.rpu.com/api.

The endpoints for the latter API can also be browsed at https://scmcx.smartcmobile.com/API/Help/.

Different utilities pay for different set of modules, and here's some of the modules I have discovered so far:

• AdminBilling
• CompareSpending
• ConnectMe
• EnergyEfficiency
• Generation
• Notifications
• Outage
• PaymentGateway
• Usage
• UserAccount
• UserLogin

For /PortalService/ endpoints you can visit BASE_URL + /PortalService/ + ModuleName + .svc + /help to get the list of RPC calls you can issue. In order to find out what to send in the requests, you need to look into the calls within the apps for your utility. Note that some utilities opted out of the AES/CBC/PKCS5Padding PasswordPassword encryption, so let's hope this will be a trend forward. Currently SEW web portals talk to a completely different set of APIs to populate the interface, even though they are querying the same thing.

So to start, here's how to login to your favorite utility:

from typing import Mapping, Any

import base64
import json
import hashlib
import requests
import urllib.parse

from Crypto.Cipher import AES

BASE_URL = "https://example.com/PortalService"


def _encrypt_query(
    params: Mapping[str, str], encryption_key: str = "PasswordPassword"
) -> str:
    """Encrypt with AES/CBC/PKCS5Padding."""
    cipher = AES.new(encryption_key, AES.MODE_CBC, IV=encryption_key)

    cleartext = urllib.parse.urlencode(params).encode()

    # PKCS5 Padding - https://www.rfc-editor.org/rfc/rfc8018#appendix-B.2.5
    padding_length = 16 - len(cleartext) % 16
    cleartext += padding_length * chr(padding_length).encode()

    return base64.b64encode(cipher.encrypt(cleartext)).decode("ascii")


def request(module: str, method: str, data: Mapping[str, Any]) -> Mapping[str, str]:
    enc_query = _encrypt_query(data)
    # Or module + '.svc/'
    url = BASE_URL + "/" + module + "/" + method

    resp = requests.post(url, json={"EncType": "A", "EncQuery": enc_query})
    if not resp.ok:
        raise Exception(resp.status_code)
    return resp.json()


password_digest = hashlib.sha256("PASSWORD".encode()).hexdigest()
# Or ValidateUserLoginMob
response = request(
    "UserLogin",
    "ValidateUserLogin",
    {"UserId": "USERNAME", "Password": password_digest},
)
print(response)

response will contain some object, you will need LoginToken and AccountNumber to proceed with most of the other calls.

It's a bit awkward that different utilities have different endpoints, which makes creating a universal client challenging, so for now I am researching the ways to get info from the Usage module. The parameters are weird (“type”: “MI”, or “HourlyType”: “H”), but we will get there.

Once upon a time I learned about Opower HomeAssistant integration. But my utility does not use Opower, it was using something called “Smart Energy Water”.

Smart Energy Water, or #SEW is a SaaS provider, and they ship the whole thing – the backend, frontend, and the phone apps, the latter under the name SCM, which means Smart Customer Mobile.

So I embarked on a journey to figure out how these phone apps worked and, if successful, get my data out and into homeassistant.

APK

I pulled an APK of my utility from Google Play Store and found that something secret is hidden in a libnative-lib.so binary, under com.sew.scm.gcm.SecureConstant, under a few methods returning String, and some methods that decrypt these strings using a heavily obfuscated set of routines, which essentially XOR'd (in case of Android APK) the values of gcm_default_sender_id + google_app_id + Android_App_RatingConstant_File, all the values from the strings.xml within the app resources.

One of the decoded tokens contains a key for request encryption. It was ...

PasswordPassword

SCM apps use private APIs. In order to remain private and hard to use the requests are encrypted.

You urlencode the parameters into key=value&key1=value1... form, then encrypt the resulting string using AES-CBC with PKCS5 Padding (16 bytes variant) using PasswordPassword as both the key and IV.

Then you send {"EncType": "A", "EncQuery": "base64-encoded-encrypted-string"}, and receive response from one of the .../API/Module/MethodName endpoints. The response will be JSON with no extra encryption, so it is definitely a deterrent against making requests, not a security feature.

Login

Armed with that knowledge, and some help from exposed API listing on one of the utility websites I found that I need to use ValidateUserLoginMob call expecting userid and password.

However, password had to be base64-encoded result of applying a secret scheme from that SecurityConstant module above. It is always SHA256.

So my first https://utility.example.net/API/UserLogin/ValidateUserLogin was a success, I got LoginToken and AccountNumber, which was all we needed to start poking APIs.

Tada!

If your utility uses SEW SCM, i.e. one of these at https://play.google.com/store/apps/developer?id=Smart+Energy+Water, you should be able to get API listing by visiting the web interface, and appending /API/Help. Or, if your utility runs an older version of SCM, replace /portal/ with /portalservice/UserLogin.svc/help or /portalservice/Usage.svc/help. You may get the .NET API definitions.

I was sent to a psychiatric hospital experiencing a “haunting”. It was one of those old school places that looks like a mansion out of a horror movie, a place that people spend a great deal of money to get access to. As usual, I was handed a folder and USB drive full of research the investigative team had already completed. This building had a series of unused sub-levels from the bad old days and an honest to god death tunnel. The dead don't bother me so I snuck in through the external hatch, where they used to occasionally remove the bodies. I'll skip the gory details if you don't mind and get right to setting up camp in the unused administrative office in the abandoned sub-level. Ears aching, neck hairs standing up, gooseflesh, like a cold spark pulsing through the whole place. I disguised myself as maintenance before grabbing my toolkit and heading up the stairs. The drywall dust only served to make my appearance more convincing. I did odd jobs around the place, listening, gathering intel. Patients escaping their rooms was too common to narrow down, but talk of a frozen swimming pool pointed me in the right direction. I had to be close. Walking down a wide, empty hallway, I heard something plink and stopped. “You dropped a button,” a husky voice said. I looked down and saw, sure enough, a button on the linoleum behind me. As I bent to pick it up, I got a look at the feet of the being who'd spoken to me. It was about an inch off the ground, barefooted, skin dry as stone and cragged, spotted with brown and gray. My heart rate was steady, my breathing normal, I chuckled to myself. “Thank you,” I said as I stood up and saw the whole thing. It was morbidly obese, pale and dry as a porcelain doll, and stark naked. Fat hid any discernible sex. Long white hair floated around its head like a bleached anemone. Eyes were yellow surrounded by black and the mouth was little more than a horizontal slash. No smell other than ozone. “I haven't seen you around,” I said. “Oh?” it said. “I'm new here.” I held up the button. “Thanks again, uh…Miss…ter?” I said, gazing expectantly. “It's Doctor, actually,” it said, without moving its mouth, “Doctor Sharpe.” “Thank you, Doctor Sharpe, then.” I turned and started to walk away. When you encounter an entity during a haunting, they typically want to be seen. The theory is that they literally feed on your strong emotions, your reactions. “Wait a moment,” it said in a softer tone. “Yeah?” I didn't turn around. “Would you—like to play a game with me?” I grinned and I'm sure it felt my elation. “I thought you'd never ask,” I said and turned back to face it. There was a table in between us that hadn't been there. “Nice,” I said, running my hand over its obsidian smooth surface. The entity was standing on the other side, no longer a floating ball. White hair hung down its oval face, wearing the same yellow eyes but with a delicate nose and pink lips around the mouth. Broad shoulders were draped with a white gown more appropriate for a gothic sleepover. She was smiling, shaking her cupped hands as something jingled inside. “What's your name?” she asked, showing her yellow teeth this time. “Anderson,” I said, giving her an alias. “I don't think so,” she said, tilting her head, her hair fluttering briefly to life. My ears tingled, and my hair ruffled just a little under my hat. A breeze ran down my sides to my feet, up my calves and thighs, met in my crotch, ran up my torso, by my chest, then split and went down both arms. She knew me now. Whether she'd be intrigued, confused, or angry remained to be seen. “Ooh,” she said and that was all. Coins clanged on the table as she opened her hands. They were colored, shaped, and sized like American quarters but without the ridges. “Take some,” she said. “And keep your button out.” I counted out four and slid them over in front of me. Picking one up, I glanced over, “May I?” Her yellow teeth smiled back as she nodded. Dense, heavy in my fingers, like real metal. Looked like cuneiform writing and instead of George Washington and an eagle, it was something like a lamprey's mouth on one side and a burning bush on the other. “You can see?” she asked, squinting. “Yeah,” I said. “A real beauty.” And it's true. I've seen lots of manifestations and this one was extremely detailed and surprisingly solid. In other words, this place was very, very tangled with the other. I stacked the coins in front of me and put the button beside. “So, Doctor Sharpe,” I asked. “What are the rules?” Her hair twitched. “Please call me Amelia,” she replied. “Okay, Amelia,” I said. “Then you can call me Alex.” She leaned in, asking, “Is that short for something.” While her hair started to writhe. “Maybe,” I told her, visibly grinning. I can play games, too. Sometimes, they like that. She leaned back and I felt nothing but anticipation from her. “You've already stacked the coins, I see. “Put your button on top of them.” I did as I was instructed. When I looked over at hers, the table had a mock temple made of old cardboard tubes from toilet paper and paper towels. I blinked a few times and it was still there. Another thing about hauntings. Even though we are tangled with another reality, there are still some things we aren't able to see. Our brains can't interpret it. As a safety mechanism, it'll hide things from us until they can happen when we aren't looking. When you look away, when you turn your back, when you blink your eyes, then your brain lets you see the change. You couldn’t see it happen. That's not possible. So I blinked to make sure she was done modifying the table. “You can go first, Alex,” she said. “You have to use your finger to flick the button at the temple. “The goal is to be the first person to knock it down.” The button on her stack of coins glinted when I tilted my head. “That hardly seems fair,” I said. “What would you prefer?” she asked. I looked down and saw my coins and button were replaced with food. I looked up and the temple and everything was now desserts. “First one to finish eating the temple?” I picked up one of the pastries and took a bite. Flaky, honey sweet, hint of pecan, powdered sugar on top. “Extremely good job on these,” I said. “They taste freshly baked.” “I'm glad you like them,” she replied, the table now covered in sweets of all kinds. Instead of eating more, I put it down. When they give you food, you have no idea what you are actually eating. You really don't want to know some of the things I've put in my mouth. She frowned, bunching up her bottom lip. Frustration. “I thought you wanted to play?” she said. “Actually, I'm down here because I heard about a frozen swimming pool. “Was that you?” Her hair danced. “They really seem to like it,” she said. “I'd like to see it, too, if that's okay.” She pointed beside us. “It's right there.” And it was. An Olympic sized swimming pool, frozen solid. I could see people at the far end. There was a faint impression of ice skaters, of Christmas trees, of carolers singing. “Christmas,” I said. I felt myself slipping into it, could smell hot cocoa and cookies, could feel a fireplace nearby. “It is lovely,” I said before shaking myself out of the reverie. “I cannot image how much effort that must have been to create for them.” Her face was stoic, stern, but her yellow eyes were moist, red tears welled. “They deserve it,” is all she said before she and her entire table slid into the floor and vanished. I hadn't felt malice or mischief, only remorse and pity. I headed toward the crowd, the illusion playing at the edges of my senses, eager to pull me back in coming in waves with a dull thump each time. As I got closer, I saw them pointing out on the ice, laughing and hugging, pretending to drink mugs of coffee or cocoa that were real to them. And the thumps got louder and louder. In fact, the thumps were so loud they had to be real. I looked over the ice, underneath the illusion of kids ice skating and throwing snowballs, underneath the sleds and snowmen. I saw something under the ice. A black mass moving and pushing up and failing to find a way out. It was desperate, I could feel that now that I knew it was there. I went out on the ice to the shouts of the others telling me to get off because I wasn't dressed for it, to stay out of the way, to be careful, to be nice to the kids. I knelt down and felt the ice. It wasn't cold. I still had my toolkit. No axe, but a hammer and a flat-head screwdriver might do. I started tapping, chiseling, then banging. The others were angry now, yelling that I was putting their kids in danger, that if I wanted to fish I'd have to wait until after the kids were done playing. The “ice” chipped like old concrete until I had a hole big enough to stick a hand through, an arm. It was only an inch thick. I had no idea how it was even holding my weight. The water was a syrupy but I waved my hand as much as I could until the black mass saw me and swam toward me. The “ice” bulged up under its pressure but wouldn't break. I pulled my arm out of the hole and pressed my ear to it instead. “Free me, please,” whispered. “Free me, please,” again and again. Hope and fear in equal measure came from whatever it was. At this point, I had an idea of what was down there and I hoped my hormones would keep me safe. I hammered and hammered, hearing her voice from the water the whole time, hearing the people screaming, begging me to stop, but unwilling to come out on the ice. Until it was a hole big enough for a person to climb out of, or be pulled into. I put both arms in the slushy water and told her to come to me. The black mass was already underneath and I felt its weight. I felt its urgency and its hesitancy. I felt it taste me, a tingle running through both arms all the way to my core. It pulled slightly before reversing and allowing me to pull it up. It resembled a horse, a bundle of wet grass, a pile of stones, a hag, a maiden, until it was simply a woman with green skin and seaweed for hair. I'd been so fascinated that I was able to see the transformations, the shifting, the refocusing of reality with my own eyes that I didn't hear the crowd's crying until it was over. The water sprit pierced my soul with a glance, looking me up and down. “Hmmph!” the green woman said, shaking her head. “Oh,” I said, putting my right hand over my heart and raising my left hand in a symbol involving the first and second fingers as well as the pinky and thumb. “By the secret name inscribed on my soul, I release you from any and all obligations borne of this transaction.” That got her attention. “Thank you,” she said reaching a trembling hand toward my face. I did not pull away as she touched my cheek. She had tropical lagoons for eyes, like a warm bath, like a mother's embrace. It was another glamour, of course, but I allowed it, almost against my will. Almost. I was on a beach. The ocean's roar behind me like an out of tune radio. She was in front of me, wearing a Tahitian pāreu, fragrant flowers in her thick, black hair, brown skin instead of green. “I'm so tired of the snow and ice, so tired of Christmas,” she said, looking up at the sky and squinting. I heard music, singing, like a choir but it was just her laughing as she spun in place. “I'm free!” she sang. “You freed me.” She stopped spinning and faced me again. She was getting closer but not walking. “Why did you reject your prize?” She was circling me but also still standing in front of me. I felt her eyes all over me, I felt her probing me. The sky turned to storm clouds. I looked down, closed my eyes, to avoid her million eyes. I answered, “You tell me. “By now, you know me at least as well as I know myself.” The sun returned. “You aren't like the men and women I normally meet,” she sang. I felt the urge to lift my head, a gentle breeze stroking my chin. “Please look at me,” she pleaded. I took a deep breath, faced her, opened my eyes, and saw her. She was beautiful, of course, like a live action Nani Pelekai? My heart fluttered as if she was my first true love and heat flooded out to my hands and feet. I wobbled, nauseated, like I might stumble or fall to my knees. “You do have a heart, after all,” she sang, “and I see how it beats.” I felt the warm breeze circling around my ankles, looked down, saw myself clearly for the first time. I, too, was dressed in a bright pāreu, barefoot, dark skin. Not my body. I tested my muscles to see how real I was: toes, feet, calves, knees, thighs, pelvis, stomach. Wait. Something was different. I went numb. Something was different. Impossible, but as real as my own flesh. My hands trembled, stomach racked with nausea, my legs buckled, I was on the ground, sand in my mouth and eyes. Tears, great torrents and I couldn’t stop crying. I couldn’t stop. I heard her fluttering toward me. “You refused my gift before I even offered.” She paused. “And it was because you thought you were doing me a favor.” She put a steadying hand on my naked shoulder. “That thing trapped me,” she said. “It told me to give them their children back. “I didn't even take their children.” I heard her kneel down beside me. I felt pity from her, pity but also longing. I shivered at her breath in my ear. “But you rescued me.” I couldn't see her through my sobs. I could barely hear her as I forced myself to remember this, to remember it. The ocean was coming in. Not sure how I could tell, but it was coming in fast. “Thank you,” she whispered, voice like an ice pick. It was a phrase that carried power, when a fae speaks it is wise to consider that any words can be full of power and magic and gratitude, genuine gratitude, is powerful indeed. Then I was lying on the false ice, lying in my own snot and tears, surrounded by grieving parents. The sorrow, the emptiness, drove away whatever had been haunting the place. I could feel that almost immediately. I carved some carefully designed sigils around at precise locations to help anchor against future resonance. I went back out the same way I came in, hiked to my concealed vehicle, climbed inside, and cried for an hour. I drove home in mute resignation of what I'd been allowed to experience. I left the personal details out of my full report, but they've never left me. And. Sometimes. When I dream. Instead, I'm back on that beach. I look out at the ocean, at the eternal cycle of waves in and out; at the horizon in the unreachable distance. I hear singing. But. This time. It's just the birds. I feel the sand between my toes, I smell the brine, the seaweed, fruit trees in the distance. I feel the warmth of the sun that never sets, the breeze that meanders along the water line. I sit in the surf, rubbing my belly, savoring every sensation, marveling at what I should not have. Waiting for her to come back. So I can tell her, “thank you.” But she never will.

---

#WhenIDream #Dreams #Dreaming #Dreamlands #Writer #Writing #Writers #WritingCommunity #WritersOfMastodon #ShortFiction #Fiction #Paranormal

Hello world!

I write this as a test to see what’s possible on infosec.press.

Can I use markdown? Yes I can!

Did the use of my browsers ‘back’ button spawn a new post instead of an edit? I think it did.

The agreements on data sharing between the EU and the US have been problematic from the start, due to irreconcilable difference in privacy principles. From Safe Harbor to Privacy Shield(s), each time it was clear that any agreement would be challenged. In the meantime, the world moved on regardless.

The debate flares up now, again, because of the fast-changing relationship between the US and Europe, following the first months of a chaotic Trump presidency that is re-defining global alliances. But a lot of the discussion is emotional and imprecise. I am as concerned about security and privacy for private citizens as the next one. But that shouldn't jump to wild claims that the US government can just get at anyone's data or cut them off.

Not All Cloud is the Same

When we're talking about American cloud services, are we talking Google Search and Gmail , Office 365, Facebook, WhatsApp, or Twitter/X? Or are we talking about cloud infrastructure and services like AWS, Azure, Google Cloud? In the first, you don't pay, have no control, and trade your privacy for convenience. In the latter, you orchestrate all your compute, network and storage services, and have access to encryption services of varying strengths. Services like AWS Nitro are specifically designed to guarantee AWS administrators can't access their customers' workloads, and Sovereign Cloud offerings take this further and further.

The debate of privacy of citizens – that is, move to Signal or Fediverse services – is not the same as the debate of European corporate and governmental use of American cloud infrastructure providers. The arguments against Google's and Meta's dominance in retail internet service and advertisement are not new, or suddenly more problematic with the change in US Administrations. Similarly, cloud infrastructure services are not suddenly at greater risk.

Residence or Remote Control?

We talk about EU-only access and data residency, but we forget what is really important about that. If Microsoft can access a server in Europe from America, what use is EU data residency? With strong encryption, the physical location of data on disk doesn't really matter. If the American provider doesn't have access to the key, the European data owner still controls the data.

Meanwhile, the physical equipment and data centers are still in Europe, operated be local residents and subject to local jurisdictions. When Russian sanctions came in, many global technology companies retreated under realistic threat of their facilities being nationalized or “sold” to a local operator. That is an extreme example, but EU governments are not powerless.

The moment the legal status of American cloud infrastructure providers becomes a real problem, immediately you see the foundation of AWS, Europe, Azure Europe and Google Cloud Europe as independent, European corporations.

Can Open Source Save Europe?

Maybe. But not on its own. The top 7 (or 6, if you count Github as Microsoft) corporate contributors are American tech corporations until you get to SAP, and open source software is used equally on both sides of the Atlantic for cloud services.

Does the open source have to be European for independence? Who cares where it comes from? Fork open source projects you rely on, if necessary. Cloud services based on open source are not inherently more secure, private and independent. They still need to be operated by someone. And often the American cloud providers rent from local data center operators.

Lack of Capital, Fragmented Market

The problem of Europe and cloud independence is the lack of capital. While there are 4-5 American global cloud infrastructure providers, there isn't a single one that can claim that from Europe. The market is fragmented with national and regional providers.

Initiatives like IPCEI CIS are interesting, but would still create an odd cloud where services would be provided by a wide variety of different supplier, greater complexity, and lower economies of scale. It's a noble pursuit, but a political one.

Technological Interdependence

We focus on European dependence on America... but we fail to do the same in reverse. There is more competition in cloud infrastructure and services than there is in semiconductor design (Arm Holdings, UK) and photolithography (ASML, NL) or the business application software that runs the global economy and government services (SAP, D).

Serious Times

That is not to say there isn't a problem. We live in strange times, and will have to rethink our threat models. But for the debate to be productive, we need to be nuanced what the real problems are. And not let ourselves be ruled by broad strokes and emotions.