Rafael Sadowski
@sizeofvoid@bsd.network  ·  activity timestamp 3 weeks ago

New blog post: When Root Meets Immutable: OpenBSD chflags vs. Log Tampering

Started as curiosity about "dead" kernel code, ended up solving real-world log tampering problems. Sometimes the best security features are hiding in plain sight.

https://rsadowski.de/posts/2025/openbsd-immutable-system-logs/

#OpenBSD#InfoSec#BSD#Compliance
Ian Brown 👨🏻‍💻
@1br0wn@eupolicy.social  ·  activity timestamp last month

Thank you @EUCommission for committing (at the end of today's #compliance workshop) to further explore the geolocalisation obstacles #Meta is imposing on #DMA #interoperability for #NIICS! And good work @Amandine for raising the problem so clearly 👏

Screenshot of Ian Brown's questions in the online Q&A (Slido): * Does the Commission accept this restrictive Meta interpretation? GDPR, for example, explicitly applies to data controllers OUTSIDE the EU offering services within the EU, or monitoring the behaviour of EU residents * Don't the EDPS, EDPB, and other members of the DMA high-level panel have something to say that the Commission thinks Matrix and others being forced by Meta to geolocate all their users is trivial/unproblematic?! * I thought BEREC clearly said (i ts review of the original Meta reference offer) that a separate inbox for third-party chats was not acceptable? * Given how the geolocalisation DMA interpretation of Meta is causing such damage to fair and contestable NIICS, will the EC open an investigation and then take action to remove this obstacle?
Screenshot of Ian Brown's questions in the online Q&A (Slido): * Does the Commission accept this restrictive Meta interpretation? GDPR, for example, explicitly applies to data controllers OUTSIDE the EU offering services within the EU, or monitoring the behaviour of EU residents * Don't the EDPS, EDPB, and other members of the DMA high-level panel have something to say that the Commission thinks Matrix and others being forced by Meta to geolocate all their users is trivial/unproblematic?! * I thought BEREC clearly said (i ts review of the original Meta reference offer) that a separate inbox for third-party chats was not acceptable? * Given how the geolocalisation DMA interpretation of Meta is causing such damage to fair and contestable NIICS, will the EC open an investigation and then take action to remove this obstacle?
Screenshot of Ian Brown's questions in the online Q&A (Slido): * Does the Commission accept this restrictive Meta interpretation? GDPR, for example, explicitly applies to data controllers OUTSIDE the EU offering services within the EU, or monitoring the behaviour of EU residents * Don't the EDPS, EDPB, and other members of the DMA high-level panel have something to say that the Commission thinks Matrix and others being forced by Meta to geolocate all their users is trivial/unproblematic?! * I thought BEREC clearly said (i ts review of the original Meta reference offer) that a separate inbox for third-party chats was not acceptable? * Given how the geolocalisation DMA interpretation of Meta is causing such damage to fair and contestable NIICS, will the EC open an investigation and then take action to remove this obstacle?
Ian Brown 👨🏻‍💻
@1br0wn@eupolicy.social  ·  activity timestamp last month

Thank you @EUCommission for committing (at the end of today's #compliance workshop) to further explore the geolocalisation obstacles #Meta is imposing on #DMA #interoperability for #NIICS! And good work @Amandine for raising the problem so clearly 👏

Screenshot of Ian Brown's questions in the online Q&A (Slido): * Does the Commission accept this restrictive Meta interpretation? GDPR, for example, explicitly applies to data controllers OUTSIDE the EU offering services within the EU, or monitoring the behaviour of EU residents * Don't the EDPS, EDPB, and other members of the DMA high-level panel have something to say that the Commission thinks Matrix and others being forced by Meta to geolocate all their users is trivial/unproblematic?! * I thought BEREC clearly said (i ts review of the original Meta reference offer) that a separate inbox for third-party chats was not acceptable? * Given how the geolocalisation DMA interpretation of Meta is causing such damage to fair and contestable NIICS, will the EC open an investigation and then take action to remove this obstacle?
Screenshot of Ian Brown's questions in the online Q&A (Slido): * Does the Commission accept this restrictive Meta interpretation? GDPR, for example, explicitly applies to data controllers OUTSIDE the EU offering services within the EU, or monitoring the behaviour of EU residents * Don't the EDPS, EDPB, and other members of the DMA high-level panel have something to say that the Commission thinks Matrix and others being forced by Meta to geolocate all their users is trivial/unproblematic?! * I thought BEREC clearly said (i ts review of the original Meta reference offer) that a separate inbox for third-party chats was not acceptable? * Given how the geolocalisation DMA interpretation of Meta is causing such damage to fair and contestable NIICS, will the EC open an investigation and then take action to remove this obstacle?
Screenshot of Ian Brown's questions in the online Q&A (Slido): * Does the Commission accept this restrictive Meta interpretation? GDPR, for example, explicitly applies to data controllers OUTSIDE the EU offering services within the EU, or monitoring the behaviour of EU residents * Don't the EDPS, EDPB, and other members of the DMA high-level panel have something to say that the Commission thinks Matrix and others being forced by Meta to geolocate all their users is trivial/unproblematic?! * I thought BEREC clearly said (i ts review of the original Meta reference offer) that a separate inbox for third-party chats was not acceptable? * Given how the geolocalisation DMA interpretation of Meta is causing such damage to fair and contestable NIICS, will the EC open an investigation and then take action to remove this obstacle?
jbz
@jbz@indieweb.social  ·  activity timestamp 2 months ago

💭 Goodbye AWS: How We Kept ISO 27001, Slashed Costs by 90%

「 It was clear that American cloud providers couldn’t fully shield us from US government jurisdiction. Under the CLOUD Act and FISA, our European customer data was potentially exposed, regardless of the server’s physical location. This undermined our GDPR promises 」

https://medium.com/@accounts_73078/goodbye-aws-how-we-kept-iso-27001-slashed-costs-by-90-914ccb4b89fc

#aws #eu #compliance #digitalsovereignty #cloud