Das Problem damit beschreibt das Berliner Weizenbaum-Institut für Digitalisierungsforschung: »Der Begriff ›digitale Souveränität‹ ist aus dem politischen Diskurs nicht mehr wegzudenken. Man ist sich über Parteigrenzen hinweg einig: Digital souverän sein, das ist erstrebenswert und wichtig. Dabei bleibt aber unklar, was es eigentlich genau bedeutet, digital souverän zu sein und wie man diesen wünschenswerten Zustand erreicht.«

This was quite a wild ride, while we should expect everything involving AI to be vulnerable by default, it still surprised us how many things we could find in such a short amount of time. While working on this piece of research, a lot of other people were looking into attacking MCP as well, which scared us, did they find what we found?

Hopefully, these frameworks will get some sane defaults that make it hard for developers to accidentally expose servers. And that vulnerabilities from the browser can be mitigated quickly as well. Until then, we hope you enjoyed this post and would love to hear your thoughts and ideas to take this stuff even further.

The 47th president of the United States may wish he were a king. But in America, the law is king, not the president.

Donald Trump may wish he could dictate his unconscionable global tariffs; dispense with due process and deport whomever he pleases, citizen and not; and vanish away huge swaths of the federal government without check or rebuke. He may wish he did not have to contend with the First and Fourteenth Amendments, the free press, or the Constitution’s birthright-citizenship guarantee. He may wish he could ignore the Constitution’s elections clauses and run America’s elections from the White House. And he may wish he could intimidate the nation’s lawyers and law firms from challenging his abuse of power and commandeer them to do his personal bidding.

But it is these constitutional obstacles to a tyrannical president that have made America the greatest nation on Earth for almost 250 years, not the fallen America that Trump delusionally thinks he’s going to make great again tomorrow.

After these first three tyrannical, lawless months of this presidency, surely Americans can understand now that Donald Trump is going to continue to decimate America for the next three-plus years. He will continue his assault on America, its democracy, and rule of law until the American people finally rise up and say, “No more.”

Last week I was talking to a friend who runs a small construction company. He was telling me about how all the big contractors in town are pushing "smart" building systems that require constant cloud connectivity and subscription services. Meanwhile, he's still using techniques that have worked for decades, tools he can fix himself, materials he understands completely.

"They keep telling me I'm behind the times" he said. "But when their fancy systems go down, who do they call?"

Maybe being "behind the times" isn't always a bad thing. Maybe sometimes it means you still own your tools instead of renting them.

The next time you catch yourself getting defensive about something - really defensive, like you're personally offended that someone would dare question it - maybe pause for a second. Ask yourself: am I defending this because it's actually good for me, or because I'm scared to imagine alternatives?

Because the first step toward freedom is always the same: admitting you might be wearing chains.

Many developers are terrified of losing their jobs for this very reason: AIs sometimes program better than them. And, in my opinion, they are right to be afraid. But I'm more afraid of a world (and not just in IT) where code will depend exclusively on the companies that sell us AIs.

Today, writing code is something free, potentially doable even on a beat-up laptop. But tomorrow? Will we be completely dependent on AIs (even) for this?

I will just have to concede that maybe I’m wrong. I don’t have the skill, or the knowledge, or the energy, to demonstrate with any level of rigor that LLMs are generally, in fact, hot garbage. Intellectually, I will have to acknowledge that maybe the boosters are right. Maybe it’ll be OK.

Maybe the carbon emissions aren’t so bad. Maybe everybody is keeping them secret in ways that they don’t for other types of datacenter for perfectly legitimate reasons. Maybe the tools really can write novel and correct code, and with a little more tweaking, it won’t be so difficult to get them to do it. Maybe by the time they become a mandatory condition of access to developer tools, they won’t be miserable.

Sure, I even sincerely agree, intellectual property really has been a pretty bad idea from the beginning. Maybe it’s OK that we’ve made an exception to those rules. The rules were stupid anyway, so what does it matter if we let a few billionaires break them? Really, everybody should be able to break them (although of course, regular people can’t, because we can’t afford the lawyers to fight off the MPAA and RIAA, but that’s a problem with the legal system, not tech).

I come not to praise “AI skepticism”, but to bury it.

Maybe it really is all going to be fine. Perhaps I am simply catastrophizing; I have been known to do that from time to time. I can even sort of believe it, in my head. Still, even after writing all this out, I can’t quite manage to believe it in the pit of my stomach.

Technisch unterstützt DNS4EU Standards wie DNS over HTTPS und DNS over TLS. Die Server sind strategisch über die EU verteilt, was für schnelle Antwortzeiten sorgen soll. Ein besonderes Augenmerk liegt auf dem Datenschutz: Die IP-Adressen der Nutzer werden vor der Protokollierung vollständig anonymisiert, was die DSGVO-Konformität gewährleisten soll. Aus früheren Berichten weiß ich, dass ein EU-DNS-Dienst allerdings auch für Argwohn sorgt.

This study explores the neural and behavioral consequences of LLM-assisted essay writing. Participants were divided into three groups: LLM, Search Engine, and Brain-only (no tools). Each completed three sessions under the same condition. In a fourth session, LLM users were reassigned to Brain-only group (LLM-to-Brain), and Brain-only users were reassigned to LLM condition (Brain-to-LLM). A total of 54 participants took part in Sessions 1-3, with 18 completing session 4. We used electroencephalography (EEG) to assess cognitive load during essay writing, and analyzed essays using NLP, as well as scoring essays with the help from human teachers and an AI judge. Across groups, NERs, n-gram patterns, and topic ontology showed within-group homogeneity. EEG revealed significant differences in brain connectivity: Brain-only participants exhibited the strongest, most distributed networks; Search Engine users showed moderate engagement; and LLM users displayed the weakest connectivity. Cognitive activity scaled down in relation to external tool use. In session 4, LLM-to-Brain participants showed reduced alpha and beta connectivity, indicating under-engagement. Brain-to-LLM users exhibited higher memory recall and activation of occipito-parietal and prefrontal areas, similar to Search Engine users. Self-reported ownership of essays was the lowest in the LLM group and the highest in the Brain-only group. LLM users also struggled to accurately quote their own work. While LLMs offer immediate convenience, our findings highlight potential cognitive costs. Over four months, LLM users consistently underperformed at neural, linguistic, and behavioral levels. These results raise concerns about the long-term educational implications of LLM reliance and underscore the need for deeper inquiry into AI's role in learning.

Generative A.I. chatbots are going down conspiratorial rabbit holes and endorsing wild, mystical belief systems. For some people, conversations with the technology can deeply distort reality.

Infrastructure “ Becomes visible upon breakdown. The normally invisible quality of working infrastructure becomes visible when it breaks: the server is down, the bridge washes out, there is a power blackout. Even when there are back-up mechanisms or procedures, their existence further highlights the now-visible infrastructure.”
— Susan Leigh Star, “The Ethnography of Infrastructure"

In July 2004 I found myself sitting alone in the dark, on the enclosed deck of a ferry boat oozing between fog-shrouded islands of the Alaskan coast. The scenery was haunting, but after the first three hours, I decided to occupy myself by finally reading Neal Stephenson's essay about the command-line. Halfway through it I began crossing things out, and scribbling comments in the margin. The essay was five years old, and in dire need of a fresh perspective.

Months later, I learned that Stephenson himself was dissatisfied with the essay. He wrote that it, "is now badly obsolete and probably needs a thorough revision." An "Ask Slashdot" poll quoted him as saying, "I keep meaning to update it, but if I'm honest with myself, I have to say this is unlikely."

Though I have fleshed out my original comments into longer, more structured pieces, it is not my intention to replace or revise Neal Stephenson's original writing. His original essay is a much more cohesive and entertaining read than my notes are. (He is a Writer, after all. I consider myself a code-monkey by comparison.) In fact, my notes do not hold together unless they use the original essay as a framework, and that's why his entire essay is reproduced here, with my comments color-coded. And yes, I have sought and obtained permission from Neal to do this.

rganizing is not a process of ideological matchmaking. Most people’s politics will not mirror our own, and even people who identify with us strongly on some points will often differ sharply on others. When organizers do not fully understand each other’s beliefs or identities, people will often stumble and offend one another, even if they earnestly wish to build from a place of solidarity. Efforts to build diverse, intergenerational movements will always generate conflict and discomfort. But the desire to shrink groups down to spaces of easy agreement is not conducive to movement building.

This article by Barath Raghavan and the legendary Bruce Schneier explodes the myth that the only way that Big Tech products can operate is by hoarding everyone's personal data

They lay out a technical roadmap using "decoupling", such as Tim Berners-Lee's Solid or Raghavan's own INVISV Relay

“Money in the Bank,” a new story by John Kessel and Bruce Sterling

Maybe you know how to solder a bit, but you suck at it. Or it's frustrating and never comes out nice and you hate it.

Here's how to make it enjoyable, and get good results as a side effect.

We decided to use Terraform to configure our services. It lets you describe states of the infrastructure you want in plain text and takes care of calling the providers' API to provision some cloud resources. Resources and data are defined through .tf files and the generated state is stored by Terraform in a .tfstate file (local or in the cloud as we will see later on). It also permits to have an overview of what changes we are going to make using the plan subcommand.

We had the chance to see quite a bit of clusters in our years of experience with kubernetes (both managed and unmanaged - on GCP, AWS and Azure), and we see some mistakes being repeated. No shame in that, we’ve done most of these too!

I’ll try to show the ones we see very often and talk a bit about how to fix them.

A brief look at models for integrating Kubernetes clusters into existing networks.

Consul is a service mesh solution providing a full featured control plane with service discovery, configuration, and segmentation functionality. Each of these features can be used individually as needed, or they can be used together to build a full service mesh. Consul requires a data plane and supports both a proxy and native integration model. Consul ships with a simple built-in proxy so that everything works out of the box, but also supports 3rd party proxy integrations such as Envoy.

Most people simply are unaware of how much personal data they leak on a daily basis as they use their computers. Enter this weekend's reading topic: Privacy.