Alexander Mikhailian

One similarity between Putin and Ursula von der Leyen is they are both unelected leaders.

But another, more subtle one is that both lived for a long time in a bubble and have a much worse understanding of real-world matters than an average citizen.

It's common knowledge that Putin has been misled into believing that he can invade Ukraine in a matter of days. It became possible because not only the state hierarchy but also the state media adapted to fit the supreme leader, feeding him the news he wanted to hear.

Same thing but on a smaller scale happens to Ursula von der Leyen. Here's the story of the alleged GPS jamming of her plane as she flew to Plovdiv on 31 August 2025.

Original reports such as this one from the BBC were based on this morning press conference of von der Leyen press secretary Podesta.

This fake news spread by von der Leyen press secretary were quickly dismissed by FlightRadar24

Von der Leyen still has to repent in response to this parliamentary enquiry.

I had to use Rentio as a renter of an apartment, and the experience was so humiliating that the only way I can regain my human dignity is by writing about it.

Renters usually experience it via the website mytenantprofile.be or its French or Dutch counterparts where one can book a visit to an apartment or make an application to the landlord. The first sign of troubles ahead is that the website pushes the renter to provide the identity of the previous landlord while this should rather be discouraged, be it only for privacy reasons. But the real problems start when renters apply to multiple agencies.

The website does not make it clear, but it saves the first application and reuses it for the next. I have not found a way to adapt my profile to the second application, so I clicked the link to delete my profile, waited, then tried to create my profile anew just to be greeted with the message "Perfect, you have already used our service. We can reuse your data" and then when I try to reset my password via SMS, it announces "Too many requests generic error message" and an invitation to contact the support by email. I believe they break a few laws by not deleting my personal data and our Data Protection Authority should look closely into them, but I will follow this up in a different story.

Luckily, I had the phone number of the realtor, so I could call her, explain the problem and submit my application via email while waiting for Rentio support to fix my login issue.

One of the most popular psychology books among Software Engineers is Flow by Mihaly Csikszentmihalyi. I have always been fascinated how we perceive flow as a desired state of mind that has to be entered into and exploited for one's own good.

Ancient programmers tried to control the flow via practices like Pair Programming or Agile. Today, these practices are largely forgotten and I wonder what's the reason. Is is the rise of individualism or weak markets or high costs? I do not know. But I know that everyone has their own flow and each flow has its own quirks, and this is why it's so difficult to change someone else's code.

My way is to understand the quirks of my flow and to communicate it so that others can effectively adapt:

1. my flow is slow, with pauses, interruptions and long nights
2. my flow is low-level, I prefer JDBC over JPA and JavaScript over Angular
3. my flow is compact, I write as little code as possible, and this is probably due to the old carpal syndrome that I cured but which still makes long typing sessions psychologically unconformable
4. my flow is sticking to old ideas, circling back to #1, interruptions are a natural way for me to look at my work from a different angle.

One of the nefarious aspects of Multi-Factor Authentication that I have not mentioned in my previous post on the subject is the risk of loosing Digital Sovereignty.

Authentication via a login and a password is well understood and is usually implemented within existing software. On the other hand, Multi-Factor authentication is often implemented via US-based third parties: Google, Facebook, Github, Linkedin, etc.

Countries can not implement Multi-Factor Authentication for their citizens themselves either. Case is point is Belgium, with the national service that provides authentication services relying on the US-based COTS software for most of its functionality.

There's a simple way to enforce Digital Sovereignty. Digital Services should be legally coerced to enable user login via a single string, akin to an API key already used by many services.

We all know that login/password combos are flawed, as users tend to choose weak passwords. For a lay person, the combination of a unique login and a weak password is enough to differentiate them from all other users. They do not know about rainbow tables nor multi-site attacks.

That same lay person presented with the need to have a single string as authentication key will ponder seriously on its length and randomness.

That string will not be called password but something else, be it passkey or key or passphrase. With a whole new world of assumptions and software helpers to generate them and securely store in key managers.

Amateur radio strives as a niche hobby. Clubs are actives and while the average age of radio amateurs is well over 60, there is a steady stream of newcomers. States and international organizations recognize the importance of nourishing amateur radio communities and there are endless possibilities to excel in this space.

In contrast, none yet cares about the possible demise of the hobbyist internet. It all started with phasing out HTTP in favour of HTTPS for good reasons: ISPs and network providers in some places of the world were injecting ads into HTTP pages. Big content providers and the general public wanted to stop that. They could have gone the legislative route but a technical solution to force all websites to use HTTPS was easier to implement. It was enough for Google to hint that it will penalize HTTP websites over HTTPS in search results, and everyone started to happily switch over to HTTPS.

Things did not stop there, though.

Browsers show content served over HTTP as not secure, making HTTPS the "default" and HTTP the visibly dangerous option, they limit many web APIs to sites served over HTTPS, they block or upgrade mixed-content by default (HTTPS sites cannot request HTTP-only resources anymore), they require HTTPS for HTTP/2 and HTTP/3, they increasingly attempt HTTPS to a site first even if linked or typed as HTTP, they warn about downloads over HTTP, and they're continuing to ratchet up such measures over time.

Lately, WhatsApp completely stopped opening HTTP urls.

This is an old fart's rant but it is none the less true.