For when rants trigger RCU stall detection

The story is, on paper, narrow. Solvinity, the Dutch contractor that operates infrastructure underneath Logius and DigiD, looks set to be acquired by Kyndryl, an American spin-off of IBM’s managed-services arm. DigiD itself remains owned by the Dutch state via Logius, so technically the system is still Dutch. Politically and operationally, the distinction does not calm many people down. A rented engine room is still part of the ship. Across Europe there has been a push for “digital sovereignty”, meaning less dependency on American hyperscalers and infrastructure providers after years of quietly outsourcing half the state to Silicon Valley with the serene confidence of a man juggling chainsaws because the first three catches worked out fine. ...

A few days after sending an application to the Dutch Ministry of Defence for a senior cyber and information security advisory role, I read an NRC article about publicly accessible details of Dutch military infrastructure. Not leaked documents. Not espionage. Not shadowy dead drops in rainy parking garages. Public websites. Pipeline routes. Radar dependencies. Cable maps. Technical drawings. Backup systems. Segmentation details. Power feeds. Coordinates. Bits of information scattered across agencies, permits, infrastructure registries, environmental datasets and planning portals like breadcrumbs dropped by a committee convinced that nothing bad ever happens in spreadsheets. ...

The most useful phrases in a modern security programme are the ones that cannot be argued with. “The platform gives us coverage.”, “We have visibility.”, “The tool supports MFA.” Each one is calm, professional, and technically defensible. Each one can also be doing something quietly different from what the room hears. How the grammar works Three small grammatical moves do most of the heavy lifting. The first is capability standing in for implementation: “The platform supports MFA”, “Defender has ransomware protection”, “Our firewall can do segmentation”. ...

Across many mature organisations, the same phrases seem to keep coming back, like “Aligned with best practice”, “The control is in place”, and “We followed the framework”. They survive failure. They survive scandal. They survive the people who used them last time. The question worth asking is perhaps not whether they are accurate, but why they are so robust. The usual explanations cover bureaucratic inertia, regulatory capture, and the well-documented limits of organisational learning. These are real, but they are not the most interesting part. The more interesting possibility is that these phrases are doing useful work. Just not the work they appear to be doing. ...

Most organisations think they have a threat model. What they usually have is a historical artefact: a snapshot of how the environment looked on the day several people sat in a room with diagrams, coffee, and varying levels of optimism. The session happens. Assets are mapped. Threats are identified. Risks are scored. A document is produced. The document is reviewed, approved, uploaded somewhere nobody voluntarily visits, and occasionally resurrected during audits or post-incident archaeology. ...

We are told that world politics is a chess game. Grandmasters move pieces across a board, sacrificing pawns to protect kings, calculating six moves ahead. It is rational. It is elegant. It is, above all, knowable. This is a lie. After walking through the resource wars of Venezuela, Greenland, Iran, Ukraine, Russia and China, and after one reader finally lost patience and called a certain former president a “greedy twat”, a different metaphor emerged. Not chess. Not even regular poker. ...

A boring, decades-long plan for getting out of capitalism without burning the village down The two stories most often told about how to get past capitalism both fail in roughly the same way. The first is a Big Bang: revolutionary seizure of state power, redesign from above. The historical track record is grim. New rulers inherit the same coordination problems, the same resource constraints, and the same external threats, and tend to respond the way besieged regimes generally do, which involves rather more centralised violence than was originally promised. ...

How a piece of paper can become a parliamentary scandal? Step one: NGO Monitor, a Jerusalem based research institute, publishes a report. The report alleges that Hamas has infiltrated Dutch aid organisations operating in Gaza. The evidence is thin. One example involves a wastewater treatment project that also irrigated fruit trees. NGO Monitor suggested those fruit trees could well be used by fighters to hide behind. Apparently the dappled shade was the threat. ...

On 7 April 2026, Anthropic announced two things at once. The first was a new frontier model called Claude Mythos Preview. The second was Project Glasswing, a coalition of twelve technology and finance companies that would receive controlled access to that model, with everyone else, including paying API customers, locked out indefinitely. The accompanying blog posts from Anthropic’s red team made a remarkable claim: Mythos Preview, given an isolated container and a vague prompt, had autonomously discovered thousands of zero-day vulnerabilities across “every major operating system and every major web browser”: a 27-year-old denial-of-service bug in OpenBSD’s TCP stack, a 17-year-old remote code execution flaw in FreeBSD’s NFS server, fully weaponised end-to-end. A 16-year-old vulnerability in FFmpeg’s H.264 codec that had survived every fuzzer and every human reviewer to look at the code since 2010. In Mozilla Firefox alone, the model surfaced 271 zero-days, shipped as fixes in Firefox 150, the largest single batch of security fixes in the browser’s history. ...

LinkedIn loads JavaScript that probes for installed browser extensions — thousands of them, including competitors’ sales tools, grammar checkers, and religious or political plugins. LinkedIn acknowledges this, but frames it as anti-scraping and abuse prevention. The question is not whether extension detection happens. It is how the results are used and stored? So the situation is not “hidden conspiracy script discovered”, it is “known technique used aggressively enough that it has triggered class actions”. ...