Welcome to my notebook 📔

Hello world, welcome to my notebook. Last year I started thinking that It could be interesting to share some of my notes with the world. But because I am not a good writer and did not feel like creating a blog, so you get the next best thing, a bunch of random notes. Probably not useful for most people but maybe someone can find something interesting one day.

This post contains the notes that I took during FOSDEM 2026. The big new topics this year seemed to be on AI & digital sovereignty. But off course the main subject matter of the conference will always be beer open source. The following notes are some ramblings combining what the speakers said and thoughts I had while listening. I took them for future references and decide to publish them because 🤷 why not. ...

Notes on day 1 Identity and Access Management Devroom This room is cursed. – The video volunteer when entering the room in the morning. Day two stared of great with a some great presentations in the IAM devroom. I woke up early so I could get a seat on the front row and was happy that I did. Thomas Darimont giving a presentation on OpenID’s shared signals framework. ...

What is MFA Multi-factor authentication (MFA) is a security process that requires users to verify their identity using two or more distinct factors. Each factor can be from one of the following categories: Something you know (e.g., a password) Something you have (e.g., a security token or mobile device) Something you are (e.g., a biometric such as fingerprint or face recognition) For an authentication method to be secure, it should validate at least two factors. ...

Principles Let’s first describe some principles that should in order of importance. 1. Pragmatic Security When creating an API the primary goal is to solve a problem for a user or organisation. But we don’t want to create new problems by introducing vulnerabilities. When designing or implementing a new feature always consider how it could be abused and strive for security by design. Be pragmatic, solve problems don’t create new ones. ...

In the classic XCAML based fine grained authorization ([[fga]]) architecture, the Policy Decision Point or PDP is responsible for deciding weather a subject such as a user is allowed to do an action on a specific resource. But in many real world architecture this pattern is difficult to apply. Let’s look the following simple example. We want to built an application that shows a simple list of all documents a user has access to. ...

FOSDEM 2026 Main track Free as in Burned Out: Who Really Pays for Open Source? FOSS in times of war, scarcity and (adversarial) AI DEFCON 33 All your keyboards are belong to us!