From time to time I am engaged to help organisations in the UK and in the EU make decisions about where their data is stored, how it is accessed, and how to keep things as stable as possible over the next few years. This was a dizzying mess until 2025, and in 2026 there are some big decisions coming. Organisations need as much certainty as they can get for making decisions which are expensive to change in the future. ...
The practical design document Not Before Time v2.6 explains how existing technologies can be assembled to create a universal way to time-lock information accessed by everyday software most people already use. Underpinned by tried-and-true mathematics, this is a pragmatic tool that anyone will be able to use. Existing technology is combined to strongly guarantee that particular information: will not be readable before a certain future time was not created before a certain past date and time was not electronically signed before a certain past time These support human rights, democracy, health and business. ...
This file is a Code of Conduct first written in 2020 for the LumoSQL project. Here is Version 1.6 – Updated 9th February, 2026. Heavily adapted and compressed from the large and repetitive version 3.1 of the Mozilla Participation Guidelines and published by LumoSQL under the Creative Commons Attribution-ShareAlike 4.0 International license. Contents LumoSQL Code of Conduct This file exists because the LumoSQL Project needed it, less than one year after starting in 2019. We take it seriously, and hope that most English-reading adults can understand what is said. We hope this is not needed very often. ...
The detail of the GDPR and its implied computer science contain a solution for sharing secrets according to law. This continues to be true in 2026, as the Digital Omnibus Regulation takes shape. Executive Summary The GDPR sets up a conflict in trust between companies in particular circumstances, which can only be resolved by using the automation of a cryptographic audit trail with particular properties as described below. Problem Statement Under the EU’s GDPR law virtually every company is a Controller, and virtually all Controllers use at least one Processor. When a Processor is engaged, the GDPR requires that a contract is signed with the very specific contents spelled out in clause 3 of Article 28. The GDPR requires that Controllers and Processors cooperate together in order to deliver data protection, and this cooperation needs to be very carefully managed to maintain the security and other guarantees that the GDPR also requires. That’s what this mandatory contract is intended to achieve. ...
The immense Privacy Shield was a 2016 self-certification scheme for US companies to hold themselves to the strict EU privacy rules. In 2020 Privacy Shield was struck down by the EU Court of Justice. In non-technical terms, the Court said: There is no way Privacy Shield can work. So don’t use US-controlled cloud companies such as Google or Amazon. In late 2021 this decision started rippling out across Europe, as one place and then another moves away from these giant US companies, starting with government users. We all like familiarity and wish to avoid change, so this decision seems astonishing to many people. Once organisations get over their surprise, it is not so difficult to do. In 2023 I wrote It remains to be seen what these US companies will do in 2023. Some of them are wealthier than several smaller EU nations combined. By 2026 we had the answer - they used coercion by political, economic and legal means to prevent EU citizens using their own IP to build their own services. ...
When Linux was a Struggling Challenger In 1999 I joined my first startup, Linuxcare in San Francisco. The Linuxcare story is a quintessential United States dot-com bubble narrative, featuring a famous venture capital fund, massive growth, a failed IPO, and a fancy new ex-IBM CEO resigning under a cloud. Founded in 1998, it was designed to be the “0800 number for Linux”, a concept we now know was sound. Linuxcare was so so close! ...
The Fossil source code management system is the only realistic alternative to Git, and has had 15 years of development and testing. After helping Fossil make some changes I now use Fossil for many projects. I also use Git on various software forges, and Mercurial if I need to work with code from the Mozilla project. One-sentence Summary - Why Fossil? 21st century privacy and reproducibility require code to be in an append-only, non-repudiable Merkle tree with strong crytographic guarantees, and that is what Fossil is by design. ...
LumoSQL protects data on mobile phones using a new data storage technology which is highly compatible with most existing devices. With LunmoSQL, the device owner has ultimate right to decide who can read or change their data… and this decision continues to be enforced even after it has been copied off the phone to (for example) a bank or insurance company for processing with their in-house database software. In contrast, the situation at present is that device owners are rarely in control of the privacy of their own data, despite many laws relating to privacy. ...
I participated in many battles directly against Microsoft in the Ballmer era, 1998-2014. Every Samba feature release seem to further anger Microsoft. Copyright and then especially patents were weaponised, as well as well-funded hit teams aimed at spreading confusion and intimidating their own (Microsoft’s!) customers. In the Nadalla era from 2014-present, Microsoft and other tech giants are using even more brutal ways (paracopyright, technical protection measures and the Unitary Patent System), to coerce citizens and governments. ...
This timeline covers the period of most obvious abuses of power by Microsoft against free software and Samba in particular. It was more difficult to bury open source like Samba in expensive litigation than a company, but they tried hard. This was the Ballmer era, named after the then-CEO, and the history of Samba’s triumphs feels highly relevant to 2026. What caused Microsoft’s new CEO in 2014 to dramatically change course from such directed hostility? Perhaps it was a fit of morality. Perhaps it was the intention to launch the much worse extortion racket we see today. ...