legal

Preamble

This is a personal website of somebody in the Generation X cohort. It comes with opinions, and a direct tone. The worst that can happen is you might learn something new.

Or, to put it more formally:

Content Suitability & Safety

This website is categorized as Safe For Work (SFW) and does not host adult-oriented material. While the communication style is direct, the content is appropriate for a general audience. In accordance with digital safety standards, parents and guardians are encouraged to supervise the online activities of minors and utilize parental control tools where appropriate. This site aims to provide educational value to any visitor, regardless of age.

Intellectual Property

Everything here (the code, the text, the art) is mine. All rights reserved.

Because something is publicly available on the internet, it does not mean it is free to republish.

You may not syndicate, republish, or otherwise use without my explicit permission. See terms for limited permissions in effect.

If you are an academic, student, or journalist, I expect you to follow professional standards:

Citations
Brief excerpts for the purpose of commentary or review are permitted, provided you include a clear link back to the original source on this site.
Brief
Your definition of what is “brief” may differ from mine, but AP Style, or APA/MLA/Chicago is a norm you do not want to stray too far from. If in doubt, ask first instead of seeking forgiveness afterwards; as I am Gen X, you can guess what is the safest approach here.
Fair Use
Your definition of “Fair Use” may differ from mine. This is especially true if you are from a more laisse faire jurisdiction which presumes that the rest of the world does the same. If you have to ask yourself “is this too much?”, it probably is. When in doubt, ask for permission first. I do not take kindly to people who do otherwise. Anybody using “Educational Use” as a blanket immunity should reconsider their career.

Site Security & Resilience

As part of our layered approach to security and resilience, we may serve different content, or indeed block access, to ensure the security and resilience of this website (because we have a Legitimate Interest under Article 6(1)(f) of the GDPR, but this, of course, does not override any fundamental rights and freedoms elsewhere in that regulation). We use automated evaluation (a discriminator and selector) to detect and mitigate nefarious actors and bots. This evaluation relies on technical metadata, primarily your peer network address, TLS handshake metadata, and http header metadata.

Logging

We log the interaction, request and response, between the user agent and the server. Our legitimate interest for doing this is under Article 6(1)(f) of the GDPR for security (detecting DDoS or intrusion) and technical troubleshooting.

For each request, the information that is logged will contain one or more of the following facets:

  • timestamp (to nearest second)
  • peer IP address
  • http version
  • request method
  • url requested
  • metadata values provided in the http header. At a minimum, “user-agent” and “referer” are logged; other values may be logged depending on circumstances.

Our regulator, the CNPD in Luxembourg, requires (because of that dubiously applied word “transparency”) that we explicitly state when we log the “user-agent” and “referer” http header key values. We find this amusing because this is agent provided data, and furthermore it comes with no guarantees as to its integrity or authenticity; heck, you could put the recipe for Gromperekichelcher in there for all anybody cares.

Metadata about the response is logged, and will contain at least:

  • the http response code
  • the size of the payload
  • metadata values from the http response header

Logs are purged every 30 days to comply with the principles of Data Minimization (Art. 5(1)(c) GDPR) and Storage Limitation (Art. 5(1)(e) GDPR). Under the Accountability principle (Art. 5(2) GDPR), this automated process ensures that metadata does not outstay its welcome nor its legal utility.

We reserve the right to maintain data for up to 10 years when an activity has been labelled as recidivous by our discriminator and subsequently determined by a human to be a security threat or enters in a legal dispute.

Data Sharing

I do not share, sell, or “syndicate” my logs with any third-party security platforms, “threat intelligence” networks, or cloud-based analytics providers.

Your Rights

Under the GDPR, you have the right to access, rectify, or erase your data.

Given that I do not host user-generated content or comments, there is very little for you to “correct” here unless you’ve managed to spoof your own metadata so poorly that it’s factually inaccurate in my logs. If you feel your peer IP address or user-agent has been logged incorrectly, feel free to attempt a more competent request. If you claim an IP address is PII, you need to prove that it can be linked to you (statically assigned, BGP records with PII, etc), otherwise this is just noise1.

I purge logs every 30 days. If you can’t wait that long, use the contact page to make a formal request. Given that I have 30 days to respond, and logs are purged every 30 days (unless you have been nefarious or recidivous in nature), the problem will solve itself. Neat, eh?

Disclaimer

All content on this site is provided for informational, educational, and occasionally satirical purposes. While I respect journalistic embargos, I reserve the right to parody, caricature, and mock technical dogmas and their proponents. If you find yourself the subject of such mockery, consider it a peer review with a direct tone.

I make no guarantees regarding the accuracy or completeness of any information, and I will not be liable for any losses, injuries, or damages resulting from the use of this information. Use of any technical information or opinions or whatever else that is published here is strictly at your own risk.

In other words, don’t be an asshole about it.2

I reserve the right to terminate access to anyone who violates this common-sense standard.

Questions or Permission Requests?

Use the contact page. Under GDPR, this page provides an adequate, and more importantly proportionate means, for you to contact me.

If you are a Luxembourgish regulator or authority: you already have my physical address in the RNPP3. Since the state is a big fan of the “Once Only” principle4, I trust you can find me there, if you really absolutely legitimately need to contact me.

$LastModified: 2026-05-06 08:42:43Z (Wed, 06 May 2026) $

  1. CJEU Judgment of 19 October 2016, Case C‑582/14, Patrick Breyer v Bundesrepublik Deutschland. The long-and-short is that it takes a disproportionate effort in terms of time, cost and man-power for me to link any IP address to an individual, whether that address is statically or dynamically assigned. ↩︎

  2. See also Wheaton’s Law, which has nothing to do with Wil Wheaton, and everything to do with not being a dick. ↩︎

  3. Registre National des Personnes Physiques (RNPP) ↩︎

  4. Le principe du “Une seule fois” as published here. For a multi-lingual country, with three administrative languages, all apparently equal, the fact that this is only available in French is mildly amusing. Whether it gets fully enacted as planned is another discussion. ↩︎