Category: Selfhosting

The Architecture of Dependence: Personal Identity, Big Tech, and Europe’s Hidden Single Points of Failure

No Comments

In 2022, a father took a photo of his toddler’s medical condition at the request of a doctor. The image was uploaded to Google Photos. Google’s automated systems flagged the content. His account was suspended. Law enforcement investigated and cleared him of wrongdoing. His Google account — containing years of personal data — was not restored [1].

This was widely discussed as a moderation controversy.

It was not only that.

It was an infrastructure event.

1. When Identity Fails, Everything Fails

A modern personal account is not merely a login. It is a root identity layer that governs:

  • Email
  • Cloud storage
  • Device synchronization
  • Password vaults
  • Passkeys and multi-factor credentials
  • Third-party authentication via federated login
  • Purchased digital media

When that root account becomes inaccessible — whether through policy enforcement, automated fraud detection, or sanctions — the failure cascades across all dependent layers.

This is not a moral argument. It is a systems observation.

2. Federated Identity and the Centralization of Trust

Modern authentication increasingly relies on federated identity, where a central Identity Provider (IdP) authenticates users for multiple services [2]. Third-party platforms defer authentication to that provider rather than managing credentials independently [3].

This reduces friction and improves usability.

It also concentrates trust and availability into a small number of providers.

The architectural question is not whether this model works. It clearly does. The question is what happens when the identity layer becomes unavailable.

3. The Governance Gap: Enterprise vs. Personal Identity

Single Sign-On (SSO) is well understood to create structural concentration. Industry documentation explicitly acknowledges the “single point of failure” characteristic in centralized authentication models [4], and security analysis highlights the enlarged blast radius when credentials are centralized [5].

Both enterprise and personal SSO architectures contain this technical concentration.

The difference is governance.

Enterprise systems operate under contracts, SLAs, administrative backdoors, internal escalation processes, and legal recourse. If a corporate identity account is misflagged, there are intervention mechanisms.

Personal accounts typically operate under automated enforcement and Terms-of-Service frameworks. When an algorithm triggers a restriction, there is often no guaranteed human review or time-bound escalation path.

The technology may be similar. The recovery architecture is not.

4. Passkeys: Security Improvement, Structural Tradeoffs

Passkeys, based on FIDO standards, significantly improve authentication security by replacing passwords with phishing-resistant cryptographic credentials [6].

However, implementation models differ.

  • Synced passkeys replicate credentials across devices for convenience.
  • Device-bound (hardware) passkeys remain tied to a physical authenticator.

Articles summarizing FIDO2 research note that synced models introduce ecosystem dependencies distinct from device-bound credentials [7].

Both models improve security.

Only one reduces dependency coupling.

The tradeoff is usability — and modern ecosystems optimize for convenience.

5. Automated Enforcement as Infrastructure Control

In the father’s case, automated content scanning triggered account suspension [1].

This pattern repeats in other contexts: fraud detection systems, AI moderation models, payment anomaly detection, or geopolitical sanctions can restrict access without prior human review.

When identity becomes infrastructure, automated enforcement becomes infrastructure control.

In tightly coupled systems, the algorithm is not merely moderating content. It is determining access to communication, storage, and authentication.

6. The Hardware Illusion

In 2025, developer Paris Buttfield-Addison reported that his Apple ID was disabled after a gift card redemption attempt, leaving him without access to decades of digital assets and rendering hardware deeply constrained within the ecosystem [8].

This illustrates a structural reality:

Owning hardware does not guarantee operational control if the identity layer governing that hardware is externalized.

The device may be physically present. Its functional autonomy depends on identity continuity.

7. From Individual Lockout to Strategic Exposure

In 2025, following U.S. sanctions related to the International Criminal Court (ICC), Microsoft suspended the email account of ICC Chief Prosecutor Karim Khan, affecting operational communication at a European-based international institution [9].

This event was not about personal inconvenience.

It demonstrated that when identity and communication infrastructure are externally governed, geopolitical actions can directly impact institutional continuity.

Now aggregate that principle:

When millions of citizens depend on foreign Identity Providers for authentication and recovery, citizen-level dependency scales into national-level exposure.

This is where “digital sovereignty” stops being rhetorical and becomes architectural.

8. Dependency Coupling

Each individual design choice is rational:

  • Federated login reduces password fatigue [2].
  • SSO simplifies authentication [4].
  • Passkeys reduce phishing risk [6].
  • Cloud sync improves usability.

Together, however, they create dependency coupling — a condition in which multiple critical system functions rely on the same root authority.

The fragility does not arise from any single component.

It arises from the density of coupling.

In enterprise architecture, dependency coupling is analyzed, stress-tested, and contractually mitigated. In personal ecosystems, it emerges organically through convenience.

9. Sovereignty as Systems Property

A sovereign cloud without sovereign identity is only partially sovereign.

If authentication, recovery, and credential synchronization remain externally governed, infrastructure autonomy remains incomplete.

The issue is not vendor nationality.

The issue is architectural concentration without fallback pathways.

10. Construction, Not Panic

Resilience does not require isolation. It requires optionality:

  • Decoupled authentication strategies
  • Offline recovery mechanisms
  • Reduced dependency density
  • Device-bound credentials where appropriate
  • Architectural awareness at both citizen and policy levels

This discussion sits at the intersection of cloud architecture, AI governance, identity systems, and European strategic autonomy.

If you are working on sovereign cloud infrastructure, independent AI ecosystems, or resilient identity architectures — I would welcome a structured exchange.

Categories: Selfhosting Sovereignity

Messing with local ports

No Comments

Being able to develop stuff locally is certainly on of the points I love the most working with Azure and Python. Later, you can hyper-scale the shit out of your code, but you can also debug it first on your tiny machine.

if __name__ == '__main__':
    # This code only runs when executing the script directly (not on App Service)
    logging.info("Starting Flask app in local development mode")
    socketio.run(app, host='0.0.0.0', port=5000, debug=True)

This piece of code is probably run a thousand times every day by a thousand developers. However, it was quite difficult to find an easy answer on google for this:

OSError: [Errno 48] Address already in use: ('0.0.0.0', 5000)

Easy to understand what it means, like port 5000 is in use already. WTF? Who is running something on my machine???

Of course, me. Another PyCharm window or something. But no, not this time. Strange. `netstat to the rescue 🙂 Well, not on macOS.

For whatever reason it cannot show you ports in LISTEN, at least that I could find. But how can we figure it out? lsof can help us here:

lsof -i :5000
COMMAND   PID   USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
ControlCe 650 trueal   10u  IPv4 0xa162a6f756348686      0t0  TCP *:commplex-main (LISTEN)
ControlCe 650 trueal   11u  IPv6  0x2c61017c47991be      0t0  TCP *:commplex-main (LISTEN)

WTF is a commplex? Another round of googling shows it belongs to AirPlay. So technically, ever developer on macOS should not be able to run the demo code?? So at least now you know, too, what is hogging your precious port 5000. You’re welcome.

Categories: Selfhosting

WordPress Admin Panel extremely slow

No Comments

Hosting a blog yourself is certainly one of the best things to do. Not only will you have full control of your data, but you will certainly learn a lot about technology along the way.

So today I decided to start writing a blog, once more, and hosting it myself. Here. Post 1.

But the /wp-admin/ panel is so painfully slow. The pages take up to six seconds to load.

But how can you figure out what is happening? I mean, sure, it could be my server. It’s just a Synology with a simple 4 core CPU.
But then, it’s just PHP?

So I found this nice plugin for WordPress, called Query Monitor. I will be visible in the top bar of the admin panel and show you exactly what is happening. And I found that:

cURL error 28: Resolving timed out after 3001 milliseconds

Seems like the admin panel is trying to connect to http://api.wordpress.org/translations/core/1.0/ and is running into a timeout.

Strange. Connecting via ssh and running a nslookup is also slow as hell. So it really seems, that the DNS lookup is somehow broken. In my setup, my router (a FritzBox) is causing the delay in DNS lookups.

Solution: Switching to public DNS servers 1.1.1.1 and 8.8.8.8 in the DSM settings, and problems all gone.

Next step: run a proper DNS caching server at home. I think it will be PiHole, but that’s another blog post 🙂

Categories: Selfhosting Synology Wordpress

Tags: , , ,