Intervención de la eurodiputada Aurore Lalucq: Visa, Mastercard, Paypal... prácticamente todos los medios de pago que utilizamos son usamericanos, y Trump nos los puede cortar de un día para otro. Pido organizar una reunión urgente para crear un sistema de pagos europeo. No costaría caro, hablamos de unos 10 millones de euros.
etiquetas: ue, usa, eeyy, medios de pago, dinero, tarjetas
Jocelynn Rojo falleció tras un intento de suicidio. Fue víctima de bullying en su escuela en Texas; la amenazaron con llamar a ICE para deportar a su familia.
"Trabajo, disciplina y... Leo Messi me traspasó sus poderes". "Me metió en un barreño y me dijo: 'Algún día tendrás mi talento para jugar al fútbol y para vestir regular'"
etiquetas: lamine yamal, parodia, santiago abascal
La galería contiene las especificaciones de decenas de formatos, explicados a nivel de bytes y binario, y también a modo de guía visual. Así que nada de tener que ponerse a picar y compilar código sin saber cómo funciona todo. [vía microsiervos]
La preocupación en círculos políticos y económicos va en aumento ya que las acciones militares de Donald Trump tienen a Alemania mirando con nerviosismo hacia Nueva York, donde guarda casi la mitad de sus reservas de oro, el país posee 3.352 toneladas de oro, las segundas reservas más grandes del mundo después de Estados Unidos. Poco más de la mitad de las reservas están en las bóvedas del Bundesbank en Fráncfort, otra parte en el Banco de Inglaterra, y el resto 1.236 toneladas, almacenadas en la Reserva Federal de Estados Unidos.
etiquetas: alemania, oro, reservas, estados unidos, repatriar
Es curioso echar un vistazo a Algoritmos para Laberintos, donde se muestran 15 formas de generar laberintos*. Aunque no todos son visualmente agraciados ni «complicados» desde el punto de vista de su resolución, explica todas las formas más o menos habituales de construirlos con un ordenador. Son algoritmos tanto clásicos como modernos, de código abierto y con animaciones paso a paso. [vía microsiervos y entradilla fusilada de ahí]
Jocelynn Rojo falleció tras un intento de suicidio. Fue víctima de bullying en su escuela en Texas; la amenazaron con llamar a ICE para deportar a su familia.
This is Day-3 of DevSecOps Zero to Hero, This video covers DevSecOps for Terraform. By the end you will learn how to setup vault intergration with terraform and use it along with GH Actions. You will also learn about checkov and other best practices for securing terraform.
These pratices are followed by enterprise and best DevSecOps experts.
Disclaimer: Unauthorized copying, reproduction, or distribution of this video content, in whole or in part, is strictly prohibited. Any attempt to upload, share, or use this content for commercial or non-commercial purposes without explicit permission from the owner will be subject to legal action. All rights reserved.
Este vídeo analiza el accidente ferroviario de Adamuz desde una perspectiva que va más allá del suceso técnico. No se trata solo de una soldadura defectuosa, un tramo de vía deteriorado o un fallo puntual en la infraestructura. Se trata de un patrón. De una forma de gestionar lo público. De una cultura política basada en el relato, la propaganda, el control del discurso y la sustitución de la responsabilidad por la narrativa.
Desde el descarrilamiento del tren Iryo 6189 y la colisión con el Alvia Madrid–Huelva, hasta la respuesta política, mediática e institucional, este análisis recorre: la gestión de ADIF el papel del Ministerio de Transportes la figura de Óscar Puente la situación estructural de Renfe la politización de las catástrofes el deterioro del mantenimiento ferroviario la pérdida de credibilidad institucional el uso propagandístico del dolor la gestión de crisis en España el control de la agenda mediática la degradación de los servicios públicos la normalización de la incompetencia
También se abordan los antecedentes históricos: Prestige, Yak-42, Alvia de Santiago, DANA, apagones, accidentes ferroviarios y la repetición de un mismo patrón político: negar, controlar el relato, ganar tiempo, diluir responsabilidades.
Este vídeo no busca imponer conclusiones. Busca reconstruir los hechos, ordenar la información y mostrar el contexto real en el que se produce la tragedia de Adamuz.
Porque los países no se degradan de golpe. Se deterioran por acumulación. Y cuando el sistema falla, nunca pagan los despachos. Paga la gente.
Temas clave: Accidente ferroviario Adamuz Descarrilamiento tren España Iryo 6189 Alvia Madrid Huelva ADIF Renfe Ministerio de Transportes Óscar Puente Infraestructuras ferroviarias Seguridad ferroviaria Gestión pública Corrupción política Propaganda institucional Manipulación mediática Responsabilidad política Servicios públicos en España Crisis institucional Colapso de infraestructuras Estado del ferrocarril español
Entrevistador: Justo antes de que te vayas, ¿es posible? Sabes que le pedimos a cada invitado algo exclusivo que podamos… ¿verdad? Ya sabes a qué me refiero. La atención es moneda y todo eso.
Ricky Gervais: Bueno, he pensado en ello. Y… estoy preocupado por este.
Entrevistador: Vale, porque a veces las cosas son secretas por una razón.
Ricky Gervais: No, no, lo entiendo. Hace 30 años, le di un riñón a mi sobrino.
Entrevistador: ¿En serio?
Ricky Gervais: Iba a morir. Oh, Dios mío. No, estoy bromeando, él murió.
Entrevistador: [Risas] Tenemos whisky saliendo el próximo año. Nadie sabe de eso.
Ricky Gervais: Es ultrasecreto, ni siquiera puedo decirte el nombre. Pero tenemos un whisky inglés premium de malta.
Entrevistador: Pareces como si fueras a llorar.
Ricky Gervais: Sí, te lo dije. Eso es lo que hay, chico.
En imágenes captadas por este diario en el punto exacto del accidente, pueden apreciarse los relieves del carril izquierdo con la cifra “89”, que según esta normativa corresponderían al año de fabricación e indicarían que son piezas originales en el trazado del primer corredor de alta velocidad en España, que se inauguró en 1992, hace más de 33 años. Las traviesas de esta parte sin renovar llevan el sello de la marca que utilizó Renfe hasta 2005, cuando se escindió de Adif. Comparten el tramo con carriles que llevan la cifra “23”. @elmundo
Pese al comunicado de Renfe, los pasajeros del Alvia estiman, en base a lo que recuerdan, que esperaron a ser atendidos. Uno de los afectados, Santiago Rosendo, declaraba este viernes en ‘Más Vale Tarde’ que vio a los primeros sanitarios sobre las 21:15 horas, una hora y media más tarde del accidente. @lasexta
Following up my last article on NCC patterns, this one shows why and how to handle multi-hub designs, and a step-by-step technical blueprint for a zero-downtime migration.
As cloud architectures evolve from simple single-region deployments to complex, global multi-cloud ecosystems, the networking glue holding them together must evolve as well. For years, VPC Peering and Hub & spokes patterns were the gold standard, but its scaling limits and lack of transitivity often forced architects into complex workarounds.
Enter Network Connectivity Center (NCC). With the recent GA of VPC Spoke Dynamic Route Exchange, NCC has transformed from a hybrid-only tool into a global routing engine.
1. The Architectural Shift: Why NCC?
For a GCP Architect, NCC isn’t just “Peering 2.0.” It is a centralized hub-and-spoke model that solves three major pain points:
Scale: VPC Peering is limited by the number of peerings per VPC (typically 25). NCC supports up to 250 VPC spokes per hub, allowing for massive enterprise-scale topologies.
Transitivity & Path Control: Unlike Peering, NCC allows for dynamic route exchange. You can use Export/Import filters to control exactly which prefixes are shared, preventing route leakage and managing overlapping IP spaces and bypass non transitivity between VPC Spokes with PSA or PSC transitivity propagation.
Unified Hybrid Connectivity: NCC treats VPCs, Cloud Interconnects, and SD-WAN (Router Appliances) as equal “spokes,” providing a single pane of glass for your global wide area network.
For more details, I give you the link of my last articles about advanced features: NCC patterns
2. Multi-Hub Design Patterns: Beyond the Global Hub
While a single NCC hub is global by nature, large-scale organizations often require Multi-Hub architectures for administrative isolation, regulatory compliance (data residency), or to bypass specific resource limits with more than 250 VPC spokes.
Here are the three primary patterns for interconnecting multiple NCC hubs:
Pattern A: Inter-Hub Connectivity via HA-VPN
This is the most common pattern for strict isolation between environments (e.g., a “Production Hub” and a “Non-Prod Hub”).
Mechanism: Deploy HA-VPN gateways in a VPC spoke of each hub and create tunnels between them.
Pros: Decouple NCC hub resource limits;High isolation; independent routing domains; easy to implement. NCC hub Isolation by continent
Cons: Additional costs for VPN tunnels and data transfer; limited by VPN throughput (though scalable with multiple tunnels).Transferrable to Prod/Dev/QA topology
For architects requiring deep packet inspection (Firewalls, IDS/IPS) between hubs.
Mechanism: Deploy a 3rd-party NVA (Fortinet, Palo Alto, etc.) with nic0 in Hub A's transit VPC and nic1 in Hub B's transit VPC.Multi-nic NVA — per region. Three NCC hubs in one GCP Project
Pros: Decouple NCC hub resource limits;NCC hub isolation by continent;Centralized security stack; advanced traffic engineering using BGP. Transferrable to Prod/Dev/QA topology
Cons: Management overhead of VMs; potential bottleneck if not scaled correctly (using Internal Load Balancers as next hops). Incur cross-regional data transfer costs
Pattern C: Transit via Partner Interconnect / Cross-Cloud
Mechanism: Using a third-party fabric (like Megaport or Equinix) to bridge two different NCC hubs, often used in multi-cloud scenarios.
Pros: Partner Interconnect Bandwidth — NCC Hub isolation by continent;Decouple NCC hub resource limits;Lower latency for inter-cloud traffic; bypasses the public internet.Transferrable to Prod/Dev/QA topology;deployment NCC hub(s) in One Project or One NCC hub per Project
Pros: Partner Interconnect Cost — Incur cross-regional data transfer costs
Let’s configure a multi-NCC hub with the VPN pattern
# Give the network a name and project project_id = var.project_id network_name = "vpc-shared-services" routing_mode = "GLOBAL" delete_default_internet_gateway_routes = true
# Give the network a name and project project_id = var.project_id network_name = "eu-routing-vpc" routing_mode = "GLOBAL" delete_default_internet_gateway_routes = true
# Give the network a name and project project_id = var.project_id network_name = "us-routing-vpc" routing_mode = "GLOBAL" delete_default_internet_gateway_routes = true
# Give the network a name and project project_id = var.project_id network_name = "us-vpc" routing_mode = "GLOBAL" delete_default_internet_gateway_routes = true
linked_vpc_network { uri = module.us-vpc.network_id } }
# Spoke pour le VPN venant de l'On-Prem resource "google_network_connectivity_spoke" "onprem_vpn_spoke" { name = "spoke-onprem-vpn" location = "europe-west1" hub = google_network_connectivity_hub.eu-hub.id
linked_vpn_tunnels { # Ce tunnel DOIT être dans le VPC 'eu-routing-vpc' uris = ["https://www.googleapis.com/compute/v1/projects/${var.project_id}/regions/europe-west1/vpnTunnels/eu-routing-vpc-to-onprem-remote-0"] site_to_site_data_transfer = true include_import_ranges = ["ALL_IPV4_RANGES"] } }
# Spoke pour le VPN allant vers les USA (Inter-Hub) resource "google_network_connectivity_spoke" "us_interconnect_spoke" { name = "spoke-to-us-hub" location = "europe-west1" hub = google_network_connectivity_hub.eu-hub.id
# Spoke côté US pour recevoir le tunnel venant de l'Europe resource "google_network_connectivity_spoke" "eu_interconnect_spoke_us" { name = "spoke-from-eu-hub" location = "us-east1" hub = google_network_connectivity_hub.us-hub.id
3. The Migration Blueprint: From Legacy Peering to NCC
Migrating a “live” network is not easy and risky. To avoid issues, here is the technical workflow to transition from a Hub-and-Spoke Peering model to NCC.
Phase 1: The Parallel “Shadow” Transit
Do not tear down your existing peerings yet.
Create the NCC Hub: Set up your global hub resource.
The New Transit VPC: Create a new VPC that will act as the “Next-Gen Hub.”
Establish Hybrid Spokes: Set up new Cloud Interconnect VLAN attachments or HA-VPN tunnels and attach them to the NCC Hub.
BGP Preparation: Ensure your On-Premise routers are ready to receive routes from the new Cloud Routers.
Phase 2: Workload Integration (The Spoke Transition)
Attach Workload VPCs: Add your application VPCs as spokes to the NCC hub.
Route Filtering: Use Export Filters on the NCC spokes to ensure they don’t immediately start advertising routes that conflict with the existing peering routes.
The “Edge Group” Logic: Place hybrid spokes in an Edge Group to facilitate transit between VPC spokes and On-Premise.
Phase 3: Traffic Swing (The “Big Switch”)
Adjust Administrative Distance: On-premise, prefer the routes learned via the new NCC-connected Interconnects (by adjusting BGP Multi-Exit Discriminator — MED).
Monitor Flows: Use Network Topology and Flow Logs in the GCP Console to verify that traffic is moving through the NCC Hub and not the legacy Peering links.
Incremental Peering Removal: Once traffic is confirmed on the NCC path, delete the VPC Peering connections one by one.
Phase 4: Add new VPCs
4. Architect’s Decision Matrix: Pros, Cons, and Caveats
Choosing between traditional VPC Peering, Cloud Router architectures, and Network Connectivity Center (NCC) is a strategic decision. As your network grows from a few isolated VPCs to a complex hybrid-cloud mesh, the trade-offs change.
Use this matrix to determine if NCC is the right fit for your current infrastructure.
Pros & Cons: The Reality of NCC
The Pros
Operational Simplicity: NCC eliminates the “peering mesh” nightmare. You connect a VPC or a VPN as a spoke, and the Hub handles the distribution.
Unified Hybrid Connectivity: It acts as a single pane of glass for On-prem-to-Cloud and Cloud-to-Cloud (multi-region) traffic.
High Performance: Leveraging Google’s global backbone, NCC provides lower latency and higher reliability than managing multiple disparate tunnels.
The Cons
Complexity of BGP: NCC relies heavily on BGP (Border Gateway Protocol). If your team isn’t comfortable with dynamic routing, the setup can be daunting.
Cost Management: Unlike “free” VPC Peering within the same region, NCC involves costs per spoke and data processing fees that can scale quickly if not monitored
Conclusion
The move to Network Connectivity Center is a mandatory step for any GCP environment reaching enterprise maturity. By adopting a Multi-Hub design where necessary and following a staged migration path, architects can provide their organizations with a network that is not only scalable but also significantly easier to manage than traditional peering meshes.
Always validate your routing logic with Network Intelligence Center (Connectivity Tests) before deleting your legacy peerings. Happy routing!
I hope you enjoyed reading this. See you next time 👋
In this article, we explore a scalable role management strategy known as IAM Personas. We will move beyond theory to examine specific architectural examples and provide production-ready code samples. Finally, we will demonstrate how to deploy this strategy on Google Cloud Platform by leveraging a structured Infrastructure as Code (IaC) approach.
Structuring Resources by Business Unit
To effectively implement the User Personas Approach, we must first establish an Organization Hierarchy. This step is foundational, as it allows us to organize resources according to business units.
Below is a simplified example featuring two main branches: a Security folder for operations and a General folder for developer units. While this example is streamlined for clarity, your actual hierarchy may be more complex depending on your organization’s maturity.
Defining RBAC Requirements & Boundaries
Next, we define the Role-Based Access Control (RBAC) requirements. Based on our hierarchy, we have established the following strict access rules:
Security Team: Has exclusive access to the Security folder. No other role may enter this directory.
Sysadmins: Have broad access to the General folder and all contained Developer units. However, they are explicitly denied access to the Security folder.
Developer Teams: Are isolated to their specific units (e.g., Team 1 can only access Unit 1). Cross-unit access is strictly prohibited.
Persona Identification and Scalability
Deriving from our established access rules, we can identify four distinct personas for this scenario:
Security Admins
Sysadmins
Unit 1 Developers
Unit 2 Developers
In a production environment, this list expands significantly to encompass roles such as Billing Admins, Auditors, Marketing, and Accounting. Regardless of whether an organization has ten roles or ten thousand, the fundamental goal of the Personas Approach remains the same: to systematically identify every role and explicitly define the permissions they require.
Defining Roles & Implementation Strategy
We adhere to a strict scope-based permission model to ensure security and operational efficiency:
Security Admins
Scope: Entire Organization.
Role: They require global oversight. We assign roles/iam.securityAdmin at the top-level Organization node, allowing them to define access controls across all folders. Additionally, roles/securitycenter.admin is granted to monitor threats in every project, from infrastructure to individual dev units.
Sysadmins
Scope: General Folder.
Role: Acting as infrastructure architects, they manage the hierarchy (folderAdmin) and networking (networkAdmin) for the General folder and its children. However, they are restricted from altering the global IAM policies set by Security.
Developers
Scope: Unit Sub-folders.
Role: Strictly isolated. Unit 1 Developers control specific resources (compute.admin, storage.admin) within their designated folder, with zero visibility into Unit 2 or the Organization’s broader security configurations.
The Implementation Strategy
With the hierarchy and personas defined, the implementation of the Personas IAM approach is straightforward. We avoid assigning permissions to individual users. Instead, we follow this three-step workflow:
Create a Group for each identified persona.
Assign Permissions to that specific Group.
Add Users to the Group, allowing them to automatically inherit the correct access.
Implementation via Infrastructure as Code (IaC)
With our roles and groups clearly defined, we will now leverage the GCP Hardening Toolkit IAM module to provision these resources.
While it is possible to configure these settings manually in the console, we strongly recommend an Infrastructure as Code (IaC) approach. IaC transforms your IAM structure into a single source of truth, providing granular control over changes and ensuring complete traceability for audits. By code-ifying these rules, we avoid ‘configuration drift’ and ensure the security model remains intact as the organization scales.
Inside the groups block, we define each persona as a distinct object. The module reads this list to automatically create the corresponding Google Groups (e.g., gcp-security-admins@example.com) and applies the specific IAM role bindings to the correct scope (Organization or Folder). This ensures that the security model is deployed exactly as architected, with no manual intervention required.
# terraform.tfvars
# Global Settings customer_id = "C012345ab" # Replace with your Workspace Customer ID domain = "example.com" allow_multi_point_grants = false
# --------------------------------------------------------- # 2. Sysadmins # Scope: General Folder (Inherits to Unit 1 & Unit 2) # --------------------------------------------------------- { display_name = "gcp-sysadmins" description = "Infrastructure & Networking Architects" folder_id = "folders/200000001" # The General Folder ID roles = [ "roles/resourcemanager.folderAdmin", # Manage Project Structure "roles/compute.networkAdmin", # Manage VPCs/Firewalls "roles/billing.projectManager" # Link Billing Accounts ] },
# --------------------------------------------------------- # 3. Unit 1 Developers # Scope: Unit 1 Folder (Isolated) # --------------------------------------------------------- { display_name = "gcp-unit-1-developers" description = "Application Team - Business Unit 1" folder_id = "folders/300000001" # Unit 1 Sub-folder ID roles = [ "roles/compute.admin", # Manage VMs "roles/storage.admin", # Manage Buckets "roles/serviceusage.serviceUsageConsumer" # View enabled APIs ] },
# --------------------------------------------------------- # 4. Unit 2 Developers # Scope: Unit 2 Folder (Isolated) # --------------------------------------------------------- { display_name = "gcp-unit-2-developers" description = "Application Team - Business Unit 2" folder_id = "folders/300000002" # Unit 2 Sub-folder ID roles = [ "roles/compute.admin", # Manage VMs "roles/storage.admin", # Manage Buckets "roles/serviceusage.serviceUsageConsumer" # View enabled APIs ] } ]
Note: Permission Grant Models The GCP Hardening Toolkit module supports two distinct permission strategies: Single-Point and Multi-Point grants. Choosing the right model impacts your security posture and audit complexity. We strongly recommend reviewing the article: Comparing Group Permission Models: Security Implications and Analysis to understand the trade-offs before finalizing your configuration.
Once the configuration is finalized, we simply execute terraform apply to provision the groups and permissions. This strategy centralizes our IAM management, maintaining both a registry of organizational roles and a complete history of permission changes in a single repository.
Conclusion: From Concept to Production
In this article, we demonstrated how to shift identity management from a manual bottleneck to a scalable engineering process using Infrastructure as Code (IaC). By treating permissions as code, we ensure that our security model is immutable, auditable, and easy to scale as new business units are onboarded.
It is important to note that the configuration demonstrated above is a simplified example designed for clarity. We focused on just four core personas — Security, Sysadmins, and two Developer units — to illustrate the mechanics of the strategy.
However, real-world enterprise environments are significantly more complex, often requiring dozens of distinct personas, nested folder structures, and conditional access policies. For a complete, production-ready reference, we recommend exploring the GCP Hardening Toolkit repository. It contains a comprehensive, “real-world” example implementation that handles full-scale organizational complexity, demonstrating exactly how to apply these principles at an enterprise level.
Last week, as rumors swirled about an impending ICE surge that would target the Somali population in Maine, where I live, I called my barbershop to schedule a last-minute appointment. I didn’t want a haircut, but I worried that I needed one. I am a light-skinned Black American: My hair and beard are thick and curly. On Thursday, I had both cut extra short in an effort to look less like someone ICE might find interesting. That is to say, for the first time in my life, I tried to look a little whiter.
I had seen video after video of federal agents occupying Minneapolis, flagrantly racially profiling innocent people on the street—demanding that American citizens, including police officers and Native Americans, show their papers, and even detaining some—and it seemed that the same chaos was coming to southern Maine.
I also made another change in advance of ICE’s arrival: I stopped carrying the 9-mm compact handgun—a Glock 19 equipped with a Holosun red dot—that I keep underneath my shirt most days, in full compliance with Maine’s concealed-carry laws. Although it is completely within my rights to carry concealed in my state (a practice I began a little over a year ago, after having gotten several death threats for my political writing), the past few weeks have made it apparent that ICE and Border Patrol don’t put much store in the law or Constitution.
When I heard news that Maine was about to get the Minneapolis treatment, a fear gnawed at me: What happens if I’m harassed or grabbed by an ICE agent for walking down the street without my passport, and an agent feels the pistol beneath my sweatshirt? What happens, God forbid, if my Glock dislodges from my appendix holster while I’m being roughly detained? I worried that, in such an event, ICE officers—poorly trained, trigger-happy—might panic and shoot me out of fear, even if I was doing nothing illegal or threatening. I worried, too, that they might not even bother to learn Maine’s gun laws before descending on my state.
Today, Border Patrol’s killing of Alex Jeffrey Pretti—a 37-year-old ICU nurse who the Minneapolis Police Department believes possessed a legal-carry permit, and was armed in the lead-up to his death—made it clear that my paranoia was justified. It also made it clear that it is not only minorities who are having their First, Fourth, and now Second Amendment rights trampled by the federal government: Pretti, like Renee Nicole Good before him, was white. And while new facts could certainly emerge that complicate what we know so far, existing videos of the incident seem to show that he never reached for his weapon in his fatal encounter with the feds. It appears to have been removed by agents before they shot him dead, after first pepper-spraying him in the face as he tried to help a woman who had been knocked to the ground. Apparently, the federal boot heel is now colorblind, one of the Trump administration’s more notable anti-DEI achievements.
Although the administration claims that its immigration-enforcement operations are meant to protect Americans from an “invasion” of foreign-born gang members, federal officials have now killed two American citizens—specifically, white American citizens, the kind Donald Trump and Stephen Miller tacitly signal they care the most about—in less than a month. It is plain that Operation Metro Surge and Operation Catch of the Day—yes, that’s what ICE actually calls its Maine operation—are not about protecting the good citizens of Minnesota and Maine. And they are certainly not about protecting our rights guaranteed by the Constitution.
I’ve spent nearly my entire life in American gun culture: My father was a combat veteran turned state-police officer; I come from a hunting family; my first job was at a gun club; I regularly invest hours at the range, and burn through 1,000 or more rounds of pistol and rifle ammo every month. I admit that by the standards of some readers, I no doubt qualify as a “gun nut.” And I have had innumerable arguments with liberal friends about the Second Amendment. My views are unfashionable in some of the circles in which I travel. I believe, and have always believed, that despite the National Rifle Association’s faults, the organization is correct about the core purpose of the Second Amendment: to prevent government tyranny. And because tyrannical governments can be either liberal or conservative, the Constitution protects those on the left and right equally.
Some time before he was shot dead in Utah, Charlie Kirk said, now infamously, that it was worth accepting “some gun deaths every single year so that we can have the Second Amendment to protect our other God-given rights.” Many of his critics dredged up that quote following his assassination, noting the irony and suggesting that his manner of death disproved his argument. I agreed with Kirk about very little, but about this he was right: The blight of gun violence is a uniquely American tragedy. But the Second Amendment is a uniquely American freedom, and in fact is the very thing that makes possible all the others.
Some pro-gun organizations are already taking a stand: “Every peaceable Minnesotan has the right to keep and bear arms—including while attending protests, acting as observers, or exercising their First Amendment rights,” Minnesota’s Gun Owners Caucus wrote in response to today’s killing. “These rights do not disappear when someone is lawfully armed, and they must be respected and protected at all times.” Gun Owners of America, meanwhile, observed that the “Second Amendment protects American’s right to bear arms while protesting—a right the federal government must not infringe upon.” Despite touting itself as a staunch defender of American gun rights, however, the Trump administration appears to be taking a rather different tone. “Thank God for the patriots of @ICEgov,” Secretary of Defense Pete Hegseth posted on X, showing no concern that a federal agent emptied his magazine into the back of an apparently law-abiding, gun-owning American who seemed to have been safely disarmed. “You are SAVING the country.”
Whether they lean right or left, are pro-immigration or have more restrictionist views, my fellow gun owners should understand the message that is being sent by this administration: If you exercise your constitutionally protected right to bear arms, masked federal agents can murder you in cold blood, simply because an American citizen exercising their Second Amendment rights scares them. This isn’t about politics; it is about the rights that make our politics possible in the first place.
It is not yet clear what exactly Pretti’s own views were, or what motivated him to be on that Minneapolis street. But he knew what the Second Amendment is for: to affirm that Americans are a free people, and free people will not be cowed by masked federal agents. As this country’s gun enthusiasts have long known, freedom means little if you lack the means to keep it. Without the Second Amendment, the Constitution is a bit of parchment. With the Second Amendment, the Constitution is a demand. These rights shall not be infringed.
In a world defined by constant change, reinvention isn’t optional - it’s essential. We often assume reinvention comes from bold leaps or lucky breaks, but actor and author Matthew McConaughey’s story suggests a quieter approach can be far more powerful.
In this episode, Matthew joins me to explore the inner practices that have shaped both his life and his legendary career in Hollywood. From stepping away from romantic comedies at the height of his success to sitting with uncertainty when there were no guarantees on the other side, Matthew shares how learning to get comfortable with discomfort empowered the most meaningful reinventions of his life.
At the center of our conversation is curiosity - self-curiosity. Matthew reflects on decades of journaling as a way to notice patterns, stay honest, and make sense of moments that feel unclear. Rather than avoiding discomfort, he learned to treat it as information to study, learn from, and eventually act on.
We talk about what it takes to stay relevant without losing yourself, why reinvention often requires carrying the risk before anyone else believes in the outcome, and how self-curiosity can become a compass when the path forward isn’t obvious.
Matthew also shares how these ideas come to life in his newest book, Poems & Prayers - a collection of reflections shaped by presence, patience, and the courage to keep asking better questions.
If you’re navigating change, questioning your direction, or looking to grow while remaining true to yourself, this conversation offers a grounded and thoughtful path forward.
Simon is an unshakable optimist. He believes in a bright future and our ability to build it together.
Described as “a visionary thinker with a rare intellect,” Simon has devoted his professional life to help advance a vision of the world that does not yet exist; a world in which the vast majority of people wake up every single morning inspired, feel safe wherever they are and end the day fulfilled by the work that they do.
Simon is the author of multiple best-selling books including Start With Why, Leaders Eat Last, Together is Better, and The Infinite Game.
Chapters 00:00 Intro 01:58 Why Matthew McConaughey Stopped Taking Rom-Com Roles 02:38 Curiosity as a Career Strategy 03:55 Why Better Work Matters More Than Popularity 06:25 When Success Becomes a Trap 08:51 Saying No to What Worked Before 10:08 Bearing the Risk of Reinvention 16:39 Why You Have to Carry the Risk First 19:05 Confidence, Arrogance, and Real Humility 24:22 The Paradox of Selfishness and Selflessness 30:46 Why Checking in With Yourself Matters 34:53 Staying in the Discomfort Long Enough to Change 36:00 How Journaling Turns Shame into Insight 40:20 Entering Work with Reverence 42:01 The Project That Made Matthew Happiest 44:10 Poems & Prayers and Performing Live 45:27 A Childhood Memory That Explains Everything 49:07 Why Self-Curiosity Is the Real Superpower 53:06 Self-Involved vs. Self-Curious
Es curioso echar un vistazo a Algoritmos para Laberintos, donde se muestran 15 formas de generar laberintos*. Aunque no todos son visualmente agraciados ni «complicados» desde el punto de vista de su resolución, explica todas las formas más o menos habituales de construirlos con un ordenador. Son algoritmos tanto clásicos como modernos, de código abierto y con animaciones paso a paso.
En total hay 15 algoritmos diferentes, cada uno con comportamientos y resultados claramente reconocibles. Se ofrecen en tres tamaños a partir de una retícula de 5×5, 15×15 y 25×25. Mis favoritos son el Recursive Backtracking y el Hunt and Kill. El resto me parece que generan caminos demasiado sencillos, que se acortan en uno o dos pasos y son casi triviales de resolver.
El código fuente completo está disponible públicamente en GitHub (CoffeeScript Mazes) y acompaña al libro Mazes for Programmers, que enseña los métodos desde un punto de vista práctico y que seguramente gustará a quienes les apasionen estos temas.
Entre los algoritmos incluidos hay enfoques deterministas, aleatorios e híbridos. Aparecen clásicos como Árbol binario y Sidewinder, métodos de caminatas aleatorias con garantías de uniformidad estadística como Aldous-Broder y Wilson y y técnicas recursivas. Hay combinaciones prácticas como el algoritmo de Houston, que mezcla el Aldous-Broder y el Wilson para ganar velocidad a costa de perder uniformidad.
_____ * Hay una diferencia sutil entre maze y labyrinth en inglés, palabras para las cuales solo usamos «laberinto» en castellano. Un labyrinth tiene una sola ruta sin bifurcaciones y no es difícil de seguir; solo tiene un entrada y una salida y pueden tener ciertas connotaciones «espirituales». En cambio los maze son más enrevesados, con muchas opciones y rutas que tomar, puede estar diseñado para ser más o menos difícil, quizá tenga varias entradas y salidas y son los que se utilizan en los experimentos científicos.
La Galería de formatos para Kaitai Struct es una explicación de las especificaciones de un montón de formatos binarios («tipos de archivo» sería otra forma de llamarlos) y cómo entender qué contienen los archivos, byte a byte, de forma relativamente sencilla.
De hecho aunque Kaitai Struct es un lenguaje para describir formatos de datos, no es necesario utilizarlo para aprovechar este estupendo recurso. La galería contiene las especificaciones de decenas de formatos, explicados a nivel de bytes y binario, y también a modo de guía visual. Así que nada de tener que ponerse a picar y compilar código sin saber cómo funciona todo.
En la lista de formatos, agrupadas por categorías, hay archivos de imagen, bases de datos (incluyendo el legendario .DBF de dBase, que se usaba en 1982, literalmente el «año de Naranjito»), ejecutables, sistemas de ficheros, protocolos de red, contenedores multimedia, etcétera. Estas especificaciones están escritas describiendo campo a campo cómo está organizado el formato en binario: sus encabezados, tipos de datos, longitud de registros y repeticiones. Están las tipografías TTF o de las imágenes BMP y los frames de las redes Ethernet.
Esta galería es, en cierto modo, es como la piedra de Rosetta de los formatos. Lo mejor es que además de usarlo en Kaitai también se incluye código para analizar los archivos en diferentes lenguajes, entre ellos: C++ y C#, Go, Java, Perl, PHP, Python, Ruby y Rust. Así que quien necesite usar alguno de estos formatos por razones prácticas, o incluso históricas, lo tiene fácil, sin tener que escribir todo el código desde cero.
En muchos casos, las viviendas desalojadas pasan a manos de colonos israelíes o se usan para proyectos turísticos y de asentamiento, erosionando aún más la presencia palestina en zonas clave. En tanto, la expansión de asentamientos agudiza el aislamiento de la ciudad del resto de Cisjordania y profundiza la segregación, alerta ONU Derechos Humanos.
etiquetas: cisjordania, jerusalén, expulsión, palestinos, aumento
Un grupo de 12 personas tuvo que ser rescatado anoche en el Puerto de Cotos tras quedar completamente aisladas y sin posibilidad de regresar a sus domicilios. Los excursionistas habían subido a la sierra a lo largo del día para disfrutar de la nieve, pero no habían previsto ni asegurado el transporte de vuelta antes de que las condiciones meteorológicas empeoraran y los servicios de transporte público finalizaran.
etiquetas: madrid, puerto de cotos, rescate, nieve, imprudencia
Un hombre ha muerto este sábado tiroteado por un agente de la policía federal de Estados Unidos en Minneapolis, según ha confirmado el jefe de la Policía de esta ciudad, Brian O’Hara, en declaraciones al Minnesota Star Tribune. Es la segunda persona que fallece por disparos de la policía en la capital de Minnesota en tres semanas: el 7 de enero, una mujer de 37 años, Renee Good, murió tiroteada por otro agente después de participar en unas protestas contra las redadas anti migratorias
etiquetas: hombre, muere, minneapolis, policía, trump, ice, redadas anti migratorias