[1] https://www.w3.org/TR/vc-overview/

[2] https://developer.android.com/identity/digital-credentials

Apple/SwiftUI has accentColor for example where you can inject a brand colour. This is subtle but effective for UI differentiation - colour is a design primitive that evokes subconscious pattern recognition and can be more effective than a complicated design framework that forces a larger context switch in the user's mind.

None of their ISO 27001 certificates, aside from the premium one-offs with the vCISO, are accredited by any reputable ISO accreditation body. I would even argue that IAS, who accredited Prescient Security (mentioned as a reputable body in the article), has a questionable reputation and certainly gives off a pay-to-play impression.

You can look up the names of their partners below. The one body I found that is on the register (Accorp) is accredited by UAF, a known cert-mill accreditation body, and I’m not even sure it’s the same Accorp that Delve has partnered with.

For reference, you want a ISO certificate issued by a body accredited by UKAS (UK gov. adjacent non-profit), ANAB (ANSI), or equivalent, all government-recognised. This is normally the first thing I check whenever someone claims ISO 27001 certification and it is a great heuristic to validate certification rigour.

https://www.iafcertsearch.org/search/certification-bodies

Shockingly low levels of DD by everyone involved here.

NixOS is used for declarative and more importantly deterministic OS state and runtime environment, layered with dm-verity to prevent tampering of the Nix store. The root partition, aside from whatever is explicitly configured in the nix store, is wiped on every reboot. The ephemerality prevents persistence of any potential attacker, and the state of the machine is completely identical to whatever you have configured in your NixOS configuration, which is great for audibility. This OS image + boot loader is signed with organisation-private keys, and deployed to machines preloaded with UEFI keys to guarantee boot integrity and preventing firmware-level attacks (UEFI secure boot).

At this point you need to trust the cloud provider to not tamper with the UEFI keys or otherwise compromise memory confidentiality through a malicious or insecure hypervisor, unless the provider supports memory encryption through something like AMD SEV-SNP. The processor provides an AMD-signed attestation that is provided to the guest OS that states "Yes, this guest is running in a trusted execution environment, and here are the TPM measurements for the boot" and you can use this attestation to determine whether or not the machine should join your network and that it is running the firmware, kernel, and initramfs that you expect AND on hardware that you expect.

I think I'll put together a write-up on this architecture once I launch the service. There is no such thing as perfect security, of course, but I think this security architecture prevents many classes of attacks. Bootkits and firmware-level attacks are exceedingly difficult or even impossible with this model, combine this with an ephemeral root filesystem and any attacker would be effectively unable to gain persistence in the system.

Does anyone know if there is a VM vendor that sits somewhere in between a dedicated server host like Hetzner in terms of performance + cost-effectiveness and AWS/GCP in terms of security?

Basically TPM/vTPM + AMD SEV/SEV-SNP + UEFI Secure Boot support. I've scoured the internet and can't seem to find anyone who provides virtualised trusted computing other than AWS/GCP. Hetzner does not provide a TPM for their VMs, they do not mention any data-in-use encryption, and they explicitly state that they do not support UEFI secure boot - all of these are critical requirements for high-assurance use cases.

Comments URL: https://news.ycombinator.com/item?id=33007321

Points: 34

# Comments: 43

Financial crises have been more severe, longer, and more sustained since the introduction of central banking. Let us also not forget that the industrial revolution and the extraordinary growth of Western economies in the late 1800s were mostly conducted under free banking without a central buyer and lender of last resort, and in some jurisdictions where a central bank existed it was regulated to follow a strict gold standard.

Every one of these charges happens every day and in some of them to a much greater scale in fiat, especially climate destruction due to inflationary monetary policy, which encourages consumption and waste and punishes thrift and savings.

- 1721 Mississippi bubble (https://en.wikipedia.org/wiki/Mississippi_Company)

- 1813-1836 Second Bank of the United States (https://en.wikipedia.org/wiki/Second_Bank_of_the_United_Stat...)

- 1933 FDR gold confiscation (https://en.wikipedia.org/wiki/Executive_Order_6102)

- 1939 UK gold confiscation under guise of national security (https://en.wikipedia.org/wiki/Operation_Fish)

- 1971 unilateral termination of gold convertibility (https://en.wikipedia.org/wiki/Nixon_shock)

- 2008-present ECB/Fed/BoJ/BoE/global QE (https://en.wikipedia.org/wiki/Quantitative_easing)

I don't know about the author but I have a feeling that the track record of central banks isn't exactly stellar, and I'd much rather trust a decentralised system with zero ability for sustained debasement than trust a small centralised group of people who have time and time again abused that trust.

I disagree with this but even if one assumes this to be the case, I'd much rather prefer a monetary system subject to the control of free market forces rather than the modern monetary system which is subject to a small group of unelected and unaccountable technocrats operating under the feeble assumption of central bank independence and whose power is extended through coercion and not voluntary association.

Ah right, so the ends justify the means. It is OK to vandalise and destroy a small business if you feel bad and frustrated, but only if you share the corporate-approved politically correct opinion. Do you not see where this road ends?

BLM and their like was burning down cities for months with support from these same corporates, and that is suddenly OK and not morally questionable because orange man bad? I'm not defending the Trumpers who stormed the capitol, but the double standards are extremely blatant.

I think companies who are operating in spaces that may be targeted for wrongthink (pornography, arms dealers, even crypto to an extent) should seriously consider contingency plans (avoid vendor/platform lock-in, have a backup progressive web app in case your app gets booted etc.) in the event the leftist/SJW/mainstream media mob targets them and kicks them off large platforms (including infrastructure - AWS/GCP/Azure is NOT safe).

Sounds very political for a supposedly independent central banking system!

This system is a disgrace and is governed by unelected technocrats who are able to yield a crazy amount of power over the economy without ever being subject to inquiries from the public, all in the interest of experimenting on the population with highly questionable economic models.

In my opinion we would never have been in this situation in the first place were it not for the artificial credit growth and consequent boom caused by central bankers.

This site calculates CPI using the old way of calculating it, and according to that method the inflation rate is closer to 10%.

This is printing money and it is not inaccurate to say that they have created U.S. Dollars out of thin air to finance their asset-purchases and "lending" (a debt that will never be paid off) to the U.S. government.

It's a disgraceful system that is extremely morally questionable.

Also bank reserves can be used as collateral for further loans, just because you don't lend out the actual reserves doesn't mean more money isn't being created, it's just done in a roundabout fashion.