W3C Verifiable Credentials [1] does almost exactly what you suggested and was recently approved as a top-level W3C standard. Adoption has been sluggish outside of digital identity (with Android [2] and the EU digital identity wallet being notable exceptions), but I think it is because the family of standards is relatively new.
There is little reason to invent a completely new design system if your goal is to encourage brand recognition and prevent an operator from confusing tools.
Apple/SwiftUI has accentColor for example where you can inject a brand colour. This is subtle but effective for UI differentiation - colour is a design primitive that evokes subconscious pattern recognition and can be more effective than a complicated design framework that forces a larger context switch in the user's mind.
None of their ISO 27001 certificates, aside from the premium one-offs with the vCISO, are accredited by any reputable ISO accreditation body. I would even argue that IAS, who accredited Prescient Security (mentioned as a reputable body in the article), has a questionable reputation and certainly gives off a pay-to-play impression.
You can look up the names of their partners below. The one body I found that is on the register (Accorp) is accredited by UAF, a known cert-mill accreditation body, and I’m not even sure it’s the same Accorp that Delve has partnered with.
For reference, you want a ISO certificate issued by a body accredited by UKAS (UK gov. adjacent non-profit), ANAB (ANSI), or equivalent, all government-recognised. This is normally the first thing I check whenever someone claims ISO 27001 certification and it is a great heuristic to validate certification rigour.
The basic principle is to ensure that any machine/workload which joins the network (and processes customer data, in this case extremely sensitive PII) has a cryptographically verified chain of trust from boot to the application-layer to guarantee workload integrity.
NixOS is used for declarative and more importantly deterministic OS state and runtime environment, layered with dm-verity to prevent tampering of the Nix store. The root partition, aside from whatever is explicitly configured in the nix store, is wiped on every reboot. The ephemerality prevents persistence of any potential attacker, and the state of the machine is completely identical to whatever you have configured in your NixOS configuration, which is great for audibility. This OS image + boot loader is signed with organisation-private keys, and deployed to machines preloaded with UEFI keys to guarantee boot integrity and preventing firmware-level attacks (UEFI secure boot).
At this point you need to trust the cloud provider to not tamper with the UEFI keys or otherwise compromise memory confidentiality through a malicious or insecure hypervisor, unless the provider supports memory encryption through something like AMD SEV-SNP. The processor provides an AMD-signed attestation that is provided to the guest OS that states "Yes, this guest is running in a trusted execution environment, and here are the TPM measurements for the boot" and you can use this attestation to determine whether or not the machine should join your network and that it is running the firmware, kernel, and initramfs that you expect AND on hardware that you expect.
I think I'll put together a write-up on this architecture once I launch the service. There is no such thing as perfect security, of course, but I think this security architecture prevents many classes of attacks. Bootkits and firmware-level attacks are exceedingly difficult or even impossible with this model, combine this with an ephemeral root filesystem and any attacker would be effectively unable to gain persistence in the system.
Hetzner is great for dedicated servers, but for those of us who need smaller-scale secure/confidential VMs I'm afraid that there isn't really any other choice than hyperscalers.
Does anyone know if there is a VM vendor that sits somewhere in between a dedicated server host like Hetzner in terms of performance + cost-effectiveness and AWS/GCP in terms of security?
Basically TPM/vTPM + AMD SEV/SEV-SNP + UEFI Secure Boot support. I've scoured the internet and can't seem to find anyone who provides virtualised trusted computing other than AWS/GCP. Hetzner does not provide a TPM for their VMs, they do not mention any data-in-use encryption, and they explicitly state that they do not support UEFI secure boot - all of these are critical requirements for high-assurance use cases.
Financial crises have been more severe, longer, and more sustained since the introduction of central banking. Let us also not forget that the industrial revolution and the extraordinary growth of Western economies in the late 1800s were mostly conducted under free banking without a central buyer and lender of last resort, and in some jurisdictions where a central bank existed it was regulated to follow a strict gold standard.
Sure, but ransomware is just extortion and that is a concept that has existed for time immemorial. I think ransomware is a relatively small part of the global volume of generalised extortion which is almost certainly mostly settled in fiat and not crypto.
>Buying drugs, money laundering, rampant speculation, rug pulls, fraud, high fees, inefficiency, horrible UX, irreversible SFYL, and destroying the climate.
Every one of these charges happens every day and in some of them to a much greater scale in fiat, especially climate destruction due to inflationary monetary policy, which encourages consumption and waste and punishes thrift and savings.
"The root problem with conventional currency is all the trust that’s required to make it work. The central bank must be trusted not to debase the currency, but the history of fiat currencies is full of breaches of that trust. Banks must be trusted to hold our money and transfer it electronically, but they lend it out in waves of credit bubbles with barely a fraction in reserve." - Satoshi Nakamoto
I don't know about the author but I have a feeling that the track record of central banks isn't exactly stellar, and I'd much rather trust a decentralised system with zero ability for sustained debasement than trust a small centralised group of people who have time and time again abused that trust.
>From my point of view serfdom is the (block)chain. Only people with enough stake or those who pays are in control.
I disagree with this but even if one assumes this to be the case, I'd much rather prefer a monetary system subject to the control of free market forces rather than the modern monetary system which is subject to a small group of unelected and unaccountable technocrats operating under the feeble assumption of central bank independence and whose power is extended through coercion and not voluntary association.
>Furthermore, I take issue with the emphasis on "property damage" as property is fairly meaningless when you fear for your live or live paycheck-to-paycheck. America has an unhealthy obsession with "property damage" as if it should be the driver for any sort of discussion on societal issues, when in fact, it should not be.
Ah right, so the ends justify the means. It is OK to vandalise and destroy a small business if you feel bad and frustrated, but only if you share the corporate-approved politically correct opinion. Do you not see where this road ends?
Completely ridiculous. If a major corporation in concordance with other entities bans speech that does toe the party line - that is quite literally fascism and something straight out of 1984.
BLM and their like was burning down cities for months with support from these same corporates, and that is suddenly OK and not morally questionable because orange man bad? I'm not defending the Trumpers who stormed the capitol, but the double standards are extremely blatant.
I think companies who are operating in spaces that may be targeted for wrongthink (pornography, arms dealers, even crypto to an extent) should seriously consider contingency plans (avoid vendor/platform lock-in, have a backup progressive web app in case your app gets booted etc.) in the event the leftist/SJW/mainstream media mob targets them and kicks them off large platforms (including infrastructure - AWS/GCP/Azure is NOT safe).
Collateral is the wrong term, apologies for that - what I mean is that expanded bank reserves can be used to back an expansion of credit from the bank in question.
>The central bank have not power to stimulate the economy in this situation, that's the reason central bankers are pushing the governments to spend directly.
Sounds very political for a supposedly independent central banking system!
This system is a disgrace and is governed by unelected technocrats who are able to yield a crazy amount of power over the economy without ever being subject to inquiries from the public, all in the interest of experimenting on the population with highly questionable economic models.
In my opinion we would never have been in this situation in the first place were it not for the artificial credit growth and consequent boom caused by central bankers.
It cannot be repaid, ever, because the interest exceeds the amount of money that is currently in existence, which means they will always have to borrow more money (which is created out of thin air) to service the debt.
>The Fed has doubled (!) the number of assets on its balance sheet by creating new monetary instruments and using some of them to purchase financial assets like treasuries and mortgage backed bonds. In fact, the Fed has created more new monetary assets during the past five months than in 2008-2009, during the worst of the global financial crisis.
This is printing money and it is not inaccurate to say that they have created U.S. Dollars out of thin air to finance their asset-purchases and "lending" (a debt that will never be paid off) to the U.S. government.
Because they are pocketing the difference by arbitraging between the government (who issue the treasuries) and the Fed (who is the ultimate buyer) since the Fed cannot buy treasuries directly from the government. It's just a complicated way for the government to print money and hand it out and in this case banks are able to act as the middleman and earn money on the spread.
It's a disgraceful system that is extremely morally questionable.
They are, the argument that the poster above you put forward is such a tired argument and I really do not understand why people are trying to hide the fact that the Fed is actually creating money out of thin air and buying assets from banks for it. The Fed doesn't technically "print" the Federal Reserve Notes, but for all intents and purposes it is legitimately money that is being created, only digitally. You are entirely correct in your assessment that they are manipulating the market by being an agent with unlimited amounts of cash and can therefore provide options for banks that they otherwise wouldn't have in a free market.
Also bank reserves can be used as collateral for further loans, just because you don't lend out the actual reserves doesn't mean more money isn't being created, it's just done in a roundabout fashion.
I hope I'm not the only one that finds this completely ridiculous. What right does the U.S. Federal Government have to prosecute people who aren't even operating within their jurisdiction? This is nothing but imperialism and a captured government trying to shut down competitors to U.S.-based regulated exchanges from more crypto-friendly countries.
[1] https://www.w3.org/TR/vc-overview/
[2] https://developer.android.com/identity/digital-credentials