> Protocols like ACME do exist, but really only exist for web servers.

That's not so, an example I mentioned in another thread is the Certificate Management Protocol (CMP, RFC 4210 and its follow-up RFC 4210bis), it is versatile and applicable in context other than web-servers. There are open source CMP client implementations, even OpenSSL 3.x has one - so it is easy to start prototyping and automating your workflow by wrapping `openssl cmp` into scripts.

Start with https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fdocs.openssl.org%2Fmaste...

If ACME is not to your liking, consider other certificate management protocols, like CMP (RFC 4210 and RFC 4210bis). Modern versions of OpenSSL have a built-in CMP client.

Got any references to support the "declaring Sharia law in their newly settled communities" part of the message? I didn't notice anything like that in Germany.

> studies that show homework is less than worthless

Can you point to your favourite studies that look into this matter? I am intrigued and surprised by your assertion. I was under the impression that the amount of time spent on a problem is positively correlated (at least up to a point) with the likelihood to solve it.

When I read "thin blue line", I thought of how the atmosphere protects life on the planet from the rather hostile environment of outer space.

My understanding is that the model is not a program that can execute any logic on its own, open network connections, etc. The model is a huge data file, which is then loaded by another program (like Ollama or llama.cpp) that deals with the user.

Some software that uses neural networks has functionality to perform HTTP requests and fetch some data that are then used to enrich the prompt for the model (e.g., OpenWebUI, if I recall correctly), or execute commands in the system (e.g., the Cline plugin for VSCode). However, that is not the jurisdiction of the model itself, but the jurisdiction of the software *you* choose to run it with.

Perhaps a model can be designed to take advantage of these real-world connections (e.g. make HTTP requests or run commands) if it detects that it is in an environment that has them. It could use some obfuscation techniques to squeeze in additional commands (e.g., phone home, download remote access software and set it up, modify your SSH authorized keys file, etc.) which the users would approve without thinking or understanding.

Social media can make things worse in several ways. First of all - the bully doesn't have to do it in person anymore, it can be done remotely. Second - anyone can get onboard, some random people on the Internet can press "like" or type mean messages, scripts can automate it. If a teen's life is centered around social media - they are much more exposed than they were before. To summarize:

Real World interactions
- embodied
- synchronous
- primarily 1 to 1, or 1 to several, with only one interaction happening at a time
- take place within communities with a high bar of entry and exit

Virtual world
- disembodied
- async (except video call)
- many one-to-many interactions, several can take place at a time
- low barrier of entry and exit

These are different stories. Munich is in the South, in Bavaria, whereas Schleswig-Holstein is in the North by the Baltic sea. There is no centralized authority that controls them, these are unrelated, independent initiatives.

One of the reasons why such sites are profitable is that users are hooked via means like infinite scroll, or autoplay. This fast and smooth UI is what keeps users glued to their screens, nudging them towards mindlessly watching whatever comes next and spending way too much time on the site.

Slowing it down deliberately could drive people away from the platform, because they will have more opportunities to reconsider why they are on the site and potentially break the loop of mindless surfing.

> I fully expect in the next two years to see industry pushed via tweaks
> to existing security standards document to perform wholesale switch
> from a RSA key exchange to PQC.

I think it is a false dilemma. You can take a hybrid approach, where a system combines PQC and classic algorithms to achieve its purpose. If you don't have full confidence in post-quantum crypto algorithms yet, you can use them without letting RSA go.

Of course, it comes at the cost of some complexity in the software, but you still get to use RSA as a battle-tested primitive.

Discussions about this approach are here: https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fi...

The certificate can be printed on paper. It contains a QR code which holds digitally signed data about the person, the vaccine and some other metadata.

One can read the code off the paper using specialized software, verify the signature and make a pass/reject decision. You don't need any digital thing for it to work, as a traveler. The institutions need to have an infrastructure and legislation that stipulates how electronic digital signatures are used - the EU has had this for ~2 decades now.

I don't think your prediction is reasonable, because the certificates are digitally signed.

The electronic signature is easy to verify, so the forgery is trivial to detect. As long as the respective institutions do a good job at protecting their private key, that is. If the key is compromised, the signer's certificate can be revoked using standard procedures in PKI (e.g., CMP - a protocol for certificate management, OCSP - another protocol for verifying whether a certificate has been revoked or not).

If you had the technical means to fake such signatures, there would be many ways to leverage that in a much more profitable manner.

Thanks for your elaborate feedback, I greatly appreciate it.

You might be interested in this paper http://www.jtle.net/uploadfile... (I am a co-author). Table IV summarizes a list of recommendations for insurers, where R18 is related to worse driving, R16 is about giving users a way to challenge the results; R4 and R5 are about turning these programs into a coach that helps drivers get better (rather than maintain an unforgiving attitude, where a single deviation results in a "no soup for you!" verdict).
Our results are based on data collected from users of European insurance companies, but as you can see - the main complaints are the same.

If anything else comes to mind, feel free to provide more feedback and we'll incorporate it into our work. At the moment we're building prototypes that improve user satisfaction and the transparency of the system (so one can easily understand how the scores are calculated). Basically, we're integrating our own recommendations into a prototype, then run usability tests, to produce an evidence-based "this is how you should do it" UX model.

This is a good idea, but regulation is necessary to make it work.

We have a solution from Apple, and one from Google - they're different, but these things should be presented to users in a consistent format, like "nutrition facts" labels.

Another concern is the lack of regulation around it - what happens if a program violates the declared rules? They're going to get kicked off the play|app store, and that's it? There must be more serious consequences, otherwise there's no incentive to change your practices.

I advocate the adoption of "privacy facts" labels for phone apps, web services, IoT devices and other systems that collect data and can potentially undermine people's privacy. The labels should be legally binding, such that any deviation from the declared terms can have consequences that go beyond a slap on the wrist.

You can have a look at the proposed design and the research behind it at http://privacy-facts.eu/

I'm involved in usability research that partially covers such forms of car insurance as you describe. The problem you pointed out is not uncommon - many users complain that this actually leads to worse driving, because one keeps adjusting their driving style in an attempt to "make the program happy", which pushes them out of their well-established routine. The lack of a possibility to contest the system's verdicts is also a common source of dissatisfaction.

If you had a magic wand that could produce an excellent usage-based car insurance system, what features would it have? (besides the possibility to challenge a wrongful verdict)