1. Special Counsel Jack Smith plans to resign, file report before Trump can fire him: report  Fox News
2. Jack Smith expected to resign ahead of Trump inauguration  WAVY.com
3. Special counsel Jack Smith plans to retire before Trump takes office: report  New York Post

1. Trump names Fox News host Pete Hegseth as defence secretary pick  BBC.com
2. Trump's defense choice stuns the Pentagon and raises questions about the Fox News host's experience  The Associated Press
3. Trump Puts Allies on Alert by Handing Pentagon to Fox News Host Hegseth  Bloomberg
4. How Pete Hegseth went from Fox News host to Trump’s Defense Secretary pick  CNN

Personality. You’ve got one; your friends have one—everyone has one! But what does it say about you and your social tendencies? In the early 1900s, Carl Jung coined the terms “introvert” and “extrovert” to describe personality traits and behaviors. Introverts tend to be more reserved, whereas extroverts thrive on social interaction. So, where do you fall? Are you an introvert, extrovert, or something in between? Answer these questions about what you would do in any given situation to find out.

Texting is a fantastic way to connect with a guy that you're into, especially if you're nervous about talking in person. Sure, you can text whenever you want, but there are some key guidelines to follow so you don't overwhelm him or look desperate. Check out the following texting tips so you communicate with confidence.

Mumbai’s wealthy citizens, who seek forward-thinking and upward-looking homes, prefer a novel idea of ultra-luxury living. In Mumbai, duplex and triplex apartments redefined the definition of living in luxury. Duplex and triplex apartments are becoming increasingly popular in Mumbai’s ultra-luxury … Continue reading →

The real estate industry warned that eliminating indexation benefits for long-term capital gains would stunt its expansion, negatively affecting property owners and potentially increasing taxes. While experts thought low returns could still be a problem, authorities disagreed, citing high real … Continue reading →

Property owners may face serious legal and financial ramifications if they fail to pay their property taxes. Therefore, timely paying such taxes is necessary to continue taking advantage of the municipal amenities. Owners must take immediate action if a property … Continue reading →

Are you trying to find a cozy haven with a view of the city skyline? The desire for luxurious living is growing, and renowned builders like Nitara Projects are fostering this desire by offering strong, innovative, and tastefully designed premium … Continue reading →

The XFX SPEEDSTER MERC319 features 16GB GDDR6 memory, advanced RDNA 3 architecture, and premium triple-fan cooling. This high-performance graphics card delivers excellent 1440p and 4K gaming capabilities. Reasons to Buy What Makes It Stand Out The MERC319 model represents XFX’s premium cooling solution. The triple-fan design and extended heatsink ensure lower temperatures and quieter operation compared to […]

The Sony XG300 Portable Speaker features IP67 waterproofing, powerful X-Balanced speakers, and up to 25 hours of battery life. This premium speaker combines durability with Sony’s signature sound quality. Reasons to Buy What Makes It Stand Out The XG300 delivers exceptional sound through Sony’s X-Balanced speaker units and dual passive radiators. The combination of MEGA BASS, ClearAudio+, […]

Trump's flying car initiative gains momentum as UFO expert Dr. Michael Salla signals potential involvement, bringing advanced aerospace expertise to ambitious urban development plan.

"The Industry Advisory Council’s (IAC) eGov Shared Interest Group (SIG) and the Federal CIO Council, in partnership with E-Gov, today announced the Federal agency programs selected as the “Top 5” within the Excellence.gov awards program. These prestigious programs were selected...

Summary: The abundance of X.509 certificate authorities who already perform identity proofing for businesses provides a rich resource that can be leveraged to boot the verifiable data ecosystem.

When you used a verifiable credential to prove something about yourself, the verifier can know cryptographically: (1) the identifiers for the issuer, (2) the credential hasn't been tampered with, (3) the credential was issued to you, and (4) the credential hasn't been revoked. These four checks are important because their establish the fidelity of the data being transferred. They don't, however, tell them whether they can trust the issuer. For that, they need to take the issuer's decentralized identifier (DID) that they got from credential presentation and determine who it belongs to.

At the most recent Internet Identity Workshop, Drummond Reed gave a session on how X.509 certificates could help with this. The first step, like always, is to resolve the DID and retrieve the DIDDoc that associates keys and endpoints with the DID. The endpoint can be an HTTP server and, of course, should have an X.509 certificate providing TLS security. That certificate, at the very least, has a a domain name to bind that to the certificate's public key. It can, if you pay for the feature, also include information about the entity that applied for the certificate. The certificate authority proofs that information and is vouching for it when they sign the certificate.

The key to making the X.509 certificate useful for checking the provenance of a DID lies in one key change. X.509 certificates can contain and extended field called a Subject Alternative Name. This following figure shows how it can help.

In this figure:

1. The issuer (Attestor) creates the DID they will use to issue the certificate along with its associated DIDDoc, including an HTTP endpoint for DID verification.
2. Attestor applies for a X.509 certificate for that endpoint, including in the application the DID they created in (1).
3. The certificate authority does it's usual proofing of the application and issues a certificate that includes the DID in the Subject Alternative Name field.
4. The issuer creates a credential definition in the usual way that includes their DID and writes it to whatever Verifiable Data Registry their DID method dictates.
5. Attestor issues a credential to a holder (Alice) using that credential definition.
6. At some later time, Alice presents the credential to the verifier (Certiphi).
7. Certiphi resolves the DID to get the DIDDoc and retrieves the verfication endpoint from the DIDDoc
8. Certiphi retrieves the certificate for that endpoint¹.
9. Certiphi verifies the certificate by checking it's signature and ensures that the DID in the DIDDoc for the credential matches the one in certificate.²

The issuer's DID has now been tied in a verifiable way to whatever information is in the certificate. Provided the certificate includes information about the entity beyond the domain name, the verifier can use that information to determine whether or not the credential is authentic (i.e., issued by who the credential definition purports issued it). That might be all the evidence they need to determine whether to trust the entity. Certificate authorities could also issue verifiable credentials to the customer attesting the same verified claims—after all, it's one more product they can offer.

The benefit of doing issuer validation using X.509 certificates is that there are already many trusted X.509 certificate authorities in business who already do proofing of attributes about businesses. That's a huge chunk of the verifiable data ecosystem that doesn't need to be built because it can be leveraged. To make this work, digital certificate authorities would need to start offering to validate DIDs and include them in a certificate as a Subject Alternative Name. I don't discount that this will take some bureaucratic maneuvering. Certificate authorities will need to see a business opportunity. I'd love to see Digitcert or someone do a pilot on this.

Notes

1. Note that this step might be combined with the previous step if the Verifiable Data Registry is the same server as the endpoint, but that's not necessarily going to be the case for a number of reasons.
2. Note that this does not create a call back wherein Attestor can determine which credential was used, preserving the privacy of the presentation. Attestor does know one of its credentials has been presented to Certiphi. If this information leakage bothers you, then any web-based DID method is potentially a problem.

Tags: identity ssi decentralized+identifiers verifiable+credentials x.509

Summary: This spring's IIW was full of interesting people and interesting discussions with people from around the globe.

We recently completed the 38th edition of the Internet Identity Workshop. We had 330 people from around the world who called 169 sessions. As usual there was lots of energy and thousands of side conversations. IIW is a place to get things done and it showed in the energy and the comments people made to me about how much they enjoyed it.

As you can see by the pins in the map at the top of this post, there were attendees from all over the world. Not surprisingly, most of the attendees were from the US (241), followed by Canada (11). Germany, India, and Switzerland rounded out the top five with 9, 8, and 7 attendees respectively. Attendees from India (5), Thailand (3), and Korea (3) showed IIW's diversity with attendees from APAC. And there were 4 attendees from South America this time. Sadly, there were no attendees from Africa again. Please remember we offer scholarships for people from underrepresented areas, so if you'd like to come to IIW39, please let us know. If you're working on identity, we want you there.

For states and provinces, California was first with 122. Washington (16), Utah (10), Texas (10) and New York (10) rounded out the top five. San Francisco (14) Oakland (13), San Jose (12), Seattle (11), and New York (9) were the top cities.

In addition to sessions, we have a demo hour on Wednesday that is a little like speed dating. There were 20 different projects highlighted. There's always more than one session that I want to attend in any given time slot and choosing is hard. That's a common refrain. Luckily we have sessions notes that we publish in a Book of Proceedings.

Here's pictures from all three days courtesy of Doc Searls

You belong at IIW! IIW is where you will meet people to help you solve problems and move your ideas forward. Please come! IIW 39 will be held October 29-31, 2024 at the Computer History Museum. We'll have tickets available soon.

Tags: identity iiw

Summary: We know that LLMs hallucinate. And we know that we can overcome some of that problem with better prompts. But can LLMs provide references for their work? I conducted an experiment.

Recently my friend Scott Mace asked this on X in response to a post about the evolution of software and how LLMs will likely follow that same trajectory:

Yes, but how trustworthy will it be? Can I at least see the links it used to create its response?

From X
Referenced 2024-05-21T18:09:06-0400

The short answer is "no", but the real answer is a bit more nuanced because of how LLMs like ChatGPT work. First the short answer: LLMs don't understand what they're saying so they can't reference the material that it used to create a response. They don't work like that. They don't go out, do a bunch of research and then create a response. Instead lots (and I mean LOTS) of material is fed into the program that creates the model, a multi-dimensional matrix of word orders. Then when you ask a question ("give it prompt" in LLM-speak), it processes the question and generates text based on the probabilities of words in its model¹. There's no way it can satisfy Scott directly because the model doesn't—can't, as far as I know—include the references that it used to create the text because it's generating it on the fly from material that has been thoroughly blended together.

But, in fairness, that's not what people do most of the time either. If you asked me over lunch or at the end of a tech presentation to describe zero trust and its pros and cons, I'd start talking. I wouldn't start looking up things on the web and somehow weave them into text complete with references. I'd go look for references if you asked me to back up something I said. So, let's try that with ChatGPT 4o. I gave it the following prompt:

You are a writer for a website focusing on technology. Your specialty is security. Write a 150 word explanation of zero trust with three pros and three cons.

ChaptGPT answered with this text:

Zero Trust is a security model based on the principle of "never trust, always verify." Unlike traditional security models that assume everything inside the network is safe, Zero Trust assumes that threats can exist both inside and outside the network. It requires strict identity verification for every user and device attempting to access resources, regardless of their location.

Pros:

1. Enhanced Security: By continuously verifying users and devices, Zero Trust reduces the risk of breaches and unauthorized access.
2. Minimized Attack Surface: It limits access to only what is necessary, reducing potential entry points for attackers.
3. Improved Compliance: Helps meet regulatory requirements by ensuring strict access controls and logging all access attempts.

Cons:

1. Complex Implementation: Deploying Zero Trust can be complex and time-consuming, requiring a significant overhaul of existing systems and processes.
2. Increased Costs: The initial investment in technology and training can be high.
3. User Experience Impact: Continuous verification can lead to friction and inconvenience for users if not implemented smoothly.

Zero Trust is essential for modern cybersecurity, but it requires careful planning and resources to implement effectively.

That's pretty good. But what if we need some references to other material to back up the pros and cons? I asked ChatGPT to supply them:

Now repeat that task, but this time include references as hyperlinks to back up each pro and con.

ChaptGPT answered with this text:

Zero Trust is a security model based on the principle of "never trust, always verify." Unlike traditional security models that assume everything inside the network is safe, Zero Trust assumes that threats can exist both inside and outside the network. It requires strict identity verification for every user and device attempting to access resources, regardless of their location.

Pros:

1. Enhanced Security: By continuously verifying users and devices, Zero Trust reduces the risk of breaches and unauthorized access (CSO Online).
2. Minimized Attack Surface: It limits access to only what is necessary, reducing potential entry points for attackers (NIST).
3. Improved Compliance: Helps meet regulatory requirements by ensuring strict access controls and logging all access attempts (Gartner).

Cons:

1. Complex Implementation: Deploying Zero Trust can be complex and time-consuming, requiring a significant overhaul of existing systems and processes (Forrester).
2. Increased Costs: The initial investment in technology and training can be high (ZDNet).
3. User Experience Impact: Continuous verification can lead to friction and inconvenience for users if not implemented smoothly (TechRepublic).

Zero Trust is essential for modern cybersecurity, but it requires careful planning and resources to implement effectively.

That looks great! Nice references for each bullet. There's just one problem. All the links, except the NIST reference, are dead. I don't know if they're wrong, made up, or stale. I tried finding content on a few of the sites by searching and came up dry. As I heard Johannes Ernst say once, ChatGPT is a "large language model" not a "large fact model" and this bears that out.

Still, asking for references or evidence for statements is something people are going to want. So, I tried a different tack. This time I asked this:

Why do you say complex implementation is a problem for zero trust? Can you give me a few references on that I can read myself?

ChatGPT responded with this:

Implementing a Zero Trust security model can be challenging for several reasons:

1. Overall Complexity: Zero Trust requires a comprehensive understanding of your network's intricacies, including users, devices, applications, and data. This can involve significant changes to existing infrastructure, which can be disruptive and costly. Organizations need to be prepared for the extensive planning and resources required for successful implementation​ (Help Net Security)​​ (Enterprise Networking Planet​).
2. Legacy Systems: Many organizations have legacy systems that are not designed to operate within a Zero Trust framework. These systems might require different security measures or even complete replacement, adding to the complexity and cost (Help Net Security)​​ (Enterprise Networking Planet​)
3. Cultural Shift: Zero Trust is not just a technological shift but also a cultural one. It requires continuous verification and strict access controls, which can lead to user frustration and resistance if not managed properly. Ensuring user buy-in and minimizing disruption to workflows through training and communication is essential (Deloitte United States)​​ (Guidehouse).
4. Resource Intensive: Implementing and maintaining Zero Trust can put a strain on IT resources due to the need for continuous monitoring and management. The need for advanced security tools and ongoing updates further adds to the resource demands (Help Net Security)​​ (Enterprise Networking Planet​).
5. Stakeholder Alignment: Achieving buy-in from all stakeholders and aligning them with the Zero Trust principles is critical. This requires a coordinated effort to educate stakeholders, prioritize gaps, and ensure consistent understanding and application of Zero Trust principles across the organization (Deloitte United States)​​ (Guidehouse).

These challenges highlight the importance of a phased and well-planned approach to Zero Trust implementation, considering both technological and human factors. For more detailed insights, you can refer to articles from Help Net Security and Guidehouse.

Much better. The links in the bullets all work, but the ones at the end don't. The articles it references aren’t very detailed, so I wouldn’t say they’re stellar references, but at least there’s a pointer to outside material that discusses similar challenges. So, partial success.

I've found that when you're using ChatGPT to do research, treating it like a librarian and asking questions that follow up are the best way to gain confidence that the material is correct and find the supporting material, just as I did above. I'm sure you could wrap additional helper functions around an LLM to make getting references easier. But for now interrogation through chat is the best way to get comfortable with the results.

Notes

1. Yeah, this is really simplified and thus wrong, but it's directionally correct. For a better explanation, see What Is ChatGPT Doing … and Why Does It Work?.

Photo Credit: Older Man Talking to Robot Librarian from DALL-E (public domain) Prompt: draw me a rectangular picture of an older man talking with a robot librarian. Use earth tones.

Tags: genai llm chatgpt prompt+engineering

Summary: We held the 39th edition of Internet Identity Workshop last week. Like always, it was a great week.

The 39th edition of the Internet Identity Workshop wrapped up last week. We have 364 attendees from around the world who called 178 sessions. I can't begin to describe the energy of the identity community when they all get together to discuss their favorite topics. If you like identity, or simply want to be part of an enthusiastic technical community, you should come to IIW.

As you can see by the pins in the map at the top of this post, there were attendees from all over the world. Not surprisingly, most of the attendees were from the US (251), followed by Canada (18) and France (14). Germany, Japan, and Australia rounded out the top six with 12, 9, and 7 attendees respectively. Attendees from India (5), Columbia (3), and Chile (2) show IIW's geographic diversity. Sadly, there were no attendees from Africa again. Please remember we offer scholarships for people from underrepresented areas, so if you'd like to come to IIW40, please let us know. If you're working on identity, we want you there.

For states and provinces, California was first with 131 attendees. Washington (19), Utah (14), New York (9), and Massachusetts (9) made up the rest of the top 5. San Jose (20), San Francisco (16), Paris (12), Oakland (11), and Seattle (9) were the top five cities.

We'll have the book of proceedings out in a month or so with notes from the different sessions and descriptions of the 20 demos given during demo hour. Past proceedings are available here.

The next IIW takes place April 8-10, 2025 at the Computer History Museum. This will be IIW XL, number 40! We'll have registration open the first part of December. If you're interested in sponsoring, send me a note.

Tags: iiw identity

황현식 LG유플러스 대표가 7일 서울 용산구 LG유플러스 본사에서 열린 LG유플러스 AX전략 기자간담회에서 AI통화 에이전트 '익시오(ixi-O)' 관련 발표를 하고 있다.

정재룡(36) LX하우시스 청주구매팀 선임과 배우자 가미소(33) 부부와 네 쌍둥이. LX홀딩스는 구본준 LX그룹 회장이 9월 네 쌍둥이를 품에 안은 정 선임 부부에게 출산격려금 1억원을 전달했다고 7일 밝혔다. LX하우시스도 출산격려금 5000만원을 별도로 지급했다. 정 선임은 “네 쌍둥이는 기적이자 축복”이라며 “많은 축하와 관심을 받은 만큼 앞으로 건

Alexandra Mihai, The Educationalist, Nov 13, 2024

Interesting commentary on the state of research in educational technology today and what's missing. What's missing? Research that links theory through technology to needs and practices (so I summarize). Thus, Alexandra Mihai looks for "insights into how educational technology can enhance the learning process" and "how technology can contribute to addressing the increasing diversity of our learner population." Mihai also considers the impact of AI on the research process, suggesting "it's so important to maintain our agency in the research and writing process." I don't think education as a discipline has come to terms enough with how people actually learn, which (to me) explain the persistence of the sort of teacher- and institution-focused approaches Mihai asks for here.

Vinay K. Chaudhri, The Hechinger Report, Nov 13, 2024

This is an idea straight from the 50s but expect to see more of the same as companies wrestle with how to make their publications relevant in the age of AI. Vinay K. Chaudhri beghins with a reaffirmation of the importance of textbooks (as "a carefully curated body of knowledge... nearly 100 percent accurate... (and) the view of an expert educator"). Needed now, though, is "authoring textbooks so that their concepts can be read as computer code." How? Back to the 50s - a controlled vocabulary. "Textbooks, using the discipline of knowledge engineering, can support the curation, preservation and learning of all forms of human knowledge." Next up? I guess it would have to be the unification of the sciences.

도널드 트럼프 미국 대통령 당선인이 취임과 함께 강력한 ‘미국 대개조’에 나설 것으로 전망되는 가운데 일론 머스크 테슬라 최고경영자(CEO)가 대개조 작업의 컨트롤타워 역할을 맡게 됐다. 트럼프 당선인이 13일(현지시간) 성명을 통해 머스크 CEO를 정부효율부(Department of Government Efficiency)의 수장으로 내정했다고 밝힌 것이

The 6th Annual State GILS Conference will be March 31-April 3 in Raleigh, North Carolina for all interested in "Access to State Government Information."

Forgoing watching Arnold at the RNC last night, I tuned in instead to the streaming video keynote from the Apple Expo 2004 in Paris. It was the first public demonstration of the Tiger OS and several other hardware and software products. For something to really rock your world, take a look at the new IMac G5.

구본준 LX그룹 회장의 장남인 구형모 LX MDI 대표이사(부사장·사진)가 사장으로 승진했다. LX홀딩스는 구 대표의 사장 승진 등을 골자로 하는 2025년 정기 임원 인사를 실시했다고 13일 밝혔다. 구 사장은 2022년 12월 설립된 LX MDI의 초대 대표이사를 맡아 회사 경영을 이끌어 왔다. LX MDI는 그룹 차원의 미래 준비를 위한 경영

No in-house dev team? No problem. With our newest On Demand Development Service Add-On, our expert team of WordPress developers will be on hand to help you with anything you need, from simple CSS issues to building custom functionality. Need help with expanding the capabilities of the Forminator plugin so it caters to your specific […]

Great news for agencies, developers and freelancers! We’ve heard that while many of you love our Webmail service, the 5GB storage limit is getting tight. That’s why we’re introducing our new range of expanded Webmail plans to help take your email capabilities to the next level. More Space, More Flexibility, More Power We’re expanding our […]

Can you imagine a Prius with a big, honking V8 engine stuffed under the hood? Neither can we buy Top Gear says it's happening.

The post Top Gear Exposes Plan To Convert EVs To Piston Power appeared first on CleanTechnica.

Puerto Rico has been in the news lately after a so-called comedian at a Republican campaign event referred to it as cesspit of human garbage floating in the Atlantic Ocean. Nearly a decade ago, after Hurricane Maria devastated the island, a US president gave Puerto Rico the back of his ... [continued]

The post Solx Will Manufacture Solar Panels In Puerto Rico appeared first on CleanTechnica.

This Luckeep X2 Stormtrooper E-Bike is Awesome We’ve tested a lot of electric bikes. I like some for certain reasons, others for other reasons, and some I really don’t care for much at all. I have to say that one thing I’ve found over the years is that e-bikes seem ... [continued]

The post Exploring the Luckeep X2: A High-Performance Urban E-Bike for All Terrains appeared first on CleanTechnica.

Toyota is already complaining about the state of California and CARB as it seems an opportunity to shove its point of view down our throats.

The post Toyota Exec Says California ZEV Goal Is Impossible To Achieve appeared first on CleanTechnica.

Following Hurricane Helene, I had difficulty getting a dual-motor e-bike shipped to me in Asheville that I so wanted to review. So, as it went back to the company after more than a week of not being able to be delivered in devastated Western North Carolina, they shipped me another ... [continued]

The post The Extraordinary Traction & Torque of LANKELEISI MG740PLUS Dual-Motor Electric Bike — CleanTechnica Tested appeared first on CleanTechnica.

Solar panels between the rails of train tracks is a new idea being tested in Switzerland by start-up Sun-Ways.

The post Swiss Experiment Will Place Solar Panels Between Train Tracks appeared first on CleanTechnica.

This year, the U.S. has faced extreme weather, including record heatwaves and intense hurricanes, like Idalia, causing widespread disruptions and power outages. In August 2024, Hurricane Idalia alone left over 2.4 million homes and businesses without power​. As these natural disasters become more frequent, the vulnerability of traditional electricity grids ... [continued]

The post BLUETTI Unveils Elite 200 V2 Power Station: 17-Year Battery Life for Resilient Backup During Extreme Weather appeared first on CleanTechnica.

JavaScript is a requisite and a crucial part for developing WebPages and Websites whether it be a professional website or a simple page or whether you are  an experienced developer or a naïve person JavaScript is a must for Web Development. In this day and age , JavaScript Framework have become extra specialized and powerful …

Six Eccentric Compact Javascript Frameworks at a Glance Read More »

If you want to build mobile applications with use of extensive HTML5 then DHTMLX Touch is a JavaScript library mobile framework that can help you achieve this. So next time when you plan to develop a HTML based mobile web app then do not forget to consider this free open source DHTMLX Touch JavaScript framework …

DHTMLX Touch – Best Mobile Framework for all Touch Screen Devices Read More »

Everybody loves to enjoy the look and feel of the Lightbox JavaScript Effects and since the time of innovation of the Lightbox Script there have been several Lightbox clones that are generated for the famous JavaScript Libraries. Lightbox is a jQuery and Ajax solution for showcasing the images and other content on the web page …

Add WOW-SOME Lightbox Effects with jQuery and Ajax Lightbox Plugins Read More »