Why not for them?

The US already has a military base in Greenland. What more would "owning it" achieve?

Bankruptcy laws and numbered companies make this way to easy as well.

I am curious as to why you do not make the same concession for governments? Is it not also just humans working together?

The main issue I can see is dosage. They start you up WAY too high. And the steps are not granular enough. For Adderal XR (a cocktail of 4 different amphetamines in a long release package ), the dosage are 5-10-25. Maybe there are some between 10 and 25, but that is a huge step. For me, 7 or 8 would be ideal, but 10 is too much.

Like the famous saying goes: if you boss is paying you minimum wage, it means he would pay you less if he could.

Due to the nature of the service, I give them a bit of leeway and instead judge on how fast they respond to abuse reporting.

You are right: https://micromorts.rip/

Good one.

I would contest that statement: "That is a remarkably safe environment already."

It is, for most, the riskiest of the normal things people do regularly ( except maybe handling firearms in the USA).
- https://nrich.maths.org/articl...
- https://www.cdc.gov/nchs/fasta...

Unrelated to your message, but I think I may have shamelessly stolen your "Old man yells at systemd" without realizing it.
Great line.

For the record, I agree with you on the security theater here. I have a hard time understanding their reasoning.

On the actual technical "solution", I have yet to encounter a situation where this does not work if a) the registrar/dns provider supports API access and B) you can get a cname pointed to a domain you control in the zone you do not control.

The way this works is that when doing the verification, you tell it to check a specific sub-domain. This subdomain is a cname that points to a domain you control. The api call creates a temp txt record with the validation record in the zone you control. Letsencrypt then checks the domain, follows the cname, gets the record, validates and issues the cert. The temp record is then deleted. You can even do wildcard records and avoid exposing a http endpoint this way.

I'll bite: How do you automate this with java applications and jks ? (in a secure way)

I assumed you already looked into it, but ACME has a way to use DNS validation with a totally unrelated domain. Just need to add an CNAME entry to the original domain to a domain you control. Then the DNS validation can update the domain you control while renewing the domain you don't control.

Christians, amiright?
But seriously, we would have done well if people had been honest about what they think: killing up to 1% of the population to avoid economic suffering is acceptable. Once we agree on what we are really debating about, then maybe, maybe meaningful progress can be made.

You are intentionnally focusing on the distance and not distancing. Distancing is proven to work by, well, physics. The amount of distancing that is effective is up to science. I think 6" was a good compromise, even if it is 20% improvement on outcomes.