- AyeshMicrosoft had a very fair shot at redeeming themselves, but with how Teams, GitHub and all the AI crap they push into GitHub and Windows, it's clear they have not changed one bit.
- I know that HN replies must carry some substance, unlike majority of Reddit comments. But I wanted to say that this comment read line a poem to me.
- Local meetups are very easy to get selected into, and they often have two or three speakers lined up, with a balance of speakers they know and are experienced, and new speakers.
Most of the time, the organizers are squeezed to find a speaker, so you are pretty much guaranteed to be offered a slot if you just ask the host.
- I imagine it'll go against your talk getting into the shortlist.
But there are some conferences that ask and respect your preference whether you'd like the video recording to have your face or just the audio. But I have yet to see a conference that go as far as asking the audience to not take photos of the presenter, so it's pretty much moot if you do not want your photos published at all.
- To prove a very important point, that EV certificates are broken, someone obtained a "Stripe Inc." EV certificate by registering a company in a different state.
https://arstechnica.com/information-technology/2017/12/nope-...
(The original site is no more, but this Arstechnica article has screenshots and a good summary)
- Considering how many ACME clients are available today with all sorts of convenient features, and that many web servers nowadays have ACME support built in (Caddy, Apache mod_md, and recent Nginx), I believe that people who don't automate ACME certificates are the people who get paid hourly and want to keep doing the same boring tasks to get paid.
- https://github.com/letsencrypt/boulder
You can find a docker-compose.yml file to get some idea.
Appears to be using MariaDB.
They shut down OCSP responders and expiry email reminders, so there really is no need to have a database apart from rate limits, auth data, and caching.
For Certificate Transparency, they are submitted to Google and CloudFlare run trees but I don't think LetsEncrypt run their own logs.
- As someone else mentioned, it's a non-profit, so I guess it's not technically possible to get acquired.
But I personally believe that the people behind LetsEncrypt genuinely care about the mission and will never sell out for their personal benefit.
If there was a list of organizations that bring the most impactful things to tech per each dollar received in donations and per each employee, ISRG will be up there at the top.
- It's been a long time so this is my fading memory, but CAs used to generate a private key on their end and let you download both private key and the certificate containing the public key. The non-technical person who paid big money for the certificate then emails the zip file to the developer. That's when StartTLS wasn't that big back then either.
Just comically bad way to obtain certs.
- This must be how winning in life feels like. I wish your family good health.
- the MySQL extension was dropped in PHP 7.0.
- iOS shoots HEIF natively I think.
Raw photos probably are shot in DNG. DNG "images" are popular for raw images because theyb can be losslessly converted from to the camera raw formats like the Nikon's, and DNG is open source and royalty free.
- Thank you. The linked third party article is a terrible incomplete rehash.
- Canonical URLs come to the rescue.
- > Everything after the '?' character.
It only strips known tracking parameters b(like those utm_ query params). It does not remove all parameters; if that's the case, YouTube video links will stop working.
- It's a typical pattern in, say react, to have just this scaffolding in the HTML and let some frond end framework to build the UI.
- Yes, I'm just as curious as you on _why_ does a staging setup needs the same amount of resources as prod.
All of my staging setups are on a ~$15 Hetzner server, with a GitHub Action to `docker compose build && docker compose up -d` remotely, with an Apache service with a wildcard certificate and dynamic host names. We have 3..n staging setups, with each PR spinning up a new staging site just for that PR.
It's been working with us for years, for a team of 10 developers.
- It's not better.
Short lived certificates are definitely the better way forward.
24 hour certificates will add a significantly more load on CAs, a lot more than maintaining an OCSP responder.
- If the certificate was issued with must-staple flag, then the server can refuse to connect if the handshake did not include an OCSP response.
web servers can refresh OCSP responses in the background and cache valid responses to add some tolerance against temporarily downtimes in the OCSP server.