← Back to context

Comment by rfoo

2 days ago

... which means automation was not setup correctly and 90 days is still too long that you just tolerated it. If it was 6 days after a few turns you would have decided "fuck it I'm going to spend time fixing it once and for all".

7 comments

rfoo

Reply
jonas21  2 days ago

Or perhaps, "I'm going to give up and switch to gmail once and for all"

  • dingnuts  2 days ago

    there are other email providers, you know. the choices are not "do it all myself" and "be Google's product."

    • bolognafairy  2 days ago

      How could the person you’re replying to have reasonably phrased their comment to avoid this snark from you?

      I’m 1,000% sure that they know what you’re trying to espouse. Nowhere in the comment does it say “here is an exhaustive list of hosted email providers”. It’s a JOKE.

likeabatterycar  2 days ago

These are the attitudes we get when we have a WebPKI cabal drunk on power.

  • ocdtrekkie  2 days ago

    Unsurprisingly the 100% true comment in here is gray: PKI is breaking the Internet and because the PKI folks have literally no guardrails of any kind, they're committed to breaking it further despite still virtually zero benefit from constantly making the Internet more fragile.

    But hey, there's an upside: When they finally break this toy badly enough, everyone will finally evict the CAB from their lives and do something else.

    • KronisLV  1 day ago

      > They're committed to breaking it further despite still virtually zero benefit from constantly making the Internet more fragile.

      I think that shorter cert lifetimes and the push for more automation is a valid direction to look in and work towards. But at the same time that means that there's a certain skill floor and also certain tech that you need to have in place to be able to work with all of that.

      Back in the day, you'd just have someone sit down once in a year, move a few files around your server and call it a day. With the current trends, that won't really be possible, at least not for any of the certs that you can get for free.

      For my public facing stuff, I just bit the bullet and went through with the automation (certbot is nice, mod_md is okay, Caddy is great), but for my personal stuff I settled on running my own CA and self-signing stuff. If I want a 10 year cert expiry for something that I don't really care that much about, I'll go ahead and do that because I'm in control. The server itself is unlikely to survive for long anyways and other development stuff is more likely to break first, so I'd rather spend my time there, rather than on automation that I don't need. Plus, mTLS is suddenly easy to do as an added security layer if I ever need to expose something to-the-outside-but-actually-just-for-myself-when-on-the-move.