Given that automating things like this is annoying sometimes, you’ll be sure people will max out the 45 days…
I know from professional experience that this is a stupid as fuck idea that leads to outages. One of the many reasons I’m working to automate those annoying ones.
Also, don’t let perfect be the enemy of better.
Lol, never had to buy a cert huh?
You’re still buying a year or more at a time, no matter the lifetime of the cert itself. Even if the cert lifetime was a week, you’re still buying the same product, no matter how many times you rotate it.
Personally, yes. Everything is behind NPM and SSL cert management is handled by certbot.
Professionally? LOL NO. Shit is manual and usually regulated to overnight staff. Been working on getting to the point it is automated though, but too many bespoke apps for anyone to have cared enough to automate the process before me.
And you still
can’tcan self certify.
Skill issue, you’ve always been able to self certify. You just have to know where to drop the self signed cert or the parent/root cert you use to sign stuff.
If you’re running windows, it’s trivial to make a self signed cert trusted. There’s an entire certificate store you can access that makes it easy enough you can double click it and install it and be on your way. Haven’t had a reason to figure it out on Linux, but I expect it won’t be super difficult.
note that the max duration was reduced from 3 years to 398 days earlier this year)
I’ve been dreading this switch for months (I still am, but I have been, too!) considering this year and next year will each double the amount of cert work my team has to do. But, I’m hopeful that the automation work I’m doing will pay off in the long run.
So, if you would, help me out with the ‘why’ part
It eliminates a single point of failure, can be used to bypass censorship, and allow for community support/engagement in a way that is harder to track and suppress (in that there’s no ‘central’ hub and you have to go after nodes individually. From an opsec point of view, you’re still broadcasting a signal that someone in range can pick up). Obviously it requires many devices to make a good mesh work, but short of DOSing every channel or just blowing out the signal space, it’s gonna be hard to take that down.
I see it as something like tor or i2p, not something for general use at the moment, but definitely has good uses.
There’s not really too much of a debate, just a lack of deep understanding of how the infrastructure works under the hood.
The other person (rightly) doesn’t want to share their local network (what’s behind your wifi router) with their neighbors. My only point was that, much like current ISPs, you don’t share any networking with your neighbors. The only thing remotely close to ‘shared’ would be the individual uplinks (your ISP connection) from each residence to the (shared) networking gear of the ISP.
A local ISP and a Telco aren’t (shouldn’t) going to be handling the base networking layer any differently. They’ll all have individual connections between them and subscribers, and the only way that I could get into your network is to setup services and configure either side to talk to the service on the other.
To actually ELI5 (which I am exceptionally bad at with actual 5yos), Alice and Bob both get their toys from Charles (Telco ISP) who charges a lot of money, and doesn’t treat them well when they try to use the toys they got. Dan comes a long and works with Ed and Fred to set up a local toy store and try to treat customers better. Bob (irmadlad) is concerned that the new local toy store means he’ll have to share the toys he bought with Alice, not realizing neither store makes you share your toys.
why would I want to hook my uplink to someone else’s network
Well, the biggest reason I could think of is that you want to access the Internet.
Your local network is only as good as the services you run, and most people don’t self host. If you choose not to hook your uplink to your ISPs network, you’re not gonna be able to do all that much.
Oh I get how it would all work, I’m not into sharing my network.
See, I’m struggling to think that you do. You’re not sharing your network with anyone. You’re just hooking your uplink into someone else’s network, who will take as much (or more, given how fucky current ISPs are) care to keep you and your neighbors from talking to each other without your own config letting it happen.
There is a user here that mentioned he is in funding talks for a local, independent ISP. I’m not really sure I’m ready to be connected to my neighbors intimately. Good fences make good neighbors.
Why do you think an independent ISP would operate any differently at the networking level on a per-customer basis? This is basic network segmentation, and my home gear can do that pretty easily. Throw each customer on their own vlan that’s a /30 and they can’t do anything more than talk from their node to the central router.
Good firewalls make good digital neighbors, and an independent ISP isn’t going to survive long if Alice can access Bob’s home network over the ISP without having something specifically configured in Bob’s network to allow that.
How do you 3d print a rubber gasket/seal?
Given how cheap flash storage has been for years, this is an intentional design choice. They wanted it to be server side only, likely for data collection purposes.
Gods, I fucking hate this so much. I’ve got a ninja blender that the lid seal is broken, and the lid alone is like 50-70% of the cost of a whole new unit. It’s ridiculous how impossible it is to find replacement parts for simple things anymore.
Top 10 reddit moment: worthless agreeing meme response to an unhelpful comment that doesn’t even answer the question asked.
Some hobbies have minimal levels of skill/knowledge/equipment to properly do them, and I’d argue that self hosting is one of them. You can say people are hostile to beginners, but I might say people are trying to save them from themselves by not just telling them how to slap shit together so they can put it on the Internet and get owned by Internet Background Radiation in a short period of time.
My personal opinion is that beginners are too over confident in their skills or expect setting things up is like setting up an online account, and expect everything to be ready for them to install in their preferred method, and get upset when people tell them they need to upskill to be able to accomplish their goal.
An example of this is a conversation I had with someone online about some docker distributed app, and people were trying to get the person to use docker like the install doc says instead of trying to figure out how to just install it directly into the OS, because that’s the way they’re used to doing stuff and they were determined they weren’t going to change now despite the software author’s supported path not including direct install. If the person was willing to learn docker (which is not very difficult if you can follow a tutorial and use compose files), they’d be able to quickly accomplish what they want while also opening more doors for them in the future.
My hero, thank you!
Can I ask how you do that? I have some debian and fedora boxes I should configure for that
Good luck arguing that a missed config counts as an ‘unforeseen issue’. If they go that route, people will be all over them for not being SOC compliant wrt change control.
Minimum. We get through digicert at work, and we abuse the hell out of our wildcard and reissue it tons of times a year. You’re buying a service for the year, not an individual cert.