• 0 Posts
  • 159 Comments
Joined 1 year ago
cake
Cake day: June 29th, 2023

help-circle

  • gencha@lemm.eetoLinux@lemmy.mlMy latest Linux-convincing story
    link
    fedilink
    arrow-up
    46
    arrow-down
    1
    ·
    1 month ago

    How do you sell what you did as “it just worked”? Rightaway? You lied to them. You have your coworkers on an unmanaged machine with a foreign OS on the guest WiFi with custom networking. Don’t oversell a workaround as a solution.

    Simplifying the problem to “Windows” seems unfair, given how many problems you found. All of them still require a long-term solution for regular operation.














  • Building houses is probably generally allowed, but not an easy solution.

    Someone who migrates to another country, to work there in a regular job, can get a regular apartment. But everyone wants to live where the living conditions are best. You can’t build infinite housing in those locations, and the increased demand drives prices.

    Someone who seeks asylum is in an entirely different situation, and housing them is a different challenge. Building a house in a nice place costs 10x what it costs in a remote country region. But now people have nobody to integrate with and less social options.

    Any house being built costs money. Building houses for people who are still in search of employment is a bad investment. Nobody wants to build those houses. They want to build the nice houses in the nice places that will gather lots of rent. If you want to have the houses anyway, because maybe the people are already here, you probably have to use taxes for it. Some citizens will never be able to accept that, creating conflict.




  • I actually agree. For the majority of sites and/or use cases, it probably is sufficient.

    Explaining properly why LE is generally problematic, takes considerable depth of information, that I’m just not able to relay easily right now. But consider this:

    LE is mostly a convenience. They save an operator $1 per month per certificate. For everyone with hosting costs beyond $1000, this is laughable savings. People who take TLS seriously often have more demands than “padlock in the browser UI”. If a free service decides they no longer want to use OCSP, that’s an annoying disruption that was entirely not worth the $1 https://www.abetterinternet.org/post/replacing-ocsp-with-crls/

    LE has no SLA. You have no guarantee to be able to ever renew your certificate again. A risk not anyone should take.

    Who is paying for LE? If you’re not paying, how can you rely on the service to exist tomorrow?

    It’s not too long ago that people said “only some sites need HTTPS, HTTP is fine for most”. It never was, and people should not build anything relevant on “free” security today either.


  • gencha@lemm.eetoSelfhosted@lemmy.worldPaid SSL vs Letsencrypt
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    16
    ·
    2 months ago

    People who have actually relevant use cases with the need for a reliable partner would never use LE. It’s a gimmick for hobbyists and people who suck at their job.

    If you have never revoked a certificate, you don’t really know what you’re doing. If you have never run into rate-limiting issues with LE that block a rollout, you don’t know what you’re doing.

    LE works until it doesn’t, and then it’s like every other free service on the internet: no guarantees If your setup relies on the goodwill of a single entity handing out shit for free, it’s not a robust setup. If you rely on that entity to keep an OCSP responder alive for free so all your consumers can verify the validity of your certificate, that’s not great. And people do this to save their company $1 a month for the real thing? Even running the shitty certbot in compute has a larger cost. People are so blindly in love with this “free” garbage. The fanboys will never die off