Hacker News new | more | comments | ask | show | jobs | submit login
Federal HTTPS domains that'll expire soon because of US government shutdown (techcrunch.com)
240 points by jmsflknr 37 days ago | hide | past | web | favorite | 213 comments

Disclosure: im a full-time diesel engine mechanic.

my shop was due for a round of vessel inspections for our waste and fresh oil holding tanks last friday, but, no EPA. Without these inspections we can not technically order new oil or have oil recycled, because the EPA signoff is required as part of cradle-to-grave handling of hazmat substances.

so how do we get around it? we now have half our back parking lot filled with 55 gallon drums of waste byproduct from engine work, which can be shipped without an EPA cert to recyclers. This is also outright illegal if it gets big enough, but we've been declaring it as required by the EPA. since we cant schedule a formal review of that either, we confirm the storage with their hotline for doing so, and since thats not staffed and the voicemail box is full, I have been mailing Kodak pictures and printed descriptions of the storage.

our full-site inspection is due feb 2nd...without it, the federal government (if it were running) would cite us for a flagrant violation and shut us down. The guy who does that inspection called us and confirmed hes quitting to work for...of all places...the company that recycles our oil.

>The guy who does that inspection called us and confirmed hes quitting to work for...of all places...the company that recycles our oil.

This type of thing is one part of the story that not enough people are focusing on regarding the shutdown. How many people are going to come back to these jobs once the shutdown inevitably does end? Odds are these "nonessential" government departments will be crippled for years by the loss of both experience and manpower.

One of the things that needs to be understood is that this is intentional.

The Grover Norquist "drown it in a bathtub" contingent of the Republican party is large, influential, and for them, this is not at all unfortunate collateral damage in pursuit of The Wall or something. The crippling of public institutions (if not outright dissolution) is part and parcel with the ideology.

And that's even if you don't believe that the executive branch may have been compromised by a foreign power interested in weakening and destabilizing the United States.

It's really disappointing to see how much the executive branch is getting away with.

A surprising amount of the American political system was built around our natural human desire to avoid being shamed. Once you have a political figure who is shameless all the rules chance.

A figure? Seems to me many in Washington were shameless before Trump, when they can lie to people about death panels so they can deny them healthcare, or "we need to tax the rich less!", etc. Or announcing support for a policy and denouncing it after taking lobbyist money...

There's everyday politicking, and then there's Trump.

I'm a centrist but I saw as early as 2015 that shame was being overused. Shamelessness should be an expected escalation.

Agreed, the fact that they have sprawled out to include all of these unchecked executive agencies with non-essential bureaucrats on payroll deciding the day-to-day of American life without any checks is appalling.

Without any checks or oversight at all! Shameful!

Well, OK... there's obviously one little check. Like, the staff of these organizations are literally not getting paid right now because of a funding impasse. So, obviously there's some regular oversight about who gets what kind of funding.

And come to think of it, all these organizations and jobs were created by act of congress and/or executive prerogative, with scope prescribed by the relevant orders and law.

But who are congress and the executive accountable to anyway? And who writes these so called "laws"? Who are the laws accountable to?

Wait. They're written by members of congress? And carried out by the executive? Huh. OK, but other than that, totally unchecked! Again, who are "congress" and the so-called "president" accountable to? Who made them "officials"?

Oh, yeah. Voters.

So actually, there isn't any defensible sense in which one can say "unchecked" at all, actually.

Now that we're here, it's almost as if the only way one could use the term "unchecked" is if they're not using language in an attempt to actually describe the world, but out of intent to characterize inaccurately without a supporting argument. Propagandize. Or, I suppose, if one had already had one's mind hijacked by such propaganda.

But who would suspect that someone named "rattlesnakedave" might actually be engaging in that sort of commentary?

It's not though. Vetos can easily be overridden by the legislative branch so this is coordination between executive and the Republicans of the legislation.

"Trump is doing this and is unstoppable" is a false narrative and is the reason that "Trump is compromised by Russia" is a senseless explanation.


> The guardrails Paul Graham put in place are beginning to break as Hacker News ages and the immigrants are able to use the downvote button.

...seriously? Give me a break.

A flippant reply instead of engaging my comment. This is exactly the reddit-like behavior Paul Graham was worried about when he added those guardrails. Don't worry, I'll give you a break, along with the other commenters that made Hacker News the shining star it used to be. Hacker News isn't the only tech forum for sober adult discussion.

Fearmongering like this does not for a reasonable argument make. Especially when you're invoking language like calling people you don't like 'immigrants'.

Why do you seem to imply that "immigrants" is derogatory? I'm an immigrant. I'm not proud of being an immigrant but nor am I ashamed of it, it's just a characteristic.

Redditors moving to hackernews can be called immigrants as they behave much in the same way. They have their own culture and background which they bring with them. Of course, they may assimilate but it doesn't seem to be working too good lately.

I personally have wound up on hackernews maybe 5 years ago, but I have definitely seen a decline in discourse over the last three years or so specifically.

I generally don't interact much as I often feel like there are people far more knowledgeable on a particular topic than myself and my comments would be little more than noise. You seem to have taken a similar path with most comments being on political topics, with echoes of champagne socialism.

Fundamentally, I came here for the technology. I understand that discussions of politics are inevitable on this post in particular, yet I dread the day when the comments will be reduced to "orange man bad" as is the case on Reddit.

Perhaps, I am just afraid of progress.

> Perhaps, I am just afraid of progress.

No, you're getting older and more mature even as the HN audience becomes younger and less so. It reminds me of the original "rage comic" subreddit which was devilishly clever until it became popular, and you could see in real time as people started talking about issues that affect younger and younger cohorts, until I finally saw boring middle-school drama in the subreddit (long after I left).


> spouts the exact same half dozen talking points while actual policy positions are deliberately obfuscated.

This is exactly what happens with both parties. It's a byproduct of the party system.

Republicans: small government, better business environment, etc

Democrats: strong social safety net, everyone pays their fair share, etc

I think it's interesting to think about this in the context of term limits.

Athenian offices were strictly term-limited, except for the position of general. People apparently felt that having military experience in that role was more valuable than the benefit of term limits would make up for, and it's hard to blame them for that.

But the general, able to serve for life, the only island of stability in the government, accumulated all the political power. This mostly defeated the purpose of having term limits on any office.

American presidents are term-limited, but American political parties aren't, and policy -- in terms of the solutions, but also in terms of the questions that get asked -- is set by the parties. I think this is more than just a coincidence.

On the other hand, Senators and Congressmen are not term-limited, but they don't seem to accumulate much in the way of political power.

A big part of the problem is that congresspeople can’t hire and retain good staffers long-term - the pay isn’t good enough and cost of living in DC has gone up drastically. This hamstrings Congress - they can’t really develop their own solutions and are forces to rely on outside sources for legislation. On a related note, did you know that more money is spent by businesses on lobbying than the federal government spends on all of Congress?

(Also, senators are congresspeople.)

> (Also, senators are congresspeople.)

Maybe so, but "Congressman" is the title for someone who sits in the House of Representatives, while someone who sits in the Senate is a "Senator".

At least a few of our Senators think they have all the power. Senator McConnell, for one immediate and obvious example.

I would say this is very much NOT the case for the Democrats. The Democrats have at least two factions (Bernie/AOC/etc vs. the established Democrats) that really don't agree with each other on a number of issues.

The Republicans are far more unified. It is both their strength and their weakness.

That really hasn't been the case for a while - Boehner couldn't get his party to come together for anything

>The Republicans are far more unified

Or not. What about the Trump faction vs. the RINO's.

I don't know of any RINOs in Congress. Locally the story might be different, but even so I stand by my assertion that Republicans are far more unified than the Democrats (as the Democrats are split federally as well as locally).

Romney, Collins, and Murkowski are RINOs. Previously, McCain and Flake were.

Republicans are split: libertarian, nationalist, religious

> What about the Trump faction vs. the RINO's.

There are factions in the Republican Party, but for various reasons they are much more prone to have the non-dominant faction submit meekly to the dominant faction in terms of most actions in government, and even most public statements outside of contested primary campaigns. And even there the actual policy disputes are often not front and center.

It's mostly true but there are definitely counterpoints. The late Senator John McCain is an example. He was the only reason the Affordable Care Act still stands, since it was his vote and his vote alone that rejected the attempt to wipe it out last year or the year before.

Well, he and the other two Republicans that voted against it. He got all the press as the deciding vote, but it required all 3.


What are you talking about? These people are still in office by election. The Republicans gained seats in the Senate. There is a large portion of the country that thinks the Republicans are fine and that Democrats are the problem.

Last check, 56% blame Trump, 36% blame Democrats. https://www.bloomberg.com/news/articles/2019-01-14/trump-too...

Given the midterm senate votes (59.3% D, 39.1% R), that can be easily squares with most Democrats blame Trump and most Republicans blame Democrats.

Which brings things back to the substantial advantage that the more rural states give the Republicans in the senate, which would have a good shot and ending the shutdown if they wanted to.

I'm also disappointed by progressives who don't acknowledge the role of the legislative branch in all of this, starting with Paul Ryan endorsing Trump back in June 2016.

yup, it's pure politics.

Trump could have gotten his wall when republicans had both the house and the senate. He didn't push it because not enough republicans wanted it I guess, and he wouldn't shutdown the government based on his own party not funding the wall.

Now that the dems have the house, he (and the republicans) can just blame the dems. But if congress really wanted to end this, they can just pass a budget with enough votes and override the president's veto. But instead, the republicans sit back and blame the dems, without having to admit to trump's base that they don't want a wall.

It's reprehensible.

Easy solution, the Dems can help fund the wall and the shutdown is over. Why not? They've repeatedly says walls don't work anyway, and the cost of the wall is a rounding error in the federal budget.

it’s not the cost really. although it will easily balloon to 5x the cost (initial overrun plus maintenance) it’s still too small to care about. the shutdown has probably already cost more than the nominal wall cost.

the problem is it’s a symbolic, umm symbol that is hard to walk back from.

another problem with your argument is that it’s blame shifting.

Wow Grover is lucky that the new House leadership agreed to work with him on this dastardly plan. What was the fig leaf they came up with? Something about a shovel-ready project in Texas and New Mexico?

I love it, that somebody decided to have a contest of stubbornness with Donald Trump. When we wrestle with pigs...

I hope the shutdown ends soon so I can pay taxes.

Congress can end the shutdown tomorrow, if 2/3rds of the House & Senate are willing to vote on a spending bill. The executive branch is unnecessary.

They shouldn't agree with something that no one wants.

They could have passed it when the Republicans were in Congress.

> if 2/3rds of the House & Senate are willing to vote on a spending bill.

Only if the House and Senate leaders decide to put the vote to the floor. Even 100% (less one) support is powerless if they can't vote on it.

“Direct Pay is continuing to process payments as normal during the government shutdown. Continue to make your tax deposits and payments according to your normal schedule.” —directpay.irs.gov. Of course.

Strange, last I checked there isn’t a bill on the President’s desk. The shutdown has now cost more than Trump wanted to spend on border security to begin with.

If it wasn’t clear that everyone here is just playing politics, it should have been after Nancy’s letter to Donald about the SOTU.

But your last paragraph says it all. If you believe, without any evidence, that the President of the United States is a foreign agent, talk about it on /r/politics please.

There isn't a bill on president's desk, because the Speaker of the Senate refuses to allow a vote on any bill that the president claims he won't sign (which includes the bill that Senate has passed originally).

Of course. And what’s stopping Congress from coming together with a compromise bill the President will sign?

Last year we had a bipartisan bill with $25 billion in Wall funding and DACA amnesty. Now he’s asking for $5.7 billion and has said he wants to negotiate.

There is a long, long prescedent of bipartisan negotiation in these matters. The new Speaker of the House has said she will absolutely not negotiate and claims border walls (which we have in spades already) are immoral and racist. Ok then!

Several days ago Donald met with Chuck and Nancy and asked if he signed a CR opening the govt for 30 days, would they take up wall funding and Nancy said No.

There’s nothing stopping either “side” from unilaterally taking a simple step to fully open the government. So logically everyone is to blame.

What, exactly, was stopping congress from coming together to fund the wall before the democrats came into power?

The answer: Absolutely nothing. The reason why they kicked this can down the road was solely for the purpose of using it as political leverage against the democrats. There was literally no excuse for not getting funding for his wall over the past two years. Except to use government employees as hostages.

There is no two sides to blame here. Republicans had the power to do so. They didn't. Now at the 11th hour they want to do it, so they can blame Democrats for not adhering to their outlandish demands.

Actually, they didn’t have the votes in the Senate. They still don’t without bipartisan support.

The funding Donald wanted is now less than the cost of the shutdown. $5.7 billion toward border security is not outlandish. Shutting down the government for 30 days absolutely is outlandish.

Objectively wrong. They HAD the votes in the Senate. There was absolutely nothing stopping them from employing the nuclear option to fund the wall. A simple majority was all they needed.

If they wanted to fund the damn wall, they could've funded it. You're right that shutting down the government for 30 days is outlandish, and it falls squarely on Republicans and Trump.

My understanding is that the so-called “nuclear option” was eliminating the 60-vote threshold only for Federal branch nominees and judicial appointments, not for basic legislation and particularly not the budget.

Eliminating the 60-vote threshold for legislation would destroy a massive part of what makes the Senate the Senate. It is stunningly worse policy than spending $6b on marginally effective border security.

But because Republicans didn’t do that, and Dems won’t vote for even $2 of Wall funding the only blame for the current shutdown is to Republicans. Do I understand your logic correctly?

No, your understanding was wrong. Please read up before you make claims about voting thresholds.

And Republicans have already eliminated said threshold for ramming through a supreme court nomination. I want to get this straight though: Your argument now is that parliamentary procedure was more important for Republicans than building the wall. A wall that they're claiming is a national crisis resulting in widespread issues. Enough of an issue to shut down the government over it.

If the wall was vital, then why didn't they employ the nuclear option (as was backed by Donald Trump, obviously) to build the wall. Why are are they, now that the Democrats are in power, demanding a wall be built?

And yes, the only party to blame for the current shutdown is in fact, Republicans. They had two years to build a wall. They didn't.

My previous statement seems to jive with the Wikipedia on the subject. [1]

I said Federal and judicial appointments. The Supreme Court is a judicial appointment.

Legislation has always been a 60-vote threshold to end debate in the Senate. It’s one of the cornerstones of the Senate.

I wouldn’t say Democrats are “in power” now. They took back the House and lost seats in the Senate. But the fact remains they have always needed Democratic votes to get to 60 in the Senate.

You say they should have voted it through with just 50 in the Senate. Which by the way they don’t want to do even now. I think that would have far worse long-term effects for the country, and many Democrats and Republicans alike agree.

You can obviously believe whatever you like. It’s your opinion, and I’m not trying to change it.

My simple observation was that right now, with the House and Senate that we have, with the rules and procedures that have been in place for centuries, both parties are equally capable of funding the govnernment in less than an hour if they decide they want to do it. It will only cost them ~$6b one way or the other. Either party is indisputably capable of ending the shutdown, but both as of yet have chosen not to.

[1] - https://en.m.wikipedia.org/wiki/Nuclear_option

And my simple observation, one that you seem to keep ignoring, is that they had two years to fund the wall. They had two years of full governmental control to pass a bill which could've allocated all of the funding they wanted for the wall. They could've done it during Reconciliation, they could've invoked the nuclear option, they had multiple opportunities to do so. If you keep reading the wikipedia article you can clearly see that there was nothing stopping them from employing it, outside of a lack of unity on the Republican party side of things.

You're effectively saying that Republicans holding the government hostage instead of employing the nuclear option in the past is far less damaging to the country than if they had lifted the parliamentary procedures. This is also ignoring the fact that there has been bipartisan clean CRs which have been outright denied by the Senate.

Can you explain why it would've been more damaging to the country than the current shutdown? I would like an actual explanation.

Talk about moving the goalposts! No, I don’t have any interest in a nuanced discussion with you around why I think that legislation in the Senate should pass a 60-vote threshold.

Whether or not Republicans could have funded border security Before is an interesting diversion.

Trump actually pushed hard for border security & wall funding the last time the govt was facing a shutdown, and he was convinced to sign a clean CR with the promise that border security would be addressed. It wasn’t.

So this time he has held fast. He is absolutely responsible for holding firm for a bill that has what he wants in it. He could sign a bill today without Wall funding and re-open the government.

Democrats in the House could also pass a bill today with $5.7b in Wall funding and the government would be open again in an hour. You have not disputed this as it’s indisputable.

Both sides are choosing to keep the government shut down.

Tomorrow at 3pm Trump will present yet another compromise proposal. He has at least been standing ready to negotiate this entire time, even through Christmas. He has said what he wants, as it’s a promise he made when he was running for election, and he is obviously willing to trade a lot for it. We’ll see tomorrow what his latest proposal is, and if and when Democrats will come to the table.

A rational negotiator, when the other side says “this is what I need to have” figures out what they need in return. If border fencing is “immoral” or “racist” then we have a lot of walls we better get bulldozing.

At worst Trump is saying he wants to waste $6b dollars on ineffective border measures. Well, by denying that appropriation, House Democrats have burned much, much more than $6 billion by now.

There are things you can ask for that cannot be bartered. He could be asking for a Constitutional Amendment of some sort. He could be asking for certain politicians to resign. He could be asking for actual racist or immoral things.

He’s asking for a border security appropriation to build 230 miles of wall in addition to the 690 miles that already exist. He wants to increase the border fencing by 1/3rd. He’s demanding this because a large number of people voted for him because he said he would do it.

This is something that can be traded for in a functioning democracy. I believe Democrats should put something commensurate on the table that they’re willing to trade for $6b in wall funding.

For example, the next Supreme Court nomination. If Ginsburg knew that Dems could fill her spot, perhaps she would be ready to retire. I think Trump would want $25b in Wall funding in return for that, but it’s within the realm of possibility. I think Dems need to get fucking creative and get to work on solving this, versus assuming a fake BuzzFeed scoop is going to solve their problem for them, or continue to play the optics as if the shutdown is good for Dems.

The last time the Dems played ball, it was around DACA. Trump and Republicans promised to fix DACA if the Dems agreed to some of their demands. The Govt shut down, Dems were somehow blamed for this despite a republican majority, and the end result was a bill [1] that gave Trump some of what he wanted, including border security funding. Then DACA never was put on the table because naturally, that's how they negotiate.

Acting like Trump is a rational negotiator is delusional. Why should the Dems ever bother listening to his demands when last time they negotiated, he backed out of the deal? And you're objectively wrong, again, on it being a clean CR.

[1] https://en.m.wikipedia.org/wiki/Consolidated_Appropriations_...

That is a clean CR in my opinion. No DACA and no new border wall. $1.6 billion for existing fencing and planning is status quo, not what Trump wanted, and certainly not worth any kind of quid pro quo amnesty.

I don’t think either side is a particularly good faith negotiator, but it’s totally beside the original point I made which you refuse to debate while continuously smoke screening with side shows.

You refuse to admit that the way the Senate has done legislative business for its entire history is at odds with your “despite a Republican majority” rhetoric. A Replublican majority is not sufficient to stop a Democratic philibuster in the Senate. That’s how the Senate works. If one party with at least 40 seats decides to filibuster, then they are responsible for the bill not passing. That is exactly how it has always worked in the Senate and any good faith debater would accept that the party filibustering is the party responsible for stopping the bill from going to the President’s desk, in that case, causing a shutdown.

I mean, if you blame Republicans for the Jan 2018 shutdown where Senate democrats were damanding a permanent DACA fix, and then relented, you know even the NYT disagrees with you [1];

Congress brought an end to a three-day government shutdown on Monday as Senate Democrats buckled under pressure to adopt a short-term spending bill to fund government operations without first addressing the fate of young undocumented immigrants.

[1] - https://www.nytimes.com/2018/01/22/us/politics/congress-vote...

Budgets can pass through reconciliation with 50 votes.

There's a very simple way to determine who is responsible for the shutdown: look at who is passing the bills to fund everyday workings of the government, and who is refusing to advance them without their riders.

What if I believe he’s a foreign agent with lots of evidence?

The FBI would sure be interested in talking with you, for starters.

Thankfully what I know is all public knowledge, so they can stick to talking to all of his criminal underlings and associates.

> Strange, last I checked there isn’t a bill on the President’s desk.

There isn't a bill on his desk because McConnell won't let it happen because Trump won't sign it. Your reading of this situation is incredibly simplified. Trump by virtue of McConnell is absolutely a big reason why we are in a shutdown.

On the other hand, I think we are finding out how “essential” some of these institutions really are. During this shutdown, besides these workers unfortunately not being able to work and get paid, normal life is still going on. Actual essential things are still happening. Armageddon is not happening. Sure, forms are not getting stamped in triplicate, and inspectors are no longer inspecting inspectors, but these are “paper and ink” problems.

As a taxpayer, I see that life is still going on while these jobs are not getting done and I might eventually ask, do these jobs even need to exist? What about my life changes if that stack of papers no longer gets stamped and moved into another stack?

1) Remember that many (almost all) government employees are working for free right now. So basically, those individuals are suffering so that you do not.

2) Many government agencies exist to do things that may not affect you personally. NASA does not do anything you'll be affected by - neither does law enforcement. Or border security. You probably wouldn't notice if your local fire department vanished for a few weeks. Until, of course, your house is on fire.

3) Those things that affect society as a whole (like... EPA inspections) take a long time to affect society but have huge costs down the road if not done (good luck cleaning up water sources, or dealing with your cancer caused by your poisoned soil).

4) Airports are starting to be affected first because these are among the lowest paying federal positions, so those employees are going to have to find other work the fastest.

The US Economy is losing points, fast.

You will feel this shutdown. You haven't yet because macroeconomics and bureaucracy happen on scales longer than a month.

You'll feel it in the missing percentage gains this year for your investment portfolio (or its complete annihilation if the contraction turns into a depression).

You'll feel it later this year when you try to sort some federal paperwork and it takes them 3 weeks longer than normal because everyone at the department is a brand new employee, or they never managed to recover headcount because nobody wants to work for the Fed anymore.

You'll feel it when you head to Joshua Tree and it's missing a couple more trees than it should be, and they haven't yet managed to scrub off all the spraypaint.

Give it time. You'll feel the pain.

The comment that started this thread mentioned how the shutdown is creating an environmental ticking time bomb in back of their shop. Just because you personally don't immediately feel the repercussions of the shutdown doesn't mean those repercussions don't exist.

I think their point was that the ticking time bomb is only caused by regulations, which they can no longer comply with. The situation would be better for them if they could just get the oil recycled from their typical tank, but they need approval for that, so they are falling back to using drums in the parking lot.

I doubt any of us trust companies to do the right thing most of the time, but I think we all agree some regulations are dumb, and a loss for everyone except the people whose jobs depend on them.

For clarity, I have no idea if the tank inspection is a dumb regulation. And I realize without the regulations, they'd probably be dumping the oil behind the shop somewhere which we obviously don't want.

Exactly. OP physically can get their oil recycled. The only reason they are not doing it is because the law requires an inspector to come and inspect and tick a checkbox. Without that requirement, there would be no ticking time-bomb. They could just recycle the oil, buy new supplies, and life could go on.

Same for the TSA. If the TSA disappeared overnight, we’d just get on airplanes and fly to our destinations like we did before they came around. We have long lines not because there are fewer agents, but because the law says an agent must process you and there are few agents.

The TSA is whatever, but do you honestly believe that if oil regulations weren't in place, you wouldn't see companies just dumping oil wherever they could? Like they've done in the past? Hence why the regulations exist?

States and localities can regulate dumping in their jurisdictions. No need to have the Federal government involved.

They could regulate dumping in their jurisdiction, but I think this is one scenario where it is a good idea for the government to step in and prevent people from dumping hazardous chemicals into vulnerable areas.

Unless you'd like to see what Flint Michigan but Worse might look like on a more national scale.

If the regulations were abolished, some companies would just dump the harmful waste products. Negative externalities are a real thing.

Obviously, regulations can cause problems or have significant issues, so we should continually modify them as necessary, to the best of our ability. This includes removing them if they aren't beneficial, or creating new ones.

The reason that person needs to come tick that checkbox is because less ethical businesses have shown time and again that they will dump the oil wherever is cheapest/easiest if there is no oversight.

Same with TSA. While they aren't perfect, we don't have bimonthly hijackings like we did 40-50 years ago.

You realize TSA didn't even exist until George W. Bush in 2001. It's also not unheard of for TSA to screw up[1]. I'd also be very interested in where your data of "bimonthly hijackings" comes from.

[1] https://www.nbcnews.com/nightly-news/video/atlanta-tsa-offic...

The US had a huge number of hijackings in the late 60s through early 70s [1]. There has not been a single hijacking or terrorism related death on a commercial airliner in the US since the TSA was created. The TSA doesn't deserve all the credit there as other post-9/11 security changes were implemented at the same time, but you can't just hand wave away their role in that unprecedented streak of safety.

[1] - https://www.wired.com/2013/06/love-and-terror-in-the-golden-...

> The US had a huge number of hijackings in the late 60s through early 70s [1].

And very few after that (two in the 1980s, with a couple attempts in the 1989s and 1990s) because of the first round of airport security rules adopted immediately in the wake of those and the tightening permanently applied during the 1990 Gulf Crisis.

> The TSA doesn't deserve all the credit there as other post-9/11 security changes were implemented at the same time, but you can't just hand wave away their role in that unprecedented streak of safety.

It's not significantly different that the period before 9/11, so it's not clear they the TSA and other post-9/11 actions deserve any credit, and calling it an unprecedented streak of safety is hyperbolic.

You are correct that the TSA didn't invent airport security screenings, but they took them over, improved, and standardized them. They certainly aren't perfect but they have yet to have the type of catastrophic failures that occasionally happened before the TSA existed.

>It's not significantly different that the period before 9/11, so it's not clear they the TSA and other post-9/11 actions deserve any credit, and calling it an unprecedented streak of safety is hyperbolic.

First off, you can't just pretend like 9/11 doesn't count in pre-TSA security stats. Four planes were hijacked within an hour of each other on 9/11 and zero have been hijacked in the last 17+ years? Those rates seem significantly different to me. Also can you find any stretch of US history in which commercial airliners have flown close to as many miles as they have over the last 17+ years in which there wasn't a hijacking? Unprecedented seems like a perfectly fine word to describe that streak.

> First off, you can't just pretend like 9/11 doesn't count in pre-TSA security stats. Four planes were hijacked within an hour of each other on 9/11 and zero have been hijacked in the last 17+ years?

Prior to 9/11, there were 14 years with no US hijackings (failed attempts are a different story) and 27 with no deaths on a commercial aircraft due to a hijacking. 17 years with neither hijackings nor hijacking related deaths is not a clear improvement that calls for credit anywhere. Since the 1980s, hijacking events have been so rare that it would take many decades under a give policy regime before and after a policy change before you couls have even remote statistical confidence that my quiet period

Really, since at least the 1980s, hijacking is so rare that it would take an extraordinarily long time to have even remote confidence that there was an increase in safety, much less of assigning a specific cause to it.

And, on assigning cause, if there was a reduction in hijackings post-9/11, well, there's a pretty good reason to think that al-Qaeda and the passengers of Flight 93 jointly might be responsible without any government policy as an intermediate cause.

Hijacking became something passengers would no longer be likely to accept as a “cooperate and noone gets hurt” event, which rendered it pointless as almost anyone has ever used it (even as al-Qaeda used it on 9/11, which while it doesn't factually fit that model clearly required for effect that people believed that it did.)

>There has not been a single hijacking or terrorism related death on a commercial airliner in the US since the TSA was created.

I have an anti-tiger rock to sell you.

We didn't have bimonthly jackings without the TSA in 1990s either.

Is there any evidence that the TSA has ever prevented a hijacking?

Except that without this inspection they could also pour the oil into the nearest river and no one would know. The inspection is there for a reason - to see that it is properly stored and recycled, at every stage of its life.

> I see that life is still going on

This may be something like the idea that life still goes on while you have 10% kidney function and for a certain amount of time after liver failure. Even when a system hasn't outright collapsed yet, that doesn't mean it isn't compromised or even approaching failure.

The grandparent comment describes a situation for handling waste, waste that has serious impacts on the health of the environment. That's what you reduce to "paper and ink," so I'll assume you're part of the crowd that generally trivializes environmental concerns.... as if they've forgotten this is where they live and the food chain is how they eat. And then one day we wake up and it's perfectly normal to have a conversation about limiting our consumption of tuna and other fish because of mercury levels they contain as a consequence of uncontained industrial activity. Because we forgot that we're part of a system. Not surprising to see people do... but it is a little surprising to see it pop up on HN.

Speaking of the food chain, here's some fun food for thought:


Planning on flying anywhere?


How sure are you that these jobs don't need to exist? These are just two examples. How sure are you that you really have any idea what the government does?

Are you the kind of person who just deletes large swathes of code from a system because they're ugly, because they don't fit your aesthetics, because you're not sure what they do and you'd rather just re-write than find out?

It seems starkly short-sighted to infer that institutions like the EPA may not be "essential" when the anecdote you're replying to shows that they're stockpiling waste fuel. I would think such an act is dangerous in several respects.

I think that the original commenter is trying to say is that it's possible that their jobs won't be done if their shop has to close. They're already being impacted: their work time is being wasted. That makes the business less profitable and eventually this could affect everyone that works there.

Some of the jobs that "need to exist" are not people who work for the government.

Do you think that failing to do essential work always has an immediate consequence that's visible to you personally?

Good question.

Government waste is frustrating as hell to me as a taxpayer. I believe, however, in spending money to protect our quality of life in the long term.

For instance:

If the EPA and all environmental legislation ceased to exist tomorrow, you wouldn’t be able to tell in a month, or even a year.

You would notice if in ten years’ time your kid got lead poisoning from swimming in the local river.

Sure. And then you find out your kids get cancer 10 years later and you wonder why nothing was done about all that toxic waste?

If you're driving on the freeway and your car suddenly runs out of gas, the fact your vehicle keeps moving is not a sign that your car only optionally needs gas.


I have been on the non-essential side, so I know some people who are moving on. It's all anecdotal, but I'd be curious to see what the cost of this shutdown is going to be.

I would guess close to all of them. A large percentage of people that work for the Federal Government really don't add much value and not employable outside of that setting.

Of course, I could be wrong, but I am willing to bet on it, if anyone is interested.

In the hipothetical case you're wrong, how would you be satisfied of having lost the bet?

Every time I read one of your comments I think “is that the same diesel guy?”, and so it is. You always have some of the most interesting things to say here.

He has a tag 'diesel mechanic' on Momento: https://chrome.google.com/webstore/detail/momento-for-hacker... - it's actually pretty handy! :)

Is there some sort of widely accepted "hacker news +" addon like RES for reddit? If not I think I just found the project I want to start :)

I second that- wish tags could be shared with or imported from the memento community.

That's a great way to encourage brigading.

Is there a version of this plugin for Firefox?

Since I just got Momento, all I want is to import your tags.

>our full-site inspection is due feb 2nd...without it, the federal government (if it were running) would cite us for a flagrant violation and shut us down. The guy who does that inspection called us and confirmed hes quitting to work for...of all places...the company that recycles our oil.

What will you do when this date comes around?

I'm going to assume you just can't shut down and lose business? Do you just keep at it and take the hit in fines/whatnot when the govt. reopens?

To think similar things are happening at mechanic shops all over the country... it's a bit horrifying honestly. Diesel is nasty stuff.

If you can demonstrate that you’ve substantively complied with the regulations to the best of your ability given the circumstances (and it sounds like you can) I would imagine most regulators and/or administrative judges have better things to do than try to ding you for this.

Quick edit: Might want to make sure you’ve got something between the storage containers and the ground though so there won’t be any leeching into the soil.

Source: I’m a regulatory compliance attorney. Mostly investment management but I moonlight as a legal journalist covering EPA enforcement cases.

I would imagine most regulators and/or administrative judges have better things to do than try to ding you for this.

In my experience running businesses in several states, regulators are surprisingly helpful. They don't want to punish you unless you're being a deliberate jerk. They want to help you learn to comply with the law first. They'll only go for the throat if you tell them to pound sand.

Interesting. I make a part that a large diesel manufacturer uses on fixed and marine diesels to clean the crankcase air and meet EPA regs. I noticed a big uptick in purchasing right around the shutdown and then it fell off a cliff. I chalked it up to holidays but now I wonder if everyone is deferring maintenance since they can't do anything with the waste.

I would be interested in hearing your (and owner, coworkers, etc) honest opinion of the EPA regs prior to this shutdown. My understanding (and I very well could be wrong) is that many of the EPA's rules are overly burdensome, expensive, and unnecessary while there are other areas that go without oversight that could use it.

Certainly it is frustrating to be blocked from conducting business because you are unable to follow the regulations. But if the regulations are misguided to begin with, perhaps there is some merit in exposing that life and business can continue with reduced bureaucracy.

There's lots of weird legal impacts of the shutdown. Some are big issues, like your situation with hazardous materials and trying to comply with the law. Others are tiny things that impact everyday people in weird ways.

My particular issue is that I'm trying to arrange to transport my dog across country lines on an airplane. But the county I'm flying to requires my vet to complete a vaccination certificate which then has to be stamped by the USDA APHIS office (normally no big deal). But of course this is currently impossible because USDA APHIS is shut down and doesn't even answer their phones. It's not clear if any alternate path exists to get around this.

Couldn't you ask the country representative? A more expensive way night be to get a stamp from the destination country authorities that confirms your dog has all the relevant vaccines (is the stamping doable via post?)

Oh! I have a relevant and potentially helpful life experience.

Twice in my life I have needed to get a cat from Point A in central time to Point B somewhere in California. Handling all the vaccinations and associated paperwork was (in one case) annoying or (in the other) the person who actually owned the cat not remotely organized enough to have records.

It turns out some domestic airlines will permit you to fly with a pet on-board in a soft-side case under the seat where one might normally put a bag. This may or may not work for you, depending on how patient and large your dog is and how big your budget is.

> It turns out some domestic airlines will permit you to fly with a pet on-board in a soft-side case under the seat where one might normally put a bag. This may or may not work for you, depending on how patient and large your dog is and how big your budget is.

The person to whom you replied is trying to import an animal into a foreign country. Doing that, even for pet-in-cabin and service animals, requires a certificate from the USDA. The same process as domestic flights won't work in this circumstance, unfortunately.

Oh! I missed the country lines portion. That's quite unfortunate for them.

Just to clarify, are you saying you're able to recycle your oil without inspection and also wont't have to undergo a full site inspection (if the gov remains shutdown)?

sealed vessels under a certain capacity can be recycled normally by most companies. we dont often do it because its cumbersome, and larger holding tanks are safer than random barrels that get forgotten and dont have leak alarms or overflow alarms. large tanks require certification, samples, and periodic checks to make sure we arent secretly filling them full of nacho cheese or something and not waste oil.

that having been said, we will still require an EPA site inspection, and im pretty sure when that happens theyll be rather accommodating to any lapses in certification. Id dread having to check that voicemail box though.

periodic checks to make sure we arent secretly filling them full of nacho cheese or something and not waste oil

I'm not sure there's a test sensitive enough to make this distinction. ;)

If I worked for the EPA and found you had filled your large tank with nacho cheese I'd be impressed!

First you'd have to prove that it was, in fact, the nacho cheese that it was claimed to be. I am betting lots of companies would be happy to toss random chemical solvents without any environmental oversight into whatever tanks they thought could hold it. Witness the Silicon Valley superfund disaster, for one.

Off topic: I would like to chat about the diesel mechanic business. Any way to contact you?

I really wish browsers would deemphasize certificate expiry as a problem (say to just an ! on the lock icon)--it is literally meaningless from a cryptographic security perspective. I also think it is misleading users about the usefulness of certificates, since neither browsers nor certificate vendors track or report things that do meaningfully impact security, e.g. if the company that originally bought the certificate was sold to EvilCorp or the server has been compromised by hackers.

It does affect trust to some extent. For example I could have had control over a domain a decade ago, got a trusted cert, then let the domain lapse and MITM it later after it was acquired by somebody else with my still valid cert (if they never expire). Regular validation to ensure the cert owner still has control of the domain is important.

That said, I agree that the way browsers handle SSL can mislead users about their privacy and security on the Internet.

Expired certificates are not checked for revocation, so it could have been compromised and revoked, but your browser wouldn't block the connection.

Unfortunately in reality very few organisations actually revoke certificates. Revocation doesn't really work anyway (except for EV certs), but even if it did, most organisations still probably wouldn't do it.

When the notAfter date rolls around, the CA is no longer obligated to include the certificate in CRLs (or OCSP responses). Effectively, when a certificate is expired, it is no longer possible to detect whether or not it was revoked.

Expired certificates must therefore be treated with at least the same alarm as revoked certificates, which is the most severe status condition you can return (as it could mean "we believe someone else to have access to the private key").

I can see the argument, but completely ignoring the date means that you only have to control the domain _once_ to have a certificate forever. A grace period of a few days might more sense, but completely ignoring the date seems risky.

> it is literally meaningless from a cryptographic security perspective.

Care to elaborate?

Certificate expiry is intended to address things like:

* If at some point in the certificate's life it was leaked, but you didn't notice and so didn't get it revoked.

* If there are old certs kicking around and you're not sure of the details. e.g. previous owners of the domain, previous sysadmin who was careless with their recordkeeping, and suchlike.

* If a certificate has been revoked, but CRL distribution isn't as good as we'd like so people don't know about it.

* If certificate issuance rules have updated/tightened, e.g. SHA1 Deprecation.

* Limits the ability of CAs to back-date certificates to get around rule tightening (which they shouldn't be doing anyway, of course, but might hope to do undetected)

All of these are slow-moving security issues, so you're no more at risk the day after the cert expires than you were the day before. And hopefully not many sysadmins have problems like lost certificates, which makes the protection cert expiry offers seem redundant.

A certificate is essentially a cryptographic key that one entity (the "issuer") asserts was issued to some other entity (the "subject"). Whether that assertion is true now, was true a day ago, or was never true does not affect the strength or usefulness of that key for cryptography. Other attributes of the key, like its bit length, do matter, but when it was issued and when it "expires" absolutely do not.

I find this misleading because the implied value of the certificate to the end user, that "you can be sure you are talking to the entity you think you are talking to and nobody else", is not really what the issuer is promising. They're just saying something like "we verified the company that bought this really is named XYZ". They are NOT saying that "the entity that operates the server you're communicating with is under the control of XYZ corp". It's entirely possible for a certificate to be sold to XYZ corp, which emails the certificate to a IT consultant, which FTPs it to a Word Press hosting company that deploys it to a server run by a cohosting company where it's used to market services that are fulfilled by independent contractors. The issuer doesn't touch on anything beyond the first step in that chain but the browser's freaking out and going full red screen the second the certificate "expires" might make you think that it does.

A specific example--right now on disasterhousing.gov I get this message in Chrome

   Your connection is not private

   Attackers might be trying to steal your information ...

   This server could not prove that it is disasterhousing.gov;
   its security certificate expired 21 days ago. This may be caused
   by a misconfiguration or an attacker intercepting your connection.
The first statement is extremely misleading, your connection is as "private" as it ever was, since the cryptography still works and the issuer never validated the end-to-end privacy of your information server in any way. That last statement is so misleading as to be mostly just wrong. 100% of expired certificate problems in my experience are due to an organization failing to renew because of inattention ("Bob bought the certificate 2 years ago and used an email he set up on gmail because we didn't have our own mail server back then but we do now and so no one ever looks at that email so we never saw the renewal notice"). I am not aware of any attack on SSL that leverages a certificate that is valid in every way except that it has expired, other than the possibility that an old certificate fell into the attacker's hands. However it is also entirely possible for an unexpired certificate to fall into attackers' hands, and because unexpired certificates are more valuable it is more likely that is what attackers actually will steal (or forge).

I think users would be better served if certificate expiration was a more subtle warning, that perhaps slowly increases its panic-inducing-messaging over long time frames.

>but when it was issued and when it "expires" absolutely do not.

Of course it does. A certificate is more than a key. It's an attestation that the signer verified that the subject was the one receiving the key. Without expiration dates, I only need to control the domain for a short period of time to get a certificate that says I am that domain forever.

They're probably trying to say the connection will still be securely encrypted, albeit without the guarantee that communication is between you and the party / identity you expect on the other end (possible MITM attack scenario).

That brings up an interesting question I'd never thought to ask before. Is there a standard in what order the attributes of a cert are checked for correctness?

Say I present a self-signed, expired certificate with a bad signature and the wrong domain name. Which one does the user get warned about?

This has important practical concerns. A cert being T+1 second expired is irrelevant from a security standpoint, but if that short-circuits all the other checks...

That strikes me as potentially a non-trivial difference.

I think it's one of those arguments that disappears once you account for context. No, the datestamp doesn't affect the quality of the encryption. Yes, it might matter if the last time this certificate was vouched for was 100 years ago for one year.

I mean, I'm one of those crazy people who thinks constantly auto-renewed certs with a one-hour lifetime are a good idea. Though really only achievable when you're working with a private CA, unfortunately.

With a sufficiently short lifetime, you can throw up another barrier to compromises.

Whilst I'm sure you're right, I can't think of a single instance where a compromised private key was used to impersonate a website through MiTM.

2+ year expiry on certificates has been pretty commonplace until LetsEncrypt's 90 day policy.

It's absolutely possible that this could occur, but practically, the difference between a correctly issued but expired cert and a non-expired one is minor.

Automated renewal with letsencrypt is a thing. Blaming this on the shutdown rather than on not taking appropriate care to do this more robustly? Meh.

Not using Let's Encrypt automated renewal isn't necessarily due to a lack of care.

Some of the sites listed use EV certificates, which aren't supported by Let's Encrypt.

And using Let's Encrypt for automated renewal comes with risks of its own. Note, for example, that very few of the "major sponsors" listed on the Let's Encrypt website use Let's Encrypt for their own sites.

In addition, even if they had set up Let's Encrypt auto-renewal, they may have had to shut down the system running it before they left. Leaving a system up that you won't be around to patch/maintain is almost always worse than shutting it down until you get back.

They have some system up, otherwise you wouldn't get a TLS error, just a network timeout.

What risks? Major sponsors not using Let’s Encrypt is most likely due to marketing departments using third party software running the company site. I don’t know why, but marketing usually doesn’t want engineering anywhere near their public sites...

I currently work for a fortune 5 company, we're not using letsencrypt yet because my team currently doesn't have the manpower to migrate our automation and code to something such as this. Note that I want to move to LE as soon as possible, but we're not on it yet, and folks citing that something like this is easily fixable in a snap just isn't informed on how things actually are working in real world environments.

Perhaps or they just work on a different scale of real world.

Enterprise is inherently more risk averse than most parts of our industry, largely because they can put a dollar amount on outages.

It’s not like cert issues are a solved problem either, O2 (massive uk telecoms provider lost data access for 20 million customers because of cert issues a couple of months ago).

Heh, in tandem with other current thread(s), I wonder if any company interviews candidates by this criteria.

Major sponsors not using Let’s Encrypt is most likely due to marketing departments using third party software running the company site.

Immensely curious how you came about this conclusion of all the possibilities available

My experience working at tech companies. Also, not assuming that sponsors of Let’s Encrypt don’t trust their certificates.

Automated renewal only works so long as your servers doing said renewal continue working. This is by no means guaranteed.

How long do you think the average company's IT infrastructure would continue working if all employees instantly dropped dead? With no one to respond to any issues that crop up, and nothing that isn't 100% automated happening at all?

I have been using lets encrypt now for about a year for about a hundred domains, and I never had to do a manual renewal.

The biggest benefit of lets encrypt for companies is not the price. Having someone responsible for renewal, getting the bills through the billing system and approved, getting it installed. All those steps involve employees that could be spending their time on something more important. If any part of the chain fail there will also be a massive fallout which can be very costly. Automated renewal changes all this to a initial cost during construction of the service, usually during the per-production phase.

My concern would not be about the automated renewal if all employees instantly dropped dead. Sooner or later a service will hang, some resources exhausted, and things stop to work.

> I have been using lets encrypt now for about a year for about a hundred domains, and I never had to do a manual renewal.

One data point does not make a very useful statistic, and most definitely does not make a meaningful statistic for making decisions about production systems.

That is fair but then we also do not have multiple data points in a formal study to say that you will need manual renewals.

I personally find anecdotal information useful from people who work professionally on it when there is no other information available. I find the top comment in this thread interesting even if its just a single data point from a diesel engine mechanic.

> I have been using lets encrypt now for about a year for about a hundred domains, and I never had to do a manual renewal.

Same, it's magic. Works perfectly.

Only annoying part, UptimeRobot spits out some warnings, "Your certificate is set to expire soon..." but thanks to auto-renew I don't have to do anything about it.

How long do you think the average company's IT infrastructure would continue working if all employees instantly dropped dead?

Infra that I've built? Years. If that makes me above-average, I hope it's only barely.

Then you have a cloud server somewhere, with a spending limit...

Guess what :)

> with a spending limit...

The reason a significant portion of the US government is shut down is because they literally have no money to spend because congress hasn't raised the debt ceiling to allow the government to borrow more money. So the 'spending limit' you mention would have been $0.00 the moment the shutdown happened.

Probably a better solution is to no longer run the government with a spending deficit.

Most of the stuff that I wrote in my last job was designed to keep going whatever. I didn't want to be disturbed with issues and as a tiny team we automated and fixed everything that was likely to cause us issues. I left >6mo go and it is still running without issues now. If a box dies it flips to another box on another data centre etc.

That's not truly unattended though, as there's still plenty of people working in that datacenter keeping things up and running.

It's easy to have services working unattended for a long time when someone else is responsible for maintaining the hardware; even better if they're maintaining the OS updates too.

Now if all the datacenter staff are furloughed too ... the first usually trivial issue might take everything down.

I was wondering something for a project I'm considering. If I build a web app for somebody and move on, am I even doing them a favour unless I maintain it for years too?

Not experienced enough to have an answer

If it's a job, then that's their problem, just like how if I pay someone for a car, I still have to get the oil changed forever.

If you're doing it for free as a favor for a non-technical friend then yes, almost certainly you will need to do at least some maintenance work in the future.

That's what maintenance contracts are for.

> Automated renewal with letsencrypt is a thing.

The article mentions it is a thing in the following cases:

"""Any website that’s hosted on cloud.gov, search.gov or federalist.18f.gov won’t go down as they rely on Let’s Encrypt certificates that automatically renew every three months."""

The employees tasked with clicking the "Renew Certificate" button every X months probably have no idea how they'd go about that.

As a contracting project, I imagine it would be pretty expensive to upgrade every single website of the US federal government to use Let's Encrypt. How many different operating systems and web server setups there must be?

Done fed-wide, it would make more sense to set up the federal government as a top-level certificate authority, and build a LetsEncryptAlike that does the same thing.

This would be amazing. Certificates are always a pain when I work with the federal government. Many times they just self-sign which causes a ton of extra work to do something simple, such as pulling from a private registry.

It's not just government... a lot of big enterprise corporations have the same problem. Even internally.

My point is that said employees / contractors should have a better plan than having to be there at a certain time to push a button. That's planning for failure.

What if the contract has a problem? It happens. What if the approving official is out sick for a month? It happens.

Not knowing how to set these things up? I don't really think that's an excuse. This should be addressed in the requirements.

Federal agencies have made websites for the past 25 years. Let's Encrypt launched in 2016. It's bleeding-edge technology as far as public sector requirements go.

Methinks a lot of the eyerolling about not using Let's Encrypt is coming from people who have never touched a real legacy system in their lives.

Specifying requirements for uptime is not new. Federal agencies have many failure modes that are different than private sector, but those who work there know about them. Purchasing a 1 year cert can be extremely challenging, depending on the agency, due to procurement rules, etc. For such an important part of a site to be neglected when the above is known - an eye roll is about all the respect that can be afforded to it.

Source: I've worked in and with the federal government for more than 25 years.

> But some do cost money, and during a government shutdown there isn’t any.

Techcrunch doesn't load for me after I started blocking cookies, but is it about the renewal or paying for it?

Automation doesn't matter if the spending isn't approved.

The article sort of implies both.

> because so many federal workers have been sent home on unpaid leave — or worse, working without pay but trying to fill in for most of their furloughed department — expired certificates aren’t getting renewed. Renewing certificates doesn’t take much time or effort — sometimes just a click of a mouse. But some do cost money, and during a government shutdown there isn’t any.

My personal guess is that the author of the article doesn't know which it is.

I am usually all for privatization but having .gov CA and issuing new certs without any spending sounds like something that would be a sensible idea even for the most hardcore libertarian. I don't see why government must buy certificates in retail instead of just having its own authority (which it has anyway in .gov domain btw).

manufacturing.gov has 1-year cert ending on Jan 14. Why didn't they create a new one in November 2018? It's not like Jan 14 coming is any kind of surprise. I can understand where snowfall takes a city by surprise - after all, it's hard to predict when exactly the snow would fall. But it's kinda easy to predict when January 14th would happen. Why didn't they prepare?

I'm not even saying why they don't have .gov CA with auto-renewal infrastructure - that'd be too much to ask. But at least some foresight?

Minor inconveniences like this should reduce support for the government shutdown.

Also, isn't this the longest ever?

Misleading title. I thought the domains were expiring and was wondering what that had to do with HTTPS. Their SSL certificates are expiring, not the domains.

Maybe designing things to break periodically without intervention wasn't such a good idea.

Wee bit misleading - this is about cert expiration, not domain expiration.

Not just misleading, literally wrong based on the plain meaning of the words.

I bet that domain names will be expiring too... of course the .gov domains should be fine as it's a restricted TLD, but many government organisations have other non-.gov domains too.

My favourite part is that some of these sites are effectively blocked by chrome due to HSTS (e.g. manufacturing.gov), which renders them unusable for most.

I'm not seeing a lot of sites that actually handle private data for the majority of users.

I would be much more interested in domain names that will expire. If funding is stopped one would guess that domain registrars might start allowing some names to expire, which then anyone can try to catch.

I doubt that "anyone" can grab a .gov address.

I was more considering all the multitude of other domain names. Just like companies, government agencies and departments tend to have a lot of domains spread out on multiple registrars, tld's, and for many different reasons. It can be to cover misspellings, one-time projects, awareness campaign, and so on.

You can’t register .gov domains that way.

Taking this opportunity to again expound about how not all websites need HTTPS:

First, most of these are basically info portals. Nobody is trying to steal or corrupt the data points for the fiscal budget expenditures this year, or the report on residential heating in remote arctic villages. In addition, none of the data is secret or private. So the data doesn't need to be protected.

The other reason people say everything needs HTTPS is not data security, but attacks on the client. If you use HTTP, someone can subvert the packets to inject malware into your client, etc. But this would be impossible if the browsers had methods to cryptographically verify the data's integrity without needing to keep it private. In other words a checksum, possibly even out-of-bound. This can be done securely and without the need to constantly expire and re-issue a certificate, and it also enables several useful technologies which require inspection and passing of data content in different scenarios.

Finally, the increased dependence on encryption for all communication makes our communication more fragile, and this is a great example. In the future, if everything uses https, and certs expire, either most of the content of the web will expire, or if we allow clients and tools to not verify certificates, we undermine the purpose of the certificates to begin with. Let's Encrypt cron jobs will not work forever (if you don't upgrade, eventually the crypto you were using for your cert will become obsolete), network operations can be attacked to prevent re-signing, not every domain has a server that runs cron jobs, there's no guarantee Let's Encrypt will be around forever, and it may not work in non-US countries.

Unrelated, but I also think expiring certificates can be worked around. They force you to expire and re-sign them because they could get cracked or (less likely) the private key could leak. But certificates can also be revoked at any time. As far as I can tell, it's not possible to tell if a certificate has been revoked if an attacker doesn't want you to be able to tell, since PKI has to work offline. So you could be getting pwned all the way up to the cert expiring. Instead, we could simply expire certificates when we want to rotate them, rather than letting them auto-die and catch unaware admins with their pants around their ankles.

Some people say we need to get rid of PKI, but I don't think that's a good idea. Rather than throw the baby out with the bath water, let's improve the baby. That goes for the registrars, CAs and DNS, too. (The way cert signing happens today is, I think, a bit of a joke, and registrars need to play a more key role)


Generally speaking: I blame the side which veto's the clean CR.

In 2018, that was the Democrats for example, who veto'd the clean CR in hopes to pass immigration reform. Fortunately, that shutdown was pretty short.

In 2019, there is a clear party which is refusing the clean CR agreement.

you mean the senate? the house has passed several spending bills since the shutdown. the senate won't bring them to a vote.

isitdoneyet.gov Really?

I noticed that one too - it actually redirects to a USDA page with information on what temperature foods are safely cooked at.

Looks like its a food safety website from the USDA recommending cooking temperatures. Is It Done Yet makes sense.

Well, except that it doesn't make sense for them to actually have a domain for it. The domain does a 301 directly to a page within the usda.gov site. The domain itself doesn't even come up on a search for isitdoneyet, instead just the forwarded page does. So no, while the content is useful, having a separate domain and SSL certificate, really isn't useful.

You can print "isitdoneyet.gov" on a PSA poster (like, on paper) and have people be able to type that into their browser. https://www.fsis.usda.gov/wps/portal/fsis/topics/food-safety... not so much.

An extra domain and a cert are essentially costless if you're managing more than a handful already, so what's the probem?

What's the URL for the 301 destination? (No cheating, I want to know from memory :)

Why doesn't it make sense to have a domain for it? It's a lot more memorable than anything else would be.

It's a memorable URL, which I'd say is pretty useful.

My shutdown-proof version: http://donetemperature.com

I pretty much expected to find there the site about whether government shutdown is finished or not :)

I know that political subject are not wanted.

But I have never seen the return between the wall, Trump and his real estate mentioned.

Is it plausibel that he wants a shutdown, so he can earn more money by building a wall?

Is techcrunch.com now for people who are hard of sight? That's a massive font.

well most technies in silicon valley are painfully short-sighted

Nevermind it would have taken 2 seconds to setup a cron job to autorenew their SSLs. Typical government.

Assuming they were using best practices and something like LetsEncrypt (unlikely) or even a larger outfit that implements ACME (do those even exist yet?).

No, more likely, there's a sysadmin somewhere that's furloughed, has the reminders in his inbox, and has to kick off an arduous procurement process involving three layers of bureaucratic horseshit involving five signoffs each, and at least a 60 day window before Verisign nee Symantec gets paid an exhorbitant amount of money and issues the all important bit of code.

No doubt this is exaggerated, but I firmly believe that government/large enterprise procurement is one of the levels of hell. Take something that should be a simple, five minute process and stack layers upon layers of nonsense on top.

The US government shutdowns of the past have seemed like political posturing over budgets, but this time the situation seems genuinely important - I have read so much about the gangs and violence and trafficking that is taking place in the border region. It's surprising that your politicians are able to take a genuine issue like this and turn it into a political one. It's also surprising that common people want the border to be unprotected. What sense does it make?

What you've been reading has been a gross mischaracterization on the issues. Less than one half of one percent of border patrol agents surveyed by the Senate Homeland Security committee want a wall (1), and that's because a wall won't change the situation. It is well known that the overwhelming majority of illegal immigrants arrived by legal means through a port of entry and overstayed their visa. It is also well known that immigrant populations in the united states commit less crime per capita than native born populations. The whole idea of the wall has been around since Mexico declared independence from Spain, and has long been rooted in racism and fear, not fact or data (2)

1. https://www.nytimes.com/2019/01/05/us/politics/donald-trump-...

2. https://www.sandiegouniontribune.com/news/nation-world/ct-me...

That's a conflict of interest if there ever were one. If you are paid to catch violators, you want more violators.

Also, you're conflating "illegal immigrants" with "immigrant populations". When mentioning crime, you suddenly switch to discussing a group of people who have patiently followed the immigration law and paid all the fees.

Think about the mechanics of how a wall might even work, the logic isn't really there to even invest in it. The only way a wall would be a practical deterrent would be if someone didn't even know it was there. One rope and you are on the other side. You'd still need border patrol to monitor the wall just like if there wasn't one. On top of that, the landscape is wide. Wouldn't it be far far cheaper to just fly a drone, maybe even with AI, and scan miles of desert at a time for anything that isn't miles of desert, and have a border patrol agent show up with a pickup truck? Because wall or not, you are gonna have to fly a drone or have that same border patrol agent cover the same area anyway to see if there's anyone crossing that stretch of desert to begin with.

For illegal immigrants vs. native born population, it still holds true that the immigrant population has a lower crime rate (1).

1. https://www.nytimes.com/interactive/2019/01/11/us/politics/t...

I'm sure this is all true, but I'm also sure that the population of visa overstayers and the population of illegal border-crossers have vastly different characteristics, including crime rate. This seems like an essential distinction for this discussion since only the latter is relevant to border security, yet I have not seen anyone make it (nor do I know if the relevant data exists).

The relevant data does exist, it's actually in this article (1). Once again, even undocumented immigrants have a lower crime rate than native born citizens.

1. https://www.nytimes.com/interactive/2019/01/11/us/politics/t...

Only if you assume that the studied population of undocumented immigrants in Texas was predominantly people who illegally crossed the border, not people who overstayed their visas.

The news media has done such a horrible job distorting these distinct groups of people that it's so surprising to see that this needs to be pointed out. Most often I see channels like CNN refer to the umbrella term "immigrants", which I imagine is extremely offensive to folks who pay thousands of dollars and wait in line compared to someone who cheats their way into the country.

It's funny, people against the wall keep bringing up the cost/effectiveness of the wall, as if Democrats would support the wall if it was only more fiscally responsible or effective, meanwhile people who support the wall would probably be willing to spend 5-10x the estimated cost, they'd be willing to spend $50-100B if that's what it took.

So, if walls don't work, isn't that an even better argument for Democrats to just give Trump his wall money? After all, it won't have any substantial effect on Americans, but this shutdown sure will if it keeps going. Or are Democrats more concerned about being the party of anti-Trump than being the adults in the room? After all, every right-thinking person knows Trump is the child throwing a tantrum in this shutdown. So wouldn't we be better served by Democrats taking care of Americans by ending the shutdown than teaching Trump a lesson in the minutiae of wall effectiveness per dollar spent?

Being the adults in the room is not setting 5.6 billion dollars (and the projections for the entire project are well north of that in total) on fire to appease a mob. The project is a shakedown, that 5.6 billion dollars will go straight into a private contractors pocket for absolutely no reason other than to appeal to bigoted logic. How much will Trump and private sector lobbies ask for next year? Do you pay ransomeware?

Whatever the cost, be it $5B or $25B, it's a rounding error in the federal budget. And what you call a "mob", some might call the central promise Trump was elected to carry out. You say a wall is "bigoted" but Democrats keep insisting the wall won't work so who is harmed?

I've never been the victim of ransomware but I assume I'd pay it if the alternative was to lose pictures of my child growing up.

I want a wall because I think the reducing the supply of unskilled labor will tend to raised wages for unskilled workers in the United States.

Actually, the supply of unskilled labor is too low. On agriculture, large corporate farms like Tyson Foods can afford to invest in automation to deal with the lack of labor supply (1), however, many employers of unskilled labor do not have the resources that Tyson Foods does. Limiting immigration has never been good for the economy (2). When farmers cannot hire enough people to harvest a crop, the field goes fallow, and the farm folds.

1. https://www.nytimes.com/2018/11/20/us/farmworkers-immigrant-...

2. https://www.nytimes.com/2018/09/02/business/trump-legal-immi...

What does that have to do with what I said though? Illegal immigration is a separate issue from what I understand. This is about dealing with the humanitarian crisis associated with a porous border.

Regardless how what percentage of people come via visa overstay or not, and regardless of what officials say when asked about solving an illegal immigration issue, the bottom line is that the area is so incredibly dangerous because gangs and criminals prey on anyone who attempts the trip and has the misfortune of encountering them. Over the years, it's quite likely that thousands, perhaps hundreds of thousands of victims of violence have been created purely because they make this dangerous trip. Why not put an end to this violence once and for all? They would not make this trip anymore if there was no simple way to cross the border.

> It's also surprising that common people want the border to be unprotected.

Most places don't have a wall[1]. Characterising the lack of a wall as the border being unprotected seems unfair.

[1] https://en.wikipedia.org/wiki/Border_barrier#List_of_current...

I believe the proposal is to have a wall wherever it makes sense and to have other measures where they make more sense.

What have you read? Have you read "No Wall They Can Build?"


Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact