my shop was due for a round of vessel inspections for our waste and fresh oil holding tanks last friday, but, no EPA. Without these inspections we can not technically order new oil or have oil recycled, because the EPA signoff is required as part of cradle-to-grave handling of hazmat substances.
so how do we get around it? we now have half our back parking lot filled with 55 gallon drums of waste byproduct from engine work, which can be shipped without an EPA cert to recyclers. This is also outright illegal if it gets big enough, but we've been declaring it as required by the EPA. since we cant schedule a formal review of that either, we confirm the storage with their hotline for doing so, and since thats not staffed and the voicemail box is full, I have been mailing Kodak pictures and printed descriptions of the storage.
our full-site inspection is due feb 2nd...without it, the federal government (if it were running) would cite us for a flagrant violation and shut us down. The guy who does that inspection called us and confirmed hes quitting to work for...of all places...the company that recycles our oil.
This type of thing is one part of the story that not enough people are focusing on regarding the shutdown. How many people are going to come back to these jobs once the shutdown inevitably does end? Odds are these "nonessential" government departments will be crippled for years by the loss of both experience and manpower.
The Grover Norquist "drown it in a bathtub" contingent of the Republican party is large, influential, and for them, this is not at all unfortunate collateral damage in pursuit of The Wall or something. The crippling of public institutions (if not outright dissolution) is part and parcel with the ideology.
And that's even if you don't believe that the executive branch may have been compromised by a foreign power interested in weakening and destabilizing the United States.
Well, OK... there's obviously one little check. Like, the staff of these organizations are literally not getting paid right now because of a funding impasse. So, obviously there's some regular oversight about who gets what kind of funding.
And come to think of it, all these organizations and jobs were created by act of congress and/or executive prerogative, with scope prescribed by the relevant orders and law.
But who are congress and the executive accountable to anyway? And who writes these so called "laws"? Who are the laws accountable to?
Wait. They're written by members of congress? And carried out by the executive? Huh. OK, but other than that, totally unchecked! Again, who are "congress" and the so-called "president" accountable to? Who made them "officials"?
Oh, yeah. Voters.
So actually, there isn't any defensible sense in which one can say "unchecked" at all, actually.
Now that we're here, it's almost as if the only way one could use the term "unchecked" is if they're not using language in an attempt to actually describe the world, but out of intent to characterize inaccurately without a supporting argument. Propagandize. Or, I suppose, if one had already had one's mind hijacked by such propaganda.
But who would suspect that someone named "rattlesnakedave" might actually be engaging in that sort of commentary?
"Trump is doing this and is unstoppable" is a false narrative and is the reason that "Trump is compromised by Russia" is a senseless explanation.
...seriously? Give me a break.
Redditors moving to hackernews can be called immigrants as they behave much in the same way. They have their own culture and background which they bring with them. Of course, they may assimilate but it doesn't seem to be working too good lately.
I personally have wound up on hackernews maybe 5 years ago, but I have definitely seen a decline in discourse over the last three years or so specifically.
I generally don't interact much as I often feel like there are people far more knowledgeable on a particular topic than myself and my comments would be little more than noise. You seem to have taken a similar path with most comments being on political topics, with echoes of champagne socialism.
Fundamentally, I came here for the technology. I understand that discussions of politics are inevitable on this post in particular, yet I dread the day when the comments will be reduced to "orange man bad" as is the case on Reddit.
Perhaps, I am just afraid of progress.
No, you're getting older and more mature even as the HN audience becomes younger and less so. It reminds me of the original "rage comic" subreddit which was devilishly clever until it became popular, and you could see in real time as people started talking about issues that affect younger and younger cohorts, until I finally saw boring middle-school drama in the subreddit (long after I left).
This is exactly what happens with both parties. It's a byproduct of the party system.
Republicans: small government, better business environment, etc
Democrats: strong social safety net, everyone pays their fair share, etc
Athenian offices were strictly term-limited, except for the position of general. People apparently felt that having military experience in that role was more valuable than the benefit of term limits would make up for, and it's hard to blame them for that.
But the general, able to serve for life, the only island of stability in the government, accumulated all the political power. This mostly defeated the purpose of having term limits on any office.
American presidents are term-limited, but American political parties aren't, and policy -- in terms of the solutions, but also in terms of the questions that get asked -- is set by the parties. I think this is more than just a coincidence.
On the other hand, Senators and Congressmen are not term-limited, but they don't seem to accumulate much in the way of political power.
(Also, senators are congresspeople.)
Maybe so, but "Congressman" is the title for someone who sits in the House of Representatives, while someone who sits in the Senate is a "Senator".
The Republicans are far more unified. It is both their strength and their weakness.
Or not. What about the Trump faction vs. the RINO's.
Republicans are split: libertarian, nationalist, religious
There are factions in the Republican Party, but for various reasons they are much more prone to have the non-dominant faction submit meekly to the dominant faction in terms of most actions in government, and even most public statements outside of contested primary campaigns. And even there the actual policy disputes are often not front and center.
Which brings things back to the substantial advantage that the more rural states give the Republicans in the senate, which would have a good shot and ending the shutdown if they wanted to.
Trump could have gotten his wall when republicans had both the house and the senate. He didn't push it because not enough republicans wanted it I guess, and he wouldn't shutdown the government based on his own party not funding the wall.
Now that the dems have the house, he (and the republicans) can just blame the dems. But if congress really wanted to end this, they can just pass a budget with enough votes and override the president's veto. But instead, the republicans sit back and blame the dems, without having to admit to trump's base that they don't want a wall.
the problem is it’s a symbolic, umm symbol that is hard to walk back from.
another problem with your argument is that it’s blame shifting.
I love it, that somebody decided to have a contest of stubbornness with Donald Trump. When we wrestle with pigs...
They could have passed it when the Republicans were in Congress.
Only if the House and Senate leaders decide to put the vote to the floor. Even 100% (less one) support is powerless if they can't vote on it.
If it wasn’t clear that everyone here is just playing politics, it should have been after Nancy’s letter to Donald about the SOTU.
But your last paragraph says it all. If you believe, without any evidence, that the President of the United States is a foreign agent, talk about it on /r/politics please.
Last year we had a bipartisan bill with $25 billion in Wall funding and DACA amnesty. Now he’s asking for $5.7 billion and has said he wants to negotiate.
There is a long, long prescedent of bipartisan negotiation in these matters. The new Speaker of the House has said she will absolutely not negotiate and claims border walls (which we have in spades already) are immoral and racist. Ok then!
Several days ago Donald met with Chuck and Nancy and asked if he signed a CR opening the govt for 30 days, would they take up wall funding and Nancy said No.
There’s nothing stopping either “side” from unilaterally taking a simple step to fully open the government. So logically everyone is to blame.
The answer: Absolutely nothing. The reason why they kicked this can down the road was solely for the purpose of using it as political leverage against the democrats. There was literally no excuse for not getting funding for his wall over the past two years. Except to use government employees as hostages.
There is no two sides to blame here. Republicans had the power to do so. They didn't. Now at the 11th hour they want to do it, so they can blame Democrats for not adhering to their outlandish demands.
The funding Donald wanted is now less than the cost of the shutdown. $5.7 billion toward border security is not outlandish. Shutting down the government for 30 days absolutely is outlandish.
If they wanted to fund the damn wall, they could've funded it. You're right that shutting down the government for 30 days is outlandish, and it falls squarely on Republicans and Trump.
Eliminating the 60-vote threshold for legislation would destroy a massive part of what makes the Senate the Senate. It is stunningly worse policy than spending $6b on marginally effective border security.
But because Republicans didn’t do that, and Dems won’t vote for even $2 of Wall funding the only blame for the current shutdown is to Republicans. Do I understand your logic correctly?
And Republicans have already eliminated said threshold for ramming through a supreme court nomination. I want to get this straight though: Your argument now is that parliamentary procedure was more important for Republicans than building the wall. A wall that they're claiming is a national crisis resulting in widespread issues. Enough of an issue to shut down the government over it.
If the wall was vital, then why didn't they employ the nuclear option (as was backed by Donald Trump, obviously) to build the wall. Why are are they, now that the Democrats are in power, demanding a wall be built?
And yes, the only party to blame for the current shutdown is in fact, Republicans. They had two years to build a wall. They didn't.
I said Federal and judicial appointments. The Supreme Court is a judicial appointment.
Legislation has always been a 60-vote threshold to end debate in the Senate. It’s one of the cornerstones of the Senate.
I wouldn’t say Democrats are “in power” now. They took back the House and lost seats in the Senate. But the fact remains they have always needed Democratic votes to get to 60 in the Senate.
You say they should have voted it through with just 50 in the Senate. Which by the way they don’t want to do even now. I think that would have far worse long-term effects for the country, and many Democrats and Republicans alike agree.
You can obviously believe whatever you like. It’s your opinion, and I’m not trying to change it.
My simple observation was that right now, with the House and Senate that we have, with the rules and procedures that have been in place for centuries, both parties are equally capable of funding the govnernment in less than an hour if they decide they want to do it. It will only cost them ~$6b one way or the other. Either party is indisputably capable of ending the shutdown, but both as of yet have chosen not to.
 - https://en.m.wikipedia.org/wiki/Nuclear_option
You're effectively saying that Republicans holding the government hostage instead of employing the nuclear option in the past is far less damaging to the country than if they had lifted the parliamentary procedures. This is also ignoring the fact that there has been bipartisan clean CRs which have been outright denied by the Senate.
Can you explain why it would've been more damaging to the country than the current shutdown? I would like an actual explanation.
Whether or not Republicans could have funded border security Before is an interesting diversion.
Trump actually pushed hard for border security & wall funding the last time the govt was facing a shutdown, and he was convinced to sign a clean CR with the promise that border security would be addressed. It wasn’t.
So this time he has held fast. He is absolutely responsible for holding firm for a bill that has what he wants in it. He could sign a bill today without Wall funding and re-open the government.
Democrats in the House could also pass a bill today with $5.7b in Wall funding and the government would be open again in an hour. You have not disputed this as it’s indisputable.
Both sides are choosing to keep the government shut down.
Tomorrow at 3pm Trump will present yet another compromise proposal. He has at least been standing ready to negotiate this entire time, even through Christmas. He has said what he wants, as it’s a promise he made when he was running for election, and he is obviously willing to trade a lot for it. We’ll see tomorrow what his latest proposal is, and if and when Democrats will come to the table.
A rational negotiator, when the other side says “this is what I need to have” figures out what they need in return. If border fencing is “immoral” or “racist” then we have a lot of walls we better get bulldozing.
At worst Trump is saying he wants to waste $6b dollars on ineffective border measures. Well, by denying that appropriation, House Democrats have burned much, much more than $6 billion by now.
There are things you can ask for that cannot be bartered. He could be asking for a Constitutional Amendment of some sort. He could be asking for certain politicians to resign. He could be asking for actual racist or immoral things.
He’s asking for a border security appropriation to build 230 miles of wall in addition to the 690 miles that already exist. He wants to increase the border fencing by 1/3rd. He’s demanding this because a large number of people voted for him because he said he would do it.
This is something that can be traded for in a functioning democracy. I believe Democrats should put something commensurate on the table that they’re willing to trade for $6b in wall funding.
For example, the next Supreme Court nomination. If Ginsburg knew that Dems could fill her spot, perhaps she would be ready to retire. I think Trump would want $25b in Wall funding in return for that, but it’s within the realm of possibility. I think Dems need to get fucking creative and get to work on solving this, versus assuming a fake BuzzFeed scoop is going to solve their problem for them, or continue to play the optics as if the shutdown is good for Dems.
Acting like Trump is a rational negotiator is delusional. Why should the Dems ever bother listening to his demands when last time they negotiated, he backed out of the deal? And you're objectively wrong, again, on it being a clean CR.
I don’t think either side is a particularly good faith negotiator, but it’s totally beside the original point I made which you refuse to debate while continuously smoke screening with side shows.
You refuse to admit that the way the Senate has done legislative business for its entire history is at odds with your “despite a Republican majority” rhetoric. A Replublican majority is not sufficient to stop a Democratic philibuster in the Senate. That’s how the Senate works. If one party with at least 40 seats decides to filibuster, then they are responsible for the bill not passing. That is exactly how it has always worked in the Senate and any good faith debater would accept that the party filibustering is the party responsible for stopping the bill from going to the President’s desk, in that case, causing a shutdown.
I mean, if you blame Republicans for the Jan 2018 shutdown where Senate democrats were damanding a permanent DACA fix, and then relented, you know even the NYT disagrees with you ;
Congress brought an end to a three-day government shutdown on Monday as Senate Democrats buckled under pressure to adopt a short-term spending bill to fund government operations without first addressing the fate of young undocumented immigrants.
 - https://www.nytimes.com/2018/01/22/us/politics/congress-vote...
There isn't a bill on his desk because McConnell won't let it happen because Trump won't sign it. Your reading of this situation is incredibly simplified. Trump by virtue of McConnell is absolutely a big reason why we are in a shutdown.
As a taxpayer, I see that life is still going on while these jobs are not getting done and I might eventually ask, do these jobs even need to exist? What about my life changes if that stack of papers no longer gets stamped and moved into another stack?
2) Many government agencies exist to do things that may not affect you personally. NASA does not do anything you'll be affected by - neither does law enforcement. Or border security. You probably wouldn't notice if your local fire department vanished for a few weeks. Until, of course, your house is on fire.
3) Those things that affect society as a whole (like... EPA inspections) take a long time to affect society but have huge costs down the road if not done (good luck cleaning up water sources, or dealing with your cancer caused by your poisoned soil).
4) Airports are starting to be affected first because these are among the lowest paying federal positions, so those employees are going to have to find other work the fastest.
You will feel this shutdown. You haven't yet because macroeconomics and bureaucracy happen on scales longer than a month.
You'll feel it in the missing percentage gains this year for your investment portfolio (or its complete annihilation if the contraction turns into a depression).
You'll feel it later this year when you try to sort some federal paperwork and it takes them 3 weeks longer than normal because everyone at the department is a brand new employee, or they never managed to recover headcount because nobody wants to work for the Fed anymore.
You'll feel it when you head to Joshua Tree and it's missing a couple more trees than it should be, and they haven't yet managed to scrub off all the spraypaint.
Give it time. You'll feel the pain.
I doubt any of us trust companies to do the right thing most of the time, but I think we all agree some regulations are dumb, and a loss for everyone except the people whose jobs depend on them.
For clarity, I have no idea if the tank inspection is a dumb regulation. And I realize without the regulations, they'd probably be dumping the oil behind the shop somewhere which we obviously don't want.
Same for the TSA. If the TSA disappeared overnight, we’d just get on airplanes and fly to our destinations like we did before they came around. We have long lines not because there are fewer agents, but because the law says an agent must process you and there are few agents.
Unless you'd like to see what Flint Michigan but Worse might look like on a more national scale.
Obviously, regulations can cause problems or have significant issues, so we should continually modify them as necessary, to the best of our ability. This includes removing them if they aren't beneficial, or creating new ones.
Same with TSA. While they aren't perfect, we don't have bimonthly hijackings like we did 40-50 years ago.
 - https://www.wired.com/2013/06/love-and-terror-in-the-golden-...
And very few after that (two in the 1980s, with a couple attempts in the 1989s and 1990s) because of the first round of airport security rules adopted immediately in the wake of those and the tightening permanently applied during the 1990 Gulf Crisis.
> The TSA doesn't deserve all the credit there as other post-9/11 security changes were implemented at the same time, but you can't just hand wave away their role in that unprecedented streak of safety.
It's not significantly different that the period before 9/11, so it's not clear they the TSA and other post-9/11 actions deserve any credit, and calling it an unprecedented streak of safety is hyperbolic.
>It's not significantly different that the period before 9/11, so it's not clear they the TSA and other post-9/11 actions deserve any credit, and calling it an unprecedented streak of safety is hyperbolic.
First off, you can't just pretend like 9/11 doesn't count in pre-TSA security stats. Four planes were hijacked within an hour of each other on 9/11 and zero have been hijacked in the last 17+ years? Those rates seem significantly different to me. Also can you find any stretch of US history in which commercial airliners have flown close to as many miles as they have over the last 17+ years in which there wasn't a hijacking? Unprecedented seems like a perfectly fine word to describe that streak.
Prior to 9/11, there were 14 years with no US hijackings (failed attempts are a different story) and 27 with no deaths on a commercial aircraft due to a hijacking. 17 years with neither hijackings nor hijacking related deaths is not a clear improvement that calls for credit anywhere. Since the 1980s, hijacking events have been so rare that it would take many decades under a give policy regime before and after a policy change before you couls have even remote statistical confidence that my quiet period
Really, since at least the 1980s, hijacking is so rare that it would take an extraordinarily long time to have even remote confidence that there was an increase in safety, much less of assigning a specific cause to it.
And, on assigning cause, if there was a reduction in hijackings post-9/11, well, there's a pretty good reason to think that al-Qaeda and the passengers of Flight 93 jointly might be responsible without any government policy as an intermediate cause.
Hijacking became something passengers would no longer be likely to accept as a “cooperate and noone gets hurt” event, which rendered it pointless as almost anyone has ever used it (even as al-Qaeda used it on 9/11, which while it doesn't factually fit that model clearly required for effect that people believed that it did.)
I have an anti-tiger rock to sell you.
This may be something like the idea that life still goes on while you have 10% kidney function and for a certain amount of time after liver failure. Even when a system hasn't outright collapsed yet, that doesn't mean it isn't compromised or even approaching failure.
The grandparent comment describes a situation for handling waste, waste that has serious impacts on the health of the environment. That's what you reduce to "paper and ink," so I'll assume you're part of the crowd that generally trivializes environmental concerns.... as if they've forgotten this is where they live and the food chain is how they eat. And then one day we wake up and it's perfectly normal to have a conversation about limiting our consumption of tuna and other fish because of mercury levels they contain as a consequence of uncontained industrial activity. Because we forgot that we're part of a system. Not surprising to see people do... but it is a little surprising to see it pop up on HN.
Speaking of the food chain, here's some fun food for thought:
Planning on flying anywhere?
How sure are you that these jobs don't need to exist? These are just two examples. How sure are you that you really have any idea what the government does?
Are you the kind of person who just deletes large swathes of code from a system because they're ugly, because they don't fit your aesthetics, because you're not sure what they do and you'd rather just re-write than find out?
I think that the original commenter is trying to say is that it's possible that their jobs won't be done if their shop has to close. They're already being impacted: their work time is being wasted. That makes the business less profitable and eventually this could affect everyone that works there.
Some of the jobs that "need to exist" are not people who work for the government.
Government waste is frustrating as hell to me as a taxpayer. I believe, however, in spending money to protect our quality of life in the long term.
If the EPA and all environmental legislation ceased to exist tomorrow, you wouldn’t be able to tell in a month, or even a year.
You would notice if in ten years’ time your kid got lead poisoning from swimming in the local river.
I have been on the non-essential side, so I know some people who are moving on. It's all anecdotal, but I'd be curious to see what the cost of this shutdown is going to be.
Of course, I could be wrong, but I am willing to bet on it, if anyone is interested.
What will you do when this date comes around?
I'm going to assume you just can't shut down and lose business? Do you just keep at it and take the hit in fines/whatnot when the govt. reopens?
To think similar things are happening at mechanic shops all over the country... it's a bit horrifying honestly. Diesel is nasty stuff.
Quick edit: Might want to make sure you’ve got something between the storage containers and the ground though so there won’t be any leeching into the soil.
Source: I’m a regulatory compliance attorney. Mostly investment management but I moonlight as a legal journalist covering EPA enforcement cases.
In my experience running businesses in several states, regulators are surprisingly helpful. They don't want to punish you unless you're being a deliberate jerk. They want to help you learn to comply with the law first. They'll only go for the throat if you tell them to pound sand.
Certainly it is frustrating to be blocked from conducting business because you are unable to follow the regulations. But if the regulations are misguided to begin with, perhaps there is some merit in exposing that life and business can continue with reduced bureaucracy.
My particular issue is that I'm trying to arrange to transport my dog across country lines on an airplane. But the county I'm flying to requires my vet to complete a vaccination certificate which then has to be stamped by the USDA APHIS office (normally no big deal). But of course this is currently impossible because USDA APHIS is shut down and doesn't even answer their phones. It's not clear if any alternate path exists to get around this.
Twice in my life I have needed to get a cat from Point A in central time to Point B somewhere in California. Handling all the vaccinations and associated paperwork was (in one case) annoying or (in the other) the person who actually owned the cat not remotely organized enough to have records.
It turns out some domestic airlines will permit you to fly with a pet on-board in a soft-side case under the seat where one might normally put a bag. This may or may not work for you, depending on how patient and large your dog is and how big your budget is.
The person to whom you replied is trying to import an animal into a foreign country. Doing that, even for pet-in-cabin and service animals, requires a certificate from the USDA. The same process as domestic flights won't work in this circumstance, unfortunately.
that having been said, we will still require an EPA site inspection, and im pretty sure when that happens theyll be rather accommodating to any lapses in certification. Id dread having to check that voicemail box though.
I'm not sure there's a test sensitive enough to make this distinction. ;)
That said, I agree that the way browsers handle SSL can mislead users about their privacy and security on the Internet.
Unfortunately in reality very few organisations actually revoke certificates. Revocation doesn't really work anyway (except for EV certs), but even if it did, most organisations still probably wouldn't do it.
Expired certificates must therefore be treated with at least the same alarm as revoked certificates, which is the most severe status condition you can return (as it could mean "we believe someone else to have access to the private key").
Care to elaborate?
* If at some point in the certificate's life it was leaked, but you didn't notice and so didn't get it revoked.
* If there are old certs kicking around and you're not sure of the details. e.g. previous owners of the domain, previous sysadmin who was careless with their recordkeeping, and suchlike.
* If a certificate has been revoked, but CRL distribution isn't as good as we'd like so people don't know about it.
* If certificate issuance rules have updated/tightened, e.g. SHA1 Deprecation.
* Limits the ability of CAs to back-date certificates to get around rule tightening (which they shouldn't be doing anyway, of course, but might hope to do undetected)
All of these are slow-moving security issues, so you're no more at risk the day after the cert expires than you were the day before. And hopefully not many sysadmins have problems like lost certificates, which makes the protection cert expiry offers seem redundant.
I find this misleading because the implied value of the certificate to the end user, that "you can be sure you are talking to the entity you think you are talking to and nobody else", is not really what the issuer is promising. They're just saying something like "we verified the company that bought this really is named XYZ". They are NOT saying that "the entity that operates the server you're communicating with is under the control of XYZ corp". It's entirely possible for a certificate to be sold to XYZ corp, which emails the certificate to a IT consultant, which FTPs it to a Word Press hosting company that deploys it to a server run by a cohosting company where it's used to market services that are fulfilled by independent contractors. The issuer doesn't touch on anything beyond the first step in that chain but the browser's freaking out and going full red screen the second the certificate "expires" might make you think that it does.
Your connection is not private
Attackers might be trying to steal your information ...
This server could not prove that it is disasterhousing.gov;
its security certificate expired 21 days ago. This may be caused
by a misconfiguration or an attacker intercepting your connection.
I think users would be better served if certificate expiration was a more subtle warning, that perhaps slowly increases its panic-inducing-messaging over long time frames.
Of course it does. A certificate is more than a key. It's an attestation that the signer verified that the subject was the one receiving the key. Without expiration dates, I only need to control the domain for a short period of time to get a certificate that says I am that domain forever.
Say I present a self-signed, expired certificate with a bad signature and the wrong domain name. Which one does the user get warned about?
This has important practical concerns. A cert being T+1 second expired is irrelevant from a security standpoint, but if that short-circuits all the other checks...
With a sufficiently short lifetime, you can throw up another barrier to compromises.
2+ year expiry on certificates has been pretty commonplace until LetsEncrypt's 90 day policy.
It's absolutely possible that this could occur, but practically, the difference between a correctly issued but expired cert and a non-expired one is minor.
Some of the sites listed use EV certificates, which aren't supported by Let's Encrypt.
And using Let's Encrypt for automated renewal comes with risks of its own. Note, for example, that very few of the "major sponsors" listed on the Let's Encrypt website use Let's Encrypt for their own sites.
Enterprise is inherently more risk averse than most parts of our industry, largely because they can put a dollar amount on outages.
It’s not like cert issues are a solved problem either, O2 (massive uk telecoms provider lost data access for 20 million customers because of cert issues a couple of months ago).
Immensely curious how you came about this conclusion of all the possibilities available
How long do you think the average company's IT infrastructure would continue working if all employees instantly dropped dead? With no one to respond to any issues that crop up, and nothing that isn't 100% automated happening at all?
The biggest benefit of lets encrypt for companies is not the price. Having someone responsible for renewal, getting the bills through the billing system and approved, getting it installed. All those steps involve employees that could be spending their time on something more important. If any part of the chain fail there will also be a massive fallout which can be very costly. Automated renewal changes all this to a initial cost during construction of the service, usually during the per-production phase.
My concern would not be about the automated renewal if all employees instantly dropped dead. Sooner or later a service will hang, some resources exhausted, and things stop to work.
One data point does not make a very useful statistic, and most definitely does not make a meaningful statistic for making decisions about production systems.
I personally find anecdotal information useful from people who work professionally on it when there is no other information available. I find the top comment in this thread interesting even if its just a single data point from a diesel engine mechanic.
Same, it's magic. Works perfectly.
Only annoying part, UptimeRobot spits out some warnings, "Your certificate is set to expire soon..." but thanks to auto-renew I don't have to do anything about it.
Infra that I've built? Years. If that makes me above-average, I hope it's only barely.
Guess what :)
The reason a significant portion of the US government is shut down is because they literally have no money to spend because congress hasn't raised the debt ceiling to allow the government to borrow more money. So the 'spending limit' you mention would have been $0.00 the moment the shutdown happened.
Probably a better solution is to no longer run the government with a spending deficit.
It's easy to have services working unattended for a long time when someone else is responsible for maintaining the hardware; even better if they're maintaining the OS updates too.
Now if all the datacenter staff are furloughed too ... the first usually trivial issue might take everything down.
Not experienced enough to have an answer
If you're doing it for free as a favor for a non-technical friend then yes, almost certainly you will need to do at least some maintenance work in the future.
The article mentions it is a thing in the following cases:
"""Any website that’s hosted on cloud.gov, search.gov or federalist.18f.gov won’t go down as they rely on Let’s Encrypt certificates that automatically renew every three months."""
As a contracting project, I imagine it would be pretty expensive to upgrade every single website of the US federal government to use Let's Encrypt. How many different operating systems and web server setups there must be?
What if the contract has a problem? It happens. What if the approving official is out sick for a month? It happens.
Not knowing how to set these things up? I don't really think that's an excuse. This should be addressed in the requirements.
Source: I've worked in and with the federal government for more than 25 years.
Automation doesn't matter if the spending isn't approved.
> because so many federal workers have been sent home on unpaid leave — or worse, working without pay but trying to fill in for most of their furloughed department — expired certificates aren’t getting renewed. Renewing certificates doesn’t take much time or effort — sometimes just a click of a mouse. But some do cost money, and during a government shutdown there isn’t any.
My personal guess is that the author of the article doesn't know which it is.
I'm not even saying why they don't have .gov CA with auto-renewal infrastructure - that'd be too much to ask. But at least some foresight?
Also, isn't this the longest ever?
First, most of these are basically info portals. Nobody is trying to steal or corrupt the data points for the fiscal budget expenditures this year, or the report on residential heating in remote arctic villages. In addition, none of the data is secret or private. So the data doesn't need to be protected.
The other reason people say everything needs HTTPS is not data security, but attacks on the client. If you use HTTP, someone can subvert the packets to inject malware into your client, etc. But this would be impossible if the browsers had methods to cryptographically verify the data's integrity without needing to keep it private. In other words a checksum, possibly even out-of-bound. This can be done securely and without the need to constantly expire and re-issue a certificate, and it also enables several useful technologies which require inspection and passing of data content in different scenarios.
Finally, the increased dependence on encryption for all communication makes our communication more fragile, and this is a great example. In the future, if everything uses https, and certs expire, either most of the content of the web will expire, or if we allow clients and tools to not verify certificates, we undermine the purpose of the certificates to begin with. Let's Encrypt cron jobs will not work forever (if you don't upgrade, eventually the crypto you were using for your cert will become obsolete), network operations can be attacked to prevent re-signing, not every domain has a server that runs cron jobs, there's no guarantee Let's Encrypt will be around forever, and it may not work in non-US countries.
Unrelated, but I also think expiring certificates can be worked around. They force you to expire and re-sign them because they could get cracked or (less likely) the private key could leak. But certificates can also be revoked at any time. As far as I can tell, it's not possible to tell if a certificate has been revoked if an attacker doesn't want you to be able to tell, since PKI has to work offline. So you could be getting pwned all the way up to the cert expiring. Instead, we could simply expire certificates when we want to rotate them, rather than letting them auto-die and catch unaware admins with their pants around their ankles.
Some people say we need to get rid of PKI, but I don't think that's a good idea. Rather than throw the baby out with the bath water, let's improve the baby. That goes for the registrars, CAs and DNS, too. (The way cert signing happens today is, I think, a bit of a joke, and registrars need to play a more key role)
In 2018, that was the Democrats for example, who veto'd the clean CR in hopes to pass immigration reform. Fortunately, that shutdown was pretty short.
In 2019, there is a clear party which is refusing the clean CR agreement.
An extra domain and a cert are essentially costless if you're managing more than a handful already, so what's the probem?
But I have never seen the return between the wall, Trump and his real estate mentioned.
Is it plausibel that he wants a shutdown, so he can earn more money by building a wall?
No, more likely, there's a sysadmin somewhere that's furloughed, has the reminders in his inbox, and has to kick off an arduous procurement process involving three layers of bureaucratic horseshit involving five signoffs each, and at least a 60 day window before Verisign nee Symantec gets paid an exhorbitant amount of money and issues the all important bit of code.
No doubt this is exaggerated, but I firmly believe that government/large enterprise procurement is one of the levels of hell. Take something that should be a simple, five minute process and stack layers upon layers of nonsense on top.
Also, you're conflating "illegal immigrants" with "immigrant populations". When mentioning crime, you suddenly switch to discussing a group of people who have patiently followed the immigration law and paid all the fees.
For illegal immigrants vs. native born population, it still holds true that the immigrant population has a lower crime rate (1).
So, if walls don't work, isn't that an even better argument for Democrats to just give Trump his wall money? After all, it won't have any substantial effect on Americans, but this shutdown sure will if it keeps going. Or are Democrats more concerned about being the party of anti-Trump than being the adults in the room? After all, every right-thinking person knows Trump is the child throwing a tantrum in this shutdown. So wouldn't we be better served by Democrats taking care of Americans by ending the shutdown than teaching Trump a lesson in the minutiae of wall effectiveness per dollar spent?
I've never been the victim of ransomware but I assume I'd pay it if the alternative was to lose pictures of my child growing up.
Regardless how what percentage of people come via visa overstay or not, and regardless of what officials say when asked about solving an illegal immigration issue, the bottom line is that the area is so incredibly dangerous because gangs and criminals prey on anyone who attempts the trip and has the misfortune of encountering them. Over the years, it's quite likely that thousands, perhaps hundreds of thousands of victims of violence have been created purely because they make this dangerous trip. Why not put an end to this violence once and for all? They would not make this trip anymore if there was no simple way to cross the border.
Most places don't have a wall. Characterising the lack of a wall as the border being unprotected seems unfair.