Hacker News new | past | comments | ask | show | jobs | submit login
Peter Eckersley has died (letsencrypt.org)
846 points by dredmorbius on Sept 3, 2022 | hide | past | favorite | 65 comments



Peter, I'm lucky to have called you a friend. This happened to suddenly and quickly, I'm reeling. You were magic.

He exuded love and charm. He would be overjoyed to see me and give the best hugs whenever we ran into each other. He is this super accomplished person but that was never the conversation. I've known him for years and it's only now that I discover his LetsEncrypt involvement. It speaks volumes to him, he was so focused on everyone around him and filled with love for them, never self-promoting, just loving and being amazing. He would give the best hugs, and few seconds longer than most, and you could hear him smiling while he does so. Thank you Peter


Thank you for this. Captures my feelings perfectly as well. You're right about those hugs, hah! I don't think I ever even noticed before, looking back on memories that are now a decade old. Never self-promoting indeed!


This is the Peter I knew too.


Same. The hugs.


Beautiful tribute — you captured Peter perfectly.


Thanks Mike. Big hugs.


Beautiful eulogy. I'm sorry for your loss.


> Peter has also cofounded or [co]-created many impactful privacy and cybersecurity projects, including Let's Encrypt, Certbot, Privacy Badger, HTTPS Everywhere, Panopticlick;

From his website: https://pde.is/about/

RIP


> Peter's AI policy work has mostly been on setting sound policies around high-stakes machine learning applications such as recidivism prediction, self-driving vehicles, cybersecurity, and military uses of AI. He also has an interest in measuring progress in the field as a whole. His technical projects have included SafeLife, a benchmark environment for reinforcement learning safety; studying the need and role for uncertainty in ethical objectives of powerful optimising systems, and evaluating calibration and overconfidence in large language models.

What utterly valuable work. I did not know of his existence til now, but I remember when I first used LetsEncrypt to get a cert for my website. It was so much easier than it had been before, and it was free.

And as I have thought of so much lately, developing compassionate, sound policy for the technology we create is so often lacking in our work. https://pde.is/posts/docs/Report-on-Algorithmic-Risk-Assessm...

I am sorry not to have known of him while he was here, and I am grateful for his work.



I had always thought that LetsEncrypt, PrivacyBadger and HTTPS Everywhere somehow "felt"… similar. And now I learn that the same person had been behind them. What a sad day.


I knew they came from the EFF, but nothing more


I lost count of the number of times I've danced with this wonderful human all through the night in cities all across the world.

It's a kick in the gut to know that can never happen again.


I also miss dancing with peter. Fuck cancer


The imagined memory of you dancing with peter brings a huge grin to my face. Thanks for this.

Fuck (and cure) cancer.


May you share those memories with others for many years to come. Wishing you both excellent health and peace.


Getting certificates used to be annoying and cost money, so many, many websites just didn't bother. It used to be only bigger websites with multiple webmasters/ops people/developers supported https.

I don't have numbers to support this, but I think Letsencrypt and its related initiatives had an extremely significant impact on the amount of web traffic that is encrypted, resulting in a hugely safer and more secure experience for users and organizations around the world.

What a legacy. Rest in peace.


A sad loss of a great man.

It would be a lovely gesture if Let's Encrypt added a special field to their issued certificates in honour of Peter's memory, much like many web servers around the globe send the "X-Clacks-Overhead: GNU Terry Pratchett" HTTP header.


+1


I thought of the same idea myself, but (as someone who worked on Let's Encrypt with Peter) I don't think Let's Encrypt would be willing to make this choice for all of its subscribers, and I think Peter himself would place a higher priority on web sites getting encrypted than on the web sites paying tribute to him (and increasing the network traffic associated with a TLS handshake might provide a slight disincentive for some sites).

It's a super-sweet idea, though!


Super humble guy. Chatted with Peter a few times at meet-ups, talks etc. Never had any idea he was so accomplished. He will be missed.


I wrote 10-15k rulesets for https-everywhere, starting when he was the maintainer. It was his generous understanding that got me from stupid to addicted, and I enjoyed our personal conversations going forward.

He asked to meet up, but it would have been at least a hundred miles to wherever he was speaking at the time. I regretted not putting the effort in - as well as being curious, kind, and understanding, he had the kind of systematizing mind that "sync"s so easily that he could almost instantly know what you're talking about and have a conversation about anything substantive. I regret losing touch.

I don't know what else to say. Shocked, saddened. I'm sure he'll be remembered for his contributions, more than most of us could ever hope for. Godspeed.


I met Peter at NIPS, and knew of him though the burning man tribe called Phage. In our brief encounter he took the time to listen, he seemed humble and free, like he was living his best life and true to himself. Sad to hear of his death, he made the world a better place.


He was a tutor in one of the CS subjects I took at Uni of Melb (I think it was Computer Graphics? not sure now). He was just way too smart - one of those true computer scientists. He spoke well, he was detailed and thorough. Wish his family all the best.


Yes, it was computer graphics. He was a great person.


Peter was an amazing friend who advised my startup hcaptcha on its privacy policy and was incredibly useful for coming up with practical solutions to hard problems. I’m pretty sure he also advised openai on some of the smarter things he did. On the same day peter died they told me they were giving up on curing my father’s cancer . Fuck cancer


I notice no Wikipedia page for Peter. I am interested in compensating someone to create one for him if someone is willing to do so.




Sad to say I had never heard of Peter, I'm a younger guy and only been in the industry for a couple of years. What an incredible legacy. Hope he passed in peace and comfort. RIP


Let's Encrypt is something we all came to take for granted very quickly, but lots of us remember when getting an SSL certificate was an expensive and tedious process. Deprecating a billion dollar industry overnight and providing better security for internet users everywhere is a hell of a legacy to leave behind, and I hope one that will be an inspiration for generations to come.

Rest in peace.


I remember doing validation calls with Verisign in Switzerland to get an “extended validation” certificate for a customer. It felt like applying for a passport. We had to fax them stuff too IIRC.

Now I issue 100 certificates per day fully automated for customers using Caddy and LE.

Indeed a legacy. RIP.


E.V certificates are alive and well.

And don't even get me started on EV Code Signing certificates :(

That said; it is indeed a lot easier to do TLS/SSL today; even the standard "DV" certs were not fun and at larger companies was a near-fulltime job.


Wait, really? What are EV TLS certificates actually used for nowadays since all browsers deprecated the "green bar" UI?


Yep.

Green bar is an implementation detail.

The main draw of EV certs is the insurance you get, I think it’s even still part of PCI-DSS


I do not recall having to get EV certs for PCI. Our auditors were always fine with the Geotrust/Digicert DV certs. Is this part of the 4.x spec? Can you link to the requirement for EV certs?


Not really, but a large number of auditors (not sure if it's "most" but it's still surprisingly many) do insist on EV for some reason (and as you point out, it's not even mandated in the spec itself, at least the current ones). The insurance aspect, well it depends, our lawyers said that "insurance" on EV products (by DigiCert and Globalsign at least) are simply legalese garbage but I can remember a broad-spectrum cyberinsurer insisting on EV certs. Oh well, it's ultimately their territory, not ours.

Edit: thanks for reminding me that PCI-DSS 4.0 is now released - but it only states that you must securely deliver sensitive information over open networks (including internet) and explicilty bans all SSL versions and TLS lower than 1.2, which is the same as 3.2.1. It even references a NIST document which shows methods for automatic cert issuance featuring Certbot (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.S...).


For what it's worth and given there is risk in doing this, but one can work with their contacts at the payment processor to manually pin certs on both sides. There is operational risk and both sides have to be vigilant with monitoring and communication but that can be an even better assurance of transport security in some fringe PCI cases. I recall two of the major processors were open to this. No idea if they still are. I just would not put it in the internal official documented PCI or SOC1/2 controls or one would be stuck doing this. Could be useful as due diligence if legal are that nervous about the PCI environment. Maybe just documented in a JIRA or internal ticketing system.


Makes sense. I was just making sure I was not missing something or that it was not quietly added to a recent addendum/revision of the PCI spec.


That industry value would have surely multiplied given how search engines and browsers are devaluing/warning on non-secure connections.

Once you can figure out how to non-interactively renew those certs, it's fire and forget now.


> That industry value would have surely multiplied

Nope. The industry warning and devaluing unencrypted connections was enabled by low cost configuration and zero cost issuance.

There is almost no chance that browser vendors would have proceeded with "deprecation" of unencrypted HTTP traffic without free issuers; the response from businesses would have been overwhelmingly negative.


The big shift was done when Google said that they would start to demote sites not using https only.


I went to high school with Peter - he was a warm, bright, inspiring friend. Although we lost contact in the early uni years, I credit the interest we shared in programming and problem solving with my career in computer science and have followed him and his considerable achievements from afar.

My thoughts go out to his family too, who I found to be as warm, welcoming and as intellectually curious as Pete.

Vale Peter.


This is horrible. pde was the person who asked me to get involved with Let's Encrypt, and introduced me to many of the people that I've worked with the past several years at both the EFF and ISRG.

Rest peacefully, my friend.


Rest in Peace Peter, you made the internet and perhaps the world a more secure place, and thus a bit better. Many will never know such glory.


- He was roommate of Arron Schwartz .

- Cencer was early stage , Operation Went wrong and everything went down rapidly. That looks like accident

- Like Arron Schwartz he is activist of Privacy and Secure Internet

- He is working against use of AI on Military


RIP. The man has just solved mass SSL problem for internet, before that, things are just so tedious.


What an incredible career. His work made the internet so much better for all of us. RIP.


dang, could you kindly add a black bar in honor of Peter? There are few as deserving as he.


I have not met him but have used his LetsEncrypt service. I felt thankful for existence of such service. RIP.


A sad one. Rest in peace, Peter.

What an impact!


Colon cancer. Fuck. RIP. (Reminder to get checked etc)


Oh shit, that's terrible. I was hoping to talk to him again.


THANK YOU Peter, you did a good job in life !


any news about cause of death?


RIP.

Thanks for Let’s Encrypt.


RIP Peter


RIP


[flagged]


The downvotes and flags were correct. You took the thread on a classic generic flamewar tangent. The guidelines specifically ask you not to do that: "Eschew flamebait. Avoid unrelated controversies and generic tangents." - https://news.ycombinator.com/newsguidelines.html.

Then you broke them again ("Did you know the mRNA shots") and again ("Pfizer tried to hide their clinical data") and again ("Downvotes are [etc.]") and again ("you're so reactive emotionally"), and so on, pouring fuel on the fire and taking the thread extremely offtopic. All that is obviously against the rules and amounts to vandalism.

We've been asking you to follow the site guidelines for years now:

https://news.ycombinator.com/item?id=30197457 (Feb 2022)

https://news.ycombinator.com/item?id=26116840 (Feb 2021)

https://news.ycombinator.com/item?id=22274517 (Feb 2020)

https://news.ycombinator.com/item?id=21195104 (Oct 2019)

https://news.ycombinator.com/item?id=19815709 (May 2019)

https://news.ycombinator.com/item?id=18132361 (Oct 2018)

... yet you've continued to do it regularly:

https://news.ycombinator.com/item?id=32668726 (Aug 2022)

https://news.ycombinator.com/item?id=32453743 (Aug 2022)

https://news.ycombinator.com/item?id=32207241 (July 2022)

https://news.ycombinator.com/item?id=32206640 (July 2022)

https://news.ycombinator.com/item?id=32040335 (July 2022)

https://news.ycombinator.com/item?id=31706537 (June 2022)

https://news.ycombinator.com/item?id=31706382 (June 2022)

https://news.ycombinator.com/item?id=31635513 (June 2022)

In fact I'm finding it hard to find a recent comment by your account that isn't political battle, breaking the site guidelines, or (most often) both.

You're way into bannable territory. I'm not going to ban you right now, but if you keep this up we're going to have to. HN is trying to be a specific type of website. You're not just using it against the intended spirit, you're contributing to destroying it. We can't allow that, so please stop doing it.


so this guy gets to break tos for years yet you ban me after one infraction.


More than one:

https://news.ycombinator.com/item?id=17823155 (Aug 2018)

https://news.ycombinator.com/item?id=17815070 (Aug 2018)

You also deleted some comments around then, which presumably were even worse.

The main difference between your account and the GP, though, is that you were breaking the site guidelines within a day or two of creating your account. The threshold for banning is lower in that case, since such accounts are far more likely to be trolls (and often serial trolls). That, plus spam, are the cases when we use shadowbanning.

The GP account, by contrast, has been around for over a decade. In such cases, yes, we prefer to give warnings before banning. I think most users would consider that reasonable.

The same deal applies to you as to other banned accounts though: if you don't want to be banned, you're welcome to email hn@ycombinator.com and give us reason to believe that you'll follow the rules in the future. They're here: https://news.ycombinator.com/newsguidelines.html.


You’re being downvoted because his death wasn’t for “unknown reasons,” at least not that broadly. He was diagnosed with cancer, and he had pre operation complications that resulted in death. Surgery is complicated, bodies are complicated, it unfortunately happens. Starting conspiracy theories off the backs of a well liked, and imo amazing person, is unpopular.


[flagged]


This is wildly inappropriate comment to make on a notice of his passing. Would you spit out all this jibber jabber at a funeral? Please show more respect.


As someone who also lost the vaccine injury/side effect lottery:

There is a time and a place for this kind of discussion. That time is not now and that place is probably not on HN, or at the very least not on a thread mourning someone's death. You are breaking many site guidelines here; at the very least conducting ideological tirades and then editing your posts to complain about downvotes and insulting those who disagree with you. Any legitimate point you might be making is entirely undermined by the insensitive context you to decided to start this conversation in.

Please chill and please show some more respect.


May he Rest In Power




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: