The Boeing of today is merely a husk of its former glory. If the U.S. had another viable domestic airplane manufacturer I bet we’d see a lot more pressure on them. That can still happen. I hope it does.
The commercial aircraft part of McD was dead when the merger happened. The had a cash cow called the "MD-80", which was a derivative DC-9. That had stopped selling.
Boeing got more value out of the defense part of McD.
You shouldn't beat yourself up too much. TLS is HARD and poorly documented, and implementations vary significantly between applications and vendors (and are very dumbly designed). TLS is what you get when you let someone implement technology with specific domain knowledge (encryption) but no UX abilities or a comprehensive understanding of how their solution will be used.
I had the same horrified realization a few years ago when someone explained Certificate Transparency[1] to me.
ah, my mistake then. i use a wildcard dns-record but separate letsencrypt-certs for every subdomain. so to truly be stealthy i'd have to use a wildcard dns-record AND a wildcard ssl-cert.
sounds like i got myself a project for this weekend, implement a wildcard cert for my rev-proxy at home :)
EDIT: i guess the logs would still show the old certs, so my subdomains would still be exposed. huh. at least future subdomains would be hidden.
EDIT2: are there more ways for subdomains to get exposed, other than through DNS or SSL-Certs?
i use NPM at home. tested caddy a bit but i really liked NPMs convenience of having a Web-UI. allows me to do stuff remotely on my phone without having to dive into conf files.
anyways, what i liked about caddy was how easily it handles SSL-certs, for sure makes it easier to use! :) gonna have to look into how i can give a wildcard-cert to my rev-proxy.
reply