My case, I have to manage a portal for old tvs and those don’t accept the LE root certificate since they changed a couple of years ago. Unfortunately the vendor is unable to update the firmware with new certificates and we are sold
Yeah that LE root certificate change broke our PROD for about 25% of traffic when it happened. Everyone acts like we control our client's cert chains. Clients don't look at the failure and think "our system is broken - we should upgrade". They look at the connection failure and think "this vendor is busted - might as well switch to someone who works". I switched away from LE to the other free ACME provider for our public-facing certs after that.
Only for devices that do not allow you to patch the CA bundle as an aftermarket repair. Call your representative and demand Right to Repair legislation.
That is ... basically all of them? Other than general purpose desktop/laptop computers that is. Show me a TV or smartphone that does allow you to push new roots to it...
> If roots rotate often then we build the muscle of making sure trust bundles can be updated
Five years is not enough incentive to push this change. A TV manufacturer can simply shrug and claim that the device is not under warranty anymore. We'll only end up with more bricked devices.
> 1. These might need to happen as emergencies if something bad happens
Isn't this the whole point of intermediate certificates, though?
You know, all the CA's online systems only having an intermediate certificate (and even then, keeping it in a HSM) and the CA's root only being used for 20 seconds or so every year to update the intermediate certificates? And the rest of the time being locked up safer than Fort Knox?
The thing is even the most secure facilities need ingress and egress points.
Those are weaknesses. It’s also that a root rotation might be needed for completely stupid vulnerabilities. Like years later finding that specific key was generated incorrectly.
Chrome root policy, and likely other root policies are moving toward 5-years rotation of the roots, and annual rotation of issuing CAs.
Cross-signing works fine for root rotation in most cases, unless you use IIS, then it becomes a fun problem.
there was an ad, or a presentation in a conference keynote, from when microsoft built phones, showing a user leaving the house and continuing what was he doing in the car in a very futuristic way. I can't find it now, but was something crazy by then, the continuum idea was also a good one, but here we are, walled gardens and nothing smart about them.
Look up the AT&T "You Will" advertising campaign sometime. This ran beginning in 1993, and I remember seeing at least a few of the spots at the time.
What these ads (and much speculative fiction, say, Arthur C. Clark particularly the "newspads" (tablet computers) in 2001 and "minisecs" (smartphones) in Imperial Earth) portrayed was capabilities without consideration of commercial and market imperatives. Capabilities promised empowerment and enablement. Markets delivered enshitiffication and enclosures of commons.
And as Timothy B. Lee noted, "the ads were mostly wrong about one thing: the company that brought these technologies to the world was not AT&T". AT&T's networks deliver much of the content and messaging which was portrayed, but the services themselves are not rooted in AT&T, either the original firm or its remonopolised successor organisation.
Microsoft's vision was portrayed as well in the Bill Gates book The Road Ahead, published about the same time (1995). Again, it envisioned much, but little of that vision was delivered directly by Microsoft (though much of it was in fact experienced on computers running Microsoft's operating system, at least until the smartphone revolution supplanted it).
maybe it doesn't do everything postman does, but I'm very happy using the rest client extension in vs code, the http files with the api calls are commited to the source code repository along with the code is easy to use, does what i need, and is easy to share with my colleagues.
I don't have a problem with the notch, I have a problem with the icons not showing in the status bar and there isn't a *** way to show them. It's so difficult to add a overflow button that shows the hidden icons?
the main reason is probably that the chip is already outputting the image in a lossy format, and if you reorder the pixels you must reencode the image which means degrading the image, so it's much better to just change the exif orientation.
JPEG can be rotated losslessly. `jpegtran` can do it, for example (and comes with a script called `exifautotran` to automatically normalise the orientation of a bunch of JPEG files at once).
I was on the real state listing site side long time ago, we were trying to block scrapers from getting our data, at the en we loss, and now we pay them to send us users instead of paying Google ads because it’s cheaper. Fun times
That kind of search is already available in many portals. You can actually find the shape of a polígon with the places you can reach in 1h of conmuté easily, as there is a google maps api for it (distance matrix) and finding the properties in a polygon is a solved problem. (
I suppose for any in europe waking up like me that I can save you one click and some time.