| Website | https://ben.reser.org |
Hang on.
With advances in computing, programming languages, and shared assumptions, "trivial program" is a huge domain now.
Authenticated requests to a server for specific data extracted from text files on disk, in a structured format, pretty-printed, in <100ms? 30 years ago that was a *chore*. Now? 22 lines on my end.
Coding gets more powerful and approachable every day.
Yet someone wants me to rent a fleet of bots to write 5,000 LoC that needs an audit and still doesn't do what I need.
A six-month international study found that a four-day workweek with no reduction in pay significantly improved employee well-being, job satisfaction, and sleep quality, with burnout dropping most among those who reduced their hours by eight or more. "The results indicate that income-preserving four-...
@teriradichel Let's Encrypt supports wildcard certs and they are free. https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578
Of course the cost here is these are short lived certificates, not the 1 year certs that paid CAs offer.
Today we’re happy to announce the availability of our ACME v2 production endpoint. This is a technical post with some details about the v2 API intended for ACME client developers. End users can begin issuing trusted, production ready certificates with their ACME v2 compatible clients using the following directory URL: https://acme-v02.api.letsencrypt.org/directory Remember: You must use an ACME v2 compatible client to access this endpoint. Please consult our list of ACME v2 compatible clients....
Here is an email I've just sent to the CTO of Washington State Patrol, who are responsible for Amber/Silver Alerts, on this topic:
Good afternoon Mr. Wallace,
Apologies if you are not the correct point of contact for this message, but as the CTO I assume you own the tech stack/software approvals process at WSP. If there is someone better suited to handle, please forward on.
I just wanted to flag that every recent Amber or Silver Alert that has been triggered by WSP, has included both a link via the commercial link shortening service bit.ly, and those links, when accessed go to the social media site X.com, formerly Twitter.
I've worked in information security for about 20 years, and I think that presence of these commercial tools in official alerts represents a significant risk. They are essentially turning the commercial services into critical infrastructure. X.com, which famously fired the majority of its workforce, including its information security and privacy team over the past few years, is probably not able to cut it in regards to meeting any security or privacy standards, and therefore shouldn't be relied upon as the primary source of information attached to these alerts.
Bit.ly links can go anywhere, and can be managed by just a username and password, which makes them a prime target for malicious actors seeking to phish people. A safer option would be a .wa.gov in house shortening service that everyone knows is managed by folks who have authenticated to the service using strong authentication.
Ultimately, the aim of these alerts, be they amber/silver, or whatever else - is to get information to as many people quickly and effectively. By all means relay the alerts via multiple social media channels, but the 'default' landing point should not be X.com, which to be frank, is often broken anyway. We absolutely should be able to do this using government hosted tools and services, rather than relying on some of the worst corners of the private sector.
Anyway, I hope you can take this feedback on board. I know it's something that a lot of us in the information security sector in Washington have discussed. Happy to talk about it further.
Cheers, and thanks for your attention on this issue,
Mike Sheward
Random Geek
Anil Dash
Slashdot 
Mike Sheward