I think Cloudflare enshittifying is a bigger risk that Let’s Encrypt.
Aussie living in the San Francisco Bay Area.
Coding since 1998.
.NET Foundation member. C# fan
https://d.sb/
Mastodon: @dan@d.sb
I think Cloudflare enshittifying is a bigger risk that Let’s Encrypt.
ZeroSSL, plus a few paid companies support ACME (I know Sectigo and GoDaddy do). Sure, the latter are paid services, but in theory you can switch to them and use the exact same setup you’re currently using with Let’s Encrypt, just with some config changes.
They also made it a open protocol (the ACME protocol), so now there’s a bunch of certificate providers that implement the same protocol and thus can work with the same client apps (Certbot, acme.sh, etc). I know Sectigo and GoDaddy support ACME at least. So even if you don’t use Let’s Encrypt, you can still benefit from their work.
I remember the days when each site that wanted to use SSL had to have a dedicated IP.
Why not script it so you don’t have to do it manually?
TLS certificates have huge margins, so web hosts love selling them.
I’d also argue that the fact that it’s 100% automated and their software is open source makes it objectively more secure. On the issuing side, there’s no room for human error, social engineering, etc.
Sometimes the open source equivalent is better. SmartTube is a much better app than the official YouTube app for Google TV / Android TV even though there’s just one developer working on it. Even if it didn’t support ad blocking, I’d still use it. Very nice app.
Similarly, pirate TV/movie apps often have a much better user experience than the legit ones. Compare Weyd, Syncler, or Stremio+Torrentio to the Amazon Prime video app for example. At least on Android (phone, tablet, TV), the Amazon app is garbage even though there’s highly paid employees working on it.
In both cases, the people who work on the independent apps usually care about the user experience and use the app day-to-day themselves, rather than being told to do whatever makes the most money for the company. They have no reason to lock you in or otherwise force you to use the app, and instead compete just by having a better app.
Thanks for maintaining it! I signed up, now I just need to see if anyone’s willing to guarantee my single-user Lemmy instance. Not adding my Mastodon since I don’t know if I’ll even keep running it.
Thanks for the info! I didn’t know about the Fediseer project - I don’t think it existed when I created my Mastodon and Lemmy servers, or I just wasn’t aware of it.
the fediverse seems to be far more resilient against bots, since we can defederate from an instance that gets taken over,
It’s very easy to spin up a new instance though, so I’m surprised there’s not a lot of spam. AFAIK most servers still federate with any new servers by default as soon as a user on the new server subscribes to a person/community on an existing server. That’s important to ensure equal treatment and that new servers are not disadvantaged, but it can also have issues.
The worst is when you expect an existing test to fail, but it passes, and it turns out the test wasn’t actually properly testing the code. Fixing the test finds a bunch of broken edge cases.
The first “temporary hack” I ever wrote for my current job (~January 2014) is still in the codebase.
It’s about the same population as San Francisco.
San Jose metro area is enormous though. For example I’d consider Gilroy (which is famous for its garlic) as being completely separate from San Jose even though it’s well within San Jose’s metro area.
also birds… they’re just spy drones.
Windows itself is technically running in a VM if you have Hyper-V enabled (not quite that simple, but that’s a reasonable approximation). Hyper-V is a type 1 hypervisor which means it runs directly on the underlying physical hardware, and both Windows as well as any VMs you create are running on top of Hyper-V.
I’ve ran Docker in LXC in a KVM before. I used LXC to have multiple containers on a VPS. Then I had to run something that works best with Docker, so I stuck Docker in an LXC.
At least here in California, having solar panels on a non south facing roof usually only reduces production by 10-20%, as long as it’s not entirely north facing. Solar systems are often slightly undersized - it’s more cost effective to size it so it handles average load rather than the summer peaks you only see for a few weeks per year - so the actual difference for a given system may be less.
With my system, I see the best output from south-east facing panels since they get the morning sun. West facing panels are also fairly popular here due to time-of-use electricity plans. Some electricity plans have peak pricing from 4 to 9 pm, so people want to try and collect as much sunlight as possible during that period before sunset.
Shouldn’t be too difficult to swap it out for ZeroSSL. You’d need to remember to update CAA records though.