[HN Gopher] Tell HN: Thanks to thehodge and littlewarden.com, th...
___________________________________________________________________
Tell HN: Thanks to thehodge and littlewarden.com, this site is up
today
A few days ago we got an email from HN user thehodge
(https://news.ycombinator.com/user?id=thehodge), aka Dom Hodgson,
telling us that HN's SSL cert was about to expire--as indeed it
was. All the renewal notices had been going to Scott's old YC
email, which no longer works. Dom runs https://littlewarden.com/,
which monitors sites for upcoming issues and lets you know when
you're about to publicly embarrass yourself. In a twist on eat-
your-own-dog-food (eat someone else's dog food as a service?), he
had set up alerts for HN in their system. Lo and behold, it
delivered the goods, and that is why you're reading HN as usual
today instead of certificate scoldings, and therefore also why my
ass is in a saved state, which is how I like it. I figure the
least we can do is proclaim our thanks, so all hail Dom and Little
Warden! Yes, I know most of you can do this in 3 lines of Python
and a cron job, and yes yes, there are other alert services--but
only one has personally helped you waste time unimpeded on the
internet. That is all.
Author : dang
Score : 748 points
Date : 2021-09-09 17:35 UTC (5 hours ago)
| dang wrote:
| A sadly-now-deleted comment mentioned certdays.sh, which a quick
| search shows was posted by its author here:
|
| https://news.ycombinator.com/item?id=24967320 (Nov 2020)
|
| Edit: ok, what the hell:
|
| _addons.thunderbird.net SSL certificate has expired_ -
| https://news.ycombinator.com/item?id=28116117 - Aug 2021 (55
| comments)
|
| _W3.org Cert Expired_ -
| https://news.ycombinator.com/item?id=27363813 - June 2021 (119
| comments)
|
| _Cmake.org SSL server certificate have expired_ -
| https://news.ycombinator.com/item?id=27314666 - May 2021 (3
| comments)
|
| _.NET NuGet Package Validation Broken: Certificate Expired_ -
| https://news.ycombinator.com/item?id=25929235 - Jan 2021 (4
| comments)
|
| _Krebsonsecurity.com has an expired SSL certificate_ -
| https://news.ycombinator.com/item?id=25132182 - Nov 2020 (63
| comments)
|
| _Intermediate certificate used for issuance of Comodo certs has
| expired_ - https://news.ycombinator.com/item?id=23360624 - May
| 2020 (6 comments)
|
| _Techcrunch SSL Cert Expired_ -
| https://news.ycombinator.com/item?id=22422227 - Feb 2020 (95
| comments)
|
| _Microsoft Teams outage due to expired certificate_ -
| https://news.ycombinator.com/item?id=22227266 - Feb 2020 (172
| comments)
|
| _Mozilla Expired Add-Ons Certificate Post-Mortem_ -
| https://news.ycombinator.com/item?id=20423221 - July 2019 (3
| comments)
|
| _DNSCrypt - how expired certificates became a thing of the past_
| - https://news.ycombinator.com/item?id=19830910 - May 2019 (13
| comments)
|
| _Apidock.com SSL cert is expired_ -
| https://news.ycombinator.com/item?id=19731409 - April 2019 (3
| comments)
|
| _O2 outage due to expired Ericsson certificate_ -
| https://news.ycombinator.com/item?id=18622169 - Dec 2018 (89
| comments)
|
| _Over half the firmwares uploaded to TCSL Armor have invalid
| certificates_ - https://news.ycombinator.com/item?id=17993511 -
| Sept 2018 (17 comments)
|
| _All of Oculus's Rift headsets have stopped working due to an
| expired certificate_ -
| https://news.ycombinator.com/item?id=16541235 - March 2018 (376
| comments)
|
| _Ask HN: Does YC blog has an expired SSL certificate?_ -
| https://news.ycombinator.com/item?id=14580560 - June 2017 (3
| comments)
|
| _Mac Store Apps Stopped Working Due to Expired Security
| Certificate_ - https://news.ycombinator.com/item?id=10560634 -
| Nov 2015 (152 comments)
|
| _Manjaro Blames GlobalSign for SSL Cert expiry after not
| receiving "extension"_ -
| https://news.ycombinator.com/item?id=9366653 - April 2015 (10
| comments)
|
| _Expired SSL certificate_ -
| https://news.ycombinator.com/item?id=9346508 - April 2015 (67
| comments)
|
| _Google SSL cert just expired_ -
| https://news.ycombinator.com/item?id=9321432 - April 2015 (5
| comments)
|
| _Gmail SMTP Certificate Just Expired_ -
| https://news.ycombinator.com/item?id=9321184 - April 2015 (4
| comments)
|
| _index.docker.io was serving an expired certificate_ -
| https://news.ycombinator.com/item?id=9241802 - March 2015 (24
| comments)
|
| _GitHub and BitBucket 's SSL Provider's Cert has expired_ -
| https://news.ycombinator.com/item?id=8090394 - July 2014 (43
| comments)
|
| _Expired SSL certificate. Shall I use the site anyway?_ -
| https://news.ycombinator.com/item?id=7830388 - June 2014 (3
| comments)
|
| _Never mind Heartbleed, Santander are using a cert that expired
| a year ago_ - https://news.ycombinator.com/item?id=7572414 -
| April 2014 (6 comments)
|
| _Mailgun Down - SSL cert is expired_ -
| https://news.ycombinator.com/item?id=7417485 - March 2014 (53
| comments)
|
| _Windows Azure Storage certificate expired?_ -
| https://news.ycombinator.com/item?id=5266947 - Feb 2013 (78
| comments)
|
| _Over a month later and Comcast still doesn 't know how to SSL_
| - https://news.ycombinator.com/item?id=4707854 - Oct 2012 (49
| comments)
|
| _Ietf.org certificate is expired_ -
| https://news.ycombinator.com/item?id=2936159 - Aug 2011 (4
| comments)
|
| _Wikipedia 's https certificate expired._ -
| https://news.ycombinator.com/item?id=2376115 - March 2011 (9
| comments)
| thehodge wrote:
| Yep it happens a lot.. Thanks for linking these, I'll be
| writing a few of these down for a future blog post ;)
| petecooper wrote:
| https://crt.sh/?q=news.ycombinator.com
|
| (for the curious)
| judge2020 wrote:
| Slightly off-topic, but what happened during the time HN was
| using Cloudflare (August 2017 up to August 2018 by the looks of
| it)? Was it a trial and enough people complained about the
| usage, or otherwise had issues accessing from niche user
| agents?
| atok1 wrote:
| I'm not sure with this instance but I do know that people
| complained since CF is the antithesis of privacy and the free
| internet.
| dang wrote:
| https://news.ycombinator.com/item?id=21799223
| milesvp wrote:
| I'm surprised by this comment. Fewer moving parts is great,
| but having managed a news site, where peak traffic can
| dwarf typical traffic, I've just come to accept the
| necessary evil of a CDN. How are you managing the spikes?
| Zealotux wrote:
| Amusing, I embarrassed myself today as I forgot to renew a
| client's certificate. This kind of service is unfortunately too
| expensive for my needs (2 small websites to monitor), wouldn't
| that be possible to have a small software run on my laptop that
| checks a list of websites every day for upcoming expiration?
| cyberge99 wrote:
| dnmin is a small shop that offers it free (I think). I donated
| the guy $10 for the service a couple of years ago. I got an
| alert recently, so it works.
| dharmab wrote:
| In addition to monitoring the cert, consider using Let's
| Encrypt/ACME to auto-rotate certificates.
| amozoss wrote:
| Google cloud does checks (of endpoints or tcp connections).
| I've never been charged as far as I can tell. It sends me a
| text when my site is down, but it has tons of other
| notification options
| geofft wrote:
| You can do this with the following crappy cronjob (monitoring
| the machine where your cronjobs run is left as an exercise to
| the reader / is why you'd want to pay someone to deal with it):
| 0 0 * * * openssl s_client -showcerts -connect
| news.ycombinator.com:443 </dev/null 2>/dev/null | openssl x509
| -checkend 864000 >/dev/null || echo "Certificate is expiring"
|
| Assuming your system has local mail (via the sendmail command)
| working, this will send you an email if your certificate
| expires in the next 864000 seconds = 10 days. If you have an
| MTA installed but don't use local mail on the machine, you can
| use the MAILTO feature to send it to your normal email address.
| atok1 wrote:
| That's pretty useful, thanks.
|
| I can setup a monitor (FOSS) for the computer that is doing
| the site monitoring, since I only use open source software
| that I can inspect.
| amozoss wrote:
| Could pipe it to pushback.io too, super easy way to setup
| push notifications to your phone
| ignoramous wrote:
| Wait: What happened to Scott Bell's (sctb) email ID? Are they not
| part of the moderator team anymore?
| dang wrote:
| That's correct. Ideally we'd have done a celebratory sendoff
| but it wasn't possible at the time (through no one's fault).
|
| https://news.ycombinator.com/item?id=25055115
|
| https://news.ycombinator.com/item?id=23808741
| imwillofficial wrote:
| Awesome story. This has inspired a bit of long forgotten altruism
| in me.
| gwintrob wrote:
| Very kind of you dang and nice site thehodge :)
| [deleted]
| sundarurfriend wrote:
| It's surprising how common this is, from big organizations:
| either letting the certificate expire, or have it be for the
| wrong domain that clearly belongs to the same org - but most
| users wouldn't know or care. So it's a good idea for a service,
| best of luck to thehodge.
| thehodge wrote:
| It happens A LOT, it's mostly because domains, SSLs and other
| 'tedious' things like that tend to get lost in the business of
| 'building something billable' and it's easy to thank that a
| different department owns that bit.
| type0 wrote:
| It's even more common when the certificate is issued for longer
| than 1 year, that's a bad practice- don't do this!
| dEnigma wrote:
| Really cool of you to mention this publicly! As thehodge said in
| his comments this is far from usual, and most big websites would
| just silently renew their certificate without giving any credit.
|
| > Yes, I know most of you can do this in 3 lines of Python and a
| cron job
|
| At first I thought this was a tongue-in-cheek reference to the
| famous Dropbox dismissal by BrandonM
| https://news.ycombinator.com/item?id=9224
| dang wrote:
| I actually stole that line from something Dom said in our email
| conversation...
|
| (Also, this is offtopic but I'm on a quest to get people to
| realize that Brandon's comment has been unfairly characterized:
|
| https://news.ycombinator.com/item?id=28293146
|
| https://news.ycombinator.com/item?id=27068148
|
| https://news.ycombinator.com/item?id=23229275)
| dEnigma wrote:
| Funnily enough I just read some more of the context around
| that comment and have to agree that it wasn't that bad. I
| think people, including myself, mostly remember the "For a
| Linux user, you can already build such a system yourself
| quite trivially by[...]" part. Personally I always find that
| hilarious because e.g. my mother can trivially use Linux and
| Dropbox, but I would have an awful time trying to walk her
| through BrandonM's proposed setup.
| stanmancan wrote:
| I've caught a few of those once it's too late to reply, and
| I'm not sure I entirely agree with your sentiment.
|
| Unless I'm totally out of touch, I've always seen the comment
| referenced as either dismissing a simple solution because a
| complicated one exists, and/or now having a grasp on how
| complicated a solution is. 1. For a Linux
| user, you can already build such a system yourself quite
| trivially by getting an FTP account, mounting it locally with
| curlftpfs, and then using SVN or CVS on the mounted
| filesystem. From Windows or Mac, this FTP account could be
| accessed through built-in software.
|
| Most recently I referenced the comment in a discussion around
| Laravel Forge, which deploys and manages servers for hosting
| websites. I love it personally, but a friend was of the
| opinion that "it's unnecessary, all you have to do to setup a
| server is..."
|
| I get that he was trying to be helpful with his post, but
| that doesn't dismiss the fact that his very first point was
| "You can already do this by..." and then proceeding to
| provide a valid, but complicated solution that very few
| people could do.
|
| There's nothing wrong with his post, but it does act as a
| good reminder that there's room for products that provide a
| simple solution where only complicated options exist.
| OJFord wrote:
| Yes I agree, I mentioned it recently and then shortly after
| saw someone referencing dang's quest in another thread, and
| felt a bit guilty oh-I-hope-mine-wasn't-taken-that-way.
|
| As I said then: 'Usually when I see it it's used either in
| a humbling reminder that the future isn't known sense, or a
| suggestion not to underestimate the value in simplifying,
| de-nerd-ifying existing things that work.' But also
| perhaps/hopefully the most 'jerky' ones get flagged out of
| my view, and unfortunately into dang's.
|
| I certainly don't see (and would flag myself) anything I
| felt was saying 'Oh this [BM] guy doesn't know what he's
| talking about, what an idiot, hahahaha'. It's usually just
| 'oof, isn't hindsight wonderful, I must try to learn from
| this'.
| mutagen wrote:
| Looks like a great service, and it monitors quite a bit more than
| SSL / domain expiration.
| endisneigh wrote:
| This is an incredibly wholesome post all around. Wish all
| internet interactions were like this!
| polote wrote:
| > Yes, I know most of you can do this in 3 lines of Python and a
| cron job, and yes yes, there are other alert services
|
| Ultimate troll :) Maybe dang is the secret writer of n-gate
| temp_praneshp wrote:
| I hope the writer of n-gate is fine. Nothing since mid-july.
| [deleted]
| cedricd wrote:
| So does that mean that YC is now a paid subscriber to the
| service? ;).
|
| Very classy callout in any case. I love the story of a startup
| getting good press for doing something nice. Also this sounds
| like a really good case study for them to put up.
| Poiesis wrote:
| I bet Dang's public note of thanks is worth so much more than
| the subscription revenue that it barely matters if they pay or
| not.
| thehodge wrote:
| Exactly, this post was such a lovely gesture and the HN team
| know there is an account for them if they want one (gotta say
| thanks, afterall, we did launch with a SHOW HN post!)
| dang wrote:
| Oh wow - so you did!
|
| _Show HN: Little Warden, monitoring the tedious things
| about websites_ -
| https://news.ycombinator.com/item?id=15199067 - Sept 2017
| (30 comments)
| mikewhy wrote:
| So "we'll pay you with EXPOSURE"?
| snet0 wrote:
| I think that comment is mostly pointed at people who don't
| actually have "exposure" to barter with. I'm sure a lot of
| people would do commissions for "free" if it meant they got
| put at the top of BigSite.com.
| jtvjan wrote:
| But, of course, bigsite.coms tend to have the funds
| required to not have to ask people for free labour.
| killingtime74 wrote:
| I pay my mortgage with exposure
| fouc wrote:
| How's that?
| imwillofficial wrote:
| Onlyfans
| dmurray wrote:
| If YC were a paid subscriber, the mail would presumably have
| gone to the same defunct email address that the cert expiry
| notice went to.
|
| How does Littlewarden solve that problem? "Personally
| contacting the face of the site through a back channel" is a
| great answer, but not so scalable.
| thehodge wrote:
| We allow multiple emails to be notified for issues, as well
| as the pretty popular Slack integration (along with other
| messaging services)
| petercooper wrote:
| As an aside, I've known thehodge for about fifteen years and he's
| a total mensch. He ran a popular annual hackathon (an actual
| ethical one where everyone won a prize) here in the UK, raises
| money seemingly non-stop for a children's hospice, and has
| launched perhaps 102 random businesses (including an online candy
| store!) and side projects over the years both for his own and our
| entertainment :-D If you want to patronize or support a business
| that's actually run by a good, ethical person, this is the one
| for you.
| thehodge wrote:
| Ha Peter, you are too kind, but I will take this opportunity to
| plug my latest fundraising video :)
| https://www.youtube.com/watch?v=xm2FUOEoy44
| iamben wrote:
| Agree completely! He's a great guy! Excellent work Dom!
| thehodge wrote:
| Thanks for the mention Dang, I monitor a few hundred sites of
| 'importance' and see stuff like this all the time, you are the
| first one however to thank me for an email saying 'you might want
| to look into this!'
| gavinray wrote:
| Wow that's really shitty of all the other ones.
|
| Will you name drop them so I can be angry at their ethics for
| you?
| dang wrote:
| Let's try to avoid the online shaming/callout culture here.
| It's a classic local/global optimization tradeoff.
|
| https://hn.algolia.com/?sort=byDate&type=comment&dateRange=a.
| ..
| xeromal wrote:
| Thanks for keeping the peace, dang
| Zababa wrote:
| Thanks a lot for that!
| perryh2 wrote:
| I've thought about building a similar service before and I'm
| really impressed with all the features you offer, including
| many that I haven't even thought about before. Many companies
| use services like Pingdom for uptime monitoring but they don't
| have nearly as many features. I think you will do really well!
___________________________________________________________________
(page generated 2021-09-09 23:00 UTC)