If that was the reason, a case by case analysis would make more sense than blanket ban. There’s no plausible technical explanation for this that doesn’t apply to any other devices, components, or software. If it could be made dangerous in theory then preemptively assume it will maybe at some point and ban it.
This is from the same people who brought you “let’s break all your encryption because you might become a criminal in the future”.
Our internal CAs run 72 hour TTLs, because we figured "why not" 5-6 years ago, and now everyone is too stubborn to stop. You'd be surprised how much software is bad at handling certificates well.
It ranges from old systems like libpq which just loads certs on connection creation to my knowledge, so it works, down to some JS or Java libraries that just read certs into main memory on startup and never deal with them again. Or other software folding a feature request like "reload certs on SIGHUP" with "oh, transparently do listen socket transfer between listener threads on SIGHUP", and the latter is hard and thus both never happen.
45 days is going to be a huge pain for legacy systems. Less than 2 weeks is a huge pain even with modern frameworks. Even Spring didn't do it right until a year or two ago and we had to keep in-house hacks around.
Honest reply: because the infrastructure isn't ready to support 1-day certificates yet. If your cert is only valid for one day, and renewal fails on a Saturday, then your site is unusable until you get back to work on Monday and do something to fix it. There are things that can be done to mitigate this risk, like using an ACME client which supports fallback between multiple CAs, but the vast majority of sites out there today simply aren't set up to handle that yet.
The point of the CA/BF settling on 47-day certs is yes, to strongly push automation, but also to still allow time for manual intervention when automation fails.
Yep, the "shortlived" (6-day) profile will be available to the general public later this week. But at this time we explicitly encourage only mature organizations with stable infrastructure and an oncall rotation to adopt that profile, as the risks associated with a renewal failing at the beginning of a holiday long weekend are just too high for many sites.
PostgreSQL extension providing big speedups on COUNT/SUM/DISTINCT and GROUP BY for the most common data types.
I'm looking for people who have pain around slow analytics, avoiding migration from PostgreSQL, delaying pg upgrades or other big reasons to adopt something like this.
I want an AI optimization helper that recognizes patterns that could-almost be optimized if I gave it a little help, e.g. hints about usage, type, etc.
That was true six months ago - the latest versions are much better at memory and adherence, and my senior engineer friends are adopting LLMs quickly for all sorts of advanced development.
well... it's a certain KIND of reality... one where numbers fight with "common sense"...
examples... a large paying customer can kill a business... tiny or free users can be great for free marketing and product testing... a weird channel partner can make a business... obscure cashflow and accounting can make/break a business... product development or inventory can require fundraising which comes with wild "strings attached"... and and and...
(having started a number of both self-funded and venture-funded business, in tech small format retail and more...)
Meta's accounting games are entirely reminiscent of Enron, who famously named their off-balance sheet debt-hiding special purpose vehicles after Star Wars "Jedi 1, Jedi 2," Jurassic Park, "Raptors 1 through 7," and the crooked CFO's kids "LJM" etc.
AI companies are running the same frauds as multiple, but I think cryptocurrency/FTX is more apt. They're creating artificial demand by trading contract with themselves and using those assets to make it look like they've got more revenues & assets of value.
It definitely has the Voltaire/Onion like snark and cynicism with biting accuracy that really gets me going. We need more well informed rants disguised in heavy sarcasm
True serializability doesn't model the real world. IRL humans observe something then make decisions and take action, without holding "locks" on the thing they observed. Everything from the stock market to the sitcom industry depend on this behavior.
Other models exist and are more popular than serializability, e.g. for practicality, PostgreSQL uses MVCC and read consistency, not serializability.
reply