Hacker News new | ask | show | jobs
by SwimAway 3719 days ago
It is interesting however I feel it is best to wait for your platform to mature. I lack environments to test your product and refuse to use this with anything sensitive. Configuring SSL/TLS is a minuscule process taking only a few minutes, vital for security, that has been neglected. I'll keep your product in mind until these rudimentary basics have been addressed.

Thanks, Josh.
2 comments
nixgeek 3719 days ago
I'd like to disagree with the statement that this can "only take a few minutes" by pointing out, done correctly, essentially everything takes 15+ minutes to accomplish.

As far as SSL/TLS you've got to generate a CSR, get it signed, go poke around in your load balancer and/or application server to reconfigure appropriately, and very probably iterate on your cipher list until SSL Labs (or equivalent) looks good.

If that isn't a contentious view, then I'll go further, building a product has hundreds of these "miniscule" tasks (your words) and added together that's significant time. Whilst you might not agree with the prioritisation, the response that they'd prioritised feature work over ticking off this box was at least honest.

Hat tip to the team for communicating so well in this thread.

link
SwimAway 3709 days ago
I acknowledge your disagreement and find it to be inexperienced. You should follow the standards, not trial-and-error until a third party gives you a thumbs up. Re-configuring your internal structure is only as extensive as the complexity (which is usually nil).

If you need an instructional video on how to complete such a trivial task, let me know. I guarantee it will be less than 5 minutes on a variety of environments. What "hundreds" of these tasks are you speaking of? Please meticulously explain rather than fluff your speech to make the process seem more debilitating than it is.

Also: minuscule

link
philtaylor 3719 days ago
Thanks nixgeek! I didn't have the energy to explain this yesterday, but you nailed it.
link
josh_carterPDX 3719 days ago
Appreciate the candor. The beta is really meant to "test drive" the platform. Hopefully you keep tabs on what we're doing. Thanks!
link