Hacker News new | ask | show | jobs
by notatoad 2106 days ago
the author should care because he's writing an article about it, and taking the time to make sure you have the terminology correct is a good thing to do.

but your main point is good: why should the average end user care. i've had the same frustrations with certbot - it tries to be too smart and too magic, and i want to better understand what it's doing. thankfully, the ansible letsencrypt module exists, and behaves in a much more understandable way to me, and that's why it's important to point out the distinction between letsencrypt and certbot - you don't have to use certbot, and everybody who uses letsencrypt should be aware of that. because the author is correct, certbot is kind of a turd, but letsencrypt is awesome and it would suck for people to stop using letsencrypt just because they don't like certbot.
1 comments
nottorp 2105 days ago
Ok what's ansible? :)

Some script bunch that adds layers upon layers of VMs?

My website is all static (and private use) so I don't really have a reason to run SSL on it. Make it hard, and I'll give up on the security theater.

link
chowells 2105 days ago
Can we stop with this nonsense about static sites not needing https? It's not just there to protect secrecy. Integrity is vital with how many parties are happy to inject content into any unencrypted https connection these days. Browsers should be able to know that they're receiving the same bytes the server is sending.
link
nottorp 2105 days ago
I don't know, maybe the solution is to get a pro consumer FCC in the US :)
link
chowells 2105 days ago
That would be great for a lot of reasons, but it's not a satisfying answer here.

For one, it'd only help web traffic that was entirely within the US, and only traversed networks within the scope of the FCC's enforcement operations. Do you really trust that coffee shop wifi? I don't, and I don't think it'd ever be big enough for the FCC to care.

Second, such an FCC could always revert back to current behavior. It's not any more reliable to depend on politics to fix a technical problem than it is to depend on technology to fix a political problem.

link