You found my website. If you disagree with me or think im wrong about something, let me know. I love to argue with people on the internet. /s This site primarily exists for my own use. Content may change without notice.
https://www.digicert.com/blog/tls-certificate-lifetimes-will-officially-reduce-to-47-days
Schedule:
| Date | Maximum lifetime | IP/Domain validation |
|---|---|---|
| Current | 398 days | 398 days |
| March 15, 2026 | 200 days | 200 days |
| March 15, 2027 | 100 days | 100 days |
| March 15, 2029 | 47 days | 10 days |
It is time to start moving towards ACME and other automatic Certificate tooling.
GEICO repatriates work from the cloud, continues ambitious infrastructure overhaul
“we have a lot of data – and it turns out that storage in the cloud is one of the most expensive things you can do in the cloud, followed by AI in the cloud…”
Ten years into that [cloud] journey GEICO still hadn’t migrated everything to the cloud, their bills went up 2.5X and their reliability challenges went up quite a lot too – because if you spread your data and your methodology across so many different vendors you are going to spend a lot of time recollecting that data to actually serve customers.
But the migration actually reduced availability, putting the firm “at the cumulative mercy of our clouds” and with “no consistent data strategy, no consistent hybrid stack” it was hardly an improvement. That, in part, was the result of a lift-and-shift approach that took applications/stacks to the cloud instead of refactoring for what the cloud actually does well.
Compliance is among the drivers for the overhaul. She notes that data also has to be retained due to state regulatory requirements, “because at any time, we could be asked by a given state to produce information that proved we didn’t have bias, or we didn’t violate any of the terms [of an insurance policy].”
As Weekly sums up: “Just running legacy applications in the cloud is prohibitively expensive. Our use case just highlights that…”
Don’t move to cloud for the sake of it. Cloud can limit innovation. When you store your data on someone elses hardware, they control it. you have only the control that they give to you.
Lift and shift is probably a bad idea in general, but think about your situation before listening to over-generalizations.
Cloud journey:
- Adoption
- Growth
- Cost Realization
- Evaluation
- Repatriation
It would be best to go a different path, but some lessons are only learned the hard way.
Be wary of consultants
that will push you towards accelerated adoption and growth in cloud services without a full evaluation. You will almost certainly be better served if you have people that know what they’re doing close to you.
Be wary of vendor lock-in
You should have an exit plan before entering the cloud.
Be wary of underskill
Cloud does not necessarily mean that you have no responsibility in-house. Understanding the shared responsibility model is hugely important. You might think going full SaaS lmits your responsibility, but it usually doesnt. At the bare minimum you are responsible for mission success, and if the SaaS is not working, you need to be able to fix that.
Workers need training with the tools they use. The cloud is complex, and incorrect mental models of that complexity have bigger consequences.
On-prem enables innovation
You get more opportunities for customization when you control the hardware and the software. Throwing money at a problem is not innovation. Building new solutions is. You don’t always need to innovate, but being able to when necessary is useful.
sources: - https://www.thestack.technology/warren-buffetts-geico-repatriates-work-from-the-cloud-continues-ambitious-infrastructure-overhaul/ - https://www.youtube.com/watch?v=XnjlhnrYSw
I added a new css class for spoilers.
Spoiler: Spoilers look like this
On some linux systems, when you first use sudo it will display the following message:
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.It has come to my attention that I am the “local System Administrator”. At my job, when new users are granted admin rights, they do get a lecture, but i think it might be a good idea to make a more formal version. Maybe a powerpoint to start.
on iPhone, Brave can block ads and play youtube videos when your phone is locked.
More and more, I think its a mistake. We have to decide what our core competencies are, and keep that skill and knowledge in-house. Maybe we don’t want to be in the business of patching servers, or replacing hard drives. Maybe we don’t want to worry about properly securing Active Directory. Thats fine, those things aren’t directly related to our mission, but think about what you are replacing it with when moving to the cloud.
If Identity is central to your security strategy, it doesnt matter if you keep your IDP on-prem, or in the cloud, its still your responsibility to secure. The cloud IDP just gives you less control in exchange for hopefully a competent team of engineers to keep the tools running properly.
If you care at all about privacy, you will try to limit what third parties you are sharing data with. Subscription services and cloud apps are predatory and designed to maximize profit. The most profitable companies in the world are cloud providers and they got that way because its a good business strategy to keep data and engineering talent in-house. Thats a good strategy, and its exactly why you shouldnt outsource your data and operations either.
There has been a lot of big tech layoffs recently. I’m not going to try to list them here. But it is interesting that these large tech companies are able to get rid of so many of their employees and seem to stay afloat. Some possible explanations: - they overhired, and are correcting now - maybe they never needed that many people - they are choosing to decrease their quality of service. - i think this is it. quality doesnt seem to impact sales, especially in the near term - people like to buy cheap stuff - theres a lot of dead weight. 20% of employees do 80% of the work - maybe 10x engineers are real?
Almost everyone I talk to seems to be understaffed at their job. Resturants, office workers, field technicians. We seem stretched thin.
Don’t listen to the salesperson. They will make the tool sound great, it’s their job. I have seen so many times, people will buy some expensive product hoping it will solve some problem, then it sits and collects dust. It’s like buying a treadmill because you want to lose some weight, but then you never use it and it becomes a $1000 storage shelf. Its easier to buy the treadmill than actually put in the work. Maybe you never really intended on doing the work, you just wanted to buy yourself a little bit of hope. In the corporate world, the same thing happens, and people buy some new software because it gives them hope. The hope that all of the problems from the previous software will be gone. But, if the problems are a result of years of negligence or lack of maintenance, you might just run into those same problems with whatever new software you buy.
Don’t try to get clever and offload the maintenance to the software vendor either. Your problems are YOUR problems, No matter how much you pay somebody else to solve them.
Many cyber-attacks can be attributed to poor cyber hygiene, including failure to patch known vulnerabilities, poor configuration management, and inefficient management of administrative privileges.
I read this from a CIS webinar spam email. It reflects my thoughts on the topic. It usually gets distilled down the fact that we are bad at prioritizing our efforts. We spend time on the wrong things. Typically, the best thing to do is the basics, but the basics are hard.
Why do we call colleges “Universities”? That word sounds just like “Universe”, but I didn’t understand the connection. Well it turns out that “University” is short for the latin “universitas magistrorum et scholarium”, meaning something like “a group of teachers and scholars”. Interesting.
cwcraft@protonmail.com
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGdAcJgBEACxUvs6CPodUNtKpxNy8G5Zslk9invUoznCP7/Uf/54I8c32xni
Y/3v+hJP4Zuw4+gOPlFcnQB1tR0CQsPRKeOmWspWspfsLimAX9NEqWE1O4rp06KD
Jj7abNbr4rM1XgE7ycl6ZjFG0dngNnUSHEMGR8btGjOascQhU3D6PoR5QQzHkxwV
PLPc5vMy5S07cDMIH4fYJPx8udGyvi/6nV4H1bev9VQR4MmUcUWYr9mQwW38uI0c
AF39aREhfh/J9y3lfUKfx+kLURkvnaYd2MfCcZ4ERJGngrpryoRBXD4caT4+7w2g
xDh2Ro3XYbRmGe2q7s6pXkMWqunPn9neqSL44jItXbSd1ZikhHNCkflz3X43adSh
YTneplUhozFimY9wY8+9Q12Og+EV5c3dLCOn9SCa1V/v3rdcUkE7mUiB2qQAY/q0
sxzmj3OcJYb6ZoyEwTA/E0TMUELgPsPavpgEny2VIOtCfEE3ZzFMfc6M9OZ2geYA
qajF5gLh0hBvBHfhy/CM9wruRvd85FjUofJy3HfGTWDzlBUJHVDwVCOSbWwIyTNj
eUH8bzWFrHXJiqsJygpAgjH2pnEoPVN4SXOk+AVlDoNUblionxg65FD3m1mLcKE8
3APS1CuNt15iinf1hDE6LcUnvDKtDrGh1oO0ZDDrZjQ7eLKzffdMl/tdTwARAQAB
tCRDYWxlYiBDcmFmdCA8Y3djcmFmdEBwcm90b25tYWlsLmNvbT6JAk4EEwEKADgW
IQT3O6eN7e3C+98pPsktW3e8nkRX8wUCZ0BwmAIbAwULCQgHAgYVCgkICwIEFgID
AQIeAQIXgAAKCRAtW3e8nkRX83mQD/4zUBlOcrOnErznVJQ+SUc1a3aNKjtR+w/h
jY4DXsPPLlBMkMv2LVITOLD9t3iG3icrf6q2TdGHLb/R6arN/eifloZpSLY5uT7m
C6jMIrzRdIl21EMEfGfo4dvmMGwJOb/dwCaExM274fLuLo877qxDIH/Ql8hoSqOX
G5nT28onYTh6wfaisFZ7tX+mz5gEn/wkz/AtJWNYKa/Dws04l+H3Tnrs3b4KCC2w
taWHx0OYgv3j2bOLYHRwh2X9FHGZNcycJLHkw4rQ/0DVQKFUYECjUNUyOd6VOoEe
DtYuaQaX/KxrCEXyqaj4bFaBb4pM5xro2iDWkoNlj/zHOalbmFGr8VhWXTovKkCM
+zRD2UXw89QekPx1qUy8rlyWQdTdBv3Fks9CEDICFjgSarR18DLCskJ1tUi4m4jW
EwmEA71FoQeBpZAGksLOHXSkcxzfWxGtlVfADxaQDYyOyRURqm7pydxDuQsn8vlc
NKAZ7LtEbMkwkrK9bCpaqki+AuAGawqCbwI2PcjKHn148tidqQdDO7/gC/FPnNBd
xedfcb7PdXSUnetLyTxuolQ3nqNVv21iJppg+DwURL/zSLSY/KdAOIZ7ib3gaYYp
eSSTW3xuuwqbvCny05VGbvA8ZnoDDhM1Sv3Nv77erUi3DeRnkgX9RyJXyLxiSgk/
PMzZ1Ltad7kCDQRnQHCYARAA/RPV2RsTUHjXxT1D2PAvVld5/RWo/YaFuBp2ncNd
OCHjBQRWEvwG2JovSZ/jOEYs1dEMR6SCR3Nkewx5Trk1FBznf5mq68pXMm/WcpWi
JlbbD8Yg3KVZpVza41nHTykkloIycwnAouNHK7nopEuMQW4+/yDDfelx50aN4o2/
U2LMDog/+BSzT6P2rqPp7ziAYjxQjQfWSONNSwKdhQr/yDahtPqT5WyVKvPCmozA
fKlnVY0TRKEHwBrdb0HDk7rqnJCJwhAPY1/7+zFVDzQqpFZ6/iT3G2KdeX7L+tFw
E8zgv8SvKOtuG8aHaD28gZJjbv/l6CqLK/LeEbGPmuxgEhN8W0+nE7E6zHrQki4c
/Bma0Q2+jPE6MCs/AamxxiUZWYb80E6ubYUWkh0C5B76BLGHYYM5wZ6P8vwXHAyZ
qS/FRXcvTkaB+27rM5W4Em3EVBgw0deQ14szQ4yA0qv04a9Ds4L4aV/rHB1PGoWz
63CF4w2kSk2epK94jY22P65W+BKZZBiPM+D7XKm0BDsTZ/vdRvQieF3IadWTpffY
ZYhlbCDHakj6h+YwZg53FI8aoW3PVZn+zDrJdijljeajLk1N1Nr3WM+ksKqd12Mh
0UtBBMQDsMM/Q1VCdLSpv5039tBZNi3MrX7sZNdjvmFK5/cMgiTHyVkei3RL7loH
JgsAEQEAAYkCNgQYAQoAIBYhBPc7p43t7cL73yk+yS1bd7yeRFfzBQJnQHCYAhsM
AAoJEC1bd7yeRFfzfEMQALBMpANyFp+sRSsL9pOPXNZLRJk05hYyZflGi6wEoHk7
lY0DVS1LbSRu3tOlrgyDDU6RrjWIO1sZ28qwB8NLK5MTOKZbbCQH4lrY7K28epGt
0KdvlAynf4JhIXCr3CiDL4y1AyyuTfDk73260Ht73QQTyrPxbzfCqEP9rRWnN40b
OBBjsY2qZeH7EedfQEYICbhUVSg6WI6zuAx0Jt+sT3rS3eh92Lrzxv69x05+rAbZ
q2uc/d2nzUF550egRxjEcassp36SwjbGGCvz/dHE5yLyWTeCmn2ajLRqpANRQMPc
F4Qw5SK0z5OJ5kw4Gog1X2LTEL+DXgcm9TtDkq2TMi/pNPbA3f6P2u/WDPJ920vU
MB7NZNXsNM33XnesyHvLZj9bPh5MVU0/9DsP9pPLcIew9H8VHlP3461HOIs+k1IX
D2q7QBsma7SkorOSyD+u2usyyz5f9o+JTXRmPUi+Ii9+HkSPot+ReOu8i5SUYpS4
dzlbm7S6kbKup8XwLBQslqa+J264o2xhwVOZAw1Qq59a3tzMyjS8/QIDB8HJTEjz
/50Pm+mSdSYTD5KdnQOV0oMLJvRf0upjsQ/0iWCyTrAQw6YG46qIB9vnqUsu5ih4
TdsH3mYHSjmgBsr544FZ5jAStQgxhFxhr+UAwFXwgZdXVYDKs/+OVcfCiQ3XmzvO
=HI1d
-----END PGP PUBLIC KEY BLOCK-----