|
Perplx posted:i hope entrust doesn't get distrusted but currently you entrust entrust to not be distrusted and you shouldn't entrust them with that it's a practice run anyway when you update the ansible playbooks
|
# ? May 6, 2024 04:53 |
|
|
# ? Jun 10, 2024 05:56 |
|
Perplx posted:i hope entrust doesn't get distrusted you're a customer so your convenience is priority #1.
|
# ? May 6, 2024 05:52 |
|
entrust issues (or rather, mis-issues!)
|
# ? May 6, 2024 11:59 |
|
Perplx posted:i hope entrust doesn't get distrusted
|
# ? May 6, 2024 14:07 |
|
it'd be hilarious if entrust is forced to do 90-day or shorter cert lifecycles my org is super change averse during the season and that's about 5 months long
|
# ? May 6, 2024 14:20 |
|
Perplx posted:i hope entrust doesn't get distrusted well i hope you're excited about their [soon to be involuntary] fire drill initiative
|
# ? May 6, 2024 14:31 |
|
ca0: entrust on fire
|
# ? May 6, 2024 14:36 |
|
The Fool posted:it'd be hilarious if entrust is forced to do 90-day or shorter cert lifecycles once you get set up it’s not really a change that way any more than log rotation is, or adding scale-up nodes to the load balancer: it’s just an automated process that runs in the background. you monitor it and push the dependabot updates when you remember
|
# ? May 6, 2024 15:24 |
|
to cross the streams, Bruce Moron is staring up at the dword of damocles
|
# ? May 6, 2024 15:59 |
|
holy poo poo lol that typo i aint fixing it
|
# ? May 6, 2024 15:59 |
|
Subjunctive posted:once you get set up it’s not really a change that way any more than log rotation is, or adding scale-up nodes to the load balancer: it’s just an automated process that runs in the background. you monitor it and push the dependabot updates when you remember oh the automation is in place, management is just insanely risk-averse during that time of the year.
|
# ? May 6, 2024 16:14 |
|
The Fool posted:oh the automation is in place, management is just insanely risk-averse during that time of the year. they won’t even know it’s happening! just certbot being a good little bot and ACMEing you up some hot, fresh certs from Let’s Encrypt
|
# ? May 6, 2024 16:45 |
|
Captain Foo posted:holy poo poo lol that typo i aint fixing it Good
|
# ? May 6, 2024 17:04 |
|
Always automate dumb stuff. Don't ever repeat having to do the same job twice if it can safely be managed by some lines of code
|
# ? May 6, 2024 17:17 |
|
but if you automate it, make sure you monitor it!
|
# ? May 6, 2024 17:42 |
|
the real art of automation is making failures obvious. the automation being good or bad in any other regards is way less important
|
# ? May 6, 2024 17:44 |
|
We use venafi + terraform to do self-service automation for our application teams. Any potential problems with Entrust being distrusted or having a 90-day lifecycle are purely organizational.
|
# ? May 6, 2024 17:46 |
|
We migrated from Digicert to Entrust a couple years ago and the automation changes took less than 30 minutes. Took 6 months for all of the different teams to get the actual certificates replaced.
|
# ? May 6, 2024 17:48 |
|
Subjunctive posted:but if you automate it, make sure you monitor it! yeah. that is where my 'safely' qualifier comes in. automating stuff makes me anxious but if you can monitor it then the anxiety is a tad lessened that said, if you can avoid having to manage the automation infrastructure but still use it, it's a boon to getting work done
|
# ? May 6, 2024 17:48 |
|
Lain Iwakura posted:manage the automation infrastructure my job
|
# ? May 6, 2024 17:49 |
|
Subjunctive posted:but if you automate it, make sure you monitor it! but if i don't monitor it then i don't have to fix it when it breaks
|
# ? May 6, 2024 17:49 |
|
Shame Boy posted:but if i don't monitor it then i don't have to fix it when it breaks yes you do, it just takes you longer to figure out that it’s the thing that needs fixing, because instead of an alert for “certificate update failure: https://www.shameboy.ai NXDOMAIN” you get “payments failing from mobile app”
|
# ? May 6, 2024 17:51 |
|
at work i forgot to automate an 802.1X certificate thing on a goofball server that wasn't in IT's herd, and it bit me in the rear end every loving year for three consecutive years before I fixed it. then it turned out i made a mistake and had to manually fix it a fourth time
|
# ? May 6, 2024 17:52 |
|
Subjunctive posted:yes you do, it just takes you longer to figure out that it’s the thing that needs fixing, because instead of an alert for “certificate update failure: https://www.shameboy.ai NXDOMAIN” you get “payments failing from mobile app” you also get to spend a lot longer fixing it because invariably some dependencies are broken and sometimes the mechanism to trivially repair it no longer works. also, it's now an emergency
|
# ? May 6, 2024 17:57 |
|
I lust for CA death
|
# ? May 6, 2024 18:19 |
|
spankmeister posted:I lust for CA death Look, we all wish California would die, OK?
|
# ? May 6, 2024 18:28 |
|
Subjunctive posted:yes you do, it just takes you longer to figure out that it’s the thing that needs fixing, because instead of an alert for “certificate update failure: https://www.shameboy.ai NXDOMAIN” you get “payments failing from mobile app” more often than not in my experience it simply stops working forever and it turns out nobody was actually using it so nobody cares i'll admit my experience is probably not representative
|
# ? May 6, 2024 18:42 |
|
FlapYoJacks posted:Look, we all wish California would die, OK? California? I thought we were lusting after the frozen lands of Canuckistan up north
|
# ? May 6, 2024 18:54 |
|
Volmarias posted:California? I thought we were lusting after the frozen lands of Canuckistan up north please leave us alone
|
# ? May 6, 2024 19:03 |
|
wait is the happening happening subjunctive
|
# ? May 6, 2024 19:23 |
|
brb, changing iso code to en-c,eh?
|
# ? May 6, 2024 19:31 |
|
Raymond T. Racing posted:wait is the happening happening subjunctive things are certainly happenable now
|
# ? May 6, 2024 19:37 |
|
Raymond T. Racing posted:wait is the happening happening subjunctive Source ur excitement
|
# ? May 6, 2024 19:44 |
|
Volmarias posted:Source ur excitement Subjunctive posted:Expecting one from the head of Mozilla’s root program in the next day or two, maybe today.
|
# ? May 6, 2024 20:39 |
|
Raymond T. Racing posted:wait is the happening happening subjunctive mayhaps!
|
# ? May 6, 2024 21:01 |
|
Subjunctive posted:mayhaps! I am unreasonably excited about this are you able to spill any secrets yet or are you entrusted to secrecy
|
# ? May 6, 2024 21:02 |
|
I don’t know anything non-public other than that, which I know because of Wayne he and Amir are the heroes here; I just shitposted in some bugs
|
# ? May 6, 2024 21:04 |
|
oh look what we have here https://wiki.mozilla.org/CA/Entrust_Issues
|
# ? May 6, 2024 22:08 |
|
^^^^^^^^^ ooooo, can’t wait to see highlights… too busy to read for myselfPerplx posted:i hope entrust doesn't get distrusted nothing personal but if you look at my earlier posts, I already don’t trust your company (on one of my machines where I disabled entrust trust)
|
# ? May 6, 2024 22:30 |
|
|
# ? Jun 10, 2024 05:56 |
|
namlosh posted:^^^^^^^^^ ooooo, can’t wait to see highlights… too busy to read for myself it's just a summary of the issues to date afaict
|
# ? May 6, 2024 22:37 |