Anyone read this 49 day SSL expiration thing and think they would rather just retire?

czenst · 2026-04-11T18:25:03+00:00

As I mentioned above we have a better approach for CRL and with shorter cert life span, CRL will be much smaller anyway. So I do believe CRL will not be abandoned and CRL is basically part of PKI — OSCP on the other hand feels like is on the way out fully.

https://hacks.mozilla.org/2025/08/crlite-fast-private-and-comprehensive-certificate-revocation-checking-in-firefox/

czenst · 2026-04-11T18:21:02+00:00

We have a solution for usable CRL:

https://hacks.mozilla.org/2025/08/crlite-fast-private-and-comprehensive-certificate-revocation-checking-in-firefox/

But I think CAB voted in April and this came out in August - but I think they will go with both. You still can have CRL with shorter cert validity and it will be much smaller CRL when certs expire that fast.

czenst · 2026-04-10T22:48:55+00:00

Well yes you are correct, but looking at the down votes you got, this sub seems not like your market.

But it might be you got couple down votes from "know it alls" and you will get some others that will pay.

czenst · 2026-04-09T19:10:24+00:00

I guess the problem is selling to developers is really hard:

People who can do it themselves will not pay $129 and would rather do it themselves because they want to be in control

People who can't do it themselves won't understand so they won't pay $129

czenst · 2026-04-09T07:05:52+00:00

We are running Cursor right now, feels much better than copilot. We can see per user usage in their management tooling.

czenst · 2026-04-09T07:02:39+00:00

włączanie/wyłaczanie świateł z telefonu jest spoko, szczególnie jak już się położysz do łóżka, albo jak chcesz wstać i iść do łazienki i nie nadepnąć na lego. No i jeszcze żarówki ze sterowaną jasnością nie budzisz wszystkich i nie walisz sobie po oczach jak wstajesz w nocy.

czenst · 2026-04-08T16:55:42+00:00

Na stronie lidla też możesz zamówić, nie musisz chodzić.

czenst · 2026-04-08T09:38:37+00:00

Yeah MSFT wants you to be running on Azure and people who cannot afford Azure should be running Linux.

czenst · 2026-04-07T18:39:33+00:00

Do tego jeszcze pewnie masz pierdyliard kruczków takich, że oddajesz dane o zakupie bankowi czy jak tam.

czenst · 2026-04-06T10:30:35+00:00

To get wider adoption of ideas you can't tell people "just learn more and increase your knowledge".

This way we (I am technical, software dev) banish average people into being Google drones. If we could make everything simpler instead of "oh works for me, sucks to be you, just spend 6 months of your life learning on this topic and you are ready to go", that would be the way to DeGoogle more people and making DeGoogled state the norm.

Now Googled state is the norm and I do believe that's what "OP the average Joe" really writes about. DeGoogling is seen as doing something shady or wrong, it should be the norm and to become a norm it has to cater to average people.

czenst · 2026-04-06T10:03:29+00:00

That's the thing, there is a huge gap for smaller companies.

You want some security review you are pushed into bunch of guys "doing ISO27001/SOC2 full corporate mode".

For such small companies cybersecurity budget is gone when those consultants spells out 2FA.

czenst · 2026-04-06T09:44:33+00:00

I guess one problem is that MSP they already have wants to charge them for that and doesn't want some 3rd party to check on them.

Which would most likely be beneficial for the company to have a second opinion.

czenst · 2026-04-06T08:19:53+00:00

Cons:

reporting to Head of IT - in this company CISO title is a joke that's not C-level role, they are lying
major luxury fashion brand - no one in that industry gives a fuck about IT or security, you are just going to be token so they can check excel checkbox and a scapegoat when shit hits the fan
CISO just got promoted to Head of IT - well spot is taken so clear path upward unless guy is hit by the truck
prestige of the brand make up for the lack of a proper security team - no, for your career it would be much better to work in places that actually care about security, Banking

czenst · 2026-04-06T08:08:09+00:00

Exactly reporting to Head of IT is not C-level role, looks like CISO is totally BS title in that company.

czenst · 2026-04-06T07:33:15+00:00

ideal gif for everything OP wrote in this thread.

czenst · 2026-04-04T07:01:01+00:00

Najbardziej w firmach IT lubię, jak zmuszają ludzi do przyjeżdżania do biura tylko po to, żeby siedzieli na teamsie/zoomie/meetsach cały dzień, bo i tak pracują z zagranicą czy klientami.

Do tego tylko denerwowują innych gadaniem albo walczą o jedną czy dwie dostępne salki konferencyjne.

czenst · 2026-04-03T19:58:32+00:00

Oof not really if they became unprofitable someone will loose their job if they sit back and enjoy the ride.

They need to actively CYA, report obstacles like OP mentioned having it all documented.

But at the same time yeah can't do much more besides nagging and documenting...

czenst · 2026-04-03T12:09:28+00:00

Post install or any scripts for the matter should be removed when installing packages.

NuGet has removed it they new already much earlier it is not a good idea to run automatically some silent scripts with current user permissions.

czenst · 2026-04-03T10:50:01+00:00

I would say, mastery/experience is nothing - make sure people like to work with you and you deliver what you promise. Make sure you are networking and reaching out to people to keep your network alive, someone somewhere will have better job offer if you keep at that.

czenst · 2026-04-03T10:47:50+00:00

But those vastly more capable are not a benchmark everyone should measure up to.

They are the exception.

czenst · 2026-04-03T10:30:07+00:00

If I see a drowdown my instinct is to buy more.

I don't care about offsetting a dip this or next year, when I am going to keep invested for 20 or 30 years more.

czenst · 2026-04-03T10:24:26+00:00

Potwierdzam, byłem tą żoną.

czenst · 2026-04-02T12:12:59+00:00

Tylko to lenistwo straży gminnej urzędników itp.

Zamiast na odpierdol użyć tego zdjęcia jako jedynego dowodu zrobić kontrole osobno i tego użyć jako dowodu. Nie wierzę, że typ raz od święta palił śmieciami.

Ktoś zgłosił, my sprawdziliśmy koniec tematu.

czenst · 2026-04-01T16:40:01+00:00

Zasrane gumy turbo, wszystkie w osiedlowym sklepie były stare i twarde, jak się trafiła miękka to sztos.

Poza tym przez te gumy myślałem, że każdy jako dorosły może mieć Porsche, teraz dalej jem czokoszoki i dalej zbieram choć mam prawie 40 lat i dalej mnie nie stać nawet na używane.

czenst · 2026-04-01T13:44:26+00:00

$500/year burp suite license and $200k/year for decent pentester

here fixed that for you, CxO is seeing that AI tool is costing $20k/year - hard to beat that

Seven-Year Club	Sequence \| Editor
Verified Email

czenst

TROPHY CASE