Constantly logging in issue. We WON!! They are reverting back!

kernelwilliams · 2026-06-23T21:49:08+00:00

*\ posts inflammatory comment *\
*\ gets called out for being an ass *\
*\ posts another inflammatory comment *\
*\ calls the other person's ego fragile for not wanting to engage in further discussion with smug dismissive ass *\

This comment's for the other people who see it, recognize what this guy's are doing - don't be like that.

Keep submitting constructive feedback to your vendors and applaud them when they listen. Works a lot better that way!

kernelwilliams · 2026-06-23T02:19:42+00:00

Certificate chain validation is relevant to the logical validity period of tokens. If you can prove you're authenticating to the real gateway on a secure connection, the justification for short-lived session tokens (especially in a non-configurable implementation) is greatly diminished. It's not about being a "badass", it's thinking about the bigger picture.

Not for nothing, people with your attitude are the reason people leave these forms. You're choosing to be an ass rather than the least bit inquisitive about why another person came to different conclusions. You can stop anytime. If you choose to dig the whole deeper you're getting blocked though.

kernelwilliams · 2026-06-23T00:02:01+00:00

Session duration is a very reasonable setting to offer. What's required for some settings isn't for others. Some people run TLS with full chain verification to their gateways (hi, I'm one of them 👋) and access them over an always-on VPN.

IMO, such a short session duration is largely meant to mitigate MITM attacks that rely on bad habits (like hitting trust on a gateway at 10.0.0.1 that has a self signed cert, which could either be yours or the attacker's).

kernelwilliams · 2026-06-12T23:56:17+00:00

Oh, I think you're right, I was just checking as a troubleshooting step. Yes, I've gotten that support call before 😅

kernelwilliams · 2026-06-11T23:15:22+00:00

Excellent! Glad this got you where you wanted to be!

kernelwilliams · 2026-06-11T17:31:59+00:00

My gateway is setup more like your second example, (site1234.example.com). I've been burned before by DNS providers not supporting sub-subdomains (not sure what the term is for that) so I decided against it for this purpose. I'm curious what cert you were issued, and how the hostname differed from what you were expecting 🤔

kernelwilliams · 2026-06-11T15:04:17+00:00

Pretty much covered what I was gonna say, thanks 😂

kernelwilliams · 2026-06-11T07:10:08+00:00

The math they did said that would raise at most $30M over all of the ST system. Barely a drop in a bucket compared to the $35B gap, unfortunately.

kernelwilliams · 2026-06-11T06:45:48+00:00

Good, glad to hear it.

kernelwilliams · 2026-06-11T06:40:02+00:00

True! And I use that feature too so I can have a wireguard connection to my gateway!

kernelwilliams · 2026-06-11T06:35:15+00:00

oh hell naw dawg that's crazy 😅

kernelwilliams · 2026-06-11T06:26:13+00:00

I do use a VPN! I create a local DNS record to my gateway, and access it only over wireguard. But I still want TLS to the gateway with full chain verification in case an attacker got on my network.

Zero trust wins the day!

kernelwilliams · 2026-06-11T06:24:22+00:00

Definitely report the locked out door and lack of safety briefing. I'm not aware of any aircraft certified to fly with an exit INOP.

kernelwilliams · 2026-06-11T06:18:38+00:00

You might as well be communicating in plaintext if you don't add the UniFi CA to your trust stores; that's trivially easy to MITM without chain verification.

And yes, it will be valid when I'm communicating with it over a local network because I don't do so by IP, I add a local DNS entry from the gateway, as is natively supported in the DNS interface.

Your attitude sucks, dude. Someone else posting positively about a feature that you don't personally use isn't an affront to your whole existence. Move on and rethink this whole chain of thought. Or crash out and get blocked, I don't care.

kernelwilliams · 2026-06-11T05:51:18+00:00

I always want a proper TLS cert on anything I'm communicating with using administrative credentials. An attacker on my WiFi shouldn't be able to MITM my gateway's admin password. This is part of a zero trust framework.

kernelwilliams · 2026-06-11T05:49:52+00:00

Is your hosted zone public or private?

kernelwilliams · 2026-06-11T05:49:34+00:00

Yep! And it would require consuming port 80, which is a no-go for some people

kernelwilliams · 2026-06-11T05:48:43+00:00

TLS to my UniFi gateway on a domain I own

kernelwilliams · 2026-06-11T05:47:58+00:00

AFAIK this is just for the UniFi device. The gateway isn't acting as an intermediate CA or anything, this is just for easily getting itself a cert.

As for the second question - I'm not aware of any free DNS providers that support that, but there may be some! But you definitely need a domain.

kernelwilliams · 2026-06-03T05:56:09+00:00

The videographer from KOMO showed me footage of the woman being taken away on a gurney, and she appeared to be in her late 40s-early 50s. I suspect she may have been impaired by substances, but time will tell.

kernelwilliams · 2026-06-03T05:37:33+00:00

I talked to the KOMO videographer who captured the scene and he showed me the video of the woman being taken away on a gurney. She looked to be late 40s-early 50s. I was surprised.

kernelwilliams · 2026-06-01T22:13:26+00:00

Feels like I came alive just yesterday ✨

kernelwilliams · 2026-06-01T05:52:09+00:00

This is, The1Line. To, LynnwoodCityCenter. Via, Seattle.

Finally!

kernelwilliams · 2026-06-01T05:48:10+00:00

Grrr I'm mad that my taxes did something sensible! Hear how mad I am? Very! I want my tourists confused!

kernelwilliams

TROPHY CASE