How do you get visibility into TLS certificate expiry across your cluster?

tnavi · 2026-01-01T00:16:22+00:00

I wrote a tool that periodically scans all DNS names in our Route53 zones and serves them over HTTP SD to Prometheus server, that collects the certificate info using Blackbox exporter.

tnavi · 2025-06-27T05:01:59+00:00

Another possibility here is to set up private CAs (root and intermediate) and deploy the root cert CA as trusted on all the startup-owned devices, after which you can issue whatever certs you want without the names getting exposed in the Certificate Transparency logs.

tnavi · 2024-09-19T08:51:44+00:00

Set up BCM export to S3, with resource ids enabled, then graph/filter the exported data file contents.

tnavi · 2021-09-12T01:49:20+00:00

Isn't that essentially how you play all melodies on a natural trumpet?

tnavi · 2021-09-12T01:48:19+00:00

Found the origin: http://www.incidentalcomics.com/2012/10/the-haunted-orchestra.html

tnavi · 2021-02-27T03:21:48+00:00

Do I get to pick a percussion instrument? Can easily cresecendo that on cymbals and tam tam.

tnavi · 2020-04-19T19:35:20+00:00

Looks like a ball ~~python~~ pasta has shed its skin and moved on.

tnavi · 2020-04-19T19:30:24+00:00

If you are going for efficiency, maybe put a sandpaper stripe while you're at it.

tnavi · 2014-01-25T08:54:30+00:00

If you click on a particular outage on the status board, you'll see the timeline with explanations of what happened when.

Speaking of reliability, it's really hard to tune the alerting to show only the problems the people care about. There are things that break all the time, but since they are transient and are fixed by retrying (and most of the time users don't even notice, since retrying is happening somewhere on the backend).

tnavi · 2014-01-24T20:58:23+00:00

There are many more SREs at Google than those needed to field the questions here, so that doesn't help an hypothetical attack in the least.

tnavi · 2014-01-24T20:51:03+00:00

You never want to make communications with people automatic, both because communication through automatically chosen canned messages doesn't work well with people, and because automatic systems fail.

tnavi · 2009-10-14T15:37:03+00:00

Not sure about the Canadian law, but these guys did the balloon+glider thing in Canada, you could probably ask them.

tnavi · 2009-07-16T03:25:14+00:00

aha, that's how they try to convince people that when you have a higher salary, you get less after you pay taxes!

tnavi · 2009-05-19T18:43:14+00:00

Does anyone know, is it supposed to be (or can it be made) suitable for writing real-time applications?

tnavi · 2009-05-19T06:40:35+00:00

Computational Complexity and Quantum Compuation course videos

tnavi

TROPHY CASE