Reddit is free. Other people paying for your free service is a very weak argument to bring up. If Lemmy dies today, nobody but hobbyists and amateurs will care. Just like with LE.

I’ve been there. Not every CA is equal. Those kind of CAs were shit. LE is convenient. There are more options though.

I actually agree. For the majority of sites and/or use cases, it probably is sufficient.

Explaining properly why LE is generally problematic, takes considerable depth of information, that I’m just not able to relay easily right now. But consider this:

LE is mostly a convenience. They save an operator $1 per month per certificate. For everyone with hosting costs beyond $1000, this is laughable savings. People who take TLS seriously often have more demands than “padlock in the browser UI”. If a free service decides they no longer want to use OCSP, that’s an annoying disruption that was entirely not worth the $1 https://www.abetterinternet.org/post/replacing-ocsp-with-crls/

LE has no SLA. You have no guarantee to be able to ever renew your certificate again. A risk not anyone should take.

Who is paying for LE? If you’re not paying, how can you rely on the service to exist tomorrow?

It’s not too long ago that people said “only some sites need HTTPS, HTTP is fine for most”. It never was, and people should not build anything relevant on “free” security today either.

People who have actually relevant use cases with the need for a reliable partner would never use LE. It’s a gimmick for hobbyists and people who suck at their job.

If you have never revoked a certificate, you don’t really know what you’re doing. If you have never run into rate-limiting issues with LE that block a rollout, you don’t know what you’re doing.

LE works until it doesn’t, and then it’s like every other free service on the internet: no guarantees If your setup relies on the goodwill of a single entity handing out shit for free, it’s not a robust setup. If you rely on that entity to keep an OCSP responder alive for free so all your consumers can verify the validity of your certificate, that’s not great. And people do this to save their company $1 a month for the real thing? Even running the shitty certbot in compute has a larger cost. People are so blindly in love with this “free” garbage. The fanboys will never die off

Kennst duden Konrad? Weil ist ein Maschine

Hmmm gierige Syntax

Danke dir. Manchmal hat man echt nicht alles auf dem Schirm. Ich fahre auch gerne Rad, aber an sowas habe ich nicht gedacht. Ich sehe den Komfortzuwachs an der Stelle jetzt auch.

Brauche mehr Details.

Ich schraube den Deckel ab und halte ihn mit dieser Hand fest. Die andere Hand führt die Flasche zum Mund und ich trinke. Dann setze ich die Flasche ab und schraube den Deckel wieder drauf.

Gibt es hier alternative Ansätze die ich noch nicht kenne, oder kommt es bei diesem Prozess zum Deckelverlust?

Habe mir das neulich erst nochmal angeschaut. Meine Welt ist etwas blasser geworden als ich realisierte, dass es sich um eine Produktion aus Frankreich mit Synchro handelt. Für mich war das ur-deutsch bis zu diesem Tag

Germanys Next Topmodel wird er wohl nicht, aber ist einer der Politiker dem ich zuhören kann ohne zu kotzen. Sympathisch

Thank you

Can’t disagree with any of that. But I still like doing it

Bro, I’m an AWS Cloud Solution Architect and I seriously don’t know what you’re talking about. And, no, when I waste time on Lemmy, then there is literally nothing better to do.

AWS made S3. People built software to integrate S3 as a storage backend. Other people didn’t want to do AWS, and built single-node imitations of the S3 service. Now you use those services and think that is S3, while it is only a crude replica of what S3 really is. At this point the S3 API is redundant and you could just as well store your assets close to your application. You have no real, global S3 delivery service anyway. What’s the point?

Most people misuse AWS S3. Using stuff like minio is even more misguided.

I don’t follow. S3 is an AWS service that these tools emulate locally by providing the same API. But I’m happy to accept that there’s just some misunderstanding 😃

Buy a different domain. Let them pay for this one until the end of time.

Fuck that. People like to act like running an SMTP server or a CA is some major shit, while everyone is fucking up on these subjects every single day.

S3 goes beyond the scope you describe. You disqualify yourself with such statements

I disagree. Local files access is always superior. If you disagree, your target solution is likely poor to begin with

So it compares to existing products, but it’s less mature? Why should anyone care?

S3 storage is simpler than local files? I think you need to elaborate