Login

Recent searches

No recent searches

Search options

Not available on vocalounge.cafe.
vocalounge.cafe is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Mastodon instance specializing in Vocaloid, UTAU, and anything relevant to vocalsynth culture.

Administered by:

Server stats:

38
active users

vocalounge.cafe: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

#letsencrypt

2 posts2 participants0 posts today
Replied in thread
Public *
Aral Balkan

@codinghorror @trending_bot Related, longer-term thought, in case it interests you: getting @letsencrypt to work with @opennic would put us on a path to set domain names free from the commercial system (after which we could try to get the EU to force browsers to support OpenNIC natively).

mastodon.ar.al/@aral/114173316

Aral’s fediverse serverAral Balkan (@aral@mastodon.ar.al)@zbrando@vivaldi.net @morrick@appdot.net @ueeu@vivaldi.net You’re not wrong. But, looking ahead, we can do so much better than the commercial domain name system. Commercial domain names are a gold standard example of artificial scarcity. A domain name registrar cost next to nothing to operate. It’s tiny rows of text in a database. It could easily be free to own your own domain name – a huge part of what constitutes identity – on the Internet. In fact, a non-commercial service has been operational for 24 years. It would be trivial to regulate that browsers in the EU implement support for it and work together with, say, @letsencrypt@infosec.exchange to ensure it can handle TLS. That would be an amazing addition to the commons and a future-proof way forward that we could lead on with next to no investment. #domainNames #DNS #openNic #LetsEncrypt #EU #commons #internet #freedom #ICAAN
#OpenNIC#LetsEncrypt#freeTheDomain
Replied in thread
Public
Aral Balkan

@zbrando @morrick @ueeu You’re not wrong.

But, looking ahead, we can do so much better than the commercial domain name system.

Commercial domain names are a gold standard example of artificial scarcity. A domain name registrar cost next to nothing to operate. It’s tiny rows of text in a database. It could easily be free to own your own domain name – a huge part of what constitutes identity – on the Internet.

In fact, a non-commercial service has been operational for 24 years. It would be trivial to regulate that browsers in the EU implement support for it and work together with, say, @letsencrypt to ensure it can handle TLS.

That would be an amazing addition to the commons and a future-proof way forward that we could lead on with next to no investment.

#domainNames#DNS#openNic
Public *
Yann Büchau :nixos:

800 lines of :nixos: #nix later and I have successfully beefed up our #3dPrinting infrastructure at work @umphy with one #RaspberryPi 4:

· a gethomepage.dev landing page
· three fullHD webcams, one for each printer, with current filament visible
· a smart #Tasmota multiplug to remotely power off a printer in case of a problem/hangup
· 🐙 #OctoPrint for the Prusa MK3S, #PrusaLink by the #PrusaMINI​s
· 🔐 all password-protected and certs from #LetsEncrypt

homepage-dashboard (https://gethomepage.dev) showing links to Prusa printer webinterfaces and a Tasmota smart multiplug webinterface and three webcams, showing the idle printers
Tasmota webinterface of a NOUS A5T multisocket, showing buttons to switch off the three printers individually
PrusaLink webinterface, showing cold (20°C) nozzle and bed temperatures and a prompt to upload a gcode file
#Prusa#NixOS
Public
Aral Balkan

New releases

• Kitten (rolling release)
• @small-tech/https version 5.3.2
• Auto Encrypt version 4.1.3

OCSP support has been reinstated in the server so existing sites with Let’s Encrypt certificates provisioned prior to the removal of the OCSP stapling requirement will not fail to load in Firefox.

Kitten servers in production will automatically update to this version in a few hours. You can also sign in to the Kitten settings page on your server and do a manual update to update Kitten immediately.

Thanks to @stefan and @s1r83r for bringing this to my attention. (mastodon.ar.al/@aral/113969540)

Aral’s fediverse serverAral Balkan (@aral@mastodon.ar.al)@s1r83r@pataterie.ca @stefan@gardenstate.social Thanks for the heads up, folks. So, here’s what’s happened: 1. Let’s Encrypt removed OCSP support and starting rejecting certificate requests that require OCSP stapling (a privacy feature that Kitten inherited from my Auto Encrypt module) for new server requests and will reject certificate renewal requests starting in May. 2. So I went ahead and removed the OCSP stapling requirement from the certificate requests Auto Encrypt makes to Let’s Encrypt. 3. I also removed OCSP support from the server. Makes sense, right? Sure does, until you consider what happens to servers with already-provisioned Let’s Encrypt certificates that have certificates that require OCSP stapling. (kitten.small-web.org’s certificate got renewed four days ago, before I’d released the updates.) *Doh!* 🤦‍♂️ Seems Safari and Chrom(ium) are fine with letting it pass. However, Firefox, (and correctly too, I might add), refuses to load the site. So I’m off to update Auto Encrypt to re-enable OCSP support with a note to disable it in May (by which time all certificates will have renewed anyway without the stapling requirement) and then issue new builds of @small-web/https and Kitten. Kitten servers should automatically upgrade and start working in Firefox in several hours. And you can also manually update them if you want to before then after I’ve announced the releases. Thanks again for letting me know. :kitten:💕 #Kitten #SmallWeb #AutoEncrypt #LetsEncrypt #TLS #SSL #HTTPS #OCSP
#Kitten#SmallWeb#SmallTech
Public *
Aral Balkan

New Kitten release

• Upgrades to version 5.3.1 of @small-tech/https¹ which has version 4.1.2 of Auto Encrypt² that l removes OCSP stapling (because Let’s Encrypt has removed OCSP support).

Please upgrade your Kitten as soon as possible or any new Kitten servers you try to set up will fail and any certificate renewals for existing servers will start to fail in May.

kitten.small-web.org

(To upgrade, run `kitten update`. Your production servers will update automatically.)

Enjoy!

:kitten:💕

¹ npmjs.com/package/@small-tech/
² npmjs.com/package/@small-tech/

#Kitten#SmallWeb#SmallTech
Continued thread
Public *
Aral Balkan

@small-tech/https version 5.3.0 released

• Uses Auto Encrypt 4.1.1 (removes OCSP stapling support because Let]s Encrypt has removed OCSP support).

npmjs.com/package/@small-tech/

This module is a drop in replacement for Node HTTPS module that automatically handles TLS certificate provisioning and renewal both at localhost (via Auto Encrypt Localhost¹) and at hostname (via Auto Encrypt with Let’s Encrypt certificates²).

So, this is how you create a HTTPS server in Node.js that uses this module and automatically handles TLS certificate provisioning and renewal for you both at localhost (during development) and at hostname (during production):

```js
import https from '@small-tech/https'

const server = https.createServer((request, response) => {
response.end('Hello, world!')
})

server.listen(443, () => {
console.log(' 🎉 Server running at https://localhost.')
})
```

(Yes, that’s it! I wrote a metric shit-tonne of meticulously-tested code so you don’t have to.) :)

💡 Note that the localhost certificate support via Auto Encrypt Localhost is 100% JavaScript and does NOT rely on an external binary like mkcert or certutil.

Needless to say, Kitten³ uses this module under the hood and it’s a big part of why Domain⁴ can deploy servers so easily that don’t require any day-to-day maintenance.

In case you’re wondering why I’m spending so much time releasing all these modules, it’s because I believe in sharing every brick of the house I’m building so others can easily build different houses if they want to. I’m not saying that what I’m building with Kitten, Domain, and Place⁵ will be the end all be all of the Small Web⁶ (the peer-to-peer web). And I want others to be able to experiment by building their own tools without having to go through the grueling development process I’ve had to in the past six years to build basic infrastructure.

Enjoy!

💕

¹ codeberg.org/small-tech/auto-e
² codeberg.org/small-tech/auto-e
³ kitten.small-web.org
codeberg.org/domain/app
codeberg.org/place/app
ar.al/2024/06/24/small-web-com

npm@small-tech/httpsA drop-in standard Node.js HTTPS module replacement with both automatic development-time (localhost) certificates via Auto Encrypt Localhost and automatic production certificates via Auto Encrypt.. Latest version: 5.3.0, last published: 16 minutes ago. Start using @small-tech/https in your project by running `npm i @small-tech/https`. There are 2 other projects in the npm registry using @small-tech/https.
#SmallWeb#SmallTech#AutoEncrypt
Continued thread
Public *
Aral Balkan

Auto Encrypt version 4.1.1 released

Fixed:

• User agent string now includes the correct Auto Encrypt version (and the name fragment “auto-encrypt” instead of “acme”).

• Tests now send `Connection: close` header so they’re not tripped up by the default `keep-alive` introduced in Node 19.

npmjs.com/package/@small-tech/

npm@small-tech/auto-encryptAutomatically provisions and renews Let’s Encrypt TLS certificates on Node.js https servers (including Kitten, Polka, Express.js, etc.). Latest version: 4.1.1, last published: 3 minutes ago. Start using @small-tech/auto-encrypt in your project by running `npm i @small-tech/auto-encrypt`. There are 3 other projects in the npm registry using @small-tech/auto-encrypt.
#SmallWeb#SmallTech#AutoEncrypt
Public *
Aral Balkan

Auto Encrypt version 4.1.0 released

• Removes OCSP stapling, as Let’s Encrypt is removing OCSP support.

If you’re already using Auto Encrypt upgrade before May or your certificate renewals will start to fail. Upgrade now if you want to get certificates for new domains as new certificate requests are already failing.

codeberg.org/small-tech/auto-e

Auto Encrypt automatically provisions and renews Let’s Encrypt TLS certificates on Node.js https servers (including Kitten¹, Polka, Express.js, etc.)

Regular Node.js HTTPS server (without Let’s Encrypt certificates):

```js
import https from 'node:https'
const server = https.createServer(…)
```

Auto Encrypt https server with automatic Let’s Encrypt certificates:

```js
import AutoEncrypt from '@small-tech/auto-encrypt'
const server = AutoEncrypt.https.createServer(…)
```

(Certificates are provisioned on first hit and automatically renewed 30 days before expiry.)

¹ kitten.small-web.org

Codeberg.orgauto-encryptAutomatically-provisioned TLS certificates for Node.js servers using Let’s Encrypt.
#AutoEncrypt#LetsEncrypt#TLS
Public
Aral Balkan

Just released Node Pebble version 5.1.1

• Updated to Pebble version 2.7.0.

• Now also supports macOS and arm64 (because Pebble itself does).

codeberg.org/small-tech/node-p

Node Pebble is a Node.js wrapper for Let’s Encrypt’s¹ Pebble² that:

• Downloads the correct Pebble binary for your platform.

• Launches and manages a single Pebble process.

• Returns a reference to the same process on future calls (safe to include in multiple unit tests where order of tests is undetermined)

• Automatically patches Node.js’s TLS module to accept Pebble server’s test certificate as well as its dynamically-generated root and intermediary CA certificates.

¹ letsencrypt.org

² “A miniature version of Boulder, Pebble is a small RFC 8555 ACME test server not suited for a production certificate authority.” github.com/letsencrypt/pebble

Codeberg.orgnode-pebbleA Node.js wrapper for Let’s Encrypt’s Pebble (a small RFC 8555 ACME test server not suited for a production certificate authority)
#LetsEncrypt#TLS#SSL
Public
Aral Balkan

So I guess Let’s Encrypt has decided what I’ll be working on today then…

letsencrypt.org/2024/12/05/end

(They’re ending OCSP stapling support. I’ll be updating Auto Encrypt¹ to remove OCSP support and then update @small-tech/https, which uses it, along with Auto Encrypt Localhost² to provide seamless TLS support regardless of whether you’re working in development or in production, and then update Site.js³ – deprecated but still used to serve some of our own sites at Small Technology Foundation⁴ – and Kitten⁵, with the latest @small-tech/https.)

¹ codeberg.org/small-tech/auto-e
² codeberg.org/small-tech/auto-e
³ codeberg.org/small-tech/https
small-tech.org
kitten.small-web.org

letsencrypt.orgEnding OCSP Support in 2025Earlier this year we announced our intent to provide certificate revocation information exclusively via Certificate Revocation Lists (CRLs), ending support for providing certificate revocation information via the Online Certificate Status Protocol (OCSP). Today we are providing a timeline for ending OCSP services: January 30, 2025 OCSP Must-Staple requests will fail, unless the requesting account has previously issued a certificate containing the OCSP Must Staple extension May 7, 2025 Prior to this date we will have added CRL URLs to certificates On this date we will drop OCSP URLs from certificates On this date all requests including the OCSP Must Staple extension will fail August 6, 2025 On this date we will turn off our OCSP responders Additionally, a very small percentage of our subscribers request certificates with the OCSP Must Staple Extension.
#SmallWeb#SmallTech#TLS
Public *
Erik van Straten

Telefonie+websites: spoofing-risico

Zojuist heb ik security.nl/posting/874752/Tel (*) een stuk over bankhelpdeskfraude, en andere vormen van online oplichting, gepubliceerd.

Mijn advies: kijk in elk geval naar de hoge tabel onderin dat stuk met namen van nepwebsites gericht op de Nederlandstalige markt, en leer daarvan.

De mogelijkheden voor cybercriminelen om te variëren met "lijkt op" domeinnamen zijn bijna eindeloos. En deze groep cybercriminelen lijkt zich tot ".com" TLD's (Top Level Domains) te beperken.

Het is overigens ietsje lastiger om een nepsite met een ."nl" TLD dan bijv. ".com" te registreren. Belangrijker, als dat lukt worden ".nl" nepsites vaak, na een paar dagen, "uit de lucht gehaald". Maar je zal maar opgelicht worden in die paar dagen.

(*) Mocht de Redactie van security.nl(waar ik geen enkele andere relatie mee heb dan daar al jaren een account te hebben) ook deze bijdrage van mij verwijderen, een gearchiveerde versie (met nog 2 typfoutjes er in) vindt u in archive.is/7NjIC.

Meer info in de Alt tekst van onderstaand plaatje.

Screenshot zojuist, een stuk gescrolled in https://www.virustotal.com/gui/ip-address/193.143.1.14/relations waarin 14 domeinnamen van nepwebsites te zien zijn. Te zien zijn regels met van links naar rechts (per regel): 1. De datum waarop de (als vierde vermeldde) domeinnaam via een DNS-aanvraag "resolvde" in IP-adres 193.143.1.14 (gemoemd in bovengenoemde URL. Merk op dat er duizenden websites op één IP-adres actief kunnen zijn. In alle gevallen is dat vandaag, aangeduid als 2025-02-02. 2. Het aantal virusscanners (van 94) dat de website achter de (als vierde vermeldde) domeinnaam als kwaadaardig beschouwde toen dit werd getest (dat kan eerder dan vandaag zijn geweest, de actuele score kan ook iets hoger of lager zijn). De "beruchtste" twee, met de ongebruikelijk hoge score van 21/94, zijn "avastng dot com" en "avastdpr dot com" (na het verschijnen van een nepwebsite het kan weken duren voordat zóveel virusscanners - van 94! - zo'n site als kwaadaardig bestempelen. Daarom is dit mechanisme grotendeels nutteloos. De laagste score, 0/94, geldt voor "belastingdienst-afhandelen dot com". Deze website lijkt gisteren te zijn geregistreerd, is dus nog erg nieuw. 3. Welke organisatie de DNS-lookup heeft uitgevoerd. Het bedrijf VirusTotal (een Google-dochter) werkt hiervoor samen met diverse andere organisaties. In deze screenshot was de DNS-aanvrager in alle gevallen Mandiant, een bekende malware-bestrijder (ook een dochter van Google). 4. De domeinnaam van de nepwebsite.
#Phishing#BigTechIsEvil#GoogleIsEvil
Replied in thread
Public *
Flo

@grillo_delmal #Proxmox and #Ansible is a powerful combo and super useful skill to have. I once built the entire infra for a bootstrapped company using that. With dev and staging servers locally on proxmox for every public hetzner server we had.

I really like having the same playbook for all environments. If you use dns verification for #letsencrypt you can even keep the ssl cert renewal logic the same on your home server as on a public server.

Public
Blue Ghost

Let's Encrypt is a nonprofit certificate authority (CA).

Ten year anniversary was on 18.11.2024.
Certificates have been used by 450 million websites.

Free digital certificate is provided to enable TLS for websites.
Automatic process to obtain, configure, and renew certificate via hosting provider.

CA: en.wikipedia.org/wiki/Certific
TLS: wikipedia.org/wiki/Transport_L

Website: letsencrypt.org
Mastodon: @letsencrypt

Let's Encrypt logo.
#LetsEncrypt#Encryption#Privacy
SearchLive feeds
About