Reddit is free. Other people paying for your free service is a very weak argument to bring up. If Lemmy dies today, nobody but hobbyists and amateurs will care. Just like with LE.

I’ve been there. Not every CA is equal. Those kind of CAs were shit. LE is convenient. There are more options though.

I actually agree. For the majority of sites and/or use cases, it probably is sufficient.

Explaining properly why LE is generally problematic, takes considerable depth of information, that I’m just not able to relay easily right now. But consider this:

LE is mostly a convenience. They save an operator $1 per month per certificate. For everyone with hosting costs beyond $1000, this is laughable savings. People who take TLS seriously often have more demands than “padlock in the browser UI”. If a free service decides they no longer want to use OCSP, that’s an annoying disruption that was entirely not worth the $1 https://www.abetterinternet.org/post/replacing-ocsp-with-crls/

LE has no SLA. You have no guarantee to be able to ever renew your certificate again. A risk not anyone should take.

Who is paying for LE? If you’re not paying, how can you rely on the service to exist tomorrow?

It’s not too long ago that people said “only some sites need HTTPS, HTTP is fine for most”. It never was, and people should not build anything relevant on “free” security today either.

People who have actually relevant use cases with the need for a reliable partner would never use LE. It’s a gimmick for hobbyists and people who suck at their job.

If you have never revoked a certificate, you don’t really know what you’re doing. If you have never run into rate-limiting issues with LE that block a rollout, you don’t know what you’re doing.

LE works until it doesn’t, and then it’s like every other free service on the internet: no guarantees If your setup relies on the goodwill of a single entity handing out shit for free, it’s not a robust setup. If you rely on that entity to keep an OCSP responder alive for free so all your consumers can verify the validity of your certificate, that’s not great. And people do this to save their company $1 a month for the real thing? Even running the shitty certbot in compute has a larger cost. People are so blindly in love with this “free” garbage. The fanboys will never die off

I’m calling bullshit on any user count they release. The site was filled with bots even when I still used it. People kept complaining about “karma farmers” as if there were users who repost popular content. It has always been largely Reddit’s own bots too keep new users entertained and recycle popular content so that it reaches as many users as possible. They turned this up to 11 before going public.

Now that they no longer provide an API, they are free to make up any fake metric they want to try to pump up their worthless stock.

"JD Vance is what would happen if Boss Baby grew a beard,” quipped one person in 2021.

“Just shave JD Vance’s beard and he’ll lose all support,” commented a self-described center-right Republican account in April. “He literally looks like a reddit user.”

https://www.dailydot.com/debug/jd-vance-beard-vice-president-donald-trump/?amp

Didn’t even know this was an actual hot topic…

I can relate. Being 13 would pair really bad with my drunk driving

I have heard of studies 🤔

Easy. Come up with some insane pet feeding scenario, and then assume you saw someone on YouTube vouch for it. Enter discourse. Ensure to present your theory by first saying “I don’t know what a cat actually is, but…”. Then slowly slide your audience into your scenario about how people in Florida have kept alligators alive by feeding them rotten boat parts with just the right algae and moss on it.

Saw this picture. Instant reaction: Ah, that’s why he has the beard. Also explains why his beard looks like a transplant

I feel like the time to hide information behind YouTube links is over. Feels like a link to a paywall article at this point.

5 nines imply a downtime of 6 minutes a year, or every 100,000th operation failing. That’s not great for a file system. I assume you picked the number arbitrarily, but still think about it.

And has been for so long, they already went through it once

Numbers give the wrong impression that one version follows another. Debian release channels exit alongside each other individually. Giving the release channels names helps to make that distinction. It also makes for an easy layout of packages in APT repositories.

Sid is and always has been Sid. If you were to assign numbers, what number should replace that name? There are perfectly working labels for release channels and there is no reasonable replacement.

I totally agree with you on the phishing aspect. Good thinking.

I would prefer it if people already knew the domain from prior association. I still download desktop software regularly on the developer website, even though I am also aware that this is not without safety concerns. I know this is an unrealistic expectation at this point, but I dislike that the Google/Apple Stores have more trust, even though they regularly publish fake apps or apps with security/privacy issues.

Ultimately, publish on multiple channels regularly and let your users be aware of alternatives. Then they are enabled to switch when they need to, and it might also be easier for new users to recognize which release channels are official

Valid. I never had anyone do my assignments for free and in few minute though. It seems unreasonable to assume that this has no multiplying effect. After all, I have no hard numbers either

Sounds like a pretty sweet deal

It’s good to have established release channels that don’t rely on third parties in the first place. Everything beyond that is for convenience and strictly optional.

What exactly was the tool we cheated with in the past that was equivalent to LLMs? What is your certainty based on?

Google results are tailored to the user. This is almost never good advice