People and companies do. In general, everyone is aware of the issue. It's surprisingly hard to get right all of the time. At scale, due to the number and variety of certificates and use cases, it's one of these "sanitation" tasks that requires meticulous attention. No matter how hard you try, at a certain size, you'll start having embarrassing outages due to expirations anyway, due to weird intersections of causes. Hopefully not many.

It's almost like people think you can renew certs instantly.

Even if you have new ones queued up and ready to go, if your infrastructure has any complexity at all, or rather if it has any isolation (redundancy) at all, it's going to take a while. Somewhere OTOO an hour to a few hours.

That's assuming you immediately identify the problem as a bad cert or certs, and that may take most of an hour or perhaps even longer depending how indirect the root causing path is.

I work at a certain well known tech company where certs have 1 year expirations and your dashboards better contain tracking metrics along with alarms lest you be embarrassed during a presentation, or worse, have to present a discussion of an event due to an expiration.

There are a whole lot of certs out there, and there are many reasons to change/renew them, and they live in many different environments. Some can be automagically renewed by automated systems. Some not so much. Some have to be updated on one host or a few dozen hosts; some have to be updated on hundreds or tens of thousands of hosts.

Sometimes you change vendors because no one trusts one any more and a software library will break unless someone is using a version of it that has some authorities younger than grade school children. You'd be surprised how many companies don't want to update their 6 year old libraries because they're working just fine, until they run into a brick wall outage the morning of the date mentioned in the preceding 6-12 months of emails addressed to business and technical contacts.

If you have one host or ten hosts or 100 hosts of similar function with a 3 year cert that expires and breaks things, that's one thing, but when you have 100,000s or millions in all sorts of environments expiring every year, that's a totally different ball of craziness that needs to be very carefully managed.

I hear that in order to get bug fixes as well as fixes for idiotic inefficiencies back into mainline, certain developers working for a large company wind up using pseudonyms due to resistance from the repo owner. This is something for which the developers could be fired.

But I'm probably hearing wrong.

" The open source core doesn't have a user and password. "

Yeah ... you will notice that although there are still regular colossal "AWS" (as in handrolled ES on EC2) open access ES cluster hacks (generally faux ransomware: you get a note in an index that you need to give x bitcoin to someone to get your data back, but in reality your log has some DELETEs in it), it's nontrivial to hack a wide open AWS Elasticsearch Service domain now. The first huge wave of "ransomware" attacks on ES clusters (also Mongo, but this didn't much impact AWS) was not received well at AWS. This set in motion the implementation of a variety of countermeasures that eventually made it difficult to hack even a wide open domain.

It's crucial in what way? The money types your code for you?

Money keeps the lights on. Money has nothing to do with the actual work. Even in the commercial world, money is just a gateway through which code does or doesn't pass.

Yeah ... it's Apache licensed. You built your house on a public road. People can drive by and look at it.

Elastic could have attempted to foster some kind of cooperative relationship with AWS but ... since November 2015, that didn't happen. Elastic exploited its advantages -- instant release of new versions to its service, X-pack features, a user conference/3 day ad, etc. - until Amazon finally set loose the one and only advantage that made any difference, which is limitless resources.

It did not have to be this way.

Also, everyone with any sense always knew that regardless of Amazon's previous status as a meager contributor to open source, large contributions as well as entire projects were on the way.

List of companies that will use GPLv3 code and thus might consider paid support:

(end of list)

As far as I remember, you've had to double opt in, in order to create a wide open AWS ES cluster for some time, since shortly after the first highly public wave of ES/Mongo/... "ransomware" breaches occurred a while back. (PSA: They didn't ransom anything. They just did a DELETE * of your indices. Hope you didn't send them any bitcoin.)

VPC clusters have been around for a while, and I think there is some new endpoint name header matching feature now that makes IP scan based access of open clusters mostly unworkable.

That would be interesting.

The abstract, though, says: "supercritical water at 380–500 C and 23 MPa" which is 230 bar, which is still a respectable pressure (3300 psi) but the sort of "reasonable" pressure encountered in modern steam turbine power generation, etc.

Somehow, Java became screaming fast and/or Lucene manages to avoid all the parts of Java that are screaming slow. Therefore Elasticsearch. Therefore that's one very good reason that Java won't go anywhere right away.

Also, despite the existence of obviously saner alternatives like REST, many enterprises use Java as a standard for service bindings. Long ago lost to the sands of time is the original intent that XML was intended to be human-readable (in the sense of not needing binary decoding) but not human-written.

I wrote a lot of semi-interesting Java in the past, and I suppose there was a time when I liked it, but I can't see that time coming again. Java is annoying. It's that grumpy, square, didactic, great uncle whose clothes haven't been updated since the 70s and whose house smells musty and who tells you about how he took no shortcuts in his life and you can't either.

Python is annoyingly gimpy (what sort of interpreted language deliberately doesn't have closures and first class functions?) but at least you can write a command-line tool in it, and maybe some day it'll be fast too. I guess dumbed down is better than a smelly old uncle.

Maybe I'll get to write some Rust soon.

... haptic "steering" has been going on for a long time. It's handy if you're plowing in near zero visibility: http://www.govtech.com/e-government/Smart-Snowplows-Keep-the-Highway-to-Valdez-Alaska-Clear.html

Meanwhile one might think that reading a single 2-1/2 year old NYT article about Amazon makes formerly clueless idiot an expert on Amazon's culture and management practices. Sort of like hearing that you should drink 8 glasses of water a day makes you an expert on hydration.

It's a hallmark of the 21st century that intelligent people don't even care whether a Darwinistic screed is well written, or even self-consistent, never mind whether it's ridiculous on its face.

Instead we're reduced to watching people argue as Eric Cartman repeats, "I'm only asking questions."

Here's my thinking. While you're working at your amazingly well-paying tech job (I have one of those too), save your random epiphanies about race and sex for your favorite group of drunks at your favorite cigar bar.

Or, you could circulate your boneheaded manifesto on company-wide mailing lists/bboards where it is certain to become public and also publicly associated with your company name, and see where that gets you.

I completely fail to comprehend Google's notions about design. While Apple creates pretty interfaces that don't have enough buttons, Google creates butt-ugly interfaces that don't have enough buttons, and the buttons that are there, are confusing.

And why oh why don't links open in a new target pane? SERIOUSLY.

Going to be wearing out my fucking mouse wheel just trying to read the 20th article in the news now.

Maybe Google just doesn't want anyone to use any Google anything on a screen larger than 6 inches.

I don't know what the hell you're talking about, and neither do you.

You sure as hell can't RTFA though.