Comment Wasn't Pascal for that? (Score 5, Funny) 160
History repeats itself? Or is this just a rhyme?
History repeats itself? Or is this just a rhyme?
As I imperfectly explained, the demand for a public cert comes from an ignorant customer who insists they must use a "publicly trusted cert" due to "policy" and is clueless about the technology.
Rule #1: The customer is always right
Rule #2: When the customer is wrong, see rule #1
Rule #3: When the customer is stupid, see rule #1
In short, the reason for a public cert has nothing to do with reason, good or otherwise, and little to do with being lazy, or using it for IPsec, or even whether either the client or the server is on Apple platforms.
Hence my concern as to whether this behavior by Apple will eventually impact my otherwise unrelated support concerns for my customers and my specific applications. I am guessing it will, as it will be impossible to buy a cert that is good for two years or more, even if I don't care whether Apple browsers support it. I will be forced to jump through the air gap every 398 days whether I want to or not, I presume.
The question as to whether the Apple IPsec client will enforce it or not is almost irrelevant if I cannot buy a longer-lived cert, but is a question if I use a private cert since the first Apple IPsec client that rejects a 2+ year cert will force even my private cert to live only 398 days.
I guess Apple is the big dog that likes to bark and nip at everyone's heels. So we listen and jump on command whether we want to or not. Tis the world we live in.
I do, usually. But I have a few servers where the client absolutely insists on a "publicly trusted cert" although they clearly have no understanding of what they are demanding. In these cases, I must run a public cert. So this is why I ask.
But the question of whether this is merely a browser thing, or the Apple IPsec client will also attempt to enforce is mainly what's on my mind. At the moment it does not seem to be an issue, I mainly worry that it will change.
Certs have more uses than attesting to the browser that the bank website you connected to is really the bank and not some bogus server. For example, what about IPsec tunnels? Does this limit by Apple on Browser certs also mean that as an artifact of everyone shortening the lifespan of CA Certs in the browsers, I will not be able to buy certs with longer lifespans for other uses? If I am running a service that is effectively "air-gapped" behind an IPsec server, updating certs can be a little painful, depending on just how "air-gapped" it is. Will this limit my ability to buy longer lifespan certs even though I don't care about the Browser's acceptance of it? Will Apple's VPN client also reject long-lived certs?
The last time I left updates enabled, update started updating my machine and demanded a reboot in the middle of a major corporate presentation in front of a large audience. This is UNACCEPTABLE behavior!
Windows Updates (1) Constantly reset browser preferences, (2) Frequently break hardware drivers, and (3) Often interfere with critical, urgent work tasks. Don't tell me not to turn them off! Don't tell me not to tell others to turn them off! NOT GONNA HAPPEN!!!
Windows Updates should be TURNED OFF, during all business / production usage. Then updates should be enabled/installed manually during weekends, vacations or other non-critical times. I DECIDE when my machine can be down for maintenance. Not Microsoft. The Updates STAY OFF, until I purposely enable them when I am willing to allow time for reboots, and have the time to restore my machine to proper configuration and operation afterward.
I actually USE the headphone jack. I have a new 6s+ and will not replace it for some time, but when I do, I will not consider a jack-less phone if there is a competitor with one. So, Apple, remove the jack, and Samsung here I come.
There is a lot to like in this, but I do have some issues.
I would like to see a series of detailed plans that show, for example, the R Value of the insulation, especially with the broad window exposure, the kWh capacity of the panels, the storage capacity, and more. Also, it needs upscaling for real-world families.
For a young couple with no kids and both working outside the home, who only need a place to sleep, it appears ideal. That ain't me or my family.
Where's my office for my writing and programming? What would be the impact on the energy system of the five computers I use constantly, or the ones others in my family use?
PV Water heat sounds nice, but for how much water? How does it handle a real winter? Is there propane backup for winter use?
Where's my media room, the big screen for my movie enjoyment?
Where are the bedrooms for my kids and grandkids when they visit?
Still, there are some good ideas here. Maybe When I build the next house, I will use some of them.
Or at least some of it, in my novel 'Chromosome Quest'. It and the sequel 'Chromosome Conspiracy' are on Amazon. More info at www.ChromosomeQuest.com
In my Science Fiction novel 'Chromosome Quest', the hero, Fitz, takes a time-out to watch cat videos when he's feeling stressed. I put that in for a reason! It works! http://www.chromosomequest.com...
Where there's a will, there's a relative.