The IT Blog

New 6-days Validity of Let’s Encrypt Certificates

I just saw this great news: Let’s Encrypt Announces 6-day Validity Certificates

Let’s Encrypt, the non-profit certificate authority, has introduced six-day validity certificates, commonly referred to as short-lived certificates.

Shorter validity periods are great for security. Traditional certificates can last up to a year, meaning if they get compromised, they remain a threat for a long time. Short-lived certificates, reduce the window of opportunity for attackers: Even if a certificate gets compromised, it will become invalid in less than a week.

Josh Aas, Executive Director of Let’s Encrypt’s parent organization, the Internet Security Research Group (ISRG), emphasizes, “Short-lived certificates practically require automation… automating certificate issuance is crucial for improving security across the web.”

Oh yeah. I couldn’t agree more.

Don’t Believe Everything …

We’ve all been there: listening to a talk, podcast or reading about groundbreaking innovations, especially on LinkedIn. It all sounds fantastic, super new, cutting edge technology – almost too good to be true. And often … it is.

Overselling seems to be more common lately – or maybe I’m just noticing it more? Especially with the AI “trend” lately, everyone is “AI first” and doing extremely successful programmes – it seems. But when you get to know someone in the tech field directly, it turns out that we’ve just seen a proof-of-concept project, a project that was stopped after a while for various reasons (didn’t bring the expected results, was over budget, or was never intended to go live at all), or that it is just WAY more complex than illustrated and only the very tiny cool part was told.

It also seems like a pattern to me: The higher someone is in a company, the less reliable their statements are. C-level executives sell visions, middle management sell their successes / themselfes, while engineers are more likely to tell the real story (tech debt, failed experiments, complex architecture and hard compromises).

I think I’ve developed a healthy(?) scepticism. The first questions I ask myself are Who is telling the story (position)? Why are they telling the story (promoting the technology, promoting themselves, promoting a solution)? What is not being said?

The truth seems to be often in the gaps … unfortunately.

Tim Berners-Lee is on Mastodon

I’m hardly following any very well-known people on any social media – but I was positively surprised to see Tim Berners-Lee (@timbl@w3c.social) on Mastodon! Well for the unlikely event that you don’t know what we owe him, check out his Wikipedia entry:

Sir Timothy John Berners-Lee (born 8 June 1955),^[1] also known as TimBL, is an English computer scientist best known as the inventor of the World Wide Web, the HTML markup language, the URL system, and HTTP.

Kill It with Fire – Manage Aging Computer Systems

I just noticed that I never made a book recommendation, even though I’m reading quite some books – well okay, not too many IT books to be honest. A while ago a – very valued – colleague recommended Kill It with Fire – Manage Aging Computer Systems to me.

Is your phone listening – or is it IP based Ad Tracking?

In my recent blog post about reducing Ad-Tracking by using Firewall rules, I already mentioned that I might dig a bit deeper into the topic of IP-based AD-tracking.

RaspberryPi System upgrade vs. Fresh install

Recently I noticed that one of my RaspberryPIs was running a rather old version of Raspian. I thought it might be a good idea to upgrade and followed the instructions from Upgrade Raspberry Pi OS to the Latest Version (2024) – RaspberryTips.

Are you ready to hear the Feedback you were asking for?

Feedback is a double-edged sword – powerful for growth but tough to hear. Whether it’s improving a skill, leading a team, or refining creative work, feedback is invaluable. Yet, how we react to it can make or break the result.

IBAN UX Fail …

I don’t often write about UX failures, but one thing that keeps coming up is the handling of IBANs in checkout processes.

You would think that there’s nothing special about entering an IBAN into a web form: Form, enter IBAN, submit. Well … I keep noticing two things/problems:

How to enable automatic updates on Linux / RaspberryPi

I just noticed that I haven’t logged on to one of my RaspberryPIs for quite a while and also didn’t update it. Instead of hacking some root crontab, a quick search brought this thread in the Raspi forums up: crontab update – Raspberry Pi Forums and unattended upgrades – How do I enable automatic updates? – Ask Ubuntu

To keep the Raspberry Pi updated, I just use the following:

sudo apt install unattended-upgrades apt-listchanges
sudo dpkg-reconfigure -plow unattended-upgrades

Documentation can be found here: Package management | Ubuntu

How to reduce AdTracking with Fritz!Box filter lists for mobile devices

Problem: I am using Pi-Hole on my network to block quite a few ADs and trackers. However, the blocking does not work reliably on Android devices on our WiFi (This thread suggests that this also concerns Apple devices – but we don’t have any at home, though).

I noticed this when I was researching some cycling products and my wife suddenly started getting cycling ADs in her Facebook stream on her tablet. We don’t share devices or accounts or anything – but we do share the same network and therefore the IP of our router.