You are currently browsing the yearly archive for 2017.

The question of “who to trust with my personal/private data” comes up a lot when you work for Google.

Caveats: I work for Google; you should consider my bias. I drunk the Kool-aid the day I accepted the job offer. These opinions are solely my own and do not reflect those of my employer.

Habits are more effective than laws. When you consider to whom you should entrust your data – Google, Apple, Facebook, Microsoft, governments, etc – ask yourself what that entity’s record is on respecting your privacy and acting ethically. Not just “within the bounds of the law” but “does the right thing, even when it is hard”.

Read the rest of this entry »

SSL fixed (for now)

I’ve temporarily fixed the SSL cert on tolaris.com by rolling back to an older still-valid cert that lacks some DNS names I don’t really need. In the next few months, I intend to upgrade this server and then configure Let’s Encrypt. I’ve had enough of manually dealing with SSL certs.

Tags: ,

My SSL cert is broken

Thanks to everyone who warned me that my SSL certificate is broken. I’ll find a new issuer soon.

This happened because Google and Mozilla have distrusted my SSL issuer, StartSSL, for very good reasons. I was unaware of this action – StartSSL apparently took no effort to warn its customers – until the warning appeared in recent releases of their browsers.

Shame on you, Wosign and StartSSL.

Tags: ,