For 3 more months or so, you can’t buy them in april 2026 anymore

Short lifespans are also great when domains change their owner. With a 3 year lifespan, the old owner could possibly still read traffic for a few more years.

When the lifespan ist just 30-90 days, that risk is significatly reduced.

No, these are completely separate issues.

• CRL: protect against certificates that have their private key compromised
• CT: protect against incompetent or malicious Certificate Authorities.

This is just one example why we have certificate transparency. Revocation wouldn’t be useful if it isn’t even known which certificates need revocation.

The National Informatics Centre (NIC) of India, a subordinate CA of the Indian Controller of Certifying Authorities (India CCA), issues rogue certificates for Google and Yahoo domains. NIC claims that their issuance process was compromised and that only four certificates were misissued. However, Google is aware of misissued certificates not reported by NIC, so it can only be assumed that the scope of the breach is unknown.

Source

There are some nameserver providers that have an API.

When you register a domain, you can choose which nameserver you like. There are nameservers that work with certbot, choose one that does.

The only disadvantage I see is that all my personal subdomains (e.g. immich.name.com and jellyfin) are forever stored in a public location. I wouldn’t call it a privacy nightmare, yet it isn’t optimal.

There are two workarounds:

• do not use public certificates
• use wildcard certificates only

The best approach for securing our CA system is the “certificate transparency log”. All issued certificates must be stored in separate, public location. Browsers do not accept certificates that are not there.

This makes it impossible for malicious actors to silently create certificates. They would leave traces.

The “accepted anwer” feature seems very nice, i would love to see this implemented in other fediverse projects too.

I think its a completely different use case. MobaXterm is a fancy ssh/rdp tool with some extra features, while rustdesk is an alternative to teamviewer or anydesk - tools for remote support.

Disclaimer: I haven’t used rustdesk yet, I have no need for this use case.

Yes, that is exactly what I meant.

I don’t know. All I was trying to say is that the growth of the linux market share is likely tied to external factors and not a strictly exponential growth.

That’s probably true, but the Windows 10 EoL or the “Buy European” movement likely won’t have the same momentum as in 2025.

But maybe we’ll see new linux gaming hardware, ongoing windows enshittification and better multiplayer support that will lead linux gaming out of its niche.

It took 18 month for the market share to grow from 2% to 3%.

At this rate of growth, we might hit the 5% market share before the end of the decade.

Personally, I would try to avoid publishing nginx proxy manager’s management web ui to the general public.

Please don’t confuse the nginx proxy manager (npm) with the node.js packet manager (npm). The latter is frequently in the news regarding security vulnerabilities.

There is no content in this post.

@[email protected] I see this is your first post, welcome here :) If you need help, feel free to ask.

For selfhosting, I would advise against installing a desktop environment and rather suggest to install a server version without GUI.

Only downside I see is how long it took for version 2.0 to get released. The previous stable release (1.23.16) was released almost one year ago.

I’ve been using this new version a few weeks now (since beta 3). The most significant advantage is the performance improvement. With 100+ monitors, the “old” version was very sluggish and took a long time to start.

Edit: I migrated my existing install to mariadb following this thread on github.

To be fair, there are some less-than-optimal PoE implementations like “passive PoE”. I’ve heard stories where the wrong PoE mode destroyed network gear.

I don’t see anything wrong with Power over Ethernet, as long as it follows the standards.