I think that seniority is closely correlated to understanding tradeoffs. Where a junior and a senior can make from time to time the same decision, how they do it is different. For junior it's often the only option he sees, or doesn't even realize he's making the decision that will have consequences. Whereas senior will think of the context and what are the possible options. All of them will be suboptimal and tradeoffs will be involved. And he'll pick the one that makes most sense with limited information from the context (tech properties, people impacted by the decisions, effort vs importance etc.).
...And senior's decision will unfortunately often be suboptimal as well, but that's what it is. He at least tried to understand the consequences and didn't have access to more information to evaluate it better. But he tried and will reflect on the failure and hopefully do slightly better next time at least in similar context.
Thanks. I'd actually prefer to by through Namecheap as well. I saw RapidSSL and PositiveSSL certs, but I thought they are not suitable if I want both w/ and w/o 'www' subdomain.
So if I buy RapidSSL or PositiveSSL through Namecheap for www.example.com, they will automatically come with example.com in SAN?
Also, why do they have "You also need to have a dedicated IP address" in the requirements? Is this used somewhere in the validation process? I'm asking because the website runs on top of AWS S3, so I do not have dedicated IPs.
> Also, why do they have "You also need to have a dedicated IP address" in the requirements? Is this used somewhere in the validation process? I'm asking because the website runs on top of AWS S3, so I do not have dedicated IPs.
The reason is because in the past browsers did not support name based virtual hosts for SSL and require a dedicated IP to negotiate the initial connection. Wikipedia gives a decent overview on SNI. [1] Amazon CloudFront supports SNI (SSL named virtual hosts) since last March [2]...I don't know if there are costs involved on the AWS side.
According to Qualys, the users of the following clients would not be able to negotiate a connection to your site if you don't have a dedicated IP and use SNI instead:
- Android 2.3.7
- BingBot Dec 2013
- IE 6 / XP
- IE 8 / XP
- Java 6u45
- Yahoo Slurp Jun 2014
Implementation notes for the more popular web servers for posterity or in case you migrate from AWS:
I know Digital Ocean/Linode/Rackspace also offer some really good resources too aside from the SSL provider docs. I've been extremely pleased with the certs/support Namecheap resells over the past 7 years. And they do include the bare domain in the SAN automatically--it has been included for all certificates I've ever purchased. Hope this helps!
> Also, why do they have "You also need to have a dedicated IP address" in the requirements?
Because a web server that hosts multiple secure websites needs a way to know which of the certificates to use to encrypt a new incoming connection. The way we disambiguate that is to give each website a different IP address. In short, it's about the way SSL works, not anything to do with validation.
Thanks for the explanation. To my understanding, that's only necessary when I actually use the certificate, not as the part of certificate validation. I assumed the validation would happen with me setting some DNS record with particular value they can validate or something similar.
I hadn't noticed that. Typically they only thing they need in terms of a domain when you actually activate the cert is they'll only be willing to send the cert to an email that can be found on a whois record. You should be fine.
I've moved completely away from Google. DuckDuckGo for search, here.com for maps, fastmail.com for mail (using my domain, so I'm not locked in), Firefox as browser.
It was not as hard as I expected.
I guess the email was the hardest one do to. I needed to change quite a few addresses for different accounts. I've also put a permanent vacation responder stating that I use new email. It was definitely worth it. And the best: even from usability perspective, I like fastmail.com better than Google.
Seriously one of the worst posts I've seen on top page in a long while.
Disclaimer: from here on I'll also be a bit opinionated, hardly can be worse than the post. And yes he did write the disclaimer, and no, still doesn't help at all.
Just LOL.
What's the difference between Python and Ruby and the conclusion?
Scala doesn't get him excited? Well, can be if he's "not clever enough to program in Haskell". (Not a bad thought-terminating cliché btw)
The best: "limited compile-time safety (you can lint and unit test)" of node? And is offset by "not creating a large codebase!" ?!
Half the languages he mentioned are less verbose than JS.
Oh, and he didn't mention the coolest feature of JS: weak typing, which works perfectly for long-term projects.
On the other hand Lisp? Ah, I'll stop here.
He could have just written "here are the languages I'm currently interested in" and be done with that.
> He could have just written "here are the languages I'm currently interested in" and be done with that.
To me he did. I saw this as a casual listing of what languages he wanted explore next by ruling out the ones he didn't want to learn because of one or two things in each that he didn't want to contend with.
I've heard it said that Scala is the new C++. But to me that doesn't sound bad at all. Sure, you can shoot yourself in the foot, but you can also design beautiful things, the choice is yours.
"Only" gmail? But isn't email the most important part of your online life? I moved away completely from Google. Fastmail.fm instead of gmail was one of my first moves. And I never looked back...
See my reply to pron, but yes. Everyone, and all business, that I want to know me are in my contacts on another service. I also use Thunderbird, and PGP when possible, with my gmail account so at least I don't see any advertising.
Tarsnap is really great service. It's obviously targeted at tech people, but if you are one, just check it out. I do not feel the need for any wrappers as the CLI is quite nice, but your mileage may vary.
What I'm backing up are a few true crypt containers. Not out of paranoia (well...), but because I use TC anyway to separate different kinds of context (by usage and importance). The nice thing is that incremental backups feature still works great. Compression is not really useful though. Currently I have ~70gb of data, ~20gb being unique.
The service is also priced quite reasonably. Highly recommended.
As a newcomer to the tarsnap family (started using a month ago)- I completely agree - I use Dropbox, Super Duper, Arq, Crashplan for various types of backup scenarios - but the tools that I use to snapshot my ultra critical (all Customer content - code, scripts, visio diagrams, network configs, site/RF surveys) 677 MB "customers" folder is tarsnap. It really is as simple as:
...And senior's decision will unfortunately often be suboptimal as well, but that's what it is. He at least tried to understand the consequences and didn't have access to more information to evaluate it better. But he tried and will reflect on the failure and hopefully do slightly better next time at least in similar context.