I'm really excited for this. We moved 120+ hand renewed certs to ACME, but still manually validate the domains annually. Many of them are on private/internal load balancers (no HTTP-01 challenge possible), and our DNS host doesn't support automation (no DNS-01 challenges either). While manually renewing the DCV for ~30 domains once a year isn't too bad, when the lifetime of that validity shrinks, ultimately to 9 days, it'd become a full time job. I just hope Sectigo implements this as quickly as LE.

You might consider adding a modal when closing the window with unsaved changes?

Good point — and thank you for the suggestion! In this case it’s actually not necessary because the entire workspace is automatically persisted in local storage, so everything is restored when you reopen the app.

It's linguistically a minced oath[1], and they're pretty common in all manner of online contexts.

[1] https://en.wikipedia.org/wiki/Minced_oath

Great reference; thank you.

You can. I think there's a couple approaches - bind mount the docker socket, or expose it on localhost, and use host networking for the consuming container, or there exist various proxy projects for the socket. There may be other ways, curious if anyone else knows more.

> bind mount the docker socket

Bind-mounting /var/run/docker.sock gives 100% root access to anyone that can write it. It's a complete non-starter for any serious deployment, and we should not even consider it at any time.

Sure, but sometimes that's what you intend. Docker isn't always used for, nor is it particularly designed to be a security / sandboxing solution. If I'm running a tool as root that interacts with the docker daemon, I might choose to run it in a container still.

That's not even close to the same as a well thought out rbac system, sorry.

> Can you control the docker swarm API from within a container that is running inside of it?

The question didn't ask about RBAC, well thought out or not.

Android has been doing this for a while, too

I make typos like that lot. The one that is most common for me is CVS instead of CSV. No, this isn't a list of things to get from the drug store ::facepalm::

I'm a fan of 'nc' / netcat for this purpose. It's small, quick, and can send or receive over TCP or UDP.

> slither

What is a slither in this context? Or should this be "sliver"?

Your company was taking bets on https://www.online-stopwatch.com/horse-race/ ?

Unrelated - that site is great. I looked into membership, but $6/month seems steep.

:) it was indeed pretty similar!

You're the guy in the article? Could you elaborate and share more of your side of the story?

I am indeed the guy in the article. My side of the story is fairly boring, didn't do crime but got blamed for it anyway by desperate cops. The whole investigation has been bizarre, for example, no-one has ever searched my homes, or even attempted to seize my personal devices.

Should find out within the next couple of months if the appeals court decides to acquit.

Wow. That's why I love HN. :)

But you were strongly linked to the crime. Thus your opsec is terrible.

For sure, just goes to show how important it is to really carefully consider your threat model.