I was busy taking care of releases today.
Everyone is talking about GPT-4o. I usually use Google's Gemini and GitHub Co-pilot, but it might be better to check GPT-4o out. I hear that GPT-4o is not good at coding tho.
Wait, perhaps I don't have to be an early-adapter. Apple and
OpenAI are collaborating to develop AI assistant feature (?) (I suspect
it is similar to Siri), so I can wait for its release and start enjoying
talking with AI after its release. Let's stick to what I'm using for the
time being. I'm an old-fashioned guy who is only interested in
fundamentals instead of applications. I use zsh and vim.
-> 20240515
Let's Encrypt provides free TLS certificates, and I was wondering what the point is of buying certificates from other providers.
As I browsed a few web pages, I found information on that.o
Let's Encrypt issues certificates valid for 90 days, whereas paid certificates can last 1-3 years. Using paid certificates can reduce renewal effot.
However, certbot can automate the renewal of TLS certificates from Let's Encrypt. I don’'t think the longer validity of paid certicicates is the advantage.
On second thought, certbot's renewal can fail due to misconfiguration (it happens in my VPS). Reducing the chances of failure is beneficial.
DV (Domain Validation): Lowest level. Certificate Authority (CA) only verifies you control the domain, not your identity.
OV (Organization Validation): Mid-level. CA confirms your domain ownership and validates your organization's legitimacy through additional checks.
EV (Extended Validation): Highest level. EV involves the most rigorous checks, verifying your organization's legal existence and good standing.
Let's Encrypt checks if the domain is in control of the person who requests a TLS certificate for it (DV), but it's a bare-minimum standard.
https://www.digicert.com/difference-between-dv-ov-and-ev-ssl-certificates
What distinguishes OV & EV certificates are the extra layers and steps of validation required to obtain them. For both EV & OV certificates CAs must verify the domain owner as well as several details related to the affiliated business including name, type, status, and physical address.
When running business that deal with sensitive data, DV is not enough to prove the identity to users.
This is my certificate of ocalaavenue.net
Issued to:
Common Name (CN) ocalaavenue.net
Organization (O) <Not Part Of Certificate>
Organizational Unit (OU) <Not Part Of Certificate>
Issued by:
Common Name (CN) R3
Organization (O) Let's Encrypt
Organizational Unit (OU) <Not Part Of Certificate>and this is facebook's
Issued to:
Common Name (CN) *.facebook.com
Organization (O) Meta Platforms, Inc.
Organizational Unit (OU) <Not Part Of Certificate>
Issued by:
Common Name (CN) DigiCert SHA2 High Assurance Server CA
Organization (O) DigiCert Inc
Organizational Unit (OU) www.digicert.comYou can see the organization name is provided in the facebook's, but not in mine from Let's Encrypt. Facebook's is with at least OV in addition to DV.
Now I'm getting why companies don't use Let's Encrypt. (I see some companies I've been involved use Let's Encrypt tho :sweat:)
Here are some examples
Paid certificate vendors often offer customer support to help with installation, troubleshooting, and other certificate-related issues whereas Let's Encrypt is a self-service platform.
For example, DigiCert's Secure Site certificate provides warranty[1].
Industry-leading warranties. Secure Site certificates include warranties to protect you and your customers: a $1.75M Netsure Protection Warranty for your business and an industry-best $2M aggregate Relying Party Warranty for your customers.
I see many other advantages of paid TLS certificates.
Yogurt 300 Lunchable 500 Sushi bowl 800 Chicken 200
Total 1800 kcal
TODO: