Wednesday, February 26, 2025

Timber

 While we were out walking on Sunday, my wife and I had the following exchange:

W.:,"What does 'Zimmer' mean in German?"
I: "room". 
W.: "What does Zimmermann mean?"
I: "Carpenter. Hmm."

 A look at the Grimms' dictionary shows that "Zimmer" derives from roots cognate with the English "timber", and originally applied to buildings of wood and to wood suitable for building, then to portions of such a building. So a Zimmermann would be just who one needed to build a Zimmer.

And I don't know why it occurred to my wife to ask.

 

 

Posted by at No comments:

Wednesday, February 12, 2025

Certificates, Again

 It turns out that our network manager signed us up for certificates for the period 2013 through 2026. Evidently this means that we are grandfathered in for the one-year certificate duration. One of his successors received and verified the request for 2025-2026, then sent me the certificate bundle. I have applied the certificates to most of the servers that need it: two are very slow to come up after the installation and restart of the processes, and so are waiting for an early morning.

Suddenly the weeks leading up to mid-March are much less stressful. We have another year to think about how we will manage with the three-month certificates.

Posted by at No comments:

Saturday, February 8, 2025

Certificates

Web server certificates used to last one for three years, I recall. Our network administrator would send a request to GoDaddy, get back a certificate, and it would be up to others of us to install it, possibly with some change of format, on the assorted servers. I thought that the three-year span was convenient. It gave one enough time to forget the procedures, but with proper documentation that didn't matter.

At some point, GoDaddy shortened the life of certificates to one year. That was tolerable. Last year, I read that the standard length of certificates would be three months, and so it is. This is great if you can set up LetsEncrypt with the http challenge, and let the certbot take over. If you can't, then life becomes somewhat more complicated. I suppose that we will figure out the dns challenge instead. But I wish we didn't have to. Is it really plausible to suppose that a certificate can be defeated in one year but not in three months? And there are proposals to shorten the lifetimes still further. Oh, dear.

Posted by at No comments:
Subscribe to: Posts (Atom)