Technical writeups on SSL, email authentication, uptime monitoring, networking, and whatever else we had to dig into this week.
No posts match your filters.
As of March 15, 2026, the maximum SSL certificate validity is 200 days. By 2029 it will be 47. Here is the schedule, why it is happening, and what it means for renewal.
Uptime numbers show up everywhere — pitch decks, status pages, marketing sites. The numbers are easy to write. What they actually cost to deliver, and how you would prove you hit them, is something most teams never get around to thinking about.
DMARC is the last layer of email authentication. Done right, it stops spoofing of your domain. Done wrong, it silently drops your own legitimate email. Here is the order of operations that avoids breaking anything.
Your API works in every browser. A partner says their webhook delivery is failing with "certificate signed by unknown authority." You visit the URL yourself — padlock, green, fine. What changed between the browser and their webhook? The intermediate certificate.
Your site works in Chrome. Safari shows the padlock. Then your iOS app fails, your CI build cannot reach your API, and a cURL call errors with "unable to get local issuer certificate." Same server, same cert. The silent culprit is almost always a broken certificate chain.
You have a .pem, .crt, .cer, or .key file sitting on your disk. What's actually inside it? Here's how to decode the contents without the OpenSSL ceremony, and what each field means in plain English.
Freshworks permanently shut down Freshping on March 6, 2026. If you're one of the 20,000+ businesses that relied on it for free uptime monitoring, here's what happened, what your options are, and how to migrate.
Everyone assumes domain names and SSL certificates are completely case-insensitive. They're mostly right. But there are real-world situations where capitalization changes what certificate you get back, and most people have no idea.
OPNsense's built-in tools can detect when your internet goes down, but they can't reliably tell you about it. Monit drops alerts when the network is down. Postfix queuing is fragile on FreeBSD. So I wrote a shell script that handles its own email queue and collects diagnostics at the moment of failure.
If you run OPNsense with a standby backup WAN that isn't always plugged in, the failover system will kill your active connections even when there's nothing to fail over to. I wrote a patch. OPNsense closed it. Here's how to protect yourself.
T-Mobile Essentials hotspot showed 310 Kbps on fast.com but 300 Mbps on Cloudflare's speed test. Same phone, same moment. Deep packet inspection was throttling video traffic. A WireGuard tunnel to ProtonVPN on OPNsense fixed it completely.
Months of stable OPNsense operation, then intermittent DNS hangs across every device. The cause: dpinger declaring the WAN gateway down based on ISP latency, triggering state killing with no failover target. The bug report was closed as a "configuration issue."
I discovered Zillow whitelists Google server IPs, letting anyone scrape listings via Google Sheets. Bugcrowd dismissed the report, then threatened me for talking about it publicly. The disclosure process is broken.
Stripe's documentation says publishable keys are "not secret" and safe to embed in client-side code. But attackers are using them to validate stolen credit cards at scale - and Stripe blames the merchants.
Spent a week debugging Safari hanging on page reloads. Turns out it was my OPNsense firewall's UDP timeout killing idle QUIC connections. Here's how to fix it.
My MacBook Pro M3 was barely hitting 40 Mbps on 5GHz with constant packet loss. Every other device was fine. The fix was the router's 5GHz channel. Changed it from 149 to 40 and instantly hit 1.1 Gbps.