> Also, the "obvious reason" that American politics sent zero ex-presidents to prison is that Biden chickened out. So, there's that.
Don't forget Ford deciding to protect his political allies (by pardoning Nixon). And George HW Bush doing similar (preventing Iran-Contra scandal investigation by pardoning participants who could have fingered Bush or Reagan)
I'm not sure I follow. This outage seems like it occurred for less than 1 day. The post you link to is about having certificates expire after 45 days. What's the connection you see?
Some CAs are experimenting with shorter, 7 day certificates as well.
still not an outage that would endanger anyone's ability to renew in time, but for small or extremely shitty CAs (and there are a lot of those) such an outage may take enough time to cause issues in theory I guess?
It doesn't have to be small or more shitty than average. If Google has
a compliance issue and can meet it in 8 hours then its a pretty clear one.
They could have an issue that needs round trips of discussions with
auditors before resuming. etc. I'm not familiar with 24/7 auditor
services.
That's only if you delay renewal until the last day of the lifetime of the certificate. If you renew at day 30 you'd only get in trouble if there's more than two weeks of downtime.
You’re supposed to renew your cert way in advance of the expiration time. For 47-day certs the general expectation is that you renew them monthly, so in the worst case you’d need more than two weeks of CA outage before anything went wrong.
Seems you could use a single SQL statement for that particular formulation. Something like this, using CTEs is possible, but alternately one can reformat them as subqueries. (note: not sure how the select of orders is intended to be used, so the below doesn't use it, but it does obtain it as an expression to be used)
WITH
o AS (
SELECT FROM orders
WHERE orders.id = $1
),
os AS (
SELECT FROM orderStatuses
WHERE orderStatuses.orderId = $1
ORDER BY DESC orderStatuses.createdAt
LIMIT 1
)
INSERT INTO orderStatuses ...
WHERE EXISTS (SELECT 1 FROM os WHERE os.code != $2)
RETURNING ...something including the status differ check...
Does something like this work with postgres's default behavior?
Absolutely - if you can express the whole operation as a single atomic statement, that's the best outcome. No locks needed, no race to test for. The article is about what comes next: when the logic can't collapse into one query, how do you verify your concurrency handling actually works?
> So no one that actually has to renew these certificates.
I believe google, who maintain chrome and are on the CAB, are an entity well known for hosting various websites (iirc, it's their primary source of income), and those websites do use https
Possibly a better comparison (though a bit dated now) would be AT&T (or whatever telephone monopoly one had/has in their locality) charging an additional fee to use a telephone that isn't sold/rented to them by AT&T.
Comcast pulled this on me recently through what I can only describe as malicious bundling.
Internet + shitty "security" software that only runs on their hardware + modem rental is cheaper than internet only + bring your own equipment. You can't buy the cheaper internet+security package without their hardware (or so they claimed).
> I am assuming the message durability guarantees lean towards YOLO rather than ACID?
"Core" nats doesn't have durability. Nats jetstream is the api built on top of nats that in the main nats-server impl provides durability. Jepsen tested Nats Jetstream.
Also from your link:
> Regular NATS streams offer only best-effort delivery, but a subsystem, called JetStream, guarantees messages are delivered at least once.
The project linked here does not implement the nats jetstream api, just normal nats.
So yes, it seems its same (documented, understood) "yolo" as normal nats.
