r00ty

Instructions unclear, VPN'd into my own home network.

I have auto redirect to 443. But --nginx works fine. I think it overrides stuff for whatever the specific url used is.

There's a certbot addon which uses nginx directly to renew the certificate (so you don't need to stop the web server to renew). If you install the addon you just use the same certbot commands but with --nginx instead and it will perform the actions without interfering with web server operation.

You just then make sure the cron job to renew also includes --nginx and you're done.

It makes sense that they issue short certificates, though. The sole verification is that you own the domain. If you sell/let the domain lapse and someone else takes it over, there's only a limited time you would hold a valid certificate for it.

An array?

var turtles = new Turtle[] { new Turtle(), new Turtle() };

Don't do this :P

You realize there's 8 billion people on the planet? The majority of people either didn't (or luckily for them still don't) know who this guy is.

I would agree, but there's been at least two updates in the last six months that restarted my machine before I even got to see the pending restart warning. I use it every day and shutdown if I won't be. So the restart happened less than 24 hours after any warning if there even was a warning.

That has the potential to lose things I'm working on. Windows pathetic attempt to bring things back falls woefully short of functional.

Flash up alerts to say there's critical updates, but the action to actually restart should be a human interaction.

That's got to be extremely rare. Not much you can do in that case. But they will hit many problems with that approach.

I mean, while they can block most things, to give people a usable experience they're going to allow http and https traffic through, and they can't really proxy https because of the TLS layer.

So for universal chance of success, running openvpn tcp over port 443 is the most likely to get past this level of bad. I guess they could block suspicious traffic in the session before TLS is established (in order to block certain domains). OpenVPN does support traversing a proxy, but it might only work if you specify it. If their network sets a proxy via DHCP, maybe you could see that and work around it.

I did have fun working around an ex gf's university network many years ago to get a VPN running over it. They were very, very serious about blocking non-standard services. A similar "through" the proxy method was the last resort they didn't seem to bother trying to stop.

I don't think users should reward the behaviour. If they actually lost money because of these decisions, they would stop making those decisions.

But, we both know enough people will bend over and take it.

But, in terms of cost it can be a good move. It's just for us, it makes at best, no difference.

Pretty much how it always works with business.

Well, I would say it SHOULD bring overall prices down. If the cost to build the top of the line model comes down to say the same as the mid-range model AND more people are say buying up. It means that competition would push overall prices down.

But of course not, it benefits the companies most, and given the choice of lower prices or more profit, they'll choose the profit every time.

If they go subscription only (because recurring revenue is the current business buzzword, so of course they will go subscription only) then overall cost for the life of the car will definitely be higher yet "feel" more affordable.