mikemaccana's comments

Charities often don't value work if it's provided to them for free. If you are providing any kind of discount, make sure you show the full price of your time on your invoices, then any discounts.

Totally agreed, there's certainly a place for tools that don't need DevOps skills, and many places - typically PaaS - that take care of this.

However many developers wish to have more control over their environment than what a PaaS provides, and a lot of the tools they'd use for that - Ansible, Docker, etc - require basic DevOps skills.

[replying from old account due to rate limit]

Probably worth noting that Telegram is not secure: http://security.stackexchange.com/questions/49782/is-telegra...

I'll be more direct at saying what the post can't say:

- Historically the V8 team simply did not care about node, and would introduce breaking changes that would come as a surprise to node core

- It's better now, and V8 folk are on one of the steering committees for node. Also Google Compute Engine team needs node to work so also brings in a real business case for the V8 team to care about node

- Chakra is also a pretty good contingency plan.

So what's actually included? A comment here mentioned koa, and there's some kind of ORM, but the README has no information.

I was really slow on picking up Babel too. But I've been using Babel 5.x in production for six months without errors - main things were docs that referred to old versions of babel and babelify.

I needed to plug this in the package.json of my private modules:

    "browserify": {
        "transform": [
            "brfs",
            [
                "babelify",
                {
                    "presets": ["es2015"]
                }
            ]
        ]
    }

> This "separate data from presentation" sounds like TCO-speak. Way too frequently referenced to be a genuine inspiration.

Huh? It's a very specific thing. When you run stuff on Powershell, you pipe it to 'select' or 'where' and pick fields, rather than running grep / sed / awk and inventing regexs to scrape stuff.

    ps | where {$_.StartTime -ge $1HourAgo}

Before accusing me of 'TCO speak' and being 'ungenuine' - for mentioning something that's a well known engineering concept, particularly in the Unix world (ever used TeX?), you could have done <1 minute of research.

Asides from being an actual Windows app as you mentioned, it's also a current OpenSSH codebase.

A half-bad Unix on top of Windows, with its own duplicate way of handling services, storage, users, permissions and everything else, is a pretty poor setup. Powershell (particularly the way it separates data from presentation) is one of the best shells on any OS. Being able to access it from Linux is a good thing.

See https://github.com/PowerShell/Win32-OpenSSH/issues/57.

For some reason putty works but iTerm has the backspace issue. Putty user: what's your $TERM?

Ctrl H works as a workaround BTW.

Yes. From my Mac:

    $ ssh [email protected]
    [email protected]'s password:
    Microsoft Windows [Version 10.0.10586]
    (c) 2015 Microsoft Corporation. All rights reserved.

    C:\Users\Mike>powershell -File -

    PS C:\Users\Mike>

See also https://github.com/PowerShell/Win32-OpenSSH/wiki/ssh.exe-exa... once you've got it running. To work around a bug, you'll currently need to run `powershell -File -`

It's still way too early to us as a daily driver - lots of small bugs - but nevertheless interesting.

Here's the current full table (with the seventh row complete):

https://upload.wikimedia.org/wikipedia/commons/3/3d/Discover...

libtls is part of libressl: http://www.libressl.org/

> LibreSSL is composed of four parts:

> The openssl(1) utility, which provides tools for managing keys, certificates, etc. > libcrypto: a library of cryptography fundamentals > libssl: a TLS library, backwards-compatible with OpenSSL > libtls: a new TLS library, designed to make it easier to write foolproof applications

I should add: OCSP is the baseline requirements, ie. DV SSL certs will also need to support OCSP checking. See https://cabforum.org/wp-content/uploads/Baseline_Requirement...

That's an excellent point - I've added it to the article and credited you.

EV is a standard for identity verification, rather than a product.

Our product is 40-100x faster validation for EV. If you think DV is fine for your app, that's awesome. But if you're thinking about getting an EV cert, we do in an average of 5 hours what others do in 7-10 days.

EV certificates require OCSP: Section 26-A of the issuing criteria requires CAs to support OCSP checking for all certificates issued after Dec. 31, 2010.

However as the other poster notes, OCSP stapling includes recent proof that the cert hasn't been revoked the initial handshake, removing additional round trips. See https://en.wikipedia.org/wiki/OCSP_stapling

This is a perfect explanation. As a followup to @daok's feedback, I've amended the article to expand EV & provide a link!

A less common question we get, that a lot of web devs are interested in is 'How do I mitigate against MITM attacks'.

- As a browser, by using a default OS and watching the root CA store. You can control the key stores on most devices except iOS pretty easily: https://certsimple.com/blog/control-the-ssl-cas-your-browser...

- As a server, setting up key pinning (https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning) which throws up a browser warning if someone accesses your site with a new key.