frezik

I don't see why I should care. In 2001, your choices for backend webdev were basically PHP, Perl, Python, or Java. Now we have a dozen languages competing for the top spot. Elixir is becoming a personal favorite, but I don't see why I should bother with PHP if I don't already have a legacy platform in it.

I've been giving static site generators a go, specifically Hugo. Webdevs have always treated static sites as unserious, but there's plenty of sites out there where it'd be ideal. An awful lot of those sites are currently on WordPress.

Does your local mechanics shop need a dynamic site? No. Local restaurant that points you to an external site for online ordering? No. Little gift shop selling locally produced goods? If they don't intend to sell online, then no. A manufacturer with product pages that have a "where to buy" button that sends you to their sales partner in your country? Nope.

How many CPU cycles are wasted on these sites that could be nothing more than reading a file and streaming it back to the client?

OK. Whatever hypothetical we want to think about here, we still want our cert to be renewed.

You can, but you might still be sweating bullets while waiting for the rebuild to finish.

One problem is that larger drives take longer to rebuild the RAID array when one drive needs replacing. You're sitting there for days hoping that no other drive fails while the process goes. Current SATA and SAS standards are as fast as spinning platters could possibly go; making them go even faster won't help anything.

There was some debate among storage engineers if they even want drives bigger than 20TB. The potential risk of data loss during a rebuild is worth trading off density. That will probably be true until SSDs are closer to the price per TB of spinning platters (not necessarily the same; possibly more like double the price).

Raspberry Pi or an old office PC are the usual methods. It's not so much programming as Linux sysadmin skills.

Beyond that, you might consider OwnCloud for an app-like experience, or just Samba if all you want is local network files.

Presumably, you've patched up whatever hole let them in.

I volunteer to help with IT at a makerspace, and I hesitate to go for 6 day expiration times. As volunteers, we can't always fix problems in a timely way like paid IT staff could. We try to automate the hell out of everything, but certs have gone a day or two without getting updated before.

The key pair you're thinking of is just a singular key for a block cipher. That key needs to be generated/transmitted in a secure manner. Meaning that its security is dependent on the cert. The expiration time of that cert is what they're aiming at.

Lets Encrypt certs tend to be renewed by a cronjob, anyway. The advantage is that if someone gets your cert without your knowledge, they have, at most, six days to make use of it.

Your browser and/or OS has a list of trusted certs called "certificate authorities". When it receives a cert from a web site, it checks that it was signed by a CA. So what you're asking is to become your own CA.

That basically means convincing Mozilla, Microsoft, Google, Apple, etc. that you know how to safely manage certs. It tends to be a pretty high bar. For example, many CAs have a root cert that they keep locked away in a safe that only a few people have access to behind several other layers of security. They have a secondary key that's signed by the root, and the secondary key is used to sign actual customer certificates. That way, they can expire the secondary every year or so and only ever use the root when they need a new secondary. IIRC, Let's Encrypt has two secondaries with overlapping expiration times.

So to answer your question, no, not unless you're willing to go to great lengths and have a great deal of knowledge about TLS.

That would be the point, yes. Balatro has cards and chips, but chips are just there for keeping points. If Balatro is 18+ for gambling imagery, then so should Solitaire. That would be stupid, so Balatro shouldn't get it, either.