• 0 Posts
  • 41 Comments
Joined 1 year ago
cake
Cake day: July 16th, 2023

help-circle
  • I’d be more concerned as well if this would be an over-night change, but I’d say that the rollout is slow and gradual enough that giving it more time would just lead to more procrastination instead, rather than finding solutions. Particularly for those following the news, which all sysadmins should, the reduction in certificate lifespan over time has been going on for a while now with a clear goal of automation becoming the only viable path forward.

    I’ll also go out on a limb and make a guess that a not insignificant amount of people only think that their “special” case can’t be automated. I wouldn’t even be surprised if many of those could be solved by a bog-standard reverse-proxy setup.


  • Part of this might be my general disdain towards sysadmins who don’t know the first thing about technology and security, but I can’t help but notice that article is weirdly biased:

    Over the past couple of days, these unsung heroes who keep the internet up and running flocked to Reddit to bemoan their soon-to-be increasing workload.

    Kind of weird to praise random Reddit users who might or might not actually sysadmins that much for not keeping up with the news, or put any kind of importance onto Reddit comments in the first place.

    Personally, I’m much more partial to the opinions of actual security researchers and hope this passes. All publicly used services should use automated renewals with short lifespans. If this isn’t possible for internal devices some weird reason, that’s what private CAs are for.






  • Depends a bit on the clients.

    • KeePass: Will ask you if you want to synchronize/overwrite/discard the database when saving.
    • KeePassXC: Will autoreload the database in the background, so merge conflicts shouldn’t happen in the first place. Otherwise there’s ‘Merge database’ in the menu.
    • KeePass2Android: So I mixed up the names and this is the client I actually use. This one does all changes to an internal copy of the database that is then synchronized on request.
    • KeePassDX: As far as I can see it also has a mechanism similar too KeePass2Android.

    Assuming you only have one desktop and mobile client you should never run into any issues. If you do have multiple KeePassXC clients it’s all fine as well assuming Syncthing always has another client it can sync with.