Thursday 5th March, 2020

It looks like LetsEncrypt looked at the vast amount of the Internet that would break when they go on their epic certificate revoking spree and got cold feet:

“Unfortunately, we believe it’s likely that more than one million certificates will not be replaced before the compliance deadline for revocation is upon us at March 5 19:00 PT (03:00 UTC, 21:00 US EST). […] Rather than potentially break so many sites and cause concern for their visitors, we have determined that it is in the best interest of the health of the Internet for us to not revoke those certificates by the deadline.

Let’s Encrypt: OK, maybe nuking three million HTTPS certs at once was a tad ambitious

Fair enough. I mean, they need revoking, but perhaps a less bull-in-a-china-shop approach would have some value.

I’ve been playing Pathos on my phone, a nethack variant which just received a new update. It’s really good, and the developer has done a great job of making the controls work well on mobile; big context sensitive buttons, and a click-to-move map that’s not too fiddly but still shows enough of the level at once to be useful. Obviously, it’s all very inspiring stuff; I’ve been toying with the idea of dumping mobile support for BotLG, but it might be worth persevering with. There’s so few mobile games that I enjoy, it’d be nice if my own game was one of them.

Entities, components, actions and certificates

Saw this article about LetsEncrypt, the service I use to get my HTTPS certificates, accidentally revoking millions of certificates… and then noticed the email from them in my inbox informing me that they’re very sorry, but all of my domains are affected.

On Wednesday, March 4, Let’s Encrypt – the free, automated digital certificate authority – will briefly become Let’s Revoke, to undo the issuance of more than three million flawed HTTPS certs.

The Register: Let’s Encrypt? Let’s revoke 3 million HTTPS certificates on Wednesday

Luckily fixing it was as simple as SSH’ing into my server and running certbot renew –force-renewal, so it was no great emergency. Still, I imagine tomorrow a whole swathe of domains across the internet will be suddenly insecure and promoting browser warnings all over the place.

In roguelike development news, I for some work done on the new Entity/Component/Actions system I’m going to be using for BotLG.

So far I’m really pleased with it. Soon I’ll begin putting it into the BotLG codebase and converting the existing game verbs over. It’s so much cleaner and easier to expand than the current entity/NPC system.