Certificate Authority Let's Encrypt Has Almost Gone Down to Zero, Nearly Totally Extinct in Geminispace, the Few Capsules Still Using It Are Spam/Dead/Stagnant
Certificates will be covered a lot in the coming days. Certificates aren't for security, at least many of them aren't. In Python, for instance, it has becoming hard to self-sign one or get a self-signed one to be be considered acceptable. Certificates, in that case, became all about outsourcing trust (read: losing control), not security at all!
"Hello;" one reader wrote to us today. "I remembered that Tux Machines had once run a link-article containing a long list of news coverage of (single) event where Microsoft pushed UEFI-flashing update that borked dual-booting to libre GNU/Linux system; but I didn't bookmark it, and now I can't seem to find that from the the main page either (which doesn't seem to have full index like Techrights.org does). Recently, some Internet acquaintance of mine got affected by broken UEFI update that bricked his GNU/Linux system, so I'm writing my own PSA about that; and it would be useful to have a link to that link-article, as one of the cautionary tales. So if anyone remember which URL it was, that would be helpful. Thanks."
A year ago there was no lack of examples. For no good reason GNU/Linux users could not boot into their system, which wrongly asserted that it needed permission from Microsoft.
In Geminispace, contrariwise, self-signed certificates are the norm - so much so that despite the total number of live capsules growing about tenfold the % of them that use Let's Encrypt fell from about 15% to 0.2%. Here's the latest from Lupa:
This represents another decrease for Let's Encrypt; the last decrease was last week.
Consider those handful of capsules that still outsource "trust" to Let's Encrypt; many are stale, neglected, or junk. So they too will perish over time. Where it says "signed by another CA" it may be one's own. █