SSL Certificate Expiry Warning Script

With the increasing trend of SSL on the web, where Google values SSL sites higher and you can have your site be added to the HSTS preload list (the browser will first try HTTPS before trying HTTP), it is a good idea to start using SSL yourself.

The downside: you need to get a certificate through a (pre-trusted by the browser) CA, or certificate authority. This usually costs money, though there are some services that give you a certificate for free. The free certificates only last for one year or less, this means you need to request and install a new certificate frequently, especially when you have multiple domains.

Now it can happen to anyone, even Microsoft (Windows Azure Service Disruption from Expired Certificate), that you forget to renew (and update) your certificate in time.

There is a nice service called certalert.me (interestingly enough not over HTTPS) that will send you an e-mail when a certificate is due to be updated. But as with any web service, unfortunately you can never be sure how long it’s going to live.

So, I have created a script that I run through a cronjob every day that will send me a notification e-mail several times in advance (1 day and 2 7 14 30 60 days ahead), so that you are not dependent on a third party to get notified about expiries. As it is supposed to be with cronjobs, there is no output when there is nothing to report (thus no e-mail).

Here is the script (download warn_about_certificate_expiry.sh):


#!/bin/sh 

CertExpiries=$(mktemp)
for i in /etc/certificates/*.pem; do
	echo $(basename $i): $(openssl x509 -in $i -inform PEM -text -noout -enddate | grep "Not After" | tail -1 | awk '{print $4, $5, $7}') >> $CertExpiries
done

Date=$(date -ud "+1 day" | awk '{print $2, $3, $6}')
Expiries=$(grep "$Date" $CertExpiries)
if [ $? -eq 0 ]; then 
	echo These Certificates expire TOMORROW!
	echo $Expiries
	echo
fi
for i in 2 7 14 30 60; do
	Date=$(date -ud "+$i day" | awk '{print $2, $3, $6}')
	Expiries=$(grep "$Date" $CertExpiries)
	if [ $? -eq 0 ]; then 
		echo These Certificates expire in $i days:
		echo $Expiries
		echo
	fi
done
rm $CertExpiries;

Stack Overflow: Ways out of the negativity

This is in response to the Stack Overflow Meta question: Why is Stack Overflow so negative of late?

In my opinion the problem that Stack Overflow is currently facing is caused by a lot of new users that are characterized by user Mysticial as "help vampires". They care nothing for the site and just want their code fixed. They don’t research (or very little) and provide less than the minimum information needed. Most of the times the questions are very basic and can be answered by an intermediate programmer in a few minutes.

In a normal forum, users would not yield any responses. Not so on Stack Overflow: you get reputation for answering questions and therefore even theses badly researched questions get answers within under a minute. Mystical calls these users "reputation whores".

The problem is that "help vampires" and "reputation whores" create a vicious circle: they both need each other and therefore the circle continues to spin.

The outcome of this situation: the site is flooded with a high number of low quality questions, experienced programmers who are interested in learning something don’t see the forrest for the trees. Even though questions can be voted up, they don’t stand out enough to gain momentum.

Proposed Solutions

a) Create a "beginners test"

This would create a higher burden for low reputation users before they can ask their question. They need to invest more time and rethink their action before they get to post something.

A few ideas what that could be:

  • The user needs to give 3 search queries that he used either on Google or on Stack Overflow that didn’t yield results.
  • If they don’t include any code, they must confirm that they are asking a non-code question. See this proposal on Stack Exchange Meta.
  • Specify the time that they took to research the problem (while this can be easily faked, it makes the user reconsider if they had taken enough time for the problem)

b) Have experienced users review a question, before it goes online

There would be a process where a new user asks his or her question, but it doesn’t go online. Higher reputation users read the question but are unable to answer it, and give feedback if the question has enough information or has been researched enough. Finally, the question get’s thrown into the shark tank.

It would be fine to give these reviewing higher reputation users even more reputation for reviewing this: they are helping to improve the site, this is actually what the reputation system has been designed for: to make the site interesting, not for feeding the "help vampires".

All in all it is remarkable that despite the current situation, Stack Overflow has reached the quality it has. The reputation and badge system has for sure been a very big factor in this but it is very appalling that in order to reach a certain reputation level, you really have to feed the "help vampires".

You can find me on Stack Overflow as akirk.

Posted in Web