Andrew Ayer
@agwa.name
Bootstrapped founder of SSLMate (https://sslmate.com). Making SSL certificates easier and doing #WebPKI and #CertificateTransparency research on the side. Blog: https://www.agwa.name He/him
Google just suspended SSLMate's Google Cloud account for the third time: www.agwa.name/blog/post/go...
The obvious fail is Google's trigger-happy account suspensions, but the more important fail is that Google is disincentivizing the secure options for cross-provider access with Google Cloud. 1/4
The obvious fail is Google's trigger-happy account suspensions, but the more important fail is that Google is disincentivizing the secure options for cross-provider access with Google Cloud. 1/4
Google Just Suspended My Company's Google Cloud Account for the Third Time
www.agwa.name
November 3, 2025 at 2:49 PM
Google just suspended SSLMate's Google Cloud account for the third time: www.agwa.name/blog/post/go...
The obvious fail is Google's trigger-happy account suspensions, but the more important fail is that Google is disincentivizing the secure options for cross-provider access with Google Cloud. 1/4
The obvious fail is Google's trigger-happy account suspensions, but the more important fail is that Google is disincentivizing the secure options for cross-provider access with Google Cloud. 1/4
New blog post: I'm Independently Verifying Go's Reproducible Builds: www.agwa.name/blog/post/ve...
I'm Independently Verifying Go's Reproducible Builds
Introducing Source Spotter, a Go Checksum Database auditor and Go toolchain reproducer
www.agwa.name
October 29, 2025 at 6:06 PM
New blog post: I'm Independently Verifying Go's Reproducible Builds: www.agwa.name/blog/post/ve...
New blog post: SQLite's Durability Settings are a Mess www.agwa.name/blog/post/sq...
SQLite's Durability Settings are a Mess
Is SQLite durable by default? What settings guarantee durability? The documentation and even comments from its creator give conflicting answers.
www.agwa.name
August 29, 2025 at 4:49 PM
New blog post: SQLite's Durability Settings are a Mess www.agwa.name/blog/post/sq...
Reposted by Andrew Ayer
Turns out Alpine Linux has a copy of the same script from curl! I've raised an issue in their issue tracker: gitlab.alpinelinux.org/alpine/ca-ce...
ca-certificates bundle incorrectly excludes root CAs with CKA_NSS_SERVER_DISTRUST_AFTER (#6) · Issues · alpine / ca-certificates · GitLab
The build script in ca-certificates incorrectly omits CA roots with a "DistrustAfter" attribute. See this fix in curl: https://github.com/curl/curl/commit/448df98d9280b3290ecf63e5fc9452d487f41a7c#diff...
gitlab.alpinelinux.org
January 7, 2025 at 10:16 AM
Turns out Alpine Linux has a copy of the same script from curl! I've raised an issue in their issue tracker: gitlab.alpinelinux.org/alpine/ca-ce...
I recently investigated how the Entrust distrust would be unintentionally disruptive to non-browser clients: sslmate.com/blog/post/en...
Good news since then: curl has fixed their CA bundle generator, a fix is pending for mkcert.org, and python-certifi is pausing releases until mkcert is fixed!
Good news since then: curl has fixed their CA bundle generator, a fix is pending for mkcert.org, and python-certifi is pausing releases until mkcert is fixed!
The Entrust Distrust Will Be More Disruptive Than Intended
Non-browser clients don't properly handle the Distrust After date
sslmate.com
November 25, 2024 at 9:02 PM
I recently investigated how the Entrust distrust would be unintentionally disruptive to non-browser clients: sslmate.com/blog/post/en...
Good news since then: curl has fixed their CA bundle generator, a fix is pending for mkcert.org, and python-certifi is pausing releases until mkcert is fixed!
Good news since then: curl has fixed their CA bundle generator, a fix is pending for mkcert.org, and python-certifi is pausing releases until mkcert is fixed!