back to article Creator of SSLPing, a free service to check SSL certs, downs tools

A timely reminder is being issued to the effect that free web services are not the same as free software: the creator of the SSLPing service says he can't look after it anymore. SSLPing was a useful tool to have around. Sign up, add your servers and the service would check certificates, protocols, ciphers and known …

  1. Plest Silver badge
    Unhappy

    The worst bit....

    You can bet your sweet life that poor guy is getting a ton of abusive mail from ungrateful bastards moaning about why a free service is no longer running. You can only put yourself out there and help so many before something turns from something helpful into a fucking huge chore you simply can't do anymore.

    1. sreynolds Silver badge

      Re: The worst bit....

      Yeah I remember someone taking something I had working on github and raising issue on this and banging on about it not working etc. I had long since given up.

      Bloody entitled millennials, why can't they do their own homework.

    2. DS999 Silver badge

      Re: The worst bit....

      Hopefully he was smart and used a different email for contact information so he can simply delete it or change the alias to point to /dev/null.

    3. anothercynic Silver badge
      Unhappy

      Re: The worst bit....

      Yet another person faced with the brutal reality that free services don't pay the bill. A shame. I didn't know about this service. Sadly, our organisation uses SSL Labs.

    4. Mayday Silver badge
      Thumb Down

      Re: The worst bit....

      I understand.

      Years ago I did my CCIE, ran a blog page, helped moderate a few study and tech forums, made lab files available to help others study etc. All for free. That was ok, I actually like helping people.

      Got over it after a while and stopped. Cue emails and abuse from people about how much of a bad man I am for not helping (actually doing) setting up their virtual study environment (Dynamips/GNS3 in case you were wondering) for them to study for their lab exams on.

      Something has to give eventually and you cant expect Mr and Mrs SSLPing to keep it up at their own expense just to convenience a bunch of others.

    5. geekguy

      Re: The worst bit....

      Unfortunately you are 100 percent right, I remember the ndoc debacle where people abused the author and he just shut up shop, and quite rightly so.

    6. chartwig

      Re: The worst bit....

      Hey! Actually, I've received exactly 0 such email, and a lot of grateful emails! I must say I was surprised myself, by the amazing user/fan base SSLPing had. I do understand your fear though, as I shared it!

  2. djnapkin
    Linux

    Pingu

    I must be masochistic because I would be interested in the challenge of running such a tool. I've never let lack of prior experience get in the way.

    On another angle ... I notice one of the major obstacles was keeping the *nix operating system up to date. If only he'd run it on Windows ... (ducking for cover :-)

    1. Anonymous Coward
      Anonymous Coward

      Re: I've never let lack of prior experience get in the way.

      Neither has any of our current goverment.

    2. Anonymous Coward
      Anonymous Coward

      Re: Pingu

      I know you did it sarcasticly, but you probably don't realize just how many Windows server 2008R2 systems are out there chugging along, woefully out of date, long abandonded by Microsoft.

      Surely all those windows admins would have upgraded by now.

      Ha!

      1. Wanting more

        Re: Pingu

        We still have a Windows 2000 server to run VB6 builds on. Heavily firewalled and running on a VM. But one day VMWare will update things and Windows2000 will no longer run any more, then we are screwed. We're currently on the 3rd project to replace the old VB6 system.

        We also have some "irreplaceable" DOS software attached to a specialised scanner, but that runs on Windows 10 64bit in DosBox though, so fairly modern!

      2. MisterHappy
        Coffee/keyboard

        Re: Pingu

        Windows Server 2008R2 is currently getting security updates & will continue to do so for a few more months... IF you paid for the 3rd year of extended support.

        Having said that there is a bit of a scramble to get rid of our last couple.

  3. heyrick Silver badge

    Sign up?

    Or just pop over to <a href="https://www.ssllabs.com/ssltest/”>https://www.ssllabs.com/ssltest/</a> ?

    1. DoContra

      Re: Sign up?

      I've always used (and recommend!) SSLLab's ssltest and associated documentation/howtos. However, from reading the fine article SSLPing (which I hadn't heard of until today) seemed to offer periodic checking with e-mail alerts, which ssltest doesn't even offer (you need to manually check your site every so often/once the phone doesn't stop ringing).

      1. fidodogbreath Silver badge

        Re: Sign up?

        UptimeRobot paid plan can monitor for SSL expiration. I use the free version, so I can't attest to how well it works at SSL monitoring; but they say it sends alerts 30, 14, and 7 days prior to expiration.

        1. Peter X

          Re: Sign up?

          If you only need to check for expiration, there's plenty of scripts on Github.

          This one for example (completely random example - honest ;-) ) is so simple, you can audit the code yourself in a few short minutes.

          I wrote use it to make sure my certbot installation is working correctly!

        2. Version 1.0 Silver badge

          Re: Sign up?

          UpTimeRobot works very well, I've been using it for years now and I pay them for their service every year. Free services are handy if you are just playing with things but... "The big difference between sex for money and sex for free is that sex for money usually costs a lot less." - Brendan Behan

      2. Bitsminer Bronze badge

        Re: Sign up?

        Qualys (SSLLabs) also has a certview free service. Or should I say "free".

  4. BinkyTheMagicPaperclip

    I feel for the guy, but..

    Isn't the whole point of Docker and other container services that you're insulated from various configuration changes?

    1. John Robson Silver badge

      Re: I feel for the guy, but..

      The containers... yes.

      Docker itself still needs to run though.

      1. Blacklight

        Re: I feel for the guy, but..

        It also depends on how Docker was being used.

        Building containers (each time) from Dockerfiles may result in the underlying modules and things in the Dockerfile getting updated. Having anything which runs apt-get/apt-update in the scripts can also b0rk things. Doing a simple thing as "just pulling an image" can wreck you if you are pointing at #latest and weren't paying attention (and/or a maintainer removes prior versions).

        The 'safe' (ish) way is to build an image, and export that image and keep it somewhere very safe, or (if you can) ensure the Dockerfile points to static versions of things - but that's not a guarantee....

        Case in point, I *really* should update one of my container Dockerfiles to use a specific (i.e. buster) version of Debian, else I will probably find my stuff breaks eventually!

    2. NoKangaroosInAustria

      Re: I feel for the guy, but..

      weeell, one would think that because in theory yes, that's what it says on the docker tin. But in practice, it works a bit differently. Docker isolation is a double edged sword, especially if your app depends on another upstream app which doesn't upgrade or alternatively, upgrades itself in a way that breaks YOUR application, because then it's again your problem. The Isolation concept of docker primarily benefits you with regards to the multiple parts of your application being isolated from one other.

      Let's assume - for example - that you have two scenarios: in scenario 1, your app depends on an upstream app which has not been upgraded against a known and publicized security vulnerability and in scenario 2, the upstream app has been upgraded but in a way which - if applied - breaks your app.

      Docker Isolation enables you to have the particularly undesirable choice of either continuing running your app in a configuration which you know to be unsafe or in a configuration you know to be safe but unstable or non productive/offline

      Docker Isolation would be fulfilling it's job perfectly in this scenario - you are insulated as long as you do not change anything in your current setup - security vulnerabilities and all, which is of course a less than ideal situation.

    3. chartwig

      Re: I feel for the guy, but..

      Unluckily not everything was running in Docker...

  5. David 132 Silver badge

    XKCD

    As ever, there is an XKCD comic for this very occasion. Frankly at this point it would be more noteworthy if there wasn't.

  6. spireite Silver badge
    Coat

    You contacted them?

    Surely, you'd send them a ping and wait for the response.

    Evidently the TTL is now 0

    1. Anonymous Coward Silver badge
      Paris Hilton

      Re: You contacted them?

      But the response to a ping is simply "pong"

      That doesn't help much.

  7. FlamingDeath Silver badge

    I think this is why I don’t do as much programming as I would like to.

    Too much hipsterism going on, instead of sticking with time proven and tested means, they let their arse cheeks flap in the wind

  8. Anonymous Coward
    Anonymous Coward

    I think this is where the free software model fails a little. If those 500 registered users were monitoring 12,500 servers, you can bet at least one user was a large company or corporation. While there is nothing stopping them using free software (assuming the licence in place allows it), they should offer a reasonable amount, perhaps even on a sort of subscription basis, even if only to reduce the chance the author gets pissed off or has to shut down the project for another reason.

    OK, so bunging the author a few quid doesn't always work, and they can receive a better offer and shut down their open source projects even if you pay a fee. This has happened to me, and caused me to have to virtually rebuild a system at work. Something I find bloody irritating when I work somewhere where there is traditionally a slightly anti open source feeling (they like an entity they can complain to or take action against if the software fails).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022