Way back in 2017, the CA/Browser Forum voted on Ballot 193 – 825-day Certificate Lifetimes, which passed. In short, this means that CA issued certificates issued after March 1st 2018 can not have a validity period longer than 825 days. macOS Catalina implements this change, as described in Requirements for trusted certificates in iOS 13 and macOS 10.15. So it’s been a long time coming, but most of us are just now realizing how this affects us.
Warning: This also applies to Self-signed certificates, like the ones issued for VMware vSphere and related solutions, like NSX-T and others, where the default age is 10 years or so.
As I’ve covered before, I run my home network mostly on Ubiquiti UniFi hardware. Since this offers a lot of nifty possibilities, I figured I should try to isolate all my «IoT»-devices in a separate network, while still making them accessible. After all, you don’t want a security issue on some sensor/automation thing you have in your house to be able to access and encrypt your familiy photos, right? The thing that sits in the corner and controls the color of your lightbulbs, do not need to have access to the same network as your other data.
Some times you might need to create an isolated network, while still allowing that network to access the internet. Ubiquity UniFi offers the easy option of creating a guest network for this, but that limits traffic between the devices in the same network as well, which might not be desirable. My primary use case for creating an isolated network, is to provide my tenant with his own dedicated network, without exposing anything on my own home network — but I still want him to be able to connect his own devices to each other, if he wants to — or even replacing the AP with something else, should he choose to do so. Another use case might be to create a dedicated network for all of those IoT-devices that keep popping up, like Amazon Echo’s, Google Home and Chromecasts as well as Phillips Hue bridges etc.
Back in late April I got notified that I had been accepted to attend the VMware Center for Advanced Learning Advanced Architecture Course, to be held in Paris, France July 9 - 19, 2019. Now that it is done, I find myself on a train from Paris to Nice, rocking out to Hüsker Dü contemplating just what it is that I have been a part of. First things first — this is not a class that can be taken lightly. You can not simply sign up for this, you have to be nominated and either work for VMware or a Partner to be taken into consideration to be accepted.
I’ve recently standardized on Ubiquiti equipment in the new house, and so far I am very happy with it. Wireless is working flawlessly, which is more than I could say for my old setup. A part of the new setup is a UniFi® Security Gateway (USG) that I am using as my gateway/firewall for my fiber connection, so I thought why not use that a my VPN termination as well?
A few months ago I migrated this site from Wordpress to Hugo, hosted by Netlify, and I have been very happy with it since. As mentioned in the previous post, I utilize webhooks from Netlify to send alerts to Slack whenever a new build is triggered.