One of the things you might not know - core infrastructure of the way the Internet is poorly maintained.

Boing Boing’s The internet’s core infrastructure is dangerously unsupported and could crumble (but we can save it!) has a good write up of some of the greatest hits, so to speak.

The link in the article to the interview with Susan Sons about her work with NTP is worth watching. NTP is the protocol that allows pretty much every modern computer to make sure that it is relatively close to having the same time as every other computer in the world. That’s essential for anything that involves cryptography (secure updates, online shopping, online banking, etc). The video breaks down how bad the state of the project was when she found it. And “project” may be too generous a term by a couple orders of magnitude.

The Boing Boing article correctly comments about Openssl had a single full time maintainer, but understates that it secures billions of dollars with of transactions. That billions is correct when measured maybe every year, but its been securing transactions since secure transactions existed, pretty much. He also writes that Openssl had been dangerously insecure for many years, and that’s not quite correct either, since at the time of Heartbleed, current versions of Openssl were not open to the Heartbleed attack, but systems that had not bothered updating their software had left their stuff insecure for many years.

But, I digress.

One of the projects that I kick a few bucks that is doing things the right way is Let’s Encrypt. If you’re reading this, it very likely got to you over a secure connection that was secured by a certificate issued by the Let’s Encrypt program’s certificate authority.

They’ve made the s in https much easier to achieve. By lowering the cost of entry for a secured web browser, they’re making the entirety of the web a easier place to secure.