HN Reader

OCSP Service Has Reached End of Life (letsencrypt.org)

46 points by pfexec 2h ago 1 comments

Writing an operating system kernel from scratch (popovicu.com)

190 points by Bogdanp 6h ago 38 comments

Repetitive negative thinking associated with cognitive decline in older adults (bmcpsychiatry.biomedcentral.com)

227 points by redbell 10h ago 101 comments

Why We Spiral (behavioralscientist.org)

166 points by gmays 7h ago 56 comments

ChatControl update: blocking minority held but Denmark is moving forward anyway (disobey.net)

368 points by nickslaughter02 2h ago 240 comments

Models of European metro stations (stations.albertguillaumes.cat)

638 points by tcumulus 14h ago 124 comments

You’re a slow thinker. Now what? (chillphysicsenjoyer.substack.com)

172 points by sebg 3d ago 74 comments

Show HN: DriftDB – An experimental append-only database with time-travel queries (github.com)

15 points by DavidCanHelp 2h ago 6 comments

Vibe coding has turned senior devs into 'AI babysitters' (techcrunch.com)

44 points by CharlesW 1h ago 35 comments

Nicu's test website made with SVG (2007) (svg.nicubunu.ro)

127 points by caminanteblanco 6h ago 73 comments

Implementing namespaces and coding standards in WordPress plugin development (developer.wordpress.org)

15 points by taubek 2d ago 0 comments

Introduction to GrapheneOS (dataswamp.org)

96 points by renehsz 4d ago 87 comments

Read to forget (mo42.bearblog.dev)

105 points by diymaker 8h ago 34 comments

Observable Notebooks Data Loaders (observablehq.com)

57 points by mbostock 4d ago 14 comments

Patela: A basement full of amnesic servers (osservatorionessuno.org)

11 points by akyuu 2d ago 0 comments

How older parents divorce affects their adult children (bbc.com)

54 points by 1659447091 2h ago 27 comments

Fukushima insects tested for cognition (news.cnrs.fr)

98 points by nis0s 11h ago 58 comments

Accelerated Game of Life with CUDA / Triton (boristhebrave.com)

41 points by BorisTheBrave 3d ago 5 comments

Geedge and MESA leak: Analyzing the great firewall’s largest document leak (gfw.report)

372 points by yourapostasy 1d ago 106 comments

La-Proteina (github.com)

3 points by birriel 3d ago 0 comments

Bank of Thailand freezes 3M accounts, sets daily transfer limits to curb fraud (thaienquirer.com)

184 points by walterbell 6h ago 152 comments

Eye drops could replace glasses or surgery for longsightedness, study says (theguardian.com)

54 points by giuliomagnifico 3h ago 11 comments

SpikingBrain 7B – More efficient than classic LLMs (github.com)

130 points by somethingsome 16h ago 36 comments

A single, 'naked' black hole confounds theories of the young cosmos (quantamagazine.org)

170 points by pykello 17h ago 76 comments

CVC acquires majority stake in Namecheap for $1.5B (webhosting.today)

33 points by ajdude 1h ago 11 comments

CorentinJ: Real-Time Voice Cloning (2021) (github.com)

77 points by redbell 10h ago 20 comments

Two Slice, a font that's only 2px tall (joefatula.com)

507 points by JdeBP 22h ago 108 comments

Show HN: A store that generates products from anything you type in search (anycrap.shop)

1026 points by kafked 1d ago 302 comments

MIT-MC CP/M archive files, 1979-1984 (github.com)

65 points by elvis70 3d ago 1 comments

macOS Tahoe is certified Unix 03 [pdf] (opengroup.org)

182 points by john_alan 10h ago 161 comments

My thoughts on renting versus buying (milesbarr.me)

41 points by milesbarr 1h ago 46 comments

Refurb Weekend: Silicon Graphics Indigo² Impact 10000 (oldvcr.blogspot.com)

142 points by Bogdanp 16h ago 65 comments

Pass: Unix Password Manager (passwordstore.org)

304 points by Bogdanp 22h ago 160 comments

High Altitude Living – 8,000 ft and above (2021) (studioq.com)

84 points by walterbell 18h ago 66 comments

The Socratic Journal Method: A Simple Journaling Method That Works (mindthenerd.com)

185 points by surprisetalk 4d ago 76 comments

Gemini (2023) (geminiquickst.art)

75 points by jhanschoo 12h ago 36 comments

Dynamic Bird Migration Map (explorer.audubon.org)

77 points by skadamat 4d ago 12 comments

Will AI be the basis of many future industrial fortunes, or a net loser? (joincolossus.com)

208 points by saucymew 23h ago 310 comments

How the restoration of ancient Babylon is drawing tourists back to Iraq (theartnewspaper.com)

113 points by leoh 21h ago 56 comments

The unreasonable effectiveness of modern sort algorithms (github.com)

138 points by Voultapher 3d ago 40 comments

Gleam is my new obsession (ericcodes.io)

28 points by todsacerdoti 5h ago 5 comments

AMD’s RDNA4 GPU architecture (chipsandcheese.com)

162 points by rbanffy 1d ago 38 comments

Library of Time (libraryoftime.xyz)

4 points by japaget 3h ago 0 comments

A Trick for Backpropagation of Linear Transformations (tripplyons.com)

66 points by tripplyons 3d ago 4 comments

Myocardial infarction may be an infectious disease (tuni.fi)

480 points by DaveZale 23h ago 166 comments

Adding OR logic forced us to confront why users preferred raw SQL (signoz.io)

81 points by ak_builds 4d ago 77 comments

Recreating the US/* time zone situation (rachelbythebay.com)

119 points by move-on-by 1d ago 87 comments

Lexy: A parser combinator library for C++17 (github.com)

64 points by klaussilveira 4d ago 9 comments

Using pollen to make paper, sponges, and more (knowablemagazine.org)

6 points by PaulHoule 2h ago 0 comments

Cat Aquariums (cataquariums.com)

127 points by robin_reala 15h ago 31 comments

OCSP Service Has Reached End of Life

46 pfexec 1 9/14/2025, 7:34:48 PM letsencrypt.org ↗

Comments (1)

GauntletWizard · 24m ago
Ocsp has always represented a terrible design. If clients require it, then it becomes just a override on the not after date included in the certificate, that requires online access to the cert server. If it is not required, then it is useless, because blocking the ocsp responses is well within the capabilities of any man in the middle attack, and makes the servers themselves DDOS attack targets.

The alternative to the privacy nightmare is ocsp stapling, which has the first problem once again - it adds complexity to the protocol just to add an override of the not after attribute, when the not after attribute could be updated just as easily with the original protocol, reissuing the certificate. It was a Band-Aid on the highly manual process of certain issuance that once dominated the space.

Good riddance to ocsp, I for one will not miss it.