SoylentNews is people
SoylentNews
from the honestly,-it's-for-your-own-good... dept.
Safari will, later this year, no longer accept new HTTPS certificates that expire more than 13 months from their creation date. That means websites using long-life SSL/TLS certs issued after the cut-off point will throw up privacy errors in Apple's browser.
The policy was unveiled by the iGiant at a Certification Authority Browser Forum (CA/Browser) meeting on Wednesday. Specifically, according to those present at the confab, from September 1, any new website cert valid for more than 398 days will not be trusted by the Safari browser and instead rejected. Older certs, issued prior to the deadline, are unaffected by this rule.
By implementing the policy in Safari, Apple will, by extension, enforce it on all iOS and macOS devices. This will put pressure on website admins and developers to make sure their certs meet Apple's requirements – or risk breaking pages on a billion-plus devices and computers.
[...] Shortening the lifespan of certificates does come with some drawbacks. It has been noted that by increasing the frequency of certificate replacements, Apple and others are also making life a little more complicated for site owners and businesses that have to manage the certificates and compliance.
"Companies need to look to automation to assist with certificate deployment, renewal, and lifecycle management to reduce human overhead and the risk of error as the frequency of certificate replacement increase," Callan told us.
We note Let's Encrypt issues free HTTPS certificates that expire after 90 days, and provides tools to automate renewals, so those will be just fine – and they are used all over the web now. El Reg's cert is a year-long affair so we'll be OK.
GitHub.com uses a two-year certificate, which would fall foul of Apple's rules though it was issued before the cut-off deadline. However, it is due to be renewed by June, so there's plenty of opportunity to sort that out. Apple's website has a year-long HTTPS cert that needs renewing in October.
Microsoft is an interesting one: its dot-com's cert is a two-year affair, which expires in October. If Redmond renews it for another two years, it'll trip up over Safari's policy.
(Score: 2) by DannyB on Monday February 24 2020, @08:50PM (47 children)
If you use SSL/TLS certs, then you probably already have some mechanism for updating them. After all, they have to be updated, just not as quickfully as Apple might like.
Apple is forcing everyone to use their update mechanism more often. Possibly at greater cost.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2, Informative) by Anonymous Coward on Monday February 24 2020, @09:21PM (7 children)
In the organisations that I've been working with, anything that needs to be done less often than once a year (and in most cases, every six months) means there isn't a decent process involved. This means things get forgotten, skipped, or just ignored because the 'guy that used to do it' no longer works here.
When things are consistent with a relatively short period, they are not forgotten about, and become far more efficient as they are part of a larger process/effort. I recommend cert renewals (irrespective of expiration times) be done no less often that every 6 months.
This is not the same as password changes, since the effort in a password change isn't the few minutes it takes to change the password, but the weeks afterwards that it takes to memorise/forget the new password. Out of fear, people choose weak passwords. This doesn't happen for certs, because as long as the effort is taken at all, the cert is good to go.
Also, most organisations that have no cert process also don't have good security processes. Which means they make a 10 year cert so they can forget about it. Even if their systems are hacked (exposing the private keys), they don't both updating the certs because either they forget, or it's too onerous because they can't remember what they did the last time (assuming the same people even work there).
Once a company has a good security policy and process, things like cert renewals are effortless. Especially with the automated tools provided the CAs these days. And thanks to LetsEncrypt, this automation is available to everyone and anyone at virtually no cost.
(Score: 2) by DannyB on Monday February 24 2020, @09:28PM (6 children)
Sounds like a security problem waiting to happen.
Maybe that is what Apple wants to fix? Although it is hard to say with Apple. I have no particular love for Apple (since about 1998).
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 4, Insightful) by barbara hudson on Monday February 24 2020, @10:34PM (2 children)
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Tuesday February 25 2020, @03:24AM (1 child)
Is it legally actionable? Can it be said that a certificate is a "person" (like a company) and therefore...
(Score: 5, Interesting) by barbara hudson on Tuesday February 25 2020, @03:31AM
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Tuesday February 25 2020, @03:00AM (2 children)
Meanwhile Apple should reject CA certs that have a lifespan for more than 13 months too for the same reasons. ;)
(Score: 2) by Chocolate on Tuesday February 25 2020, @03:27AM
No.. But maybe it should be! At ~$5 a token just think of how much money are denying hardware token makers!
Think of the profits!
Bit-choco-coin anyone?
(Score: 2) by DannyB on Tuesday February 25 2020, @06:17PM
I don't decide when, but I am involved with the implementation. In my case, about 1.5 to 2 years per certificate as I seem to recall.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2, Informative) by Anonymous Coward on Monday February 24 2020, @09:52PM (15 children)
Are they really though? Certificate Authorities are only supposed to issue certificates with lifetimes shorter than ~27 months and the all the major engines reject ones longer than ~39 months. Chromium is already working to shorten it to 397 days in their next few releases and all browsers voted to support the proposal at the last meeting.
The real issue here is with accidental infrastructure abandonment and revocation. People already hijack neglected domain names that people forget to check up on. Big companies get hit by expiring certificates all the time. Letting servers just sit with no oversight for multiple years is just asking to get hijacked, exploited, etc.
Then you get to revocation. CRLSets are unwieldy and not complete by design. CRLs and OCSP are not checked by many browsers. Short of having a valid must-staple response, many browsers won't notice anything is wrong. With lifespans a little over two years (if the issuer is actually compliant with the best practice), your stolen/revoked certificate will continue to be a danger to everyone for years to come. For example, try https://revoked.badssl.com [badssl.com] or https://revoked.grc.com [grc.com] or https://www.digicert.com/digicert-root-certificates.htm [digicert.com] revoked demos to see how your browser handles it. There is a good chance that your browser will allow at least one and most versions of Chromium explicitly blacklist the badssl one in order to fool most people into thinking it's safe; otherwise it would allow ALL of them.
(Score: 5, Interesting) by sjames on Tuesday February 25 2020, @12:32AM (7 children)
If Apple and Google were actually serious about cert security, they would actually implement revocation.
(Score: 0) by Anonymous Coward on Tuesday February 25 2020, @03:11AM (6 children)
No argument there. But even so CRLs can be huge, as they need to contain every non-expired certificate that has been revoked, which can slow down browsers as they have to wait to download the whole thing. OCSP is also a privacy concern, as now the CAs know every time you check a website, and is subject to replay attacks. Both of them also suffer from what should happen if the CRL or OCSP server is unavailable and no cached copy exists.
Just like many standards, revocation fell to the side for many reasons, chief among them being the need for speed.
(Score: 3, Informative) by Pino P on Tuesday February 25 2020, @04:17AM (5 children)
Not if the web server checks the OCSP responder (say) once an hour, retrieves a response signed and timestamped by the CA, caches it, and includes it with the server's certificate whenever the client makes a connection. This is called OCSP stapling [cloudflare.com].
How so, given that responses are timestamped and expire promptly?
Likewise if the DNS server goes down or the origin web server goes down.
(Score: 0) by Anonymous Coward on Tuesday February 25 2020, @05:57AM (4 children)
You should check the stats for how many websites actually do OCSP stapling, it is the hundredths of a percent. Which means that if you do OCSP at all, you will be making the request yourself to the address in the certificate.
OCSP itself (including stapled ones) are vulnerable to replay attacks because the default OCSP interval for most providers is 7 days, with some going into multiple weeks (the last time I checked) and most web servers use the OCSP TTL for their cache length as well. For a non-stapled OCSP response, MITM only needs to get a single response, as the vast majority of CAs' servers do not honor the optional nonce value in the request and stapled responses don't use a per-client nonce anyway, which means everyone gets the same response. In addition, unless you "must-staple," it is a soft fail anyway.
And, unlike a DNS or web server problem, which admins are aware of and usually somewhat control themselves, CRL and OCSP servers are run by the CAs. You have no control over their availability or redundancy. If your DNS goes down, you can propagate changes over the NS network or have redundant providers in the first place. Your web server goes down, you can spin up a new one or have redundancy in the first place. Your CA has an outage, then there is literally nothing you can do about it. And that is if you are made aware of the problem at all.
(Score: 3, Interesting) by driverless on Tuesday February 25 2020, @10:56AM
CAs don't have redundancy, they have reduncandy. They're only as reliable as the least secure subsystem, and a failure in any of the many brittle parts will take you down with it.
(Score: 2) by driverless on Tuesday February 25 2020, @10:58AM
It's not the vast majority, per a survey carried out a few years ago no public CA honours the nonce. In other words every CA trusted by your browser is vulnerable to a replay attack because they completely ignore the nonce that's present to prevent the attack.
(Score: 2) by Pino P on Tuesday February 25 2020, @02:49PM (1 child)
Source please. The article I linked above ("High-reliability OCSP stapling and why it matters" by Nick Sullivan [cloudflare.com]) states that sites that use Cloudflare have been stapling since 2016 when Cloudflare introduced proactive fetching of OCSP responses as they near the typical 7-day expiration window.
What incidents have been reported of unexpired OCSP responses being used to forge connections on a recently revoked certificate?
Unless the VPS provider is having an outage. For example, an SSD outage on Google Compute Engine in December 2019 [google.com] brought down the Discord chat service [discordapp.com] among other sites.
(Score: 0) by Anonymous Coward on Tuesday February 25 2020, @10:58PM
https://www.ssllabs.com/ssl-pulse/ [ssllabs.com] shows that around 32.6% currently staple at all. According to censys, 190,921 certificates must-staple [censys.io] and 446,079,247 certificates don't [censys.io]. Even if the number were tilted so that the must-staple ones had 999 SANs and the "non-must-staple" had zero, then at best less than 30% of the domain names would be must-staple. A more reasonable number on either end of that for SANs just makes the percentage of must-staple sites worse.
It is a theoretical vulnerability, you asked how it was possible which two people explained. Even if there was an incident where it occurred, it may not be reported or widely publicized. But that doesn't change the fact that such a theoretical vulnerability exists, especially against those MITMed by someone or other situations.
And yes, lots of things can have outages, but an OCSP failure is not one of those you can plan for, work around, or have redundancy over (unlike your VPS example) without having multiple certificates from different providers spread around your infrastructure in advance or ready to go. And again, that is if you even notice the problem in the first place.
(Score: 4, Informative) by driverless on Tuesday February 25 2020, @03:35AM (6 children)
That assumes it's a public web site. A helluva lot of certs get used for things like SCADA/IoT/embedded, and they're on RFC 1918 addresses and the like and are self-signed, you typically provision the device once at built time and that's it. If there's a compromise, you take the device offline or reflash it with clean firmware, there's no need for revocation handling or all the other X.509 bollocks.
Except that now you can't any more because Apple has decided you need to rebuild/reprovision your device every twelve months for no reason whatsoever. In the case of SCADA gear that can never go down, it just means that you can't use Safari to talk to embedded systems any more, or at least not after the first twelve months' uptime.
(Score: 2) by All Your Lawn Are Belong To Us on Tuesday February 25 2020, @11:03AM (5 children)
I think you have that a little backwards, if I understand the summary. You can't use Safari to talk to embedded systems any more unless you're within 12 months of whatever expiration date they set, not within 12 months of start uptime.
Even then, if you can get dating on the cert maybe you could just edit your system time to link up with it? You wouldn't do that for the general web, but for a SCADA/IoT/embedded device maybe you would. That, and the earlier, is predicated on Apple looking at the expiration date of the cert only and comparing to today, not taking the issue date/expiration date and calculating the difference.
If it were universal that might even be a way to foil script-kiddie level hacks trying to use browsers for IoT stuff. Give your certs some ridiculous dating so no browser will recognize it unless your clock is changed to match. It's not really security but it is a layer of obfuscation.
This sig for rent.
(Score: 3, Interesting) by driverless on Tuesday February 25 2020, @11:11AM (4 children)
Doesn't work because it would break all Internet sites with correct times because cert, CRL, and OCSP times would be out. Another cool security feature, your clock is off so the CRL is future-dated so we'll assume the cert is invalid and won't let you connect. Or at least Firefox does that.
(Score: 2) by Pino P on Tuesday February 25 2020, @02:28PM (3 children)
Then use one clock setting to connect to SCADA and a different clock setting to connect to public websites.
(Score: 3, Informative) by tangomargarine on Tuesday February 25 2020, @03:43PM (2 children)
We're going off into the weeds here. The far simpler solution is for Safari to not be dumb.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by Pino P on Tuesday February 25 2020, @08:45PM (1 child)
"To not be dumb" is a tall task for Safari or any other proprietary or tivoized software.
(Score: 2) by driverless on Tuesday February 25 2020, @11:24PM
Or for security people in general. Security people are supposed to provide guide rails, but most of the time they just make a roadblock.
(Score: 2, Touché) by Anonymous Coward on Tuesday February 25 2020, @12:26AM (20 children)
They're not forcing me to do anything.
In fact, after reading TFS, I was thinking about switching my sites *away* from LetsEncrypt so I can implement two or three year certs.
In fact, if many site admins do that, this will blow up in Apple's face.
Perhaps we could even form a consortium to purchase LetsEncrypt and change all their certs to five years just to poke those scumbags in the eye!
(Score: 2) by NateMich on Tuesday February 25 2020, @12:33AM (19 children)
Why would you care about this at all? LetEncrypt renews the certs every month automatically anyway.
This is a non-issue.
(Score: 0) by Anonymous Coward on Tuesday February 25 2020, @12:44AM
Whoosh!
Reading comprehension isn't your strong suit, eh?
(Score: 2) by barbara hudson on Tuesday February 25 2020, @01:00AM (17 children)
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Tuesday February 25 2020, @03:34AM (16 children)
<sarcasm>Commie! Money is king here! I bet you believe in that "open sores" crap
</sarcasm>
(Score: 3, Disagree) by barbara hudson on Tuesday February 25 2020, @03:44AM (15 children)
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 1, Touché) by Anonymous Coward on Tuesday February 25 2020, @08:45AM (5 children)
Without GPL Linux would have the fate of BSD at best, which is used, say, in PlayStation, but you'll have to pay premium to use it, locked down. Bright future, yay.
(Score: 3, Insightful) by barbara hudson on Tuesday February 25 2020, @02:21PM (4 children)
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 1, Touché) by Anonymous Coward on Tuesday February 25 2020, @11:06PM (3 children)
You mean I'd have to pay hundreds of dollars to buy specific hardware from a single manufacturer to use Linux? Sounds great! I better get in my time machine to warn Linus about the mistake he is going to make.
(Score: 2) by barbara hudson on Wednesday February 26 2020, @01:45AM (2 children)
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Wednesday February 26 2020, @06:22AM (1 child)
But all the software that you think Apple enabled for FreeBSD only run if the entire OS including the GUI is there. Which means you need a Hackintosh, which still requires certain combinations of hardware, runs the risk of getting nuked on an update, and requires an already working MacOS system to install.
(Score: 2) by barbara hudson on Wednesday February 26 2020, @10:15PM
Actually, that's not true. Go do some research. Apple contributed non-gui stuff back to FreeBSD that runs just fine on FreeBSD, with or without a GUI. Apple isn't the greatest, but they do give back, and Linux has benefited indirectly from their contributions.
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 3, Informative) by DannyB on Tuesday February 25 2020, @06:23PM (8 children)
The unspoken purpose of GPL appears to be to prevent, specifically Microsoft, from taking the code, enhancing it, and putting the enhanced code into their own proprietary commercial badness.
Without GPL the Embrace Extend Extinguish would have gone wild with the Microsoft. Just as Microsoft tried to do with Java, and got sued for $1.2 billion for violating the plain language of the agreement, Microsoft would try to get developers developers addicted to a Microsoft-flavor of open source that only runs on Microsoft and interoperates with Microsoft.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by barbara hudson on Wednesday February 26 2020, @02:24AM (7 children)
Microsoft has FreeBSD code. I don't see it having "embrace'd, extend'd, extinguish'd" FreeBSD. MacOS is based on FreeBSD. I don't see FreeBSD disappearing - on the contrary, Apple contributes source code back.
RMS was full of shit with his promise that the GPL would promote a flourishing software ecosystem. There's a lot more software choice with both Microsoft and Apple than with Linux.
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 2) by DannyB on Wednesday February 26 2020, @03:45PM (6 children)
I cannot disagree that RMS was full of something about a number of things he said.
If GPL had never been, if all software in the world had been FreeBSD, then I shudder to think what Microsoft might have done.
The fact that the worst didn't happen to FreeBSD might possibly be due to the GPL being the real fight Microsoft engaged against. Microsoft called out the GPL by name. Called it viral. Said it was a threat and "un-American". Jim Allchin said some of this and Ballmer said other of it, calling it cancer, etc. It's simply been too long for me to remember exact quotes and attributions at this point. The Halloween documents were clearly 'triggered' by the GPL.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by barbara hudson on Wednesday February 26 2020, @10:30PM (5 children)
And yet in the end, Linux the desktop lost and FreeBSD won. If Microsoft had decided to use FreeBSD, it would have attracted too much attention to FreeBSD and there might have been other competing OSes based on FreeBSD. That could only be a good thing.
So now we have a duopoly on the desktop. Without the GPL, Linux could have been in the mix. And Microsoft IS moving on Linux.
On phones, it's also a duopoly - Android (which is terribly designed - "hypercard for phones") and Apple.
It's still a battle for laptops, but Chromebooks are pretty tied to Google and it's data centres. Not something I would ever use, but people want convenience over anything else.
And the whole idIOT thing - George Orwell would be pissing himself because it's far beyond anything he ever dreamed of. But "convenience."
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 3, Interesting) by DannyB on Thursday February 27 2020, @03:27PM (4 children)
An interesting statement. Linux hasn't won the desktop. But has basically won everything else but the desktop. Almost any computer that is not desktop has Linux. I assume you refer to Apple as accounting for "FreeBSD + desktop" success. I'm not sure I would agree that FreeBSD is why Apple's desktop is successful. It already was successful in Mac OS 9 classic. FreeBSD was certainly a much better foundation for the evolution of Apple's products.
That is also the point at which I parted ways with Apple and got into Linux.
I'm not overly impressed with Android's design. Before Android my favorite was that WebOS thing from Palm which ran on Linux and looked very interesting. But they just didn't realize what they had and didn't get behind it. Reminds me of Xerox PARC.
Despite what I would have liked, Android is a pragmatic reality. It arguably has market dominance. It cannot be ignored if you want to build anything related to mobile phones or tablets.
I disagree. The only tie of Chromebooks to Google is for updates to the OS. What you do with your chromebook is largely tied to the internet, but not specifically to Google. Chromebooks can be thought of as a "smart terminal" for the 21st century. Connecting to "mainframes" of the 21st century (eg, Kubernetes or similar style data centers, or other Linux clusters in data centers).
You CAN, and I DO, use the local storage on my Pixelbook. It's a Chromebook, yes. But I use it in many ways like a Linux laptop computer. LibreOffice, local storage, and other Linux applications, including Eclipse, Java, Tomcat, etc. And it also runs Android apps which gives me another universe of applications outside of the Linux desktop applications.
I can't disagree with that. Agree.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by barbara hudson on Friday February 28 2020, @02:50AM (3 children)
It cannot be ignored if you want to build anything related to mobile phones or tablets.
Au contraire, IOS generates more revenue for developers off a much smaller user base than Android does despite having several times the user base.
If you have to devote your resources to one of the two platforms and you want to make money, it's IOS. Has been for more than a decade. Android users are cheap (that's an observation from devs for both platforms so don't blame me, mkay :-) ).
That being said, Android can be shifted to operate atop FreeBSD instead of Linux (FreeBSD can run many Linux binaries without modification, and of course there's no reason that Android can't be completely ported to FreeBSD). The real problem with that is as soon as it becomes possible and it's leaked to the wild, anyone can fork it and be completely free of the Google walled garden for anything and everything.
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 2) by DannyB on Friday February 28 2020, @02:47PM (2 children)
Thus: iOS good for developers, Android good for end users.
Or Fuchsia.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by barbara hudson on Friday February 28 2020, @05:02PM (1 child)
I would say that there's a distinct lack of choice in Android apps - they are mostly adware-supported. That's not good for the users in either the short or long term. Then again, it's not like people should be loading up on apps anyway, on either Android or IOS. Part of the whole "get a life, people" thing.
In that sense smartphones are a public health menace, and not just from distracted driving/walking ... I used to be a skeptic when it came to Internet addiction, but I've seen people are totally addicted to social media and online games, so I've changed my opinion 180 degrees, based on observational evidence.
When I'm sick, I can't just loll around in bed and read a book (still can't read a paper book) so I'll post here. But it becomes onerous as I get better, because I would rather be around people. It's not that the internet is a poor substitute - it isn't any sort of substitute. And yet we have people who voluntarily choose to self-isolate in the alternate reality online. I'm not optimistic of the future, and smartphones, regardless of operating system, are just too damn convenient for most people to avoid being continuously distracted by them.
In the end, the motivations of devs on both platforms is the same - eyeballs, either to generate ad revenue or paid revenue.
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 2) by DannyB on Friday February 28 2020, @06:11PM
I've come to realize that having hundreds of millions of apps in an app store is pretty meaningless. What matters is that there are apps that are useful to you.
I've found some ad supported apps that I like. I've found other apps that I felt worth paying for, both because I liked the app, and wanted to avoid ads.
Years ago I settled onto a collection of apps that I like.
* calculators, several
* network apps, ping, dns, ssh client, ftp server/client, traceroute, network analyzers, etc
* a preferred file manager
* a couple music players
* notepad type app
* midi apps
* several puzzle games, especially "Unblock me" (aka "traffic jam") for which I've written a Java solver for, for amusement
* a favorite sleep sounds app, rarely used
* home control apps
* browsers
* Google: hangouts, keep, docs, maps, gmail, etc.
* Signal
* News apps
* a favorite Bible app with in-app purchases (multiple translations, commentaries, etc)
* streaming video apps (Netflix, HBO, etc)
That, I think about covers it When I get a new phone, all those apps just appear on the new device.
I rarely look in the play store for new things.
Despite all those apps, I don't spend much time looking at my phone. I only use the phone for specific purposes. To read at a regular time. Check news at a fairly regular time. Occasional messaging with family members or close friends.
I DO NOT use any social media ever. So no Facebook, Twitter accounts ever.
So I'm not of the texting & walking type. I think the "social" media apps are the biggest to blame for that. I think people who use social networks are the least happy. Or shortest attention span. One time when I was at Epcot, after dark, outside Mission Space, I saw someone texting and walking -- right into a park bench. It happened so quick.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by driverless on Tuesday February 25 2020, @03:09AM (1 child)
Yeah, because Bob's Hardware Store's top priority in the world is playing ball with some braindead certificate agenda that some geek at Apple dreamed up over their latte this morning.
(Score: 1, Insightful) by Anonymous Coward on Tuesday February 25 2020, @06:03AM
But Bob's Hardware Store does have a plan for that. It is called paying for a managed server/hosting.