# I am the Watcher. I am your guide through this vast new twtiverse.
#
# Usage:
# https://watcher.sour.is/api/plain/users View list of users and latest twt date.
# https://watcher.sour.is/api/plain/twt View all twts.
# https://watcher.sour.is/api/plain/mentions?uri=:uri View all mentions for uri.
# https://watcher.sour.is/api/plain/conv/:hash View all twts for a conversation subject.
#
# Options:
# uri Filter to show a specific users twts.
# offset Start index for quey.
# limit Count of items to return (going back in time).
#
# twt range = 1 24
# self = https://watcher.sour.is/conv/d6alaoq
Learned a cute little trick on github today and figured I'd share in case there are others like me who didn't know this.
If you are using a chrome/chromium based browser and hit a site with an expired certificate, you can click anywhere in the whitespace of the error page, type "thisisunsafe" (all one word), hit enter, and be brought to the page.
Right now https://nitter.net is having certificate issue so you can test it there.
Anyway, obviously be careful because bypassing a warning about an expired certificate is potentially dangerous.
@abucci Thanks tip and reminder π I always forget the special keyword to type on those rare occasions you need to bypass the bad/invalid cert. And yes I can confirm nitter.net is having cert issues, I actually confirmed this earlier today but forgot to mention to you... 
@abucci Thanks tip and reminder π I always forget the special keyword to type on those rare occasions you need to bypass the bad/invalid cert. And yes I can confirm nitter.net is having cert issues, I actually confirmed this earlier today but forgot to mention to you...
@abucci Bypassing a warning about an expired certificate is basically never actually dangerous. I have yet to see a maliciously used expired certificate in the wild.
@abucci I literally had to fix an outage this weekend caused by a weird certificate. Not external facing, but the security risk caused by it was nonexistent, and yet, it was implemented as a requirement and caused random unexpected breakage when it expired itself.
@ocdtrekkie I get what you're saying, but I can't shake the feeling that there's a "preparedness paradox" at work here. How many problems would exist that we don't currently have if there were no TLS / PKI?
@abucci @ocdtrekkie Let alone how many problems wouldn't exist if we did not have computers!? :-D
@lyse Damn technology! π
@abucci I think TLS is fine. I think PKI is a crock of garbage, because most participants in PKI are garbage, and Google has complete capture of it and makes decisions that work best for it, and not the real world.
Ultimately what I think should happen for certificate expiration is browsers should soft-warn for like a week or two after expiry, with like a yellow address bar, as opposed to trying to block navigation. The risk of an expired cert just doesn't justify browser behavior.
@lyse We tricked rocks into thinking, and this how they get back at us for it, because thinking is a horrible curse.
@ocdtrekkie Going from fully, safely browsable to π¨STOP!!! YOU WILL BE HAXXED IF U VISITπ¨ overnight is pretty harsh. Why not have the warning *before* certificate expiration, though? Does it really matter? One way or another you're cutting someone off from using the site eventually.
Back in the Good Old Days you could email webmaster@example.com, ask them if their site was still working correctly, and expect an answer. I guess back in the Good Old Days you didn't expect instantaneous delivery of content at all times forever, though.
and 
π
@abucci Whether warning before or after the date is somewhat immaterial, except it slides the sysadmin window even narrower, for no good reason. Google's already aggressively forced everyone to a 12 month deadline. Not everything supports Let's Encrypt. And so every year we have a window where I have to rush around and update all the certs before the expiration date, but if I start the process too soon, then I am doing it every eleven months, because of that absolute 12 month cap.
And again, there's nothing inherently less secure about a 13 month old cert than a 12 month old cert. About 99% of certificate behavior is security theater and Google flexing it's ability to force everyone to do what it says.
@abucci you can also simply click "advanced" and choose to ignore manually if you don't remember the keywords.
I'm surprised Firefox doesn't let you even open it at all, has anyone managed to bypass a failed certificate there?
@justamoment that's the thing--in the instance I posted, that option was not available. Its possible they were using HSTS. the only thing that worked was the thisisunsafe business
