The difficulty of making sure your website is broken
mcpherrinm
61 points
29 comments
April 10, 2026
Related Discussions
Found 5 related stories in 801.5ms across 14,015 title embeddings via pgvector HNSW
- Build your own vulnerability harness ianrahman · 32 pts · July 10, 2026 · 50% similar
- Just make it hard to fail andai · 37 pts · March 21, 2026 · 47% similar
- Tom7: No one can force me to have a secure website [video] Audiophilip · 36 pts · April 13, 2026 · 46% similar
- A Caddy Cert Expired Because Systemd-Resolved Was Selectively Broken PaulHoule · 16 pts · May 11, 2026 · 45% similar
- Many Let's Encrypt renewals had errors today widdakay · 108 pts · June 19, 2026 · 45% similar
Discussion Highlights (5 comments)
paulirish
https://badssl.com/ also offers several test subdomains in the same vein.
bullen
Meanwhile HTTP keeps working just fine and is decentralized. Just "add your own crypto" on top, which is the ONLY thing a sane person would do. 3... 2... 1... banned?
ipython
Interesting. Chrome (146, macOS) shows no error messages on the revoked cert pages, but Firefox does (also macOS).
lifis
Vanadium, Chrome and Firefox (all for Android) all accept all the revoked certificates... But revoked.badssl.com is considered revoked
nottorp
In the same direction, I once wanted to test an embedded device on crap wifi. So I just ordered the cheapest AP I could find. Except the damn device worked perfectly. Slow but rock solid. One of our testers at $CURRENT_JOB also has trouble simulating a crap network, because our network is good.