The difficulty of making sure your website is broken
mcpherrinm
61 points
29 comments
April 10, 2026
Related Discussions
Found 5 related stories in 55.7ms across 4,179 title embeddings via pgvector HNSW
- Just make it hard to fail andai · 37 pts · March 21, 2026 · 47% similar
- Don't Trust, Verify lwhsiao · 17 pts · March 28, 2026 · 43% similar
- LLM scraper bots are overloading acme.com's HTTPS server mjyut · 33 pts · April 08, 2026 · 42% similar
- Have a Fucking Website asukachikaru · 92 pts · March 18, 2026 · 42% similar
- The Resolv hack: How one compromised key printed $23M timbowhite · 78 pts · March 23, 2026 · 40% similar
Discussion Highlights (5 comments)
paulirish
https://badssl.com/ also offers several test subdomains in the same vein.
bullen
Meanwhile HTTP keeps working just fine and is decentralized. Just "add your own crypto" on top, which is the ONLY thing a sane person would do. 3... 2... 1... banned?
ipython
Interesting. Chrome (146, macOS) shows no error messages on the revoked cert pages, but Firefox does (also macOS).
lifis
Vanadium, Chrome and Firefox (all for Android) all accept all the revoked certificates... But revoked.badssl.com is considered revoked
nottorp
In the same direction, I once wanted to test an embedded device on crap wifi. So I just ordered the cheapest AP I could find. Except the damn device worked perfectly. Slow but rock solid. One of our testers at $CURRENT_JOB also has trouble simulating a crap network, because our network is good.