hngopher.com

       [HN Gopher] PostgreSQL Support for Certificate Transparency Logs...
       ___________________________________________________________________
        
       PostgreSQL Support for Certificate Transparency Logs Now Available
        
       Author : tracymiranda
       Score  : 35 points
       Date   : 2025-01-07 18:08 UTC (4 hours ago)
        
 (HTM) web link (blog.transparency.dev)
 (TXT) w3m dump (blog.transparency.dev)
        
       | dboreham wrote:
       | Translation: we had data loss and had to change storage provider
       | to one that works.
        
         | phoronixrly wrote:
         | Where works means "does not eat data"... A very basic
         | requirement for storage :)
        
       | remram wrote:
       | > a CT log failure earlier this year due to MariaDB corruption
       | after disk space exhaustion provided the motivation for a change.
        
         | nijave wrote:
         | That seems like a rather serious bug. Disappointing there's not
         | more follow up with MariaDB
        
           | mobilemidget wrote:
           | If you let a disk run full weird shit happens.
           | 
           | But it reads to me as _we_, not mariadb, made a big oopsie
           | and TADA \o/ now we change software. So I do strongly hope
           | that besides changing software, they added some disk space
           | monitoring.
        
             | agwa wrote:
             | > _If you let a disk run full weird shit happens._
             | 
             | Only in buggy software that ignores errors from system
             | calls.
             | 
             | Obviously you can expect availability problems when you run
             | out of space, but there's no excuse for losing data from
             | committed transactions given that the OS will reliably
             | report the error.
             | 
             | > _So I do strongly hope that besides changing software,
             | they added some disk space monitoring._
             | 
             | One of the action items in their incident report was
             | improving monitoring and alerting:
             | https://groups.google.com/a/chromium.org/g/ct-
             | policy/c/038B7...
        
           | agwa wrote:
           | They know about the problem but appear uninterested in
           | improving the situation: https://mariadb.com/kb/en/database-
           | corruption-and-data-loss-...
        
       | politelemon wrote:
       | This title reads strange to me, as though postgres certificates,
       | used when connecting using TLS, will be visible in the CTL.
       | 
       | Better would be: CTL can now use a postgres backend.
        
       | chatmasta wrote:
       | Semi-relatedly, you can connect to the crt.sh Postgres instance
       | and query it directly with SQL:                   psql -h crt.sh
       | -p 5432 -U guest certwatch
       | 
       | To generate the SQL queries in the web UI, simply click
       | "advanced" and then the "Show SQL" checkbox, or append it to the
       | URL, like so:
       | https://crt.sh/?q=www.comodo.com&showSQL=Y
       | 
       | (Note the generated SQL at the bottom of that page.)
       | 
       | Steampipe also has a crt.sh connector:
       | https://hub.steampipe.io/plugins/turbot/crtsh/tables/crtsh_c...
        
       | westurner wrote:
       | Are there Merkle hashes between the rows in the PostgreSQL CT
       | store like there are in the Trillian CT store?
       | 
       | Sigstore Rekor also has centralized Merkle hashes.
        
       ___________________________________________________________________
       (page generated 2025-01-07 23:00 UTC)