Creator of SSLPing, a free service to check SSL certs, downs tools
That freebie that saved your bacon once or twice? Perhaps it's time to drop a bit of cash on it
A timely reminder is being issued to the effect that free web services are not the same as free software: the creator of the SSLPing service says he can't look after it anymore.
SSLPing was a useful tool to have around. Sign up, add your servers and the service would check certificates, protocols, ciphers and known vulnerabilities. It checked versions of TLS from SSL v3 to TLS 1.2 and, importantly for some major vendors who should know better, would also bleat if certificates were due for renewal (with nags at 10 days, three days and then on the renewal date.)
The tool was wielded by over 500 registered users, monitoring more than 12,500 TLS servers. It was lightweight and mercifully ad-free. Which appears to have become a problem for its creator, Chris Hartwig.
"It's broken and I can't and won't fix it," said Hartwig in a message posted on the project's homepage, pulling down the shutters on an operation that has run since March 2016.
- Worried about occasional npm malware scares? It's more common than you may think
- When software depends on a project thanklessly maintained by a random guy in Nebraska, is open source sustainable?
Hartwig faced a number of problems stemming from the technical debt incurred by the platform: an update to OpenSSL would have caused issues; it was stuck on an older version of node.js ("because upgrading would remove SSL v3 detection," said Hartwig); and it was using Docker Swarm, which has fallen a little out of favour in a Kubernetes-obsessed world.
Finally, the three physical servers on which the service ran were tottering. Hartwig reported that one had died, while the others were reporting more than 1,400 days of uptime. Impressive figures, but hinting at a potential impending hardware failure.
It's broken and I can't and won't fix it
"5 days ago," he said, "SSLPing started dying, and I can't figure out how to bring it back to life. Docker refuses to run after attempting an OS update which broke too many things (upstart vs. systemd being one, FS drivers, etc...)"
And, significantly, only 25 percent of the hosting costs were being covered by users signed up to Patreon, according to Hartwig.
Rates were $5 per month for a personal subscription, $25 per month for enhanced support and access to the source if Hartwig shut things down, and $100 per month for "corporate" level, with private access to the code on Gitlab and the opportunity to influence the direction of SSLPing.
The Register contacted SSLPing to find out if the code would be made available following the end of service, but we have yet to receive a response.
It's an unfortunate situation but also a reminder that somebody, somewhere needs paying even for apparently free services (and even for those that are very clear about a lack of guarantee.)
It is equally a classic tale of how quickly technical debt can build up as projects race to add new features while deprecating old ones, leaving some services, such as SSLPing, facing challenges beyond those faced by a mere side project. ®