skip to Main Content

The creator leaves • The register

A timely reminder that free web services are not synonymous with free software: the creator of the SSLPing service says it can’t handle it anymore.

SSLPing was a useful tool to have around. Sign up, add your servers, and the service will check for certificates, protocols, ciphers, and known vulnerabilities. It checked TLS versions from SSL v3 to TLS 1.2 and, importantly for some large vendors who should know more, would also bleat if certificates needed to be renewed (with reminders at 10 days, three days then at the renewal date.)

The tool was used by over 500 registered users, monitoring over 12,500 TLS servers. It was lightweight and thankfully ad-free. Which seems to have become a problem for its creator, Chris Hartwig.

“It’s broken and I can’t and won’t fix it,” Hartwig said in a post. published on the project homepageclosing the shutters of an ongoing operation since March 2016.

Hartwig ran into a number of issues related to technical debt incurred by the platform: an OpenSSL update would have caused issues; it was stuck on an older version of node.js (“because upgrading would remove SSL v3 detection”, Hartwig said); and it was using Docker Swarm, which has fallen somewhat out of favor in a Kubernetes-obsessed world.

Finally, the three physical servers on which the service ran were faltering. Hartwig reported that one was deceased, while the others reported more than 1,400 days of availability. Impressive numbers, but hinting at a potential imminent hardware failure.

It’s broken and I can’t and won’t fix it

“5 days ago,” he said, “SSLPing started dying, and I don’t know how to bring it back to life. Docker refuses to run after attempting a system update. exploit that broke too many things (upstart vs systemd being one, FS drivers, etc…)”

And, significantly, only 25% of hosting costs were covered by registered Patreon users, according to Hartwig.

The rates were $5 per month for a personal subscription, $25 per month for enhanced support and source access if Hartwig shut things down, and $100 per month for the “enterprise” tier, with private access to the code on Gitlab and the ability to influence the direction of SSLPing.

The register contacted SSLPing to find out if the code would be made available after the end of service, but we have not yet received a response.

It’s an unfortunate situation but also a reminder that someone, somewhere has to pay even for seemingly free services (and even those who are very clear about the lack of warranty.)

It’s also a classic tale of how quickly technical debt can pile up as projects rush to add new features while deprecating old ones, leaving some services, such as SSLPing, to face challenges beyond their own. beyond those encountered by a simple parallel project. ®

Back To Top