INFO - Loaded 21 CRLite filter(s), most recent was downloaded: 0 hours ago
DEBUG - Loaded certificate from github.com
DEBUG - Issuer DN: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA
DEBUG - Subject DN: CN=github.com
DEBUG - Serial number: 00ab6686b5627be80596821330128649f5
DEBUG - Issuer SPKI hash: 6YBE8kK4d5J1qu1wEjyoKqzEIvyRY5HyM_NB2wKdcZo=
TRACE - 20250809-1-default.filter: Good
TRACE - 20250810-0-default.filter.delta: Good
TRACE - 20250810-1-default.filter.delta: Good
TRACE - 20250811-0-default.filter.delta: Good
TRACE - 20250811-1-default.filter.delta: Good
TRACE - 20250812-0-default.filter.delta: Good
TRACE - 20250812-1-default.filter.delta: Good
TRACE - 20250813-0-default.filter.delta: Good
TRACE - 20250813-1-default.filter.delta: Good
TRACE - 20250814-0-default.filter.delta: Good
TRACE - 20250814-1-default.filter.delta: Good
TRACE - 20250815-0-default.filter.delta: Good
TRACE - 20250815-1-default.filter.delta: Good
TRACE - 20250816-0-default.filter.delta: Good
TRACE - 20250816-1-default.filter.delta: Good
TRACE - 20250817-0-default.filter.delta: Good
TRACE - 20250817-1-default.filter.delta: Good
TRACE - 20250818-0-default.filter.delta: Good
TRACE - 20250818-1-default.filter.delta: Good
TRACE - 20250819-0-default.filter.delta: Good
TRACE - 20250819-1-default.filter.delta: Good
INFO - github.com Good
Jaguar has built thousands of new I-Pace vehicles for Waymo. It’s probably Waymo buying the full remaining capacity before I-Pace production is shut down.
My guess is they shelved plans for procuring all 20,000 I-Pace vehicles, but then saw 10x ride growth in a year and with tariffs looming over Zeekr vehicles, they bought out I-Pace production capacity to meet short-term demand.
Jaguar Land Rover is deprecating the I-Pace (and almost every other model) in order to concentrate on the F-Pace EV SUV along with newer greenfield EV models.
JLR is also owned by India's Tata Group, and most of the upcoming EV models share components with Tata Motor's EVs (eg. Batteries, power electronics, etc).
It can be treated as part of JLR's long term pivot towards the India market, where SUVs and CUVs tend to have strong PMF unlike Sedans, and I-Pace, being manufactured in Austria, is difficult to operate in for an Indian company because of the lack of EU-India FTA.
It was years in the making for Firefox to be able to do "intermediate preloading" - we [0] had to make the policy changes for all intermediates to be disclosed, and then let that take effect [1].
Preloading like this shouldn't be necessary, I agree with the author, but worse than this is any bug report of "Works in Chrome, not in Firefox." Prior to this preloading behavior shipping in Firefox 75, incorrectly-configured certificate chains were a major source of those kind of bugs [2].
I find it pretty cool that you went through the length of publicly announcing it and everything for something that everyone else was doing already. That does show some integrity in face of "let's just make it work" people.
None-the-less, as a web developer (which I am less than 5% of my programming time, probably less, so I'd rather not lose my hair over adjacent stuff) this has been extremely frustrating to debug in the past. Would it be possible/make sense to show maybe a small yellow (i) as like a 8x8px icons at the bottom right of the lock to show that something's up? And then if the user clicks "more information" on the "secure connection" (which I believe is deep enough to be more power-user/developer-centered) show a yellow line saying "you're certificate chain's broken dude"?
I haven't hit this issue in several years, and it's unlikely I will hit it again because I'm now systematically using caddy as a front which will do TheRightThing (or so I hope), so maybe my comment is out-dated/irrelevant, in which case, feel free to ignore me.
I mean, it's certainly strange to "love" an IDP. Though I will say, going from a more corporate controlled Azure AD + ping + on prem legacy crap, working somewhere that gets everything funneling through okta has been SO much better
$ git clone https://github.com/mozilla/crlite.git $ cd crlite/rust-query-crlite/ $ cargo run -- -vv --update prod https github.com
INFO - Loaded 21 CRLite filter(s), most recent was downloaded: 0 hours ago DEBUG - Loaded certificate from github.com DEBUG - Issuer DN: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA DEBUG - Subject DN: CN=github.com DEBUG - Serial number: 00ab6686b5627be80596821330128649f5 DEBUG - Issuer SPKI hash: 6YBE8kK4d5J1qu1wEjyoKqzEIvyRY5HyM_NB2wKdcZo= TRACE - 20250809-1-default.filter: Good TRACE - 20250810-0-default.filter.delta: Good TRACE - 20250810-1-default.filter.delta: Good TRACE - 20250811-0-default.filter.delta: Good TRACE - 20250811-1-default.filter.delta: Good TRACE - 20250812-0-default.filter.delta: Good TRACE - 20250812-1-default.filter.delta: Good TRACE - 20250813-0-default.filter.delta: Good TRACE - 20250813-1-default.filter.delta: Good TRACE - 20250814-0-default.filter.delta: Good TRACE - 20250814-1-default.filter.delta: Good TRACE - 20250815-0-default.filter.delta: Good TRACE - 20250815-1-default.filter.delta: Good TRACE - 20250816-0-default.filter.delta: Good TRACE - 20250816-1-default.filter.delta: Good TRACE - 20250817-0-default.filter.delta: Good TRACE - 20250817-1-default.filter.delta: Good TRACE - 20250818-0-default.filter.delta: Good TRACE - 20250818-1-default.filter.delta: Good TRACE - 20250819-0-default.filter.delta: Good TRACE - 20250819-1-default.filter.delta: Good INFO - github.com Good