coding defects in SSL chain logic make these 2001 "almost immortal" root certs very problematic after sept 30 2021

https://scotthelme.co.uk/lets-encrypt-old-root-expiration/

https://news.ycombinator.com/item?id=28596317

if you read all the info you will see how this is a huge problem, especially for devices and os images that have been turned off dormant for 2 years, or incapable of kernel level OS updates.

Arrrrrrrrgh!!!! Idiocy.

Solution in never mentioned EVER, by any of these low IQ IT writers, but the trick I use is to disable all external clock updates, force time to BEFORE Sept 2021, and then connect to internet and patch or install signed patches... with clock set invalid.

Android 7 ? fucked
Android 6 ? fucked
Android 5 ? fucked
Older iOS? fucked
everything in your house with little WiFi chips? fucked.

10% of earths devices are fucked, especially for remote updates.

THESE are all fucked, deep in OS :

• Windows XP SP2
• Windows XP SP1
• Windows XP SP3 if Automatic Root Certificate Update is manually disabled
• macOS 10.12.0 (2016) and older macOS
• Mac OSX 10.11.0 (September 30, 2015) and older Mac OSX
• iOS 9 on iPads
• iOS 8 or older on iPads
• iPhone 4 or older Millions of old Apple Devices used as Wifi browsers and Phones
• (iPhone 5 and above can upgrade to iOS 10 and can thus trust ISRG Root X)
• Android 7.1.0 or older for SOME fucntions.
• (Android >= 2.3.6 will work by default for some web sites, but SSL is not just for web sites)
• Mozilla Firefox 49.X or older
• Ubuntu < xenial (< 16.04 even with updates applied)
• Debian < jessie "8" (even with updates applied)
• Java 8 ? if hacked to 8u141 is OK, else Java 8 is fucked
• Java 7 ? if hacked to 7u151 is OK, else Java 7 is fucked
• NSS < 3.26 is fucked

This mainly affects poor people and Pajeets and Africans, but a year ago affected Roku and Stripe internet devices, so who knows what spy devices in your house all fail october 1st.