60

I can't believe this company.

They want to stop using Certificates because it bothers the customer.

I had to use https because we were using service workers for a PWA.

I tried explaining we need them for the product to work, and also it's a basic security measure.

They were removing the certificates without my knowledge.

I found out because a colleague wanted a way to disable the service worker and asked me for help.

The manager said your not the boss of the company, it's not your company to make decisions.

Just do what they say, he tried to justify the decision from above, I said ok when was the last time you installed a certificate? he said never.
Ok, then what the fuck are you talking about, its 10 minutes to get a certificate letscrypt HELLO.

This company is very hierarchical 1900 style, I'm the person who does innovation in the organization, that's the most fucked up part, they say no to everything.
OMG, I'm going to quit.

There just asking to get hacked, this is just the tip of the iceberg.

Is this common or are they morons?

Comments
  • 36
    Yes.

    To clarify: The certificate issue in particular is not common, but they are morons, and morons are extremely common. As are their decisions, and their demanding that you follow them. I never do, which is probably why I'm never on good terms with management.
  • 2
    why not both?
  • 4
    Welcome to DevRant!
  • 7
    Welcome to devrant... the club where we rant about morons.

    No certificates... am I to assume you pass credentials in cleartext through the network/internet now? What on TCP/IP could go wrong?
  • 12
    "They bother the customer" HOW
  • 3
    play along till they get royally fucked, then the instant they come crawling to you for help tell them that you told them so and quit.
  • 3
    @dmonkey incorrect RTC would be my guess, considering the stupidity seen here.
  • 1
    How does a 🔐 bother your client?
    This is a new level of stupid!
  • 2
    Wow thats a major security fail!
  • 3
    @dmonkey Reached EOV, wrong issuer, unknown CA/self-signed, wrong server, etc, etc.

    I see that stuff every day. And it's not the users fault, that's the responsibility of the admin.

    Most people are too dumb to use PKI right.
  • 7
    If a client see a warning from its browser telling him that the certificate is wrong, yes it's pretty bad for the user usability.

    But I'm pretty sure that sooner or later not having certificates will provide the exact same nuisance because browsers display more and more warnings against insecure setups like this.
  • 2
    Do not compromise application security because someone said so.
  • 2
    Alternatively, leave a sniffer on your local network then ask him to make de demo and send him his crappy leaked password right in the face.
  • 0
    Worse is when a small company has hierarchy of 1900
  • 0
    Sounds like not a great company to work at
  • 2
    Does it bother your customer when they can’t use your PWA anymore?
  • 1
    Keep your resignation ready.
    Demand to have a talk with said customer. If the customer listens, fine. If not, hand in the resignation.
    If they're planting a bomb under their own butts, you don't want to be around when it goes off.
Add Comment