About browsers and whole SSL CERT thing...

Most likely everyone here noticed, that https site with broken certificate will throw these big red warnings, in your face and there is so much wording like "ITS NOT SECUREEEE" or "ITS HACKEDDD" almost like it was written by passionate fanatic.

But when you are on plaintext http browsers reaction is like ¯\_(ツ)_/¯
Even if you have plaintext with password, it will for example in chromium put small little red thingy that almost no one notices.

I believe that broken cert with some error like invalid date is MORE secure than plaintext password, yet still there is this hypocracy with browsers...

I dont say that broken SSL cert is good, or something, Im just pointing out contrast of "broken" https vs plain http.... One looks for casual Joe like end of the world is coming and second is bearly noticable. Da fuck?

I disagree with this approach

Bought an ebook that turned out to be a .DRM file
...that only worked with that publisher's Android app
......that only works with Android versions < 6.0 (I use Android 9)
Tried it anyway, which among incompatibility issues, was raising a certificate error. I contacted the publisher about it
..."sorry, the author did not give us permission to sell this. You can have your money back"

What
Why are you even advertising it on your website as a publisher then??

So in the last 2 hours I felt both frustrating and happiness, because of Xcode and code signing.

So what I did yesterday was removed all the Xcode certificates on my keychain because I had major issues getting the newest version of the certificates despite have auto signing enabled.

Without much notice until going to send the iOS app today through Fabric I came across an error while uploading the newest build :/

Googling it I found the same issue on stack overflow with only two answers one being fastlane, which just automated the process to the same error LOL

So anyways I found the solution and was quite happy about it :D I had to go to the apple developer website and download the right certificate DESPITE the auto signing ...

Anyways uploaded and done!

Also added a stack overflow answer in regards to it, I hope it helps someone out.

Oh and I emailed fabric to ask for help and 30 mins later emailed them basically saying NVM fixed it! Lol

Fuck you Xcode lol

The fucking worst part of my job is when I get thrown an error on a bug I'm trying to fix and it doesn't even contain an error message. For example, I'll try to verify a self signed certificate but I get an error and literally the only error thrown is [Error 0], no fucking message. If you try to track down the error in the docs they don't even fucking list errors. Times like these make me wish I could castrate people with my

Just went to sign back into Amazon Prime Video... not sure I can trust it now 🤔

AHHHHHHHHHHGGGH

I HATE VPN SETUP

- Trying OpenSwan
Installing open swan on a Debian machine.. setting up the config.
Restarting openswan. Syntax error. No syntax error to be found.
Different tutorial.. it starts! Try to connect.. I can’t connect. Look at the logs. No errors.
Tcpdump. My traffic is coming through.. all fine.. try to connect again.. it works! (Nothing changed!)
Try to ping somewhere else.. no connectivity.
Try to ping an IP in the same network.. works fine. So I have connectivity, just no internet.
Spend an hour finding out about traffic directions of which no one seems to know what they really mean.
Boss tells me to stop using openswan because it’s deprecated and replaced by strong swan..

- Strongswan
Reinstall Debian machine, install strongswan. Copy openswan config. Oh, they’re incompatible? Look up strong swan config, and the service starts.
Connect to the VPN.. it works! Again, no internet, just connectivity in the same network. Spend 2h debugging the config, disable firewalls everywhere, find an ancient bug in the Debian package related to my issues.. ok, let’s try compiling from source.. you know what, let’s not. I’ll throw this Debian machine away and try something completely different.

- pfSense
Ok, this looks easy enough! Let’s just click through the initial setup, change some firewall rules, create an L2TP VPN with a simple wizard.
Try to connect to VPN. First, it times out. Maybe a firewall issue? Turn off firewall.. ah, something happens now. I get an error message right after trying to connect to the VPN. Hmm, the port doesn’t even get opened when I enable the firewall.. this implementation seems a bit buggy.. let’s try their OpenVPN module.

Configure OpenVPN. Documentation isn’t that clear.. apparently a client isn’t actually a client but a user is a client.. ok, there’s a hidden checkbox somewhere.
Now where do I download my certificate? Oh, I need a plug-in for that.. ok, interesting. Able to download the certificate, import it, connect and.. YES!!! I can ping! But, I have no DNS..
Apparently, ICMP isn’t getting filtered but all outbound ports are.. yet the firewall is completely disabled. Maybe I need outbound NAT? Oh. There’s no clear documentation on where to configure it. Find some ancient doc, set it up, still no outbound connectivity.

AHAHAHAHHHHHHHHHHG

Then I tried VyOS. I had a great L2TP VPN working in less than 15 mins. Thank you VyOS for actually providing proper docs and proper software.

Yesterday I spent 7 hours on a silly SSL certificate error. The exact same webpage gave me "certificate revoked" error when viewed in one browser/device but it displayed fine on others!
But everything is back to normal today! As if nothing happened!
I'm not a web dev, so I have no idea why this happened. I'm just pissed that I wasted 7 hours on a thing that wasn't my fault...

Decided to update my vcpkg version, and ran tests for my networking tests only for it to return QUIC_STATUS_NOT_SUPPORTED/E_NOINTERFACE for loading the config. Turns out someone decided to switch the default SSL implementation from OpenSSL to Schannel on Windows and didn't enable an option to put it back.

Now it returns an error if you provide a certificate file. Luckily if you enable 0-rtt it still forces OpenSSL 🙄

Today I discovered trial and error driven development for myself:

Me, reading spec..
Spec: „Do something with an CSR“ (not the exact wording :D)

So instead of just googling C# + CSR and copying the code examples,
I went like:
What means CSR -> Certificate (Something Something)
-> could be this namespace (Something with „Crypto...“ in its name)
-> could be this class (Something with „Certificate“ in its name)
-> take the easiest overload (string is always nice)
-> try filling in the parameters from the spec
-> start debugger and inspect properties
-> repeat if necessary

I don’t know if this is the correct pattern to proceed my project with...
But hey, today it worked and now I also know, what „distinguished“ means

So I'm building this environmental monitoring system for one of the Labs to monitor Temperature and Humidity. the "software" that comes as part of the package with these sensors is really just a website you host yourself if you don't choose the cloud option. No big deal really, (see my previous rant about getting windows server through SSC) I setup IIS and get the "software" registered get a couple sensors running looks good. However I don't like the error messages that popup because it's unsecured. do some reading and I find out that most browsers will give you a warning if your not using HTTPS even if it's for internal use only. OK we'll how hard can it be in implement encryption, turns out it's not that hard and you can do it for free how with letsencrypt and other places. I like free, now i have to use SSH to get into the server and run an ACME client. Hey open SSH is part of windows now cool, download an ACME client SSH into the server and nope doesn't work. Oh right I'm behind a corporate firewall and a bunch of other shit I can't control. Why is so damn arduous to setup this god dam internal website and the problems aren't even the site. Now I'm playing with AWS spinning up an instance to be able to try and get an SSL certificate just so i don't have to tell people it's OK to trust this site ignore the big angry warning.
Best part is other similar internal sites don;t use SSL and all have big messages about someone stealing your soul if you go there and these are commercial systems that run all the HVAC for all the campuses across Canada.
I need more Tylenol.

Nothing prepares you for Windows deciding your program as a virus for all your thousands of users and having no idea why.

It wasn’t virus related at all. It needed a new signing with an updated certificate. Did the error say anything like that? Hell no .

I've been since friday with my boss trying to implement bridge between an SDK of another company for Android and iOS (yes the project is in React Native).
Today I've managed to put all the code that is needed to make that bridge and made tests. But in order to test the SDK functions, we need the info that should be easy to request through a service... The service is made with soap, using a certificate .p12.

*No problem, follow the documentation and everything will be okay* I thought... Even the example request in the docs doesn't give a 200 response. And when we finally made a 200 request, it still returned and error code...

And this isn't even the best part. Today we talked to the person that has been collaborating with us, and even he says "Implementing with this company is always hard". Even their worker knows it!!!!

Im deploying a nextjs site via amazon aws amplify. Working with amazon is truly hell. But once it works its truly amazing. Jess bozos have outdone himself. I still dont understand what im doing every time im using aws. Its just trial and error every time for me. (note i still cant deploy the site to my domain there is some build error. Hours of fucking with this and still cant resolve it). However i somehow managed to assign an Amazon SSL Certificate to my domain