Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "certificates"
Looking for a job as a deveoper be like:
Job title: car driver
Job requirements: professional skills in driving normal- and heavy-freight cars, buses and trucks, trolley buses, trams, subways, tractors, shovel diggers, contemporary light and heavy tanks currently in use by NATO countries.
Skills in rally and extreme driving are obligatory!
Formula-1 driving experience is a plus.
Knowledge and experience in repairing of piston and rotor/Wankel engines, automatic and manual transmissions, ignition systems, board computer, ABS, ABD, GPS and car-audio systems by world-known manufacturers - obligatory!
Experience with car-painting and tinsmith tasks is a plus.
The applicants must have certificates by BMW, General Motors and Bosch, but not older than two years.
Compensation: $15-$20/hour, depends on the interview result.
Education requirements: Bachelor's Degree of Engineering.34
So, someone submitted a 'bug' to Mozilla.
As some of you may know, in the next year, the new mass surveillance law in the Netherlands is going into effect.
Another fun fact is that the dutch security agencies/government have their own CA (Certificate Authority) for SSL/TLS certificates.
The new law says that the AIVD (dutch NSA/GCHQ equivilant) is allowed to hack into systems through obtained certificates and also that they're allowed to INTERCEPT TRAFFIC THROUGH OBTAINED PRIVATE SSL/TLS KEYS.
So someone actually had the fucking balls to submit a fucking issue to Mozilla saying that the Dutch State certs shouldn't be accepted anymore when the new mass surveillance law gets into place.
This person deservers a fucking medal if you ask me.71
Sales employee Bob wants a clickable blue button.
Bob tells product owner Karen about his unstoppable desire for clickable blue buttons.
Karen assigns points for potential and impact (how much does a blue button improve Bob's life, how many people like Bob desire blue buttons)
Karen asks the button team how hard it is to build a button. The button team compares the request to a reference button they've built before, and gives an ease score, with higher score being easier (inverse of scrum points).
These three scores are combined to give a priority score. The global buttonbacklog is sorted by priority.
Once every two weeks (a "sprint") the button team convenes, uses the ease scores to assign scrum points. Difficult tasks are broken up into smaller tasks, because there is a scrum point upper limit. They use the average of the last 5 sprints to calculate each developer's "velocity".
The sprint is filled with tasks, from the top of the global button backlog, up to the team's capacity as determined by velocity. Approximate due dates are assigned, Bob is a happy Bob.
What if boss Peter runs into the office screaming "OUR IMPORTANT CLIENT WANTS A FUCKING PINK BUTTON WHICH MAKES HEARTS APPEAR"?
Devs tell boss to shut the fuck up and talk to Karen. Karen has a carefully curated list of button building tasks sorted by priority, can sedate boss with valium so he calms the fuck down until he can make a case for the impact and potential of his pink button.
Karen might agree that Peter's pink button gets a higher priority than Bob's blue button.
But devs are nocturnal creatures, easily disturbed when approached by humans, their natural rhythms thrown out of balance.
So the sprint is "locked", and Peter's pink button appears at the top of the global backlog, from where it flows into the next sprint.
On rare occasions a sprint is broken open, for example when Karen realizes that all of the end users will commit suicide if they don't have a pink heart-spawning button.
In such an event, Peter must make Bob happy (because Bob is crying that his blue button is delayed). And Peter must make the button team of devs happy.
This usually leads to a ritual involving chocolate or even hardware gift certificates to restore balance to the dev ecosystem.23
A former colleague made an online shopping app. Boss wanted to promote him to Senior Developer when he still working with us.
14 days ago another colleague checked the code and told the boss that it's ready for production. No one asked me because everyone in the company thinks am the stupid developer of them all.
So what happened?
Well the total value of the cart was being over to payment gateway using a hidden field. Well you know the rest of the story.
The client has sued our company for this issue and boss came running to me and asked me to check if it was our fault or something else.
I checked and found the hidden value where the total value of cart was being stored and send over to payment gateway. The following is the conversation between me and the colleague who checked the code:
Me: So you checked the code and everything was okay?
Him: Yes, all good.
Me: Did you see this hidden field where the total value of cart is being passed to the payment gateway?
Me: Why didn't you fix this?
Him: What's there to fix?
Me: Well someone can temper the value and let it pass to the payment gateway.
Him: No, they can't we are using https
Me: I' am done with you
He has Masters in software engineering and has few security certificates.25
Started talking with someone about general IT stuff. At some point we came to the subject of SSL certificates and he mentioned that 'that stuff is expensive' and so on.
Kindly told him about Let's Encrypt and also that it's free and he reacted: "Then I'd rather have no SSL, free certificates make you look like you're a cheap ass".
So I told him the principle of login/registration thingies and said that they really need SSL, whether it's free or not.
"Nahhh, then I'd still rather don't use SSL, it just looks so cheap when you're using a free certificate".
Hey you know what, what about you write that sentence on a whole fucking pack of paper, dip it into some sambal, maybe add some firecrackers and shove it up your ass? Hopefully that will bring some sense into your very empty head.
Not putting a secure connection on a website, (at all) especially when it has a FUCKING LOGIN/REGISTRATION FUNCTION (!?!?!?!!?!) is simply not fucking done in the year of TWO THOUSAND FUCKING SEVENTEEN.
'Ohh but the NSA etc won't do anything with that data'.
Has it, for one tiny motherfucking second, come to mind that there's also a thing called hackers? Malicious hackers? If your users are on hacked networks, it's easy as fuck to steal their credentials, inject shit and even deliver fucking EXPLOIT KITS.
Oh and you bet your ass the NSA will save that data, they have a whole motherfucking database of passwords they can search through with XKeyScore (snowden leaks).
I ranted about this guy before who thought he was a security expert while hardly knowing what the word is probably. Today I met him again at a party.
Holy fucking shit, this guy.
"we use the best servers of the netherlands"
"we use a separate server for each website and finetune them"
"we always put clusters under servers, that way we have a fallback mechanism"
"companies mostly use bv ssl certificates"
"you're on call for a week? I'm full-time on call. Why I'm drinking alcohol then? Because fuck the clients hahaha"
Good morning campers,
It has come to be known that LetsEncrypt will be moving on from a "Small" Certificate Authority to one of the big guys with their own Root certificates in the coming months.
Now for the average joe this means nothing, besides awaiting for root certificate updates to flow down for their operating system 🤔 but for LE, that's a major step up in such a short time of being in existence.5
Crap.. got myself into a fight with someone in a bar.
Hospitalized, turns out that my knee is bruised and my nose is broken. For some reason the knee hurts much more than the nose though.. very weird.
Just noticed that some fucker there stole my keychain USB stick too. Couldn't care less about the USB stick itself, got tons of those at home and hard drive storage even more so (10TB) but the data on it was invaluable. It held on a LUKS-encrypted partition, my GPG keys, revocation certificates, server backups and everything. My entire digital identity pretty much.
I'm afraid that the thief might try to crack it. On the flip side, if it's just a common Windows user, plugging it in will prompt him to format it.. hopefully he'll do that.
What do you think.. take a leap with fate and see how strong LUKS really is or revoke all my keys and assume my servers' filesystems to be in the hands of some random person that I don't know?
Seriously though.. stealing a fucking flash drive, of what size.. 32GB? What the fuck is wrong with people?37
Look I understand online privacy is a concern and we should really be very much aware about what data we are giving to whom. But when does it turn from being aware to just being paranoid and a maniac about it.? I mean okay, I know facebook has access to your data including your whatsapp chat (presumably), google listens to your conversations and snoops on your mail and shit, amazon advertises that you must have their spy system (read alexa) install in your homes and numerous other cases. But in the end it really boils down to "everyone wants your data but who do you trust your data with?"
For me, facebook and the so-called social media sites are a strict no-no but I use whatsapp as my primary chating application. I like to use google for my searches because yaa it gives me more accurate search results as compared to ddg because it has my search history. I use gmail as my primary as well as work email because it is convinient and an adv here and there doesnt bother me. Their spam filters, the easy accessibility options, the storage they offer everything is much more convinient for me. I use linux for my work related stuff (obviously) but I play my games on windows. Alexa and such type of products are again a big no-no for me but I regularly shop from amazon and unless I am searching for some weird ass shit (which if you want to, do it in some incognito mode) I am fine with coming across some advs about things I searched for. Sometimes it reminds me of things I need to buy which I might have put off and later on forgot. I have an amazon prime account because prime video has some good shows in there. My primary web browser is chrome because I simply love its developer tools and I now have gotten used to it. So unless chrome is very much hogging on my ram, in which case I switch over to firefox for some of my tabs, I am okay with using chrome. I have a motorola phone with stock android which means all google apps pre-installed. I use hangouts, google keep, google map(cannot live without it now), heck even google photos, but I also deny certain accesses to apps which I find fishy like if you are a game, you should not have access to my gps. I live in India where we have aadhar cards(like the social securtiy number in the USA) where the government has our fingerprints and all our data because every damn thing now needs to be linked with your aadhar otherwise your service will be terminated. Like your mobile number, your investment policies, your income tax, heck even your marraige certificates need to be linked with your aadhar card. Here, I dont have any option but to give in because somehow "its in the interest of the nation". Not surprisingly, this thing recently came to light where you can get your hands on anyone's aadhar details including their fingerprints for just ₹50($1). Fuck that shit.
There are and should be always exceptions when it comes to privacy because when you give the other person your data, it sometimes makes your life much easier. On the other hand, people/services asking for your data with the sole purpose of infilterating into your private life and not providing any usefulness should just be boycotted. It all boils down to till what extent you wish to share your data(ranging from literally installing a spying device in your house to them knowing that I want to understand how spring security works) and how much do you trust the service with your data. Example being, I just shared most of my private data in this rant with a group of unknown people and I am okay with it, because I know I can trust dev rant with my posts(unlike facebook).29
I can't believe this company.
They want to stop using Certificates because it bothers the customer.
I had to use https because we were using service workers for a PWA.
I tried explaining we need them for the product to work, and also it's a basic security measure.
They were removing the certificates without my knowledge.
I found out because a colleague wanted a way to disable the service worker and asked me for help.
The manager said your not the boss of the company, it's not your company to make decisions.
Just do what they say, he tried to justify the decision from above, I said ok when was the last time you installed a certificate? he said never.
Ok, then what the fuck are you talking about, its 10 minutes to get a certificate letscrypt HELLO.
This company is very hierarchical 1900 style, I'm the person who does innovation in the organization, that's the most fucked up part, they say no to everything.
OMG, I'm going to quit.
There just asking to get hacked, this is just the tip of the iceberg.
Is this common or are they morons?18
Coworker: This guy's computer is completely messed up...
Me: What? Why?
Coworker: So he installed some virus...
Me: Yeah? And...?
Coworker: And apparently it changed all certificates for antivirus programs into Untrusted Certificates - so he can't install anything that could remove the virus!
Me: That's horrifying..7
You're a flippin bank, and your public website has an invalid cert!? WTF. No, I'm done, and I don't trust you with my money either.10
I hate Wordpress. I hate Wordpress. I hate Wordpress.
Wordpress can take a big shit on itself and crawl into a deep dark hole far away from all that is good.
Who even uses Wordpress? Bloggers? Come on, let’s be honest, they’re using more intuitive sites like weebly, wix, and square space. So WHAT is Wordpress for? I’ll tell you, it’s just to FUCKING TORTURE PEOPLE.
So, being the “techy guy” of the family, a relative contacts me asking for some help with their website because they need to install an SSL certificate but they don’t know how to. I tell them I’d gladly do it because, sure, they’re family and how long can it possibly take to install a certificate? I’ve done it before!
Well, I get to work and log into the sluggish Wordpress dashboard and try to use a plugin that would issue a LetsEncrypt certificate because they are free and just as good as any other SSL. But one plugin after the next I keep getting errors about how my hosting wouldn’t allow it.
So I contact GoDaddy (don’t get me fucking started) and ask them about the issue. The guy tells me it’s “policy” to only be able to use GoDaddy’s certificates. How much do they cost? Oh, how about $100 a year?! Fuck you.
I figured out the only way to escape this hell was to ask them to open an economy Linux hosting account with cPanel on GoDaddy (the site was formerly hosted on a “Managed Wordpress” account which is just bullshit for not wanting to give you any control over your own goddamn content). So now I have to deal with migrating the site.
GoDaddy representative tells me that it should only take 20 minutes for me to do this (I’ve already spent way too much time on this but whatever) so I go forward with the new account. I decide I should migrate the site by exporting a backup and manually placing everything on the new server. Doesn’t it end up taking an entire hour to back up a 200MB site because GoDaddy throttled the processing speed?!
So, it’s another hour later and I’ve installed all the databases and carried over all the files. At this point, I’m really at the end of my rope and can’t wait to install the certificate and be done with this fuckery.
I install the certificate and finally get ready to be on my way, but then I see it. A warning. A warning from my browser telling me the site is only partially secure. It turns out the certificate was properly installed but whoever initially made the site HARDCODED ALL THE LINKS to images, websites, and style sheets to be http instead of https.
I’m gonna explode.
I swear, I’m gonna fucking explode.
After a total of 5 hours of work, I finally get the site secure by using search and replace on every fucking file.
Wordpress can go suck a big one. Actually, Wordpress can go suck the largest fuckin one in existence and choke on it.
TL;DR I agree to install an SSL certificate but end up with much more work than I bargained.37
*sees people on Facebook wanting to get Linux certificates*
Me: naah that's not how I'ma do it
*at le job interview*
Interviewer: "So you apply as a sysadmin.. what are your skills? Certificates?"
Me: "No certificates sir.. but I USE ARCH LINUX 😎"
Me (quietly): "and Ubuntu Server too but that's not as cool :v"10
Monday morning, went to the local grocery store to get myself some croissants and 2 bottles of wine.
Cashier: "Already at it in the morning, you sure about that?"
Me: "Long story short, I've got a Wi-Fi driver from Intel to debug and rewrite, and it's a fucking piece of shit.. can't go at it without hitting or preferably exceeding the Ballmer Peak... Also I'm awake since yesterday evening already."
Why even ask? Yeah I'm a fucking alcoholic, and guess why that is.. stupid nontechnical fucks, certified enganeers like that motherfucker at Intel who wrote this pile of garbage called ipw2200, and technology that can't be arsed to work properly on its own unless I build the fucking thing myself, just to name a few reasons.
You know what, fucking piece of shit from Intel, whoever it is? How about I let you choke on my dick while fucking hanging you with a sharp metal wire that's carrying 2kVAC from a microwave transformer, just to see whether I'd nut first, or you either choke, get electrocuted, or get your fucking throat slit first. Certificates aren't an excuse for committing this fucking pile of shit and calling it a fucking product!!
Now, it's time to dive into this giant stinking fucking turd I guess.. first glass of wine to get myself prepared for the shitstorm that's a giant 20k LoC C file with barely any comments, to look what the fuck causes this fucking pile of shit to disconnect and ask for WPA credentials after a while, despite having them stored.. and not reconnect after that, because why the fuck would you?!11
Ah certbot you sexy pain in the ass.
# certbot renew
> "Error: unable to parse files ..."
> 2 certificates renewed.
🤔I don't know how you worked, but you keep working!!2
I absolutely love the email protocols.
x1 LOGIN user@domain password
x2 LIST "" "*"
x3 SELECT Inbox
Because a state machine is clearly too hard to implement in server software, clients must instead do the state machine thing and therefore it must be in the IMAP protocol.
I should be careful with this one since there's already more than enough spam on the interwebs, and it's a good thing that the "developers" of these email bombers don't know jack shit about the protocol. But suffice it to say that much like on a real letter, you have an envelope and a letter inside. You know these envelopes with a transparent window so you can print the address information on the letter? Or the "regular" envelopes where you write it on the envelope itself?
Yeah not with SMTP. Both your envelope and your letter have them, and they can be different. That's why you can have an email in your inbox that seemingly came from yourself. The mail server only checks for the envelope headers, and as long as everything checks out domain-wise and such, it will be accepted. Then the mail client checks the headers in the letter itself, the data field as far as the mail server is concerned (and it doesn't look at it). Can be something else, can be nothing at all. Emails can even be sent in the future or the past.
You have this property "mynetworks" in /etc/postfix/main.cf where you'd imagine you put your own networks in, right? I dunno, to let Postfix discover what your networks are.. like it says on the tin? Haha, nope. This is a property that defines which networks are allowed no authentication at all to the mail server, and that is exactly what makes an open relay an open relay. If any one of the addresses in your networks (such as a gateway, every network has one) is also where your SMTP traffic flows into the mail server from, congrats the whole internet can now send through your mail server without authentication. And all because it was part of "your networks".
Yeah when it comes to naming things, the protocol designers sure have room for improvement... And fuck email.
Oh, bonus one - STARTTLS:
So SMTP has this thing called STARTTLS where you can.. unlike mynetworks, actually starts a TLS connection like it says on the tin. The problem is that almost every mail server uses self-signed certificates so they're basically meaningless. You don't have a chain of trust. Also not everyone supports it *cough* government *cough*, so if you want to send email to those servers, your TLS policy must be opportunistic, not enforced. And as an icing on the cake, if anything is wrong with the TLS connection (such as an MITM attack), the protocol will actively downgrade to plain. I dunno.. isn't that exactly what the MITM attacker wants? Yeah, great design right there. Are the designers of the email protocols fucking retarded?9
Intranet not working.
Still not working.
You need to create ticket to delete certificates.
IT site is in intranet.
Intranet not working.
Ask IT to create ticket.
They can't create tickets for users.
Just another day in corporation.1
HOW FUCKING HARD CAN IT BE TO NOT STORE PASSWORDS IN CLEARTEXT AND THEN PROCEED TO SEND ME AN UNENCRYPTED EMAIL WITH THE PASSWORD IN IT??? THE SITE HAS A PREMIUM FUCKING SSL AND SAFETY CERTIFICATES YET THEY STILL DON'T COMPLY TO THIS? FUCK YOU! IF IT WASN'T FOR THAT I HAD TO ORDER A NEW SCREEN FOR MY BROKEN PHONE, YOU COULD'VE SUCKED BETTER THAN ME + VACUUM CLEANER.
Sorry abt that. But for real, mytrendphone stores passwords in plain texts and waves a fucking safety certificate in your face...13
Fuck apple and their fucking certificates for ios development. What a way to make a dev's life worse.8
.. for the first time I permanently lost access to one of my GPG keys that were actually in use. No revocation certificates, nothing in the keychains on any of my hosts... Keychain flash drive that got stolen had a copy of both, my fileserver used to have a copy of that flash drive until I deleted it to make room for a filesystem migration, and my laptop used to have one.. until I decommisioned it and shredded its hard drive to be deployed somewhere else...
I can't sign my git commits anymore, and I can't revoke the key either.
I showed a friend of mine a project I made in two days in Docker and Symfony php. It is a rather simple app, but it did involve my usual setup: Nginx with gzip/cache/security headers/ssl + redis caching db + php-fpm for symfony. I also used php7.4 for the lolz
He complained that he didn't like using Docker and would rather install dependencies with composer install and then run it with a Laravel command. He insisted that he wanted a non-docker installation manual.
I advised him to first install Nginx and generate some self-signed certificates, then copy all the config files and replace any environment-injected values (I use a self-made shell script for this) with the environment values in the docker-compose files.
Then I told him to download php-fpm with php 7.4 alpha, install and configure all the extensions needed, download and set up a local Redis database and at last re-implement a .env file since I removed those to replace them with a container environment.
He sent an angry emoji back (in a funny way)
God bless containerized applications, so easy to spin up entire applications (either custom or vendor like redis/mysql) and throw them away after having played with them. No need to clutter up your own pc with runtime environments.
I wonder if he relents :p9
omg apple does not like to make things easy! Trying to set up developer accounts for a company but a company can't be an agent? a team member who isn't an agent can't create certificates or keys?
Android development seems so easy and nice now6
Me: ssl conn cannot be esrablished. Cert is not signed
Sr. Dev/architect: what url are you calling?
sd/a: yeah, I know that. But what is the url?
Me: *how the f... Did you get 'sr' and 'arch' titles, man???*
Me: why does it matter?
Sd/a: certificates depend on a url. Our LB selects a cert according to a request url
me: *buddy, I like you but I no longer look at you with respect like I used to before today...*11
We have 1 guy managing everything. He develop our CMS, customers email client, manage our network, servers, domains (our own domain servers), billing system, SSL certificates... In short: everything (as well as bugs). The entire company relies on 1 guy, pretty much.
Brings the phrase "all for one, and one for all" to a whole new meaning.15
Refreshing the Let's Encrypt certificates, one of them wasn't applying properly.. couldn't find the issue for like 15 minutes...
Eventually I realized that I was refreshing the wrong domain 😅6
me: the source code is currently store on GitHub and we use GitHub Actions after each updates to compile your code into binary before deploying to your servers
client: storing source code on GitHub (external server) is insecure and breaks compliance
me: so i guess you will need to have a copy of the source code on all your servers and build them directly there (too cheap to have a separate build server) instead of using GitHub Actions
me: keep in mind that all your certificates and tokens are going to be store as plain text in all your servers so if a hacker gain access to anyone of your servers, they will have access to everything.
client: yeah, this is in compliance to our security policy4
So... remember my first rants about my network at my last ship?
Well... I had to visit them for an unrelated matter and found out that they are to pass general inspection the next week. Among the inspectors is a member of the cyber defence team. I took a quick look at the network, finding the things I'd expect:
- No updates passed to the server or installed since I left
- No antivirus updates since I left
- All certificates were expired
- Most services were shut down or unused
- All security policies were shut down
- Passwords (without expiration now) were written on post-it and stuck on screens
- ... and more!
I told the XO (the same idiot that complained about them CONSTANTLY) and he just shrugged me off and told me to """fix""" it. In one fucking afternoon.
I. SHIT. YOU. NOT.
The new admin there is a low ranking person who hasn't the faintest idea of how this works, and isn't willing to learn, either. They just dumped the duty on him, and he seems not to care. The cyber security inspector is going to have a field day. Or get grey hairs.
I told the XO that I needed at least a week to get them into working order (I have to re-set up my virtual Windows 2012 R2 server, download 2 years' worth of updates, repair 2 years of neglect etc.). The answer was what I expected:
"You know computers, you can do your magic and get it done in an afternoon."
Thank god I got transferred and don't have to answer to that idiot any more. Now, popcorn time, as I watch the fireworks.
Yes, I am a vengeful guy. I have told them, twice now, of what would happen. They didn't listen. At least now, with an official report on their heads, they just might.5
Really IBM? Selling certificates to own employees that are valid only inside the company? A bit greedy from my point of view.7
Got pretty peeved with EU and my own bank today.
My bank was loudly advertising how "progressive" they were by having an Open API!
Well, it just so happened I got an inkling to write me a small app that would make statistics of the payments going in and out of my account, without relying on anything third-party. It should be possible, right? Right?
The bank's "Open API" can be used to fetch the locations of all the physical locations of the bank branches and ATMs, so, completely useless for me.
The API I was after was one apparently made obligatory (don't quote me on that) by EU called the PSD2 - Payment Services Directive 2.
It defines three independent APIs - AISP, CISP and PISP, each for a different set of actions one could perform.
I was only after AISP, or the Account Information Service Provider. It provides all the account and transactions information.
There was only one issue. I needed a client SSL certificate signed by a specific local CA to prove my identity to the API.
Okay, I could get that, it would cost like.. $15 - $50, but whatever. Cheap.
First issue - These certificates for the PSD2 are only issued to legal entities.
That was my first source of hate for politicians.
Then... As a cherry on top, I found out I'd also need a certification from the local capital bank which, you guessed it, is also only given to legal entities, while also being incredibly hard to get in and of itself, and so far, only one company in my country got it.
So here I am, reading through the documentation of something, that would completely satisfy all my needs, yet that is locked behind a stupid legal wall because politicians and laws gotta keep the technology back. And I can't help but seethe in anger towards both, the EU that made this regulation, and the fact that the bank even mentions this API anywhere.
Seriously, if 99.9% of programmers would never ever get access to that API, why bother mentioning it on your public main API page?!
It... It made me sad more than anything...7
How will I tell him codeacamy free certificates isn't knowing about programming and cramming syntax isn't programming also🤦🏽♂️14
Local time: 10:45 AM
I get a call from a customer. "My computer isn't working," she says. "I can't get to Google."
"What does it say?" Ideas swirl through my mind as I ask the question. I've seen this problem before.
"'Your connection is not private,'" says she. "I just want to buy a program."
I instantly know what the problem is.
"What time does your computer say it is?" I say it calmly, almost with a knowing smile. Yes, this has to be the issue.
"Um... 1:40," she says, a drip of confusion in her voice.
"That's your problem," I say. "Just fix that and you'll be good to go."
The problem was resolved and all was good.8
here are a few things that my teacher said last class.
"public keys are used because they are computationally hard to crack"
"when you connect to a website, your credit card number is encrypted with the public key"
"digital certificates contain all the keys"
"imagine you have a clock with x numbers on it. now, wrap a rope with the length of y around the clock until you run out of rope. where the rope runs out is x mod y"
"crack the code" is a legitimate vocabulary words
we had to learn modulus in an extremely weird way before she told the class that is was just the remainder, but more importantly, we werent even told why we were learning mod. the only explanation is that "its used in cryptography"
i honestly doubt she knows what aes is.
to sum it up:
she thinks everything we send to a server is encrypted via the public key.
she thinks *every* public key is inherently hard to crack.
she doesnt know https uses symmetric encryption.
i think that she doesnt know that the authenticity of certificates must be checked.7
My company compromises SSL certificates in the name of "security". I can't even use Gmail because Google has identified my intranet as a malicious network executing a man in the middle attack. So they break security in the name of security.6
Old rant here. Took place ~2 years ago and just remembered it recently:
For some reason our company decided to disable incognito mode in Chrome... Wtf, who comes up with that shit?!
Our team has different certificates to test our application and therefore the private mode comes in quite useful. Otherwise you would need to close and reopen all browser instances again.
At least, after a shitstorm from various teams they unblocked incognito again.6
Maybe, iOS developers get paid higher than Android developers because it's MORE STRESSFUL to use Xcode and deal with Apple Certificates.4
Right, I've been here before.
Our app requires an internet connection, and one of our clients wants to roll it out on a strictly managed network.
We told them which addresses our app communicates with and their network team opened them up for traffic. Should work, right?
Nope, doesn't work.
So I request them to use Fiddler to do some debugging of the network traffic, and lo and behold, it does work when Fiddler is active.
One important detail is that Fiddler uses it's own SSL certificate to debug HTTPS communications. I've had moments where expired certificates were the cause of things not working and running Fiddler "fixes" this because of their own certificate.
So I point this out in numerous mails to their network team, every time I get a response saying "nah, that can't be it".
I keep insisting "I have had this before, please check if any installed Root CA Certificates is expired"
At this point I'm certain they have updates turned off on these machines, and their certificates must not have been updated for a long time.
At one point they come back to me. "Hey, when Fiddler is off, WireShark shows the app communicating with ICMP calls, but when it's on it shows HTTP calls instead".
...YOU'RE THE SUPPOSED NETWORK EXPERTS?! You think data can be send via ICMP? Do you even know what ICMP is? Of course you'll see ICMP calls when the network is rejecting the packages instead of HTTP calls when everything's fine.
(ICMP is used to communicate errors)
I'm trying to keep my patience with these guys until they find exactly what's wrong because even I am somewhat grasping at straws right now. But things like this makes me doubt their expertise...8
Apple revoked FB and Google's Experimental Certificates!
Way to go Apple! Showing the cojones!
Damn Apple. These stupid certificates. I only want to send notifications. On Android I have to add one API key. And you Apple? Struggeling to get ionic push working for 6 hours...9
Will try to keep that one short.
So we have internal system for active QR codes, nothing really special, as you could imagine. I wrote it when I was beginner but it works and is heavly battle-tested.
Today JBOG (just bunch of guys) come in and try to BS me that something is showing up wrongly for someone.
I check things up, nothing looks out of the order, I go there, everything looks fine too, and they say that yeah but this printed certificate's QR dosen't match what some QR with this name is within the system...
Short invastigation. TL;DR, someone who was rendering/printing these certificates had bunch of these codes with names like
And just casually missclicked...
And to come to that conclusion they need fucking backend dev to confirm that code last 1.5 year didnt magically change, and to destroy their magical belief that it's code's fault.
No, someone fucking missclicked. Whole magic. Usually problem is between chair and keyboard, get fucking used to it. Now, having that settled, let me get back to my work.
// This is not a Rant, it's a sad story
I am a Software Engg. Student at my college, and I am a scholar, I stand 1st rank in my department for my academics. Our college expects us to do an internship this semester break, and I am stuck. The college expects us to do an internship for a period of around 6 weeks from a company with a CMM level 3. The real pain is the fact that the college didn't prepare us with the right skill set to get an internship like that. And in the end all our college wants is a certificate to show to them that I have done an internship.
My problem is, the people who don't have the slighest skill to do an internship are getting certificates because they have contacts, and they have no intentions to learn anything. But, here I am, although I believe I don't have that good skill set either, but I am stuck with no contacts, no internship offers, and no responses from the company I have applied to. Don't know what I am gonna do, but I have a zeal to do perform well, let's hope I find an opportunity to exhibit my talents.
If anybody can help me, please do. 🙏❤5
TL;DR: Printers suck. MS-Word sucks.
Yesterday I wanted to print a few participation certificates for my blender project students.
*Turns on printer, runs downstairs, gets paper, runs upstairs, puts paper in*
So I tried to print in word. Nothing happened. Printer was online. I checked queue: Nothing.
*a couple of tries later*
Okay, fuck it! I export it as a pdf and open it in edge (8 times. 8 documents. Edge is a neat pdf-viewer, fight me). I press print on one. It works. I print the others and check: They look shit. The images look like 25% resolution and 50% jpg compression. I check word.
It by default exports in low quality. Yea, thanks for asking me. I export pdfs again and check "high quality". Open them, print. Done.
These were like 30 wasted minutes and print color. And paper.
Btw they look fucking neat. I can't show them right now but gradient text headline, project name is a rendered and edited 3D object :D4
Worst thing you've seen another dev do? Here is another.
Early into our eCommerce venture, we experienced the normal growing pains.
Part of the learning process was realizing in web development, you should only access data resources on an as-needed basis.
One business object on it's creation would populate db lookups, initialize business rule engines (calling the db), etc.
Initially, this design was fine, no one noticed anything until business started to grow and started to cause problems in other systems (classic scaling problems)
VP wanted a review of the code and recommendations before throwing hardware at the problem (which they already started to do).
Over a month, I started making some aggressive changes by streamlining SQL, moving initialization, and refactoring like a mad man.
Over all page loads were not really affected, but the back-end resources were almost back to pre-eCommerce levels.
The main web developer at the time was not amused and fought my changes as much as she could.
Couple months later the CEO was speaking to everyone about his experience at a trade show when another CEO was complementing him on the changes to our web site.
The site was must faster, pages loaded without any glitches, checkout actually worked the first time, etc.
CEO wanted to thank everyone involved etc..and so on.
About a week later the VP handed out 'Thank You' certificates for the entire web team (only 4 at the time, I was on another team). I was noticeably excluded (not that I cared about a stupid piece of paper, but they also got a pizza lunch...I was much more pissed about that). My boss went to find out what was going on.
MyBoss: "Well, turned out 'Sally' did make all the web site performance improvements."
Me: "Where have you been the past 3 months? 'Sally' is the one who fought all my improvements. All my improvements are still in the production code."
MyBoss: "I'm just the messenger. What would you like me to do? I can buy you a pizza if you want. The team already reviewed the code and they are the ones who gave her the credit."
Me: "That's crap. My comments are all over that code base. I put my initials, date, what I did, why, and what was improved. I put the actual performance improvement numbers in the code!"
MyBoss: "Yea? Weird. That is what 'Tom' said why 'Sally' was put in for a promotion. For her due diligence for documenting the improvements."
Me:"What!? No. Look...lets look at the code"
Open up the file...there it was...*her* initials...the date, what changed, performance improvement numbers, etc.
I opened version control and saw that she made one change, the day *after* the CEO thanked everyone and replaced my initials with hers.
She knew the other devs would only look at the current code to see who made the improvements (not bother to look at the code-differences)
MyBoss: "Wow...that's dirty. Best to move on and forget about it. Let them have their little party. Let us grown ups keeping doing the important things."8
Apple app signing and certificates: how do people even circumvent/hack these things? I'm hardly able to do it legit.4
In today's episode of kidding on SystemD, we have a surprise guest star appearance - Apache Foundation HTTPD server, or as we in the Debian ecosystem call it, the Apache webserver!
So, imagine a situation like this - Its friday afternoon, you have just migrated a bunch of web domains under a new, up to date, system. Everything works just fine, until... You try to generate SSL certificates from Lets Encrypt.
Such a mundane task, done more than a thousand times already... Yet... No matter what you do, nothing works. Apache just returns a HTTP status code 403 - Forbidden.
Of course, what many folk would think of first when it came to a 403 error is - Ooooh, a permission issue somewhere in the directory structure!
So you check it... And re-check it to make sure... And even switch over to the user the webserver runs under, yet... You can access the challenge just fine, what the hell!
So you go deeper... And enable the most verbose level of logging apache is capable of - Trace8. That tells you... Not a whole lot more... Apparently, the webserver was unable to find file specified? But... Its right there, you can see it!
So you go another step deeper and start tracing the process' system calls to see exactly where it calls stat/lstat on the file, and you see that it... Calls lstat and... It... Returns -1? What the hell#2!
So, you compile a custom binary that calls lstat on the first argument given and prints out everything it returns... And... It works fine!
Until now, I chose to omit one important detail that might have given away the issue to the more knowledgeable right away. Our webservers have the URL /.well-known/acme-challenge/, used for ACME challenges, aliased somewhere else on the filesystem - To /tmp/challenges.
See the issue already?
Some *bleep* over at the Debian Package Maintainer group decided that Apache could save very sensitive data into /tmp, so, it would be for the best if they changed something that worked for decades, and enabled a SystemD service unit option "PrivateTmp" for the webserver, by default.
What it does is that, anytime a process started with this option enabled writes to /tmp/*, the call gets hijacked or something, and actually makes the write to a private /tmp/something/tmp/ directory, where something... Appeared as a completely random name, with the "apache2.service" glued at the end.
That was also the only reason why I managed fix this issue - On the umpteenth time of checking the directory structure, I noticed a "systemd-private-foobarbas-apache2.service-cookie42" directory there... That contained nothing but a "tmp" directory with 777 as its permission, owned by the process' user and group.
Overriding that unit file option finally fixed the issue completely.
I have just one question - Why? Why change something that worked for decades? I understand that, in case you save something into /tmp, it may be read by 3rd parties or programs, but I am of the opinion that, if you did that, its only and only your fault if you wrote sensitive data into the temporary directory.
And as far as I am aware, by default, Apache does not actually write anything even remotely sensitive into /tmp, so...
I wasted 4 hours of my life debugging this! Only to find out its just another SystemD-enabled "feature" now!
And as much as I love kidding on SystemD, this time, I see it more as a fault of the package maintainers, because... I found no default apache2/httpd service file in the apache repo mirror... So...9
So... Had a burn out cause of overwork...
One of the bosses treats me like shit cause my education stops me to reply at his low level...
One white hair to make a complaint...
In Portugal if someone makes a complaint to the authorities the company gets a full inspection... I'm sad cause I love the owners... And they will loose most certificates... And that's lots, lots of money from a company that works with porche, ferrari, audi....10
I want to start an online course that teaches you how to ride a bicycle.
Just for the sake of satire.
Pretty sure it will get sign-ups and people will flaunt their certificates.4
Goddamnit, why does the iOS certificate system always fuck up for some unknown reason. Just from one day to another: nothing changed but none of the certificates work grrr2
So my Xcode was taking forever to archive and export builds. I opened keychain access and deleted all certificates and keys except the one distribution cert. there weren't many, must have been around 14, but that reduced archive time from 15 to 5 mins, and export time from 1.5 hours to 10 minutes! Yay!! :)3
Rant mode: The guy in charge of the database were working on cannot even add a few lines of data without deleting all the data in the table and reloading it using a wizard!
And he recently got a "Best D.B.A. Award"?!
This is why I don't trust those who brag about their certificates.3
I remember my colleague who was DevOps guy (15+ years exp) in our one very good project about kids' edutainment.
He always breaks things & blames others when only he had admin access of the tool.
When client was very much interested in Android app, our that DevOps focusing totally on REST API & ignored Android app related DevOps tasks.
Our Android CI/CD was not complete till project ended. Due to his stubborn nature we couldn't take benifit of automation testing.
You can't tell him how to do any task, if you tell then it will be taken by him as an insult to his intelligence.
He would waste his 2 business weeks to find a way to do that task, then he would do some frugal trick half heartedly then he will leave it. Still he wouldn't accept your help due to his ego & he would work on tasks which he likes even though they are of low priority.
He was hellbent on cost cutting so he reduced caching availability to save extra billing, now we couldn't had enough speed for even 10 users to show recommendation feed by API.
Due to this our client couldn't show demo to angel investors properly & didn't get funding.
I don't how with such a bad attitude, he could survive so long.
He had plenty of training certificates (Salesforce etc.) with very little practical knowledge.
God save people of his current & future projects.2
Anyone else ever had to install Jekyll on Windows?
Man, what a displeasure the last four hours were. SSL errors everywhere because Ruby versions have differing SSL certificates for downloading gems or something, having to install the devkit three times, messing with Linux Subsystem and finding out the Ubuntu repos do not have a new enough Ruby version to support what you're doing.
All this to have some fun with GH pages. It's physically exhausting.2
Do you guys have tips for job hunting while still employed? My current company doesn't allow sick leaves without medical certificates and doesn't allow simple "headaches". How do you guys make time for interviews?8
No experience with paid work yet, but for sysadmin work I'd mostly look at the environment and how the previous admin left the premises, and why they left. I wouldn't want to work with a bird's nest for a server room, that's got everything jammed into one clusterfuck of a god-function sort of server or something crazy like that. Separation of services, security, wire management, all those things matter because that's the state that you'll be working in, and cleaning up someone else's mess.. it makes my blood boil.
Payment is important, and if the job doesn't pay well, don't take it. Or if they place a wee bit too much value in those expensive pieces of toilet paper called certificates, it denotes incompetence from the employer by being unable to gauge your skills on their own (and I get that there's time management involved, but come on.. how long can it take to have a conversation with someone to gauge what their skillset is). But the working environment in particular is of vital importance. If it's all going to be yours to build, great (and don't you dare to half-ass it -_-). But if it's already been partially done by someone else, they'd better done it well.
I need to add a certificate to an Apple ID. First time doing that - should be no trouble.
> Open Xcode
> Xcode --> Preferences... -> Accounts
> Select the correct Apple ID
> Manage Certificates...
Hmm. What's this '+' button?
> Clicks the button
> Categories show up - no descriptions for their use beyond names. Maybe if I click one?
> Clicks arbitrary category
> Immediately creates a certificate and adds it to keychain
> Can't be removed from this window
> Must be revoked from Apple's portal and then deleted
I feel dumb.3
I hate developing for iOS. So many certificates here and there for simple things. And to top it all off, sometimes, you get people reviewing your app that say you can't upload to the App Store for stupid reasons. Does anyone feel the same way?10
"Have you tried regenerating your provisioning profiles?" Say it one more time mothefucker I dare you I double fucking dare you.
So the story. I got a job as an Android developer in a consulting company. I didn't have any certificates and even degree. Just some easy apps on Google Play which I created to combine learning and practice. After 5 Months I got my first client project and company gave me a senior with 6 years of experience so he can teach me. That guy is a complete shit and I have to teach him how to do stuff. So I am doing the most worm in the project. Sometimes I don't even manage with my tasks because I have to fix his code and explain him why so and when it won't work. As a result, the client subestimates me. Makes me work harder and I have 10$/h and him 60$/h. What shall I do ?3
That moment when something works in Internet Explorer/Microsoft Edge but doesn't work in Chrome or Firefox...
On the left is Chrome, on the right is Internet Explorer.6
Well it's a bit long but worth reading, two crazy stories in one rant:
So there are 2 things to consider as being my first job. If entrepreneurship counts, when I was 16 my developer friend and I created a small local music magazine website. We had 2 editors and 12 writers, all music enthusiasts of more or less our age. We used a CMS to let them add the content. We used a non-profit organization mentorship and got us a mentor which already had his exit, and was close to his next one. The guy was purely a genius, he taught us all about business plans, advertising, SEO, no-pay model for the young journalists (we promised to give formal journalist certificates and salary when the site grows up)
We hired a designer, we hired a flash expert to make some advertising campaigns and started filling the site with content.
Due to our programming enthusiasm we added to the raw CMS some really cool automation: We scanned our country's radio charts each week using a cron job and the charts' RSS, made a bot to search the songs on youtube and posted the first search result as an embedded video using some reg-exps. This was one of the most fun coding times I've had. Doing these crazy stuff with none to little prior knowledge really proved me I can do anything with the power of will.
Then my partner travelled to work in an internship in the Netherlands and I was too lazy to continue it on my own and it closed, not so surprisingly for a 16 years old slacker boy.
Then the mentor offered my real first job. He had a huge forum (14GB of historical SQL) but it was dying, the CMS version was very old and he wanted me to upgrade it to the latest. It didn't seem hard at first, because there were very clear instructions in the CMS website on how to do that. However, the automation upgrade scripts didn't work well because the forum owners added some raw code (not MVC plugins but bad undocumented code) and some columns to the SQL tables. I didn't give up and decided to migrate between the versions without the scripts. I opened a new CMS and started learning by heart all of the database columns so I can make a script to migrate between the versions. The first tests ran forever because processing 14GB of data on a single home computer is not a task meant to be done. I didn't give up. I made an old forum and compared the table structures and code with my mentor's. I think I didn't exhaustively finish this solution, the task was too big on my shoulders and eventually I gave up. I still owe thanks for that mentor for teaching me how to bare with seemingly (and practically) impossible tasks, for learning not to fear from being a leader and an entrepreneur and also for paying me in time even though I didn't deliver anything 😂
So in the last 2 hours I felt both frustrating and happiness, because of Xcode and code signing.
So what I did yesterday was removed all the Xcode certificates on my keychain because I had major issues getting the newest version of the certificates despite have auto signing enabled.
Without much notice until going to send the iOS app today through Fabric I came across an error while uploading the newest build :/
Googling it I found the same issue on stack overflow with only two answers one being fastlane, which just automated the process to the same error LOL
So anyways I found the solution and was quite happy about it :D I had to go to the apple developer website and download the right certificate DESPITE the auto signing ...
Anyways uploaded and done!
Also added a stack overflow answer in regards to it, I hope it helps someone out.
Oh and I emailed fabric to ask for help and 30 mins later emailed them basically saying NVM fixed it! Lol
Fuck you Xcode lol
Do online courses/certificates actually mean something to companies/universities?
Coursera courses? OpenClassrooms? Stuff like that.6
Project configurations... why, for ffs, whenever i come to old project i need to deal with configurations, build systems, certificates, project settings. I want to write code not dedicate my life to Maven and making directories by hand for Android Flavors.
In last episode of "How SystemD screwed me over", we talked about Systemd's PrivateTMP and how it stopped me from generating SSL certificates.
In today's episode - SystemD vs CGroups!
Mister Pottering and his team apparently felt that CGroups are underused (As they can be quite difficult to set up), and so decided to integrate them into SystemD by default. As well as to provide a friendlier interface to control their values.
One can read about these interactions in the manual page "systemd.resource-control"
All is cool so far. So what happened to me today?
Imagine you did a major system release upgrade of a production server, previously tested on a standalone server. This upgrade doesn't only upgrade the distribution however, it also includes the switch from SysVInit to SystemD. Still, everything went smooth before, nothing to worry now then, right? Wrong.
The test server was never properly stress-tested. This would prove to be an issue.
When the upgrade finishes, it is 4 AM. I am happy to go to bed at last. At 6 AM, however, I am woken up again as the server's webservices are unavailable, and the machine is under 100% CPU load. Weird, I check htop and see that Apache now eats up all 32 virtual cores. So I restart it, casting it off to some weird bug or something as the load returns to normal.
2 hours later, however, the same situation occurs. This time, I scour all the logs I can, and find something weird - Many mentions that Apache couldn't create a worker thread? That's weird.
Several hours of research and tinkering later, I found out the following:
1 - By default, all processes of a system that runs SystemD are part of several CGroups. One of these CGroups is the PID CGroup, meant to stop a runaway process from exhausting all PIDs/TIDs of a system.
This limit is, by default, set to a certain amount of the total available PIDs. If a process exhausts this limit, it can no longer perform operations like fork().
So now, I know the how and why, but how should I solve this? The sanest option would be to get a rough estimate of just how many threads the Apache webserver might need. This option, though, is harder, than apparent. I cannot just take the MaxRequestsWorkers number... The instance has roughly double the amount of threads already. The cause being, as I found out, the HTTP/2 module, which spawns additional threads that do not count towards this limit. So I have no idea what limit to set.
Or I could... Disable the limit for just the webserver via the TasksAccounting switch. I thought this would work. And it did seem to... Until I ran out of TIDs again - Although systemctl status apache2.service no longer reported the number of tasks or a task limit of the process, the PID CGroup stayed set to the previous limit. Later I found out that I can only really disable the Task Accounting for all the units of a given slice and its parents.
This, though, systemctl somewhat didn't make apparent (And I skimmed the manual, that part was my fault)
So... The only remaining option I had was to... Just set the limit to infinite. And that worked, at last.
It took me several hours to debug this issue. And I once again feel like uninstalling systemd again, in favor of sysvinit.
What did I learn? RTFM, carefully, everything is important, it is not enough to read *half* the paragraph of a given configuration option...
Oh, and apache + http/2 = huge TID sink.1
How would you explain SSL, certificates, and CAs to a layman?
I just spent 30mins trying to explain it to them in a chat (related to Mpngo driver configs and the sslValidatrle flag), they sorta went silent on me so not sure if I explained it or understood the roles/purposes correctly...
One example I used was it prevents a man in the middle attack where your connection gets rerouted to another server. If the CA didn't recognize the cert the new server replies with then it rejects it and prevents the attack.7
What makes free ssl "Unsuitable for e-commerce websites", Please read to end to see my view point.
Free Certificates are domain validation only which means they don't certify the identity of the website owner, they simply ensure a secure connection. Customers can't be sure of the integrity and trustworthiness of the website owner. If you need to secure credit card and personal information on e-commerce websites, free certificates aren't the answer. It's important your customers trust your business is safe enough to hand over these details. To gain this trust, you need a certification of your authenticity, which you can only get with a (paid) Business Validation or Extended Validation SSL Certificates.
* "To gain this trust, you need a certification of your authenticity"
~ But isn't that just Domain Verification and other Extras, What justifies somebody or business's authenticity? Tax Id, Valid Address, Nobody is going to study the ssl cert to make sure that amazon.com is a valid business and has a tax Id.
* "domain validation only which means they don't certify the identity of the website owner,"
~ Wouldn't this just be the domain validation test that is required when using services like LetsEncrypt using Certbot etc, or are we referencing back to this idea that they look for a Valid Tax Id sort of thing?
* "If you need to secure credit card and personal information on e-commerce websites, free certificates aren't the answer"
~ Why is the paid version going to do double encryption, is the CA going to run a monitoring tool to scan for intrusions like a IDS or IPS? (disregard the use of DNS Validation being in the picture)
Am I missing something, this just seems like well crafted text to get people to buy a cert, I could understand if the encryption was handled differently, Maybe if they checked the site for HSTS or HTTPs Redirect or even, They blocked wildcard SSL before and now with the paid its included, but overall it doesn't sound like anything special. Now I'm not just picking on namecheap because domain.com does the same.14
How do you prevent your software being vulnerable to IP address spoofing? Authentication? Certificates? VPN? Nah, just check the MAC address field of every packet. Nobody ever spoofed a MAC address before, that's just impossible. I thought that in binary there were only ones and zeros, but I guess nobody told me about the special tamper-resistant ones and zeros that MAC address fields are made of.
Oh, once you've done that, don't forget to tell the marketing people to put it in a brochure as an "innovation" for everyone to see.
I should post more of the crap the idiots I work "with" (quotes, because I am only here in body not mind) say. Especially when it comes to network stuff.
I mean, seriously? Skipping over the line that disables certificates checks... Did you forget where the button to run the build is?2
Why do people even care to get Microsoft Developer Certificates?
Like, getting Indian citizenship is a little bit faster..2
Wowza..... Security certifications get expensive! Gonna have to spend half the week writing one hell of a business case for the certs my team needs!2
var rant: QuantumBool = PartlyTrue
So now I think I've got everything in my app right.... But I can't test it because ***** xcode doesn't create a **** certificate so I can deploy it to my phone (it uses motion sensors)
I deleted all the certificates of developer from the keychain because of a bug and now I **** can't deploy my apps for testing....
Please, does anyone know how to reset the icloud keychain to absolute nothing?7
My LinkedIn became full of senior developers while none of them have the basic qualifications to become a junior developer in a rising startup.
Now may I ask how many coding hours do developers need to move from “junior” to “senior”?
Is there an organization that gives those certificates?
Who gave it to you? Who promoted you to “senior”?
Can we stop feeding our egos with fake titles and live a little bit in the present?12
I guess all of you know udemy.
Can anyone tell me whether HR actually gives any shit about "I finished an udemy class"-certificates?
I like udemy. To get into a new language or something like that it's pretty cool (if you are ok with paying for things you can find on google, too). But somehow i don't trust their certificates. Do they make you look like a fool if you put them in your cv? Or is it a prove of "see how engaged I am"?4
So a few weeks ago my colleague needed to generate some self signed certificates for our web application, we're working on.
I've sent him some instructions on how to do that. No big deal, few terminal commands.
The only trick was the commands were written for linux and we're using windows.
So... my colleague calls me, having some issues with certificates. He explains to me what commands he managed to execute, etc. There was also command "sudo" included.
He inputs the command to terminal and... terminal eats it?! Wtf?
So long story short he managed to install "sudo" for windows powershell terminal :D. It basically just gives you some UAC popup confirmation dialog and then executes the command.4
Work is slow these days.
I am done with the projects.
Everyone's away for summer.
I cannot do/install stuff because I don't have admin rights in my machine.
I cannot view all the webpages due to netwrok policies/certificates.
I am waiting for time to pass and go home.
I just don't understand how people can be so careless with security. It's like every other fucking day you about 150 billion email address, SSNs, birth certificates, credit cards, private messages, you pet's medical records, and your personal DNA are fucking leaked and the best we got are "what street did you grow up on" to reset a password.2
Docker with nginx-proxy and nginx-proxy-le (Lets Encrypt) is fucking awesome!
I only have to specify environment variables with email and host name when starting new containers with web servers, and the proxy containers will automatically make a proxy to the new container, and generate lets encrypt ssl certificates. I don’t have to lift a fucking finger, it is so ducking genius2
Trustico CEO emailed private key which is used to sign TLS certificates, making more than 23k certificates compromised!
This makes me think, that we should not trust others for our security (like ca), failure of CA can put our website at risk. What is the better way to do it?
Got my “Certificate” for SQL. What do you think? I have a few other just not sure if this means jack squat despite it being a free “certification”.9
Does anyone else feels that LinkedIn is a kind of professional trash? Majority of users there are just for posting out their certificates and to but buzz words in their bio.15
Omg, freaking web sockets.. But I figured out how to run a socket server in SSL with the certificates in a root folder. Seems like an early night for me!
When your Comapny uses way to many certificateS, .p12 and .msc files so Everyone's local breaks after each package release.... It's like building a house of cards on a windy day
Is it worth having a personal site/portfolio if you aren’t a freelancer?
I asked on LinkedIn and the response was that personal websites are a bit 90s.
I am, slowly, making a github pages site, and I know no one is really going to be interested in my thoughts on certain topics etc, but I felt it would be a bit more attractive than just a link to my github account.
Do employers care about portfolios/github accounts etc? Or are the only interested in CVs and certificates?
If it’s the latter how do you demonstrate your skills, especially if all of your work is proprietary?2
Apple and its bundle identifiers, APN SSL certificates, provisioning profiles and review process just took a 5 hours of my life.2
TL;DR: New(-ish) dev looking for advice to improve workflow and new languages. Hopefully worth a read though :)
I want to learn more, technically-applicable languages.
My setup is barebones (to a Linux diehard's eyes), with a gaming laptop that I do a lot of workstation stuff on, an RPi 3 B that I do some Linux-y stuff on, and a less-powerful Development Laptop (that I call a devtop) that I occasionally do work away from home on.
I'm sure most will cringe and weep at my workflow, as I use Windows 10 on both systems and the standard NOOBS software on the pi, and I use Brackets as my text editor, as well as the XAMPP AMP stack for testing.
My biggest questions are what could I do to improve my workflow, and what languages should I learn/apply myself to for real-world application (such as Node.js for live-updating server-side applications or C# for Windows applications)?
Thank you for taking the time to read this, any feedback is helpful! I'm just a high school student with a lot of enthusiasm for development!6
Why is Docker + SSL certificates so confusing? Or do I just have bad resources?
I just want to know how to compose an Docker, Nginx setup with encryption.11
When you have to work with functions clearly no one gives a fuck about... because who needs documentation... like... 2 decades later!? Oh yeah sure it might change tomorrow...2
Which one should i get first?
- Comptia a+
Im at it academy , linux administration.
And can i get a job i US as foreginer with some of these certificates?5
Kazakhstan Government issues certificates for MITM attacks on the public. WTF !!!
FUCK YOU APPLE. I am trying to build an ionic app. Generating the certificates to fucking sign a DEVELOPER BUILD of an apple product is more pain than I thought possible. Does not help i dont own the apple computer i am trying to build on.
I just came home from opening of the fiscal year of a small drivers' club and it was quite an amazing life experience.
I got about a 5-times "rise" for a first, small, post-due-time project.
All of the members were so relaxed in one of the most serious moments of an association. We ate, drank beer and had as much fun as possible without break the law and other rules.
The story goes like this:
I was an intern in a website development company as students tend to do. In middle of the internship my teacher asked me if I'd be willing to develop a website to the before mentioned organization.
School will help with the money by being as a middle-man. It wasn't going to pay much, about 120€ or so, it's nothing really for the job, but I said yes for the experience. We organized a meeting, school provided the space, and went straight to the business.
The development went quite well: I got the final design requirements late (there weren't too much), research a lot about CMS:s, ended up with a beta version CMS (a risk), learned it, developed some plugins (not published yet), kept copyrights for most of the work and so on.
I was done _relatively_ quickly with the project and was quite happy with it. Only things still pressing my mind was bugs of the beta CMS, support for the plugins and my somewhat inexperienced graphical design.
Then it hit me, the world. Hosting, domain transfer, certificates, registry agreements. Arrgh. Most of things were fine, I know them. I had luck that I had a technical contact for the club. It would have been a nightmare of it's own otherwise.
We had problems transferring the domain, again, as you do. The other hosting company was to blame. They were the n00bs here. I went trough the law, technical guidance, etc. I was having heavy messaging with my technical contact about it, who was a middle-man for me and the hosting firms.
After a long while loop of waiting, reconfiguring, researching and messaging, until he transfer was finally over.
We had a long while of radio silence after some bug fixes. Until the Christmas came and I was invited to a Christmas party in a cottage, third Christmas party that year. It was great fun. We ate, drank, talked, went to sauna and had a playful adult stiga or sledging competition, etc.
I updated the site yet again, a stable version of the CMS were published. Yess!
Another radio silence came and year changed. It was broken off by a call to the opening of the fiscal year, the same day. This is today, or yesterday by now. This was just after my current company's board game night. I was really busy that day. A whole afternoon of second-hand shopping around the city with a bike. I counted 35 kilometers. Yes I go by bike, don't own a car or have an driving license... Yet.
I wasn't horribly late, around 30 minutes. I started eating and drinking. Free food and beer! They was also late, they should've got trough the business before I got there, before eating. So I ate and listened. Learned more about having business or an association in general. Until my matter came to be heard. They thanked me of the co-operation and made public the change of my reward sum, I WAS GRANTED 500€ REWARD for the work. It's still not an amazing sum in a larger point of view, but I can imagine that it's big deal for a small non-profit organization, which was loosing money. Everybody applauded, every 25 members of the club. I was greatly pleased. I will have to update their site a bit still, but they are going to pay the reward ASAP.
Did I mention that the school works around the taxes, legally. Taxes for the reward, if it were assumed as a wage would be 15%, for me, at the worst case scenario, only for getting the money to my hands.
I was offered another gig at the event, but didn't promise anything yet. I left before sauna, so we didn't get to change contact details. He will find a way to reach me if he really wants so. I'm a busy free man.3
I am sitting here fixing some asshole's fuck up (he went and fucked around with the certificates on the Sonic Wall - now DPI SSL doesn't work anymore and people are wondering why things aren't working as they used to).
I have been offered an opportunity to work in a place that is about 1000 miles from where I currently work. The pay is a bit better, and I get benefits (like health, pension, etc - where here I don't get shit).
The issue is that my family and what not are this side. They are begging me not to leave. They don't know that I have been considered for the job.
Not going to lie, the last time I moved away, I nearly died because I have a family to support, and I was porting all my funds back to them (yeah - the one who cheated).
I am anxious as fuck, and today I have an interview.
I don't know if going is the right thing to do. There is so much opportunity, and I might stuggle for about a year - but is the struggle worth it.
I cannot take it where I am now. They appointed a new guy, and he is monumentally fucking everything up. He also doesn't shut up. Even if you ignore him, or tell him that you are busy - he just goes on and on talking. Fuck my life.
Anyways, will see how things go - I don't know what is right - perhaps it will come to me.
I'll let you guys know what happens, not that anyone might directly care - which is fine.
Time to go fix CA, and then code until I die.1
So I am in a dilemma right now... I have like two lifes right now: One the one side I am a student in applied computer science and on the other side I am already working in a Dev company and as a freelancer. Compared to my work, university is boring as hell. I would love to just skip university and start my own company with my other freelancer friend! We already have some clients so we would have a good start. But many people, like my parents for example, told me that need at least degree to achieve something in life. I told them that I would try do earn some certificates (like Cisco) but they are still not happy with this idea. So I would love to hear your opinion guys... Do you think that a degree is absolutely necessary? Thanks in advance!5
How do you bribe *cough* "thank" your character references?
I know a few people who vouched for me in the past without me asking for it and a few others that I asked for permission to list down in my character references. Most of these people live in different cities, companies, and some are even in different countries so the usual "I'll treat you to dinner and fuck your brains out." wouldn't work.
Kidding aside, do those online gift certificates make decent gifts? I'd love to have an excuse to stalk someone, see what they like, and have it appear at their doorstep but that might be too much unless I can make a lantern out of them.
I'm thinking that a certificate for several orders of coffee in a decent coffee shop would be a good choice since that's the common denominator of all the developers I worked with - coffee love.
What's your thoughts on the newly released .app tld? Is it going to be the new .io?
It also seems like Google provides TLS certificates for free to all .app domains. I know there's let's encrypt but I still think that this is great. Google is really pushing a more "Secure" internet.
Freelancers/self-employed IT-consultants, how much do you charge per hour? Also, do you have any certificates or other things that boost your pay?1
Was telling my colleague that I was busy working on regenerating puppet certificates. She asked if I was gonna buy new ones. Made me wonder if there were for a minute. She genuinely thought that we had to buy puppet certificates.
Google are giving t-shirts with certificates now lol. Maybe they need to start adding phones to attract people to their data centers.3
Here in devrant I often hear about tech companies taking awful technical decisions (e.g. https://devrant.com/rants/2162692/... ).
My question is: do this companies actually have success with their products? Or is the tech world full of huge failures we never discover?1
Since Electron is getting some well deserved flak, I think I'll add my two cents.
Why in the actual fuck can it not proceed any way to allow us to USE OUR SELF FUCKING SIGNED CERTIFICATES.
Yes, security hole, but for messing about with new software, I'm not going to pay a CA for a certificate so I can put it on a server that only I and a few select individuals use!
At least give us a usable frontend for allowing our self-signed certificates so I can use my fucking server!1
What the.. Apples member center (for managing iOS dev certificates and profiles) keeps crashing the whole Safari.
Safari restarted three times in 5 minutes now..?!
Appears to be some strange way of self-irony when the browser's developer builds a site provoking a quite critical bug though... x)
I've had my site up and working for a few months now (still need to finish building it properly the template project is still half default lol) but because I setup the Nginx server on a digital ocean droplet myself using both for the first time ever I obviously made some mistakes. It was up and running though just always spouting 'nginx: nginx: [warn] conflicting server name "jessiejfoley.dev" on 0.0.0.0:443, ignored' whenever I 'nginx -t' or 'java.security.cert.CertificateException' on this server monitor app I have on my phone
But it was up and ssl seemed to be working so I ignored it
today I learned about https://sslshopper.com/ssl-checker...., which told me my intermediate certificates were not functioning properly, I was bored today and didn't wanna be too productive (else boss expects the progress I've made this week every week) and decided to finally go through and see about getting everything fixed properly starting by reinstalling the certs and double checking my commands.
2 hours later I still can't fix the cert errors so I decide to focus on the conflicting name error. Go through the nginx directory cleaning anything non essential or things I put there while trying to figure out how to get it up originally (learned as I was going lol bad practice I know, but it's just a practice site that'll eventually be a portfolio when I feel like making it properly and investing an adequate amount of time)
as soon as I get rid of jessiejfoley_dev.save.3 inside /etc/nginx/conf.d (my actual site is in sites-enabled) my server monitor app stops reporting the cert error and when I check the ssl checker everything is properly working now.
so the easiest problem to fix was actually the cause of all my problems. I'm and idiot and this shows I still have a LONG way to go to actually knowing what I'm doing at all.1
So, I manage my server with docker containers (nginx-proxy and the letsencrypt-companion). I limit access to some subdomains using basic auth, but I want to use client certificates for convenience.
So my questions to the experts:
1) Do you know a good (and convenient) way to manage client certificates ? This should include revoking certs and allowing specific certs only for specific subdomains.
2) Should I use my letsencrypt CA for this or would a self signed CA better suited?
3) Any things I should be aware of?1
So.. I spent some non-trivial time trying to call a soap service via SSL in a java application struggling with SSLHandhakeException. I tried quite a few things with the certificates, none of them worked.. until we found out, that I added the right certificates to the truststore of the WRONG java :-/
Conclusion: when working with java cacert files, run
first (you can thank me later).4
WTF with Linux foundation?! I mean seriously, are their certificates (LFCE -LFCSA) valid for 24 months and do they need renewal?! WHAT THE FUCK?! Does anyone of you know what is this shit or correct me if I'm wrong.2
I have a weird problem ...
There’s an existing swift app, with Apple sign in implemented and working.
When I took over I had to revoke app certificates and create new one. Since then the Apple sign in stopped working.
I’ve tried clean rebuild etc , even tried renewing old profiles with the new cert but nothing is working.
When u do Apple sign in it says “sign up not completed” with no error msg.
Old dev says it happened last time when cert/profile was changed but fixed on proper rebuild. Not fixing for me.
Anybody else faced this?5
Why are so many websites' TLS certs broken? This month I've come across at least four different websites with cert errors that I've tried to email the webmasters about. "Tried" - the fourth has only twitter as a contact point and "can't be messaged". None of the other three have been corrected, although I received responses from two claiming they'd look into it.
And that's not even counting the ones I've seen that I didn't care about enough to contact the webmaster.11
I just signed up for the preparation course for the Offensive Security Certified Professional (OSCP) certificate. Does anybody have experience doing this course? or has maybe some tips for the exam? or any learning suggestions?
I‘ve decided not to get a CEH certificate because its just too theoretical, the OSCP is way more practical and i think there is way more to learn from this course/exam1
Working my way through more freeCodeCamp projects... I will earn all the certificates on that fucking platform, by all means. Fuck, I love code.5
So after 2 days of struggling I've officially given up, I feel so fucking angry and sad at the moment I can't even describe.
For some solutions to work I need SSL certificates.
the closest I could get was $(iframe#youtubeiFrame)['content'];
This leads to the youtubeIframe root #document but I am unable to access that DOM
Next task, to configure another IDE except Eclipse for Demandware.
$options = array('Aptana'=>'IDE','IntelliJ=>'IDE','VSCode'=>'textEditor');
- Stay relevant in technology
- Keep working from home and writing code
- Try to finish some personal projects
- Post more content online
- Print more 3d stuff
- Learn Blender
- Gain CKA k8 certificate and some other cloud related certificates
- Try to find one more nice remote client
That’s more on less everything related with dev / computer stuff.
I am burntout because my last job (which i quit, you can read the drama at my profile)
So, now that I am unemployed and in lock-down I want to learn new things, but idk where to start.
I want to try python (I am mostly did backend stuff, with java and node). And I want to see if i can do backends with it. Idk where to start, there are certificates on it?
I always wanted to learn about security/ pentesting (more for curiosity than anything), again, idk where to start or where to get a course/certificate).
Where to start with devops? I have no clue about front-end either...
So, any advice? Right now I am a bit lost about... well, everithing and need to do things to keep me bussy.
Thanks and sorry if my english is not perfect, It is not my native language.4
What do you think about certificates? Do you have one (or two :))?
Does it helps you in your developers career?12
Hey guys, I want to do a cyber security career. For me it's the most interesting field in CS. How can I get started? Is it worth to do some online courses where you get certifications (asking this because they are kind of pricey). I'm a QA Tester with 1 year of work experience, don't know if I should just apply to jobs or acquire skills/certificates first. Thanks for all the incoming answers. :D5
Nessus SSL authentication through Kali Linux is next to impossible. I generated certificates through terminal and I still get error "SSL received a record that exceeded the maximum permissable length" (in Iceweasel).
Tried importing certs into separate Firefox browser and now just SSL handshake errors.7
Any tips or advice for a CCNA beginner? ^^'
About how to learn the most effective or maybe even something else? :P2
In my lieu of female interns and employees they target more on getting proof of their knowledge (certificate or some kind of letter) while males generally don't care about certificates and stuff, they just wanna learn. Has anyone ever seen things like this?2
me: FE in work, but doing fullstack on my passion projects and somewhat confident on small VPSs - heck, I have a beard, I can do server stuff :) - migrating a WP site that just wont work, copied everything, didn't work, used a migration tool, didn't work, always getting "Connection refused"... must be something with the SSL certificates.. 3 fckn days passed by and nothing when I stumbled upon a forum post with similar issue where the guy stated: I tried all the obvious like copying files, db, certificates, enabled ssl on apache... then it hit me, this is a new installation, I didn't enabled SSL in apache sudo a2enmode ssl restarted apache and BOOM everything is working
part of me was like how stupid you have to be - but the other part is like I guess I learn something every day, this is how you migrate a WP site with the domain #IloveIT
What is your opinion of having a LinkedIn profile with such details? Will it help or will it hurt? For me, I think it's too much.
Please remain civil and no troll attacks.3
I've got a somewhat special issue with my setup.
I am running an instance of `lucaslorentz/ caddy-docker-proxy` as proxy that handles certificates and request and proxies them to docker containers that run `abiosoft/caddy:php` to host Laravel based applications. The problem is, that the `abiosoft/caddy` containers do not know it's assigned hostname and thus Laravel's `asset`, `secure_asset` and `url` respectively `secure_url` don't work as they use the internal hostname which would be an IP address and thus requests go to 192.168.240.x instead of example.com.
I am not yet entirely sure where I should tackle this problem and am grateful for every hint.
I am currently also evaluating traefik instead of Caddy-docker-Proxy and Caddys v2 official container instead of abiosoft's Caddy v1 container but I guess, that this wouldn't solve the issue as the container still wouldn't know that it's given Domainname is example.com4
Today I got a long term contract at the company I have been working at for the past two years. We maintain and develop an open source java based framework, basically you write XML to configure components (pipes, receivers, senders) in Java to build a pipeline which usually functions as a backend service. We also do implementations of the framework for our customers.
Im in a position where I my main task is applying the framework which is writing XML or skyping people at the client office to chase them to fix their server settings, please create a database for us (each time different, sometimes we get a manager user sometimes the regular user can do everytbing), create NPA's, execute queries in ACC environment or ask them why 5/10 we get an error 407 pro,y authentication required ffs
My salary is increased aswell and they told me before that I am one of the five developers in the company (20~ devs) that they want to keep costing what it costs. Management also told me they are looking to bring out something like shares or certificates for those five dev's!
Sounds pretty good right? Actually im really happy about those things but I feel like management managed to keep me in the company whilst my dreams are saying to travel around the globe, do projects wherever I am and if I find a nice place to live ill stay there.
What would you guys do?
Would you try and find a way to chase your dreams and travel/live around the globe or invest your time and effort in growing the company?1
Fucking dot files...
Written a deployment script to reduce the amount of another dude's fuck ups when updating code on the server. Apparently the website executable automatically generated TLS certificates (let's encrypt) and placed them into the local hidden folder.
There is a limit on how many certificates a single domain can generate so... The website is down...7
Anybody uses DigitalOcean Kubernetes? Having some issues with certificates expiring, and can't access the nodes :/1
Do certificates shared on linkedin ever work? For HR and senior developers who interview, does anyone have solid idea?8
Hello fellow Ranters, I need a little help.
I am trying to get a software signing certificate from CAcert.org, which provides certificates free of charge. However I am having questions about how reliable these certificates are. Does anyone here know more about this than I do? Thanks. 😸5