HTTP response code cheat sheet
(From /r/Programmer humor)

When a website uses https but stores passwords in plain text...

I know people who need this!

When you're about to do a payment and the payment form is loaded without an SSL connection/certificate... Come on, it's 2017...

Wait, what??!

"Using HTTPS is only useful if your page has a login. Just use HTTP."

All day trying to configure https with nginx.
Then I see this

Clearly Mozilla is the villain here for prioritising privacy and personal freedom over censorship, control, and surveillance. Oh, our parental controls don't work! WON'T SOMEBODY THINK OF THE CHILDREN! wtf

If you are poor you don't have the right to browse the Internet through https

TGFLE - Thank God for Let's Encrypt

I respect what they're doing, and the certbot they offer.

I made a web app team mad because I'm forcing them to implement HTTPS on their huge website made of sticks and stones.

NO REGRETSSS

!rant

Pornhub goes completely https

Developers should be proud.

Back in these days

10 year challenge

Hey girl are you https cause without you I'm ://

Saw that on the company website.. to lazy to use URL-Rewriting, just did that *OMG*

Weekend projects are fun! Although front end is still a challenge, it looks good enough.

Suddenly got the idea to do something with letsencrypt/nginx wildcard subdomains (*.example.com) so created a project around that now through which you can check what your ip address/user agent/operating system/ip version is (maybe more to come) but due to the wildcard part you can enter quite a number of subdomains which all show the related info.

I'd find it very useful myself, not sure if other people would but oh well!

Are you a protocol? Because you're kinda ://

A few days ago a friend of mine asked me to teach him to code. When I wanted to know which language he'd like to learn, he hesitantly replied "https".
Then I explained, this was a data transfer protocol. His next idea was "http". 🙄

Guess who will learn Python

Let's Encrypt-- Opinions?

Looking thru some old code, i lol'd

0,1... 10

Which one is you???...I am some where in the middle 🤓🤓🤓🤔

Is there any excuse for NOT having a HTTPS connection nowadays?

My university has so many unprotected subdomains that we're supposed to use and LOGIN ON that are not protected. Although these login forms are https protected the rest is not and seems sketchy.

About browsers and whole SSL CERT thing...

Most likely everyone here noticed, that https site with broken certificate will throw these big red warnings, in your face and there is so much wording like "ITS NOT SECUREEEE" or "ITS HACKEDDD" almost like it was written by passionate fanatic.

But when you are on plaintext http browsers reaction is like ¯\_(ツ)_/¯
Even if you have plaintext with password, it will for example in chromium put small little red thingy that almost no one notices.

I believe that broken cert with some error like invalid date is MORE secure than plaintext password, yet still there is this hypocracy with browsers...

I dont say that broken SSL cert is good, or something, Im just pointing out contrast of "broken" https vs plain http.... One looks for casual Joe like end of the world is coming and second is bearly noticable. Da fuck?

I disagree with this approach

so yeah let's have conference about security but its perfectly fine to have registrations over non-secure connection!

!rant

In july chrome will mark all http-pages as not secure and firefox will follow.
Worst of all, those insecure pages won't be allowed to access the microphone and other features any more. What will i do in cafes now?

Every monday is like this..

Why is it HTTPS instead of SHTTP. I mean, apple doesn't call it the Phonei. Oh wait, just looks at "SHTTP" again... now I know why.

Redirect that crossed my path today

Finally stopped procrastinating and setup my personal site with HTTPS!

Why didn't I do this ages ago?

Finally convinced the IT at my University to disable their badly-deployed HTTPS inspection.

So bad even the employee laptops in the domain didn't have the certificate (and the students got it on Google Drive a week later).

I feel great.

Do you git clone with ssh or https and why?

I am thinking about using ssh just based on my own research, though you guys may have a your own reasons.

Well that explains it. Don't try and rush em.

FUCK YOU YOU SHITTY COCK SUCKING BITCH MOTHERFUCKER.

GO DIE IN A HOLE THEN GET RAPED IN HELL. I REALLY HATE THIS SHIT.

FUCK OFF GOOGLE.

@Artemix
Your cert expired. Please renew it ;)

I wonder why StackOverFlow has decided not to use Https.

Firefox developer fucked up this morning my development after the update -_-

The fucking "Enhancing Tracking Protection" was on a local Wi-Fi IP address(192.168...) which automatically redirected to the https of that IP, but I did setup kestrel to listen on HTTP, which resulted in a nice "Cannot enstablich a secure connection(and suck it up because ¯\_(ツ)_/¯)"

Fortunately it's easy to get rid off this cunt, just go on the shield nearby the address and disable that motherfucker.

ps: sorry for the lil rage, my morning train trip development brain cells should not be bothered by this automatic technical troubles

Further question to the Firefox developers:
WHAT THE FUCK are you thinking when you force developers to automatic HTTPS redirection when you should know more than anyone that development is 360deg(and not 90 like your mom)

So, have you all got your HTTPS protocols in order yet? Aren't you existed about the future?

Sincerely, Google

Just realized ebay is an http address. Looks like I won't be using them anymore...

It took me an entire hour to figure out why my https gave me a Connection Refused error in my browser. Apparently I had configured port 433 to be published instead of 443, another hour wasted.

When you’ve been warning of how much stuff needs work to support TLS1.1 depreciation but now all that stuff broke because he had you working on a bunch of other random less important stuff. Now he is saying back to me the exact things I said to him about why we needed to work on this stuff months ago.

in firefox...

when you hit a site with a 'bad certificate'

why is the default option to permanently add it? -.-

The Get method always feels lonely because it has nobody😅😂

letsencrypt I love you!

For my local dev, set up my own root CA, added to trusted root CA in my machine, generated a cert for my local domain, signed by my own root CA, but the behavior is different across browsers:

Can someone help in making Google Chrome padlock green or grey (not red)?

You win this round SQL.... but I'll be back... and when I do I'll get this stupid join and concat to work the way I want. YOU'LL SEE SQL!!!!

...If I ever buy an SQL book like I keep talking about...

-deploy not entirely janky but also not ideal solution-

Hey Guys
Linux VPS + Apache2 + https
I'm a noob in Linux, got my VPS live, but I'm serving http... Even if my page doesn't save even cookies It will marked as unsecure.
Is it possible to config Apache2 to serve https?
Thank you
PS.: Googled and got nothing special, only info about Apache2

Whoo! I like the new Devrant theme for desktop! Great work guys!

Do you still charge your clients extra for HTTPS being it’s practically a requirement now for SEO purposes?

Debugs SSL setup on server for hours... Realises incoming on 443 was not enabled!! FML

Reading "duh... that link looks sketchy" time after time when attempting to nudge people in the direction of good resources, e.g., on-line manual pages, becomes rather irritating. Is typing the URL into VirusTotal or something really such a fucking hassle? Are you sufficiently special to warrant the creation of an IP grabber which is dedicated to targeting you... AFTER you posted your exact location on Instagram last week?

Similarly, some pants-shitting, worm-eating troglodytes who have the gall to claim to know anything about cybersecurity STILL think that for all Web sites k, that k's URL begins with "https" implies that k is secure. NO! Unencrypted Web sites are FINE unless sensitive information is being transferred. Are publicly available manual pages sensitive information now?

Grabbing the campaign hat and writing death threats and very personal insults is sometimes slightly tempting.

Maaaan, we all knew it was coming, we were warned, again and again, yet still, when Lets Encrypt's old root CA expired today, we found out a tool we were using to get new certs (Not cerbot, custom wrapper around acme-tiny) included the old root in the chain.

So... A few hours ago, some of our servers started having connection issues.

Great final 3 hours of today. Better luck next time I guess? Still, despite the little hickup, Lets Encrypt still remains as one of the biggest revolutions in the adoption of SSL, they're the good guys.

I'm really surprised at how when I type in a domain without the protocol it automatically goes to http in this 'privacy' browser (firefox focus)

I hereby present my git inspired freshly baked meme.

Fuck MITM on all HTTPS traffic in Kazakhstan.

Sad to here that all devrants in Kazakhstan.

Fuck the ISP and the incompetent retarded developers in the government!

The retarded ISP is injecting malware ads on all web pages which means if you access a non HTTPS site, you're gonna get fucked.

And the retarded government site still do not have HTTPS version for the websites!

The biggest irony is that this particular government site is for developers to register for courses ( paid ) about latest technologies.

What are the thoughts of privacy conscious people about quantum computers? As far as I understand current TLS version encryption method is vulnerable to quantum computers, thus if your ISP or other agencies store all your traffic data right now, they'll be able to decrypt it after gaining access to quantum computers.

One way to secure your privacy would be to use your own VPN that uses encryption method that is quantum-resistant, but again the VPN would be using TLS to connect to the Internet.

How do I make my blog https? I have a blog using Jekyll and GitHub pages. I have a custom domain so I tried cloudflare free SSL plan - destroyed my DNS records. Haha. Any good post for me to follow and get that green padlock?

Going through another department's API documentation and wrapper library where it has documented samples on how to use it. One of the samples specifically shows how to disable HTTPs requests for when retrieving customer info but it also states in the documentation to specifically NOT USE this disable function.

When it comes to customer info, I don't know why the fuck you would allow an override option to do everything over unsecure requests, and even document about it!

Ok, so i got this new machine and whilst migrating I want to stay online with certain services. So atm there is x.web.nl and y.web.nl both have ssl and one runs on server x and the other on server y. Now is the question how the heck do i forward that ssl file??? I figured i have to do something with my nginx server block. Because that is terminating the cert. Can someone help me out??

Ok can someone explain this to me, i cant get it to function properly on chrome. Others are fine...

if ssh is more secured then why github recommends https?

#noobquestion

So I'm building this environmental monitoring system for one of the Labs to monitor Temperature and Humidity. the "software" that comes as part of the package with these sensors is really just a website you host yourself if you don't choose the cloud option. No big deal really, (see my previous rant about getting windows server through SSC) I setup IIS and get the "software" registered get a couple sensors running looks good. However I don't like the error messages that popup because it's unsecured. do some reading and I find out that most browsers will give you a warning if your not using HTTPS even if it's for internal use only. OK we'll how hard can it be in implement encryption, turns out it's not that hard and you can do it for free how with letsencrypt and other places. I like free, now i have to use SSH to get into the server and run an ACME client. Hey open SSH is part of windows now cool, download an ACME client SSH into the server and nope doesn't work. Oh right I'm behind a corporate firewall and a bunch of other shit I can't control. Why is so damn arduous to setup this god dam internal website and the problems aren't even the site. Now I'm playing with AWS spinning up an instance to be able to try and get an SSL certificate just so i don't have to tell people it's OK to trust this site ignore the big angry warning.
Best part is other similar internal sites don;t use SSL and all have big messages about someone stealing your soul if you go there and these are commercial systems that run all the HVAC for all the campuses across Canada.
I need more Tylenol.

Are there any real trusted and with an anonymity level of Elite, proxies out there or do I have to make my own?

Why are so many websites' TLS certs broken? This month I've come across at least four different websites with cert errors that I've tried to email the webmasters about. "Tried" - the fourth has only twitter as a contact point and "can't be messaged". None of the other three have been corrected, although I received responses from two claiming they'd look into it.

And that's not even counting the ones I've seen that I didn't care about enough to contact the webmaster.

In this qurantine made something out of react JS pleease have a look and share