Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuck
Buy Now
-
When you're about to do a payment and the payment form is loaded without an SSL connection/certificate... Come on, it's 2017...
4 -
Clearly Mozilla is the villain here for prioritising privacy and personal freedom over censorship, control, and surveillance. Oh, our parental controls don't work! WON'T SOMEBODY THINK OF THE CHILDREN! wtf
20 -
I made a web app team mad because I'm forcing them to implement HTTPS on their huge website made of sticks and stones.
NO REGRETSSS9 -
Weekend projects are fun! Although front end is still a challenge, it looks good enough.
Suddenly got the idea to do something with letsencrypt/nginx wildcard subdomains (*.example.com) so created a project around that now through which you can check what your ip address/user agent/operating system/ip version is (maybe more to come) but due to the wildcard part you can enter quite a number of subdomains which all show the related info.
I'd find it very useful myself, not sure if other people would but oh well!2 -
A few days ago a friend of mine asked me to teach him to code. When I wanted to know which language he'd like to learn, he hesitantly replied "https".
Then I explained, this was a data transfer protocol. His next idea was "http". 🙄
Guess who will learn Python8 -
so yeah let's have conference about security but its perfectly fine to have registrations over non-secure connection!
4 -
Is there any excuse for NOT having a HTTPS connection nowadays?
My university has so many unprotected subdomains that we're supposed to use and LOGIN ON that are not protected. Although these login forms are https protected the rest is not and seems sketchy.32 -
About browsers and whole SSL CERT thing...
Most likely everyone here noticed, that https site with broken certificate will throw these big red warnings, in your face and there is so much wording like "ITS NOT SECUREEEE" or "ITS HACKEDDD" almost like it was written by passionate fanatic.
But when you are on plaintext http browsers reaction is like ¯\_(ツ)_/¯
Even if you have plaintext with password, it will for example in chromium put small little red thingy that almost no one notices.
I believe that broken cert with some error like invalid date is MORE secure than plaintext password, yet still there is this hypocracy with browsers...
I dont say that broken SSL cert is good, or something, Im just pointing out contrast of "broken" https vs plain http.... One looks for casual Joe like end of the world is coming and second is bearly noticable. Da fuck?
I disagree with this approach18 -
!rant
In july chrome will mark all http-pages as not secure and firefox will follow.
Worst of all, those insecure pages won't be allowed to access the microphone and other features any more. What will i do in cafes now?12 -
One too many rants on Windows Update and the apparently endless ways to somehow turn off enough parts of it to no longer consider it a nuisance — and mostly neglecting to remember how to turn it back on or run it manually...
This of course lends a lot of room for bitching about Windows being unsecure and and outdated :o
Unfortunately the good people at NoVirusThanks have recently released the tool you've all been waiting for — no need to cry any longer because Microsoft's monthly release schedule means you have updates every time you bimonthly "have to" use Windows:
Win Update Stop — as simple as pictured: http://novirusthanks.org/products/...
It even comes in a portable version and support all the way back to XP!
19 -
Why is it HTTPS instead of SHTTP. I mean, apple doesn't call it the Phonei. Oh wait, just looks at "SHTTP" again... now I know why.5
-
Do you git clone with ssh or https and why?
I am thinking about using ssh just based on my own research, though you guys may have a your own reasons.11 -
Finally convinced the IT at my University to disable their badly-deployed HTTPS inspection.
So bad even the employee laptops in the domain didn't have the certificate (and the students got it on Google Drive a week later).
I feel great.1 -
Finally stopped procrastinating and setup my personal site with HTTPS!
Why didn't I do this ages ago?3 -
Also found this, could be helpful :)
https://github.com/FiloSottile/...
-
previous: https://devrant.com/rants/1952834
5 -
API Documentation: All API request should be made over https connections.
Me: Ok, (sees url bar), SECURE, good!
(sees curl code)
curl -X GET 'http://shittyapi.com/api/v2/users'
Me: (gasps) huh?
(heads to http://shittyapi.com/api/v2)
Me: Ok, (sees address bar) NOT SECURE
.
.
.
.
.
(long silence)5 -
Firefox developer fucked up this morning my development after the update -_-
The fucking "Enhancing Tracking Protection" was on a local Wi-Fi IP address(192.168...) which automatically redirected to the https of that IP, but I did setup kestrel to listen on HTTP, which resulted in a nice "Cannot enstablich a secure connection(and suck it up because ¯\_(ツ)_/¯)"
Fortunately it's easy to get rid off this cunt, just go on the shield nearby the address and disable that motherfucker.
ps: sorry for the lil rage, my morning train trip development brain cells should not be bothered by this automatic technical troubles
Further question to the Firefox developers:
WHAT THE FUCK are you thinking when you force developers to automatic HTTPS redirection when you should know more than anyone that development is 360deg(and not 90 like your mom)
1 -
FUCK YOU YOU SHITTY COCK SUCKING BITCH MOTHERFUCKER.
GO DIE IN A HOLE THEN GET RAPED IN HELL. I REALLY HATE THIS SHIT.
FUCK OFF GOOGLE.
13 -
So, have you all got your HTTPS protocols in order yet? Aren't you existed about the future?
Sincerely, Google27 -
It took me an entire hour to figure out why my https gave me a Connection Refused error in my browser. Apparently I had configured port 433 to be published instead of 443, another hour wasted.
-
What makes free ssl "Unsuitable for e-commerce websites", Please read to end to see my view point.
From Namecheap:
Free Certificates are domain validation only which means they don't certify the identity of the website owner, they simply ensure a secure connection. Customers can't be sure of the integrity and trustworthiness of the website owner. If you need to secure credit card and personal information on e-commerce websites, free certificates aren't the answer. It's important your customers trust your business is safe enough to hand over these details. To gain this trust, you need a certification of your authenticity, which you can only get with a (paid) Business Validation or Extended Validation SSL Certificates.
https://namecheap.com/security/...
* "To gain this trust, you need a certification of your authenticity"
~ But isn't that just Domain Verification and other Extras, What justifies somebody or business's authenticity? Tax Id, Valid Address, Nobody is going to study the ssl cert to make sure that amazon.com is a valid business and has a tax Id.
* "domain validation only which means they don't certify the identity of the website owner,"
~ Wouldn't this just be the domain validation test that is required when using services like LetsEncrypt using Certbot etc, or are we referencing back to this idea that they look for a Valid Tax Id sort of thing?
* "If you need to secure credit card and personal information on e-commerce websites, free certificates aren't the answer"
~ Why is the paid version going to do double encryption, is the CA going to run a monitoring tool to scan for intrusions like a IDS or IPS? (disregard the use of DNS Validation being in the picture)
Am I missing something, this just seems like well crafted text to get people to buy a cert, I could understand if the encryption was handled differently, Maybe if they checked the site for HSTS or HTTPs Redirect or even, They blocked wildcard SSL before and now with the paid its included, but overall it doesn't sound like anything special. Now I'm not just picking on namecheap because domain.com does the same.14 -
When you’ve been warning of how much stuff needs work to support TLS1.1 depreciation but now all that stuff broke because he had you working on a bunch of other random less important stuff. Now he is saying back to me the exact things I said to him about why we needed to work on this stuff months ago.
1 -
For my local dev, set up my own root CA, added to trusted root CA in my machine, generated a cert for my local domain, signed by my own root CA, but the behavior is different across browsers:
Can someone help in making Google Chrome padlock green or grey (not red)?
7 -
I had this post saved on Reddit for too long. Apparently someone found an alternative darknet (kind of like tor), but it used .alien domains.
I did some searching and found nothing. Either this person is making this up, or he found something very interesting that nobody knows about.
Anybody know what he's talking about? Who knows, this could be something that's well known but I'm just searching for it the wrong way.
9 -
Hey Guys
Linux VPS + Apache2 + https
I'm a noob in Linux, got my VPS live, but I'm serving http... Even if my page doesn't save even cookies It will marked as unsecure.
Is it possible to config Apache2 to serve https?
Thank you
PS.: Googled and got nothing special, only info about Apache29 -
Trustico CEO emailed private key which is used to sign TLS certificates, making more than 23k certificates compromised!
This makes me think, that we should not trust others for our security (like ca), failure of CA can put our website at risk. What is the better way to do it?
https://arstechnica.com/information...11 -
Fuck the ISP and the incompetent retarded developers in the government!
The retarded ISP is injecting malware ads on all web pages which means if you access a non HTTPS site, you're gonna get fucked.
And the retarded government site still do not have HTTPS version for the websites!
The biggest irony is that this particular government site is for developers to register for courses ( paid ) about latest technologies.1 -
I'm really surprised at how when I type in a domain without the protocol it automatically goes to http in this 'privacy' browser (firefox focus)3
-
What are the thoughts of privacy conscious people about quantum computers? As far as I understand current TLS version encryption method is vulnerable to quantum computers, thus if your ISP or other agencies store all your traffic data right now, they'll be able to decrypt it after gaining access to quantum computers.
One way to secure your privacy would be to use your own VPN that uses encryption method that is quantum-resistant, but again the VPN would be using TLS to connect to the Internet.6 -
Ok can someone explain this to me, i cant get it to function properly on chrome. Others are fine...
7 -
FFS! having nodejs server on heroku, added certificate successfully for https, yet when going to www.example.com it uses http on prod and maintanence page while example.com goes to https.
All my attempts to catch http connection failed.
This is the definition of me wanting to bang my keyboard and problem autosolves itself while I am doing it!
Where is the my one click and everything is ready. I want to code back end and front end not spend 2 days trying to figure out https bullshit for unknown reason. -
How do I make my blog https? I have a blog using Jekyll and GitHub pages. I have a custom domain so I tried cloudflare free SSL plan - destroyed my DNS records. Haha. Any good post for me to follow and get that green padlock?8
-
I'm trying to setup software called RocketChat in a a DigitalOcean droplet.
It supports Caddy by default, but I need to forward ports 80 & 443 to get https to work.
So how do I forward these ports? I heard something about iptables or a firewall or something. I've been pulling my hair out for hours trying to figure this out and the horrible Rocketchat documentation on this doesn't help.
3 -
Ok, so i got this new machine and whilst migrating I want to stay online with certain services. So atm there is x.web.nl and y.web.nl both have ssl and one runs on server x and the other on server y. Now is the question how the heck do i forward that ssl file??? I figured i have to do something with my nginx server block. Because that is terminating the cert. Can someone help me out??1
-
Going through another department's API documentation and wrapper library where it has documented samples on how to use it. One of the samples specifically shows how to disable HTTPs requests for when retrieving customer info but it also states in the documentation to specifically NOT USE this disable function.
When it comes to customer info, I don't know why the fuck you would allow an override option to do everything over unsecure requests, and even document about it! -
// new Rant("help needed!")
I really need some help guys! Would be nice if you could checkout
http://stackoverflow.com/questions/...
and help me out if possible :) Got some problems with ffmpeg on OS X not streaming https urls.
And if these kind of rants aren't supposed to be posted/created please tell me so. I am still not familiar with the overall flare of this community ;)8 -
You would think that the top information gathering government agency would be having their https certificate configured properly but apparently not...
https://iad.gov/NIETP/reports/...1 -
So I'm building this environmental monitoring system for one of the Labs to monitor Temperature and Humidity. the "software" that comes as part of the package with these sensors is really just a website you host yourself if you don't choose the cloud option. No big deal really, (see my previous rant about getting windows server through SSC) I setup IIS and get the "software" registered get a couple sensors running looks good. However I don't like the error messages that popup because it's unsecured. do some reading and I find out that most browsers will give you a warning if your not using HTTPS even if it's for internal use only. OK we'll how hard can it be in implement encryption, turns out it's not that hard and you can do it for free how with letsencrypt and other places. I like free, now i have to use SSH to get into the server and run an ACME client. Hey open SSH is part of windows now cool, download an ACME client SSH into the server and nope doesn't work. Oh right I'm behind a corporate firewall and a bunch of other shit I can't control. Why is so damn arduous to setup this god dam internal website and the problems aren't even the site. Now I'm playing with AWS spinning up an instance to be able to try and get an SSL certificate just so i don't have to tell people it's OK to trust this site ignore the big angry warning.
Best part is other similar internal sites don;t use SSL and all have big messages about someone stealing your soul if you go there and these are commercial systems that run all the HVAC for all the campuses across Canada.
I need more Tylenol. -
I currently need to register an account on a website to download their SDK. I was a little startled, when I noticed, that the input type of their password field was 'text' instead of 'password'.
Well, I think I know why they did this. It's probably because firefox throws A HUGE FUCKING WARNING, when the input from a password field is going to be transmitted via http! Just sent them an email to inform them about the issue. I'm definitely not going to use their http-transmitted contact form that requires me for whatever reason to enter my full address. Yes, I could enter a fake one, but I don't really want to transmit anything to this site...1 -
Are there any real trusted and with an anonymity level of Elite, proxies out there or do I have to make my own?3
-
Did any of you tried to configure iRedMail with an https only domain that also maps in nginx as a reverse proxy?
(Ps: FFS why the developers of iRedMail develop with nginx in mind but there isn't any .conf about iRedMail?)17 -
Wifi used to be an issue in my incubator. Like I had mentioned in my earlier rant. There are many wifi's available now, but once when there was only one wifi available. That wifi network, was so terrible that it asks for human verification number of times even on google searches.
And the person responsible for wifi, is one of the most useless, undeserved person, I had ever seen
When a team from incubator talked to him about the issue, that this particular wifi's is pathetic, too many blocks and always asking for human verification, his reply was
"Just write 'S' after 'http', then it will work"
No doubt, everybody hates that guy.
But that guy cant be fired from job, because government. But he can be FIRED -
We have 2 sites. I, dev, set the https system for one in 10 minutes. The sys admin has been working on it for two hours already and he doesn't want help2
-
Been integrating with a third party system for the last 2 weeks, we can send them requests fine but when they post the response to us they get a generic error.
After responding very politely to an increasingly aggressive contact at their company for the entire day, where he says it is our system that is badly configured, they figured it out.
Their system only has support for sending data using TLS 1.0 and below....
So turns out he was right our system wasn't configured to work with theirs. We only allow 1.2 and above... -
What is this "HTTPS Everywhere" chrome extension about??? I thought only site managers (?) can make a website https or not, and not visitors of a site. Was I wrong?!1
Top Tags
Weekly Rant
View