HTTP response code cheat sheet
(From /r/Programmer humor)

When a website uses https but stores passwords in plain text...

I know people who need this!

When you're about to do a payment and the payment form is loaded without an SSL connection/certificate... Come on, it's 2017...

Wait, what??!

"Using HTTPS is only useful if your page has a login. Just use HTTP."

All day trying to configure https with nginx.
Then I see this

If you are poor you don't have the right to browse the Internet through https

I made a web app team mad because I'm forcing them to implement HTTPS on their huge website made of sticks and stones.

NO REGRETSSS

!rant

Pornhub goes completely https

Developers should be proud.

Back in these days

10 year challenge

Hey girl are you https cause without you I'm ://

Weekend projects are fun! Although front end is still a challenge, it looks good enough.

Suddenly got the idea to do something with letsencrypt/nginx wildcard subdomains (*.example.com) so created a project around that now through which you can check what your ip address/user agent/operating system/ip version is (maybe more to come) but due to the wildcard part you can enter quite a number of subdomains which all show the related info.

I'd find it very useful myself, not sure if other people would but oh well!

Saw that on the company website.. to lazy to use URL-Rewriting, just did that *OMG*

Are you a protocol? Because you're kinda ://

A few days ago a friend of mine asked me to teach him to code. When I wanted to know which language he'd like to learn, he hesitantly replied "https".
Then I explained, this was a data transfer protocol. His next idea was "http". 🙄

Guess who will learn Python

Let's Encrypt-- Opinions?

Looking thru some old code, i lol'd

Which one is you???...I am some where in the middle 🤓🤓🤓🤔

0,1... 10

Is there any excuse for NOT having a HTTPS connection nowadays?

My university has so many unprotected subdomains that we're supposed to use and LOGIN ON that are not protected. Although these login forms are https protected the rest is not and seems sketchy.

so yeah let's have conference about security but its perfectly fine to have registrations over non-secure connection!

About browsers and whole SSL CERT thing...

Most likely everyone here noticed, that https site with broken certificate will throw these big red warnings, in your face and there is so much wording like "ITS NOT SECUREEEE" or "ITS HACKEDDD" almost like it was written by passionate fanatic.

But when you are on plaintext http browsers reaction is like ¯\_(ツ)_/¯
Even if you have plaintext with password, it will for example in chromium put small little red thingy that almost no one notices.

I believe that broken cert with some error like invalid date is MORE secure than plaintext password, yet still there is this hypocracy with browsers...

I dont say that broken SSL cert is good, or something, Im just pointing out contrast of "broken" https vs plain http.... One looks for casual Joe like end of the world is coming and second is bearly noticable. Da fuck?

I disagree with this approach

Every monday is like this..

Why is it HTTPS instead of SHTTP. I mean, apple doesn't call it the Phonei. Oh wait, just looks at "SHTTP" again... now I know why.

Finally stopped procrastinating and setup my personal site with HTTPS!

Why didn't I do this ages ago?

Redirect that crossed my path today

Do you git clone with ssh or https and why?

I am thinking about using ssh just based on my own research, though you guys may have a your own reasons.

Writing a Unit test to test the Unit test that's testing your application, because you can never be sure about anything.

Finally convinced the IT at my University to disable their badly-deployed HTTPS inspection.

So bad even the employee laptops in the domain didn't have the certificate (and the students got it on Google Drive a week later).

I feel great.

Not sure if already posted, but I found this one on my phone and wanted to share this with you 🤣

I wonder why StackOverFlow has decided not to use Https.

@Artemix
Your cert expired. Please renew it ;)

FUCK YOU YOU SHITTY COCK SUCKING BITCH MOTHERFUCKER.

GO DIE IN A HOLE THEN GET RAPED IN HELL. I REALLY HATE THIS SHIT.

FUCK OFF GOOGLE.

Well that explains it. Don't try and rush em.

So, have you all got your HTTPS protocols in order yet? Aren't you existed about the future?

Sincerely, Google

Just realized ebay is an http address. Looks like I won't be using them anymore...

Firefox developer fucked up this morning my development after the update -_-

The fucking "Enhancing Tracking Protection" was on a local Wi-Fi IP address(192.168...) which automatically redirected to the https of that IP, but I did setup kestrel to listen on HTTP, which resulted in a nice "Cannot enstablich a secure connection(and suck it up because ¯\_(ツ)_/¯)"

Fortunately it's easy to get rid off this cunt, just go on the shield nearby the address and disable that motherfucker.

ps: sorry for the lil rage, my morning train trip development brain cells should not be bothered by this automatic technical troubles

Further question to the Firefox developers:
WHAT THE FUCK are you thinking when you force developers to automatic HTTPS redirection when you should know more than anyone that development is 360deg(and not 90 like your mom)

It took me an entire hour to figure out why my https gave me a Connection Refused error in my browser. Apparently I had configured port 433 to be published instead of 443, another hour wasted.

When you’ve been warning of how much stuff needs work to support TLS1.1 depreciation but now all that stuff broke because he had you working on a bunch of other random less important stuff. Now he is saying back to me the exact things I said to him about why we needed to work on this stuff months ago.

letsencrypt I love you!

The Get method always feels lonely because it has nobody😅😂

Hey Guys
Linux VPS + Apache2 + https
I'm a noob in Linux, got my VPS live, but I'm serving http... Even if my page doesn't save even cookies It will marked as unsecure.
Is it possible to config Apache2 to serve https?
Thank you
PS.: Googled and got nothing special, only info about Apache2

For my local dev, set up my own root CA, added to trusted root CA in my machine, generated a cert for my local domain, signed by my own root CA, but the behavior is different across browsers:

Can someone help in making Google Chrome padlock green or grey (not red)?

Whoo! I like the new Devrant theme for desktop! Great work guys!

Debugs SSL setup on server for hours... Realises incoming on 443 was not enabled!! FML

Maaaan, we all knew it was coming, we were warned, again and again, yet still, when Lets Encrypt's old root CA expired today, we found out a tool we were using to get new certs (Not cerbot, custom wrapper around acme-tiny) included the old root in the chain.

So... A few hours ago, some of our servers started having connection issues.

Great final 3 hours of today. Better luck next time I guess? Still, despite the little hickup, Lets Encrypt still remains as one of the biggest revolutions in the adoption of SSL, they're the good guys.

You win this round SQL.... but I'll be back... and when I do I'll get this stupid join and concat to work the way I want. YOU'LL SEE SQL!!!!

...If I ever buy an SQL book like I keep talking about...

-deploy not entirely janky but also not ideal solution-

Do you still charge your clients extra for HTTPS being it’s practically a requirement now for SEO purposes?

Reading "duh... that link looks sketchy" time after time when attempting to nudge people in the direction of good resources, e.g., on-line manual pages, becomes rather irritating. Is typing the URL into VirusTotal or something really such a fucking hassle? Are you sufficiently special to warrant the creation of an IP grabber which is dedicated to targeting you... AFTER you posted your exact location on Instagram last week?

Similarly, some pants-shitting, worm-eating troglodytes who have the gall to claim to know anything about cybersecurity STILL think that for all Web sites k, that k's URL begins with "https" implies that k is secure. NO! Unencrypted Web sites are FINE unless sensitive information is being transferred. Are publicly available manual pages sensitive information now?

Grabbing the campaign hat and writing death threats and very personal insults is sometimes slightly tempting.

I'm really surprised at how when I type in a domain without the protocol it automatically goes to http in this 'privacy' browser (firefox focus)

I hereby present my git inspired freshly baked meme.

Fuck the ISP and the incompetent retarded developers in the government!

The retarded ISP is injecting malware ads on all web pages which means if you access a non HTTPS site, you're gonna get fucked.

And the retarded government site still do not have HTTPS version for the websites!

The biggest irony is that this particular government site is for developers to register for courses ( paid ) about latest technologies.

How do I make my blog https? I have a blog using Jekyll and GitHub pages. I have a custom domain so I tried cloudflare free SSL plan - destroyed my DNS records. Haha. Any good post for me to follow and get that green padlock?

Fuck MITM on all HTTPS traffic in Kazakhstan.

Sad to here that all devrants in Kazakhstan.

What are the thoughts of privacy conscious people about quantum computers? As far as I understand current TLS version encryption method is vulnerable to quantum computers, thus if your ISP or other agencies store all your traffic data right now, they'll be able to decrypt it after gaining access to quantum computers.

One way to secure your privacy would be to use your own VPN that uses encryption method that is quantum-resistant, but again the VPN would be using TLS to connect to the Internet.

Going through another department's API documentation and wrapper library where it has documented samples on how to use it. One of the samples specifically shows how to disable HTTPs requests for when retrieving customer info but it also states in the documentation to specifically NOT USE this disable function.

When it comes to customer info, I don't know why the fuck you would allow an override option to do everything over unsecure requests, and even document about it!

Ok can someone explain this to me, i cant get it to function properly on chrome. Others are fine...

In this qurantine made something out of react JS pleease have a look and share

Are there any real trusted and with an anonymity level of Elite, proxies out there or do I have to make my own?

So I'm building this environmental monitoring system for one of the Labs to monitor Temperature and Humidity. the "software" that comes as part of the package with these sensors is really just a website you host yourself if you don't choose the cloud option. No big deal really, (see my previous rant about getting windows server through SSC) I setup IIS and get the "software" registered get a couple sensors running looks good. However I don't like the error messages that popup because it's unsecured. do some reading and I find out that most browsers will give you a warning if your not using HTTPS even if it's for internal use only. OK we'll how hard can it be in implement encryption, turns out it's not that hard and you can do it for free how with letsencrypt and other places. I like free, now i have to use SSH to get into the server and run an ACME client. Hey open SSH is part of windows now cool, download an ACME client SSH into the server and nope doesn't work. Oh right I'm behind a corporate firewall and a bunch of other shit I can't control. Why is so damn arduous to setup this god dam internal website and the problems aren't even the site. Now I'm playing with AWS spinning up an instance to be able to try and get an SSL certificate just so i don't have to tell people it's OK to trust this site ignore the big angry warning.
Best part is other similar internal sites don;t use SSL and all have big messages about someone stealing your soul if you go there and these are commercial systems that run all the HVAC for all the campuses across Canada.
I need more Tylenol.

We have 2 sites. I, dev, set the https system for one in 10 minutes. The sys admin has been working on it for two hours already and he doesn't want help

Wifi used to be an issue in my incubator. Like I had mentioned in my earlier rant. There are many wifi's available now, but once when there was only one wifi available. That wifi network, was so terrible that it asks for human verification number of times even on google searches.

And the person responsible for wifi, is one of the most useless, undeserved person, I had ever seen

When a team from incubator talked to him about the issue, that this particular wifi's is pathetic, too many blocks and always asking for human verification, his reply was

"Just write 'S' after 'http', then it will work"

No doubt, everybody hates that guy.

But that guy cant be fired from job, because government. But he can be FIRED

Did any of you tried to configure iRedMail with an https only domain that also maps in nginx as a reverse proxy?

(Ps: FFS why the developers of iRedMail develop with nginx in mind but there isn't any .conf about iRedMail?)