My company provides its services as web pages and web services to our customers.

Once a year we update the certificate used for the https connections.

I notified the update to the clients that use the web services.

One of them asked me a copy of the public key.

No problem. Open the web site with the browser, save the key and send by email.

One day later the client asked me the public key in a zip file because the anti virus blocked my attachment.

Why the client hates the Chain of Trust ?
He could obtain the public key by them self from the browser or openssl.

!rant

Hello World!

Just wanted to ask about the best souvenirs in Munich, Germany?

Our CTO is currently having a consultancy work in Munich, and would like to let him repay his debts for not delivering deliverables on time or should I spank his butt instead? So much for his demands and ignorance! 🤔 😈

Or any recommendations that could be of help?

Danke!

XCode you fucking piece of shit...

So I just wanted to process my ios app to the app store and start the archive process. All of the sudden:
Command CodeSign failed with a nonzero exit code

What? So there is an error and you cannot tell me the error code? All information you give me that it isn't zero!? Wow... Amazing... What a great user experience. Maybe it cannot resolve the error? Maybe it is some external tool Apple has no access to and that is the only valid error they can throw at us?

Oh hell no! It has something to do with the keychain access! But why tell the user? That wouldn't be as much fun as just tell it is a nonzero error, isn't it apple?!

In the end locking and unlocking my key chain solved the problem... Thanks for nothing XCode!

My keychain is getting heavy.

I have my house key ofcourse, then there is a short chain for my car keys, and last but not least 3 flash drives with different linux distributions

Just found the most embarrassing security hole. Basically a skelleton key to millions of user data. Names, email addresses, zip codes, orders. If the email indicates a birthdate, even more shit if you chain another vector. Basically an order id / hash pair that should allow users to enter data AND SHOULD ONLY AUTHORIZE THEM TO THE SITE FOR ENTRING DATA. Well, what happend was that a non mathing hash/id pair will not provide an aith token bit it will create a session linked to that order.

Long story short, call url 1 enter the foreign ID, get an error, access order overview site, profit. Obviously a big fucking problem and I still had to run directly to our CEO to get it prioritized because product management thought a style update would be more important.

Oh, and of course the IDs are counted upwards. Making them random would be too unfair towards the poor black hats out there.

Jesus our security infrastructure people are stupid. They are telling us to secure a service that we don’t want accessible directly by the role “member” setup to be accessible by “member”. All because they “don’t want us changing identities in the middle of a chain of web service calls”. They are like “don’t worry, the fire wall keeps them out”.

That’s like saying “here’s the key to the bank vault, but you won’t ever get past the security guards so it’s okay that you have it.”

I swear this company is stone stupid.

We need to test the last step in our proof-of-concept chain before putting our project proposal... but just before testing what we believe will be (finally) a functioning scenario, the key service we need and have no influence over stopped working. I am pretty sure, it will start working like 5 minutes before I usually leave.. one has to love this waitNRush development.

Whatever be the current trend on Linked-In, at the end of the day the product development life cycle remains quite the same.

Still, as developers which general domains in software do you think would flourish in the near future?

My picks (not in order) -
>> Cyber security : automation, both offensive and defensive
>> Block chain : trustable data platforms
>> Applied AI : a few key models, applied to all niches, bettering existing UX
>> IOT : wearables, embeddables, smart appliances
>> AR : Navigation prompts, real time info about real life objects
>> VR : Immerse entertainment. (Metaverse 🤮)
>> Quantum computing : first gen costly commercial releases, new algos

What would you add or subtract from this?