Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
So, someone submitted a 'bug' to Mozilla.
As some of you may know, in the next year, the new mass surveillance law in the Netherlands is going into effect.
Another fun fact is that the dutch security agencies/government have their own CA (Certificate Authority) for SSL/TLS certificates.
The new law says that the AIVD (dutch NSA/GCHQ equivilant) is allowed to hack into systems through obtained certificates and also that they're allowed to INTERCEPT TRAFFIC THROUGH OBTAINED PRIVATE SSL/TLS KEYS.
So someone actually had the fucking balls to submit a fucking issue to Mozilla saying that the Dutch State certs shouldn't be accepted anymore when the new mass surveillance law gets into place.
This person deservers a fucking medal if you ask me.68 -
"Oh, he is asking that much money for this website? I will create that for only $250 with WordPress. He is just trying to use you"
You fucking wanker. What you don't understand is that you are pushing the companies to a fucking black hole that they won't be able to recover from.
He shows an example of a website which takes 30 sec to load. It's full of hundreds of dreadful plugins. He chose the shittiest stock pictures to make it look "pretty".
When I point out his fucking shite website takes this long to load, he says if the company wants to make the website fast, they will need buy the premium plan of CloudFlare. WHAT THE FUCK are you even talking about?
Not only that, the example website, doesn't even have any SSL. He is saying that the other company didn't want to pay for the SSL. Ever heard of fucking StartSSL or LetsEncrypt?
It's people like you who is responsible for making half of the web an insecure, slow, low-performance space which is prone to hacking.
WordPress was made for blogging. KEEP IT THAT WAY. Stop trying to make your high-performance CMS or eCommerce website with this shite.20 -
When you're about to do a payment and the payment form is loaded without an SSL connection/certificate... Come on, it's 2017...
3 -
So I got the job. Here's a story, never let anyone stop you from accomplishing your dreams!
It all started in 2010. Windows just crashed unrecoverably for the 3rd time in two years. Back then I wasn't good with computers yet so we got our tech guy to look at it and he said: "either pay for a windows license again (we nearly spend 1K on licenses already) or try another operating system which is free: Ubuntu. If you don't like it anyways, we can always switch back to Windows!"
Oh well, fair enough, not much to lose, right! So we went with Ubuntu. Within about 2 hours I could find everything. From the software installer to OpenOffice, browsers, email things and so on. Also I already got the basics of the Linux terminal (bash in this case) like ls, cd, mkdir and a few more.
My parents found it very easy to work with as well so we decided to stick with it.
I already started to experiment with some html/css code because the thought of being able to write my own websites was awesome! Within about a week or so I figured out a simple html site.
Then I started to experiment more and more.
After about a year of trial and error (repeat about 1000+ times) I finally got my first Apache server setup on a VirtualBox running Ubuntu server. Damn, it felt awesome to see my own shit working!
From that moment on I continued to try everything I could with Linux because I found the principle that I basically could do everything I wanted (possible with software solutions) without any limitations (like with Windows/Mac) very fucking awesome. I owned the fucking system.
Then, after some years, I got my first shared hosting plan! It was awesome to see my own (with subdomain) website online, functioning very well!
I started to learn stuff like FTP, SSH and so on.
Went on with trial and error for a while and then the thought occured to me: what if I'd have a little server ONLINE which I could use myself to experiment around?
First rented VPS was there! Couldn't get enough of it and kept experimenting with server thingies, linux in general aaand so on.
Started learning about rsa key based login, firewalls (iptables), brute force prevention (fail2ban), vhosts (apache2 still), SSL (damn this was an interesting one, how the fuck do you do this yourself?!), PHP and many other things.
Then, after a while, the thought came to mind: what if I'd have a dedicated server!?!?!?!
I ordered my first fucking dedicated server. Damn, this was awesome! Already knew some stuff about defending myself from brute force bots and so on so it went pretty well.
Finally made the jump to NginX and CentOS!
Made multiple VPS's for shitloads of purposes and just to learn. Started working with reverse proxies (nginx), proxy servers, SSL for everything (because fuck basic http WITHOUT SSL), vhosts and so on.
Started with simple, one screen linux setup with ubuntu 10.04.
Running a five monitor setup now with many distro's, running about 20 servers with proxies/nginx/apache2/multiple db engines, as much security as I can integrate and this fucking passion just got me my first Linux job!
It's not just an operating system for me, it's a way of life. And with that I don't just mean the operating system, but also the idea behind it :).20 -
I'm really not much of a drinker, but last night I was apparently.
I thought I played video games until I passed out on the couch and was carried to bed.
This morning, my laptop reveals to me that I had an idea for a web app last night because I made a very misspelled, yet highly detailed to do list for the app, a very blank index file, and 37 open tabs of what looks like research for certain web features.
Project seemed to be some sort of organization thing with a lot of really random and unrelated features like "fruit meterr that scales different fruits you earn" (what does that even mean??) and "sassy bill reminder".
I'm closing out all the tabs I had opened, when I see the tab showing the domain name I chose and bought. I even got the SSL certificate and email domain purchased.
Drunk me seemed to have been really excited about this idea 😶19 -
Started talking with someone about general IT stuff. At some point we came to the subject of SSL certificates and he mentioned that 'that stuff is expensive' and so on.
Kindly told him about Let's Encrypt and also that it's free and he reacted: "Then I'd rather have no SSL, free certificates make you look like you're a cheap ass".
So I told him the principle of login/registration thingies and said that they really need SSL, whether it's free or not.
"Nahhh, then I'd still rather don't use SSL, it just looks so cheap when you're using a free certificate".
Hey you know what, what about you write that sentence on a whole fucking pack of paper, dip it into some sambal, maybe add some firecrackers and shove it up your ass? Hopefully that will bring some sense into your very empty head.
Not putting a secure connection on a website, (at all) especially when it has a FUCKING LOGIN/REGISTRATION FUNCTION (!?!?!?!!?!) is simply not fucking done in the year of TWO THOUSAND FUCKING SEVENTEEN.
'Ohh but the NSA etc won't do anything with that data'.
Has it, for one tiny motherfucking second, come to mind that there's also a thing called hackers? Malicious hackers? If your users are on hacked networks, it's easy as fuck to steal their credentials, inject shit and even deliver fucking EXPLOIT KITS.
Oh and you bet your ass the NSA will save that data, they have a whole motherfucking database of passwords they can search through with XKeyScore (snowden leaks).
Motherfucker.68 -
I ranted about this guy before who thought he was a security expert while hardly knowing what the word is probably. Today I met him again at a party.
Holy fucking shit, this guy.
"we use the best servers of the netherlands"
"we use a separate server for each website and finetune them"
"we always put clusters under servers, that way we have a fallback mechanism"
"companies mostly use bv ssl certificates"
"you're on call for a week? I'm full-time on call. Why I'm drinking alcohol then? Because fuck the clients hahaha"
😥🔫15 -
My first day in a Linux admin and security course. I went all confident and cocky waiting for some bullshit like "type in your term: ls, cd, pwd, see you tomorrow"
Suddenly the teacher starts to configure lampp, then jumps to bind, and thirty minutes leater , when everyone has their ssl keys under control, I was still struggling to correctly forward my mate. The rest of the day was smooth and easy for those who finished their servers, and there I was, unable to find my own ass in the middle of that mess made of bad assigned permissions and wrong placed addresses. Even worse, he came to me when I asked for help, took my chair and fixed everything in one beautiful single bash line. I started to ask "what's this? Where is that? Is it a config file or a directory?" And with all his patience he keep telling me the obvious answers that where right there at the screen but I couldn't see. Took me two weeks to catch his pace, and another two weeks to understand fully his classes. He never said a word about my terrible first day (first couple weeks). When course finished, I saw he was going to teach a really hard security module, and I signed up without hesitate.6 -
Sometimes I just randomly start installing a new vps, configure the server, put a random sub domain on it, forward nginx with SSL, print something random on the page and then just remove the thing again.
Solely because I enjoy installing servers/configuring them.
Am I weird? 😅70 -
"The customer reports that port 21 is closed on our FTP site. They said that port 443 is open, and wonder if they can use that instead."
"They are entering the wrong server name. Our FTP server is ONLY an FTP server. Port 443 is not open on our FTP server.
Please verify that they are entering `ftp.xxxxxx.com`
Our FTP site supports FTP/SSL if they are concerned about security."
"Customer responds that they would rather use port 443 to send files."
"I'm sure they would. I'd also like to enter our building on the west side when the temperature is below 10º, but there are no doors on the west side, so that's not going to happen, is it?"2 -
was thinking of buying an s8, but fuck samsung.
http://www.samsung.com/us/apps/
price of ssl certificate: about $15
price of samsung: about $254,000,000,000
23 -
Motherfucker. It's two thousand fucking seventeen. You can get a free ssl certificate for any website.
Then WHY are there still some fucking websites which contain login portals, sensitive information or anything that SHOULD be protected in transit WITHOUT FUCKING SSL?!
I hope that the people who manage those sites and are AWARE that they can get a free cert but don't do that die in agonising pain.
This really fucking pisses me off.
On another note, EVERY site should have SSL, it's free anyways and protects your visitors from a range of threats.-24 -
Took yesterday off to sort out a new passport.
Today on the stand:
Manager: "So we've been trying to get app X running on a dev environment for client X but we couldn't expose it to them"
Me: "Well yeah it's a dev environment if you want to give them one give them access to staging"
Manager: "Oh well we're still going to give them access to dev because they asked for it. It's due for 10am but we couldn't get it to run. You have to get it running since we edited the config files"
*accessing dev environment*
half of config files is missing, random files committed to the repo, SSL certs manually edited, eth0 down and found swan vpn installed.
never taking a day off again.
1 -
One of our clients deploy their own server app. So this happened after a prod deployment. (4am)
*Cellphone rings while sleeping*
Client : we need you on the conference call now. URGENT!
*Gets on conference call*
*Client explain the problem*
*Explaining to the client that the problem is in their side (https connection not working, either network or certificate problem)*
*Client doesn't believe it and pushes me for a fix that I have no control on*
*4 hours later in a heated conversation*
Client : ok problem is on our side. We used our SSL certificate from staging with production and thought it would work.
Me :
5 -
Fuck stupid client.
Sorry:
Boss: client want to white label the solution.
Me: ok. They just need to create A record and send as SSL certificate and I will do it.
Client : here is your SSL certificate.
Me: spend whole night to make the transfer and setup server and check whole solutions one by one for reference to our company.
Next day wake around 2 pm to 100 whatsapp message, call from client and noss.
Turns out client IT team revoked the certificate without informing and the product stop working for all people.
Me: go to back to sleep.6 -
So according to some reddit user IKEA sends your password as a GET parameter in plain text.
https://reddit.com/r/CrappyDesign/...
Seems to be a network authentication thingy, but still 🤔
34 -
*Downloading a linux iso (distrohopping YAY) because the download stopped last night*
*200kbs instead of the 5mbs last night*
*sets up a subdomain for downloading iso's*
*enables SSL*
*downloads the iso to my server*
*copies the iso to the directory of the iso subdomain*
*starts downloading the iso from the server*
5mbs YAY
I am weird 😆11 -
At work:
"I do not get your concerns over ssl, it works fine when we use ie"
"What do you mean by xss? A regular use would not even try ans attempt something like that"
"We need to keep the txt file with the passwords there, its an internal project, the public would not even attempt to reach our site, just put them back"
Ah the many stories that I have from this place. It is an otherwise good place to work at tho, but oh well...
Me on a daily basis tho
9 -
(The PM is pretty technical)
One day:
Me: Could you create this subdomain?
PM: Sure, just a sec.
Me: Ohh and could you add a letsencrypt cert? (one click thingy)
PM: Why would you need that on this kinda site...
Me: Well in general for security...
PM: Nahh.
*walks away*
Next day:
(referring to my internship manager/guider as Bob)
Bob: Hey... we have a new subdomain!
Me: Yup!
Bob: Wait why is there no letsencrypt certificate installed...?!?
Me: Well, the PM didn't find that neccesary...
Bob: (Oo) of course it is... are we going for security by default or what?
Me: Yup agreed.
Bob: *creates cert and sets everything up in under a minute*
It wasn't a high profile site (tiny side project) but why not add SSL when you can for free?8 -
On call part 3: I'M BACK ON THE CAL FROM YESTERDAY FOR THE LAST 6.5 HOURS AND THEY'RE JUST DOING WHAT I TOLD THEM TO DO YESTERDAY. Is it because I'm female? Does having boobs mean I don't know how ssl works and that I can't possibly know about networks? I'm seriously about to just hang up and tell them to deal with it on their own.
Cup is there because it expresses my mood.
12 -
Your resume:
Git
SSL
Vue
Angular
React
Node
Spring boot
MySQL
MongoDb
HTML
CSS
Java
Javascript
Bootstrap
Cassandra
Hive
Hadoop
Block chain
GraphQL
Kubernetics
Jenkins
Azure
GCP
Interviewer:
Sorry, we need someone who knows AWS8 -
Had to give a 15 min presentation on web development. I somehow turned it into me giving a 1 hour lecture on ssl and end to end encryption to a bunch of accounting students 😅3
-
By learning the basis of things instead of just using them.
for example I learn cryptographic algorithms behind ssl instead of just using it.6 -
Following a conversation with a fellow devRanter this came to my mind ago, happened a year or two ago I think.
Was searching for an online note taking app which also provided open source end to end encryption.
After searching for a while I found something that looked alright (do not remember the URL/site too badly). They used pretty good open source JS crypto libraries so it seemed very good!
Then I noticed that the site itself did NOT ran SSL (putting the https:// in front of the site name resulted in site not found or something similar).
Went to the Q/A section because that's really weird.
Saw the answer to that question:
"Since the notes are end to end encrypted client side anyways, we don't see the point in adding SSL. It's secure enough this way".
😵
I emailed them right away explaing that any party inbetween their server(s) and the browser could do anything with the request (includingt the cryptographic JS code) so they should start going onto SSL very very fast.
Too badly I never received a reply.
People, if you ever work with client side crypto, ALWAYS use SSL. Also with valid certs!
The NSA for example has this thing known as the 'Quantum Insert' attack which they can deploy worldwide which basically is an attack where they detect requests being made to servers and reply quickly with their own version of that code which is very probably backdoored.
This attack cannot be performed if you use SSL! (of course only if they don't have your private keys but lets assume that for now)
Luckily Fox-IT (formerly Dutch cyber security company) wrote a Snort (Intrustion Detection System) module for detecting this attack.
Anyways, Always use SSL if you do anything at all with crypto/sensitive data! Actually, always use it but at the very LEAST really do it when you process the mentioned above!31 -
if you were code, you wouldn't compile
I wouldn't catch you if you were the last exception in my code
your brain is so tiny, indexing it would make no significant performance gain
you are so embarrassing, I can only go out with you in SSL
if you were a pointer I'd move to java2 -
Why the hell do people make websites with VALID SSL certs redirect BACK TO HTTP? What the fuck is wrong with them?!5
-
So I did a rookie mistake this week. Connected a webapp for a client using Nginx and installed the SSL cert for the site. I decided to activate the firewall of the server because hey security. All was well. Went home feeling like I am the shit.
Next day I find out I can't log in to the server over ssh. Only to find out that I had forgotten to allow SSH through the firewall.
I had basically locked myself out of the server. 😞9 -
I hate Wordpress. I hate Wordpress. I hate Wordpress.
Wordpress can take a big shit on itself and crawl into a deep dark hole far away from all that is good.
Who even uses Wordpress? Bloggers? Come on, let’s be honest, they’re using more intuitive sites like weebly, wix, and square space. So WHAT is Wordpress for? I’ll tell you, it’s just to FUCKING TORTURE PEOPLE.
So, being the “techy guy” of the family, a relative contacts me asking for some help with their website because they need to install an SSL certificate but they don’t know how to. I tell them I’d gladly do it because, sure, they’re family and how long can it possibly take to install a certificate? I’ve done it before!
Well, I get to work and log into the sluggish Wordpress dashboard and try to use a plugin that would issue a LetsEncrypt certificate because they are free and just as good as any other SSL. But one plugin after the next I keep getting errors about how my hosting wouldn’t allow it.
So I contact GoDaddy (don’t get me fucking started) and ask them about the issue. The guy tells me it’s “policy” to only be able to use GoDaddy’s certificates. How much do they cost? Oh, how about $100 a year?! Fuck you.
I figured out the only way to escape this hell was to ask them to open an economy Linux hosting account with cPanel on GoDaddy (the site was formerly hosted on a “Managed Wordpress” account which is just bullshit for not wanting to give you any control over your own goddamn content). So now I have to deal with migrating the site.
GoDaddy representative tells me that it should only take 20 minutes for me to do this (I’ve already spent way too much time on this but whatever) so I go forward with the new account. I decide I should migrate the site by exporting a backup and manually placing everything on the new server. Doesn’t it end up taking an entire hour to back up a 200MB site because GoDaddy throttled the processing speed?!
So, it’s another hour later and I’ve installed all the databases and carried over all the files. At this point, I’m really at the end of my rope and can’t wait to install the certificate and be done with this fuckery.
I install the certificate and finally get ready to be on my way, but then I see it. A warning. A warning from my browser telling me the site is only partially secure. It turns out the certificate was properly installed but whoever initially made the site HARDCODED ALL THE LINKS to images, websites, and style sheets to be http instead of https.
I’m gonna explode.
I swear, I’m gonna fucking explode.
After a total of 5 hours of work, I finally get the site secure by using search and replace on every fucking file.
Wordpress can go suck a big one. Actually, Wordpress can go suck the largest fuckin one in existence and choke on it.
TL;DR I agree to install an SSL certificate but end up with much more work than I bargained.38 -
Eh ehe hehe he eh ehehe
On top of burnout, codebase issues, spec issues, burnout, the product butt that keeps on crapping, burnout, burnout, loathing for my employer... My local Apple SSL cert expired. I can’t finish this and push it anywhere for testing. I can’t even run my own specs anymore. And I don’t have permissions to make a new one. I can’t do anything at all.
Ehe he hehe
Deadline is in two days, and I’m just sitting here laughing quietly to myself. I might finally be going crazy
I found a loose bit of tangle, started to pull, and the world decided it was time to fall apart. Reality said it’s time to go. And I wasn’t even a good screwdriver dev. Byeee ~12 -
Android and Full Stack dev here. Also first post.
No boss, i won't call that client to tell him how to configure ssl for his Outlook.9 -
What's your favorite console ? I love my switch, it is portable, has great games and HOMEBREWS.
I've been wanting to start making stuff on it for a while but didn't want to get banned, finally it's possible so here it is my first project : a Devrant client for switch !
It took me a bit cause i was unexperienced with the platform and there are a few technical issues i had to workaround ( like no support for ssl rn and devrant api is only https :/ ) but nevertheless it's here. I'm happy now.
13 -
Security for 2017: Because SSL has nothing to do with security, and just Google's way of increasing it's monopoly...
18 -
6:38pm, Tasklist for today:
- Debug website #1 - DONE
- Debug website #2 - DONE
- Launch a new website on a new domain - DONE
- Install SSL - DONE
- Test e-commerce section - DONE
- activate HTTP/2 for that domian (first time, once it worked it felt rewarding) - DONE
- set up 30 emails on said domain, send out emails on how to reset their passwords - DONE
- play Half life for 40 minutes - DONE
- Download GOT S06E09 - DONE
- cater all emails from clients... - DONE
proudest and most productive day of my life, really8 -
made a password sniffer in python it was really easy how many of you took #100DaysOfCode i took the challenge 8 days today every day i am doing one project what do you think of the sniffer? it currently doesn't support SSL response but working on that right now this is good
15 -
After struggling for weeks with SSL settings I finally asked @linuxxx for help.
Guess what, he made it work in about 5 minutes!4 -
HOW FUCKING HARD CAN IT BE TO NOT STORE PASSWORDS IN CLEARTEXT AND THEN PROCEED TO SEND ME AN UNENCRYPTED EMAIL WITH THE PASSWORD IN IT??? THE SITE HAS A PREMIUM FUCKING SSL AND SAFETY CERTIFICATES YET THEY STILL DON'T COMPLY TO THIS? FUCK YOU! IF IT WASN'T FOR THAT I HAD TO ORDER A NEW SCREEN FOR MY BROKEN PHONE, YOU COULD'VE SUCKED BETTER THAN ME + VACUUM CLEANER.
Sorry abt that. But for real, mytrendphone stores passwords in plain texts and waves a fucking safety certificate in your face...13 -
That moment when your entire application goes down ...
Because someone forgot to renew the SSL certificate. Of course.5 -
SSL FYI for anyone using Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL Certs, Chrome will distrust next year.
https://security.googleblog.com/201...8 -
Me: You need TLS since your users submit confidential data on your website.
Boss: Our hoster has an SSL-Domain
Me: Yeah. But you need TLS not your hoster...
Boss: *confused*4 -
Me: ssl conn cannot be esrablished. Cert is not signed
Sr. Dev/architect: what url are you calling?
Me: dns_name:port
sd/a: yeah, I know that. But what is the url?
Me: *how the f... Did you get 'sr' and 'arch' titles, man???*
Me: why does it matter?
Sd/a: certificates depend on a url. Our LB selects a cert according to a request url
me: *buddy, I like you but I no longer look at you with respect like I used to before today...*9 -
I showed a friend of mine a project I made in two days in Docker and Symfony php. It is a rather simple app, but it did involve my usual setup: Nginx with gzip/cache/security headers/ssl + redis caching db + php-fpm for symfony. I also used php7.4 for the lolz
He complained that he didn't like using Docker and would rather install dependencies with composer install and then run it with a Laravel command. He insisted that he wanted a non-docker installation manual.
I advised him to first install Nginx and generate some self-signed certificates, then copy all the config files and replace any environment-injected values (I use a self-made shell script for this) with the environment values in the docker-compose files.
Then I told him to download php-fpm with php 7.4 alpha, install and configure all the extensions needed, download and set up a local Redis database and at last re-implement a .env file since I removed those to replace them with a container environment.
He sent an angry emoji back (in a funny way)
God bless containerized applications, so easy to spin up entire applications (either custom or vendor like redis/mysql) and throw them away after having played with them. No need to clutter up your own pc with runtime environments.
I wonder if he relents :p9 -
So we send a quote out to a client to update his website to make it compliant with the new privacy guidelines: SSL encryption, removing external libraries, removing Facebook Plug-ins, all that stuff. We didn't get a response.
On Monday, he called in a panic. "The website does not work, fix immediately!"
I check out the server, what do I see? An SSL cert installed the Friday before... Client decided to do it himself, on a Friday, without testing. He broke something, but cannot tell me exactly what he did.
And somehow he thinks all that is my fault :D4 -
First lecture of computer networks. Let's shove all of these abbreviations with their meaning, and possibly a associated port number in one 1.5 hour lecture:
HTTP, HTTPS, FTP, FTPS, SFTP, TCP, IP, UDP, ISP, DSL, DNS, LAN, WLAN, WDM, P2P, TELNET, PGP, TLS, SSL, SSH, MIME, SMTP, POP3, IMAP, IANA, DHT, RTT, DHCP
I really feel sorry for students who didn't have previous knowledge about this stuff..5 -
I bypassed SSL certificate verification because that goddam certificate had some flags which my JVM did not understand and threw errors. Still in prod after 10+ years 🤐1
-
The IT head of my Client's company : You need to explain me what exactly you are doing in the backend and how the IOT devices are connected to the server. And the security protocol too.
Me : But it's already there in the design documents.
IT Head : I know, but I need more details as I need to give a presentation.
Me : (That's the point! You want me to be your teacher!) Okay. I will try.
IT Head : You have to.
Me : (Fuck you) Well, there are four separate servers - cache, db, socket and web. Each of the servers can be configured in a distributed way. You can put some load balancers and connect multiple servers of the same type to a particular load balancer. The database and cache servers need to replicated. The socket and http servers will subscribe to the cache server's updates. The IOT devices will be connected to the socket server via SSL and will publish the updates to a particular topic. The socket server will update the cache server and the http servers which are subscribed to that channel will receive the update notification. Then http server will forward the data to the web portals via web socket. The websockets will also work on SSL to provide security. The cache server also updates the database after a fixed interval.
This is how it works.
IT Head : Can you please give the presentation?
Me : (Fuck you asshole! Now die thinking about this architecture) Nope. I am really busy.11 -
(Instant Message)
Client: Are you there?
Me: Yes speak please.
(Why don't you just leave the message? It's not like having a phone call…)
Client: The contract is ready. I'll send it to you.
(Waited for an akaward 10 minute…)
Client: ???Can you receive it???
(Omg are you doing SSL handshake or what? Just send the file!)
Me: Yes I can pleasre send it to me thank you so much.
So after promoting Flutter to the clients (for whom cross plateform solution are perfect match) for almost a year, today I finally got the first ever Flutter App contract. I believ e time for Flutter is really coming. Wish me luck!3 -
I spent about 5 hours rewriting an in company C# toolbox because I thought it's connection to a Web API was broken. 5 FUCKING HOURS.
Only to then see I was using port 80 for HTTPS...3 -
I've been training a client for a few months now to not use Slack for sharing passwords and other secure materials.
I really thought I had made great progress. I even had him using a password manager. Then out of nowhere he sends the wildcard SSL key pair to me and a handful of other devs in a Slack thread.
At least we aren't storing important information like medical records. Oh wait, that's exactly what we're doing.6 -
Fucking IT and their self signed corporate proxy SSL bullshit getting in the way of anything that needs to verify SSL requests,
Fuck you for making my day a slow and miserable day and having to resort to forcing rest apis and SDKs to work over HTTP instead, all in the name of “Security”.2 -
Had a configure issue on a site running through CloudFlare hosted at WPEngine. Support on chat guy says "can I take a look at your setup" so I screenshot him! He says they're are new ways to point to WPEngine whilst using SSL so I say OK and he points me to a support article which seems accurate. He then says now I want you to change two records so I say ok (not thinking) which I do (stupidly)
Result site no longer reachable.
What do I do now? He says very seriously "you need to wait 24-48 hours for the DNS to propogate"
"Your joking it's a huge site with 20k visitors per day with advertisers on it"
"I'm sorry there is nothing I can do until the DNS YOU changed has propagated"
"I changed?" "Yes you changed the CloudFlare settings"
"You told me to!"
"Is there anything else I can help you with?"7 -
My security knowledge is so bad. But I don't know where should I start.😖
My coworkers know about this, so I don't get involved on related topics.🤤
Last time I asked same question, someone gave me link, and it all about DIY welding metal tubes into a security door.🤦♂️
Any better suggestion?13 -
Does anyone know a provider for webhosting with this needs?
- decently priced (~4€/month)
- domain included
- email stuff included
- no analytics/cookie stuff from the provider (that's the point of change)
- easy sftp access
- ssl included12 -
Me: I need an SSL certificate.
Support: No problem. Just fire up your command line and generate one via OpenSSL.
Me: I'm on Windows.
Support: Ok, so what you do is code a Linux command line from scratch that will run in Powershell. Next, compile OpenSSL from your favorite of 60,000 versions available. Now, just fire it up and you're all set.
Me: Goodbye everything I've ever enjoyed doing in my free time.16 -
I'm a "published" freelance dev!
Last night I made my first web application available to the internet. It's an internal enterprise management system for a small non-profit.
It's running on a single $6 a month digitalocean droplet, and the domain is $12 a year, so yearly cost for them is absolutely rock bottom.
It's written in asp.net 6.0 razor pages, nginx reverse proxy, certbot for HTTPS certificates, fail2ban for ssh protection (ssh login is via ssl keys), entity framework with MySQL.
The site itself has automatic IP banning based on a few parameters like login spam, uses JWT tokens, and is fully secured.
All together, it's a lot of value for about $100 a year.14 -
My company compromises SSL certificates in the name of "security". I can't even use Gmail because Google has identified my intranet as a malicious network executing a man in the middle attack. So they break security in the name of security.6
-
About browsers and whole SSL CERT thing...
Most likely everyone here noticed, that https site with broken certificate will throw these big red warnings, in your face and there is so much wording like "ITS NOT SECUREEEE" or "ITS HACKEDDD" almost like it was written by passionate fanatic.
But when you are on plaintext http browsers reaction is like ¯\_(ツ)_/¯
Even if you have plaintext with password, it will for example in chromium put small little red thingy that almost no one notices.
I believe that broken cert with some error like invalid date is MORE secure than plaintext password, yet still there is this hypocracy with browsers...
I dont say that broken SSL cert is good, or something, Im just pointing out contrast of "broken" https vs plain http.... One looks for casual Joe like end of the world is coming and second is bearly noticable. Da fuck?
I disagree with this approach18 -
Not dev related but still a rant:
My company decided that all the network traffic should go throu a virus scanner. But they don't know what the fuck they are doing, so now EVERY valid SSL cert gets rejected by our browsers because the virus-scanner breaks the SSL encryption.
Anyone open for a pishing attack?8 -
I miss old times rants...So i guess, here it goes mine:
Tomorrow is the day of the first demo to our client of a "forward-looking project" which is totally fucked up, because our "Technical Quality Assurance" - basically a developer from the '90-s, who gained the position by "he is a good guy from my last company where we worked together on sum old legacy project...".
He fucked up our marvellous, loose coupling, publish/subscribe microservice architecture, which was meant to replace an old, un-maintainable enormous monolitch app. Basically we have to replace some old-ass db stored functions.
Everyone was on our side, even the sysadmins were on our side, and he just walked in the conversation, and said: No, i don't like it, 'cause it's not clear how it would even work... Make it an RPC without loose coupling with the good-old common lib pattern, which made it now (it's the 4th 2 week/sprint, and it is a dependency hell). I could go on day and night about his "awesome ideas", and all the lovely e-mails and pull request comments... But back to business
So tomorrow is the demo. The client side project manager accidentally invited EVERYONE to this, even fucking CIO, legal department, all the designers... so yeah... pretty nice couple of swallowed company...
Today was a day, when my lead colleague just simply stayed home, to be more productive, our companys project manager had to work on other prjects, and can't help, and all the 3 other prject members were thinking it is important to interrupt me frequently...
I have to install our projects which is not even had a heart beat... not even on developer machines. Ok it is not a reeeeaaally big thing, but it is 6 MS from which 2 not even building because of tight coupling fucktard bitch..., But ok, i mean, i do my best, and make it work for the first time ever... I worked like 10 ours, just on the first fucking app to build, and deploy, run on the server, connect to db and rabbit mq... 10 FUCKING HOURS!!! (sorry, i mean) and it all was about 1, i mean ONE FUCKING LINE!
Let me explain: spring boot amqp with SSL was never tested before this time. I searched everything i could tought about, what could cause "Connection reset"... Yeah... not so helpful error message... I even have to "hack" into the demo server to test the keystore-truststore at localhost... and all the fucking configs, user names, urls, everything was correct... But one fucking line was missing...
EXCEPT ONE FUCKING LINE:
spring.rabbitmq.ssl.enabled=false # Whether to enable SSL support.
This little bitch took me 6 hours to figure out...so please guys, learn from my fault and check the spring boot appendix for default application properties, if everything is correct, but it is not working...
And of course, if you want SSL then ENABLE it...
spring.rabbitmq.ssl.enabled=true
BTW i really miss those old rants from angry devs, and i hope someone will smile on my fucking torture5 -
Fucking shit, this university's website is so damn slow! Basically Every Semester, every student need to enroll to certain classes in University Website.
But the Infrastructure is not enough to handle such a big amount of students, we have approx. 7000 students enrolling at the same fucking time.
And here i am can't enroll to any class at all this semester. Fuck such a waste of time. This always been a thing since they digitalize enrolling system.
I don't want this to happen again. The student always be a victim since they cannot handle the request. Now, as a dev, i want to propose something better to optimize the server, i have some connection to pass some bureaucracy. I am going to do some brainstorming and I will need some solution.
Here some data i gather when i am mad from my univ infrastructure division :
1. The Server is a simple Local Server Forwarded to the Internet.
2. The Server use Windows Server 2007.
4. Web Server Using Microsoft IIS
3. The Website built using ASP.NET
4. The connection is not SSL encrypted (yes its fucking use the http)
5. Hardware Spec (not confirmed officialy, i got this information from my professor) :
- Core i5 4460
- 4 GB Ram
- 1 Gbit NIC
I will summon some expert here and i hope want to help me(us all) out.
24 -
Freak yeah!!! Just installed my first SSL Certificate on my Ubuntu Server!!!!! 🤘🏾🤘🏾🤘🏾🤘🏾🤘🏾 First time I had my IT friend do it. I thought about contacting him again, but then thought, what the hell, let's give 'er a shot. 2 days and a whole lot of anger and frustration later https:// is a green light!!! 😝😝😝😝😝😝😝14
-
Yesterday evening I began working on an SSL proxying system for dynamic domain names using Let's Encrypt. I finished just a few hours ago and it's working flawlessly!3
-
A year ago it took me hours to get SSL working on my Digital Ocean droplet I was using to host my website. I had no idea what I was doing and even though I 'knew' how to use the terminal and do most things, I wasn't confident or competent to only rely on the CLI.
About a year later (today) I get an email that my SSL is about to expire and needs renewed. Done and taken care of within 20 minutes, (with a 2 hour gap due to waiting for the cert authority to send me the zip of files)
All that time using i3 and moving to Linux is paying off. Maybe by the time I can afford to build my next desktop I can make my main OS linux7 -
There’s no better feeling then doing a full server rebuild, modifying several projects heavily to be portable and keep working under new infrastructure and loosing access to dependent systems.
Migrating everything across, firing up Apache.... and BAM the fucker just works and ssl labs gives it an A (it was a giant F with multiple vulnerabilities yesterday on the old server)7 -
Okay. So my dumbass boss took this project that had a steep timeline. I told him straight up, it won't work because we won't make the timeline. If we do this, I will be the one bending over backwards to deliver. I don't like to promise and fail. I got the oh don't worry let's just try. If we don't make it that's fine. Unfortunately that's not how I work. I refuse to deliberately fail. So I say okay and we begin. I suggested open source is the fastest way to deliver bit the fucked up part is, I am the only senior dev in the team. I will be expected to reverse engineer the open source app to connect our own deployment parameters. Use tech I have never used before. Connect frontend and backend. Handle dns bullshit. I have literally been working on Vibes and coffee for the past two weeks because ofcourse I ran into so many issues. Now I have an extension for Monday and I hate to fail. So I am not sleeping or resting just working on a fucking java app I didnt build and I am expected to make it work seemlessly on our production environment. I made some progress. Deployed frontend, deployed backend. Forgot to connect production dB so I decided to go with azure database for mysql driver since we have credits on azure. Now my java app is pissing itself over ssl handshake. I generate my keystore and add it and now java socket just times out. I want to pummel somebody or a punching bag that looks like my boss.15
-
This is the last part of the series
(3 of 3) Credentials everywhere; like literally.
I worked for a company that made an authentication system. In a way it was ahead of it's time as it was an attempt at single sign on before we had industry standards but it was not something that had not been done before.
This security system targeted 3rd party websites. Here is where it went wrong. There was a "save" implementation where users where redirected to the authentication system and back.
However for fear of being to hard to implement they made a second method that simply required the third party site to put up a login form on their site and push the input on to the endpoint of the authentication system. This method was provided with sample code and the only solution that was ever pushed.
So users where trained to leave their credentials wherever they saw the products logo; awesome candidates for phishing. Most of the sites didn't have TLS/SSL. And the system stored the password as pain text right next to the email and birth date making the incompetence complete.
The reason for plain text password was so people could recover there password. Like just call the company convincingly frustrated and you can get them to send you the password.1 -
I've got this customer who for some fucking reason won't change their DNS to point to our new servers, but wants to fucking stay on that old piece of crap, where we have to ask our sub-provider to generate a CSR to send to our customer to use to sign a certificate to send to us to send to our sub-provider. Because yeah, that's so much fucking easier than just pointing your domain to our new system, and get SSL set up automatically. For fucks sakes! And also, your certificate expires tomorrow, and since our idiot sub-provider hasn't responded to my email about CSR in a week, you basically have no option. So get that thumb out your butt and just switch the DNS!
-
OH MY FUCKING GOD!!!
IT FUCKING WORKS!!!
I tried so long on getting my new Netty based webserver up and running, I think I grew my beard twice... But NOW ITS WORKING!
Need to delete a few unnecessary functions that I needed with the old web server, implement SSL. And I can finally release a version of my framework ❤️❤️❤️
And I might put up one standalone version because - it's the same freaking server every time so I am fucking loving to export it ❤️❤️
9 -
Oh my gosh I hate SSL so much. A cert expired this morning, and with it, 29 digital signs are now offline. Shoot me now.3
-
HTTPS requests in most languages:
Import a couple of libraries, you may need to install a few as well. It's possible that you will need to initialize and set up the socket. Be sure to specify SSL settings. Create the connection, provide it a URL, and attempt the connection. Read the response, usually in chunks. You may need to manually create a buffer of fixed size, depending on if the language has buffer helper classes or not. You will probably need to convert the input stream response to a string to do anything with it. Close the connection and clean up any buffers used.
HTTPS requests in Python:
import urllib
urllib.YEET()6 -
half day gone try to find or remember the password of some SSL/key/encrypt/crt/shit/whatever.
Blaming myself for hours, how could I not save the password somewhere?
#Enter Password:
(I pressed enter, no password).
it works.
I love IT security -
"we have add a lot of cost partly due to currency exchange rate, but we also added some services and servers, we'll have a meeting and see what we can cancel or re-arrange."
So now....
- JIRA is gone
- SEO tools are gone
- budget for site security & SSL undecided
- Servers are too expensive.
$800 for twelve 2-24gb ram servers with backup, I call that bargain
Can't wait to see the websites falling apart. Now where are my popcorns?9 -
A client of ours renewed their SSL certificates without prior notice.
The app we developed for them uses SSL pinning.
The app does not include the new certificates.
The entire userbase is hereby locked out of the app.
Fun times ahead 🙃1 -
me: *hosting docker registry for our team*
me: *sets up ssl and cloudflare dns and shit*
me: *tries to push to registry*
my pc: *413 rEQuEst EnTITy tOo LarGe*
me: *spends 4 hours scrutinizing the shit out of my nginx configs*
me: *finally finds cloudflare sitting there rejecting all of the requests... that cheeky bastard* -
Did anyone else notice how setting up a letsencrypt.org certificate for a domain became a lot easier as this year went on? Certbot + automatic renewal was set up in four commands on my RasPi, I remember it being more difficult to set everything up 🤔1
-
could never figure out how to configure ssl because of google clouds insanely complicated documentation.
today i found a digital ocean guide that explains its a simple installation of certbot, run it once and set it to auto renew....
fuck you google5 -
Being a sysadmin can be the most frustrating thing ever, but it's worth it for those moments when you feel like an absolute ninja.
Switched from single threaded gevent server to an nginx configuration, added ssl, and setup a reverse proxy to flask socketio, all with less than 10 minutes aggregate downtime. On the prod server. \o/3 -
Got my program hooked up to an external sql database that’s ready to be fed into by PHP, hosted on an SSL website, fixed up all the other bugs with TONS of other stuff.
4:23 A.M. and feelin’ good.1 -
When I was a wee little lad of 13, still with that hopeful gleam in my eye, I signed up to work as the webmaster for a local org.
At the time, I had played around with HTML and CSS and a little JavaScript, and I thought all I'd be doing was updating some pages with announcements or whatever
I got paid in SSL, which is a thing kids in Maryland have to do to graduate, and the whole idea is that you need to do 75 hours of volunteer work in your community
The people there promised me 8 hours a month for what I thought would be easy work, and so I eagerly signed up.
What I thought would be updating a few html files and emailing them to the org was actually having to manage a full on server running PHP4 LAMP stack
Needless to say, I was overwhelmed. I tried to make the updates they wanted, but I had no idea how to write PHP, let alone manage a database and server.
I think I got out of it by just never responding to their emails once I realized how fucked I was, but that was definitely the worst learning experience of my dev career1 -
when I hear clients says they spent a fortune on SSL cert. I Wonder for that poor soul, you know what I mean.4
-
Diffie–Hellman key exchange is not allowed in this area. For your convenience, an SSL stripper was placed on to every near network.
2 -
So my brother went back to school today. Now, during the 5 years I was there they had the most shit security on their IT systems, but aparently now they have fucked up their ssl. If you try to load the https page it comes up with the warning saying its an invalid certificate, but once you click it, it doesn't even load the school website, it loads this random page. Clicking on the buttons then take you to a page under their domain provided by another school. Going to this schools website, the https seems to be broken in the exact same way. It wouldnt be so bad, but it can confuse the hell out of people who type https before a url, and thos who dont realise and end up on the insecure site will need to provide passwords over an insecure connection. I am so glad im out of that place, they had such crap IT and everything was so easy to break.
1 -
Did you know, that you can just type 'thisisunsafe'? This will tell Chrome to skip certificate validation 🤯
1 -
So I just recently had the pleasure to set up a Rails environment for a friend on Windows. I haven't used Windows in about 5 or 6 years, and the person I had to set it up for doesn't know much about programming at all.
I all went fine at first, install database, devkit thingy and git. Then set up the project itself. And there is where the problems started.
First windows would refuse to use SSL, because of some weird bug in the Windows version of rubygems. The suggested upgrade did not work so I had to switch some gem sources to insecure connections, but at least it did install everything correctly.
Alright, I thought, that's not _that_ bad, everything is running now.
He sent me a screenshot some time later. Something was wrong with the JavaScript runtime, and I could not figure out for the life of me what the issue was.
Later again he sent me another screenshot.
His Antivirus spyware was messing with the asset pipeline. (╯°□°)╯︵ ┻━┻
This was the point where I just said "FUCK IT, i'll just put everything into a fucking VM and let him use that".
I should have done that in the first place.
Long story short:
Setting up a development under Windows is painful.
Do yourself a favor and just use a VM.3 -
FUCK YOU YOU SHITTY COCK SUCKING BITCH MOTHERFUCKER.
GO DIE IN A HOLE THEN GET RAPED IN HELL. I REALLY HATE THIS SHIT.
FUCK OFF GOOGLE.
12 -
First off murphy is a bitch. Week started off good, nothing bad happening then friday night came and i get an email about a site being down. Ok check it out real quick, cert is expired. No real big deal just a 20 minute fix, didn't bother me that i didn't get an expiry alert. Now is where murphy decided to be the biggest fucking bucktoothed cocksucker, generate a csr for a wildcard domain using an existing key and sent it off when i get it back the private key doesn't match the cert. Again ok maybe i fucked up, generate a selfsigned cert no fucking problem. Contact support to see if they have an idea. Oh now is when it gets fun, the fucking dumbass preceded to tell me how i didn't know what i was doing and how i just had to generate a csr and private key at the same time after i explained to the bastard that I've already tested it with a selfsigned cert. (How does this fucker have a job) By now apparently i was pissed off enough to scare murphy's pansy ass away cause i told the fucker to refund my money, got a list of 30 subdomains and setup letsencrypt on it. Now the part on this that is fucking hilarious is that it took me damn near 24 hours to be called a fucking idiot from a guy that doesn't know his ass between a hole in the fucking ground and 30 minutes of being pissed off more than i have been since i took anger management classes in the 9th grade to say fuck it and switch.7
-
What's up with almost every other site having invalid ssl certs, even though they are signed with a future date and by LetsEncrypt, did chrome again distrust a batch?6
-
Holy fuckin shit. Fuck java updates.
Today we deployed to production with a java app. For whatever reason it didn't work, just throwing SSL errors left and right.
Same app works on dev and qa
There's only one tiiiiny difference: Java 8 141 on dev/qa, Java 8 171 on prod
Guess what happened in 171 ... they updated the CA
rip 4h debuggin5 -
No, Steam support, I don't wanna see your copy-paste shit, I just want you to fix your broken SSL on one of your server...
I hate writing to support so much (doesn't have to be Steam). I just want to see a human approach for once, but all I get is copypasta bullshit.2 -
Am I bad? I charged a client for an SSL Certificate and installation, but just used LetsEncrypt instead, cost me fuck all.6
-
Hi.
Forgot to renew my expiring ssl cert of my smtp/imaps/pop3s on 12/31. Set that date to self-harm me for bad monitoring.
F**K F**K F**K F**K...
Why do I do that?
F******K!
Meh.
You shall have a happy new year... i will regen certs :D -
telco sysadmin: hey maybe we should secure our SMTP server with SSL and password verification so our clients can e-mail safely!
senior exec be like: nah just filter incoming connections for our own IP-range, that'll do.
result: I can impersonate any client of the telco and send e-mail in their name (from any home network connected to that provider), but I can't send e-mail over cellular network.1 -
How the hell are you going to have a WebDev degree and not know what SSL is in 2022.
I also shouldn't be the one to notice your CPanel has a ton of unnecessary extra files and folders, and when you go to a subdomain corresponding to some random folders we find a "hacked by some dude" message. : |
I get your mom paid for the domain and hosting for you but you should really fucking know that information yourself.
And I don't care if your mom says 'everything is fine' on her side. You were hacked you need that information so you can tell when things are added that shouldn't be and in this case notify the host site in case the issue is on them while also knowing how to reset everything properly site specifically
Fuck. I should start charging my friends for being stupid and taking my time with things they should know how to do.
My degree is an associates of 'General Programming'. They have a degree in specifically 'Web Development'
90% of my web development knowledge is self taught. If her program didn't cover fucking ssl she needs her money back8 -
Boss: We need you to configure our Apache Tomcat server for SSL.
Me: Okay, what version of Tomcat is installed?
Boss: 5.5.20
Me:
-
Decrypt api responses in an iOS app which my “senior” dev thinks it is more secure to encrypt responses in stead of setting up a proper SSL cert (they use plain http to save money 🙄)
They disable the encryption since it does not function as we wanted and set up SSL instead🙄4 -
I made a bit of a tradition of building a list of hardware that's superior to whatever Crapple is releasing whenever Crapple releases something - and for the first time, I decided to make it public instead of just sharing it with some coworkers.
Making it public however took some time (luckily, yesterday was a holiday here, so I got it done now) - at least, making it looking "not like shit" took some time.
So enjoy my (very basic) bootstrap templated, yet possibly useful list of builds superior to the Crapple Rag Mini (which is a completely fictional entity not resembling any existing company in the world. Promise. Totally. Penguin's swear.)
The list can be found here - expect to see an update anytime Crapple pushes new shit to the market:
http://il-pinguino.com/superiortocr...
(possibly not safe for work, children, catholics and SJWs). Yeah, no SSL cert, currently. Hell, it's a private server, it doesn't process any of your info and it doesn't offer downloads... I might add one in the future.
I hope you can forgive my shameless self-promotion, it's not a commercial site, there are no ads/shitcoin miners on it and i don't get a share/cut/whatever - just a small humorous joke project. For now.
BTW: I didn't attempt to build any of those. It should work, but please don't sue me if it doesn't.5 -
So a week ago my boss asked me to design + build/write code for our new site from scratch.
Meanwhile the old website they have had for 5 years is still without SSL and looks pre-2000.
It's supposed to be finished and be mobile responsive by tomorrow.
I'm the digital marketer.3 -
Vodafone India is so shit omfg
Run npm install, ERROR json parse error due to ssl exception
Run pip install, again ssl exception
Run gradle build, again ssl exception!!!
Now everytime i gotta make a new project or install a dependency in anything, i have to pray to the blood god that cache contains a valid/uncorrupted package dependency or else ill have to nuke cache and borrow internet from someone else.
Once i port it to some other operator, i am gonna incinerate this mf sim.12 -
Debugging TLS failures.
In Java.
With the funny certstore cause "we need to do this by ourselves".
Fucking shitty broken pile of cunt code.
At least the debugging output is good.
As much as I love TLS, debugging it is a nightmare and when a programming language like Java decides to wrap it, it becomes Ctulhu.
OS
- TLS Library
-- TLS Certificate Chain
- JDK
-- JDK SSL Handler
--- JDK Certstore
---- Java Library Abstraction, eg. WS SSL
Joyfully fingering of a tentacle arsehole.2 -
I don't understand why they're still calling it SSL. It was buried long ago by TLS.
Fuck this marketing bullshit, just fucking call it TLS already.1 -
Today I had sort of a meltdown when I found out that the small, 20-something company where I work and where we should all 'trust each other' is working to stealthily enable SSL Inspection.
I'm done with doing anything other than what is stipulated in my contract such as helping out in other areas out of my own volition.
Management got control hungry and mad once they got their hands on a Deep Inspection Firewall.
Well, I'm not feeling sorry for the uproar they'll have to endure once colleagues find out they are doing this stealthily.
Serves them right and after this and other similar experiences my trust in this company is right through the floor.2 -
Super duper Marketing guy gets hired to boosts Eshop sales. Sends a huge wall of text about moving the site to the X VPS hosting plan, put SSL to the site etc..
Me: We are already on that hosting plan. We have SSL and everything else you mention. Are you sure you checked the right Eshop before you made that Grand Plan of boosting sales? 🤣🤣🤣 -
Spending hours trying to figure out why the stack just won't work with SSL. Nearly lost my mind as we started feeling dumber than ever. I really started to doubt my skills after it did not even work with the most minimal nginx site config I could imagine.
The next day I discovered that we missed the 443 port mapping in the docker-compose file...it only had port 80 mapped.
Yup, stepping back from a problem and getting some sleep is really worth it sometimes. -
Anyone else ever had to install Jekyll on Windows?
Man, what a displeasure the last four hours were. SSL errors everywhere because Ruby versions have differing SSL certificates for downloading gems or something, having to install the devkit three times, messing with Linux Subsystem and finding out the Ubuntu repos do not have a new enough Ruby version to support what you're doing.
All this to have some fun with GH pages. It's physically exhausting.2 -
SSL should really stand for "Satan's Security Layer", because anytime I have to deal with it, it's always a major pain in the rear. (And an expensive pain at that!) Why in 2016 is the SSL process so bad.3
-
Server migration status:
One of our Windows servers took less than 20 mins. SSL and bla bla everything done.
Linux server was a lil bitch but we got it going for the most part .....sigh...
Still using Linux as my primary desktop at home but geezus man. We really need a dedicated master wizard Linux sys admin for this mofocka1 -
* Developing a new "My pages" NBV offer/order solution for customer
_Thursday
Customer: Are we ready for testing?
Me: Almost, we need to receive the SSL cert and then do a full test run to see if your sales services get the orders correctly. At this point, all orders made via this flow are tagged so they will not be sent to the Sales services. We also still need to implement the tracking to see who has been exposed to what in My Pages.
Customer: Ok, great!
_Friday
Customer: My web team needs these customers to have fake offers on them, to validate the layout and content
Me: Ok, my colleague can fix this by Tuesday - he has all the other things with higher prio from you to complete first
Customer: Ok! Good!
_Sunday
Me: Good news, got the SSL cert installed and have verified the flow from my side. Now you need to verify the full flow from your side.
Customer: Ok! Great! Will do.
_Monday
*quiet*
_Tuesday
Customer: Can you see how things are going? Any good news?
Me: ???
*looks into the system*
WTF!?!
- Have you set this into production on your side? We are not finished with the implementation on our side!
Customer: Oh, sorry - well, it looked fine when we tested with the test links you sent (3 weeks ago)
Me: But did you make a complete test run, and make sure that Sales services got the order?
Customer: Oh, no they didn't receive anything - but we thought that was just because of it being a test link
Me: Seriously - you didn't read what i wrote last Thursday?
Customer: ...
Me: Ok, so what happens if something goes wrong - who get's blamed?
Customer: ...
Me: FML!!!2 -
I'm fiddeling around with progressive web apps. I made something and hosted it on a subdomain. Today I made a typo and found my app on an other domain. All my assets and files are copied there. He even uses my SSL certificate.
It's not that spectacular. The app is nothing "revolutionary". It's just the first time it happend to me.
Have you ever found your code on other websites ? How did you react ?7 -
spent the entire day trying to get ssl to work 😩
it works now, but honestly, it's draining to spend so much time on config4 -
Since, I am already using Mullvad's vpn service, I also stumbled on https proxies.
Is it still safe to enter my devRant login data, when I would use a https proxy in FF's settings?
The Proxy is a free elite https proxy.
And devRant also uses SSL.
The traceroute would seem like this I guess.:
VPN(*le me sendin my password -> SSL Proxy -> SSL DevRant)
--------------------
Following that path, I would assume that it would be like this in detail:
HTTPS Request
-PW gets encrypted by VPN service
-" " " again " HTTPS Proxy
-" " " again " devRant itself9 -
Set up an Ubuntu AWS ec2 instance running nodejs reverse proxied by nginx, kept running by pm2 and SSL provisioned by certbot.
I know that sounds like nothing but buzzwords but it really felt awesome to get a little node app stack sorted out!4 -
Docker with nginx-proxy and nginx-proxy-le (Lets Encrypt) is fucking awesome!
I only have to specify environment variables with email and host name when starting new containers with web servers, and the proxy containers will automatically make a proxy to the new container, and generate lets encrypt ssl certificates. I don’t have to lift a fucking finger, it is so ducking genius2 -
What makes free ssl "Unsuitable for e-commerce websites", Please read to end to see my view point.
From Namecheap:
Free Certificates are domain validation only which means they don't certify the identity of the website owner, they simply ensure a secure connection. Customers can't be sure of the integrity and trustworthiness of the website owner. If you need to secure credit card and personal information on e-commerce websites, free certificates aren't the answer. It's important your customers trust your business is safe enough to hand over these details. To gain this trust, you need a certification of your authenticity, which you can only get with a (paid) Business Validation or Extended Validation SSL Certificates.
https://namecheap.com/security/...
* "To gain this trust, you need a certification of your authenticity"
~ But isn't that just Domain Verification and other Extras, What justifies somebody or business's authenticity? Tax Id, Valid Address, Nobody is going to study the ssl cert to make sure that amazon.com is a valid business and has a tax Id.
* "domain validation only which means they don't certify the identity of the website owner,"
~ Wouldn't this just be the domain validation test that is required when using services like LetsEncrypt using Certbot etc, or are we referencing back to this idea that they look for a Valid Tax Id sort of thing?
* "If you need to secure credit card and personal information on e-commerce websites, free certificates aren't the answer"
~ Why is the paid version going to do double encryption, is the CA going to run a monitoring tool to scan for intrusions like a IDS or IPS? (disregard the use of DNS Validation being in the picture)
Am I missing something, this just seems like well crafted text to get people to buy a cert, I could understand if the encryption was handled differently, Maybe if they checked the site for HSTS or HTTPs Redirect or even, They blocked wildcard SSL before and now with the paid its included, but overall it doesn't sound like anything special. Now I'm not just picking on namecheap because domain.com does the same.14 -
With a recent HAProxy update on our reverse proxy VM I decided to enable http/2, disable TLS 1.0 and drop support for non forward-secrecy ciphers.
Tested our sites in Chrome and Firefox, all was well, went to bed.
Next morning a medium-critical havock went loose. Our ERP system couldn't create tickets in our ticket system anymore, the ticket systems Outlook AddIn refused to connect, the mobile app we use to access our anti-spam appliance wouldn't connect although our internal blackboard app still connected over the same load balancer without any issues.
So i declared a 10min maintenance window and disabled HTTP/2, thinking that this was the culprit.
Nope. No dice.
Okay, i thought, enable TLS 1.0 again.
Suddenly the ticket system related stuff starts to work again.
So since both the ERP system and the AddIn run on .NET i dug through the .NET documentation and found out that for some fucking reason even in the newest .NET framework version (4.7.2) you have to explicitly enable TLS 1.1 and 1.2 or else you just get a 'socket reset' error. Why the fuck?!
Okay, now that i had the ticket system out of the way i enabled HTTP/2 and verified that everything still works.
It did, nice.
The anti-spam appliance app still did not work however, so i enabled one non-pfs cipher in the OpenSSL config and tested the app.
Behold, it worked.
I'm currently creating a ticket with them asking politely why the fuck their app has pfs-ciphers disabled.
And I thought disabling DEPRECEATED tech wouldn't be an issue... Wrong... -
Me and the dba are slowly migrating parts of our JVM stack into .NET AND even tho I love and will always love Java and its ecosystem....I am glad.
IIS as a server is something that I actually look forward to since deploying shit to it is always a breeze
Installing ssl certs is a breeze
Everything is a fucking breeze
Before any of you cocksuckers say anything: this is my opinion only5 -
FUCKING SOURCETREE!!!!!!! HOW THE FUCK DO U MANAGE TO BREAK YOURSELF MORE AND MORE...
Got a new PC so had to reinstall and apparently there's a new version, new UI/UX.... works ok... fine... :(
Now after some autoupdates the Bitbucket URL isn't recognized and I need to get a new repo....
I copy the URL (sourcetree://...) from the button but then ST complains some stupid HTTPS SSL cert error..... FUCK!!!
Tried IE, doesn't recognize the URL....
Last resort... I look at the URL itself...
hm.... points to a *.git file
Ok lets use git shell on another repo and get the remote address...
ssh://git@....
FUCK U!!!!!!!!!!!!!!!!!! HAD TO MANUALLY REVERSE ENGINEER AN SSH URL BECAUSE U CANT WORK WITH URSELF...9 -
when you cant be arsed to do icons so you just use emojis for button icons.
btn.textContent = "🗑️"
because icon sets now have their own apis (like what ever happened to icon fonts?), and documents explaining what scripts and commands to run to *install fucking plugins* on software written to *supplement* doc servers. plugins and software whos host site returns an SSL error. nice.
to use web icons. downloaded only on request. from other sites.
seems kind of eh, tower-of-baylon to me. like a bird landing on the electrical lines near your house might cause a blip and break one or two icons on your slick 2020 web app.
idk just seems unnecessary, like if you're small, your gonna want to embed your fonts on the webpage instead of overcooking things and hosting *a fucking server* just to serve an api for fucking *icons*. and if you're large you're gonna reduce those requests anyway12 -
How would you explain SSL, certificates, and CAs to a layman?
I just spent 30mins trying to explain it to them in a chat (related to Mpngo driver configs and the sslValidatrle flag), they sorta went silent on me so not sure if I explained it or understood the roles/purposes correctly...
One example I used was it prevents a man in the middle attack where your connection gets rerouted to another server. If the CA didn't recognize the cert the new server replies with then it rejects it and prevents the attack.7 -
What disturbs me is when companies uses invalid ssl certs for internal services where you have to login with your company credentials.2
-
So I walk past this everyday decided to finally take a picture:
http://www.ssl.co.nz/ that's the link to their website
2 -
I want to cry... Fuck it.. shiit. .. :( :( ;(
Wasted half of the Weekend to Setup MySQL on my vServer which uses ssl encryption, have specific User and so on.
Thought: well, the User mysql is not so good as a Name. Drop it, you don't need it.
What did I? Instead of Drop User mysql , I typed Drop Database mysql.
Fuck that fucking Shit. I'm so sad right now. Broked the complete MySQL Database. Nothing is working anymore. And the server is new, I've Just made One Backup. Deleted this a few hours ago.. also accidently.
Help me :( Shit :( so sad :( Now, I don't have Motivation anymore to work with the vServer :(3 -
Why in fuck's sake would you create a new service and not offer TLS/SSL to your free tier clients ?9
-
On every website I visit, first thing is to snoop who gave the SSL certificate to the domain
Idk why I do this2 -
Fucking docker swarm. Why the hell do they have to change the way it works so damn often. Find a good workthough and its not fucking valid anymore cause swarm doesnt use consul to catalog swarm nodes anymore. Well fuck thanks docker now i have to rethink my architecture cause you fuckers wanted to do something half assed.
Sad fucking thing is the change that made you do that shit in the first place doesn't work right for ssl so your damn mesh network is fucking useless for any real world uses unless people like me rig the fucking hell out off it.
Another fucking thing how the hell haven't these fucktards added a shared storage yet, come the fuck on. -
When your Comapny uses way to many certificateS, .p12 and .msc files so Everyone's local breaks after each package release.... It's like building a house of cards on a windy day
-
view-source:https://www.google.com/?gws_rd=ssl
“Oh my GOD! I've heard of obfuscation, but this is just hell in text format!”5 -
me: block all in&put connection
firewall: ok
me: open port 22 for local network
firewall: ok
me: enable firewall
firewall: ok
me: restart pi
firewall: allow me connect
me: open port 80 for local network
firewall: ok
me: open port 443
firewall: Oh! i have to block icoming connections on port 225 -
Maaaan, we all knew it was coming, we were warned, again and again, yet still, when Lets Encrypt's old root CA expired today, we found out a tool we were using to get new certs (Not cerbot, custom wrapper around acme-tiny) included the old root in the chain.
So... A few hours ago, some of our servers started having connection issues.
Great final 3 hours of today. Better luck next time I guess? Still, despite the little hickup, Lets Encrypt still remains as one of the biggest revolutions in the adoption of SSL, they're the good guys.5 -
School decided to shut down their WiFi for "security" reasons (Everyone used a VPN and they were dumb fucks at networking, blocking sites like Google for having an invalid SSL certificate).
Now I'm forced to use my mobile data to keep using my Arch Linux laptop D:3 -
Omg, freaking web sockets.. But I figured out how to run a socket server in SSL with the certificates in a root folder. Seems like an early night for me!
-
I made a web project that can generate gifs from webcam. Can't complete it because I don't understand how to use SSL with Azure ☹️12
-
My job in company to developed e-commerce website as a full stack developer.
History of that project.
Company paid 300,000 INR to the local web development firm for developing previous website and they developed website without bootstrap/SSL/Even save information of high profile client in plain text.
I am not angry on that web firm ,I am laughing on my company because such client never trust on independent developers who work hard ,code day and night to complete freelancing projects.
I hope my work will make differnce in their selling. -
For you freelancers out there, I've been working on trying to make some income with it locally, making single page static sites for some local businesses and restaurants so that I can get a couple hundred for making the site and a little over the cost of hosting each month residually, offering like one free menu change per month, but all redesigns and support being hourly.
I want it to be accessible pricing cause like 5 of my favorite places to eat have defunct sites that I think weren't worth the cost anymore, and I'd love to be able to see up to date menus and hours and I'm certain others would too.
Basically, I'm trying to figure out what hosting would be best for this and if I'm being realistic enough with pricing. I like the idea of surge.sh, but I feel like 12/mo for a custom domain SSL, which is good for SSL, is higher than some of the other alternatives for a lightweight one sing page site.
Any help would be great, Have a great new year guys!3 -
Email from vendor: "Will you require SSL?"
WTF. So many problems with this question. Am I alone in my frustration? What problems do YOU see with that question?7 -
It was the worst local Hackathon. It's not even a Hackathon either, where the whole event spanned over 2 months.
It was a group entry with me and 4 teammates. Each of them did contribute:
Guy A: criticizes what is built and designed
Guy B: offered financial tips on how to make this thing feasible
Guy C: did UI but in graphics. No CSS file, just bits of graphical elements.
Guy D: family commitments
And then there's me, writing documentation, built the entire project, wiki, drove the project, prepared the presentation slides, tests the framework, unit tests, stuck with stupid problems like SSL, localhost, Google Maps Key and the likes.
And we didn't even win, let alone launch this thing, whatever it is, to anywhere. Never doing group projects again.
I'm flying solo for now -
When I thought things couldn't get crazier that my vmware to win chrome mess.....
Doing an upgrade today when I have to VPN in from my mac to access a Web based secret server to get onto another VPN so I can RDP onto a Windows bastion host to then RDP to client windows servers within the RDP and from those hosts need to use putty to ssh into Linux servers to do the admin activities......
Now I'm obviously all for security but seriously VPN to RDP to RDP to ssh is just a bit mental......
But all of the SSL certs between each env is self signed anyhow......2 -
FUCK MY MOTHERFUCKING LIFE! FOR GOOD THIS TIME!
I worked about 6 hours straight today to get SSL up and running, so you can include your own certs in my framework. This worked without any problem in Netty. Even forcing SSL was without any problem.
And then I tried to fucking show an image and this motherfucker won't load. I tried to copy code examples from fucking any source I could. As I gave up I tried to comment out a Netty decoder.... AND IT FUCKING WORKED!
FUCK YOU NETTY DOCUMENTATION!!!
FUCK NETTY, LONG LIVE NETTY!
7 -
So I reverse engineered the
protocol of QONQR: World in Play and made a mitmproxy addon running locally inside termux that can see when I launch in the game and uses Termux:API to notify me when my ingame resources are replenished.
I direct the traffic through mitmproxy using Drony. I configured it so that by default Drony passes traffic directly to the internet except if it comes from the QONQR app.
The problem is that while Drony is running, there is a chance of network traffic being corrupted so I often get spammed by connection and ssl errors.
So I have to either continue sacrificimg my network integrity or stop getting assistance ppaying QONQR :-/
Does anyone know an alternative to Drony (basically an app that can connect you to a proxy without root using the android vpn api, if possible with filtering by app or ip)?
Also does anyone else have problems with drony on Android 9 or other versions? I don't really have an opportunity to test it.
Edit: It only took 4 tries to post this yay3 -
So I was thinking about SSL and trying to understand it (random thought that just came up while eating lunch). I came up with this analogy, not sure if maybe I've heard it before... Is this understanding correctly?
A and B want to send letters but make sure no one other than them can get in on the conversation or impersonate them.
Each is able to create a pen and glasses that must be used to see the ink.
So when they first connect, they exchange the pens.
So even if a middle man can duplicate the pen he can't actually read what anyone is saying. And if he tried to write something, the receiver will know it's not sent by the other since it makes no sense. So they then write a new letter and agree to send each other new pens and use new glasses?1 -
Why the fuck open source solutions need to be such a load of bullcrap? I've spent a week trying to set up every single self-hosted video conference software, and the only thing I've got is a shorter lifespan.
How the fuck does your (judging by GitHub, well maintained) software only support Ubuntu 16.04? And I mean ONLY, there's no support for docker, or any other distro either, and we're only weeks from getting the second LTS since 16.04. And why the fuck does documentation tell me to manually go through 20 different config files just to enable SSL?
Why the fuck doesn't your official AWS cloudformation template include VPC or other required parameters? I've had to rewrite the whole thing just to get a valid stack you dipshit!
And how fucking hard is to make your software look decent, I can't expect clients to chat with me using something that looks like an incest child of 2003 MSN and eDonkey?
Oh, and it'd be fucking dandy if your documentation wouldn't return 404, maybe I'd be even able to test what your product has to offer?
I guess after everything I've tried I'll go with Jitsi; it seems the most decent, although it lacks some pretty basic features like limiting chat features for guests.22 -
When your website's SSL certificate expired two months ago, the likelihood of me trying your software is less than zero.
-
Why is Docker + SSL certificates so confusing? Or do I just have bad resources?
I just want to know how to compose an Docker, Nginx setup with encryption.11 -
Does anybody knows if letsencrypt SSL works with Cloudflare or not?
Because I'm unable to use letsencrypt SSL while using free version of Cloudflare :(5 -
Apple and its bundle identifiers, APN SSL certificates, provisioning profiles and review process just took a 5 hours of my life.2
-
FINALLY got Chrome to accept my self signed ssl certificate on OSX!!!!
F*ck this has taken waaay to long....
For anyone seeking advice, look here:
https://alexanderzeitler.com/articl...9 -
This fucking manual with their abstract ssl section is driving me nuts. Why do you need so many keys? Fucking jks!
Fuck your pseudonyms, and why in the name of the holy cunt do you have to cope them with aliases?
Jerry, barry, tango. You all get a fucking certificate!
Jerry is an asshole, barry is a cuntand I don't even know who tango is, but fuck tango in particular! -
okay. Just had an interview for a web application engineer role. It was a catastrophe. Basically, they are taking care only of things I was never worked with, like certification management, ansible deployments, bash scripting. ?? What? Like, what the hell? Guys, I can make you a nice javascript game, or laravel website, eventually mount the routers and switches, configure and automate the networks, but certs... for me ssl is just an extra checkbox when I'm buying a new domain. I asked the recruiter like 5 times, please tell me what the hell is the role about, he doesn't knew... I think, I'll just give up this applying for a jobs stuff, and stay maintenance engineer, dig into plc-s and etherCat even more and forget the IT career completely...7
-
I don't know if SSL saved the leak of the shitty useless information that our application and customers send over the network. I really don't care and I don't know.
What I know, oh yeah, is that every time there is some trouble with SSL my day is fucked up3 -
So, I made this API which logins to the system and Used it in an android app, there was one roadblock to it, that everytime user enters a password, it has to match the password hash so I, excitingly, used password_verify($password,$passwordHash), unknowingly that it is fucking unsafe and the code is still there, and here's where it gets interesting it is not over SSL/TLS. Fuck me, any bright solutions?27
-
Am I missing something here? Lets Encrypt auto renews SSL every 90 days....BUT it will fail if you have .htaccess re-direct set up to https. So you would have to switch off the https redirect, manually renew, then switch it back on again. Thats fucking crazy. I can’t find a way round this. The hosting co set this up but are encouraging people to buy one of theirs when the renewal fails. a cunning plot to get more of their own SSLs. Any ideas?7
-
So I am debugging a connector library for an api that users curl.
I am fighting my ass off with errors and a lack of debug, testing or thought for CI
Take a poke around this set of classes only to find.
Postman token in the opts. and a removal of ssl check. What you straight copied from postman.
Like seriously clean up your fucking code if you are gonna put something out as production ready to your team.
Console.log('fuck'); -
GoDaddy. Is. The. Worst.
I'm working on an SSL cert domain verification for a client. The chat support tech at GoDaddy has no freaking clue what she's doing. She keeps telling me to follow the same help article I already knew about the first second I heard I needed to do this job. It didn't work. But she keeps going back to it, sure that I'm just a complete and utter moron who doesn't read. Never mind that I have screenshots to prove everything she's telling me is 100% wrong according to every error message this process is generating.
Now she's checking with the "SSL team". Which is code for "I have absolutely no idea what I'm doing and I'm frantically searching the FAQ database to figure out what this SSL thing even is."
That's what the last hour of my life has been. And 20 minutes of that was waiting in the chat queue.5 -
How do I make my blog https? I have a blog using Jekyll and GitHub pages. I have a custom domain so I tried cloudflare free SSL plan - destroyed my DNS records. Haha. Any good post for me to follow and get that green padlock?8
-
Successfully wasted more than 12 hours in debugging SMTP issue. ColdFusion email script was throwing SSL error. What was real issue? The Web Server IP Address was blacklisted in the Email Server.
-
I made a wordpress website to one of my friends long time back as he wants to teach online and sell his videos. (he is studying MBBS)
Yesterday suddenly he calls me and says our site has been compromised and its not longer secure.
Me: After seeing screenshot, no actually site doesn't have ssl and in recent chrome updates http site is being flagged.
He: Okay, I saw video on youtube how to buy ssl.
Me: its not just installing the certs, all the links and images has to be on https so it will take sometime for me.
He: Today, Website is no longer opening please help after putting ssl as per the video...
Me: What the hell? Who asked you to do that? Are you nuts?
He:................. Sorry, 😐2 -
Chrome browser was installed on my new PC at work by IT as a piece of software we get as default.
I've been having an issue where certain sites seem to fall SSL.
I contacted IT and their only response was that it must have been installed by mistake and that don't support it.
When I informed them that it was on every new PC I had seen they said that's not possible and I'm the first case they had seen.
WTF, our IT department is so screwed up that they don't even know what their rolling out to our PCs.
Even worse I've been made to feel like I'm doing something wrong by using software they don't approve of, even though they installed it.
I think I'm sending tonight getting an old laptop set up with linux do I can connect to the guest Wi-Fi at work. At least then the PC is under my control.4 -
Since last update (version 63) Google chrome forces all *.dev domains to use https. Guess who used a *.dev domain for his local development virtual machine and now have to switch to *.local ...
Removing the HSTS Rule from chrome seems not to be possible and surprisingly I could not use a self signed SSL certificate to make it working again.3 -
I fixed one problem we had at work with SSL over a year ago. Since then, whenever anyone has any problem vaguely to do with SSL, they come to me. The "expert". So I guess I'd like to become what I'm already perceived as... SSLman1
-
The concept and execution of inter-cluster SSL along with keystores, truststores, signing, and similar just clicked in my head today. I feel the burden of undiagnosable https errors just melt off my shoulders. Any other environment tips I should know for kubernetes?
-
Which of the following is related to Alert Protocol in SSL?
A. SELECT, ALARM
B. ALERT, ALARM
C. WARNING, FATAL
D. FATAL, ALARM
E. SELECT, FATAL
F. I don't always use SSL3 -
Dear facebook/instagram
When in sandbox mode, please dont require https redirects, my localhost server has no concept of what an SSL cert is, its sandbox for a reason.5 -
SSL issues when behind a proxy.. i think.
Troubleshooting and solving issues are difficult when you just follow a guide about something you need :i -
So.. I spent some non-trivial time trying to call a soap service via SSL in a java application struggling with SSLHandhakeException. I tried quite a few things with the certificates, none of them worked.. until we found out, that I added the right certificates to the truststore of the WRONG java :-/
Conclusion: when working with java cacert files, run
echo %java_home%
first (you can thank me later).4 -
Searched for an error message hoping to find StackOverflow. Found GitHub showing me the code that produced the error message instead.
I haven't had enough coffee to understand somebody else's code today. I'll keep debugging myself before I read your code, thanks. -
Ok can someone explain this to me, i cant get it to function properly on chrome. Others are fine...
7 -
Ok, so i got this new machine and whilst migrating I want to stay online with certain services. So atm there is x.web.nl and y.web.nl both have ssl and one runs on server x and the other on server y. Now is the question how the heck do i forward that ssl file??? I figured i have to do something with my nginx server block. Because that is terminating the cert. Can someone help me out??1
-
I've had my site up and working for a few months now (still need to finish building it properly the template project is still half default lol) but because I setup the Nginx server on a digital ocean droplet myself using both for the first time ever I obviously made some mistakes. It was up and running though just always spouting 'nginx[1755018]: nginx: [warn] conflicting server name "jessiejfoley.dev" on 0.0.0.0:443, ignored' whenever I 'nginx -t' or 'java.security.cert.CertificateException' on this server monitor app I have on my phone
But it was up and ssl seemed to be working so I ignored it
today I learned about https://sslshopper.com/ssl-checker...., which told me my intermediate certificates were not functioning properly, I was bored today and didn't wanna be too productive (else boss expects the progress I've made this week every week) and decided to finally go through and see about getting everything fixed properly starting by reinstalling the certs and double checking my commands.
2 hours later I still can't fix the cert errors so I decide to focus on the conflicting name error. Go through the nginx directory cleaning anything non essential or things I put there while trying to figure out how to get it up originally (learned as I was going lol bad practice I know, but it's just a practice site that'll eventually be a portfolio when I feel like making it properly and investing an adequate amount of time)
as soon as I get rid of jessiejfoley_dev.save.3 inside /etc/nginx/conf.d (my actual site is in sites-enabled) my server monitor app stops reporting the cert error and when I check the ssl checker everything is properly working now.
so the easiest problem to fix was actually the cause of all my problems. I'm and idiot and this shows I still have a LONG way to go to actually knowing what I'm doing at all.1 -
So after my webhost told me the reason my ssl was broke was due to an issue I had no control over i threw a fit any 12 year old would be proud of (im 22) bought a new domain name and ssl certificate. Created an account on digital ocean for the cheapest tier and got to work learning about nginx (just to learn my new thing for the day nothing against apache) real quick
Few hours later https://jessiejfoley.dev is working
No content yet. But no server side errors I cant fucking fix through a limited dashboard
Don't know if that counts as petty but I feel better now7 -
Yesterday I spent 7 hours on a silly SSL certificate error. The exact same webpage gave me "certificate revoked" error when viewed in one browser/device but it displayed fine on others!
But everything is back to normal today! As if nothing happened!
I'm not a web dev, so I have no idea why this happened. I'm just pissed that I wasted 7 hours on a thing that wasn't my fault... -
SSL was a good idea terribly implemented. Relying only on big tech for valid certificates was the single most idiotic thing the web baboons could come up with.
Sure, you could always hack comodo (again) to issue yourself some LAN certs but come on. You either expose your server or pay half a kidney for a somewhat secure thing! Give me a break....9 -
!help
Does anyone know how to use certbot on a Debian stretch azure web service app to generate an SSL cert?
I've got the cert generated and Apache to serve it but it's giving me errors.
I need to bind it in azure somehow but I can't figure out how to export the cert.7 -
This is a continuation of my previous rant about admob being not very informative when it comes to invalid traffic and the resulting restriction in ad delivery.
I then wanted to use admob mediation to hang in facebook ads. My app is written with Xamarin.Forms.
So first I needed to make some facebook configuration - create an account, let my app review, create some ad placements and other shit. I came to the point where I had to put in a link to my privacy policy and the link could not be accepted due to some SSL fuckup -.-'
I then found out that there is an issue with my SSL Chain. With the help of whatsmychaincert.com I solved that issue. Little side note here: I have limited knowledge of that stuff and my cousin helped me set up my homepage so I had no idea what I was doing. Did a snapshot and luckily I did not needed that as everything worked :)
This took me around half an hour just so I can paste the fucking link to activate my app in facebook developer portal.
After that I made the whole mediation configuration shit - not an issue as google documented this quite well but it took some time.
Now comes the shitty part. To use admob mediation you need adapters to the other ad network. I found a nuget package with exactly what I needed just to find out that it is outdated. So I pulled the repo and saw that this thing is an aar binding library. Never did that stuff so I read some docs again. Updated the package and consumed it in my app.
The google docs then said "Use this mediation test shit to check if you did everything correct before going prod" - aar binding nr. 2 (but I am now familiar with that :P). This thing then told me that facebook ads could not be loaded because the SDK version is outdated -.-' SDK version comes from another nuget package which is referenced by the first aar thingie. I tracked that thing back to a repo where I found out that they are indeed totally behind. So I downloaded the aar, made a binding lib and bound that to my first aar binding lib as that depends on this.
Put that all back in my app - tested mediation and fucking finally after 6 hours everything comes together! all lights are green and things work.
Sorry if this is not quite a rant but it was quite a journey and I just had to share it. -
So I guess this doesn't really fall under dev, more web and net admin, but here it goes.
I am trying frantically to migrate our (@Gerrymandered and I) website from a hosted solution with Namecheap to my new personal badass server, Vector. The issue is that I need to host multiple subdomains under one IP. I learned how to use apache2's VirtualHost feature, and eventually made them all work. But now we need to get our 3 year SSL Certs that we already paid for working. Try to get ssl pass through... Nope. Fine, just use the VHost then forward it unsecured to the local ip which only accepts connections from the Apache host. But wait! I want to access my ESXi config page remotely too! Good GOD it is a pain in the ass to get all of this working, but I somehow did. Evidence is at https://git.infiniit.co, which is hosted on the same network as the ESXi control panel. *Sigh of relief* now I can sleep right? 😥29 -
let rant: (Bool, Bool, String) -> Void = { (isRant, isDev, contents) in
print(contents)
}
rant(false, true, "
So, a year ago more or less, I set out to teach myself some server-side programming on the side.
Many (MANY) tutorials, Digital Ocean droplets created and destroyed, coffee mugs and FMLs later, I can say 'Hello World' from Node.js - built from source and not running as a sudoer - using express and forever on Ubuntu, behind another Ubuntu server running nginx - also built from source so to add headers-more and naxsi - using all sorts of goodies to enhance security and talking to each other via SSH. Oh, and taking to the world over HTTPS with a grade A on SSL Labs (I know this doesn't mean much to you. Yeah you, rolling your eyes over there. So why don't you just bugger off before even commenting? Haha)
Feels good man.
")
2 -
!rant
I need to quickly test how my web app works on mobile
PROBLEM: some of my features require https. I can test from my pc on localhost just fine, since localhost works.
From Android, however, those features are blocked, since I reach my webapp with my IP address; it is not localhost so Chrome raises a middle finger when I try to access the camera from an unsecured website -and rightly so.
I really need to get these tests done, how am I supposed to do?
I install an SSL certificate on my pc?!?
I disable Chrome security checks on my Android?!? (is that even possible?)
I install bluestacks real quick and hope everything works fine?!?
Wwyd?4 -
So, some of you know that I'm having struggle manipulating Youtube iframes with jquery or plain javascript, please note that the same thing can be done via YouTube API but I personally do not want to rely on API,
So after 2 days of struggling I've officially given up, I feel so fucking angry and sad at the moment I can't even describe.
For some solutions to work I need SSL certificates.
the closest I could get was $(iframe#youtubeiFrame)['content'];
This leads to the youtubeIframe root #document but I am unable to access that DOM
Next task, to configure another IDE except Eclipse for Demandware.
$options = array('Aptana'=>'IDE','IntelliJ=>'IDE','VSCode'=>'textEditor'); -
Since Electron is getting some well deserved flak, I think I'll add my two cents.
Why in the actual fuck can it not proceed any way to allow us to USE OUR SELF FUCKING SIGNED CERTIFICATES.
Yes, security hole, but for messing about with new software, I'm not going to pay a CA for a certificate so I can put it on a server that only I and a few select individuals use!
At least give us a usable frontend for allowing our self-signed certificates so I can use my fucking server!1 -
Spent a couple of weeks on writing a cronjob which updates a certain value in the application config, and spend the last few months on testing it in different environments to make sure it does not fail in production. Ran the deployment script, and the damn cronjob fails because of ssl certificate on production. fuck me
-
So I'm building this environmental monitoring system for one of the Labs to monitor Temperature and Humidity. the "software" that comes as part of the package with these sensors is really just a website you host yourself if you don't choose the cloud option. No big deal really, (see my previous rant about getting windows server through SSC) I setup IIS and get the "software" registered get a couple sensors running looks good. However I don't like the error messages that popup because it's unsecured. do some reading and I find out that most browsers will give you a warning if your not using HTTPS even if it's for internal use only. OK we'll how hard can it be in implement encryption, turns out it's not that hard and you can do it for free how with letsencrypt and other places. I like free, now i have to use SSH to get into the server and run an ACME client. Hey open SSH is part of windows now cool, download an ACME client SSH into the server and nope doesn't work. Oh right I'm behind a corporate firewall and a bunch of other shit I can't control. Why is so damn arduous to setup this god dam internal website and the problems aren't even the site. Now I'm playing with AWS spinning up an instance to be able to try and get an SSL certificate just so i don't have to tell people it's OK to trust this site ignore the big angry warning.
Best part is other similar internal sites don;t use SSL and all have big messages about someone stealing your soul if you go there and these are commercial systems that run all the HVAC for all the campuses across Canada.
I need more Tylenol. -
What is the use of https in local host? Do I really need to enforce it in local server even tho I'll add ssl cert after it gets deployed anyway! For example an express server in localhost .Does it need ssl in local server?8
-
so, a new day, a new ERP software to rant about:
this one features an email feature (heh) but with a catch.
only pop3, no imap, if you want ssl the software suggest that you use a 3rd party program, also every user has to be logged in by the admin cause they assume the sysadmin knows all passwords cause he has "password lists"
i called them to ask why their software is what it is, they answer "there was never a need to develop an IMAP functionality, SSL would be so much work and it never became a problem that the sysadmin didnt know all passwords"
in unrelated news, does anyone know a nice sub 100K ERP software with CRM, Material Management and Offer/Order Management that runs on a local server and offers german support for a company in the 50 to 500 worker bracket? -
I know it's all for good reason, but man are there so many hoops to jump through to get a web server set up through HTTPS. registering the domain, getting the SSL certs, configuring the DNS, setting up the firewall rules.. what a pain6
-
App of a little social network I'm member of didn't connect to the server anymore, since the social network changed their SSL-certification and my smartphone is too dumb to accept the new one.
So, I pulled the source code of the app from GitHub and added some code dealing with SSL-connection-exception-handling.
A warning appears, that there were some errors with the SSL-cert with the question how to proceed and three options:
Quit, Ignore for now, Ignore and don't ask me again.
The code to ignore ssl-errors is just for debug-/develop-purposes, but hey, app with that little "hack" is running only on my phone x)
Now, the app is working again at my smartphone \o/2 -
How the heck do people that setup custom login wifi networks never take into account that people have SSL-enabled sites as homepages??
Every damn time I want to connect to one on my phone I have to go into my own unsecure websites to be able to login. how do even not-it-interested people do this?
On a second thought this might as well be a chrome android rant, but it sure is annoying2 -
Me, enables SSL on one domain with cloudflare all went well, even added origin ssl all good.
Friends domain, set up the right and same way, but server says no i have no idea what www.examaple.com is, ... I never created a key for that wtf so right now website are dead .. thanks cf3 -
We need to create simple form for colection few particular people data for some bounty programme.
We have ready-made website that does similar stuff, but it was outsourced and we have compiled javascript (sidenote - im only person in this place who understands f**ng javascript but hates it deeply)
Anyway, they come to me, and say that creating this google doc will take them few minutes and it seems that editing few divs in the site and creating second one with another subdomain will do the trick.
I tell them that it will take a lot of time to reverse engeneer that compiled react.js website to change few divs. But they insist.
So we start out, I pop up the terminal, copy over site, add nginx config for it, apply SSL to it, we are already good 5-10 minutes in, first roadblock - CORS. At this point I tell them that with google form they would be already done.
What I hear?
But we will need to make again privacy policy
Me:
Can you just link privacy policy from this site?
They:
Oh... it makes it easy now.
My internal voice:
next time try to use brain.... -
tldr: i take pride of our code! It hurts when someone calls it wrong when i know it was right.
So there was this integrations team that are trying to connect to our api. This team has been throwing different people to work with us. We even taught them how to use postman/soapui with ssl, even to the point that we search stackoverflow to resolve their code-level issues and left us halfway, then came back again repeating all process. A year passed, they came back with the same issue... now all answer that they get from us was to “review past conversation”, Today, they insist that we repeat ssl onboarding process as they are having issues with their current one, we insisted not to do it, and told them we (including them) can proceed without changing the client ssl. And told them we had a snippet sent to resolve their issues, but instead told us in a rude way, our sample is wrong. I was challenged to prove that we can make it work by eod. With their wrong sense of pride as theyve been working for that issue for long, they started throwing tantrums on us, saying that we do not need to make them feel that they do not know what their doing. man! Cmon, its you who requested that snippet few years back, then you tell us you dont need it as it is not working, in the first place, it is not our job to code for you asses,...i left the channel after. it was escalated quickly to management and accounts team(those people who only cares for traffic/money).. asked to return to the channel, spoonfed the details to them, provided a working snippet and left again.not sure what happened next.,. I hope this started a fire on our management to handle such incompetence. -
I've been working for so long with API integrations and one part of that is security. We perform ssl key exchanges for 2-way verification and a large percent of those partners provides me with their own pkcs12 file which contains their private and public keys! What's the sense of the exchange!? I think they just implement it just to boast that they "know" how ssl works,
-
While planning my (personal) server I just seem to pile up more and more things to do/consider. Basically, for now I just want to have rclone, nextcloud and jellyfin, plus some usenet stuff later on. But I want to have the whole installation and configuration automated as far as possible, since I'll at first it will run in a test environment and needs to be migrated to another server at a point, possibly even another OS. So I suppose that means docker, docker-compose and Chef (any better options?). I want SSL: Traefik. User management / auth? RADIUS, LDAP. SSO? keycloak. I also need to deal with virtual hosts. And probably much more..
Since I just have basic Linux knowledge and have no real experience with any of the other technologies, I feel a bit lost. I just got to the abovementioned software due to some ddg research. I don't mind digging deep, I want to learn (which is half the reason for this project), but it's not easy to the the best way to set this up.11 -
Spent a couple hours trying to obtain an SSL certificate to encrypt my site last night... No luck so far. It kept saying it doesn't have access, when I verified that nginx serves to port 443...20
-
"Upgraded" to nginx over the weekend. Setup SSL to be secure and felt good about myself. Woke up to find PhantomJS can no longer access the site to generate PDFs. Had to remove the ciphers block until I figure out what it's compatible with. FML.3
-
When you have a manager that gets the requirements for a super simple content page one month ago...
Then argues with some people about where it needs to go...
Then when it was decided two weeks ago that it needed to be a new publishing site insists on getting approval to deploy the new site even when I said hey I can have this guy set up publishing on our external server...
Gets approval anyway, now the deadline for it to be activated and working is tomorrow and because he is "a Wordpress developer" (by which he can install a theme) he thinks he knows how to fix Wordpress...
Because of the security at our company it needs to be over https and we are doing ssl offload from our publisher and Wordpress doesn't seem to like it or it is his jacked up Windows box running Wordpress? Wtf
Best of all he said "do you think we will meet the deadline". I said I don't think we have a choice, this will be used by a lot of people Saturday for a conference. OMG I was ready to scream...
Now today I need to setup a new cms on an external server and get it done by tomorrow morning, with content. FML -
!question
My friend's friend requested my service to make an eCommerce website for her side business.
Should I keep all the domain, hosting, and SSL under my name and charge them after putting some margin to earn some cash? Or cut the hassle and just let them purchase it themselves?7 -
Guessing my rant free streak is over. Trying to connect to a mongo atlas cluster. Just migrated from mlab as mongo Inc is discontinuing the heroku add on.
Migration went well. I can connect to atlas cluster via mongo shell.
Reactive mongo claims it supports dns seed list. I add mongodb+srv connection string. Doesn't work.
I go back to atlas and allow all ips access (migrating staging dB first to make sure all is well so I can whitelist all ips) - > send a request-> mongo error. No primary node is available.
Disconnect from my network, connect to another network, same thing. I push the connection string to my server, test using an ssl connection to make a request, still no primary node available. I am about to lose my mind. -
SSL cert problems
realize new pem file has a different name so now after going down a debug rabbit hole I'm updating the places that used the old file name with the new file name
i guess could've just changed the file name, but at this point im committed (might as well leave the file name alone so i can hope to be less confused next year if the new file's name changes again) and just hoping i can fix the fucking config
i just want shit to work2 -
What I need to do today:
* terraform init
* terraform plan
* terraform apply
What I'm doing today:
* Rebuilding a docker container, because our outdated version of Terraform doesn't run on M1 Macs natively.
* Fighting with corporate IT man-in-the-middle SSL certs, because those aren't trusted inside the Docker container. These are now applied to all internet traffic, not just traffic destined to the VPN. Terraform doesn't like it, so it won't download any modules.
* Waiting for a blazing fast 1.5 Mbps connection rate when connected to the VPN.
* Learning I can no longer turn off the VPN, as it's a forced policy on my laptop.
Not sure if I'd be more productive today fighting these issues, or just waiting around for days (weeks?) for IT to mail me an Intel mac.6 -
Why is GitHub's certificate showing up on semver.org? I can no longer access the site normally because of the browser warning. Who's responsible for this atrocity?
I checked with a VPN and without, same result. Can someone confirm?
https://www.semver.org/5 -
working postman request with SSL , pfx cert against microservice
go to do the same thing against different microservice , SSL error , review config, looks like im supplying same certs, etc
FML -
New ad self-service portal too hard to integrate ssl and can't have users send their passwords in plaintext.
Setup apache proxy with ssl in same vpc to encrypt traffic to and from vpc.
All good as long as nobody is in my vpc sniffing traffic... -
If anyone is looking for a great tutorial on getting started with a docker cluster check out https://dockerswarm.rocks/
I had a 4 node cluster up on Digital Ocean with Traefik + Lets Encrypt, Prometheus, Portainer, Grafana all that good stuff in under 2 hours. Not much longer to test a basic WP and Next Cloud container with full SSL. Neat stuff. Just burning through $100 credit for testing but it's been fun5 -
Is it a good approach to have a master SSL key for all your servers when making the authentication?
I am a Developer, but when you work in a company with two developers and you are the senior one you have to learn a lot of stuffs. I am learning more in depth things about how to secure the servers and network.
Now, I am expanding the servers. Splitting the code and database in three different servers (code, Master DB, Slave DB) and configuring Master-Slave databases.
My questions are:
1. Is it a good approach to have a master SSL key for all your servers?
2. Is is a good approach to use the same SSL key for Master database server and Slave database server?
Any other suggestions are welcome.
Thank You in advance!2 -
Got paid to follow the wrong instructions on installing an SSL certificate.
It's working now but only after a few hours of trying different things1 -
So, watching this video on Youtube about security. He mentions how SSL was designed back when Yahoo was a website with 30 links... And basically for passive websites.... Why do we still use this again??4
-
Why the fuck does my subdomain work with https but my main domain returns an ssl error. Wouldnt nether work if the ssl was the issue
Its midnight I want to fucking sleep not deal with this shit. I'm probably doing something stupid but don't have the fucking experience to recognize what I'm doing wrong4 -
me: FE in work, but doing fullstack on my passion projects and somewhat confident on small VPSs - heck, I have a beard, I can do server stuff :) - migrating a WP site that just wont work, copied everything, didn't work, used a migration tool, didn't work, always getting "Connection refused"... must be something with the SSL certificates.. 3 fckn days passed by and nothing when I stumbled upon a forum post with similar issue where the guy stated: I tried all the obvious like copying files, db, certificates, enabled ssl on apache... then it hit me, this is a new installation, I didn't enabled SSL in apache sudo a2enmode ssl restarted apache and BOOM everything is working
part of me was like how stupid you have to be - but the other part is like I guess I learn something every day, this is how you migrate a WP site with the domain #IloveIT -
RubyGems had to have SSL configuration errors for right when I'm working on a demo rails project for a firm 🙃🙃🙃 Got it working, but still
-
I'm looking into an app for work. It needs to connect to both a mongo and Kafka server using SSL or something, but different keys basically.
So need to load a jks file in the main() I think except I have 2 files.
I don't remember exactly how it works but I guess need to combine them into 1?
How do I load each though in app? Need to tell mongo, kafkaClient with one to use?1 -
Using boot2docker behind a corporate proxy that fucks with your SSL certs will drive anyone insane!! 👹
-
I was scrolling through my past rants and found this gem
https://devrant.com/rants/2305697/...
I posted it when images were not loading due to expired ssl. Looks like everyone who saw this got tricked!! -
Ok. I still can't get SSL working on my site so I'm gonna assume its my fault. Time to go back to a default template test that get it to work and if that works go from there. Ive done EVERYTHING my host says to on the dashboard side I can short of crying to them. And honestly. Fuck that2
-
so I got the reverse proxy all set up on my server, forwarding all the right headers to enable SSL behind reverse proxy. awesome! my only problem remaining is, since nginx only handles HTTP/S traffic, I can't connect to my gitlab instance via ssh. anyone know how I can proxy this traffic as well to enable ssh connection for git?2
Top Tags
Weekly Rant
View