Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Root825995yYes.
To clarify: The certificate issue in particular is not common, but they are morons, and morons are extremely common. As are their decisions, and their demanding that you follow them. I never do, which is probably why I'm never on good terms with management. -
Welcome to devrant... the club where we rant about morons.
No certificates... am I to assume you pass credentials in cleartext through the network/internet now? What on TCP/IP could go wrong? -
Parzi88335yplay along till they get royally fucked, then the instant they come crawling to you for help tell them that you told them so and quit.
-
ddephor45115y@dmonkey Reached EOV, wrong issuer, unknown CA/self-signed, wrong server, etc, etc.
I see that stuff every day. And it's not the users fault, that's the responsibility of the admin.
Most people are too dumb to use PKI right. -
Kasonnara725yIf a client see a warning from its browser telling him that the certificate is wrong, yes it's pretty bad for the user usability.
But I'm pretty sure that sooner or later not having certificates will provide the exact same nuisance because browsers display more and more warnings against insecure setups like this. -
Kasonnara725yAlternatively, leave a sniffer on your local network then ask him to make de demo and send him his crappy leaked password right in the face.
-
cst199221165yKeep your resignation ready.
Demand to have a talk with said customer. If the customer listens, fine. If not, hand in the resignation.
If they're planting a bomb under their own butts, you don't want to be around when it goes off.
Related Rants
I can't believe this company.
They want to stop using Certificates because it bothers the customer.
I had to use https because we were using service workers for a PWA.
I tried explaining we need them for the product to work, and also it's a basic security measure.
They were removing the certificates without my knowledge.
I found out because a colleague wanted a way to disable the service worker and asked me for help.
The manager said your not the boss of the company, it's not your company to make decisions.
Just do what they say, he tried to justify the decision from above, I said ok when was the last time you installed a certificate? he said never.
Ok, then what the fuck are you talking about, its 10 minutes to get a certificate letscrypt HELLO.
This company is very hierarchical 1900 style, I'm the person who does innovation in the organization, that's the most fucked up part, they say no to everything.
OMG, I'm going to quit.
There just asking to get hacked, this is just the tip of the iceberg.
Is this common or are they morons?
devrant
security
innovation
certificates
manager
company