So I got the job. Here's a story, never let anyone stop you from accomplishing your dreams!

It all started in 2010. Windows just crashed unrecoverably for the 3rd time in two years. Back then I wasn't good with computers yet so we got our tech guy to look at it and he said: "either pay for a windows license again (we nearly spend 1K on licenses already) or try another operating system which is free: Ubuntu. If you don't like it anyways, we can always switch back to Windows!"

Oh well, fair enough, not much to lose, right! So we went with Ubuntu. Within about 2 hours I could find everything. From the software installer to OpenOffice, browsers, email things and so on. Also I already got the basics of the Linux terminal (bash in this case) like ls, cd, mkdir and a few more.

My parents found it very easy to work with as well so we decided to stick with it.

I already started to experiment with some html/css code because the thought of being able to write my own websites was awesome! Within about a week or so I figured out a simple html site.

Then I started to experiment more and more.

After about a year of trial and error (repeat about 1000+ times) I finally got my first Apache server setup on a VirtualBox running Ubuntu server. Damn, it felt awesome to see my own shit working!

From that moment on I continued to try everything I could with Linux because I found the principle that I basically could do everything I wanted (possible with software solutions) without any limitations (like with Windows/Mac) very fucking awesome. I owned the fucking system.

Then, after some years, I got my first shared hosting plan! It was awesome to see my own (with subdomain) website online, functioning very well!

I started to learn stuff like FTP, SSH and so on.

Went on with trial and error for a while and then the thought occured to me: what if I'd have a little server ONLINE which I could use myself to experiment around?

First rented VPS was there! Couldn't get enough of it and kept experimenting with server thingies, linux in general aaand so on.

Started learning about rsa key based login, firewalls (iptables), brute force prevention (fail2ban), vhosts (apache2 still), SSL (damn this was an interesting one, how the fuck do you do this yourself?!), PHP and many other things.

Then, after a while, the thought came to mind: what if I'd have a dedicated server!?!?!?!

I ordered my first fucking dedicated server. Damn, this was awesome! Already knew some stuff about defending myself from brute force bots and so on so it went pretty well.

Finally made the jump to NginX and CentOS!

Made multiple VPS's for shitloads of purposes and just to learn. Started working with reverse proxies (nginx), proxy servers, SSL for everything (because fuck basic http WITHOUT SSL), vhosts and so on.

Started with simple, one screen linux setup with ubuntu 10.04.

Running a five monitor setup now with many distro's, running about 20 servers with proxies/nginx/apache2/multiple db engines, as much security as I can integrate and this fucking passion just got me my first Linux job!

It's not just an operating system for me, it's a way of life. And with that I don't just mean the operating system, but also the idea behind it :).

--- HTTP/3 is coming! And it won't use TCP! ---

A recent announcement reveals that HTTP - the protocol used by browsers to communicate with web servers - will get a major change in version 3!

Before, the HTTP protocols (version 1.0, 1.1 and 2.2) were all layered on top of TCP (Transmission Control Protocol).
TCP provides reliable, ordered, and error-checked delivery of data over an IP network.
It can handle hardware failures, timeouts, etc. and makes sure the data is received in the order it was transmitted in.
Also you can easily detect if any corruption during transmission has occurred.
All these features are necessary for a protocol such as HTTP, but TCP wasn't originally designed for HTTP!
It's a "one-size-fits-all" solution, suitable for *any* application that needs this kind of reliability.
TCP does a lot of round trips between the client and the server to make sure everybody receives their data. Especially if you're using SSL. This results in a high network latency.
So if we had a protocol which is basically designed for HTTP, it could help a lot at fixing all these problems.
This is the idea behind "QUIC", an experimental network protocol, originally created by Google, using UDP.

Now we all know how unreliable UDP is: You don't know if the data you sent was received nor does the receiver know if there is anything missing. Also, data is unordered, so if anything takes longer to send, it will most likely mix up with the other pieces of data. The only good part of UDP is its simplicity.
So why use this crappy thing for such an important protocol as HTTP?
Well, QUIC fixes all these problems UDP has, and provides the reliability of TCP but without introducing lots of round trips and a high latency! (How cool is that?)

The Internet Engineering Task Force (IETF) has been working (or is still working) on a standardized version of QUIC, although it's very different from Google's original proposal.
The IETF also wants to create a version of HTTP that uses QUIC, previously referred to as HTTP-over-QUIC. HTTP-over-QUIC isn't, however, HTTP/2 over QUIC.
It's a new, updated version of HTTP built for QUIC.

Now, the chairman of both the HTTP working group and the QUIC working group for IETF, Mark Nottingham, wanted to rename HTTP-over-QUIC to HTTP/3, and it seems like his proposal got accepted!
So version 3 of HTTP will have QUIC as an essential, integral feature, and we can expect that it no longer uses TCP as its network protocol.

We will see how it turns out in the end, but I'm sure we will have to wait a couple more years for HTTP/3, when it has been thoroughly tested and integrated.

Thank you for reading!

Dude was way ahead of his time!

Shakespeare quotes 😶

About browsers and whole SSL CERT thing...

Most likely everyone here noticed, that https site with broken certificate will throw these big red warnings, in your face and there is so much wording like "ITS NOT SECUREEEE" or "ITS HACKEDDD" almost like it was written by passionate fanatic.

But when you are on plaintext http browsers reaction is like ¯\_(ツ)_/¯
Even if you have plaintext with password, it will for example in chromium put small little red thingy that almost no one notices.

I believe that broken cert with some error like invalid date is MORE secure than plaintext password, yet still there is this hypocracy with browsers...

I dont say that broken SSL cert is good, or something, Im just pointing out contrast of "broken" https vs plain http.... One looks for casual Joe like end of the world is coming and second is bearly noticable. Da fuck?

I disagree with this approach

I miss old times rants...So i guess, here it goes mine:

Tomorrow is the day of the first demo to our client of a "forward-looking project" which is totally fucked up, because our "Technical Quality Assurance" - basically a developer from the '90-s, who gained the position by "he is a good guy from my last company where we worked together on sum old legacy project...".
He fucked up our marvellous, loose coupling, publish/subscribe microservice architecture, which was meant to replace an old, un-maintainable enormous monolitch app. Basically we have to replace some old-ass db stored functions.
Everyone was on our side, even the sysadmins were on our side, and he just walked in the conversation, and said: No, i don't like it, 'cause it's not clear how it would even work... Make it an RPC without loose coupling with the good-old common lib pattern, which made it now (it's the 4th 2 week/sprint, and it is a dependency hell). I could go on day and night about his "awesome ideas", and all the lovely e-mails and pull request comments... But back to business

So tomorrow is the demo. The client side project manager accidentally invited EVERYONE to this, even fucking CIO, legal department, all the designers... so yeah... pretty nice couple of swallowed company...

Today was a day, when my lead colleague just simply stayed home, to be more productive, our companys project manager had to work on other prjects, and can't help, and all the 3 other prject members were thinking it is important to interrupt me frequently...

I have to install our projects which is not even had a heart beat... not even on developer machines. Ok it is not a reeeeaaally big thing, but it is 6 MS from which 2 not even building because of tight coupling fucktard bitch..., But ok, i mean, i do my best, and make it work for the first time ever... I worked like 10 ours, just on the first fucking app to build, and deploy, run on the server, connect to db and rabbit mq... 10 FUCKING HOURS!!! (sorry, i mean) and it all was about 1, i mean ONE FUCKING LINE!

Let me explain: spring boot amqp with SSL was never tested before this time. I searched everything i could tought about, what could cause "Connection reset"... Yeah... not so helpful error message... I even have to "hack" into the demo server to test the keystore-truststore at localhost... and all the fucking configs, user names, urls, everything was correct... But one fucking line was missing...
EXCEPT ONE FUCKING LINE:
spring.rabbitmq.ssl.enabled=false # Whether to enable SSL support.

This little bitch took me 6 hours to figure out...so please guys, learn from my fault and check the spring boot appendix for default application properties, if everything is correct, but it is not working...

And of course, if you want SSL then ENABLE it...
spring.rabbitmq.ssl.enabled=true

BTW i really miss those old rants from angry devs, and i hope someone will smile on my fucking torture

In today's episode of kidding on SystemD, we have a surprise guest star appearance - Apache Foundation HTTPD server, or as we in the Debian ecosystem call it, the Apache webserver!

So, imagine a situation like this - Its friday afternoon, you have just migrated a bunch of web domains under a new, up to date, system. Everything works just fine, until... You try to generate SSL certificates from Lets Encrypt.

Such a mundane task, done more than a thousand times already... Yet... No matter what you do, nothing works. Apache just returns a HTTP status code 403 - Forbidden.

Of course, what many folk would think of first when it came to a 403 error is - Ooooh, a permission issue somewhere in the directory structure!

So you check it... And re-check it to make sure... And even switch over to the user the webserver runs under, yet... You can access the challenge just fine, what the hell!

So you go deeper... And enable the most verbose level of logging apache is capable of - Trace8. That tells you... Not a whole lot more... Apparently, the webserver was unable to find file specified? But... Its right there, you can see it!

So you go another step deeper and start tracing the process' system calls to see exactly where it calls stat/lstat on the file, and you see that it... Calls lstat and... It... Returns -1? What the hell#2!

So, you compile a custom binary that calls lstat on the first argument given and prints out everything it returns... And... It works fine!

Until now, I chose to omit one important detail that might have given away the issue to the more knowledgeable right away. Our webservers have the URL /.well-known/acme-challenge/, used for ACME challenges, aliased somewhere else on the filesystem - To /tmp/challenges.

See the issue already?

Some *bleep* over at the Debian Package Maintainer group decided that Apache could save very sensitive data into /tmp, so, it would be for the best if they changed something that worked for decades, and enabled a SystemD service unit option "PrivateTmp" for the webserver, by default.

What it does is that, anytime a process started with this option enabled writes to /tmp/*, the call gets hijacked or something, and actually makes the write to a private /tmp/something/tmp/ directory, where something... Appeared as a completely random name, with the "apache2.service" glued at the end.

That was also the only reason why I managed fix this issue - On the umpteenth time of checking the directory structure, I noticed a "systemd-private-foobarbas-apache2.service-cookie42" directory there... That contained nothing but a "tmp" directory with 777 as its permission, owned by the process' user and group.

Overriding that unit file option finally fixed the issue completely.

I have just one question - Why? Why change something that worked for decades? I understand that, in case you save something into /tmp, it may be read by 3rd parties or programs, but I am of the opinion that, if you did that, its only and only your fault if you wrote sensitive data into the temporary directory.

And as far as I am aware, by default, Apache does not actually write anything even remotely sensitive into /tmp, so...

Why. WHY!
I wasted 4 hours of my life debugging this! Only to find out its just another SystemD-enabled "feature" now!

And as much as I love kidding on SystemD, this time, I see it more as a fault of the package maintainers, because... I found no default apache2/httpd service file in the apache repo mirror... So...

Vodafone India is so shit omfg

Run npm install, ERROR json parse error due to ssl exception

Run pip install, again ssl exception

Run gradle build, again ssl exception!!!

Now everytime i gotta make a new project or install a dependency in anything, i have to pray to the blood god that cache contains a valid/uncorrupted package dependency or else ill have to nuke cache and borrow internet from someone else.
Once i port it to some other operator, i am gonna incinerate this mf sim.

I'm working as an intern in a company and i have another intern that i must supervise (it like internception) .here is my daily nightmare :
- To start this intern never google something she copy paste from my code and if she got an error she send me a screenshot . Once the error message clearly said "cannot call function from array" and even that she didn't know what's the problem (she was supposed to it on array items)
-Before we started working together she spent a week complaining that a sending email function didn't work for her so the manager called me to check what's her problem. She had an antivirus that blocked request via ssl port.all i had done is open the log file and read the errors.
- She had a function should iterate over an array and for each item check a condition this is a part of what she wrote :
For ($i=0;count($categories);$i++){
if ($getrelativepath=null)
{
....etc other​ stuff she copy pasted.
Ps: the name of the function that she must call on array items is getRelativePath

- she wrote once
$response=array();
for (...){
array_push($response,$data[$i]);
return $response;}
She thought the function can iterate and return response at the same time.
- we are working on a website and she told me she doesn't know how to code Javascript and jquery (she think it's a language) and she never knew what ajax is.
- without mentioning the hundreds of empty spaces and multiple empty divs in html .
This year she'll become a computer science engineer .

when you cant be arsed to do icons so you just use emojis for button icons.

btn.textContent = "🗑️"

because icon sets now have their own apis (like what ever happened to icon fonts?), and documents explaining what scripts and commands to run to *install fucking plugins* on software written to *supplement* doc servers. plugins and software whos host site returns an SSL error. nice.

to use web icons. downloaded only on request. from other sites.

seems kind of eh, tower-of-baylon to me. like a bird landing on the electrical lines near your house might cause a blip and break one or two icons on your slick 2020 web app.

idk just seems unnecessary, like if you're small, your gonna want to embed your fonts on the webpage instead of overcooking things and hosting *a fucking server* just to serve an api for fucking *icons*. and if you're large you're gonna reduce those requests anyway

GoDaddy. Is. The. Worst.

I'm working on an SSL cert domain verification for a client. The chat support tech at GoDaddy has no freaking clue what she's doing. She keeps telling me to follow the same help article I already knew about the first second I heard I needed to do this job. It didn't work. But she keeps going back to it, sure that I'm just a complete and utter moron who doesn't read. Never mind that I have screenshots to prove everything she's telling me is 100% wrong according to every error message this process is generating.

Now she's checking with the "SSL team". Which is code for "I have absolutely no idea what I'm doing and I'm frantically searching the FAQ database to figure out what this SSL thing even is."

That's what the last hour of my life has been. And 20 minutes of that was waiting in the chat queue.

Successfully wasted more than 12 hours in debugging SMTP issue. ColdFusion email script was throwing SSL error. What was real issue? The Web Server IP Address was blacklisted in the Email Server.

Yesterday I spent 7 hours on a silly SSL certificate error. The exact same webpage gave me "certificate revoked" error when viewed in one browser/device but it displayed fine on others!
But everything is back to normal today! As if nothing happened!
I'm not a web dev, so I have no idea why this happened. I'm just pissed that I wasted 7 hours on a thing that wasn't my fault...

Browsing devrant coz I'm currently getting "SSL key could not be parsed" error in GCP

So I'm building this environmental monitoring system for one of the Labs to monitor Temperature and Humidity. the "software" that comes as part of the package with these sensors is really just a website you host yourself if you don't choose the cloud option. No big deal really, (see my previous rant about getting windows server through SSC) I setup IIS and get the "software" registered get a couple sensors running looks good. However I don't like the error messages that popup because it's unsecured. do some reading and I find out that most browsers will give you a warning if your not using HTTPS even if it's for internal use only. OK we'll how hard can it be in implement encryption, turns out it's not that hard and you can do it for free how with letsencrypt and other places. I like free, now i have to use SSH to get into the server and run an ACME client. Hey open SSH is part of windows now cool, download an ACME client SSH into the server and nope doesn't work. Oh right I'm behind a corporate firewall and a bunch of other shit I can't control. Why is so damn arduous to setup this god dam internal website and the problems aren't even the site. Now I'm playing with AWS spinning up an instance to be able to try and get an SSL certificate just so i don't have to tell people it's OK to trust this site ignore the big angry warning.
Best part is other similar internal sites don;t use SSL and all have big messages about someone stealing your soul if you go there and these are commercial systems that run all the HVAC for all the campuses across Canada.
I need more Tylenol.

so I have been trying to make migrations on centos 7 for a while now on my virtual env i keep getting this error
## Traceback (most recent call last):
File "manage.py", line 10, in <module>
execute_from_command_line(sys.argv)
File "/srv/switch/env/lib/python2.7/site-packages/django/core/management/__init__.py", line 364, in execute_from_command_line
utility.execute()
File "/srv/switch/env/lib/python2.7/site-packages/django/core/management/__init__.py", line 356, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/srv/switch/env/lib/python2.7/site-packages/django/core/management/base.py", line 283, in run_from_argv
self.execute(*args, **cmd_options)
File "/srv/switch/env/lib/python2.7/site-packages/django/core/management/base.py", line 327, in execute
self.check()
File "/srv/switch/env/lib/python2.7/site-packages/django/core/management/base.py", line 359, in check
include_deployment_checks=include_deployment_checks,
File "/srv/switch/env/lib/python2.7/site-packages/django/core/management/base.py", line 346, in _run_checks
return checks.run_checks(**kwargs)
File "/srv/switch/env/lib/python2.7/site-packages/django/core/checks/registry.py", line 81, in run_checks
new_errors = check(app_configs=app_configs)
File "/srv/switch/env/lib/python2.7/site-packages/django/core/checks/urls.py", line 16, in check_url_config
return check_resolver(resolver)
File "/srv/switch/env/lib/python2.7/site-packages/django/core/checks/urls.py", line 26, in check_resolver
return check_method()
File "/srv/switch/env/lib/python2.7/site-packages/django/urls/resolvers.py", line 254, in check
for pattern in self.url_patterns:
File "/srv/switch/env/lib/python2.7/site-packages/django/utils/functional.py", line 35, in __get__
res = instance.__dict__[self.name] = self.func(instance)
File "/srv/switch/env/lib/python2.7/site-packages/django/urls/resolvers.py", line 405, in url_patterns
patterns = getattr(self.urlconf_module, "urlpatterns", self.urlconf_module)
File "/srv/switch/env/lib/python2.7/site-packages/django/utils/functional.py", line 35, in __get__
res = instance.__dict__[self.name] = self.func(instance)
File "/srv/switch/env/lib/python2.7/site-packages/django/urls/resolvers.py", line 398, in urlconf_module
return import_module(self.urlconf_name)
File "/usr/lib64/python2.7/importlib/__init__.py", line 37, in import_module
__import__(name)
File "/srv/switch/app/switch/urls.py", line 10, in <module>
url(r'^administration/', include('primary.core.administration.urls')),
File "/srv/switch/env/lib/python2.7/site-packages/django/conf/urls/__init__.py", line 50, in include
urlconf_module = import_module(urlconf_module)
File "/usr/lib64/python2.7/importlib/__init__.py", line 37, in import_module
__import__(name)
File "/srv/switch/app/primary/core/administration/urls.py", line 2, in <module>
from primary.core.administration.views import *
File "/srv/switch/app/primary/core/administration/views.py", line 5, in <module>
from primary.core.api.views import *
File "/srv/switch/app/primary/core/api/views.py", line 8, in <module>
from primary.core.bridge.views import *
File "/srv/switch/app/primary/core/bridge/views.py", line 11, in <module>
from primary.core.bridge.backend.loggers import Loggers
File "/srv/switch/app/primary/core/bridge/backend/loggers.py", line 2, in <module>
from primary.core.bridge.backend.wrappers import Wrappers
File "/srv/switch/app/primary/core/bridge/backend/wrappers.py", line 6, in <module>
import pytz, time, json, pycurl
ImportError: pycurl: libcurl link-time ssl backend (nss) is different from compile-time ssl backend (openssl)

even after uninstalling pycurl and exporting the pycurl variable to my environment can I get any help

Im deploying a nextjs site via amazon aws amplify. Working with amazon is truly hell. But once it works its truly amazing. Jess bozos have outdone himself. I still dont understand what im doing every time im using aws. Its just trial and error every time for me. (note i still cant deploy the site to my domain there is some build error. Hours of fucking with this and still cant resolve it). However i somehow managed to assign an Amazon SSL Certificate to my domain

Guessing my rant free streak is over. Trying to connect to a mongo atlas cluster. Just migrated from mlab as mongo Inc is discontinuing the heroku add on.
Migration went well. I can connect to atlas cluster via mongo shell.
Reactive mongo claims it supports dns seed list. I add mongodb+srv connection string. Doesn't work.
I go back to atlas and allow all ips access (migrating staging dB first to make sure all is well so I can whitelist all ips) - > send a request-> mongo error. No primary node is available.
Disconnect from my network, connect to another network, same thing. I push the connection string to my server, test using an ssl connection to make a request, still no primary node available. I am about to lose my mind.

FML!!!

Nessus SSL authentication through Kali Linux is next to impossible. I generated certificates through terminal and I still get error "SSL received a record that exceeded the maximum permissable length" (in Iceweasel).

Tried importing certs into separate Firefox browser and now just SSL handshake errors.

Was watching OITNB at home when boss called sounded urgent about SSL not working on one of our subdomains. We use a paid cloud app for some of our reports which. So the subdomain is a CNAME to the providers app subdomain. Recently there was an upgrade at our hosting but it shouldn't be related.

Boss: Hey, there is an error prompt when I visit our reporting site with https
Me: That's cos we never installed any SSL cert for that subdomain.
Boss: Well it worked before and you will need to get it fixed.
Me: Wait.. It worked before? How is that possible? We've never set it up and the subdomain is a CNAME pointing to another site which we don't own. The cert will have to load from their server and we have not done any setup with them.
Boss: I'm very sure it worked before the hosting upgrades. All along our customers has been accessing with https.
Me: Okay.... That's something new because and I am pretty SURE the last I checked, the app provider doesn't allow that yet.
* meanwhile I when to search the app provider docs and it says not able to support multiple SSL yet for CNAME
Me: Look, it says so here in the docs.
Boss: Ok, can you try to fix it as its important for the users to not see that error. It has been working all along.
Me: Hmmmm... I'll get back to you.

How do I fix something that didn't exist / broken?? How did it work before??

I know it can be possible to install the cert on the cloud provider end but we haven't done this before. And their support docs says feature not available yet.

Was it magic?? Am I missing something?? Anyway, I've sent an email to the provider's support team and telling them "it worked before"

working postman request with SSL , pfx cert against microservice

go to do the same thing against different microservice , SSL error , review config, looks like im supplying same certs, etc

FML

Why the fuck does my subdomain work with https but my main domain returns an ssl error. Wouldnt nether work if the ssl was the issue

Its midnight I want to fucking sleep not deal with this shit. I'm probably doing something stupid but don't have the fucking experience to recognize what I'm doing wrong

Mongodb CEO and the developer who build this shit for brains interface should be tarred and feathered. Almost 90minutes in and I cannot connect to anything other than error codes. What in the actual fuck is your job other than to make it difficult for a "free tier" user to connect?
"connect ECONNREFUSED 127.0.0.1:27017"

Oh ok another 20 minutes of work and you give me a bland beige error code like "```TLS/SSL is disabled. If possible, enable TLS/SSL to avoid security vulnerabilities.```"... um ok how do I enable it for your site, your database or on my computer... oh wait you don't say shit do you?

So now I'm fully 81 minutes into this shit show and all I get for error codes are these really descriptive gems 'getaddrinfo ENOTFOUND cluster0.hudbd.mongodb 'dot' net` comes up if I choose `mongo` with "connection string scheme" above it or `bad auth : Authentication failed'