I mean, if we want to get pedantic, nothing it’s stopping a virus from bringing it’s own drivers or a whole ass windows vm to pass the usb over ( i rememver the was something of the sort for windows using a windows xp machine for a botnet) It’s as always just a matter of how willing are you.
I was doing a group project in college where we had a Linux server running some of our custom software. I asked a group mate who worked in IT to self-sign some certs so we could get https up and running for our next sprint demo.
He installed a fucking snap package to do it via certbot. On fucking RHEL. And that server was not hosting an internet-accessible service. And he didn’t know why I lost my mind.
Not sure why you were enabling HTTPS for a project that was not hosting an internet-accessible service, really. By which I assume you mean the service doesn’t have a publicly accessible web based UI or API component. What were you trying to access and how? The only scenario I could think of for this would be that your custom software relies on HTTPS for secure communication within its own internal network (such as on a VPN) to send sensitive data back and forth between services. In which case that feels like overkill for a college course, since you shouldn’t have any genuinely sensitive data that you need to secure if it’s just for testing and demonstration.
It was a project requirement, PHI was processed by it, so yes, it needed a secure connection. I now realize I should have used mutual auth, but hey, I only learned about that after that project
We never sent actual data to it (the actually sensitive data used for training never left a secure VM), but the point of the course was to act like we were. Plus, setting up an nginx reverse proxy is simple, setting it up and getting certs from some ssl commands is a 10 minute task that appeases the project manager/professor with minimal effort.
I’ll be honest, I’ve had times where there’s the “simple” solution, and “the solution I remember off the top of my head”, and 10/10 the one that’s happening is the one that I remember because I just did it last week.
I have no desire to google the arguments for self signing a cert with openssl, and I cannot remember which webserver wants the cabundle and the public cert in the same file. If I had done it even kinda recently I’d still remember what to poke in the certbot config.
If you have no desire to do rudimentary googling for a group project in college, that sounds like you aren’t a very helpful teammate. Last time I generated certs I used the first stack overflow result and was done in minutes, there’s no excuse.
This is confusing to me, because the point of the request seems to be “get a certificate”, not “get a self signed certificate generated by running the openssl command”. If you know how to get the result, it doesn’t really matter if you remembered offhand the shitty way or the overkill way.
Is it really more helpful to say “I remember how to do this, but let me lookup a different way that doesn’t use the tools I’m familiar with”?
Okay, I may be the stupid one here. But after a quick search, I don’t see an obvious way to generate self-signed certs using certbot. Even letsencrypt’s own website suggests using openssl.
Just say no if you don’t want to do something. I don’t understand why people think fucking shit up in the guise of helping is more acceptable than admitting that you can’t (or maybe just don’t want to) do something.
Do you think that, in this example, using certbot is fucking shit up, or breaking something?
The thing about overkill is that it does work. If you’re accustomed to using a solution in a professional setting, it’s probably both overkill and also vastly more familiar than the bare minimum required for a class project that would be entirely unacceptable in a professional setting.
In OPs anecdote, they did get their certificates, so I don’t quite see your “intentionally fucking things up” claim as what’s happening.
I mean, if we want to get pedantic, nothing it’s stopping a virus from bringing it’s own drivers or a whole ass windows vm to pass the usb over ( i rememver the was something of the sort for windows using a windows xp machine for a botnet) It’s as always just a matter of how willing are you.
One liner for fixing driver issue, sounds great
Still faster than snaps /s
I had a problem and then I tried to solve it by installing a snap package. Now I have two problems.
I was doing a group project in college where we had a Linux server running some of our custom software. I asked a group mate who worked in IT to self-sign some certs so we could get https up and running for our next sprint demo.
He installed a fucking snap package to do it via certbot. On fucking RHEL. And that server was not hosting an internet-accessible service. And he didn’t know why I lost my mind.
Basically a “lemme get the flame thrower real quick so i can hammer that nail in for ya”
Not sure why you were enabling HTTPS for a project that was not hosting an internet-accessible service, really. By which I assume you mean the service doesn’t have a publicly accessible web based UI or API component. What were you trying to access and how? The only scenario I could think of for this would be that your custom software relies on HTTPS for secure communication within its own internal network (such as on a VPN) to send sensitive data back and forth between services. In which case that feels like overkill for a college course, since you shouldn’t have any genuinely sensitive data that you need to secure if it’s just for testing and demonstration.
It was a project requirement, PHI was processed by it, so yes, it needed a secure connection. I now realize I should have used mutual auth, but hey, I only learned about that after that project
We never sent actual data to it (the actually sensitive data used for training never left a secure VM), but the point of the course was to act like we were. Plus, setting up an nginx reverse proxy is simple, setting it up and getting certs from some ssl commands is a 10 minute task that appeases the project manager/professor with minimal effort.
deleted by creator
I’ll be honest, I’ve had times where there’s the “simple” solution, and “the solution I remember off the top of my head”, and 10/10 the one that’s happening is the one that I remember because I just did it last week.
I have no desire to google the arguments for self signing a cert with openssl, and I cannot remember which webserver wants the cabundle and the public cert in the same file. If I had done it even kinda recently I’d still remember what to poke in the certbot config.
If you have no desire to do rudimentary googling for a group project in college, that sounds like you aren’t a very helpful teammate. Last time I generated certs I used the first stack overflow result and was done in minutes, there’s no excuse.
This is confusing to me, because the point of the request seems to be “get a certificate”, not “get a self signed certificate generated by running the openssl command”. If you know how to get the result, it doesn’t really matter if you remembered offhand the shitty way or the overkill way.
Is it really more helpful to say “I remember how to do this, but let me lookup a different way that doesn’t use the tools I’m familiar with”?
Okay, I may be the stupid one here. But after a quick search, I don’t see an obvious way to generate self-signed certs using certbot. Even letsencrypt’s own website suggests using openssl.
Just say no if you don’t want to do something. I don’t understand why people think fucking shit up in the guise of helping is more acceptable than admitting that you can’t (or maybe just don’t want to) do something.
Do you think that, in this example, using certbot is fucking shit up, or breaking something?
The thing about overkill is that it does work. If you’re accustomed to using a solution in a professional setting, it’s probably both overkill and also vastly more familiar than the bare minimum required for a class project that would be entirely unacceptable in a professional setting.
In OPs anecdote, they did get their certificates, so I don’t quite see your “intentionally fucking things up” claim as what’s happening.
To me, (and it seems for OP as well), installing snap on RHEL in itself is fucking things up.
You can say what you want i still prefer appimages to snaps, old school windows stile ftw
If any of you pure Linux guys ever get a virus that installs windows, that’s going to be the funniest shit ever.
Pipes a script from the web in bash whitout checking:
Reboots to see the windows logo come up
two sentence horror story
They’d be looking like that one chick from the 2016 election that screamed Noooooo!
That would be a very interesting virus.
That sort of reminds me of the FBI patching compromised systems after they take over a botnet.