|
Sniep posted:well, a good use of self signed in the wild is intranet/corp poo poo where they run a CA and push the root to alt heir machines like i said earlier. but that's about it. it has already been pointed out that this is not an example of a self-signed cert. it's just a non-standard CA. with that out of the way, people don't run internal CAs anymore. too much effort we live in the age of byod. workers have smartphones, tablets, and unmanaged laptops that all need to be able to reach intranet applications. nobody can manage installing and revoking CA certs for a dozen versions of a half-dozen platforms (windows, osx, linux, android, ios, winpho, blackberry). it's just way too fuckin hard given the choice between accidentally training everyone to ignore ssl errors 100% of the time, and just spending money for public certs on internal services, most people choose to spend a few bucks
|
#
?
Nov 19, 2014 16:36
|
|
|
|
| # ? May 29, 2023 04:07 |
|
|
byod is dumb
|
|
#
?
Nov 19, 2014 16:39
|
|
|
also you would only need a public cert for the external endpoint the byods come in on and then any work they do from then on would be on internal machines which have your own roots. unless u r suggesting you let them store sensitive company materials on their personal, virus infested clunkers.
|
|
#
?
Nov 19, 2014 16:54
|
|
|
how emblematic of linux in general is it that this thread devolves into caremad argument posting every 3 pages
|
|
#
?
Nov 19, 2014 16:54
|
|
|
ruby idiot railed posted:keep loving that chicken self-signed ssl stymie Shameful ssl posting itt.
|
|
#
?
Nov 19, 2014 16:56
|
|
|
this thread is like linux a pos
|
|
#
?
Nov 19, 2014 17:02
|
|
|
Shaggar posted:byod is dumb
|
|
#
?
Nov 19, 2014 17:24
|
|
|
Phoenixan posted:agreeing with shaggar. Shaggar was right
|
|
#
?
Nov 19, 2014 18:59
|
|
|
so is it just "deb" now
|
|
#
?
Nov 19, 2014 20:36
|
|
|
.
Sassafras fucked around with this message at 00:51 on Nov 25, 2014 |
|
#
?
Nov 19, 2014 20:40
|
|
|
Notorious b.s.d. posted:but that just moves the problem to dns. what the gently caress clients support secure dnssec reliably? who the gently caress publishes secure dns records? quote:; <<>> DiG 9.4.3 <<>> cia.gov ANY +dnssec  doesnt though. they also list please_set_email.absolutely.nowhere as their contact email :|
|
|
#
?
Nov 19, 2014 22:57
|
|
|
IPvSH6T posted:
I was once offered a government job admining an important (state) government server, using an obscure system I had never heard of. I had also never adminned a server of any kind. I was told, "You can just learn as you go. C'mon, you'll get long lunches and a nice salary! No one else here knows what they're doing anyway."
|
|
#
?
Nov 20, 2014 00:16
|
|
|
Jesus gently caress, everyone is wrong about PKI.
|
|
#
?
Nov 20, 2014 01:16
|
|
|
*complains about self signed certs* *sshes into newly created EC2 instance*
|
|
#
?
Nov 20, 2014 01:16
|
|
|
Zombywuf posted:*complains about self signed certs* *gets warning about unknown remote host because its insecure and could be mitm
|
|
#
?
Nov 20, 2014 01:18
|
|
|
*ignores warning and continues anyway*
|
|
#
?
Nov 20, 2014 01:22
|
|
|
I haven't read any of this thread except the last three pages and it's been a lot of careposting about CA infrastructure that we also discussed in the yossec thread the difference is that it was on topic in that thread and also didn't contain a bunch of idiot hell fuckers that don't understand the difference between a self-signed cert and a private CA and the conversation moved on within like four posts I came here to look at bad screenshots and maybe read arguments about sysv unit and systemd or maybe rpm and dpkg but noooooo
|
|
#
?
Nov 20, 2014 01:24
|
|
|
systemd sucks rpm sucks ssl sucks
|
|
#
?
Nov 20, 2014 01:26
|
|
|
all linuxes and unixes suck especially mac os ten dot ten
|
|
#
?
Nov 20, 2014 01:27
|
|
|
actually they are all Good is this really what u want  http://esr.ibiblio.org/?p=1046 http://esr.ibiblio.org/?p=1573 http://esr.ibiblio.org/?p=184 http://esr.ibiblio.org/?p=4270 http://scienceblogs.com/deltoid/2009/12/01/quote-mining-code/ http://www.catb.org/~esr/aim/ http://rationalwiki.org/wiki/Eric_S._Raymond
|
|
#
?
Nov 20, 2014 02:25
|
|
|
ESR is such a goddamn creep
|
|
#
?
Nov 20, 2014 02:29
|
|
|
Zombywuf posted:*ignores warning and continues anyway* mitm chances on initial login are infinitesimal and if the fingerprint ever changes ssh refuses to connect
|
|
#
?
Nov 20, 2014 02:39
|
|
|
yeah sslchat is pretty offtopic but every yospos thread eventually degenerates into foodchat anyway this one time i ate an entire jar of mayonnaise just spooning it out with my bare hand like an animal
|
|
#
?
Nov 20, 2014 04:03
|
|
|
that's extremely relevant to the desktop linux thread tho
|
|
#
?
Nov 20, 2014 04:53
|
|
|
linux is to oses as pineapple is to pizza toppings. for those with terrible taste
|
|
#
?
Nov 20, 2014 04:57
|
|
|
I put beans in chili
|
|
#
?
Nov 20, 2014 11:20
|
|
|
Kiwi Ghost Chips posted:mitm chances on initial login are infinitesimal and if the fingerprint ever changes ssh refuses to connect Clearly you've never worked with AWS. I make initial logins every day, hopefully no-ones hacked my router.
|
|
#
?
Nov 20, 2014 12:14
|
|
|
Mr Dog posted:yeah sslchat is pretty offtopic but every yospos thread eventually degenerates into foodchat anyway the most disgusting part is not making your own mayo
|
|
#
?
Nov 20, 2014 12:21
|
|
|
Zombywuf posted:the most disgusting part is not making your own mayo
|
|
#
?
Nov 20, 2014 14:08
|
|
|
Shaggar posted:also you would only need a public cert for the external endpoint the byods come in on and then any work they do from then on would be on internal machines which have your own roots. the terrible thing about byod is that you don't have a choice. people are gonna do what they're gonna do, and if you try to stop them from doing it, they just get mad as hell e.g. enterprise poo poo for ipad/iphone came about because executives were gonna use an ipad/iphone no matter what IT said. this happened in every fortune 500. IT mgmt had zero choice on the matter
|
|
#
?
Nov 20, 2014 14:59
|
|
|
i thought byod is what you call it when ppl browse facebook on their phones instead of being pissed off that it's blocked by websense on their pcs
|
|
#
?
Nov 20, 2014 15:16
|
|
|
Notorious b.s.d. posted:the terrible thing about byod is that you don't have a choice. people are gonna do what they're gonna do, and if you try to stop them from doing it, they just get mad as hell for ipads/iphones there are management tools so you can lock down their devices if they're on your network and since they're closed source you can trust them. w/ android or just a regular old laptop you aren't gonna be able to lock them down so your choice are don't allow them or let them be used as thin clients that access ur network thru a vpn and remote desktop/app virtualization
|
|
#
?
Nov 20, 2014 15:33
|
|
|
Mr Dog posted:i thought byod is what you call it when ppl browse facebook on their phones instead of being pissed off that it's blocked by websense on their pcs byod has 2 meanings 1) "Hey, im the ceo and I want my email on my personal iphone" 2) "hey, we aren't going to buy you a computer, but you can totally use your personal laptop to do your job!" 1 is legitimate and easy to handle securely in a few different ways. 2 is most often a sign of a bad company
|
|
#
?
Nov 20, 2014 15:35
|
|
|
even the case 1 byod is just mark down a "i told u so" somewhere, shrug, and move on :[
|
|
#
?
Nov 20, 2014 15:41
|
|
|
haven't read any of this thread but we're 100 pages in and the year is nearly over and I'm not getting a very good feeling about 2014 actually being the year of Linux on the desktop. good effort, though. better luck next year.
|
|
#
?
Nov 20, 2014 17:39
|
|
|
2014 is the year we just gave up on computers being secure
|
|
#
?
Nov 20, 2014 19:15
|
|
|
Notorious b.s.d. posted:the terrible thing about byod is that you don't have a choice. people are gonna do what they're gonna do, and if you try to stop them from doing it, they just get mad as hell *bing*bong* your dumb opinion is being paged to return to http://forums.somethingawful.com/showthread.php?threadid=3564747 *bing*bong*
|
|
#
?
Nov 20, 2014 19:52
|
|
|
Cocoa Crispies posted:*bing*bong* your dumb opinion is being paged to return to http://forums.somethingawful.com/showthread.php?threadid=3564747 *bing*bong* lol that thread current topic: all users a special snowflakes UGH
|
|
#
?
Nov 20, 2014 20:21
|
|
|
notorious bad poo poo dumbass
|
|
#
?
Nov 20, 2014 20:24
|
|
|
|
| # ? May 29, 2023 04:07 |
|
|
dsyp 
|
|
#
?
Nov 20, 2014 23:16
|
|