<ocdtrekkie>
Once you visit an official Asus website once, their router.asus.com redirect on routers is permanently broken, which is how they tell consumers to find their router admin UI.
<TimMc>
Love it.
<ocdtrekkie>
I am strongly considering trying to write an internet draft to fix HSTS.
<TimMc>
I agree with Rysiek that the problem isn't with HSTS in this scenario...
<TimMc>
But HPKP, now *there* was a bad idea.
<ocdtrekkie>
The problem with HSTS is summarized by a single clause "no user recourse"
<ocdtrekkie>
A browser which correctly implements HSTS as specified stops being a user agent, because it removes user agency.
<TimMc>
Oh, yeah, that part is a little dodgy.
<TimMc>
but only a little
<ocdtrekkie>
And it has no justification. The risk of bypassing a cert warning for an HSTS site and any other with an expired cert is no different, but the authors of HSTS chose to add a deliberate "$&@# you" to the user.
<ocdtrekkie>
The irony is, it insists you notify the admin of the site in question, but the admin of the site in question also cannot load the site, which is great since everyone's sites set certificates within said site.
xet7_ is now known as xet7
<ocdtrekkie>
I've worked with multiple site platforms which both enable HSTS and don't document a command line process to update the cert if it becomes invalid.
<xet7>
I feel stupid. O
<xet7>
I'm trying to fix something that has "easy" in it's name
<xet7>
Maybe I should use some more idiot proof programming language
mnutt has quit [Remote host closed the connection]
mnutt has joined #sandstorm
<TimMc>
ocdtrekkie: I'm not sure I've ever worked with a site where you upload the HTTPS certs in its own web interface.
<TimMc>
xet7: I spent basically an entire day trying to get Gradle, Kotlin, and ANTLR to play nice. After a great deal of churn and sticking a bunch of random stuff into my build.gradle.kts, I'm finally back to something almost identical to what I started with, but now it's working. -.-
<xet7>
TimMc: Yippee, you got it working !!!!
<xet7>
"sticking a bunch of random stuff" Yes, that's how I also code.
<xet7>
Making some change, checking does it work.
mnutt has quit [Remote host closed the connection]
mnutt has joined #sandstorm
<ocdtrekkie>
@TimMc You have at least one: Sandstorm :P Though we also have command line options.
<ocdtrekkie>
Most of the enterprise tools at work I use also have configuration entirely via the web UI, including cert import.
zarvox_ has quit [Ping timeout: 260 seconds]
<ocdtrekkie>
The certs we use internally need to roll over soon because of that maximum 12 month thing, and most business apps don't support Let's Encrypt. So I'm about to go through the whole cert update dance again.
<ocdtrekkie>
This account has to be like... doing... something... right?
<isd>
Yeah saw that. I assume somebody fat-fingered and accidentally opened the issue, then immediately closed it.
<isd>
Or it's doing something weird where it's inflating its issue count.
<ocdtrekkie>
It's their first/only issue.
<isd>
The account is a month old and has some commits -- probably just a fat-fingering.
<isd>
happens
<ocdtrekkie>
shrug
<TimMc>
At work we had someone who opened like 12 nearly identical PRs on one of our (open source) repos and who wouldn't respond to questions. I think we eventually just had to block them?
mnutt has quit [Remote host closed the connection]
mnutt has joined #sandstorm
mnutt has quit [Remote host closed the connection]