152
linuxxx
7y

When someone beats the level of stupidity you thought was possible.

No, when you request a Let's Encrypt certificate, you DON'T fill in YOUR OWN NAME in the "Common Name" field 🤦

Also, it explains right next to the fucking field that non-experienced users SHOULDN'T ALTER THE FUCKING VALUE.

😷

Comments
  • 5
  • 47
    I have established that half the people who use computers, can't read.
  • 5
    Facepalm :)
  • 7
    But I'm experienced/special!!
  • 12
    Non experienced users usually either don't read or think they are experienced.
  • 22
    Certificate: Enter your common name

    User:
    CNAME=John J. Jones;

    Web browser:
    *www.johnjones.com*

    This website is unsafe, Internet Explorer can’t verify the veracity of the website. Why are you still using Internet Explorer? Contact your system administrator. He will beat you with a rusty pipe until you learn how DNS works.
  • 4
    @Diactoros this so much
  • 1
    @LucaScorpion that's what I just said so u r .... ?
  • 2
    Fuck. I think I put my name when I set up letsencrypt
  • 7
    @linuxxx About beating the level of stupidity you thought possible I have to quote a classmates who will be getting a cs degree the summer: To secure our site we use https without any ssl or tls...

    I honestly could not keep my shit together after that
  • 6
    @needToRoll xD. Yeah let's use https without the protocols on which it relies, sounds like a plan! 🤦
  • 5
    @linuxxx you know the guy will be certified as a professional developer within 3 months.

    And let’s say this is not the only mistake of this kind
  • 5
  • 1
    How was the field named in the code? If it's something too plain along the lines of "name", maybe some autofill when the client put in some other details?
  • 0
    @Flygger it's not a client app... Just basic fundamentals of setting up SSL.
  • 1
    A lot of people don't know how to set up SSL properly... Or how certificates work for that matter.. so they probably interpreted 'experienced' as "I know IT stuff!"
  • 1
    @deMark exactly... There seems to be an endless supply of people who think that because they can use Linux somewhat fluently they know how to be a system admin. SSL, DNS and email systems are just a few of the things that very often trip up these people who consider themselves 'system admins' just because they can cat or tail -f some log files and pipe ps aux thru grep... I don't like to knock anyone for trying, but there's a huge disconnect between reality and abilities. I saw a guy on reddit recently asking how he could find a job using Arch Linux because he 'recently installed it and loves using it'.... Running a desktop Linux system is great, and I love Arch, but it's just insane that someone can make the jump from 'i enjoy this desktop Linux system' to 'since I can use said Linux desktop system I must be ready for a system administrator career'... How does one believe they are valuable to society just because they can use an OS? Kind of a side rant there, sorry haha
  • 0
    @agaskins and sorry to pick on Linux... I use it almost exclusively, I'm not in any way bashing it! I just feel that it sometimes blows people's egos and confidence up to unrealistic levels... Which causes these problems with people not knowing what common names in SSL are, or setting up DNS servers when all they needed was the dig command, or leaving email servers as open relays... That said, I'm glad it becoming more mainstream, and I suppose it's better to deal with these problems people create than to not have people pushing themselves... Or is it? Does it just devalue us? Making it seem as though everyone is an expert makes us less valuable in the market... But maybe the market isn't the most important thing. I like the idea of an OpenSource community as a concept and basis for most of society... It just seems people need more wisdom in knowing the extents of their skills and when to ask the community for help rather than giving someone an SSL cert that is borked.
  • 2
    @ewpratten I have a hypothesis that 70% of the inhabitants of earth Are idiots
  • 0
    But it is my certificate and I put my name 😡

    Good luck dealing with that lol
  • 0
    @agaskins I know that part but didn't know if Let's Encrypt had a web form (or similar) for requests that might be the cause of a (for once) poor user who didn't know they even made a mistake?
    Merely exploring the possibility that they're not always 100 % to blame for things being wrong ;)
  • 0
    @SpaceBearOne but that definitely seems to work on my Android phone, so why wouldn't it on a Windows Vista desktop?!?
  • 0
    I've seen LE certificates that had the entire postal address of the site owner in the address :^)
Add Comment