• thirteene@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    1
    ·
    2 months ago

    As someone who creates custom domain name applications, FUCK THEM WITH A PINEAPPLE SPIKY SIDE FIRST. This problem is on par with timezones for needless complexity and communication disasters. Companys and advertisers are now adding man in the middle certs for additional data collection/visibility. If the ciphers not cracked, changing the certs exposes significantly more failure, than letting one get a little stale.
    Sysadmin used slam! It’s super effective!

    • lennivelkant@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      3
      ·
      2 months ago

      Unrelated to the topic, but I deal with a database storing timestamps.

      In local time.

      For systems all around the world.

      You’ll see current entries timestamped 12:28 from eastern Europe followed by ones 6:28 from America and then another 11:28 from central Europe.

      Without offset.

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        4
        ·
        2 months ago

        Ew. Just store UTC timestamps and do optional translation on the client using whatever the client sets up for their timezone. It’s not hard…

        • lennivelkant@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          2
          ·
          2 months ago

          Oh believe me, I would change some things about that database if I could. Alas, I’m just the analyst building data models from it.

          (To be fair, it’s otherwise easy to work with and for most use-cases, it doesn’t matter since they’re aggregated per month anyway, so I just load the last month’s data on the 2nd of each month. I definitely have worse patients to operate on.)

      • thirteene@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        2 months ago

        Mostly customer provided certs, high end clients make all kinds of stupid requests like the aforementioned man-in-the-middle chain sniffers, clients that refuse DNS validation, clients that require alternate domains to be updated regularly. Management is fine for mywebsite.com, but how are you solving an EV on the spoofed root prod domain, with an sso cert chain for lower environments on internal traffic that is originally provided by a client? And do you want the cs reps emailing each other your root cert and (mistakingly) the key? I’ve been given since SCARY keys by clueless support engineers. I don’t want to do this every 3 months.

          • thirteene@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            2 months ago

            Sounds like you don’t do contact negotiations, if someone will pay 2 million to appear on their root domain, you’ll sit down and figure it out for a couple hours.

            • sugar_in_your_tea@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              1
              ·
              2 months ago

              Yes, I don’t, and I would honestly like to understand what use-case these customers are trying to solve. Because there’s a very good chance that they can get their preferred outcomes with a lot less manual work.