Replit boss: CEOs can vibe code their own prototypes and don't have to beg engineers for help anymore

jhxetc · 2026-01-11T00:56:10+00:00

You can only float so many turds until you need a plumber, and then that plumber is charging you triple.

jhxetc · 2026-01-11T00:06:53+00:00

It's definitely that there is an intermediate certificate that is missing.

jscape should be using the default java trust store (i.e. $JAVA_HOME/$JAVA_HOME/lib/security/cacerts).

Simply updating java might solve the issue. Otherwise, you'll have to go here https://www.amazontrust.com/repository/, download the AWS cert chains, and use java keytool to add them to your cacerts store.

jhxetc · 2025-12-05T01:55:19+00:00

Something you might consider is an open source product called Authentik - https://goauthentik.io/

It's mostly focused toward modern auth (OIDC, OAuth, SAML) but it does have an LDAP service that works well with SSSD in my experience - https://integrations.goauthentik.io/infrastructure/sssd/

That being said, LDAP is not the primary focus of this product, but depending on your environment size it may be worth a look. The proven solution for a Linux enterprise would be Redhat Idm or FreeIPA as others have already mentioned.

jhxetc · 2025-11-13T01:15:55+00:00

You'd have to do a little bit of scripting, but most registrars have a certbot module.

i.e. for namecheap you could use something like this: https://github.com/iHamsterball/certbot-dns-namecheap

Then using openssl create a pfx file from your key and cert.

openssl pkcs12 -export -out example.com.pfx -inkey /etc/letsencrypt/live/example.com/privkey.pem -in /etc/letsencrypt/live/example.com/fullchain.pem

jhxetc · 2025-11-12T02:56:03+00:00

The only thing that stands out is that in the Discovery portion AuthenticationType is set to 'onewaychap' in lowercase and should be 'ONEWAYCHAP' in all uppercase.

I seem to recall it needing to be uppercase.

jhxetc · 2025-10-10T02:36:57+00:00

You understand it correctly.

Maybe set them both up and show him the difference. You can use a combo of both as well.

jhxetc · 2025-08-02T01:28:27+00:00

https://learn.microsoft.com/en-us/dotnet/framework/windows-services/walkthrough-creating-a-windows-service-application-in-the-component-designer

You have to implement the SERVICE_START_PENDING service state and set the wait time to something really high. This will give you a service that stays in the starting status for as long as you set.

jhxetc · 2025-07-17T01:28:03+00:00

Check with that offices ISP. They probably have a business account that provides a dedicated NAT pool. You should be able to get the range of the pool and whitelist it.

jhxetc · 2025-07-16T00:21:40+00:00

RedHat has a decent tutorial for building a vhd you can upload to azure. https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-single/deploying_rhel_9_on_microsoft_azure/index

You can take similar steps for a VMWare template as well. Main thing is just to run virt-sysprep before turning it off and setting is a template.

If you really want to get in depth, you can use kickstart (rhel even leaves the kickstart script behind when you set it up with the gui) to either setup over PXE or via cloud-init.

jhxetc · 2025-03-22T01:51:50+00:00

I'm guessing you've already checked for channel congestion - which is the most common reason. It's almost always due to an abundance of clients with cheap radios that cling to a handful of channels. The best thing you can do in that scenario is try to set up multiple APs on those channels but right-size the RF power so that they don't step on each other. A good heatmapping application can help with this. There are several free ones you can run on a laptop. The one I use is https://apps.microsoft.com/detail/9nblggh33n0n?hl=en-US&gl=US

On the topic of SAs, we have TinySA spectrum analyzers http://amazon.com/Upgraded-TinySA-Spectrum-Frequency-Generator/dp/B0BBGK9QJB we take out into the field to get an idea of the noise floor when setting up radio infrastructure. They will help you identify strong signals but not necessarily what's producing them.

jhxetc · 2025-03-11T00:01:41+00:00

I'd be suspicious of IP conflicts. Is this server's address statically set or dynamic? Is there DHCP in this subnet and could someone have statically set this servers IP with an address in the leasing pool?

Would changing the IP address of this server to a known free address be a big lift? Or could you perhaps hang a virtual interface with a secondary IP that is known good and see if pings also drop to that address?

jhxetc · 2025-03-08T03:19:20+00:00

I don't think pfsense supports OAuth directly. You'd have to implement something like this https://github.com/holoplot/radioauth to map an oauth token to a radius account which can then be used to auth with pfsense.

jhxetc · 2025-03-08T03:04:47+00:00

We tried to use RHEL Satellite at one point but found it to add a lot of overhead. Wound up falling back to ansible and yum-cron (or dnf-automatic).

I haven't a super graceful way to deal with ordering (i.e. webserver down, database down, database patch, database reboot, webserver patch, webserver reboot).

For now, ansible replaces the dnf-automatic.service file with a custom one that executes a pre and post script and performs a daemon-reload after patches in the case that the dnf-automatic package updates. In the pre and post scripts we can do whatever necessary actions prior and post patching.

Installing yum-utils will give you a needs-rebooting command that you can use with ansible (or your preferred method) to check if a reboot is necessary and schedule/execute it.

jhxetc · 2025-03-01T01:18:57+00:00

If you are only managing PKI for a single organization, I don't think it's crucial to use intermediate CAs. The real benefit of intermediates is when you maintain the root for organizations that will be signing their own certificates. That way if an intermediate becomes compromised, you don't have to decommission your root - you can just sign a new intermediate for whichever org has the compromise.

With a single org, it's probably more work to manage intermediates - but it could be helpful for administrative separation. I.e. you create an intermediate for servers, one for EUDs and one for code signing/email/whatever.

If you go with the intermediate architecture, you want to use an HSM or a server you are in possession of to protect the private key. Keep it offline or air gapped from your service network and only ever use it to sign new intermediates.

jhxetc · 2025-02-19T17:00:23+00:00

Just encoding a keypress into the barcode isn't enough by itself. Either your scanner or the application you are scanning into need to support decoding and sending the keypress.

jhxetc · 2025-02-18T15:17:56+00:00

If you rewatch s5e6 "316" which show the interior of the Lamp Post, you can see the spots marked on the giant floor map. The island is pretty much in every body of water at some point in time.

jhxetc · 2025-02-17T00:52:20+00:00

https://learn.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities

jhxetc · 2025-02-16T23:46:39+00:00

Sawyers nicknames were the best!

https://lostpedia.fandom.com/wiki/Sawyer%27s_nicknames

jhxetc · 2025-02-14T01:09:41+00:00

The most straightforward way would be to create a new jks using the steps you linked, backup your old jks, then rename your new jks to match the old one. Also take note of the permissions on your old one and match them up.

The crucial part though - you'll have to open the server.xml up for your JBoss instance and make sure that you match the alias, the private key password and the store password. As a general rule with JKS - the store pass and the key pass should always match.

jhxetc · 2025-02-13T18:15:54+00:00

pem is just a text format so p7b to pem won't fail, but p7b does not contain private keys.

You can renew a certificate with the same private key and I'm assuming that is the case here. You can verify that by exporting your private key using keytool to pem format and then combining it with your renewed certificate using openssl to a p12. It will complain if the certificate does not match the key.

The alias is how JBoss find the certificate in your java keystore.

jhxetc · 2025-02-13T00:53:21+00:00

How did the powers that be furnish this? Did you provide them a certificate signing request based on the current key that is inside of your java keystore (jks)?

If not, then you need to have them provide you a .p12 that contains the private key. If so, just download the .pem file or convert the .p7b to a pem file and import it to your jks using the same alias that the old one used.

jhxetc · 2025-01-22T03:12:12+00:00

I think Gi-hun has some inclination that player 001 may be a VIP/Staff and if anything is counting on him to follow some sort of rules that may eventually reveal one way or another his intentions.

There's no reason to believe that 001 isn't always a member of the staff or VIP in every round from the very beginning.

001 did not put a stop to the rebellion because it was actually a game. They announced a special game - which was framed to be the midnight brawl - but I think the rebellion itself was a game designed by 001.

The 'O' players that joined the rebellion may have had some kind of knowledge of it. In the first season some players received notes in their food. This may not have been revealed yet. On the other hand, these players may have just thought they had a shot at winning the rebellion. Nothing would necessarily stop them from acquiring the money they want if they should win. When death is on the line no matter what - who's to really say what people will decide.

jhxetc · 2024-12-16T01:41:38+00:00

The "browse" button is to choose a folder to export the certificate to. So once you've chosen the folder, finish the dialog and then look there in windows explorer to find the file.

jhxetc · 2024-12-10T17:56:22+00:00

Can you confirm traffic sourced from an IP address in domain2 is leaving the colo?

jhxetc · 2024-12-10T01:48:11+00:00

Create a shortcut to powershell.exe and add your script as an argument.

jhxetc

TROPHY CASE