Wondering Why Your Internal .dev Web App Has Stopped Working?

Kieren McCarthy, writing for The Register: Network admins, code wranglers and other techies have hit an unusual problem this week: their test and development environments have vanished. Rather than connecting to private stuff on an internal .dev domain to pick up where they left off, a number of engineers and sysadmins are facing an error message in their web browser complaining it is "unable to provide a secure connection." How come? It's thanks to a recent commit to Chromium that has been included in the latest version of Google Chrome. As developers update their browsers, they may find themselves booted out their own systems. Under the commit, Chrome forces connections to all domains ending in .dev (as well as .foo) to use HTTPS via a HTTP Strict Transport Security (HSTS) header. This is part of Google's larger and welcome push for HTTPS to be used everywhere for greater security.

Fuck off with this security bullshit.

We got hit by this, and promptly rolled back our browser versions. They're internal fucking development systems for fuck's sake, they're allowed to be insecure if **WE** want them to be.

I'm so sick and tired of dealing with this fucking nanny state of modern day technology where some dipshit developer thinks they know best, and they're just going to outright disable a feature that worked perfectly fine before.

So on behalf of all the developers at my company, fuck you Google. Keep it up, and we'll actually be inclined to go out of our way to strip out your shit and replace it with something else (which I'm told we're probably doing, given the lack of options to override this behaviour).

Re:Fuck off with this security bullshit.

[ripvlan]

Sorry but my sympathy is thin on this topic -- this is DNS 101. This isn't Google forcing you to be secure. Don't use a domain name you don't own.

I think most of us know about the IP block 10.x and 192.168.x.x --- and I know not to use somebody else's IP range (e.g. don't use 3.x.x.x) And I knew enough about DNS not to make domains up - we had the same need years ago, private domain for testing, and I was stumped until somebody showed me that .local was reserved for this purpose so we built out a QA lab using it. Along with 10.x addresses (some of which are internally routable by some companies -- make sure to check on that too- this would be internal IT strategy).

Seriously - it would be like attempting to create a subdomain under mypc.xxx.microsoft.com It might work for a bit but shouldn't.... so don't do it.

Okay - maybe the .dev was unassigned until a few years ago. You should plan on migrating to a reserved entry.

Re: Did the cool-aid taste good?

[Zero__Kelvin]

Bullshit. There is plenty of reason to use HTTPS and eschew HTTP. For one thing it eliminates the need to explain to laypersons, which is most people, how to tell the difference. This reason alone justified it. Worries about snooping and government spying are just icing on the cake.