- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
No, you're thinking of a palindrome. The anagram of "Plxr itgocot cx" would be "Notlob."
Admin
Admin
Most frequently, it is sorrowful, but, you know, the joyful kind of sorrowful.
Admin
A is a numeric character when you count in hex. Given that this is a programming site, that probably should have come up sooner.
Admin
Admin
Classic Nagesh could at least put a somewhat-decent sentence together, enough to convince some haters he was Indian, but not so much it screamed white-kid-from-suburbs-pretending-he's-Indian. Examples, from the "good old days".
I used to hate the old Nagesh. Now I sorta miss him. sniff
Admin
Memories...
Admin
Admins, please Please ban boog and frits, they making this site boring
Admin
Admin
Admin
Censursheep is bad.
Admin
Also ban Nagesh. Those 3 are worse than censursheep.
CAPTCHA: appellatio. No appeals for you
Admin
F5 F5 F5 F5 F5 F5 F5 F5 F5 F5 F5 F5 F5 F5...
PLEASE TALK TO ME, I'M SO ALONE!!!!!!! SO BITTERLY ALONE!!!!!!
Admin
Admin
Alex, I have been ouuted. Now what?
Admin
you dirty little twink. ;)
Admin
But before I'm banned, please do give me the chance to improve where I am lacking. Do you have any brilliant tips to make my comments as exciting and enriching as yours?
Admin
It's the only even number of sides for which there are no convex deltahedra (solid geometric figures with each face an equilateral triangle). I thought everybody knew that.
Admin
Admin
Fer chris's sake, be litle more wity.
Admin
Admin
Ok! Plz meke post with your adress in it.
Admin
Also, I'm not sure what you think wit is.
Admin
Car wash? Looks to me like the pump needs a wash!
Admin
Yesterday's thread was better. I don't even think most of these commenters today are nerds. I mean it's more like a bunch of loner weirdos around here. It's like I'm at a Social Distortion concert or something.
Admin
Now, why go to all that trouble when we can auto-draw $12,804.39 from the customer's account and earn interest on it while we accuse the customer of trying to rob us? It's just so much fun to watch the customer struggle, like a fly in a web; and we get paid for it, too!
Admin
Think extra-fat speaker cables.
Admin
Just.. just shut up.
You had me at hallo
Admin
I dont see the problem...
099705 - Actual Reading 100011 - Estimate 100345 - Estimate 100357 - Estimate 100014 - Actual 100231 - Estimate 100254 - Estimate
Granted the 345 -> 357 estimate seems a bit unsual, but that is about it...
Admin
Indeed. Imposing any size limit at all from the front-end is not technically possible. Sure you can restrict the size of the text box in the web form but that relies on enforcement by the client's browser. The client can easily greasemonkey that limit away.
Not to mention it's possible to submit a POST request to a webserver without using a "browser". You can use any one of the abundance of HTTP classes and wrappers in various languages and/or the socket API directly to submit data of any length and containing any characters to any webserver. Therefore, your server's back-end script must be able to handle arbitrary-length submissions of arbitrary-content gracefully, and not count on the (so called) "limits" imposed by the front-end.
The only real limit is that webservers are configured to cease processing requests after certain time and size limits, so if you make your password so huge that it encounters these webserver-imposed limits (i think 8MB is default on Apache), then the script will exit.
Bottom line:
(1) Websites that restrict password fields to exceptionally small values (like 14,20,etc characters) are probably coded poorly by someone who doesn't know how things work, and it's a sign to a Pen Tester that there may be other exploitable vulnerabilities.
(2) Even if your password was the unabridged works of William Shakespeare, when it's hashed it will only be 40 characters long, so allowing long passwords does not impact database size whatsoever.
(3) Restricting fields to something like 255 characters through the front-end is reasonable, because even though it cannot stop people from POSTing larger data (as described above), it does preclude 99.9% of ordinary users from wasting your bandwidth.
(4) If you encounter a website that denies you from entering various "special" characters, you can be nearly certain that they are storing it as plain-text. Only a novice programmer would restrict "special" characters in order to preclude the use of control characters that could otherwise allow database injection. An experienced and security-minded programmer would utilize parametrized inputs to safeguard against injection. Not to mention that a hashed password as represented by a string, only contains numbers 0-9 and letters a-f.
CAPTCHA: saluto. I saluto you for recognizing this.
Admin
(nü′mer·ik ′kar·ik·tər ′set) (computer science) A character set that includes only digits and certain special characters, such as plus and minus signs and control characters.
Admin
Tell you what, why don't you shut up first, and if I like what I see then I'll try it too.
Admin
"I have heard of energy companies taking out millions of pounds from a customers bank account by direct debit"
Hah! I'd like to see them try... I can't even get $20 out of my account atm.
Admin
(Jon wrote) "This webform dares to ask a deep existential question: in which year was I?"
I don't think it's so much existential as technical (or maybe historical). When it asks, "In what month and year were you ?", it's wanting to know the settings that you used in your most recent time-machine excursion.
Admin
That's could be just after you suck my balls. And you will like that, for sure.
Admin
But Nagesh has overcome so many handicaps to get where he is today!
Admin
This is why I'm much more willing to give bank routing info to people who put money in my account than to people who take it out. There's a handful of places I still have to write checks to because they don't take online credit card payments (or charge a fee.) One of this is, sadly, the electric company.
Admin
How has no one suggested using the Unicode circled numbers for numeric characters?
(Also try: Japanese characters for one to ten, and their circled versions.)
Admin
Admin
Admin
That's easy: there is a buffer overflow bug in the password-handling code.
Admin
That's not a CAPTCHA; that's a wallpaper design for a child's bedroom.
Admin
I'm curious as to why a "smart" electricity meter would be using BCD to record usages. It's not relying on a gear train for display, is it?
Admin
Password enforcement can be so annoying and sometimes results in worse passwords than I would normally do. E.g. TD-Canada Trust Bank specifies [A-Za-z0-9]{5,9} -- Seriously WTF? No underscores or spaces?
Admin
Write something about clever horse staple, link to xkcd. Get 4 or 5 comments that xkcd is not funny. Another 26 discussing the entropy of password complexity requirements. Successful troll is successful.
Admin
It can be easily fixed by just truncating any password characters beyond 14.
Admin
Hang on, let me go get my TARDIS and check.
Admin
That's tarded joke
Admin
Admin