• MP79 (unregistered)

    I hope alex hasn't done the same thing or else the 32768th commentor is going to be annoyed :p

  • Accalia.de.Elementia (unregistered)

    Oh goddess, the gifs! They burns us! They burns us!

  • Warren (unregistered) in reply to MP79

    If an article gets to 32768 comments, Godwin's law will have been satisfied some time ago and you should probably stop reading and go to bed....

  • Helmet (unregistered)

    Everybody now ....

    "That's amazing! I've got the same combination on my luggage!"

  • Bridget (unregistered) in reply to Helmet
    Helmet:
    Everybody now ....

    "That's amazing! I've got the same combination on my luggage!"

    People still use luggage locks? I was under the impression that with the TSA that's just asking for trouble.

  • Noob (unregistered)

    Lol President Skroob, so appropriate

  • (cs) in reply to Bridget
    Bridget:
    Helmet:
    Everybody now ....

    "That's amazing! I've got the same combination on my luggage!"

    People still fly? I was under the impression that with the TSA that's just asking for trouble.

    FTFY

  • (cs)

    All together now: It doesn't matter if it's a string of digits. If you aren't going to use it for mathematical purposes, it isn't a number. It's not a PIN, nor an SSN. It's a PIDS or an SSDS. Personal Identification Digit String, Social Security Digit String, etc. And for a ZIP code or "code postal" (the name where I live (northern France) for the local equivalent), we don't even have the excuse of a name that contains the word "number".

    And if it isn't a number, don't take short cuts and store it in a data type meant for storing numbers.

    Bah.

    Back to work...

  • Accalia.de.Elementia (unregistered) in reply to PedanticCurmudgeon
    PedanticCurmudgeon:
    Bridget:
    Helmet:
    Everybody now ....

    "That's amazing! I've got the same combination on my luggage!"

    People still fly? I was under the impression that with the TSA that's just asking for trouble.

    FTFY

    Yeah, we still fly. Until we solve the problem of quantum indeterminacy direct matter teleportation is never going to be practical.

  • Anon (unregistered) in reply to Steve The Cynic
    Steve The Cynic:
    All together now: It doesn't matter if it's a string of digits. If you aren't going to use it for mathematical purposes, it isn't a number. It's not a PIN, nor an SSN. It's a PIDS or an SSDS. Personal Identification Digit String, Social Security Digit String, etc. And for a ZIP code or "code postal" (the name where I live (northern France) for the local equivalent), we don't even have the excuse of a name that contains the word "number".

    And if it isn't a number, don't take short cuts and store it in a data type meant for storing numbers.

    Bah.

    Back to work...

    Well in that case they knew it would be a 5 digit number, why make the indexing slower by using a string?

  • (cs)

    I bet they designed the system to store a 4-digit PIN identification number, then someone told them to change it to 5-digit, but they never revisited the data storage requirement.

  • Mike (unregistered)

    The default PIN was 12345.

    That's the combination to my luggage!

  • (cs) in reply to PedanticCurmudgeon
    PedanticCurmudgeon:
    Bridget:
    Helmet:
    Everybody now ....

    "That's amazing! I've got the same combination on my luggage!"

    People still fly? I was under the impression that with the TSA that's just asking for trouble.

    FTFY
    Of course, perhaps the TSA would take an interest in cross-border passenger rail travel as well, if there was a meaningful amount of it in North America. I live about a mile from a railway station where I can catch trains that go non-stop to three different countries's capital cities. (Gare Lille Europe, which is a stop on the Eurostar services that link London, Paris, and Brussels.)

    The Schengen Agreement being what it is, a few years back when I travelled by trains from London to Amsterdam, travelling through the UK, France, Belgium, and Holland, I had to show my passport only once, when I got on Eurostar in London. Can you imagine the sort of fun that the TSA would have with a journey like that?

  • (cs) in reply to Steve The Cynic
    Steve The Cynic:
    All together now: It doesn't matter if it's a string of digits. If you aren't going to use it for mathematical purposes, it isn't a number. It's not a PIN, nor an SSN. It's a PIDS or an SSDS. Personal Identification Digit String, Social Security Digit String, etc. And for a ZIP code or "code postal" (the name where I live (northern France) for the local equivalent), we don't even have the excuse of a name that contains the word "number".

    And if it isn't a number, don't take short cuts and store it in a data type meant for storing numbers.

    Bah.

    Back to work...

    no, everything is a number and should be stored as a double, even your firstname, surname, SSN and ethnicity.

  • (cs) in reply to Anon
    Anon:
    Well in that case they knew it would be a 5 digit number, why make the indexing slower by using a string?
    Um, because it was a string, not a number?

    Here, have a "Shazzam!" (that's like a "Whoosh!", but for when a serious subject escapes you). A PIN isn't a number. They may have "known" it was a 5 digit number, but they were wrong.

  • My name is unimportant (unregistered) in reply to Steve The Cynic
    Steve The Cynic:
    All together now: It doesn't matter if it's a string of digits. If you aren't going to use it for mathematical purposes, it isn't a number. It's not a PIN, nor an SSN. It's a PIDS or an SSDS. Personal Identification Digit String, Social Security Digit String, etc. And for a ZIP code or "code postal" (the name where I live (northern France) for the local equivalent), we don't even have the excuse of a name that contains the word "number".

    And if it isn't a number, don't take short cuts and store it in a data type meant for storing numbers.

    Bah.

    Back to work...

    Generally correct, except that the door keypad only contains digits, so you can imagine someone deciding that it is best stored as a number and not a string. I wonder how the length validation works. Can I set my pin number to 00001?

  • (cs) in reply to Cbuttius
    Cbuttius:
    no, everything is a number and should be stored as a double, even your firstname, surname, SSN and ethnicity.
    So I'm 2.15302967322874e-312 The 2.10951510178458e-312 now, am I?

    (Little endian IEEE doubles printed with %.15g, zero-padded.)

  • fa2k (unregistered) in reply to Steve The Cynic
    Steve The Cynic:
    All together now: It doesn't matter if it's a string of digits. If you aren't going to use it for mathematical purposes, it isn't a number. It's not a PIN, nor an SSN. It's a PIDS or an SSDS. Personal Identification Digit String, Social Security Digit String, etc. And for a ZIP code or "code postal" (the name where I live (northern France) for the local equivalent), we don't even have the excuse of a name that contains the word "number".

    And if it isn't a number, don't take short cuts and store it in a data type meant for storing numbers.

    Bah.

    Back to work...

    Yes! And while we're at it, let's use strings in IP headers. After all, we aren't doing math with them. In fact, we should encode IP headers in XML, just to be sure.

  • (cs) in reply to My name is unimportant
    My name is unimportant:
    Generally correct, except that the door keypad only contains digits, so you can imagine someone deciding that it is best stored as a number and not a string. I wonder how the length validation works. Can I set my pin number to 00001?
    I imagine that's exactly how it happened. That doesn't make it a good idea. My statement was that they *shouldn't* have done that, not that they *didn't* do that.
  • Lance (unregistered) in reply to MP79

    That's the same combination that is on my luggage.

  • (cs) in reply to fa2k
    fa2k:
    Yes! And while we're at it, let's use strings in IP headers. After all, we aren't doing math with them. In fact, we should encode IP headers in XML, just to be sure.
    Actually, network infrastructure often *does* do bitwise maths with on-wire IP addresses (netmask calculations for routing decisions, etc.). This sort of flummery isn't needed for PIDSes, nor for SSDSes.
  • (cs) in reply to Steve The Cynic
    Steve The Cynic:
    Of course, perhaps the TSA would take an interest in cross-border passenger rail travel as well, if there was a meaningful amount of it in North America. I live about a mile from a railway station where I can catch trains that go non-stop to three different countries's capital cities. (Gare Lille Europe, which is a stop on the Eurostar services that link London, Paris, and Brussels.)

    The Schengen Agreement being what it is, a few years back when I travelled by trains from London to Amsterdam, travelling through the UK, France, Belgium, and Holland, I had to show my passport only once, when I got on Eurostar in London. Can you imagine the sort of fun that the TSA would have with a journey like that?

    Actually, the TSA has taken an interest in rail travel under what they're calling a pilot program. They've done random searches of people departing trains, and at highway rest stops. My theory is that they're testing our willingness to put up with arbitrary searches.
  • (cs) in reply to Accalia.de.Elementia
    Accalia.de.Elementia:
    Yeah, we still fly. Until we solve the problem of quantum indeterminacy direct matter teleportation is never going to be practical.

    Some consider that a problem; others, a bonus.

  • (cs) in reply to Bridget
    Bridget:
    People still use luggage locks? I was under the impression that with the TSA that's just asking for trouble.

    We now have the "TSA approved" locks, which guarantee that everyone will have the key to your luggage. So at least you don't have to worry about losing the key and spoiling your vacation.

  • (cs) in reply to Steve The Cynic
    Steve The Cynic:
    All together now: It doesn't matter if it's a string of digits. If you aren't going to use it for mathematical purposes, it isn't a number. It's not a PIN, nor an SSN. It's a PIDS or an SSDS. Personal Identification Digit String, Social Security Digit String, etc. And for a ZIP code or "code postal" (the name where I live (northern France) for the local equivalent), we don't even have the excuse of a name that contains the word "number".

    And if it isn't a number, don't take short cuts and store it in a data type meant for storing numbers.

    Bah.

    Back to work...

    I disagree... They should have stored it as a SMALLINT UNSIGNED. That way they could use values up to 65535. DOUBLE the security and STILL ONLY 2 BYTES!

  • Aaron Ortiz (unregistered)

    Security theater works, sadly...until a clever person comes along.

  • (cs) in reply to fa2k
    fa2k:
    Steve The Cynic:
    All together now: It doesn't matter if it's a string of digits. If you aren't going to use it for mathematical purposes, it isn't a number. It's not a PIN, nor an SSN. It's a PIDS or an SSDS. Personal Identification Digit String, Social Security Digit String, etc. And for a ZIP code or "code postal" (the name where I live (northern France) for the local equivalent), we don't even have the excuse of a name that contains the word "number".

    And if it isn't a number, don't take short cuts and store it in a data type meant for storing numbers.

    Bah.

    Back to work...

    Yes! And while we're at it, let's use strings in IP headers. After all, we aren't doing math with them. In fact, we should encode IP headers in XML, just to be sure.

    But you do use math on ip addresses. Or at the very least comparison and masking. Do you know how slow the internet would run if all your network equipment had to parse out a string to figure out where the next hop was? Its just plain too inefficient to justify on that scale.

  • Dotan Cohen (unregistered) in reply to Steve The Cynic

    And how should I represent that string of digits in PHP or Python? Of course, TRWTF are weakly-typed languages.

  • 6 (unregistered) in reply to Steve The Cynic
    Steve The Cynic:
    Cbuttius:
    no, everything is a number and should be stored as a double, even your firstname, surname, SSN and ethnicity.
    So I'm 2.15302967322874e-312 The 2.10951510178458e-312 now, am I?

    (Little endian IEEE doubles printed with %.15g, zero-padded.)

    I am not a number, I am a free man!
  • (cs) in reply to Cbuttius
    Cbuttius:
    Steve The Cynic:
    All together now: It doesn't matter if it's a string of digits. If you aren't going to use it for mathematical purposes, it isn't a number. It's not a PIN, nor an SSN. It's a PIDS or an SSDS. Personal Identification Digit String, Social Security Digit String, etc. And for a ZIP code or "code postal" (the name where I live (northern France) for the local equivalent), we don't even have the excuse of a name that contains the word "number".

    And if it isn't a number, don't take short cuts and store it in a data type meant for storing numbers.

    Bah.

    Back to work...

    no, everything is a number and should be stored as a double, even your firstname, surname, SSN and ethnicity.

    "I am not a number, I am an alphanumeric string!" (with apologies to The Prisoner)

  • (cs) in reply to 6
    6:
    Steve The Cynic:
    Cbuttius:
    no, everything is a number and should be stored as a double, even your firstname, surname, SSN and ethnicity.
    So I'm 2.15302967322874e-312 The 2.10951510178458e-312 now, am I?

    (Little endian IEEE doubles printed with %.15g, zero-padded.)

    I am not a number, I am a free man!

    Drat, someone beat me to it. Apologies for ruining the joke.

  • (cs) in reply to PedanticCurmudgeon
    PedanticCurmudgeon:
    Actually, the TSA has taken an interest in rail travel under what they're calling a pilot program. They've done random searches of people departing trains, and at highway rest stops. My theory is that they're testing our willingness to put up with arbitrary searches.
    My one real encounter with TSA madness was in New York in 2006, and I fought down the very real urge to park my butt on the floor at the search/scan desk at JFK while I put my shoes and belt back on. I thought better of this cunning plan, and wandered about 30 feet into the concourse beyond before doing it.

    Of course, trying to leave the US via Honolulu airport on 15 September 2001 wasn't such fun. Did you know that there's nothing whatsoever to do there in the middle of the night? I didn't, until I had to wait an extra six hours for my flight to arrive...

  • (cs) in reply to 6
    6:
    I am not a number, I am a free man!
    No, no, it's "I am not a digit string, I am a free man!"
  • T'Prisoner (unregistered) in reply to Steve The Cynic
    Steve The Cynic:
    It doesn't matter if it's a string of digits.

    I am a free string of digits, not a number

  • Accalia.de.Elementia (unregistered) in reply to oheso
    oheso:
    Accalia.de.Elementia:
    Yeah, we still fly. Until we solve the problem of quantum indeterminacy direct matter teleportation is never going to be practical.

    Some consider that a problem; others, a bonus.

    If you say so.

    I teleported home one night With Ron and Sid and Meg. Ron stole Meggie's heart away And I got Sidney's leg.

  • Nagesh (unregistered) in reply to Steve The Cynic
    Steve The Cynic:
    All together now: It doesn't matter if it's a string of digits. If you aren't going to use it for mathematical purposes, it isn't a number. It's not a PIN, nor an SSN. It's a PIDS or an SSDS. Personal Identification Digit String, Social Security Digit String, etc. And for a ZIP code or "code postal" (the name where I live (northern France) for the local equivalent), we don't even have the excuse of a name that contains the word "number".

    And if it isn't a number, don't take short cuts and store it in a data type meant for storing numbers.

    Bah.

    Back to work...

    Stop beating dead horse, madarchod.

  • fa2k (unregistered) in reply to Steve The Cynic
    Steve The Cynic:
    fa2k:
    Yes! And while we're at it, let's use strings in IP headers. After all, we aren't doing math with them. In fact, we should encode IP headers in XML, just to be sure.
    Actually, network infrastructure often *does* do bitwise maths with on-wire IP addresses (netmask calculations for routing decisions, etc.). This sort of flummery isn't needed for PIDSes, nor for SSDSes.
    You're right of course. I still hold that it's useful to store numbers in some cases to save storage, but can't think of any. E.g. storing "Male" or "Female" 6 million times takes on average 3 GB + something to indicate the string length, but if they stored it in a 32-bit int, it would use 2.4 GB, so there's not a huge difference. I'll probably think of a good example 2 min after I submit this :(
  • TK (unregistered) in reply to Dotan Cohen
    Dotan Cohen:
    And how should I represent that string of digits in PHP or Python? Of course, TRWTF are weakly-typed languages.
    No worries for Python; it's a strongly (but dynamically) typed language.

    Perhaps you were thinking of Perl?

  • (cs) in reply to Bridget
    Bridget:
    Helmet:
    Everybody now ....

    "That's amazing! I've got the same combination on my luggage!"

    People still use luggage locks? I was under the impression that with the TSA that's just asking for trouble.

    You get the type that the TSA can open with master keys.

    All a luggage lock accomplishes is makes it more likely the bad guy will go after someone else's bag instead of yours, thus such a lock is still useful.

  • Mr.Bob (unregistered) in reply to Steve The Cynic
    Steve The Cynic:
    All together now: It doesn't matter if it's a string of digits. If you aren't going to use it for mathematical purposes, it isn't a number. It's not a PIN, nor an SSN. It's a PIDS or an SSDS. Personal Identification Digit String, Social Security Digit String, etc. And for a ZIP code or "code postal" (the name where I live (northern France) for the local equivalent), we don't even have the excuse of a name that contains the word "number".

    And if it isn't a number, don't take short cuts and store it in a data type meant for storing numbers.

    Bah.

    Back to work...

    I'll agree part way. Variables that are integer in nature can use integer data types; there are many good reasons to do so, keeping in mind the limitations of under- and over-flow for the word size (as in the story).

    But in the case of postal codes, telephone numbers, and other free-form fields, integers are not the correct tool for the job.

  • Ozz (unregistered) in reply to Accalia.de.Elementia
    Accalia.de.Elementia:
    PedanticCurmudgeon:
    Bridget:

    People still fly? I was under the impression that with the TSA that's just asking for trouble.

    FTFY

    Yeah, we still fly. Until we solve the problem of quantum indeterminacy direct matter teleportation is never going to be practical.

    I no longer fly because I work as a firearms instructor on the side. Virtually everything I have will have traces of explosives on it.
    I prefer to drive anyway - as a concealed carry license holder I don't like to disarm...

  • robert (unregistered)

    The alarm didn't go off late. Bill just hit "snooze" a few times to many that morning.

    Why do people always blame technology for their own fuck-ups?

  • Jake (unregistered) in reply to My name is unimportant

    "you can imagine someone deciding that it is best stored as a number and not a string", sure. But if you can't perform basic arithmetic on it, it's not a number. You can't logically add a PIN to another PIN and get sensible results, therefore it should be stored as a string.

  • (cs) in reply to Steve The Cynic
    Steve The Cynic:
    My one real encounter with TSA madness was in New York in 2006, and I fought down the very real urge to park my butt on the floor at the search/scan desk at JFK while I put my shoes and belt back on. I thought better of this cunning plan, and wandered about 30 feet into the concourse beyond before doing it.
    Things have gotten a bit worse since then. Now you have your choice of a body scan that may or may not cause cancer according to who you believe or a patdown that would be considered sexual assault if done by anyone other than a TSA agent.
  • Born Texas Proud (unregistered) in reply to Ozz
    Ozz:
    I no longer fly because I work as a firearms instructor on the side. Virtually everything I have will have traces of explosives on it.
    I call bullshit. You can check firearms at all airports. Any firearms instructor would know that.
  • Kalirion (unregistered) in reply to Born Texas Proud

    What does checking firearms have to do with submitting to a cavity search because some sniffer didn't like how your clothes smell?

  • Joe (unregistered) in reply to Loren Pechtel
    Loren Pechtel:
    Bridget:
    Helmet:
    Everybody now ....

    "That's amazing! I've got the same combination on my luggage!"

    People still use luggage locks? I was under the impression that with the TSA that's just asking for trouble.

    You get the type that the TSA can open with master keys.

    All a luggage lock accomplishes is makes it more likely the bad guy will go after someone else's bag instead of yours, thus such a lock is still useful.

    Such a luggage lock will also accomplish its primary function: Keep the zipper pull from moving (opening the zipper) as the bag travels through various mangling stations around the airport.

    --Joe

  • (cs) in reply to Loren Pechtel
    Loren Pechtel:
    Bridget:
    Helmet:
    Everybody now ....

    "That's amazing! I've got the same combination on my luggage!"

    People still use luggage locks? I was under the impression that with the TSA that's just asking for trouble.

    You get the type that the TSA can open with master keys.

    All a luggage lock accomplishes is makes it more likely the bad guy will go after someone else's bag instead of yours, thus such a lock is still useful.

    In case you hadn't noticed, the TSA are the bad guys.

  • Anonymous Coward (unregistered) in reply to MP79

    Certainly 32,767 comments ought to be enough for anybody.

  • Mr.Bob (unregistered) in reply to Loren Pechtel
    Loren Pechtel:
    Bridget:
    Helmet:
    Everybody now ....

    "That's amazing! I've got the same combination on my luggage!"

    People still use luggage locks? I was under the impression that with the TSA that's just asking for trouble.

    You get the type that the TSA can open with master keys.

    All a luggage lock accomplishes is makes it more likely the bad guy will go after someone else's bag instead of yours, thus such a lock is still useful.

    The TSA keys are too wide spread to rely on using any of these locks for security; they are pretty much useful only as a backup to help keep your bag shut. Want your own key that can open any TSA lock? Buy any TSA-approved lock, take it home and make a key that opens it. Voila!

    See: http://download.security.org/tsa_luggage_locks_report.pdf

Leave a comment on “PIN Panic”

Log In or post as a guest

Replying to comment #:

« Return to Article