• (cs)

    Why would any given character not be "supported" in a particular position? That condition makes no sense at all.

  • (cs) in reply to DWalker59
    DWalker59:
    Why would any given character not be "supported" in a particular position? That condition makes no sense at all.
    Your question leads me to believe that you assume the code snippet is supposed to make sense, where in fact it doesn't. Your statement that it makes no sense is absolutely correct!
  • (cs) in reply to MarkJ
    MarkJ:
    DWalker59:
    Why would any given character not be "supported" in a particular position? That condition makes no sense at all.
    Your question leads me to believe that you assume the code snippet is supposed to make sense, where in fact it doesn't. Your statement that it makes no sense is absolutely correct!

    I was assuming that the methodology made some business sense, even if the code is a WTF. Perhaps I should not have assumed that...

  • noland (unregistered) in reply to whiskeyjack
    whiskeyjack:
    Dan:
    But how do you really feel?

    Eliza? Is that you?

    Captcha: abbas. They were OK, but Air Supply was better.

    Yes, it's me:

    <script
       type="text/javascript"
       src="http://masswerk.at/elizabot/elizabot.js">
    </script>
    <script type="text/javascript">
    
    var message = getRandomErrorFor( prompt( "Enter password:" ) );
    var eliza = new ElizaBot();
    
    while (true) {
       var line = prompt( message );
       if (line) {
          message = eliza.transform( line );
       }
       else {
          break;
       }
    }
    
    function getRandomErrorFor( word ) {
       var errno = Math.floor( Math.random() * 3 );
       switch (errno) {
          case 0:
             return "File not found."
          case 1:
             if (word && word.length) {
                var pos = Math.floor( Math.random() * word.length );
                return "Character \"" + word.charAt( pos )
                   + "\" in position " + pos
                   + " is not supported by an embedded system.";
             }
             else {
                return "Embedded system unable to process null-strings.";
             }
          case 2:
             return "Brillant, try again.";
       }
    }
    
    </script>
    
  • noland (unregistered) in reply to noland
    <script
       type="text/javascript"
       src="http://masswerk.at/elizabot/elizabot.js">
    </script>
    
    Sorry, gorgot to embed the data-file. Head should be:
    <script type="text/javascript" src="http://masswerk.at/elizabot/elizabot.js">
    </script>
    <script type="text/javascript" src="http://masswerk.at/elizabot/elizadata.js">
    </script>
    
  • minim (unregistered) in reply to ideo
    ideo:
    WhatIf:
    So... What if somebody download the HTML page, points to the correct web address, and changes their password?
    What the hell are you talking about? The page is all smoky mirror. Oh, and btw, if you visited the page, you already downloaded it.
    WhatIf:
    For that matter, what happens if you run around changing random peoples passwords?
    Usually, that earns you a chat with the MiB. Sometimes, an all-inclusive vacation at some resort or other. Unfortunately, you can't leave the resort to check out the local scenery.
    WhatIf:
    Actually, that could be fun. Does the company have a directory of employees, and do they use their own software?
    Oh. Nevermind. I get it now:

    "Your a Moran™".

    So, 4chan is down.

  • minim (unregistered) in reply to ideo
    ideo:
    dposluns:
    To play devil's advocate: are we certain this is production code? The page was just "found" somewhere... it looks to me a lot more like a random experimentation page being used to check on and verify language features and ideas meant to be used in a less nonsensical version of the program.

    I've got several similar files littered around my harddrive, usually from when I'm working on a larger system and want to verify that a snippet of code or native language feature actually behaves the way I think it will. Sometimes I'll wind up building more temporary scaffolding around that snippet that doesn't do anything meaningful but maybe tests other similar concepts out (and is the kind of place where I might do similar random checks to simulate different kinds of outcomes). In that context there's nothing especially heinous about what's going on here... of course, we don't know if that's the case or not, but I can't imagine anyone ever ran this code expecting it to do anything other than randomly fail.

    Dan.

    Yeah, that's called a spike, and is totally valid, and a good point, Dan. Unfortunately,
    TFA:
    For nearly eighteen months, users had no way of changing passwords on their own; most would simply keep the password they had, while a select few would contact tech support to do it. It took quite a few support tickets to realize that the problem didn't exist between the keyboard and the chair, and it took development just as long to believe that there was a bug.
    You just don't get support tickets for spikes in random files littered on your hard drive these days.

    Well, I don't. Y MMV.

    You know, they're probably back up already.

  • anon (unregistered) in reply to LANMind
    LANMind:
    whiskeyjack:
    The trick is being diplomatic. In your email, give the benefit of the doubt and assume best possible scenarios, that way everyone else can draw their own conclusions about how far off the mark you are, without making you look accusatory.

    e.g. "Joe is being an ass and is ignoring my emails and refusing to give me the key" -- makes YOU look like a whining child.

    "Is Joe sick at home today? Or is he working on a really high priority project? Because I've been trying to get the key from him, and I haven't been able to get a response from him at all." -- makes everyone who has seen Joe in the office, and knows he's not working on anything super high priority, realize that he's being an ass.

    +1

    Not particularly revelatory, but it's sage enough to bear repeating.

    I think it is called "being passive-aggressive".

  • (cs)

    The worst part is that this completely sucks at being a facade. All it does is complain about invalid characters at random points in the string. I could make a better one.

    Behold: Password-validation, BOFH-style.

    switch(Math.floor(Math.random()*6)) {
      case 0:
        return InvalidCharError(password);
      case 1:
        return "Your password must be at least " + (password.length + 1) + " characters long.";
      case 2:
        return "Your password must be at most " + (password.length - 1) + " characters long.";
      case 3:
        return "FILENOTFOUND"
      case 4:
        return "Your password contains profanities.";
      default:
        delete_account();
        return "Your login name appears to be invalid.";
    }
    

    The best part about this is that as user tenacity increases, the probability of them keeping their account long enough to be a nuisance to you approaches zero.

  • RunningDog (unregistered) in reply to Jay
    Jay:
    Paul:
    x-sol:
    I can't make up my mind if this is evil or stupidity in action
    Just remember folks, you can be evil OR stupid. Nobody said anything about evil XOR stupid

    Maybe it's a good thing that so many people are stupid. Because if someone is both evil and stupid, this tends to make his evil relatively ineffective. Like, if Hitler had not been a brilliant speaker and politician, he would not have become the dictator who plunged the world into war and slaughtered millions of innocent people, but just that annoying guy at the bar who was constantly going on and on about the Jews.

    What, you mean like most Liberals these days?

  • Ben (unregistered)

    I'm going to go against the grain here and posit that it was just a case of good intentions gone bad.

    Remember that this is validation code for password change residing on the client-side. Ideally, to verify that the proposed password is indeed different from the password on the back-end, you would have to contact the back-end somehow. Short of doing that (perhaps for reasons of security or efficiency), the author of this code decided to just throw in random errors to pre-empt users who are inclined to just enter new passwords that are mostly the same as the old ones. The intention, I believe, was to get users to introduce a little more randomness into their passwords.

    But how does this explain

    var error = Math.floor(Math.random() * 1)

    I think this is just a typo where the guy meant "10" or "100" in place of "1", so that some fraction of users would encounter the random error.

    Don't get me wrong, I still think the scheme is hare-brained, but I don't think it was meant to be as malicious or unreasonable as some of you make it out to be.

  • A. Meiburg (unregistered)

    Fix'd?

    var error=1; //Doesn't throw errors!

  • (cs)

    The problem did exist between the keyboard and chair. What they got wrong was that it was between the programmer's keyboard and chair, not the user's.

  • Reow (unregistered)

    This is why some organisations (call them crazy) have QA/testing.

  • robinslot (unregistered)
    Comment held for moderation.
  • leon (unregistered)
    Comment held for moderation.
  • slot gacor (unregistered)
    Comment held for moderation.
  • slot gacor (unregistered)
    Comment held for moderation.
  • andiku (unregistered)
    Comment held for moderation.
  • robinhood (unregistered)

    Thanks for sharing this article. I am very happy to see it. If you like please visit my link, If you want to make real money. Thank You. https://cutt.ly/o37sLTg https://cutt.ly/2366xF7 https://cutt.ly/38ymCM0

  • robinslot (unregistered)
    Comment held for moderation.
  • robinhood (unregistered)

    I am inspired by this article. Hopefully in the future I can find other articles from you. Thank You. https://cutt.ly/j8E9X22 https://cutt.ly/s8Ru2MG https://cutt.ly/A8YAES6 https://cutt.ly/N8YAYzI

  • andiku (unregistered)
    Comment held for moderation.
  • setiaracun (unregistered)
    Comment held for moderation.
  • GARRY (unregistered)
    Comment held for moderation.
  • sofian (unregistered)
    Comment held for moderation.
  • leon (unregistered)

    hello my friend, I really enjoy reading the articles or blogs that you make. Can you help me with something like that because I also really want to make articles or blogs like you. Thank You https://www.waysnet.org https://heylink.me/slotdeposit30jadi60/ https://allufa.ru/online/situs-slot-dana-mudah-menang-2023/ https://allufa.ru/captcha/login/slot-deposit-pulsa-5000/ http://ta.fst.unair.ac.id/biologi/public/halo/situs-judi-slot-terbaik-dan-terpercaya-no-1/

  • ppu-prof_Si (unregistered)

    Наша команда профессиональных мастеров готова предоставить вам передовые методы, которые не только подарят долговечную покров от прохлады, но и преподнесут вашему жилью элегантный вид. Мы деятельны с последовательными компонентами, обеспечивая постоянный продолжительность работы и отличные результаты. Утепление внешней обшивки –

Leave a comment on “The Password Reset Façade”

Log In or post as a guest

Replying to comment #:

« Return to Article