- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
What he should have done, was try to formulate the problem they were trying to solve with this weird feature and find an appropriate solution, instead of just saying it's impossible. Suggesting an alternative solution that has the desired effect would have helped his credibility a lot more than a simple denial.
The problem was not authentication using ip, but easy and secure access to the system without having to login. If he had looked around, he would indeed have found the answer in certificates and other solutions.
Admin
No, no, no. You have it all wrong.
First, install a slot-feed scanner and write a small glue app to insert keystroke messages to the foreground application. Then pipe the output of the scanner to the OCR app to the glue app. Print out the credentials on a piece of paper. Ever time the user needs to log in, just have her scan the sheet.
Simple!
Admin
The only comment I have when things like this come up is:
Was she hot?
--Jim
Admin
Especially nude female baristas. Maybe one will accept a single sign-on?
Admin
If the hot data entry chick ain't happy ain't nobody happy.
Admin
The company can advertise this new feature and charge extra for it, emphasizing just how amazing and useful it is and how none of their competitors have it.
Admin
All she really needed was a barcode scanner and a couple of new tatoos.
Admin
Don't forget the public telephone cleaners...
Admin
I wonder how many more will?
Admin
I call bullsh*t. In all this work nobody did a capacity planning?
Admin
What about a USB authentication card or something? They make those right? USB drive has a certificate on it, and when they need to "login" they stick the USB drive in the slot and the program reads the data and off they go. Doesn't tie the person in to a single computer or IP either.
Admin
FMD I thought you were looking over my shoulder, and shut down my facebook screen!
Admin
No. Reread the article:
So using a password manager (KeePass, RoboForm, whichever) should be an acceptable solution, simply because it doesn't increase the number of logins. If that user has only one login to remember, then you're replacing one login with one login. If they have more than one, then you're REDUCING the number of logins, even with adding this new system into the mix.
Either the problem user is absolutely brilliant (4+ standard deviations above average performance) or knows who on the hospital board has been siphoning money or using empty wards to shoot porn. Getting rid of them for a more flexible user would be the cheapest solution. Getting a site license for RoboForm Pro (disclaimer: happy customer, not associated with the company) would be similarly cheaper and easier than this WTF.
Admin
Admin
Admin
This is why I insist on interviewing an actual user of the proposed system/feature before starting anything. Taking specs from the salesgimp is a surefire way to deliver something no-one wants
Admin
This is a typical the case of inaccurate user requirements gathering.
Admin
Typical - to require solid security without passwords. VPNs and all the PKI/encryption stuff: hackable. Having to remember a password: unthinkable. I'm not sure how much the client actually knew about security.
I don't mind that it was only one user that wanted it, but only as long as they got to charge the company $30k+ for the feature. Hope it was worth it...
Admin
in which case you use arpspoof, and you're quite usefully any IP on the local (broadcast) network that you'd like to be. Or in between any two. Or you're the router, as far as the other machines on the network know. Granted this is limited to the local side, but that seems to be one of the areas this half assed scheme is supposed to be addressing.
Admin
I dont think anyone has mentioned that there is plenty of SingleSignOn solutions around.
Windows ADFS is part of the OS and is totally seamless when setup correctly. That's what I use.
Admin
What if someone access that computer via Remote Desktop, VNC, etc. This passed HIPPA compliance certification????
Admin
Admin
Or it means "This will is not possible except with an inelegant, long winded method that will do what other easier methods do, but badly"
Admin
I just looked it up and the IP address of 10.1.23.97 is none other than Paula Bean!
Admin
Funniest, best-written piece I've read on this site. I felt some visceral anger in sympathy with the narrator as I read the final lines. All too typical of the excess wrought in the name of HIPA and SarBox.
Admin
Why, are we ionized?
Admin
No, you re-read what I wrote, and then re-read the article (especially the part about not wanting to have to remember a password even temporarily. Somebody's got to put the password in their somewhere.
Also, fix your sarcasm detector before you post. Perhaps you forgot the password?
Admin
(assumes over https, which for HIPAA stuff should be a given)
Admin
Admin
Admin
These exactly! The whole way it was done is a little weird but considering that data it protects this huge wtf HIPPA issue.
I work for a large EMR company and this couldn't get through a design review session for that issue alone. The user must authenticate on their own, not some damn computer.
captcha: damnum
Admin
To top it off, the language of choice at that shop was VB. Nuff' said.
Could be any. I'm still not sure because the only tachometers I know of log information by some sort of mechanical action, and they don't log things like brake press, oil pressure or external sensors. Just speed and RPM.Admin
Alex, I used to have a TDWTF user, but I don't want to enter my login and password to be able to edit my comments. I also don't want to type captchas anymore. Can you change the way TheDailyWTF authenticates me?
And don't even suggest me to use cookies. They're just too insecure, untrendy and high-fat.
Admin
When you reply on private IP to logon, if someone manually set the IP when the main user's computer is off, that person can logon the server.
That said, the ticket server should probably move in the user's room and have a direct physical connection to the user's machine. The said ticket server should only listen on the "LAN" interface.
Admin
Admin
Admin
Admin
Bbot, here's what you do: next time include a random link to xkcd...http://xkcd.com/482/, f'rinstance.
If the story includes code, then write a marginally clever snippet in the style of the story that prints "frist".
For bonus points include "brillant" somewhere in your text.
All the Bozo's on this bus will then accept you as one of their own.
Admin
Admin
I have been reading this site for a while, and this has truly been, one of the biggest WTF's I have seen.
Admin
Yep except at my company we drop in a note to the supervisor when the sales rep sells something we don't do. We uphold our support scope for the customers. If they ask why we respond with "legal".
Admin
Admin
When did this story happened? Because if it is any time recently, I must express my fear that in few years this will become standard....
Admin
Admin
The only SaaS with a USB dongle
Admin
Stickle Bricks. Rigid construction with just that slight amount of flexibility.
Admin
Some things are truly impossible. I have a friend who was once asked to write a program to verify that given pieces of code would halt.
Admin
Admin
Whats funny, is that some old main frame security schemes are based solely on terminal ID.
Admin
That story reminds me painfully of a project we're working right now, of financial nature. A large part of the implementation is loading (migrating, in theory) various types of deals from the customer's existing system into our new shiny one.
So, hacking and polishing like mad, complying with their fantasies (scope creep, anyone?), 3 months into the project, we get to know that, actually, currently they have just 1 (ONE) deal in their old system. One.
PS. No, it's not like we hadn't ask for examples of their data before: they had refused to give them to us, so we "make a general solution, not having any preconceptions about the nature of data".