- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Hooray for dialogue!!
Admin
If the password is stored as a hash then no matter how many characters they enter for a password it still ends up being about 20 characters or so for the hash. So having a length less than what a string variable can hold is really a security reducing decision these days.
Having a max length implies that they are either a) storing the password in plain text or b) storing it using 2 way encryption, meaning that hackers just need to decrypt one password in the stolen database to get them all.
Admin
"password too long" means they are probably storing it in plaintext and that you shouldn't use a good one anyway.
Admin
Admin
By the way, I find it remarkable that capitalists on the one hand often promote advertising in many forms (like you do here), while on the other hand their whole theory is based on the idea of perfectly rational consumers. When advertising's puspose is to sway customers's opinions, i.e. to make them make less rational choices, how do you reconciliate this discrepancy?
FTFY. Sure, water and chalk was a silly example, but many dangers are not readily apparent and much too expensive to test for each customer by themselves.Sure, you're gonna say, they'll find (or create) a privately run testing company that will test their food. But of course, this company is never susceptible to corruption because it's not the government, right?
BTW, contrary to what you may think, I don't support everything the government does. I strongly dislike artificial monopolies - and this includes patents.Admin
Admin
(FWIW, as far as I understood the OS just wanted to get rid of politics at all and return to this site's usual content like "TRWTF is $LANGUAGE" and "Fixed the WTF code: $EVEN_MORE_BROKEN_EXAMPLE". And trolls, of course.)
Admin
Admin
Sadly, this only works if there is actually at least one place that does provide a decent product. (Right now, for instance, I have my choice of ISPs: either Verizon, which doesn't always work, doesn't care about you as a customer and wishes you would screw off already but keep paying them, and Charter, which costs a little more, but otherwise is basically the same. You want an ISP that cares if you're having a problem? Too bad, those don't exist anymore, Verizon and Charter pushed them all out.)
The "your password is too long" thing is totally a wtf, but a much larger one than just that one site being dumb. I've seen loads of sites with arbitrary length restrictions on passwords, it always bugs the crap out of me. Why do people do that? It's pretty common.
Admin
Any army that tried to occupy the US, to include the US Army, would lose decisively. And yes, it would be the gun nuts hiding in the woods picking off soldiers a few at a time, classic, bloody asymmetric warfare by attrition, that would do it. It took us ten years and thousands of casualties to bring Iraq and Afghanistan to an unclear resolution, and those assholes can hardly shoot straight.
And it's not like being meaner would have made any difference, as the Soviets were utterly ruthless against Afghanistan and were routed even more decisively. We have only been successful in counter insurgency because we finally figured out how to get the local population on our side. So, no, the gun folks are absolutely right, and it appears you simply haven't been paying attention to the news for the past ten years.
Admin
You don't want to overload the password field with a buffer overrun, do you?
Admin
Admin
But economics isn't about a system that works. There is no such thing!
Economics is the science of scarcity, that is, it observes how we allocate resources when there are not enough resources to meet demands. And there never are, that's a given.
The market isn't failing because you can't find a product that you want at the price you want. There is no system that can guarantee that you always will. What a market tends to do is to restructure itself in such a way that shortages are minimized and growth is maximized, but that takes time and pain.
The problem with demanding that the government come in and fix things is that the political system has little if any information as to what is important and what is really broken. People always think that corporations are buying off senators and whatnot, but in fact most corporate handouts and other perverse incentives are wildly popular because people simply have no clue what they're voting for.
Admin
Seriously though, while 20 characters should be enough for 99.9% of the users, it still is a rather small limit. Why can't I use, say, 'It was the best Of times, it was the Worst of times' as my password? Even 'correct horse battery staple' is 39 characters long.
But most importantly, like people have mentioned already, the most probable cause of them imposing a hard limit on password length is they're doing it wrong.
Admin
http://www.nytimes.com/2012/02/04/business/at-102-his-tax-rate-takes-the-cake-common-sense.html?pagewanted=all&_r=0
That's just when the government obeys its laws. When the government violates its laws, things get worse.
Admin
Admin
The USB Seagate drive is probably counterfeit. Look at the serial number for one thing. The case might or might not contain a hard drive. The hard drive or other (e.g. flash memory) contained inside the case can be whatever size the counterfeiter had handy at the moment. The USB bridge chip was programmed to report whatever size the counterfeiter wanted it to report.
I temporarily had a Western Digital drive and temporarily thought it was real. It was an actual hard drive, not a USB case with unknown contents. It came in a sealed plastic antistatic envelope, passed Smart testing, it reported the same serial number as printed on the label, I could write its full capacity and read it back, and it worked perfectly. But then I noticed hints that it was counterfeit. Western Digital confirmed that it was counterfeit. The seller agreed to a refund, though it took a while. After I knew what to look for, I recognized a few eBay auctions as being counterfeits too.
Admin
Protip for person who provided the Time Machine error:
When you photoshop dialog boxes, make sure you keep the digit grouping correct. In this case, it should be "2,158,391 items", not "21,58,391 items".
Seriously, NO ONE at TDWTF caught that?
Admin
When I got internet access to my bank, I set a nine-character password. But the login prompt only accepts eight characters. I can change my password by logging in, which of course I can not do. I gave up. Years later I got a new account. That computer has a user who has never logged in. I wish to $#@! that they had told me my password was too long.
Admin
When you think you found something mentionable, at least read a few other comments to find that dozens of others have done the same before.
Seriously, NO ONE at TDWTF ever had this brillant idea?
Admin
If I wanted to read ill-thought out right-wing brain farts I'd go ALMOST ANYWHERE ELSE ON THE INTERNET.
Shut it. Idiots.
Admin
Communism and fascism are at the opposite ends of the circle.
"Fascism is man's exploitation by man. Communism is the opposite".
Admin
In fact Fascism is a form of Government where politicians collude with businessmen , and Communism is a form of Government where politicians collude with the bureaucrats. In both cases they collude in ripping off ordinary people.
Admin
Such as a petrol station selling a galleon of petrol as .99 galleons?
Admin
...also in german...
Admin
...also in german...
Admin
20 characters isn't really a lot. As an iPad user, where mixing letters, digits, upper and lowercase is painful, I like passwords made of three or four words that each on its own would be unsafe, but the combination is quite safe. And quite long.
Admin
Admin
... so the real WTF is trying to buy Mike Oldfield tracks off the internet? Jeez, how sad ...
OTOH TRTRWTF is recognising from the two visible tracks that these are Mike Oldfield tracks that are being displayed on the screen.
Admin
Indeed. In fact number separators used in India are exactly like this, and a quick googling reveals Vatsan appears to be an Indian name. But as we know many of our readers shoot from the hip without checking the facts first
Admin
I was adding another case to the milk case
Admin
Left-wingers can do this, too. I, as a pro-gun leftist, learned this over the past week or so.
Admin
You are so not Pi Patel.
Admin
Admin
That's a nice round size!
Admin
"Unused Plural Form" sounds like something Zippy the Pinhead would say.
Admin
For the love of Gord, don't even think about writing code that comes anywhere near handling a password until you've read the Scrypt paper and understand it fully. You are the problem.
Please report all of your previous employers to Plain Text Offenders.
Admin
in german too :-)
Admin
I've used a system that didn't complain about the length of the password, but the hashing function only looked at the first eight characters, so it really should have complained so as to avoid giving users a false sense of security.
Admin
Admin
"In real life, if I buy a gallon of milk from Bob's Grocery Store I will presumably discover the first time I try to drink it that it is, in fact, chalk and water. And then -- and here's the beauty of capitalism -- I don't buy from that grocery store any more."
Fine as far as it goes.
"The Food & Drug Administration delays life-saving drugs from reaching the market, and increases the cost of those that do."
Even if you are a pharmacologist, there might be some problem with testing medication on your own like you do with milk.
http://en.wikipedia.org/wiki/Frances_Oldham_Kelsey
"presumably with my doctor's advice"
Which you get for free by an absolutely desinterested doctor, because if the advice turns out to be bad, you won't visit the doctor those advice killed you again. That'll show him.
"Bureaucrats in Washington"
The one thing I don't get, is: why do all these enterprisey people not simple team up on one spot on earth so that they get absolute majority there and take over a state on their own which they can run according to their hearts desire with all Bureaucrats being eliminated. This should spare them all the time and effort spent to try to convince those pesky communists. This state will be an enormous success story, so all the world will follow it's example in no time at all. Problem solved 4e4.
Admin
So it does in German. Those languages all come from the same roots at some point.
Admin
There is still reason to impose a limit. Not something ridiculously low like 20 characters but low enough that you can't DOS the server hashing it. 4k seems reasonable to me, 32k if you want to be sure.