|
grancheater posted:I thought the entire second column of seconds was the second seconds, but now I understand they're just the second second's second seconds.
|
# ? Jun 5, 2019 21:19 |
|
|
# ? Apr 28, 2024 03:39 |
|
grancheater posted:I thought the entire second column of seconds was the second seconds, but now I understand they're just the second second's second seconds. How sloppy.
|
# ? Jun 5, 2019 23:02 |
|
grancheater posted:I thought the entire second column of seconds was the second seconds, but now I understand they're just the second second's second seconds. Seconding this.
|
# ? Jun 5, 2019 23:42 |
|
|
# ? Jun 8, 2019 04:51 |
|
Which one is the pedophile?
|
# ? Jun 8, 2019 08:38 |
|
Platystemon posted:Which one is the pedophile? front and center
|
# ? Jun 8, 2019 08:57 |
|
See normally scaling images to represent data points leads to a confusion between length and area which can be misleading, but they've helpfully counteracted that by making it a log scale and making some of the alligators fatter for no apparent reason so nobody knows what the gently caress is going on at all
|
# ? Jun 8, 2019 09:19 |
|
Edgar Allen Ho posted:
|
# ? Jun 8, 2019 09:31 |
|
Crimpolioni posted:People reuse their passwords / do minor variations so once you have one account you can gain other stuff like emails or w/e Jokes on them, even I don't know my SA password.
|
# ? Jun 8, 2019 10:14 |
|
Furia posted:I use a password manager and it annoys me when a website’s all like “oh no your password’s too long plz make it 15 characters at most” Whenever a site does this (or "your password has punctuation in it, please stop") I assume that they're storing the password in cleartext (and most of the time I'm proven right as soon as I ask for a password reset). Probably in an unauthenticated MySQL database connected directly to the internet, too.
|
# ? Jun 9, 2019 04:19 |
|
ToxicFrog posted:Whenever a site does this (or "your password has punctuation in it, please stop") I assume that they're storing the password in cleartext (and most of the time I'm proven right as soon as I ask for a password reset). Out of interest. How do you know that they're storing it in cleartext after a reset? Sounds like something that would be handy to know.
|
# ? Jun 9, 2019 08:11 |
|
Roblo posted:Out of interest. How do you know that they're storing it in cleartext after a reset? Sounds like something that would be handy to know. You're sure when they just e-mail you your old password.
|
# ? Jun 9, 2019 09:17 |
|
Roblo posted:Out of interest. How do you know that they're storing it in cleartext after a reset? Sounds like something that would be handy to know. Another indicator is when you create a new password and you're told that it is too similar to an old password. Complaining that it is identical is okay, but it shouldn't be able to figure out that it's one character off from a previous one.
|
# ? Jun 9, 2019 13:02 |
|
Definitely seen that before. Do you all raise a big stink when you see that, because the place is potentially leaking people's shared passwords to other services and being a source of ID theft? How do you get attention of the right people
|
# ? Jun 9, 2019 18:48 |
|
Dumb Lowtax posted:Definitely seen that before. Do you all raise a big stink when you see that, because the place is potentially leaking people's shared passwords to other services and being a source of ID theft? How do you get attention of the right people Report them to plaintext offenders. Other than that just avoid using places like that and obviously don’t use a password you use anywhere else.
|
# ? Jun 9, 2019 19:22 |
|
If it's a service I care about, I let them know. Most of the time I don't care, because I give them a unique e-mail address and a password not used elsewhere. You can in principle detect too similar passwords without storing them in cleartext, but that's not what those sites are doing (just store multiple hashes, one for each character of the password, of the password minus that character, for example).
|
# ? Jun 9, 2019 19:28 |
|
klafbang posted:just store multiple hashes, one for each character of the password What could possibly go wrong?
|
# ? Jun 9, 2019 19:54 |
|
If you ever get a warning that your password is too complex, i.e., preventing you from using a password longer than 12 characters or some other limit, don't be afraid to send it to @PWTooStrong My company got tagged a while back for one of our public facing applications and it was an embarrassment that got corrected.
|
# ? Jun 9, 2019 20:46 |
|
Facebook at hashes 4 versions of your password, varying the leading caps and capslock
|
# ? Jun 9, 2019 21:19 |
|
Powered Descent posted:What could possibly go wrong? Nothing, it will be both secure and functional, but the explanation was probably not that clear. Suppose my password is "cat". We store one hash, H, for "cat" and use that for logging in. We store three additional hashes, one for each of the letters, but for the part of the password without that letter. I.e., we store hash h1 for "at", one h2 for "ct", and one h3 for "ca". These are not used for login. Now, if I change my password to hat, we check it against H to see if I've changed it. That's ok. Then we check the new password minus each character against h1-h3 to see if it is too similar. Removing h we get "at" which collides with h1. For a we get "ht" and for t we get "ha", both of which are fine. We can report there's a collision. If I can only change my password once I've authenticated, this is no less secure for somebody without access to the hashes. If I have access to hashes, I can crack a one letter shorter password and fill in the missing character. Even if the password is random, this is simpler because as soon as I have a match, I just try filling in the missing character (instead of O(c^n) I get O(c^(n-1) + n*c) = O(c^(n-1))), so I'd need to increase the minimum length by one. You can argue that I can derive the length of the password from the number of hashes (effectively cutting off another character), but that can be mitigated by concatenating the username and password before hashing and storing all hashes in a single bucket without reference to username. This will catch changing Company2018 to Company2019, but of course not Company2019 to Company2020 or Summer2019 to Fall2019. klafbang has a new favorite as of 15:12 on Jun 10, 2019 |
# ? Jun 9, 2019 21:46 |
|
klafbang posted:Nothing, it will be both secure and functional, but the explanation was probably not that clear. Okay then, that's much better than what I was envisioning, which was storing a bunch of individual one-character hashes: PasswordCharHash[0] = md5sum("c") == 4a8a08f09d37b73795649038408b5f33 PasswordCharHash[1] = md5sum("a") == 0cc175b9c0f1b6a831c399e269772661 PasswordCharHash[2] = md5sum("t") == e358efa489f58062f10dd7316b65649e Which is clearly bonkers. Note: MD5 is used here for brevity but don't use MD5 for any actual thing anymore, ever.
|
# ? Jun 10, 2019 00:39 |
|
Powered Descent posted:Okay then, that's much better than what I was envisioning, which was storing a bunch of individual one-character hashes: I also imagined this, which seemed totally nuts... but also perhaps with subtraction, like also saving PasswordCharHash[3] = md5sum("cat") - md5sum("c") == something literally nonsensical. Not enough sleep last night.
|
# ? Jun 10, 2019 13:01 |
|
Powered Descent posted:Okay then, that's much better than what I was envisioning, which was storing a bunch of individual one-character hashes: Yeah that's what I thought too but it was clearly so stupid I assumed I was wrong. And I was right! But given that people still store plaintext passwords I figured there may be a nonzero chance I was not mistaken.
|
# ? Jun 10, 2019 14:38 |
|
Remember when microsoft announced that they were truncating everyone's skype password to 16 chatactrrs?
|
# ? Jun 10, 2019 17:02 |
|
Tunicate posted:Remember when microsoft announced that they were truncating everyone's skype password to 16 chatactrrs? Hey, at least they announced it. My brief experience with Games For Windows Live featured the discovery that the website lets you put in basically whatever you want when creating an account, but the in-game client silently truncates the password you enter, with no visual indication that this has happened. Roblo posted:Out of interest. How do you know that they're storing it in cleartext after a reset? Sounds like something that would be handy to know. Usually it's because I click "forgot password" and they email me my old password.
|
# ? Jun 10, 2019 18:27 |
|
ToxicFrog posted:Hey, at least they announced it. So did Microsoft accounts. It's amazingly dumb.
|
# ? Jun 10, 2019 19:04 |
|
I had a password for a retail website that had an underscore in it. On day the system choked on my password, wouldn’t even process a reset. I e-mailed customer service and they very helpfully excised the underscore while leaving the rest of the password intact.
|
# ? Jun 10, 2019 19:59 |
|
now THAT'S customer service!
|
# ? Jun 10, 2019 20:21 |
|
I looked up the e‐mail chain. It’s worse than I remembered. The reason I couldn’t reset the password was because they didn’t have a reset option. They had a “send password to e‐mail” option. webmaster@unnamedretailer.com posted:Dear Valued Customer, webmaster@unnamedretailer.com posted:Dear Valued Customer, This was in December of 2009.
|
# ? Jun 10, 2019 20:52 |
|
Platystemon posted:I looked up the e‐mail chain. sorry for your confusion
|
# ? Jun 10, 2019 23:15 |
|
https://twitter.com/YouGov/status/1138714075817549824
|
# ? Jun 12, 2019 17:01 |
|
Famed British dish Chicken Tikka Masala. That is... brazen.
|
# ? Jun 12, 2019 17:58 |
|
Chitin posted:Famed British dish Chicken Tikka Masala. It was invented in Britain and is our national dish tyvm
|
# ? Jun 12, 2019 18:02 |
|
What kind of incredibly hosed-up dataset generated that chart
|
# ? Jun 12, 2019 18:18 |
|
https://www.youtube.com/watch?v=1rR-wqxRjIg
|
# ? Jun 12, 2019 18:19 |
|
ToxicFrog posted:What kind of incredibly hosed-up dataset generated that chart Yougov is an online polling firm. Those results aren't any crazier than their regular political polling, honestly.
|
# ? Jun 12, 2019 18:25 |
|
Chitin posted:Famed British dish Chicken Tikka Masala. It's not 100% certain, looking online, but it's pretty likely it was invented in England by Indian immigrants tailoring their curries to British tastes. So yes it belongs on that list.
|
# ? Jun 12, 2019 18:34 |
|
Once I made vegetarian scotch eggs with some fake meat sausage for my vegetarian girlfriend and she still talks about that. I'll have to do that again. Mind you, I also found a place in town that does poutine with vegetarian gravy and that was apparently a transcendent experience for her, too. Anyway that poll is garbage.
|
# ? Jun 12, 2019 18:39 |
|
Yorkshire pud is god tier, bangers and mash are top tier, but toad in the hole, which is literally Yorkshire pudding with embedded sausages is mid tier?
|
# ? Jun 12, 2019 18:55 |
|
|
# ? Apr 28, 2024 03:39 |
|
Tsaedje posted:Yorkshire pud is god tier, bangers and mash are top tier, but toad in the hole, which is literally Yorkshire pudding with embedded sausages is mid tier? I dunno I tend to feel you get too much hole and not enough toad. Yorkshire's are about right. And you can fill em up with gravy.
|
# ? Jun 12, 2019 18:59 |