WTF Bites
-
@Tsaukpaetra I think I caused that with the emoji post.
-
@pie_flavor said in WTF Bites:
@Tsaukpaetra I think I caused that with the emoji post.
Oh, maybe. Processing all those transformations for the preview probably backlogged it so hard.
-
@HardwareGeek said in WTF Bites:
I'll email the URL to myself when I get to work, then I can buy it tonight without having to search again.
Update: Battery ordered. Not expensive enough to get free shipping, but that's ok; even with not-free shipping, it's as cheap or cheaper than most competitors.
-
-
@Tsaukpaetra said in WTF Bites:
all done by hand by one guy.
You're (probably) not wrong.
-
The hack? He typed the word "email" into the search box.
-
@Tsaukpaetra Got to admit, though, that is pretty cute. Also an error message nobody will find useful, but still cute.
-
@dkf In this case, not really. But I've been at a few places now that use Active Directory, and that had a rule for "New password cannot be similar to last 3-7 passwords". In that case, I'd wager they really need to store an at least reversible form of hash or encryption to read the old passwords.
-
Apparently the McDonald's queueing system does NOT give more priority to your order if you just order one, pre-made item.
So an Oreo shake to go can take 9 minutes. So much for fast food.
-
@HardwareGeek Google has repeatedly changed my country from Canada to Brazil without asking me. I don't understand it
-
AT&T UNLIMITED &MORE PLAN: … For content we can identify as video, wireless streaming speed will be slowed to a max of 1.5Mbps, Standard Definition quality (about 480p). Video speed is capped at this amount, regardless of network device is on (for example 4G LTE).
Hooray for VPNs…
-
Fuck off AT&T site, I have a phone and I don't give a shit about your TV shows
-
WTF of my day: It's not something I was subjected to personally but it makes for a fine WTF nonetheless.
One of the terminals at the airport in Munich was shutdown today for seven hours. The reason? A woman got into the secured area without being checked first.
It roughly went like this: The security checkpoint sent her back because she had some liquids in her carry bag which weren't inside a plastic bag. (Can someone explain to me what this magical mystery bag is supposed to achieve? I stumbled across that one myself and didnt get an explanation why my tooth paste absolutely needs a plastic bag around it?) It was then discovered that she had probably checked in said liquids with the rest of her baggage and went through a not-yet-ready security checkpoint.
The guards then somehow didn't raise an alarm for an hour or so.
Finally someone noticed this mishap and did raise the alarm. But they couldn't find her anymore and thus evacuated the terminal. This went on for seven hours after which they determined that the woman probably had already left the airport in her plane and most likely didn't even notice the panic she caused.
-
Can someone explain to me what this magical mystery bag is supposed to achieve?
It's what we call "security theater"
-
@Rhywden on the plus side, if she was a terrorist then they probably would have not been able to stop her
wait
-
@bb36e You gotta admit, Brazil was the superior movie.
-
@TimeBandit said in WTF Bites:
Can someone explain to me what this magical mystery bag is supposed to achieve?
It's what we call "security theater"
I thought as much but I'd really like to know the twisted rationale behind it. I mean, there must be some reason to ground that requirement in, however absurd it may be?
-
@Rhywden I'm making this up, but, the actual reason is to assure that the terrorist (you) can't disperse the liquid easily into their clothing (creating a dirty laundry bomb to shut down the baggage claim terminal).
-
@Rhywden It's to ensure that the sum of all those things don't exceed 1 liter. Now why your single pack of tooth paste needs to be in that: "procedures". Why you can have 2 200ml packages of liquid soap but not 1 400ml one, no one knows.
How they think a bottle of water is going to blow up the plane, but everyone bringing high powered lithium batteries is not a problem, no one knows either.
-
Can someone explain to me what this magical mystery bag is supposed to achieve? I stumbled across that one myself and didnt get an explanation why my tooth paste absolutely needs a plastic bag around it?
AFAIK, it's just to keep all the liquid/gel items together for easy inspection, and to limit the amount you can carry — it all has to fit in a single quart/liter-size bag.
-
Can someone explain to me what this magical mystery bag is supposed to achieve? I stumbled across that one myself and didnt get an explanation why my tooth paste absolutely needs a plastic bag around it?
To compensate bomb makers for the fact containers over 100cc are not allowed, 1 liter plastic bags are mandatory. The process be praised.
-
@PleegWat Damnit, I just realized that way, way less than 100cc of fuel would create a critical aerosol in a 1L bag and now I have to go turn myself in.
-
@PleegWat Damnit, I just realized that way, way less than 100cc of fuel would create a critical aerosol in a 1L bag and now I have to go turn myself in.
One drop of gas suffices to make such a volume go boom very loud. Experienced that for myself in a chemistry lecture.
Monday morning at 08:30 am. We were all wide awake afterwards.
-
Home from vacation. I open the front door and there is an electric disconnect notice saying we are $667 past due and our electric is shut off and has been since the day after we left for vacation. I log in from my phone and we are not past due and it only shows us owing $117 for a bill that was just sent. All our food in the refrigerators is spoiled.
The electric company has no customer service people available on weekends. I call the emergency number for lines down and the guy tells me that the emergency department is not allowed to do reconnects and reconnects are not done on weekends at all.
God-fuck-damnit. This is not the first time a utility company has fucked me over like this. I once had my water shut off when I was actually overpaid. They shut it off that time because somehow my home got flagged as a dormant property.
You can be sure there is some doozie of a
behind the scenes on this one.
-
@Polygeekery Fucking rounding.
-
@Polygeekery Sometimes I wish utility companies would be fined similarly to the way airlines are fined in the EU. Each day of outage? Automatic 500€ payment to the customer.
-
@Polygeekery said in WTF Bites:
You can be sure there is some doozie of a behind the scenes on this one.
Someone herpaderpd the excel sheet.
-
@Polygeekery Sometimes I wish utility companies would be fined similarly to the way airlines are fined in the EU. Each day of outage? Automatic 500€ payment to the customer.
Yeah, that would be nice. Those fuckers are going to compensate me for the food at the very least.
-
@Carnage Jim had the file lock but he went on vacation, so Steve overrode the locking, but then Betty's updates conflicted with Steve, but both were logged in as Steve, then when Jim came back, bang.
-
@Rhywden Airlines are fined for outage in the EU? This seems, hard to compute the harm of.
-
she had probably checked in said liquids with the rest of her baggage
Isn't checking in liquids allowed?
-
@Rhywden Airlines are fined for outage in the EU? This seems, hard to compute the harm of.
Well, "fine" in the way of: "Pay the customer these amounts of money unless there is a really good reason why you're not punctual or flying at all." Good reasons are: Hurricanes, volcanoes and the like.
They are usually still dragging their feet which is why there are now companies you can transfer your claim to - those companies ask some simple questions to determine if there was indeed a good reason or not and then immediately pay you 90% of the sum you would normally get. This claim transfer is permanent and irrevocable, by the way, so even if the company loses in court, they won't demand the money back.
They're so successful that airlines have either begun to clean up their act or, naturally, tried to slide in some contractual passages which forbid such claim transfers. The latter of which courts were not really enamoured with.
-
@Polygeekery said in WTF Bites:
I once had my water shut off when I was actually overpaid.
To clarify that one: I paid my bill for one month but this was back when you had to mail in a check. The next bill got sent before that payment was processed so I got billed for the current charges plus the last month. I did not pay much attention because water bills are so cheap so I paid the amount it showed as due.
So at this point I was paid up for a month in advance. I was overpaid. Then one night I get home from work and there is a notice that my water was shut off. I had been running machinery all day and was filthy and dusty. All I wanted was a shower. Since I was in my early 20's I thought maybe I had messed up and forgot to pay it. Plus I was just tired and filthy and wanted to shower and that was my single focus in life at the moment.
So I call the water company. The woman looks up my account and says, "Hmmmm, that's weird. You are actually overpaid by $37". Then I found out that for some reason my home had been flagged as dormant and that was why it was disconnected. Around 10:30 that night someone finally showed up to turn the water back on. If I had not been able to shower that night I would have been belligerent the next day.
That whole month was really weird. My water was disconnected for no reason, I was almost blown up by a 12" high pressure gas main, my house was broken in to and at the end of all of that I won a motor scooter that I didn't even know I had entered a contest to win.
-
How they think a bottle of water is going to blow up the plane, but everyone bringing high powered lithium batteries is not a problem, no one knows either.
This where the liquid limit stuff came from:
I assume the plastic bag thing is to make it easy to visually inspect all the liquids and not have lots of little bottles going everywhere.
-
regardless of network device is on
so if you go on WiFi and are viewing a video over HTTPS, it caps your video download "speed" to 480p?
-
This went on for seven hours after which they determined that the woman probably had already left the airport in her plane
Probably? This is the part of the story that baffles me the most. Do they not scan boarding passes there? How can they not do an easy lookup of where every passenger is at all times??
Hell, the one time I accidentally picked up someone else's wallet in the security checkpoint, the TSA reviewed the camera footage, figured out who I was and where I was going, and had U.S. Marshals waiting for me in the jet bridge when I reached my destination and hour and a half later. It was very impressive.
Seven hours?!
-
@boomzilla said in WTF Bites:
How they think a bottle of water is going to blow up the plane, but everyone bringing high powered lithium batteries is not a problem, no one knows either.
This where the liquid limit stuff came from:
I assume the plastic bag thing is to make it easy to visually inspect all the liquids and not have lots of little bottles going everywhere.
It's still rather silly. Water gel explosives are a thing after all.
-
@heterodox said in WTF Bites:
This went on for seven hours after which they determined that the woman probably had already left the airport in her plane
Probably? This is the part of the story that baffles me the most. Do they not scan boarding passes there? How can they not do an easy lookup of where every passenger is at all times??
One presumes they only had a description, not a name. The TSA guys doing the physical screenings don't look at your boarding pass.
-
@boomzilla said in WTF Bites:
One presumes they only had a description, not a name. The TSA guys doing the physical screenings don't look at your boarding pass.
In my example they only had a description as well. You do present your ID and boarding pass before our screening though, so you can link the two that way.
Either way there's no excuse, in my opinion.
-
When you guys hear about a Midwestern businessperson bombing a utility company just know that it is not because of a billing fuckup or spoiled food. It will be because I am getting back from vacation and about to spend two days at my mother-in-law's house.
-
@Polygeekery said in WTF Bites:
Those fuckers are going to compensate me for the food at the very least.
LOL. Good luck with that.
-
@anotherusername said in WTF Bites:
@Polygeekery said in WTF Bites:
Those fuckers are going to compensate me for the food at the very least.
LOL. Good luck with that.
Want to wager some money on that? ;)
-
In that case, I'd wager they really need to store an at least reversible form of hash or encryption to read the old passwords.
But that makes me antsy as heck, as reversible encryption means there's a massive vulnerability possible if the AD server gets compromised. It's totally not what you want in a critical security component! One-way hashes were specifically invented to make it impossible for that class of disaster to bite, and the current recommendation (bcrypt) is very strong indeed against almost all ways you might attack it.
Unless they're computing the hashes off all the similar strings at the time of setting the password. Which is probably security-OK, but would be so ridiculously computationally- and data-expensive for even a modest deployment I'm going to hurt my nose with the force of the facepalm induced by thinking of it…
This might explain why our AD admins at work are so incredibly reluctant to allow systems to use their service to authenticate users. But that just opens up a much bigger can of worms with how many layers of fuck up there really are. In the specific case I was thinking of, from a few years ago, our absolute requirement to allow the project to also have external users and services in the cloud and not to rely on HR for all original auth policy was what eventually stymied getting the connection working. (And because we couldn't get that LDAP connectivity working, we never managed to get any form of single sign on working; it was the only option that everything supported other than service-local password files. The project was a mess, but is still doing good science despite that.)
-
@dkf Really collidy but still very destructive hashing seems like it could work for this.
-
@dkf In this case, not really. But I've been at a few places now that use Active Directory, and that had a rule for "New password cannot be similar to last 3-7 passwords". In that case, I'd wager they really need to store an at least reversible form of hash or encryption to read the old passwords.
Unless they're computing the hashes off all the similar strings at the time of setting the password. Which is probably security-OK, but would be so ridiculously computationally- and data-expensive for even a modest deployment
They could be storing a hashed soundex / metaphone or similar. I'm not sure how well those sort of things go with numbers, but you could adapt them easily enough, and this would help stop sequences like
hunter2,hunter3,hunter4....@polygeekery said in WTF Bites:
I won a motor scooter that I didn't even know I had entered a contest to win.
You know, you shouldn't believe those sorts of emails.
ETA: hey, post 12345 in this topic. Nice.
-
@heterodox said in WTF Bites:
In my example they only had a description as well. You do present your ID and boarding pass before our screening though, so you can link the two that way.
I went through Munich (checks calendar) earlier this month. For domestic flights, they use an automated barrier that just scans the boarding pass and then you're funnelled straight into the security line. The check that your ID matches your boarding pass is right at the gate. (There's another check if you're checking luggage and so on, but lots of people don't and just use boarding passes on their phone.) This was definitely security screwing the pooch; evacuating a terminal is a definite Bad Outcome in the eyes of both airport management and the staff onsite (to say nothing of the passengers).
On the plus side, they're in Germany and not the USA, so they're not government employees and are quite fireable for major screwups.
-
@Scarlet_Manuka -1 does not refer to Schenectady, though.@Polygeekery for instance. . . . . . . . . . . . . . . . . . . https://www.zip-codes.com/zip-code/12345/zip-code-12345.asp">
-
@Scarlet_Manuka said in WTF Bites:
They could be storing a hashed soundex / metaphone or similar. I'm not sure how well those sort of things go with numbers, but you could adapt them easily enough, and this would help stop sequences like hunter2, hunter3, hunter4....
The problem isn't that. There's a whole bunch of different similarity metrics. The problem is that they need to be able to see the current password in the clear on the server to say “this password is too similar to it”. Even if there was something that prevented that, it'd still give an attacker a strong hint whether they're close to a password for a user, greatly cutting the search effort. With proper one-way crypto-hashing, you have no such metric at all; two passwords that are one bit different (about as small a difference as it is possible to have) end up with enormously different hashes.
Yes, there has been research into encryption that lets you do similarity checks without decrypting. They're really not very safe, precisely because approximate equality tests are exactly what you shouldn't have for passwords!
-
@Scarlet_Manuka said in WTF Bites:
They could be storing a hashed soundex / metaphone or similar. I'm not sure how well those sort of things go with numbers, but you could adapt them easily enough, and this would help stop sequences like hunter2, hunter3, hunter4....
The problem isn't that. There's a whole bunch of different similarity metrics. The problem is that they need to be able to see the current password in the clear on the server to say “this password is too similar to it”. Even if there was something that prevented that, it'd still give an attacker a strong hint whether they're close to a password for a user, greatly cutting the search effort. With proper one-way crypto-hashing, you have no such metric at all; two passwords that are one bit different (about as small a difference as it is possible to have) end up with enormously different hashes.
Yes, there has been research into encryption that lets you do similarity checks without decrypting. They're really not very safe, precisely because approximate equality tests are exactly what you shouldn't have for passwords!
The soundex of
hunter2isH536. The metaphone isHNTR. You could hash those with a strong algorithm and find similar passwords.
-
@ben_lubar It seems like the objection is that the client would need to send something that reduces the search space immensely.
2006 transatlantic aircraft plot - Wikipedia
