WTF Bites
-
So, yesterday uPlay (Ubisoft's "hey, we have a digital distribution platform too!" thing) updated. Today, it started whining about my password. But... Why? I didn't change or anything!
Ok, reset password... Screw it, I'll just paste the old one in, see what happens. Nope "There is a problem with the password you entered." Okay... Well, there's a link to show password rules (in a popup, of course, what did you expect?)
What are the password rules? - Passwords should be original. - For security reasons, passwords should not use anything that might easily connect them to you. - Passwords must be 8 to 16 characters long. - Unicode characters (such as δ, Љ, ۳) are not supported. - Passwords may only contain letters A-Z and a-z; and numerals 0-9. - Passwords are case sensitive. - The username cannot appear in the password. - Passwords must contain at least one letter.Some sensible, some not but... what?
OH!
Passwords must be 8 to 16 characters long.Old one was 20 characters. So they made passwords SHORTER.
I can't even facepalm, I'm too jaded.
-
I can't even facepalm, I'm too jaded.
Then allow Amy Rose to do so on your behalf:
-
- Passwords may only contain letters A-Z and a-z; and numerals 0-9.
I'm still stuck on this one...
-
@Onyx At least they actually told you the rules. Some dimwits over here responsible for our great SharePoint installation thought it nifty to simply reject passwords and not tell you why.
Their reasoning: It improves security.
They're also believers in the magic of the "make them change their password every 90 days" rule which (demonstrably!) makes matters worse.
-
- Passwords may only contain letters A-Z and a-z; and numerals 0-9.
So basically what they're saying is that you could encode the most secure password allowed in their system as base64 and it would use more distinct characters.
-
@Onyx does it work if you enter the first 16 of your current password?
-
@fwd If it does, that's terrifying as they have to be effectively keeping the password in plaintext to make it work (technically it could be kept encrypted at rest, but that would need to be reversible and so much more vulnerable to attack by a compromised system). Please may that not work…
-
@fwd If it does, that's terrifying as they have to be effectively keeping the password in plaintext to make it work (technically it could be kept encrypted at rest, but that would need to be reversible and so much more vulnerable to attack by a compromised system). Please may that not work…
What if they always had the 16 character maximum but they just didn't enforce it client side before?
-
Passwords should be original.
- Passwords must be fabulous
- Passwords gotta have flare, and style, and pizzaz
- Your password should have a hip, fresh look that's trendsetting
- etc
-
@Lorne-Kates passwords must be lit
-
-
@Lorne-Kates said in WTF Bites:
Passwords should be original.
- Passwords must be fabulous
- Passwords gotta have flare, and style, and pizzaz
- Your password should have a hip, fresh look that's trendsetting
- etc
Or better yet:
- Passwords must be dynamic
Now you just need to add another password management system in between and everything will be great.
-
- Passwords may only contain letters A-Z and a-z; and numerals 0-9.
I'm still stuck on this one...
Do you know who also has this rule? Github (or at least they did when I signed it; I didn't check whether they relaxed it since).
-
@Onyx does it work if you enter the first 16 of your current password?
Unfortunately, I didn't think of that before changing it.
-
Today in Firefox.
On launch:
To save your eyes, and because apparently NodeBB decided to resize my screenshot
, the URL is: https://www.mozilla.org/en-US/firefox/50.0.1/whatsnew/?oldversion=50.0After a refresh it didn't get any better:
At least session restore worked correctly and I got all my tabs and windows back.
Edit: I should point out that Firefox did not update today, but two days ago.
-
To save your eyes, and because apparently NodeBB decided to resize my screenshot
Oh I see. It used to be that the post contained the original image resized to fit the post. So I was used to right-clicking and selecting "View Image" to see the original. But now there's a thumbnail, so I have to follow the link instead.
-
Sitebuilder. And Word:
- I have a word document open via sitebuilder, in Chrome.
- I suspect the cross-references are not up-to-date, so I click the "Open In Word" to download it and update them myself. Except it tells me I need a Word version and browser that support this. The help seems to point to a generic help start rather than page describing the requirements.
- I don't see any Save button to do it manually either.
- So I make a wild guess that Internet Explo
drer might be supported. Nope, IE does not display the document at all. - So I choose print, change the printer from the brain-damaged “send to OneNote” default to “PDF” and print; that is the one operation where Word updates the references automatically, so it should work. And the values are indeed different from the web view.
Point? Well, apparently the reference was never linked to the right section in the first place anyway.
-
They're also believers in the magic of the "make them change their password every 90 days" rule which (demonstrably!) makes matters worse.
My work recently relaxed this to 90 days from 30.
Every VM I work in that has local accounts, and every system I generate a username and password for, has a KeePass generated password. The others use my domain account, which is the far less secure "base password plus a suffix that changes every 90 days" method.
If there was no expiry, I'd probably have generated and memorised something but it's not worth it when I'd need to do it every three months
-
I mainly watch two things on Youtube - Jim Sterling and Cinema Sins. Very occasionally some Unity tutorial or some music. So my recommended list is predictably boring.
Youtube has recently decided to spice it up by offering me hardcore Korean porn.
-
They're using
to censor the video? That's amazing.
-
They're also believers in the magic of the "make them change their password every 90 days" rule which (demonstrably!) makes matters worse.
My work recently relaxed this to 90 days from 30.
Every VM I work in that has local accounts, and every system I generate a username and password for, has a KeePass generated password. The others use my domain account, which is the far less secure "base password plus a suffix that changes every 90 days" method.
If there was no expiry, I'd probably have generated and memorised something but it's not worth it when I'd need to do it every three months
Our password policy is every 6 months. I login to my Windows machine with my MS account. They recommend we change that password too. Nahnahnah! Can't make me! (except with threats) This is one advantage to working in an apple shop - no MS domain controller.
-
@coldandtired Youtube does porn?
-
They're also believers in the magic of the "make them change their password every 90 days" rule which (demonstrably!) makes matters worse.
At one time, the company that was contracted out to handle our electronic payslips required a change of password every 2 or 3 months (don't remember exactly). Given that we also got paper payslips, I didn't go to the site more often than that, so I had to change my password every single time I logged in.
Obviously, the password was written down somewhere, there is no way I was going to remember a new password that I would use only once in 3 months' time before having to change it again...
-
Our password policy is every 6 months.
Our password policy is every 12 months. So, once a year, I go two office from me and ask the Domain admin to put the same password I already have, effectively resetting the elapsed time since the password was changed
-
@coldandtired Youtube does porn?
Must've slipped through the cracks (
). It's not like they have an automated algorithm that can classify such material based on visual similarity to pre-existing clips. And even if they did, it would result in so many false positives that they would never use it in fear that it would render their service unusable.
-
@Maciejasjmj said in WTF Bites:
And even if they did, it would result in so many false positives that they would never use it in fear that it would render their service unusable.
Doesn't stop them from using ContentID.
-
@Maciejasjmj said in WTF Bites:
And even if they did, it would result in so many false positives that they would never use it in fear that it would render their service unusable.
Doesn't stop them from using ContentID.
Do I need to pull that Joker image macro out again?
-
@coldandtired said in WTF Bites:
I mainly watch two things on Youtube - Jim Sterling and Cinema Sins. Very occasionally some Unity tutorial or some music. So my recommended list is predictably boring.
Youtube has recently decided to spice it up by offering me hardcore Korean porn.
It's a rather boring movie, if I do say so myself...
Then again, it's possible my enjoyment may increase of I knew what they were saying...
Filed under: What does "eh! Eh! Urt" mean in English?
-
TIL: @Tsaukpaetra watch hardcore porn movies for the dialog.
-
@TimeBandit said in WTF Bites:
TIL: @Tsaukpaetra watch hardcore porn movies for the dialog.
Well, yeah. I mean, there's only so much content to be had in repetitive movements.
-
Change request: for this list of rates, reduce all rates by the minimum value in the list. In other words "You get the cheapest one free, or we'll credit you the cheapest cost on the more expensive ones."
Dev codes it in lab. Fairly easy.
Dim MinimumCost as Decimal = CostTable.Select("cost = MIN(cost)") For Each row In CostTable row("cost") = row("cost") - MinimumCost if row("cost") < 0 Then row("cost") = 0 end if NextIt works in dev.
It works in QA.
Send it out to staging and-- it stops working. All the costs are $0. What the shit?
After more troubleshooting than a WTF bite is, I discover that... well, you know what? See if you can spot it.
There's an API call. It gets XML with the cost, and turns that into a data table. Using:
ds = New DataSet() : ds.ReadXml(reader) ' Reader is, obviously, an XML reader reading an XML stringOkay. And here's our test data:
<costs> <cost> <cost_type>Cheap</cost_type> <cost>51.23</cost> </cost> <cost> <cost_type>Expensive</cost_type> <cost>98.75</cost> </cost> </costs>And here's the data from Staging:
<costs> <cost> <cost_type>Cheap</cost_type> <cost>64.99</cost> </cost> <cost> <cost_type>Expensive</cost_type> <cost>123.22</cost> </cost> </costs>
-
@Lorne-Kates I'm guessing that in
CostTable.Select("cost = MIN(cost)"), theMINfunction is using text comparison instead of numeric comparison.
-
@anotherusername said in WTF Bites:
@Lorne-Kates I'm guessing that in
CostTable.Select("cost = MIN(cost)"), theMINfunction is using text comparison instead of numeric comparison.That wouldn't explain all the costs being 0. I was thinking the cost/cost nesting, but that doesn't explain how it worked in dev...
-
@dcon yes it would.
In dev,
MinimumCostwould be51.23, and it'll work correctly.In staging, it would be
123.22, because'123.22' < '64.99'. Thenrow("cost") - MinimumCostwould end up being negative, and it sets it to0if it's negative.
-
@anotherusername Ah, right. Forgot to look back at the code...
-
This morning there is a sudden production error in which users couldn't open reports (Excel or PDF) from our web app.
Apparently, not rebooting after Windows updates causes IE to replace dots with underscores in file names so Windows no longer know what program to use to open the file.
???
-
@anotherusername said in WTF Bites:
@dcon yes it would.
In dev,
MinimumCostwould be51.23, and it'll work correctly.In staging, it would be
123.22, because'123.22' < '64.99'. Thenrow("cost") - MinimumCostwould end up being negative, and it sets it to0if it's negative.Correct.
And it isn't the fault of the MIN function, per se.
The data is stored in the API as a decimal.
Everywhere in the system VB.Net implicitly casts it to a decimal.
But the XML->Data Table parser wasn't told that node was a decimal, so it becomes a string.
-
Try Connection.Open() Dim Description As String = Nothing Description = CType(Command.ExecuteScalar, String) Return Description Catch sqlEx As SqlException Throw Catch ex As Exception Throw Finally Connection.Close() End TryThat's some useful exception handling there
-
Catch ex As Exception ThrowThat's some useful exception handling there
Looks like "insert breakpoint here" exception handling. That's actually useful for the guy debugging the code.
-
So, you know, Google's new assistant. Since I have recently come into possession of a Google Pixel and this assistant is baked in, I thought I'd give it a whirl once again. Let's try, say, creating a calendar event. (Bear in mind, I did this in German and you're seeing a translation. Results may vary in English)
Okay Google, create an appointment for a visit to the doctor at 17:00 tomorrow.
The result:
I got an appointment with the subject "for a visit to the doctor at 17:00 tomorrow" and neither date nor time.Okay Google, create an appointment [pause] doctor at 17:00 tomorrow.
Result:
Subject "doctor at 17:00 tomorrow", neither date nor time.Please note that whenever the assistant cannot instantly parse one or more of the fields (like date and time in this case), you have to type it in.
So, maybe it's the ordering?
Okay Google, create an appointment tomorrow at 17:00 doctor
Result: "o'clock doctor", date and time were correct though.
I did the whole thing in German and the above is the result of what a translation would have looked like. Because, you see, when we say a time with hours and minutes in German, it sounds like this:
"17 Uhr 15".
When we write it down, however, it becomes:
"17: 15 Uhr"So, the parser obviously runs over the transcribed text, correctly parses date and time and cuts directly after the numbers for the time, thus combining the "o'clock" part with the subject.
So, not only do we have a self-inflicted bug in the parser, no, the voice assistant is not able to ask for more information, instead forcing you to type it in. Which leads the whole assistant thing a bit ad absurdum.
By the way, I tried the same thing with Cortana. At least this particular task worked flawlessly.
When I said:
Create an appointment at the doctor at 17:00 tomorrow
Cortana correctly dropped the "at the" part for the subject and parsed date and time. (She also dropped "for a" from "for a visit to the doctor")
When I said:
Create an appointment
Cortana then posed several questions to determine date, time and subject which I could answer vocally.
Good job, Google.
-
Good job, Google.
They obviously tested their technology thoroughly before releasing it to the public.
-
@Tsaukpaetra I'd be willing to bet money this is because Google is American and doesn't expect people to use military time (or for non Muricans, 24h time) to input times. Something like "5 PM" would probably work fine.
Not saying that's a good reason, btw. Just saying what the reason probably is :)
-
@Lorne-Kates said in WTF Bites:
After more troubleshooting than a WTF bite is, I discover that... well, you know what? See if you can spot it.
You're using VB.
:obligatory:
-
@sloosecannon said in WTF Bites:
@Tsaukpaetra I'd be willing to bet money this is because Google is American and doesn't expect people to use military time (or for non Muricans, 24h time) to input times. Something like "5 PM" would probably work fine.
Not saying that's a good reason, btw. Just saying what the reason probably is :)
But they are the ones translating it to that format in the first place...
-
@sloosecannon said in WTF Bites:
Something like "5 PM" would probably work fine.
He mentioned doing this in German, so the "PM" part is a bit awkward. You could say something like "um fünf Uhr am Nachmittag" (~five in the afternoon), but I kinda doubt that this would fare much better.
-
@Tsaukpaetra said in WTF Bites:
They obviously tested their technology thoroughly before releasing it to the public.
Do they even bother slapping "Beta" labels on stuff any more or do we all just assume it's there?
-
@boomzilla said in WTF Bites:
@Tsaukpaetra said in WTF Bites:
They obviously tested their technology thoroughly before releasing it to the public.
Do they even bother slapping "Beta" labels on stuff any more or do we all just assume it's there?
Isn't 'beta' synonymous with 'early access' nowadays?
-
@cheong
You have no idea how much this sort of rule can cause problems. I've worked with a solution where the remote partner company had a rule where every time one of their techs logged into a (single, shared) admin account to manage stuff on the hosted network, they would change the password for the admin account at the end of their troubleshooting session. And then the hosted network changed their AD rules to enforce password expiration and history, including the fairly typical 1 day minimum password age to go with that. At which point every time the remote partner company logged in, their system would update the stored credentials, and not catch the error AD threw back that "you can't change your password" and then lock themselves out because now the two passwords were out of sync.It took fooooooooooorever to identify the root cause of that problem.
-
Isn't 'beta' synonymous with 'early access' nowadays?
I'm pretty sure when it comes out of beta, that means it's been deprecated. And killed.
-
Fuck you, NPM devs.
`npm install` inexplicably runs `npm run prepublish` in npm 1.2.0 · Issue #3059 · npm/npm
damocles@moya:~/oss/sloppy-queue-flow(master)$ npm install > sloppy-queue-flow@0.1.10 prepublish /Users/damocles/oss/sloppy-queue-flow > npm test && docco ./lib/sloppy-queue-flow.js &...
Running prepublish as part of npm install is as designed, per Isaac.
I refuse to believe that. prepublish is a trigger that clearly means "before publishing to NPM".
This change was by design, and was carefully considered.
You say it was carefully considered but I don't understand the logic at all.
Does anyone have a pointer of where was this carefully considered ? A mailing list thread, another ticket or something ?
None that I was able to find, (and I did a lot of searching when this issue first broke my CI setup). The justifications given in this issue are terrible as well.
Compy 386!! - Sbemails 113 - pizzaz
