WTF Bites
-
@arantor The whole cURL API is a bit of a garbage fire. Not type safe and patterned on ioctl(). The "curl_easy_setopt()" function takes over 200 options.
Seriously, they shouldn't let people who design APIs like that into the country.
-
@greybeard said in WTF Bites:
The "curl_easy_setopt()" function takes over 200 options.
I misread this as "over 200 arguments" and got excited.
-
@greybeard said in WTF Bites:
The "curl_easy_setopt()" function takes over 200 options.
Good thing that's the “easy” version of the API.
-
@ben_lubar said in WTF Bites:
I misread this as "over 200 arguments" and got excited.
Paging @Perverted_Vixen ?
-
-
TIL MS Access doesn't have a useful
GotFocus
event for a form.A form can receive the focus only if it has no controls or if all visible controls are disabled. If a form contains any visible, enabled controls, the GotFocus event for the form doesn't occur.
-
-
I actually think it's a good idea (avoids leading 0s causing incorrect conversions), but a bit o' t' on first glance.
Wait, why is this program on Python 2? Python 3 came out five years before its first commit!
And even then, Python 2 supported the new syntax:
New octal literals, e.g.
0o720
(already in 2.6). The old octal literals (0720
) are gone.
-
Wait, why is this program on Python 2? Python 3 came out five years before its first commit!
I think this is pretty common, because of libraries and tutorials that haven't been converted to Python 3.
-
@r10pez10 apparently this is a onebox. I was really confused for a bit...
oh, never mind
-
does 'serverless' mean?
-
@greybeard said in WTF Bites:
@ben_lubar said in WTF Bites:
I misread this as "over 200 arguments" and got excited.
Paging @Perverted_Vixen ?
unless the arguments require condoms for proper safety, not interested!
:-P
-
-
does 'serverless' mean?
Apparently server-less means "isn't using a standard provisioned web server product on an intentionally provisioned and configured (by the user) machine".
-
@perverted_vixen I just have this image of Ben typing away in his basement, saying "yes", "yes!", "YES!" every time he hits a comma.
I do not like this image.
-
I've just been delayed 20 minutes because:
- I needed to access a network share (in another Active Domain, since it is in customer network).
- I had restarted yesterday at end of the day due to updates.
- After restart, Windows Explorer somehow remembers the drives mapped with
net use
, but the passwords, so the drives can't be used. - It will nevertheless try to reconnect them whenever it tries to show them. E.g. when opened on root, which is what +e does.
- It will try 4 times with who-knows-what-credentials before asking for password.
- After 3 attempts, the account locks for 15 minutes.
- The drives can be fixed with
net use x: /delete
andnet use x: //pa/th …
, but the account must not be locked at that point.
There is a in there, though I am not sure which point is it.
-
There is a in there, though I am not sure which point is it.
Sometimes, the isn't in the single steps but in the composition. Though attempting to reconnect with the same credentials multiple times when the other side has given you an auth failure is probably the closest thing to a “why would you do that?!” in there. Provided the reason the multiple times isn't that you've got that many different drives mounted; I wouldn't expect it to know that the credentials for one are necessarily the credentials for the others (that's a decision that clients shouldn't take, rather like how URL equality tests are also tricky that way).
-
@r10pez10 TIL that high-bandwidth applications don't work south of the equator.
See, nobody much uses high-bandwidth applications around here.
Because we don't have high enough bandwidth and data caps available.
So there's clearly no demand for that sort of thing, and therefore rolling out a high-bandwidth network is just not that useful.The really puzzling part is that the person saying that heads up a company whose entire raison d'être is to roll out high speed broadband across the country. ... Are you saying we should close down your company and fire you? That must be a pretty interesting severance package you have there.
-
Sometimes, the isn't in the single steps but in the composition.
Yeah. In this case, the composition of "forget the passwords" and "try to connect anyway". If you are going to forget the passwords, you should make sure you get new ones before you try to reconnect.
"Try again if it doesn't work" is just the cherry on top. As you point out, this is only really a problem in the specific case of auth failure; in general it's not too insane a thing to do (but probably also not that useful a thing to do either).
-
@greybeard said in WTF Bites:
@perverted_vixen I just have this image of Ben typing away in his basement, saying "yes", "yes!", "YES!" every time he hits a comma.
I do not like this image.
sorry. it's a superpower of mine..... very powerful, sexy as hell normally, but sometimes it misfires........
-
Though attempting to reconnect with the same credentials multiple times when the other side has given you an auth failure is probably the closest thing to a “why would you do that?!” in there.
Now when you say it I seem to recall that colleague told me about another Active Domain “security” feature: it does not tell you authentication failed, it simply ignores you. So it retries because it does not know why it failed…
Additionally, Windows has this Credential Store and it uses it for remembering all kinds of passwords. For Exchange, TFS etc. But the credentials for shares are somewhere else. And nobody seems to know where…
-
credentials for shares
it probably tries first with Kerberos (for everything since 2000), then with NTLMv2, NTLM and plain text just because the share might be on a Windows 3.11 box.
-
it does not tell you authentication failed, it simply ignores you
While it shouldn't tell you whether the failure was due to a bad username or a bad password, it should tell you that the auth step was what went wrong because otherwise there's no chance of anyone (who is organisationally permitted) getting enough information to discover what to do to fix the issue. I hate working with security systems precisely because they seem to be oriented towards making things difficult, and most computer security professionals seem to be little better.
-
it probably tries first with Kerberos (for everything since 2000), then with NTLMv2, NTLM and plain text just because the share might be on a Windows 3.11 box.
The strange thing is that it apparently remembers the account, because the account gets locked. The account name is the same but for the share it must be prefixed with the domain name while the local account is not from (any) domain.
(note: it is in customer's domain and we are not in it and apparently making two domains interoperate is such hassle that nobody bothered even setting up a domain on our side at all)
-
Now when you say it I seem to recall that colleague told me about another Active Domain “security” feature: it does not tell you authentication failed, it simply ignores you. So it retries because it does not know why it failed…
Your colleague is mistaken.
-
The text import for the planning tool is broken. Importing text from a template gives a warning:
You are about to leave the form. Unsaved changes will be lost.
Do not save and continue.
Cancel
Save and continue
The correct button to press here is to NOT save. Otherwise the tool will save a copy of the plan you're working on instead of saving the changes to the current plan.
Also, adding anything to the plan will display the item added notification twice.
-
I hate working with security systems precisely because they seem to be oriented towards making things difficult, and most computer security professionals seem to be little better.
Security is, almost by definition, opposed to user friendliness. You see the struggle play out on all sorts of areas where security is enhanced, then people complain because it affects the UX too much so security is dialled back to make it easier to use, then a security audit says it's not secure enough and the cycle repeats
-
Security is, almost by definition, opposed to user friendliness.
The most secure system is one that is entirely unusable.
-
@heterodox Exactly. As soon as someone sees confidential information they could tell someone else
-
Security is, almost by definition, opposed to user friendliness.
I'd change “user friendliness” to “utility”. The problem that security has is that it is utility that pays the bills. Security might manage the risks, but the risk of not having enough utility to actually do the intended task is an absolutely critical one. Sure, it is possible to have plenty of security while keeping good utility, but a lot of the time that just doesn't happen and either there is far too much risk in the system or there is far too little utility.
You can make your dollar store far more secure by shooting everyone who comes through the door in the head, and hey, why not random passers-by too?, but you won't remain in business very long if you do that. ;)
-
@greybeard said in WTF Bites:
@perverted_vixen I just have this image of Ben typing away in his basement, saying "yes", "yes!", "YES!" every time he hits a comma.
-
Security is, almost by definition, opposed to user friendliness.
That explain why some people keep saying Linux is less user-friendly
-
@jaloopa We can't say in the reply why request parsing failed because that would leak too much information and we can't log it because that would enable a denial of service.
-
credentials for shares
it probably tries first with Kerberos (for everything since 2000), then with NTLMv2, NTLM and plain text just because the share might be on a Windows 3.11 box.
Wait a minute.
If I mistype a character in my secure password it will send it in plaintext!?
-
-
If I mistype a character in my secure password it will send it in plaintext!?
What's the problem? It's not the correct password
-
@greybeard said in WTF Bites:
@perverted_vixen I just have this image of Ben typing away in his basement, saying "yes", "yes!", "YES!" every time he hits a comma.
I do not like this image.
Could be worse (sorry about the video quality, the only other version of the scene I found was in German):
https://www.youtube.com/watch?v=pEG1JSP7t04
-
If I mistype a character in my secure password it will send it in plaintext!?
What's the problem? It's not the correct password
(assuming you're serious)
So if your password were
correct horse battery staple
, you would not have any problems ifcorrect hoarse battery staple
was sent over the network in plain text in a your-password context.
-
@timebandit
Yeah, it's certainly gotten a lot less user friendly after all those glaring security holes got fixed
-
@pleegwat
Psh, what a strawman. Everyone knows that's not a secure password, it doesn't have any CaPiTaL letters, numb3rs, $ymbol$, or blood of a virgin!
-
@timebandit
Yeah, it's certainly gotten a lot less user friendly after all those glaring security holes got fixedThese ?
-
@greybeard said in WTF Bites:
@perverted_vixen I just have this image of Ben typing away in his basement, saying "yes", "yes!", "YES!" every time he hits a comma.
His mouth moves too much for the words. I think he's actually saying
More
DAKA!!!
-
@greybeard said in WTF Bites:
saying "yes", "yes!", "YES!" every time he hits a comma.
-
@yamikuronue said in WTF Bites:
@greybeard said in WTF Bites:
saying "yes", "yes!", "YES!" every time he hits a comma.
Kinda reminds me of the lead singer of the Generals.
-
There is a in there, though I am not sure which point is it.
"Windows could not reconnect all of your network drives"
That point ^^ right there.
-
it does not tell you authentication failed, it simply ignores you
While it shouldn't tell you whether the failure was due to a bad username or a bad password, it should tell you that the auth step was what went wrong because otherwise there's no chance of anyone (who is organisationally permitted) getting enough information to discover what to do to fix the issue. I hate working with security systems precisely because they seem to be oriented towards making things difficult, and most computer security professionals seem to be little better.
I remember encountering a webform that simply did nothing if the password or username was incorrect. Didn't grey out the submit button, didn't cutely shake the screen, nothing.
It was glorious!
-
@yamikuronue said in WTF Bites:
@greybeard said in WTF Bites:
saying "yes", "yes!", "YES!" every time he hits a comma.
-
@timebandit said in WTF Bites:
@timebandit
Yeah, it's certainly gotten a lot less user friendly after all those glaring security holes got fixedThese ?
What in the literal fsck?
If your GUEST OS can take down the HOST OS, you're virtualizing upside down...
-
it probably tries first with Kerberos (for everything since 2000), then with NTLMv2, NTLM and plain text just because the share might be on a Windows 3.11 box.
The strange thing is that it apparently remembers the account, because the account gets locked. The account name is the same but for the share it must be prefixed with the domain name while the local account is not from (any) domain.
(note: it is in customer's domain and we are not in it and apparently making two domains interoperate is such hassle that nobody bothered even setting up a domain on our side at all)
It's also possible that you've become invalidated and disconnected from the domain somehow, meaning your valid credentials are no longer valid. IME Windows always remembers the credentials, but stuff like that can happen and make this happen.
-
@tsaukpaetra said in WTF Bites:
it does not tell you authentication failed, it simply ignores you
While it shouldn't tell you whether the failure was due to a bad username or a bad password, it should tell you that the auth step was what went wrong because otherwise there's no chance of anyone (who is organisationally permitted) getting enough information to discover what to do to fix the issue. I hate working with security systems precisely because they seem to be oriented towards making things difficult, and most computer security professionals seem to be little better.
I remember encountering a webform that simply did nothing if the password or username was incorrect. Didn't grey out the submit button, didn't cutely shake the screen, nothing.
It was glorious!
Spotify does this if you're logging in from a direct open.spotify.com song link rather than the home page.