Thank you for dumbing me down, youtube



  •  Just a minor thing, but it kind of... "struck me unpleasantly".

    I was getting a "There was an error" message when trying to submit comment, and i thought maybe he doesn't like the slash in its text. i was right.

    Now i was trying to send another one, and can't because of "ation marks.

    ...because it's like we don't have safe replacements for them to use in database, or what?

     

    So me (the user) is forced to write like an idiot when he's trying to explain a more complicated thought, just because... well, why?



  • Did you not know there used to be a JavaScript injection vulnerability in YouTube comments? Did you expect them to fix it in a sane way? Are you telling me you still have faith in humanity???

    You must be new here.



  • TRWTF is writing a comment on youtube.



  • @boomzilla said:

    TRWTF is writing a comment on youtube.

    Maru reads EVERY ONE.



  • @boomzilla said:

    TRWTF is writing a comment on youtube.
     

    TRTRWTF is thinking that there are no videos on youtube worth intelligent comments, when all your searches consist of music or contain words "LOLcats" and "funny"

    but i get your point

     

    @derula said:

    Are you telling me you still have faith in humanity???

    You must be new here.

    Yes, and no, not really, lurking around dailywtf about 3 years, but you know, i'm an ever-dreaming idealist/optimist...



  • @SEMI-HYBRID code said:

    TRTRWTF is thinking that there are no videos on youtube worth intelligent comments, when all your searches consist of music or contain words "LOLcats" and "funny"

    but i get your point

    Yeah seriously. How can you resist commenting on the brilliance of this clip for example? I was falling over myself to proclaim the director's genius.



  • @boomzilla said:

    TRWTF is writing a comment on youtube.
    Thumbs up if you agree!



  • @SEMI-HYBRID code said:

    @boomzilla said:
    TRWTF is writing a comment on youtube.

    TRTRWTF is thinking that there are no videos on youtube worth intelligent comments, when all your searches consist of music or contain words "LOLcats" and "funny"

    but i get your point

    That's a small fraction of what I watch on youtube. It doesn't seem to matter what the topic is, I always feel dumber after reading comments.



  • @boomzilla said:

    That's a small fraction of what I watch on youtube. It doesn't seem to matter what the topic is, I always feel dumber after reading comments.

    You're actually reading them??

    Well, there's your problem, then. You're not supposed to read them. They are write-only.



  • @frits said:

    Thumbs up if you agree!

    27 viewers aren't as brillant as Paula Bean.


  • Discourse touched me in a no-no place

    @derula said:

    @boomzilla said:
    That's a small fraction of what I watch on youtube. It doesn't seem to matter what the topic is, I always feel dumber after reading comments.

    You're actually reading them??

    Well, there's your problem, then. You're not supposed to read them. They are write-only.

    My racing team has a youtube account. We use it primarily to post random videos of our piece of crap car in various states of not-quite-running-properly and in-car video of me hitting things and whatnot. One of our videos is of the car running with no exhaust aft of the headers. Why? It sounds AWESOME. Like a bastard hybrid between a straightpipped smallblock and a space ship. This is a car that's clearly not equipped for street driving - the giant numbers on the side, ridiculous decals and paintjob and total lack of license plates make this clear. The general trend in the comments is "YOU'RE GOING TO GET PULLED OVER FOR BEING NOISY!"



  • @SEMI-HYBRID code said:

    So me (the user) is forced to write like an idiot

     

    They're just enforcing standard YouTube comment house style.

     



  • If we're getting into YouTube comment anecdotes...

    I have a  video of "force levitation". (No, I'm not a Star Wars fanboy, but I did participate in the Darths & Droids Cheddar Monk Academy). One person was sufficiently unconvinced in the genuineness of my force powers that he bothered to write the comment "Fake".

    The YouTube comments threads should carry the same label as Dante's hell: "Abandon all hope, ye who enter here".



  • @pjt33 said:

    I have a  video of "force levitation". (No, I'm not a Star Wars fanboy, but I did participate in the Darths & Droids Cheddar Monk Academy). One person was sufficiently unconvinced in the genuineness of my force powers that he bothered to write the comment "Fake".
     

    Be happy you didn't do a choke hold. You'd be inundated with "did he died?" comments.

    The most ridiculous YouTube conversation I've ever seen was on some video of two kittens playing with eachother. As you all are probably aware, kittens play rough, with full claws and can sometimes hurt eachother, albeit nothing that bad.

    There were a few people claiming the owner was negligent and abusive for not stopping the fight and instead shooting the video. What followed was hundreds of pages of back-and-forth flamewarring over it. Trolls or not, it was quite amazing to watch.



  • Not being able to enter slashes or quotes on YouTube is annoying, but my coworker recently tried to submit a complaint to his bank and it wouldn't let him enter a period, comma, or dollar sign. Brilliant!



  • @RHuckster said:

    The most ridiculous YouTube conversation I've ever seen was on some video of two kittens playing with eachother. As you all are probably aware, kittens play rough, with full claws and can sometimes hurt eachother, albeit nothing that bad.

    There were a few people claiming the owner was negligent and abusive for not stopping the fight and instead shooting the video. What followed was hundreds of pages of back-and-forth flamewarring over it. Trolls or not, it was quite amazing to watch.

     

    Kitten videos automatically attract "animal abuse" comments.  If it shows a kitten sitting in a box and mewing, you're abusive for not feeding it.  If you bring it food, you're abusive because you didn't do it fast enough, or the food is wrong (subdiscussion then follows on packaged cat food vs a hastily-scrambled egg as the best food for a starving kitten you've just rescued off the street). If you pick it up to comfort it, you're abusive because it wanted something else.

     


  • Discourse touched me in a no-no place

    @blakeyrat said:

    @SEMI-HYBRID code said:

    TRTRWTF is thinking that there are no videos on youtube worth intelligent comments, when all your searches consist of music or contain words "LOLcats" and "funny"

    but i get your point

    Yeah seriously. How can you resist commenting on the brilliance of this clip for example? I was falling over myself to proclaim the director's genius.

    On the other hand, we have this, which is a work of pure genius.



  • @FrostCat said:

    On the other hand, we have this, which is a work of pure genius.

    Still doesn't even touch this clip. Not even close.





  •  Just an interesting update, special characters ( / ' " are suddenly allowed.

    (Didn't notice exactly when the change happened.)



  • @dcardani said:

    Not being able to enter slashes or quotes on YouTube is annoying, but my coworker recently tried to submit a complaint to his bank and it wouldn't let him enter a period, comma, or dollar sign. Brilliant!
    Ha!  That's funny because my bank doesn't allow "special" characters for your online banking password...  Yes, that's right, they intentionally (though probably not knowingly) made the password search space smaller.  Thanks guys!



  •  



  • @C-Octothorpe said:

    @dcardani said:

    Not being able to enter slashes or quotes on YouTube is annoying, but my coworker recently tried to submit a complaint to his bank and it wouldn't let him enter a period, comma, or dollar sign. Brilliant!
    Ha!  That's funny because my bank doesn't allow "special" characters for your online banking password...  Yes, that's right, they intentionally (though probably not knowingly) made the password search space smaller.  Thanks guys!

    My old 401k used to disallow anything that wasn't alphanumeric. It took me a while to figure out why: apparently, they use the same "PIN" on their website AND their phone system. i.e., when you call into their toll-free number, you have to verify yourself with your "PIN". As if it would've been so difficult to have created a separate PIN for their phone system, and use a REAL password for their website. <diety /> forbid.



  • @Helix said:

     

     

    I think I read someone criticize this strip with practical objections, but I don't remember where. :<br>

     


  • Discourse touched me in a no-no place

    @dhromed said:

    @Helix said:

     

     

    I think I read someone criticize this strip with practical objections, but I don't remember where. :<br>

     

    Would be an interesting read because it checks off all the boxes in my security lobe and is, in fact, the way I construct passwords.



  • I am bad with passphrases because when I memorize a setence, it is transformed into concepts ad visual and auditory blobs which may or may not be decoded into the exact same sentence when I need to remember the password.

    So yeah, phrase X goes in, but god knows what kind of allegorical essay comes out, in which case I can't log in to my porn sites. :((((

    Ed.

    Hell, just trying to recall XKCDs password yields "horse heap stack battery".

     



  • @dhromed said:

    I think I read someone criticize this strip with practical objections, but I don't remember where. :</blockquote>
    [url]http://www.codinghorror.com/blog/2011/09/cutting-the-gordian-knot-of-web-identity.html[/url]?



  •  yez!

    I thought it was Atwood, but I also thought it wasn't.



  • @nexekho said:

    @dhromed said:
    I think I read someone criticize this strip with practical objections, but I don't remember where. :</blockquote>
    http://www.codinghorror.com/blog/2011/09/cutting-the-gordian-knot-of-web-identity.html?

    Listen up folks! The guy pushing OpenID, the ONLY authentication system worse than remembering 40,000 passwords, is gonna tell us how single sign-on should work!



  •  The problem with that proposed solution comes when you don't use the same device the next time you try to log on to a site.  Suppose you created the account from your home computer, then you need to get to it at work (maybe you want to transfer some money from one account to another so a pending payment won't get rejected for NSF).

    Or what if your computer crashes with an unrecoverable hard disk error?  Or burglars walk off with it while you're out partying.  You bite the bullet and buy a new machine, and find that you can no longer log on to any of your regular sites.

    Even the "Forgot your account/Forgot your password" thing can be a problem.  I once had to get a password reset on an old account I had created several years before.  The confirmation e-mail went to the address they had on record for me.  An address I had abandoned when I changed ISPs and could no longer retrieve.



  • @dhromed said:

     yez!

    I thought it was Atwood, but I also thought it wasn't.

    Ah, so by "criticize this strip with practical objections" you mean "agree completely with the strip and then go on a tangent about how we shouldn't have so many passwords"?



  • Duplicate



  • @Helix said:

     



  •  Or this one:




  • @nexekho said:

    http://www.codinghorror.com/blog/2011/09/cutting-the-gordian-knot-of-web-identity.html

    I liked this:

    We want -- no, we [i]demand[/i] -- that the browser understand and standardize identity the same way it does HTML and CSS.
    ... you mean poorly?

    @da Doctah said:

    The problem with that proposed solution comes when you don't use the same device the next time you try to log on to a site. Suppose you created the account from your home computer, then you need to get to it at work (maybe you want to transfer some money from one account to another so a pending payment won't get rejected for NSF).

    Or what if your computer crashes with an unrecoverable hard disk error? Or burglars walk off with it while you're out partying. You bite the bullet and buy a new machine, and find that you can no longer log on to any of your regular sites.

    Well, the proposed solution has all the identity stuff and all the passwords stored somewhere in the cloud. So you'd have to set up your browser to retrieve the correct record again (with whatever information that is required, and you'd better keep a backup of that), but once you did that everything else should work. The real fun would be if that cloud provider went down unexpectedly...


  • @Sutherlands said:

    @dhromed said:

     yez!

    I thought it was Atwood, but I also thought it wasn't.

    Ah, so by "criticize this strip with practical objections" you mean "agree completely with the strip and then go on a tangent about how we shouldn't have so many passwords"?
     

    Yes!

    My memory is shit.

     



  • @Scarlet Manuka said:

    The real fun would be if that cloud provider went down unexpectedly...
    No, the real fun is not IF the cloud provider goes down, it's WHEN the cloud provider goes down.  Maybe for a few hours.  Or days.  Or forever.

    That whole article has more fail per square inch than anything I've read in quite a while.



  • @El_Heffe said:

    @Scarlet Manuka said:

    The real fun would be if that cloud provider went down unexpectedly...
    No, the real fun is not IF the cloud provider goes down, it's WHEN the cloud provider goes down. Maybe for a few hours. Or days. Or forever.

    That whole article has more fail per square inch than anything I've read in quite a while.

    Well, since that problem already exists in OpenID, which he fellates basically every change he gets, I'm guessing he doesn't care. It also has the same problem that a hostile (or merely incompetent) ID provider can kidnap all your data, or prevent access to it.

    The thing about authentication that he doesn't get is that it's not just authentication. Personal data is stored based on it. Any auth system that can result in loss of data due to a third party is just as bad as, say, a backup system with the same weakness. Or a hard drive with the same weakness. And is also why I'd never use OpenID, and give Google/LiveJournal/OpenID.org/whatever the ability to delete my data, and also why I'll never use one of his Stack-whatever sites.



  • @blakeyrat said:

    @El_Heffe said:

    @Scarlet Manuka said:

    The real fun would be if that cloud provider went down unexpectedly...
    No, the real fun is not IF the cloud provider goes down, it's WHEN the cloud provider goes down. Maybe for a few hours. Or days. Or forever.

    That whole article has more fail per square inch than anything I've read in quite a while.

    Well, since that problem already exists in OpenID, which he fellates basically every change he gets, I'm guessing he doesn't care. It also has the same problem that a hostile (or merely incompetent) ID provider can kidnap all your data, or prevent access to it.

    The thing about authentication that he doesn't get is that it's not just authentication. Personal data is stored based on it. Any auth system that can result in loss of data due to a third party is just as bad as, say, a backup system with the same weakness. Or a hard drive with the same weakness. And is also why I'd never use OpenID, and give Google/LiveJournal/OpenID.org/whatever the ability to delete my data, and also why I'll never use one of his Stack-whatever sites.

    +1.  And also, how do you log into this hypothetical 'cloud provider'?  If it's with a username and password, then all you're effectively doing is using the same password to control access to all your accounts on every website you visit.  If that gets hacked/lost/phished/stolen, then all your accounts get hacked in one go.   Reusing passwords across multiple sites is already a well-known security fail and this seems to be an attempt to elevate it to a best practice.  Not good.

     



  • @DaveK said:

    @blakeyrat said:

    Well, since that problem already exists in OpenID, which he fellates basically every change he gets, I'm guessing he doesn't care. It also has the same problem that a hostile (or merely incompetent) ID provider can kidnap all your data, or prevent access to it.

    The thing about authentication that he doesn't get is that it's not just authentication. Personal data is stored based on it. Any auth system that can result in loss of data due to a third party is just as bad as, say, a backup system with the same weakness. Or a hard drive with the same weakness. And is also why I'd never use OpenID, and give Google/LiveJournal/OpenID.org/whatever the ability to delete my data, and also why I'll never use one of his Stack-whatever sites.

    +1.  And also, how do you log into this hypothetical 'cloud provider'?  If it's with a username and password, then all you're effectively doing is using the same password to control access to all your accounts on every website you visit.  If that gets hacked/lost/phished/stolen, then all your accounts get hacked in one go.   Reusing passwords across multiple sites is already a well-known security fail and this seems to be an attempt to elevate it to a best practice.  Not good.

     

    I read the Coding Horror article a few weeks back, and I personally agree and disagree with it. I took away a different idea from that article than I'm seeing in this forum. I absolutely agree that using a third-party id provider can, and probably will, be a single point of failure at some point. But, I think that the intent of the article is more about leaving security up to the professionals. Well, at the very least, stop re-inventing the proverbial wheel. How many WTFs have we seen where some dev decides that whatever existing technology is just not good enough, and rolls their own hashing/encryption algorithm, just to unwittingly introduce the most insecure schema conceivable? I like the idea of offloading some things to a company that has many more resources than I do for something like this.

    With that said, I also understand the counter-argument that there is no way to be secure about it. Sure, that service can (and probably will) get hacked. I also understand that they may have employed some dev who decided to roll their own encryption. There are an infinite number of variables that get introduced, which adds a potentially unhealthy level of risk. But, in a perfect world (as was suggested by Atwood)*, it sure would be nice if we never ever had to worry about implementing a password algorithm in all of our apps ever again.

    * Yeah, I know he is not "day dreaming" and is dead serious. But, I'm knowingly airing on the side of optimism and nativity with my statement.



  • @DaveK said:

    +1.  And also, how do you log into this hypothetical 'cloud provider'?  If it's with a username and password, then all you're effectively doing is using the same password to control access to all your accounts on every website you visit.  If that gets hacked/lost/phished/stolen, then all your accounts get hacked in one go.   Reusing passwords across multiple sites is already a well-known security fail and this seems to be an attempt to elevate it to a best practice.  Not good.

    TO CONTRIBUTE MORE TO THE DISCUSSION WHERE EVERYBODY AGREES:

    The really stupid part is that Atwood's already been bit in the ass by this issue: StackOverflow.com has already had to deal with the fallout from an OpenID provider going under. And he still doesn't get it at all.

    Their "solution"? To allow a user to assign multiple different OpenID accounts to the same StackOverflow.com account. Yeah, so now you need BACKUP authentication providers. And you need the foresight to sign up to every site with at least TWO authentication providers. (Because if the first goes down, it's too late to add a second-- you can't auth as the account to do it!) THIS IS FAR SUPERIOR TO WHAT WE DO NOW, JEFF ATWOOD!

    The really stupid thing is that I agree with his premise: auth on the web sucks. Capital S Sucks. But OpenID ain't a fix. Having the browser (and servers managed by the browser maker) isn't much better than OpenID. Fucking Microsoft Passport is better than those systems.

    And refusing to let other people use a traditional username/password on your site because you follow the OpenID religion is pretty much the opposite of what I would call "good human factors." (Or whatever term Atwood uses for his shit so he can avoid saying "usability".)

    Edit:

    @dohpaz42 said:

    Sure, that service can (and probably will) get hacked.

    It doesn't have to be hacked, it just has to be unprofitable. Look at it this way: what does LiveJournal/Google/Yahoo/whatever get, financially, from being an OpenID provider? Not much. Is it enough to keep those servers patched/upgraded/debugged/etc? Hm... well the good news is that it's easy to maintain. So maybe? But what if tomorrow, Google looks at their balance sheet and says, "hey guys, this OpenID shit is costing us thousands a year, and we're getting jack from it-- plus the intangible benefits are worth jack because nobody knows what the fuck 'OpenID' is, and the geeky types who do all run their own OpenID servers on .org domains." So Google decides to drop it, switch it with something more Facebook Connect-esque where they benefit from a lot more. Now you can't log into StackOverflow-- tough shit to you! You're fucked! (And again: this has already happened once. Not with Google.)

    Now assume instead of Google, it's Mozilla. (Like in Atwood's example.) What incentive does Mozilla have to pay $$$ to support their ID provider? What about if they lose Google sponsorship, and are dead-broke? What if you use Safari to do it, then decide to switch to Windows, then Apple decides to stop porting Safari to Windows? Or what if an open source browser has another Iceweasel-esque fight and forks itself? You're fucked!

    At least Passport/LiveID/whatever it's called this week, at least Microsoft has a very very strong financial incentive to keep it running reliably. That's not true of any of these other schemes. That's not to say Passport is good, or the solution people should adopt, but at least you can be sure it'll last as long as Microsoft the corporation lasts. Which is undoubtedly longer than Mozilla.org will.



  • @dohpaz42 said:

    optimism

    Who are you and what are you doing here? 

    @dohpaz42 said:

    nativity

    It is not christmas yet



  • @serguey123 said:

    @dohpaz42 said:

    nativity

    It is not christmas yet

    Ugh! Spell check fail! I meant to say naively.



  • @blakeyrat said:

    @dohpaz42 said:
    Sure, that service can (and probably will) get hacked.

    It doesn't have to be hacked...

    You're absolutely right. There are many ways that a third-party service can be a failure. Hacked, going out of business, system outages, environmental disasters, routing issues, Monday, etc. Maybe it wasn't very obvious, or maybe you glazed over the point that I made later in my statement, but to reiterate, I also said:

    @dohpaz42 said:

    There are an infinite number of variables that get introduced, which adds a potentially unhealthy level of risk.

    This was meant to imply more than just hackery, which I probably should have been more explicit about. Mea culpa. For me personally, I do and don't like the idea of having a single entry point to my ga-zillion+1 accounts. I personally use 1Password for this task. It's sort of like OpenID/Passport/Foo in the sense that all of my websites are controlled from a single point, but at the same time it's separate in the sense that it's a password manager, which is used by a desktop/mobile application. If 1Password's servers were to fail, it would not affect me one bit. However, I do store the 1Password data files on Dropbox, so I do still have some level of risk. At the very least, even if/when my data gets leaked (assuming I get notified of such), I can more easily go to all of my accounts and easily change the passwords because I have a nice long list to go through using the password manager.



  • @blakeyrat said:

    Well, since that problem already exists in OpenID, which he fellates basically every change he gets, I'm guessing he doesn't care.
    I'm not familiar with his history of fellating OpenID, however it became immediately obvious that he's a doofus who doesn't care and doesn't even understand the problem when he says this at the very beginning:

    @Jeff Atwood said:

    Warning, Extreme Hand Waviness Ahead: while I do honestly believe the techniques described below would work, I am glossing over many of the technical implementation details.
    WTF?  The technical implementation details ARE the problem.  Any doofus can say "It should be like this _____ ".

    @blakeyrat said:

    It doesn't have to be hacked, it just has to be unprofitable.
    Which is the very first thing I thought of when I started reading the Atwood piece.  And it doesn't even have to be unprofitable.  All it takes is a management change.  The new boss says "why are messing around with this stuff?"  and POOF it's all gone.  Happens all the time.

    @DaveK said:

    And also, how do you log into this hypothetical 'cloud provider'? 
    I think the second comment on the Atwood piece is my favorite:

    "Congratualtions, you just re-invented the password manager".



  • Why would you have to have multiple logins to the same site?  Why couldn't you just... store the same password in multiple clouds?  If one provider goes bye bye, still have access.



  • @El_Heffe said:

    Any doofus can say blakyrat always says "It should be like this _____ ".

    FTFY

    Seriously, though, I'm enjoying blakeyrat arguing about real world limitations.



  • @El_Heffe said:

    WTF?  The technical implementation details ARE the problem.  Any doofus can say "It should be like this _____ ".
     

    No they're not.

    When you scratch username/password combos, you are thrown back to the design stage. Technical stuff comes later.



  • @dhromed said:

    @El_Heffe said:

    WTF?  The technical implementation details ARE the problem.  Any doofus can say "It should be like this _____ ".
     

    No they're not.

    When you scratch username/password combos, you are thrown back to the design stage. Technical stuff comes later.

    Really?  Seriously?

    That's like creating a mock-up of the UI of a program and the boss thinks that the program is 98% done since all of the coding that actually makes the program work is just "technical details".  It all goes back to an old saying -- "The devil is in the details".  Design is easy.  Ideas are easy.  Actually making things work (i.e., all the "technical details") is very hard.  And this subject is perfect proof.  Despite all of the really smart people in the world, nobody can come up with an idea that actually works, otherwise the problem would be solved and we wouldn't be having this conversation.

     



  • @El_Heffe said:

     Design is easy. 

    Crappy UIs around the world disagree with you

    @El_Heffe said:

     Ideas are easy. 

    Failed visionaries and inventors around the world disagree with you


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.