Yeah, if they are able to intercept traffic or access the logs, they probably already have other access to the account without needing the password. If you don’t reuse passwords, then your other accounts will be safe from that.
Yeah, if they are able to intercept traffic or access the logs, they probably already have other access to the account without needing the password. If you don’t reuse passwords, then your other accounts will be safe from that.
Yeah no worries and agreed. I hate seeing commercial sites using worse password sanitization practices than I used for my first development website that wasn’t even really intended for anyone else to log in to and any max length suggests the password is either stored or processed in plaintext.
IMO it should even be hashed on the client side before being sent so that it doesn’t show up as plaintext in any http requests or logs. Then salted and hashed again server side before being stored (or checked for login).
Correct, hence the sentence after the one you quoted :)
If any service can recover your password and send it back to you rather than just resetting it for you to set a new one, don’t rely on that service for anything you want to keep secure. And certainly don’t reuse a password there, though you shouldn’t be reusing passwords anyways because who knows what they are and aren’t storing, even if they don’t offer password recovery.
Once upon a time, battle.net passwords weren’t case sensitive. I used upper and lower case letters in my password then one day realized I didn’t hit shift for one of the caps as I hit enter out of habit, but then it still let me in instead of asking for the password again.
It was disappointing because it takes more work to remove case-sensitivity than to leave it. I can’t think of any good reason to remove it. At least the character limit had a technical reason behind it: having a set size for fields means your database can be more efficient. Better to use the size of a hash and not store the password in plaintext, so it’s not a good reason, but at least it’s a reason.
Someone set up a script to automatically create daily backups to tape. Unfortunately, it’s still the first tape that was put in there 3.5 years ago, every backup since that one filled up failed. It might as well have failed silently because everyone who received the email with the error message filtered them to a folder they generally ignored.
How to Win Friends and Influence People by Dale Carnegie should be required reading for everyone. It’s full of things that are so obvious in hindsight but go against our natural instincts so we blunder through attempts to persuade not realizing that we might be increasing resistance rather than decreasing it.
Like the whole, “you might be right but you’re still an asshole” thing. Being correct just isn’t enough. In some cases you get crucified and then after some time has passed, the point you were trying to convince others of becomes the popular accepted fact. And they might even still hate you after coming around on the point you were trying to make.
That book won’t turn you into a persuasive guru, but it will help avoid many of the pitfalls that make debates turn ugly or individuals stubborn.
Or, on the flip side, you can use the inverse of the lessons to become a more effective troll and learn how to act like you’re arguing one thing while really trying to rile people up or convince them of the opposite. I say this not so much to suggest it but because knowing about this can make you less susceptible to it (and it’s already a part of the Russian troll farm MO).
Yeah, I was going to mention race conditions as soon as I saw the parent comment. Though I’d guess most cases where the debugger “fixes” the issue while print statements don’t are also race conditions, just the race isn’t tight enough that that extra IO time changes the result.
Best way to be thorough with concurrency testing IMO involves using synchronization to deliberately check the results of each potential race going either way. Of course, this is an exponential problem if you really want to be thorough (like some races could be based on thread 1 getting one specific instruction in between two specific instructions in thread 2, or maybe a race involves more than 2 threads, which would make it exponentially grow the exponential problem).
But a trick for print statement debugging race conditions is to keep your message short. Even better if you can just send a dword to some fast logger asynchronously (though be careful to not introduce more race conditions with this!).
This is one of the reasons why concurrency is hard even for those who understand it well.
Personally, I see incompatibility with kernel-level anti-cheat as a feature rather than a limitation.
People can still cheat without involving any software on their PC because the game needs to display something to the user (which can be analyzed by another device, either intercepting the stream before sending it along to the monitor or even by using a camera to grab the pixels from the monitor, if there’s encryption used on the signal to prevent mitm). And it needs to accept input from the user, which another device connected to the device analysing the display can adjust to improve aim, prevent friendly fire, or just auto shoot when you’re pointed at a target. You could even write a full bot using that.
On the other hand, kernel level anti-cheat can be an attack vector to get into your machine in a way that existing malware detection will have a hard time detecting. Kernel modification is the level rootkits work at and an arbitrary code execution flaw could mean your hardware is forever compromised, or at least anything with flashable firmware storage (especially if that firmware also implements the flash capabilities, since it could then add its own code to any new firmware you try to flash).
I just don’t play many multiplayer games these days to avoid the cheating. And if I do get back into multiplayer games, I’ll either do it on a console where I don’t care as much about the kernel getting exploited or I’ll play a game where the servers are managed in a way that cheaters will get banned because an admin can see what they are doing.
It’s interesting to me that they used the English alphabet for the Toyota symbol instead of Japanese. Or is that symbol localised?
The first paragraph or the second one?
Swordfish is the one I was thinking of for the first paragraph. I might check out Big Hero 6 either way because both versions would be fun to see lol.
Or sometimes they think it’s moving 3d shapes on a screen until they fit together, and to show how difficult it is, the entire thing will fall apart during the hacking/programming montage.
Though to be fair, I don’t think the producers of that media think it’s like that. Trying to put actual programming on the screen would probably be boring unless it was just a montage of reactions, starting with an overwhelmed look, followed by confidence or pride, followed by a completely baffled look and wtf expressions, then a “fuck I was stupid when I wrote this yesterday” look, then maybe a bigger wtf and physically acting out frustration, then a eureka look, all followed by a satisfied smile and nodding as the montage music ends and another character says, “I can’t believe it’s finally done and hasn’t crashed in 30 minutes!” Though I bet that would be more entertaining for programmers who can relate to the stages of development and debug than non-programmers.
Manager: spends raise budget on getting high end microscopes for everyone to improve debug productivity
Unless you like improvising with music… But even that can be frustrating because any cool jams I played on my own were long gone before I even had a chance to look around to see if I made it up or was just pulling something from my archives without realizing it.
Plus this event doesn’t rule out the existence of a malicious aspect.
Because the meme wasn’t made by someone with a doctorate in CS or even a bachelor’s.
That’s pretty much what radians are. Well, they combine base pi with whatever base you’re using for the coefficients.
He was an interesting one but not a good one.
So you’re saying that that number keeps going up as I get closer and closer to the actual weekend when I install it as my daily driver?
That’s a part of it. Another part is that it looks for patterns that it can apply in other places, which is how it ends up hallucinating functions that don’t exist and things like that.
Like it can see that English has the verbs add, sort, and climb. And it will see a bunch of code that has functions like add(x, y) and sort( list ) and might conclude that there must also be a climb( thing ) function because that follows the pattern of functions being verb( objects ). It didn’t know what code is or even verbs for that matter. It could generate text explaining them because such explanations are definitely part of its training, but it understands it in the same way a dictionary understands words or an encyclopedia understands the concepts contained within.
Wait does that mean I can only have up to 4 billion games on my client before the game list overflows and I start losing games at the end of the list?