Obvious Things You 0nly Just Realised - 2020

[Sebastian Cobb]

It was 2006, security and being an acceptable person hadn't been invented yet.

Ha, my university dissertation used salted SHA-2 just because that was the style at the time. 10 years later I was still encountering systems that used unsalted MD5 (if a hash ends in '2cf99' it is probably 'password', I have only ever used this to find usable accounts in our development system) and the attitude was 'well the customer isn't going to pay us to change it so just ignore it' until some bright spark discovered this new money-spinning thing called 'infosec' and they realised they could charge customers money to get people to audit their own code and identify all the cut corners due to an institutional process of employing junior devs and promoting them into bad managers as soon as possible.

I remember one legacy production system, for a national utility company used a desktop client that required the Oracle Sql client installed on each workstation. The schema owner and the password was the name of the application. The 'sys' password was probably 'orasys'.

[Dewt]

There are still tutorials out there advising unsalted MD5 hashes. I think the only times this stuff is done correctly in most production systems is that they just let a library handle it all for them anyway.

Not that a high-profile implementation is necessary good. Ever look into Windows password hashes? Not only did they weaken them beyond belief due to dumbness, but they also fucked up so badly that sometimes you can just the hash itself to authenticate.

[Sebastian Cobb]

I don't know much about windows hashes other than on XP you had to make your password over a certain length to get it to hash it properly or something.

I've got a linux vm that has a version of vnc that truncates passwords after 8 characters but given it needs an ssh tunnel and lives in my house I've ignored it.

You're right about libraries, or nowadays identity as a service meaning storing isn't even your problem.

[Dewt]

And people are becoming wise enough that they're phasing out the concept of passwords entirely. There's just no point anymore. Enterprise has better authentication schemes and end-users as a whole are safer with biometrics, email and two-factor.

[Sebastian Cobb]

I suppose it's not strictly a password if it's a long string I don't know but my computer does. Just another factor. Biometrics can fuck off though, especially when they can be forcibly taken from you but you can refuse to give a password (in the us at least).

What irks me is the likes of netflix forcing people out of password managers by making you input a password on things that can't run password managers, like connected tv's, use a pairing code ffs, it's easier to input as well.

[Dewt]

Just another factor. Biometrics can fuck off though, especially when they can be forcibly taken from you but you can refuse to give a password (in the us at least).

That's why you can't use biometrics alone.

What irks me is the likes of netflix forcing people out of password managers by making you input a password on things that can't run password managers, like connected tv's, use a pairing code ffs, it's easier to input as well.

Yep, I have huge contempt for anything that makes me write out a password. It's bad enough on my phone where I can at least copy and paste from a password manager, but a TV or games console is practically abuse.

[Sebastian Cobb]

I think 'practically abuse' is right; and you know a company is getting to big when they stop caring about stuff like this, given it's well within their resources to get right, a small ad supported service could not afford to fuck this up because people would leave instead of logging in.

Also fuck developers and ux designers that allow login forms that confuse password managers.

[Dewt]

Yes, I am not happy if a password has to go into the form via my fucking clipboard.

[touchingcloth]

Imperial units. The units of empire.

[touchingcloth]

I think 'practically abuse' is right; and you know a company is getting to big when they stop caring about stuff like this, given it's well within their resources to get right, a small ad supported service could not afford to fuck this up because people would leave instead of logging in.

Also fuck developers and ux designers that allow login forms that confuse password managers.

We provide our un-APIable clients with IFrames using our domain, so for any end customers using multiple clients' sites in-browser password managers become unusable. But fuck people who can't hire a web dev who can API.

[petril]

Imperial units. The units of empire.

the units of leather

[Icehaven]

Ugly Kid Joe's "Cats in the Cradle" is a cover. They were even more talentless than I remember.

[Cerys]

They're still around, I think.  So nyer.

[Hand Solo]

Ugly Kid Joe's "Cats in the Cradle" is a cover. They were even more talentless than I remember.

Did you know their name is a play on Pretty Boy Floyd?

[pigamus]

When there's an election they don't put boards with the candidate's names on all the lampposts any more. When did that stop being a thing?

[NoSleep]

Probably at some point when they changed all the lampposts (possibly several times that's happened over the years). Possibly nothing to hang them on anymore. Don't actually clearly remember what you're talking about.

[Sebastian Cobb]

When there's an election they don't put boards with the candidate's names on all the lampposts any more. When did that stop being a thing?

Where I grew up was a barrat estate behind a park and the front row of houses overlooked it with big lounge windows. Every time there was an election one house filled the window with a big stick on Conservative transfer and another a few doors down did the same with Labour. I think it must've been paid for. The lady in the conservative house was basically Margot from the good life. And next door were a slightly more scruffy family who kept pet chinchillas.

[petril]

When there's an election they don't put boards with the candidate's names on all the lampposts any more. When did that stop being a thing?

probably stops a well deserved spate of complaints to the candidates afterwards about their littering. if they put them up they should be out to get them back down within a couple of days, the louts

[Jockice]

Where I grew up was a barrat estate behind a park and the front row of houses overlooked it with big lounge windows. Every time there was an election one house filled the window with a big stick on Conservative transfer and another a few doors down did the same with Labour. I think it must've been paid for. The lady in the conservative house was basically Margot from the good life. And next door were a slightly more scruffy family who kept pet chinchillas.

My best mate at secondary school's parents used to put a Vote Conservative poster on their lounge window when there were elections on. There weren't many of them in Sheffield, although we did live in the city's only Tory constituency at the time, but most people who voted for them didn't tend to advertise it until you got into the posh areas that we weren't in. The parents were southerners though, so probably didn't understand. Apart from their views, which I never discussed with them (although I somehow don't think their kids shared the same ones) they were a lovely couple. And they got on surprisingly well with my old-style socialist parents.

[pigamus]

Probably at some point when they changed all the lampposts (possibly several times that's happened over the years). Possibly nothing to hang them on anymore. Don't actually clearly remember what you're talking about.

[DrGreggles]

Dion Dublin presents Homes Under The Hammer

[Replies From View]

I do like how Ahmadul Haque's name (Ahmadul Haque) is so obviously a sticker pasted over whoever it was before.

Casts some doubt over whether Adrian Bailey is meant to still be on the sign beneath it.

[pigamus]

probably stops a well deserved spate of complaints to the candidates afterwards about their littering. if they put them up they should be out to get them back down within a couple of days, the louts

Ah, it seems you're right. Apparently we banned them in Birmingham in 2007.

https://www.birminghammail.co.uk/news/local-news/ban-on-street-election-posters-36683

[NoSleep]

Maybe it was a Midlands thing, as that photo is from Sandwell, too.

[Sebastian Cobb]

probably stops a well deserved spate of complaints to the candidates afterwards about their littering. if they put them up they should be out to get them back down within a couple of days, the louts

In the last election I vaguely remember someone saying they had to shout 'OIII' at a Lib Dem canvasser trying to tie-wrap a sign to their balcony without asking permission. I think the LD might've even got precious about being told to piss off.

[pigamus]

Maybe it was a Midlands thing, as that photo is from Sandwell, too.

Apparently not.

https://www.theguardian.com/uk/scotland-blog/2012/sep/11/scotland-elections-lampposts

[gib]

I do like how Ahmadul Haque's name (Ahmadul Haque) is so obviously a sticker pasted over whoever it was before.

Casts some doubt over whether Adrian Bailey is meant to still be on the sign beneath it.

council election innit, often more than one candidate per party

[machotrouts]

Apparently not.

https://www.theguardian.com/uk/scotland-blog/2012/sep/11/scotland-elections-lampposts

I grew up in Edinburgh and remember, when I was a child, must have been around 2001 or so, seeing a poster that just said "Labour" and nothing else – perhaps with a little picture of a rose or something – on a lamppost outside school, and being really confused by it. I think I vaguely knew what Labour was – one of those important-to-grown-ups politics things that I don't need to understand yet, like the difference between Unleaded, Diesel, and Four Star – but couldn't figure out why an advert would contain no information about the thing it was supposedly advertising. Just "Labour"? Why is the word "Labour" supposed to make you vote for Labour? What kind of idiot sees a poster that just says "Labour" and thinks "oh, that's brilliant – better vote for Labour"? Grown-ups are so dumb.

[Sebastian Cobb]

I grew up in Edinburgh and remember, when I was a child, must have been around 2001 or so, seeing a poster that just said "Labour" and nothing else – perhaps with a little picture of a rose or something – on a lamppost outside school, and being really confused by it. I think I vaguely knew what Labour was – one of those important-to-grown-ups politics things that I don't need to understand yet, like the difference between Unleaded, Diesel, and Four Star – but couldn't figure out why an advert would contain no information about the thing it was supposedly advertising. Just "Labour"? Why is the word "Labour" supposed to make you vote for Labour? What kind of idiot sees a poster that just says "Labour" and thinks "oh, that's brilliant – better vote for Labour"? Grown-ups are so dumb.

I used to have a similar bit of confusion about old Ladbrokes' shops, when you couldn't see in to them and there were plain motifs of a football flying across the shop front with their trademark orange and red streak. What went on was all more 'behind closed doors' operations back then that adults didn't seem to want to explain. Like a less sordid version of a locally tolerated "massage parlour".

[Jockice]

Josie Long isn't Josie Lawrence.