I’m in this comment and I don’t like it.
I just finished up a ~700 line PowerShell script to send input/keep a login session from timing out due to inactivity, and prior to that was a Python script to format LetsEncrypt SSL certs in a way haproxy likes + an accompanying Bash script to make sure those certs are correct, check in the current good haproxy config to a git repo, and then restart it if there are new certs.
The only thing that I know is that I know nothing.
Before I replace it with something that won’t catastrophically collapse when the wind blows the wrong way, I get some sort of sick satisfaction out of doing autopsies on the house-built-of-matchsticks “solutions” that users come up with and I don’t know why. Some of them are truly fascinating and make you wonder how someone could possibly arrive at that conclusion based on what they were actually try to achieve.
It’s also why if I’m asked to implement something, my first question isn’t “When does this need to be done?,” it’s “What exactly is the problem you’re trying to solve?”
What a user asks for and what they actually need very rarely intersect.
While on the topic, this isn’t how passwords work in systems.
Passwords are stored as one way hashes. So it’s cryptoed only in one direction, it’s lossy, and can’t be recovered back to the original password.
When you log on, your cleartext PW is hashed in ephemeral memory/storage and then the cleartext password is thrown away.
That hash is compared to the hash in the DB. If the hash matches, then you have access. If it doesn’t, then your PW is incorrect.
Oh my sweet Summer Child. This is definitely how it’s supposed to work, but there are plenty of services that just don’t know what the fuck they’re doing.
Have you ever been on a site that has a stupid-low character limit for a password? There’s literally no reason to do that, all the hashes are going to end up the same size in the DB anyway regardless of the original string length. Even bcrypt’s max secret character limit is 70-something characters.
Ever change a password and have it not work on the next login because they’re silently truncating it after a certain character limit? Ever get an email with an actual password in it?
The only reason you would do things like this is if you’re storing/processing passwords in plaintext and not hashing it client-side first.
I can think of 3 offenders of this off the top of my head. It’s a lot more common than you’d think.
hunter2
Wow, what a coincidence, my password is ******* too!
It’s likely because they use it as the primary/unique identifier for the account, which is just dumb. It’s like they’ve never heard of a UUID/GUID before.
CBOE will create options for it pretty soon after IPO, probably that week or the next. You’ll definitely be able to buy puts on it before you’ll be allowed to short sell it.
The fact they can legally charge a subscription for a fitted feature that does not pose any continuous cost for the company is insane
It’s called “Rent-Seeking Behavior” and it has infected essentially every single fucking millimeter of the market.
You’ll own nothing and you’ll fucking like it.
Does liber office make .docx files and export to pdf?
It does. It’s fine as a replacement for Word, but no one has an answer for Excel. LibreOffice Calc is fine for a basic spreadsheet, but Excel is in a completely different universe than Calc with anything beyond that.
To be fair though, Excel is in a completely different universe than literally any other competing product.
Don’t fuck with me, I know a Dodongo when I see it.
and pushed the staff turnover rate in my department to 95%. They ended up having to outsource the function to an overseas firm.
Sounds like their reason behind implementing the RTO plan was successful then.
A times B times C equals X… I am jacks something something something
Narrator: A new car built by my company leaves somewhere traveling at 60 mph. The rear differential locks up. The car crashes and burns with everyone trapped inside. Now, should we initiate a recall? Take the number of vehicles in the field, A, multiply by the probable rate of failure, B, multiply by the average out-of-court settlement, C. A times B times C equals X. If X is less than the cost of a recall, we don’t do one.
Woman on Plane: Are there a lot of these kinds of accidents?
Narrator: You wouldn’t believe.
Woman on Plane: Which car company do you work for?
Narrator: A major one.
Because Firefox honestly used to be shit, especially in the early Phoenix/Firebird days, but now it isn’t anymore, and they just haven’t bothered to check it out again. The “killing all the existing extensions” thing really didn’t help matters either.
Lmfao. Bro edge is chromium my guy. You just switched from one skin to another is all. It’s all the same under the hood🤣
They are definitely not all the same, and Vivaldi is a fantastic example of that. Just because it’s Chromium-based doesn’t mean it’s chock full of bullshit and a Chrome reskin, it just means that it most likely is. Vivaldi definitely isn’t.
They created Back Orifice which was a great parody of MS’s Back Office.
Man, I had a lot of fun with that and Sub7 back in the day.
I mean, hypothetically speaking depending on statute of limitations.
I wonder when there will be a Windows client for KDE Connect.
Is OpenVPN not just SSL traffic?
It’s not, it’s an IPSec VPN by default which runs over UDP. You can run it via TCP and it operates over the same port as HTTPS (443), but it’s not the same protocol and can be differentiated that way.
A way around this would be to run an SSLVPN with a landing page where you log in instead of using an IPSec VPN or a dedicated SSLVPN client.
Another way around it would be to create a reverse SSH tunnel on a VM/VPC in another country/state and send all your traffic through that.
Hearing a song that you’ve downloaded playing on the radio, surprised it didn’t skip in that one spot
To this day my brain still jams in neutral when I don’t hear a skip at the end of Guerilla Radio the last time Zach says “now”
I mean that is the problem of too many people being on that one instance.
From what I understand, capacity isn’t the issue, it’s that they’re being repeatedly DDoS’ed
the smegma pot.
That phrase evokes quite the image.
Sorry, I missed this comment. I actually love doing that kind of shit, I get some sort of weird pleasure out of fixing chaotic stuff like that. That tends to be my role almost all the time; I’ll come in, stay a few years, fix everything and get bored, and then move on somewhere else to do it again.
My current job is the only place that I haven’t done that, because it’s probably the best company that I’ve ever worked for.