Look, we all intuitively get that it's a bad idea and it is definitely funny. But honestly is it helping to make fun of the poor user rather than educate them as to why their password is on the list and the importance of secure password practices?
The security community I grew up with was welcoming and understanding, and it sparked an interest I never would have realized otherwise.
> But honestly is it helping to make fun of the poor user rather than educate them as to why their password is on the list and the importance of secure password practices?
I am not sure the issue poster really uses that password...
The user has a large number of GitHub commits and the technical knowledge needed to create a pull request probably exceeds the knowledge needed to know why this doesn't work...
I feel comfortable assuming the original PR is a joke.
> the technical knowledge needed to create a pull request probably exceeds the knowledge needed to know why this doesn't work...
The plural of anecdote is not data, but I have first hand experience with someone who can make a pull request but doesn't understand password best practices at all.
Granted it might be because I taught them to make pull requests, but still...
I know people who wrote code for their thesis in Python but can't grasp why indentation matters. You'd be surprised by what people do and don't know.
It doesn't make a whole ton of sense because you'd still need to know when to un-indent in order to get out of a conditional block. IDEs can't read your mind.
I had an answer typed up, but it felt like picking on them rather than explaining the issue. Text is hard.
After submitting changes that started 10 indents past the previous line, and had little to no rhyme or reason for subsequent indentation, we asked them to reformat and resubmit. When it became clear that they could not, we reviewed the code itself separately from the indentation and reformatted it ourselves.
Multiple co-workers sat next to them to try to explain how to line things up vertically, but they were unable to do so without said help.
This was over the course of about two weeks in which we were instructed to try to bring them onboard some of our projects. Both our and their projects at the time were frontend web projects.
I have not looked at any of their code outside what was submitted to our side, but I do know they are praised for the quality of their work by management.
Actually, I used VIM on Windows while editing the files. My VIM is set with fixendofline or something. The files with the extra line ending change did not have \r\n at the end, so my VIM added it. I usually prefer to the have the extra line ending at the end of every file, so I kept the change in the PR.
> Granted it might be because I taught them to make pull requests, but still...
You can make these sorts of trivial changes just by clicking around the GitHub web UI, I could probably tell a 12 year old how to make a trivial change like this, regardless of their coding expertise https://help.github.com/articles/editing-files-in-your-repos...
I've worked with a programmer on a project who could not do basic algebra (4x + 1 = 5, solve for x), and would outsource any math to stackoverflow to get answers in his specific language. Those answers were usually incorrect because he didn't know how to phrase his questions correctly.
That was horrifying to realize that the person writing the front end for an ecommerce application not only could not calculate tax, but would brag about how he doesn't need to know basic math.
As further evidence that the assafnativ probably understands trolling, it's worth mentioning that he wrote the article The Making of the Kosher Phone [0]. So he knows how to troll Orthodox Jews if nothing else.
Whenever you type that, all I see is "1-7-3-4-6-7-3-2-1-4-7-6-Charlie-3-2-7-8-9-7-7-7-6-4-3-Tango-7-3-2-Victor-7-3-1-1-7-8-8-8-7-3-2-4-7-6-7-8-9-7-6-4-3-7-6
I can't see this without claiming the nerd cred of being the first to identify it as the password Data uses to lock out the computer in the ST:TNG episode "Brothers".
For extra credit, I will point out (which you may not know EGreg?) that the password he speaks verbally, and the password that appears on the display visually, are NOT the same and differ by a few digits near the end, a small mistake in production.
I don't know how safe it is to enter my password into a site I've never heard of before... Not that I'm accusing them of it, but this is the perfect setup for a phishing scam.
So, they want the password off the list, instead of changing it to something (much much much) more secure? Some variant of "battery horse staple and correct", right?
I'm going to let this one slide, because most of us are not working today for various reasons, but I must note, I've never seen this side of GitHub. I probably spend too much time cloistered in work projects to notice.
Your snark is noted. However, unlike those that come here to delay their day's tasks, I come here to learn and be exposed to new things. As such, humor has never been a quality I seek from HN, and it detracts from the point of being here, for me.
Heyyy, it's that guy who looks down on those of us who don't use our real names!
I remember because you showed a similarly poor attitude in another thread. That attitude was so out of line with what I expect from HN that your username was seared in my mind :)
Why can't we seek to learn and have a laugh now and then as well?
Your profile also says "Commentors with novelty usernames should not expect responses.". What if someone with a novelty username teaches you something and you have a question to further your learning. You won't respond?
An error occurred during a connection to mostsecure.pw. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG
Just me? Is this just too secure™ for Firefox' liking?
I'm not really a security expert, but wouldn't it be harder for hacker to notice the hack if you leave it and wisely change the first letter to upper/lower case?
75 comments
[ 4.1 ms ] story [ 150 ms ] threadThe security community I grew up with was welcoming and understanding, and it sparked an interest I never would have realized otherwise.
I am not sure the issue poster really uses that password...
https://github.com/danielmiessler/SecLists/pull/155#issuecom...
I feel comfortable assuming the original PR is a joke.
The plural of anecdote is not data, but I have first hand experience with someone who can make a pull request but doesn't understand password best practices at all.
Granted it might be because I taught them to make pull requests, but still...
I know people who wrote code for their thesis in Python but can't grasp why indentation matters. You'd be surprised by what people do and don't know.
How can one write code (that runs!) for one's thesis without paying attention to Python's semantically significant whitespace?
After submitting changes that started 10 indents past the previous line, and had little to no rhyme or reason for subsequent indentation, we asked them to reformat and resubmit. When it became clear that they could not, we reviewed the code itself separately from the indentation and reformatted it ourselves.
Multiple co-workers sat next to them to try to explain how to line things up vertically, but they were unable to do so without said help.
This was over the course of about two weeks in which we were instructed to try to bring them onboard some of our projects. Both our and their projects at the time were frontend web projects.
I have not looked at any of their code outside what was submitted to our side, but I do know they are praised for the quality of their work by management.
I expect it was, as the other commenter said, probably via an IDE like PyCharm. I never asked because there's no good way to ask a question like that.
But that's my point, people's knowledge is all over the place. It's probably a joke, but it could easily not be.
By fiddling around with different indentations levels till the code works.
So much code out there is written this way.
Kind of gives a new meaning to 'iterating' on one's code doesn't it?
You can make these sorts of trivial changes just by clicking around the GitHub web UI, I could probably tell a 12 year old how to make a trivial change like this, regardless of their coding expertise https://help.github.com/articles/editing-files-in-your-repos...
That was horrifying to realize that the person writing the front end for an ecommerce application not only could not calculate tax, but would brag about how he doesn't need to know basic math.
[0]: http://blog.assafnativ.com/2014/03/the-making-of-kosher-phon...
lol
hunter2
(4 matches)
I love a good in-joke.
Spoilers: http://bash.org/?244321
Here, check mine:
What does that show up as?For extra credit, I will point out (which you may not know EGreg?) that the password he speaks verbally, and the password that appears on the display visually, are NOT the same and differ by a few digits near the end, a small mistake in production.
The code on the screen (in upper case letters) 17346721476C3278977763T732V731171888732476789764376
Source: https://www.youtube.com/watch?v=rAUVUUhf7U0
Some people just don't have a sense of humor.
Thanks for your benevolence.
I remember because you showed a similarly poor attitude in another thread. That attitude was so out of line with what I expect from HN that your username was seared in my mind :)
Your profile also says "Commentors with novelty usernames should not expect responses.". What if someone with a novelty username teaches you something and you have a question to further your learning. You won't respond?
[Disclaimer seeing as the original joke was missed by many - this site link is totally tongue in cheek too. DON'T use the suggested password]
[0] - https://mostsecure.pw/
An error occurred during a connection to mostsecure.pw. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG
Just me? Is this just too secure™ for Firefox' liking?
What if, instead of a password, the text to be censored is:
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
(That's a code that can be used to crack Blu-Ray discs).
Further reading: https://en.wikipedia.org/wiki/AACS_encryption_key_controvers...
https://en.wikipedia.org/wiki/Digital_rights_management#Oppo...
https://www.eff.org/issues/drm