75 comments

[ 4.1 ms ] story [ 150 ms ] thread
Look, we all intuitively get that it's a bad idea and it is definitely funny. But honestly is it helping to make fun of the poor user rather than educate them as to why their password is on the list and the importance of secure password practices?

The security community I grew up with was welcoming and understanding, and it sparked an interest I never would have realized otherwise.

> But honestly is it helping to make fun of the poor user rather than educate them as to why their password is on the list and the importance of secure password practices?

I am not sure the issue poster really uses that password...

The user has a large number of GitHub commits and the technical knowledge needed to create a pull request probably exceeds the knowledge needed to know why this doesn't work...

I feel comfortable assuming the original PR is a joke.

> the technical knowledge needed to create a pull request probably exceeds the knowledge needed to know why this doesn't work...

The plural of anecdote is not data, but I have first hand experience with someone who can make a pull request but doesn't understand password best practices at all.

Granted it might be because I taught them to make pull requests, but still...

I know people who wrote code for their thesis in Python but can't grasp why indentation matters. You'd be surprised by what people do and don't know.

> I know people who wrote code for their thesis in Python but can't grasp why indentation matters.

How can one write code (that runs!) for one's thesis without paying attention to Python's semantically significant whitespace?

Perhaps an IDE/editor that autoformats python code?
I am now more than a little embarrassed that this didn't even occur to me...
It doesn't make a whole ton of sense because you'd still need to know when to un-indent in order to get out of a conditional block. IDEs can't read your mind.
I've never asked the details, I just know that they used Python before but couldn't cope with indentation when I worked with them on code.
How did they fail to cope with it?
I had an answer typed up, but it felt like picking on them rather than explaining the issue. Text is hard.

After submitting changes that started 10 indents past the previous line, and had little to no rhyme or reason for subsequent indentation, we asked them to reformat and resubmit. When it became clear that they could not, we reviewed the code itself separately from the indentation and reformatted it ourselves.

Multiple co-workers sat next to them to try to explain how to line things up vertically, but they were unable to do so without said help.

This was over the course of about two weeks in which we were instructed to try to bring them onboard some of our projects. Both our and their projects at the time were frontend web projects.

I have not looked at any of their code outside what was submitted to our side, but I do know they are praised for the quality of their work by management.

That's what they want you to think.
But they can auto-format copy-pasted code from Stack Overflow.
Actually, I used VIM on Windows while editing the files. My VIM is set with fixendofline or something. The files with the extra line ending change did not have \r\n at the end, so my VIM added it. I usually prefer to the have the extra line ending at the end of every file, so I kept the change in the PR.
That's exactly my point.

I expect it was, as the other commenter said, probably via an IDE like PyCharm. I never asked because there's no good way to ask a question like that.

But that's my point, people's knowledge is all over the place. It's probably a joke, but it could easily not be.

> How can one write code (that runs!) for one's thesis without paying attention to Python's semantically significant whitespace?

By fiddling around with different indentations levels till the code works.

So much code out there is written this way.

Kind of gives a new meaning to 'iterating' on one's code doesn't it?

> Granted it might be because I taught them to make pull requests, but still...

You can make these sorts of trivial changes just by clicking around the GitHub web UI, I could probably tell a 12 year old how to make a trivial change like this, regardless of their coding expertise https://help.github.com/articles/editing-files-in-your-repos...

I've worked with a programmer on a project who could not do basic algebra (4x + 1 = 5, solve for x), and would outsource any math to stackoverflow to get answers in his specific language. Those answers were usually incorrect because he didn't know how to phrase his questions correctly.

That was horrifying to realize that the person writing the front end for an ecommerce application not only could not calculate tax, but would brag about how he doesn't need to know basic math.

> The security community I grew up with was welcoming and understanding

lol

Ctrl + F

hunter2

(4 matches)

I love a good in-joke.

Spoilers: http://bash.org/?244321

What did you search for? When you type hunter2 all I see are stars.
(comment deleted)
Copied the stars and then pasted that into CTRL-F
Fun fact: You have to escape the stars for them to show up on IRC. Otherwise people see their password!
Does it work for usernames?

Here, check mine:

    8ftpenissurvivor
What does that show up as?
(comment deleted)
Wouldn't searching for * * * * * * * yield more than 4 matches?
Whenever you type that, all I see is "1-7-3-4-6-7-3-2-1-4-7-6-Charlie-3-2-7-8-9-7-7-7-6-4-3-Tango-7-3-2-Victor-7-3-1-1-7-8-8-8-7-3-2-4-7-6-7-8-9-7-6-4-3-7-6
I can't see this without claiming the nerd cred of being the first to identify it as the password Data uses to lock out the computer in the ST:TNG episode "Brothers".

For extra credit, I will point out (which you may not know EGreg?) that the password he speaks verbally, and the password that appears on the display visually, are NOT the same and differ by a few digits near the end, a small mistake in production.

Is it someone's fiction?
This is hysterical, I love that tech has their own way of humor.
They should have checked their password with https://inutile.club/estatis/password-security-checker/ . It correctly identifies both “hunter2” and “dolphins” as unsafe.
That's a very good resource. I typed in gibberish to make sure it was what I hoped it was.
I don't know how safe it is to enter my password into a site I've never heard of before... Not that I'm accusing them of it, but this is the perfect setup for a phishing scam.
(comment deleted)
So, they want the password off the list, instead of changing it to something (much much much) more secure? Some variant of "battery horse staple and correct", right?
I'm going to let this one slide, because most of us are not working today for various reasons, but I must note, I've never seen this side of GitHub. I probably spend too much time cloistered in work projects to notice.
> I'm going to let this one slide

Thanks for your benevolence.

Your snark is noted. However, unlike those that come here to delay their day's tasks, I come here to learn and be exposed to new things. As such, humor has never been a quality I seek from HN, and it detracts from the point of being here, for me.
Heyyy, it's that guy who looks down on those of us who don't use our real names!

I remember because you showed a similarly poor attitude in another thread. That attitude was so out of line with what I expect from HN that your username was seared in my mind :)

I think most people like to learn and have a good time at the same time.
Why can't we seek to learn and have a laugh now and then as well?
Why can't we seek to learn and have a laugh now and then as well?

Your profile also says "Commentors with novelty usernames should not expect responses.". What if someone with a novelty username teaches you something and you have a question to further your learning. You won't respond?

I don't know what to think, he knows how to make a PR but doesn't get this simple thing... :)
He is trolling.. but I guess you are meta-trolling..
Thanks for this. I went ahead and created a merge request to remove my passwords too. /s
My address is listed in the phone book as well. Is there anyway I can get that removed? :P
(comment deleted)
Country?
Oh, it was a joke. Guess the topic of this was meant to be serious, ha. I even got downvoted.
One has to suffer for one's art
That comment thread was gold, if only for the link to the most secure password in the world site... [0]

[Disclaimer seeing as the original joke was missed by many - this site link is totally tongue in cheek too. DON'T use the suggested password]

[0] - https://mostsecure.pw/

Secure Connection Failed

An error occurred during a connection to mostsecure.pw. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

Just me? Is this just too secure™ for Firefox' liking?

It's just you. It worked fine for me in Firefox.
I'm not really a security expert, but wouldn't it be harder for hacker to notice the hack if you leave it and wisely change the first letter to upper/lower case?
Can someone please explain. I don't understand.