Seriously, it feels like 1999 internet. And I’m loving it!

56K modem handshake sound intensifies

While on the topic, this isn’t how passwords work in systems.

Passwords are stored as one way hashes. So it’s cryptoed only in one direction, it’s lossy, and can’t be recovered back to the original password.

When you log on, your cleartext PW is hashed in ephemeral memory/storage and then the cleartext password is thrown away.

That hash is compared to the hash in the DB. If the hash matches, then you have access. If it doesn’t, then your PW is incorrect.

Oh my sweet Summer Child. This is definitely how it’s supposed to work, but there are plenty of services that just don’t know what the fuck they’re doing.

Have you ever been on a site that has a stupid-low character limit for a password? There’s literally no reason to do that, all the hashes are going to end up the same size in the DB anyway regardless of the original string length. Even bcrypt’s max secret character limit is 70-something characters.

Ever change a password and have it not work on the next login because they’re silently truncating it after a certain character limit? Ever get an email with an actual password in it?

The only reason you would do things like this is if you’re storing/processing passwords in plaintext and not hashing it client-side first.

I can think of 3 offenders of this off the top of my head. It’s a lot more common than you’d think.

hunter2

Wow, what a coincidence, my password is ******* too!

Were told our assignments in high school would get an automatic zero if we didn’t turn them in in cursive, even…

Lots of those in C# now, especially with Unity coming along like it did.

On Error Resume Next never before have more terrible words been spoken.

Every time I’m reading a PowerShell script at work and see -ErrorAction SilentlyContinue I want to scream into a pillow and forcefully revert their commit.

I’ve actually done it a few times, but I want to do it every time.

They really don’t, though. Inclusion/exclusion operators work most of the time, but it’ll still return results with explicitly-excluded keywords. It also fucks up results by returning entries with similar words to your query, even when you double-quote a part of the search term. Advanced queries that use booleans and logical AND/OR don’t work at all anymore, that functionality has been completely removed. It returns what it thinks you want, not what you actually want, even when explicitly crafting a query to be as specific as possible.

I use Kagi for search now and it’s 1000x better, especially when researching technical issues; it’s like when Google actually respected your search terms and query as a whole.

The fact that Firefox isn’t listed as a browser alternative but Brave is throws any credibility that this article might have straight into the garbage.

Suggesting Brave anything throws its credibility into the shitter, much less multiple times in multiple categories.

It has become copypasta, but it is pretty much a direct quote of something Stallman said.

God I love the Cisco Call Manager default hold music and I don’t know why. I don’t mind holding at all when it’s this.

Don’t fuck with me, I know a Dodongo when I see it.

I’m considering switching everything to Debian eventually, but there’s a couple dedicated repos that make using Fedora on my laptop much easier for now.

I’d recommend against that. Debian is fantastic for a server, but I think it leaves a lot to be desired as a workstation OS as compared to Fedora.

You can get it there/make it that way, but Fedora is just better from a user experience/convenience perspective out of the box.

BTW, any authenticator app works when it tells you to use one. They all use a standard, so it doesn’t matter which one you use.

Eh, it’s a little more nuanced than that, there’re more standards for MFA code generation than just TOTP.

And even within the TOTP standard, there are options to adjust the code generation (timing, hash algorithm, # of characters in the generated code, etc.) that not all clients are going to support or will be user-configureable. Blizzard’s Battle.net MFA is a good example of that.

If the code is just your basic 6-digit HMAC/SHA1 30-second code, yeah, odds are almost 100% that your client of choice will support it, but anything other than that I wouldn’t automatically assume that it’s going to work.

really wish Linux would could up something similar.

I mean, it kinda already exists. Just run it in a Docker container and remap the users in the container to non-existent uids/gids on the host.

It’s a motivational button.

This is the first lesson you have to learn as a Linux enthusiast, NEVER run commands you don’t know from the internet

“Nah, just curl this random web address and pipe it over to a sudo bash shell, everything will be fine!”

I hate how this is becoming the official install method for more and more shit. It’s like dude, really? You may as well stick your dick in a garbage disposal, both of those actions are equally safe.

You’re dreaming if you think I’m not going to wget it and read it to see what it does first.

I’m forced to use either Chrome or Edge for my work computer and it drives me crazy.

I’ve been a Sysadmin for a ~decade. I can state with 100% certainty that the reason behind that decision is that you can very easily configure Group Policy to control the behavior and visibility/availability of features in Chrome and Edge. Firefox didn’t have that until just a couple of years ago, and it wasn’t great when it first became available. And to be honest, it’s still not fully baked, but it’s at least usable now from an administrative perspective.

Maybe bring it up to your IT department and include this link in the email/ticket.

I was on reddit before the digg exodus

Man, I remember when that shitshow happened. It was like reddit’s version of Eternal September.

On GitLab, you start from a docker image, so it’s harder to setup some things but easier for others. If you are very good at docker and don’t mind making your own images just for CI purposes, then go ahead.

I think I’d probably consider myself at/near expert-level with Docker, but CI/CD runners instanced in containers just doesn’t work for some of our workloads.

As an example, some of our projects have a bunch of Docker images that get built via their own Dockerfiles in the repo, are ran and discarded during the workflow, and each one is modifying the checked-out source tree in some fashion (NPM stuff, composer, whatever, etc), and then a final prod Docker image is built and tested from that source repo tree that has been modified by the Docker containers built/ran/discarded during the workflow. So in Gitlab, it sounds like we’d be running Docker in Docker for some projects.

You ever ran Docker in Docker? It’s temperamental at the very best and there are a thousand gotchas associated with it, not to mention having to worry about how many variable scopes deep you are and keeping track of that, how to properly bind mount volumes into the nested Docker containers because the method and paths will vary depending on how nested you are, etc. It’s just an absolute nightmare to deal with all-around in that context.

I’ll see if we have some projects I can try out on it, but the majority of ours are like what I described above.

Every regex that I write ends up looking like line noise or the holy tome to summon Chtulu.