|
Awesome!
|
|
|
|
|
(Finally - Randall seems to be getting later and later, wonder what is keeping him busy... )
xkcd: Life Goals[^]
The last one is the most relevant ... and I can relate to that ...
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
Do you really think that a Muzquizopterix ever met and fought against an Archaeopterix?
The language is JavaScript. that of Mordor, which I will not utter here
This is Javascript. If you put big wheels and a racing stripe on a golf cart, it's still a f***ing golf cart.
"I don't know, extraterrestrial?"
"You mean like from space?"
"No, from Canada."
If software development were a circus, we would all be the clowns.
|
|
|
|
|
No, but I do believe that Asterix fought Obelix, while Vercingetorix looked on...
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
Both were at Alesia? And they fought against each other while not only Vercingetorix, but also Cesar and his Romans watched?
I doubt that. Obelix does not run out of steam and would have mopped up the Romans for dessert. If he had been there, we would have to change the history books.
The language is JavaScript. that of Mordor, which I will not utter here
This is Javascript. If you put big wheels and a racing stripe on a golf cart, it's still a f***ing golf cart.
"I don't know, extraterrestrial?"
"You mean like from space?"
"No, from Canada."
If software development were a circus, we would all be the clowns.
|
|
|
|
|
Alesia was before Getafix had first brewed the potion, or Caesar and his legions would have lost there as well.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
Correct, and what potion did Obelix fall into as a kid? And was was Alesia the last chance to meet Vecingetorix before Julius ... retired him?
The language is JavaScript. that of Mordor, which I will not utter here
This is Javascript. If you put big wheels and a racing stripe on a golf cart, it's still a f***ing golf cart.
"I don't know, extraterrestrial?"
"You mean like from space?"
"No, from Canada."
If software development were a circus, we would all be the clowns.
|
|
|
|
|
Whatever it is, let's hope it's not the c-word again.
|
|
|
|
|
It is: CPLUSPLUS!!!
The language is JavaScript. that of Mordor, which I will not utter here
This is Javascript. If you put big wheels and a racing stripe on a golf cart, it's still a f***ing golf cart.
"I don't know, extraterrestrial?"
"You mean like from space?"
"No, from Canada."
If software development were a circus, we would all be the clowns.
|
|
|
|
|
OriginalGriff wrote: Randall seems to be getting later and later, wonder what is keeping him busy. Probably those Scrabble games...
It was broke, so I fixed it.
|
|
|
|
|
I was signing up to a website yesterday only to find that they had disabled pasting into the password and confirm password fields.
Not only that, but having completed the painful process of registering (they had also disabled auto-complete) I found that they also don't allow pasting into the username/password boxes at login time.
Personally I fail to see how any of this achieves anything beyond:
1) Making their website a complete pain in the bottom.
2) Encouraging people to use short and memorable passwords - which is surely not a good idea on a site that handles money.
Is there something that I'm missing here or is it simply a case of a dev team making some really, really bad UX decisions?
|
|
|
|
|
I encountered that a couple of months ago on a major bank website. The irony was that the PW set fields allowed it, so I dumped a random KeePass-generated PW in and then had to manually enter that bastard when I wanted to log in. Fortunately I figured out pretty fast that Chrome would override that with ctrl-v.
I can only think that some fool assumes that hackers would use their web interface to attempt to brute-force accounts rather than something they would actually do, like edited packet replays.
"There are three kinds of lies: lies, damned lies and statistics."
- Benjamin Disraeli
|
|
|
|
|
Psht! Would you please leave those code monkeys in their belief that a little JavaScript on some controls can aktually keep us from doing something!
The language is JavaScript. that of Mordor, which I will not utter here
This is Javascript. If you put big wheels and a racing stripe on a golf cart, it's still a f***ing golf cart.
"I don't know, extraterrestrial?"
"You mean like from space?"
"No, from Canada."
If software development were a circus, we would all be the clowns.
|
|
|
|
|
Nathan Minier wrote: I can only think that some fool assumes that hackers would use their web interface to attempt to brute-force accounts
I was recently on a gov't web site (related to student loans) which also blocked the paste field.
It is so annoying and actually shows that the person who created the thing doesn't understand how password hacks are done.
So, again, these sites actually punish you for having a more complex (and longer) password which is very difficult to type.
|
|
|
|
|
There is no point to have a Confirm password box if you can copy and paste the main password box... as an error in the first one would be duplicated in the second one.
The purpose of the Confirm box is to ensure that you are able to write the same thing twice which is really a good thing as if you are not able to do that when you register, then how hard would it be to type the password when you login the next time?
Philippe Mori
|
|
|
|
|
|
Well, at least it should not be possible to copy or cut a password...
Only pasting them might be a good compromise for those who trust passwords managers...
That way, you have the main advantage of making harder to users to manually copy one field to another while filling the form (those preventing mistyping to be permanent) while allowing pasting from other sources...
Philippe Mori
|
|
|
|
|
Consider also, typing your password on your phone or device. It's quite terrible to have to do it if yo have a long / complex password. I believe apps and sites should allow paste always. Doing otherwise encourages users to use easy-to-type passwords which are most likely weak.
|
|
|
|
|
Your logic (and in fact the whole way you go about thinking about these things) is flawed. The purpose of a confirmation box is to help assure that the user's action matches their intent. For users who enter passwords manually (which is the vast majority), the confirmation box achieves its purpose, regardless of whether paste is enabled. For users who enter via copy/paste, the confirmation box serves little purpose, but disabling paste increases user error for no good reason. The only thing that actually makes sense is to disable copying of the password box, so that any pasting would have to come from some other source, as a password manager.
You have two basic errors here: 1) instead of analyzing cases for whether confirmation boxes are useful when paste is allowed, you identify a case in which it isn't and then wildly generalize, saying that they aren't helpful at all. 2) Rather than considering what the purpose of a confirmation box is, you only attend to its effect -- forcing people to type something twice -- and note that allowing paste potentially removes that effect ... quite overlooking the fact that, for passwords copied from another source such as a password manager, the confirmation box isn't necessary for its intended purpose (and disabling paste even acts against that purpose).
modified 25-Oct-16 19:36pm.
|
|
|
|
|
Well, say that you find a password.txt file on someone else computer and it has about 10 passwords in it... It is not hard to imagine that some peoples might be tempted to try to copy and paste those passwords in some site...
Thus, there are way that improve security for computer power users that are not real hacker or not even programmers...
Philippe Mori
|
|
|
|
|
If you find my passwords file, you won't be able to decrypt it even if you know the password.
You would also need the RSA key which is stored on my server away from the keepass database.
Good luck!
|
|
|
|
|
That does nothing, as said user could simply type those passwords. When you base the linchpin of your AAA mechanism on user carelessness, you are coding to fail.
This approach benefits no one, especially those of us who care enough about protecting credentials to use password management systems.
"There are three kinds of lies: lies, damned lies and statistics."
- Benjamin Disraeli
|
|
|
|
|
Philippe Mori wrote: say that you find a password.txt file on someone else computer and it has about 10 passwords in it... It is not hard to imagine that some peoples might be tempted to try to copy and paste those passwords in some site... Or they may even type them in.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
|
PeejayAdams wrote: Is there something that I'm missing here or is it simply a case of a dev team making some really, really bad UX decisions? They probably wanted to avoid looking 'careless' and went overboard with being 'correct'.
Requiring the password to be entered and repeated manually can avoid (a little) trouble by making certain that the user was actually able to type the the password twice without error. Also, as I only rarely register at some sites at all, it might be the perfect method to mske me think again about registering.
The language is JavaScript. that of Mordor, which I will not utter here
This is Javascript. If you put big wheels and a racing stripe on a golf cart, it's still a f***ing golf cart.
"I don't know, extraterrestrial?"
"You mean like from space?"
"No, from Canada."
If software development were a circus, we would all be the clowns.
|
|
|
|