Whole-known-network
<p>3</p><p>Eventually I wrote the “thirteen cases” into https: // usb . org /sites/default/files/usbmassbulk_10.pdf</p><p>"""</p><p>6.7 The Thirteen Cases</p><p>This section describes the thirteen possible cases of host expectations and device intent in the absence of overriding error conditions</p><p>Table 6.1 – Host/Device Data Transfer Matrix graphically displays these thirteen cases</p><p>Important notes about the thirteen cases.</p><p>• Cases (1), (6) and (12) represent the majority of host and device transactions. They indicate those conditions where the host and device agree as to the direction and amount of data to be transferred. These cases are also referred to as “the thin diagonal”</p><p>"""</p><p>=></p>
<p>1</p><p>I shipped a bug in 1994 where all one byte passwords were accepted as equal</p><p>The root cause was a bug in a SCSI chip that substituted a constant for every one byte payload</p><p>We didn’t test the reject-wrong-password case enough</p><p>2</p><p>> We didn’t test the reject-wrong-password case enough</p><p>And they, and we, didn’t test the one-byte payload case enough</p><p>After this bit me once, forever thereafter I paid more attention to misaligned lengths</p><p>=></p>
<p>./ <span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> </p><p>The "thirteen cases" punchline here interests you, as a leading historian of USB Bulk Only Transport (BOT/BBB != CBI)<br />?</p><p>> > > Okta allowing login bypass for any usernames with 52+ characters</p><p>> > I tend to be sympathetic with coders who introduce bugs, having introduced my share. Getting all the edge cases right can be hard.<br />> > <br />> > But every now and then a bug comes along that makes me think "How in the hell could this have possibly happened?"</p><p>> the bcrypt hash function ignores input above a certain length! so if you do bcrypt(username || password) for some reason, a sufficiently long username will make it accept any password<br />><br />> to fix this you can sha256 the input first</p><p>=></p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@film_girl" class="u-url mention">@<span>film_girl</span></a></span> <span class="h-card" translate="no"><a href="https://threads.net/@alexhcranz/" class="u-url mention">@<span>alexhcranz</span></a></span> the website looks awesome.</p>
<p><span class="h-card" translate="no"><a href="https://sfba.social/@steven_aquino" class="u-url mention">@<span>steven_aquino</span></a></span> yes! Like, I understand and appreciate the gesture and actually love that Siri finally has an away to type to it. I just wish it was in a different spot or they had a different number of taps selected that didn’t correspond with what people use to hit period to start a new sentence.</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@film_girl" class="u-url mention">@<span>film_girl</span></a></span> Yeah, the area near that vertical bar is doing a lot of work.</p>
<p><span class="h-card" translate="no"><a href="https://pdx.social/@louie" class="u-url mention">@<span>louie</span></a></span> totally. It’s also possible we could just get another centralized network again that wins out a la Twitter or FB or WhatsApp. And then those will break the cycles will continue. As you say, our own sites are what we can most control.</p>
<p><span class="h-card" translate="no"><a href="https://sfba.social/@steven_aquino" class="u-url mention">@<span>steven_aquino</span></a></span> even for hunt and peckers I question the placement here from an a11y POV because the touch target is very close to the spacebar, especially on iPad. But as someone who is a touch typist on phones, tablets, any QWERTY keyboard, I keep accidentally enabling it. Like make it 3 taps instead of 2? I dunno.</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> <span class="h-card" translate="no"><a href="https://aus.social/@jpm" class="u-url mention">@<span>jpm</span></a></span> except the ones who didn't, but point stands these are incredible men.</p>
