Whole-known-network
<p>1</p><p>I shipped a bug in 1994 where all one byte passwords were accepted as equal</p><p>The root cause was a bug in a SCSI chip that substituted a constant for every one byte payload</p><p>We didn’t test the reject-wrong-password case enough</p><p>2</p><p>> We didn’t test the reject-wrong-password case enough</p><p>And they, and we, didn’t test the one-byte payload case enough</p><p>After this bit me once, forever thereafter I paid more attention to misaligned lengths</p><p>=></p>
<p>./ <span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> </p><p>The "thirteen cases" punchline here interests you, as a leading historian of USB Bulk Only Transport (BOT/BBB != CBI)<br />?</p><p>> > > Okta allowing login bypass for any usernames with 52+ characters</p><p>> > I tend to be sympathetic with coders who introduce bugs, having introduced my share. Getting all the edge cases right can be hard.<br />> > <br />> > But every now and then a bug comes along that makes me think "How in the hell could this have possibly happened?"</p><p>> the bcrypt hash function ignores input above a certain length! so if you do bcrypt(username || password) for some reason, a sufficiently long username will make it accept any password<br />><br />> to fix this you can sha256 the input first</p><p>=></p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@film_girl" class="u-url mention">@<span>film_girl</span></a></span> <span class="h-card" translate="no"><a href="https://threads.net/@alexhcranz/" class="u-url mention">@<span>alexhcranz</span></a></span> the website looks awesome.</p>
<p><span class="h-card" translate="no"><a href="https://sfba.social/@steven_aquino" class="u-url mention">@<span>steven_aquino</span></a></span> yes! Like, I understand and appreciate the gesture and actually love that Siri finally has an away to type to it. I just wish it was in a different spot or they had a different number of taps selected that didn’t correspond with what people use to hit period to start a new sentence.</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@film_girl" class="u-url mention">@<span>film_girl</span></a></span> Yeah, the area near that vertical bar is doing a lot of work.</p>
<p><span class="h-card" translate="no"><a href="https://pdx.social/@louie" class="u-url mention">@<span>louie</span></a></span> totally. It’s also possible we could just get another centralized network again that wins out a la Twitter or FB or WhatsApp. And then those will break the cycles will continue. As you say, our own sites are what we can most control.</p>
<p><span class="h-card" translate="no"><a href="https://sfba.social/@steven_aquino" class="u-url mention">@<span>steven_aquino</span></a></span> even for hunt and peckers I question the placement here from an a11y POV because the touch target is very close to the spacebar, especially on iPad. But as someone who is a touch typist on phones, tablets, any QWERTY keyboard, I keep accidentally enabling it. Like make it 3 taps instead of 2? I dunno.</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> <span class="h-card" translate="no"><a href="https://aus.social/@jpm" class="u-url mention">@<span>jpm</span></a></span> except the ones who didn't, but point stands these are incredible men.</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@film_girl" class="u-url mention">@<span>film_girl</span></a></span> As a hunt-and-peck typist due to disability, I envy you fam. 😅</p>