Editing 1700: New Bug
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 8: | Line 8: | ||
==Explanation== | ==Explanation== | ||
− | + | {{incomplete|How does salting with emoji fix the unicode-handling bug in the URL request library? Does it really?}} | |
− | Cueball | + | [[Cueball]] asks if an off-panel character can look at his bug report. The person asks if it's a "normal one" and not a "horrifying" one which "proves that the whole project is broken beyond repair and should be burnt to the ground". This implies that there have been reports of the "horrifying" variety in the past. |
− | + | Cueball promises that it is a normal one but it turns out that the server crashes when a user's password is a resolvable URL, which implies that the server is in some way attempting to resolve passwords as if they were URLs. A resolvable URL is one that is syntactically correct and refers to a find-able and accessible resource on the internet (i.e. does not return a {{w|HTTP_404|404 error}} or equivalent when resolved). This can be because it contains a {{w|Fully_qualified_domain_name|fully qualified domain name}} or a valid ip address, and optionally (in either case) a resource that exists on the destination server. | |
− | + | Also, Cueball specifically states that the server is crashing, rather than his application. While this could be an example of misused terminology on the part of Cueball or Randall, given Cueball's history his choice of terms is probably accurate. In the context of web services the server refers to either the computer itself or the program that responds to web requests and executes the user's (i.e. Cueball's) application. Cueball would be in charge of building the application. The importance of this distinction is that a typical system has safe guards in place at many levels to prevent a misbehaving application from crashing anything other than itself. So for his application to crash the server (either the computer itself or the server software hosting his application) would require his application to be operating in a way far outside of the norm. Alternatively, the project might include its own server software without the safeguards. | |
− | + | While there appears to be little reason for the code that processes passwords to attempt to resolve the input string as a URL, then a common function in password programs is the functionality of accessing the strength of a password, using heuristic combinations of uniqueness, length and dictionary lookups for common words -- this password function have extended the dictionary lookups to the used of {{w|DNS}} names and URLs, so people choosing the password "XKCD.com" would be given a low strength score, even that no part of it is a dictionary word and it contain both upper, lower case and special characters. However, accessing the internet in any security function like password open up , not only possibility of new bugs, but also a completely new set of security issues which is not what you want from a critical function handling passwords. Realizing this, the off-panel person resigns and decides that burning the project to the ground is the only solution, telling Cueball ''I'll get the {{w|Butane|lighter fluid}}''. | |
− | + | In the title text another two issues with Cueballs program are mentioned together with a possible solution that would fix all three problems at once. The second problem is unicode-handling bug in the URL request library, and the third is that the passwords are stored unsalted. {{w|Salt (cryptography)|Salting}} passwords increases security in the event that the database is compromised by ensuring that users with the same password will not have the same password hash. This makes some attacks used to decipher hash databases, such as {{w|Rainbow table|rainbow tables}}, effectively impossible. | |
− | + | The proposed solution is to salt the passwords with {{w|emoji}}, which is claimed to solve all three issues at once. | |
− | + | When the passwords are salted with emoji, the URL request library will fail to resolve any (salted) passwords because emoji are not valid characters in URLs. Since the server only crashes on ''resolvable'' URLs, this should mean the server won't crash anymore. In addition, the passwords will now be salted. Finally, emoji will often include unicode characters, which means that, if one can effectively salt passwords with emoji, then the passwords should be able to be stored in unicode (although that *probably* doesn't require anything outside the Base Multilingual Plane, so that might not need full unicode support after-all). | |
− | + | Given that this comic comes only five comics after [[1695: Code Quality 2]] is seems likely that the off-panel person is [[Ponytail]] and as could be seen in the first of those two comics, [[1513: Code Quality]], the perpetrator is indeed Cueball. In the title text of this first one, using emoji in variable names is mentioned. | |
+ | |||
+ | In [[1349: Shouldn't Be Hard]] Cueball is also programming and finding it very difficult in-spite that he thinks is should be easy. An off-panel person suggest burning the computer down with a blowtorch much like the off-panel person in this one suggest burning the whole project (including the computer) to the ground with lighter fluid. In the very next comic, the multi storyline [[1350: Lorenz]], one [http://xkcd.com/1350/#p:2ed958de-badf-11e3-8001-002590d77bdd story line] results in a computer being [http://www.explainxkcd.com/wiki/images/a/a6/lorenz_-_laptop_9.png burned with a blow torch]. | ||
==Transcript== | ==Transcript== | ||
Line 34: | Line 36: | ||
:Off-panel voice: Is this a '''normal''' bug, or one of those horrifying ones that prove your whole project is broken beyond repair and should be burned to the ground? | :Off-panel voice: Is this a '''normal''' bug, or one of those horrifying ones that prove your whole project is broken beyond repair and should be burned to the ground? | ||
− | :[Zoom in on | + | :[Zoom in on Cueballs head and upper torso.] |
:Cueball: It's a normal one this time, I promise. | :Cueball: It's a normal one this time, I promise. | ||
:Off-panel voice: OK, what's the bug? | :Off-panel voice: OK, what's the bug? | ||
Line 43: | Line 45: | ||
{{comic discussion}} | {{comic discussion}} | ||
+ | |||
[[Category:Comics featuring Cueball]] | [[Category:Comics featuring Cueball]] | ||
[[Category:Computers]] | [[Category:Computers]] | ||
[[Category:Programming]] | [[Category:Programming]] | ||
− | |||
− | |||
− |