Difference between revisions of "Talk:2700: Account Problems"
InfoManiac (talk | contribs) |
|||
(83 intermediate revisions by 38 users not shown) | |||
Line 10: | Line 10: | ||
:Is TheusafBot ofline or something? Generally it handles this sort of stuff pretty well--[[User:Mapron01|Mapron01]] ([[User talk:Mapron01|talk]]) 01:44, 19 November 2022 (UTC) | :Is TheusafBot ofline or something? Generally it handles this sort of stuff pretty well--[[User:Mapron01|Mapron01]] ([[User talk:Mapron01|talk]]) 01:44, 19 November 2022 (UTC) | ||
− | |||
− | |||
− | |||
::I'm pretty sure he is. [[User:Starstar|Starstar]] ([[User talk:Starstar|talk]]) 02:23, 19 November 2022 (UTC) | ::I'm pretty sure he is. [[User:Starstar|Starstar]] ([[User talk:Starstar|talk]]) 02:23, 19 November 2022 (UTC) | ||
Line 19: | Line 16: | ||
Vandals are just looking for a fun time, generally. Solution: make it not a fun time for them. Revert their edits dryly, patiently, with no particular comment or anything. Eventually they will get bored and find something else to do. Or, perhaps they'll sit there vandalizing while we revert them, we dozens against probably just one vandal. But if you make your irritation clear, that's "fun" to them, and they'll keep at it with renewed vigour. [[Special:Contributions/108.162.216.239|108.162.216.239]] 01:37, 19 November 2022 (UTC) | Vandals are just looking for a fun time, generally. Solution: make it not a fun time for them. Revert their edits dryly, patiently, with no particular comment or anything. Eventually they will get bored and find something else to do. Or, perhaps they'll sit there vandalizing while we revert them, we dozens against probably just one vandal. But if you make your irritation clear, that's "fun" to them, and they'll keep at it with renewed vigour. [[Special:Contributions/108.162.216.239|108.162.216.239]] 01:37, 19 November 2022 (UTC) | ||
+ | |||
+ | I accidentally used a backspace character in a username one time. It caused all sorts of problems with my account. | ||
+ | |||
+ | Also, I've never found the whole "The trolls will leave you alone if you don't move." thing to be effective. But I've never found anything else to be effective at universally adjusting behavior either. | ||
+ | -Master Areth | ||
+ | |||
+ | I wrote most of the current page after the first paragraph. It's a fairly sloppy first draft that could probably use some editing. Anyone who can should feel free to clean it up. Especially since the page is now protected (I'm not complaining; it was necessary) and so I can't edit it any more. [[User:Equites|Equites]] ([[User talk:Equites|talk]]) 05:57, 19 November 2022 (UTC) | ||
+ | :Hi [[User:Equites|Equites]], I [[Special:Diff/299457|rewrote]] the explanation, hope that's okay. I removed the references to the security aspect because I didn't think it was relevant. (Also pinging [[User:FrankHightower|FrankHightower]].) --[[User:Hddqsb|Hddqsb]] ([[User talk:Hddqsb|talk]]) 07:59, 20 November 2022 (UTC) | ||
+ | ::The first paragraph seems a bit superfluous - it's basically just a description of the comic, so isn't really adding anything to the explanation. Also, I think the bit about Pascal could come out of the second para - it doesn't appear to be relevant to what's going on in the comic, so it could just skip to the bit about null terminators.[[Special:Contributions/172.70.91.54|172.70.91.54]] 16:46, 21 November 2022 (UTC) | ||
+ | :::I removed the most superfluous part from the first paragraph, and pared down the explanation of Pascal strings ([[Special:Diff/299641|diff]]). I didn't remove the first paragraph entirely because I think it provides important context and details which are implicit in the comic. And I think it's important to at least mention Pascal strings because that sets the scene for the explanation of C strings (which ''don't'' explicitly store the length). --[[User:Hddqsb|Hddqsb]] ([[User talk:Hddqsb|talk]]) 10:08, 22 November 2022 (UTC) | ||
+ | |||
+ | Seems to be another Tech issue comic, its a tech issue with Cueball talking to Megan and the tech issue is extremely cursed. Should we add this one?[[Special:Contributions/162.158.22.98|162.158.22.98]] 06:00, 19 November 2022 (UTC) | ||
+ | |||
+ | "since there is no sequence of keys he could type that would result in a null terminator" ... I can type a NULL (ASCII 00) just fine in my editor on Linux (ctrl-v ctrl-@, the latter I type as ctrl-shift-2). However, I am not quite sure how to phrase this in the explanation without sounding like "Áctually! ...." [[User:henrikar|Henri]] | ||
+ | :I am amused that both in the main text and in this comment something has converted the "at sign" into [email protected]. | ||
+ | |||
+ | The title text is likely a reference to [https://www.reddit.com/r/ProgrammerHumor/comments/yqof9f/comment/ivrd9ur/ this reddit post]. [[User:Pb|Pb]] ([[User talk:Pb|talk]]) 07:06, 19 November 2022 (UTC) | ||
+ | : I don't think that's likely... --[[User:Hddqsb|Hddqsb]] ([[User talk:Hddqsb|talk]]) 08:50, 20 November 2022 (UTC) | ||
+ | |||
+ | The only thing is I'm pretty sure it's not terribly difficult to enter a null string character, you just have to know what it is. On a PC with a keyboard that has a number pad, you can press Alt-[Number] to enter special characters using their ASCII code (Alt-65 will get "A", Alt-8 is backspace or delete, I forget which but I think BS, etc. MIGHT need leading zeroes to be 3 digits). The 0 to 31 codes - 32 is space, starting the normal characters - tend to have all the special characters, I think null string is 0? [[User:NiceGuy1|NiceGuy1]] ([[User talk:NiceGuy1|talk]]) 04:14, 20 November 2022 (UTC) | ||
+ | :It is. And (with caveats, depending upon other issues and circumstances) Alt-numpad0 would give me the null-char wherever it's practical and not blocked (intentionally or just because it isn't specifically catered for).[[Special:Contributions/172.71.178.206|172.71.178.206]] 15:25, 20 November 2022 (UTC) | ||
+ | ::I know a sysadmin friend of mine had to help a user whose account name was "🦙" (The Llama unicode symbol) and he was on a computer where not all layers between the username field and the password authentication understood unicode. Examples like this will happen in real life. [[User:IIVQ|IIVQ]] ([[User talk:IIVQ|talk]]) 11:16, 21 November 2022 (UTC) | ||
+ | :::Were they Spanish, by any chance?[[Special:Contributions/172.70.90.173|172.70.90.173]] 16:49, 21 November 2022 (UTC) | ||
+ | |||
+ | As Cueball is showing and handing over his laptop, I don't think the issue is about a website account (where he could probably do a password reset), but his local account on the laptop, of which he is now locked out, and hopes Poneytail can break into it? [[User:Ghen|ghen]] ([[User talk:Ghen|talk]]) 18:28, 19 November 2022 (UTC) | ||
+ | :Good point, updated to avoid referring to "website" specifically. (Another possibility is that it is the password for some installed application.) --[[User:Hddqsb|Hddqsb]] ([[User talk:Hddqsb|talk]]) 07:17, 20 November 2022 (UTC) | ||
+ | |||
+ | ''"Suppose a website's registration form allows the user's new password to have up to 20 characters, but due to a programmer error the login page only accepts passwords with up to 18 characters."''<br> | ||
+ | There are also cases where page or application is updated with the expectation that old user accounts will still be working, but updated page no longer accepts same characters (or number of characters) than the old one, locking some people out. -- [[User:Hkmaly|Hkmaly]] ([[User talk:Hkmaly|talk]]) 01:35, 20 November 2022 (UTC) | ||
+ | :I know from experience that (at least one version of) Windows Server allows very long passwords and that the Windows Server installer will accept very long passwords when setting up the initial admin account, but that the installer silently truncates the password to a "normal" length when actually setting up said account. If you aren't aware of this (and you have a client that uses ridiculously long passwords), you can easily trick yourself into thinking you mistyped and locked yourself out, and have to reinstall. Once installed with a shorter password, it can be changed to whatever length you want.[[Special:Contributions/172.70.134.122|172.70.134.122]] 16:16, 21 November 2022 (UTC) | ||
+ | |||
+ | Concerning the password described in the title text. If the characters are used in the order they appear in the Unicode Table the password starts with the Null String Terminator and therefor you will essentially end up with an empty password if C or a programming language is used handling strings the same way. [[User:Kimmerin|Kimmerin]] ([[User talk:Kimmerin|talk]]) 12:51, 21 November 2022 (UTC) | ||
+ | : Good point, added ([[Special:Permalink/299540|snapshot]]). --[[User:Hddqsb|Hddqsb]] ([[User talk:Hddqsb|talk]]) 15:38, 21 November 2022 (UTC) | ||
+ | |||
+ | I've actually had this problem long ago; I used the @ sign as part of my password, and it didn't let me log in anymore. Some systems in the good old days (I think it was an FTP server) used the @ character to separate username and password when authenticating. Also, I am still running into this problem sometimes with usernames (emails) allowing "+" in the address on registration, but not when logging in. [[User:Pbb|Pbb]] ([[User talk:Pbb|talk]]) | ||
+ | :The @-sign is used to separate authentication and hostname information in an URL, e.g. http://user:[email protected]:port/... Within an FTP-session it was commonly used in FTP-proxy scenarios, i.e. you've connected to an internal FTP-proxy-server providing username and hostname as username in the form [email protected] (similar to the syntax used for scp/sftp) and the password as is. An @-sign in the password in the latter shouldn't have any effect and within the URL an @-character would get URL-encoded not having an effect, either. URL-encoding might be the reason for the last problem, you've described leading to a space in the stored value on the server side. [[User:Kimmerin|Kimmerin]] ([[User talk:Kimmerin|talk]]) 15:50, 21 November 2022 (UTC) | ||
+ | |||
+ | A very similar situation happened when I was network manager at Moravian College back in the mid-‘90s. A user was unknowingly typing an ASCII 0 character as a “special” character for their password, and doing it as like the 4th character typed, so the rest of what they typed (which was about 8 more characters) was simply ignored, the system thought their password was just the first 3 characters, the user was none the wiser, until the day I implemented checks to require “strong” passwords that included a minimum length. The user came to me all huffy that their password *was* long enough, but they system was making them change it, but not accepting the change. I never ask users for their password, so diagnosing the problem took a few tries, I had to think to ask them to prepend 8 x’s to the front of their password, and when that worked then I understood the problem. | ||
+ | |||
+ | NULL was also a headache for me in the early 2000’s, working with Oracle web forms, and some weird interaction of software bugs between a particular version of Safari web browser, Apache web server, and Oracle somehow allowed the string “NULL” to get into the Oracle database, breaking the SQL Boolean function IS NULL. The kludge was to change the IF [string] IS NULL” test to be IF [string] IS NULL OR [string] = “NULL” | ||
+ | (Unfortunately not the ugliest code I have ever written) [[User:John|John]] ([[User talk:John|talk]]) 12:40, 25 November 2022 (UTC) | ||
+ | :Not with null-character, that I'm aware, but when our small company (with Novell-based networking, for fule-servers, printers and most asynchronous communications to the outside world via a somewhat proprietry email gateway over a dial-up) merged into a larger company (with NT servers, and the rest, and now tied directly into their worldwide-WAN by ISDN) there were various hiccoughs in making sure existing and extended infrastructure didn't have conflicting ideas of what was acceptible in the now unified logins. (Not to mention that our username system had been initial-based, but we were now needing formats based upon full names. We had to keep both continuity (for our own long term usage validation) and a migration (to integrate into theirs) and otherwise competent users who were big experts in their own field of data analysis often could not handle the technicalities of multiple/nested logins or the logistical fallout from having their initial login profiles 'remembering credentials'. The fuss it took, until we phased through a full migration (helped by some staff turnover) and relegated the much more competant Novell system to backup/archive servers only. | ||
+ | :And then there was the printer that aperiodically 'broke' because the replacement Windows printserver was somehow unable to pass some particular control characters (not sure if null was ever amongst them) that were occasionally used as the daily-changing hashed output to 'sign' the printouts and thus prove their legacy/providence. | ||
+ | :I got a great deal of experience with system migrations, from all that, but also a strong dislike of being pushed into them or things that aren't themselves 'broke' being 'fixed' by mandatory upgrades. [[Special:Contributions/172.70.91.58|172.70.91.58]] 14:53, 25 November 2022 (UTC) |
Latest revision as of 14:53, 25 November 2022
What was going on with this page? Sarah the Pie(yes, the food) (talk) 00:58, 19 November 2022 (UTC)
- Vandalism. I mentioned it on the Admin requests page. It's getting reverted back to normal pretty quickly when it happens, but it will probably keep happening until an admin bans the person doing it, or the person doing it gets bored and stops on their own. Equites (talk) 01:05, 19 November 2022 (UTC)
are two nazis actually in an edit war or is it just one person astroturfing --162.158.63.100 01:18, 19 November 2022 (UTC)
I'm trying to combat it, but I'll only be able to keep this up for around another 20 minutes or so. InfoManiac (talk) 01:21, 19 November 2022 (UTC)
- Is TheusafBot ofline or something? Generally it handles this sort of stuff pretty well--Mapron01 (talk) 01:44, 19 November 2022 (UTC)
This reminds me of the time I used a character in my password that was the "stty kill" character for one workstation's default console terminal settings. I normally logged in via ssh, and occasionally logged in via xdm, but the time I tried logging in via the console, it really didn't like what was left of my password. 162.158.62.180 01:25, 19 November 2022 (UTC)
- Ah, the good old days when ordinary printing characters were used for erase and kill. Barmar (talk) 01:43, 19 November 2022 (UTC)
Vandals are just looking for a fun time, generally. Solution: make it not a fun time for them. Revert their edits dryly, patiently, with no particular comment or anything. Eventually they will get bored and find something else to do. Or, perhaps they'll sit there vandalizing while we revert them, we dozens against probably just one vandal. But if you make your irritation clear, that's "fun" to them, and they'll keep at it with renewed vigour. 108.162.216.239 01:37, 19 November 2022 (UTC)
I accidentally used a backspace character in a username one time. It caused all sorts of problems with my account.
Also, I've never found the whole "The trolls will leave you alone if you don't move." thing to be effective. But I've never found anything else to be effective at universally adjusting behavior either. -Master Areth
I wrote most of the current page after the first paragraph. It's a fairly sloppy first draft that could probably use some editing. Anyone who can should feel free to clean it up. Especially since the page is now protected (I'm not complaining; it was necessary) and so I can't edit it any more. Equites (talk) 05:57, 19 November 2022 (UTC)
- Hi Equites, I rewrote the explanation, hope that's okay. I removed the references to the security aspect because I didn't think it was relevant. (Also pinging FrankHightower.) --Hddqsb (talk) 07:59, 20 November 2022 (UTC)
- The first paragraph seems a bit superfluous - it's basically just a description of the comic, so isn't really adding anything to the explanation. Also, I think the bit about Pascal could come out of the second para - it doesn't appear to be relevant to what's going on in the comic, so it could just skip to the bit about null terminators.172.70.91.54 16:46, 21 November 2022 (UTC)
- I removed the most superfluous part from the first paragraph, and pared down the explanation of Pascal strings (diff). I didn't remove the first paragraph entirely because I think it provides important context and details which are implicit in the comic. And I think it's important to at least mention Pascal strings because that sets the scene for the explanation of C strings (which don't explicitly store the length). --Hddqsb (talk) 10:08, 22 November 2022 (UTC)
- The first paragraph seems a bit superfluous - it's basically just a description of the comic, so isn't really adding anything to the explanation. Also, I think the bit about Pascal could come out of the second para - it doesn't appear to be relevant to what's going on in the comic, so it could just skip to the bit about null terminators.172.70.91.54 16:46, 21 November 2022 (UTC)
Seems to be another Tech issue comic, its a tech issue with Cueball talking to Megan and the tech issue is extremely cursed. Should we add this one?162.158.22.98 06:00, 19 November 2022 (UTC)
"since there is no sequence of keys he could type that would result in a null terminator" ... I can type a NULL (ASCII 00) just fine in my editor on Linux (ctrl-v ctrl-@, the latter I type as ctrl-shift-2). However, I am not quite sure how to phrase this in the explanation without sounding like "Áctually! ...." Henri
- I am amused that both in the main text and in this comment something has converted the "at sign" into [email protected].
The title text is likely a reference to this reddit post. Pb (talk) 07:06, 19 November 2022 (UTC)
The only thing is I'm pretty sure it's not terribly difficult to enter a null string character, you just have to know what it is. On a PC with a keyboard that has a number pad, you can press Alt-[Number] to enter special characters using their ASCII code (Alt-65 will get "A", Alt-8 is backspace or delete, I forget which but I think BS, etc. MIGHT need leading zeroes to be 3 digits). The 0 to 31 codes - 32 is space, starting the normal characters - tend to have all the special characters, I think null string is 0? NiceGuy1 (talk) 04:14, 20 November 2022 (UTC)
- It is. And (with caveats, depending upon other issues and circumstances) Alt-numpad0 would give me the null-char wherever it's practical and not blocked (intentionally or just because it isn't specifically catered for).172.71.178.206 15:25, 20 November 2022 (UTC)
- I know a sysadmin friend of mine had to help a user whose account name was "🦙" (The Llama unicode symbol) and he was on a computer where not all layers between the username field and the password authentication understood unicode. Examples like this will happen in real life. IIVQ (talk) 11:16, 21 November 2022 (UTC)
- Were they Spanish, by any chance?172.70.90.173 16:49, 21 November 2022 (UTC)
- I know a sysadmin friend of mine had to help a user whose account name was "🦙" (The Llama unicode symbol) and he was on a computer where not all layers between the username field and the password authentication understood unicode. Examples like this will happen in real life. IIVQ (talk) 11:16, 21 November 2022 (UTC)
As Cueball is showing and handing over his laptop, I don't think the issue is about a website account (where he could probably do a password reset), but his local account on the laptop, of which he is now locked out, and hopes Poneytail can break into it? ghen (talk) 18:28, 19 November 2022 (UTC)
- Good point, updated to avoid referring to "website" specifically. (Another possibility is that it is the password for some installed application.) --Hddqsb (talk) 07:17, 20 November 2022 (UTC)
"Suppose a website's registration form allows the user's new password to have up to 20 characters, but due to a programmer error the login page only accepts passwords with up to 18 characters."
There are also cases where page or application is updated with the expectation that old user accounts will still be working, but updated page no longer accepts same characters (or number of characters) than the old one, locking some people out. -- Hkmaly (talk) 01:35, 20 November 2022 (UTC)
- I know from experience that (at least one version of) Windows Server allows very long passwords and that the Windows Server installer will accept very long passwords when setting up the initial admin account, but that the installer silently truncates the password to a "normal" length when actually setting up said account. If you aren't aware of this (and you have a client that uses ridiculously long passwords), you can easily trick yourself into thinking you mistyped and locked yourself out, and have to reinstall. Once installed with a shorter password, it can be changed to whatever length you want.172.70.134.122 16:16, 21 November 2022 (UTC)
Concerning the password described in the title text. If the characters are used in the order they appear in the Unicode Table the password starts with the Null String Terminator and therefor you will essentially end up with an empty password if C or a programming language is used handling strings the same way. Kimmerin (talk) 12:51, 21 November 2022 (UTC)
I've actually had this problem long ago; I used the @ sign as part of my password, and it didn't let me log in anymore. Some systems in the good old days (I think it was an FTP server) used the @ character to separate username and password when authenticating. Also, I am still running into this problem sometimes with usernames (emails) allowing "+" in the address on registration, but not when logging in. Pbb (talk)
- The @-sign is used to separate authentication and hostname information in an URL, e.g. http://user:[email protected]:port/... Within an FTP-session it was commonly used in FTP-proxy scenarios, i.e. you've connected to an internal FTP-proxy-server providing username and hostname as username in the form [email protected] (similar to the syntax used for scp/sftp) and the password as is. An @-sign in the password in the latter shouldn't have any effect and within the URL an @-character would get URL-encoded not having an effect, either. URL-encoding might be the reason for the last problem, you've described leading to a space in the stored value on the server side. Kimmerin (talk) 15:50, 21 November 2022 (UTC)
A very similar situation happened when I was network manager at Moravian College back in the mid-‘90s. A user was unknowingly typing an ASCII 0 character as a “special” character for their password, and doing it as like the 4th character typed, so the rest of what they typed (which was about 8 more characters) was simply ignored, the system thought their password was just the first 3 characters, the user was none the wiser, until the day I implemented checks to require “strong” passwords that included a minimum length. The user came to me all huffy that their password *was* long enough, but they system was making them change it, but not accepting the change. I never ask users for their password, so diagnosing the problem took a few tries, I had to think to ask them to prepend 8 x’s to the front of their password, and when that worked then I understood the problem.
NULL was also a headache for me in the early 2000’s, working with Oracle web forms, and some weird interaction of software bugs between a particular version of Safari web browser, Apache web server, and Oracle somehow allowed the string “NULL” to get into the Oracle database, breaking the SQL Boolean function IS NULL. The kludge was to change the IF [string] IS NULL” test to be IF [string] IS NULL OR [string] = “NULL” (Unfortunately not the ugliest code I have ever written) John (talk) 12:40, 25 November 2022 (UTC)
- Not with null-character, that I'm aware, but when our small company (with Novell-based networking, for fule-servers, printers and most asynchronous communications to the outside world via a somewhat proprietry email gateway over a dial-up) merged into a larger company (with NT servers, and the rest, and now tied directly into their worldwide-WAN by ISDN) there were various hiccoughs in making sure existing and extended infrastructure didn't have conflicting ideas of what was acceptible in the now unified logins. (Not to mention that our username system had been initial-based, but we were now needing formats based upon full names. We had to keep both continuity (for our own long term usage validation) and a migration (to integrate into theirs) and otherwise competent users who were big experts in their own field of data analysis often could not handle the technicalities of multiple/nested logins or the logistical fallout from having their initial login profiles 'remembering credentials'. The fuss it took, until we phased through a full migration (helped by some staff turnover) and relegated the much more competant Novell system to backup/archive servers only.
- And then there was the printer that aperiodically 'broke' because the replacement Windows printserver was somehow unable to pass some particular control characters (not sure if null was ever amongst them) that were occasionally used as the daily-changing hashed output to 'sign' the printouts and thus prove their legacy/providence.
- I got a great deal of experience with system migrations, from all that, but also a strong dislike of being pushed into them or things that aren't themselves 'broke' being 'fixed' by mandatory upgrades. 172.70.91.58 14:53, 25 November 2022 (UTC)