this post was submitted on 18 Feb 2024
342 points (100.0% liked)

tails: A Place for Mastodon Posts

328 readers
1 users here now

A virtual community

Posts from Mastodon users, featured natively in a community, so you can view them without the need for them to be re-hosted or screenshoted, and reply to the original author and Mastodon respondents if you wish.

Has so far included content from Warsandpeas, Mr. Lovenstein, SMBC, Loading Artist, Low Quality Facts, nixCraft, ElleGray, and other interesting or provocative stuff I've random'd across on Mastodon.


Supported:
Comments & Upvotes
Unsupported:
Posts, Downvotes, & PD's Automod

founded 9 months ago
MODERATORS
 

Image description: The text contains the phrase "Hey! What's going on?" followed by the phrase "Sick bastard!". Below that is some code that appears to be related to password verification.


(Originally published on mastodon.social: 2024-02-18)

top 20 comments
sorted by: hot top controversial new old
[–] narpoleptic@masto.ai 42 points 8 months ago* (last edited 8 months ago) (1 children)

I know I've been toiling in the Sysadmin Mines for too long in my life because I read the code and thought "Heh, that's a neat workaround" 😅

[–] sbv@sh.itjust.works 21 points 8 months ago (1 children)

It’s not a bad idea. From some points of view.

[–] Wermhatswormhat@lemmy.world 14 points 8 months ago

The dark side is the pathway to many abilities some whould call…unnatural.

[–] rebelsimile@sh.itjust.works 38 points 8 months ago

This man found the code for USB plugs

[–] Downcount@lemmy.world 31 points 8 months ago (1 children)

I have the feeling I’ve been tricked by this quite a few times.

[–] phorq@lemmy.ml 6 points 8 months ago (1 children)

Most sites randomize this slightly to make you doubt yourself. To prevent brute forces from getting lucky, it’s more likely to happen the more tries you do per ip address.

[–] kautau@lemmy.world 28 points 8 months ago

most sites

I’d be interested to see some data on that. Using a password manager, I almost never type my password, and I’ve definitely never had an invalid password error across the like 180 sites in my password manager when it’s being autofilled correctly

[–] Gonzako@lemmy.world 13 points 8 months ago (1 children)

The code basically says that if you don’t input the password correctly at first you don’t get to log in for the whole session.Edit: nvm it actually checks for both being true without negating them. So it always forces the user to input the same password twice

[–] Mango@lemmy.world 2 points 8 months ago

Which is kind of genius.

[–] mark@waterford.international 9 points 8 months ago* (last edited 8 months ago)

Where’s the Sleep(5000) in the middle there?

[–] rollmagma@lemmy.world 9 points 8 months ago

Image description: A three pane comic depicting an office setting. In the first pane a men with bags under his eyes and a cup of coffee asks “Hey! What’s going on?” while two men and a woman stand exasperated behind a men who looks at the computer screen while smiling. In the second pane the coffee drinker spits his coffee and drops the mug while in the standing trio, the woman screams “Sick bastard” towards the person on the computer, one man covers his mouth while his hair turns gray and the second man rips his own hair. The men on the computer does a thumbs up, still smiling. The third pane shows the computer screen which contains a “brute force attack protection” programming code. The code reads "If is password correct and is first login attempt, then error: wrong login or password "

[–] THE_MASTERMIND@feddit.ch 8 points 8 months ago (2 children)
 *DELETED*.          *BY*.       *USER*.       *PERMANENTLY*
[–] KISSmyOS@feddit.de 8 points 8 months ago

If my password, which I copy-pasted from my password manager, is rejected twice, then I assume I must have deleted my account.

[–] perviouslyiner@lemmy.world 3 points 8 months ago

That sounds like the logic in a Douglas Adams computer game.

[–] doug@mastodon.scot 4 points 8 months ago* (last edited 8 months ago)

genuinely evil. I like it.

[–] qwertzuiop@mastodon.social 4 points 8 months ago* (last edited 8 months ago)

i swear my phone has this "feature"

[–] streetcoder@mastodon.social 3 points 8 months ago* (last edited 8 months ago)

Hey where did you find my code? But I even wrote a comment spam protector like this with first ten tries and random.

[–] ledoian@pleroma.ledoian.cz 2 points 8 months ago* (last edited 8 months ago)

if (! isPasswordCorrect) && isFirstLoginAttempt: letThemIn()? :-)

[–] iain@hachyderm.io 1 points 8 months ago* (last edited 8 months ago)

sshhh now you’ve told them 😤

[–] dotoscat@mastodon.xyz 1 points 8 months ago* (last edited 8 months ago)