Hacker News new | comments | show | ask | jobs | submit login
Remove my password from lists so hackers won't be able to hack me (github.com)
504 points by dEnigma 10 months ago | hide | past | web | favorite | 69 comments



That comment thread was gold, if only for the link to the most secure password in the world site... [0]

[Disclaimer seeing as the original joke was missed by many - this site link is totally tongue in cheek too. DON'T use the suggested password]

[0] - https://mostsecure.pw/


Secure Connection Failed

An error occurred during a connection to mostsecure.pw. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

Just me? Is this just too secure™ for Firefox' liking?


It's just you. It worked fine for me in Firefox.


Reminds me of xkcd "Random Number": https://xkcd.com/221/


Ctrl + F

hunter2

(4 matches)

I love a good in-joke.

Spoilers: http://bash.org/?244321


What did you search for? When you type hunter2 all I see are stars.


Copied the stars and then pasted that into CTRL-F


Fun fact: You have to escape the stars for them to show up on IRC. Otherwise people see their password!


Does it work for usernames?

Here, check mine:

    8ftpenissurvivor
What does that show up as?


Wouldn't searching for * * * * * * * yield more than 4 matches?


Whenever you type that, all I see is "1-7-3-4-6-7-3-2-1-4-7-6-Charlie-3-2-7-8-9-7-7-7-6-4-3-Tango-7-3-2-Victor-7-3-1-1-7-8-8-8-7-3-2-4-7-6-7-8-9-7-6-4-3-7-6


I can't see this without claiming the nerd cred of being the first to identify it as the password Data uses to lock out the computer in the ST:TNG episode "Brothers".

For extra credit, I will point out (which you may not know EGreg?) that the password he speaks verbally, and the password that appears on the display visually, are NOT the same and differ by a few digits near the end, a small mistake in production.


The code that Data says: 173467321476C32789777643T732V73117888732476789764376

The code on the screen (in upper case letters) 17346721476C3278977763T732V731171888732476789764376

Source: https://www.youtube.com/watch?v=rAUVUUhf7U0


Weird, I see 223269?


Is it someone's fiction?


I am wheezing


The comments are humorous, of course, in the context of sharing passwords.

What if, instead of a password, the text to be censored is:

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

(That's a code that can be used to crack Blu-Ray discs).

Further reading: https://en.wikipedia.org/wiki/AACS_encryption_key_controvers...

https://en.wikipedia.org/wiki/Digital_rights_management#Oppo...

https://www.eff.org/issues/drm


My address is listed in the phone book as well. Is there anyway I can get that removed? :P


Country?


Oh, it was a joke. Guess the topic of this was meant to be serious, ha. I even got downvoted.


One has to suffer for one's art


I'm not really a security expert, but wouldn't it be harder for hacker to notice the hack if you leave it and wisely change the first letter to upper/lower case?


Thanks for this. I went ahead and created a merge request to remove my passwords too. /s


Can someone please explain. I don't understand.


Fun trolling :)


They should have checked their password with https://inutile.club/estatis/password-security-checker/ . It correctly identifies both “hunter2” and “dolphins” as unsafe.


That's a very good resource. I typed in gibberish to make sure it was what I hoped it was.


Of course, “gibberish” is also an unsafe password.


Very true.


I don't know how safe it is to enter my password into a site I've never heard of before... Not that I'm accusing them of it, but this is the perfect setup for a phishing scam.


It's a joke site. This is what it looks like: https://i.imgur.com/Sm1IaZO.png

Some people just don't have a sense of humor.


I'm going to let this one slide, because most of us are not working today for various reasons, but I must note, I've never seen this side of GitHub. I probably spend too much time cloistered in work projects to notice.


> I'm going to let this one slide

Thanks for your benevolence.


Your snark is noted. However, unlike those that come here to delay their day's tasks, I come here to learn and be exposed to new things. As such, humor has never been a quality I seek from HN, and it detracts from the point of being here, for me.


Heyyy, it's that guy who looks down on those of us who don't use our real names!

I remember because you showed a similarly poor attitude in another thread. That attitude was so out of line with what I expect from HN that your username was seared in my mind :)


I think most people like to learn and have a good time at the same time.


Why can't we seek to learn and have a laugh now and then as well?

Your profile also says "Commentors with novelty usernames should not expect responses.". What if someone with a novelty username teaches you something and you have a question to further your learning. You won't respond?


Why can't we seek to learn and have a laugh now and then as well?


Nice. Subtle.


This is hysterical, I love that tech has their own way of humor.


I don't know what to think, he knows how to make a PR but doesn't get this simple thing... :)


He is trolling.. but I guess you are meta-trolling..


Look, we all intuitively get that it's a bad idea and it is definitely funny. But honestly is it helping to make fun of the poor user rather than educate them as to why their password is on the list and the importance of secure password practices?

The security community I grew up with was welcoming and understanding, and it sparked an interest I never would have realized otherwise.


The user has a large number of GitHub commits and the technical knowledge needed to create a pull request probably exceeds the knowledge needed to know why this doesn't work...

I feel comfortable assuming the original PR is a joke.


As further evidence that the assafnativ probably understands trolling, it's worth mentioning that he wrote the article The Making of the Kosher Phone [0]. So he knows how to troll Orthodox Jews if nothing else.

[0]: http://blog.assafnativ.com/2014/03/the-making-of-kosher-phon...


> the technical knowledge needed to create a pull request probably exceeds the knowledge needed to know why this doesn't work...

The plural of anecdote is not data, but I have first hand experience with someone who can make a pull request but doesn't understand password best practices at all.

Granted it might be because I taught them to make pull requests, but still...

I know people who wrote code for their thesis in Python but can't grasp why indentation matters. You'd be surprised by what people do and don't know.


> I know people who wrote code for their thesis in Python but can't grasp why indentation matters.

How can one write code (that runs!) for one's thesis without paying attention to Python's semantically significant whitespace?


> How can one write code (that runs!) for one's thesis without paying attention to Python's semantically significant whitespace?

By fiddling around with different indentations levels till the code works.

So much code out there is written this way.

Kind of gives a new meaning to 'iterating' on one's code doesn't it?


That's exactly my point.

I expect it was, as the other commenter said, probably via an IDE like PyCharm. I never asked because there's no good way to ask a question like that.

But that's my point, people's knowledge is all over the place. It's probably a joke, but it could easily not be.


Perhaps an IDE/editor that autoformats python code?


I am now more than a little embarrassed that this didn't even occur to me...


It doesn't make a whole ton of sense because you'd still need to know when to un-indent in order to get out of a conditional block. IDEs can't read your mind.


I've never asked the details, I just know that they used Python before but couldn't cope with indentation when I worked with them on code.


How did they fail to cope with it?


I had an answer typed up, but it felt like picking on them rather than explaining the issue. Text is hard.

After submitting changes that started 10 indents past the previous line, and had little to no rhyme or reason for subsequent indentation, we asked them to reformat and resubmit. When it became clear that they could not, we reviewed the code itself separately from the indentation and reformatted it ourselves.

Multiple co-workers sat next to them to try to explain how to line things up vertically, but they were unable to do so without said help.

This was over the course of about two weeks in which we were instructed to try to bring them onboard some of our projects. Both our and their projects at the time were frontend web projects.

I have not looked at any of their code outside what was submitted to our side, but I do know they are praised for the quality of their work by management.


Thanks. Interesting.


But they can auto-format copy-pasted code from Stack Overflow.


That's what they want you to think.


I've worked with a programmer on a project who could not do basic algebra (4x + 1 = 5, solve for x), and would outsource any math to stackoverflow to get answers in his specific language. Those answers were usually incorrect because he didn't know how to phrase his questions correctly.

That was horrifying to realize that the person writing the front end for an ecommerce application not only could not calculate tax, but would brag about how he doesn't need to know basic math.


> Granted it might be because I taught them to make pull requests, but still...

You can make these sorts of trivial changes just by clicking around the GitHub web UI, I could probably tell a 12 year old how to make a trivial change like this, regardless of their coding expertise https://help.github.com/articles/editing-files-in-your-repos...


> The security community I grew up with was welcoming and understanding

lol


> But honestly is it helping to make fun of the poor user rather than educate them as to why their password is on the list and the importance of secure password practices?

I am not sure the issue poster really uses that password...


Poe's law applies here of course, that's fair. Still...


It's easy to verify. ;) I've just checked - that's not his password.



if it HAD worked, and you told us, then you'd be confessing to violating the Misuse Of Computers act. So of COURSE you'd say that's not his password.


It looks like you didn't get the joke.


So, they want the password off the list, instead of changing it to something (much much much) more secure? Some variant of "battery horse staple and correct", right?


This is a joke.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: