…
You must log in or # to comment.
The issue this is referring to is because the user cannot paste into a text field. And the user was not rude about it either.
So instead of fixing the actual problem, the developer went nuclear and removed the validation. A dick move in my opinion given the developer’s attitude.
~It’s more sad than funny. 🤷♂️~
IMO as a developer this is a sane change. There’s no telling when the format of the first-party api key will change. They may switch from reference tokens to JWT tokens tomorrow. The validation should be using the token and seeing if it works.
If they had made the change for that reason, sure. But the actual stated cause was some pretty thing.
I don’t know what that repo does. But, chances are the dude was just fucking tired of dealing with curseforge. Total garbage scum software.
It’s prism. A multi-launcher for Minecraft Java edition.
I’m guessing removing the validation fixed the pasting, which means it did fix the actual problem?
I hate when websites have some weird rules for passwords, and show the rule when you are creating the password, but not when entering it. How am I supposed to remember the password must begin and end with a special character?
I can’t recommend password managers enough, because you will never have this issue again.
Password creation will still be annoying for sites with special rules. You just don’t have to remember them once you generated them.
I’ve literally never had an issue with password generation. Usually I generate 32 character passwords with all types of characters passwords on average expect. If a page has different rules, I just check the corresponding boxes in my password manager, and I get one that works for that site.
Just yesterday my library required a new password. The password requirements were:
- 8 to 18 characters
- uppercase
- lowercase
- number
- one of the 8 special characters listed
When borrowing from the library physically, I need to enter this password on a touchscreen keypad. So no copy and paste from a password manager.
They used to have birthdates as the assigned password for everyone. If you request a password reset, it resets to the birthdate. You have to change it on first login.
A little better than before, but doesn’t feel secure.
On the other hand, abuse is kinda difficult.
For physically loaning books, you need the library card with its RFID chip. For anything digital, there’s no incentive or possibility for abuse really.
Seems like a perfect use case for a password manager.
I’ve had a couple sites that required you to have special characters but some special characters were blacklisted.
In that extremely rare case I just delete the offending characters from my long generated password or add a couple randomly.
Peguots(car brand) app requires between 8 and 16 characters, no repeating characters, and that it contain 4 of the following: uppercase letter, lowercase letter, number, a special character in this list @$!%*?&_- ;
You’d think that’d be fine, but no. It took me several tries to generate a password that complied, even after limiting to only valid characters and a length of 16. I got the feeling there’s an extra rule not shown,maybe lost in translation. In Norwegian it literally says “no repeat or successive characters” making it sound like I can only use a letter once, but thankfully not.
Pure torture. And the app is so shit I get logged out often, and auto fill with my password manager does not work in that app. Pressing login also fails half the time.
and when the rule is also wrong example: password must contain special charcters the password contained : and ^ if those aren’t special characters idk what is
maybe they were looking for extra special characters like 🁄 or ⶸ. Who am I kidding, RFC 1738 tells us that literally everything is unsafe and you know, we need to prepare for the inevitable occasion when the password somehow ends up inside an URL.
The characters “<” and “>” are unsafe because they are used as the delimiters around URLs in free text;
the quote mark (“”") is used to delimit URLs in some systems.
The character “#” is unsafe
The character “%” is unsafeIt ends up with
Thus, only alphanumerics, the special characters
$ - _ . + ! * ’ ( ) ,
are safeIf the password is going in URLs you already have a problem.
It’s safe for https.
In terms of the transport, sure.
But if you put the password in a URL, the user’s browser is going to turn around and store that plaintext password in its history, then sync it to the user’s other devices, and then pop it up on their screen in the address bar autocomplete, perhaps when the user is screen sharing or streaming to hundreds of people. The browser does not expect a password to be stored there and will mishandle it.
Nah, if you type a password in a url, it gets turned into asterisks. Look: https://google.com/?password********************
I am going put null on my password and you aren’t stopping me
Also [object Object] is always a classic to mess with any js
I never get bored of discovering yet another software that gets broken because someome put a dollar sign in their password…
Often only a few special characters are accepted. Punctuation yes, emoji no.
“Punctuation yes, emoji no” sounds like something a grade school teacher would have embroidered on a throw pillow.
Having to alter my one generic password I use for random ass website because there’s a stupid extra rule is usually annoying me enough that I don’t register lmao.
Password manager?
I use it for important things that require actual security. Everything else gets the one password treatment.
In that case consider your accounts on “everything else” to be compromised already. It can be a pretty significant vector for identity theft for example.
I’m not dumb enough to share important private information on websites that don’t require it.
I use a mental algorithm that means my password is always different on paper, but is always deducible by me.
honestly I prefer to go the other route : if a website complains about a generic randomly generated password , especially if they have very specific rules I take it as a challenge to make a password with as much entropy as possible , preferably to the point where any reasonable hash can express less entropy
So the users realized their mistakes and stopped complaining……and other jokes public project maintainers tell themselves while laughing in tears
Prismlauncher! I remember browsing through the changelog and spotting this, made me chuckle internally.
If only I had a penny each time a user told something doesn’t work when it shouldnt’ve.
Usernames removed to prevent brigading
What is this gatekeeping nonsense? We live in the free world. I don’t want that reddit “anti-brigading” crap here.
Post breaks web accessibility by withholding web connectivity: it needs a link to source.
Images of text break much that text alternatives do not. Losses due to image of text lacking alternative such as link:
- usability
- we can’t quote the text without pointless bullshit like retyping it or OCR
- text search is unavailable
- the system can’t
- reflow text to varied screen sizes
- vary presentation (size, contrast)
- vary modality (audio, braille)
- accessibility
- lacks semantic structure (tags for titles, heading levels, sections, paragraphs, lists, emphasis, code, links, accessibility features, etc)
- some users can’t read the image due to lack of alt text (markdown image description)
- users can’t adapt the text for dyslexia or vision impairments
- systems can’t read the text to them or send it to braille devices
- web connectivity
- we have to do failure-prone bullshit to find the original source
- we can’t explore wider context of the original message
- authenticity: we don’t know the image hasn’t been tampered
- searchability: the “text” isn’t indexable by search engine in a meaningful way
- fault tolerance: no text fallback if
- image breaks
- image host is geoblocked due to insane regulations.
Contrary to age & humble appearance, text is an advanced technology that provides all these capabilities absent from images.
I partially agree with you. It’s bad to brigade against a random user out of the blue, but this is a useless censorship.
It’s a pull request in an open-source project, it’s not like people can’t find it in literally 3 seconds…
- usability
