Follow

things that make my trust in your website drop down a whole level:

- password field is maximum 8-15 characters
- passwords cannot contain some special characters
- password is included in confirmation email

I've seen every one of these and they horrify me every time

@blackle The only technical reason I can think of why you'd limit the maximum number of characters in the password is because your database column that holds the password is limited to that length.

So either there are no technical limitations, and the developer just chose an arbitrary limit. Or, it's even worse and they store passwords in cleartext.

Both are bad.

@loke same kind of thoughts come to mind with the "cannot contain special characters" bit. like characters are being filtered because otherwise they'll have an sql injection attack or something.

all these things imply some horrifying things about whatever code is living on the server

@loke
Yeah, if the password is hashed then it's going to have a fixed length and that length had better be longer than 15 characters....
@blackle

@blackle password is passed in cleartext to mainframe that can only support 8 character passwords

@blackle doesn't that gnu mailing list software email you your password? That always pissed me off specifically

@trwnh next I'm sure we'll see "your password can either be 'password' or '12345678'" next

@blackle The worst is when there is a character limit, but nobody actually anticipated that you would put in a password that long. I've had websites accept a 40-character password, but silently truncate it so that I can't log in.

Government websites are *especially* bad about this.

@blackle turns out bags of salt do keep evil spirits away

@blackle

- error message "this password is already used by user {{ username }}"

Sign in to participate in the conversation
dev.glitch.social

UNSTABLE BUT FRIENDLY

BE WARNED this instance will absolutely be unstable at times. It will 10000% be used for experimenting with settings and tweaks to Mastodon. So the place may experience outages, not federate reliably with the rest of the world, have posts go missing, or other technical faults. As such it's meant to be a chill, maybe kinda playful place. FOR BREAKING THE SOFTWARE. Time to see what we can do with this thing! Time to ˥∀IƆOS HƆ⊥I˥⅁

the code is here

This instance also has domain level blocks on numerous others, using the block list found here .

followbots from other instances will be blocked. please report them

Some rules

  • Do not engage in harassment of any kind.
  • Racist, sexist and other oppressive slurs will get you suspended, even in non-public conversations.
  • You can post porn and nudity, but you must use the nsfw flag and do not post on the public timeline or you will be silenced (ask around how to make unlisted posts)
  • try to be kind
  • no non-sentient bots until further notice
  • no shit that's illegal in Canada
  • animated gifs should always be marked sensitive/NSFW and identified as animated gifs (for now let's say just putting 'gif' in the text of the toot is sufficient), because they can cause serious problems for people

some guidelines

  • stuff here is impermanent but i still want this to be as safe a space as we can reasonably make it. let's keep common triggers and angry/ranty/grumpy toots behind CWs
  • free speech maximalists can kindly fuck off. there are instances where that is a priority. this is not one of them.
  • all languages are welcome!

the privacy stuff in the 'terms' isn't what it should be, but no time to change it yet. this instance's data will not be sold or traded or whatever.