Mirrorz: Why didn't subby just link directly to The Oatmeal's site?
That "article" is just one of his images embedded on a different page.

Came here to say this. At least drive the traffic to The Oatmeal's site instead of BoingBoing. The Oatmeal does some good stuff. We should be supporting him directly.

My personnel favorite is when they make you create a unique user name. Sorry that name isn't available, sorry that name isn't available, sorry that name isn't available... each time clearing the password field. Then a year later when you need something else they make you use the unique name instead of your unique email.

the worst is when you spell charon cheron and have to live with it for a decade

Mirrorz: Why didn't subby just link directly to The Oatmeal's site?
That "article" is just one of his images embedded on a different page.

Came to say this. Wanna bet BoingBoing pays for greens?

I don't know about you guys, but if I found a shopping cart that blows me, I would want it to blow more.

/DNRTFA
//DN even R all the F headline.

mauricecano: Was a PITA but we had scrolling blinking text which was so futuristic!

Damn. I was going to just post an animated rainbow horizontal rule, but I actually can't find one.

I still remember being blown away after seeing my first animated gif on a webpage.

Walker: Yeah, that password one annoys me too. "Your password must be at least 8 characters long, have a number, a letter, a special character, an uppercase character, a lowercase character, the word bababooey in it, and the name of your first grade teacher's firstborn grandchild".

There's no way I can remember 30 different passwords so I like to use the same one for everything. Yes, I know that's "bad tech policy" but I'm old and senile so shut up. If I have to have 30 different passwords I will have to write them down, which defeats the whole purpose of having a "secret" password. Plus I won't always have the little notebook with me with all the passwords in it, so I end up getting locked out of my own accounts constantly.

Unless you have family members or roommates you don't want buying discount koala meat in your name, it's usually okay to write down website passwords. Post-its are pretty much hacker-proof.

But I agree, complex passwords are bullshiat. There was an article a while back about how password that's just two or three simple english words is far more secure than seven characters of line noise. Passphrases FTW

I_Am_Weasel: Walker: Yeah, that password one annoys me too. "Your password must be at least 8 characters long, have a number, a letter, a special character, an uppercase character, a lowercase character, the word bababooey in it, and the name of your first grade teacher's firstborn grandchild".

There's no way I can remember 30 different passwords so I like to use the same one for everything. Yes, I know that's "bad tech policy" but I'm old and senile so shut up. If I have to have 30 different passwords I will have to write them down, which defeats the whole purpose of having a "secret" password. Plus I won't always have the little notebook with me with all the passwords in it, so I end up getting locked out of my own accounts constantly.

Keepass. It be what I use.

That's not the root of the problem. The problem is why do we need a unique login/password for every farking ecommerce site we visit? Must we create an account? You only need my name, CC info, billing and shipping address and an email account to mail a receipt.

Or at least that option. If I plan on making a series of purchases there, I will like set up and use an account to make things easier.

Username fields that don't allow special characters so I can't just use my farking email address.

It's 2012. Go buy a key from a CA.

Any form on the Oracle website

Walker: There's no way I can remember 30 different passwords so I like to use the same one for everything.

Step 1: pick a master password like "pass123"
Step 2: for amazon, password = "amazon.pass123". for facebook, password = "face.pass123", etc.

Problem solved.

Tax Boy: Walker: There's no way I can remember 30 different passwords so I like to use the same one for everything.

Step 1: pick a master password like "pass123"
Step 2: for amazon, password = "amazon.pass123". for facebook, password = "face.pass123", etc.

Problem solved.

Not really. Now you're open to the dumbass website that stores passwords in the clear getting hacked from someguy on the inside or outside that figures out if your FARK password is fark.pass123, maybe your amazon password is amazon.pass123.

All sorts of websites store your password in the clear, even though they should know better.

Missed one - For Addresses in the U.S. (and probably a number of other places) start with the ZIP code. I guess you start with Country, then ZIP/Postal code. You really should be able to extrapolate at least the State, and probably the City as well from that. For counties that don't have that kind of code set up, people with mailing addresses there can do the rest of the entry by hand, and lobby their government if they don't like it.

/Really, really not that hard.

Tax Boy: Walker: There's no way I can remember 30 different passwords so I like to use the same one for everything.

Step 1: pick a master password like "pass123"
Step 2: for amazon, password = "amazon.pass123". for facebook, password = "face.pass123", etc.

Problem solved.

Except oops... this site doesn't allow periods, or that site has a password between 8 and 12 characters but site has a password that must be at least 16 characters. I've even been to sites that don't allow caps and some that require them.

Awesome. I love the Oatmeal. Now to check to see if my company's website would piss them off like this...

/I've been using pass phrases instead of letter-salad for years - I toss in a few words from other languages as well.

I will NOT be visiting anymore boing boing sites in the future since they feel the need to rip off other people's work

I use LastPass which works on most browsers and my phone and fills in the passwords for me.

Oh God yes. Getting those "Password already taken" errors make me want to punch someone. DeviantArt is probably the worst ever. Took me about a dozen tries to finally find an available username. I came dangerously close to being know as 'farkyouintheassbiatch'.


Walker:

There's no way I can remember 30 different passwords so I like to use the same one for everything. Yes, I know that's "bad tech policy" but I'm old and senile so shut up. If I have to have 30 different passwords I will have to write them down, which defeats the whole purpose of having a "secret" password. Plus I won't always have the little notebook with me with all the passwords in it, so I end up getting locked out of my own accounts constantly.

Preach it brother! I do the same thing, using 2-3 variations of the same password. Sorry, but I don't lose a lot of sleep worrying that someones going to hack my TrekkBBS, or Starship Modeler accounts.

Walker: There's no way I can remember 30 different passwords so I like to use the same one for everything. Yes, I know that's "bad tech policy" but I'm old and senile so shut up. If I have to have 30 different passwords I will have to write them down, which defeats the whole purpose of having a "secret" password. Plus I won't always have the little notebook with me with all the passwords in it, so I end up getting locked out of my own accounts constantly.

Yes, but then getting your account "hacked" is on you. The site can claim that they took all the steps necessary to secure your account. Enforcing super stringent passwords is more about shifting blame than anything else.

This is a good list of gripes, and typical of The Oatmeal's consistent production. Honestly, it just seems like people suck at making forms in general, not just web designers. Our HR department constantly spits out forms that:
1. are unlocked .doc files
2. don't use "forms" items in any way
3. have fill-ins that are "_" characters instead of underlined cells
4. use spaces instead of tabs to align things

Hell they published our Employee Handbook as an editable .doc! I'll tell you there are some very specific rules I look forward to following and then citing in the future. All this when we have Adobe Acrobat Pro to make fillable, printable .pdfs that don't get all jacked when you try to use them.

TommyDeuce: Missed one - For Addresses in the U.S. (and probably a number of other places) start with the ZIP code. I guess you start with Country, then ZIP/Postal code. You really should be able to extrapolate at least the State, and probably the City as well from that. For counties that don't have that kind of code set up, people with mailing addresses there can do the rest of the entry by hand, and lobby their government if they don't like it.

/Really, really not that hard.

I've always wondered the same things so I just looked up how zip codes work and it actually seems like it is that hard.

For example ZIP code 42223 spans Christian KY and Montgomery TN, and ZIP code 97635 spans Lake OR and Modoc CA.¹

Where the hell is DON'T MAKE ME PUT shiat IN MY SHOPPING CART TO BE ABLE TO FIGURE OUT WHAT IT COSTS?!

No I don't want to become a member of your site I just want to buy a horse dildo.

SableTigre: Emposter: Mirrorz: Why didn't subby just link directly to The Oatmeal's site?
That "article" is just one of his images embedded on a different page.

Came to say this. Wanna bet BoingBoing pays for greens?

Looks like mods fixed it so it goes straight to Oatmeal now....

So they did. +1 mods

Also, to subby...I'd never see Oatmeal's stuff before, and now I have. Thanks!

So with the site I built, usernames need to be 3 characters long (max 255). Passwords need to be 3 characters long (max 255). Usernames are specific per client (we are a business administration software site).

That's the only requirements.

I store passwords in the database by salting and hashing the password 65,000 times in a loop. Thus it takes anybody 1 second per try. This will effectively shut down a hacker that steals the database. The other awesome way I protect our user's data is all email addresses and usernames are encrypted (2 way cipher so not as secure) so if somebody steals the database they will have to work at getting the email addresses and usernames from the database.

Lastly our database configuration is encrypted (AES 256) so you have to decrypt the config file to even see the database username and password if you get root access.

Lastly all database actions go through stored procedures which kills SQL Injection attacks.

It's not hard to write secure software. It just takes a little thinking.

/Site is 100% written by myself.

Weigard: No I don't want to become a member of your site I just want to buy a horse dildo.

THIS!

Or don't make me put in my credit card number to see shipping costs!

Why the fark are you even asking what country I'm from? Look at my farking IP! The goddamn "Find hot, single ladies in *X* who want to steal your kidneys" ads manage to figure out (with some margin of error) what cocking city I'm in. Your store should be at least as smart as the kidney thieves.

Walker: Yeah, that password one annoys me too. "Your password must be at least 8 characters long, have a number, a letter, a special character, an uppercase character, a lowercase character, the word bababooey in it, and the name of your first grade teacher's firstborn grandchild".

There's no way I can remember 30 different passwords so I like to use the same one for everything. Yes, I know that's "bad tech policy" but I'm old and senile so shut up. If I have to have 30 different passwords I will have to write them down, which defeats the whole purpose of having a "secret" password. Plus I won't always have the little notebook with me with all the passwords in it, so I end up getting locked out of my own accounts constantly.

The Washington Metro website has some funky requirement for passwords that makes it impossible for me to remember mine. And they don't have a I'm A Dumbshiat Please E-mail Me My Password feature, either. So I get lock out of my account about once every three months.

some of the CAPTCHA systems make me angry.

c'mon, man.

The oatmeal guy is a sad, whiny bastard. Some of his spiels are pretty funny, but man for the most part it's just a comic about disappointment, which is kind of farked up.

Because People in power are Stupid: I'm pissed that KoalaMeat.com doesn't exist.

You know what you must do.

I wish I could find a shopping cart that blows, I would be the happiest shopper.

Oh and the required field fix he suggests is shiat. It is so easy to make the required field you missed bright red and scroll to it. Just showing you the form again with the same message at the top, but louder, is retarded.

Bedurndurn: Why the fark are you even asking what country I'm from? Look at my farking IP! The goddamn "Find hot, single ladies in *X* who want to steal your kidneys" ads manage to figure out (with some margin of error) what cocking city I'm in. Your store should be at least as smart as the kidney thieves.

There's no sure-fire way to determine a country from an IP address - there are databases you can use, but they need to be constantly updated, so it's never 100%.

hoho19: I store passwords in the database by salting and hashing the password 65,000 times in a loop. Thus it takes anybody 1 second per try.

That seems like a bad idea to me. I might not want to hack into your database but that seems like a target for a DOS attack. If only 1 request keeps it busy for 1 second that seems ripe for abuse. If I'm wrong I would love to know why.

Tranquil Hegemony: Bedurndurn: Why the fark are you even asking what country I'm from? Look at my farking IP! The goddamn "Find hot, single ladies in *X* who want to steal your kidneys" ads manage to figure out (with some margin of error) what cocking city I'm in. Your store should be at least as smart as the kidney thieves.

There's no sure-fire way to determine a country from an IP address - there are databases you can use, but they need to be constantly updated, so it's never 100%.

99% of the time is good enough for me. If you are a state side business there is no reason to have some funky EU country listed, US should be the default if you want another country you should have to change it yourself. Then after a month look at who orders from you then put the top 5 countries at the top of the list for faster lookups.

Tranquil Hegemony: Bedurndurn: Why the fark are you even asking what country I'm from? Look at my farking IP! The goddamn "Find hot, single ladies in *X* who want to steal your kidneys" ads manage to figure out (with some margin of error) what cocking city I'm in. Your store should be at least as smart as the kidney thieves.

There's no sure-fire way to determine a country from an IP address - there are databases you can use, but they need to be constantly updated, so it's never 100%.

Good point (though I'd bet it'd be just fine for 95+% of people on residential internet service). You could still set default values for your select boxes based on that info though, and it makes dramatically more sense than making me find United States of America in a select box that defaulted to Afghanistan. Heck if you get a low confidence on your IP-based location result, just default to the country you get most of your business from and it'll probably be right.

Walker: Yeah, that password one annoys me too. "Your password must be at least 8 characters long, have a number, a letter, a special character, an uppercase character, a lowercase character, the word bababooey in it, and the name of your first grade teacher's firstborn grandchild".

There's no way I can remember 30 different passwords so I like to use the same one for everything. Yes, I know that's "bad tech policy" but I'm old and senile so shut up. If I have to have 30 different passwords I will have to write them down, which defeats the whole purpose of having a "secret" password. Plus I won't always have the little notebook with me with all the passwords in it, so I end up getting locked out of my own accounts constantly.

Bosco?

I use Dad's address. Enough numbers and letters so that it works everywhere.

/he's at 1452 Davidson

Bedurndurn: Tranquil Hegemony: Bedurndurn: Why the fark are you even asking what country I'm from? Look at my farking IP! The goddamn "Find hot, single ladies in *X* who want to steal your kidneys" ads manage to figure out (with some margin of error) what cocking city I'm in. Your store should be at least as smart as the kidney thieves.

There's no sure-fire way to determine a country from an IP address - there are databases you can use, but they need to be constantly updated, so it's never 100%.

Good point (though I'd bet it'd be just fine for 95+% of people on residential internet service). You could still set default values for your select boxes based on that info though, and it makes dramatically more sense than making me find United States of America in a select box that defaulted to Afghanistan. Heck if you get a low confidence on your IP-based location result, just default to the country you get most of your business from and it'll probably be right.

Yeah, using it to set the default is a good idea (hmm, might have to try that!) I also put the most common countries at the top, as the Oatmeal guy recommends. USA #1!

I just want to add, there is no need to make me select what type of credit card (MasterCard/Visa/Discover/AMEX) I am using. The first digit tells you the type. There is nothing more infuriating than getting an error because the type and number mismatch, especially if you make me re-enter information.

buck1138: Except oops... this site doesn't allow periods, or that site has a password between 8 and 12 characters but site has a password that must be at least 16 characters. I've even been to sites that don't allow caps and some that require them.

One site bounced my password because it ended in a number. That's a requirement that scares the shiat out of me, because I imagine there's some kind of text parsing rationale behind it, which implies they're storing plain-text passwords.

Bedurndurn: Your store should be at least as smart as the kidney thieves.



Already a band name.