[13:10] <mrgoodcat> ive never used code.google.com before but i think it says a lot that the Go project is moving to github
[13:11] <mrgoodcat> maybe not, but its just funny that a google sponsored project would move away from google hosting
[13:24] <rick_h_> morning
[13:25] <rick_h_> google's had a lot of stuff on github for a while
[13:25] <rick_h_> I think there's some angular stuff, android stuff,
[13:25] <rick_h_> https://github.com/google lol 16 pages of projects
[13:25] <mrgoodcat> lots of android
[13:27] <rick_h_> ok, can't +1 that enough https://twitter.com/kirtan/status/532730437177581568/photo/1
[14:21] <cmaloney> Good morning
[14:21] <cmaloney> mrgoodcat: Google's been trying to offload Google Code for a while.
[14:22]  * cmaloney is listening to Kalabi - Slow Boat to Nowhere
[14:22] <cmaloney> Bah, hasn't caught up
[14:23] <cmaloney> Apparently the album of the morning is Public Image Limited's Acid Drops.
[14:47] <mrgoodcat> just trying to discontinue another product i guess
[14:47] <mrgoodcat> at least this time you can see it coming a long way off
[15:20] <cmaloney> Watching rick_h_ rock the Juju Gui
[15:54] <rick_h_> woot rock rock rock
[15:55] <cmaloney> Well now I can't say I didn't participate in UOS. ;)
[15:57] <dzho> heh
[15:57] <dzho> so, is that happening now? ;-)
[16:00] <rick_h_> lol
[16:00] <cmaloney> UOS is happening now
[16:00] <rick_h_> https://plus.google.com/116120911388966791792/posts/6YDBe3zwEih
[16:00] <rick_h_> just wrapped up
[16:00] <cmaloney> I think it's the last day iirc
[16:00] <rick_h_> please +1 and reshare and allt hat
[16:00] <rick_h_> yea, friday friday
[16:05] <mrgoodcat> just learned chase bank's passwords are case insensitive
[16:05] <mrgoodcat> cahse--
[16:05] <mrgoodcat> chase-- even
[16:06] <cmaloney> mrgoodcat: Oh that's handy
[16:07] <greg-g> are they still limited to 12 or something characters?
[16:07] <mrgoodcat> idk but probably
[16:07] <mrgoodcat> i don't use chase
[16:07] <mrgoodcat> huntington is limited to 12 or less, no special chars
[16:07] <mrgoodcat> its like pls hack my bank
[16:08] <mrgoodcat> i use simple now. full unicode password support ftw
[16:08] <cmaloney> I don't understand that at all
[16:08] <cmaloney> Stop parsing my password and just hash kthxbai.
[16:09] <mrgoodcat> yea thats all simple does i think
[16:09] <mrgoodcat> no min/max length that i know of
[16:09] <mrgoodcat> actually the advertised no max length when i set mine up
[16:11] <greg-g> I'm fine with reasonable minimums (like 6 or 8 or so)
[16:12] <cmaloney> I'm fine with them parsing the password client-side and saying things like "that password is your cat's name. Seriously don't use that"
[16:12] <cmaloney> but rejecting it once it hits the server == bad.
[16:13] <_stink_> CHASE-- and chase-- and chASe--
[16:13] <cmaloney> unless they're decrypting the password
[16:13] <cmaloney> _stink_: hahahahaha
[16:16] <mrgoodcat> "We'll grade your passphrase strength and require at least a C to pass"
[16:16] <mrgoodcat> looks like client side
[16:16] <mrgoodcat> its doing it as i type
[16:17] <cmaloney> Yeah, that I don't mind in the slightest
[16:17] <mrgoodcat> no max length it looks like
[16:17] <cmaloney> ++
[16:21] <greg-g> I forget who it was, but some bank just truncated after 12 characters and hashed/whatever that
[16:21] <greg-g> so, 123456789012A and 123456789012B were the same to them
[16:21] <greg-g> thought it was Chase, but /me shrugs
[16:22] <cmaloney> greg-g: Seriouslyt
[16:22] <cmaloney> ?
[16:23] <greg-g> yeppers
[16:23] <cmaloney> Sadly I'm sure the reasoning was because someone read that passwords 8-12 characters long were secure and someone else didn't want to waste the space on the drives for the extra characters. ;)
[16:23] <greg-g> cleartext ftw!
[16:24] <cmaloney> (Even though the results were likely salted / hashed, or encrypted)
[16:25] <greg-g> most likely, PCI DSS and all that
[16:25] <greg-g> but seriously, not sure how "truncate after 12 chars, oh, and don't tell the user" is PCI DSS compliant
[16:26] <cmaloney> The results are hashed / encrypted
[16:26] <cmaloney> so [x]
[16:26]  * greg-g nods
[16:26] <cmaloney> That's why I have to laugh at some of the compliance audits
[16:26] <cmaloney> Sometimes they codify stupid behavior
[16:26] <greg-g> I'm glad I know Zero about PCI DSS other than the 6 letters, I easily forget what they stand for even :)
[16:27] <cmaloney> People Can Infer Dumb System Specs?
[16:27] <greg-g> :)
[16:27] <cmaloney> s/INfer/ Implement/
[16:27] <greg-g> somethign like that
[16:28] <rick_h_> greg-g: that was windows at one time
[16:28] <cmaloney> Oh yeah, Windows XOR passwords. :)
[16:28] <cmaloney> That was Windows 95-era, iirc
[16:32] <cmaloney> rick_h_: I think I found your next computer: http://www.rave.com/products/xeon-21-tri-screen/
[16:33] <cmaloney> Unfortunately it has a trackpad though
[16:33] <rick_h_> cmaloney: hah, I'm trying to make https://play.google.com/store/devices/details?id=nexus_9_keyboard_folio_black my next travel computer but it's still coming soon
[16:33] <cmaloney> responsive mechanical keyboard
[16:33] <jrwren> windows used xor passwords?
[16:33] <cmaloney> I don't think that means what you think it means
[16:34] <rick_h_> cmaloney: heh, yea only for travel
[16:34] <mrgoodcat> most banks use the same software for their online banking
[16:34] <mrgoodcat> it was made by a 3rd party
[16:34] <rick_h_> I'm not giving up my kenisis, 4k, standing desk any time soon
[16:34] <mrgoodcat> and only supported up to 12 characters
[16:34] <cmaloney> jrwren: Yeah, there was a pretty simple password-cracker for Windows iirc.
[16:34] <mrgoodcat> can't rmbr what company made it
[16:35] <greg-g> CDC?
[16:35] <greg-g> :)
[16:35] <greg-g> oh, wait, I was mixing cmaloney and mrgoodcat :)
[16:35] <cmaloney> har har
[16:35] <greg-g> (CDC == Cult of the Dead Cow, for those that didn't get the reference)
[16:35] <jrwren> cmaloney: it wasn't just ntlmv1?
[16:36] <cmaloney> jrwren: My memory and Google-fu are failing me at the moment
[16:36] <cmaloney> http://insecure.org/sploits/windoze.sharepasswords.html <- This is the only thing I'm noticing ATM
[16:37] <cmaloney> I think the screensaver password was XOR as well
[16:37] <cmaloney> Maybe that's what I'm conflating
[16:37] <jrwren> maybe old lanman compat, so not even ntlm
[16:37] <cmaloney> Yeah, nothing recent
[16:37] <cmaloney> Though there was a way to reset the admin PW on a Windows machine using a Linux / NTFS disk
[16:38] <cmaloney> Remember using that on Chrysler machines to get access to the admin accounts
[16:38] <cmaloney> But that's not the fault of Windows, rather the fault of having physical access.
[16:38] <jrwren> cmaloney: i think that still works.
[16:38] <jrwren> cmaloney: yeah, can definitely do that with linux too.
[16:39] <mrgoodcat> yea you can do that on any of the 3 major OSs
[16:40] <mrgoodcat> i've done it on my own linux machine actually
[16:40] <mrgoodcat> but my encrypted homedir was toasted
[16:40] <cmaloney> ouch
[16:40] <mrgoodcat> its fine i back up
[19:12] <cmaloney>  http://www.jonobacon.org/2014/11/14/ubuntu-governance-reboot/
[19:18] <cmaloney> So far this morning my Squeezebox has been picking out great albums at random
[19:18] <cmaloney> Though I had to tell it that I didn't want to listen to live Pigface this morning
[21:00] <akelling> http://depressedalien.com/Large/253.png
[21:42] <cmaloney> http://www.metalinjection.net/av/mike-portnoys-contribution-to-the-new-haken-ep-is-just-astounding
[21:42] <cmaloney> Apparently the band had a competition to figure out what Mike Portnoy's contribution was
[21:42] <cmaloney> and someone guessed almost, but not quite right
[21:43] <cmaloney> akelling: hah. :)
[22:27] <cmaloney> I'm about 2 seconds away from enabling a pep8 git hook that will reject any commit that fails pep8
[22:27] <mrgoodcat> lol
[22:27] <mrgoodcat> at work?
[22:28] <mrgoodcat> could probably add it to the CI tests pretty easily
[22:28] <mrgoodcat> build:failed "pep8 fail"
[22:29] <cmaloney> yeah
[22:29] <cmaloney> also: "log message too long"
[22:29] <mrgoodcat> not even necessarily a bad idea as long as people would fix it and recommit
[22:29] <cmaloney> also: commented code detected
[22:30] <mrgoodcat> commented code is not always bad
[22:30] <mrgoodcat> mostly yes
[22:30] <mrgoodcat> not but always
[22:30] <mrgoodcat> came across a comment at work the other day that was basicall "# don't even try to fix this function if it breaks. just rewrite it"
[22:31]  * cmaloney is listening to Motorpsycho - Don't Wait
[22:31] <cmaloney> mrgoodcat: Was that one you left in there?
[22:31] <mrgoodcat> not that i remember?
[22:31] <mrgoodcat> didn't git blame
[22:32] <mrgoodcat> probably
[22:32] <mrgoodcat> lol
[22:32] <cmaloney> Sounds like something I'd leave in there
[22:32] <mrgoodcat> it is something i merged at the very least though
[22:32] <mrgoodcat> since its in a part of the code that is not older than my employment
[23:44] <derekv> so, here's a nonsense question, if you have a 1to1 relation, what language do you normally use to describe the situation where, the entity on one side is meaningless without the other (maybe, ownership?), vs both sides exist independently of each other
[23:44] <mrgoodcat> english
[23:45] <mrgoodcat> :)
[23:45] <mrgoodcat> like user has one phone but phone is useless without user?
[23:46] <mrgoodcat> i'd say ownership
[23:46] <derekv> found this http://stackoverflow.com/questions/762937/whats-the-difference-between-identifying-and-non-identifying-relationships
[23:46] <derekv> mrgoodcat: yes
[23:47] <mrgoodcat> why are they in separate tables?
[23:47] <mrgoodcat> if B is meaningless without A and its 1-1 couldn't B just be in table A?
[23:47] <derekv> in a relational db, you'd probably put them in the same table
[23:48] <derekv> but i'm playing with the idea of a data model to describe data models =P
[23:48] <derekv> and was trying to decide if there was more than one type of 1to1 relationship