Comments for Damian Brady's Blog

Comment on CAPTCHA is Dead, Long Live PAPTCHA? by Damian Brady’s Blog » 3D CAPTCHA

Damian Brady’s Blog » 3D CAPTCHA — Fri, 18 Jul 2008 02:20:37 +0000

[…] a previous post, I talked about the limitations with CAPTCHA systems and proposed a partially-automated turing test […]

Comment on The Myth of the Interchangeable Programmer by nickf

nickf — Wed, 09 Jul 2008 15:17:08 +0000

this is so true, and it gives those of us who have a job such power over our bosses. On at least two occasions at two different workplaces, I’ve been able to respond to some telling-off with “What are you gonna do? Fire me?”. I tell ya, it’s GREAT for employee morale.

Comment on Translink Fail by Rob McDonagh

Rob McDonagh — Fri, 04 Jul 2008 16:50:12 +0000

Fascinating post. The “a” in the Domino server version isn’t for alpha, it was a sub-point release (first 4.67, then 4.67a). But you’re right to be scared. Version 4 is ancient, and not even remotely secure at this point (though Domino in general is extremely secure).

Comment on Most Password Policies Are Bad by nickf

nickf — Thu, 03 Jul 2008 04:18:03 +0000

In my own personal experience, and corroborated by some other things I’ve read about common passwords (http://www.modernlifeisrubbish.co.uk/article/top-10-most-common-passwords), there’s a few places to start if you want to try to guess someone’s password:
a) the name of their favourite football team. at a job I once worked at where virtually the entire userbase was situated in Adelaide, just out of interest I queried the database: SELECT * FROM users WHERE password LIKE MD5(’crows’) OR password LIKE MD5(’power’)… unbelievable how many people had this.
b) their own first name.
c) their pet’s name. (obviously, you’ll need to know them personally for this one)

If none of these three work, add a “1″ to the end. If that doesn’t work, add “123″.

On a personal level, I’ve been really frustrated by some sites which enforce a minimum length, as well as a MAXIMUM length (sometimes only 8 characters)!! It’s shockingly poor form on at least three counts:
a) I need to create an entirely new password just for this site, so I need to make it even easier to remember or guess if I forget it
b) It means that any potential hackers only have to run brute force attacks for strings of a defined length.
c) It tends to suggest that my password is now sitting somewhere unencrypted. scary.

Comment on Doomed from the start by nick

nick — Tue, 10 Jun 2008 07:24:12 +0000

“Not much of a restriction - who has more than 5 computers?”

*raises hand*

Comment on Programming Test by A PROGRAMMING JOB INTERVIEW CHALLENGE #7 - COINS OF THE ROUND TABLE | Dev102.com

Mon, 09 Jun 2008 10:35:37 +0000

[…] Brady wrote a beautiful answer in his blog as did Ricky in his blog Crazy Pointer and Siddharth in his blog Some […]

Comment on Programming Test by Damian Brady

Damian Brady — Tue, 03 Jun 2008 02:19:13 +0000

You can’t change the behaviour of the == operator in the Object class I don’t think. You might be able to with extension methods in .Net 3.0, but I doubt it - haven’t tried it.

I meant that you can override the == operator (write your own definition) in any class you create and it will be called rather than the default Object behaviour.

Also, probably shouldn’t have said C++. I’m way too rusty on it and it looks like I’m a bit off with that suggestion (read: wrong). Java might have been more appropriate - or any language where everything is considered an object.

My intention was to suggest that in language similar to C#, the == operator will return false for two separate non-primitives regardless of their actual value.

Comment on Programming Test by Jon

Jon — Tue, 03 Jun 2008 01:53:36 +0000

Can you override the == operator of the Object class?

Comment on Programming Test by Damian Brady

Damian Brady — Mon, 02 Jun 2008 23:00:43 +0000

Fair point - I can’t really think of an occasion where you don’t know what type of object is going in a list. Even if it needs to be reusable, just use generics. Actually, since .Net 2.0, I don’t think I’ve used ArrayList - the List generic does the same job and provides type safety.

That aside, use of the Equals function makes sense as long as you know what it means. You get the same behaviour with C++.

Unless you’ve overridden the behaviour for a class, Equals() gives you value equality and == gives you reference equality. For unboxed primitives, == will give the same answer as Equals.

Also, as a side note, you can actually override operators in C#: http://msdn.microsoft.com/en-us/library/ms173147(VS.80).aspx.

Comment on Programming Test by Jon

Jon — Mon, 02 Jun 2008 15:55:30 +0000

Duh… and the lesson is - used typed containers unless you REALLY have a good reason. C# and its dumb operators which aren’t virtual and can’t be overridden and the less than obvious use of Equals() as a solution….