Main Page

Explain xkcd: It's 'cause you're dumb.
(Difference between revisions)
Jump to: navigation, search
(whyyyy)
(Is this why it's not working?)
Line 44: Line 44:
 
If you need assistance from an [[explain xkcd:Administrators|admin]], post a message to the [[explain xkcd:Community portal/Admin requests|Admin requests]] board.
 
If you need assistance from an [[explain xkcd:Administrators|admin]], post a message to the [[explain xkcd:Community portal/Admin requests|Admin requests]] board.
  
<html><a href="https://plus.google.com/100547197257043990051" rel="publisher">Google+</a></html>
+
<html><a href="https://plus.google.com/+Explainxkcd" rel="publisher">Google+</a></html>
  
 
[[Category:Root category]]
 
[[Category:Root category]]

Revision as of 00:11, 5 January 2014

Welcome to the explain xkcd wiki!
We have an explanation for all 1 xkcd comics, and only 13 (1%) are incomplete. Help us finish them!

Latest comic

Go to this comic explanation

New Bug
There's also a unicode-handling bug in the URL request library, and we're storing the passwords unsalted ... so if we salt them with emoji, we can close three issues at once!
Title text: There's also a unicode-handling bug in the URL request library, and we're storing the passwords unsalted ... so if we salt them with emoji, we can close three issues at once!

Explanation

Ambox notice.png This explanation may be incomplete or incorrect: How does salting with emoji fix the unicode-handling bug in the URL request library? Does it really? Additionally, this explanation requires a thorough grammar and spelling fix from the fourth paragraph onward.

Cueball asks if an off-panel character can look at his bug report. The person asks if it's a "normal one" and not a "horrifying" one which "proves that the whole project is broken beyond repair and should be burnt to the ground". This implies that there have been reports of the "horrifying" variety in the past.

Cueball promises that it is a normal one but it turns out that the server crashes when a user's password is a resolvable URL, which implies that the server is in some way attempting to resolve passwords as if they were URLs. A resolvable URL is one that is syntactically correct and refers to a find-able and accessible resource on the internet (i.e. does not return a 404 error or equivalent when resolved). This can be because it contains a fully qualified domain name or a valid ip address, and optionally (in either case) a resource that exists on the destination server.

Also, Cueball specifically states that the server is crashing, rather than his application. While this could be an example of misused terminology on the part of Cueball or Randall, given Cueball's history his choice of terms is probably accurate. In the context of web services the server refers to either the computer itself or the program that responds to web requests and executes the user's (i.e. Cueball's) application. Cueball would be in charge of building the application. The importance of this distinction is that a typical system has safe guards in place at many levels to prevent a misbehaving application from crashing anything other than itself. So for his application to crash the server (either the computer itself or the server software hosting his application) would require his application to be operating in a way far outside of the norm. Alternatively, the project might include its own server software without the safeguards.

While there appears to be little reason for the code that processes passwords to attempt to resolve the input string as a URL, then a common function in password programs is the functionality of assessing the strength of a password, using a combinations of heuristic testing for uniqueness, length, good use of mixed characters and dictionary lookups for common words -- this password function have extended the dictionary lookups to using DNS names and URLs, so people choosing a password like "XKCD.com" would be given a low strength score, even that no part of it is a dictionary word and it contain both upper, lower case and special characters. However, accessing the internet in any security function like password creation open up, not only possibility of new bugs like the one mentioned, but also a completely new set of security issues which is not what you want from a critical function handling passwords. Realizing the wealth of new security issues, the off-panel person resigns and decides that burning the project to the ground is the only solution, telling Cueball I'll get the lighter fluid.

In the title text another two issues with Cueball's program are mentioned together with a possible solution that would fix all three problems at once. The second problem is unicode-handling bug in the URL request library, and the third is that the passwords are stored unsalted. Salting passwords increases security in the event that the database is compromised by ensuring that users with the same password will not have the same password hash. This makes some attacks used to decipher hash databases, such as rainbow tables, effectively impossible.

The proposed solution is to salt the passwords with emoji, which is claimed to solve all three issues at once.

When the passwords are salted with emoji, the URL request library will fail to resolve any (salted) passwords because emoji are not valid characters in URLs. Since the server only crashes on resolvable URLs, this should mean the server won't crash anymore. In addition, the passwords will now be salted.

Given that this comic comes only five comics after 1695: Code Quality 2 is seems likely that the off-panel person is Ponytail and as could be seen in the first of those two comics, 1513: Code Quality, the perpetrator is indeed Cueball. In the title text of this first one, using emoji in variable names is mentioned.

In 1349: Shouldn't Be Hard Cueball is also programming and finding it very difficult in-spite that he thinks is should be easy. An off-panel person suggest burning the computer down with a blowtorch much like the off-panel person in this one suggest burning the whole project (including the computer) to the ground with lighter fluid. In the very next comic, the multi storyline 1350: Lorenz, one story line results in a computer being burned with a blow torch.

Transcript

[Cueball sits at his desk in front of his computer leaning back and turning away from it to speak to a person off-panel.]
Cueball: Can you take a look at the bug I just opened?
Off-panel voice: Uh oh.
[Zoom out and pan to show only Cueball sitting on his chair facing away from the computer, which is now off-panel. The person speaking to him is still of panel even though this panel is much broader.]
Off-panel voice: Is this a normal bug, or one of those horrifying ones that prove your whole project is broken beyond repair and should be burned to the ground?
[Zoom in on Cueballs head and upper torso.]
Cueball: It's a normal one this time, I promise.
Off-panel voice: OK, what's the bug?
[Back to a view similar to the first panel where Cueball has turned towards the computer and points at the screen with one hand.]
Cueball: The server crashes if a user's password is a resolvable URL.
Off-panel voice: I'll get the lighter fluid.


Is this out of date? Clicking here will fix that.

New here?

Last 7 days (Top 10)

Lots of people contribute to make this wiki a success. Many of the recent contributors, listed above, have just joined. You can do it too! Create your account here.

You can read a brief introduction about this wiki at explain xkcd. Feel free to sign up for an account and contribute to the wiki! We need explanations for comics, characters, themes, memes and everything in between. If it is referenced in an xkcd web comic, it should be here.

  • List of all comics contains a table of most recent xkcd comics and links to the rest, and the corresponding explanations. There are incomplete explanations listed here. Feel free to help out by expanding them!
  • We sell advertising space to pay for our server costs. To learn more, go here.

Rules

Don't be a jerk. There are a lot of comics that don't have set in stone explanations; feel free to put multiple interpretations in the wiki page for each comic.

If you want to talk about a specific comic, use its discussion page.

Please only submit material directly related to —and helping everyone better understand— xkcd... and of course only submit material that can legally be posted (and freely edited). Off-topic or other inappropriate content is subject to removal or modification at admin discretion, and users who repeatedly post such content will be blocked.

If you need assistance from an admin, post a message to the Admin requests board.

<html><a href="https://plus.google.com/+Explainxkcd" rel="publisher">Google+</a></html>

Personal tools
Namespaces

Variants
Actions
Navigation
Tools

It seems you are using noscript, which is stopping our project wonderful ads from working. Explain xkcd uses ads to pay for bandwidth, and we manually approve all our advertisers, and our ads are restricted to unobtrusive images and slow animated GIFs. If you found this site helpful, please consider whitelisting us.

Want to advertise with us, or donate to us with Paypal?