Facebook Master Password Was "Chuck Norris"

I Don't Believe in Imaginary Property writes "A Facebook employee has given a tell-all interview with some very interesting things about Facebook's internals. Especially interesting are all the things relating to Facebook privacy. Basically, you don't have any. Nearly everything you've ever done on the site is recorded into a database. While they fire employees for snooping, more than a few have done it. There's an internal system to let them log into anyone's profile, though they have to be able to defend their reason for doing so. And they used to have a master password that could log into any Facebook profile: 'Chuck Norris.' Bruce Schneier might be jealous of that one."

Chuck Norris...

[thewils]

doesn't need a password.

Re:Chuck Norris...

doesn't need a password.

But us mere mortals must invoke his name to access his powers.

Re:Chuck Norris...

Will he brute force his way in?

Re:Chuck Norris...

[Em+Emalb]

In Soviet Russia, passwords ask for Chuck Norris.

Re:Chuck Norris...

Chuck Norris types in his name as the Username and a program never has the chance to ask for a Password.

Re:Chuck Norris...

123456

Re:Chuck Norris...

[Zarf]

Chuck Norris doesn't need a password, he just round-house kicks the keyboard into submission.

Re:Chuck Norris...

[Monkeedude1212]

Haha, now THAT one is actually clever.

Re:Chuck Norris...

[InlawBiker]

Good one. Replying to remove my mistaken Overrated.

Re:Chuck Norris...

[electricbern]

That joke is so clever you get modded insightful for calling it clever. It had to be about Chuck Norris.

Re:Chuck Norris...

[coyotetwilightstudio]

The real password here is the Chuck Norris Roundhouse kick to the Face..book to gain access.

Re:Chuck Norris...

[Eric52902]

^ Chuck Norris must have gotten to him

Re:Chuck Norris...

No, Chuck Norris is the password.

Re:Chuck Norris...

[mukund]

Bender doesn't *need* to drink.

Re:Chuck Norris...

[PReDiToR]

Don't be silly, hunter2 hasn't worked for ages!

Re:Chuck Norris...

[MrKaos]

That joke is so clever you get modded insightful for calling it clever. It had to be about Chuck Norris.

I guess thats because the password is so tough that...oh never mind.

Re:Chuck Norris...

[MrKaos]

In Soviet Russia, passwords ask for Chuck Norris.

Well I for one welcome our new stream of Chuck Norris jokes.

Re:Chuck Norris...

The real question is... Can Chuck Norris create a password SO strong that he, himself, cannot crack it?????

Re:Chuck Norris...

[skelterjohn]

The joke is so clever that you get modded insightful for talking about how someone got modded insightful for calling it clever.

Hopefully we'll see some recursion here...

Re:Chuck Norris...

[ImprovOmega]

Can Chuck Norris create a password SO strong that he, himself, cannot crack it?????

Yes.

And then he can crack it.

Re:Chuck Norris...

[Dahamma]

Chuck Norris doesn't need a password, because when it's the real Chuck Norris - you just know.

Re:Chuck Norris...

[Amitz+Sekali]

What do you mean? ******* still works! Please try that again.

Re:Chuck Norris...

That joke is so clever you get modded insightful for calling it clever.

Do you have a problem with that? Don't make me mod you -9000, AIDS

--Chuck Norris >:[

Re:Chuck Norris...

[Sparx139]

If you use firefox, there's a greasefire script called Moderatrix that adds a confirmation button to the /. moderating system.

Re:Chuck Norris...

[rubi]

Chuck Norris IS facebook!

Re:Chuck Norris...

Anonymous Coward likes it.

[comment] [like] [delete].

Re:Chuck Norris...

[eharvill]

Wait a second. Are we talking about Chuck Norris or The Most Interesting Man in the World?

Re:Chuck Norris...

[edumacator]

You sir, are my new comment writing god.

Re:Chuck Norris...

ROFL. I literally am milk-through-nose rotfling.

Re:Chuck Norris...

No, he will bruce schneier his way in.

Re:Chuck Norris...

[CALI-BANG]

.. because he is the crack?

Re:Chuck Norris...

[tsa]

Is Chuck Norris the Healthiest Man in Chicago?

Re:Chuck Norris...

I didn't realise that I was on digg.

Re:Chuck Norris...

[troc]

Surely Chuck Norris' password would simply be "Me"

Re:Chuck Norris...

[precariousgray]

Wait a second. Are we talking about Chuck Norris or The Most Interesting Man in the World?

Yes.

Re:Chuck Norris...

[cp.tar]

Even shorter: just "I".

Re:Chuck Norris...

The password needs him.

Re:Chuck Norris...

[thommym]

In Soviet Russia, passwords ask for Chuck Norris.

Shouldn't that be in imperfect tense, asked?

Re:Chuck Norris...

[Stregano]

Both. Chuck Norris is the most interesting man in the world.

Re:Chuck Norris...

[Jason+Levine]

Yes. Luckily, the fist hidden behind his beard can crack it.

Re:Chuck Norris...

C-C-C-C-COMBO BREAKER!

Re:Chuck Norris...

[TheCarp]

Its whatever keys vaporize from the force of his round house.

Lulz

A privatized social networking site does not actually give you any privacy. Surprise!!!

Unhackable

Chuck Norris is unhackable thats the perfect password.

Not the master password

[DoofusOfDeath]

It's not Facebook's fault: it's not like they actually set the master password to "Chuck Norris".

The real WTF is that "Chuck Norris" works as a password into anything: Facebook, your online bank account, your sister's pants...

Re:Not the master password

[hansamurai]

My pants...

this is idle, right?

Re:Not the master password

[Zarf]

Try this when attempting to enter a club. When the bouncer denies you entry point and say, "Chuck Norris" while he is cowering for his life enter the club.

Re:Not the master password

relatedly, -your- sister's pants don't need a password at all to access

Re:Not the master password

[sunking2]

This is revealed in the extended edition of Sneakers.

Re:Not the master password

[goontz]

More importantly, why do you want the password to your own sister's pants?

Re:Not the master password

[krou]

your sister's pants...

Please tell me you didn't use this line to get into your sister's pants ...

Re:Not the master password

[rethgir]

It's not Facebook's fault: it's not like they actually set the master password to "Chuck Norris".

The real WTF is that "Chuck Norris" works as a password into anything: Facebook, your online bank account, your sister's pants...

You're getting your forums mixed up... I think you're looking for http://thedailywtf.com/

Re:Not the master password

Somehow I don't want access to my sister's pants.

Re:Not the master password

[BUTT-H34D]

Huh huh. Well *your sister doesn't wear any pants. Huh huh. Heh heh. She's a slut. Heh heh.

Re:Not the master password

[zig007]

Try this when attempting to enter a club. When the bouncer denies you entry

"Attempting"....Not "if" but "when"....

Make no mistake, this is definitely Slashdot. :-)

Re:Not the master password

My sisters' pants password is "Chuck Norris"? Ooh. I'll be having fun tonight!

Re:Not the master password

[kalirion]

Reading comprehension check, he said your sister's pants. I hope she's hot.

Re:Not the master password

[MichaelSmith]

If you can get into my sisters facebook account you can probably get into her pants.

Re:Not the master password

[Matrix14]

Man, the real WTF is that I didn't even notice that...

Re:Not the master password

[MarbleMunkey]

Reading comprehension check, he said your sister's pants. I hope she's hot.

This is Slashdot... does it really matter?

Re:Not the master password

[TheCarp]

Just out of curiosity, what is her email address?

Reason #2378238 not to be on Facebook

Like you need another reason?

Re:Reason #2378238 not to be on Facebook

[FlyingBishop]

Summary is a troll. The password was not plaintext (ok, l33t isn't that much more secure.) Just the same, the summary is a troll because this password only works if you're logged in at Facebook HQ - so basically it's like a database password. There's no real reason to secure this any more zealously than you would a database password, because it's just as secure. If someone's in a position to use the Chuck Norris password, they've already broken Facebook's security, or they are responsible for Facebook in some manner.

Re:Reason #2378238 not to be on Facebook

[BobMcD]

There are multiple moving parts to this, though:

1) There is (was) a master password that was not unique to the accounts

and

2) It had sufficient security to obviate it

What if '2' is false? Would anyone ever admit to that fact?

Re:Reason #2378238 not to be on Facebook

[crazybit]

why does everything has to be black or white? Just be careful of what you write in profile (I only post when I want to drive traffic to some link), and don't friend people you don't/barely know. It is much safe to have a controlled profile than risking yourself to be subject of a fake profile.

The problem are not the tools, but how people use/misuse them. If you are smart enough you can make this service (or any other service) work fine without exposing yourself. It's not like they are watching you from a satellite and posting pics of you every 5 mins without your consent, they publish what YOU publish.

Re:Reason #2378238 not to be on Facebook

[FlyingBishop]

Sure, but then you're just being paranoid. If you don't trust Facebook with your data, you don't trust Facebook with your data. But this master password doesn't really say anything about their trustworthiness.

Re:Reason #2378238 not to be on Facebook

[turbotroll]

why does everything has to be black or white? Just be careful of what you write in profile (I only post when I want to drive traffic to some link), and don't friend people you don't/barely know. It is much safe to have a controlled profile than risking yourself to be subject of a fake profile. The problem are not the tools, but how people use/misuse them. If you are smart enough you can make this service (or any other service) work fine without exposing yourself. It's not like they are watching you from a satellite and posting pics of you every 5 mins without your consent, they publish what YOU publish.

I mostly agree with you on this. However, I've got an impression that many features of Facebook have been specifically designed to encourage its users to disregard their and others' privacy.

Possibilities to surrender f(r)iends' email addresses or passwords to your own email accounts to Facebook are only some of the examples.

Re:Reason #2378238 not to be on Facebook

[kobiashi+maru]

this password only works if you're logged in at Facebook HQ

exactly. it only works on database. otherwise every single one of us slashdotters who saw this article could access every single person's account on facebook...wait a second, i smell world domination coming around the corner :)

Re:Reason #2378238 not to be on Facebook

[psithurism]

... Just be careful of what you write in profile...It's not like they are watching you from a satellite and posting pics of you every 5 mins without your consent, they publish what YOU publish.

I often talk about acquaintances on my profile who are careful on facebook or even those who never used facebook and tag embarrassing photos of them as well! I don't have a satellite cam, but if I did I would update those photos every five seconds. So, no matter how smart people are with facebook, their retard frienemies, like me, will be there violating their privacy.

Facebook publishes what EVERYONE publishes and further adds it to their database that stores it permanantly!

Re:Reason #2378238 not to be on Facebook

[DaVince21]

My friends are on there.

SHOCKER

[Monkeedude1212]

Nearly everything you've ever done on the site is recorded into a database

Considering nearly everything you ever do on Facebook is made public to either your friends or everybody - thats not shocking at all. The entire system is basically built around informing everybody of everything you do. You can't even perform an action without some app or another prompting you "Do you want to post this on your profile? YES/NO".

And for those of you wondering, it's obvious what the new password is;

The only man to have ever beaten Chuck Norris? Bruce Lee.

Re:SHOCKER

[flappinbooger]

Come on, it's not Bruce Lee. Bruce Lee is dead. The new password MUST be Jack Bauer.

Re:SHOCKER

[osu-neko]

The only man to have ever beaten Chuck Norris? Bruce Lee.

Wow, they must both have been spectacular actors to pull off that flight of fantasy... ;)

Re:SHOCKER

[JeffSpudrinski]

If 24 starred Chuck Norris, it would have been called "1".

And most of that time would have been Chuck just taking his time to get there...

-JJS

Re:SHOCKER

[Yvanhoe]

Agreed. (and thank you for being one of the only comments not related to Chuck Norris)
Inputing informations into facebook and expecting them to be kept private is a bit like lending money to a complete stranger and hoping it will turn out like a good investment. Facebook can be a useful tool (I actually learnt to like it) but just know what it is and what to expect from it.

Re:SHOCKER

[ivucica]

Get your Jacks right, it must be Jack Thompson.

Re:SHOCKER

[turbotroll]

Facebook is for attention whores who want other people to know details about their lives. Its fucking retarded to talk about privacy when the whole point is giving out your information.

Exactly. Somebody might say "Don't blame the tool," but I say this particular tool seems to be designed to promote cretinous behavior. Take the "poke" feature, for example. For fuck sake.

I know of 1 person with a facebook profile who isn't an attention whore, and they use it just so they can spy on others.

No one with a facebook account has any room to bitch about privacy, those that do are just using a different method of attention whoring, either way the result is the same.

The solution is relatively simple. Population control. I've also yet to meet anyone with a Facebook account that is actually useful to the world, so the next step would be to use the facebook account list to terminate a large number of morons.

Heheh, I believe whoever modded you down as a troll recognized yourself in your description.

Well, I've seen many surprisingly intelligent people who fell for that shit. A friend of mine opened an account because "all the hot chicks from the accounting department are there too" (I don't think he managed to score yet). Many others did it because of peer pressure -- which makes them spineless fucks, no matter how nice and intelligent people they might be otherwise.

Re:SHOCKER

[grim+visage]

I think it's the page view tracking that's troubling. Imagine if these logs were leaked. Can't say I like the idea of people knowing every photo I'd ever browsed through.

Re:SHOCKER

[pfleming]

Facebook is for attention whores who want other people to know details about their lives. Its fucking retarded to talk about privacy when the whole point is giving out your information.

Exactly. Somebody might say "Don't blame the tool," but I say this particular tool seems to be designed to promote cretinous behavior. Take the "poke" feature, for example. For fuck sake.

Facebook isn't the "tool". It's usually the user that's the tool. Well maybe Facebook is the tool: "poke". Meh.

Re:SHOCKER

[YttriumOxide]

Facebook is for attention whores who want other people to know details about their lives....
I know of 1 person with a facebook profile who isn't an attention whore, and they use it just so they can spy on others.

I have a facebook account, and am most definitely not an "attention whore". I spend a great deal of my life travelling around the world (for both work and pleasure), and find that facebook is a very good way to keep in loose contact with friends I've made around the world, but am unlikely to speak to regularly.

Next time I go to the New England area of the US for example, there's 4 or 5 people there who I'll be able to tell in advance that I'm coming and see if they want to meet up for a drink or two. Much better than knowing no-one there.

A common response to this is something like: "Why not just use email?". Simply because I don't want to personally try to maintain a private database of people's email addresses, and also because if I only emailed them once every 2 to 3 years (i.e. when I'm going to come visit), there's a good chance that we wouldn't really remember each other. By having the "loose contact" that facebook provides, they may not be fresh in my memory, but they're at least on the radar.

Its fucking retarded to talk about privacy when the whole point is giving out your information.

This however, I completely agree with. There's nothing on my facebook profile that I wouldn't be happy to announce to the world. Of course, I'm pretty open about myself in general, so my facebook profile does have pictures of me taking LSD, friends smoking pot, drunkenness at parties and so on. It doesn't bother me who sees these things. It also has things on there not related to partying or illegal mind expansion. I figure that anyone who sees it will see that I'm a complete person, not just a one dimensional character. I have characteristics that some may consider flaws (such as the occasional (but yes, rare) heavy drinking; and the also occasional (but not so rare) LSD use) and attempt to use against me; but I myself don't consider them flaws, so if others do, I think of that as their problem, not mine. If a potential employer were to find out about these things and then not hire me, then it's probably a company I wouldn't have been happy working for anyway (for reference, I've been drunk with my current boss more than once, and tripped with my last boss once - as long as it doesn't negatively affect my job, neither of them cared (and my last boss accepted that the LSD probably improves my work as long as I'm not actually on it while at work)).

Re:SHOCKER

[precariousgray]

You can't even perform an action without some app or another prompting you "Do you want to post this on your profile? YES/YES".

There, I fixed that for you.

Re:SHOCKER

[jonadab]

> I know of 1 person with a facebook profile who isn't an attention whore,

I have a Facebook profile.

> and they use it just so they can spy on others.

In my case, I use it to read updates that a friend of mine is posting on there. He grew up here (Galion, Ohio) but is currently living in Vermont, attempting to plant a church there (yes, in Vermont, really; nobody ever accused him of avoiding difficult endeavors). He chose Facebook as the venue to post his updates. Personally, I would have preferred a site that lets people just stop by and read without signing up (say, Blogspot), but that's not what he selected. He's not a computer geek really, so Facebook is probably just what he happened to have heard of.

So yeah, I wanted to read his updates, and therefore I have a Facebook profile. I never post anything on it, though, and I hardly even bother looking at the various invitations and requests people send me. I just read Tom's home missions updates once a week or so, and that's basically it.

Re:SHOCKER

[SgtChaireBourne]

Next time I go to the New England area of the US for example, there's 4 or 5 people there who I'll be able to tell in advance that I'm coming and see if they want to meet up for a drink or two. Much better than knowing no-one there.

There used to be this thing called e-mail for that, back in the old days.

Re:SHOCKER

[YttriumOxide]

There used to be this thing called e-mail for that, back in the old days.

To quote myself on the post you clearly didn't finish reading:

A common response to this is something like: "Why not just use email?". Simply because I don't want to personally try to maintain a private database of people's email addresses, and also because if I only emailed them once every 2 to 3 years (i.e. when I'm going to come visit), there's a good chance that we wouldn't really remember each other. By having the "loose contact" that facebook provides, they may not be fresh in my memory, but they're at least on the radar.

Re:SHOCKER

Only in the movies (one movie actually, a foreign film starring Lee. Norris had a minor role at the beginning getting beat by Lee). Chuck Norris never fought Bruce Lee in any title fight.

There's funny...

[DeadPixels]

There's funny, and then there's irresponsible. Having "Chuck Norris" as a master password that grants access to any account is most definitely the latter. I would expect that from a couple of teenagers running their first web server, not one of the most popular websites on the Internet.

There is a time and a place for silly HTML comments or in-joke variable names, but a master password for a site with hundreds of millions of users is not one of them.

Re:There's funny...

Got something to hide?

Re:There's funny...

[godrik]

What a great idea. Since I have notthing to hide, let just not use password online. I'll just say "Hey that's me" to the website and it will let me in. Sounds perfect!

Re:There's funny...

[coastal984]

There's funny, and then there's irresponsible. Having "Chuck Norris" as a master password that grants access to any account is most definitely the latter. I would expect that from a couple of teenagers running their first web server, not one of the most popular websites on the Internet. But Facebook WAS a couple of teenagers running a web server (He was 19 when FB launched)... and it grew. Not that I don't disagree with it being irresponsible, I'm just saying...

Re:There's funny...

The thing is Facebook, in essence, started out as a couple of college dropouts running their first social network... pretty much the same thing.

Re:There's funny...

I'm pretty sure it was only accessible within their own network and not publicly accessible to the outside world and it was used for debugging and such. Now they can just hit a button to login as if they were anyone on the system.

Re:There's funny...

If you read the article, the "master password" wasn't really a master password. It only worked if you were in the Facebook offices on one of their computers. And if you had access to that, you almost certainly had access to the database too.

Re:There's funny...

[carvell]

The default password only worked from the Facebook office on the Facebook ISP.

Re:There's funny...

[Rary]

There's funny, and then there's irresponsible. Having "Chuck Norris" as a master password that grants access to any account is most definitely the latter. I would expect that from a couple of teenagers running their first web server, not one of the most popular websites on the Internet.

Despite what the summary and title say, the password was not "Chuck Norris". The password was a combination of uppercase letters, lowercase letters, numbers, and symbols that essentially spelled "Chuck Norris". In other words, probably something like "(hu(|<N0rr15". Also, it only worked from within the Facebook office, and was only known to certain individuals. It's not like you or I could have used the password from home to enter anyone's account.

There is a time and a place for silly HTML comments or in-joke variable names, but a master password for a site with hundreds of millions of users is not one of them.

It's pretty normal for support personnel to have access to production systems in order to provide support.

Re:There's funny...

[Ma8thew]

RTFA. Firstly, it wasn't just "Chuck Norris", the interviewee didn't reveal the actual password, but suggested it included numbers and symbols. And secondly, it only worked within Facebook's internal network.

Re:There's funny...

[kevinNCSU]

It's probably worth noting that it could only be used from Facebook's internal network. Not that it wasn't still a risk to privacy, but not quite as bad as it sounds at first pass.

Re:There's funny...

[Gudeldar]

That is a false dichotomy. It is both very irresponsible and funny.

Re:There's funny...

[mea37]

Yeah, that's why you should probably not rely on the summary to be accurate.

1. The password was not 'Chuck Norris'. It was a combination of letters, numbers, and symbols that, were you to see them typed out, would "look like" it said Chuck Norris. Like maybe they replaced the o with a zero, or a *, or something else. Maybe the N was an N, an n, a series of symbols like /\/... no idea.

   In other words, they used a lengthy password (presumably at least 11 characters) with a mix of alphanumerics and symbols and a simple mnemonic that would allow anyone who had seen the password to remember it. That sounds pretty damned good to me.

2. This is a deprecated access mechanism. As the service grew up to be a "site with hundreds of millions of users", they got rid of it. I don't mean they chagned the password; they threw out the ability to use such a password entirely, having replaced it with an audited feature of the app when viewed on their internal network.
3. Even when this password worked, you had to be on their network to use it. It filled an administrative and technical need. The only problem I see with this approach, especially when the site was small and didn't know how big it would be, was that they apparently didn't have much control to prevent an employee from stumbing on the password.

I have a dim view of the "privacy" of information on FaceBook, but this story isn't even a blip on that radar. If you don't already know that information you post to a social networking site is available to the company that runs that site, you need to wake up.

Re:There's funny...

It was a complicated l33tspeak representation of Chuck Norris, which was only usable from the Facebook offices and which caused additional logging.

To my mind, perfectly reasonable as such access is necessary for testing and troubleshooting.

The only WTF (and not a huge one) is that deleted messages are kept around indefinitely.

Re:There's funny...

[ThinkingInBinary]

It's pretty normal for support personnel to have access to production systems in order to provide support.

Yes, but this is a childishly simple and unaccountable way to provide said access. Their current system (described in the article) where you hit "Switch login", you have to justify your action, and it is logged, is much better, although I hope it is restricted only to employees who have an active need to switch to other users' profiles, and approved beforehand for anyone else who needs to use it.

Re:There's funny...

Still uses more letters than fred which was the most common password among IT types in the 70s 80s and 90s.

Re:There's funny...

[Rary]

Yes, but this is a childishly simple and unaccountable way to provide said access.

Considering Facebook logs everything, I wouldn't describe this as "unaccountable". I'm sure it's not that difficult to track who did what and when. In fact, the interview discusses cases where people who abused it were tracked down and fired.

It's not the best system, but that's exactly why they replaced it. It did the job for a while, then they introduced a better system. That's how things usually work.

Re:There's funny...

[Moridineas]

RTFM...it's a good bit more complicated. Along with being deprecated sometime before now, the password was not just "Chuck Norris" but bore some resemblance to Chuck Norris including non-alphanumeric, numbers, different cases, etc. Maybe Chuck Norris wasn't a great source word, but I highly doubt from the description in the article there was any danger.

I feel that overall, it's a pretty good way to come up with passwords. For instance, take your pets name and childhood phone number, replace some letters with symbols, mix them up in a memorable way and chances are you've got a pretty decent password.

Fido + 424-5566 could be

424@f1D0#5566

Maybe not a perfect password by randomness standards etc, but orders of magnitude better than MOST passwords. And, perhaps most importantly, memorable to the person who made it, and can easily be extended in length.

Re:There's funny...

[thetoadwarrior]

To be fair it wasn't "Chuck Norris" but used a combination of symbols, numbers and letters to spell that out in some way and then required you to be within the network. Not ideal but not that irresponsible either. Certainly not as irresponsible as putting your whole life onto Facebook.

Re:There's funny...

[praxis]

Not to people that want to sell useless things teenage girls don't really need to teenage girls.

Re:There's funny...

[praxis]

I would certainly hope that physical access to one of their office desktops would not get you access to production live databases.

Also, there's a reason to set a password to begin with. Sometimes you want multiple layers of security. For example, sure you can only log into arbitrary profiles from inside their network, that makes sense, but do you really want everyone on that network to have that ability. Every single employee? What about visitors using their WiFi? What about contracted employees, say cleaners, that see an unlocked desktop session, should they have the ability to log into anyone's profile?

On the other hand, it's Facebook. The site exists so that you can share with the world anything you want about yourself. I don't think there was ever any expectation of privacy. I mean, you are giving up personal information to a corporation whose motive is profit, for whom there is no verification that they do with your data what their policy says they will do. Perhaps you can get some "justice" after the fact if it comes to light that they violated the privacy policy they publish, but you certainly get no rights to audit them. Anyhow, that's not my point, I'm rambling.

My point is: it was still a master password, and having a secure one is still wise. They were (are?) unwise.

Re:There's funny...

[praxis]

and can easily be extended in length.

Are there passwords that are difficult to extend in legth?

Re:There's funny...

[Gordo_1]

And as we know, no hacker has ever owned a system inside a company before.

Re:There's funny...

Inquiry, how do you know this? You from facebook?

Re:There's funny...

[Zarf]

and can easily be extended in length.

Are there passwords that are difficult to extend in legth?

Yes. "Chuck Norris" cannot be extended. It is long enough already.

Re:There's funny...

[Moridineas]

Are there passwords that are difficult to extend in legth?

And continue being easy to memorize (which is what I meant)? Absolutely. Obviously one can literally make any style password longer...

Memorize 10 characters of mixed case non-alphanumeric, numbers, etc. Completely random. Then extend to 20 completely random characters. 30. 40. It gets hard to remember!! Especially if you regularly deal with different passwords. I still remember a 14-character random password from a decade ago that I had to type most every day for months. On the otherhand I've already forgotten an equally long random password from a year or two ago that I only had to use infrequently. Given the rates at which most people a) pick weak passwords b) forget passwords, I think memorability is a VERY import factor.

If those 20,30,40, whatever characters have semantic -- and personally relevant -- meaning, it's a lot easier for people to memorize and not forget!

The most secure password in the world is useless if nobody remembers it :)

Re:There's funny...

[c-reus]

Did you happen to hear about the news about some Chinese cracking into Google computers?

I guess the point is that having a master password that works only in internal network is OK only as long as nobody breaks into that internal network

Re:There's funny...

[Rary]

Inquiry, how do you know this? You from facebook?

No, I used a novel new approach to acquiring information — I read the article.

Re:There's funny...

[carvell]

You'll agree that it does somewhat reduce the impact of the sensational headline though.

Re:There's funny...

[Pollardito]

it was also not literally "Chuck Norris":

I’m not going to give you the exact password, but with upper and lower case, symbols, numbers, all of the above, it spelled out ‘Chuck Norris,’ more or less. It was pretty fantastic.

Re:There's funny...

[lena_10326]

Facebook is not NASA, a bank, or NSA. Security requirements for a database of profiles are not as stringent.

Re:There's funny...

[jimfinity]

It's true that Chuck Norris was the password, but not just anyone could use it.

FTFA

I should also say that it was only available internally. If I were to log in from a high school or library, I couldn’t use it. You had to be in the Facebook office, using the Facebook ISP.

Re:There's funny...

[MarkRose]

(hu(|<N0rr15

Wait a minute... that's the combination on my luggage!

Re:There's funny...

[nilbog]

It's also worth noting that Facebook didn't have hundreds of millions of users when this was going down. They had MAYBE thousands.

Re:There's funny...

[cpscotti]

RTFA; it just worked if you were inside facebook's infrastructure, inside the building itself.. so... it's even responsible that they had a password in the first place...

And even then If you think about it.. Chuck Norris is MUCH better than 00000000

Re:There's funny...

[shutdown+-p+now]

No, I used a novel new approach to acquiring information — I read the article.

I'll go fetch the torches, guys.

Re:There's funny...

[DaFallus]

a novel new approach

Your sentence is a little repetitive and redundant ;)

Re:There's funny...

[BitZtream]

It grew, he didn't. He's still a douche bag acting like a teenager.

Re:There's funny...

Holy hell, you can get information by reading the articles?!? If only I'd known, I could have made sense all these years and earned some "Insightful"s. Ah well.

Re:There's funny...

[nine-times]

It's pretty normal for support personnel to have access to production systems in order to provide support.

Right. Every IT support job I've had, I've made it widely known within the company, "I can read your email." It's not "I want to read your email," or "I will read your email," but "I am able to read your email and I may have to under some weird circumstances. If there's any personal information that you're too embarrassed for me to know, don't put it in your work email."

Ultimately we should all understand that email isn't completely secure unless you encrypt it. Your search habits aren't secure, and neither is your Facebook profile. Of course Facebook should, as a matter of policy, avoid invading your privacy without good reason, but of course there are employees at Facebook who have full access to the database and are technically able to read everything you post.

Re:There's funny...

[Kynde]

Elsewhere that might have been modded funny, but I guess it's ok to call it informative here.

Re:There's funny...

[Ma8thew]

Also, thanks for the redundant mod, I suppose I should have predicted someone else would reply the same thing as me, 1 minute before I hit post.

Re:There's funny...

[thePowerOfGrayskull]

It's pretty normal for support personnel to have access to production systems in order to provide support.

Indeed. I have full access to millions of credit card accounts -- but you can bet I don't even think of looking at even my own outside of the context of production support. It's not worth my job (or my freedom, as could very easily be the case in the financial industry). This article is an interesting read, but the summary reads as if written by someone who's still out looking for a first job...

Re:There's funny...

[turbotroll]

Your making one large assumption there, that face book is more important than a teenagers first website.

Just because it has millions of users doesn't make it important, that site is essentially a recording of all the teenage girl conversations on the planet...aka, the most worthless data ever.

In other words, Facebook is just another landfill of the Internet, not unlike Geocities were a decade ago. Once all the hype surrounding it disappears, it will slowly slide into irrelevance and eventually completely disappear. The history will once again repeat itself.

Re:There's funny...

[Rary]

a novel new approach

Your sentence is a little repetitive and redundant ;)

You, sir, you're correctly right. I guess that I imagine I didn't really think about or ponder or contemplate my post enough in advance beforehand prior to submitting it by clicking the "Submit" button to submit it.

Re:There's funny...

[Sparx139]

yeah, but you can bet that if something happened as a result of said master password, then FB would be sued to hell over it...

Re:There's funny...

[kobiashi+maru]

Roland: ( Helmet: ( Sanders: ( Roland: h Helmet: h Sanders: h Roland: u ....

Re:There's funny...

The summary is incorrect. He says the password used symbols etc and looked like Chuck Norris, but was not exactly "Chuck Norris". Also this password only worked if you were at the facebook office.

Re:There's funny...

[brkello]

The password wasn't "Chuck Norris" either. It was symbols and such that it looked like it. So it really is sensational garbage.

Re:There's funny...

[psithurism]

What is an appropriate password?

At my workplace I have had to come across many passwords that were not meant to be shared by many and they get funky. My favorite was the discovery that supervisor used a certain female hygiene product to log in to the servers everyday. And the passwords that we share with everyone? Very appropriate and very guessable given their use.

Now that we know it was derived from Chuck Norris everyone seems to think it would be the first meme you would guess, but its not. You would have used a million other internet memes and celebrity names before you tried Chuck Norris.

Re:There's funny...

[mjwx]

But Facebook WAS a couple of teenagers running a web server (He was 19 when FB launched)

In most countries, 18 is when you can vote, join the army, go to jail and drink like an adult.

Re:There's funny...

[changedx]

*And* it wasn't exactly the string "Chuck Norris". From TFA:

> I'm not going to give you the exact password, but with upper and lower case, symbols, numbers, all of the above, it spelled out 'Chuck Norris,' more or less.

Re:There's funny...

As per the article, it SPELLED OUT to Chuck Norris; it was still a strong alphanumeric, so it was still a good password.

Re:There's funny...

[Hawke666]

so? Teen-aged is generally considered to be thirTEEN through nineTEEN. That’s why you can find legal teen porn.

Re:There's funny...

[MobileC]

I'll go fetch the torches, guys.

LED?

Re:There's funny...

[mjwx]

so? Teen-aged is generally considered to be thirTEEN through nineTEEN. That's why I can find legal teen porn.

Firstly, TFTFY.

Secondly, I can legally find 18 yr olds making Porn because in most nations in this world when one is 18, one is considered and adult thus permitted to drink, fornicate and do both on video.

Thirdly, welcome to English, (En_US is not a language, we do not accept such butcherings of the Queens English) where words do not always follow their literal meanings. For example, if I called you a wanker that is a term meaning that you are a contemptible person, it may not necessarily implicate that you masturbate. Here's the accepted age convention so you don't get confused in future.

0-1 years - Infancy.
1-10 years - Childhood.
11-18 years - Teenage, otherwise known as adolescence.
18 years - JOB AGE. Person is now considered an adult and permitted to purchase alcoholic beverages.
18 - 55 years - Adulthood.
55 years - death - Elderly.

Now I've left out subcategories and milestones like 21, 25, 30, 40 and 65 because they'll just confuse you even more.

Re:There's funny...

No, I used a novel new approach to acquiring information — I read the article.

Sir, Armageddon was not scheduled for another 2 years. Why are you hastening it?

Re:There's funny...

[Hawke666]

Don’t worry, you can find it too, even if you choose not to.

I see you’ve managed to pull an excellent definition for “the accepted age convention” out of your ass. The accepted age convention by everyone else is ... wait for it...13-19!

Re:There's funny...

[spiralpath]

Judging by your response, you must be between 1 and 10 years old.

Re:There's funny...

And make sure the pitchforks are rusty. I want this one to suffer.

Re:There's funny...

[lena_10326]

Here's some helpful advice. Before you criticize someone else's English, you ought to run your post through a grammar and spell checker first.

Are you seriously arguing eighteen and nineteen year olds are not teenagers? Wow. That's bold. You should correct Wikipedia's article because it seems they got it wrong!

Re:There's funny...

Since when was this a hinder for Chuck Norris?

Re:There's funny...

Wow I am guessing you're under 40 because otherwise I doubt you'd be so eager to label the over 55 as "elderly". Given retirement age here in the UK is 65, most people tend to consider that to be the cut-off point. Irrespective of that I find most people's judgement of the age at which you are "old" gets further away from their own increasing age. My six year old tells me that 10 is "old". My 20 year old nephew tells me it's 30. When I was 30 I decided it was 55, now I think elderly is a state of mind as much as anything else. If you were referring to legal conditions, then "retired" is the word you are looking for and that starts when you - er - retire.

Aside from insulting your elders, 18 is only the age at which you are recognised to be an adult not the age at which you are considered an adult. You can start working in the UK aged 16 and 18 does not always equal adulthodd. Ever sat on jury alongside an 18 year old? I have done it a couple of times and believe me, they ain't all adult. Where now, oh yes 11 is not now and never has been a teenager, the clue is in the name, it's an age ending with "teen". 18 and 19 year olds are both teenagers and legally adults. That's why the media headlines will say "Man arrested..." and "Teenager shot.." when both refer to 18yr olds (depending on the emotional spin they want to put on it).

Finally as somebody else said - don't be so eager to to accuse someone of "such butcherings of the Queens English" unless you are sure you're not doing it yourself.

Now get off my lawn!

Re:There's funny...

[Stregano]

I need more mod points to mod you up on this post. He is a total douche cake.

Re:There's funny...

[Pigeon451]

It was "like" the name "Chuck Norris" made of of symbols, upper and lower case letters. Even if you knew the password, good luck trying all the combinations to get the actual password.

Re:There's funny...

The default password only worked from the Facebook office on the Facebook ISP.

Hey, 3 questions: please:
What are you trying to say?
That all anyone need to do is exploit one of their office machines remotely?
With the knowledge of 0-day exploit sites, how many twelve year olds do you think could do it?

This is my first post here. "Anonymous Coward"

Chuck Norris Jokes

[Psychotic_Wrath]

Alright lets hear the chuck Norris Jokes! I wanna see some good ones

Re:Chuck Norris Jokes

[maxume]

So this guy shot Chuck Norris in the face with a shotgun, and then he ended up in prison, because murder is illegal.

Re:Chuck Norris Jokes

I think you meant because suicide is illegal.

Re:Chuck Norris Jokes

[Em+Emalb]

Chuck Norris doesn't leave a room.

He lingers like a curry fart.

Re:Chuck Norris Jokes

[berashith]

that prison's name was Chuck Norris

Re:Chuck Norris Jokes

[Lemmy+Caution]

Actually, as it is, it's the best joke ever.

Re:Chuck Norris Jokes

[Em+Emalb]

Nineteen frigging 80 called, it wants to apologize for foisting David Spade on us.

Re:Chuck Norris Jokes

[MasterPatricko]

So this guy shot Chuck Norris in the face with a shotgun, and then he ended up in prison, because murder is illegal.

I'm cracking up over this one. Please, please, noone fix it.

Re:Chuck Norris Jokes

[maxume]

Hopefully people realize that I owe Stephen Wright an apology (rather than not understanding the form of the typical Chuck Norris jokes).

Re:Chuck Norris Jokes

Yeah? Well Chuck Norris says he's keeping it.

Re:Chuck Norris Jokes

[Gizzmonic]

Aww, did I piss off a moderator? You're probably the guy that forwards all the Chuck Norris jokes and thinks repeating Simpsons and Monty Python quotes verbatim is hilarious. Congradulations, you're a dickhole!

Re:Chuck Norris Jokes

[neurospyder]

Well, if slashdot posted something new, we'd have to read the article wouldn't we?

The facebooks master password was NOT Chuck Norris

It just so happens that every computer system everywhere on the planet at all times can be rooted with the Chuck Norris password, given its infinite power.

TFA accuracy?

[carvell]

Rumpus: When you say “click on somebody’s profile,” you mean you save our viewing history?

Employee: That’s right. How do you think we know who your best friends are? But that’s public knowledge; we’ve explicitly stated that we record that. If you look in your type-ahead search, and you press “A,” or just one letter, a list of your best friends shows up. It’s no longer organized alphabetically, but by the person you interact with most, your “best friends,” or at least those whom we have concluded you are best friends with.

This is rubbish, isn't it?

I've just typed "a" into the search box and it comes up with an alphabetical list of contacts. The first one happens to be someone whos profile I don't think I've ever clicked on.

Re:TFA accuracy?

[kevinNCSU]

Go to the live news feed, scroll to the bottom, and click "edit options" There you will see a "view recommended friends" button in the bottom left. This shows the list of your friends with "best friends" highlighted for you. I assume this list is built off how often you interact with these people, including how often you view their profiles.

Re:TFA accuracy?

You don't have any friends.

Re:TFA accuracy?

[carvell]

Fair enough - no hint that the highlighted friends are based on profile views though.

Plus TFA is still fundamentally inaccurate, it doesn't seem to have anything to do with the search box. Wonder where that info came from?

Re:TFA accuracy?

[b4k3d+b34nz]

Think of someone in your friends list and search for them, and click through to their profile. Do it a few times, and at some point today or tomorrow you'll see them come up as the first result in a search.

Re:TFA accuracy?

[chocbar31]

No, I don't have any friends...Chuck whipped them and then locked them all up and swallowed the key.

Re:TFA accuracy?

[crossmr]

er no..
I just tried that and its highlighting almost everyone. Including people whose profiles I may have viewed once or twice as far back as 6 months ago, and maybe exchanged a well post back a few months ago too. While a person whose profile I go to weekly isn't highlighted and another person I visit daily is.

Re:TFA accuracy?

The tone of the entire article seemed a bit off to me. It just didn't seem like a software engineer to me. The discussion about "hyper PHP" was especially ridiculous.

Also, the comment about Harvard and Stanford. Yes, I'm sure a large number of Facebook people come from there. But I don't have an Ivy League education and I've heard from their headhunters twice in the last six months. My friends in the industry have told me similar. I think they are hiring from everywhere at this point.

Lastly... She's given the interviewer an awful lot of personally identifiable information. If she wanted to keep her job, she wouldn't do this.

Re:TFA accuracy?

You don't have any friends.

Because of how unlikeable you are. It says so here in your personnel file: Unlikeable. Liked by no one. A bitter, unlikeable loner whose passing shall not be mourned. 'Shall not be mourned.'

      -GLaDOS

Re:TFA accuracy?

[psithurism]

Rumpus: When you say “click on somebody’s profile,” you mean you save our viewing history?
Employee: That’s right. How do you think we know who your best friends are? But that’s public knowledge; we’ve explicitly stated that we record that. If you look in your type-ahead search, and you press “A,” or just one letter, a list of your best friends shows up. It’s no longer organized alphabetically, but by the person you interact with most, your “best friends,” or at least those whom we have concluded you are best friends with.

This is rubbish, isn't it?

I've just typed "a" into the search box and it comes up with an alphabetical list of contacts. The first one happens to be someone whos profile I don't think I've ever clicked on.

I think it is, none of the people who responded to your post said anything that worked for me. I'm posting this redundant comment because I suspect a few dozen other people read your comment, tried the replies and didn't get anywhere trying to find this feature either.

And I've been waiting for this feature forever! When I want to find someone I have to scroll through three pages of people I haven't seen for years but don't want to delete because I might want to reconnect for some reason. I am so disappointed.

Re:TFA accuracy?

[kevinNCSU]

Well, I don't know what's up then, mine is pretty spot on as far as who I interact with. My guess is it's more about who comments back and forth and tags each others in pictures and whatnot then profile viewing, but that's doesn't mean profile viewing isn't a part of the equation.

Domain Admin

[igadget78]

Well ... I found my new password.

Chuck Norris...

[SoundGuyNoise]

...can actually type ******** into any system and login successfully.

The very idea of a "master password" seems scary..

[mi]

I wonder, what it is now... "Angelina Jolie"? "Bruce Willis"?

Chuck Norris is good security

[nilbog]

At least the master password wasn't something weak like "Rick Moranis." By using Chuck Norris, you can tell Facebook was taking security seriously.

google has a similar set up

[circletimessquare]

in fact, a little known subplot in the whole drama last week over china hacking into google email servers is that chinese intel knew the master password for gmail was "chuck norris"

problem was, when the chinese spies typed chuck norris into the human rights activists' email logins, the password itself would jump off the computer screen, hit the spy with five roundhouse kicks to the face, then smash their keyboard into dust just by giving it a hard stare

so the chinese government had no other choice but to hire hackers to break into the accounts. because even when they hired seven of the greatest kung fu masters and the most proficient in the eighteen arms of wushu in all of china to stand by while the spy logged in, plus jet li, plus jackie chan, and plus the reanimated cyborg admantium zombie of bruce lee, the chuck norris password still roundhouse kicked all of them into submission

Re:google has a similar set up

[hymy]

The password was "Chuck Nollis", you plick!

Re:google has a similar set up

[godrik]

"problem was, when the chinese spies typed chuck norris into the human rights activists' email logins, the password itself would jump off the computer screen, hit the spy with five roundhouse kicks to the face, then smash their keyboard into dust just by giving it a hard stare"

  That's why we need hackers to be skilled in martial art as in matrix!

This post is full of Win....

[Orleron]

... Not
Privacy Invader FAIL

(In)security

And based on earlier developments of today (Analysis of 32 Million Breached Passwords), it has just been changed to 123456 or zuc123456 because we know that no one would try it now...

i am the Keymaster

[circletimessquare]

are you the Gatekeeper?

Re:i am the Keymaster

[BobMcD]

Don't look now, but you just propositioned a dude for sex...

Re:i am the Keymaster

Worse still, he typed an upper case letter for the first time in a decade! Foolish circletimessquare, you should have disabled your shift key.

Re:i am the Keymaster

You're assuming one of the slashdotters wasn't a fem- oh wait, nevermind, I just divided by zero.

Re:i am the Keymaster

[r0ni]

After Chuck Norris gets through with dat ass, you'll be the Gapekeeper.

Re:The very idea of a "master password" seems scar

[mea37]

It's a shame the summary doesn't somehow provide you with access to more detailed information on the topic, like an article or something. If it did, you could read that and find out that there is no longer a master password (or at least, so they claim), as they've replaced that concept with a newer admin tool.

However, I disagree; in the context of FB, the idea of a master password is not scary.

Re:The very idea of a "master password" seems scar

[maxume]

Read the article. They replaced it with a system where developers click a widget and fill in the justification for the access.

At least the don't call the Master account

[wiredog]

something lame like "root".

Chuck Norris - last post

No, this is what happened. Chuck Norris logged into Facebook once to check it out (without having to register, of course) and when he logged out, the master password automatically set itself to his name, so that every time someone would log in using the master password, Chuck would find out about it right away, he immediately knows when someone types, writes, pronounces or even thinks his name. I should warn you to watch what you type, write, say or think, because he is omnipresent! I have mentioned His name too many times in vain here, so this is probably my last pNO CARRIER

Re:The very idea of a "master password" seems scar

[igadget78]

I wonder, what it is now... "Angelina Jolie"? "Bruce Willis"?

Obama

We Have A "Magic" Password Too

[TheNinjaroach]

We have a "magic" password for our internal website as well as our customer website. It's highly obscure and serves as a great tool for walking our customers through issues they have with the website, since it changes quite a bit depending on who they are. So I'm not really surprised Facebook has (had) a "magic" password, but I was pretty disappointed to read in the summary it was something as simple as "Chuck Norris." Then I read this:

I’m not going to give you the exact password, but with upper and lower case, symbols, numbers, all of the above, it spelled out ‘Chuck Norris,’ more or less.

Sounds like it was obscure enough to me. If a user just happened to be using that password they would have never known it was magic unless they thought to try it on another user id.

Re:We Have A "Magic" Password Too

[osu-neko]

Sounds like it was obscure enough to me. If a user just happened to be using that password they would have never known it was magic unless they thought to try it on another user id.

...while sitting at a computer in Facebook's offices.

I must admit I used to work for a company that used a similar magic password, too. Ours was based on "Emperor Joshua Norton". The problem with it isn't that it's a security issue, the problem is the lack of accountability. (Well, okay, that's a security issue, too, but a different one.) Like Facebook, we eventually replaced it with a system where employees logged into their own account, then hit a button to become logged in as the customer, so they could still do exactly what they could before, but we knew who was really doing it. As an added bonus, they didn't need to remember the magic password. It turns out, a lot of people have never heard of Emperor Norton! In retrospect I guess I shouldn't have been surprised, but I was...

Re:We Have A "Magic" Password Too

[complete+loony]

We don't have a magic password, but our call center support application can launch a browser window that bypasses the login process for any member.

Re:We Have A "Magic" Password Too

Magic passwords are BAD BAD BAD EVIL HORRIBLE BAD BAD and BAD. And Insecure. When you look through the history of the truly epic system cracks, a fair percentage have been because of magic passwords. Particularly in cases of routers, firewalls and other appliances, where manufacturers sometimes embedded such magic passwords to allow them to get into devices that customers had screwed up.

It doesn't matter if the Facebook magic password was supposedly only available from some specific location or internal API. It only takes one bug in an application using that internal API, and nobody writes 100% bug-free code for entire applications or servers. That's why security kernels are popular.

If you need a "magic password" system that can be used from a central office, use a smartcard or fob key that contains a digital certificate. In the end, though, being able to log directly into another account isn't smart. For auditing purposes, you want a real user ID that reflects the actual user, even if that actual user has the rights to set an effective user ID to mimic another user. Auditing is the only way you can be certain that abuse of access rights will be caught, therefore it automatically follows that the audit logs MUST show who really is who as well as who they are spoofing.

True story....

A friend of mine was at a party. She wasn't drinking but others were. Anyway, it was a long table and she was in the middle. When the waitress came by, she was passing shots down to the others. At one point she had two shots in her hand. Of course, that's when someone took a photo of the group and TADA! My friend is now on another friend's Facebook page with two shots in her hand.

She's worried that a potential employer will see that and think she's some sort of party animal and is trying to get her friend to take it off of their Facebook page. She's already getting some ribbing from folks who've seen the picture.

Re:True story....

Disable tagging of yourself in photos. It's not too difficult to do (fairly obvious in privacy settings, though you do have to use a custom setting), and then you're much, much harder to find images of. Strictly speaking people can still tag you, and you can find tagged photos of yourself, but no one else can.

Re:True story....

[Itninja]

Really? Because I just Googled you on Facebook and found all kinds of images. Check. Mate.

Re:True story....

[VJ42]

What company would decide not to employ you for having a drink at a party in your own time? Seriously, here in the UK when we talk about what we did on the weekend at the office more than one of my bosses has to going out and getting absolutely hammered. If they saw that picture, it would only prove that your friend is a sociable person that likes to have fun; i.e. someone that will also have a sense of humour around the office. What's wrong with that?

Re:True story....

[g0bshiTe]

True, but you guys also may be allowed the odd pint with lunch. Not so here in the United States of Amerika.

Re:True story....

[phantomcircuit]

What are you talking about? You've clearly never been on a 'working' lunch. People get sloshed.

Re:True story....

[tool462]

School teachers can and do get reprimanded if not fired for engaging in activities that, while acceptable for adults, are "corrupting" for children.

It's not about whether it's legal, or a detriment to their job performance. It's about the example they're setting for those poor, impressionable children.

If pictures of a drunk teacher found their way to the wrong parent, they'd definitely be in trouble.

Re:True story....

[VJ42]

True, but you guys also may be allowed the odd pint with lunch. Not so here in the United States of Amerika.

Why not?
Nowhere I've worked has had any sort of (enforced) policy on the issue. The one time I worked near a pub I would regularly have my lunch there*; officially I wasn't allowed to drink any alcohol (I think), and usually I'd order a soft drink but no one ever checked up on me. A glass of wine, or a vodka-red bull, passed my lips on more than one occasion. I can testify that I once saw my manager having a drink there at lunch time as well. As long as you don't get drunk, and work just as hard after lunch as before, what's the problem?

*It was a choice of that, an over priced cafe or Subway. The pub did great food.

Re:True story....

[MBGMorden]

Indeed. Heck I was on call for New Years Eve and I flat out told my boss that if I was called I'd have to have someone else drive me in and possibly tote me to a keyboard, but I'd be there if they needed me :). She just laughed.

I'm not sure that I'd want to work somewhere that they were so uptight that they would fire you for having a shot or two (or 8) in your off time.

Re:True story....

[Thinboy00]

I was under the impression that, thanks to teacher's unions, a teacher pretty much can't get fired unless (s)he has sex with a student or something (and even then they just get suspended from active teaching while some committee "reviews" their actions). Or are you not from the US?

Re:True story....

[VJ42]

School teachers can and do get reprimanded if not fired for engaging in activities that, while acceptable for adults, are "corrupting" for children.

It's not about whether it's legal, or a detriment to their job performance. It's about the example they're setting for those poor, impressionable children.

If pictures of a drunk teacher found their way to the wrong parent, they'd definitely be in trouble.

That's a ludicrous state of affairs. I work in an FE college we get kids from 14 all the way to 19. My employer hasn't once queried what I do in my own time as long it's within the law as I'm not seen to be representing them. As the drinking age here is 18 al lot of the students are doing worse themselves anyway; even the younger ones will probably be having a drink somehow anyway (underage drinking is a problem here).

I even know a couple of tutors who got drunk on college time in the presence of their line manager and other staff (it was some Jisc awards evening to do with e-learning; they won a prize) apart from cracking a couple of jokes about it, no one batted an eyelid.

Seriously people drink in their own time, that makes them normal, balanced individuals. Not devious corrupting influences out to steal babies.

Re:True story....

[Xtravar]

What state do you live in? I bet it's south of Dixie!

Re:True story....

[tool462]

I am and my wife is a teacher. They don't get fired for doing a bad job. They get fired for being immoral.

Re:True story....

[demonlapin]

Depends on the industry. I'm a doctor; the last dinner meeting (i.e., after hours) I went to, not a single person had more than three (small) glasses of wine. For lawyers, that would be the minimum at lunch.

Re:True story....

[timmarhy]

it's all about the rules man, are you crazy! personal judgement is like a four letter word these days, under no circumstances should anyone be allowed to use their brain. even if the rules are horrifyingly stupid, they must be obeyed or we will have sauce on ice cream and cats and dogs living together!

Re:True story....

[tool462]

Yes, it is ludicrous. That said, it's not a frequent occurrence fortunately, but definitely cause for concern. It was enough for my wife, who teaches elementary school, to make sure she deleted all of her photos of our trip to Germany a few years back. I don't think there was a single picture in that entire album where we weren't holding beer mugs as big as our heads :)

Re:True story....

I think that just goes to show how rubbish Google's image search engine is.

Re:True story....

[demonlapin]

In the UK and Europe, drinking is much, much more socially acceptable than it is in significant parts of the US. There are still a fair number of places in the US where you can't buy alcohol at all, and most states have some degree of bizarre regulation around alcohol (who may sell it, during what hours, etc.). Being inebriated in public is a major no-no in most of the US. (Exceptions apply, of course.)

Re:True story....

Good. I wouldn't want to get hired by buffoons who think having a drink makes you a bad employee.

Re:True story....

[psithurism]

Theres a "Remove Tag" button under your pictures in face book. Click it and the tag is removed.

Also you can comment on your friends photos, make a brief explanation at the bottom. It will make the ribbing worse, but her future employment with the AA won't be hampered.

I'm sorry is all that too easy? Lets ban cameras from places with alcohol or facebook that'll do it.

Re:True story....

And that "Remove Tag" button just marks the tag as removed in the database. The tag is still sitting there for them to mine, you just can't see it anymore.

Re:True story....

[pfleming]

It depends on the job. I worked at a gun range and we were allowed a beer over lunch, but no one wanted to risk the lawsuit if something happened after lunch. My boss told me specifically that one beer was allowed, but highly discouraged. If you have a CDL, no drinks for eight hours before your shift.

Re:True story....

[pfleming]

Theres a "Remove Tag" button under your pictures in face book. Click it and the tag is removed.

Also you can comment on your friends photos, make a brief explanation at the bottom. It will make the ribbing worse, but her future employment with the AA won't be hampered.

I'm sorry is all that too easy? Lets ban cameras from places with alcohol or facebook that'll do it.

The article clearly states that the information - six copies of the photo - remain in Facebook's system forever. But this being /. you didn't read TFA.

Re:True story....

[psithurism]

The article clearly states that the information - six copies of the photo - remain in Facebook's system forever. But this being /. you didn't read TFA.

Only 20% of microfleems are subradiante! Did you know that? This being ./ your not very well read.

Re:True story....

[psithurism]

And that "Remove Tag" button just marks the tag as removed in the database. The tag is still sitting there for them to mine, you just can't see it anymore.

Yes, if facebook sells your deleted information to future emplyers that photo will be an embarrassment, but this photo will be tiny in comparison to the problems that will create.

This guy seems to be worried about a photo tagged without permission, which is easy to take care of on facebook, but near impossible on say flickr, or an enemies personal site.

Re:True story....

[aussie_a]

Yeah, but the UK is filled with a bunch of piss-pots. At least according to such British television shows as Relocation, Relocation.

Not only is the local pub often just as important as the quality of the house someone is looking to buy, but almost every episode involves getting a drink. Such excuses are:
* Finding out what the house-hunters want.
* Talking about a house they've just visited.
* Talking about making an offer for a house.
* Waiting to find out if the offer has been accepted or rejected.
* Celebrating getting a house.
* Having a drink because the offer for the house was just rejected.

Now it may be that the hosts of the show are simply alcoholics, but it seems many of the guests are as well.

Re:True story....

[psithurism]

So I have to be on facebook to stop my friends/enemies/frenemies from tagging me in photos?

Re:True story....

I am and my wife is a teacher.

I hope you and your wife is not English teacher.

Re:True story....

I wonder if Facebook ever rejected an applicant because of a picture on Facebook....

Re:True story....

[megrims]

We Australians are also pretty much the people in Neighbours.

Re:True story....

[rmushkatblat]

Yes. GG.

Re:True story....

[mattsday]

The pub is just a central point of British culture.

Try getting directions from a Brit without them referring to various pubs along the route.

Ask a Brit to meet you in town and see if they don't involve a pub in it somehow.

The pub to the Brit is like a café to your continental European. It's not just to go and get sloshed, it's just a major social area.

As for having a pint at lunch time, what's wrong with that? A good pint of ale with some lunch is hardly a sign of alcholism and anyone who says otherwise is over-exciting the issue.

Re:True story....

[azgard]

I understand why you hope he isn't, but I don't understand why you also hope his wife isn't.

Anyway, if you are so nitpicky, don't you miss "an" before the "English teacher"? (I am not quite sure, English is not my first language.)

Re:True story....

[Tim+C]

Yeah, but the UK is filled with a bunch of piss-pots.

Piss-heads; a piss-pot is exactly what it sounds like - a pot to piss into.

Re:True story....

[Jensern]

And the odd tits too ;-)

Re:True story....

Here in America, everyone who is fun and laid back (and might enjoy a pint on the weekend) either works in academia or civil service, where the rules are civilized. Our lives are somewhat like yours; we enjoy normal working hours, our bosses get along with us well, people are friendly, and we basically live happy, carefree lives.

Let's call this first species "Americanus Relaxus".

People who work for corporations in America tend to be type-A, aggressive, and relatively fascistic. They buy into whatever their "corporate culture" is supposed to be, because failing to do so means you'll get canned in the next firing cycle. Going home at a normal hour, having a pint with lunch, and actually enjoying a normal social life is VERBOTEN. If you get caught, you get canned. They live their lives with the haunted, dark-eyed look of the prisoner, or the slave. They're usually malnourished, both physically and mentally, and jump at loud noises.

This second species might be named "Americanus Anus-Clenchus".

I think we're already at the "Speciation" point, since the two groups almost NEVER mate with one another. I shudder to think of what their offspring might look like...

Re:True story....

[tool462]

He asked if I'm from the US. I am.

Re:True story....

[MathiasRav]

If you're not on Facebook your tags won't be grouped - you'll be named with no link and no way to view other photos of you. Meaning the people who see your tag have already found the photo by other means. Making the tag pretty much useless.

Re:True story....

[psithurism]

Another commentator pointed out that if they get your name right, people can group your photos, for example by googling you:
http://images.google.com/images?imgtbs=s&hl=en&rlz=1C1GGLS_enUS354US354&um=1&sa=1&q=%22Mathias+Smith%22+site:facebook.com&aq=f&oq=&aqi=&start=0

Not as easy as friending you and clicking on "view photos of Mathias", but worrying, especially considering that that data is there forever and better data mining may be applied in the future.

Chuck Norris

[palmerj3]

doesn't sleep.... he stalks your facebook photos

Re:Chuck Norris

[El_Oscuro]

I thought it was 1...2...3...4...5...

Re:The very idea of a "master password" seems scar

[krou]

They tried to change it, but once a password's been set to Chuck Norris, password changes just get fucked up.

NEWSFLASH!

[Quai]

Nearly everything you've ever done on [insert any social network] is recorded into a database!

symmetry

Good symmetry here... use the name of a douchebag as your password to do douchebag things.

But it only works ...

[Ungrounded+Lightning]

The real WTF is that "Chuck Norris" works as a password into anything: Facebook, your online bank account, your sister's pants...

But it only works for Chuck Norris.

Re:But it only works ...

The real WTF is that "Chuck Norris" works as a password into anything: Facebook, your online bank account, your sister's pants...

But it only works for Chuck Norris.

The wording is subtle, but they mean that Chuck Norris (the person, in the flesh) is the password, not "Chuck Norris" (the word phrase). And if you're wondering how a physical person can be a password, well, it's Chuck Norris.

Re:But it only works ...

[Ungrounded+Lightning]

Actually, I meant that "Chuck Norris" is only a universal password if the person entering it is Chuck Norris.

Re:But it only works ...

[Stregano]

You should have said that earlier. I tried to go to my bank account with the password Chuck Norris and got roundhouse kicked to the face.

Re:The very idea of a "master password" seems scar

No, they chose a really obscure washed-up has-been actor whos career has been in the gutter for quite some time: WInona Ryder, I just tried it, still works!

Bruce Lee

I thought it was Bruce Lee no spacings.

Close but no cigar.

[Ungrounded+Lightning]

Come on, it's not Bruce Lee. Bruce Lee is dead. The new password MUST be Jack Bauer.

Close but no cigar.

"Jack Bauer" might work for physical access. But for password access to databases and encrypted files it's "Chloe O'Brian".

Re:Close but no cigar.

[ydrol]

Angela from Bones could own Chloe. Angela is an arty type AND a master computer hacker. Is that were not enough she has ZZ Top genetics and big teeth.

Re:Close but no cigar.

[ydrol]

And Angela "puts out"

Re:The very idea of a "master password" seems scar

[RyuuzakiTetsuya]

J03 pisC0p0

Like anyone's ever going to admit to using *that* as a password.

Re:The very idea of a "master password" seems scar

I wonder, what it is now... "Angelina Jolie"? "Bruce Willis"?

Obama

|3@rry $0ter0

Now its ...

[PPH]

... Paris Hilton. So anyone can get in.

Re:Now its ...

[nscott89]

Mod this up! I died laughing when I saw this!

Re:Now its ...

[mattOzan]

Hey! That's the same password I have on my chastity belt!

Re:Now its ...

yeah, but that password gives your machine the herp.

Re:Now its ...

[bruno.fatia]

Too bad anybody with slashdot id's are blocked from her internal network :(

Re:Now its ...

[PPH]

Slashdotters know how to exploit back doors.

Re:Now its ...

[VShael]

Now its ...Paris Hilton. So anyone can get in.

Yes, but you'll be inundated with viruses. Really potent ones that can get past most protection mechanisms.

Still, this is slashdot... and she is female... so herpes me up.

Re:Now its ...

Chris Crocker, is that you?

Chuck Norris

[SnarfQuest]

That's the same password I have on my luggage!

Re:The very idea of a "master password" seems scar

[Zarf]

I wonder, what it is now... "Angelina Jolie"? "Bruce Willis"?

Obama

No, they had to change it.

The only man to have ever beaten Chuck Norris?

[hackwrench]

Norris was defeated in his first two tournaments, dropping decisions to Joe Lewis and Allen Steen and three matches at the International Karate Championships to Tony Tulleners. By 1967 Norris had improved enough that he scored victories over the likes of Lewis, Skipper Mullins, Arnold Urquidez, Victor Moore, Ron Marchini, and Steve Sanders. In early 1968, Norris suffered the tenth and last loss of his career, losing an upset decision to Louis Delgado.
From http://en.wikipedia.org/wiki/Chuck_Norris

Re:The very idea of a "master password" seems scar

It's obvious that the master password is Aryan.

New feature on Slashdot!

[Jetrel]

Wow, I just figured out a new feature on Slashdot! You can type in, "U:username and P:password," and it will replace your password with stars.

Example:

U:JetreL
P:*******

See! That to cool what will they think of next!

Re:New feature on Slashdot!

[RayMarron]

U:RayMarron
P:Qwertyuiop

Hmm... it didn't work for me. Maybe it only works in chatrooms. ;)

Re:New feature on Slashdot!

[gad_zuki!]

>Wow, I just figured out a new feature on Slashdot! You can type in, "U:username and P:password," and it will replace your password with stars.

They must have implemented a time machine because that joke is older than I am.

Re:New feature on Slashdot!

You mean like this?

U:Anonymous Coward
P:you're_a_loser

Re:New feature on Slashdot!

U: AzureDiamond
P: hunter2

Re:New feature on Slashdot!

[lena_10326]

Bah... How did you know my password? My password is 7 stars.

Re:New feature on Slashdot!

[The+Archon+V2.0]

U: The Archon V2.0
P: hqvqagsnyysbevg!ebg13

Re:New feature on Slashdot!

[Jetrel]

*sigh* that was the point...

Oh and wow you are young to be reading Slashdot!

Stores in a database

[ucblockhead]

Nearly everything you've ever done on the site is recorded into a database.

Unlike slashdot, which writes everything in code on paper and has mute gnomes who it in a locked vault.

Seriously, I expect this kind of idiocy from the AP, but I thought slashdot editors were supposed to be technical. Nearly every goddamn site stores user data in a database, and in nearly all these cases there are employees with the master passwords that allow them to see every damn thing. (Except, if you're lucky, the password.)

Re:Stores in a database

[mattOzan]

Unlike slashdot, which writes everything in code on paper and has mute gnomes who it in a locked vault.

Actually, the mute gnomes hand off the coded papers through an airlock to blind gnomes, who then store them in the locked vault.

Re:Stores in a database

If some employee of facebook can see everything, why coudn't they sent me my password when I lost it? They had to reset it and I made up another(easier to remember)password.

Re:Stores in a database

[brkello]

Because pretty much any system these days has an automated password recovery system that will reset your password and send you a new fake on to your e-mail. There was no actual employee involved. If by chance you actually were dealing with an actual human, it was a simple tech support person who would only have the ability to do that rather actually having a master password. The master password would be held closely and only held by the top people. Not lowly tech support.

Re:Stores in a database

[daveime]

Because any half-decent database never stores the original password, only a hash of it.

So in principle, no one can tell you your password, unless they found a way to reverse SHA or whatever hash is being used.

Re:Stores in a database

Unlike slashdot, which writes everything in code on paper and has mute gnomes who it in a locked vault.

Yeh, but the mute gnomes only it accidentally.

Re:Stores in a database

[theantix]

I dunno. This "database" thing you speak out sounds dangerous and untrustworthy. Maybe FB could give an option to store in a database or with these gnomes you are talking about?

Not really surprised by anything here.

[Nakor+BlueRider]

Nearly everything you've ever done on the site is recorded into a database. While they fire employees for snooping, more than a few have done it.

I've worked for a call centre under a few contracts. That's pretty much the standard everywhere. First thing we were told before getting access to the CS tools was that yes, you could access pretty much anyone's account info you wanted, and that if you did so for any reason other than it being necessary for your work you would be fired on the spot. Only information such as passwords, credit card numbers and bank account numbers was not readily available. On one contract, we could log into anyone's account on the website and take any actions with it the user could (and then some), though this was done very rarely.

Honestly, it doesn't stress me out all that much; I put nothing on Facebook that I wouldn't want getting into others' hands. I expect that the things I set to "friends only" won't be available to the average Joe who happens by my profile, but at the same time it doesn't surprise or annoy me that Facebook employees can see it. Of course they can.

Blasphemy!

[flanders123]

From TFA:

Employee: See, the thing is — and I don’t know how much you know about it — it’s all stored in a database on the backend. Literally everything. Your messages are stored in a database, whether deleted or not. So we can just query the database, and easily look at it without every logging into your account. That’s what most people don’t understand..

Is this a cover of "Duh" magazine??? This holds true for just about every content / banking / email / ....ANY website ever created!! Does this guy know how websites work??? Did his uncle get him a job there???

Indeed, this very message...its now been persisted to a ...*ghasp*.... database!

Chuck Norris! Chuck Norris! ITS NOT WORKING!!!

Re:Blasphemy!

She's clearly not a techie. Just look at the stereotypical description of the engineer writing a PHP compiler. While she does seem to basically understand what he's doing, she clearly avoids the engineers.

Re:Blasphemy!

[eihab]

She's clearly not a techie. Just look at the stereotypical description of the engineer writing a PHP compiler. While she does seem to basically understand what he's doing, she clearly avoids the engineers.

Not only that, but this also didn't make any sense to me:

PHP is an example of a scripted language. The computer or browser reads the program like a script, from top to bottom, and executes it in that order: anything you declare at the bottom cannot be referenced at the top. But with a compiled language, the program you write is compiled into an executable file. It doesn’t have to read the program from beginning to end in order to execute commands.

I guess I'm missing something here, because:

<?php
hello();
function hello() { echo 'Hello world!'; }
?>

Works. However:

#include <iostream>

int main() {
    cout << hello;
    string hello = "Hello World!";
    return 0;
}

Will obviously not compile. So, what am I missing here?

Stanford?

[qortra]

FTFA:

I don't think there's any question that Stanford is the number one CS department in the world.

Wow, there's so much question, it's ridiculous. According to US News and World Reports 2008 (the most recent I could find), it was tied with Berkeley and MIT for #1, and even that is being generous. For a while, it was Carnegie and MIT alternating between 1 and 2 every year. Perhaps she meant "the best entrepreneurial CS program".

pssst...

it's now "Walker Texas Ranger".

How about Chuck Moore?

[lennier]

True Chuck Moore facts:

Chuck Moore wrote his own VLSI chip design system. In Forth.

White Goodman

[pckl300]

Fuckin Chuck Norris...

CN had no style

He may have been a good textbook fighter, but he lacked style, and lacked speed. Today, he lacks youth. He's an OLD OLD man.

Re:CN had no style

[Foobar+of+Borg]

He may have been a good textbook fighter, but he lacked style, and lacked speed. Today, he lacks youth. He's an OLD OLD man.

So says the Anonymous Coward! But then, Chuck Norris will still find you and give you the roundhouse kick of death!

L33t Speak Converted

[Kynde]

I'm not going to give you the exact password, but with upper and lower case, symbols, numbers, all of the above, it spelled out 'Chuck Norris,' more or less.

Lemme guess:
(|-|U(| |\|0RR15

That's odd

[Kynde]

The forementioned master password seems to work only on my account...

Oh yeah?

Tom is my friend.

I don't need 'Chuck Norris'...

[kobiashi+maru]

I just say, 'Custodian, show me every single facebook password.'

Re:There's funny... learn to write already

See subject and please: Learn to write more than 2 words to make your points. Your "see dick and jane run" prose absolutely sucks.

What support?

[SuperBanana]

It's pretty normal for support personnel to have access to production systems in order to provide support.

On Facebook? What support?

the biggest busiest sysadmin

ever in the world

In other news...

[FragHARD]

This statement just released by a facebook representative:"It is sad that facebook has learned that their master password is in the wild , So we have elected to institute a new master password which will be 'roundhouse' this password will be guarded with all the technology we have available!"

Perfect password

Chuck Norris is the perfect password it is impossible to hack or brute force; but it can also beat the crap out of any other password out there; he is the Irresistible Force and the Immovable Object.

Bruce Lee password will change in a couple weeks

Bruce Lee didn't defeat Chuck Norris.

It's obvious that Sun Tzu teaches about deception, and Chuck Norris knew that a feigned loss and a delayed-kill is the only way to win one over Bruce Lee the Dragon of HonkyKong

Thought someone would cover this implication

[psithurism]

GP (modded 5 insightful) says there is no problem, just abstain from facebook and you'll be fine. Then the parent story shows that friends or others will upload photos of you, tag and discuss those photos whether or not you allow them to. Now you are in facebook's databases _forever_ even if you abstained from getting an account.

They do have Donald Knuth

[Crazy+Taco]

They do have Donald Knuth, so that's saying something.

Re:The very idea of a "master password" seems scar

[joebagodonuts]

Bruce Campbell

This just in...

[MrPerfekt]

Administrators of websites can access your accounts. Oh my word!

fake

[thetoadwarrior]

I thought about this after reading it last night. I'm pretty sure it's fake. What the guy says about PHP sounds a bit like someone who knows nothing about coding at all commenting on it yet trying to sound like they do.

I think it sounds a bit too casual and there's too much swearing for someone who is already risking his job by talking. Making it appear as if a company is full of immature jerks (however true it is) won't go down well with your employer.
br/

This is so stupid

[codeButcher]

Everyone knows that Chuck does not need a surname.

Strongest password in the world

[PMBjornerud]

I don't see the problem here.

Q: What is the strongest pasword in the world?
A: "Chuck Norris"

Gee, really?

[Grayzie5]

There is no privacy. In a great many cases every URL you visit is recorded by your ISP and sold to third party companies that mine it and create spurious interpretations of it to sell their front end to marketing departments. This is nothing different. Every site records activity. It's just the personal nature of the activity that makes the idea of Facebook doing it so discomforting.

Would I dare to ask ?

[freaker_TuC]

What does Chuck has more that we don't have ?

Don't tell me "Karma" because I'm having plenty of that left.. It must be something else! Something biometric ..

oh probably Chuck Norris doesn't need biometrics to enter something ..

I'm sleeptyping again!

Re:Would I dare to ask ?

[Ungrounded+Lightning]

What does Chuck has more that we don't have ? ... Something biometric ... oh probably Chuck Norris doesn't need biometrics to enter something ..

If the terminal has biometric sensors he doesn't have to enter anything to log in. It detects that he's Chuck Norris and immediately surrenders.

Engraving "Chuck Norris" on the floor

[Explodicle]

will cause nearby monsters to flee.

Re:The very idea of a "master password" seems scar

[jonadab]

> I wonder, what it is now... "Angelina Jolie"? "Bruce Willis"?

Actually, it's Tokugawa Mujahibamidad Prolszinoczewski Cohen now. They wanted to be more culturally inclusive.