Friday Facts #287 - Just bugs again

Regular reports on Factorio development.
Rebmes
Burner Inserter
Burner Inserter
Posts: 10
Joined: Sat Sep 15, 2018 7:51 pm
Contact:

Re: Friday Facts #287 - Just bugs again

Post by Rebmes » Sat Mar 23, 2019 4:24 am

Thanks for all that you do!! <3

User avatar
Nova
Filter Inserter
Filter Inserter
Posts: 918
Joined: Mon Mar 04, 2013 12:13 am
Contact:

Re: Friday Facts #287 - Just bugs again

Post by Nova » Sat Mar 23, 2019 4:39 am

What I would like to know: Did you / will you implement a test to make sure the bug with invalid usernames can't happen again? You once said that you implement a test for every bug fixed, so I'm curious if that's the case for this.
Greetings, Nova.
Factorio is one of the greatest games I ever played, with one of the best developers I ever heard of. Image

psa
Manual Inserter
Manual Inserter
Posts: 4
Joined: Sun Aug 05, 2018 1:15 am
Contact:

Re: Friday Facts #287 - Just bugs again

Post by psa » Sat Mar 23, 2019 6:37 am

If you're doing email addresses, note that they're just as difficult to get right (if you're trying to sanitize them). RFC 5322 tells most of the story (there are long regex's for this), but you'll also need to be compliant with RFC 6532 (internationalization).

"Here be dragons" is a understatement. There is a reasonable argument for just checking ".+@.+" (while banned for new TLDs, there are grandfathered TLDs which have had MX records, so don't assume a ".") and then sending a verification email.

Why do I care? Well I've personally screwed this code up before and I often use plussing, which is frequently broken by improper implementations.

TheRaph
Fast Inserter
Fast Inserter
Posts: 146
Joined: Sun Sep 24, 2017 6:31 pm
Contact:

Re: Friday Facts #287 - Just bugs again

Post by TheRaph » Sat Mar 23, 2019 8:48 pm

Sanqui wrote:
Fri Mar 22, 2019 4:48 pm
ledow wrote:
Fri Mar 22, 2019 4:24 pm
Would have been simpler, and a better idea, to just let the ban commands have proper quoting applied, so you can ban "awkward user name".
There's some quite good reasons to disallow spaces in usernames on principle. The question is if we should have usernames at all. In my opinion the best setup is permanent id + email (for login) + display name, where the display name can be anything. But that is quite difficult to change at this point, even though it's on my roadmap.
As far as I see, the most of written problems on site of your posted link are not "your" problems, because factorio can handle whitespaces properly - except that ban issue. So if you fix that point, I don't see technically problems for using whitespaces.
If someone may worry about identity stealing, so he may find nice suggestions on that linked site.
For example: no leading / trailing whitespaces, no double whitespaces an so on.

Use email-address as user name is a bad idea - just for ban-reasons.
Because to set up a rule "a chosen user name may NEVER be changed" is easy. You may ban someone and are ready.

To set up a rule to never change an email address is a very bad idea. Because sometimes provider change.
To have a changeable mail address is also a bad idea for banning reasons.
Because if I like to damage something on someones server an he will ban me, I just had to change my mail address and do some heavy revenge on his server. He will ban me again and I will change my mail address again ... the winner is that person with longer breath.

Jap2.0
Smart Inserter
Smart Inserter
Posts: 1934
Joined: Tue Jun 20, 2017 12:02 am
Contact:

Re: Friday Facts #287 - Just bugs again

Post by Jap2.0 » Sat Mar 23, 2019 9:42 pm

TheRaph wrote:
Sat Mar 23, 2019 8:48 pm
Sanqui wrote:
Fri Mar 22, 2019 4:48 pm
ledow wrote:
Fri Mar 22, 2019 4:24 pm
Would have been simpler, and a better idea, to just let the ban commands have proper quoting applied, so you can ban "awkward user name".
There's some quite good reasons to disallow spaces in usernames on principle. The question is if we should have usernames at all. In my opinion the best setup is permanent id + email (for login) + display name, where the display name can be anything. But that is quite difficult to change at this point, even though it's on my roadmap.
As far as I see, the most of written problems on site of your posted link are not "your" problems, because factorio can handle whitespaces properly - except that ban issue. So if you fix that point, I don't see technically problems for using whitespaces.
If someone may worry about identity stealing, so he may find nice suggestions on that linked site.
For example: no leading / trailing whitespaces, no double whitespaces an so on.

Use email-address as user name is a bad idea - just for ban-reasons.
Because to set up a rule "a chosen user name may NEVER be changed" is easy. You may ban someone and are ready.

To set up a rule to never change an email address is a very bad idea. Because sometimes provider change.
To have a changeable mail address is also a bad idea for banning reasons.
Because if I like to damage something on someones server an he will ban me, I just had to change my mail address and do some heavy revenge on his server. He will ban me again and I will change my mail address again ... the winner is that person with longer breath.
Presumably the ban would be applied to the permanent id.
There are 10 types of people: those who get this joke and those who don't.

User avatar
H8UL
Fast Inserter
Fast Inserter
Posts: 113
Joined: Mon May 15, 2017 4:02 pm
Contact:

Re: Friday Facts #287 - Just bugs again

Post by H8UL » Sat Mar 23, 2019 10:21 pm

I am with the devs on username restrictions.

In general terms, whenever I have to enter some command or markup with spaces, I always wonder if I am supposed to escape or quote somehow.

Such uncertainty is common. Stackoverflow handles spaces in @usernames in a rather powerful way but there are many users who have asked how it works, no doubt many more who have searched for answers to the same. E.g. https://meta.stackoverflow.com/question ... their-name

If usernames don't ever have spaces and punctuation, then that's one less thing to wonder about. Multiplayer game admins deserve quality of life, too, and simple usernames is beneficial to their quality of life if they enter use rna mes in to comm and script /s
Shameless mod plugging: Ribbon Maze

WarpZone
Inserter
Inserter
Posts: 38
Joined: Mon Feb 13, 2017 9:39 pm
Contact:

Re: Friday Facts #287 - Just bugs again

Post by WarpZone » Sun Mar 24, 2019 1:13 am

I think the username ' or 1=1; -- is little Johnny Tables's account.

Post Reply

Return to “News”

Who is online

Users browsing this forum: Kargaros, xaxapl