Unreasonable Limit on Open Firmware Passwords 82
Lawrence Person writes "Well, this has to be one of the stranger bugs in recent memory: 'If you used Open Firmware Password utility to create a password that contains the capital letter "U", your password will not be recognized during the startup process.' Straight from the mothership. I'm guessing that not too many people use Open Firmware Passwords, but it's a very nasty bug for those who do. Props to the always great As The Apple Turns for pointing this one out."
Care to speculate? (Score:2, Redundant)
I saw this too. Anyone care to take a stab at why this might possibly be? Something to do with the bytecode of that particular letter?
Re:Care to speculate? (Score:5, Informative)
Re:Care to speculate? (Score:1)
The original specification was probably written with a magic marker on a napkin. After the beer spilled the Command-V could have looked like a blob-U. Try testing the Command-V again.
careful, now (Score:3, Funny)
Re:Care to speculate? (Score:4, Funny)
Aunt!
Re:Care to speculate? (Score:1)
"Art, Bart, Cart, Dart, e-art... nope, nothing rhymes" - Homer
Re:Care to speculate? (Score:1)
So there you are, that's why it's blocked.
One of my friends put a little game in his login script. The computer would give 3 letters, and he had to type a word that began with those letters. Then it would show the other possibilities.
One day, he was logged in from a public computer (in a library or something). The computer gave him CUN. He typed in CUNEIFORM. The computer immediately crashed. Apparently some sysadmin had set
Props? (Score:1)
Re:Care to speculate? (Score:2, Informative)
Maybe... (Score:2)
Obligatory reference (Score:1)
Re:Care to speculate? (Score:1)
It's bound to be the alternating bit pattern.
Re:Care to speculate? (Score:2)
Probably to stop anyone using YOUSUCK as a password.
Obviously the programmers did not consider "l33t 5p33k"
Enter password: (Score:2, Funny)
UR70457
....
Re:Enter password: (Score:2)
Re:Enter password: (Score:2)
Glad I didn't translate that, woulda been charged with a DMCA violation.
Re:Enter password: (Score:1)
Re:Alrighty men.. (Score:5, Insightful)
Re:Alrighty men.. (Score:2)
Re:Alrighty men.. (Score:5, Interesting)
Microsofy story of the day - yet another hole that will get you owned that we're disclosing and patching after years of vulnerability. [slashdot.org]
Apple story of the day - bug disallows a certain character in little used Openfirmware password.
Slashdot spin - both platforms have bugs. Fair and Balanced - Slashdot News!
=tkk
Re:Alrighty men.. (Score:1)
Damn shame can't use my pitchfork on this though, just subscribed and got my whole \. set: tin foil hat, pitchfork, a gazzilion distro's and the SCO phone numbers...
Re:Alrighty men.. (Score:1, Offtopic)
I hate when satirical expressions on typical slashdotian responses is modded as troll. Lighten up!
Re:Alrighty men.. (Score:1, Offtopic)
Unfortunately these troll mods deter people from making creative humorous comments. You're supposed to according to the FAQ.
Chalk up another offtopic for me. Never mind that moderation is very much a part of any topic.
*annoyed*
Re:Alrighty men.. (Score:4, Funny)
You don't need to bother. Being based on FreeBSD, OS X comes with its own pitchforks.
Re:Alrighty men.. (Score:1)
hah! (Score:5, Funny)
Re:hah! (Score:4, Funny)
Enter password: god
Welcome to Darwin!
%
---
Thanks!
Slashdot's running on a Mac, right? (Score:5, Funny)
Speculation (Score:5, Interesting)
Does anyone have more info regarding where this bug originates?
Re:Speculation (Score:1)
Re:Speculation (Score:5, Informative)
http://www.securemac.com/openfirmwarepasswordpr
Um...I figured out why 'U' (Score:5, Funny)
Among other things, it:
blocks the ability to use the "C" key to start up from a CD-ROM disc.
blocks the ability to use the "N" key to start up from a NetBoot server.
blocks the ability to use the "T" key to start up in Target Disk Mode (on computers that offer this feature).
Posting this anonymously, since I don't want to be known as the one who figured this out.
I know nothing about Open Firmware, but: (Score:2, Insightful)
Do you need your password to be accepted in order to change the password?
The "solution" in the article is to "change your password if necessary". But how do you change your password when your previous password is not accepted?
Re:I know nothing about Open Firmware, but: (Score:1)
My apologies..
The previous post explaining this bug could be in the OF App, and not OF itself probably explains this.
Can't spell 1234 with a "U" (Score:5, Funny)
Re:Can't spell 1234 with a "U" (Score:1)
Blame SCO. (Score:5, Funny)
It also means we can't call them a b*nch of motherf*cking f*ckwits, which is a real shame.
Re:Blame SCO. (Score:1)
"a bUnch of motherfUcking fUckwits"
The solution would be (Score:3, Informative)
Re:The solution would be (Score:5, Informative)
Re:The solution would be (Score:1)
Re:The solution would be (Score:2)
Re:The solution would be (Score:2)
Re:The solution would be (Score:2)
It's noted in another KB article [apple.com] linked from the one referenced. You also can't reset the PRAM with the password set, though I can't speak to how the changing the RAM might affect that.
Re:The solution would be (Score:2)
Re:The solution would be (Score:1)
I guess gpg/pgp is the way to go, huh? Actually, I've been using the encrypted disk image idea. I put my sensitive data into one
Here's a good tutorial:
http://osxfaq.com/Tutorials/disk-images/index.w
Re:The solution would be (Score:2)
There has never been a solution to prevent that. It is impossible to secure a machine from anyone that has physical access to it.
Re:The solution would be (Score:3, Informative)
In Mac OS X 10.3 you will have the ability to have your home folder encrypted (using AES-128). Other OSes have similar features.
Isn't it obvious? (Score:5, Funny)
Did anyone see the artnum? (Score:5, Funny)
The article number for this was 107666. If that's not clear proof that Microsoft was somehow involved, I don't know what is.
Um, I need something for the 107 part...
Waiting to see if this gets modded flamebait or funny... ;-)
Re:Did anyone see the artnum? (Score:2)
Somehow, I wish I didn't know that.
Re:Did anyone see the artnum? (Score:2)
Re:Did anyone see the artnum? (Score:2)
Re:Did anyone see the artnum? (Score:2)
This is why I hate geeks (Score:3, Funny)
huh?
Stupid geeks!
Re:This is why I hate geeks (Score:1)
Honey, is that you?
(Or should that be "U"?)
Unicode (Score:2)
Re:Unicode (Score:2)
See This Thread [samba.org] on samba-technical about it.
Wonder about other OF computers (Score:3, Insightful)
Not just the U character (Score:2, Interesting)
I think this is a problem with the Open Firmware Password application using a different character set than Open Firmware itself. So some characters you can type in the OF Password app you can't type in OF itself. Or maybe OF just doesn't like the shift key...
Re:Not just the U character (Score:2)
Re:Not just the U character (Score:2)
Probably an easy solution for this question (Score:4, Insightful)
'U' = $55 XOR $AA = $FF (and this is probably used as a end-of-password marker).
Ouch (Score:2)
nreasonable Limit on Open Firmware Passwords (Score:3, Funny)
HA... oh, wait. (Score:2)
If I'd heard about this a few weeks back, I'd be so ready with the ol' Nelson "HA-HA!".
Unfortunately, I found a real old bug in our app on some UNIX boxes. It turns out that our implemention of getpass() was eating the letter "c" on some platforms.
So, the appropriate Simpson's reference is now: