dreeves comments on Anti-akrasia tool: like stickK.com for data nerds - Less Wrong

59 Post author: dreeves 10 October 2011 02:09AM

You are viewing a comment permalink. View the original post to see all comments and the full post content.

Article Navigation

Comments (88)
Tags: akrasia anti-akrasia self-binding commitment-devices self-tracking quantified-self beeminder kibotzer stickk

Comments (88)

You are viewing a single comment's thread.

Comment author: dreeves 07 October 2011 07:27:27AM 2 points [-]

Thanks so much to everyone checking it out already! This would be a fine place to ask questions if anything is confusing about it or anything. Or if you want to rip the whole idea to shreds, by all means, bring it on! :)

Comment author: Wilka 07 October 2011 12:41:12PM *  6 points [-]

When signing up, I was told the password I tried to use was too long (I have unique, randomly generated, passwords for each site I use). so I generated a < 20 chars password instead - however, password length limits around this size suggest that the site might be storing the passwords as plain text, rather than only storing a salted hash of the password.

So I was wondering, if that's the case here?

Comment author: dreeves 07 October 2011 02:35:36PM 5 points [-]

That's stupid of us to limit password size -- especially after all the "correct horse battery staple" discussion! [ http://xkcd.com/936 ]

But we're using the Devise module in Rails and definitely not storing in plaintext or anything too idiotic. Definitely need to change whatever stupid Devise default limits password length though. Thanks for pointing it out!

Comment author: bsoule 07 October 2011 02:45:10PM 10 points [-]

Fixed. No more limit. Correct away on your battery horse's staples.

Comment author: wedrifid 07 October 2011 01:41:45PM 2 points [-]

So I was wondering, if that's the case here?

The source code is public. Delve away.

When signing up, I was told the password I tried to use was too long (I have unique, randomly generated, passwords for each site I use). so I generated a < 20 chars password instead - however, password length limits around this size suggest that the site might be storing the passwords as plain text, rather than only storing a salted hash of the password.

It sounds like you have little to worry about even if the password storage is lax!

Comment author: dreeves 07 October 2011 02:39:39PM 2 points [-]

The source code is public. Delve away.

Oh, it's actually a private github repository currently. Talk to us if you want access to it though!

Comment author: dreeves 17 October 2011 04:20:00PM *  0 points [-]

Just occurred to me you may have been thinking of TagTime, which is indeed open source: http://github.com/dreeves/TagTime

Comment author: Alexei 07 October 2011 08:54:00PM 2 points [-]

For the 'Slug' value I entered "Sleep" and I was told only letters and numbers could be used. I entered "sleep" and it worked.

Comment author: dreeves 07 October 2011 09:58:35PM 1 point [-]

Ha, oops! On it; thanks so much for the bug report!

Powered by Reddit Powered by Reddit