this post was submitted on 19 Jan 2026

401 points (99.3% liked)

Programmer Humor

28609 readers

2032 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

Feyter@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev

pylapp@programming.dev

401

Mo Validation Mo Problems (lemmy.world)

submitted 2 days ago* (last edited 15 hours ago) by qaz@lemmy.world to c/programmer_humor@programming.dev

61 comments fedilink hide all child comments

...

top 50 comments

sorted by: hot top controversial new old

[–] GreenKnight23@lemmy.world 2 points 6 hours ago

I've done this before. it's funny when the users are all, "why??!" and to respond with, "because you asked for it!"

[–] Wolfram@lemmy.world 4 points 18 hours ago

Prismlauncher! I remember browsing through the changelog and spotting this, made me chuckle internally.

[–] mogranja@lemmy.eco.br 41 points 1 day ago (3 children)

I hate when websites have some weird rules for passwords, and show the rule when you are creating the password, but not when entering it. How am I supposed to remember the password must begin and end with a special character?

[–] FooBarrington@lemmy.world 33 points 1 day ago (1 children)

I can't recommend password managers enough, because you will never have this issue again.

[–] wasabi@feddit.org 7 points 1 day ago (1 children)

Password creation will still be annoying for sites with special rules. You just don't have to remember them once you generated them.

[–] FooBarrington@lemmy.world 4 points 1 day ago (2 children)

I've literally never had an issue with password generation. Usually I generate 32 character passwords with all types of characters passwords on average expect. If a page has different rules, I just check the corresponding boxes in my password manager, and I get one that works for that site.

[–] wasabi@feddit.org 1 points 9 hours ago (1 children)

I've had a couple sites that required you to have special characters but some special characters were blacklisted.

[–] FooBarrington@lemmy.world 2 points 8 hours ago

In that extremely rare case I just delete the offending characters from my long generated password or add a couple randomly.

[–] bestboyfriendintheworld@sh.itjust.works 2 points 20 hours ago (1 children)

Just yesterday my library required a new password. The password requirements were:

8 to 18 characters
uppercase
lowercase
number
one of the 8 special characters listed

When borrowing from the library physically, I need to enter this password on a touchscreen keypad. So no copy and paste from a password manager.

They used to have birthdates as the assigned password for everyone. If you request a password reset, it resets to the birthdate. You have to change it on first login.

A little better than before, but doesn’t feel secure.

On the other hand, abuse is kinda difficult.

For physically loaning books, you need the library card with its RFID chip. For anything digital, there’s no incentive or possibility for abuse really.

[–] FooBarrington@lemmy.world 1 points 19 hours ago

Seems like a perfect use case for a password manager.

[–] protogen420@lemmy.blahaj.zone 17 points 1 day ago* (last edited 21 hours ago) (3 children)

and when the rule is also wrong example: password must contain special charcters

the password in question contained : and ^

if those aren't special characters idk what is

[–] fibojoly@sh.itjust.works 6 points 1 day ago

I never get bored of discovering yet another software that gets broken because someome put a dollar sign in their password...

[–] sus@programming.dev 12 points 1 day ago* (last edited 1 day ago) (2 children)

maybe they were looking for extra special characters like 🁄 or ⶸ. Who am I kidding, RFC 1738 tells us that literally everything is unsafe and you know, we need to prepare for the inevitable occasion when the password somehow ends up inside an URL.

The characters "<" and ">" are unsafe because they are used as the delimiters around URLs in free text;
the quote mark (""") is used to delimit URLs in some systems.
The character "#" is unsafe
The character "%" is unsafe

It ends up with

Thus, only alphanumerics, the special characters
$ - _ . + ! * ' ( ) ,
are safe

[–] planish@sh.itjust.works 4 points 18 hours ago

If the password is going in URLs you already have a problem.

[–] protogen420@lemmy.blahaj.zone 5 points 21 hours ago (1 children)

I am going put null on my password and you aren't stopping me

[–] Baizey@feddit.dk 1 points 2 hours ago

Also [object Object] is always a classic to mess with any js

[–] bestboyfriendintheworld@sh.itjust.works 0 points 20 hours ago (1 children)

Often only a few special characters are accepted. Punctuation yes, emoji no.

[–] topherclay@lemmy.world 2 points 17 hours ago

"Punctuation yes, emoji no" sounds like something a grade school teacher would have embroidered on a throw pillow.

[–] AceOnTrack@lemmy.blahaj.zone 7 points 1 day ago (2 children)

Having to alter my one generic password I use for random ass website because there's a stupid extra rule is usually annoying me enough that I don't register lmao.

[–] YellowTraveller@lemmy.zip 17 points 1 day ago (4 children)

Password manager?

load more comments (4 replies)

load more comments (1 replies)

[–] ooterness@lemmy.world 210 points 2 days ago* (last edited 2 days ago) (8 children)

Jokes aside, I have been blocked many times by overzealous email validation. Yes, my email has a plus sign in it. This is allowed under RFC5322, so deal with it. It is better to have no validation at all than incorrect validation.

[–] kossa@feddit.org 10 points 23 hours ago

That was my best customer support interaction ever. Company did not let me register with a "new" TLD email address, as "this is not a valid email address". I wrote them from that email address. They respondend to that email address with "this is not a valid address". I wrote back "how are we writing, then?" and never heard back 😂

[–] elvith@feddit.org 198 points 2 days ago* (last edited 2 days ago) (3 children)

A plus sign? That's nothing, LOL

Quote:

If you disagree, or have any other comments, feel free to email me at
'*+-/=?^_`{|}~#$@[IPv6:2602:f977:800:0:e276:63ff:fe72:3900]
-- if your mail client lets you, that is.

[–] boonhet@sopuli.xyz 46 points 2 days ago (1 children)

I like this issue in the form of a quiz

[–] mech@feddit.org 14 points 1 day ago* (last edited 1 day ago)

TIL:
🫱@🫲
is a valid e-mail address.

[–] erer@lemmy.zip 4 points 1 day ago (1 children)

I dont know if it's just me, but this comment is breaking the rendering of Voyager

[–] elvith@feddit.org 3 points 1 day ago

I needed to use a code block for that address as several apps had a problem when I tested escaping the back ticks in the address for the inline code. Not sure if you mean that as it renders in it's own line or if anything else is broken

load more comments (1 replies)

[–] douglasg14b@lemmy.world 33 points 2 days ago (2 children)

Even worse is when they strip the plus sign out after the fact and then you can't log in anymore because you didn't realize that's what has happened.

[–] dogs0n@sh.itjust.works 10 points 1 day ago

Yees this has happened to me before but with passwords. They have some length limit that they clamp to so you can't login after registering and I have to do a password reset right after signing up. Happened multiple times to me.

[–] filcuk@lemmy.zip 14 points 2 days ago

This is criminal. You already send me a validation email, just check for an @ and leave me be

[–] gegil@sopuli.xyz 84 points 2 days ago (2 children)

The best email validation is just sending an email to whatever provided by the user. If user receives an email and validates it, than its validated.

[–] bestboyfriendintheworld@sh.itjust.works 1 points 20 hours ago (2 children)

Email validation for a form should at most look for

at least one character
followed by @
followed by at least one character
followed by .
followed by at least two characters

Sending an email can take a few minutes. Form validation is instant.

[–] JohnEdwa@sopuli.xyz 2 points 16 hours ago

Which would still not be perfect because "foo@bar", "foo@[123.123.123.123]" and "💩 @[IPv6 :::1]" are all technically valid email addresses.

It looks like the only validation that doesn't block something valid pretty much would start and end at "It has at least one @ symbol, and something on both sides".

[–] planish@sh.itjust.works 1 points 18 hours ago

So I can't be directly bezos@aws?

[–] kunaltyagi@programming.dev 12 points 1 day ago

Email address spec is convoluted and this is indeed the best way. Noobs and ninja do it this way, normies try to validate before sending email

[–] dfyx@lemmy.helios42.de 61 points 2 days ago (1 children)

The worst sites are the ones that let you sign up with an unusual address but not log in. The worst I‘ve seen was some ticket system that rejected dfyx+theirdomain@mydomain after I clicked the link in their confirmation email.

[–] FishFace@piefed.social 18 points 2 days ago (1 children)

There's an aspect of my surname which is somewhat unusual (at least in my country). As a result I occasionally get form validation errors when entering it. Sometimes those errors are extremely inscrutable. Sometimes a form validates but something elsewhere makes unvalidated assumptions about names which then breaks in completely unpredictable names...

[–] TurtleTourParty@midwest.social 17 points 2 days ago (2 children)

Does it fall into one of the falsehoods programmers believe about names? https://www.kalzumeus.com/2010/06/17/falsehoods-programmers-believe-about-names/

load more comments (2 replies)

[–] SmoothLiquidation@lemmy.world 30 points 2 days ago (1 children)

I had a website not let me enter a proton.me email address, when I changed it to my custom.fyi address, it worked fine. They wanted a three letter TLD.

[–] Scrollone@feddit.it 14 points 2 days ago

No, I think they just blocked Proton email addresses. I've seen multiple services doing that.

[–] traxex@lemmy.dbzer0.com 13 points 2 days ago (2 children)

Not sure if you also do aliases as well but I’ve seen an increase in websites flagging providers like addy.io as well. Extremely annoying that so many websites think they are so important that they refuse an alias.

[–] borari@lemmy.dbzer0.com 10 points 2 days ago

I had a site refuse my email address for my .net domain. Like wtf, if it’s not .com it’s not a real email address? Idk what that was about.

[–] grendel84@tiny.tilde.website 7 points 2 days ago

@traxex
@ooterness

migadu has a cool workaround.

instead of:
alias+user@domain.tld

you give:
alias@user.domain.tld

then internally it transforms it to an alias when it comes in.

load more comments (1 replies)

[–] dohpaz42@lemmy.world 64 points 2 days ago* (last edited 2 days ago) (3 children)

The issue this is referring to is because the user cannot paste into a text field. And the user was not rude about it either.

So instead of fixing the actual problem, the developer went nuclear and removed the validation. A dick move in my opinion given the developer’s attitude.

~It’s more sad than funny. 🤷‍♂️~

[–] theit8514@lemmy.world 25 points 2 days ago (1 children)

IMO as a developer this is a sane change. There's no telling when the format of the first-party api key will change. They may switch from reference tokens to JWT tokens tomorrow. The validation should be using the token and seeing if it works.

load more comments (1 replies)

[–] wheezy@lemmy.ml 10 points 2 days ago (1 children)

I don't know what that repo does. But, chances are the dude was just fucking tired of dealing with curseforge. Total garbage scum software.

load more comments (1 replies)

[–] Phoenix3875@lemmy.world 12 points 2 days ago

So the users realized their mistakes and stopped complaining……and other jokes public project maintainers tell themselves while laughing in tears

load more comments