I presume that the code was tested for various cases where there was at least one previous password on record, but everyone forgot about new users with no previous passwords. However I’m having trouble imagining what the code could actually be doing.

I can only imagine a dynamically typed language, and a “checkedPasswords” variable being declared but uninitialized, then a loop incrementing that variable for each non-similar password pulled from the records, and finally a check to see if checkedPasswords equals the number of stored previous passwords.

The execution environment could type and initialize the variable by default after the first increment, but in the case of the user having no previous passwords on record that wouldn’t happen, and the final equivalency check would be comparing an integer to some internal “NaN” state, thus failing.

I fixed it, but that is weird. I originally thought it had a double “r”, but I looked it up to check and I’d swear that the results spelled it with only one. Now I check again and it’s a double “r”.

Must be arrabbiata, 'cause it’s got quite a burn.

It’s the first law that I’m aware of that legally requires an automated system that you own and operate to snitch on you at any time, to anyone who asks, without asking your permission.

For the moment, it only has to report a piece of data that you are free to lie about. For the moment.