Comment On Disowned by Driver

This Trixbox stuff is all Greek to me.

Are those the navigation buttons the pilots use to fly their Air Canada Jumbo Jets?

...soap opera intended for robots.

It must be one of those sexy, hot-and-steamy Soaps.
Why else would you have deodorant by the TV?!

The "broken English" one requires just a single "by" to be well-formed, if a little technical.

The soap opera is so 2005.

Someone You Know:

This Trixbox stuff is all Greek to me.

"..but those that understood him smiled at one another and shook their heads; but, for mine own part, it was Symbol font to me." - William Shakespeare (sort of).

First line reads:

Enhanced features on the web-based GUI dashboard.

Etc.

http://blogmiel.blogspot.com

They surely used the Air Canada plane that fell 5000feets in the air. So that was the whole problem of this flight....lol

"Buttons aren't toys" .. Zaphod Beeblebrox

How long till some says "JavaScript Error Girl forever" ?
Well, I guess I just said it.

Also, first post rules!

Enhanced features on the web-based GUI dashboard
Improved interface network card compatibility
Enhanced Endpoint Manager (added support for Polycom and Linksys
phones)
Network Configuration tools
Service Provider Wizards
Other cool productivity tool such as FreePBX, FOP, and HUDlite.

Good features.

i would totally write the features in another language. that way, if someone complained why they weren't getting some features, i could say, "Sorry, those features are only available to greek people. didn't you read the list???"

captcha: that's not a lowercase 'l' it's an uppercase 'I'. sorry!

Τηισ ψομμεντ ισ ςριττεν τηε σαμε ςαυ ασ τηε νες φεατθρεσ οφ τριχβοχ, ςιτη φανψυ ανδ βαρελυ ρεαδαβλε Γρεεκ λεττερσ

Dear web developers,

DO NOT USE COOKIES OR SESSION STATE TO TRACK WHERE THE USER IS IN THE APPLICATION. Instead use hidden fields in the page they're actually working on. This allows the user to use the browser's navigation buttons to move between pages.

My bank's online banking site does this as well and it's really annoying.

The Air Canada thing makes sense once you realise that there was a law suit not all that long ago between them and one of their competitors.

The competitor had been screen scraping one of their websites (admittedly an employee only one that n ex-employee still had legitimate access to) so they could undercut Air Canada's prices and determine "fullness" of Air Canada's planes.

This could be a way of preventing you from doing the same thing on the public website (even manually). "Oh, you've checked this flight N times in this session. Must be a screen scraper. 'Bring out the boiling oil boys!!!'"

Mike Dimmick:

Dear web developers,

DO NOT USE COOKIES OR SESSION STATE TO TRACK WHERE THE USER IS IN THE APPLICATION

I've never understood why they do it. It seems to be banks that are the main culprits IME (IIRC, smile.co.uk will require you to log in again (with the 15 pages of not-really-two-factor login details) if you press the Back button just once). Maybe they think it's more secure or something. Quite how storing application state in cookies is more secure than storing a logged in session ID in cookies (which IS a good idea) is beyond me.

It's generally easier to use hidden form fields rather than session data anyway. Maybe their 'HTML for dummies' book didn't include hidden form fields (after all, what use are they? - they're hidden).

soap opera intended for robots

You mean "All my circuits"? No way there are human actors in that one

Mike Dimmick:

Dear web developers,

DO NOT USE COOKIES OR SESSION STATE TO TRACK WHERE THE USER IS IN THE APPLICATION. Instead use hidden fields in the page they're actually working on. This allows the user to use the browser's navigation buttons to move between pages.

My bank's online banking site does this as well and it's really annoying.

Dear Mike Dimmick,

Thank you for writing to Web Development, Inc. We've heard many concerns from web-savvy web surfers like you. Our new policy is to use hidden fields in the web page instead of cookies to track user state.

Please visit our new web page. Here is some sample HTML code from the page (look ma, no cookies!):

<form action="http://www.webdevinc.com/" method="post">
<input type="hidden" name="mike_visa_card" value="4123412341234123">
<input type="hidden" name="mike_address" value="101 Acme Rd.">
<input type="hidden" name="mike_state" value="NE">
<input type="hidden" name="mike_city" value="Omaha">
<input type="hidden" name="mike_phone" value="555-1212">
</form>

Our system administrator hasn't figured out the whole SSL certificate thing yet, and the boss doesn't want the security warning to pop up in Internet Explorer, so http is alright by you, isn't it?

Sincerely,

Reggie X. Pression
Web Development, Inc.

John T:

"Buttons aren't toys" .. Zaphod Beeblebrox

"Two heads are better than one!"

T $:

Enhanced features on the web-based GUI dashboard
Improved interface network card compatibility
Enhanced Endpoint Manager (added support for Polycom and Linksys
phones)
Network Configuration tools
Service Provider Wizards
Other cool productivity tool such as FreePBX, FOP, and HUDlite.

Good features.

And translation from Venusian!

Mike Dimmick:

Dear web developers,

DO NOT USE COOKIES OR SESSION STATE TO TRACK WHERE THE USER IS IN THE APPLICATION. Instead use hidden fields in the page they're actually working on. This allows the user to use the browser's navigation buttons to move between pages.

My bank's online banking site does this as well and it's really annoying.

It's actually so that if you log in to online banking from a public pc, the next person can't just use the browser's history to get into your account, and steal all your money.

Sad Bug Killer:

soap opera intended for robots

You mean "All my circuits"? No way there are human actors in that one

Fry: So, who's that weird-looking guy?
Bender: That's a human.
Fry: What's he do?
Bender: Eh, the usual human stuff. He laughs, he learns, he loves.
Fry: Boring.

Looks like a pretty ordinary website bug from "Webcity". Report the bug to the site's webmaster and stop boring us with this trivial crap.

I work for a company that provides digital TV service through a Motorola settop box and I am very used to seeing those exact JavaScript error messages. The settop has a web browser built into that's overlaid over the video feed. All of the interactive menus and video on demand pages are script heavy web pages.

The settop has a nasty habit of truncating URLs or only compiling partial script files so errors like this are pretty common place.

Domster:

The "broken English" one requires just a single "by" to be well-formed, if a little technical.

"attempt to disowned by" doesn't mix tense?

Thief^:

It's actually so that if you log in to online banking from a public pc, the next person can't just use the browser's history to get into your account, and steal all your money.

If somebody accesses his online banking from a public PC, he deserves to have someone break into his account and steal all his money.

Mike Dimmick:

Dear web developers,

DO NOT USE COOKIES OR SESSION STATE TO TRACK WHERE THE USER IS IN THE APPLICATION.

A coworker recently asked me how to prevent IE from opening two windows pointing to the application he was developing, as it would not work. I suggested he could be abusing cookies, but he refused to listen...

T $:

Enhanced features on the web-based GUI dashboard
Improved interface network card compatibility
Enhanced Endpoint Manager (added support for Polycom and Linksys
phones)
Network Configuration tools
Service Provider Wizards
Other cool productivity tool such as FreePBX, FOP, and HUDlite.

Good features.

You beat me.
:-)

soap opera intended for robots

If it was really a SOAP opera, there'd be XML on the screen.

Ah, I couldn't resist...

Wow, what are the odds that so many tickets have been created that yours is 95 random characters long AND conveniently create a complete, meaningful, though technical, complete phrase. :-O

Heh. I can actually read the gibberish of trixbox.
It says:

-Enhanced features on the web-based GUI dashboard
-Improved interface network hard compatibility (??)
-Enhanced Endpoint Manager (added support for Polycom and Linksys phoues (?))
-Network Configuration tools
-Service Provider Wizards
-Other cool productivity tools such as FreePBJ, FOP, and CYDlite

Maybe they were targeting Greek customers.

pff, second :P

ounos:

Heh. I can actually read the gibberish of trixbox.
It says:

-Enhanced features on the web-based GUI dashboard
-Improved interface network hard compatibility (??)
-Enhanced Endpoint Manager (added support for Polycom and Linksys phoues (?))
-Network Configuration tools
-Service Provider Wizards
-Other cool productivity tools such as FreePBJ, FOP, and CYDlite

Maybe they were targeting Greek customers.

It doesn't look like real Greek to me; it looks like English text formatted with the Symbol font...

Pyro:

Τηισ ψομμεντ ισ ςριττεν τηε σαμε ςαυ ασ τηε νες φεατθρεσ οφ τριχβοχ, ςιτη φανψυ ανδ βαρελυ ρεαδαβλε Γρεεκ λεττερσ

Δεν καταλαβενο Ελλινικα. Mowi po Angelsku?

That Air Canada error has actually happened to me a couple of times. It's a pretty bad site overall.

Reggie X. Pression:

Dear Mike Dimmick,
Thank you for writing to Web Development, Inc...

Thief^:

It's actually so that if you log in to online banking from a public pc, the next person can't just use the browser's history to get into your account, and steal all your money.

I think there's confusion here.

There are TWO separate issues, one which needs to be via session data, once which needs to be via page data.

Sessions: Are you logged in? What's your sensitive information?
Pages: What are you trying to do right now? What step are you on?

You use page data to determine if they're on (#4: Confirm Credit Card payment) and you store whatever needs to be cached in the session data (Credit card number).

If the expected cached data in the session doesn't exist, it's perfectly okay to toss an error and throw them back to the page where they have to enter it until some point where everything is sane.

JiP:

Are those the navigation buttons the pilots use to fly their Air Canada Jumbo Jets?

Great idea! I'm going to start putting random compass directions on my navigation buttons.

It's not easy to write a good web-app that can cope with the fact that users jump frompage to page randomly, but that's why they pay us the big bucks.

Oh, wait, I'm sorry, they pay us so much so we can use default templates from the framework du jour and then whine that it's "impossible" to deal with complex issues like a "back button".

Obviously trixbox is using SCO style obfuscation

ounos:

Heh. I can actually read the gibberish of trixbox.
It says:

-Enhanced features on the web-based GUI dashboard
-Improved interface network hard compatibility (??)
-Enhanced Endpoint Manager (added support for Polycom and Linksys phoues (?))
-Network Configuration tools
-Service Provider Wizards
-Other cool productivity tools such as FreePBJ, FOP, and CYDlite

Maybe they were targeting Greek customers.

As decrypted above, that's a nu, not an upsilon, in "phones."

This is probably the most astonishing WTF I have ever seen on this site. Joel on Software has a current article on Toyota's "Five Whys," and in this case, I think I'll boil it down to its essence.

Why? Why? Why? Why? Why?

The simple one is, why did it go so obviously wrong in the first place?

The second one is, why Greek?

The third one is, how can you not notice this with the most basic of system tests? (ie calling up your own page.)

The fourth one is, why would anyone create a one-for-one mapping between the Greek alphabet and the Latin alphabet? (Leaving aside the fact that this is impossible, because 24 doesn't go into 26.) I mean, I know there's one out there, because I've looked before, and I thought it was the most incredibly dumb thing I'd seen in a long time. But: why?

And the fifth thing is that it's a rubbish mapping. Ignoring which of omicron or omega one would pick for the letter 'o', the idea of using a chi as a 'c' -- I mean, if you have to, use a kappa, and use the chi for 'k' -- is horrible. I note that omega is (ab)used for for both 'w' and 'v', so it's not beyond the bounds of reason to use kappa twice for what is generally the same sound. As for the 'h' ... well, words fail me. I know you can't stitch a rough breathing into the middle of a word, but an eta? This is basically Greek letters as crayon talk.

And it's even worse when considered as modern Greek.

Excellent WTF.

Seeing that they choose a greek font to write their (five) bullet points, I'd rather say they had a shot a an insider joke, referring to SCO (IIRC) who published their alledged findings of copyright violations in the Linux Kernel in exactly this kind of Pseudo-Greek-Script at a press conference to obfuscate the actual content (because of the ongoing law-suit, and them not being allowed/wanting to disclose their sources just yet at that time). Search the web for a photograph of the slide; there were some people who tried to "decode" that, and came up with interesting nonsense of a copyright violation.

It was dumb when SCO did it, but I had a chuckle when I saw that screenshot (and it seems that the trixbox version that was advertised wasn't out yet, so that they still had some form of reason to obfuscate the actual improvements).

Πολύ καλός.

In English: Poli Kala!

The forward/back thing is hardly a WTF.
Some sites use a pointer to a row in the database, instead of a long query string in the URL.

Like this: http://site.com/path/?p=397262
instead of http://site.com/path/?key1=value1&key2=value2&key3=value3&key4=value4

Renan_S2:

ounos:

Heh. I can actually read the gibberish of trixbox.
It says:

-Enhanced features on the web-based GUI dashboard
-Improved interface network hard compatibility (??)
-Enhanced Endpoint Manager (added support for Polycom and Linksys phoues (?))
-Network Configuration tools
-Service Provider Wizards
-Other cool productivity tools such as FreePBJ, FOP, and CYDlite

Maybe they were targeting Greek customers.

It doesn't look like real Greek to me; it looks like English text formatted with the Symbol font...

He just fucking translated it you goof!

Reggie X. Pression:

Mike Dimmick:

Dear web developers,

DO NOT USE COOKIES OR SESSION STATE TO TRACK WHERE THE USER IS IN THE APPLICATION. Instead use hidden fields in the page they're actually working on. This allows the user to use the browser's navigation buttons to move between pages.

My bank's online banking site does this as well and it's really annoying.

Dear Mike Dimmick,

Thank you for writing to Web Development, Inc. We've heard many concerns from web-savvy web surfers like you. Our new policy is to use hidden fields in the web page instead of cookies to track user state.

Please visit our new web page. Here is some sample HTML code from the page (look ma, no cookies!):

<form action="http://www.webdevinc.com/" method="post">
<input type="hidden" name="mike_visa_card" value="4123412341234123">
<input type="hidden" name="mike_address" value="101 Acme Rd.">
<input type="hidden" name="mike_state" value="NE">
<input type="hidden" name="mike_city" value="Omaha">
<input type="hidden" name="mike_phone" value="555-1212">
</form>

Our system administrator hasn't figured out the whole SSL certificate thing yet, and the boss doesn't want the security warning to pop up in Internet Explorer, so http is alright by you, isn't it?

Sincerely,

Reggie X. Pression
Web Development, Inc.

Wow... what do you call a dumbass geek who just wasted all that time being a sarcastic douche that got it all wrong? The "not using cookies or sessions" was referring to the state or location that the user is at, not the actual data. And if there was no SSL, what is the difference between POSTing the data the first time and keeping it in the post data throughout the application cycle in relation to the possibility of getting data sniffed?

DeLos:

Domster:

The "broken English" one requires just a single "by" to be well-formed, if a little technical.

"attempt to disowned by" doesn't mix tense?

He meant "be", as in:
"attempt to be disowned by"

real_aardvark:

The simple one is, why did it go so obviously wrong in the first place?

The second one is, why Greek?

The third one is, how can you not notice this with the most basic of system tests? (ie calling up your own page.)

The fourth one is, why would anyone create a one-for-one mapping between the Greek alphabet and the Latin alphabet? (Leaving aside the fact that this is impossible, because 24 doesn't go into 26.) I mean, I know there's one out there, because I've looked before, and I thought it was the most incredibly dumb thing I'd seen in a long time. But: why?

And the fifth thing is that it's a rubbish mapping. Ignoring which of omicron or omega one would pick for the letter 'o', the idea of using a chi as a 'c' -- I mean, if you have to, use a kappa, and use the chi for 'k' -- is horrible. I note that omega is (ab)used for for both 'w' and 'v', so it's not beyond the bounds of reason to use kappa twice for what is generally the same sound. As for the 'h' ... well, words fail me. I know you can't stitch a rough breathing into the middle of a word, but an eta? This is basically Greek letters as crayon talk.

And it's even worse when considered as modern Greek.

Questions 1 and 3 I can't answer... they're just seriously odd, and that's why it's a WTF.
But for the rest, you need look no further than the Symbol font. It dates back to a time when Unicode didn't exist yet, and people wanted to have some Greek characters in English text (it's not useful for actually typing in Greek... just for, eg, maths, where you want to use Greek letters from time to time).

For the specific part of point 4 that you talk about the 24 Greek letters vs 26 Latin letters... J and V are left over after mapping the letters, so they're used for other things - capital and lowercase J are alternate handwritten-ish forms of theta and phi, capital V is a final sigma, and lowercase V is an alternate omega (hence the overlap you mentioned between V and W, which is the standard omega, probably just because a lowercase omega resembles a w). Remember that the mapping wasn't designed for transcription of actual Greek, but rather just to have the symbols available for those that needed them... so the mapping could be arbitrary at times, mapping eta and omega to H and W based solely on their shape, for example. What does it matter to the average Physicist that using H to map to eta doesn't make linguistic sense? As long as he can talk about his precious viscosity, he doesn't care.

real_aardvark:

And the fifth thing is that it's a rubbish mapping. Ignoring which of omicron or omega one would pick for the letter 'o', the idea of using a chi as a 'c' -- I mean, if you have to, use a kappa, and use the chi for 'k' -- is horrible. I note that omega is (ab)used for for both 'w' and 'v', so it's not beyond the bounds of reason to use kappa twice for what is generally the same sound. As for the 'h' ... well, words fail me. I know you can't stitch a rough breathing into the middle of a word, but an eta? This is basically Greek letters as crayon talk.

And it's even worse when considered as modern Greek.

The text is not mapped at all, it's just for some reason displayed with the font Symbol. Allthough it contains greek letters, symbol is intended for use as symbols math and physics. The mapping is intentionally "wrong", english latin doesn't have two 'o' letters but it has 'w' wich greek doesn't etc., the letters are forced into the A to Z range to be easily accessed on a english latin keyboard. Complaining about the mapping of symbol is like complaining about the mapping of wingdings.

Actually the symbol mapping is close enough to greek so that a greek reader (who understand the language written with symbol) would immediately understand it without knowledge about the font and its quirky mapping. So do NOT use symbol as "random greek" text!

What if you are in a town, and the only place you can access the internet is by using internet cafe

Welcome to 3rd world country

Geneticfreak:

What if you are in a town, and the only place you can access the internet is by using internet cafe

Then you log out of the online banking after visiting your bank.

The authentication details should be stored in cookies, which should be destroyed by you logging out.

There may be cached pages showing what you did on the PC, but they'd be there anyway, and that depends whether the browser caches https pages (most don't AIUI). But, those pages wouldn't let someone else into your online banking - they wouldn't store your session ID.

We're talking about people who store which PAGE you're on in a session, rather than authentication details.

Having thought a bit more, I suppose that storing which page you're on makes it harder for someone to access your session if you don't log out afterwards - but then you deserve what you get if you don't log out (or clear all cookies, which is what I do) after going to your online bank from a public PC.

dcardani:

Pyro:

Τηισ ψομμεντ ισ ςριττεν τηε σαμε ςαυ ασ τηε νες φεατθρεσ οφ τριχβοχ, ςιτη φανψυ ανδ βαρελυ ρεαδαβλε Γρεεκ λεττερσ

Δεν καταλαβενο Ελλινικα. Mowi po Angelsku?

Čo s tou blbosťou? Zatraťený život...

All I can guess is that the bullet-list used some rare font which the OP's machine didn't have on it, and the "look for something in the same font-family" routine kicked in. How that came up with Symbol though, is anyone's guess. WTF? Or indeed, ČDP?