• faoileag (unregistered)

    Security question = "Am I frist?"

  • (cs)

    ENTRY_COMMENT_TEXT

  • Cheong (unregistered)

    The NTPClient one is classic. Who knows when they'll get around the corner to set the message back to second, or to display minutes actually?

    Hope that it can be done before 2020.

  • QJo (unregistered)

    "... you may use the delivery address of friend, or relative, or other address in the USA or Canada ..."

    Barack Obama The White House 1600 Pennsylvania Avenue, NW Washington DC 20500

  • faoileag (unregistered)

    Is Stephan really ready for a trip to East Berlin? Or is an online dating site registration form asking him if he is from East Germany?

  • Iggy (unregistered) in reply to Cheong
    Cheong:
    The NTPClient one is classic. Who knows when they'll get around the corner to set the message back to second, or to display minutes actually?

    Hope that it can be done before 2020.

    no i cannot be done in 2020, so it will be done sometime in 2036 if i count right.

    to whom believes a server installation lasts so long

  • (cs)

    that big error came from 2012... that is some backlog they are working through

  • faoileag (unregistered)

    Then again, adding "East Germany" to their countries list isn't the biggest wtf on that dating site registration form.

    Note that both landline and mobile phone numbers are mandatory and read this gem from their EULA (or whatever it is): "which includes receiving ... a phone call, pre-recorded call from us or trusted third-parties marketing partners"

    As if. Now, where again was that 40+ party you mentioned taking place this saturday?

  • Ziplodocus (unregistered)

    42 is the answer, but what is the question?

  • faoileag (unregistered)

    And finally, if you’re an DWTF_Site, you can't just use a submission. You need to make sure that only the right sort of caption is used, and the best way to do that is...

    Don't look too close at the submission in case it gets in the way of your embellishment.

    That screenshot is the "About this site" page of Yale University School of Art - the "Admissions" page works nicely.

    This beggars the question: the "About this site" page - is it really an error? Or is it art?

  • faoileag (unregistered) in reply to Ziplodocus
    Ziplodocus:
    42 is the answer, but what is the question?
    Phone conversation: user: I can't remember my password! helpdesk: No problem. Have you filed a security question? user: Yes! helpdesk: Right... the answer is 42. Please tell us the question. user: How shall I know? helpdesk: No, that's not it.
  • (cs)

    I was under the impression that Windows' message boxes did word wrap automatically... But maybe they decided to reinvent the wheel and implement their own buggy word wrap algorithm.

  • Ziplodocus (unregistered) in reply to faoileag
    faoileag:
    Ziplodocus:
    42 is the answer, but what is the question?
    Phone conversation: user: I can't remember my password! helpdesk: No problem. Have you filed a security question? user: Yes! helpdesk: Right... the answer is 42. Please tell us the question. user: How shall I know? helpdesk: No, that's not it.

    More along the lines of

    user: I can't remember my password! helpdesk: No problem. What is the answer to your security question? user: 42! helpdesk: Right... Please wait 3473457 minutes while we generate your question.

  • Ruben (unregistered)

    The Yale application is for the arts department. It's a loop of ironic self-referentiality that some arts student introduced into the wiki. Untangle the knot of self-awareness to transcend the application error.

  • (cs) in reply to faoileag
    faoileag:
    Then again, adding "East Germany" to their countries list isn't the biggest wtf on that dating site registration form.

    Note that both landline and mobile phone numbers are mandatory and read this gem from their EULA (or whatever it is): "which includes receiving ... a phone call, pre-recorded call from us or trusted third-parties marketing partners"

    As if. Now, where again was that 40+ party you mentioned taking place this saturday?

    And if I were using such a site, entering my landline number would serve no purpose whatsoever (aside from letting me continue). I have two such numbers. One is a real POTS-over-copper number that doesn't even have a phone connected (directly) to it. The other is a phone-over-DSL number that has a phone attached. Of course, I never give the DSL phone number (nor the POTS number) to anybody, so the only incoming calls are wrong numbers and cold-calling marketeers and salesmen, so I never answer the DSL line. No, if you want to talk to me on the phone, you have to call my mobile. I guess I'd have to put my mobile number into both fields...
  • faoileag (unregistered) in reply to Steve The Cynic
    Steve The Cynic:
    And if I were using such a site, entering my landline number would serve no purpose whatsoever (aside from letting me continue). I have two such numbers. One is a real POTS-over-copper number that doesn't even have a phone connected (directly) to it. The other is a phone-over-DSL number that has a phone attached. Of course, I never give the DSL phone number (nor the POTS number) to anybody, so the only incoming calls are wrong numbers and cold-calling marketeers and salesmen, so I never answer the DSL line. No, if you want to talk to me on the phone, you have to call my mobile. I guess I'd have to put my POTS-over-copper number into both fields...
    There. FTFY.
  • faoileag (unregistered) in reply to Ziplodocus
    Ziplodocus:
    faoileag:
    Ziplodocus:
    42 is the answer, but what is the question?
    Phone conversation: user: I can't remember my password! helpdesk: No problem. Have you filed a security question? user: Yes! helpdesk: Right... the answer is 42. Please tell us the question. user: How shall I know? helpdesk: No, that's not it.

    More along the lines of

    user: I can't remember my password! helpdesk: No problem. What is the answer to your security question? user: 42! helpdesk: Right... Please wait 3473457 minutes while we generate your question.

    "Here I am, brain the size of a planet, and they ask me to wait 3473457 minutes for my security question!"
  • SeanC (unregistered) in reply to QJo
    QJo:
    "... you may use the delivery address of friend, or relative, or other address in the USA or Canada ..."

    Barack Obama The White House 1600 Pennsylvania Avenue, NW Washington DC 20500

    Phone number: 202 456 1414

  • huppenzuppen (unregistered)

    The first dilemma is exactly what I'm facing now with PayPal. They also require a security question, so I had to abandon that account and create a new one with a different E-Mail (you can only use every E-Mail and bank account/credit card once)

  • QJo (unregistered) in reply to huppenzuppen
    huppenzuppen:
    The first dilemma is exactly what I'm facing now with PayPal. They also require a security question, so I had to abandon that account and create a new one with a different E-Mail (you can only use every E-Mail and bank account/credit card once)

    I hate th way the meaning of the word "dilemma" has been diluted. It used to mean, loosely, a "difficult choice between two unattractive options".

    Now it's just a highfalutin word for "problem" used by people trying to make themselves sound cleverer and better educated than they are.

    I blame Frank Zappa for misusing the word egregiously in Big Leg Emma.

  • Riak (unregistered)

    I'm always worried by those Microsoft error messages that end with something like (0x800706E1). Does that mean they've already used up the first (0x800706E0) error messages?

    (0x0000FFFF) errors should be enough for anyone.

  • Peter (unregistered)

    I haven't forgotten a password in ten years, because I haven't remembered a password in ten years, except for the password to my password safe.

    Thus, security questions for password resets are useless to me.

    My security question (if they let me create my own) is usually: what is your password?

  • Scourge of programmers. (unregistered) in reply to Peter
    Peter:
    My security question (if they let me create my own) is usually: what is your password?

    That's kind of dumb, if you make the fairly reasonable assumption that they store the answers in plain text.

  • (cs) in reply to Riak
    Riak:
    I'm always worried by those Microsoft error messages that end with something like (0x800706E1). Does that mean they've already used up the first (0x800706E0) error messages?

    (0x0000FFFF) errors should be enough for anyone.

    The numbers are HRESULTs. Let's take this one apart

    0x80000000 indicates an error (YES) 0x40000000 if present would indicate a severe error (NO) 0x20000000 if present would indicate a customer-defined HRESULT as opposed to a Microsoft-defined one. (MS) 0x10000000 is reserved but if present would indicate a mapped NTSTATUS result (NO) 0x08000000 is reserved but if present would indicate a string message ID code. (NO) 0x07FF0000 is the zone indicating the "facility", here 7 == Win32 0x0000FFFF is the zone indicating the actual error code, here 0x6E1

    Searching for this one indicates that it means "The entry is not found", just like it shows in the picture.

  • Ted (unregistered)

    I use a password generator to spit out 16 characters of randomness. I use the same thing to generate answers to the password reset questions, since I don't want a hacker trying to reset my password to find that is much easier than guessing the actual password.

    Anyway I was on the phone with customer service, and it was evident that he could see my security question (What was your mother's maiden name?) and answer, because he said "Wow, your mother must have been quite a bitch."

  • MikeG (unregistered) in reply to Scourge of programmers.
    Scourge:
    That's kind of dumb, if you make the fairly reasonable assumption that they store the answers in plain text.
    Is that a reasonable assumption? Around here, we treat those security answers with the same respect (encryption) as the passwords.
  • foo AKA fooo (unregistered) in reply to Ted
    Ted:
    I use a password generator to spit out 16 characters of randomness. I use the same thing to generate answers to the password reset questions, since I don't want a hacker trying to reset my password to find that is much easier than guessing the actual password.

    Anyway I was on the phone with customer service, and it was evident that he could see my security question (What was your mother's maiden name?) and answer, because he said "Wow, your mother must have been quite a bitch."

    At which point I'd demand an excuse, hand-written, addressed to her full "name".

  • (cs) in reply to MikeG
    MikeG:
    Is that a reasonable assumption?
    Yes. You should make the same assumption when it comes to giving data to someone else to store that you should make about road users: everyone else is an idiot in a hurry.
  • (cs)

    real bad screen scrapping on the last two screen shots.

  • CrankyOldFart (unregistered)

    I don't understand why Michael's out of space error is a wtf. Seems perfectly fine to me, what am I missing?

  • ChagrinedOldFart (unregistered) in reply to CrankyOldFart

    Oh, I see it now.

  • Jim the Tool (unregistered)

    I had a problem with Google yesterday. I discovered I'd created an account with them last year. So I tried to log in to it (using the stored password). It then said something like "we don't recognise where you are trying to log in from - to stop hackers, we'll send you a login code to your phone number. What's your phone number?". I was all like? What the fuck? I never gave you my phone number, so how is me giving you a phone number going to stop the hackers? And I'm not about to give you fuckers a phone number now, just so I can log into this account I created and forgot about.

    The other option was providing my last known password (the only password the account had ever had... which I had saved in the password manager so I wouldn't get it wrong), and when I created the account, and when I last logged in. Oh, and who I had last email with that account.

    So I provide the answers the best of my abilities. And they don't let me in. (It's been 12 months, and I don't think I emailed anyone from that account.)

    Fuck 'em, I'll create another throw away account another time.

  • GladysBertrude (unregistered) in reply to faoileag
    faoileag:
    Steve The Cynic:
    And if I were using such a site, entering my landline number would serve no purpose whatsoever (aside from letting me continue). I have two such numbers. One is a real POTS-over-copper number that doesn't even have a phone connected (directly) to it. The other is a phone-over-DSL number that has a phone attached. Of course, I never give the DSL phone number (nor the POTS number) to anybody, so the only incoming calls are wrong numbers and cold-calling marketeers and salesmen, so I never answer the DSL line. No, if you want to talk to me on the phone, you have to call my mobile. I guess I'd have to put my POTS-over-copper number into both fields...
    There. FTFY.

    wait...... what's the alternative? non-VOIP POTS over fiber? Who actually did that?

  • Jay (unregistered) in reply to QJo
    QJo:
    huppenzuppen:
    The first dilemma is exactly what I'm facing now with PayPal. They also require a security question, so I had to abandon that account and create a new one with a different E-Mail (you can only use every E-Mail and bank account/credit card once)

    I hate th way the meaning of the word "dilemma" has been diluted. It used to mean, loosely, a "difficult choice between two unattractive options".

    Now it's just a highfalutin word for "problem" used by people trying to make themselves sound cleverer and better educated than they are.

    I blame Frank Zappa for misusing the word egregiously in Big Leg Emma.

    It could be worse. He could have had to utilize an enterprise paradigm.

  • Jay (unregistered) in reply to Steve The Cynic
    Steve The Cynic:
    Riak:
    I'm always worried by those Microsoft error messages that end with something like (0x800706E1). Does that mean they've already used up the first (0x800706E0) error messages?

    (0x0000FFFF) errors should be enough for anyone.

    The numbers are HRESULTs. Let's take this one apart

    0x80000000 indicates an error (YES) 0x40000000 if present would indicate a severe error (NO) 0x20000000 if present would indicate a customer-defined HRESULT as opposed to a Microsoft-defined one. (MS) 0x10000000 is reserved but if present would indicate a mapped NTSTATUS result (NO) 0x08000000 is reserved but if present would indicate a string message ID code. (NO) 0x07FF0000 is the zone indicating the "facility", here 7 == Win32 0x0000FFFF is the zone indicating the actual error code, here 0x6E1

    Searching for this one indicates that it means "The entry is not found", just like it shows in the picture.

    I've been in this business for 34 years. Back in the 1980s it made sense to have "error numbers". If your program failed, it just said "Error IEB0234098230" or whatever and you had to look it up in this gigantic book of error codes. They had to do that because a really really big computer might have 16K of RAM and 50 MB of hard drive space so storing the text of error messages on the computer was just not practical. Today I have more than 50 MB devoted to fonts. You can easily store meaningful error messages and give the user -- whether an actual ordinary mortal user or a programmer -- a meaningful error message. There's just no reason for the cryptic codes anymore.

  • (cs) in reply to Jay
    Jay:
    I've been in this business for 34 years. Back in the 1980s it made sense to have "error numbers". If your program failed, it just said "Error IEB0234098230" or whatever and you had to look it up in this gigantic book of error codes. They had to do that because a really really big computer might have 16K of RAM and 50 MB of hard drive space so storing the text of error messages on the computer was just not practical. Today I have more than 50 MB devoted to fonts. You can easily store meaningful error messages and give the user -- whether an actual ordinary mortal user or a programmer -- a meaningful error message. There's just no reason for the cryptic codes anymore.
    Yes but the user rightfully expects a localized error message. So when a user sends in a support call with an error message in suaheli or mandarin, wouldn't you agree that the code may provide helpful information to the programmer investigating the issue?

    If you check todays Error'd, there actually was a meaningful error message.

    Regarding that:

    Jay:
    Lee’s Windows install is going to make sure people don’t abuse the Network Time Protocol. It’ll try to update the clock sometime in 2020 and, if that fails, double the reattempt interval thereafter.
    FTFY!

    Addendum (2014-05-16 12:06): Sorry, the user in the second quote should have been Lee, not Jay!

  • Valued Service (unregistered) in reply to Riak
    Riak:
    I'm always worried by those Microsoft error messages that end with something like (0x800706E1). Does that mean they've already used up the first (0x800706E0) error messages?

    (0x0000FFFF) errors should be enough for anyone.

    No, it just means they can check the return code < 0, and know it is an error. Success codes are likely positive.

  • (cs) in reply to Jay
    Jay:
    Back in the 1980s it made sense to have "error numbers". If your program failed, it just said "Error IEB0234098230" or whatever and you had to look it up in this gigantic book of error codes.... There's just no reason for the cryptic codes anymore.
    Speaking as an interaction designer (yes, non-programmers read and love this site too!), I'd point out that the full-text error message is absolutely important and necessary, but the codes are really valuable as well. No matter what information you present to people at the time the error occurs, they're always going to come up with questions you didn't think of, and it's great to give them a unique identifier that they can plug into their search engine of choice to find information about that error. The gigantic book of error codes still exists but now it's online and user-generated.

    This is especially true in a multilingual context. A user can always copy and paste the text of the error messages and that may give them useful material--but only in the language it's written in. If that's not English then they're potentially missing out on a lot of useful information. The code gives them access to everything available about that error.

  • Ziplodocus (unregistered) in reply to Riak
    Riak:
    I'm always worried by those Microsoft error messages that end with something like (0x800706E1). Does that mean they've already used up the frist (0x800706E0) error messages?

    (0x0000FFFF) errors should be enough for anyone.

    FTFY

  • (cs) in reply to Jay
    Jay:
    Steve The Cynic:
    Riak:
    I'm always worried by those Microsoft error messages that end with something like (0x800706E1). Does that mean they've already used up the first (0x800706E0) error messages?

    (0x0000FFFF) errors should be enough for anyone.

    The numbers are HRESULTs. Let's take this one apart

    0x80000000 indicates an error (YES) 0x40000000 if present would indicate a severe error (NO) 0x20000000 if present would indicate a customer-defined HRESULT as opposed to a Microsoft-defined one. (MS) 0x10000000 is reserved but if present would indicate a mapped NTSTATUS result (NO) 0x08000000 is reserved but if present would indicate a string message ID code. (NO) 0x07FF0000 is the zone indicating the "facility", here 7 == Win32 0x0000FFFF is the zone indicating the actual error code, here 0x6E1

    Searching for this one indicates that it means "The entry is not found", just like it shows in the picture.

    I've been in this business for 34 years. Back in the 1980s it made sense to have "error numbers". If your program failed, it just said "Error IEB0234098230" or whatever and you had to look it up in this gigantic book of error codes. They had to do that because a really really big computer might have 16K of RAM and 50 MB of hard drive space so storing the text of error messages on the computer was just not practical. Today I have more than 50 MB devoted to fonts. You can easily store meaningful error messages and give the user -- whether an actual ordinary mortal user or a programmer -- a meaningful error message. There's just no reason for the cryptic codes anymore.

    I think my home computer had more RAM than your "really really big computer". No hard disk, though. How much data can fit on a c60 tape with FM encoding?

  • Klimax (unregistered) in reply to Jay
    Jay:
    Steve The Cynic:
    Riak:
    I'm always worried by those Microsoft error messages that end with something like (0x800706E1). Does that mean they've already used up the first (0x800706E0) error messages?

    (0x0000FFFF) errors should be enough for anyone.

    The numbers are HRESULTs. Let's take this one apart

    0x80000000 indicates an error (YES) 0x40000000 if present would indicate a severe error (NO) 0x20000000 if present would indicate a customer-defined HRESULT as opposed to a Microsoft-defined one. (MS) 0x10000000 is reserved but if present would indicate a mapped NTSTATUS result (NO) 0x08000000 is reserved but if present would indicate a string message ID code. (NO) 0x07FF0000 is the zone indicating the "facility", here 7 == Win32 0x0000FFFF is the zone indicating the actual error code, here 0x6E1

    Searching for this one indicates that it means "The entry is not found", just like it shows in the picture.

    I've been in this business for 34 years. Back in the 1980s it made sense to have "error numbers". If your program failed, it just said "Error IEB0234098230" or whatever and you had to look it up in this gigantic book of error codes. They had to do that because a really really big computer might have 16K of RAM and 50 MB of hard drive space so storing the text of error messages on the computer was just not practical. Today I have more than 50 MB devoted to fonts. You can easily store meaningful error messages and give the user -- whether an actual ordinary mortal user or a programmer -- a meaningful error message. There's just no reason for the cryptic codes anymore.

    You got both. And I suggest you look up when WinAPI got created...

  • C-Derb (unregistered) in reply to no laughing matter
    no laughing matter:
    So when a user sends in a support call with an error message in suaheli or mandarin, wouldn't you agree that the code may provide helpful information to the customer service representative who will thank you for bringing that error to their attention and immediately go back to Facebook after you hang up?
    FTFY
  • Valued Service (unregistered) in reply to Jay
    Jay:
    Steve The Cynic:
    Riak:
    I'm always worried by those Microsoft error messages that end with something like (0x800706E1). Does that mean they've already used up the first (0x800706E0) error messages?

    (0x0000FFFF) errors should be enough for anyone.

    The numbers are HRESULTs. Let's take this one apart

    0x80000000 indicates an error (YES) 0x40000000 if present would indicate a severe error (NO) 0x20000000 if present would indicate a customer-defined HRESULT as opposed to a Microsoft-defined one. (MS) 0x10000000 is reserved but if present would indicate a mapped NTSTATUS result (NO) 0x08000000 is reserved but if present would indicate a string message ID code. (NO) 0x07FF0000 is the zone indicating the "facility", here 7 == Win32 0x0000FFFF is the zone indicating the actual error code, here 0x6E1

    Searching for this one indicates that it means "The entry is not found", just like it shows in the picture.

    I've been in this business for 34 years. Back in the 1980s it made sense to have "error numbers". If your program failed, it just said "Error IEB0234098230" or whatever and you had to look it up in this gigantic book of error codes. They had to do that because a really really big computer might have 16K of RAM and 50 MB of hard drive space so storing the text of error messages on the computer was just not practical. Today I have more than 50 MB devoted to fonts. You can easily store meaningful error messages and give the user -- whether an actual ordinary mortal user or a programmer -- a meaningful error message. There's just no reason for the cryptic codes anymore.

    They come with messages. It's up to the programmer to display that.

    However, if you wanted to check the encoding of the error message, it still works this way.

    So, you get both. An error code with flags that tell information, and a friendly display message that you can show to the user if you so choose.

  • (cs)

    I've never understood placeholder text. It never has a purpose other than Error'd content.

  • Mighty Mo (unregistered) in reply to Riak

    The error codes have bit fields in them.

    //  Values are 32 bit values laid out as follows:
    //
    //   3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
    //   1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
    //  +---+-+-+-----------------------+-------------------------------+
    //  |Sev|C|R|     Facility          |               Code            |
    //  +---+-+-+-----------------------+-------------------------------+
    //
    //  where
    //
    //      Sev - is the severity code
    //
    //          00 - Success
    //          01 - Informational
    //          10 - Warning
    //          11 - Error
    //
    //      C - is the Customer code flag
    //
    //      R - is a reserved bit
    //
    //      Facility - is the facility code
    //
    //      Code - is the facility's status code
    //
    //
    
  • (cs)

    About a year before I went to work for a company in 1980, they had experimented with a very different method of logging into their computer.

    They replaced the login program with their own. Instead of using a password, the new login program was tied to their payroll database.

    When you wanted to login, instead of asking you for your password, it asked you for something from your payroll record.

    Sometimes it was pretty easy -- you might get a question like "What is your salary?" or "What is your zip code>"

    But too much of the time you would get things like "What are your YTD withholding?" or "How much was withheld for insurance in 1978?"

    Since you usually had to have a copy of your payroll records in front of you to login, it didn't take very long before they went back to using passwords.

  • (cs) in reply to Ziplodocus
    Ziplodocus:
    42 is the answer, but what is the question?
    It doesn't matter what the question is, as long as you get the answer right.

    That's why I always give the same answer to these questions: What was the name of your first dog? Fido Who was your favorite teacher? Fido What is your Mother's maiden name? Fido What street did you grow up on? Fido

  • (cs) in reply to pjt33
    pjt33:
    MikeG:
    Is that a reasonable assumption?
    Yes. You should make the same assumption when it comes to giving data to someone else to store that you should make about road users: everyone else is an idiot in a hurry.
    Not everyone. Remember: the guy behind you trying to pass is an idiot, the guy in front of you blocking your way is a moron. And to one of them you're the idiot, and to the other you're the moron.
  • Jay (unregistered)

    You don't actually pay attention to what the security question is, do you? I always make up a second password for each site, and then use that as the answer to all the security questions.

    Since the earliest days of computers, we've told people that a password should be a meaningless combination of letters, digits, maybe some special characters. We've drilled into them that they should NOT use any personal information about themselves, like their birth date or name of their high school or favorite color, because a hacker might be able to look up their birth date, etc, or guess at favorite color.

    And then we tell them: But we know that meaningless combinations of letters and digits are hard to remember. So in case you forget your password, you can get in using the answer to a "security question", which is basically an alternate password to your account. And to make it easy to remember, you should use some personal information about yourself, like your birth date or name of your high school or your favorite color.

    Of course a hacker who might guess that you would use your favorite color as your password and try a bunch of common colors would never dream of trying to access your account, saying "I forgot my password", and then, upon getting "What is your favorite color?" as a security question, try typing in the names of some common colors.

  • Kent (unregistered)

    Wasn't it George Carlin who said "Have you ever noticed that anyone driving slower than you is an idiot, while anyone driving faster than you is a maniac?"

Leave a comment on “The Security Error'd”

Log In or post as a guest

Replying to comment #:

« Return to Article