• MainCoder (unregistered)

    hello

  • Boxxy (unregistered)

    100100% wtf

  • wer (unregistered)

    Press OK to send a normal letter, press Cancel to send a funny letter.

    [OK][Cancel]

  • me (unregistered)

    The ebay stuff happens if you look at their page with Javascript disabled (using NoScript FF extension)

  • Cro (cs)

    Much better than say all those sportsmen who only put in "110%" all the time... the ante has been upped!

  • schmitter (unregistered)

    I thought the timeout sign was from my friends mini van. One of her kids is in timeout more than time in.

  • alex (unregistered) in reply to MainCoder

    I couldn't decide what was funnier about the insurance letter... The content or the company's name ?

  • Mean Old Man with No Legs (unregistered)

    "The WidowMaker Insurance Company"

  • SR (unregistered) in reply to alex
    alex:
    I couldn't decide what was funnier about the insurance letter... The content or the company's name ?

    They were formed to provide financial assistance for widows of Scotsmen killed in the Napoleonic Wars.

  • Machtyn (unregistered)

    This post is rated A+++A+++

  • Hi (unregistered) in reply to SR
    SR:
    alex:
    I couldn't decide what was funnier about the insurance letter... The content or the company's name ?

    They were formed to provide financial assistance for widows of Scotsmen killed in the Napoleonic Wars.

    Wow, they must be old!

  • rpjs (unregistered)

    I suspect the no to non-adjacent numbers password limitation is down to the validation code being written by somebody with Regex skills even worse than mine!

  • TarquinWJ (cs) in reply to rpjs
    rpjs:
    I suspect the no to non-adjacent numbers password limitation is down to the validation code being written by somebody with Regex skills even worse than mine

    More likely to be a really poor attempt to stop obvious dictionary words with substitution: dictionary -> d1ct10n4ry

    Since those are just as easy to dictionary crack as the original word. But of course, all it means is that they will just use dict10nary instead, and that's also easy to crack.

  • Ledward (unregistered)

    IT'S OVER 9000!

  • Tad Ghostal (unregistered)

    But the real question is, what happened to mr barence? I tried to search for him on both the english and the german site, but he doesn't exist.

    Did this little Error'd post run him off?

  • MrTweek (cs)

    The displays in chilean buses are required by law there, indicating wether the drivers are driving too fast or exceeding their driving time.

    I guess "TIMEOUT!!!" simply means, the driver is driving for too long already and has to take his break.

  • Rodti (unregistered)

    I found the first letter hilarious until I realised that I'd designed it a few years ago. Seriously. Perhaps time to find somewhere to hide...

  • hatterson (cs) in reply to TarquinWJ
    TarquinWJ:
    rpjs:
    I suspect the no to non-adjacent numbers password limitation is down to the validation code being written by somebody with Regex skills even worse than mine

    More likely to be a really poor attempt to stop obvious dictionary words with substitution: dictionary -> d1ct10n4ry

    Since those are just as easy to dictionary crack as the original word. But of course, all it means is that they will just use dict10nary instead, and that's also easy to crack.

    Sadly good policy will never be able to fully cover for stupidity, especially in the case of passwords.

  • RW (unregistered) in reply to Hi
    Comment held for moderation.
  • Johh (unregistered)

    Umm.. Where's the wtf in the 3rd one? It clearly tells you to press Cancel and the cancel button seems to be active...

  • Safe as h0u5e5 (unregistered) in reply to hatterson
    hatterson:
    TarquinWJ:
    rpjs:
    I suspect the no to non-adjacent numbers password limitation is down to the validation code being written by somebody with Regex skills even worse than mine

    More likely to be a really poor attempt to stop obvious dictionary words with substitution: dictionary -> d1ct10n4ry

    Since those are just as easy to dictionary crack as the original word. But of course, all it means is that they will just use dict10nary instead, and that's also easy to crack.

    Sadly good policy will never be able to fully cover for stupidity, especially in the case of passwords.

    One of the popular password requirements that I seem to remember enforcing in days of old was making sure that users were not reusing passwords by changing the number at the beginning / end.

    eg. password01 -> password02 -> password03 etc

    the regex to check this would be more challenging when there is more than one group of numbers. I bet that's why they won't allow it.

    CAPTCHA: transverbero - changing the state of a word (by adding a number at the end???)

  • MyKey_ (cs)

    I've recently travelled through Chile and those "TIMEOUT" displays are very common. But some other WTFs are involved to when displaying the regular information. Whoever wrote it forgot to think about race conditions. Different information sources compete for the display. You end up with bus drivers named 10:30 and speeds of Juan.

  • D C Ross (unregistered)
    Comment held for moderation.
  • Sam (unregistered) in reply to Johh
    Johh:
    Umm.. Where's the wtf in the 3rd one? It clearly tells you to press Cancel and the cancel button seems to be active...

    You don't think that pressing CANCEL to PROCEED is a WTF? That's confusing... was it really that hard to rename the Cancel button with text like "Close"?

  • Anonymous (unregistered) in reply to Johh
    Johh:
    Umm.. Where's the wtf in the 3rd one? It clearly tells you to press Cancel and the cancel button seems to be active...
    Yeah but it says press cancel to proceed - so what happens if you actually want to cancel the operation? You might say "with the cross in the top right corner" but the behaviour of that button is undefined - we can't guess how original coder chose to handle it. So all in all it's not much of a WTF but it just about qualifies.
  • Daddy (unregistered) in reply to schmitter
    schmitter:
    I thought the timeout sign was from my friends mini van. One of her kids is in timeout more than time in.

    That's what I thought of. The "timeout" section of the bus, where naughty passengers are made to sit for 5 minutes under close scrutiny of the bus parent. No fidgeting, no reading, no talking, certainly no TV. Just sit there and think about what you were doing and why it was naughty.

    No, no, no! Keep your tush planted on that seat cushion or I restart the timer!

    Sigh. Parenting pre-schoolers does weird things to your mind.

    CAPTHA: "modo". The real thing, not the quasi- version.

  • NSCoder (cs) in reply to Anonymous
    Anonymous:
    Johh:
    Umm.. Where's the wtf in the 3rd one? It clearly tells you to press Cancel and the cancel button seems to be active...
    Yeah but it says press cancel to proceed - so what happens if you actually want to cancel the operation? You might say "with the cross in the top right corner" but the behaviour of that button is undefined - we can't guess how original coder chose to handle it. So all in all it's not much of a WTF but it just about qualifies.
    I'm not disputing the WTFyness, but there's no point asking how to cancel the operation. It is too late to cancel the operation, it's already finished.

    I guess they only wanted to have one button there for some reason, and while the operation is still proceeding, this button cancels it before closing the window, but when the operation has finished, all it does is close the window, allowing you to proceed with whatever you were doing.

  • Johh (unregistered) in reply to Anonymous

    Well, I think that if you actually wanted to cancel the process then you would press the Cancel button while the loading was in process. Now that the loading is complete, it doesn't matter much if the button is labelled Cancel or Close or OK. And the added affirmation to press Cancel to proceed is only helpful.

    I just thought that if a vaguely labelled button makes it into Error'd then the section must really be scrounging for scraps. Oh well.

  • kastein (cs)

    oh god. I feel Jon's pain. Nelnet really sucks at building a decent website, their whole system is a WTF... the only company I've run into that is worse is ECSI, who I am similarly blessed with owing money to.

    Bonus: view source on Nelnet's login page and look at the javascript for the *_onkeypress() functions. They use the eleven-ary operator... a lot. Also check out the "Enforce secure browsing" function right at the top... actually, forget it, just look at all the javascript. Most of it is pretty wtf-y.

    var inputChar = document.all ? event.keyCode : evt.which ? evt.which : evt.keyCode ? evt.keyCode : evt.charcode;
    
  • The Doctor (unregistered)
    Comment held for moderation.
  • interweb (unregistered) in reply to MainCoder

    there are other places you can test out forms. This is for comments about the article, not for "hello". You must be new at this internet thing.

  • ContraCorners (cs) in reply to TarquinWJ
    TarquinWJ:
    rpjs:
    I suspect the no to non-adjacent numbers password limitation is down to the validation code being written by somebody with Regex skills even worse than mine

    More likely to be a really poor attempt to stop obvious dictionary words with substitution: dictionary -> d1ct10n4ry

    Since those are just as easy to dictionary crack as the original word. But of course, all it means is that they will just use dict10nary instead, and that's also easy to crack.

    That's probably correct. The trouble is that it also stops less obvious "acronym/phrase substitution" routines:

    "Two shots of fantasy and one of make-believe" -> 2$of@1omb

  • Observer (unregistered) in reply to interweb
    interweb:
    there are other places you can test out forms. This is for comments about the article, not for "hello". You must be new at this internet thing.

    When you get a little more experienced, you might take the "quote" button out for a spin! It's great for when you want someone to know what you're replying to...

    I'm not one to do the whole captcha thing, but "ullamcorper"? Really? For some reason that sounds really creepy to me.

  • zzo38 (cs)

    You can't cancel if it's already done

  • Iago (cs)

    My favorite bad password validation system is in a horrible enterprisey web application suite from a certain major database vendor. It doesn't tell you what the rules are until you break them, and on each attempt it only tells you about the one specific rule that has caused it to reject your password!

    This wouldn't be so bad if the rules were sensible, but they're stupid restrictions like "no two adjacent characters may be the same". When I first met this program, it rejected six consecutive secure passwords, each for a worse reason than the last. I then tried a trivial lower-case dictionary word with a single number tacked on to the end, and it passed right away.

    Bonus WTF: the "logout" button in this application simply navigates back to the login screen. It doesn't terminate your session, so someone else can come along and hit the back button and do stuff with your account. Now that's what I call security.

  • UI GURU (unregistered) in reply to zzo38
    zzo38:
    You can't cancel if it's already done

    And I guess you can't change the label on the "Cancel" button to read "Proceed" and repaint the dialogue.

    WTF #1 is bad UI design. WTF#2 is making weak excuses for bad UI design.

  • Single User (unregistered) in reply to The Doctor
    Comment held for moderation.
  • OldCoder (unregistered) in reply to zzo38
    zzo38:
    You can't cancel if it's already done
    If the system has been designed properly, you should be able to. Ever hear of transactions?
  • Jay (unregistered)

    They say you can pay your (Pounds) 0 with a direct debit from your checking account? But what if you have insufficient funds? Will the bank charge a 10% penalty?

  • Jay (unregistered) in reply to OldCoder
    OldCoder:
    zzo38:
    You can't cancel if it's already done
    If the system has been designed properly, you should be able to. Ever hear of transactions?

    Or annulments?

  • Kathleen (unregistered)

    The password requirements on Nelnet's website was just the easiest WTF to report.

    When they implemented this recent requirement to use their website for all future billing and invoicing through them, I called to complain.

    Their website is a huge WTF. It has got to be built by a team of hack interns who are clueless about advanced topics in web development. Let alone the ability to create a secure web application that will store my extremely sensitive information. I told them I had serious concerns about the quality of their team and quality assurance testing, which lead me down the path to have serious concerns about the security of the site.

  • Lego (unregistered)

    This looks like a well executed but very unimaginative photoshop job.

    100100% positve 20902090 feedback

    gimme a break.

  • Procedural (unregistered) in reply to The Doctor
    Comment held for moderation.
  • kastein (cs) in reply to Lego
    Lego:
    This looks like a well executed but very unimaginative photoshop job.

    100100% positve 20902090 feedback

    gimme a break.

    What kind of idiot would bother to photoshop that? You could do that in MSPaint. Or even save it to your desktop, open the HTML file, and type in whatever you want, then take a screenshot. In other news, it looks like someone photoshopped the letter "i" out of one of the words in your post.

  • Carl (unregistered) in reply to Johh
    Johh:
    ... And the added affirmation to press Cancel to proceed is only helpful.

    I just thought that if a vaguely labelled button makes it into Error'd then the section must really be scrounging for scraps. Oh well.

    The button is not labeled vaguely. It's labeled incorrectly. It says "cancel," and yet pressing it does not cancel the operation.

    The WTF is telling the user how to use the incorrectly-labeled button rather than labeling the button correctly in the first place.

  • Herohtar (unregistered) in reply to Lego
    Lego:
    This looks like a well executed but very unimaginative photoshop job.

    100100% positve 20902090 feedback

    gimme a break.

    Nope, it's real; try disabling JavaScript in your browser then viewing an item on eBay and you'll see.

    It appears that mr_barence still has 100100% positive rating, though he only has 2164 feedback; I wasn't able to duplicate that one. (pun not intended)

  • Random832 (cs)

    From a short test, this password requirement rejects fifty percent of all randomly generated ten-character passwords from a dictionary of upper and lowercase letters and digits. (9: 44%, 8: 38%, 7: 31.5%, 6: 25%)

    It takes an average of two attempts (and on 30% of runs, at least six attempts) to generate a password that does not fail this requirement.

  • Code Dependent (cs) in reply to Daddy
    Daddy:
    CAPTHA: "modo". The real thing, not the quasi- version.
    I was thinking "ko", dragonically speaking.
  • hatterson (cs) in reply to Iago
    Iago:
    My favorite bad password validation system is in a horrible enterprisey web application suite from a certain major database vendor. It doesn't tell you what the rules are until you break them, and on each attempt it only tells you about the one specific rule that has caused it to reject your password!
    Displaying only 1 reason is a good thing. If the password failed for reason #2 then why bother wasting time checking to see if it passes reasons 3, 4, 5, 6, 7, 8 and 9.

    Mind you, your point about terrible reasons (no two adjacent characters may be the same) is still completely valid.

  • hatterson (cs) in reply to Random832
    Random832:
    From a short test, this password requirement rejects fifty percent of all randomly generated ten-character passwords from a dictionary of upper and lowercase letters and digits. (9: 44%, 8: 38%, 7: 31.5%, 6: 25%)

    It takes an average of two attempts (and on 30% of runs, at least six attempts) to generate a password that does not fail this requirement.

    The vast majority of people do not use randomly generated passwords.

Leave a comment on “Very Little, Very Late”

Log In or post as a guest

Replying to comment #:

« Return to Article