• Nobulate (unregistered)

    The Real WTF is reading The Daily WTF in the Daily WTF. Meta-WTF!

  • sinni800 (unregistered)

    I would try to comment the atrocious disaster of not being able to just make a web site work with all browsers but I am here for FRIST

  • ¯\(°_o)/¯ I DUNNO LOL (unregistered)

    I don't know about you, but I heard about TDWTF from ZZZZZZZZZZZZZZZZZZZZZZZZZZ.

    (falls asleep)

  • Stoned Developers (unregistered)

    The "or higher" is a reference to the mental state of team that coded it, not the version number.

  • Vanders (cs)

    I've been testing a few simple REST API's recently, and Chrome regularly informs me that the JSON strings are Norwegian. I didn't realise that the curly brace was a valid consonant in Norwegian.

  • ¯\(°_o)/¯ I DUNNO LOL (unregistered) in reply to Vanders
    Comment held for moderation.
  • tin (cs)

    I bet the mail delivery subsystem declares war on something! He loves declaring war!

  • faoileag (unregistered) in reply to Stoned Developers
    Stoned Developers:
    The "or higher" is a reference to the mental state of team that coded it, not the version number.
    Actually, this is probably a good example why browser sniffing is regarded as bad practice.

    The site's browser sniffing might work like: extract "MSIE ." from User Agent, get number from extracted string, comapare against 8.

    You see, IE 8 identifies as MSIE 8.0, IE 9 as MSIE 9.0, IE 10 as MSIE 10.0.

    But don't jump to conclusions! MSIE 11 identifies itself via "rev:11.0" not by MSIE 11.0, because Microsoft wants to discourige web developers from browser sniffing.

    So, for code developed earlier than IE 11 appearing, this is definitely not a wtf.

    That obviously no-one on Chase's dev team tested the site with Internet Explorer 11 once it came out: now that is a wtf. A major one.

  • Mike (unregistered)

    I want to see what happens when you translate English from Chinese to Italian!

  • no laughing matter (cs)

    Well, the Great Browser Wars never really ended ...

    And now that every other browser comes with a mail reader integrated it is only natural that the mail delivery subsystem declares war on that new kid on the block that is Internet Explorer 11 (but not Internet Explorer 8 or higher)!

  • JdFalcon04 (unregistered)

    Of course, TRWTF is chase.com's dev team as a whole. Not only do they clearly not test their site when browser updates happen, but they also store passwords in plain text!

    Don't believe me? Go ahead and log into your account, but use the wrong case on your password. You might notice that it lets you in anyway. Yeah.

  • Pippo (unregistered) in reply to Mike
    Mike:
    I want to see what happens when you translate English from Chinese to Italian!

    Did you mean: I 万条 to see what happens 我很 有 translate 那个历史 from Hi呢色 to 他连!

  • DrakeSmith (cs) in reply to JdFalcon04
    JdFalcon04:
    Of course, TRWTF is chase.com's dev team as a whole. Not only do they clearly not test their site when browser updates happen, but they also store passwords in plain text!

    Don't believe me? Go ahead and log into your account, but use the wrong case on your password. You might notice that it lets you in anyway. Yeah.

    And you're also not allowed to use special characters in your password. Although they do enforce two-factor authentication on you. Messed up priorities in security right there.

  • gman (unregistered)

    The version is higher is not entirely chase.com's fault, but more microsofts idea that giving IE11 a completely new agent user string which even IIS without .net 4.5 can't do anything but mess up.

  • foo AKA fooo (unregistered) in reply to JdFalcon04
    JdFalcon04:
    Of course, TRWTF is chase.com's dev team as a whole. Not only do they clearly not test their site when browser updates happen, but they also store passwords in plain text!

    Don't believe me? Go ahead and log into your account, but use the wrong case on your password. You might notice that it lets you in anyway. Yeah.

    That doesn't necessarily follow. They could be storing the password in say hashed lowercase. Not claiming that they do ...

  • Wrexham (unregistered) in reply to JdFalcon04
    JdFalcon04:
    Of course, TRWTF is chase.com's dev team as a whole. Not only do they clearly not test their site when browser updates happen, but they also store passwords in plain text!

    Don't believe me? Go ahead and log into your account, but use the wrong case on your password. You might notice that it lets you in anyway. Yeah.

    Well, that could be because they upper-case your password before encrypting or hashing it.

    In which case, not a WTF at all ;-)

  • foo AKA fooo (unregistered) in reply to Wrexham
    Wrexham:
    JdFalcon04:
    Of course, TRWTF is chase.com's dev team as a whole. Not only do they clearly not test their site when browser updates happen, but they also store passwords in plain text!

    Don't believe me? Go ahead and log into your account, but use the wrong case on your password. You might notice that it lets you in anyway. Yeah.

    Well, that could be because they upper-case your password before encrypting or hashing it.

    In which case, not such a big a WTF ;-)

    FTFY

    Or what do you call reducing the complexity by 2^num_letters?

  • fjf (unregistered) in reply to faoileag
    faoileag:
    You see, IE 8 identifies as MSIE 8.0, IE 9 as MSIE 9.0, IE 10 as MSIE 10.0.

    But don't jump to conclusions! MSIE 11 identifies itself via "rev:11.0" not by MSIE 11.0, because Microsoft wants to discourige web developers from browser sniffing.

    This might be the first time I applaud Microsoft for a technical decision.

    Though I wonder, might this be related to the fact that their browser ceased being the dominant one in most parts of the world ...?

  • foo AKA fooo (unregistered) in reply to sinni800
    sinni800:
    I would try to comment the atrocious disaster of not being able to just make a web site work with all browsers but I am here for FRIST
    Oops, try again! Way to go!
  • Mike (unregistered) in reply to JdFalcon04
    JdFalcon04:
    Of course, TRWTF is chase.com's dev team as a whole. Not only do they clearly not test their site when browser updates happen, but they also store passwords in plain text!

    Don't believe me? Go ahead and log into your account, but use the wrong case on your password. You might notice that it lets you in anyway. Yeah.

    foo AKA fooo:
    That doesn't necessarily follow. They could be storing the password in say hashed lowercase. Not claiming that they do ...
    Wrexham:
    Well, that could be because they upper-case your password before encrypting or hashing it.

    In which case, not a WTF at all ;-)

    Or they do it in a non-WTFy way. They hash & salt the original password with case intact. On logins they check your pw and a couple of safe variations on behalf of you.

  • Kabi (unregistered)
    faoileag:
    Stoned Developers:
    The "or higher" is a reference to the mental state of team that coded it, not the version number.
    Actually, this is probably a good example why browser sniffing is regarded as bad practice.
    I don't know if that was intentionally ambiguous, but the thought of a bunch of web developer sitting in a circle and sniffing browser to get high made me crack up.
  • QJo (unregistered) in reply to gman
    gman:
    The version is higher is not entirely chase.com's fault, but more microsofts idea that giving IE11 a completely new agent user string which even IIS without .net 4.5 can't do anything but mess up.

    I'm insufficiently caffeinated, so I'm having trouble parsing that sentence. Can someone help out?

  • faoileag (unregistered) in reply to QJo
    QJo:
    gman:
    The version is higher is not entirely chase.com's fault, but more microsofts idea that giving IE11 a completely new agent user string which even IIS without .net 4.5 can't do anything but mess up.

    I'm insufficiently caffeinated, so I'm having trouble parsing that sentence. Can someone help out?

    He put the blame on Microsoft. Just parse "not entirely chase.com's fault, but more microsofts idea" and drop the rest.

  • Mcoder (cs)

    Of course, TRWTF is a simplified language.

    Oh, look, we have those two pieces of software, "A" works better than "B" on every possible situation, what do we do? Maintain both, obviously, why would somebody even think anything else?

  • Dad of One (unregistered) in reply to tin

    Is the mail delivery subsystem "Going Postal?"

  • Steve The Cynic (cs) in reply to QJo
    QJo:
    gman:
    The version is higher is not entirely chase.com's fault, but more microsofts idea that giving IE11 a completely new agent user string which even IIS without .net 4.5 can't do anything but mess up.

    I'm insufficiently caffeinated, so I'm having trouble parsing that sentence. Can someone help out?

    Try this:

    The "version is higher" one is not entirely chase.com's fault, but more a result of Microsoft's idea of giving IE11 a completely new User-Agent string, one that even IIS messes up if .Net 4.5 is not installed.
  • Kevin (unregistered) in reply to foo AKA fooo
    foo AKA fooo:
    Wrexham:
    JdFalcon04:
    Of course, TRWTF is chase.com's dev team as a whole. Not only do they clearly not test their site when browser updates happen, but they also store passwords in plain text!

    Don't believe me? Go ahead and log into your account, but use the wrong case on your password. You might notice that it lets you in anyway. Yeah.

    Well, that could be because they upper-case your password before encrypting or hashing it.

    In which case, not such a big a WTF ;-)

    FTFY

    Or what do you call reducing the complexity by 2^num_letters?

    What's an order of magnitude between friends?

  • Hawk (unregistered)
    Comment held for moderation.
  • Jaybles (unregistered)

    I don't think the mail delivery system is a WTF. It seems like it was some text like "This is a warning blah blah blah" that was truncated at an unfortunate point in the string.

  • bob (unregistered)

    "does this mean that the Mail Delivery Subsystem has declared war"

    Still using sendmail, huh?

  • derari (cs)

    (sing to the tune of "Dirty Paws")

    His dirty mouse and crumbly keyboard, He typed down the old password. The postbox of talking fails; They used to sing about the systems and mails. The Mail Delivery Subsystem had declared a war. The postbox wasn't big enough for them all. The mails, they got help from the bored, From Philip M. and the readers of Error'd.

    [La, la, la, La, la, la, la. La, la, la, La, la, la, la.]

    [WTF]

  • lolwtfbbq (unregistered)

    This is a WAR...RANT for your arrest. We know you have read this message, so please present your self to the closest law enforcement office for processing. The NSA has provided your location, and if you have not been processed into the system in the next 60 minutes, a SWAT team will assist with this process.

    captcha: praesent Look, I received a praesent in my email.

  • Anonymoose (unregistered)
    But don't jump to conclusions! MSIE 11 identifies itself via "rev:11.0" not by MSIE 11.0, because Microsoft wants to discourige web developers from browser sniffing.

    Which is a bonus WTF because Microsoft's own .NET Framework depends on browser sniffing to work. No shortage of sites using Microsoft ASP.NET fail when Microsoft IE 11 is used on them.

  • operagost (cs) in reply to faoileag
    faoileag:
    Stoned Developers:
    The "or higher" is a reference to the mental state of team that coded it, not the version number.

    But don't jump to conclusions! MSIE 11 identifies itself via "rev:11.0" not by MSIE 11.0, because Microsoft wants to discourige web developers from browser sniffing.

    You know what would discourage developers from browser sniffing? Fixing the standard compliance bugs in your browser. MICROSOFT FAIL
  • RichP (cs)

    Woah... apparently I can read Chinese (but not Italian, for some reason).

  • kiddo (unregistered)
    Comment held for moderation.
  • Josh (unregistered) in reply to DrakeSmith

    You are definitely allowed to use special characters in your password. I was also not forced to use two factor auth.

  • curtmack (cs)
    if ($.browser.msie && $.browser.version.charAt(0) < "8")

    I have seen that pattern far too many times when checking browser version.

  • PleegWat (cs)

    I wouldn't be surprised if the IE browser string change is so that broken old sites serve it the standards-compliant firefox (/chrome) version instead of the IE6/7/8 version.

  • Chelloveck (unregistered)

    Clearly, IE11 is not "Internet Explorer 8 or higher".

    >>> "Internet Explorer 11" > "Internet Explorer 8"
    False
    >>> "Internet Explorer 11" < "Internet Explorer 8"
    True

    Q.E.D.

  • Dzov (unregistered) in reply to Kevin

    I bet they save more money reducing password help desk calls than lose money from theoretically possible fraudulent logins - which they can blame on the customer anyway.

  • Coyne (cs)

    Re Jeremy (chase.com): Character comparison of numeric values wins again. Because we all know it is true that "11">"8".

    Re Jon (250 year-old landmark): He's thinking about it from the wrong angle. He almost certainly learned about it from his parents or friends however many years ago, right? So the correct answer is right there in front of him: FRIEND/FAMILY

  • ZPedro (cs)

    Not a WTF. These columns and arcades are nice and all, but they make it hard to get visibility of the whole station. So these "hierogpyphs" simply give the direction to the train platforms; the gist of the message is to turn left for access to the platforms, and they are using ideographs so that people of any culture, and even illiterate ones, can understand them.

  • Anon (unregistered) in reply to gman
    gman:
    The version is higher is not entirely chase.com's fault, but more microsofts idea that giving IE11 a completely new agent user string which even IIS without .net 4.5 can't do anything but mess up.

    TRWTF is using a User-Agent String to identify a browser.

    Ever.

    End of story.

    Period.

  • Matthias (unregistered) in reply to tin
    Comment held for moderation.
  • C-Derb (unregistered) in reply to Anonymoose
    Anonymoose:
    But don't jump to conclusions! MSIE 11 identifies itself via "rev:11.0" not by MSIE 11.0, because Microsoft wants to discourige web developers from browser sniffing.

    Which is a bonus WTF because Microsoft's own .NET Framework depends on browser sniffing to work. No shortage of sites using Microsoft ASP.NET fail when Microsoft IE 11 is used on them.

    Let's not forget the genius of IE "Compatibility Mode". Nothing quite as brillant as defaulting a new version to request things using the old, outdated, non-compliant version.

    Pro tip for Microsoft: Stop insisting that your interpretation of standards is correct and fix your browser.

  • Ken (unregistered) in reply to Steve The Cynic

    You have a comma splice in there.

  • dynedain (cs) in reply to JdFalcon04
    JdFalcon04:
    Of course, TRWTF is chase.com's dev team as a whole. Not only do they clearly not test their site when browser updates happen, but they also store passwords in plain text!

    Don't believe me? Go ahead and log into your account, but use the wrong case on your password. You might notice that it lets you in anyway. Yeah.

    It's pretty trivial to run your password through lowercase() before hashing it for storage or comparison.

  • cellocgw (cs) in reply to tin
    tin:
    I bet the mail delivery subsystem declares war on something! He loves declaring war!

    Back in the day, we just called it "going postal." //rimshot

  • cellocgw (cs) in reply to faoileag
    faoileag:
    Stoned Developers:
    The "or higher" is a reference to the mental state of team that coded it, not the version number.
    Actually, this is probably a good example why browser sniffing is regarded as bad practice.

    The site's browser sniffing might work like: extract "MSIE ." from User Agent, get number from extracted string, comapare against 8.

    You see, IE 8 identifies as MSIE 8.0, IE 9 as MSIE 9.0, IE 10 as MSIE 10.0.

    But don't jump to conclusions! MSIE 11 identifies itself via "rev:11.0" not by MSIE 11.0, because Microsoft wants to discourige web developers from browser sniffing.

    So, for code developed earlier than IE 11 appearing, this is definitely not a wtf.

    That obviously no-one on Chase's dev team tested the site with Internet Explorer 11 once it came out: now that is a wtf. A major one.

    No, using IE is TRWTFA (...Amirite) . And why does anyone continue to test ID strings at all instead of using nice clean W3C code that doesn't care what browser's in use?

Leave a comment on “Welcome Back Ramesses II!”

Log In or post as a guest

Replying to comment #:

« Return to Article