• Little Bobby Tables (unregistered)

    "... since that are mostly js functions that are triggered by some event in the browser."

    The operative word is of course "mostly".

    The real WTF is that Marge didn't scour the code to check to see if there are any other nasties like this looming to become another even more irritatingly obscure low-level ticket.

  • IP Guru (unregistered)

    the Bigger WTF is not telling the customer that the problem is with their customers email provider corrupting the link & therefore any fix could not be 100% guaranteed. (personally I would have changed the HTTP string parameter rather than tryng to auto correct a deliberate typo PWResetToken seems reasonable to me)

  • CT (unregistered)

    Why the Italian (South Tyrol) bus stop sign?

  • Dave (unregistered)

    TRWTF is fixing that instead of telling them it's a problem for their clients' ISP and closing the ticket as not-a-bug.

  • Dave (unregistered) in reply to Dave

    I mean 'when wrong URL is entered, the desired page is not displayed' is fundamental to how the internet works.

  • henk (unregistered) in reply to Dave

    yes, because that would help the end customer so much better! Pendant all the things!

  • IP Guru (unregistered) in reply to henk

    Yes it probably wood help the customer, if there half arsed sanitation is causing this problem then it is likely to be causing them problems with other services as well. implementing a work around that will not break the rest of your app may be a courteous thing to do but the cust must be made aware of where the true problem lies

  • Supersonic Tumbleweed (unregistered)

    Splendid submissino=)

  • "Lisa" (unregistered)

    We actually had an identical issue sending out emails. Some provider in the UK was mangling the URLs with underscores and not reassembling them correctly.

  • Little Bobby Tables (unregistered)

    I'm reminded of the tale where a worker had the task of scouring a word file to find all instances of where Example A could be found, and changing them all to Example B (and because of stuff he couldn't just do a global search-and-replace). His boss says something like "Haven't you finished yet? Give it to me!" and does a global s&r to find all "a"s and replace them all with "b"'s. "Argh, what have you done???" wailed our hapless hero. "I didn't want every single "a" changed!" "Oh no worries," said his boss, and did a global s&r to find all the "b"'s and replaced them with "a", saving the document back to the server.

  • Quirkafleeg (unregistered)

    Bad Programmer Spotting #42: "Maybe if I ignore it long enough, it'll go away on its own"

    It's only a password reset, but when scaling up to the extreme, astronauts would be far from confident with their life support systems programmed in the hands of people with such attitudes.

  • Raj (unregistered) in reply to IP Guru

    Sure. Tell them so they complain, and the ISP will "fix" it and cause another side effect, and you're back to another jira, maybe more difficult this time, at which point you'll start having "if ISP ==" in your code.

    The alternative is you don't tell them and you close the ticket and move on.

  • LCrawford (unregistered)

    Imagine the first time they get a link to http www amazno.com

  • Mr Bits (unregistered)

    Clbuttic.

    It was totally irresponsible on the part of Marge and her company to "fix" the problem that way (WTF #2). But the mindset that produced this decision was hinted at by the fact that, although Marge's company used a formal ticket system, they seemed to use a very informal and random way of determining which tickets to work on (WTF #1).

  • Da bass (unregistered) in reply to Little Bobby Tables

    What could possialy go wrong?

  • (nodebb)

    Medireview, anyone?

    https://en.wiktionary.org/wiki/medireview

  • siciac (unregistered)

    It was totally irresponsible on the part of Marge and her company to "fix" the problem that way...

    The real WTF is that Marge didn't scour the code to check to see if there are any other nasties like this looming...

    Bad Programmer Spotting #42: "Maybe if I ignore it long enough, it'll go away on its own"

    TRWTF is fixing that instead of telling them it's a problem for their clients' ISP and closing the ticket as not-a-bug.

    Okay. We get it, really, we get it, you're virtuous and pure and no bug is too trivial for you to spend 8 hours doing a full RCA.

  • Kashim (unregistered)

    Ticket Resolution: Your ISP is executing a man-in-the-middle attack upon your password reset emails that corrupts the link used to reset your emails.

    Please make a new gmail account, and attempt to reset your password there. Due to your ISPs highly questionable "security" practices, we do not recommend using their emails for our services, because they interfere with our emails in ways that cannot be predicted or controlled, and thus we cannot guarantee that we will be able to maintain compatibility with them.

    Our service department will be happy to help you change the email addresses attached to your accounts to ones that can reliably maintain compatibility with our services.

  • Vsg (unregistered)

    TRWTF is that the ISP representative doesn't speak English.

  • I Am A Robot (unregistered) in reply to Quirkafleeg

    Experienced Programmer Spotting #42: "Maybe if I ignore it long enough, it'll go away on its own"

  • ZZartin (unregistered)

    TRWTF is how absolutely lazy of a security measure that is on the ISP's side....

    I can just imagine all the complaints their customer service department gets from that crap...

  • NoLand (unregistered)

    In Defense of the ISP: I guess, this a rather old story, taking place in the 1990s, when Outlook was just dangerous and e-mail viril a huuuge problem. Standard scanning tools were probably not available, so they went with a homegrown solution. Messing up a single reset link was presumably negligible compared to 100% of Outlook users becoming infected, as soon as certain mails were displayed in the preview pane. This is, why you don't start a custom parameter with "on", especially back then.

  • Lorens (unregistered)

    Well, that was a "signifigant" modification.

  • ooOOooGa (unregistered) in reply to siciac

    What I find interesting in all of these comments is how contradictory they are.

    Can't patch the problem via code I do control.

    Can't tell the ISP to fix the problem.

    Can't tell the customer to fix the problem.

    Can't refuse to fix the problem.

    Can't ignore the problem.

    Depending on who you ask, any possible solution is wrong. Probably fireable offence level of wrong.

  • Mr Bits (unregistered) in reply to siciac

    Eh, it seems I've found a new interview question to add to my list.

  • ~Me (unregistered)

    What really bugs me is the missing "E" in Provisorische HaltestellE.

  • Oliver Jones (google)

    "provisorische Halstell" == "provisional stop."

  • Whocares? (unregistered)

    "Maybe if I ignore it long enough, it'll go away on its own"

    Would have worked, probably.

  • John (unregistered)

    I'm forced to use a corporate email system which prevents me from following unsubscribe links.

    Email support group refuses to create raise it as an issue with the provider.

  • Kamendae (unregistered) in reply to Little Bobby Tables

    See also: "Dawizard". As in "You take 10d6 points of dawizard."

    https://selinker.livejournal.com/32929.html

  • 🤷 (unregistered) in reply to Oliver Jones

    Not quite. "Provisorische Haltestell" == "provisional sto". TRWTF is the missing 'e' at the end of the word "Haltestelle".

Leave a comment on “NoeTimeToken”

Log In or post as a guest

Replying to comment #:

« Return to Article