< mari
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
chi >
[ Page 47 of 76 ]
From: Smylers Date: 17:13 on 16 Apr 2005 Subject: Travel Agent Booking Software This is a vicarious hate: I haven't touched the softare myself, but just sat behind a travel agent employee trying to use it. I didn't take it as a good sign when her first action was to press Ctrl+Alt+Del to bring up the Windows 95 'Close Program' list and use it to quit the program she'd been using with the previous customer. I also wasn't impressed that when listing possible holidays all the available actions are listed with 2-digit codes, but require pressing Enter after them anyway -- so simply paging through the list involves typing 5 0 Enter 5 0 Enter 5 0 Enter ... But my main complaint is with the lack of control the user has when searching. I was initially told that our requirements were so flexible they gave lots of possibilities -- mainly cos they didn't include a destination, nor a price. That ought to make it easy to come up with something acceptable, but apparently not. Many of the criteria we did have the system had no way of using for narrowing down the search results. Now for some things, such as "not overrun with rampaging mobs of British lager louts", that's understandable. But for easily categorized multiple-choice criteria such as the number of stars on the hotel and how many meals we want included not being able to search by them makes no sense at all -- they are clearly fields in the database, since they appear as separate columns in the output, but the only way to use them is to page through the results (5 0 Enter, remember) scanning that column by eye and ignoring the ones we don't want! The travel agent person mentions again that because so many holidays meet our requirements it's quite hard to choose. So I try to help out by adding in some criteria which aren't essential, but nice to have: in particular, I say to restrict the airports to London (rather than London or Leeds) and the date to ending on the day of the London.pm June social meeting (rather than being any 7 days within a 12-day window) -- since we're in a position to be picky, let's take advantage of a trip I'm making to London anyway and avoid me having to make a separate trip (or my friend having to make a trip from London to Leeds). But that only seems to make things worse, because for the destinations the travel agent person has chosen to look at there aren't any flights meeting those additional criteria -- not that that's particularly easy to determine, because the software presumes a tolerance on the flight dates so we have flights on dates we don't want mixed in with those on the right dates, because the output isn't even in chronological order! So it lists holidays that have the wrong flights, the wrong accommodation, or both -- and we have to wade through it manually just to determine that it's done this. I say "destinations the travel agent person has chosen to look at" because that's what the software insists on: performing searches for holidays at a named place. So she has to guess places that might be appropriate for us and try out our criteria -- which are now _too_ constraining for any particular destination! Apparently it doesn't matter how restrictive our constraints are -- if we don't know where we want to go, then the software won't let us at the information it's hiding in the database. Hmmm, maybe if there's a holiday website out there with an SQL injection bug in it's code then I could exploit it to inject some SQL that searches for a holiday that meets our criteria -- that'd certainly be more user-friendly than the system in the local travel agent ... Smylers
From: Ann Barcomb Date: 10:41 on 15 Apr 2005 Subject: NTLM authentification over the internet I hate Microsoft's NTLM authentification scheme. I hate Microsoft for their refusal to stick to standards, but that's beyond the scope of this complaint. I hate it because since a recent system upgrade on our Exchange server I can no longer view my work mail from home. Probably we were using another authentification method earlier and now we are using NTLM. Safari and my version of Mozilla refuse to deal with it. I resent that the only way I can fix my problem is by upgrading to a newer Mozilla or installing Firefox. It always annoys me to have to alter my environment to deal with something that doesn't play by the rules. - Ann
From: David Champion Date: 00:20 on 13 Apr 2005 Subject: HTML E-mail Not what you're thinking. > <!-- > This is a graphic email message. If you are reading this message > then your email program does not support HTML format. We recommend > upgrading the program you use to read your email. > --> Well then, pinhead, *don't put in a text part to a multipart/alternative message*. My reader understands HTML just fine, dipstick, but if you state that the two parts are equivalent, which is what multipart/alternative bloody *means*, then of course I'm going to favor the text one, you hoser. So none of this noise -- and yo, what's it doing buried inside an HTML comment anyway, peabrain, if you've concluded already that I don't dig? -- none of this noise about I need a new flaming mail reader to see your precious "content". I miss when IT departments had underpaid old curmudgeons sitting in the back room hollering that if you're gonna do this, you're gonna do it right, instead of a pile of cheap CS graduates whose best contribution to the project is finding the pull-string that makes the new manager, just hired from Pepperidge Farm or some place, go "Cool!" I mean, I'm underpaid anyway. Might as well let me have the right effect on the product.
From: Michael G Schwern
Date: 10:31 on 12 Apr 2005
Subject: A new email anti-virus low
The attached message sent to you did not meet the Bosch security policy.
Sender: epgbc@xxxxxxxx.xxx.xxxxxxxxx.xx
Recipients: schwern@xxxxx.xxx
Subject: "hello"
Time: Tue Apr 12 08:41:39 2005
File: body.scr
The original, cleaned message has been attached to this notification.
I didn't sent the email. It doesn't even LOOK LIKE I sent the email! So
why is your anti-virus software telling me YOU sent me a virus? What can
I do about it?
Compounding this genius, after it had stripped off the virus it let the
mangled result through. Not only is this unwise as false positives could
make you look like an idiot ("Joe, why did you try to send me a virus?"
"It was a zip of our latest brochure, I swear!"), the negatives aren't likely
to contain a whole lot of useful data! As a matter of fact, it stripped
every bit of content off the email but the subject line. At this point
you'd think some rule would kick in "If no content left don't bother sending
it!"
What in the hell were the designers thinking? This is Trend Micro, they've
been doing this stuff for years! The software starts at $800 and goes
up to $43K for 2500 users! FOR A FREAKIN EMAIL VIRUS SCANNER?! What do they
do with all that money? Not hire decent programmers, apparently.
Hating while training SpamAssassin for this new flood.
From: Michael G Schwern
Date: 23:15 on 08 Apr 2005
Subject: Javascript: Time Traveller From the Year 1962!
Gee, how original, hating Javascript. But this is a new hate. A fresh
hate. A fundamental hate.
I have to touch Javascript for this project. Sean Burke's written some
mildly positive things about the state of Javascript in 2005 vs 1995 so
I'm going to give it a chance. The project has existing HTML with the
same JS functions copied into the header of each file. Ok, simple enough
refactoring, I'll toss each function into its own .js file. Already
things are looking up!
A lot of pages use most of the functions, so rather than have a ton of
<script src="..."> in each file I'll just write up all.js which does the
moral equivalent of:
include("this.js");
include("that.js");
...
Simple enough, right? Basic 1970s programming technology. Include a file.
So I start looking for such a thing.
And looking.
And looking.
And ask some friends.
Finally I get back this:
function include(jssrc) {
document.write("<script type='text/javascript' src='"+jssrc+"'></script>");
}
include("include2.js");
I have to write my own include function. This include function isn't even
native to Javascript, it relies on the browser DOM. I have to cut & paste
this code into every JS file which wants to include another. I have to
cut & paste code so that I do not have to cut & paste code.
I just double checked, Javascript came about in 1995. Its up to version 1.5.
There's an ISO standard for it. At least three multinational corporations
are actively involved in its development. AND IT HAS NO INCLUDE FUNCTION?!
In related news... Lua. NO NAMESPACES! WHAT THE HELL PEOPLE?! The
tables-as-namespaces makes Perl 5's OO system look clean and well thought
out.
Are the designers of these languages all TIME TRAVELLERS FROM 1962? The
next big thing in language design: variable names with more than eight
characters!
From: Paul Mison Date: 12:52 on 08 Apr 2005 Subject: Browsers Remembering htaccess and login details Dear Camino: why can't you tell the difference between the basic auth that this page hides behind and the login details that it also uses? Why do you keep overwriting one with the other? Safari can tell the difference, you know. One's basic auth, the other's a website password, in a form. Work it out. While we're at it, why can't either of you remember more than one website password per site? Admittedly website development leads to some edge cases (most people probably don't have three different Yahoo! webmail accounts), but I do want to be able to log in as me, and as other people too. IE for Windows seems to manage. Some would say it's about the only thing it does right, but it manages. Grargh.
From: sm Date: 01:57 on 08 Apr 2005 Subject: unsubscribe unsub sm@xxxx.xx -- Sorry for sending this to the list, I've lost any other contact info I had SM
From: Chris Devers
Date: 20:59 on 07 Apr 2005
Subject: Windows's Network Connection Wizard
Boot new computer.
As is perfectly reasonable, networking isn't set up and doesn't default
to just asking for a DHCP lease. Why make assumptions?
(Also, for good measure, select a good, reasonable, headache-inducing
default screen refresh rate of 60 Hz, because if you pick a rate too
high you might burn out a perfectly good monitor that will be useless
forever, but if you set it too low, the human will easily recover from
the migraine in well under an hour.)
Look under Network settings. Only one icon shows up:
Make New Connection
Sounds promising, click on it.
Welcome to the Network Connection Wizard
You click "Next", and are presented with a series of paths to follow.
Dial up to private network ?
No, I just want to get a DHCP lease on the local LAN.
Dial up to the Internet ?
No, I just want to get a DHCP lease on the local LAN.
Connect to a private network through the Internet ?
No, I just want to get a DHCP lease on the local LAN.
Accept incoming connections ?
No, I just want to get a DHCP lease on the local LAN.
Connect directly to another computer ?
No, I just want to get a DHCP lease on the local LAN.
Sorry, that's it. You need to pick one of the above.
Shit. Okay, "Connect directly to another computer" sounds kind of close.
Kind of. Until you click "Next" to look at it.
Choose the role you want for this computer:
( ) Host. This computer has the information you want to access.
( ) Guest. This computer will be used to access information on the
host computer.
No, no no. Go back, randomly try "Accept incoming connections".
Selet the check box next to each device you want to use.
[ ] Direct Parallel (LPT1)
No no no! The VPN ones definitely don't look right, but then neither do
the dial-up ones. What the hell, try "Dial-up to the Internet".
The dialog goes away, and is replaced by
Welcome to the Internet Connection Wizard
Blah blah blah.
(*) I want to sign up for a new Internet account.
( ) I want to transfer my existing Internet account to this computer.
( ) I want to set up my Internet connection manually, or I want to
connect through a local area network (LAN).
YES! YES! THAT ONE RIGHT THERE!
How do you connect to the internet?
(*) I connect through a phone line and a modem
( ) I connect through a local area network (LAN).
THE SECOND ONE YOU SIMPLETON!
Select the method you would like to use to configure your proxy
settings. Blah blah blah.
+- Automatic Configuration -----------------------------------+
| |
| [ ] Automatic discovery of proxy server (recommended) |
| [ ] Use automatic configuration script |
| Address: [ ] |
| |
+-------------------------------------------------------------+
[ ] Manual proxy server
What? Huh? No, I just want a damned DHCP lease.
Do you want to set up an Internet mail account now?
(*) Yes
( ) No
And be saddled with Outlook or Outlook Express? I think not!
Completing the Internet Connection Wizard
Blah blah blah.
[X] To connect to the Internet immediately, select this box
and then click Finish.
Fine, whatever. "Finish".
An Internet Explorer window pops up and attempts to load www.msn.com.
Thirty seconds later...
The page cannot be displayed
The page you are looking for is currently unavailable. The web site
might be experiencing technical difficulties, or you may need to
adjust your browser settings.
(Neither of which is in fact true, but no matter.)
Please try the following:
* Click the _Refresh_ button, or try again later.
(No change.)
* If you typed the address, make sure that it is spelled correctly.
(N/A.)
* To check your connection settings, click the *Tools* menu, and
then click *Internet Options*. On the *Connections* tab, click
*Settings*. The settings should match those provided by your
local area network (LAN) administrator or Internet service
provider (ISP).
(I *am* the lan admin in this case, and these instructions are plainly
on the wrong track.)
* If your Network Administrator has enabled it, Microsoft Windows
can examine your network and automatically discover network
connection settings. If you would like Windows to try and discover
them, click _Detect Network Settings_.
Sounds promising! Click it!
[Nothing happens. But it takes a long time for nothing to happen.]
Wait longer.
[Nothing continues to happen. The mouse pointer is an arrow again.]
Give up and go back to your Mac or Linux machine.
Everything just works.
Yay.
From: Chris Devers Date: 20:22 on 07 Apr 2005 Subject: Windows permissions and painfully misimplemented multi-user system Ghod do I love installing applications on Windows for new hires. In a better world, this would be no big deal. Install the OS, set us basic system settings, create accounts &/or attach to Samba domain, install standard applications, deploy. But no, the application installs are rarely that straightforward. Some require an administrator account to install, because they need to vomit random files and folders all over <C:\Program Files> and possibly <C:\Documents and Settings>. Some do not require an administrator account to install, because they just need to vomit random files and folders all over <C:\Program Files> and possibly <C:\Documents and Settings>. Spot the inconsistency thus far. The former tend to be available to all users of the system; the latter tend to just work for the account that installed it. Moreover, more often than not, the latter *don't work at all* for any account other than the one that installed it, which leads to all kinds of fun debug routines. "What the hell? Palm Desktop worked when I gave you that computer, and so did AdAware. Why don't they work now? Why does everything else work?" Sometimes, the "easy" fix is to go in, move any vomitus from my <C:\Documents and Settings\Administrator> tree over to the system-wide <C:\Documents and Settings\All Users> one, then follow this up with the equivalent of a `chmod -R 0777` to allow anyone to do anything to the settings and application files & folders, not because this makes sense, but because if I don't do it, the application doesn't work at all. And of course, there's no rhyme or reason to this. As near as I can tell, it's all just down to the whim of the vendor's programming and QA departments, because Microsoft doesn't appear to enforce any kind of recognized coding or deployment policy about this. My favorite crapware of an installation is probably Meetingmaker, which can only be installed by an account with administrator priviliges -- implying that it's going to be available system wide. But no, it only works for the account which installed it, so if your company policy is not to grant users admin accounts on their desktops, then they can't use the company groupware system. To fix this, you have to do the above mentioned "grant full access to this folder tree to all accounts", at which point anyone can tamper with it however the whim might please them. This may be risky, but if you don't do it that way, you just can't run it. Brilliant. I'd be berating Meetingmaker for this bonedead setup, but they're hardly the only ones doing this sort of thing. Palm Desktop makes the same mistake. AdAware is "better", in that it will run for other users, but all the widgets are missing, so it might as well not work at all. Etc. Haven't these people learned any lessons from other systems? All the endless wrangling over /bin /usr/bin /usr/local/bin /opt/bin /sw/bin etc is tedious, but the point being debated is valid & widely accepted -- there needs to be distinctions among vendor, system, and user installed programs -- and the approaches to the problem all more or less make the situation Less Bad. Windows just ignores it all and has everything drop into a shared /bin directory, which you may or may not need magic pixie dust to alter. Maybe I just need some of the magic pixie dust that the stoner that settled on this was smoking at the time...
From: Simon Wilcox Date: 19:42 on 07 Apr 2005 Subject: Microsoft suck Well, OK, film at 11 but listen to this particular piece of shit: We have a website, all shiny and new which we want to run under ssl. No problem, set that up, firefox happy, every darn browser happy except IE which complains about secure and insecure content on the same page. So we fix that hardcoded error (whoops :) but the error still remains. Nowhere in the html does it reference http://. So I dig out ethereal and there is definitely NO http call being made. What the fuck ? Much googling later, I get a clue here http://www.softcomplex.com/forum/viewthread_1868/page1/#pid5140 Yes indeedy people, in working around one IE bug, we tickle another ! For some reason <iframe src=""></iframe> is insecure. What crack were the programmers smoking the day they thought of that one ? So to get around it, I have to call a real html page from my webserver so that IE can believe it is secure. <iframe src="/brokenbrowser.html"></iframe> Useless, useless, fuckers. That's 3 hours wasted that I really don't have time to waste. Simon.
< mari
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
a
chi >
[ Page 47 of 76 ]
Generated at 10:28 on 16 Apr 2008 by mariachi