Archive for PEBKAC

Your Web form blows goats

Rather a lot of Web forms blow goats, and not necessarily healthy goats either, but this one seems particularly likely to abuse your kid:

This morning I logged into my account to “set my Privacy Choices.” I thought they were already set, but they sent me a letter saying their site is changing in new and exciting ways to make my life EASIER. So I logged in to check on my PRIVACY CHOICES.

First mistake right off the bat. No commercial Web site has ever changed in new and exciting ways to make anyone’s life easier. It’s always (1) change our back end for the sheer hell of it or (2) find more efficient ways to monetize our customers’ personal data or (3) both 1 and 2.

Still, she waded through the quagmire, and finally left this advice for the morassholes:

Your PRIVACY CHOICES pages — all of them, in the entire form — are chock full o’ FAIL. I’d attach screen caps but you don’t allow it. So I’ll try to explain in the 400 characters you allow here.

The helpful “error” message I got when I tried to enter my email address in the form? WTF? It’s the same email address I use to log into the “secure” area of the site and I bet you knew that. It’s the same email the bank uses to send me “Your Statement is Available Now” emails. So this is a huge coincidence, I’m sure, that the Privacy Choices page threw red errors on my email address, but then suddenly ignored them as I continued filling in the form. Testing me, were you? Most people give up at the red messages but I’m an asshole. Shit, it says I only have a few more characters left to tell you what’s wrong with the Privacy Choices pages on the site. I am feeling the stress now. I will just note that your “open a new account” page and your “make a payment” page are working fine as always. Just not the “Privacy Choices” section. Nothing there works. Such a strange coincidence. Like, what are the odds?

A reminder from Consumerist, as though you needed it:

[M]ost privacy policies are terrible. They do not guarantee you privacy; they just outline and detail the ways in which you do not have any.

Which might explain why they don’t give a damn whether you can respond to them or not.

Comments (1)

Here we go loop-de-loop

Ouroboros to the white courtesy phone, please:

Europe”s “Right to be forgotten” laws have come to an apex of dumb: The UK’s Information Commissioner’s office has ordered [pdf] Google to remove links to stories about Google removing links to stories. My brain hurts.

If it’s an endless loop, does it truly have an apex?

And apparently “endless” is the operative word:

“The commission does not dispute that journalistic content relating to decisions to delist search results may be newsworthy and in the public interest,” Deputy Information Commissioner David Smith wrote in a statement, acknowledging that the IC was asking that Google block access to legitimate journalism. Smith continued: “However, that interest can be adequately and properly met without a search made on the basis of the complainant’s name providing links to articles which reveal information about the complainant’s spent conviction.”

Smith fails to mention how the IC will handle purging news stories about the news stories about purging the news stories about purging news stories, or how it will handle purging news stories about purging news stories about the news stories about purging the news stories.

Barbra Streisand was not available for comment.

(Via Greg McVerry.)

Comments (3)

The noncorporeal girl of my dreams

Something I said four years ago:

Given Siri’s lack of physical form — all those apps look alike to me — I’ll almost certainly impute wholly-unwarranted characteristics to her, such as a sense of humor.

And maybe, it seems, a trace of actual wisdom:

Bless you, autocorrect.


We deprecate your punctuation

For the last twenty years or so, I’ve been rendering the em-dash (and the occasional en-dash) with — mostly because I could never remember how to spell the damned entities. (And typical usage around here has spaces around the dash, which is neither technically nor typographically correct.)

WordPress, as of version 4.3, has decided that I will no longer get away with —. It’s converting that string on the fly to —, which is a correct em-dash in Unicode, and it displays the way I want it to display. Only thing is: now I wonder what else WP is doing behind the scenes.

Comments (3)

Somewhere around the back end

One of my more faithful WordPress plugins is WP-Ban by Lester Chan, which allows me to block any IPv4 address — IPv6 isn’t covered yet — or any range thereof. It’s not 100% reliable, but it’s kept about 800,000 unworthy types out of this site over the past several years.

Then WP 4.3 arrived yesterday, and the plugin broke with the ever-popular Fatal Error string. I watched it happen, took the obvious action — rename the plugin directory so WordPress can’t find it — and went out to see if anyone else was having this same issue. They were. Almost identically, in fact. So I’m assuming this problem isn’t due to the weird configuration over here.

This is the first time I’ve seen anything of Chan’s actually break, so I have no idea how quickly he responds to issues like this, but I am hopeful.

Update: Well, looky here. A new version of WP-Ban already.


Up one point nine

Marcel has survived the arrival of Windows 10:

The upgrade from Windows 8.1 to Windows 10 went okay. It took a minute or two to go though “custom” settings and select more sensible options than “express” offers. The only thing so far is the mouse pointer often goes into its “working” blue-circle state, and it’s even more pesky and intrusive than 8.1; just now it was bugging me about logging onto their X-box scheme so I could play solitaire.

Then again, this isn’t his only hardware:

On my other machine I have Lubuntu, which has been trouble-free.

Hmmm. I wonder if that would work on Toshi, my ancient XP laptop.

Comments (6)

Discouragingly stationary

The bank with which I do the vast majority of my business — not one of the big chains, but big enough — has been serving up a perfectly legible online-banking interface for the last five years, which fit nicely onto my screens. It apparently did not fit nicely onto people’s phones, though, so they’ve unveiled a new interface aimed directly at those who swipe rather than those who mouse around.

Well, no, I didn’t like it much. On the upside, it’s not so different from what American Express is showing me these days, so at least I didn’t have much of a learning curve, and I suppose eventually I’ll end up with a smartphone, or at least a not-quite-so-dumb phone. I’m not going to try it on my current phone; it will probably work, but carrier charges for Web access on an account with no data plan border on the absurd.

Comments (5)

It’s those damn one-percenters again

Paranoia, as Mr. Stills used to say, strikes deep:

Yahoo Answers screenshot: Since there are still millions of people world wide still using windows XP have they not been left high and dry?

And guess who did the leaving?

by the likes of Facebook, microsft outlook and many others, just because they are not able to afford the most up to-date machines to surf the web securly, and will it soon be only the wealthy and large corperations that will be able to so, and is that the plan for speeding up the net by reducing the traffic

Obviously our questioner doesn’t read anybody else’s questions, because the place is just jam-packed full of doofi who got their brand-new and presumably up-to-date machines loaded up with malware in the first 48 hours. “Securly?” Ha.

For what it’s worth, in the desktop/laptop market, XP still commands about a 12-percent share, though several years back it was estimated that 25 to 35 percent of XP installations were pirated.


Option F

Have you ever wanted to scream at the insipid robovoice that’s not even coming close to solving the problem you called about? Well, you don’t need to raise your voice, necessarily, but you might want to try coarsening your language a bit:

Some years ago I called the Dell 800 number to get some help with my computer. After going through various Q&As to establish that I needed technical assistance, the automated voice asked me to name the type of computer I was asking about. “Vostro 220,” I said. Pause. “I’m sorry, I don’t recognize that name. Please tell me what computer you are asking about.” “Vostro 220,” I repeated, enunciating slowly and clearly. Same response. After about four iterations of this I said, “It’s a fucking Vostro 220, for fuck’s sake.” Pause. “OK, it seems you need to speak to an operator. Please wait while I transfer you.”

You probably don’t want to go off this way on an actual person unless said person is behaving robotically, as though deviating from the script would result in instant derezzing.

Comments (1)

Blue screen of Duh

This error message might be even less useful than it looks:

Something happened screen from Windows 10

Said author Katherine Hayton upon witnessing this phenomenon:

Way to waste my time Windows 10. I don’t mean providing me with unenlightening messages that look like they might have started life as a program placeholder to come back to later (or not as it turned out), I just Googled the answer to that conundrum and was done with it.

No, the bit that took the time was finding the hashtag on Twitter and reading the random nonsense that this particularly existential explanation had spawned.

Perhaps not surprisingly, Lou Reed was there first.

Comments (1)

It could be terse

Alternatively, “we put the suck in succinct:”

Then again, how much exposition do you need for a link to a cat video?

Comments (1)

Bare naked text

When offered a choice, I always opt for plain-text email over HTML, “the way God and RFC 822 intended.” Most people choose otherwise. I contend that they chose poorly, and I am not alone in this belief:

So we decided to experiment with varying degrees of HTML-richness — plain HTML templates, snazzy and sleek HTML templates, beautiful headers, different sized and positioned images, various call-to-action buttons, and even GIFs — to see which would have the best result.

In every single A/B test, the simpler-designed email won. The emails with fewer HTML elements won with statistical significance.

To take this a step further:

HTML emails decreased open rates. What was interesting, however, was that not only were HTML emails receiving lower open rates than their plain-text counterparts, the more HTML-rich an email was, the lower its open rate.

Some of this may be due to mail filters. SquirrelMail, as implemented at my domain, blocks images it deems possibly unsafe, in which case your beautiful design looks like a game of Tetris that ended in a system freeze.

But regardless of the reason, it’s better without all those damn graphics. Trust me. Or God and that RFC.

Comments (4)

Custom for days

Somebody on Quora, presumably for I-want-it-too reasons, wanted to know which WordPress theme was using, so I took a look out there and quickly decided that this had to be a custom job: it didn’t look quite like any of the canned themes I’ve seen.

Still, duty calleth, so I fetched the View Source screen, and this came back to me:

First few lines of

Then followed the names and locations of the three actual developers. And yes, this is a custom theme, which is indeed called “Lemon Soda.”


Playing to a captive audience

Well, it makes marketing sense, anyway:

Too bad you can’t do the update from the BSOD. (Or can you?)

(Via SwiftOnSecurity.)


In lieu of actual improvements

Flickr Pro, which was dead two years ago, is now somewhat less dead. Per an email received from their current overseers:

We’re re-launching Flickr Pro and making it available to all Flickr members.

The new Flickr Pro includes:

  • Stats and analytics on your photos and more detailed referral traffic
  • Ad-free browsing and sharing

Yearly subscriptions also receive:

  • FREE standard shipping on Flickr photo merchandise within the US, and 50% savings on international standard shipping ($25 minimum)
  • 20% off Adobe Creative Cloud Photography plan for the first year

All this for only twice the price:

For new subscribers, Flickr Pro is $49.99 per year or $5.99 per month.

And here is where it gets good as a Loyal Flickr Pro Member: You get these additional Flickr Pro features and continue to receive unlimited space, with no change in price for the next 2 years.

“How much does it cost to go back to the old-style, uncluttered embed?” he asked, expecting no response.

Comments (2)

Worst WiFi ever

Despite all her rage, she is still just a rat in a cage:

The shonky structure of London’s tube WiFi is actually a perfect mirror for a famous Psychology experiment: the Skinner Box (or Operant Conditioning Chamber if you’re feeling fancy). The experiment involved putting a rat in a box with a lever. If the lever dispensed a food pellet every time it was pressed, the rats would press it often … obviously. If it stopped dispensing food, they’d stop pressing it pretty quickly (rats are clever).

BUT, if the lever only dispensed food sometimes, and in a completely random pattern, the rats would basically go on pressing it forever, even when it had stopped giving out treats. They’d wear their paws down to nubbins pressing that hopeless, disconnected lever because the next press could be the lucky one, right guys? Right?!

Tube WiFi is exactly like this. Sometimes you can get connected as soon as you pull into the station, see something good on Twitter, click through, it loads and you get to read it. And sometimes you’re still trying to get a connection as the train sails back into the darkness, Twitter stubbornly refusing to update, and your phone tantalisingly telling you there are “open networks available.” Hrngh. It’s an internet Skinner Box, and I can’t stop pressing the lever.

So what’s the problem? The signal reaches the stations perfectly well, but doesn’t make it into the tunnels. (“There isn’t a whole lot of space inside the tunnels for repeater units,” she says.) If you’re expecting a long ride underneath London, you probably shouldn’t count on getting any work done.

And I do like that word “shonky,” apparently a Briticism that to me is somewhat more pejorative-sounding than merely “unreliable” or “untrustworthy.”

Comments (3)

Must have a death wish

Certainly for his site, and possibly for himself:

Yahoo Answers screenshot: Is there an HTML/CSS code that prevents a user from navigating away from a web page until after 1 minute?

“Preferably no alerts,” he says.

On the upside, all his visitors will be unique and new: he’s never going to get a repeat visitor. (Well, okay, he might, in the specific context of “Hey, look what this asshole did!”)

Comments (2)

A loopy request

Nothing unusual about DMCA takedown requests. Universal Pictures France sent one to Google last week regarding several of the films it owns, and as always, it included the offending URLs. Not even mighty Google, alas, can take down this “site” allegedly infringing on Jurassic World:

Where, oh where, does one even begin?

Comments (2)

Which is where it bytes you

There might be more software in a new car than there is in a cheap commodity PC. (Brand-name makers tend to lard the machines up with crapware.) Given the slightest bit of connectivity, this was inevitable:

Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.

And then things got worse:

As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission.

Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.

Yes, there were two. He knew this because he’d arranged this test with them, to look for vulnerabilities in Fiat Chrysler’s Uconnect system. Used to be, someone had to tap a physical port in the car to hack it. Not anymore.

As it happens, Fiat Chrysler (1) is not amused and (2) has issued a patch:

Under no circumstances does FCA condone or believe it’s appropriate to disclose “how-to information” that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems.

FCA has a dedicated team from System Quality Engineering focused on identifying and implementing software best practices across FCA globally. The team’s responsibilities include development and implementation of cybersecurity standards for all vehicle content, including on-board and remote services.

As such, FCA released a software update that offers customers improved vehicle electronic security and communications system enhancements. The Company monitors and tests the information systems of all of its products to identify and eliminate vulnerabilities in the ordinary course of business.

Still, all software has holes. Just ask Microsoft.

Comments (8)

Meanwhile, phish are dying

This may seem impossible, but apparently it’s true:

For the first time in 12 years, spam made up less than 50 percent of all email.

According to Symantec’s latest monthly threat report, only 49.7 percent of email sent this June was spam. While still a pretty dang high percentage, it’s the lowest since September 2003.

Better tools like enhanced spam filters and more frequent prosecution of spam producers have helped cut down on spam. But for those of us who grew up with the internet and got the occasional laugh out of spam’s unintentional and bizarre poetry, this is a mildly bittersweet fadeout.

One data point doth not a trend make. Call me in thirty days and we’ll talk.

(Via Fark.)

Comments (2)

PET reset

In 1977, Commodore produced its first PET (Personal Electronic Transactor) computer, a 6502-based box running at a startling 1 MHz. It sold well enough to justify follow-on products — surely you remember the legendary Commodore 64? — but Commodore was extinct by 1994, and ownership of the trademark has been floating around almost randomly ever since.

Now comes a new PET, but it’s a cell phone:

[W]hile there’s no real connection with the famous 8-bit home computer, Massimo Canigiani and Carlo Scattolini have designed the new Commodore PET with a focus on gaming. The handset will run Android 5.0 Lollipop and will ship with two built-in emulators (VICE C64 and Uae4All2-SDL Amiga, as noted by Wired).

And if you’re gonna run Commodore emulators, those are the ones to run.

It’s a pricey little handset, starting at $300, and one might reasonably question its potential marketplace longevity. Still, seeing the chickenhead on a phone is bound to jolt those of us of a Certain Age.

Comments (1)

Hey, seize this, pal

Taste considerations obviously don’t enter into it:

Yahoo Answers screenshot: Wording a warning message for people with Epilepsy on a Tumblr blog with a rainbow-colored flashing background?

And apparently it’s just this short of a done deal:

I already have the Java Script and everything, I just don’t know how to write the warning in a professional way.

Like there’s anything “professional” about a rainbow-colored flashing background to begin with. How about an autostart audio file to make it worse?

Comments (2)

Not that we would need it here

Echochamber.js bills itself as “All off [sic] the commenting, none of the comments.” This is what they mean:

Echochamber.js is a third-party script you can install to add a simple comment form to your blog post or website.

why not just use disqus?

Because then there’d be a chance that someone would read the comments. You might have to read those comments. You don’t want that.

When a user submits a comment, echochamber.js will save the comment to the user’s LocalStorage, so when they return to the page, they can be confident that their voice is being heard, and feel engaged with your very engaging content. It does not make any HTTP requests. Since LocalStorage is only local, you and your database need not be burdened with other people’s opinions.

The script is simple, and is fed from a reliable source: Amazon Web Services.

(Via Brianna Wu. Don’t say it.)

Comments (6)

So far, so correct

Keep in mind, I haven’t seen version 10 yet.

Evolution of Windows


Comments (4)

Utility zero

Perhaps the single most useless site on the entire Web is now live, for limited values of “live”:

The Internet is supposed to be the world’s most inclusive medium: A miraculous tech utopia anyone can access. Which is why Justin Foley thought it might be funny to make a Web site that was, well — exactly the opposite.

Foley is the man behind, a site that — true to its name — only one person can visit at a time. You access the site by requesting a “ticket” for your 60-second window and then waiting in line; as of Tuesday night, there were only 40,204 other people you needed to get behind.

Of course, if you close your browser tab, you lose your place, so the line moves more quickly than you might think.


Dot nothing

There is now a waiting list for IPv4 addresses in this part of the world:

Noting an important development for the Internet community, the American Registry for Internet Numbers (ARIN), a nonprofit association that manages the distribution of Internet number resources within its region, announced today that it has activated its Unmet Request Policy with the approval of an address request that was larger than the available inventory in the regional IPv4 free pool.

Activation of this policy is another sign of the impending depletion of unassigned IPv4 resources in the ARIN region, reminding businesses of the need to deploy the next generation Internet Protocol, IPv6, and usher in the next stage of the Internet’s evolution. Qualifying organizations now have the choice of accepting the next largest available block of IPv4 addresses or being placed on the Waiting List for Unmet IPv4 Requests.

If anyone cares, we’ve had an IPv6 address here for a couple of years:


Or so I’m told. I’ve never actually tried it, being generally a generation and a half behind on most technical matters.


We asked you not to

So you settle down to use the Wi-Fi at the International House of Pancakes, when this happens:

Wi-Fi connections near IHOP

Maybe they should have said “Please”?

Comments (2)

You need this phone

And by “you,” they mean me. I got a text message with the basics of this over the weekend, and a full-fledged letter, with postage and everything, Monday:

T-Mobile is continuing to invest in our network. As we make network upgrades in Oklahoma City on 7/27, your current phone will no longer receive 4G high speed data.

I almost hate to tell them that my current phone, a Samsung flipper, has never received 4G high-speed data: it’s either 3G or EDGE, which seems to be a sort of 2.5G.

To continue to experience 4G high speed data, we are pleased to offer you a free smartphone, the Alcatel Astro. This phone will allow you to experience the best of the T-Mobile network. The Alcatel Astro features a beautiful 4.5″ screen and 5MP camera to capture and share life’s moments.

Truth be told, I’d be happy to get a consistent bar and a half from my desk at work, and speed be damned.

This is the phone in question. I know nothing from smartphones except that this one is a smidgen behind in operating systems (Android KitKat has been largely supplanted by Lollipop) and the numbers sound fairly mediocre. The price, at zip, is right; of course, the real money comes from the data plan I don’t have yet.

Comments (2)

A selling point, perhaps

Here’s a personal email service designed with your privacy in mind:

Own-Mailbox is a home-plugged personal email server, with strong privacy protection measures integrated at its core. It provides self-hosted email addresses, or connects with your existing email address. In both cases you can seamlessly send and receive encrypted emails from anywhere in the world, through Own-Mailbox webmail, Smartphone app, or through an external email software (Thunderbird, Outlook, …).

Which seems pretty swell. I wonder, though, if this is the right pitch:

Own-mailbox automatically encrypts your emails with Gnu Privacy Guard, a strong encryption software, the same software as used by Edward Snowden (as in the movie citizenfour).

I await an endorsement from Glenn Greenwald and his invisible friends.

(Via Ellie Kesselman.)

Comments (1)

Now with deBlartification

Ezra Dyer grumbles in Car and Driver (August) that cars have too many dysfunctional functions:

Part of the problem, I suspect, is that carmakers indulge the temptation to cram in every feature that might theoretically have a moment of utility over a car’s life span. For example, I just tried Infiniti’s new InTouch system in the Q50S. Several menus down the infotainment rabbit hole, I had the car giving me movie times for Paul Blart: Mall Cop 2. A disclaimer at the bottom of the screen read, “Screening times displayed are not always up to date.” I suppose this function would be useful, if something happened to your phone — maybe you ran it over? — and you then had to use your car to find uncertain movie times. But in all likelihood, you would never miss this feature if you never had it, leaving your car and your life just a little bit simpler.

I’d take a different approach. The Q50S is already smart enough to detect when you’re drifting out of your lane and nudge the car back into position. With this much brainpower, surely it’s possible to arrange for the car never to even mention stuff like Paul Blart: Mall Cop 2.