Side Rant: If you won’t honor a deal you have advertised if I’m ordering right fucking in front of you, you can kiss my misty butt-hole and forego any business from me at all.
Homey Don’t Play Apps!
I’m with you. But …
Homey gonna do without deals then.
Their whole goal is to pay you to learn to not want employees in the store.
Many, many years ago, practically in the dawn of computer history, it became common practice that when a login failed, the system did not elaborate on what part of it had failed. Invalid user name or invalid password? Best not to say, in case it was an intrusion attempt. Then someone came up with the idea of locking out the account after something like three failed attempts, but not telling the user. Not sure if not telling the user is particularly helpful against attackers, but it seems to have caught on.
But there’s absolutely no good rationale for “something went wrong” as any kind of excuse for this appallingly useless error message cited in the OP. Anyone in possession of a stolen credit card or credit card number and CVV who is told that the payment is declined has no useful actionable information.
Amazon, the world’s largest online retailer, apparently agrees. Once or twice I’ve had an Amazon order fail with a corresponding email message asking for a different form of payment. It was due to having the credit card on file having expired. I updated the card information and all was fine. This is how this kind of thing should be handled.
An email message sent to the address of record for the account that’s already logged on is utterly a different thing from an error message about a failed login attempt delivered by a web / app UI to an as yet anonymous http connection.
I was logged in to my user account on their app. What’s the risk of telling me my payment method failed? What new vulnerability does that open up?
I agree, but …
This is the use case I was describing. There’s no rational explanation for failing to say “your payment method isn’t working” other than “app” development by the aforementioned 10-year-old hackers writing these apps in their parents’ basement. Or, if these “apps” are developed by allegedly certified software developers working for an actual big business, they should be fired.
It’s not actually a “disinterest” though, is it? That would mean they are essentially neutral on the situation. I think it’s more like “noninterest”.
I’m afraid I haven’t given up the “disinterest” battle yet because I think there is still hope but this too may be going the way of “literally” and “electrocute”.
No, “disinterest” is exactly what I meant.
From Merriam-Webster:
to cause to regard something with no interest or concern
IOW, Microsoft never gave a shit about software quality. They’re content to let their customers be their field testers, and when problems crop up, they sometimes fix them, and sometimes don’t. Or update with “fixes” that break something else.
Mobile “apps” have taken crap software to a whole new level of crappiness.
OK. Looks like it’s too late for disinterest. It’s been literally electrocuted.
ETA: But you’re right about the crap software and the crap mobile apps
This, plus a lack of emphasis on “unhappy paths”.
I work in software design, and I am of the oldskool of wanting to tell the user what went wrong and, more importantly, what they need to do next to solve the problem or at least be able to continue their use case.
The first issue with this, is that our software needs to interface with other systems, and often those systems give us very vague errors, possibly because, as you say, they want to make it as hard to exploit their system as possible.
The second thing is that the business and other stakeholders have little interest in this kind of functionality, so little to no time is allocated to it. Back in the day, developers were more empowered to just write error messages themselves, and they are best placed to know what information can be known so would cover more situations (but maybe they would “overshare” a bunch of tech stuff). Nowadays, text is something that comes from UX designers, product owners, technical writers etc, and they may have less understanding of what feedback it is possible to know, so will draft UI designs with pretty generic errors.
It’s a bit chicken and egg. Ideally developers and stakeholders would briefly discuss what can be known, and what is useful to tell the user. But, as I say, zero time is allocated for such discussions.
English really needs the word anti-interested. As in I’m not talking about not having a stake in [whatever], and I’m not talking about having zero concern plus or minus about [whatever]. I’m talking about actively ignoring part of [whatever] that they really ought to be paying serious attention to.
Yeah, I have posted elsewhere about my team (and to brag, mostly because I apparently have very good pattern recognition skills while reading extraordinarily boring log files) we had a bunch of failed purchases, often repeat attempts, and often an attempt to buy a similar product.
These were large white goods (fridges, ovens etc, for those who are unfamiliar with the term) sourced from a 3rd party supplier in Europe, then shipped to the UK.
The user/buyer needed to enter their postocode, which in the UK is in the format: (I used AI to generate this quote, because when not looking at logfiles, I am a little lazy)
Note the space between the two groups of characters.
Some customers were not entering the space. As we were working for a UK client, and this is not an uncommon thing, our own validation did not catch the missing space. But the European suppliers did.
Unfortunately, they did just not handle it, they did not let us know about the error rate, and basically, customer complaints eventually led the issue to be assigned to my team, and I was free, so I picked it up.
Some logfile reading over the next few hours later, I identified the pattern, where we sent an invalid postcode; and the supplier system barfed. But crucially, failed to send a sensible error message, eg “postcode has invalid format”, they just failed silently. So we defaulted to the irritating “something went wrong” style of message.
Easiest fix for a +/-£600 000 / year loss… possibly ever. We just made sure the postcode had a space in the appropriate place, like 3 minutes of work.
Remember, at Microsoft, Quality is job 1
.1
.04b
Right now I’m cleanup up from the silent failure of bad email addresses.
People use Eventbrite to signup for an event I’m hosting. Sometimes people make a typo entering their email address[1]. Eventbrite never says “we tried to send the registrant an email and it bounced,” instead they just accept payment for the registration, and record the bad address.
When registrations close I export the list of email addresses and add it to a Google Group based email list. Then I send a message to the list saying “Welcome everyone.” Google Groups does not tell me that some of the addresses are bad. They just silently fail.
It is only a few weeks later when I’m sending individual login information to each email address that I actually get bounces from the bad addresses. Then I have to try and figure out what the correct address is, resend everything that person missed, and update all of my records.
Next time I need to run a script to check if at least the right side of the @ sign has a valid A record or MX record. That doesn’t do anything for when the left side of the @ sign is wrong, but it’s something.
Or, a department admin is signing a student up, and typos the student’s email address ↩︎
Hmm.
If folks signing up for your event are using personal, not work, email addresses I’d bet 80% of them are at gmail, live, yahoo, etc. I’m not sure validating the domain beyond a simple string comparison of the Big Five email domains will help enough to be worth the effort to create the more complex script.
But for all of us who get annoyed when the account creation process at some website includes receiving an email to click on, now we know why: in bulk, folks suck at typing.
Also one of the reasons I personally always create an account first, then buy or sign up for whatever, even if the site offers a “continue as guest” option. I’m not really giving up any info they can’t find if they tried. And I reduce these kinds of goofs.
Given the number of sites that use email or phone number as the de facto identity / “primary key” to your account, it can be difficult bordering on impossible to change that one key fact later. Their design assumes its a) unique, and b) permanently unchanging. That’s a dumb design, but not a rare one.
Either plan would have caught the one that was @gmail.con. That one, the person was registering themself, and managed to enter it correctly in the “buyer” field, but not the “attendee” field.
It’s possible Eventbrite does no validation of the attendee address field, because gmail.con does not exist. Though a .con TLD would make it easier to identify scams. The other alternative is that Eventbrite does try and validate the attendee email address, and then emails the buyer saying something is wrong, and in all cases the buyer (sometimes the same as the attendee) ignored the message.
I’d easily believe either.
Online, continue as guest always requires an email address anyway. The only reason I hesitate to create accounts is because it requires giving out an email address, which invariably will generate ads in my inbox, no matter how many opt-out options I select.
I deliberately give out fake email addresses when one is needed to access guest wifi. Usually, if I’m using Example’s wifi I’ll give root@example.com or ceo@example.com or similar. Unlike my broken email headaches, I hope this strategy causes someone headaches.
My own email address is in a domain I own. And has an unusual TLD. But one that has been part of the internet TLD list since the git-go of DNS. Even unto 10 years ago I’d still occasionally get websites that refused to accept a TLD that wasn’t on a very short list like “com, org, net, edu, and maaaybe gov”. Devs that don’t know the standards applicable to their jobs are a hazard to navigation.
Yup. Would that it were so. Sigh.
See also Evil bit - Wikipedia. I know you know what that is, but some other less technical readers might enjoy the chuckle.
Me too. That’s the one place I eagerly spew garbage into the marketers’ databases. 
I used to favor Q@W.E because it’s quick to type. More places now have decided to at least validate that the TLD isn’t a single character. My fallback has been Joe.blow[buncha random digits]@gmail.com. That one seems to work every time everywhere.
I 
just now at your suggestion of using @example.com I’d never thought of that. D’oh!
That would reduce the chance of collision w some innocent bystander from near zero to zero. I shoulda known that. I’m going to switch and see if I find wi-fi providers who filter against that specific domain name.
Another example of the exact sentiment of the OP, though this time “That didn’t work. Try again.”
The Engineering Explained YouTuber (Jason), has been having lots of problems with his Lucid Air. He just released a new video about it in time for me to watch during lunch. One of the many errors is that if the trunk or frunk is open more than 10 minutes, it can only be closed manually. It is not clear if this is by design or a bug, because pressing the close button on the phone app results in the “That didn’t work. Try again.” error instead of a more helpful message like “after 10 minutes of being open the trunk must be closed manually.”
You can use the literal example.com. I was using it as an example in this case, and I meant I’ll use the real domain name of wherever I’m at. For example, if I’m at Big Bank Arena, and I have to enter an email address on a page at bigbankarena.com to connect to the wifi, I’ll pick root@bigbankarena.com, or postmaster@, or ceo@. Sometimes they’ll have support@bigbaankarena.com right there on the page. Then I can just copy and paste that into the email field.
My explicit intent is to annoy their own employees (or overseas contractors) with their onw marketing emails.
Ref that last bit, you are far more devious than I have become in my lazy retirement. But I’ll gladly take your approach; it suits my formerly more actively piratical nature.
The ones that really light my fire are the ones that have a checkbox:
- I consent to being spammed in exchange for access to your wifi.
CEO@whateverdomain.com FTW!
I have a domain which I only use for such signups, it redirects all mail to Mailinator [dot] com, which effectively a free mail recipient that can accept mail. I use it for confirmation mail when I don’t really want to share my real address.
The traffic on that MX domain is so small that it is not banned in the way Mailinator is oftenly.