There’s probably not many people writing web pages in C anyway. It’s a common enough standard function in the web languages (eg trim in JS, PHP, C#, and Rust or strip in Python and Ruby).
Another autofill gripe: Many dumber site validations only validate on blur (when you leave a field manually), but if you use a form filler, that doesn’t get detected and the page still thinks all the fields are blank.
Or the ones that try to special format credit card numbers, but only if you type them one digit at a time, so that also breaks autofills. Sigh.
Hit a variation on this yesterday: I was trying to get to the bottom of a page on shop.app, to click the “Contact us”. Every time I did, the page would add more stuff. Finally it ran out, but by then I was pretty irritated.
Of course the site probably sees this as a feechur, since it will keep most people from reporting problems! /s
But you can presumably open the damned door without the app. Not sayin’ this makes it wonderful, just that it’s not like you need to go run down the street (or find the plug) to stop it.
I can never figure out where to do it. It seems like every few months they update the software and the tipping function moves. In the earlier versions, you had to look at your transaction history. Then it became a setting. Then it became a notification. Yesterday I couldn’t find it at all anymore. The barista and their manager didn’t know either.
I only go to Starbucks once every few months, and use the app just for easier payments, ordering ahead, and their loyalty points thing (you get free drinks once in a while).
However, I don’t want to skimp on the tips, having been a Starbucks employee myself. I don’t know why it’s so hidden =/ Maybe they are trying to artificially decrease the final price of drinks by discouraging tipping…?
I’m just going to stop using the app after my current Starbucks card runs out.
Apps that don’t let you cancel an order immediately if you placed it accidentally. I know some apps let you do this which is also very handy if you show up for a drive through order and see there’s already 10 cars waiting in the line.
I experienced a good one today.
Intuit’s idiotic web registration form won’t accept numbers typed on the 10-key pad - only those typed on the number bar of the keyboard.
This is useful for video games, where the numpad can be assigned different functionality.
I can’t think of a good reason a registration form would care. Probably just an oversight. They’re probably wanting to validate that you’ve entered numbers as you’re typing, but forgot about the numpad. Younger developers using laptops might never have seen one…
What web forms are using scan codes directly? That would completely break things like password managers and form autofill, which only use ASCII characters and not keyboard raw codes directly. And why the hell is this even an extant API? What’s the use case for the browser dealing with anything other than ASCII/Unicode?
The browser can be a sandbox for basically anything today. You can run Linux in a VM inside your browser if you want. They need to distinguish key codes (though clearly it’s dumb for an ordinary web page).
Hey, I didn’t make those forms And that’s just a guess as to one possible failure mode. If @beowulff can share the URL of the specific Intuit form that is doing that, I can look more deeply into it.
I do frequently run into broken forms, and yes, they do break my password manager, along with various web and accessibility standards. Usually they are trying to be too smart, doing things like formatting a phone number on every keystroke, or moving you to the next character of a 2FA field, or doing a validation on every keydown/keyup but not on an autofill or a paste… etc.
There are also some sites that go out of their way to prevent pasting and autofilling, presumably to force you to manually re-type an account number or such. I would like to smack those particular idiots…
<side rant>
There’s a billion ways for a form field like that to break… if you point me at one, I can probably describe in more detail what it’s doing (or failing to do). I don’t keep a running record of all the subtly broken ones I see, lol, but they’re common enough. I frequently run into them both as a user trying to fill out a form, and as a web dev fixing ones that other devs lazily made.
A lot of the web isn’t made with hand-crafted HTML anymore, just someone else’s React library that uses someone else’s code that uses someone else’s code. It’s a chain of third-party libs often hundreds of layers deep and tens of thousands of packages wide; the potential for bugs or exploits is nearly infinite. Some form fields aren’t even true <input> fields anymore but a lookalike made out of divs and emulating native browser functionality with poorly-tested JS code.
Almost always the acceptance criteria when a form like that is specced out is written by some manager working with some designer, neither of whom would necessarily have a complete awareness of HTML internals or ARIA requirements, much less all the different permutations of input devices and password managers and OS and language-specific keycodes and the such.
Which is why the below is one of my must have plugins. I think some devs or their managers have a grudge against password managers, and actively try to make using one difficult. I think it was the old Social Security sight that made you click out your password on a keyboard in a pop-up window.
The new trend is the username on one page, and then the password on another page. Often not that big of a deal, just a few extra clicks.
The biggest advantage I see to passkeys is that it prevents some random web dev team from implementing whatever weird policy they (or their bosses) think makes their login page more secure.
I am literally “AFK” for a few weeks - I’m working on my laptop, and my keyboard with the num-pad is back at home.
So, I can’t verify the bug, but you might try typing a phone number into this page (using a 10-key), and see if it fails:
You’d think, right, but then some particularly idiotic sites will use a passkey and then ask you for a TOTP 2FA. Or my local community college uses a proprietary solution from https://duo.com/, even though it’s passkey-compatible. I had to argue with them for a long long time explaining why I didn’t want to install their random app on my phone and computer just to generate a 2FA for them, when their login system worked perfectly fine with passkeys via a manual enrollment. The support guy didn’t know what to do, insisted that Duo was more secure. I asked him to check with his manager and after a long debate they finally allowed me to use a passkey, at the cost of it expiring every few days. Just because. Fine, I said, I’ll just reach out to support for a manual reset every time this happens. Your ticket load. Your call. Shrug.
My son sleeps in a bunk bed near his echo dot. His room light is synced with the echo so he can turn off the lights in bed.
More than once I have gone into his room late to turn the lights off shouting over the speaker reading my son a bed time story as he’s sleeping because the light no longer functions without talking to the internet.
My employer standardized on Duo, so I use it a lot, and it’s fine. It would be real annoying to need it for just one thing, but it does seem to be a well behaved app, so not a big deal to just leave it on my phone until I need it. It can also be a TOTP generator, as well as their push authentication.
When it was first required we had some push back, “what if I don’t have a smartphone? Huh!” It can be setup to instead of a push notification to the app, to make a phone call to your work (or whatever) phone number, and require pressing a button on the phone.
I totally get not wanting a new app used for just one thing. I hate doing that.
If it’s a company laptop, they can put whatever they want on it. Mine does that and I’m fine with it.
But for one school? No way I’m installing their app on my personal devices just to login to their registration system. Why does a college need more onerous restrictions than my bank, the government, or my employer? I use many devices to access my schoolwork, and I don’t trust Duo to have audited all their apps on all the platforms. I also don’t trust the college IT department very much at all. It’s matter of principle; they don’t get to make my system less secure just to satisfy their own security concerns.
Like many apps, my mortgage company’s app lets you log in using Face ID. But unlike most apps, when I log out, it takes you back to the login screen and activates Face ID, and because I’m looking at my phone when this happens it immediately logs me back in. In order to not get stuck in a loop of logging out and back in again I have to either make sure the phone is pointed away from my face when I log out, or quickly close the app before it can recognize my face.
Does a microwave’s operating system which has it beep every 20 seconds once the food is finished… with no stopping point whatsoever… count for this thread?
I’ve seen car alarms, fire alarms, and smoke detectors give up faster than this thing.
I have no idea why it is so persistent in telling me my food is done, because all I can figure out that the worst consequence possibly is that I would have to reheat my food.
And that’s just a guess as to one possible failure mode. If