UI Bites
-
it does have a "sent" folder that contains a copy of my message, so at least I can see what I sent.
until it hits autodelete after one
monthweekday.
-
@BernieTheBernie at that point it wouldn't be much different from the bank simply ignoring my message entirely so sadly not much I can do about it...
In any case, I expect them to tell me "we can't do that by email, call us or book an in-person appointment."
I did try calling them (some time ago and for something else) and the very first thing their automated system does is ask me for my account number + password. Which it then fails to recognise, and after 3 failures the system just hangs up, without any option to bypass that and get a human (I tried waiting forever, this doesn't work). So to call them I'd need to first solve this problem, which knowing them might also require an in-person visit.
So yeah, I'm in for the long run. Expect many more UI
since their whole system is... probably par for the course for a bank, but generally awful.
-
Of course my session expired at some point in the middle of that
Banks really are the worst of the worst.
Their retarded security still insists on using 4 or maybe 6 digit PINs as passwords. VISA still has fucking insecurity questions like it's the 90s. Hint: if you think asking "What was your first school?" is a valid security mechanism, you're either retarded or work in finance, but then I repeat myself. But then they have the audacity to automatically log you out and complain about it next time you log in after 5 minutes of
inactivity .
Fuck off. I'm not inactive. I'm busy in another tab that is related to what I'm doing on the banking site. Get your own security in order first and stop trying to nanny me.How can it be that the one type of account where you'd think security matters most is consistently the one with worst security practices?
-
Their retarded security still insists on using 4 or maybe 6 digit PINs as passwords.
That's not the worst. For me, the worst is that they all insist on using some sort of virtual keyboard to enter that password. Yes, yes, I know, keyloggers. Great. Now tell me why only banks would be targeted by them. And tell me how likely it is that someone is just glancing over your shoulder while you carefully hunt for the next digit (because, of course, the digits are scrambled in a different way each time!) and click on it.
It also breaks password managers but sadly that part is probably entirely intentional and not just bad UI.
-
It also breaks password managers but sadly that part is probably entirely intentional and not just bad UI.
Everybody who intentionally breaks password managers is also an idiot, so that's par for the course.
-
@topspin "Security to your account is so important that we want to make sure you do not store your password in any other system that ours."
" Well, in our system and of course in a big'ol
password.docxon your desktop (and therefore in OneDrive, Google Drive and DropBox). But not in a system specially designed for that, nope, that would be far too risky."(the sad thing is that you know that there are bank IT managers saying exactly that...)
-
VISA still has fucking insecurity questions like it's the 90s.
That depends on the bank that issued the card.
-
the worst is that they all
It's funny how most banks in eastern Europe jumped the ones further west. I have normal password prompt for the bank account login, plus second factor using a (custom) authenticator app, and overall the app mostly works. Granted, I had 8-digit password fairly long¹, but I had second factor from the start (via SMS before the smartphone app) and there were never any insecurity questions. And while some banks around here are worse, none of the big ones is as bad as you all say.
¹ Until they reworked the authentication when someone, in a rare bout of sanity, decided that government portals will allow federated login using internet banking so normal people won't have to prove their real-world identity to yet another system. Given that most banks have decent internet banking here, that was really, really unexpectedly smart thing to do by the government, more so that they passed up an opportunity to procure yet another overpriced system.
-
And tell me how likely it is that someone is just glancing over your shoulder while you carefully hunt for the next digit (because, of course, the digits are scrambled in a different way each time!) and click on it.
My bank does this, and they seem to think
user-select: none;is for chumps.
-
@Bulb With my bank, I log in with a user name, and a 5 digit "password". Now I can see all my accounts and their values. I could shuffle money between accounts (savings versus current etc), and do some minor transactions to other (i.e. not mine) accounts (less than 50€ - do not know the exact number).
Bigger transactions require an extra identification number which I have to generate with an extra device plus my banking card. And occasionally (about once per quarter) even loging requires that extra step.
So, while login as such is hardly secure at all, transactions are better safeguarded,
-
@BernieTheBernie I think the numeric passwords are a relic of the WAP and SIM-toolkit based mobile banking applications from the days of not-yet-smart mobile phones. When accompanied by a second factor (SMS, card, application locked to specific device) it's good enough for most people.
It's the other cargo cult practices like “security questions” and custom on-screen keyboards that are
-
Status: Discord is mentally challenged, as expected.
Guess I'll have to wait for 5/22 to come before finding out what amazing thing they want to say...
-
@Tsaukpaetra said in UI Bites:
Status: Discord is mentally challenged, as expected.
Guess I'll have to wait for 5/22 to come before finding out what amazing thing they want to say...
Well, you know, there's no way for their app to know what date it is without you restarting it for updates.
-
Their retarded security still insists on using 4 or maybe 6 digit PINs as passwords. VISA still has fucking insecurity questions like it's the 90s. Hint: if you think asking "What was your first school?" is a valid security mechanism, you're either retarded or work in finance, but then I repeat myself.
We host a whole bunch of banking websites, and every couple of months we run into someone we either have to explain what a a CSR is, that it's a good idea to update your tools once a decade or so because it's not our problem when their openssl can't deal with SHA512, or that sending the private key to their main web presence via unencrypted email is … cough not recommended.
And the guys we talk to generally aren't just Joe Random Webdev but the ones who've been explicitly tasked by their bosses with handling the keys to the kingdom.
-
@BernieTheBernie I think the numeric passwords are a relic of the WAP and SIM-toolkit based mobile banking applications from the days of not-yet-smart mobile phones. When accompanied by a second factor (SMS, card, application locked to specific device) it's good enough for most people.
They were already familiar with PINs since the 1970s ATMs so never saw a need to change.
It's the other cargo cult practices like “security questions” and custom on-screen keyboards that are
TBF, scrambled on-screen keyboards were useful for a couple of years starting in the late noughties when keyloggers were rampant but realtime analysis of screen contents was too unreliable. I'd put it down to glacial release cycles that they haven't been dropped everywhere yet (though none of the banks I've used ever had them).
Security questions are just a tradeoff between costs of customer support and cost of fraud. When someone gets their account hacked, I bet in many cases they're able to avoid compensation by simply telling the client it must be their own fault for not having kept their credentials safe. OTOH, every time someone forgets their PIN, they'd have to do the whole dance of IDing them and printing and mailing a PIN which costs a lot in staff hours and on top of that pisses off clients who don't understand "why it must be so complicated when the competition just asks for my mother's maiden name".
-
Continuing on my bank stories, here's the virtual keyboard for entering my password (I'm leaking my password!
):
wait... did they... put the 8upside down? or found a weird font where the8is upside down from the usual way to draw it?(and now I wonder if the
9is really a9and not a6upside down, or the other way round?)
-
@remi so your password is
131214151011hunter2*******?
-
@remi so your password is
131214151011hunter2*******?Clearly it's
8675309
-
-
Status: Someone
a setting...
-
@Tsaukpaetra Gamedev! I remember one of the more recent speedforneeds I had issues with very low audio mix. Some reddits suggested editing the master volume value in the config to something greater than 1.0. It not only worked (2.5 in my case), but the game was drawing the trackbar background out of bounds and allowed changing the value in-game within the new range of [0..2.5]. But now for
: only up until the value was set within [0..1.0], in which case the background remained as is, but you couldn't move the slider past 1.0 again.
-
-
@remi
File_Not_Foundis missing! What did you do to corrupt this little dialog so terribly?
-
Opera released a new UI for their main desktop browser recently. See all those little gray gaps between things? Most of the time they do nothing, not even letting you drag the window around. The gap goes all the way around the window:
...so there's a dead space between the scrollbar and the edge of the window (or screen, since they stay while maximized).
They also crammed an AI into their browser much like Edge, but theirs camps out in the middle of the sidebar instead of on top and you can't use it unless you're logged in to an Opera account.
Finally, they added a new form of tab grouping to go along with the other forms of tab groupings they already had. See that blue bar in the second picture? That's what a collapsed "Tab Island" looks like. By default these are created automatically as you open things in new tabs. Hope everything you do is related.
-
Looking for the July 4 parade start time in my village and found this. This UI fail is almost certainly created by a lone, generous volunteer, and I feel my civic duty is to give feedback, but I'm just a C++ hacker. Everything looks great on desktop.
Any ideas what went wrong?
-
-
@Tsaukpaetra Thank you for the hint! I did a F12, but no clear info. Then I did a "View Source" and found things like
wp-block-table{margin:0 0 1em}.wp-block-table td,.wp-block-tableI suppose wp is WordPress, no? From that I infer that this volunteer may not understand WordPress formatting. Nor do I. But it might be enough for them to educate themselves.
We've not met, but I should introduce myself and make the suggestion to the developer. Any additional advice most welcome.
-
@Gearhead Sorry, "we've not met" == "I do not know who is the developer."
-
Any additional advice most welcome.
Oh dear, it seems you have exceeded the day's quota of "useful" responses. Your free trial does not include enough credits for that tier of response without a license. Please subscribe to my Patreon to enable unique and helpful rewards!
-
@Tsaukpaetra LOL! The parade is an even bigger WTF.
Fourth of July parade draws ire for reportedly racist content, personal attacks
The Beverly Farms Horribles Parade has carried on for over a century.
-
-
@Tsaukpaetra LOL! The parade is an even bigger WTF.
https://www.boston.com/news/local-news/2020/07/08/beverly-farms-horribles-parade-2020
We have this @GuyWhoKilledBear's law around here: “Everything from Boston is ter…”. That's a
discussion. The article is first class material.
-
-
@Rhywden Ok, I rewrote the post. Please, remove the quote too to get rid of the
content.
-
Every Flashing Element On Your Site Alienates And Enrages Users
Warning: This post might give vulnerable people new sensory sensitivities
-
@Tsaukpaetra LOL! The parade is an even bigger WTF.
https://www.boston.com/news/local-news/2020/07/08/beverly-farms-horribles-parade-2020
We have this @GuyWhoKilledBear's law around here: “Everything from Boston is ter…”. That's a
discussion. The article is first class material.The article itself is absolutely Garage material, and this isn't me complaining about the mods Jeffing whatever got Jeffed.
But GuyWhoKilledBear's Law isn't just a Garage rule. It applies just as strongly in General and in the Lounge. It also applies in real life. It applies in New Jersey and it applies wherever I happen to be standing.
Obviously, it also applies in Boston.
Unless...
Have I sufficiently problematized the concept of Boston such that any mention of that city is automatically controversial and therefore can only be discussed in the Garage?
If so,
.
-
@Tsaukpaetra LOL! The parade is an even bigger WTF.
Fourth of July parade draws ire for reportedly racist content, personal attacks
The Beverly Farms Horribles Parade has carried on for over a century.
Ok, Forum Memes Mode off for a second.
Contrary to what @Bulb said, the problem with your post isn't that it's about Boston. The problem is that the article touches on politics, and we have a rule about that.
Posts about politics are supposed to go in the Trolleybus Garage because they invariably spin out into arguments that make some forum members uncomfortable. Those forum members opt out of the Garage, by not going there, and then they don't have to see the arguments.
You can follow @Bulb's links to see the Garage, where you can post mostly whatever you'd like, if you're interested.
It looks like the mods have cleaned up the problem and everything is fine now. But please try to be more careful in the future.
-
@GuyWhoKilledBear I don't think anything was actually Jeffed. I just cut my post short when Rhywden said it's getting garagey.
-
@Bulb Thanks Bulb. I will wade into the Boston trolley garage. Flame-retardant trousers are now engaged.
-
@GuyWhoKilledBear Thank you for this information. I tried my best to lurk and learn the community rules. Is there any WTF-FAQ that I can review?
-
@Gearhead I think there are some relevant topics in the Meta category. For the Garage, there's a pinned post by Alex, the site owner, that is not entirely accurate; it assumes everything in it is pure trolling and nobody really believes anything they post there. I don't think anybody really wants to correct Alex's misapprehension, because he might shut the Garage down entirely. Nevertheless, it's a good intro to it.
-
@GuyWhoKilledBear Thank you for this information. I tried my best to lurk and learn the community rules. Is there any WTF-FAQ that I can review?
This is the post @HardwareGeek is referring to about the rules for the Garage. I think it's even less useful/correct than he does, but if you're interested in perusing it, there you go.
This is the general WTDWTF FAQ topic. From my foxhole, it is similarly unhelpful, but there it is.
I think a better way to explain the rules is that in the General categories, "office rules" are supposed to apply. It's not strictly professionalism, and some lighthearted joking among colleagues is OK. But going off on political rants among your coworkers is a good way to get branded as an a-hole, so don't do that in General.
On the other hand, in the Garage, there's very little that you're not allowed to say. (No doxxing, and no leaking the Lounge - more on what that is later.) A lot of Garage posts are extreme caricatures and hyperbolic descriptions of what Garage Mechanics actually believe. But then again, a lot of them aren't. Because we are allowed to talk about pretty much anything in the Garage, there is earnest debate about "controversial" topics there - that's the only place you'll find that on this site. But some people don't want that, and so they stay out of the Garage.
There's also the Lounge, which I imagine you don't have access to yet. That's a special part of the site that's not indexable by Google and that only trusted community members are allowed to access. The idea is that since the Lounge is even more restricted in membership than the rest of the site, people are allowed to talk freely about their jobs without the pressure of anyone they know in real life finding out what they're saying. It is a huge no-no to post anything from the Lounge outside the Lounge.
Those are the rules. You'll figure out the culture as you go.
Welcome to the site!
-
@GuyWhoKilledBear said in UI Bites:
there is earnest debate about "controversial" topics there
Some of it's earnest, some of it's trolling, some of it is incoherent gibberish — although I haven't seen @Gribnit around lately, so there's been much less of that — and some is the deranged ranting of a blithering idiot. Which is which is up to you to decide.
-
Reddit now deselects selected text when you right-click. I noticed because I didn't have my left hand on the home row and thus, having already selected text with the mouse, wanted to select copy from the context menu instead of Ctrl+C. But there's nothing left to copy after they keep deselecting the text.
Could you fucking. Stop. Doing. That?!
As the guy @boomzilla quoted above said:
It baffles me that these companies will spend millions of dollars optimizing every aspect of their user interface, ...
It baffles me that they manage to utterly fuck up the most basic things and nobody realizes it. Not what I'd call "optimizing every aspect of their user interface".
-
@topspin In situations like that, there is something to be said about the paste selection feature of X-windows.
-
@GuyWhoKilledBear said in UI Bites:
Because we are allowed to talk about pretty much anything in the Garage, there is earnest debate about "controversial" topics there - that's the only place you'll find that on this site.
Also in threads about Rust.
-
@topspin In situations like that, there is something to be said about the paste selection feature of X-windows.
It really is one of my favorite things about using Linux.
-
It baffles me that they manage to utterly fuck up the most basic things and nobody realizes it. Not what I'd call "optimizing every aspect of their user interface".
UX designers must design.
(insertion of air quotes assumed)
-
@boomzilla said in UI Bites:
@topspin In situations like that, there is something to be said about the paste selection feature of X-windows.
It really is one of my favorite things about using Linux.
It makes it hard to replace the selection by the contents of the clipboard, though. And from my Linux days, I remember occasionally accidentally selecting some text that I didn’t want to (not a problem unique to Linux, of course), thereby losing the clipboard contents that I did still need.
-
@Gurth You can replace selection by the content of the clipboard just fine, because the clipboard is separate from the last selection. Ctrl+C copies selection to clipboard, Ctrl+V pastes from clipboard, middle click pastes last selection directly. So if you want to replace a selection, just Ctrl+C the intended replacement first.
There may be some application that manages to break that, but usually it works reliably. And it's a bit muddied by the fact that Ctrl+V pastes the current selection if the clipboard is empty, so it may not be immediately obvious that Ctrl+C is different from just selecting.
