Oyster WTF



  • Question: What's wrong with this form?



    Hosted by imgur.com


    Bonus, here's the confirmation page I got after reporting the issue:



    Hosted by imgur.com


    (Note the "reference number".)


  • Garbage Person

    I thought it was well publicized just how broken the Oyster system is - in all possible ways. Broken backend, broken frontend, no security whatsoever, you know, the norm for any UK.gov IT system.



  • I've never understood why people ask for your email address twice either. Asking for it twice to make sure the address is correct is fine, but how many people actually type it in twice, and how many type it once and then copy and paste to the second field? Ctrl-A, Ctrl-C, tab, Ctrl-V. 

    Now, the password field makes more sense.

    But that error message is just typical for a gov system.



  • @Mole said:

    I've never understood why people ask for your email address twice either. Asking for it twice to make sure the address is correct is fine, but how many people actually type it in twice, and how many type it once and then copy and paste to the second field? Ctrl-A, Ctrl-C, tab, Ctrl-V.
    I have actually encountered a page that prevented you from pasting the e-mail address into the second box, and even limited the speed with which you could type into it :p



  • @Weng said:

    I thought it was well publicized just how broken the Oyster system is - in all possible ways. Broken backend, broken frontend, no security whatsoever, you know, the norm for any UK.gov IT system
     

    +1

    Surprised nobody has spotted the error on the first page yet - or is it too obvious?

    The smartcard they brought in here in Aus is even worse. I actually contacted them after it got me to set up my account and printed my temporary password in plain text on the screen. Plain bright red text.



  • @Nyquist said:

    Surprised nobody has spotted the error on the first page yet - or is it too obvious?
     

    "The two security answers you provided do not match"

     



  • @Nyquist said:

    The smartcard they brought in here in Aus is even worse
     

    Where in Australia? The QR system has some WTFs (like the eRail updates) though they have seemed to have fixed most of them since I contacted them about it not working. Someone even called my mobile phone to ask clarification.



  • @El_Heffe said:

    @Nyquist said:

    Surprised nobody has spotted the error on the first page yet - or is it too obvious?
     

    "The two security answers you provided do not match"

     

    That's right, but the form doesn't ask for any "security answers", making it impossible to fix the error. I assume the the problem has arisen because I have already "registered" my oyster card using a paper form, but now want to open an "Oyster Online" account for the same card. This of course should be perfectly possible, but I get this error. My best guess as to why it has happened is that the system that is used by staff to enter information from the paper lacks validation and a mistake has been made - but that would imply that the database stores the answer twice, surely a WTF!



  • @mallard said:

    @El_Heffe said:

    @Nyquist said:

    Surprised nobody has spotted the error on the first page yet - or is it too obvious?
     

    "The two security answers you provided do not match"

     

    That's right, but the form doesn't ask for any "security answers", making it impossible to fix the error.

    I just assumed they meant the passwords.



  • @Nyquist said:

    The smartcard they brought in here in Aus is even worse.

    The Myki system? Or a different one?


  • Garbage Person

    @Mole said:

    But that error message is just typical for a gov system.
    Actually, I find that public facing US .gov systems are acrtually rather well built, and when something is broken they're incredibly responsive about fixing it.

     

    For example, the US Treasury's TreasuryDirect service is the ONLY financial institution that I've met which uses proper 2-factor authentication (They actually shipped me a code card.) instead of double-deep 1-factor authentication or two-way 1-factor authentication.  The US federal government has a reputation for spending craptons of money on electronic systems and taking ages to roll them out, but problems with them are exceptionally rare. Note that we're excluding the DoD which is well known for shoddy spec-making in the first place (See: Unencrypted DVB-S streams off Predators and other assorted aviation platforms)

    Other countries (along with American states and municipalities) such as the UK are world renown for spending tons of money and taking ages to build systems, and then ending up with something that doesn't meet the spec or is just generally broken, though.



  • @Nyquist said:

    Surprised nobody has spotted the error on the first page yet - or is it too obvious?
     

    It asks for a House Name?


  • Garbage Person

    @shepd said:

    It asks for a House Name?
    How else are you supposed to address things to Buckingham Palace?



  • @ender said:

    @Mole said:
    I've never understood why people ask for your email address twice either. Asking for it twice to make sure the address is correct is fine, but how many people actually type it in twice, and how many type it once and then copy and paste to the second field? Ctrl-A, Ctrl-C, tab, Ctrl-V. 
    I have actually encountered a page that prevented you from pasting the e-mail address into the second box, and even limited the speed with which you could type into it :p
    That'd be great fun when I go to fill it out and the browser already has the correct address in the field history. Click to pop up the list, click to select it, copy, paste into the second box. I guess the browser is expected to slow down and double-check what it's doing?



  • @Weng said:

    @shepd said:

    It asks for a House Name?
    How else are you supposed to address things to Buckingham Palace?

     

    You just say "Buckingham Palace" and everyody knos where that is?



  • @Nyquist said:

    Surprised nobody has spotted the error on the first page yet - or is it too obvious?
    "Oyster Security"


Log in to reply