WTF Bites
-
I have to concede the newer ones are pretty spiffy and aren’t terrible at the touch/laptop ui halfway house they’ve taken up.
Year of the Linux Tablet when?
Maybe someone in tech learned from their mistakes for once.
-
You need to be telepathic to understand what they're saying.
They are asking you to pick the flag of a neighbouring country after you've already guessed which country a flag is from. Could they have mentioned the country again in this follow-up question? Perhaps. But you should already know which country they are referring to by now (they show the solution whether you got it right or not).
-
@Zecc No, it's more the sentence, "Find Turkey's neighbour, and make it telephatically the one we thought of."
-
@jinpa That was added by me to introduce context which was missing in the screenshot.
I can't believe you didn't telepathically see that.
-
@jinpa That was added by me to introduce context which was missing in the screenshot.
I can't believe you didn't telepathically see that.
It’s not like this is the daily What Telepathy Fuckers
-
@jinpa That was added by me to introduce context which was missing in the screenshot.
I can't believe you didn't telepathically see that.
It’s not like this is the daily What Telepathy Fuckers
-
craps about a GB of dot files in your home
And if you use VSCode with C++, it'll use multi GBs.
-
Global Delivery Distortion Field
I got this email today:
Bullshit, there's no way it could get to my local country/region within a day of shipping out from China. Sure enough:
My local country/region is not Fenggang Town, China
-
-
@loopback0 said in WTF Bites:
Year of the Linux Tablet when?
It's come and gone. Remember MeeGo?
… that said, Android is Linux.
-
-
@TwelveBaud That looks like Agrajag, not MeeGo.
-
There exists a store with both brick-and-mortar and online shops. (I've never been to the brick-and-mortar store, even when I lived within ~1.5 hours of it, and it's now 1800 miles away, so shopping there is pretty much out of the question.) Let's call them WtfCo. I have been a customer since 2018.
In March of this year, they launched a new website; if one has not ordered from them in the last 7 months, one must create a new account.
Mildly annoying, but not really a WTF. I create a new account and log in. The new account does not provide any order history prior to March. Ok, it's a brand new account, even if I used the same username (email address). However,
So I attempt to log into the "Legacy Customer Account Center". "Your password has expired due to inactivity. Reset your password."
Note that the Legacy Customer Account Center is not WtfCo.com, as one might expect. It is numbers.app.netsuite.com. Generic Oracle NetSuite site, with minimal WtfCo branding. The reset password link goes to a page with no WtfCo branding at all.
I do the password reset song-and-dance. I go back to the previous tab and log in with the new password.
The Legacy Customer Account Center is still not WtfCo.com, but at least
numbers.app.netsuite.com now looks like it might legitimately be affiliated with WtfCo, maybe. It's full of useless NetSuite crap, but it's not too hard to find the link to show previous orders.It's still netsuite.com, but it has WtfCo branding and a list of my previous orders.
Yay! What did I order in 2020?
None of the 3 orders from 2020 can be displayed. Good job. The two from 2018 can be, though. Oracle.
-
Not quite sure where to put that, nor how much of a this really is, but it did make me go for a minute.
It all started with a wave of phishing seemingly coming from someone in the company. You know, "X has shared a document with you, click here to see it." Apparently it was annoying to enough people that corporate IT sent a "be careful, this attack is on going, don't click on the link." So far, so good.
Of course some people did click on the link, enough that we started getting a second wave of the same attack from a different name. Or at least I assume that's what happened. So corporate IT sent a second message. So far, not so good but sadly not surprising.
Then corporate IT decided (again, I assume) that this was going a bit too far and sent an email saying "we've forced a password reset for everybody" which I guess isn't a totally unreasonable reaction. The email said "if you're in the office, next time you log in you'll be prompted for a password change."
The bite here is that the email said "if you're not in the office, you have to click this link:
https://www.office.com
and change your password there." I mean, the email is (probably (*)) right, but following up on "don't click on external links in an internal email" by "click on this external link in an internal email" feels a bit weird.This is compounded by the "helpfulness"() of Outlook that replaces any link in an email by an unreadable character mash ("safelinks" etc.) so you can't check that the link goes where it says it does, you've got to trust Outlook on it.
(*) a side note is that this morning I logged onto the VPN from home without issues so until now I haven't had to reset my password. I guess it will prompt me tomorrow when I'll be in the office? Or maybe one day the VPN will suddenly stop working? Or maybe actually nothing at all will ever happen?
-
@remi bonus points if the mass email gets sent via so,e sending list service which doubly obfuscates the link.
-
@Arantor not quite that, but the email is sent from some sort of generic non-personal email address (within the company) that looks a bit weird in Outlook (it doesn't show the usual company-directory info when hovering, which makes sense but also makes it a bit weird). The list of recipients is also hidden, which again makes sense (and is the case for all company-wide communications), but again looks a bit weird.
I forgot to add (because I hadn't noticed) that the email contains two more links, one for "if you have problems create a ticket here" and the other for "detailed instructions on changing your password here." Both of them point to
atlassian.net
since our ticketing system is on Jira ().So not one of the links in the email is actually to within the company.
And then IT will wonder how people can so easily click on external links.
-
@remi Forward the email back to them asking if this is one of the phishing emails they're warning about — what with the external links and all.
-
@Watson the / general apathy/cynicism has since long won over my desire to stir shit and/or try and use irony as a teaching tool in the corporate ladder. Dunno if I should be proud or sad of that. Is my spirit-animal , or ?
Semi-related: the other day we had (yet another) (minor) reorg, my N+1 will now report to a different N+2. This was announced to my N+1's team by our N+... 3, 4 or 5, whatever. We were maybe 5 or 6 in the meeting so at the end the N+3 went round the table for our reactions, starting with me.
It caught me by surprise and I almost blurted out "you know, I've seen enough reorgs in my years here to not be fazed, because I know it won't change anything to my day-to-day job."
-
@remi your spirit animal is… (wheel spins)
As for N+, I used to be in a situation where I once sat and worked out that the CEO of our subsidiary was N+11 and the CEO of the overall corporation was N+17.
They’re gone now, thank $deity.
-
This is compounded by the "helpfulness"() of Outlook that replaces any link in an email by an unreadable character mash ("safelinks" etc.) so you can't check that the link goes where it says it does, you've got to trust Outlook on it.
Which is doubly funny since it obviously didn't protect anyone from the malicious link that started the whole thing.
I really hate that shit. Like...a cow-orker sends a link to Jira in Teams, and I have to wait 1d20 seconds for MS to decide that this actually internal link is safe.
-
@HardwareGeek said in WTF Bites:
None of the 3 orders from 2020 can be displayed. Good job. The two from 2018 can be, though. Oracle.
Partition tolerance?
Try a few hours later: it will be the other way round. Or an even funnier fuckup.
-
What do you think of COBOL and web applications? Yes, such a combination....:
https://jobs.heise.de/Job/Softwareentwickler-Online-Banking-Cobol-m-w-d.1280729345.html
-
@boomzilla said in WTF Bites:
Which is doubly funny since it obviously didn't protect anyone from the malicious link that started the whole thing.
TBF we don't know how the original hacking happened, it could be something else. Though the second wave very much looked like it was triggered by the first one.
But then I've got another question for IT, which is why didn't they just blacklist the offending link (or the whole domain, even as just a temporary measure)? As mentioned in my Help thread everything goes through Zscaler which is quite zealous about blocking random useful websites (like the day it randomly decided to block
https://qt.io
!), so for once it could have blocked a useless website...I really hate that shit. Like...a cow-orker sends a link to Jira in Teams, and I have to wait 1d20 seconds for MS to decide that this actually internal link is safe.
I see you've used the "internet literally" meaning here, since clearly none of those links (Teams, Jira) are going to be within your company.
In any case, the wait for the "safelink" is likely dwarfed by the wait for Teams, then for Jira, then for random network congestion.
Just get up and talk to your cow-orker!
-
Just get up and talk to your cow-orker!
I'm pretty sure that's how COVID started
-
I see you've used the "internet literally" meaning here, since clearly none of those links (Teams, Jira) are going to be within your company.
No, Jira is an internal link. We have an enterprise license and our instance is in one of our corporate data centers.
Just get up and talk to your cow-orker!
I'm not sure where he lives with more detail than the city.
In any case, the wait for the "safelink" is likely dwarfed by the wait for Teams, then for Jira, then for random network congestion.
Jira's not bad. Teams is random. Both are dwarfed by me ignoring the message.
-
@boomzilla said in WTF Bites:
I'm not sure where he lives with more detail than the city.
-
@BernieTheBernie said in WTF Bites:
What do you think of COBOL and web applications? Yes, such a combination....:
https://jobs.heise.de/Job/Softwareentwickler-Online-Banking-Cobol-m-w-d.1280729345.htmlLooks like the page is encrypted so I can’t comment on it.
-
@BernieTheBernie said in WTF Bites:
What do you think of COBOL and web applications? Yes, such a combination....:
https://jobs.heise.de/Job/Softwareentwickler-Online-Banking-Cobol-m-w-d.1280729345.htmlI worked on an online banking project where upper management couldn't understand why it was not done in COBOL. They would try doing it all in COBOL if the client didn't specifically request different technology.
Maybe same people are involved in this?
-
-
-
Looks horrible, thank you.
What else did you expect? It's COBOL.
-
@BernieTheBernie said in WTF Bites:
What do you think of COBOL and web applications? Yes, such a combination....:
https://jobs.heise.de/Job/Softwareentwickler-Online-Banking-Cobol-m-w-d.1280729345.htmlLooks like the page is encrypted so I can’t comment on it.
Writing in German does often look like encryption to me.
-
@remi Forward the email back to them asking if this is one of the phishing emails they're warning about — what with the external links and all.
No no no, you're supposed to click "report Phish!"
-
@boomzilla said in WTF Bites:
Jira's not bad.
Both are dwarfed by me ignoring the message.
would approve this but that would look too much like working...
-
@boomzilla said in WTF Bites:
"Jira's not bad."Possibly it only seems not bad compared to the efforts of the poor, small company behind Teams.
-
status: found an accidental tab hoarder.
This was after I found out the Totally Discoverable way to kill all tabs, having closed a few hundred by finger....
-
@Tsaukpaetra said in WTF Bites:
status: found an accidental tab hoarder.
This was after I found out the Totally Discoverable way to kill all tabs, having closed a few hundred by finger....
Bragging about fingering your tabs belongs
-
WTF ?
Time to update Xcode. 1G downloads and installs. I check the progress and the spinner is back at the beginning. Now it's downloading another 3.21G.
-
This is compounded by the "helpfulness"() of Outlook that replaces any link in an email by an unreadable character mash ("safelinks" etc.) so you can't check that the link goes where it says it does, you've got to trust Outlook on it.
WTF? Isn’t that the world upside-down? If I don’t trust that a link goes where it claims it does, I hover my mouse cursor over it so I can see in the tooltip where it really goes. And most certainly don’t click it if the two don’t match.
-
@Gurth Obviously the link is safe, it says so right in the url:
https://nam02.safelinks.protection.outlook.com/...
-
@BernieTheBernie said in WTF Bites:
What do you think of COBOL and web applications? Yes, such a combination....:
https://jobs.heise.de/Job/Softwareentwickler-Online-Banking-Cobol-m-w-d.1280729345.htmlIf you ever heard war stories from me about CentOS-4 boxes kept for years beyond EOL, backporting patches for exploits to unmaintained vendor packages and Java 1.4, they may or may not have had to do with a company in this ad.
-
This is compounded by the "helpfulness"() of Outlook that replaces any link in an email by an unreadable character mash ("safelinks" etc.) so you can't check that the link goes where it says it does, you've got to trust Outlook on it.
The other helpful part of that is that when the email is scanned by Exchange the Safelinks service actually loads the URL as it's rewriting the link to check that it's safe.
If you have a system that sends users an email with a link to a URL that only works once, then it's helpfully been visited before the user even sees the email and they get an error when they try.Thankfully it didn't take me long to work out what was happening and have the Exchange admins whitelist the domain from Safelinks' interference.
-
@loopback0 said in WTF Bites:
If you have a system that sends users an email with a link to a URL that only works once
To be fair, this means you don't ask the user for confirmation, which is an anti-pattern. But still.
-
@loopback0 said in WTF Bites:
URL that only works once
So if the network glitches while they are receiving the response, they are fucked?
-
@Zerosquare said in WTF Bites:
@loopback0 said in WTF Bites:
If you have a system that sends users an email with a link to a URL that only works once
To be fair, this means you don't ask the user for confirmation, which is an anti-pattern. But still.
It's COTS software so we have no control over that.
In both cases that Safelinks caused problems with, the user goes to the URL to (re)set their password. The link is expired when it's visited whether they actually set it or not.
So if the network glitches while they are receiving the response, they are fucked?
Presumably but they can just request another and the network probably doesn't glitch the next time. Safelinks' interference made it so they were fucked every time.
-
@loopback0 said in WTF Bites:
Safelinks' interference made it so they were fucked every time.
begins furiously sending as many password reset links through Safelinks as he can.
-
Time to update Xcode. 1G downloads and installs. I check the progress and the spinner is back at the beginning. Now it's downloading another 3.21G.
the first 1G was the updater updating itself
-
Modern cars
-
-
@TimeBandit
After 37 more minutes it'll be at 98% and then start "Attempt 2 of 2".