WTF Bites
-
-
@Watson 97% and then status: Download failed. Please reconnect to the network to resume the updates. (Vehicle should not be driven ...)
-
@Watson 97% and then status: Download failed. Please reconnect to the network to resume the updates. (Vehicle should not be driven ...)
Followed by:
ERROR: No network found!
-
@Watson 97% and then status: Download failed. Please reconnect to the network to resume the updates. (Vehicle should not be driven ...)
Followed by:
ERROR: No network found!LOW BATTERY
-
@TimeBandit At least with mine, updates are by USB memory stick.
-
Samsung pushed an update to my sisters tv last night. The tv stopped working afterwards and my sister had to switch it off and on herself to get it working.
-
WTF? Isn’t that the world upside-down? If I don’t trust that a link goes where it claims it does, I hover my mouse cursor over it so I can see in the tooltip where it really goes. And most certainly don’t click it if the two don’t match.
You're just not enough security-conscious. Isn't it obvious that
https://xxx.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.office.com%2F&data=05%7C01%7Cgabuzomeu%40foo.com%7Cc5bc9c082a5945149f5e05dbd3f1c6b4%7C307ea68275e64701a1146c42d9ff0d2a%7C0%7C0%7C638336807708340644%7CUnknown%7CTWFpbGZs5fd8eyJWghoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=mOUSEl83lDdj4xMU7U7SpZN%2BTQnD2H1UZ7yh948eFD4%3D&reserved=0is a very safe link to follow?Yes, this is (almost) the actual link in the email. I just obfuscated the couple of places where my email address was visible, and randomised a bit the random strings, in case they contain some usable information. The actual destination is still visible, since it's nothing more than
https://www.office.com.
-
@TimeBandit
I know ... what's up with those f*gly buttons?
-
-
-
Isn't it obvious that https://xxx.safelinks.protection.outlook.com/... is a very safe link to follow?
What is this shit even supposed to accomplish, other than training users to do the wrong thing?
If it can detect that the link is not safe, why doesn't it remove/disable it instead of making all supposedly safe and supposedly unsafe links go through some redirection?!
-
@topspin In web mail it is common to go through some redirect to make sure the target does not get any potentially sensitive information in referer – but that can be done with a simple prefix, so the original URL is still plainly visible, and it makes no sense in thick (desktop) mail client. Beyond that, no idea.
-
other than training users to do the wrong thing?
What is this shit even supposed to accomplish,
Channel all traffic through MS for "analysis?"
If it can detect that the link is not safe, why doesn't it remove/disable it instead of making all supposedly safe and supposedly unsafe links go through some redirection?!
(from here)
(also, for the lulz:
)
-
What is this shit even supposed to accomplish, other than training users to do the wrong thing?
I've asked the very same question.
The official answer is that it will check the link at "time of click" for "known malicious sites".
I hate that it mangles links beyond recognition, so you can't actually tell where something goes. The mangling persists across replies or forwards (even if they go outside of your little Microsoftiverse enclave), which is a major annoyance.
You can't disable it (AFAIK) without permission from the admins for the outlook. Our IT isn't about to give permission, so, essentially, it's always on.
I've considered writing some sort of user-side thing that demangles the links again, but
.Edit:
d by @remi.
-
Now I wonder, obviously the link in the phishing attack that triggered all this was not flagged by Outlook (which shows how useless the thing is but then again I can accept that there might be a tiny window of opportunity between a phishing site popping up and Outlook's database knowing it).
But!!
What if I click on that link now?
Is there any chance it would still let me go to the phishing page?
If I was a betting man I'd open a pool but that would also mean clicking on the link to check. Given my level of trust in corporate IT, my bet is that the link still works and I'd rather not get there, thank you very much.
(
maybe I can find a cow-orker who forgot to lock their computer and try it there?)
-
@remi Just fire up a virtual machine running windows xp, and open it there in internet explorer 6.
-
What is this shit even supposed to accomplish, other than training users to do the wrong thing?
I've asked the very same question.
The official answer is that it will check the link at "time of click" for "known malicious sites".
I hate that it mangles links beyond recognition, so you can't actually tell where something goes. The mangling persists across replies or forwards (even if they go outside of your little Microsoftiverse enclave), which is a major annoyance.
You can't disable it (AFAIK) without permission from the admins for the outlook. Our IT isn't about to give permission, so, essentially, it's always on.
I've considered writing some sort of user-side thing that demangles the links again, but
.Edit:
d by @remi.Looks like ours uses urldefense.com (and only on external emails), and that does leave the remote URL in readable format. Which is curious since we're also exchange based. So either they are routing email in through their own filters then back out into outlook.com, or they managed to switch to exchange 2 years ago and still get a physical deployment in our own network. In this outfit, neither would surprise me.
-
I've considered writing some sort of user-side thing that demangles the links again, but
.Edit:
d by @remi.cc: et al
If you're using an up to date version of Outlook (yeah, yeah,
) then you do get presented with the unmangled link on hover - the mouse-over tooltip that shows within Outlook shows the original link (and the mangled link shows up in the bottom of Outlook like it would in the whatever-they-call-it bar at the bottom of a web browser). OWA (at least in Chrome latest, I'm not going to bother checking every single possible browser/version combo) also behaves the same way.So basically, Microsoft has already provided a user-side thing that does demangle the links for you, you just need to not use Outlook 2007. And I can't blame them for saying that if you're
nerdysmart enough to use Thunderbird for your email then you're smart enough to decode safelinks yourself
-
If you're using an up to date version of Outlook (yeah, yeah,
) then you do get presented with the unmangled link on hover - the mouse-over tooltip that shows within Outlook shows the original link (and the mangled link shows up in the bottom of Outlook like it would in the whatever-they-call-it bar at the bottom of a web browser).That's true.
Still, the second part means there is one inconsistency in how the link looks like, and we've been trained to be wary of that. Also, copying the link and pasting it somewhere else will copy the mangled one. Which makes sense, but again makes the feature somewhat of a misfeature.
But I guess they opened this Pandora's box themselves when they decided to start "protecting" users and rewriting links in the first place.
-
Isn't it obvious that https://xxx.safelinks.protection.outlook.com/... is a very safe link to follow?
What is this shit even supposed to accomplish, other than training users to do the wrong thing?
Tracking clicks even when accessing mail outside Outlook. Same shit that Google does with search page (ever tried copying a link from Google search results?)
-
@izzion I'm actually more annoyed by the mangling whenever forwarding/replying to emails with links. It creates a bloody mess in the messages.
The other case is when copy-pasting links from emails somewhere else. Or opening them in a separate sandboxed browser instance or whatever.
The tooltip is ,,, meh. It makes things minimally less annoying.
Edit:
'd by @remi again. 
-
Edit:
'd by @remi again. Status:
https://xkcd.com/303/https://xxx.safelinks.protection.outlook.com/?url=https%3A%2F%2Fxkcd.com%2F303%2F&data=05%7C01%7Cgabuzomeu%40foo.com%7Cc5bc9c082a5945149f5e05dbd3f1c6b4%7C307ea68275e64701a1146c42d9ff0d2a%7C0%7C0%7C638336807708340644%7CUnknown%7CTWFpbGZs5fd8eyJWghoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=mOUSEl83lDdj4xMU7U7SpZN%2BTQnD2H1UZ7yh948eFD4%3D&reserved=0ETA: fixed link. Can't believe I missed that opportunity the first time.
-
-
Isn't it obvious that https://xxx.safelinks.protection.outlook.com/... is a very safe link to follow?
What is this shit even supposed to accomplish, other than training users to do the wrong thing?
Tracking clicks even when accessing mail outside Outlook. Same shit that Google does with search page (ever tried copying a link from Google search results?)
So bullshit not actually benefitting the user in the name of security. Just like google and 2FA.
-
in the whatever-they-call-it bar at the bottom of a web browser
... Status bar?
-
Isn't it obvious that https://xxx.safelinks.protection.outlook.com/... is a very safe link to follow?
What is this shit even supposed to accomplish, other than training users to do the wrong thing?
Tracking clicks even when accessing mail outside Outlook. Same shit that Google does with search page (ever tried copying a link from Google search results?)
So bullshit not actually benefitting the user in the name of security. Just like
googleeveryone and2FAeverything.I wanted to put
fa_wrenchhere but while typing it,
got suggested first and it's weirdly appropriate.
-
Manager has threatened to start tracking who's not returning to the office by using the badge reader data from the building entrance.
They don't care how long you stay, just that you entered the building every day.
So now I have to commute all the way here just to badge in and back out again.
-
@error that’s damned idiotic. I remember a manager who tried that back in the day to “prove” someone else on the team was never on time, and she believed in all sincerity that the system was inviolate.
I bet them that I could go two weeks without swiping in or out, just to prove the swiping was utterly useless, let alone proving promptness. And this was in 2007, I was in the office every day. If I could go the two weeks, she’d buy me lunch at any venue of my choice - and if I lost, I’d return the favour.
It’s not hard to tailgate literally every day to an office that only has one door, and any number of people who were more than happy to open the door for me.
Using it for proving presence is about as moronic, I wonder if you can claim overtime for it as a malicious compliance fee.
-
It’s not hard to tailgate literally every day to an office that only has one door, and any number of people who were more than happy to open the door for me.
Impossibru here. We have revolving "security doors" with pressure sensors that only allow one person per swipe. Though you could swipe your badge for someone else, it would really have to be a deliberate action.
overtime
[Laughs in salaried.]
-
-
you could swipe your badge for someone else, it would really have to be a deliberate action.
Arrange for one person to go to the office every day and take the badges of all those who CBA.
-
you could swipe your badge for someone else, it would really have to be a deliberate action.
Arrange for one person to go to the office every day and take the badges of all those who CBA.
Worked well for certain folks in college, I assume that as a life-training exercise that it is it would definitely apply here.
-
you could swipe your badge for someone else, it would really have to be a deliberate action.
Arrange for one person to go to the office every day and take the badges of all those who CBA.
Not a bad idea. The only outlay is renting a locker nearby to hold the badges and getting them all there just involves you all meeting for drinks.
-
@Gurth Well, in India, there are "jobs" for people who just queue up in long queues at some administrative offices. And then call the actual person for whom they stand in line at the correct moment, so that that person does not need to waste too much of his time.
Perhaps some places here in the West are doing the needful and learn from our great indian masters.
-
you could swipe your badge for someone else, it would really have to be a deliberate action.
Arrange for one person to go to the office every day and take the badges of all those who CBA.
Some college classes use "clickers" (short-range transmitters with like 4 buttons, registered to an individual) to do in-class quizzes, mostly for attendance purposes. Of course that means that one person takes the clickers of like 10 in and answers for all of them.
-
@BernieTheBernie said in WTF Bites:
@Gurth Well, in India, there are "jobs" for people who just queue up in long queues at some administrative offices. And then call the actual person for whom they stand in line at the correct moment, so that that person does not need to waste too much of his time.
Perhaps some places here in the West are doing the needful and learn from our great indian masters.A profession also known in communist era Poland: 'stacz' (stander? ).
-
@BernieTheBernie said in WTF Bites:
@Gurth Well, in India, there are "jobs" for people who just queue up in long queues at some administrative offices. And then call the actual person for whom they stand in line at the correct moment, so that that person does not need to waste too much of his time.
Perhaps some places here in the West are doing the needful and learn from our great indian masters.The correct implementation of Disney's FastPass would also work well.
-
Guys, I'm disappointed. All of these solutions are pretty low-tech.
I was expecting something more like "befriend IT by buying them a bottle of their favorite alcoholic beverage, get them to give you R/W access to the underlying database, simulate a badge read while lying in your bed at home".
-
@Zerosquare said in WTF Bites:
Guys, I'm disappointed. All of these solutions are pretty low-tech.
I was expecting something more like "befriend IT by buying them a bottle of their favorite alcoholic beverage, get them to give you R/W access to the underlying database, simulate a badge read while lying in your bed at home".
Related:
-
Comfortable boxer shorts, 95% off:
-
@Atazhaia is that 95% off referring to the material removed or the price?
-
@Arantor Yes.
-
-
@Zerosquare said in WTF Bites:
Guys, I'm disappointed. All of these solutions are pretty low-tech.
You've clearly never witnessed FastPass in action....
-
So this image has been doing the rounds on Twitter.
It's React, so JS land. JS has rediscovered mixing things-destined-for-frontend with things-on-backend for maximum doubleplus good.
In short, React is so fucking complicated this is a kneejerk reaction to it - and at the same time is amazingly unaware that this was rightfully mocked and shunned into obsolescence in the PHP world 20 years ago.
Mind you there are full time devs writing React who weren't fucking born when I was making these mistakes in PHP.
-
Come on. You've been in this industry too long not to notice that its favorite pastime is reinventing the wheel again and again.
-
@Zerosquare Sure, but it's like, could you just, for once, have a new problem that isn't some other language's brainfart, reheated?
Mind you I'm quietly glad because it's also unleashing a wave of people doing the 'I did PHP like this x years ago' thing and people are going and looking at PHP and seeing it as suddenly a language that's actually learned from its mistakes.
-
Or, for the more cynical: "You know it's not a new and radical idea when even the PHP guys tell you they figured that out long ago"
-
@Zerosquare pretty much, it's been amusing me most of the afternoon.
-
So this image has been doing the rounds on Twitter.
It's React, so JS land. JS has rediscovered mixing things-destined-for-frontend with things-on-backend for maximum doubleplus good.
In short, React is so fucking complicated this is a kneejerk reaction to it - and at the same time is amazingly unaware that this was rightfully mocked and shunned into obsolescence in the PHP world 20 years ago.
It doesn't work anywhere close to how PHP does. Rather it's much closer to how traditional desktop GUI libraries work:
- The
<button …>thing is not a HTML fragment, it is a funny syntax for something likeButton(…)ornew Button(…)and I believe the function being declared here is going to be called like<Bookmark slug=…>later. - It is indeed similar to how in a desktop GUI library you'd write something like
Bookmark::Bookmark(string slug) { button = new Button() button.formAction.connect(() => { … }) button.add(new BookmarkIcon()) this.add(button) } - While the
<button>almost certainly does actually generate a HTML element of the same name (I think it never serializes the HTML, it just builds it with DOM calls, but it's the element type), it is not necessarily given, and in any non-trivial project you are strongly advised to create components derived from the standard ones exactly so you can customize them independent of the logic. - The
formActionis a callback to invoke when the widget is clicked. There isn't much way around that. Here it is specified as an inline closure. In a non-trivial application it should probably be a function in a separate module instead, but for the language it's just a function either way, so they can do it inline here.
- The
