Help me find the wtf's ?



  • I was recently asked what was wrong with the following coding paradigm. Does anyone else have an opinion on the subject. This is for a company's personal website having to do with HR/Finical information.

    Instead of alterting a user via email asking them to log into a website then collecting some piece of information (a step in a workflow). A developer suggested that we email the user a webpage form have them fill out the fields then click submit. The submit is directed to a website.

    Beside the obvious security errors here, what else is wrong with this idea?



  • @asdf323 said:

    A developer suggested that we email the user a webpage form have them fill out the fields then click submit.

    Most email clients don't support forms.


  • Trolleybus Mechanic

    @Ben L. said:

    @asdf323 said:
    A developer suggested that we email the user a webpage form have them fill out the fields then click submit.

    Most email clients don't support forms.

     

    Think outside the box, Ben.

    "This site requires Internet Explorer 4.0 and Outlook Express"

    SOLVED!



  •  "Fortunatly" we use Lotus Notes.

    For those of you that have never heard of Lotus Notes, it's like Email but with the UI experiance similar to having lemon juice poured in your eyeballs. Both the most recent client and webpage front end support forms. Ironically Lotus has the same concept of emailed forms but this feature is terrible and broken. The Lotus Notes emailed forms at least implements securty (disables forwarding of emails, and has some sort of expiration thing *I think*).



  •  If your using Notes, wasn't it made for doing form based workflows?  It almost seems like the email part was an afterthought.



  • @Ben L. said:

    @asdf323 said:
    A developer suggested that we email the user a webpage form have them fill out the fields then click submit.

    Most email clients don't support forms.

    Not to mention the code to validate the form, unless you want to send a new email every time you reject a filled-out form.


  • Discourse touched me in a no-no place

    @asdf323 said:

     "Fortunatly" we use Lotus Notes.
    Wouldn't it be more relevant to consider what the recipients might be using to read their emails?



  • @asdf323 said:

     "Fortunatly" we use Lotus Notes.

    For those of you that have never heard of Lotus Notes, it's like Email but with the UI experiance similar to having lemon juice poured in your eyeballs.

    Paging blakeyrat...



  • @asdf323 said:

    For those of you that have never heard of Lotus Notes, it's like Email but with the UI experiance similar to having lemon juice poured in your eyeballs.

    Now, now, now, having lemon juice poured in your eyeballs isn't [b]nearly[/b] as bad as using Lotus Notes.



  • @Ben L. said:

    @asdf323 said:
    A developer suggested that we email the user a webpage form have them fill out the fields then click submit.

    Most email clients don't support forms.

    PDFs do, though...

    @asdf323 said:
    "Fortunatly" we use Lotus Notes.

    I found TRWTF.

    @asdf323 said:
    Beside the obvious security errors here, what else is wrong with this idea?

    Everything. The fact that it's even possible. The fact that anyone ever thought that it's a perfectly good idea which should be supported in e-mail clients.


  • Discourse touched me in a no-no place

    @anotherusername said:

    @Ben L. said:
    @asdf323 said:
    A developer suggested that we email the user a webpage form have them fill out the fields then click submit.

    Most email clients don't support forms.

    PDFs do, though...

    ISTR that support in 3rd party PDF software for forms is even worse than the email clients given in the previous link.



  • Ok, I know you said

    @asdf323 said:

    Beside the obvious security errors

    But I can't help myself. This: 

    @asdf323 said:

    ... email the user a webpage form ...

    Is a really bad idea. 99.999% of emailed webpage forms are phishing attempts. If you start conditioning your users otherwise, they'll believe those emails from WallsFergo are legit, and then they'll use the attached html form to reset their password. Who knows, one of those users might be in the accounting department, and bye-bye corporate funds.



  • @PJH said:

    @anotherusername said:
    @Ben L. said:
    @asdf323 said:
    A developer suggested that we email the user a webpage form have them fill out the fields then click submit.

    Most email clients don't support forms.

    PDFs do, though...

    ISTR that support in 3rd party PDF software for forms is even worse than the email clients given in the previous link.


  • Discourse touched me in a no-no place

    @anotherusername said:

    @PJH said:
    @anotherusername said:
    @Ben L. said:
    @asdf323 said:
    A developer suggested that we email the user a webpage form have them fill out the fields then click submit.

    Most email clients don't support forms.

    PDFs do, though...

    ISTR that support in 3rd party PDF software for forms is even worse than the email clients given in the previous link.
    Nope. Not on Linux (at least not last time I checked.) And which part of '3rd party' did you miss?



  • @RobFreundlich said:

    @asdf323 said:
    For those of you that have never heard of Lotus Notes, it's like Email but with the UI experiance similar to having lemon juice poured in your eyeballs.

    Now, now, now, having lemon juice poured in your eyeballs isn't nearly as bad as using Lotus Notes.

    Using Lotus Notes



  • @asdf323 said:

    Does anyone else have an opinion on the subject.

    I have an opinion on ending questions with periods.



  • @PJH said:

    @anotherusername said:
    @PJH said:
    @anotherusername said:
    @Ben L. said:
    @asdf323 said:
    A developer suggested that we email the user a webpage form have them fill out the fields then click submit.

    Most email clients don't support forms.

    PDFs do, though...

    ISTR that support in 3rd party PDF software for forms is even worse than the email clients given in the previous link.
    Nope. Not on Linux (at least not last time I checked.) And which part of '3rd party' did you miss?
    I missed the part where he's a hobbyist dicking around with Linux and opening work-related PDFs with non-supported PDF readers and expecting them to work perfectly, all the time.



  • @El_Heffe said:

    @RobFreundlich said:

    @asdf323 said:
    For those of you that have never heard of Lotus Notes, it's like Email but with the UI experiance similar to having lemon juice poured in your eyeballs.

    Now, now, now, having lemon juice poured in your eyeballs isn't nearly as bad as using Lotus Notes.

    Imagine a giant cock flying towards your mouth, and there's nothing you can do about it. And you're like "Oh man, I'm gonna have to suck this thing", and you brace yourself to suck this giant cock. But then, at the last moment, it changes trajectory and hits you in the eye. You think to yourself "Well, at least I got that out of the way", but then the giant cock rears back and stabs your eye again, and again, and again. Eventually, this giant cock is penetrating your gray matter, and you begin to lose control over your motor skills. That's when the giant cock slaps you across the cheek, causing you to fall out of your chair. Unable to move and at your most vulnerable, the giant cock finally lodges itself in your anus, where it rests uncomfortable for 4, maybe 5 hours. That's what using Lotus Notes is like.

    Nah, Lotus Notes is worse.



  • @Ben L. said:

    @El_Heffe said:
    Imagine a giant ...

    Nah, Lotus Notes is worse.
    I think maybe El_Heffe put that on pastebin, instead of inlining the text here, for a reason. Thank you so much for making this thread NSFW.



  •  Oh perfect. A fake email directs user to click a button (not a link) where they are asked to log into a website. The website would have asked the user to login anyway. (So why send an email in the first place, just send the link). 3rd party grabs password..



  • @PJH said:

    @asdf323 said:
     "Fortunatly" we use Lotus Notes.
    Wouldn't it be more relevant to consider what the recipients might be using to read their emails?
    Only if you didn't read the part where he said it was for HR and financial information on the company intranet.


  • BINNED

    @HardwareGeek said:

    I think maybe El_Heffe put that on pastebin, instead of inlining the text here, for a reason. Thank you so much for making this thread NSFL.
    FTFY


  • Trolleybus Mechanic

    @HardwareGeek said:

    @Ben L. said:
    @El_Heffe said:
    Imagine a giant ...
    Nah, Lotus Notes is worse.
    I think maybe El_Heffe put that on pastebin, instead of inlining the text here, for a reason. Thank you so much for making this thread NSFW.
     

    You HAVE read this forum before, right?



  • @Lorne Kates said:

    You HAVE read this forum before, right?
    Certainly, but that was over-the-top, even for the Side Bar.


  • Trolleybus Mechanic

    @HardwareGeek said:

    @Lorne Kates said:
    You HAVE read this forum before, right?
    Certainly, but that was over-the-top, even for the Side Bar.
     

    You HAVE read the Side Bar before, right?



  • @Lorne Kates said:

    @HardwareGeek said:

    @Lorne Kates said:
    You HAVE read this forum before, right?
    Certainly, but that was over-the-top, even for the Side Bar.
    You HAVE read the Side Bar before, right?

    Of course. As offensive as the Side Bar can be on occasion, that was the most vulgar, sexually explicit comment I can remember reading on here, by a pretty wide margin. I'd really rather not have that text being read by my employer's web proxy every time I read a new comment in this thread.


  • ♿ (Parody)

    @HardwareGeek said:

    Of course. As offensive as the Side Bar can be on occasion, that was the most vulgar, sexually explicit comment I can remember reading on here, by a pretty wide margin. I'd really rather not have that text being read by my employer's web proxy every time I read a new comment in this thread.

    Just don't go back and read threads where Morbiuswilters was active. He popped into the Discourse thread, and he could get bored at work any time and be back here.



  • @HardwareGeek said:

    @Lorne Kates said:

    @HardwareGeek said:

    @Lorne Kates said:
    You HAVE read this forum before, right?
    Certainly, but that was over-the-top, even for the Side Bar.
    You HAVE read the Side Bar before, right?

    Of course. As offensive as the Side Bar can be on occasion, that was the most vulgar, sexually explicit comment I can remember reading on here, by a pretty wide margin. I'd really rather not have that text being read by my employer's web proxy every time I read a new comment in this thread.
    I only pop back into a thread when I feel like replying. I read all the new posts in my e-mail. I don't think I'm missing much.



  • @HardwareGeek said:

    As offensive as the Side Bar can be on occasion, that was the most vulgar, sexually explicit comment I can remember reading on here, by a pretty wide margin.
     

    Dude. It was not even close to being the most anything on this forum. It's okay, but a little lackluster.

     


  • Discourse touched me in a no-no place

    @anotherusername said:

    I only pop back into a thread when I feel like replying. I read all the new posts in my e-mail. I don't think I'm missing much.
    Except the tags when they're (ab)used. But then I'm simply repeating what you said...



  • @PJH said:

    @anotherusername said:
    I only pop back into a thread when I feel like replying. I read all the new posts in my e-mail. I don't think I'm missing much.
    Except the tags when they're (ab)used. But then I'm simply repeating what you said...
    And what if someone edits after posting? You'll miss the edits.  (Unless you're mod, I'm guessing?)


  • Discourse touched me in a no-no place

    @Zecc said:

    And what if someone edits after posting? You'll miss the edits.  (Unless you're mod, I'm guessing?)
    Edits generally don't add much either I find. Either the edit has happened by the time I feel the need to respond to a post, only to find the edit has rendered the point I was about to make redundant so don't post anyway, or the edit appears in a subsequent post by another poster.



    Mods don't get edits emailed out any more than non-mods do; however if an edit is mod-attention worthy, then there are sufficient people reading via the website for at least one to report it.



  • Well then, they're missing out on all the cool avatars and signatures!

     

     

    ...Yeah, I've got nothing.


  • Trolleybus Mechanic

    @Zecc said:

    Well then, they're missing out on all the cool avatars and signatures!
     

    TODO: Write Greasemonkey script that looks up forum post, retrieves avatars, puts them in email.

    TODO 2:  Set greasemoney script to autoupdate, for user convenience

    TODO 3: Change grasemonkey script to randomly shuffle avatars + usernames (feature max due date March 31st, 2014)

     



  • @Lorne Kates said:

    @Zecc said:

    Well then, they're missing out on all the cool avatars and signatures!
     

    TODO: Write Greasemonkey script that looks up forum post, retrieves avatars, puts them in email.

    TODO 2:  Set greasemoney script to autoupdate, for user convenience

    TODO 3: Change grasemonkey script to randomly shuffle avatars + usernames (feature max due date March 31st, 2014)

    What about the users that have the default avatars? Those avatars aren't delivering any value. Could they be replaced by some popular websites in a given geographic location, or some sponsored content from hand-picked partners to help support our pursuit of our mission?



  • @RTapeLoadingError said:

    What about the users that have the default avatars? Those avatars aren't delivering any value. Could they be replaced by some popular websites in a given geographic location, or some sponsored content from hand-picked partners to help support our pursuit of our mission?



    I know you're being facetious here, but I actually think that might be a really good source of increased monetization for cash-strapped websites. Especially if a cut of the ad revenue goes to the poster themselves.

    I could certainly see ad networks paying say a tenth of a cent per post for the avatar of posters with a high reputation on sites with a massive viewership. Kind of like companies paying to sponsor a nascar team.

    Hmm, I should write this up and see if it gets any traction.

     



  • @Snooder said:

    @RTapeLoadingError said:

    What about the users that have the default avatars? Those avatars aren't delivering any value. Could they be replaced by some popular websites in a given geographic location, or some sponsored content from hand-picked partners to help support our pursuit of our mission?



    I know you're being facetious here, but I actually think that might be a really good source of increased monetization for cash-strapped websites. Especially if a cut of the ad revenue goes to the poster themselves.

    I could certainly see ad networks paying say a tenth of a cent per post for the avatar of posters with a high reputation on sites with a massive viewership. Kind of like companies paying to sponsor a nascar team.

    Hmm, I should write this up and see if it gets any traction.

     

    Now I know how Mikhail Kalashnikov felt

    Also - they need to be call Advatars



  • @RTapeLoadingError said:

    Now I know how Mikhail Kalashnikov felt

    Also - they need to be call Advatars



    Most likely it'll be a short lived phenomenon, and only really useful for a very small subset of websites. But it'll be fun to see if money can be made on the initial bubble.

    Think of the possibilities. First one website does it, and makes money. Then you have tons of imitators. Then you have a CMS setup to facilitate the conversion of older sites to this new-fangled shit. Then traditional media tries to get a cut of the action by using it for posts by journalists. Finally you'll have the backlash and start seeing "Ad-Block" style browser scripts and extensions to cover up any avatar coming from the adnetworks. If I was less lazy, I could really get something going.

     



  • You say that like Adblock wouldn't block them from the start due to the source being ad networks.


  • Trolleybus Mechanic

    @DescentJS said:

    You say that like Adblock wouldn't block them from the start due to the source being ad networks.
     

    I don't know if they will. AdBlock works by blocking elements in an HTML page's DOM.  I don't know if it has hooks into whatever "user-centric content delivery" sluice they're engineering. RequestPolicy might work, since it stops the HTTP Request itself.  Don't exactly know enough about the inner-muckings to say.

    BUT-- a brand new fresh install of Firefox won't have those plugins yet.  And a just-updated FF might not have those ad servers blocked yet.

    Of course, the real answer is Tools -> Options -> Advanced Options -> Update -> (x) Never Update...

    Since Mozilla has proven time and time again they can't be trusted to update the browser's core without fucking up the presentation layer.



  • @Lorne Kates said:

    @DescentJS said:

    You say that like Adblock wouldn't block them from the start due to the source being ad networks.
     

    I don't know if they will. AdBlock works by blocking elements in an HTML page's DOM.  I don't know if it has hooks into whatever "user-centric content delivery" sluice they're engineering. RequestPolicy might work, since it stops the HTTP Request itself.  Don't exactly know enough about the inner-muckings to say.

    BUT-- a brand new fresh install of Firefox won't have those plugins yet.  And a just-updated FF might not have those ad servers blocked yet.

    Of course, the real answer is Tools -> Options -> Advanced Options -> Update -> (x) Never Update...

    Since Mozilla has proven time and time again they can't be trusted to update the browser's core without fucking up the presentation layer.


    But they're not "ads" in the traditional sense. They don't go through an advertisement-specific server. It's just Mozilla defaulting your bookmarks to, say, CNN, Yahoo, and FSF. You can't block that once it's happened without blocking users from actually bookmarking those sites.



  •  Won't be long before they kill the.newtab option.


  • Trolleybus Mechanic

    @Ben L. said:

    But they're not "ads" in the traditional sense. They don't go through an advertisement-specific server. It's just Mozilla defaulting your bookmarks to, say, CNN, Yahoo, and FSF. You can't block that once it's happened without blocking users from actually bookmarking those sites.
     

    Bookmarks aren't a "user-centric" experience, and will be dropped from the next version of Firefox. Just because every single web-browser since EVER has used bookmarks doesn't mean it should be in the next version JUST BECAUSE! Stop bitching about features, NEW NEW NEW IS THE BEST!

    (On a less aneurysm note... you know these "tiles" will quickly start displaying content. Then animated content. Then become "live" tiles...")



  • @Lorne Kates said:

    @Ben L. said:

    But they're not "ads" in the traditional sense. They don't go through an advertisement-specific server. It's just Mozilla defaulting your bookmarks to, say, CNN, Yahoo, and FSF. You can't block that once it's happened without blocking users from actually bookmarking those sites.
     

    Bookmarks aren't a "user-centric" experience, and will be dropped from the next version of Firefox. Just because every single web-browser since EVER has used bookmarks doesn't mean it should be in the next version JUST BECAUSE! Stop bitching about features, NEW NEW NEW IS THE BEST!

    (On a less aneurysm note... you know these "tiles" will quickly start displaying content. Then animated content. Then become "live" tiles...")

    @THE FUTURE said:

    Mozilla has chosen to replace bookmarks, which require the user to find a website and click a button, with supercoolawesome-marks, which allow the user to visit sites more easily and make Mozilla some advertising revi---I mean improve user experience.


Log in to reply