User Oblivion



  • I run an internal web app that authenticates users via client certificates. Every once in a while something will go awry and certain users will get a 403 error when they try to access the site. I found that if the user logs off of his/her computer and logs back on, the error goes away. After about 10 phone calls of "it won't work" (which we all know is a statement that is terribly condusive to debugging), I added a custom error page for 403 error. This page is plain white, with a centered div outlined in red. In the div are bold, black words which simply state:

     

    "There has been a problem with your certificates. Please log off of your computer and log back on. If the problem persists, call IT."

     

    That's it, three sentences. The rest of the page is totally blank. I figured this would mitigate a lot of phone calls. I was completely and devastatingly wrong. Since then I have had users call me, e-mail me, send me screenshots of the error, copy/paste the error into e-mails, and visit me desk-side about the error. Every time, I play the role of Indian Level 1 Helpdesk nug. The conversation goes like this:

     "Did you follow the instructions in the error message?"

    "What instructions?"

    Pause for huge, vacuum-inducing sigh. "The ones that say 'Log off and log back on, then try again.'"

    "Oh, I didn't see that. Should I try that first?"

    Pause again, this time wondering if being an overnight security guard in Antarctica would really be so bad. "Yes...." 



  • Most users don't read past the word "problem", maybe: "Please log off of your computer and log back on. If you've already done this, call IT for assistance" would work better.

    Of course tracking down the problem would be the ideal solution.



  • @dabean said:

    Most users don't read past the word "problem", maybe: "Please log off of your computer and log back on. If you've already done this, call IT for assistance" would work better.

    Of course tracking down the problem would be the ideal solution.

    I had thought of that, but then I would have the same people trapping me anyway and asking me why they had to log off/on of their computer.

     I work in a very strictly controlled Windows environment, the problem is caused by applications outside of my grasp.



  • @dabean said:

    Most users don't read past the word "problem", maybe: "Please log off of your computer and log back on. If you've already done this, call IT for assistance" would work better.

    Of course tracking down the problem would be the ideal solution.

    You said one of your users said "oh I didn't see that."

    I second this suggestion.  Put the first sentence at the end of the message.



  • Shorter sentences. 



  • Are your users running IE?  If so, just write an ActiveX plugin that reboots their computer on 403.

     

    Or, change the error to read:

    "You broke the Internet.  Please bring beer to the IT office so they can fix it.  Do not try to call them, you also broke the phones." 



  • You wrote it wrong

    In big red text:

    YOU MUST LOG OFF AND LOG BACK IN

    Then explain it in tiny 8 pt font:

    There has been a problem with your certificates. If logging off and logging back onto your computer does not resolve this please contact IT.

     



  • I've had a problem with my home computer's XP Professional installation. Once in a while no user could log in or switch to his session, other than the user who logged on last or had the session active last - said "Incorrect password". I suspected that was some overly intrusive crap like Epson printer driver that wanted to run a couple of services, or iTunes, which also has some shitty service running in background. A few iTunes revisions later, and a different printer, it seems that problem is gone.



  •  Obviously you needed to embed a "funny cats" MPEG instead of an error message. 



  • "If the problem persists, call IT at 7456." Have that setup for an automated message that repeats what you wrote, giving your real phone number. MIght just work because it saves the usershaving to look up your phone number, which means they might just read that part. ;-) Unless, of course, they have IT on speed-dial.



  • That's just how it is. Users are simple, scared, naive creatures. They believe that computers are out to get them, trying to trick them. That's not a joke, that really is how they are.

    At the first sign of anything they weren't expecting, their brains (or what passes for them at least) freeze up and their ability to comprehend even the most basic instructions is lost. You could have had the page show "RESTART YOUR COMPUTER NOW, YOU RETARD!!!" in giant red flashing red letters, and you'd still get calls saying "Duuuuh I got me um a lil messagey thingy on my tv screen, what me do now?"

    Oddly, the only time that these people follow anything they see on the computer is those scam "500 viruses and lots of porn detected on your computer!!! download this to delete it all!!!!" webpages that try to get you to load malware. Perhaps we should take a lead from those guys. Replace your error error message with this:

    "A TROJAN VIRUS IS INSTALLING CHILD PORN ONTO YOUR PC AND THEN CALLING THE POLICE! GO TO START>SHUTDOWN>RESTART TO SAVE YOURSELF FROM 15 YEARS OF SHARING A CELL WITH BIG BUBBA!"

    50 support calls/day > 5 support calls/day. Job done. 



  • "Reboot now - or bad things will happen to your pet kitten!"



  •  Could you have the custom 403 error page automatically log them out, or would that just cause even more problems?  



  • @PhillS said:

     Could you have the custom 403 error page automatically log them out, or would that just cause even more problems?  

    Please for the love of Bob, tell me that you were joking...


  • I kind of liked the idea to put a phone number connected to a message that states the same thing as the screen, but I would modify that:

    Make a .wav file that the error page automatically plays.  The .wav is simply a nice clear voice announcing the exact message that's displayed on the screen.  So many people can't seem to process the written word but they do process information aurally, so work with that and see if it helps.



  • @jetcitywoman said:

    I kind of liked the idea to put a phone number connected to a message that states the same thing as the screen, but I would modify that:

    Make a .wav file that the error page automatically plays.  The .wav is simply a nice clear voice announcing the exact message that's displayed on the screen.  So many people can't seem to process the written word but they do process information aurally, so work with that and see if it helps.

     

    And if they have their speakers turned down/off like most people in offices should? (If they are allowed to have speakers at all)



  • Then we use the PC speaker, ofcourse. That's what my BIOS always does.



  • @Faxmachinen said:

    Then we use the PC speaker, ofcourse. That's what my BIOS always does.

     

     You can't be serious, an auditory message coming from the system speaker? -10 points for you.



  • @morbiuswilters said:

    Are your users running IE?  If so, just write an ActiveX plugin that reboots their computer on 403.

     

     

    1) I can't force ActiveX plugins in my environment

    2) What happens when they lose all of their work because IE just rebooted the machine?

     

    I like your second option waaaaay better. 



  • @RayS said:

    "A TROJAN VIRUS IS INSTALLING CHILD PORN ONTO YOUR PC AND THEN CALLING THE POLICE! GO TO START>SHUTDOWN>RESTART TO SAVE YOURSELF FROM 15 YEARS OF SHARING A CELL WITH BIG BUBBA!"

     

     

    FUCKING EPIC. You sir, are a genius. 



  • Look up "PC Speaker Driver". I'm not sure if Microsoft updated it for this millenium, but it used to be possible on Windows (and indeed I installed this driver for Windows 3.1 once) and, as far as I can gather, is still possible for Linux etc. Said driver plays wave audio through the PC speaker; the results are not great, but sufficient for speech.

    However, I have no clue how the 403 page would install this driver ...



  • @mendel said:

    However, I have no clue how the 403 page would install this driver ...
    Make an MSI for the install, then get a GPO to apply through AD for applying the MSI.



  • @Lingerance said:

    @mendel said:
    However, I have no clue how the 403 page would install this driver ...
    Make an MSI for the install, then get a GPO to apply through AD for applying the MSI.
     

    The most amazing part is how people keep going with engineering a horrible idea... It is a self compounding WTF.



  • @MasterPlanSoftware said:

    The most amazing part is how people keep going with engineering a horrible idea... It is a self compounding WTF.
    He could use EtherKillers, but I don't think his boss would like that too much, what would you suggest?



  • @Lingerance said:

    what would you suggest?
     

    NOT having a website make sound OR rebooting the machine?



  •  And you complain when people take you seriously when you speak in jest? ;-)



  • Okay, how about this then:

    When the 403 page pops up, 500 volts are sent to the user's chair, a large steel hammer pops out from behind the monitor and slams down on their hands while a can of pepper spray pops out from the other side and spritzes them in the face?

    (Sorry, guess I have a little pent-up rage.) 



  • @Arenzael said:

    I run an internal web app that authenticates users via client certificates. Every once in a while something will go awry and certain users will get a 403 error when they try to access the site. I found that if the user logs off of his/her computer and logs back on, the error goes away. After about 10 phone calls of "it won't work" (which we all know is a statement that is terribly condusive to debugging), I added a custom error page for 403 error. This page is plain white, with a centered div outlined in red. In the div are bold, black words which simply state:

     

    "There has been a problem with your certificates. Please log off of your computer and log back on. If the problem persists, call IT."

     

    That's it, three sentences. The rest of the page is totally blank. I figured this would mitigate a lot of phone calls. I was completely and devastatingly wrong. Since then I have had users call me, e-mail me, send me screenshots of the error, copy/paste the error into e-mails, and visit me desk-side about the error. Every time, I play the role of Indian Level 1 Helpdesk nug. The conversation goes like this:

     "Did you follow the instructions in the error message?"

    "What instructions?"

    Pause for huge, vacuum-inducing sigh. "The ones that say 'Log off and log back on, then try again.'"

    "Oh, I didn't see that. Should I try that first?"

    Pause again, this time wondering if being an overnight security guard in Antarctica would really be so bad. "Yes...." 

     

     

    This is why I'm in school for a completely different career path far away from technology.  I have unfortunately expired all my patience for this shit.  I don't think I could handle answering calls for this for long. 



  • @Arenzael said:

    @Faxmachinen said:

    Then we use the PC speaker, ofcourse. That's what my BIOS always does.

     

     You can't be serious, an auditory message coming from the system speaker? -10 points for you.

     

     

    Yes, but +20 points if he can make the CD tray open instead! 



  • Got another idea :

    Put a big red button in the midle of the 403 page with the label "DO NOT PUSH!".

    Most of them are going to push it anyway and when they do, redirect to something technicall like : 

    "0xDEADFEED Serious segmentation fault

    CPU is overwhelmed. RAM is lonely. Help." 

    Afterwards they are going to think they broke something and they will not call the tech support, but restart the computer. 


    p.s. what is the opposite of serious segmentation fault ?



  • @Lysis said:

    Yes, but +20 points if he can make the CD tray open instead! 

     

    Piece of cake, all you need to do is send the proper parameters to DeviceIoControl



  • @Nelle said:

    p.s. what is the opposite of serious segmentation fault ?
     

    Rainbows raining kittens?



  • @RayS said:

    "A TROJAN VIRUS IS INSTALLING CHILD PORN ONTO YOUR PC AND THEN CALLING THE POLICE! GO TO START>SHUTDOWN>RESTART TO SAVE YOURSELF FROM 15 YEARS OF SHARING A CELL WITH BIG BUBBA!"

    After reading all of the suggestions, I think this is the best one. It also has to be in graphical format. Text, even big and red, still won't be read.



  • @Arenzael said:

    1) I can't force ActiveX plugins in my environment

    2) What happens when they lose all of their work because IE just rebooted the machine?

     

    I like your second option waaaaay better.

    Yeah, I thought the first was an obvious joke.  I'm surprised how serious everyone seems to be taking it, though.  Hell, I don't even know if you can reboot the machine through ActiveX.

     

    My suggestion is to simplify the error message.  Something like "Please close all open applications and reboot your computer to view this site.  If you are still unable to view the site after trying this, please contact IT.  We apologize for any inconvenience this may cause."  The problem with your original message is that it starts with "there has been a problem" proceeds to use the term "certificate", which most users aren't going to understand.  If they keep reading, you tell them to logout and log back in, which a lot of users may misinterpret to mean they should try closing IE and opening it again.  Then you finish with "if the problem persists", which will not be clear to a lot of users.  By breaking it down into simple steps, you make it easier for non-technical people to follow.  And I know they don't have to reboot to fix the problem, but users are clearer on the concept of rebooting than they are about logging in.  Part of this is the result of bad tech support which just says "reboot" to any tech problem and part of this is that the users probably "log in" to several applications but rebooting is clear an unambiguous.

     

    You might consider writing the list as a series of numbered steps.  People are naturally inclined to follow numbered directions and you should use that to your advantage.  By including the "sorry for any inconvenience" you put the users more naturally at ease and you are implicitly taking blame for the problem.  It sucks to take that on yourself, but users are more likely to listen to you if they think this is something you know about and are accepting blame for.  Otherwise, they will think they did something wrong and will keep trying to "fix" the problem before giving up and calling you.  I have a lot of experience writing "self-help" error messages and my advice is to always start with a command rather than stating "there has been a problem".  People are used to following instructions, especially at work, and the user already knows there has been a problem.  They probably think that it's somehow their fault and by stating "there has been a problem with the certificates" you are only reinforcing their fears that they have broken something they have no knowledge of (certificates).  This immediately puts them into a state of worry and means they are more likely to keep trying to solve the problem themselves.  Good luck. 



  • @AbbydonKrafts said:

    Text, even big and red, still won't be read.

    But what if it's blinking, scrolling and has excessive exclamation marks?



  • @Spectre said:

    But what if it's blinking, scrolling and has excessive exclamation marks?

    That might work because then it's almost like a graphic. I think a glitter graphic would be most effective, though.



  • @AbbydonKrafts said:

    @Spectre said:
    But what if it's blinking, scrolling and has excessive exclamation marks?

    That might work because then it's almost like a graphic. I think a glitter graphic would be most effective, though.

     




  •  @morbiuswilters said:

    @AbbydonKrafts said:

    @Spectre said:
    But what if it's blinking, scrolling and has excessive exclamation marks?

    That might work because then it's almost like a graphic. I think a glitter graphic would be most effective, though.

     


     

     

    AAAAAAAAAAAAAAHAHAHAHA!  OMG...HAHAHAHAHAHA

    Best...post...everrr.  I almost fell off my chair. 



  • @MasterPlanSoftware said:

    @Lingerance said:

    @mendel said:
    However, I have no clue how the 403 page would install this driver ...
    Make an MSI for the install, then get a GPO to apply through AD for applying the MSI.
     

    The most amazing part is how people keep going with engineering a horrible idea... It is a self compounding WTF.

     

    It would be probably easier at this point to dial the user's phone extension with a telephony card and scream the message to them.



  • @morbiuswilters said:

    ..sparkly stuff..

    ROFL!! There you go! What normal user can resist reading the whole message now?



  • @morbiuswilters said:

    @AbbydonKrafts said:

    @Spectre said:
    But what if it's blinking, scrolling and has excessive exclamation marks?

    That might work because then it's almost like a graphic. I think a glitter graphic would be most effective, though.

     


     

     

    Massive Respect !!

    Can I hire you to design some UI for my upcomming applications ? 


  • Garbage Person

    Can't you get your boss to hire some numpties from the local community college to run a tier-1 helpdesk? That way, the procedure will go something like this:

    1. User calls or visits Helldesk.
    2. Helldesk numpty calls or visits you.
    3. You explain to helldesk numpty.
    4. Any future repetitions can safely be accompanied by you berating the helldesk numpty for being an idiot and forgetting something so basic.

    In an organization of sufficient size to employ a tightly controlled environment should ever have users contacting anyone with any maintainence capabilities whatsoever. This helps prevent situations where a system goes down, and the person responsible for that system is continually interrupted by users telling him the system is down that downtime is prolonged.



  • @Nelle said:

    p.s. what is the opposite of serious segmentation fault ?
     

    Well, that would be properly set up segments and you really don't want to be told about it since every* memory access that the MMU handles goes through the segmentation table.**

     

    * possibly excluding anything in the cache/TLB 

    ** at least on x86 CPUs in 32-bit mode. I think they finally dumped the segment registers and always assume a linear address space in 64-bit mode. 



  • @Nandurius said:

    Well, that would be properly set up segments and you really don't want to be told about it since every* memory access that the MMU handles goes through the segmentation table.**

     

    * possibly excluding anything in the cache/TLB 

    ** at least on x86 CPUs in 32-bit mode. I think they finally dumped the segment registers and always assume a linear address space in 64-bit mode. 

    No modern x86 OSes use segmentation anyway.  The segment lookups are fast.  The TLB is only used for page lookups and is incredibly fast, which is why it's important to not destroy the usefulness of the cache with all-over memory access.  Yes, segmentation has been removed from x64 because nobody uses it.  Generally "segmentation fault" is used on UNIX systems to mean "invalid page access".  That is all. 



  • @morbiuswilters said:

    Yes, segmentation has been removed from x64 because nobody uses it.
    Wasn't that only on early Opterons and on Intel's EM64T CPUs? ISTR that VMWare uses segmentation for virtual machine isolation, and you can only emulate a 64bit guest on an AMD64 CPU that supports segmentation or on CPUs that have virtualisation extensions.



  • @ender said:

    Wasn't that only on early Opterons and on Intel's EM64T CPUs? ISTR that VMWare uses segmentation for virtual machine isolation, and you can only emulate a 64bit guest on an AMD64 CPU that supports segmentation or on CPUs that have virtualisation extensions.

    I wasn't aware of segmentation being added back into any x64 procs.   VMWare used segmentation and dynamic recomplication to do virtualization because older procs didn't support proper virtualization.  All modern procs from Intel and AMD support full virtualization, though, so this is no longer an issue.  That's probably why there was a short period where VMWare didn't work right in 64-bit mode: because AMD pulled support for segmenting when in 64-bit mode but no adequate virtualization mechanism existed in their designs..



  • The real wtf is in using something that relies on a "very strictly controlled Windows environment" to work without requiring your users to reboot. I believe it's time for one of your users to come down to IT support and give you a righteous beating for wasting their time on broken software.



  • @olsner said:

    The real wtf is in using something that relies on a "very strictly controlled Windows environment" to work without requiring your users to reboot. I believe it's time for one of your users to come down to IT support and give you a righteous beating for wasting their time on broken software.
    ???



  • @morbiuswilters said:

    VMWare used segmentation and dynamic recomplication to do virtualization because older procs didn't support proper virtualization.
    According to this document, VMWare still uses segmentation to virtualize 64 bit guests on AMD's CPUs (also, according to VirtualBox website, the virtualization extensions in CPUs are slow).@morbiuswilters said:
    All modern procs from Intel and AMD support full virtualization, though, so this is no longer an issue.
    Intel's low end CPUs (E4xxx etc.) don't support virtualization extensions, and I'm not sure if AMD's Semprons do it either.



  • @belgariontheking said:

    @olsner said:

    The real wtf is in using something that relies on a "very strictly controlled Windows environment" to work without requiring your users to reboot. I believe it's time for one of your users to come down to IT support and give you a righteous beating for wasting their time on broken software.
    ???

    Translation: Troll trolly troll, fanboy dur-mikrosoft-is-teh-bad troll trolly troll troll.

Log in to reply