Samsung's "Support" website



  • Okay, I like Samsungs. TV, multiple computers, phone. Great. Everything about them's been doing just fine. Except for a minor issue with a laptop, but they're fixing it. At least I assume they are. I just tried to check the support website and... must... not... murder...

    If you want the canary moment, here it is in PNG format:

    They must mean those OTHER 24 hours

    This was preceded by plenty of assurances that Live Chat is always available, 24/7.  I'm not sure which 24 and which 7 they mean.

    As for the website itself, there's just too much pain for me to give a shit about this late at night. Here's a link:

    Some beauties I'll give you right off the bat:

    1. Three instances of "my" in that hyperlink.  One should be enough to get the designer beaten back to 1999.
    2. .do as the page's extension.  That should get the same designer punched in the face back to 1995
    3. Instead of ending on MySamsung.html, it's a querystring parameter. Nothing good on the backend comes from the single "do all" page. I am glad I cannot see the codebase for this one.
    4. Once I log in, Firefox shows me nothing.  Even with NoScript, AdBlock and Ghostery disabled. The only fallback, use IE. =(
    5. IE shows me nothing-- because it's only by chance I notice at the bottom a Mixed Content Warning.  Wait, what?
    6. View Source -> The entire page is iFrames within iFrames.  And even though the outerpage is https, the inner pages are http. And since this isn't 2001 any, browers give a shit about security by default and don't show insecure iFrames on different domains like that!
    7. One of the iFrames is "my service requests", which contains the hyperlink to the Service Request page.  Actually, it contains a ticket number which is a hyperlink to a bit of javascript that changes the href to the service request page. That page is, of course, obfuscated by having the HTML start 10 lines down.
    8. After all this (and I've skipped over the part about creating an account which requires using drop downs that are styled light grey so it took me forever to realize they WEREN'T DISABLED!)-- the hyperlink doesn't work.

    Yup, straight up the hyperlink doesn't work. Oh, it opens a page, alright.  But it goes to a 404.  A fucking 404 with a mangled querystring.  Somehow, it URL encoded all the & and = in the querystring (like ticket_no%2012345 instead of ticket_no=12345).  So I fix the URL encoding, paste the link into a new window and-- 404.

    Oh, did I mention that the "thanks for submitting a service request" has a hyperlink to the same page-- which is also URL encoded, fucked up and ends in a 404?

    BONUS: Some of the iFrames go to pages that end with .jsp.  CAN YOU GUESS WHAT THE J STANDS FOR?

    DOUBLE BONUS: Their signout page clears a select few cookies CLIENT SIDE! With javascript!  Why set the cookies to expire=datetime.mindate() server side, when you can make the client do extra work that you hope you haven't fucked up!

    http://support-ca.samsung.com/cyber/mysamsung/signOut.jsp

    Jesus shit on a pogostick, I'm going to have to actually phone them tomorrow just to find out what the status of a service call is. Ah, nostalgia. It's just like I was living in a pre-Internet era. =(



  • @Lorne Kates said:

    This was preceded by plenty of assurances that Live Chat is always available, 24/7.  I'm not sure which 24 and which 7 they mean.

    Does it mean that Live Chat is available but all the Live Chatters are busy with other customers?



  • @Lorne Kates said:

    Yup, straight up the hyperlink doesn't work. Oh, it opens a page, alright.  But it goes to a 404.  A fucking 404 with a mangled querystring.  Somehow, it URL encoded all the & and = in the querystring (like ticket_no%2012345 instead of ticket_no=12345).  So I fix the URL encoding, paste the link into a new window and-- 404.

    = is %3D. As in "which letters/numbers can I put at the end of a long series of equals signs to make a phallus". If the query string had %20 as a separator, that's a whole different wtf.



  • @Lorne Kates said:

    DOUBLE BONUS: Their signout page clears a select few cookies CLIENT SIDE! With javascript!  Why set the cookies to expire=datetime.mindate() server side, when you can make the client do extra work that you hope you haven't fucked up!

    http://support-ca.samsung.com/cyber/mysamsung/signOut.jsp

     

    MySpace used to do something like this back in the day. Actually, I don't remember if they cleared them client-side or not, but the fact is that the only thing that was done at logout was clearing the client's session cookie.

    The actual server-side session itself was not invalidated until several hours/days of inactivity, a timeout which could trivially be defeated with auto-refresh. In a nutshell, this meant that if you could sneak onto someone's computer long enough to steal that cookie (a few seconds, with practice), you had access to their account forever! As there was no way to view or terminate other sessions, the victim would scratch their head while they futilely changed their password over and over..

     



  • @Lorne Kates said:

    https://www.samsung.com/ca/mysamsung/main/myssMain.do?page=MY.SAMSUNG
    That page greets me with "ReferenceError: Security error: attempted to write protected variable" in a popup.



  • @Ben L. said:

    = is %3D.
     

    You're right, I was typing from memory.

    @Ben L. said:

    As in "which letters/numbers can I put at the end of a long series of equals signs to make a phallus"

    .... and now I will never forget. :|

     



  • @RTapeLoadingError said:

    @Lorne Kates said:
    This was preceded by plenty of assurances that Live Chat is always available, 24/7.  I'm not sure which 24 and which 7 they mean.
    Does it mean that Live Chat is available but all the Live Chatters are busy with other customers?
     

    Possibly, but at that point in the processes all my fucks had been given.  And if they were, I'd expect a message like "All of our agents are currently busy. The expected wait time is [x] minutes.  Click Here to enter the wait queue".  Y'know, like every other Live Chat in the entire known and unknown Universes use.

     



  • @Lorne Kates said:

    @Ben L. said:

    = is %3D.
     

    You're right, I was typing from memory.

    @Ben L. said:

    As in "which letters/numbers can I put at the end of a long series of equals signs to make a phallus"

    .... and now I will never forget Ben's penis. :|

     

    PTFY

     


  • Winner of the 2016 Presidential Election

    @El_Heffe said:

    @Lorne Kates said:

    @Ben L. said:

    = is %3D.
     

    You're right, I was typing from memory.

    @Ben L. said:

    As in "which letters/numbers can I put at the end of a long series of equals signs to make a phallus"

    .... and now I will never forget Ben's penis. :|

     

    PTFY

     


    Shown actual size.



  • This is about the quality of everything Samsung makes, which is why I don't buy their crap anymore.



  • @lolwtf said:

    This is about the quality of everything Samsung makes, which is why I don't buy their crap anymore.

    That's because their assembly lines used to be powered by north korean slaves but following the death of the previous Eternal General Secretary of the Workers' Party and the raise of the new Eternal General Secretary of the Workers' Party (which is less business-minded and more nuke-driven) they had to start renting chinese prisoners and those are a bunch of slackers.



  • Their download pages for laptops and such is just as bad... the only filtering is by language, not by OS or by driver kind, and even then the only language is generally MULTI-LANGUAGE. You can only download three things at a time, and for some reason a number of models have the same driver with the same version repeated several times for the same model.

    This of course makes for a fun time when trying to download all the drivers needed for a Windows 7 downgrade on one of their machines - if it were Lenovo or Dell, or hell, even HP, I'd have them down in half an hour, tops; this took over an hour.



  • Seriously, what did you expect? These are the same jokers who decided that they can't write a driver for their smartphone's camera without making a world-accessible copy of /dev/mem. And they baked this behavior into the kernel because it's so damn important that every process in the system can shit all over every other process right from the get-go.

    After having witnessed the competence of their developers firsthand I'm surprised that their website uses HTML instead of using ActiveX to attempt to directly access your GPU.



  • @j6cubic said:

    After having witnessed the competence of their developers firsthand I'm surprised that their website uses HTML instead of using ActiveX to attempt to directly access your GPU.

    Be patient, they are working on this using HTML5.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.