@Jaloopa said in Enlightened:
tracking things is how you improve them
@Jaloopa said in Enlightened:
tracking things is how you improve them
The problem is using the framework in the first place
Ember was named after the dull red glow that's all that remains of your phone battery after using it for five minutes.
Wow. Just wow.
Maybe Carsten's paymaster just finished working out how many billable hours it took him to compose that opus.
@Gurth said in What is the deal with "Your ____ ran into a problem"?:
What’s wrong with something like, “Your PC ran into a problem and needs to restart. This will happen automatically in a few moments.”?
Not aggressive enough.
"You touched something, didn't you. We warned you not to do that. Over and over, we warned you. But you did it anyway, and now you've broken it. We'll try to fix it for you but we're making no promises. What you have to do now is SIT THERE AND KEEP YOUR HANDS TO YOURSELF while we try to figure out how much permanent damage you've done.
"By the way, we're going to restart your PC, which will probably mean tying it up for two hours while we install updates afterwards. No, you can't go get a coffee. Sit down and shut up and maybe you'll finally learn something."
I've recently decided to become a financial adult and actually invest in a few things instead of leaving all my savings lounging about lazily in scruffy low-interest accounts. And that means I've started dealing with share registries.
Oh. My. Fn. God. And I thought banks were bad. Who is responsible for this crap?
To get past that login page, the only secret I need to know is a Holder Identification Number or HIN. That's a number issued to me by my broker. It seems to function as a combined username and password. It's the same for all the stocks I've bought via that broker, even those registered with registries other than the one I'm dealing with here. If it leaks, I have no way of changing it.
And that "security code"? Nothing to do with website security. All that is, is the stock exchange codename for one of the stocks I own. That control is a dropdown list of all the stocks registered with this registry. Any one I own will work.
Bam. Logged in.
Now I want to update bank account details and my tax file number, so my dividends will get paid to me without ridiculous amounts of withholding tax deducted. So I click Update Details, and get this:
Not too much there. Click TFN/ABN Update:
They want a PIN. I don't have a PIN. Let's get one. Click "Issue a PIN":
Oh for 's sake.
s in this dialog:
After "shortly" has been more than two days, I log in again with my sooper seekrit HIN and send off a complaint via the contact form:
First Name*
Myname
Surname*
MySurname
Email*
identifier@provider.tld
Telephone
Comments*
I have been trying to get a PIN issued so I can update my tax file number,
but nothing comes through to my inbox.
Method of Contact*
Email
And they send an email that reads
Dear Myname,
Please provide the full name and address on the holding or the HIN/SRN,
for me to locate and advise.
Thanks & Kind Regards
Helpdesk Person
(snip massive disclaimer footer)
I was logged on when I used that contact form, but it apparently doesn't pass along the details that stare me in the face on every other page of the site. OK, whatever. Fukkit. Let's send everything sufficient to impersonate me on their stupid site over unsecured email to somebody I've never met.
Name: Myname Middlename Surname
Address: My address
HIN: My sooper seekrit HIN
Holdings are CODE and CODE
And back comes the astonishingly helpful reply:
Dear Myname,
Please note that we do not have any email address recorded for your
holdings under that HIN. Kindly login again and click on issue a PIN
and follow the prompts.
To update your TFN only, you can email the number to our office and
we can update it for you.
Kind Regards
Helpdesk Person
TFN (tax file number) is a government-issued quasi-secret as well; sending that off in an email is a breach too far. Let's stick with the idiotic "Issue a PIN" dance...
That's exactly what I'd already done, twice, before contacting you via
the form. Why should it work any differently this time?
Also, how is logging onto your web site, which requires only information
I've already sent you from this email address, any more secure than you
just issuing the PIN from your end?
I'll do it again all the same.
Done (see attached screenshots). As expected, still no PIN in my inbox.
No PIN in my Spam folder either.
And back it comes:
Hi Myname,
I am not sure too.
However, will ask the IT team here to reset your PIN settings.
Kindly login tomorrow to issue a new PIN.
Kind Regards
Helpdesk Person
Now, I'm pretty sure I know what's going to be the problem here. It's going to be the answers to my security questions. I used the same pattern for those I always use - a base of five groups of five lowercase letters randomly generated by KeePass, followed by the last word of the question to make the answers unique.
Given how utterly shit-grade the entire design of this farcical excuse for a website obviously is, I'd bet money that the answers to the security questions have a length limit that the frontend doesn't validate, and that the backend silently truncates them and then silently fails when both questions have identical answers.
Let's see how long it takes these clowns to sort this out. I'm not holding my breath.
The next speakers were Bobby and Jane Mann.Jane Mann said she is a local native and is concerned about the plants that make the community beautiful.
She is a retired Northampton science teacher and is concerned that photosynthesis, which depends upon sunlight, would not happen and would keep the plants from growing. She said she has observed areas near solar panels where the plants are brown and dead because they did not get enough sunlight.
She also questioned the high number of cancer deaths in the area, saying no one could tell her that solar panels didn’t cause cancer.
“I want to know what’s going to happen,” she said. “I want information. Enough is enough. I don’t see the profit for the town.
“People come with hidden agendas,” she said. “Until we can find if anything is going to damage this community, we shouldn’t sign any paper.”
Bobby Mann said he watched communities dry up when I-95 came along and warned that would happen to Woodland because of the solar farms.
“You’re killing your town,” he said. “All the young people are going to move out.”
He said the solar farms would suck up all the energy from the sun and businesses would not come to Woodland.
@Salamander said in I'm getting tired of this npm shit:
whatever 'ramda' is
lambda with a speech impediment?
Maciej Ceglowski in top form.
Gone is the gimmicky TouchBar, gone are the four USB-C ports that forced power users to carry a suitcase full of dongles. In their place we get a cornucopia of developer-friendly ports: two USB 3.0 and Thunderbolt 2 ports, a redesigned power connector, and a long-awaited HDMI port.
...
What hasn't changed: Apple has kept the beautiful Retina display, and storage and memory are the same as before. The new machines will be slightly thicker (to accomodate the USB ports) and 200 grams heavier, but it's not clear how this will affect battery life.
...
The most obvious change is the redesigned keyboard. Removing the Touchbar creates room for a row of physical function buttons and, in a nice touch, an escape key. This isn't a perfect solution: the function buttons map to a confusing series of actions that can send windows flying around the screen with an errant keystroke, and the new physical off switch is too close to the backspace key. But it is certainly a huge step forward, and it will be interesting to see how software developers take advantage of this clever new feature.Everything about the new machine seems designed for typists. The trackpad has been made smaller, so you're less likely to brush against it with your palm. The keys themselves are much more comfortable to type on, with improved key travel, a softer feel, and more satisfying tactile feedback. You no longer feel like you're tapping on the glass surface of an iPad. And not having a TouchBar means no longer having to look down at your hands all the time.
Despite the many improvements, Apple is actually dropping the price on its flagship 15" MacBook Pro by $400, another sign that they're serious about winning over developers.
Benjamin Button explained for those unaware of the reference.
It's census night here in Oz. Time to try out the online census form that the Australian Bureau of Statistics has been at pains to convince as many people as possible to use this year instead of filling in the paper form.
So can http://www.census.abs.gov.au/ handle the load it should have been designed to expect?
Can it fuck. Right now it's got cooties that make look reliable.
You'd think that a department whose sole reason for existence is crunching numbers would be capable of setting up a high-capacity data collection server... unless you were a regular TDWTF reader. Then you'd expect to see exactly what's happening here.
Paper forms it is then.
@Maciejasjmj said in In other news today...:
Conservatives will claim liberals have their brain shut down
Only the easily triggered parts.
@Zecc and another tidy demonstration that conservative attitudes are largely fear-driven.
@Steve_The_Cynic said in I'm happy to see the OPM has learned their lesson:
I recommend strapping him to that rather battered wall over there, and I'll turn on this switch. Oh, that thing with the tubes? Don't worry, it won't hurt for very long...
@Lorne-Kates said in The Official Status Thread:
soon they'll be wielding
which is like carrying, only dwarfier
@boomzilla said in YAWTC (Yet Another Windows Ten Complaint):
was there some other option‽
Just you wait for Windows 10 2019 (Rapture Edition).
All your files have been safely moved into the cloud
@asdf said in I'm happy to see the OPM has learned their lesson:
a maximum length that depends on the actual password chosen would be TR.
Provided initial password entry involved client-side validation that simply stopped accepting characters at the point where UTF-8 encoding the next one would make the password exceed 56 bytes, I can't see why.
Any password approaching that length is going to have enough entropy even if composed solely of ASCII digits that no practical strength reduction would result if an attacker was able to glean some information about the likely alphabet used from the number of characters accepted.
@asdf said in I'm happy to see the OPM has learned their lesson:
You obviously want to prevent the user from accidentally setting a password which contains characters they cannot input via their keyboard.
No you don't. If they can't enter their password because their password storage and handling mechanisms are unsound, they can just exercise your password reset mechanism. Restricting anything but the overall length, or restricting the overall length to anything under 50, is a .
@anotherusername said in In other news today...:
So it's the word of the U.S. White House Press Secretary Sean Spicer vs. the word of some German Anonymous Coward?
Good enough.
Indeed. No German Anonymous Coward could ever even come close to Spicer's proud record of documented mendacity.
@boomzilla said in Exception handling is hard:
@dkf said in Exception handling is hard:
Ternaries are good when the two subexpressions are simple enough, but they can easily get out of hand. And then the murders begin.
return simple_enough()? smile: out_of_hand()? available(rock)? death(blunt_force_trauma): available(paper)? death(cuts * 1000): available(scissors)? death(stabbing): death(strangulation): frown;
@asdf said in YAWTC (Yet Another Windows Ten Complaint):
There are a few open source projects out there who take testing and following proper procedures (reviews etc.) seriously.