But in our internal error logs, it's because the user submitted their credit card, didnt fully confirm, press back, removed all the items out of their cart, removed their credit card, then found their way back to the submit button through the browser history and attempted to submit without a card or a cart. Nothing would submit and no error was shown, but it was UI error.

It's super convoluted. And we absolutely wanted to shoot the tester who gave us this use case.

[–] Jerkface@lemmy.world 142 points 2 months ago* (last edited 2 months ago) (1 children)

Better the tester than a user.

[–] chevy9294@monero.town 47 points 2 months ago (7 children)

Whats the difference?

[–] FreshLight@sh.itjust.works 65 points 2 months ago

As of now, I consider you an enemy

[–] filcuk@lemmy.zip 37 points 2 months ago

Are you from microsoft?

[–] slampisko@lemmy.world 25 points 2 months ago

Being prepared for the eventuality, knowing the consequences and deciding what to do about it before it happens for a user.

[–] RecluseRamble@lemmy.dbzer0.com 18 points 2 months ago (1 children)

Different mindset. A user doesn't want to find bugs but get shit done.

[–] jawa21@lemmy.sdf.org 9 points 2 months ago

I'd argue that is maybe 95% of the time. People get bored.

[–] normalexit@lemmy.world 9 points 2 months ago

Brand reputation?

load more comments (2 replies)

[–] RecluseRamble@lemmy.dbzer0.com 82 points 2 months ago* (last edited 2 months ago) (2 children)

And we absolutely wanted to shoot the tester who gave us this use case.

Why? Because he tested well and broke the software? A user changing their mind during a guided activity absolutely is a valid use case.

[–] NeatNit@discuss.tchncs.de 56 points 2 months ago (2 children)

I think they meant shoot in like a friendly way. You know, happiness bullets!

[–] KomfortablesKissen@discuss.tchncs.de 59 points 2 months ago (1 children)

Oh, THAT's what "friendly fire" means!

[–] tetris11@lemmy.ml 24 points 2 months ago

hey that tickles!

[–] abbadon420@lemm.ee 13 points 2 months ago

Like how I always say to my friends, "Look at me again and I will fucking murder you and rape your family dog".. it's just in good fun.

[–] CatLikeLemming@lemmy.blahaj.zone 8 points 2 months ago

It's likely a difference of emotion compared to logic. Emotionally they'd think "Damn it, now we need to check for such a weird specific edge-case, this is so annoying" while logically knowing it's better the tester caught it.

[–] baatliwala@lemmy.world 64 points 2 months ago

Give that tester a raise bro

[–] abbadon420@lemm.ee 43 points 2 months ago (1 children)

This makes want to become a tester. It scratches my evil itch just the way I like it.

[–] FuglyDuck@lemmy.world 43 points 2 months ago (1 children)

there's three qualifications to being a testor:

Finding stupid ways to break shit, Being able to accurately explain how you broke shit, and being likeable enough that breaking their shit doesn't make the devs angry.

[–] ICastFist@programming.dev 17 points 2 months ago (2 children)

Being able to accurately explain how you broke shit

This is the most important part. Or look at systems like SpiffingBrit and Josh (Let's Game it Out) look at games

load more comments (2 replies)

[–] jaybone@lemmy.world 30 points 2 months ago

Don’t shoot the tester shoot whoever wrote the code (or the framework / library) that got you into this situation in the first place.

[–] takeda@lemmy.world 26 points 2 months ago* (last edited 2 months ago)

If that broke the software it sounds like you have a very good tester.

[–] WolfLink@sh.itjust.works 19 points 2 months ago

What about the test case where I’m using the browser’s dev tools to re-send http requests in random orders?

[–] CeeBee_Eh@lemmy.world 146 points 2 months ago (1 children)

What the user was doing is that they don't trust that the system truly deleted the account, and they worry it was just deactivated (while claiming it was "deleted"). So they tried to do a password recovery which often reactivates a falsely "deleted" account.

I've done this before and had to message the company and have them confirm the account is entirely deleted.

[–] x00z@lemmy.world 50 points 2 months ago* (last edited 2 months ago) (1 children)

Many services have a grace period. Mostly it's 30-90 days where they keep your data, just in case somebody else decided to delete your account or you were drunk or something. But it could also be for legal reasons, like websites where you can post stuff for everybody to see, in case you post something highly illegal and the authorities need to find you. Another example is where a webshop is required to keep a copy of your data for their bookkeeping.

[–] CeeBee_Eh@lemmy.world 14 points 2 months ago (3 children)

But it could also be for legal reasons, like websites where you can post stuff for everybody to see, in case you post something highly illegal and the authorities need to find you. Another example is where a webshop is required to keep a copy of your data for their bookkeeping.

None of these require your account to "exist". There could simply be an acknowledgement stating those reasons with "after X days the data will be deleted, and xyz will be archived for legal reasons".

Mostly it's 30-90 days where they keep your data, just in case somebody else decided to delete your account or you were drunk or something

This is the only valid reason. But even then this could be stated so that the user is fully aware. Then an email one week and another one day before deletion as a reminder, and a final confirmation after the fact. I've used services before that do this. It's done well and appreciated.

This pseudo-deletion shadow account stuff is annoying.

load more comments (3 replies)

[–] nifty@lemmy.world 62 points 2 months ago

When you’re the reason error log messages are created…

[–] CEbbinghaus@lemmy.world 56 points 2 months ago (3 children)

Hoh man what a journey. And I love that this incredibly complex situation is the only reason that status would return. What a fun time debugging that would have been

[–] Omgarm@lemmy.world 27 points 2 months ago (1 children)

The type of error where you have to give up trying to understand the user.

[–] zaphod@sopuli.xyz 37 points 2 months ago (1 children)

It's quite simple actually: The user wanted to delete their account, but forgot their password so they requested a password reset. Before the password reset email was delivered, the user remembered their password and deleted their account. The password reset email is finally delivered and apparently some email clients open all the links in the background for whatever reason, so it wasn't actually the user who clicked the password reset link.

[–] ClassifiedPancake@discuss.tchncs.de 21 points 2 months ago (2 children)

apparently some email clients open all the links in the background for whatever reason

What? Really??

[–] tedvdb@feddit.nl 35 points 2 months ago (2 children)

Yes, e.g. outlook replaces links in mails so they can scan the site first. Also some virusscanners offer nail protection, checking the site that's linked to first, before allowing the mail to end up in the user's mail client.

Thats why you never take actions on a GET request, but require a form with button for the user to do a POST.

[–] TrumpetX@programming.dev 11 points 2 months ago (1 children)

It can be worse, we had to add a captcha for those link scanners cause they'd submit the forms and invalidate tokens too:(

load more comments (1 replies)

[–] Malix@sopuli.xyz 19 points 2 months ago* (last edited 2 months ago)

Yep. Apparently outlook does this and afaik because some kind of link sniffing/scam detection/whatever, but it does it by changing the first characters of each query argument around.

We spent amazingly long time figuring that one out. "Who the hell has gotten Microsoft service querying our app with malformed query args and why"

[–] lazynooblet@lazysoci.al 16 points 2 months ago (1 children)

Not really the only reason. It would be better to just return "token invalid".

It could occur by someone messing with the URL from the reset password email, like accidently adding an extra character before pressing enter

Or a poor email client that wraps the URL and doesn't send the complete one when clicked.

Or someone attempting to find a weakness in the reset password system and sending junk as the token.

load more comments (1 replies)

[–] tourist@lemmy.world 49 points 2 months ago (1 children)

Trying this every time I need to delete an account

[–] Appoxo@lemmy.dbzer0.com 17 points 2 months ago* (last edited 2 months ago) (1 children)

Immediately sue them for ~~DSGVO~~ GDPR

[–] dan@upvote.au 11 points 2 months ago (1 children)

(DSGVO is the German version of GDPR)

load more comments (1 replies)

[–] ClassifiedPancake@discuss.tchncs.de 37 points 2 months ago (1 children)

I might be the one hitting that link just to see what happens.

[–] Omgarm@lemmy.world 28 points 2 months ago

"Let's see how good their testers are."

[–] tedvdb@feddit.nl 31 points 2 months ago

Now the dev doesn't need to comment this part of the code, saves him time.

[–] bratorange@feddit.org 30 points 2 months ago* (last edited 2 months ago) (2 children)

Day 492 of predicting edge cases…

load more comments (2 replies)

[–] CanadaPlus@lemmy.sdf.org 28 points 2 months ago

Man, actually seeing this in a wild log would make my day.

[–] iAvicenna@lemmy.world 25 points 2 months ago

I can tell by the error msg this wasn't an error before and was the cause of much grief

[–] cupcakezealot@lemmy.blahaj.zone 11 points 2 months ago (1 children)

whats wild is that all the returned values were the same this is only for a log value that probably zero people check

[–] wizardbeard@lemmy.dbzer0.com 16 points 2 months ago

I believe rule of thumb is to track/log at least one level deeper than what you show to the end user, to ease with troubleshooting and debugging.

Beyond that, logs are only useless until they aren't, and then if you don't have them you're in for a universe of pain.

load more comments