WHAT THE BLOODY HELL?

I have no pity, I was shut out of a website just when hit by breast cancer (thanks, I'm over it). I was out of my mind trying to get back in for something like half a year, to no avail.)

However,

all you have to do is click Contact Us at the bottom of the page.

Did your Mother and Father not explain to you Settin' that the path through life is not always smooth and amenable to your needs?

It isn't too bloody likely that you can click the "contact us" at the bottom of a page if you can't log in to see any pages.

I'm pretty sure "contact us" is accessible even when not logged on.

me too, re the contact us. And if not, let us know.

Told you you'd get into trouble bad-mouthing the hamsters alla time. Now you'll have to send Craven a bag of sunflower seeds or something just to pacify the little critters.

cute

There's not much I can say about this except that this part is working as it should. I know you say you are sure that you entered it correctly but incorrect input is the most likely scenario. I've been certain I had it right 5 times in a row in the past only to find a hidden mistake in the email input or a caps lock being set etc.

The most common error that can happen to prevent a login when correct input is submitted is failure to accept the session cookie, but when that happens it tells you about the cookie failure so it doesn't sound like that was it.

The only possible explanation I can think of other than the above, is that you had a shorter password from the previous site, and haven't yet changed it here. The minimum password got a bit longer, to improve on security (it's still not much security but a digit or two more is orders of magnitude harder to hack) and if you had a short password (5 characters or less) on the old site it would need to be changed. So it's possible that you got in through the reset email password last time and just never changed your password since then.

Not sure if that is the case, but if it is, you can avoid it by going to your account (links in footer) and setting your password.



Well each time you did this, you were sent an email. It told you that it sent an email, but I made the verbiage a little stronger about going to check the email to continue.



This sounds like something that the code could do better. I think what's happening is that each time you requested an email it removed all previous keys. The keys give full access to your account, so we don't want them sitting there in the database forever so we try to clean them up. In this scenario I think only the last one would work.

I think this could be done a bit better by reusing the key for each request for a certain amount of time but I've got to think about the ways that could go wrong.



Did you enter your login info or were you just logged in automatically? The emails you were sent have a link that automatically logs you in, as explained above, the last one sent to you would have logged you in automatically.

But if you had to type in your credentials and it worked, then it's likely that the first times there was an error in the input.



Humans would be nice, but they aren't as agreeable to sitting around and reading the site error messages. At the help desk the volunteers can try to help, and yes it's available without being logged in (it's a separate site). I can't guarantee how quick the responses would be, because for this kind of thing there are only a handful of people who can answer and we don't tend to live on the helpdesk (I try to check it once a day but sometimes it's every other day).

As to addressing the problem, I think we can make the activation keys better in cases of multiple requests, but the rest doesn't sound like something we can fix, if the input is not right it won't work and I can't think of any possible way the code could return the validation error if the input was, in fact, valid. All I can recommend is that you go to your account and update your password in case it was one of the 4 or 5 character passwords from the old software or in case it's somehow been changed.

Also please send this kind of stuff to the help desk, it's extra work and it's nice to have it all in one place.

I understand that you don't wish to acknowledge that there may be a flaw in your software--after all, in the cyber world, the customer is always wrong. However, you are ignoring what i wrote about the "behavior" of the window into which i typed my password. When i would "submit" the password, the content of the window would disappear, just before i was given the message about changing my password.

My password is longer than five characters.



This is why i wanted a direct exchange. You are ignoring what i said about the window being cleared. There was a set of five characters to be reproduced in a window, which i would do (and unlike the password, one can verify what one types before submitting), and upon submitting, i would get the message about an e-mail--but then there would be five more characters to be reproduced in the window, which had been cleared as soon as i had submitted. This was the reason that i ended up with a string of e-mails.

I'm only a partial idiot, not a complete idiot. I am capable of recognizing aberrant behavior in software. I'm no programmer, but i've been using computers on a daily basis for more than twenty years. This entire process was out of the ordinary in a variety of ways.



No, i had to enter my data. And the "first times," meaning every time after it failed the first time, rather than touch typing, i used my index finger and watched myself to assure that i was entering the correct characters for my password. As well as having used "computers" of various descriptions since the early 1980s, i learned to touch type more than 40 years ago. I can feel it when i make a typo.

Once again, i know that in out contemporary world, the customer is always wrong, but this does not happen to be one of those cases.



I don't check my e-mail that frequently. I might not even check it for several days. It's extra work for me to be obliged to check my e-mail and do responses, and would drag out the process indefinitely. I posted it here because this allows an exchange which i can much more easily follow, given that i do check this site on a daily basis, and often more than once a day.

I understand your reluctance to deal with this type of thread. However, i both wanted to describe the process while it was immediately fresh in my mind; and i wanted to point out something which, from my experience as a user of computers (that lowly type so despised by programmers, but to whom they ought to pay more attention than is commonly the case) for more than two decades appeared to be not a standing flaw in your software, but an anomaly.

In any event, thank you for your personal attention in this matter.

Not that I know set at all, but Ill bet that his password is NOT "password", which, according to the PA Business council subcommittee on cyber piracy (see, we dont even need ships), They say that PASSWORD is the most common password in use. Understand?

I'm not surprised. I use passwords for which i will remember the content, based upon a personal reference, which others would be unlikely to know. I also frequently (although not always) use numbers as well as letters.

For example, my grandfather who raised me was born on November 2, 1897. If i were to construct a password for that, i might use his name and that date, such as 112bill1897 (his name was not actually Bill). Such a combination is highly unlikely to be randomly generated, and it is unlikely that even someone who knows me well will know that information. As it happens, i don't use that as a password.

I didn't really want to answer this because I expected you to not like my answer but the truth is that if there is a flaw I'd love to find and fix it. We don't have the kind of money for an army of testers, so we rely on users to find all kinds of things we miss.

And when we can identify something that's on our end we can try to fix it. Just because I can't identify something on our end for part of your experience doesn't mean we view the users the way you are implying.



I'm not ignoring it, there's just nothing wrong with what you described of the password box clearing. That is best practices for security and usability. Sending the password back to the user exposes it more, and if the password was incorrect in the first place clearing it out is more likely to get the user in than pre-filling the last input. That just tends to get them to try it again, and if it was rejected the first time there's no reason to believe it would work the second time.

Pre-filling the email makes some more sense but even that can cause confusion. For example, a user may type the email then accidentally type one of the password characters before tabbing to the password box. The error might be hidden in the input if it doesn't display the whole email and then you can end up typing the correct password over and over without getting in.

Pre-filling the password with the rejected input is even more of a usability problem because the password is obscured anyway, so the user has no real ability to use it to fix the input.

In these scenarios, the best practice is to remove the password input.

If there's something else (last time you said "password" now you say "content" so I wonder if it was css failing to load, or even the whole page) you are describing, then it's not clear to me. For example, if the page wasn't displaying that would not be the correct behavior, but it also is more likely to be a networking problem out of our hands than something we can fix.



Then I think there was an error in the input, as that's the only scenario I know of where the user can enter their correct password from the old site, and have it rejected on the new site. It's also an area I think can use a small usability improvement but if your password wasn't under 6 digits it wasn't at play.



It's supposed to clear the captcha code. It tells you that it sent you an email, and you were supposed to follow the email's instructions. The captcha is there to stop robots from requesting the emails and it's supposed to reset every time or it won't serve any purpose (they can't be reused). It needs to be new for every page load. Now it sounds like you were confused between the captcha and the activation code (that comes by email) and I've changed the message to be more explicit about going to check your email (haven't uploaded it yet), but the actual functionality of that page did work as intended according to your description. I think the next step could have been a bit less confusing but it did work.



This isn't about being an idiot or not. Technically, I tend to know my stuff pretty well but I've been wrong about things like this hundreds and hundreds of times. It happens. I've been absolutely sure I had the login information correct and been wrong, and every single week I get bugs wrong where I am about to fill out a bug report (or even do so) and was wrong about what I thought I saw.

And that's with access to all the code and with having been involved with making the software. Bug troubleshooting is sometimes not easy and it doesn't take an idiot to get it wrong.

And there are a couple of things about what you reported that I think could have been done differently to be less confusing:

1) The message it gave you (that an email had been sent) can be more explicit about going to check the email so that you wouldn't request it over and over again.

2) If you do request it again, instead of deleting the previous keys, and generating a new one like it does now, it should handle key cleanup more intelligently. That way you any of the emails you clicked would have worked.

This is an example of where I think we can improve on the code.

3) You didn't mention this part, but I think the next step after clicking the email can also use some work. It logs you in, but needs to do more to direct you to change the password. Some people miss that part, and then the next time have to repeat the process to get in because the password is still not reset.



Well I'm not going to argue this, I wasn't there and I'm not going to try to tell you what is happening. But I do know that the code to deal with this is very simple. It basically goes:

if typedPassword = password {
log in
}

There's not a lot of room for it to get it wrong and I don't know of anything I can improve in the log in. That doesn't mean we never think we can do things better for the user, and we've already worked on the login extensively to react to user confusions (e.g. in the last months we went from email to email or username, we added an extra cookie check for the users having cookie problems). I just don't have any improvement or fix I can identify based on what you have told me about the log in failing.

If the problem can be replicated, then I can probably figure it out. But if it can't be replicated then it's hard to rule out user input as the likely culprit.



One of the reasons I don't like responding to this kind of complaint is because of this kind of accusation when I'm spending my time trying to help and trying to think of ways to make it better and less confusing for you.

I would have ignored it but you also said you want to talk to a human about it and am trying to oblige since Nick is the only other person who could help and because it wouldn't be fair for me to leave this kind of thread to him.

You aren't a customer, and we don't have loads of cash to hire customer service personnel so we do with what we can and respond as we are able (and with the patience we can muster given that we aren't paid to swallow insults like customer service folk are). We are user-centric developers and we certainly don't take that view of the users either.

I'm not going to try to convince you that you were wrong, but I can say that I'm sincerely trying to identify what we can do better and that in portions of your report I am unable to identify any possible improvements. You can chalk it up to stupidity on my part if that makes it any easier, and it certainly wouldn't be the first time. We've done some pretty stupid things, and missed some pretty obvious bugs before and I'm sure we aren't immune to it.



That's fine and when I can I try to answer as many of the tech support threads here as I can, but in the future, if I ignore it please don't feel slighted. It's easier for me to have all the support requests in one place, and I like to be able to use the site for personal reasons instead of tech support. When I start answering here then people start asking me questions about the site anywhere they see me, and that both ruins my ability to use the site for leisure (without ignoring the questions) as well as makes it harder to follow for me.

So sometimes, I might be on here on a break, and not want to do tech support and if that happens and I don't get back to you using the contact us form will probably do the trick.



There are a lot of different kinds of programmers and not all of them have no respect for the users. All the programmers who I work with have routinely fought with me over my user-centric way of doing things and I don't appreciate being portrayed this way just because I don't agree with your evaluation of what happened.

My goal is to make the software as usable to the user as we can possibly make it, I don't think we have done so, and I think with the password reset portion of your experience you touched on parts we can do better. However I don't know of anything we can do better with the login part of what you describe.

I can't replicate your claimed experience, and the code in question is so simple that I don't think there's some kind of bug hidden by complexity.

You may well be absolutely correct about your typing being error free, but that still doesn't the error wasn't in between you and the server and out of my hands. No matter what the case is, the bottom line is that I can't identify anything we can do on our end for the login portion of your difficulties.



Thanks for the report as well, like I said earlier it gave me a couple of things that I can improve in the password reset messages and keys.

You really are missing the point here . . .



It is anomalous. I have verified since the incident that whether i log in with the correct password, or intentionally don't log in with the correct password, this doesn't happen. In either case, there is a brief moment when the black dots representing the password are still visible, and there is an hourglass icon next to the cursor, before it either logs you in, or tells you that your password is incorrect.

That was the entire point of my response--this was an anomalous incident, which is why i have attempted to describe it in detail.

When i attempted to change my password, and would type in the verification string of five characters (which you now identify with the quaint jargon "captcha"), exactly the same thing would happen--and in that case i could visually verify that i had correctly entered the string before hitting submit.

In both cases, the window went blank instantaneously, or as close to instantaneously as makes no difference, the very instant i either hit return or clicked on submit.

I was hoping that this would give you a clue as to the nature of the problem. However, it appears that you wish to continue to assume an error on my part, rather than an anomaly in your software's execution. For example, you write:



. . . and this is one of my points about an anomaly--it wasn't loading a new page, it just provided a new captcha instantaneously while absolutely nothing else changed, and there was no new page load. (The same with the log-in page, the password window instantaneously cleared, with no new page load.) That was how i ended up with five e-mails awaiting me when i finally did go to my e-mail service provider. I do beg your pardon for not knowing the jargon of the congniscenti, but i have sufficient experience to recognize the anomaly, and this is what i am trying to explain to you.

When all works well, whether one uses the correct password, or an incorrect password, there is a new page load, and there is, even if very, very brief, an instant during which the former page is visible while the new page loads. That did not happen in this instance--the window in which the password had loaded (and in which i had typed the "captcha" in the latter case) would instantaneously clear, and that was the anomaly.

At no point am i suggesting that you need to improve your code, nor suggesting that there is anything wrong with the code you have written.

This is incredibly frustrating. I'm trying to tell you that an anomaly occurred, and you continue to natter on about what i[/u] could have done wrong without knowing that i had.

An anomaly occurred. I thought it might be useful to describe it to you in detail so you could hunt it down. I am heartily sorry for having disturbed you.

I'll give this one last shot. What occurred was anomalous. That is why i repeated each procedure several times, in order to observe. That is also why i have, since them, logged in normally, paying close attention, and intentionally logged in with an incorrect password paying close attention.

In neither case does the window into which i have typed the password (correct or otherwise) clear--the little black dots remain visible until a new page loads. In neither case on that evening did a new page load. Additionally, it went immediately to a message that i should consider changing my password, rather than telling me three or four times (or for whatever number it is set) that i have entered an incorrect password, and should try again. It immediately suggested that i change my password.

When i finally accepted that and it did load a new page, each time i entered the captcha, it would clear that window and provide a fresh captcha--nothing else about the page changed (although it did send me a new e-mail each time, and each of those e-mails, when i clicked on the link, would take me to a page at this site telling me it did not have a record of the verification code).

I've just gone back to my e-mail service provider, and i have opened one of the e-mails which i had not previously opened, and clicked on the link. It takes me to the page in which you attempt to reset the password.

There is a rubric "Forgot your password?," below which there is a rubric "Request an authentication key," below which is an icon of a hamster in a pink colored window bordered by a dashed line in red, and within the box is this message:

"We can't find a match for that activation key. Make sure that it is correct or try requesting a new activation key below."

(Which is damnably frustrating, as the activation key was provided by this site in the e-mail it sent to me.)

If you have access to my e-mail address, send me an e-mail with an address to which i can respond, and i can send you a copy of one of these e-mails.

It sounds like the underlined portions of the description above are providing a clue to what the problem may have been. It behaves in similar ways I've experienced when I was not able to read clearly the captcha letters and the input I typed was a mismatch to the captcha lettering. When that happens, usually the only thing that changes on the page is a new set of captcha lettering often more readible than the first.

The second portion underlined above might provide a clue too. Is it possible that when there is a captcha mismatch the software is generating an email anyway? This would perhaps explain why clicking on the link in the email resulted in no record of a verification code.

Setanta, you might try typing an incorrect captcha, checking for an email and then clicking on the link in that email to see if you get the same "no record of verification code" message.

If it occurs then it is definitely a reproducable problem that needs to be hunted down in the code.

Not to pick nits, but "customer"?

It's a free service, Set.




Also, you say (in a later post) "it's anomalous." OK. How is Robert to know what was anomalous? When I run across anomalies in troubleshooting computer issues, my first thought is always, "what's different about that computer?" Maybe it was your browser, or your PC; maybe your browser cache needed to be cleared; maybe you rebooted and now the error isn't occurring any more.

If it works for 99% of people, and doesn't work for you, Robert needs a tremendous amount of information and time to track it down, and it probably just isn't worth the effort involved, especially since you seem to be working OK now.

Jeeze, everyone seems content to just ignore the significant part about the window in which, in the first case, the password was typed, and in the second, in which the captcha was typed, which cleared without a new page being loaded.

This portion of it is the more significant, in that i could compare (and did compare) what i had typed in the window to the captcha i was to copy. In every case (at least five--there are still four e-mails at my "mailbox," and i deleted at least one, possibly more--so there was a minimum of five iterations--that means that five times, the window with the captcha showing cleared, and a new captcha was offered, even though i had correctly entered the string each time, something i could verify by comparison).



As i have pointed out, i did this at least five consecutive times, and possibly six. As i have pointed out, in the case of the captcha, i was able to compare what was required of me with what i had typed, to assure that i had correctly entered each time, and this event still occurred. Moreover, a new captcha was offered me without a new page being loaded. It is possible that i misread the captcha, and only believed that i had correctly copied it, but that becomes less and less likely with each iteration, and there were five and possibly six iterations.

It is just incredible to me that everyone wishes to explain this as an error on my part, without considering for a moment that this entire process may have been an anomalous event. And if this were an anomalous event, it would be worth while to determine the cause if possible, so as to improve the operation of the code.

Picking nits is precisely what you are doing. Let us employ the term end-user, if you would rather do so; although that, of course, losses the value of the intentional inversion of the long-standing phrase the customer is always right.

In the 1980s, even when dealing with Microsoft, one could get free customer service, from knowledgeable people in the call center, who would make an obviously sincere effort to help one with the problem reported. This was true not simply with DOS 6.0, but with Windows, when it first debuted.

Since the late 1980s, however, a culture has arisen and become entrenched within the world of cyber products providers which assumes the end-user is stupid at the worst, or badly mistaken at best. By the time Windows 95 came out, one had just a few opportunities to get free customer service help, and even when paying for that service, the quality of help desk services had deteriorated. I've had supervisors at Microsoft hang up on me without even saying a word, when i was calling in for help for which my company had paid by purchasing a service plan. Among program sellers, the people who sell Quickbooks consistently provided the best customer service, and if they determined that the problem was with the software, they would not enter a charge against the support service contract which we had purchased. Next after them, i would list Corel, who would provide a certain number of free customer service calls before requiring payment for the service, and when one had purchased a service contract, there was no limit to the number of calls one could make during the term of the contract.

The point which you are treating as a nit in need of picking is that the entire notion of customer service in the cyber world was turned on its head in the last twenty years, and there is an automatic assumption that the end user doesn't know what he or she is talking about, and that troubleshooting is a process of finding out what the end-user has done wrong, and never assumes that the problem may be a result of a software flaw, or that the user manual were poorly written. (There is nothing worse in the English language than the technical writing skills displayed by engineers and code writers--most user manuals are a nightmare.)



I wonder if you really understand how i am using (correctly) the term anomaly. It is entirely possible, you know, that something occurred which was not intended to occur, and that it simply happened to have occurred to me. I long worked in the security industry, meaning a company which sold, installed and serviced electronic security systems. We were obliged to do troubleshooting, too. If no part of the customers procedure could be faulted, then we looked for hardware or software faults, and you know what? We frequently found them. Although it certainly could have been a hardware or software problem at my end, it is not reasonable to automatically assume that to the exclusion of acknowledging that there may have been a hardware or software problem at that end--which is the kind of assumption which would be so typical of the approach to problems in the cyberworld, a realm in which it is never assumed that an engineer or code writer might not know what happened, or might not understand the problem.

I started this thread to make it easy for questions and answers. The browser i use is firefox. The pc in use had been used earlier by someone else who logged in here without problem. I subsequently logged in without further problems, closed the browser window, opened a new browser window later (on the order of an hour or two later) and logged in without any problem. I use this computer primarily to play video games, and have set the virtual memory to eight times the normal setting for this operating system. In addition, i have lost too much of my games not to have learned to clear the general cache. The settings for "internet options" is instructed to keep page files for zero days, and to clear the cache and history each time all browser windows are closed. The firewall uses a list of acceptable sites, of which, of course, this is one.

I didn't reboot (but thanks for assuming i'm that stupid, and thanks for having paid attention to the account i gave of the sequence of events which i have described--insert rolly-eyed emoticon here).

Perhaps Craven will decide it's not worth his time and trouble, but that will be his decision, not yours.

The last paragraph of my initial post reads:



I did not reboot. I did not close the browser windows. I did not clear the cache, and the cache would not have been automatically cleared by the settings selected for this operating system. I can think of few more ways to point out that this event was anomalous.