http://xkcd/327/ :)
-----Original Message----- From: Ken Schaefer <k...@adopenstatic.com> Sender: ozdotnet-boun...@ozdotnet.com Date: Wed, 27 Oct 2010 09:49:52 To: ozDotNet<ozdotnet@ozdotnet.com> Reply-To: ozDotNet <ozdotnet@ozdotnet.com> Subject: RE: Rant Sorry – I misunderstood – I thought you were using the main IB website – not sending feedback about something. I suppose feedback goes into some kind of CRM system these days – so that these things can be tracked: whether that be phonecalls or emails or faxes or whatever. However I imagine that most of these are relatively recent creations, unlike what’s required to manage customers and accounts, which can be fairly ancient. Cheers Ken From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On Behalf Of ben.robb...@jlta.com.au Sent: Wednesday, 27 October 2010 2:33 PM To: ozdotnet@ozdotnet.com Subject: RE: Rant I don't think it's nonsensical to expect a sane user feedback form on a web site for an enterprise by a large corporation like Westpac, particularly when a major redesign/upgrade of the web site was completed only reasonably recently. I've worked on enterprise systems myself and to be honest I'm not really sure what you are suggesting. It seems like you are saying that data input in one part of an enterprise system should be able to be used in all other parts of an enterprise system without any sort of filtering or consideration of the issues and should automatically be considered too hard. In my experience that's how you *create* horrible legacy systems where everything is always done the same way out of lack of understanding of the system and fear something will break. As others have pointed out, this is a user feedback form - if it is going to be used by other parts of the enterprise system then isn't that what specifications and integration testing are for? At what point in your opinion does the security issue become nonsensical? When you aren't allowed to enter any punctuation or numbers or lower case characters or is that still a reasonable thing to do given there are other systems in the enterprise that are 10-20 years old? Cheers, Ben ________________________________ From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On Behalf Of Ken Schaefer Sent: Wednesday, 27 October 2010 1:00 PM To: ozDotNet Subject: RE: Rant I’m sure systems can cope – but there are a number of challenges: a) System boundaries: what one system finds acceptable may not be acceptable to another (apostrophes I’m sure we’re all well aware of) b) Unicode is probably something that older systems can’t cope with c) It wasn’t that long ago that SQL injection and XSS become hot topics – what about older GUIs written many years ago that are used by branch staff or call centre staff. Would they be able to cope? Whilst it may be poor coding, the effort required to fix the problem is immense. So saying “in this day and age I expect x” is a bit nonsensical. What’s so special about writing code today that makes effort required to remediate enterprise systems just go away? Or that makes today’s code able to handle the challenges of the next 10-20 years? Nothing as far as I’m aware. Cheers Ken From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On Behalf Of Paul Gaske Sent: Wednesday, 27 October 2010 12:29 PM To: ozDotNet Subject: Re: Rant Oh; I dunno. I'm thinking you're right to jump up and down. Especially if you've got an apostrophe in your name or a hyphenated last name. Congratulations, you're now a security risk! Seems like a bit of a fail to me. I'm sure banking systems, no matter how long ago written, would be able to handle hyphens or apostrophes. This really does sound like poor coding to me. Cheers, Paul. On Wed, Oct 27, 2010 at 2:25 PM, Stephen Price <step...@littlevoices.com<mailto:step...@littlevoices.com>> wrote: It's very easy to jump up and down about this sort of stuff when it doesn't work. Your email has made me pause and think about it, and let's be honest, this coding stuff we do is complicated. So many variable (pardon the pun), so much can go wrong. It doesn't always work as intended. If it was easy then everyone would be doing it. I know I strive to better my coding skills continually, and even after years of coding I know there will still be bugs in my code. I don't trust my own code (possibly a good trait, apparently) and use unit tests etc to help improve the code quality. It wasn't so long ago that you had to physically walk into a bank to do your banking. It's become mainstream so fast. I can see how you would jump up and down about a user having to enter their data correctly, but I guess there has to be some validation. Is there a feedback section that would allow you to let them know so they can add it to their "to be fixed" backlog? If you don't let them know (and no one else does) then you get what you put up with. I often send emails or feedback to companies when I find issues with things. It doesn't always make it to the right person but at least I tried. cheers, Stephen On Wed, Oct 27, 2010 at 12:10 PM, Ken Schaefer <k...@adopenstatic.com<mailto:k...@adopenstatic.com>> wrote: > Hi, > > > > Just because a UI is now in neat HTML doesn’t mean that every backend > system, and every other system used to access this data, can cope. > > > > I worked on Westpac’s IB upgrade project (the monitoring part) and it’s a > huge amount of work just to upgrade one small part of it. > > > > Cheers > > Ken > > > > From: ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com> > [mailto:ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com>] > On Behalf Of ben.robb...@jlta.com.au<mailto:ben.robb...@jlta.com.au> > Sent: Wednesday, 27 October 2010 9:21 AM > To: ozdotnet@ozdotnet.com<mailto:ozdotnet@ozdotnet.com> > Subject: OT: Rant > > > > <Rant> > I just ran into the following text on the Westpac Altitude Rewards web site. > I am amazed that in this day and age that the developers and/or designers > for a banking-related web site have just *given up* and are forcing their > customers to clean their data. > > Note that if your message does include any of the characters you get an > 'input error' feedback but you still have to find the offending characters > and clean it yourself. Unbelievable! > > </Rant> This email is intended for the named recipient only. The information it contains may be confidential or commercially sensitive. If you are not the intended recipient you must not reproduce or distribute any part of this email, disclose its contents to any other party, or take any action in reliance on it. If you have received this email in error, please contact the sender immediately and delete the message from your computer.
