43 comments

[ 3.3 ms ] story [ 106 ms ] thread
Yeah, just got that as well :(
Is the text randomly generated?
Anyone know what's in that debug information the 500 error page spits out?
Looks base64 encoded to me, but running it through a decoder isn't giving me anything intelligible. Here's a OCR of the text in the image, maybe you can figure it out: Edit: Full text is in sibling comment.
I'd guess it's gpg encrypted with the ASCII-armor enabled (which I believe is just base64 encoding).

https://www.gnupg.org/gph/en/manual/r1290.html

Btw. Looks like the message is not PGP encrypted. The line lengths are different and gpg complained the message wasn't valid when trying to read the signature.
"If you see them, send them this information as text (screenshots frighten them)" Love this!
Seems we've scared the Google monkeys away from HN again. Now we'll never get an AMA.
Hm... wonder if there's a library that could do something similar.

It's an interesting idea encrypting your error that I haven't seen in many places.

Is it encrypted? Too lazy to OCR and `base64 -d` myself...
It's my assumption at least. It would be a bit sloppy of you tube to just base64 it.
It would appear so, someone on StackOverflow posted the full text but decoding it returns nothing intelligible.
What could the purpose of an encrypted error be? If it's a server side error it's already in their logs.
I've used something like this before so it's easy to lookup the exact error that they saw.

Generally i just do something like an sha of the error and time, and spit out like the first 10 bytes or something (as well as put that in the log line), i'm just looking for something i can grep for.

Think of it as a zero-capability web cookie. Burden of storage is on the client, so it scales nicely.

If it's symmetric-encrypted, then it's unforgeable, and it's safe to include private information, like IP address or recent video-viewing history, just in case someone posts a screenshot of it on HN.

I could see it being useful as an affordance for internal testers.

It would be useful when things break so hard you don't even get a log.

I got a similar 500 Internal error trying to watch a video (not search, not front page). First 6 characters appear to be the same for the error: http://pastebin.com/ibxLurkr

I wonder if someone could make sense of the error or if it's actually encrypted.

My kid got soooooo upset: "Daddy, fix it. I wanna see the Beetle monster truck". Imagine me trying to explain that 'monkeys will fix the problem for him' :-P. He was eager to wait... hoping to see the monkeys... but none came while refreshing the page. As soon as the Beetle baja buggie video loaded, all about he monkeys was forgotten.
At first I was kinda surprised at your comment (not even sure why, maybe because it lacked snark...), but then I realised it is a prime example of how our (techies) work actually affects lives, experiences etc, something we often forget.

Thanks for reminding

It made me actually realize how simple and effective it actually was. Without graphics he understood something was wrong... Out of the ordinary, but the text eased him.

BTW, he is 3 years old.

Hi.

I work on the YouTube Quality of Experience team. We measure time spent waiting for YouTube videos to load, and things like errors on video playback.

The next time your son has problems where he needs a YouTube monkey, you can give him a link to http://imgur.com/QZqAH2W

:-o... I am sure he would run away, scared!

I'll keep an image of Coconut Monkey as backup..

We have been doing this in all of our web applications for over a decade now. Essentially, whenever there is an error, we don't just display the error message as-is. All the technical or trace info it contains seems to scare users. So, we simply encrypt it and display a base64-encoded version of it. It also gets saved into a log file.

Users are more comfortable with this way: they simply copy/paste the text to us and we have all the info we need.

What happens if there's an error in the crypto handling system? Edit: Not a troll, I'm seriously interested in "minimum required functional systems" in the case.
There is no other dependency in the encoder/decoder functions so there is no point of failure there. Those functions were developed a long time ago and have not changed. They work with any stream of data and automatically chop off the input after the first few hundred characters. This contains more than enough info for the developers to see exactly what caused the error.

In any case, even if, as you say, if the crypto handling system failed, and it returned nothing, there was no critical information that was lost. Only information on an error message, which you will hear from the user anyway.

Aah, I was thinking you might be encoding stack traces or equivalents which you'd want to protect a lot more than the head of user submitted data which the user chooses to re-submit through a seperate channel that is about as secure (esp for the purposes (email)) as the original channel. A hard coded key would be fine for this imho as you don't have to protect the user from the user's own data.

Cool idea btw.

Spotify is down too. Didn’t they move to Google Cloud recently?
Back up for me now.
Still not up for us here in Amsterdam, and support.spotify.com says: “Spotify is currently not available. We are working on a fix and will continue to provide updates.”
I don't get it. Have people not seen this before?