Ask HN: Why do you consider the web a thing?

3 points by unixbane ↗ HN
Imagine you just found a website that you are mildly interested in and it requires signup

You have no idea if the website will block your IP because some ban list contains your IP block because someone else in your city did something to get it there (such as hitting the ' key by accident). But you won't know until the end because they have not added the blocking functionality to the UI, but via a small amendment to the back end

Next, you will have to assume it needs email verification on top of the captcha. If you just enter a random email address that doesn't exist and hit the next step button, it may (99% likely) only then tell you to go check that inbox for a verification link. After this, it may ban you for trying the second registration too fast. So it's best to always use a temporary email

There may be a CPU or GPU intensive bottleneck on the website which immensely slows down this process. For example, the front page of Github with the 3D globe brings lower end machines to a halt

You must now follow these steps:

1 The form may not work at all due to requiring a specific browser or OS. This often is apparent by a button that you click and nothing happens so you will need to try a few browsers and maybe even OS or try switching your screen resolution. You may only get stuck N steps in and only find out then that you need to do this

2 Find temporary email and set up address on it. This may require a recaptcha which means 30 seconds of clicking images as they fade in very slowly. But your connection could drop or cut in which case, the captcha will show an error box and you start over

3 Redo the signup form because it will say your password doesn't match the password policy (each of which is completely different for every site). 50% chance new captcha

4 If youre lucky the website will only require a user name and password. However it may ask up to 10 irrelevant questions depending on how pretentious the administrator is

5 The site may block the email provider, or the email provider blocks the sites. go back to step 1 and find a new email provider, but then the site might block you or escalate to SMS verification

The signup form could have multiple pages, and each time you click next there is an opportunity to badly handle connection loss or ban because some of the data transmitted was not as expected, or similar issues as one would expect of amateur code

if you activated the captcha before going out and setting up your email and come back, it may have expired. the login page may itself expire as well by the time you come back to it. we still didnt mention browser addons, which square once or twice more (missing DOM elements causing malfunction, XSS filtering breaking the page, ad blocker blocking, etc). the browser may ask to restart to apply an update when you open the tab for the email website (recent Firefox issue) and you start from scratch. some of these are avoided by having the concept of a single email address that you use for everything or 50% of everything, but it will get spammed and shared and may be or blocked or become so because you shared it too much

8 comments

[ 4.8 ms ] story [ 30.0 ms ] thread
There's a word for this: Kafkaesque. I reserve my smartphone for anything financial. This way I bucket sensitive info into my phone, which is what Big Tech mostly wants: A huge data point where they can exfil data, sometimes without consent. Anything I truly want private is bucketed to other domains where I don't use my real name, use a throwaway email, throwaway phone number etc.
If I'm putting an IP blacklist, email verification, and captcha in front of my site, it's to keep people out. Some level of false positives and false negatives is acceptable.
> For example, the front page of Github with the 3D globe brings lower end machines to a halt

How low-end are you talking about ? I have a fairly low-end laptop that's more than 4 years old and it works fine.

As for the rest of what you're describing, it's nothing like my experience of the web, though some government web sites come close.

If you buy a machine for less than $600, it will not smoothly browse the web. Perhaps it will have hardware acceleration for a few use cases, but in general most pages will be slow. 4 years is insane for that price, would you buy a new dishwasher every 4 years? What if I want 2 machines?
A newer Raspberry Pi can run most of the web fine, the $600 argument is laughably false.
You are both too normal so the product works as intended for you. Unfortunately however, real engineering means making it work in all likely cases. Anyone outside of upper-middle class suburbia has an absolutely terrible experience with computers. The browser takes a minute or more to start. Button clicks take 10 seconds. You wouldn't know this because they are not your target market. But don't get confused and think I'm appealing to feelings. I'm saying software should be acceptably performant, when currently most is not, especially not websites. I'm saying that 99% of people get a terrible experience with software, once you step outside your bubble world. Real software should work on only 1000Mhz when performing trivial tasks like displaying text and forms (to say the least). Real software should not break down because of certain attributes about your IP address, user agent, etc.

I can't tell where you're coming from without getting to know you, but all these "works for me" forum posts are invalid for the simple fact that if I have a real conversation with someone in person, 99 times out of 100 it will just turn out they are acclimatized to slow half working bullshit. On forums the only reason they get away with spouting this nonsense is due to the upvote system and their cliques. Like if I complained about battlefield 2 taking 20 seconds to load the menu mid game back in 2004, a group of stupid forum posters will all either have a $2000 rig (in current dollars) that was able to bypass this bottleneck, or they're just some casual who played the game for 10 minutes in their life so they haven't had to open the menu a lot yet.

In the case of a signup form, it could and should have a standard solution that doesn't require amateurs to code it themselves, 20 years ago. Like a standard authentication protocol. And of course it should not rely on flaky communications like a verification email. All these things work for you because you're too normal, despite being terrible misconceived ideas. Since the web as a platform is a misconception, you could not make an application that uses a standard authentication protocol because the web introduces all kinds of problems due to its weird way of operating like the fact that you're vulnerable to CSRF by default and asinine nonsense like JSONP, and the fact that web applications aren't really a real mode of software but a bunch of hacks like embedding a script tag, setting the doc type, and fiddling with strange headers, and you can't really have libraries without all these fixes from 5 minutes ago like pinning hashes of resources and building some giant half working external dependency management system. Then at the end of the day it's still each website pulling the authentication code with whatever implementation of their choosing so you still can't trust it as well. Your "working" system is built out of a compatible stack of misconception-compatible software. The moment you misstep, for example if you want some privacy and put on a proxy, you will be severely punished since that breaks half of the web and leaves you with the overhead of doing workarounds for every single interaction.

My 4 year old laptop was purchased new for less than $500 and it browses the web just fine. I routinely have 4 chrome windows open across 4 virtual desktops, each with multiple tabs and no significant slowdown.
Hello, unixbane. I believe we may be kindred spirits. Have an invitation to my website, which is mentioned in my profile here. We seem to agree on many things, such as the disgusting nature of UNIX, the WWW, and Unicode; I largely view them as different shapes of the same evil. From my website is the e-mail address I use, and we may discuss the topic further through that, say.