197 comments

[ 3.1 ms ] story [ 180 ms ] thread
Compare and contrast to https://maddox.xmission.com/ "The Best Page in the Universe"
Another victim of enshittification. His essays used to be quirky and fun but he went off the rails once he started doing Youtube videos.
I just went to it, been a while. It is much different than I thought it was :(
Haha, I remember I sent him a hate email about this and he replied with something like "No, I haven't changed, YOU changed..." hahaha
There's a bit more to it than that. Maddox _really_ went off the rails when his friends realised how thin-skinned he was on certain topics (i.e. his girlfriend leaving him for one of his closest friends) and they could get a much larger audience by making fun of him than working with him, and he totally played into their arms with his LOLsuit.

https://www.vice.com/en/article/a3bwjj/the-cuck-centric-flam...

> Both [Maddox and his friend Kokkinos] performed at Upright Citizens Brigade in LA, sometimes together, with Kokkinos occasionally guesting on The Biggest Problem in the Universe*, a show Maddox co-hosted with his then friend Dick Masterson. After Masterson began dating one of Maddox's exes, creating an interpersonal rift that resulted in the duo cancelling their podcast in 2016, Masterson launched his own podcast, The Dick Show, on which Kokkinos was soon a frequent guest. As The Dick Show grew in popularity, Masterson and Maddox’s public rift widened, with each party’s respective fanbases joining in on the antagonism.

This is just the tip of the iceberg, check Maddox recent 3 hour video (!) on how he was allegedly stalked for years on end by Masterson and his crew. It's a wild ride.
I have been moving my page to gemini, but maddox is a great page :)
The worst websites in the world are the ones that are just blank pages without any content at all. Most corporate websites are like that these days unless the stars align and all the javascript executes just right.
They have (forgotten to turn off) some sort of ftp service: https://softwareupdate.vmware.com/cds/vmw-desktop/
I am so thankful for your comment. I was fighting with their captcha entry screen not showing me anything for the better part of an hour this morning before I gave up.
Not FTP, just a web server with directory listing enabled.

edit: downvotes? That's literally the situation here, look at the friggen URL.

The password requirements on some websites seem like they're designed to deter me from creating an account.
I've got a friend who's been pushing his employer to get off VMware since Broadcom bought them. Absolutely astonishing how fast the enshittification is kicking in.
> Hey front-end folks, just a quick note. Never ever ever ever ever mess with my browser. It's not yours, it's mine. I'm letting you use it for free to render your bloated sites.

As if any front end developer came up with this. Anyone who has ever had job in the industry knows this is straight from management.

I would think management can't be that adamant about not letting users copy-and-paste... I would also think front end folks should try saying "no" to at least some of those silly requests
Not in my experience, and not for trivial things like this. I'm sure this varies widely with employer, location and life situation, but generally these kinds of annoyances are both far from the worst that people need to do / tolerate, and that they don't have any say in what goes into the product, they either implement it, or someone else implements it and they can go work at someplace else if they don't like it.
Disabling copy-paste is exactly the kind of thing that a higher-level manager sees on some website, decides immediately that it’s very important for content protection and IP and trade secrets and whatnot, then emails a middle manager to have this implemented ASAP. A week later the request has filtered into a ticket that lands in the front-end developer’s inbox.

What should the developer do exactly? Ignore the ticket? Educate the manager who’s perhaps three steps up in the hierarchy and doesn’t even know the person’s name who is charged with implementing the misfeature? Neither would go down well.

No reason to ignore it, but it's pretty easy to argue against. I realise in some places you'd not be talking directly to the person it came from, but if the person you _are_ able to talk to says "That all may be true, but just do it", it's time for a new job.
This shit is usually from "security" which, in corps, is just endless list of boxes that you need to check and are handed over manager to manager. Everyone is scared to actually remove anything from the list because nobody knows who is actually responsible for maintaining it; getting through the hierarchy to even find such a person would take a month; if you find him, he will tell you "oh it's for compliance with <some mysterious government/iso/owasp document that's 20 years out of date>, safer to keep it there"
Exactly, good luck convincing management not to do something that the infosec team suggested even though it provides an insignificant amount of security. The hackers you really have to worry about aren't using your front end, they're submitting directly to your endpoint to bypass exactly these kinds of things.
This is the imbecile's solution to people pasting in their passwords from a text file. Except some people paste them in from their password manager.

Also, the error he got when he tried to put in the password the first time is likely because there's a mismatch between what it claims the password rules are, and what they really are. He might have exceeded the maximum password size (yes, I know they're supposed to be salted in the backend, and maybe then even are, but you still run into this). Or it might be that he used disallowed punctuation (some sites seem to dislike anything other than question marks and the ones over the 1-2-3 keys... I've personally seen the percent sign and ampersand both cause problems.

If there were some little embedded xml file that my password manager could pull from the page automatically that would tell it what the rules are, then I wouldn't have to debug your shitty account creation systems, nameless developer drones out there working for big companies! Not that you care.

That one may be coming from the InfoSec guys.
"Infosec mill agency that looks for easy wins to justify the high price tag they charge enterprise clients like Broadcom"

FTFY.

Large corporate/government IT lives on another plane of existence. Rules are made in some far-flung office and enforced through edicts that can't be challenged, partly because nobody knows exactly who created them, partly because nobody wants to stand out, and partly because yes-men surround the upper levels of management.

Anyway, somebody somewhere about a decade ago seems to have injected into the heads of such rule-makers that users who paste their password confirmations defeat the purpose of the confirmation mechanism, which was leading to excess support requests for forgotten passwords. So, therefore, pasting into the confirmation box (or even better, both boxes) should be disabled.

Never mind that password rules have gotten more complex, that allowing users to temporarily preview their passwords instead is now recommended, or that the use of password managers and online password resets means even if the original concern were valid, it's now moot. The rule exists, and so it must be followed.

At some point these corporations do lurch forward (or die), so eventually this will get changed, but it'll happen way slower than it should.

Honestly, 1Password (& co.) should have an option to "Type password" next to "Paste password".

Prevent that, you stupid website, I dare you!

It does, actually. (At least the old self-hosted version that I still use does. Don't know about the newer one.)
Fwiw keepass and keepassxc allow you to do this.
I do some front end work. I push back on things and win some battles re-directing them, but ultimately if the client pays to do a stupid thing, they get the stupid thing. It is their website, not mine.
This isn’t a front end dev problem.

You can say no but management isn’t under any obligation to capitulate, and often won’t.

More over, it’s often solutioneering as a result to some other management identified issue that devs have pushed back on.

I can't imagine any front end person spending extra time blocking the paste function when nobody asked them to do that. This may also come as a surprise, but sadly management and infosec doesn't always take advice from the front end developers.
It absolutely can be, and can even go higher. Recently the Reserve Bank of India updated rules around what is considered security, many banks interpreted them to mean copy and paste into /any/ field is not allowed. Yes, you have to fully type in account numbers etc.
I wonder. In my experience, all Indian news media outlets (except two) hijack the clipboard. If you select and copy an entire paragraph, in your clipboard, you get only the first few words and a link to the article. While I hate it, and think they are being hostile to me. I think they are catering to a usage pattern, that if you paste that stuff in WhatsApp, the readers would definitely get a link to the article. Traffic guaranteed.
Hm? No, it really did come from a front-end person.

There was a period in the late-aughts when people wanted to emulate the iPhone's inertial scrolling on the desktop. Most modern sites had it and it was infuriating.

That's probably around the time when this site was built.

I'm thinking you may not have made it all the way to this part of the article when you were reading it, but here's the rest of the context

> Don't do this to me. I get to copy paste whatever I want whenever I want. When you get your own browser you can do whatever you want but while you are living in my house under my rules I get to copy/paste whenever I goddamn feel like it.

Forcing the user to type the password manually rather than letting them paste something in. I think the original idea was to not allow them to mistype the first one, then paste the typo in the second field. But it's a dated practice and very annoying.

I once worked on a project for a Pharma company and this one guy tried very hard to push his password requirements and no pasting stuff, but luckily we convinced someone with final say that we should just follow the NIST guidelines for password reqs and leave the UX of the password field up to the UX people lol.

I do agree though that smooth scrolling was a front end developer offense, luckily it went out of style pretty quickly.

> the original idea was to not allow them to mistype the first one, then paste the typo in the second field.

correct. the other analysis here is wrong. we see similar for payments where user is not allowed to paste in ACH info.

but this isn’t exactly about user error per se. this is about support cost for bad entries. if the user types a wrong password during registration the recovery of such is very hard. the common user (even of a product like fusion) is VERY unsophisticated and will have severe problems recovering. the more advanced user will have plugins that disable paste disabling. the middle skill user (like in the post) will get past it on their own.

so net net this is just another case of this is why we can’t have nice things. they “have to” address that bottom (skill) level of users.

personally i can excuse this. the rest, not so much!

I think we can go another level up though: why are browser vendors allowing it if it's verboten — if they make it possible, someone will use it.

No one's going to risk their job over their boss's inane request to break copy & paste.

yeah I can't really think of a good use case for blocking paste. the Clipboard API is useful in general though and a good addition overall even if some people misuse it.
As I understand it, you need to be able replace the paste command with your own custom thing for stuff like Google Docs. But then you can always just replace it with a no-op.
> Hey front-end folks, just a quick note. Never ever ever ever ever mess with my browser. It's not yours, it's mine. I'm letting you use it for free to render your bloated sites.

This edge is a greatly under-acknowledged and under-represented boundary of propriety, and is routinely flagrantly and hypocritically overrun by organizations with legions of attorneys who fight tooth and nail to stake their claims in the providence of others.

The close cousin is the "click-wrap" agreement, which should be the very first point of engagement for access to any resource that employs it, but is perennially represented as an afterthought which a priori deprives the visitor of recourse from his later exploitation using the form of a "contract" which is fully understood by everyone to not be read, is written in gibberish, and placed at the very end of a primrose path of necessity for access to one's own labors.

A huge warning sign of the intrinsic rentier dynamic of the high technology industry has been built into every PC since the dawn of the era and on prominent display: the "Welcome" screen. You think you are being warmly greeted upon arrival to the cusp of a vibrant commons, but you are actually being told in no uncertain terme that the PC you just bought was pre-appropriated by its software. The purchase price is rent. The device is your property only in the sense that you own the direct costs of its failure and disposal. You are given an account with limited access to its capabilities and being permitted to access it under the auspices of your hosts. Your work is without value to your hosts. The device is a conduit of your continuing consumption, controlled as tightly as possible, which with every step into its labyrinth further reduces, limits and degrades the value of your work to you, and shifts its value to the device purveyors.

This hazard is conventional to the structure of every web service today, including this one: your data (work) goes in and never comes out. It's trapped in the dynamic and context maintained by the host.

No social media architecture today respects your work in context, including this one.

Your comments should belong to you, be hosted by you, and maintained in a mutually shared and beneficial context. But instead your comments go into a black box which you are permitted to review, in exchange for locally issued currency called (tragically) "karma" which is a simply a mechanism for limiting your visibility within a hopelessly regressive and passé format of a reverse-chronologically ordered list of the popular. Everyone on the social web is a serf, tilling a text box, and sharecropping status.

My making an example of HN not to call it out for being egregious. HN is completely ordinary. I'm merely offering an example for how totally indoctrinated the technogentsia is to these dark patterns of social networking architecture and how blind everyone is to them.

It's pretty weird that these dark patterns are so pervasive when you consider that the ideological bent of most computer technologists is "libertarian".

But I should note that California ideology is inherently Randite, and Ayn Rand was a deeply disturbed person.

With transformer AI we have now seen that every human input on the web has specific economic value which is being aggregated and harvested towards the creation and consolidation of enormous kingdoms of social wealth and privilege. This is being done completely without regard for the principles of propriety that software and MSM content publishers have represented through law as being essential to the construction of a commonwealth.

Every output of a transformer is a derivative work without even attribution, much less royalties.

And the AI technologists seem poised to have transformers run interference at every level of "customer" interaction with new architectures.

The more you look into it, the more you will see that high technology has been an epic swindle to transfe...

from what I can tell, this comes from IE6 days, where evil site could potentially see your clipboard .

Maybe.

I actually really like the ARNGREN.net site- reminds me of the funky product classified ads that you used to see in the back of magazines like Popular Mechanics.
I personally think this website is amazing... I mean, how do you even maintain something like this?
Absolute positioning and manual html editing :)
Okay hear me out:

instagram, but instead of infinite scroll you just show a blank canvas. When you post you include an xy position used to absolutely position it on the wall. Everything is 100x100 pixels max. Epoch time of post date determines zIndex.

What that arngren.net is missing is the cheesy Johnson Smith ads for X-ray specs! and Sea Monkeys! Johnson Smith was like the cheap claw machine of magazine ads. You knew that all you were going to get was crap, but it was fun crap. Maybe it helped that it took like 2 months to come and you were imagining how great it would be the whole time.
Did anyone actually buy those xray glasses? I’d love to know what crap actually arrived
I am experiencing similar frustration while trying to publish my App on Google Play! Publishing my app on Apple Store was smooth but Google Play is nightmare.
I totally agree. Their UI is hot garbage.
After going through all the pain now I am stuck at the last step where I need to find 20 unique testers before they will allow me to go to production!
Is that a thing? Can you go stand in a mall and spend an afternoon getting people to test it?
They are referring to the requirements discussed here: https://news.ycombinator.com/item?id=38258101

> Can you go stand in a mall and spend an afternoon getting people to test it?

Does that really work ? If a stranger at mall asks us to install a random app out of regular play store flow, only a small number of people will oblige. That number should ideally be zero.

The link you give to external testers goes through the play store, IIRC.
What you get when money meets corporate meets engineers who don't say no.
I nominate anything run by Workday as the worst website in the world.

Anyone looking for work can probably empathize. All the other websites mentioned are distant runners up to that monstrosity.

My favorite part of Workday applications is the fixed list for “field of study”, which doesn’t include my field of study or an “other” option. Or maybe its the “autofill from resume” which always, always fails in different unexpected ways. Or maybe its requiring me to manually enter my name and the current date >3 times.
My favorite part is not having the ability to create a single Workday applicant profile that they can persist across all their customer companies.

For that matter, Peoplesoft isn't any better.

single tenant architectures strike again.
> the fixed list for “field of study”, which doesn’t include my field of study or an “other” option

If it's anything like the "employment sector" options that banks ask you to pick from, then they're not trying to collect accurate info, but rather asking you to bucket yourself into a categorization system used by some very popular credit/risk-scoring heuristics.

My guess for why an HR platform is asking such a thing: it probably populates a field that can be fetched through an API, by corporate spending platforms (Float et al) that integrate with Workday, to determine (or at least "recommend") the employees who should be issued spend cards.

My theory is that companies choose workday because it saves them money. If I have an expense below a certain threshold, I just eat it rather than dealing with workday's insanely complex expense report flow.

I was railing against workday for a different reason last week. I had a qualifying event and needed to add a dependent to my health insurance. The first screen in the flow was to change my coverage, but it only offered "self" plans (not the self + dependent I was trying to change to). I finally learned (after 2 screenshot laden emails with HR) that I had to "submit my choice and continue" for the wrong plan before I'd be allowed to choose the correct self + dependent plan on some future screen that I had no idea even existed. The "submit my choice and continue" felt rather final.

> If your expenses and reimbursements are difficult to file, that's OK, because the people above you don't actually care if you get reimbursed. If it takes applicants 128% longer to apply, the people who implemented Workday don't really care. Throttling applicants is perhaps not intentional, but it's good for the company. [1]

That was also the thesis from an article that made it to HN’s front page a week ago [2].

[1] https://www.businessinsider.com/everyone-hates-workday-human...

[2] https://news.ycombinator.com/item?id=40273637

I got aggravated, physically aggravated just by reading the cursed hellspawn’s name. I hate this website and everything it stands for.
Agreed, I recall a short time some arm of my company used workday learning for training courses. To do a course, you had to add it to a shopping cart for some reason, then "check out", which opens a popup. If you somehow managed to complete the course, the popup would just close with no indication that the course was actually done.
Workday is a seemingly universal evil. That being said, some of my emotions toward Workday might be entangled with my feelings towards HR.
I can just imagine the meeting of the people who created the 11 page how to use this website pdf. Awful.
The real problem is letting the marketers and the "we're proud of ourselves!" sort take full control. I imagine the goal is "we have all these things under one roof!".

Good grief.

You can still have the same framework/layout. EG, support, products, etc. But you can do it under "categories". For example, "VMware by Broadcom" or some such blather.

And all support, all webpages, are only vmware related in that category.

But really, transitioning vmware's webpages to this is just dumb. What a waste of time. Just use vmware's website with a "by broadcom" in the banner, and who the hell cares.

So juvenile. That little bit of brand recoginition, oh it's so important.

Yeah, it's so important that it's not LSI, but broadcom in the firmware when my server boots now? Firmwares all need to have name changes?

I actually feel for these people. They know the site is awful and have no way to improve it except to make a manual.
Those people are trying to help the users who have been screwed by the managers who made the website terrible with no regard for anyone arguing against it
You can apply this do many Governments, banks and insurance websites.

Last example I witnessed: my home insurance forced me to re-register in their website due to some (clearly half-assed) migration. The way to force that was giving you a login form with user/password but no clickable "Submit/Login" button! And then a mini (like 50px tall) banner at the top of the page telling you that you had to recreate the account.

For Linux, there is Gnome Boxes, which is a quite good VM for all the stuff I need one for. It may not be as complete as VMware, but has most of the important stuff.
Just use Proxmox, it's fantastic for many vMware use-cases.
(comment deleted)
Agreed, but it doesn't run on Apple Silicon.
(comment deleted)
I'd like to just respond to the caption on the first image.

It's me. I'd wear that shirt with a cat samurai on it.

I would also wear it. Why does he get more relevant advertisments than me? I only get advertisements for clothes I'd never wear. I just checked out their website and I'm seriously considering buying some cat samurai shirts.
Dammit. This was also my first thought. Might consider it, if customs doesn't make it too expensive.
Because I looked into it in the past, I would like to point out two things.

First, the shirt is very easy to find. If you want it, you can easily find the store online with the information from the post alone.

Second, Instagram is chock full of shady sellers like this one selling t-shirts with AI-generated pictures. You can order from them and the product will probably arrive (eventually), but their websites are copy-pasted versions of each other (I just found at least six stores with identical "About Us" text) with different t-shirt designs whose reviews are uniformly poor. So don't count on excellent customer support.

Then again, maybe you are the type of person who always wanted to maybe receive a badly-printed, misaligned polyester shirt of a cat carrying a deformed sword. If that's the case then today is your lucky day.

My personal favourite is the old New Zealand Studylink website. You had to log in with both a password and a 'passcode'. You didn't type the passcode though, it told you to enter two or three random characters using dropdown boxes. I always had to write the passcode on paper to figure out which characters were needed (mine was long).
Some sites put the right number of asterisks between the boxes so you can count off the characters. If they wanted the 2nd, 5th and 6th characters of eight you would see (where B is a dropdown box):

    * B * * B B * *
[flagged]
I recently tried to register for an Apple developer account, and it has been the most infuriating process I've been through on the internet... and I am used to the French govt websites! At some point, the H1 title was in white on a light grey background, and I considered sending a screenshot to Jonathan Ive. To this day, I did not succeed registrating.
(comment deleted)
Weird, I thought the arngren.net website screenshot looked beautiful.
The Vodafone website in Italy is actually worse, believe it or not.