Hacker News new | past | comments | ask | show | jobs | submit login
Establishing secure connection (wellsfargo.com)
472 points by eloisius on Mar 1, 2013 | hide | past | web | favorite | 149 comments

This reminds me of something we had at my office about 15 years ago because people were complaining their workstations were slow. In reality, their workstations were just slow machines; standard issue box for most people was a 70MHz Sun SS-5.

So we wrote a perl script that printed out a bunch of platitudes like these, while printing out an ASCII "progress bar." It had some randomly determined sleep() calls in there to make it seem like it was doing something.

  Optimizing priority queues...
  Recalculating scheduler lookup tables...
  Terminating unused system processes...
  Recovering memory leaks...
  Flushing network buffers...
Then it'd randomly pick a number X and report to the user "System reports X% faster."

We called it "speed" and deployed it to the app server. Some folks started getting into the habit of running it every morning and swore by it.

Reticulating splines

Other ways to reticulate splines:

- Like a documentary: http://www.youtube.com/watch?v=XZlWmYe8HM4

- Extremely dramatically: http://www.youtube.com/watch?v=bT2gfHU6yCU

That is both brilliant and evil.

This is basically Unix shamanism.

I think I know what I am going to do over the weekend...

Every time I meet my colleague in the kitchen what we talk about is how phase shift of 0.5 and has reversed the polarity which serialised the hyperplane clustering by 1.1

That's brilliant. If I had a situation where I had to deal with non-technical people I'd implement this in a heartbeat.

My father was an audio engineer/mixer and worked with some big names. He told me a similar story that happened to him later in life when he finally owned his own studio.

There were clients that would always insist on making audio adjustments, for no good reason at all. They were paying to have their music professionally mixed, yet still insisted on making adjustments and changes. Finally my dad and his friend came up with a great solution.

Mind you this was prior to everything being digital, so what they did was they had a massive 24 track. (a really big machine where you can individually adjust the sound of each track) Well what they did was installed a knob that looked just like the other ones in the track, but placed it a bit lower and near to where the client would be sitting.

The client was then told they can adjust the "openness", or the "richness" by adjusting this rotating knob to a particular setting (remember, the knob does nothing, and isn't connected anywhere). My dad said clients would spend hours adjusting this knob until they got it "just right", and would make sure to let everyone know in the studio that knob was dialed in and to not touch it.

It's amazing how many silly things people have to do in all walks of life to placate the ignorant.

One of the best designers I've ever worked with had a similar great strategy with clients who considered themselves design experts (usually senior marketing/advertising managers) and who would almost inevitably want to change something in the “final” design.

The solution he had was to leave one obvious minor flaw in the final design – a color which doesn't quite match, odd font choice, etc. It was a lighting rod for unnecessary fiddling and was quite successful for keeping the changes quick and low-impact.

2 examples from a former communist country.

- A theater director was putting on a new show about some workers in a factory. In the background he put a wagon wheel. Before the premiere the communist representative came to evaluate the show. It was usual that some random scenes would be adjudicated unacceptable and cut from the show. When discussion started the communist rep asked what the wheel, which was used in agriculture, was doing in a show about factory workers. The director argued that it shows the connection between proletariat and agriculture workers. A vigorous discussion followed at the end of which it was decided that the wheel should be removed. The director ended up being the first ever to not have any scene cut.

- A painter visited France and desperately wanted to bring back some modern art reproductions so that his colleagues, who where not allowed to leave the country, would get a chance to see them. But modern art was forbidden and there would be no way customs would let the reproductions in if they knew what they were. So the painter got also some nude reproductions. The customs people confiscated the nudes as soon as they saw them and let the modern art go through.

There's a (Dilbert?) comic somewhere out there about this. Can't find it at the moment, though :-/

edit found it: http://dilbert.com/dyn/str_strip/000000000/00000000/0000000/...

The tv show had a part where they say they always give the manager a stupid option and a realistic option to make it feel like he made the decision

What if the manager chooses the wrong one?

Apple's maps for iOS.

that is a corporate lore story. See item 5 "A duck"


An alternative is to add a duck, or something else gratuitously out of place.

Yet another case of rubber duck debugging FTW.

Yup, exact same story. Apparently this happens a lot :)

LOL, thank you for broadening my horizons a little.

You are one of today's lucky 10,000 http://xkcd.com/1053/


This reminds me of a scene from the movie "This Film Is Not Yet Rated", where Stone and Parker describe inserting a super-graphic sex scene into the movie "Team America", which they knew the MPAA board would ask them to remove, attracting their attention and allowing them to keep their R rating.

> audio engineer/mixer

Audio really attracts crystal-power wackos, somehow more than others. I've had to dodge all sorts of completely idiotic thinking both in the digital and analog world. Hell, it's the whole business model for Monster Cable, as one example.

Video encoding is a close second.

One other pretty common (and slightly less imaginary) trick is to nudge the master fader up about 1dB and play the same mix again for the client. For some psychoacoustic reason I don't fully grok, we perceive things as sounding better when they're louder, even if the difference is too small to register consciously.

Signal to noise ratio. If your noise is at some average amplitude X, and you have signal at two levels, Y and Z (and both average above X, because otherwise you would just perceive X distorted a bit), then the lower of Y and Z will have more of its amplitude within the average X amplitude. I.e., if Y < Z, Y/X < Z/X, then (loosely), Z will have a larger percentage of its signal that is not masked by noise.

Did it go up to 11?

Have you ever noticed that the BBC podcast playback controls do go up to 11?

Example: http://www.bbc.co.uk/programmes/p014wlmh

When I was a kid, whenever my bro yelled to reduce the volume of the TV I just stay silent for a moment and say 'ok?'. Sometimes he demands to cut off a bit more noise. I wait for a second and say "NOW?". He's normally happy with the two tries.

He sleeps happy. I waste time happy.

I believe the "Close Doors" button on lifts/elevators is based on this principle.

although it's one of those things that's hard to pin down as "real", this story is extremely similar to one that's told about murry wilson, patriarch of the beach boys. apparently as he was intent on mucking about during their sessions, brian eventually obtained a dummy console and let his father fiddle with the knobs to his heart's content.

The "magic/more magic" switch is also this.

No, that one broke things, at least to some middling confidence level.

This is one of those things that is done by people going "We need our customers to 'feel secure'". I get the rationale, but is there actually any data that suggests this gives that actual feeling? That users "feel" more secure? Or are more trusting of the site? Or is this just cargo-cult UX?

edit: I've seen this on too many financial apps to think it's an isolated incident. It's clearly a "thing" in financial apps (TurboTax.com does it all the time; I see it on my Bank app, lots of mobile apps, etc.)

There's gotta be a reason, even if it's wrong.

I worked for a company that implemented a similar technique and it had positive results. The main features of one of their web based software products was a report generator. The report was quite complex and included a lot of calculations based hierarchical relationships of entities in the system. To build this report by hand would probably take hours, but the queries and calculations were all highly optimized and could be run by the server almost instantly.

Many users complained that they didn't like paying so much for this feature because it didn't really seem to be doing very much. Instead of trying to educate each individual customer about all the intricacies of the report they just added a dialog box that would display for ~10 seconds and step through a few fake progress messages. People stopped complaining about paying for the report, and I would assume that is because the progress messages made them feel like something complicated was happening.

We implemented a similar thing a few years ago at a company I worked at. We designed a very fast system zero-knowledge matching over zillion entries. It was way faster than the "competition" (which arguably were slow because they just never cared). It took a few hours instead of a few days to run, basically.

While the results were 99.99% the same as from the slower solution, customers would think "it can't be right" or other things like that, and wouldn't trust the product.

We'd just give the result a day later. Fighting with customers expectations is sometimes very hard.

Then sell them the more advanced faster one for more money.

"Use our advanced cloud infrastructure to generate reports in under 8 hours!"

This reminds of airport nowadays. They were getting a lot of complaints about the slow speed that checked luggage comes out of after landing, so they simply moved all arriving flights' gates to the furthest away possible from the luggage claiming area. People had to literally walk across the airport after they get off, but complaints about luggage speed dropped significantly.

Actually, if I remember well (ut can<t remember where I get that from), another reason was so that people walk a little while to let their back recover from slouching all the flight before they pickup their heavy suitcase. Meaning in the end they had to bring less people out on a wheelchair.

Maybe you mean this as a joke, but I am a wheelchair user, and it is often really not fun to push myself through the airport. So.... your joke falls a bit flat.

It wasn't a joke, I didn't explain myself properly. When some people pick up their heavy suitcase after slouching for a few hours, their back locks in and the airport has to put them in a wheelchair and take care of them and their luggage. Having people walk a few minutes more actually reduces the chances of that happening.

I don't think he was joking, but rather implying that people with stiff backs could be more likely to injure themselves.

This happens with old-fashioned customer support and technical troubleshooting, too. It seems to be the temporal equivalent of putting scrap metal in electronics to make them seem heavier and thus "more reliable". The more I hear about it, the more I believe it.

I ran into this while doing phone and ticket support back in the day and tried to get my coworkers to join me in an experiment but they refused. We could have learned so much. I wrote about it: http://rachelbythebay.com/w/2012/07/14/difficulty/

This is a serious marketing problem about perceived value in B2B entreprise stuff. We had the same kind of problem the product was really technological: 15 years of research, a prover, 6-7 PhD and stuff like that. But I decided to simplify the interface to a minimum, and every parameter tuning should be automatic. We ended up with just a few buttons in a toolbar and a few views embedded in an eclipse plugin. Then the customers where thinking that an "eclipse plugin is not worth 10k€", because the technology was hidden.

Why do stories like this make me depressed.

Because (i'm guessing, since you're on HN) that you're an engineer. You spend all day telling the most logical thing ever created how to act. Its as predictable as a childrens television show. Human psychology is irrational, and thus unpredictable. The engineer psyche doesn't like that.

Human psychology is irrational and unpredictable only for very narrow definitions of rationality. Just because we don't understand the brains operation doesn't mean it doesn't behave rationally

Those definitions of rationality are useful _because_ they are narrow. If you redefine "rational" to mean "how the brain operates", you might be able to stop using the word "irrational", but...all the phenomena that previously fell into the "irrational" category will still exist, and people will still want to discuss them, so you might as well just use the same word for them as everyone else does.

The term "rational" is already well defined. I was claiming that the OPs understanding of the meaning of rationality was limited, not that the term rationality was narrow.

There are many other words and phrases available for us to talk about this concept that are well understood and do not need to be redefined.

I feel the same way.

My guess: it's hard to consider adults are less curious than children, but more confident than children. In biology: maturity = stop of growth

because stories like those should make you depressed

Now you've trained the users for the reduced app speed you can sell access to the advanced faster version.

Can't find the article right now (help?) but Blogspot (now Blogger) can create blogs instantly - the loading spinner and wait are completely artificial, to assure users.

I suppose it's the same mentality behind: "He's a manager..it doesn't seem like he's doing anything! His job is so easy!". You can replace "manager" with any management/leadership role.

Well, playing golf is hard!

And attending meetings.

I know there is data showing that adding meaningless security badges and icons to checkout designs increases users' perception of security, so I wouldn't be surprised if the fake progress bar was effective.

I'm not sure if there is a better solution that doesn't misrepresent what's actually happening. Users sometimes have heuristics about the way that systems work which might be inaccurate. In this case, the heuristic is something like "doing work correctly takes time; failure happens quickly", where work is keeping your credentials secure. The fundamental problem is that it is difficult for users to differentiate between work done poorly from heavily optimized work done well.

This is a totally a marketing technique to make users feel more secure. It's no different than plastering the "hacker safe" (now McAfee Secure) seal on the top of your website. (Which by the way, in tests I've seen split-testing proved the old "hacker safe" seal works better than the new one, or at least it did when the new one was first released).

Most of users don't know what SSL is, but they sure as hell feel more secure if you have a big lock or a nice green checkmark in the top corner, especially if they're thinking about putting in their personal info or credit card number.

Full disclosure: I'm a founder of an online marketing company. :-)

Paypal (even with a two-factor fob) has a similar spinning page when logging in.

Once I fell for a phishing link, and the first thing to tip me off was the loading indicator was gone/too fast. In that instance it saved my neck as I changed my password asap.

Maybe users who realize due to a missing indicator should be smart enough to avoid such a trap in the first place, but I was definitely glad then and can see how this could be an active UX decision with positive implications.

Zurb did a tech talk a while back. They found that the drop off rate for one of their long running processes dropped significantly when they added a red bouncy ball as an interstitial for any process that took more than 400 ms.

I wonder about why this is the case.

* Is it because we as users have been conditioned, through years of faulty software, to assume crap crashes/hangs when there are unexpected delays?

* Or is the majority of computing so fast and instantaneous that we can't bring ourselves to wait on something that doesn't have an immediate end in sight?

Here's one related study, "examining the extent to which individuals will tolerate delays when told that such delays are for security purposes..."


Please Continue to Hold: An Empirical Study of User Tolerance of Security Delays

I was expecting a page that takes forever to load or some such... :)

If I had to throw a guess, I'd say there was a random non technical manager in the company who saw the page was loading too fast and didn't like it; "it should show there is a heavy process in the background, otherwise our customers will think it is too simple!". Either way I doubt an UX genius is behind this.

It could be the opposite. Wells Fargo has a lot of different apps that need to authenticate and integrate with their identity management/sso system. It is near-trivial to implement this sort of thing, but it isn't necessarily trivial to make it fast.

I wouldn't be surprised if the authentication process was taking long enough that a decision was made to add some sort of "loader" like this to make it appear like the extra time was absolutely necessary from a security standpoint.

It's a bit of a lazy decision from a UX standpoint, but it isn't entirely uncommon either: when you notice some action is slow, slap an animation in front of it.

If I had to guess, I would say it was the opposite. The page was loading too slowly, so users would click submit a second time. So the popup was added so the users know their first click was received and the page is loading.

Seriously, users will resubmit forms if the next page doesn't respond in a 1000ms - 1500ms.

The more correct solution then would be to disable the submit button and provide some sort of (non-misleading) feedback that showed something was happening.

Ah, The good old Thread.sleeep(10000) to make it feel extra secure

There are no "UX geniuses". Or at least they are usually called Developers.

Actually UX designer is a pretty common job title these days. I'm pretty sure it's a well recognized profession.

I usually trust a developer to absolutely ruin the UX of a product any day

The level of contempt of some developers is amazing, too bad they don't know UX 101

I know developers who can design and code. The contempt is earned as most "UX monkeys" can just sling photoshop and that's the end of it. Too costly in any startup. Too useless in anything else.

I'm a developer and I am happy to leave the UX to someone who knows what he/she is doing. That goes far beyond "slinging photoshop" however. When I'm using a website or application I can usually spot where a developer did the UX, because it's quirky, "clever," uses conventions different from other parts of the system, or worst case is completely incoherent.

Depends on the platform. I've come to despise mobile UX monkeys if they can't write Cocoa. Period.

On iOS it's different, the developer knows the best.

Actually, The Sims 1 did this too. Obviously, it's a game and it's fluff so it's more acceptable than the bullshit that WellsFargo is doing here.

I was sad when Sims 2 and Sims 3 didn't include this little gem. A cool bit a humor while you're loading the game? awesome.


The Sims 3 does actually :-). Though it's a bit less obvious, but look at the texts swapping in and out under the progress bar.


I don't know, but it demolishes the last shred of confidence I had that Wells Fargo had anything resembling a clue about technology, and security of web apps in particular.

I've used a few of their services before, and they are all horrible abominations from signup on through.

My $0.02: Banks will get hacked, your identity will get stolen but banks and their insurance companies see that as part of doing business. So far it has been quantifiable. But they want you to feel secure so you do everything online, it saves them in real estate and employees--even as fees skyrocket year after year.

Another "UX monkey" who thought this is an amazing feature.

this page doesn't actually do anything. It loads two animated gifs from Akamai (one for the text, and one for the bar), and then uses some javascript to close the window.

If I had to guess, there's a login page. When you submit your login, this page pops up and displays while the login is processed.


  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">






    <p align="center">

      <img src="https://a248.e.akamai.net/6/248/3583/000/wellsoffice.wellsfargo.com/ceoportal/DocumentumRepository/content/images/signon/messaging.gif" width="300" height="30" border="0" alt="Loading Status" /><br />

      <img src="https://a248.e.akamai.net/6/248/3583/000/wellsoffice.wellsfargo.com/ceoportal/DocumentumRepository/content/images/signon/statusbar.gif" width="300" height="30" border="0" alt="Loading Status Bar" />


    <script type="text/javascript">

      var selfClose = function() {



      window.onload = function() {

        setTimeout(selfClose, 10000);


      window.onblur = function() {






My favorite part is the onblur function.

Somewhere, deep within Wells Fargo HQ, there was a depressed developer in a windowless office that died a little inside when asked to make this.

I worked with the dev who wrote this at Wells Fargo.

To be fair, they do have windows in their office.

  I worked with the dev who wrote this at Wells Fargo
You can't say that and not provide more details.... You are obligated now.

He's probably obligated to not provide more details...

Ding ding.

Nope, he's not.

Now you're on The Big Shane's list as well.

"To be fair, they do have windows in their office." Nice wordplay.

Not all work we do can be enjoyable, unfortunately. I bet this is a fun jab to bring up with him at parties. "Remember that time Wells made you make that security gif?"

Or he was asked "please make this site feel secure"

This sort of fake-loader animated GIF is pretty common; it's just a slightly more advanced version of a spinner GIF. I don't think it's really that bad.

What would be bad is if this page would accept a parameter to redirect you to somewhere, but it appears it doesn't do that -- it just closes itself. Presumably this page appears in an overlay that then closes itself.

With spinner gifs, you generally tell them to stop spinning after some event; this just closes the window after a hard-coded 10 seconds.

With most of the spinner gifs I use, the gif will just be in the element that I put the dynamic content into. Then when I load the content into the element, the gif is replaced and disappears.

It's not "bad" in the sense of actually hurting people, but it is dishonest... it's a meaningless progress bar (not so terrible, Windows has us used to these), but the series of lies flitting on and off the page definitely isn't good.

We all know banks aren't trustworthy, but that's what they should be, and their goal should be actual trustworthiness and not false, theatrical crap like this.

Or false, theatrical crap like building themselves massive stone buildings more suited for courthouses than branches and decking their interiors out with dark wood and brass?

Banks are all about theatrics in the service of image. They depend upon it, in fact. A bank that loses trust is a bank in danger of a run.

Impressive buildings are theatrical but not at all false. They don't really have a veracity at all.

A throbber is theatrics. Fake progress messages are (excluding joke examples like in video games) a lie.

That's just another way to state my point. Depending on theatricality instead of actually EARNING trust is exactly the wrong way to approach such a goal.

How is it dishonest? I would consider it a theatrical demonstration of what's actually happening.

The steps of the gif are: -Establishing secure connection -Sending Credentials -Authenticating -Building Secure Environment

That's not too far off of layman's terms of what is happening when they logon albeit just not as slow.

If it provides a layperson the same sense of trust that a technical person would feel if they listed the technical terms, isn't this an accurate demonstration?

I see a lot of comments condemning this feature and saying it's ridiculous. However, you have to understand that people outside of the tech industry have a very different mental model of how computers work than the rest of us.

One example of this is shown in a usability study by the Baymard Institute on top ecommerce checkout processes [1]. The goal of the study was to determine best practices for checkout usability by testing the top 15 ecommerce sites. One of the more fascinating finds they made was that during the checkout process, users perceived certain fields as being more secure than others. Even though the fields were all part of the same form and on the same page, users still believed fields with a little lock icon were more secure than the rest of the fields! It didn't matter if the entire page was encrypted. Users would abandon the checkout process because the credit card fields didn't "feel secure" compared to the rest of the page.

To most of us, this looks like a frivolous feature suggested by a "UX monkey" (as one commenter put it) but don't underestimate the power of making users feel safe. For all we know, this stupid gif could have cut support calls 20%.

[1] http://baymard.com/checkout-usability

I use this tool everyday and it has always made me laugh. The security of the CEO portal is actually legit though. In order to do anything you must login with: company name, username & password. Once inside in order to do anything important you must use your pin number + a random number from a security dongle like this: http://en.wikipedia.org/wiki/Security_token

Then someone else from within your company must repeat a similar process to approve your action. So you always need at least two people within your company to perform any action.

Typically the CEO portal is used for wire transfers where security is pretty damn important--once the money is gone--its really, really gone.

This reminds me of a story I heard about those ATMs. What I heard is that there are technologies out there that can make a machine to count/validate cash almost instantaneous while not sacrificing accuracy. But apparently, that makes some customers worry that their money is not being processed right, and thus, every time you deposit money to those ATMs, they make that grinding noise, appears to be doing something useful.

Which pisses me off because I'm wondering what the heck is taking so long. If the vending machine can count a dollar instantly, why can't the ATM do it.

On the other hand, whatever algorithm they're using for the handwriting recognition on checks is pretty amazing. I've deposited 100's of checks and I've only had to type an amount once.

A state of the art surely advanced by the USPS. Every time I scribble out an address in my awful handwriting I pause for a second to appreciate the USPS software that reads this and turns it into a barcode. Though to be fair I think all it has to do is decipher the zip code.

It's more complicated than that. The last line has to match two out of three (for example, city and ZIP), and then it can try to do some reverse analysis on what you've written for the address line. (Even that's an oversimplification; it's pretty darn impressive.)

The USPS also has the additional challenge of matching what you think is your address with what is actually your address. Very, very few people know their address.

If that's not bad enough, if you've ever had something arrive successfully, you expect the address that was used to work forever.

The USPS also has the additional challenge of matching what you think is your address with what is actually your address. Very, very few people know their address.

What parts of their addresses do people typically get wrong? Where can one go to find one's actual address?

Here's where you can go to find your actual address:

There are, occasionally, errors in the database. I'm trying to get one corrected now. If you find one, go to your local Post Office, find a supervisor, and ask him or her to notify "Address Management".

There is not always one answer. In the UK the Royal Mail, electoral roll, credit reference agencies etc can disagree with each other.

I didn't mean to short shrift them -- hell I brought it up to praise them.

I've been so impressed before by things like wrong addresses -- hell, one time I saw a letter with no address only my name and zip code. And it's not like I lived in a place where my mail carrier knew me. They've built a hell of a technology there.

TurboTax has something that struck me today as similar (in spirit) to this, though TurboTax's is a skeuomorphic thing.

It's the "Save & Exit" button TurboTax has. I'm sure that they are saving all info as it is entered, but users of QuickBooks, Excel, etc., I'm sure are used to having to save their data manually then exit.

I think all the guffawing at this progress bar is a little overblown. If a question or concern comes up in user testing multiple times -- "How do I know my connection is secure?" -- then why not put something in there that makes the user feel safer? What's the problem with that? Sure maybe it's a little overblown graphically but, c'mon, when you're a bank you need your customers to feel secure, in addition to actually being secure.

I think it is a terrible idea to put fake security symbols on the screen. It makes people trust those fake symbols instead of learning what they should look for. Since the symbols are just fake it is very easy to stage a MITM attack.

A much better security indicator would be something saying "This site is secure if there's a green area in the address bar [picture of what it should look like]. Click it to verify our identity.".

I'm pretty sure Turbo Tax is not saving as you go. I had just finished entering my income a couple of weeks ago, and just as I started on my deductions, it crashed. None of the work I had done up to that point was saved.

Exactly the security I'd expect from a "CEO Portal". :)

Very true, but for those that don't know in this case CEO is "Commercial Electronic Office"


If you were going to inspect to see if it was actually doing anything, let me save you the trouble. It just plays these two gifs ontop of eachother.

https://a248.e.akamai.net/6/248/3583/000/wellsoffice.wellsfa... https://a248.e.akamai.net/6/248/3583/000/wellsoffice.wellsfa...

Likely is security theater, but in all fairness they might actually be doing all those things and wanted a UI element to let users know what is taking so long.

You can see this in action by trying to login using dummy credentials here: https://wellsoffice.wellsfargo.com/ceoportal/


That makes this even sillier... The popup stays open claiming to be authenticating, while the main page has already returned with the error message "Your sign on was unsuccessful. Please try again..."

yep.. its a theatre all right

That's kind of silly.

But as a Wells Fargo customer, I've never seen it while using their website, and I use the site to check my accounts and transfer money between accounts once or twice a week.

It is for their commercial portal: https://www.wellsfargo.com/com/

"reticulating splines"

So, it's actually possible to update a dynamically served gif to provide real progress updates. If that's what they were doing, I'd wonder why they did that rather than use js hooks.

But this is just a silly static image. What if the server takes longer than the image to load?

Then it'll just get stuck at 100% until it's done. It's not like users have never experienced this, progress bars have never been that accurate. Probably thanks to Windows, which did a pretty good job at educating users not to expect an accurate progress bar at all.

The Adobe Flash installer has this issue. The progress bar is just an animation, so you the installer usually finishes way before the bar does.

I envy consulting company that was tasked $100k to build such a "secure solution" :)

It closes the tab when I click "inspect element". How does it detect that?

it's the window.onblur handler. If you select "inspect element" the browser opens a new window for the developer tools and the previous window loses the focus, triggering the handler.

It also happens if you load the page then open a new tab. The previous tab will lose focus and close itself.

We added progress bars and silly status messages to our 500 error pages in our web app. Things like a 15 second count down to "recalibrate" or "attempting automatic system correction". It, at minimum, stopped users from constantly clicking a button or link that was having server issues (and thus spamming our error queue). Instead, they'd wait the 15 seconds and then go try again.

If the issue was transient, like a dropped connection to the database or memcached or some obscure deadlock, the "automatic" fixes worked as expected from the user's perspective. We, of course, still got the full error report to diagnose the issue.

I even have a few gems in our user feedback system where the users outright praise the "automatic error fixer" and they wish every website/app had a tool like ours.

It happens in chemistry too. In his book The Green Flame, Dequasie told the following story:

"The salesman had been selling hydrochloric acid, sometimes known as muriatic acid. The industrial grade usually had a green tint caused by contamination with iron. The company that the salesman worked for improved its equipment at considerable expense and proudly began putting out water-white muriatic acid. The salesman immediately began getting complaints from customers who did not want that weak white stuff. They insisted that they wanted that strong green stuff that they used to get. So, for those customers, the salesman arranged to have a small nail dissolved in each jug shipped to them. Result: happiness."

"Locksmith gets less tips and more price complaints for being faster"

http://news.ycombinator.com/item?id=2007385 (807 days ago)

Reminds me of this interesting reddit discussion: http://www.reddit.com/r/AskReddit/comments/uc6qy/reddit_toda...

And the corresponding HN discussion that followed:

(Apple's iOS is "deceptively fast") http://news.ycombinator.com/item?id=4047032

In this case, we have security instead of speed. That's not to say it isn't secure anyway.

The Mac OS X.4 PBE would display the estimated boot time on startup; I thought it was using sophisticated logic, but was later told that it just averaged the last, say, 10 boot times (which is probably at least as reliable). I seem to remember that you could even execute `/usr/bin/loginwindow` (or some such path) from the command line and watch it pretend to boot at any time. I forget when this 'feature' went—maybe as early as Leopard?—but it's not in Mountain Lion.

Wow! I can't decide if this is hilarious or scandalous.

I used to work for a major online tax software provider. I won't name them but I'm sure you can guess. Not sure if it's still there but right after you log in, there are some redirects that take you to the app servers hosting the product and you get the same type of loading image though no secure connections were being established.

I should emphasize that the connection was already secure, but creating a user session on the server side took a long time so this graphic was displayed to users. So don't worry!

hfs - your account has been dead for > 200 days

This felt uncanny. Like I was violated in some strangely wonderful peculiar way.

Don Norman discusses why you would want to do something like that here http://businessofsoftware.org/video_09_dnorman.aspx (50:30).

As a customer of Wells Fargo CEO Portal I no longer feel safe using it.

Fun aside this portal uses two factor authentication with RSA tokens (that were promptly replaced after RSA token vulnerability was found).

I noticed something similar on TurboTax: https://turbotax.intuit.com/tto/alias/dncanimation

This is ridiculous

We need a progress bar! ~Brilliant MBA

That's why they get paid the big bucks. Genius!

Been there done that. Software development is sometimes Social development as well.

As a fan of UX patterns I'm curious: what would this one be called?

> ceoportal

Sounds about right.

My thoughts exactly.

security theatre much? face palm

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact