At my job, we have an error code that is similar to this. On the frontend, it’s just like error 123.
But in our internal error logs, it’s because the user submitted their credit card, didnt fully confirm, press back, removed all the items out of their cart, removed their credit card, then found their way back to the submit button through the browser history and attempted to submit without a card or a cart. Nothing would submit and no error was shown, but it was UI error.
It’s super convoluted. And we absolutely wanted to shoot the tester who gave us this use case.
And we absolutely wanted to shoot the tester who gave us this use case.
Why? Because he tested well and broke the software? A user changing their mind during a guided activity absolutely is a valid use case.
I think they meant shoot in like a friendly way. You know, happiness bullets!
Oh, THAT’s what “friendly fire” means!
hey that tickles!
It’s likely a difference of emotion compared to logic. Emotionally they’d think “Damn it, now we need to check for such a weird specific edge-case, this is so annoying” while logically knowing it’s better the tester caught it.
Better the tester than a user.
Whats the difference?
Are you from microsoft?
Different mindset. A user doesn’t want to find bugs but get shit done.
I’d argue that is maybe 95% of the time. People get bored.
Being prepared for the eventuality, knowing the consequences and deciding what to do about it before it happens for a user.
As of now, I consider you an enemy
Users are dumb, testers are assholes.
Sometimes testers are also dumb. Most times.
This makes want to become a tester. It scratches my evil itch just the way I like it.
there’s three qualifications to being a testor:
Finding stupid ways to break shit, Being able to accurately explain how you broke shit, and being likeable enough that breaking their shit doesn’t make the devs angry.
Being able to accurately explain how you broke shit
This is the most important part. Or look at systems like SpiffingBrit and Josh (Let’s Game it Out) look at games
Josh does mostly stress testing though
That too, but also lots of glitching through walls and, most importantly, “doing everything as wrong as possible”
Don’t shoot the tester shoot whoever wrote the code (or the framework / library) that got you into this situation in the first place.
What about the test case where I’m using the browser’s dev tools to re-send http requests in random orders?
If that broke the software it sounds like you have a very good tester.
Give that tester a raise bro
When you’re the reason error log messages are created…
What the user was doing is that they don’t trust that the system truly deleted the account, and they worry it was just deactivated (while claiming it was “deleted”). So they tried to do a password recovery which often reactivates a falsely “deleted” account.
I’ve done this before and had to message the company and have them confirm the account is entirely deleted.
Many services have a grace period. Mostly it’s 30-90 days where they keep your data, just in case somebody else decided to delete your account or you were drunk or something. But it could also be for legal reasons, like websites where you can post stuff for everybody to see, in case you post something highly illegal and the authorities need to find you. Another example is where a webshop is required to keep a copy of your data for their bookkeeping.
But it could also be for legal reasons, like websites where you can post stuff for everybody to see, in case you post something highly illegal and the authorities need to find you. Another example is where a webshop is required to keep a copy of your data for their bookkeeping.
None of these require your account to “exist”. There could simply be an acknowledgement stating those reasons with “after X days the data will be deleted, and xyz will be archived for legal reasons”.
Mostly it’s 30-90 days where they keep your data, just in case somebody else decided to delete your account or you were drunk or something
This is the only valid reason. But even then this could be stated so that the user is fully aware. Then an email one week and another one day before deletion as a reminder, and a final confirmation after the fact. I’ve used services before that do this. It’s done well and appreciated.
This pseudo-deletion shadow account stuff is annoying.
None of these require your account to “exist”.
It’s actually much more technical than theoretical. When you delete an account on a website, that is being kept for a little while longer, it merely has field in the database that gets updated. (often with a removal date as well for the automatic removal after x amount of days). This field needs to be checked everywhere the account is used. And account recovery is mostly a part where this is forgotten, or possibly not even wanted.
And to claim this as fact, I just realized that the website I work on allows recovering of banned accounts. (Removed accounts are completely removed though because we don’t need to retain any data).
This is the only valid reason. But even then this could be stated so that the user is fully aware.
Keeping the records for a little while longer is actually implied to be known. It’s in their privacy policy, and is legal.
Whether or not services should make this easier to know exactly what is happening I definitely agree. Personally I think post history without user identifiable data should also be removed, but this is even less common practice (and is why tools exist to delete all your reddit posts for example).
This field needs to be checked everywhere the account is used.
Usually something like this would be enforced once in a centralized location (in the data layer / domain model), rather than at every call site.
for the automatic removal after x amount of days
This gets tricky because in many jurisdictions, you need to ensure that you don’t just delete the user, but also any data associated with the user (data they created, data collected about them, data provided by third-parties, etc). The fan-out logic can get pretty complex :)
Usually something like this would be enforced once in a centralized location (in the data layer / domain model), rather than at every call site.
True. Although not every endpoint is the same, nor is every website or service.
This gets tricky because in many jurisdictions, you need to ensure that you don’t just delete the user, but also any data associated with the user
GDPR specifically mentions user identifiable data. I don’t know about others.