error messages are perhaps the most important method of communication with the user. it is imperative to include a message for the least technical and most technical users you plan to use your program.

for instance, PayPal's document submission process simply emits "There was a problem." when a user tries to upload a file that is too big. In this case, adding "your file exceed the maximum allowed size (4MB)." would be better.

Show thread

for errors you are less equipped to anticipate (illegal states you think should never happen, for instance), please don't just crash silently. Give me "We're sorry, the application has encountered a problem.", but give me "assertion len(name) > 3 failed at line 122" too.

Show thread

@tindall I always like to have stack traces when I'm debugging code, but so many of our customers have subscribed to "stack traces are the evil!" so we have to hide them and make our lives harder to figure out problems.

@dmoonfire It's a curse :( my go-to there is to either compress and base64encode the stack trace and print it in small text, or to upload it somewhere and give the user a reference number, if possible. But, yeah, it's a genuine dilemma.

@tindall I'm so used to dealing with hostile IT departments. So I've been trying to get the reference thing working but right now, the business won't let me write a UI so I have to have customers ask their IT for the event log.

I might try an encrypted base-64. Though, I also usually get a screen shot instead of the user selecting and pasting the 500+ line of text message. :)

@tindall a lot of insecure people think that last error message is an unacceptable disclosure of secret information

@riking those people have no business shipping software to users. I can always find that out by popping open Dev Tools or radare2.

If you have a proprietary algorithm you want to stay proprietary, it needs to be only ever running on a server you control, with strict rate-limiting, so I can't just fuzz it and reverse engineer it.

(and, i know I'm preaching to the choir here, sorry :) )

@tindall here's an idea

Error translation routine that pattern matches the code level trace and returns a reference to a translation key (multiple languages). If no match, generic message, but

You then set a goal that 99% of displayed errors have a translation and file tickets on the developers if that becomes untrue
@tindall it... also seems like a good proxy for "an outage is happening" 🙂

@tindall this type of thing is why i'm really annoyed with Windows 10's messages like "working on updates..." like, i like that on Linux there's progress messages during stuff like updates. even if i don't necessarily fully understand what's going on, i at least can see that it's doing something? that it's making some kind of progress? with "working on updates" i have no idea if anything's happening or if it's anywhere close to done.

@tindall From all my previous projects, 9 out of 10 times the creative team leaves writing error messages up to the engineers. It's often not built into the process from the top, which is a giant usability timebomb.

@tsturm Yeah, this has been a huuuuge issue for us on Open Energy Dashboard. Error states are part of your software, and need to be a priority!

@tindall Being an old-style (or old) front-end engineer, I usually brought my list of possible error states back to the information architect or the copy writer on the project and have them go through the list with me.

This often actually led to redesigns in the user path, since some of the more technical error states had never been thought out in the original design.

But if the engineers are in a hurry, they might just throw in a bunch of error messages and move on to the next thing.

@tindall "a null reference exception was thrown" is useless

the exact same thing with a stack trace is one of the most useful debugging tools a developer can get in a bug report

Sign in to participate in the conversation

Cybrespace is an instance of Mastodon, a social network based on open web protocols and free, open-source software. It is decentralized like e-mail.