Wednesday 15 April 2015

Following scripts

One of the most annoying things is contacting technical support to get a problem solved, and getting answers that have clearly come from a script, rather than being able to talk to someone who can actually put some thought into the problem.

https://secured.studentfinance.direct.gov.uk is using an expired certificate.  Here's the output from OpenSSL:
depth=2 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO SSL CA
depth=0 OU = Domain Control Validated, OU = COMODO SSL, CN = secured.studentfinance.direct.gov.uk
verify error:num=10:certificate has expired
notAfter=Apr  2 23:59:59 2015 GMT
All pretty straight forward - the certificate clearly expired at the end of April 2nd.  This causes web browsers to display very prominent security warnings (not just some easy to ignore icon somewhere - you actually have to click through the security warning and tell it that you understand that you're taking a risk).  So being the good citizens that we are, we informed them so they could fix their systems - here's the response we got back:
I would advise to clear all browser cache, cookies and temporary internet files, close the browser and reopen a new one.
How exactly does that address the problem we raised?  It doesn't does it - clearly their support department works on the principle of "don't bother looking into the problem, just tell people to clear their cookies and hopefully they'll go away".

I'm glad that we've never gone down that route with our customer support - when people phone us they don't get fobbed off with some scripted reply; they actually get to talk to someone with a lot of technical experience who can start looking into the problem immediately and provide a relevant answer.

No comments:

Post a Comment