Skip to content(if available)orjump to list(if available)

HN

You Already Have a Git Server

10k Downloadable Movie Posters From The 40s, 50s, 60s, and 70s

hrc.contentdm.oclc.org

Let's Help NetBSD Cross the Finish Line Before 2025 Ends

mail-index.netbsd.org

diamondgeezer.blogspot.com

The bug that taught me more about PyTorch than years of using it

elanapearl.github.io

A worker fell into a nuclear reactor pool

Pico-Banana-400k

Eavesdropping on Internal Networks via Unencrypted Satellites

satcom.sysnet.ucsd.edu

Clojure Land – Discover open-source Clojure libraries and frameworks

You Should Feed the Bots

Writing a RISC-V Emulator in Rust

The Linux Boot Process: From Power Button to Kernel

LaserTweezer – Optical Trap

Connect to a 1980s Atari BBS through the web

southernamis.com

Advent of Code 2025: Number of puzzles reduce from 25 to 12 for the first time

adventofcode.com

My favorite cult sci-fi and fantasy books you may not have heard of before

Formal Reasoning [pdf]

Bitmovin (YC S15) Is Hiring Engineering ICs and Managers in Europe

California invests in battery energy storage, leaving rolling blackouts behind

D2: Diagram Scripting Language

The Journey Before main()

PCB Edge USB C Connector Library

GenAI Image Editing Showdown

genai-showdown.specr.net

Show HN: Diagram as code tool with draggable customizations

Any decent error message is a kind of oracle

Any decent error message is a kind of oracle

6 comments

·October 19, 2025

louthy

This person ignores the security risks from being too verbose and/or specific with error messages, especially if they’re coming from a server.

You’ll usually fail security/pen-test audits if you follow the advice given here.

I agree that doing a better job of helping the user is laudable, but you need to know which battles to fight.

Groxx

For debugging purposes, because having users tell you what error they got is sometimes very useful:

generate a random number (e.g. a uuid), log it with the error, and display that number.

doesn't leak data because it's different every time, but you can uniquely pair it up with what they are seeing.

ChrisMarshallNY

That's a good idea!

ChrisMarshallNY

> So why aren’t these errors better? “Password is incorrect, try again.” or, “No account exists for this email.” Is that so hard?

I can tell you exactly why I don't do this, for my app.

I don't want to indicate which of the fields is an issue.

Most folks use Sign up with Apple, though, which obviates this.

The best error message is to avoid the error; either by effective design, or by good affordances.

But this is what WFM. YMMV.

null

[deleted]

null

[deleted]