Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: General site feedback

  1. #1
    Join Date
    Oct 2016
    Posts
    6
    Mentioned
    0 Post(s)

    General site feedback

    There are a few things about this site I've noticed that I felt like writing down for users to see.

    1. The site has no SSL certificate. The last "reason" I could find was that it costs money and the risk of a MitM attack is too low to justify it. It's 2017. You can get SSL certificates for free*. There is no excuse except for pure laziness.

    2. Passwords are transmitted in plaintext. The combination of this and no SSL is just fucking stupid. Now, since the email password recovery doesn't actually work (I submitted a request 3 hours ago, no email), I can't confirm this, but from what I read on another feedback thread, this function literally just emails you your password. In plaintext. For those of you who don't know, this also means that the admins can view your password in plaintext. If you use the same email and password on any other site... well, you can figure out the rest. This is not acceptable in any way.

    3. The general UX is a goddamn mess. As I type this, I'm looking at the WYSIWYG editor in all its glory, with almost every icon missing. The HelpDesk article on submitting a ticket is VERY badly worded. This could be solved by actually putting some effort into tying the different systems on the site together (helpdesk, forums, etc), instead of just throwing them onto the site and hoping they work. Additionally, why is the only upgrade option under the "upgrade" tab in Bot CP the £200 option? Why do I have to search through the other tabs to find the less extortionate options? This is either deliberately misleading, or just stupid UX design again.

    I'll add anything else I find to this post, but from what I've seen so far, the whole website is just a mess.



    *in case you've been living under a rock, https://letsencrypt.org/

  2. #2
    Sean2525's Avatar
    Sean2525 is offline
    Forum Moderator 
     Merchant   $200 Credit    Premium: 500->750 hours used  Free Bots: 20->100 hours used  99 Miner 
    Join Date
    Jun 2012
    Location
    USA
    Posts
    419
    Mentioned
    41 Post(s)
    Wow, I'm not sure exactly what made you go off this morning but I think you need a hug.

    Also let's get somethings straight. We are currently in 2017 so if you are using your password more than one site that's your own fault. Since you know so much about security I don't see why it stressed you out when something doesn't go your way. You act like a child to me when you rant like one.
    Last edited by Sean2525; 07-05-2017 at 02:38 PM.
    Make sure to read the discord thread before sending a PM.

    Discord thread - Come join us (All users!)

    Need help with an issue? Download the RealVNC and send me a request on here. Ill help you setup your bot or attempt to fix any other issues you may have.

  3. Twic, xcendrox liked this post
  4.  
  5. #3
    Join Date
    Oct 2016
    Posts
    6
    Mentioned
    0 Post(s)
    Quote Originally Posted by Sean2525 View Post
    Wow, I'm not sure exactly what made you go off this morning but I think you need a hug.

    Also let's get somethings straight. We are currently in 2017 so if you are using your password more than one site that's your own fault. Since you know so much about security I don't see why it stressed you out when something doesn't go your way. You act like a child to me when you rant like one.

    Yes, it's partially on the user to use different passwords for each site, or to use a password manager to generate passwords etc, but there is never a situation where it is acceptable to store passwords in plaintext. That is just poor web dev practise. That attitude is what pisses me off - the fact that the staff seemingly don't care.

  6. #4
    Sean2525's Avatar
    Sean2525 is offline
    Forum Moderator 
     Merchant   $200 Credit    Premium: 500->750 hours used  Free Bots: 20->100 hours used  99 Miner 
    Join Date
    Jun 2012
    Location
    USA
    Posts
    419
    Mentioned
    41 Post(s)
    The staff doesn't care is a very bold statement. Only RiD has access to the site so that's irrelevant to me honestly. RiD is putting all his focus into Genesis and he did say once it's released and not in beta the site will get some updates. So unless you know exactly what your talking about don't make statements for someone else.
    Make sure to read the discord thread before sending a PM.

    Discord thread - Come join us (All users!)

    Need help with an issue? Download the RealVNC and send me a request on here. Ill help you setup your bot or attempt to fix any other issues you may have.

  7. #5
    Join Date
    Oct 2016
    Posts
    6
    Mentioned
    0 Post(s)
    "seemingly" was a fairly important word in what I said. Every response I've seen to any of the issues I mentioned has given the impression that the staff don't give a shit about the website. The only actual response on the SSL issue was that until the site is "operational" with an active product, it's not worth renewing the cert. Which is bullshit. This is a live website with active users - do you not want to give the users the best security you can? Or, going back to my original point, do the staff just not care? Adding a new SSL cert with LE is trivial. I'm sure if RiD is unwilling to give somebody else who knows what they're doing access to do so, he could take 10 minutes out of his busy schedule to do it himself.

  8. #6
    Join Date
    Mar 2015
    Posts
    861
    Mentioned
    114 Post(s)
    It is a bummer that you have not had a good experience thus far.

    I am going to deliberately ignore your first two points because as Sean said before, RiD handles all of that himself so there is little anyone else can do about it. As far as the user experience, I suppose I can see how, at first glance, the site seems a little rough around the edges - because in some aspects, it is. Take the editor for example; it has been this way for as long as I have been on this site, and I am guessing for a lot longer. Again, at first glance it seems broken, however it definitely works (despite the icons missing) and really the missing icons is sort of a running joke around here. Once you learn where things are in the editor you actually forget that they aren't labeled. or at least I have

    In terms of the HelpDesk, what exactly were you looking at that was unclear? I myself just took a look through and didn't see anything that was unreasonable, but perhaps my familiarity with it has given me a different perspective. If you can point me to what you were looking at, I can do my best to provide some clarity.

    Lastly, as Sean also said, right now all of RiD's attention is focused on Genesis development. Those of us who have been participating in the testing phases know how much has been put into it thus far, and have all pretty much accepted that anything non-development related has been put on the back-burner. You may or may not agree with this decision, but this is what the Site Administrator has decided, and that's how it is going to go for now. I appreciate the feedback you have given, and if you see anything else that could use some improvement certainly let us know! If it is related to core site functionality there is likely little we can do; however, if it is something such as "these instructions <here> need to be updated" or the like, then we can probably get something worked out.
    Last edited by iStokee; 07-05-2017 at 05:06 PM.


    "The one who plants trees, knowing that he will never sit in their shade, has at least started to understand the meaning of life." - Rabindranath Tagore
    "
    We speak to you as if you are not human. Because to us, you are not. To us, you are members of the family of light"

    Donations may be given by clicking the green Donate button at the top of the forum

  9. #7
    Join Date
    Oct 2016
    Posts
    6
    Mentioned
    0 Post(s)
    First, thanks for the first response that actually contains something relevant to the points I brought up, rather than just avoiding it with ad hominem attacks.

    Familiarity with a site preventing you from seeing glaring UX issues is a very common issue. While you know where all the buttons on the editor are, people like myself who have only just joined the site have no idea. It doesn't really make for a great user experience to have to hover over each blank square to see what it actually does.

    My HelpDesk point was referring to this: http://i.imgur.com/yuZgIvT.png

    In the helpdesk article explaining how to create a new ticket (which, by the way, should not be necessary), it correctly outlines how to find that exceptionally badly placed button. My main issue was the placement of those buttons. It's not even clear at a glance that they are, in fact, buttons. The huge, non-dismissable alert telling me that "Genesis Beta is now available to non-ViPs" doesn't help in this regard. Having an article which clumsily explains to the user where those buttons are isn't a great solution.

    I do get that RiD is busy working on the bot, but I also have enough experience in the development industry to know that there's a fairly significant chance that either these things will never be fixed, or they will be rushed and fixed badly. This is almost always the case when the entirety of development is done by a single person. I apologise if I was overly aggressive in my first post, but again, seeing that my job for the past 7 years has revolved around creating and managing websites, and evaluating UX, seeing a website as poor from a UX perspective as this one frustrates me to no end. Mainly because none of the issues I've outlined are difficult to fix.

    Also, for anyone who doesn't understand why SSL is a big deal - let's say you log into this site on any sort of public network, be that an internet cafe, library, whatever. If somebody happens to be watching traffic on that network, they can see exactly what you're typing into any form on this site. That includes your username and password. The plaintext passwords don't really come into play here since as far as I know, the software used on this site (vBulletin, etc) don't actually hash passwords until they hit the server side. I may be wrong there, I've never actually used vBulletin, only read the docs. It's still exceptionally dumb to store passwords anywhere in plaintext though.

  10. #8
    Join Date
    May 2014
    Posts
    138
    Mentioned
    11 Post(s)
    looks like someone watched to much mr robot

  11. #9
    Join Date
    Dec 2014
    Posts
    657
    Mentioned
    40 Post(s)
    I've wasted some of my time to read this post, and from what I have gathered, is you Sir need to relax and chill, perhaps smoke some of the devils lettuce and mellow out. I'd prefer RiD to use what ever time he has to Genesis development then working on the things you are pointing out. I'm sure many think the same way.

    The site works perfectly fine now, Once Genesis moves out of BETA and is released for consumers then yes I agree the site needs some work but nothing that really needs to be done now.

  12. #10
    Join Date
    Mar 2015
    Posts
    861
    Mentioned
    114 Post(s)
    Alright gents, no need to flame the OP for simply expressing the concerns he has about the site, especially given that he has done so rather articulately. RiD has seen this post and has undoubtedly noted the concerns expressed here, so he will do with that information whatever he deems necessary.


    "The one who plants trees, knowing that he will never sit in their shade, has at least started to understand the meaning of life." - Rabindranath Tagore
    "
    We speak to you as if you are not human. Because to us, you are not. To us, you are members of the family of light"

    Donations may be given by clicking the green Donate button at the top of the forum

  13. kor liked this post
  14.  

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •