Posts Tagged ‘sucks’

How *not* to run a business public web site – twoo.com

2015-12-03 07:26:18 PDT

Egad, yuck, what a negative experience.

Here, folks, a set of examples of how not to run a business public web site – at least not if one wants to be successful and set a good impression.
All these examples from twoo.com within the last 12 hours (and very little interaction with the site to encounter all these issues and problems):

  • Do a major site transition with radical jaring changes, blast out an email to all your users of the old site that they should login to the new site and activate their account on the new site, and do this just before or right at the beginning of a scheduled maintenance outage … yes, they actually did that – jeez, what idiots (NARS – I think “Not A Rocket Scientist”). So, the user experience? – haven’t used the site in months or more, get this email, go to old site (hey, who knows if the email is legit – it was sent from new domain, not old), old site redirects to new, new … yeah, it’s down for maintenance – planned scheduled maintenance – ugh … idiots. So the new user experience is new site that’s 100% down when visited (at least for the first half hour or more). This also fails the “high availability” criteria – such sites should be high availability – not to mention their other idiocy.
  • At least security sensitive stuff should generally enforce https, or at least support it. And yes, also with valid good strong SSL certs. twoo.com and their ilk/history generally blows it. So, at some point, formspring.me became spring.me, and highly recently, spring.me became twoo.com. My login information I’d saved, was still for formspring.me … whatever, go to formspring.me, redirects to spring.me, redirects to twoo.com down for maintenance page. Retry some hours later … and look a bit more closely. https://www.formspring.me/ – certificate expired (like what, they can’t spend the $10.00 USD per year or so or can’t even bother?). So, if I ignore the expired cert bit, I then find it’s also incorrect cert – the site cert is not for formspring.me, but for spring.me. Not okay, whatever, so they suck, blow through that and see what’s next … I find both https://formspring.me/ and http://formspring.me/ do a 301 (“permanent”) redirect http://spring.me/ – drops the https when redirecting from https. Yet another screw up. So, let’s pick up at https://spring.me/ – egad, idiots! – yet another cert error – the cert on that site is for twoo.com, not for spring.me. So, if we blow past that error, their next idiocy – surprise surprise, yes, they redirect again, but this time only 302 – “temporary” (like what, they’re really planning to bring back spring.me after they’ve already effectively announced their killing of it?) – but not only that, it redirects from https, again to insecure straight http … on the http://twoo.com/ site. And if you go to their login/sign-in page … it’s http … though one can manually force it to use https, but everything on their site defaults to http, and often links back to http, not https.
  • So, finally login on their site and … Do a rough, disruptive transition. formspring.me became spring.me – whatever – not sure how long ago that was, and then highly recently, spring.me became two.com. Everything that was good/unique/interesting with formspring.me (and possibly also spring.me – not sure when that change was) is gone (quite unique question/answer forum & community, etc.), and it’s all been replaced with yet another dating/matchmaking site – pretty much an okcupid.com wanna be – at least as far as I can tell – but a much more stupid, limited version thereof – basically a half-hearted attempt … well, really, not even anywhere close to half, … more like 5 to 10% effort – if even that. A sucky poor version of what they apparently wannna be, and they dropped everything that was relatively good with what they are. Yep, that’d be a way to kill a business and be stupid and tick off customers/users.
  • So, what the hell, on the site, haven’t logged in in a long time, … not even sure when I last changed password on site, … let’s change password – and, bloody thing defaults to http – so manually force it to https. So, navigate to the password change section, paste in old password, and new password and a second time for confirmation, click the CHANGE button and … nothing. WTF? Click it a whole bunch more times … nothing. Did it change it? Hell if I know. Let’s check. Logout. Try login with new password, it fails – and they also so very unhelpfully and misleadingly, give a message that they’ve emailed me a link to instantly log in – bloody hell, the password change didn’t take, *and* they send me in clear plaintext unencrypted email a URL to instantly login – I requested no such email – after all, that’s what the dang “I forgot my password” links are for, right? But I’d clicked no such link. Whatever, I try the login another time or two – same damn message each time about it sending me an email … oh, which by the way they sent no such emails – so they’re not even consistent with what they say. Bloody heck. So, … try old password again … it authenticates. Try the password change exercise a few more times – each time, same results. Yet another time with the password change interface … and I eventually figure out if one pastes the data in the fields it ignores it – damn friggin’ idiots. Don’t they know smart secure folks use password management, and pick good strong secure passwords, and typically don’t type the damn passwords in? E.g. a typical password of mine might look like yflflwx0)7+CvT0t7y*g … oh, and “of course”, would be different for every friggin’ site, account, etc. – you don’t think I actually memorize and type all those in, or even manually type ’em every time? Now, if my password was something stupid like “secret” and I used it on every friggin’ site, maybe I’d type it … or program it into a hot key on the keyboard or such … but I’m not that stupid nor insecure. Anyway, so, have to actually type the passwords in – or, well, at least the last character of each string – bloody annoying … anyway, do that, and looks like it finally takes it – even has one of those “password strength” indicators – okay, so that very last bit not exactly bad. But then [insert drum roll] click the CHANGE button and …: Internal Server Error – Read The server encountered an internal error or misconfiguration and was unable to complete your request. Reference #3.4d42ddc2.1449152193.16f5aa53 UGH! You gosh darn idiots! Sites ought be able to take secure passwords – that means at least arbitrary ASCII printable characters plus [space] character, and if not arbitrary length, at least quite long – e.g. preferably at least 20 or more characters, and preferably quite a bit more than that (some folks use quite long passphrases), and certainly don’t limit it to something quite short (e.g. limiting to 8 or fewer is generally quite bad), and if one has some specific limitations – e.g. can’t take certain characters, or only allow certain characters, or has some minimum, or maximum, or must have some other construction rules, then preferably state those restrictions up front before one enters new password (like before one has bothered to pick or generate one that doesn’t satisfy the site’s limitations), but if one can’t do that, at least after rejecting a password, state exactly why – if one can’t state the limitations up front, at least state the limitations upon rejection. But bloody hell, don’t just friggin’ outright fail. Idiots. That generally indicates flawed – and often vulnerable code. Oh, geez, and with password input – a security sensitive area? Trust these guys? I wouldn’t trust ’em any further than I could spit ahead of me in a 100 MPH headwind. What a crap site.
Advertisements

You know your life sucks, when …

2013-04-23 04:10:27 PDT

Okay, not to be taken too seriously, but

“You know your life sucks, when …”

It’s Sunday, not too far into Sunday, but certainly well into the weekend.  You find yourself looking forward to work Monday.  Not because the work or Monday’s work is all that great, no, not at all, it’s just okay.  Okay, dreading it too, but also quite looking forward to it.  It’s just that, well, compared to the non-work life and one’s weekend … work, pleasant distraction?  No, more like slightly (seemingly) preferable distraction from the void of one’s life.  And, most of the workweek, one looks forward to the weekend and even evenings, ’cause, well, it’s not work, and the work is far from enthralling.  <sigh>

Connections, interactions – find that highly lacking.  So, one goes out, interacts, does some volunteer stuff, talks with some folks, some fresh air and sunshine even.  And, well, certainly at least for the most part (with zero to negligible exception), feel like one’s still (and quite objectively) isn’t really making any “connections” – no real traction “there” … or … really quite anywhere.  Really nothing, or not much, beyond idle chit-chat.  Some faces, some chit-chat, maybe slight bit more, maybe some first names, and then … nothing.  And, … after, doing/attempting, over, and over, and over and over and over, ad nauseum, really, is it even worth trying, and trying again, and again, and again, and again and again, etc.?  Hardly seems worth it – if at all.  Really gets to be kind’a to quite tiring/exhausting/depressing after a while, particularly when essentially the same pattern repeats over and over and over and over, with little to nothing (mostly lots of nothing) to show for it.  Why bother trying?  After all, it does quite feel like just repeatedly banging head into a brick wall.  Is there some point to it?

The most exciting thing of your evening/night, is when, at 2:54 A.M. your smoke detector battery wants to be replaced.  And it’s not that exiting – at all.  But you were already awake anyway, before it gave that first “chirp”.

And, what would life be without humor, or … at least irony?  So, … communication – damn important to me.  Call it essential need.  Touch – human touch – call that at least highly important “want” with me … can survive without, but surviving isn’t the same as living.  So, most friggin’ fantastic wonderful of friends.  :-)  Ain’t that great!  :-)  Yup, love that friend!  Uhm, but … through no one’s fault at all … communication … severely limited, and touch?  Nope, not even like a handshake or a pat on the back.  Again, nobody’s fault at all, but just how it needs be.  Ah, the friggin’ irony of it, though, eh?  “Oh well”, despite such limitations – even in crucial area(s), damn good friggin’ fantastic friend beats the hell out’a zero friends – which was essentially where I was about a year ago.

Dreams, fantasies?  Hopes, expectations?  When you find your fantasies have been “adjusted” from, well, living happily and closely with someone you’re very much in love with and highly compatible with, to … marginally interacting, but interacting a bit more, with someone you actually quite like and get along with quite well, because, well, even though the latter seems rather to highly improbable, it seems a helluva lot more “realistic” (if even not so) and probable than the former – which seems and feels so absurdly improbable as to be not only utterly unattainable, but, not even anywhere close to possible.

And so it goes.

Welcome to my life.