open All Channels
seplocked EVE Information Portal
blankseplocked New Dev Blog: The new EVE forums - technical underpinnings
 
This thread is older than 90 days and has been locked due to inactivity.


 
Pages: 1 [2] 3 4 5

Author Topic

Vestor
Posted - 2011.05.02 14:22:00 - [31]
 

Quote:
Now some have worried that by choosing an Open Source solution we have to reveal the source code thus making your accounts and activities in EVE Gate vulnerable. This is not the case here as we have purchased a commercial license to YAF so we can properly protect our efforts.

I certainly hope that CCP sreegs will be able to refute the implicit statement that making the source code available equals to having security risks, as this statement reeks of FUD against open source (and I doubt you meant to do that).
If you guys *do* think that keeping the source closed helps your security, that is just another major security hole in the making.
Did the people who discovered the existing bugs have the source code? No, but they were able to exploit them anyway.
This is probably CCP something already knows, and it would be a lot more elegant if you tried to explain the irrelevance of open vs closed source in security matters to those who complain, instead of just saying 'we switched to closed source as you are telling us we should'.

Note that I applaud CCP for purchasing a license, so that YAF can reap some monetary rewards for their efforts and CCP can have proprietary private code.
I suspect that many of the modifications would be EVE-specific and contributing them back may make no sense, so YAF may not lose out on too much there. And even if you buy a commercial licence you can still contribute :)

CCP Karuck

Posted - 2011.05.02 14:37:00 - [32]
 

I think the reason not to publish our modified forum code is mostly because it's tied into EVE specific code and services. For example the new forums are integrated into EVE Gate and use common internal services, so that code simply wouldn't work for anyone else outside our environment. Of course we could have structured the code in a different way to be more generic, but that's also more work.
There are performance optimizations and features like the new search that the YAF community could have benefited from, but the decision was made to take the quicker approach.

Mashie Saldana
Minmatar
Veto Corp
Posted - 2011.05.02 14:52:00 - [33]
 

So what is the new revised timeframe for doing the forums right™? Before or after Christmas?

Bomberlocks
Minmatar
CTRL-Q
Posted - 2011.05.02 15:02:00 - [34]
 

Originally by: CCP Rhayger
Originally by: Ix Forres
Originally by: Louis deGuerre
You gave us quite a scare CCP, but good for you that you have the balls to own up to your mistakes.

Oh, and the 'unlike' thing ? Change it to 'dislike' and all will be forgiven Wink


We have yet to see any evidence that CCP has internally distributed blame for those mistakes. That's what takes balls. Not going "Whoops, we're sorry!" in public. When people are packing their bags, then we'll know CCP has changed - for the better, for EVE.


Not sure what you are looking for, blame is clearly on me for technical direction, the dev team for the coding flaws and the QA staff for not catching the errors. Blame isn't the important thing in my eyes, we screwed up and each of us knows it and owns up to it - the important thing is to find the flaws, fix them and then most importantly make significant changes so that it does not happen again.

I tell my teams consistently I prefer not to make mistakes, but they will happen especially if you are pushing hard - what I do have a problem with is repeating mistakes and that's where the focus is.

As for this blog not spelling out exactly what went wrong, this blog was intended to answer the question "Why did you use YAF? and what did you do to it?". We're going to do another blog entirely on what went wrong, why and what we are doing to address it



You know after all that yadda yadda and the resulting catastrophic mess that you made, all I see is people unable to port the existing forum's ASP code to VB.Net/ASP.Net. You had (and currently have) a working solution, yet you chose to go with something with which you obviously had no experience and had no idea what you were doing.

NOBODY was complaining about the way the current forum looks. They were complaining about the lack of functionality that would have been easier to be added on than coding blind.

Ranger 1
Amarr
Ranger Corp
Posted - 2011.05.02 15:29:00 - [35]
 

There sure is a lot of fury flying about for something as trivial as a forum.

I suppose it just goes to show that for many of the more outspoken EVE players, the forums are their main focus.

For my part, I don't mind the old forums. I didn't mind the new ones either (I fully expected the whistles and bells to show up a bit later).

The forums are simply a handy way for EVE players to communicate, and frankly any old forum is good enough for that (although the tie ins to EVE Gate will be pretty nice once complete). All this turmoil over a failed launch is pretty over the top.


Vestor
Posted - 2011.05.02 15:33:00 - [36]
 

Originally by: CCP Karuck
I think the reason not to publish our modified forum code is mostly because it's tied into EVE specific code and services.
[...]
Of course we could have structured the code in a different way to be more generic, but that's also more work.


Those are good reasons to go closed source (as I mentioned in the second part of my post - I had not even thought of the extra costs when you want to make stuff generic which is needed to contribute back).
As long as the not-mostly part isn't security, which is what the fist part of my post was about Wink

Bagehi
Association of Commonwealth Enterprises
Posted - 2011.05.02 15:36:00 - [37]
 

Perhaps you guys could add some form of "dislike" option for assembly hall, etc, so we can self-police some of the trolling. Ah well. Good luck on v2.

Dierdra Vaal
Caldari
Veto.
Veto Corp
Posted - 2011.05.02 15:45:00 - [38]
 

Edited by: Dierdra Vaal on 02/05/2011 15:48:10
Originally by: CCP Rhayger
Not sure what you are looking for, blame is clearly on me for technical direction, the dev team for the coding flaws and the QA staff for not catching the errors.


Whether justified or not, a lot of people feel a screw up like the one that happened isn't just a mistake - it's a hanging mistake. In a lot of corporations, leaving such elementary, basic security holes in place is something you (in a general sense, not personal) get fired for, or at least demoted. I think a number of people are wondering if there are any internal repercussions for the people responsible for this, or if it's just a simple "well guys lets try not to do this again".

Originally by: CCP Rhayger
As for this blog not spelling out exactly what went wrong, this blog was intended to answer the question "Why did you use YAF? and what did you do to it?".


To be fair though, you don't really explain why you used YAF beyond some extremely vague statements about it being the best suited. There's no explanation of your comparison process, no explanation your estimates on how long it would take to convert various existing packages and no estimates on how long it would take to build from scratch. At this point I still don't know WHY you've chosen YAF - just that you have.

In all, the devblog gives very very little, if any, real information.

Sarmatiko
Posted - 2011.05.02 15:49:00 - [39]
 

Originally by: Touring Eve
EMail subscriptions are unnecessary, EVEMail would be enough for me, or even a separate subscriptions page accessible through EVEGate.

For you maybe, for the other user maybe its necessary. I really can`t imagine why CCP have cut half of the standard YAF functions from message editor. If this is about speed optimizations and database size - why there was horrible super slow "Like it" system and why there was no limit for the message edit history?

CCP Karuck

Posted - 2011.05.02 15:54:00 - [40]
 

Some people sure are out for blood, should we have a public execution in nullsec maybe? :) I hope we'll give you guys details later on what really happened, but let me just say that things aren't as simple as many of you make them out to be... but I know they certainly look that way.

Sure it was a serious and embarrassing exploit, but exactly how it happened needs a longer and careful explanation. All the developers involved in this project are very competent developers but as anyone who has worked in software development knows, things can "fall between the cracks" in more complex systems and especially when integrating multiple systems together.

I hope we can win your trust back some day :)

Razin
The xDEATHx Squadron
Legion of xXDEATHXx
Posted - 2011.05.02 15:54:00 - [41]
 

Originally by: CCP Rhayger
The goal is to fix the flaws, make some improvements based on your feedback and release the new forums when they are truly ready.

Why do I get the feeling that when this is released again nothing will change in regard to user suggested changes? The quotes will still be too big, color scheme/font will still hurt your eyes, there will be no user customization, and there will still be no breadcrumbs at the bottom of threads. But we will still be able to 'like'.

Steve Thomas
Minmatar
Sebiestor Tribe
Posted - 2011.05.02 15:56:00 - [42]
 

This is going to sound Ironic comeing from me.

and remember I honestly dont have a problem with you going the way you did.

But now you know why your kind of buisness cant be too Deadline focused. all too often it becomes a Drop dead line. you already had something that worked just fine. there was no need to rush it out the door.

Dierdra Vaal
Caldari
Veto.
Veto Corp
Posted - 2011.05.02 16:00:00 - [43]
 

Originally by: CCP Karuck
All the developers involved in this project are very competent developers but as anyone who has worked in software development knows, things can "fall between the cracks" in more complex systems and especially when integrating multiple systems together.


This is true, but proper systematic process can go a long way to prevent things falling through the cracks. And proper systematic processes is exactly something that is systematically lacking throughout CCP based on my experience in the CSM. And unfortunately, despite several process (or lack thereof) related problems in the past, there doesn't seem to be a strong push inside CCP to change this.

Sturmwolke
Posted - 2011.05.02 16:02:00 - [44]
 

http://cdn1.eveonline.com/community/devblog/2011/redneck.png

Interesting choice of pic. It shows a redneck (I will assume from the pic name) holding up a placard "Get a brain! morans".
That's a perfectly fine statement, except for the mis-spelling of "morons". The joke then rebounds back to the person holding the placard, for being too stupid spell a simple word.

Now, depending on who's looking, that can be construed or alluded as hubris and disdain towards the EVE community for lighting up the fires on the new forums. Rather than approaching this with proper decorum and humility, CCP have decided to slyly throw a troll back at the community.

Is that the public face that you want to potray?
Remember, EVE players have long memories.

CCP Karuck

Posted - 2011.05.02 16:05:00 - [45]
 

Sorry, we don't feed trolls :)

CCP Rhayger

Posted - 2011.05.02 16:18:00 - [46]
 

Originally by: Sturmwolke
http://cdn1.eveonline.com/community/devblog/2011/redneck.png

Interesting choice of pic. It shows a redneck (I will assume from the pic name) holding up a placard "Get a brain! morans".
That's a perfectly fine statement, except for the mis-spelling of "morons". The joke then rebounds back to the person holding the placard, for being too stupid spell a simple word.

Now, depending on who's looking, that can be construed or alluded as hubris and disdain towards the EVE community for lighting up the fires on the new forums. Rather than approaching this with proper decorum and humility, CCP have decided to slyly throw a troll back at the community.

Is that the public face that you want to potray?
Remember, EVE players have long memories.


* shrug *

I just thought it was a funny picture that poked fun at US for screwing up. I wouldn't read that much into it

Grimpak
Gallente
Midnight Elites
Echelon Rising
Posted - 2011.05.02 16:19:00 - [47]
 

Originally by: CCP Karuck
Some people sure are out for blood, should we have a public execution in nullsec maybe? :) I hope we'll give you guys details later on what really happened, but let me just say that things aren't as simple as many of you make them out to be... but I know they certainly look that way.

Sure it was a serious and embarrassing exploit, but exactly how it happened needs a longer and careful explanation. All the developers involved in this project are very competent developers but as anyone who has worked in software development knows, things can "fall between the cracks" in more complex systems and especially when integrating multiple systems together.

I hope we can win your trust back some day :)


from the user POV, the perception is that the work was rushed and didn't get proper QA.

the "new" forums would've been more accepted if the feedback from both testing phases was taken into account, or at the very least a statement on explaining why they weren't done on release day.

CCP Rhayger

Posted - 2011.05.02 16:21:00 - [48]
 

Originally by: Steve Thomas
This is going to sound Ironic comeing from me.

and remember I honestly dont have a problem with you going the way you did.

But now you know why your kind of buisness cant be too Deadline focused. all too often it becomes a Drop dead line. you already had something that worked just fine. there was no need to rush it out the door.


The release of the forums wasn't unduly pushed by deadlines. I can honestly say if we were aware of quality issues we would definitely have delayed launch. What is way worse, honestly speaking, is that we didn't catch these quality (security) issues. That is what we are focusing on addressing

CCP Rhayger

Posted - 2011.05.02 16:23:00 - [49]
 

Originally by: Grimpak
Originally by: CCP Karuck
Some people sure are out for blood, should we have a public execution in nullsec maybe? :) I hope we'll give you guys details later on what really happened, but let me just say that things aren't as simple as many of you make them out to be... but I know they certainly look that way.

Sure it was a serious and embarrassing exploit, but exactly how it happened needs a longer and careful explanation. All the developers involved in this project are very competent developers but as anyone who has worked in software development knows, things can "fall between the cracks" in more complex systems and especially when integrating multiple systems together.

I hope we can win your trust back some day :)


from the user POV, the perception is that the work was rushed and didn't get proper QA.

the "new" forums would've been more accepted if the feedback from both testing phases was taken into account, or at the very least a statement on explaining why they weren't done on release day.


That will come with the next blog. As mentioned this wasn't a case of rushing, this was a case of missing flaws which is a different but equally troubling problem that is critical to address. I'm not downplaying it, just want to make sure there isn't misconceptions that anyone pushed this to get released prematurely. That was not the case.

Steve Thomas
Minmatar
Sebiestor Tribe
Posted - 2011.05.02 16:30:00 - [50]
 

Edited by: Steve Thomas on 02/05/2011 16:31:06
Originally by: CCP Rhayger
Originally by: Steve Thomas
This is going to sound Ironic comeing from me.

and remember I honestly dont have a problem with you going the way you did.

But now you know why your kind of buisness cant be too Deadline focused. all too often it becomes a Drop dead line. you already had something that worked just fine. there was no need to rush it out the door.


The release of the forums wasn't unduly pushed by deadlines. I can honestly say if we were aware of quality issues we would definitely have delayed launch. What is way worse, honestly speaking, is that we didn't catch these quality (security) issues. That is what we are focusing on addressing
Well looking at things from our side, it did seem that there was a bit of a push to push it out.

That said, at least you did not announce that Obama was dead the way a Fox News station did.

and better yet, you did not pull the boner that PSN did last week,.

Ranger 1
Amarr
Ranger Corp
Posted - 2011.05.02 16:36:00 - [51]
 

Originally by: CCP Rhayger
Originally by: Sturmwolke
http://cdn1.eveonline.com/community/devblog/2011/redneck.png

Interesting choice of pic. It shows a redneck (I will assume from the pic name) holding up a placard "Get a brain! morans".
That's a perfectly fine statement, except for the mis-spelling of "morons". The joke then rebounds back to the person holding the placard, for being too stupid spell a simple word.

Now, depending on who's looking, that can be construed or alluded as hubris and disdain towards the EVE community for lighting up the fires on the new forums. Rather than approaching this with proper decorum and humility, CCP have decided to slyly throw a troll back at the community.

Is that the public face that you want to potray?
Remember, EVE players have long memories.


* shrug *

I just thought it was a funny picture that poked fun at US for screwing up. I wouldn't read that much into it



I'm quite sure it was unintended, which makes it's accuracy even more amusing. Laughing

Don't sweat it, most of us aren't as hyper sensitive as Sturmwolke.

Grimpak
Gallente
Midnight Elites
Echelon Rising
Posted - 2011.05.02 16:37:00 - [52]
 

Originally by: CCP Rhayger
Originally by: Grimpak
Originally by: CCP Karuck
Some people sure are out for blood, should we have a public execution in nullsec maybe? :) I hope we'll give you guys details later on what really happened, but let me just say that things aren't as simple as many of you make them out to be... but I know they certainly look that way.

Sure it was a serious and embarrassing exploit, but exactly how it happened needs a longer and careful explanation. All the developers involved in this project are very competent developers but as anyone who has worked in software development knows, things can "fall between the cracks" in more complex systems and especially when integrating multiple systems together.

I hope we can win your trust back some day :)


from the user POV, the perception is that the work was rushed and didn't get proper QA.

the "new" forums would've been more accepted if the feedback from both testing phases was taken into account, or at the very least a statement on explaining why they weren't done on release day.


That will come with the next blog. As mentioned this wasn't a case of rushing, this was a case of missing flaws which is a different but equally troubling problem that is critical to address. I'm not downplaying it, just want to make sure there isn't misconceptions that anyone pushed this to get released prematurely. That was not the case.

then it feels that both internal testing and QA failed miserably here.

Mynxee
Veto.
Veto Corp
Posted - 2011.05.02 16:42:00 - [53]
 

Originally by: Mashie Saldana
Originally by: Meissa Anunthiel
Originally by: Chruker

Other than that the biggest flaw in the forum is that you chose not to include the content of the old forum.


They consulted previous CSMs on the matter, and given the volume, we told them it was acceptable as long as the existing forums stay archived and reachable.
Just for the record...

Bad bad CSM. To port the old forum database across should be the top priority of any new forum. If it for some reason is technically utterly impossible to do it all, at least migrate all threads that are less than 90 days old.

From a user perspective it will be aweful to jump back and forwards between the forums when you link to old information.


Mashie, its not like any other option was ever on the table. As I recall, the conversation went more like this:

CCP: "Sorry, can't port old forums content due to technical issues."

CSM5: "That is not so great on many levels. <insert a bunch of obvious issues and what-if suggestions from CSM5>."

CCP: "Nope, no can do, sorry. Can only maintain old forums as an archive."

CSM5: "Sucks; but archive is the minimum acceptable situation, if that is all you can/will do."

Sturmwolke
Posted - 2011.05.02 16:57:00 - [54]
 

Originally by: CCP Karuck
Sorry, we don't feed trolls :)


Not really. If you remember the responses behind the T2 moon exploits, there was an unprecedented amount of transparency and thoroughness in addressing the public; to explain what had happened. Proper decorum. Granted the new forums aren't on a similar scale, however, it is still a serious case of trust breaking.

Whether you'd want to personally perceive what I posted prev as a troll or not, well, it doesn't matter. It will resonate with people (within CCP) who would take these things seriously, while the other half will more than likely dismiss it as nitpicking a little fun troll and laugh in my face for being a prude.

I can tell you however, some folks in the community will pick up the allusions and remember you for your actions. Now, in the overall scheme of things, maintaining proper decorum costs you nothing except words (and perhaps a little pride/ego swallowing) ... but you decided to pick a nice picture to troll/get back at the public anyway, to hell with what they (may) think.

Razin
The xDEATHx Squadron
Legion of xXDEATHXx
Posted - 2011.05.02 16:57:00 - [55]
 

Originally by: Mynxee

CCP: "Sorry, can't port old forums content due to technical issues."


Back then this probably seemed like they were blowing smoke. However now, in hindsight, it looks like maybe they were telling the truth, and parsing a bunch of text was really beyond their competence.

Raoul deChagny
Posted - 2011.05.02 17:03:00 - [56]
 

Quote:
That said, we are big fans of Open Source initiatives and if we note issues in YAF that we come up with improvements for we will communicate that back to their project team to benefit the YAF community.


Like how to strip away all the forum security? Ha!
Quote:

performance improvements


Then why did it run so awful? Including poor loading times, a huge background image (thank gawd for adblock plugins), and poorly coded text entry?

Sorry about the cynicism, but developer attitudes about spacebook and player privacy (or the disregard of) and usability have been a big fat insult since it opened for testing. With how awful spacebook is for a user, and how awful the first failed run on the forums was I honestly feel a little sick to my stomach in anticipation for how badly you guys will fail when the API will be pushed through evegate. As soon as account management is pushed through evegate, I'll stop paying for EVE. I don't want my credit card information in a system with such an abysmal track record. And I really don't have the confidence in the web team to trust them to EVER handle the software that might handle my real $ accounts.

Sturmwolke
Posted - 2011.05.02 17:18:00 - [57]
 

Originally by: CCP Rhayger
* shrug *

I just thought it was a funny picture that poked fun at US for screwing up. I wouldn't read that much into it



This is EVE. The players' senses are heightened tenfold, mainly due to the nature of the game.

If I saw that, I wouldn't doubt others saw that too and wondered a little on your sincerity - the rest of your blog will be viewed differently. Yes, of course as you said it may be a genuine snafu, but that just tells me you're not paying attention. Very Happy

Do not underestimate the community's penchant for poking you again for another snafu. Twisted Evil

Kerfira
Kerfira Corp
Posted - 2011.05.02 17:24:00 - [58]
 

Edited by: Kerfira on 02/05/2011 17:24:16
Quote:
We will do another public test phase to get your feedback and there will be more details on that soon.

Just one question... Why should we trust that you'll actually react to the feedback this time?

More or less ALL the usability issues were raised in the last rounds of public testing, and just about NOTHING was done about them before the new forums were released.

The old forums are not good, but that the new ones managed to make one long for the old ones was not a good accomplishment...

What you really should do is keep BOTH forum running, continuously improving the new one as issues are pointed out. Then, when people naturally migrate away from the old forum, you KNOW that you've made a better one, and can at that point retire the old forums.

PS: Migrate the old content! (at least the non-locked threads)

Helicity Boson
Amarr
The Python Cartel.
The Defenders of Pen Island
Posted - 2011.05.02 17:34:00 - [59]
 

I find the frivolent nature of this blog and the insidious downplay of the INCREDIBLE and completely INCOMPREHENSIBLE levels of INEPTITUDE of the fabled "web cell" to be insulting at worst, and borderline lawsuit material from your shareholders at best.

If you're not going to fess up to the fact that your webcell is completely not up to the task of creating secure web services for us to use, I feel you will only learn when it's much too late.

Sony can afford to accidentally derp 10 million credit cards, you certainly can not. And with the degree of competence that is on display here it's not a question of "if" but "when".

Don't say I didn't warn you.


Helicity Boson
Amarr
The Python Cartel.
The Defenders of Pen Island
Posted - 2011.05.02 17:44:00 - [60]
 

Originally by: CCP Karuck
Some people sure are out for blood, should we have a public execution in nullsec maybe? :) I hope we'll give you guys details later on what really happened, but let me just say that things aren't as simple as many of you make them out to be... but I know they certainly look that way.


Protip buddy, they EXACTLY as simple as they appear, you do not have a competent web team, and you let slip a security hole so basic and moronically easy to predict that even _I_ was able to exploit your system in all of 30 minutes. And I'm not even a programmer or a hacker. Do you even understand how it worked?

Originally by: CCP Karuck

Sure it was a serious and embarrassing exploit, but exactly how it happened needs a longer and careful explanation.


Protip 2: you don't go "sure it was" when you follow it up with "serious exploit". Don't downplay the magnitude and potentially harmful effects this immense failure could have caused had we not gone to extreme lengths to contact your guys to pull the plug BEFORE someone got hurt. Sorry about the ski trip btw, I'm sure you were looking forwards to it.

Originally by: CCP Karuck
All the developers involved in this project are very competent developers but as anyone who has worked in software development knows, things can "fall between the cracks" in more complex systems and especially when integrating multiple systems together.


very competent developers do not let authorization systems that appear to be coded by a 12 year old into live environments. very competent developers also audit and pen test their web apps before putting them live. Very competent developers would not let your forum identity be determined by a clear text string held on the client You need to stop posting, because you're seriously making it all even worse.

Originally by: CCP Karuck
I hope we can win your trust back some day :)


Sure you can, when they fire the entire web team and get some professionals to build their web services.


I can't even understand where you found the sack to post this reply.

Are you a professional?
Do you think this is the appropriate tone to take when you let your grossly incompetent webteam get away with what it did?

I don't care for your jokes, I don't care for your smileys, there needs to be people fired, and you damned well know it.
So I suggest you drop the downplay-with-smileys-please-forgive-me act, and get with the program, this is just another in a long string of grievous CCP failures, and the second example of how the webcell should all be fired on the spot.

(how many man hours did it take you to code a very poor twitter clone that nobody even likes again?)

I'm reaching the very limit of my patience with you lot.



Pages: 1 [2] 3 4 5

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only