Archive for June, 2006

In praise of MediaWiki and Bugzilla

Thursday, June 29th, 2006

Actually, this isn’t quite what the title says, I’ve not suddenly gone crazy and used this forum for praise rather than my normal moans, but using some software recently has actually made me feel a lot better about both MediaWiki and Bugzilla, normally I’ve found them difficult to use, but with recent experience of a commercial version of these 2, I’d now positively love to use them.

Confluence and Jira

Confluence is a commercial wiki, Jira a commercial bug tracker, both are from atlassian, they say about their software:

Our software is better because:

  • we value brilliant simplicity as a point of differentiation
  • we think through the customer’s problems thoroughly, and come up with innovative solutions to their problems

from: http://www.atlassian.com/about/mission.jsp

I can’t really agree with those statements, I’ve had lots of problems with both products, they seem technically okay, there’s not really been many technical problems - non fatal script errors mostly, But the user interfaces are just so odd as to drive you crazy, you just can’t get anything done, one of the big problems is the obsessive use of POST everywhere, so things like a the results of a search doesn’t appear in the history, the user interface is completely inconsistent, there are two EDIT / EDIT links 20pixels apart, one edits the page, another edits tags on the page, it’s not at all clear which is which.

After annoying the poor guy who was looking after the installs I was using, raising bugs, moaning and being generally the annoying person I can be, I went to the atlassian people, which just turned up more problems, they have a link to popular issues which doesn’t list any popular issues for example (there is a list of popular issues, you can find it if you look hard enough.)

Most annoying though was trying to create an account on the official site, it complains if your username has a uppercase letter in it. I can’t understand this, it takes more effort to come up with a usable error message - not that they particularly have, than it does to simply lowercase the field - although quite why you have the restriction at all is another question. I’m not sure how requiring a particular format of username is “brilliant simplicity as a point of differentiation

Google checkout, does it work at all?

Thursday, June 29th, 2006

So I had a quick look at Google Checkout, expecting to see no background colour, and probably some trivial XSS exploits. I didn’t see an immediately obvious XSS exploit, but they don’t bother to sanitise the continue url or have a charset defined, so there’s probably something you can do there. More interesting were the attempts to actually buy anything. Trying on the google store failed with an

Oops!
An error occurred while processing your request.

screenshot of failed google checkout
There was no way to try again, no way to get back to me order - the first site I tried, a good example of the sort of sites you can use google checkout on, is probably the leading snorkel provision site with Bob in the url Snorkelbob.com didn’t let me use google to pay at all, so I tried Dick’s sporting goods, again, it failed, it just took me to the same oops page, with no way to return.

So whilat I didn’t immediately find the XSS flaws I expected, I definately found a service that doesn’t even begin to work, I don’t think paypal need be worried. I think stores would be rather foolish to sign up with google checkout given the failures I’ve experienced - at the very least you expect error pages to get you back to the store in question, how many lost sales will sites put up with?