Bitcoin Forum
November 14, 2024, 12:13:19 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 5 »  All
  Print  
Author Topic: [ANN] Hey, BitMe! (#bitme)  (Read 9450 times)
freewil (OP)
Member
**
Offline Offline

Activity: 92
Merit: 10



View Profile
May 15, 2012, 11:01:53 PM
 #41

Yes, javascript should never add features to the system. JS should be used to cosmetical things or to make some features easier to use. Therefore the javascript-method to disable multiple form sending is bad method. Should be done with confirmation page or something like that.

Also when you're adding an order, it should classify what went wrong if an error occurred in order placement (instead of "An error occurred!").

Turned javascript off after loading dashboard page, then clicked on Orders->New and it threw to Error 404 -page.

Yup, compatibility without javascript is a known issue.
flatfly
Legendary
*
Offline Offline

Activity: 1092
Merit: 1016

760930


View Profile
May 16, 2012, 05:36:29 AM
 #42

Hi,

a little cosmetic issue:

The password strength meter in the Join page works, but doesn't look quite right on
IE8. (There's no background color)

bencoder
Member
**
Offline Offline

Activity: 90
Merit: 10


View Profile
May 16, 2012, 12:04:51 PM
Last edit: May 16, 2012, 12:24:34 PM by bencoder
 #43

I've managed to spam the orderbook by doing tiny increments in rate and have drowned out everything on the USD side of the order book using less than 1 USD in funds. Now nobody can see what's available. I'm sure i could do the same on the BTC side if i had any left and there was anything to drown, making the orderbook useless.

I think to solve it the order book should be put into bins, so it's more a rough idea of the quantity at each rate, by combining all the quantities at the rates say between 15 and 15.01, or you shouldn't allow quite such small increments in rate. Or maybe it should be left as it is. I suppose when there's active trade across the spread it won't be an issue because those micro orders will be picked up as soon as there's a trade. But I think there should be some way to see more of the orderbook if someone does do this and while you still have low activity on there.



Not really a bug but the way the order book doesn't update even when you place an order kind of bugs me Smiley

freewil (OP)
Member
**
Offline Offline

Activity: 92
Merit: 10



View Profile
May 16, 2012, 01:25:15 PM
 #44

Hi,

a little cosmetic issue:

The password strength meter in the Join page works, but doesn't look quite right on
IE8. (There's no background color)



confirmed, 5 BTC
freewil (OP)
Member
**
Offline Offline

Activity: 92
Merit: 10



View Profile
May 16, 2012, 01:28:21 PM
 #45

I've managed to spam the orderbook by doing tiny increments in rate and have drowned out everything on the USD side of the order book using less than 1 USD in funds. Now nobody can see what's available. I'm sure i could do the same on the BTC side if i had any left and there was anything to drown, making the orderbook useless.

I think to solve it the order book should be put into bins, so it's more a rough idea of the quantity at each rate, by combining all the quantities at the rates say between 15 and 15.01, or you shouldn't allow quite such small increments in rate. Or maybe it should be left as it is. I suppose when there's active trade across the spread it won't be an issue because those micro orders will be picked up as soon as there's a trade. But I think there should be some way to see more of the orderbook if someone does do this and while you still have low activity on there.

I put this on my todo list as an enhancement. I think combining them into different "bins" is a good idea, but I don't want to do that without giving the user the ability to change at what precision it does this.



Not really a bug but the way the order book doesn't update even when you place an order kind of bugs me Smiley

Me too Smiley

5 BTC
flatfly
Legendary
*
Offline Offline

Activity: 1092
Merit: 1016

760930


View Profile
May 16, 2012, 02:03:18 PM
Last edit: May 16, 2012, 08:27:47 PM by flatfly
 #46

Looks like the current site is vulnerable to a DoS attack through the 'withdraw' method:

In the withdraw form, enter a 34-digit address and any amount of BTC (doesn't matter if you
have them or not), and quickly hit 'Enter' 30 times or more, in rapid succession. The whole site
appears to become unresponsive for at least 10 seconds.
.
Anduck
Legendary
*
Offline Offline

Activity: 1511
Merit: 1072


quack


View Profile
May 16, 2012, 02:04:25 PM
Last edit: May 16, 2012, 02:20:19 PM by raitoninglass
 #47

In IE8,
"© 2012 BitMe, LLC
Terms of Use
#bitme on FreeNode" isn't where it's supposed to be when logged in. Also header looks different.

"Last Execution BTC / USD 0.5x @ 15" is there supposed to be 0.5x something?

Also, cosmetically site doesn't work in mobile platforms. Tested with Nokia N9, functionality was good except i couldn't deposit USD another try and it worked!

freewil (OP)
Member
**
Offline Offline

Activity: 92
Merit: 10



View Profile
May 16, 2012, 02:25:00 PM
 #48

In IE8,
"© 2012 BitMe, LLC
Terms of Use
#bitme on FreeNode" isn't where it's supposed to be when logged in. Also header looks different.

Confirmed, 5 BTC

"Last Execution BTC / USD 0.5x @ 15" is there supposed to be 0.5x something?

This is the intended display, the 0.5x is the quantity and 15 is the rate. This means there was an execution of 0.5 BTC at a rate of 15 USD, (0.5 BTC was traded for 7.5 USD)

Also, cosmetically site doesn't work in mobile platforms. Tested with Nokia N9, functionality was good except i couldn't deposit USD another try and it worked!

Yup, mobile platforms is on my known issues list
Anduck
Legendary
*
Offline Offline

Activity: 1511
Merit: 1072


quack


View Profile
May 16, 2012, 02:36:27 PM
 #49

Trying IE7 now, many cosmetic problems. "Logout"-bar, header, Green/red info boxes bugging weirdly, deposit-page table (and tables overall (except orderbook page) are scaling to window width), footer info at wrong place (like in IE8), transaction-page bugging overall. Also can't, for example, place orders with IE7 (maybe applies to IE8 too) even with javascript turned on. Also can't see USA-flag at all with IE7.

Also, thanks! Smiley

EDIT: Can place orders but no notify or site changes if order placed. But if error occurs, the message will show.

freewil (OP)
Member
**
Offline Offline

Activity: 92
Merit: 10



View Profile
May 16, 2012, 02:51:01 PM
 #50

When I visit https://test.bitme.com/dashboard/transactions/USD I get a message in Chrome stating that the page is in Vietnamese.. Any idea what might be causing this?

When I click translate, commas get added to certain values. 10840 becomes 10,840

Chrome's autotranslate feature seems to be have some issues, I even just tried to explicitly set the language as english via a "Content-Language" header. Google Chrome still seems to want to offer to translate the page for some reason.

https://groups.google.com/forum/#!msg/google-translate-general/IGYJ6ODH5s4/T2Jx7Dh6JbMJ
freewil (OP)
Member
**
Offline Offline

Activity: 92
Merit: 10



View Profile
May 16, 2012, 02:51:44 PM
 #51

Trying IE7 now, many cosmetic problems. "Logout"-bar, header, Green/red info boxes bugging weirdly, deposit-page table (and tables overall (except orderbook page) are scaling to window width), footer info at wrong place (like in IE8), transaction-page bugging overall. Also can't, for example, place orders with IE7 (maybe applies to IE8 too) even with javascript turned on. Also can't see USA-flag at all with IE7.

Also, thanks! Smiley

EDIT: Can place orders but no notify or site changes if order placed. But if error occurs, the message will show.

Yeah, looks like IE needs some work, I hadn't tested it at all in IE before.
Anduck
Legendary
*
Offline Offline

Activity: 1511
Merit: 1072


quack


View Profile
May 16, 2012, 03:04:35 PM
Last edit: May 16, 2012, 11:24:25 PM by raitoninglass
 #52

I don't think support for <IE7 should be high on the priority list anyways..

Wasn't it 10% of web browsers are _STILL_ IE6! And think how much IE7 or IE8 there are..

Edit: Fordy, you're right that <IE7 shouldn't be on high priority list so people would get better browsers.

rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
May 17, 2012, 01:41:30 AM
 #53

I don't think support for <IE7 should be high on the priority list anyways..

Wasn't it 10% of web browsers are _STILL_ IE6! And think how much IE7 or IE8 there are..

Edit: Fordy, you're right that <IE7 shouldn't be on high priority list so people would get better browsers.
Even Microsoft itself hates IE6 and has launched a campaign to get rid of it: http://www.ie6countdown.com/

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
freewil (OP)
Member
**
Offline Offline

Activity: 92
Merit: 10



View Profile
May 17, 2012, 04:13:13 AM
 #54

I'm not going to support older than IE8. I think the amount of IE users in the Bitcoin community is probably significantly lower than the general population.
flatfly
Legendary
*
Offline Offline

Activity: 1092
Merit: 1016

760930


View Profile
May 17, 2012, 06:00:25 AM
 #55

Looks like the current site is vulnerable to a DoS attack through the 'withdraw' method:

In the withdraw form, enter a 34-digit address and any amount of BTC (doesn't matter if you
have them or not), and quickly hit 'Enter' 30 times or more, in rapid succession. The whole site
appears to become unresponsive for at least 10 seconds.
.


Hi Sean, have you had a chance to take a look at this one? I just want to make sure you didn't miss that post due to the high activity in the thread yesterday.
freewil (OP)
Member
**
Offline Offline

Activity: 92
Merit: 10



View Profile
May 17, 2012, 10:04:44 AM
 #56

Looks like the current site is vulnerable to a DoS attack through the 'withdraw' method:

In the withdraw form, enter a 34-digit address and any amount of BTC (doesn't matter if you
have them or not), and quickly hit 'Enter' 30 times or more, in rapid succession. The whole site
appears to become unresponsive for at least 10 seconds.
.


Hi Sean, have you had a chance to take a look at this one? I just want to make sure you didn't miss that post due to the high activity in the thread yesterday.

Hey, sorry, I started to reply before but must have gotten distracted. I'll keep this in mind but I'm not going to worry about this too much. What this does is not really that expensive of an operation. It makes me wonder if I happened to have restarted the web server at the same time you were trying to do this. Currently, all my javascript is bundled and built the first time a user visits the site upon restart, so this could appear as a long 10second delay to that lucky user.
flatfly
Legendary
*
Offline Offline

Activity: 1092
Merit: 1016

760930


View Profile
May 17, 2012, 11:42:20 AM
 #57

Looks like the current site is vulnerable to a DoS attack through the 'withdraw' method:

In the withdraw form, enter a 34-digit address and any amount of BTC (doesn't matter if you
have them or not), and quickly hit 'Enter' 30 times or more, in rapid succession. The whole site
appears to become unresponsive for at least 10 seconds.
.


Hi Sean, have you had a chance to take a look at this one? I just want to make sure you didn't miss that post due to the high activity in the thread yesterday.

Hey, sorry, I started to reply before but must have gotten distracted. I'll keep this in mind but I'm not going to worry about this too much. What this does is not really that expensive of an operation. It makes me wonder if I happened to have restarted the web server at the same time you were trying to do this. Currently, all my javascript is bundled and built the first time a user visits the site upon restart, so this could appear as a long 10second delay to that lucky user.

Actually, I did think it could be related to some JIT process or you restarting the server, but I was able to rule this out - I tried at different times of the day, and I can still reproduce the effect right now.

Anyway, I can understand that it's not a priority for you at this time, but please don't underestimate this issue,
as any script kiddie could potentially DoS (or DDOS) the site through that way - heck, a script isn't even necessarily needed to do it.
freewil (OP)
Member
**
Offline Offline

Activity: 92
Merit: 10



View Profile
May 17, 2012, 11:30:59 PM
 #58

Anyway, I can understand that it's not a priority for you at this time, but please don't underestimate this issue,
as any script kiddie could potentially DoS (or DDOS) the site through that way - heck, a script isn't even necessarily needed to do it.

Thanks a lot for this one flatly. I noticed a problem with how I was caching the js building, so it was actually being done on every request before! I've gone ahead and fixed this and the site should be noticeably more responsive. I've run out of BTC, but I owe you 20 for this one.
flatfly
Legendary
*
Offline Offline

Activity: 1092
Merit: 1016

760930


View Profile
May 18, 2012, 02:28:34 AM
 #59

Anyway, I can understand that it's not a priority for you at this time, but please don't underestimate this issue,
as any script kiddie could potentially DoS (or DDOS) the site through that way - heck, a script isn't even necessarily needed to do it.

Thanks a lot for this one flatly. I noticed a problem with how I was caching the js building, so it was actually being done on every request before! I've gone ahead and fixed this and the site should be noticeably more responsive. I've run out of BTC, but I owe you 20 for this one.

Great! I'm glad I could help, and I like how you really are a man of your word.
flatfly
Legendary
*
Offline Offline

Activity: 1092
Merit: 1016

760930


View Profile
May 19, 2012, 08:03:46 AM
 #60

Just a small thing: in the terms of use, it seems there's a word missing in the below sentence:

Quote
We will collect and use of personal information solely with the objective of fulfilling those purposes
specified by us and for other compatible purposes, unless we obtain the consent of the individual
concerned or as required by law.

->

Quote
We will collect and make use of personal information solely with the objective of fulfilling those purposes
specified by us and for other compatible purposes, unless we obtain the consent of the individual
concerned or as required by law.
Pages: « 1 2 [3] 4 5 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!